generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

The majority of the OCSP code from CertCo.

Browse Source
This commit is contained in:
Richard Levitte 2000-10-27 11:05:35 +00:00
parent 34a1488220
commit eb64730b9c
22 changed files with 3807 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile.org
View File

@ -163,7 +163,7 @@ SDIRS= \
des rc2 rc4 rc5 idea bf cast \
bn rsa dsa dh dso engine rijndael \
buffer bio stack lhash rand err objects \
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
MAKEFILE= Makefile.ssl
MAKE= make -f Makefile.ssl

8
apps/x509.c
View File

@ -106,6 +106,7 @@ static char *x509_usage[]={
" -fingerprint - print the certificate fingerprint\n",
" -alias - output certificate alias\n",
" -noout - no certificate output\n",
" -ocspid - print OCSP hash values for the subject name and public key\n",
" -trustout - output a \"trusted\" certificate\n",
" -clrtrust - clear all trusted purposes\n",
" -clrreject - clear all rejected purposes\n",
@ -163,6 +164,7 @@ int MAIN(int argc, char **argv)
char *CAkeyfile=NULL,*CAserial=NULL;
char *alias=NULL;
int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
int ocspid=0;
int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
int C=0;
@ -412,6 +414,8 @@ int MAIN(int argc, char **argv)
clrext = 1;
}
#endif
else if (strcmp(*argv,"-ocspid") == 0)
ocspid= ++num;
else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
{
/* ok */
@ -917,6 +921,10 @@ bad:
}
noout=1;
}
else if (ocspid == i)
{
X509_ocspid_print(out, x);
}
}
}

30
crypto/asn1/asn1.h
View File

@ -956,6 +956,21 @@ void ASN1_STRING_TABLE_cleanup(void);
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
#define ASN1_F_D2I_NOTICEREF 268
#define ASN1_F_D2I_OCSP_BASICRESP 293
#define ASN1_F_D2I_OCSP_CERTID 294
#define ASN1_F_D2I_OCSP_CERTSTATUS 295
#define ASN1_F_D2I_OCSP_CRLID 296
#define ASN1_F_D2I_OCSP_ONEREQ 297
#define ASN1_F_D2I_OCSP_REQINFO 298
#define ASN1_F_D2I_OCSP_REQUEST 299
#define ASN1_F_D2I_OCSP_RESPBYTES 300
#define ASN1_F_D2I_OCSP_RESPDATA 301
#define ASN1_F_D2I_OCSP_RESPID 302
#define ASN1_F_D2I_OCSP_RESPONSE 303
#define ASN1_F_D2I_OCSP_REVOKEDINFO 304
#define ASN1_F_D2I_OCSP_SERVICELOC 305
#define ASN1_F_D2I_OCSP_SIGNATURE 306
#define ASN1_F_D2I_OCSP_SINGLERESP 307
#define ASN1_F_D2I_OTHERNAME 287
#define ASN1_F_D2I_PBE2PARAM 262
#define ASN1_F_D2I_PBEPARAM 249
@ -1027,6 +1042,21 @@ void ASN1_STRING_TABLE_cleanup(void);
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
#define ASN1_F_NOTICEREF_NEW 272
#define ASN1_F_OCSP_BASICRESP_NEW 308
#define ASN1_F_OCSP_CERTID_NEW 309
#define ASN1_F_OCSP_CERTSTATUS_NEW 310
#define ASN1_F_OCSP_CRLID_NEW 311
#define ASN1_F_OCSP_ONEREQ_NEW 312
#define ASN1_F_OCSP_REQINFO_NEW 313
#define ASN1_F_OCSP_REQUEST_NEW 314
#define ASN1_F_OCSP_RESPBYTES_NEW 315
#define ASN1_F_OCSP_RESPDATA_NEW 316
#define ASN1_F_OCSP_RESPID_NEW 317
#define ASN1_F_OCSP_RESPONSE_NEW 318
#define ASN1_F_OCSP_REVOKEDINFO_NEW 319
#define ASN1_F_OCSP_SERVICELOC_NEW 320
#define ASN1_F_OCSP_SIGNATURE_NEW 321
#define ASN1_F_OCSP_SINGLERESP_NEW 322
#define ASN1_F_OTHERNAME_NEW 288
#define ASN1_F_PBE2PARAM_NEW 264
#define ASN1_F_PBEPARAM_NEW 251

30
crypto/asn1/asn1_err.c
View File

@ -141,6 +141,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "d2i_NETSCAPE_SPKAC"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "d2i_NETSCAPE_SPKI"},
{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0), "d2i_NOTICEREF"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0), "d2i_OCSP_BASICRESP"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0), "d2i_OCSP_CERTID"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0), "d2i_OCSP_CERTSTATUS"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0), "d2i_OCSP_CRLID"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0), "d2i_OCSP_ONEREQ"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0), "d2i_OCSP_REQINFO"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0), "d2i_OCSP_REQUEST"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0), "d2i_OCSP_RESPBYTES"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0), "d2i_OCSP_RESPDATA"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0), "d2i_OCSP_RESPID"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0), "d2i_OCSP_RESPONSE"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0), "d2i_OCSP_REVOKEDINFO"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0), "d2i_OCSP_SERVICELOC"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0), "d2i_OCSP_SIGNATURE"},
{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0), "d2i_OCSP_SINGLERESP"},
{ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0), "d2i_OTHERNAME"},
{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0), "d2i_PBE2PARAM"},
{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "d2i_PBEPARAM"},
@ -212,6 +227,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_new"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_new"},
{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0), "NOTICEREF_new"},
{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0), "OCSP_BASICRESP_new"},
{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0), "OCSP_CERTID_new"},
{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0), "OCSP_CERTSTATUS_new"},
{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0), "OCSP_CRLID_new"},
{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0), "OCSP_ONEREQ_new"},
{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0), "OCSP_REQINFO_new"},
{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0), "OCSP_REQUEST_new"},
{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0), "OCSP_RESPBYTES_new"},
{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0), "OCSP_RESPDATA_new"},
{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0), "OCSP_RESPID_new"},
{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0), "OCSP_RESPONSE_new"},
{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0), "OCSP_REVOKEDINFO_new"},
{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0), "OCSP_SERVICELOC_new"},
{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0), "OCSP_SIGNATURE_new"},
{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0), "OCSP_SINGLERESP_new"},
{ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0), "OTHERNAME_new"},
{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0), "PBE2PARAM_new"},
{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_new"},

50
crypto/asn1/t_x509.c
View File

@ -282,6 +282,56 @@ err:
return(ret);
}
int X509_ocspid_print (BIO *bp, X509 *x)
{
unsigned char *der=NULL ;
unsigned char *dertmp;
int derlen;
int i;
SHA_CTX SHA1buf ;
unsigned char SHA1md[SHA_DIGEST_LENGTH];
/* display the hash of the subject as it would appear
in OCSP requests */
if (BIO_printf(bp," Subject OCSP hash: ") <= 0)
goto err;
derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
goto err;
i2d_X509_NAME(x->cert_info->subject, &dertmp);
SHA1_Init(&SHA1buf);
SHA1_Update(&SHA1buf, der, derlen);
SHA1_Final(SHA1md,&SHA1buf);
for (i=0; i < SHA_DIGEST_LENGTH; i++)
{
if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
}
OPENSSL_free (der);
der=NULL;
/* display the hash of the public key as it would appear
in OCSP requests */
if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
goto err;
SHA1_Init(&SHA1buf);
SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
x->cert_info->key->public_key->length);
SHA1_Final(SHA1md,&SHA1buf);
for (i=0; i < SHA_DIGEST_LENGTH; i++)
{
if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
goto err;
}
BIO_printf(bp,"\n");
return (1);
err:
if (der != NULL) OPENSSL_free(der);
return(0);
}
int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
{
int i,n;

2
crypto/err/err.h
View File

@ -133,6 +133,7 @@ typedef struct err_state_st
#define ERR_LIB_RAND 36
#define ERR_LIB_DSO 37
#define ERR_LIB_ENGINE 38
#define ERR_LIB_OCSP 39
#define ERR_LIB_USER 128
@ -163,6 +164,7 @@ typedef struct err_state_st
#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),ERR_file_name,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */

1
crypto/err/openssl.ec
View File

@ -9,6 +9,7 @@ L EVP crypto/evp/evp.h crypto/evp/evp_err.c
L BUF crypto/buffer/buffer.h crypto/buffer/buf_err.c
L BIO crypto/bio/bio.h crypto/bio/bio_err.c
L OBJ crypto/objects/objects.h crypto/objects/obj_err.c
L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L PEM crypto/pem/pem.h crypto/pem/pem_err.c
L X509 crypto/x509/x509.h crypto/x509/x509_err.c
L NONE crypto/x509/x509_vfy.h NONE

243
crypto/ocsp/Makefile.ssl Normal file
View File

@ -0,0 +1,243 @@
#
# OpenSSL/ocsp/Makefile.ssl
#
DIR= ocsp
TOP= ../..
CC= cc
INCLUDES= -I.. -I../../include
CFLAG=-g
INSTALL_PREFIX=
OPENSSLDIR= /usr/local/ssl
INSTALLTOP=/usr/local/ssl
MAKE= make -f Makefile.ssl
MAKEDEPEND= $(TOP)/util/domd $(TOP)
MAKEFILE= Makefile.ssl
AR= ar r
CFLAGS= $(INCLUDES) $(CFLAG)
GENERAL=Makefile README
TEST=
APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= ocsp_req.c ocsp_res.c ocsp_sig.c ocsp_cid.c ocsp_ext.c \
ocsp_lib.c ocsp_err.c
#ocsp_v3.c
LIBOBJ= ocsp_req.o ocsp_res.o ocsp_sig.o ocsp_cid.o ocsp_ext.o \
ocsp_lib.o ocsp_err.o
#ocsp_v3.o
SRC= $(LIBSRC)
EXHEADER= ocsp.h
HEADER= $(EXHEADER)
ALL= $(GENERAL) $(SRC) $(HEADER)
top:
(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
all: lib
lib: $(LIBOBJ)
$(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB)
@touch lib
files:
perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
links:
$(TOP)/util/point.sh Makefile.ssl Makefile ;
$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
install:
@for i in $(EXHEADER) ; \
do \
(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
done;
tags:
ctags $(SRC)
tests:
lint:
lint -DLINT $(INCLUDES) $(SRC)>fluff
depend:
$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
dclean:
$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
mv -f Makefile.new $(MAKEFILE)
clean:
rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
# DO NOT DELETE THIS LINE -- make depend depends on it.
ocsp_cid.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
ocsp_cid.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
ocsp_cid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
ocsp_cid.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
ocsp_cid.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ocsp_cid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ocsp_cid.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
ocsp_cid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ocsp_cid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
ocsp_cid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
ocsp_cid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
ocsp_cid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
ocsp_cid.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
ocsp_cid.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
ocsp_cid.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_cid.o: ../../include/openssl/rc5.h
ocsp_cid.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_cid.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_cid.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_cid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_cid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_cid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
ocsp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
ocsp_err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
ocsp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
ocsp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
ocsp_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
ocsp_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
ocsp_err.o: ../../include/openssl/opensslconf.h
ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
ocsp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_err.o: ../../include/openssl/rc5.h
ocsp_err.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
ocsp_ext.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
ocsp_ext.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
ocsp_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ocsp_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
ocsp_ext.o: ../../include/openssl/opensslconf.h
ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_ext.o: ../../include/openssl/rc5.h
ocsp_ext.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_ext.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ocsp_ext.o: ../cryptlib.h
ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
ocsp_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
ocsp_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ocsp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
ocsp_lib.o: ../../include/openssl/opensslconf.h
ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
ocsp_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_lib.o: ../../include/openssl/rc5.h
ocsp_lib.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ocsp_lib.o: ../cryptlib.h
ocsp_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
ocsp_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
ocsp_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
ocsp_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
ocsp_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ocsp_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ocsp_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
ocsp_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ocsp_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
ocsp_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
ocsp_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
ocsp_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
ocsp_req.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
ocsp_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
ocsp_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_req.o: ../../include/openssl/rc5.h
ocsp_req.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ocsp_res.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
ocsp_res.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
ocsp_res.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
ocsp_res.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
ocsp_res.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ocsp_res.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ocsp_res.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
ocsp_res.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ocsp_res.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
ocsp_res.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
ocsp_res.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
ocsp_res.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
ocsp_res.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
ocsp_res.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
ocsp_res.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_res.o: ../../include/openssl/rc5.h
ocsp_res.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_res.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_res.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_res.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_res.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_res.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
ocsp_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
ocsp_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
ocsp_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
ocsp_sig.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
ocsp_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
ocsp_sig.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
ocsp_sig.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
ocsp_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
ocsp_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
ocsp_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
ocsp_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
ocsp_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
ocsp_sig.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
ocsp_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
ocsp_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
ocsp_sig.o: ../../include/openssl/rc5.h
ocsp_sig.o: ../../include/openssl/rijndael-alg-fst.h
ocsp_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
ocsp_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
ocsp_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
ocsp_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
ocsp_sig.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

591
crypto/ocsp/ocsp.h Normal file
View File

@ -0,0 +1,591 @@
/* ocsp.h */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was transfered to Richard Levitte from CertCo by Kathy
Weinhold in mid-spring 2000 to be included in OpenSSL or released
as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#ifndef HEADER_OCSP_H
#define HEADER_OCSP_H
#include <openssl/x509.h>
#include <openssl/x509v3.h>
#include <openssl/safestack.h>
#ifdef __cplusplus
extern "C" {
#endif
/* CertID ::= SEQUENCE {
* hashAlgorithm AlgorithmIdentifier,
* issuerNameHash OCTET STRING, -- Hash of Issuer's DN
* issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
* serialNumber CertificateSerialNumber }
*/
typedef struct ocsp_cert_id_st
{
X509_ALGOR *hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *serialNumber;
} OCSP_CERTID;
/* Request ::= SEQUENCE {
* reqCert CertID,
* singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_one_request_st
{
OCSP_CERTID *reqCert;
STACK_OF(X509_EXTENSION) *singleRequestExtensions;
} OCSP_ONEREQ;
DECLARE_STACK_OF(OCSP_ONEREQ)
DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
/* TBSRequest ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* requestorName [1] EXPLICIT GeneralName OPTIONAL,
* requestList SEQUENCE OF Request,
* requestExtensions [2] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_req_info_st
{
ASN1_INTEGER *version;
GENERAL_NAME *requestorName;
STACK_OF(OCSP_ONEREQ) *requestList;
STACK_OF(X509_EXTENSION) *requestExtensions;
} OCSP_REQINFO;
/* Signature ::= SEQUENCE {
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
typedef struct ocsp_signature_st
{
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} OCSP_SIGNATURE;
/* OCSPRequest ::= SEQUENCE {
* tbsRequest TBSRequest,
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
*/
typedef struct ocsp_request_st
{
OCSP_REQINFO *tbsRequest;
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
} OCSP_REQUEST;
/* OCSPResponseStatus ::= ENUMERATED {
* successful (0), --Response has valid confirmations
* malformedRequest (1), --Illegal confirmation request
* internalError (2), --Internal error in issuer
* tryLater (3), --Try again later
* --(4) is not used
* sigRequired (5), --Must sign the request
* unauthorized (6) --Request unauthorized
* }
*/
#define OCSP_RESPONSE_STATUS_SUCCESSFULL 0
#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
#define OCSP_RESPONSE_STATUS_TRYLATER 3
#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
/* ResponseBytes ::= SEQUENCE {
* responseType OBJECT IDENTIFIER,
* response OCTET STRING }
*/
typedef struct ocsp_resp_bytes_st
{
ASN1_OBJECT *responseType;
ASN1_OCTET_STRING *response;
} OCSP_RESPBYTES;
/* OCSPResponse ::= SEQUENCE {
* responseStatus OCSPResponseStatus,
* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
*/
typedef struct ocsp_response_st
{
ASN1_ENUMERATED *responseStatus;
OCSP_RESPBYTES *responseBytes;
} OCSP_RESPONSE;
/* ResponderID ::= CHOICE {
* byName [1] Name,
* byKey [2] KeyHash }
*/
#define V_OCSP_RESPID_NAME 1
#define V_OCSP_RESPID_KEY 2
typedef struct ocsp_responder_id_st
{
int tag;
union {
X509_NAME* byName;
ASN1_OCTET_STRING *byKey;
} value;
} OCSP_RESPID;
/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
* --(excluding the tag and length fields)
*/
/* RevokedInfo ::= SEQUENCE {
* revocationTime GeneralizedTime,
* revocationReason [0] EXPLICIT CRLReason OPTIONAL }
*/
typedef struct ocsp_revoked_info_st
{
ASN1_GENERALIZEDTIME *revocationTime;
ASN1_ENUMERATED *revocationReason;
} OCSP_REVOKEDINFO;
/* CertStatus ::= CHOICE {
* good [0] IMPLICIT NULL,
* revoked [1] IMPLICIT RevokedInfo,
* unknown [2] IMPLICIT UnknownInfo }
*/
#define V_OCSP_CERTSTATUS_GOOD 0
#define V_OCSP_CERTSTATUS_REVOKED 1
#define V_OCSP_CERTSTATUS_UNKNOWN 2
typedef struct ocsp_cert_status_st
{
int tag;
/* good [0] IMPLICIT NULL */
OCSP_REVOKEDINFO *revoked;
/* unknown [2] OCSP_UNKNOWNINFO *unknown, which is NULL */
} OCSP_CERTSTATUS;
/* SingleResponse ::= SEQUENCE {
* certID CertID,
* certStatus CertStatus,
* thisUpdate GeneralizedTime,
* nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
* singleExtensions [1] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_single_response_st
{
OCSP_CERTID *certId;
OCSP_CERTSTATUS *certStatus;
ASN1_GENERALIZEDTIME *thisUpdate;
ASN1_GENERALIZEDTIME *nextUpdate;
STACK_OF(X509_EXTENSION) *singleExtensions;
} OCSP_SINGLERESP;
DECLARE_STACK_OF(OCSP_SINGLERESP)
DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
/* ResponseData ::= SEQUENCE {
* version [0] EXPLICIT Version DEFAULT v1,
* responderID ResponderID,
* producedAt GeneralizedTime,
* responses SEQUENCE OF SingleResponse,
* responseExtensions [1] EXPLICIT Extensions OPTIONAL }
*/
typedef struct ocsp_response_data_st
{
ASN1_INTEGER *version;
OCSP_RESPID *responderId;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(OCSP_SINGLERESP) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
} OCSP_RESPDATA;
/* BasicOCSPResponse ::= SEQUENCE {
* tbsResponseData ResponseData,
* signatureAlgorithm AlgorithmIdentifier,
* signature BIT STRING,
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
/* Note 1:
The value for "signature" is specified in the OCSP rfc2560 as follows:
"The value for the signature SHALL be computed on the hash of the DER
encoding ResponseData." This means that you must hash the DER-encoded
tbsResponseData, and then run it through a crypto-signing function, which
will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems
a bit odd, but that's the spec. Also note that the data structures do not
leave anywhere to independently specify the algorithm used for the initial
hash. So, we look at the signature-specification algorithm, and try to do
something intelligent. -- Kathy Weinhold, CertCo */
/* Note 2:
It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
for interpretation. I've done tests against another responder, and found
that it doesn't do the double hashing that the RFC seems to say one
should. Therefore, all relevant functions take a flag saying which
variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
typedef struct ocsp_basic_response_st
{
OCSP_RESPDATA *tbsResponseData;
X509_ALGOR *signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
} OCSP_BASICRESP;
/*
* CRLReason ::= ENUMERATED {
* unspecified (0),
* keyCompromise (1),
* cACompromise (2),
* affiliationChanged (3),
* superseded (4),
* cessationOfOperation (5),
* certificateHold (6),
* removeFromCRL (8) }
*/
#define OCSP_REVOKED_STATUS_NOSTATUS -1
#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
#define OCSP_REVOKED_STATUS_SUPERSEDED 4
#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
/* CrlID ::= SEQUENCE {
* crlUrl [0] EXPLICIT IA5String OPTIONAL,
* crlNum [1] EXPLICIT INTEGER OPTIONAL,
* crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
*/
typedef struct ocsp_crl_id_st
{
ASN1_IA5STRING *crlUrl;
ASN1_INTEGER *crlNum;
ASN1_GENERALIZEDTIME *crlTime;
} OCSP_CRLID;
/* ServiceLocator ::= SEQUENCE {
* issuer Name,
* locator AuthorityInfoAccessSyntax OPTIONAL }
*/
typedef struct ocsp_service_locator_st
{
X509_NAME* issuer;
STACK_OF(ACCESS_DESCRIPTION) *locator;
} OCSP_SERVICELOC;
#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
(unsigned char **)(p))
#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
(unsigned char **)(p))
#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
(char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
(char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
#define PEM_write_bio_OCSP_REQUEST(bp,o) \
PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
bp,(char *)o, NULL,NULL,0,NULL,NULL)
#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
bp,(char *)o, NULL,NULL,0,NULL,NULL)
#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
(unsigned char *)o)
#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
(unsigned char *)o)
#define OCSP_REQUEST_sign(o,pkey,md) \
ASN1_sign((int(*)())i2d_OCSP_REQINFO,\
o->optionalSignature->signatureAlgorithm,NULL,\
o->optionalSignature->signature,(char *)o->tbsRequest,pkey,md)
#define OCSP_BASICRESP_sign(o,pkey,md,d) \
ASN1_sign((int(*)())i2d_OCSP_RESPDATA,o->signatureAlgorithm,NULL,\
o->signature,(char *)o->tbsResponseData,pkey,md)
#define OCSP_REQUEST_verify(a,r) ASN1_verify((int (*)())i2d_OCSP_REQINFO,\
a->optionalSignature->signatureAlgorithm,\
a->optionalSignature->signature,(char *)a->tbsRequest,r)
#define OCSP_BASICRESP_verify(a,r,d) ASN1_verify((int (*)())i2d_OCSP_RESPDATA,\
a->signatureAlgorithm,a->signature,(char *)a->tbsResponseData,r)
#define ASN1_BIT_STRING_digest(data,type,md,len) \
ASN1_digest((int (*)())i2d_ASN1_BIT_STRING,type,(char *)data,md,len)
#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
(char *(*)())d2i_OCSP_CERTID,(char *)(cid))
#define OCSP_CERTSTATUS_dup(cs)\
(OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
(char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
X509_NAME *issuerName,
ASN1_BIT_STRING* issuerKey,
ASN1_INTEGER *serialNumber);
OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
OCSP_REQUEST *OCSP_request_new(X509_NAME* name,
STACK_OF(X509_EXTENSION) *extensions);
int OCSP_request_add(OCSP_REQUEST *req,
OCSP_CERTID *cid,
STACK_OF(X509_EXTENSION) *extensions);
int OCSP_request_sign(OCSP_REQUEST *req,
EVP_PKEY *key,
const EVP_MD *dgst,
STACK_OF(X509) *certs);
int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);
OCSP_BASICRESP *OCSP_basic_response_new(int tag,
X509* cert,
STACK_OF(X509_EXTENSION) *extensions);
int OCSP_basic_response_add(OCSP_BASICRESP *rsp,
OCSP_CERTID *cid,
OCSP_CERTSTATUS *cst,
char *thisUpdate,
char *nextUpdate,
STACK_OF(X509_EXTENSION) *extensions);
int OCSP_basic_response_sign(OCSP_BASICRESP *brsp,
EVP_PKEY *key,
const EVP_MD *dgst,
STACK_OF(X509) *certs);
int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey);
int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey);
OCSP_RESPONSE *OCSP_response_new(int status,
int nid,
int (*i2d)(),
char *data);
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
char *data, STACK *sk);
X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len);
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
X509_EXTENSION *OCSP_accept_responses_new(char **oids);
X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp);
OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, unsigned char **pp, long length);
int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a);
OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a);
int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp);
OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, unsigned char **pp, long length);
int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a);
OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void);
void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a);
int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp);
OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, unsigned char **pp, long length);
int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a);
OCSP_BASICRESP *OCSP_BASICRESP_new(void);
void OCSP_BASICRESP_free(OCSP_BASICRESP *a);
int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp);
OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, unsigned char **pp, long length);
int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a);
OCSP_RESPDATA *OCSP_RESPDATA_new(void);
void OCSP_RESPDATA_free(OCSP_RESPDATA *a);
int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **pp);
OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, unsigned char **pp, long length);
int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a);
OCSP_RESPID *OCSP_RESPID_new(void);
void OCSP_RESPID_free(OCSP_RESPID *a);
int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp);
OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, unsigned char **pp, long length);
int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a);
OCSP_RESPONSE *OCSP_RESPONSE_new(void);
void OCSP_RESPONSE_free(OCSP_RESPONSE *a);
int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **pp);
OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, unsigned char **pp, long length);
int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a);
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* a);
OCSP_RESPBYTES *OCSP_RESPBYTES_new(void);
void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a);
int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **pp);
OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, unsigned char **pp, long length);
int i2a_OCSP_RESPBYTES(BIO *bp, OCSP_RESPBYTES* a);
OCSP_ONEREQ *OCSP_ONEREQ_new(void);
void OCSP_ONEREQ_free(OCSP_ONEREQ *a);
int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **pp);
OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, unsigned char **pp, long length);
int i2a_OCSP_ONEREQ(BIO *bp, OCSP_ONEREQ* a);
OCSP_CERTID *OCSP_CERTID_new(void);
void OCSP_CERTID_free(OCSP_CERTID *a);
int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **pp);
OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, unsigned char **pp, long length);
int i2a_OCSP_CERTID(BIO *bp, OCSP_CERTID* a);
OCSP_REQUEST *OCSP_REQUEST_new(void);
void OCSP_REQUEST_free(OCSP_REQUEST *a);
int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **pp);
OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, unsigned char **pp, long length);
int i2a_OCSP_REQUEST(BIO *bp, OCSP_REQUEST* a);
int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a);
OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);
int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **pp);
OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length);
int i2a_OCSP_SIGNATURE(BIO *bp, OCSP_SIGNATURE* a);
OCSP_REQINFO *OCSP_REQINFO_new(void);
void OCSP_REQINFO_free(OCSP_REQINFO *a);
int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **pp);
OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, unsigned char **pp, long length);
int i2a_OCSP_REQINFO(BIO *bp, OCSP_REQINFO* a);
OCSP_CRLID *OCSP_CRLID_new(void);
void OCSP_CRLID_free(OCSP_CRLID *a);
int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **pp);
OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, unsigned char **pp, long length);
int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a);
int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind);
OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **pp);
OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, unsigned char **pp, long length);
int i2a_OCSP_SERVICELOC(BIO *bp, OCSP_SERVICELOC* a);
int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind);
int OCSP_extensions_print(BIO *bp, STACK_OF(X509_EXTENSION) *sk, char *title);
int OCSP_extension_print(BIO *bp, X509_EXTENSION *x, int ind);
void ERR_load_OCSP_strings(void);
X509_EXTENSION *OCSP_nochain_new(void);
char* ocspResponseStatus2string(long s);
char* ocspCertStatus2string(long s);
char * cRLReason2string(long s);
void OCSP_add_standard_extension(void);
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
/* Error codes for the OCSP functions. */
/* Function codes. */
#define OCSP_F_ASN1_STRING_ENCODE 106
#define OCSP_F_BASIC_RESPONSE_NEW 100
#define OCSP_F_BASIC_RESPONSE_VERIFY 101
#define OCSP_F_CERT_ID_NEW 102
#define OCSP_F_CERT_STATUS_NEW 103
#define OCSP_F_REQUEST_VERIFY 104
#define OCSP_F_RESPONSE_VERIFY 105
#define OCSP_F_S2I_OCSP_NONCE 107
#define OCSP_F_V2I_OCSP_CRLID 108
/* Reason codes. */
#define OCSP_R_BAD_DATA 108
#define OCSP_R_BAD_TAG 100
#define OCSP_R_DIGEST_ERR 101
#define OCSP_R_FAILED_TO_OPEN 109
#define OCSP_R_FAILED_TO_READ 110
#define OCSP_R_FAILED_TO_STAT 111
#define OCSP_R_MISSING_VALUE 112
#define OCSP_R_NO_CERTIFICATE 102
#define OCSP_R_NO_PUBLIC_KEY 103
#define OCSP_R_NO_RESPONSE_DATA 104
#define OCSP_R_NO_SIGNATURE 105
#define OCSP_R_REVOKED_NO_TIME 106
#define OCSP_R_UNKNOWN_NID 107
#define OCSP_R_UNSUPPORTED_OPTION 113
#define OCSP_R_VALUE_ALREADY 114
#ifdef __cplusplus
}
#endif
#endif

157
crypto/ocsp/ocsp_cid.c Normal file
View File

@ -0,0 +1,157 @@
/* ocsp_cid.c */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was originally part of ocsp.c and was transfered to Richard
Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
in OpenSSL or released as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/bio.h>
#include <openssl/asn1_mac.h>
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/x509.h>
/* Make sure we work well with older variants of OpenSSL */
#ifndef OPENSSL_malloc
#define OPENSSL_malloc Malloc
#endif
#ifndef OPENSSL_realloc
#define OPENSSL_realloc Realloc
#endif
#ifndef OPENSSL_free
#define OPENSSL_free Free
#endif
OCSP_CERTID *OCSP_CERTID_new(void)
{
ASN1_CTX c;
OCSP_CERTID *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_CERTID);
M_ASN1_New(ret->hashAlgorithm, X509_ALGOR_new);
M_ASN1_New(ret->issuerNameHash, ASN1_OCTET_STRING_new);
M_ASN1_New(ret->issuerKeyHash, ASN1_OCTET_STRING_new);
M_ASN1_New(ret->serialNumber, ASN1_INTEGER_new);
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_CERTID_NEW);
}
void OCSP_CERTID_free(OCSP_CERTID *a)
{
if (a == NULL) return;
X509_ALGOR_free(a->hashAlgorithm);
ASN1_OCTET_STRING_free(a->issuerNameHash);
ASN1_OCTET_STRING_free(a->issuerKeyHash);
ASN1_INTEGER_free(a->serialNumber);
OPENSSL_free((char *)a);
}
int i2d_OCSP_CERTID(OCSP_CERTID *a,
unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->hashAlgorithm, i2d_X509_ALGOR);
M_ASN1_I2D_len(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_len(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_len(a->serialNumber, i2d_ASN1_INTEGER);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->hashAlgorithm, i2d_X509_ALGOR);
M_ASN1_I2D_put(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_put(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_put(a->serialNumber, i2d_ASN1_INTEGER);
M_ASN1_I2D_finish();
}
OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_CERTID *,OCSP_CERTID_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->hashAlgorithm, d2i_X509_ALGOR);
M_ASN1_D2I_get(ret->issuerNameHash, d2i_ASN1_OCTET_STRING);
M_ASN1_D2I_get(ret->issuerKeyHash, d2i_ASN1_OCTET_STRING);
M_ASN1_D2I_get(ret->serialNumber, d2i_ASN1_INTEGER);
/* protect against malformed CERTID's */
if (ASN1_STRING_length(ret->issuerNameHash) == 0 ||
ASN1_STRING_length(ret->issuerKeyHash) == 0 ||
ASN1_STRING_length(ret->serialNumber) == 0)
goto err;
M_ASN1_D2I_Finish(a,OCSP_CERTID_free,ASN1_F_D2I_OCSP_CERTID);
}
int i2a_OCSP_CERTID(BIO *bp,
OCSP_CERTID* a)
{
#ifdef UNDEF
/* XXX this guy isn't implemented. */
i2a_X509_ALGOR(bp, a->hashAlgorithm);
#else /* instead, just show OID, not param */
i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
#endif
i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
i2a_ASN1_INTEGER(bp, a->serialNumber);
return 4;
}

116
crypto/ocsp/ocsp_err.c Normal file
View File

@ -0,0 +1,116 @@
/* crypto/ocsp/ocsp_err.c */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@OpenSSL.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
/* NOTE: this file was auto generated by the mkerr.pl script: any changes
* made to it will be overwritten when the script next updates this file,
* only reason strings will be preserved.
*/
#include <stdio.h>
#include <openssl/err.h>
#include <openssl/ocsp.h>
/* BEGIN ERROR CODES */
#ifndef NO_ERR
static ERR_STRING_DATA OCSP_str_functs[]=
{
{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"},
{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_NEW,0), "BASIC_RESPONSE_NEW"},
{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_VERIFY,0), "BASIC_RESPONSE_VERIFY"},
{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"},
{ERR_PACK(0,OCSP_F_CERT_STATUS_NEW,0), "CERT_STATUS_NEW"},
{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"},
{ERR_PACK(0,OCSP_F_RESPONSE_VERIFY,0), "RESPONSE_VERIFY"},
{ERR_PACK(0,OCSP_F_S2I_OCSP_NONCE,0), "S2I_OCSP_NONCE"},
{ERR_PACK(0,OCSP_F_V2I_OCSP_CRLID,0), "V2I_OCSP_CRLID"},
{0,NULL}
};
static ERR_STRING_DATA OCSP_str_reasons[]=
{
{OCSP_R_BAD_DATA ,"bad data"},
{OCSP_R_BAD_TAG ,"bad tag"},
{OCSP_R_DIGEST_ERR ,"digest err"},
{OCSP_R_FAILED_TO_OPEN ,"failed to open"},
{OCSP_R_FAILED_TO_READ ,"failed to read"},
{OCSP_R_FAILED_TO_STAT ,"failed to stat"},
{OCSP_R_MISSING_VALUE ,"missing value"},
{OCSP_R_NO_CERTIFICATE ,"no certificate"},
{OCSP_R_NO_PUBLIC_KEY ,"no public key"},
{OCSP_R_NO_RESPONSE_DATA ,"no response data"},
{OCSP_R_NO_SIGNATURE ,"no signature"},
{OCSP_R_REVOKED_NO_TIME ,"revoked no time"},
{OCSP_R_UNKNOWN_NID ,"unknown nid"},
{OCSP_R_UNSUPPORTED_OPTION ,"unsupported option"},
{OCSP_R_VALUE_ALREADY ,"value already"},
{0,NULL}
};
#endif
void ERR_load_OCSP_strings(void)
{
static int init=1;
if (init)
{
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
#endif
}
}

347
crypto/ocsp/ocsp_ext.c Normal file
View File

@ -0,0 +1,347 @@
/* ocsp_ext.c */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was transfered to Richard Levitte from CertCo by Kathy
Weinhold in mid-spring 2000 to be included in OpenSSL or released
as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <cryptlib.h>
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#include <openssl/x509.h>
#include <openssl/ocsp.h>
#include <openssl/x509v3.h>
/* Make sure we work well with older variants of OpenSSL */
#ifndef OPENSSL_malloc
#define OPENSSL_malloc Malloc
#endif
#ifndef OPENSSL_realloc
#define OPENSSL_realloc Realloc
#endif
#ifndef OPENSSL_free
#define OPENSSL_free Free
#endif
/* also CRL Entry Extensions */
ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
char *data, STACK *sk)
{
int i;
unsigned char *p, *b = NULL;
if (data)
{
if ((i=i2d(data,NULL)) <= 0) goto err;
if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
goto err;
if (i2d(data, &p) <= 0) goto err;
}
else if (sk)
{
if ((i=i2d_ASN1_SET(sk,NULL,i2d,V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
goto err;
if (i2d_ASN1_SET(sk,&p,i2d,V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
}
else
{
OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
goto err;
}
if (!s && !(s = ASN1_STRING_new())) goto err;
if (!(ASN1_STRING_set(s, b, i))) goto err;
OPENSSL_free(b);
return s;
err:
if (b) OPENSSL_free(b);
return NULL;
}
X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len)
{
X509_EXTENSION *x=NULL;
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err;
if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err;
return x;
err:
if (x) X509_EXTENSION_free(x);
return NULL;
}
X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
{
X509_EXTENSION *x = NULL;
OCSP_CRLID *cid = NULL;
if (!(cid = OCSP_CRLID_new())) goto err;
if (url)
{
if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
}
if (n)
{
if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
}
if (time)
{
if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
goto err;
}
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
goto err;
OCSP_CRLID_free(cid);
return x;
err:
if (x) X509_EXTENSION_free(x);
if (cid) OCSP_CRLID_free(cid);
return NULL;
}
/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
X509_EXTENSION *OCSP_accept_responses_new(char **oids)
{
int nid;
STACK *sk = NULL;
ASN1_OBJECT *o = NULL;
X509_EXTENSION *x = NULL;
if (!(sk = sk_new(NULL))) goto err;
while (oids && *oids)
{
if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid)))
sk_push(sk, (char*) o);
oids++;
}
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
goto err;
if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
goto err;
sk_pop_free(sk, ASN1_OBJECT_free);
return x;
err:
if (x) X509_EXTENSION_free(x);
if (sk) sk_pop_free(sk, ASN1_OBJECT_free);
return NULL;
}
/* ArchiveCutoff ::= GeneralizedTime */
X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
{
X509_EXTENSION *x=NULL;
ASN1_GENERALIZEDTIME *gt = NULL;
if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
(char*)gt,NULL))) goto err;
ASN1_GENERALIZEDTIME_free(gt);
return x;
err:
if (gt) ASN1_GENERALIZEDTIME_free(gt);
if (x) X509_EXTENSION_free(x);
return NULL;
}
/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
* two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This
* method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
*/
X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
{
X509_EXTENSION *x = NULL;
ASN1_IA5STRING *ia5 = NULL;
OCSP_SERVICELOC *sloc = NULL;
ACCESS_DESCRIPTION *ad = NULL;
if (!(sloc = OCSP_SERVICELOC_new())) goto err;
if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new(NULL))) goto err;
while (urls && *urls)
{
if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
if (!(ad->location = GENERAL_NAME_new())) goto err;
if (!(ia5 = ASN1_IA5STRING_new())) goto err;
if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
ad->location->type = GEN_URI;
ad->location->d.ia5 = ia5;
if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
urls++;
}
if (!(x = X509_EXTENSION_new())) goto err;
if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
goto err;
if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
(char*)sloc, NULL))) goto err;
OCSP_SERVICELOC_free(sloc);
return x;
err:
if (x) X509_EXTENSION_free(x);
if (sloc) OCSP_SERVICELOC_free(sloc);
return NULL;
}
int OCSP_extensions_print(BIO *bp,
STACK_OF(X509_EXTENSION) *sk,
char *title)
{
int i;
if (!sk) return 1;
if (BIO_printf(bp, "%s:\n", title) <= 0) return 0;
for (i=0; i<sk_X509_EXTENSION_num(sk); i++)
OCSP_extension_print(bp, sk_X509_EXTENSION_value(sk,i), 4);
return sk_X509_EXTENSION_num(sk);
}
int OCSP_extension_print(BIO *bp,
X509_EXTENSION *x,
int ind)
{
int i, j;
STACK *sk = NULL;
unsigned char *p;
OCSP_CRLID *crlid = NULL;
OCSP_SERVICELOC *sloc = NULL;
ASN1_GENERALIZEDTIME *gt = NULL;
if (!x) return 1;
switch (OBJ_obj2nid(x->object))
{
case NID_id_pkix_OCSP_Nonce:
if (BIO_printf(bp, "%*snonce: ", ind, "") <= 0)
goto err;
if (M_ASN1_OCTET_STRING_print(bp, x->value) <= 0)
goto err;
if (BIO_write(bp, "\n", 1) <= 0) goto err;
break;
case NID_id_pkix_OCSP_CrlID:
if (BIO_printf(bp, "%*scrlId:\n", ind, "") <= 0)
goto err;
p = x->value->data;
if (!(d2i_OCSP_CRLID(&crlid, &p, x->value->length)))
goto err;
if (!OCSP_CRLID_print(bp, crlid, (2*ind))) goto err;
OCSP_CRLID_free(crlid);
break;
case NID_id_pkix_OCSP_acceptableResponses:
if (BIO_printf(bp,
"%*sacceptable responses: ",
ind, "") <= 0)
goto err;
p = x->value->data;
if (!(d2i_ASN1_SET(&sk, &p, x->value->length,
(char *(*)())d2i_ASN1_OBJECT,
ASN1_OBJECT_free, V_ASN1_SEQUENCE,
V_ASN1_UNIVERSAL)))
goto err;
for (i = 0; i < sk_num(sk); i++)
{
j=OBJ_obj2nid((ASN1_OBJECT*)sk->data[i]);
if (BIO_printf(bp," %s ",
(j == NID_undef)?"UNKNOWN":
OBJ_nid2ln(j)) <= 0)
goto err;
}
if (BIO_write(bp, "\n", 1) <= 0) goto err;
sk_pop_free(sk, ASN1_OBJECT_free);
break;
case NID_id_pkix_OCSP_archiveCutoff:
if (BIO_printf(bp, "%*sarchive cutoff: ", ind, "")<=0)
goto err;
p = x->value->data;
if (!d2i_ASN1_GENERALIZEDTIME(&gt, &p,
x->value->length))
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, gt)) goto err;
if (BIO_write(bp, "\n", 1) <= 0) goto err;
ASN1_GENERALIZEDTIME_free(gt);
break;
case NID_id_pkix_OCSP_serviceLocator:
if (BIO_printf(bp, "%*sservice locator:\n", ind, "") <= 0)
goto err;
p = x->value->data;
if (!d2i_OCSP_SERVICELOC(&sloc, &p,
x->value->length))
goto err;
if (!OCSP_SERVICELOC_print(bp,sloc,(2*ind))) goto err;
OCSP_SERVICELOC_free(sloc);
break;
case NID_undef:
default:
if (BIO_printf(bp,"%*sunrecognized oid: ",ind,"") <= 0)
goto err;
break;
}
return 1;
err:
return 0;
}

791
crypto/ocsp/ocsp_lib.c Normal file
View File

@ -0,0 +1,791 @@
/* ocsp_lib.c */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was transfered to Richard Levitte from CertCo by Kathy
Weinhold in mid-spring 2000 to be included in OpenSSL or released
as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <stdio.h>
#include <cryptlib.h>
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
#include <openssl/x509v3.h>
#include <openssl/safestack.h>
#include <openssl/ocsp.h>
static STACK_OF(X509_EXTENSION) *ext_dup(STACK_OF(X509_EXTENSION) *fr)
{
int i;
STACK_OF(X509_EXTENSION) *to = NULL;
if (!(to = sk_X509_EXTENSION_dup(fr)))
goto err;
for (i = 0; i < sk_X509_EXTENSION_num(fr); i++)
{
sk_X509_EXTENSION_set(to, i,
X509_EXTENSION_dup(sk_X509_EXTENSION_value(fr, i)));
if (! sk_X509_EXTENSION_value(to, i))
goto err;
}
return to;
err:
if (to) sk_X509_EXTENSION_pop_free(to, X509_EXTENSION_free);
return NULL;
}
OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
X509_NAME *issuerName,
ASN1_BIT_STRING* issuerKey,
ASN1_INTEGER *serialNumber)
{
int nid;
unsigned int i;
X509_ALGOR *alg;
OCSP_CERTID *cid = NULL;
unsigned char md[EVP_MAX_MD_SIZE];
EVP_MD_CTX ctx;
if (!(cid = OCSP_CERTID_new())) goto err;
alg = cid->hashAlgorithm;
if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
if ((nid = EVP_MD_type(dgst)) == NID_undef)
{
OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
goto err;
}
if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
alg->parameter->type=V_ASN1_NULL;
if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
/* Calculate the issuerKey hash, excluding tag and length */
EVP_DigestInit(&ctx,dgst);
EVP_DigestUpdate(&ctx,issuerKey->data, issuerKey->length);
EVP_DigestFinal(&ctx,md,&i);
if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
if (cid->serialNumber != NULL) ASN1_INTEGER_free(cid->serialNumber);
if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
return cid;
digerr:
OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
err:
if (cid) OCSP_CERTID_free(cid);
return NULL;
}
OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim)
{
OCSP_REVOKEDINFO *ri;
OCSP_CERTSTATUS *cs = NULL;
if (!(cs = OCSP_CERTSTATUS_new())) goto err;
if ((cs->tag = status) == V_OCSP_CERTSTATUS_REVOKED)
{
if (!time)
{
OCSPerr(OCSP_F_CERT_STATUS_NEW,OCSP_R_REVOKED_NO_TIME);
goto err;
}
if (!(cs->revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
if (!ASN1_GENERALIZEDTIME_set_string(ri->revocationTime,tim))
goto err;
if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
{
if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
goto err;
if (!(ASN1_ENUMERATED_set(ri->revocationReason,
reason)))
goto err;
}
}
return cs;
err:
if (cs) OCSP_CERTSTATUS_free(cs);
return NULL;
}
OCSP_REQUEST *OCSP_request_new(X509_NAME* name,
STACK_OF(X509_EXTENSION) *extensions)
{
OCSP_REQUEST *req = NULL;
if ((req = OCSP_REQUEST_new()) == NULL) goto err;
if (name) /* optional */
{
if (!(req->tbsRequest->requestorName=GENERAL_NAME_new()))
goto err;
req->tbsRequest->requestorName->type = GEN_DIRNAME;
req->tbsRequest->requestorName->d.dirn = X509_NAME_dup(name);
}
if (!(req->tbsRequest->requestList = sk_OCSP_ONEREQ_new(NULL))) goto err;
if (extensions &&
(!(req->tbsRequest->requestExtensions = ext_dup(extensions))))
goto err;
return req;
err:
if (req) OCSP_REQUEST_free(req);
return NULL;
}
int OCSP_request_add(OCSP_REQUEST *req,
OCSP_CERTID *cid,
STACK_OF(X509_EXTENSION) *extensions)
{
OCSP_ONEREQ *one = NULL;
if (!(one = OCSP_ONEREQ_new())) goto err;
if (one->reqCert) OCSP_CERTID_free(one->reqCert);
if (!(one->reqCert = OCSP_CERTID_dup(cid))) goto err;
if (extensions&&(!(one->singleRequestExtensions=ext_dup(extensions))))
goto err;
if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err;
return 1;
err:
if (one) OCSP_ONEREQ_free(one);
return 0;
}
int OCSP_request_sign(OCSP_REQUEST *req,
EVP_PKEY *key,
const EVP_MD *dgst,
STACK_OF(X509) *certs)
{
int i;
OCSP_SIGNATURE *sig;
if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
if (certs)
{
if (!(sig->certs = sk_X509_dup(certs))) goto err;
for (i = 0; i < sk_X509_num(sig->certs); i++)
{
sk_X509_set(sig->certs, i,
X509_dup(sk_X509_value(certs,i)));
if (! sk_X509_value(sig->certs, i))
goto err;
}
}
return 1;
err:
if (req->optionalSignature)
{
OCSP_SIGNATURE_free(req->optionalSignature);
req->optionalSignature = NULL;
}
return 0;
}
OCSP_BASICRESP *OCSP_basic_response_new(int tag,
X509* cert,
STACK_OF(X509_EXTENSION) *extensions)
{
time_t t;
OCSP_RESPID *rid;
ASN1_BIT_STRING *bs;
OCSP_BASICRESP *rsp = NULL;
unsigned char md[SHA_DIGEST_LENGTH];
if (!(rsp = OCSP_BASICRESP_new())) goto err;
rid = rsp->tbsResponseData->responderId;
switch (rid->tag = tag)
{
case V_OCSP_RESPID_NAME:
/* cert is user cert */
if (!(rid->value.byName =
X509_NAME_dup(X509_get_subject_name(cert))))
goto err;
break;
case V_OCSP_RESPID_KEY:
/* cert is issuer cert */
/* SHA-1 hash of responder's public key
* (excluding the tag and length fields)
*/
bs = cert->cert_info->key->public_key;
SHA1(ASN1_STRING_data((ASN1_STRING*)bs),
ASN1_STRING_length((ASN1_STRING*)bs), md);
if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
goto err;
if (!(ASN1_OCTET_STRING_set(rid->value.byKey,
md, sizeof md)))
goto err;
break;
default:
OCSPerr(OCSP_F_BASIC_RESPONSE_NEW,OCSP_R_BAD_TAG);
goto err;
break;
}
time(&t);
if (!(ASN1_GENERALIZEDTIME_set(rsp->tbsResponseData->producedAt, t)))
goto err;
if (!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new(NULL))) goto err;
if (extensions && (!(rsp->tbsResponseData->responseExtensions =
ext_dup(extensions))))
goto err;
return rsp;
err:
if (rsp) OCSP_BASICRESP_free(rsp);
return NULL;
}
int OCSP_basic_response_add(OCSP_BASICRESP *rsp,
OCSP_CERTID *cid,
OCSP_CERTSTATUS *cst,
char *this,
char *next,
STACK_OF(X509_EXTENSION) *extensions)
{
OCSP_SINGLERESP *single = NULL;
if (!(single = OCSP_SINGLERESP_new())) goto err;
if (single->certId) OCSP_CERTID_free(single->certId);
if (!(single->certId = OCSP_CERTID_dup(cid))) goto err;
if (single->certStatus) OCSP_CERTSTATUS_free(single->certStatus);
if (!(single->certStatus = OCSP_CERTSTATUS_dup(cst))) goto err;
if (!ASN1_GENERALIZEDTIME_set_string(single->thisUpdate,this))goto err;
if (next)
{
if (!(single->nextUpdate = ASN1_GENERALIZEDTIME_new()))
goto err;
if (!ASN1_GENERALIZEDTIME_set_string(single->nextUpdate,next))
goto err;
}
if (extensions && (!(single->singleExtensions = ext_dup(extensions))))
goto err;
if (!sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses,single)) goto err;
return 1;
err:
if (single) OCSP_SINGLERESP_free(single);
return 0;
}
int OCSP_basic_response_sign(OCSP_BASICRESP *brsp,
EVP_PKEY *key,
const EVP_MD *dgst,
STACK_OF(X509) *certs)
{
int i;
/* Right now, I think that not doing double hashing is the right
thing. -- Richard Levitte */
if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
if (certs)
{
if (!(brsp->certs = sk_X509_dup(certs))) goto err;
for (i = 0; i < sk_X509_num(brsp->certs); i++)
{
sk_X509_set(brsp->certs, i,
X509_dup(sk_X509_value(certs, i)));
if (! sk_X509_value(brsp->certs, i))
goto err;
}
}
return 1;
err:
return 0;
}
OCSP_RESPONSE *OCSP_response_new(int status,
int nid,
int (*i2d)(),
char *data)
{
OCSP_RESPONSE *rsp = NULL;
if (!(rsp = OCSP_RESPONSE_new())) goto err;
if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
if (rsp->responseBytes->responseType) ASN1_OBJECT_free(rsp->responseBytes->responseType);
if (!(rsp->responseBytes->responseType = OBJ_nid2obj(nid))) goto err;
if (!ASN1_STRING_encode((ASN1_STRING*)rsp->responseBytes->response,
i2d, data, NULL)) goto err;
return rsp;
err:
if (rsp) OCSP_RESPONSE_free(rsp);
return NULL;
}
char* ocspResponseStatus2string(long s)
{
static struct { long t; char *m; } ts[6]= {
{ OCSP_RESPONSE_STATUS_SUCCESSFULL, "successful" },
{ OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
{ OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
{ OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
{ OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
{ OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }, *p;
for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
if (p->t == s)
return p->m;
return "(UNKNOWN)";
}
char* ocspCertStatus2string(long s)
{
static struct { long t; char *m; } ts[3]= {
{ V_OCSP_CERTSTATUS_GOOD, "good" },
{ V_OCSP_CERTSTATUS_REVOKED, "revoked" },
{ V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }, *p;
for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
if (p->t == s)
return p->m;
return "(UNKNOWN)";
}
char * cRLReason2string(long s)
{
static struct { long t; char *m; } ts[8]= {
{ OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
{ OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
{ OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
{ OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
{ OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
{ OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
{ OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
{ OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }, *p;
for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
if (p->t == s)
return p->m;
return "(UNKNOWN)";
}
static int i2a_GENERAL_NAME(bp,n)
BIO *bp;
GENERAL_NAME *n;
{
int j;
char *p;
if (n == NULL) return(0);
switch (n->type)
{
case GEN_DIRNAME:
X509_NAME_print(bp,n->d.dirn,16);
break;
case GEN_EMAIL:
case GEN_DNS:
case GEN_URI:
case GEN_IPADD:
p=(char *)n->d.ip->data;
for (j=n->d.ip->length;j>0;j--)
{
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bp,"%c",*p);
else if (*p & 0x80)
BIO_printf(bp,"\\0x%02X",*p);
else if ((unsigned char)*p == 0xf7)
BIO_printf(bp,"^?");
else BIO_printf(bp,"^%c",*p+'@');
p++;
}
break;
case GEN_RID:
i2a_ASN1_OBJECT(bp, n->d.rid);
break;
/* XXX these are legit, need to support at some time... */
case GEN_OTHERNAME:
case GEN_X400:
case GEN_EDIPARTY:
default:
return 0;
}
return 1;
}
int OCSP_REQUEST_print(bp, o)
BIO *bp;
OCSP_REQUEST* o;
{
int i,j,n;
long l;
char *s;
OCSP_CERTID* cid = NULL;
OCSP_ONEREQ *one = NULL;
OCSP_REQINFO *inf = o->tbsRequest;
OCSP_SIGNATURE *sig = o->optionalSignature;
if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
l=ASN1_INTEGER_get(inf->version);
if (BIO_printf(bp,"%4sVersion: %lu (0x%lx)","",l+1,l) <= 0) goto err;
if (inf->requestorName != NULL)
{
if (BIO_write(bp,"\n Requestor Name: ",21) <= 0)
goto err;
i2a_GENERAL_NAME(bp, inf->requestorName);
}
if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err;
for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
{
if (! sk_OCSP_ONEREQ_value(inf->requestList, i)) continue;
one = sk_OCSP_ONEREQ_value(inf->requestList, i);
cid = one->reqCert;
j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
if (BIO_printf(bp,"%8sHash Algorithm: %s","",
(j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
goto err;
if (BIO_write(bp,"\n Issuer Name Hash: ",27) <= 0)
goto err;
i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
if (BIO_write(bp,"\n Issuer Key Hash: ",26) <= 0)
goto err;
i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
if (BIO_write(bp,"\n Serial Number: ",24) <= 0)
goto err;
if (!i2a_ASN1_INTEGER(bp, cid->serialNumber))
goto err;
if (!BIO_write(bp,"\n",1)) goto err;
if (!OCSP_extensions_print(bp, one->singleRequestExtensions,
"Request Single Extensions"))
goto err;
}
if (!OCSP_extensions_print(bp, inf->requestExtensions,
"Request Extensions"))
goto err;
if (sig)
{
i=OBJ_obj2nid(sig->signatureAlgorithm->algorithm);
if (BIO_printf(bp,"OCSP Request Signature Algorithm: %s",
(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
goto err;
n=sig->signature->length;
s=(char *)sig->signature->data;
for (i=0; i<n; i++)
{
if ((i%18) == 0)
if (BIO_write(bp,"\n ",9) <= 0) goto err;
if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
((i+1) == n)?"":":") <= 0) goto err;
}
if (BIO_write(bp,"\n",1) != 1) goto err;
if (sig->certs)
{
for (i=0; i<sk_X509_num(sig->certs); i++)
if (sk_X509_value(sig->certs,i) != NULL)
X509_print(bp,
sk_X509_value(sig->certs,i));
}
}
return 1;
err:
return 0;
}
int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o)
{
int i, j, n;
long l;
char *s;
unsigned char *p;
OCSP_CERTID *cid = NULL;
OCSP_BASICRESP *br = NULL;
OCSP_RESPDATA *rd = NULL;
OCSP_CERTSTATUS *cst = NULL;
OCSP_REVOKEDINFO *rev = NULL;
OCSP_SINGLERESP *single = NULL;
OCSP_RESPBYTES *rb = o->responseBytes;
l=ASN1_ENUMERATED_get(o->responseStatus);
if (BIO_printf(bp,"OCSP Response Status: %s (0x%x)\n",
ocspResponseStatus2string(l), l) <= 0) goto err;
if (rb == NULL) return 1;
i=OBJ_obj2nid(rb->responseType);
if (BIO_printf(bp,"OCSP Response Bytes Response Type: %s",
(i == NID_undef)?"UNKNOWN":OBJ_nid2sn(i)) <= 0)
goto err;
if (i != NID_id_pkix_OCSP_basic)
{
BIO_printf(bp," (unknown response type)\n");
return 1;
}
p = ASN1_STRING_data(rb->response);
i = ASN1_STRING_length(rb->response);
if (!(d2i_OCSP_BASICRESP(&br, &p, i))) goto err;
rd = br->tbsResponseData;
l=ASN1_INTEGER_get(rd->version);
if (BIO_printf(bp,"\nBasic Response Data Version: %lu (0x%lx)\n",
l+1,l) <= 0) goto err;
if (BIO_printf(bp,"Basic Response Data Responder Id: ") <= 0) goto err;
i2a_OCSP_RESPID(bp, rd->responderId);
if (BIO_printf(bp,"\nBasic Response Data Produced At: ")<=0) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
if (BIO_printf(bp,"\nBasic Response Data Responses:\n") <= 0) goto err;
for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
{
if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
single = sk_OCSP_SINGLERESP_value(rd->responses, i);
cid = single->certId;
j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
if (BIO_printf(bp," Cert Id:") <= 0) goto err;
if (BIO_printf(bp,"\n%8sHash Algorithm: %s","",
(j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
goto err;
if (BIO_write(bp,"\n Issuer Name Hash: ",27) <= 0)
goto err;
i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
if (BIO_write(bp,"\n Issuer Key Hash: ",26) <= 0)
goto err;
i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
if (BIO_write(bp,"\n Serial Number: ",24) <= 0)
goto err;
if (!i2a_ASN1_INTEGER(bp, cid->serialNumber))
goto err;
cst = single->certStatus;
if (BIO_printf(bp,"\n Cert Status: %s (0x%x)",
ocspCertStatus2string(cst->tag), cst->tag) <= 0)
goto err;
if (cst->tag == V_OCSP_CERTSTATUS_REVOKED)
{
rev = cst->revoked;
if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,
rev->revocationTime))
goto err;
if (rev->revocationReason)
{
l=ASN1_ENUMERATED_get(rev->revocationReason);
if (BIO_printf(bp,
"\n Revocation Reason: %s (0x%x)",
cRLReason2string(l), l) <= 0)
goto err;
}
}
if (BIO_printf(bp,"\n This Update: ") <= 0) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
goto err;
if (single->nextUpdate)
{
if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err;
if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
goto err;
}
if (!BIO_write(bp,"\n",1)) goto err;
if (!OCSP_extensions_print(bp, single->singleExtensions,
"Basic Response Single Extensions"))
goto err;
}
if (!OCSP_extensions_print(bp, rd->responseExtensions,
"Basic Response Extensions")) goto err;
i=OBJ_obj2nid(br->signatureAlgorithm->algorithm);
if (BIO_printf(bp,"Basic Response Signature Algorithm: %s",
(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
goto err;
n=br->signature->length;
s=(char *)br->signature->data;
for (i=0; i<n; i++)
{
if ((i%18) == 0)
if (BIO_write(bp,"\n ",9) <= 0) goto err;
if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
((i+1) == n)?"":":") <= 0) goto err;
}
if (BIO_write(bp,"\n",1) != 1) goto err;
if (br->certs)
{
for (i=0; i<sk_X509_num(br->certs); i++)
if (sk_X509_value(br->certs,i) != NULL) {
X509_print(bp, sk_X509_value(br->certs,i));
PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
}
}
return 1;
err:
return 0;
}
int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind)
{
if (a->crlUrl)
{
if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
if (!BIO_write(bp, "\n", 1)) goto err;
}
if (a->crlNum)
{
if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
if (!BIO_write(bp, "\n", 1)) goto err;
}
if (a->crlTime)
{
if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
if (!BIO_write(bp, "\n", 1)) goto err;
}
return 1;
err:
return 0;
}
int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind)
{
int i, j;
ACCESS_DESCRIPTION *ad;
if (BIO_printf(bp, "%*sissuer: ", ind, "") <= 0) goto err;
if (X509_NAME_print(bp, a->issuer, 16) <= 0) goto err;
if (BIO_printf(bp, "\n", 1) <= 0) goto err;
/* Service locator is optional */
if (a->locator != NULL) {
if (BIO_printf(bp, "%*slocator:\n", ind, "") <= 0) goto err;
for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
{
ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
if (BIO_printf(bp, "%*smethod: ", (2*ind), "") <= 0)
goto err;
j=OBJ_obj2nid(ad->method);
if (BIO_printf(bp,"%s", (j == NID_undef)?"UNKNOWN":
OBJ_nid2ln(j)) <= 0)
goto err;
if (BIO_printf(bp, "\n%*sname: ", (2*ind), "") <= 0)
goto err;
if (i2a_GENERAL_NAME(bp, ad->location) <= 0) goto err;
if (BIO_write(bp, "\n", 1) <= 0) goto err;
}
}
return 1;
err:
return 0;
}
/* XXX assumes certs in signature are sorted root to leaf XXX */
int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
{
STACK_OF(X509) *sk;
if (!req->optionalSignature) return 0;
if (pkey == NULL)
{
if (!(sk = req->optionalSignature->certs)) return 0;
if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
{
OCSPerr(OCSP_F_REQUEST_VERIFY,OCSP_R_NO_PUBLIC_KEY);
return 0;
}
}
return OCSP_REQUEST_verify(req, pkey);
}
int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey)
{
int i, r;
unsigned char *p;
OCSP_RESPBYTES *rb;
OCSP_BASICRESP *br = NULL;
if ((rb = rsp->responseBytes) == NULL)
{
OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_NO_RESPONSE_DATA);
return 0;
}
if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
{
OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_BAD_TAG);
return 0;
}
p = ASN1_STRING_data(rb->response);
i = ASN1_STRING_length(rb->response);
if (!(d2i_OCSP_BASICRESP(&br, &p, i))) return 0;
r = OCSP_basic_response_verify(br, pkey);
OCSP_BASICRESP_free(br);
return r;
}
int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey)
{
STACK_OF(X509) *sk;
int ret;
if (!rsp->signature)
{
OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_SIGNATURE);
return 0;
}
if (pkey == NULL)
{
if (!(sk = rsp->certs))
{
OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_CERTIFICATE);
return 0;
}
if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
{
OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_PUBLIC_KEY);
return 0;
}
}
ret = OCSP_BASICRESP_verify(rsp, pkey, 0);
return ret;
}

316
crypto/ocsp/ocsp_req.c Normal file
View File

@ -0,0 +1,316 @@
/* ocsp_req.c */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was originally part of ocsp.c and was transfered to Richard
Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
in OpenSSL or released as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/bio.h>
#include <openssl/asn1_mac.h>
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/x509v3.h>
/* Make sure we work well with older variants of OpenSSL */
#ifndef OPENSSL_malloc
#define OPENSSL_malloc Malloc
#endif
#ifndef OPENSSL_realloc
#define OPENSSL_realloc Realloc
#endif
#ifndef OPENSSL_free
#define OPENSSL_free Free
#endif
IMPLEMENT_STACK_OF(OCSP_ONEREQ)
IMPLEMENT_ASN1_SET_OF(OCSP_ONEREQ)
OCSP_REQINFO *OCSP_REQINFO_new(void)
{
OCSP_REQINFO *ret=NULL;
ASN1_CTX c;
M_ASN1_New_Malloc(ret, OCSP_REQINFO);
ret->version = NULL;
ret->requestorName = NULL;
ret->requestList = NULL;
ret->requestExtensions = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_REQINFO_NEW);
}
void OCSP_REQINFO_free(OCSP_REQINFO *a)
{
if (a == NULL) return;
ASN1_INTEGER_free(a->version);
GENERAL_NAME_free(a->requestorName);
sk_OCSP_ONEREQ_pop_free(a->requestList, OCSP_ONEREQ_free);
sk_X509_EXTENSION_pop_free(a->requestExtensions, X509_EXTENSION_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_REQINFO(OCSP_REQINFO *a,
unsigned char **pp)
{
int v1=0,v2=0,v3=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
M_ASN1_I2D_len_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
M_ASN1_I2D_len_SEQUENCE_type(OCSP_ONEREQ,
a->requestList, i2d_OCSP_ONEREQ);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->requestExtensions, i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
M_ASN1_I2D_put_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
M_ASN1_I2D_put_SEQUENCE_type(OCSP_ONEREQ,a->requestList,i2d_OCSP_ONEREQ);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->requestExtensions,i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
M_ASN1_I2D_finish();
}
OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_REQINFO *,OCSP_REQINFO_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
/* we have the optional version field */
if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
{ M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
else
{
if (ret->version != NULL)
{
ASN1_INTEGER_free(ret->version);
ret->version=NULL;
}
}
M_ASN1_D2I_get_EXP_opt(ret->requestorName,d2i_GENERAL_NAME,1);
M_ASN1_D2I_get_seq_type(OCSP_ONEREQ, ret->requestList,
d2i_OCSP_ONEREQ,OCSP_ONEREQ_free);
/* there is no M_ASN1_D2I_get_EXP_seq* code, so
we're using the set version */
M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
ret->requestExtensions,d2i_X509_EXTENSION,
X509_EXTENSION_free,2,V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a,OCSP_REQINFO_free,ASN1_F_D2I_OCSP_REQINFO);
}
int i2a_OCSP_REQINFO(BIO *bp,
OCSP_REQINFO* a)
{
int i, j=1;
if (a->version == NULL) BIO_puts(bp, "0");
else i2a_ASN1_INTEGER(bp, a->version);
if (a->requestorName != NULL)
{
j++;
#ifdef UNDEF
i2a_GENERAL_NAME(bp, a->requestorName); /* does not exist */
#endif
}
if (a->requestList != NULL)
{
for (i=0; i<sk_OCSP_ONEREQ_num(a->requestList); i++)
if (sk_OCSP_ONEREQ_value(a->requestList,i) != NULL)
i2a_OCSP_ONEREQ(bp,
sk_OCSP_ONEREQ_value(a->requestList,i));
j+=sk_OCSP_ONEREQ_num(a->requestList);
}
j+=OCSP_extensions_print(bp, a->requestExtensions,
"Request Extensions");
return j;
}
OCSP_REQUEST *OCSP_REQUEST_new(void)
{
ASN1_CTX c;
OCSP_REQUEST *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_REQUEST);
M_ASN1_New(ret->tbsRequest, OCSP_REQINFO_new);
ret->optionalSignature = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_REQUEST_NEW);
}
void OCSP_REQUEST_free(OCSP_REQUEST *a)
{
if (a == NULL) return;
OCSP_REQINFO_free(a->tbsRequest);
OCSP_SIGNATURE_free(a->optionalSignature);
OPENSSL_free((char *)a);
}
int i2d_OCSP_REQUEST(OCSP_REQUEST *a,
unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->tbsRequest, i2d_OCSP_REQINFO);
M_ASN1_I2D_len_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->tbsRequest, i2d_OCSP_REQINFO);
M_ASN1_I2D_put_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
M_ASN1_I2D_finish();
}
OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_REQUEST *,OCSP_REQUEST_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->tbsRequest, d2i_OCSP_REQINFO);
M_ASN1_D2I_get_EXP_opt(ret->optionalSignature, d2i_OCSP_SIGNATURE, 0);
M_ASN1_D2I_Finish(a,OCSP_REQUEST_free,ASN1_F_D2I_OCSP_REQUEST);
}
int i2a_OCSP_REQUEST(BIO *bp,
OCSP_REQUEST* a)
{
i2a_OCSP_REQINFO(bp, a->tbsRequest);
i2a_OCSP_SIGNATURE(bp, a->optionalSignature);
return a->optionalSignature ? 2 : 1;
}
OCSP_ONEREQ *OCSP_ONEREQ_new(void)
{
ASN1_CTX c;
OCSP_ONEREQ *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_ONEREQ);
M_ASN1_New(ret->reqCert, OCSP_CERTID_new);
ret->singleRequestExtensions = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_ONEREQ_NEW);
}
void OCSP_ONEREQ_free(OCSP_ONEREQ *a)
{
if (a == NULL) return;
OCSP_CERTID_free(a->reqCert);
sk_X509_EXTENSION_pop_free(a->singleRequestExtensions, X509_EXTENSION_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a,
unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->reqCert, i2d_OCSP_CERTID);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
V_ASN1_SEQUENCE, v);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->reqCert, i2d_OCSP_CERTID);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
V_ASN1_SEQUENCE, v);
M_ASN1_I2D_finish();
}
OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_ONEREQ *,OCSP_ONEREQ_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->reqCert, d2i_OCSP_CERTID);
/* there is no M_ASN1_D2I_get_EXP_seq* code, so
we're using the set version */
M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
ret->singleRequestExtensions, d2i_X509_EXTENSION,
X509_EXTENSION_free, 0, V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a,OCSP_ONEREQ_free,ASN1_F_D2I_OCSP_ONEREQ);
}
int i2a_OCSP_ONEREQ(BIO *bp,
OCSP_ONEREQ* a)
{
i2a_OCSP_CERTID(bp, a->reqCert);
#ifdef UNDEF
/* XXX need generic extension print method or need to register
* ocsp extensions with existing extension handler mechanism,
* invoke i2a callbacks.
*/
if (a->singleRequestExtensions != NULL)
{
for (i=0; i<sk_X509_EXTENSION_num(a->singleRequestExtensions); i++)
if (sk_X509_EXTENSION_value(a->singleRequestExtensions,i) != NULL)
i2a_X509_EXTENSION(bp,
sk_X509_EXTENSION_value(
a->singleRequestExtensions, i));
j+=sk_X509_EXTENSION_num(a->singleRequestExtensions);
}
#endif
return 1;
}

896
crypto/ocsp/ocsp_res.c Normal file
View File

@ -0,0 +1,896 @@
/* ocsp_req.c */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was originally part of ocsp.c and was transfered to Richard
Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
in OpenSSL or released as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/err.h>
#include <openssl/objects.h>
#include <openssl/asn1_mac.h>
#include <openssl/ocsp.h>
#include <openssl/x509.h>
#include <openssl/x509v3.h>
/* Make sure we work well with older variants of OpenSSL */
#ifndef OPENSSL_malloc
#define OPENSSL_malloc Malloc
#endif
#ifndef OPENSSL_realloc
#define OPENSSL_realloc Realloc
#endif
#ifndef OPENSSL_free
#define OPENSSL_free Free
#endif
IMPLEMENT_STACK_OF(OCSP_SINGLERESP)
IMPLEMENT_ASN1_SET_OF(OCSP_SINGLERESP)
OCSP_RESPBYTES *OCSP_RESPBYTES_new(void)
{
ASN1_CTX c;
OCSP_RESPBYTES *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_RESPBYTES);
M_ASN1_New(ret->responseType, ASN1_OBJECT_new);
M_ASN1_New(ret->response, ASN1_OCTET_STRING_new);
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_RESPBYTES_NEW);
}
void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a)
{
if (a == NULL) return;
ASN1_OBJECT_free(a->responseType);
ASN1_OCTET_STRING_free(a->response);
OPENSSL_free((char *)a);
}
int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a,
unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->responseType, i2d_ASN1_OBJECT);
M_ASN1_I2D_len(a->response, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->responseType, i2d_ASN1_OBJECT);
M_ASN1_I2D_put(a->response, i2d_ASN1_OCTET_STRING);
M_ASN1_I2D_finish();
}
OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_RESPBYTES *,OCSP_RESPBYTES_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->responseType, d2i_ASN1_OBJECT);
M_ASN1_D2I_get(ret->response, d2i_ASN1_OCTET_STRING);
M_ASN1_D2I_Finish(a,OCSP_RESPBYTES_free,ASN1_F_D2I_OCSP_RESPBYTES);
}
int i2a_OCSP_RESPBYTES(BIO *bp,
OCSP_RESPBYTES* a)
{
i2a_ASN1_OBJECT(bp, a->responseType);
i2a_ASN1_STRING(bp, a->response, V_ASN1_OCTET_STRING);
return 2;
}
OCSP_RESPONSE *OCSP_RESPONSE_new(void)
{
ASN1_CTX c;
OCSP_RESPONSE *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_RESPONSE);
M_ASN1_New(ret->responseStatus, ASN1_ENUMERATED_new);
ret->responseBytes = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_RESPONSE_NEW);
}
void OCSP_RESPONSE_free(OCSP_RESPONSE *a)
{
if (a == NULL) return;
ASN1_ENUMERATED_free(a->responseStatus);
OCSP_RESPBYTES_free(a->responseBytes);
OPENSSL_free((char *)a);
}
int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a,
unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->responseStatus, i2d_ASN1_ENUMERATED);
M_ASN1_I2D_len_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->responseStatus, i2d_ASN1_ENUMERATED);
M_ASN1_I2D_put_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
M_ASN1_I2D_finish();
}
OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_RESPONSE *,OCSP_RESPONSE_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->responseStatus, d2i_ASN1_ENUMERATED);
M_ASN1_D2I_get_EXP_opt(ret->responseBytes, d2i_OCSP_RESPBYTES, 0);
M_ASN1_D2I_Finish(a,OCSP_RESPONSE_free,ASN1_F_D2I_OCSP_RESPONSE);
}
int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a)
{
i2a_ASN1_STRING(bp, a->responseStatus, V_ASN1_ENUMERATED);
i2a_OCSP_RESPBYTES(bp, a->responseBytes);
return a->responseBytes ? 2 : 1;
}
OCSP_RESPID *OCSP_RESPID_new(void)
{
ASN1_CTX c;
OCSP_RESPID *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_RESPID);
ret->tag = -1;
ret->value.byName = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_RESPID_NEW);
}
void OCSP_RESPID_free(OCSP_RESPID *a)
{
if (a == NULL) return;
switch (a->tag)
{
case V_OCSP_RESPID_NAME:
X509_NAME_free(a->value.byName);
break;
case V_OCSP_RESPID_KEY:
ASN1_OCTET_STRING_free(a->value.byKey);
break;
}
OPENSSL_free((char *)a);
}
int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
switch (a->tag)
{
case V_OCSP_RESPID_NAME:
v = i2d_X509_NAME(a->value.byName,NULL);
ret += ASN1_object_size(1, v, V_OCSP_RESPID_NAME);
if (pp==NULL) return ret;
p=*pp;
ASN1_put_object(&p, 1, v,
V_OCSP_RESPID_NAME,
V_ASN1_CONTEXT_SPECIFIC);
i2d_X509_NAME(a->value.byName,&p);
break;
case V_OCSP_RESPID_KEY:
v = i2d_ASN1_OCTET_STRING(a->value.byKey,NULL);
ret += ASN1_object_size(1, v, V_OCSP_RESPID_KEY);
if (pp==NULL) return ret;
p=*pp;
ASN1_put_object(&p, 1, v,
V_OCSP_RESPID_KEY,
V_ASN1_CONTEXT_SPECIFIC);
i2d_ASN1_OCTET_STRING(a->value.byKey,&p);
break;
}
if (pp && *pp) *pp=p;
return(r);
}
OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a,
unsigned char **pp,
long length)
{
int inf,xclass;
M_ASN1_D2I_vars(a,OCSP_RESPID *,OCSP_RESPID_new);
M_ASN1_D2I_Init();
c.slen = length; /* simulate sequence */
inf=ASN1_get_object(&c.p,&c.slen,&ret->tag,&xclass,c.slen);
if (inf & 0x80) goto err;
switch (ret->tag)
{
case V_OCSP_RESPID_NAME:
M_ASN1_D2I_get(ret->value.byName, d2i_X509_NAME);
break;
case V_OCSP_RESPID_KEY:
M_ASN1_D2I_get(ret->value.byKey, d2i_ASN1_OCTET_STRING);
break;
default:
ASN1err(ASN1_F_D2I_OCSP_RESPID,ASN1_R_BAD_TYPE);
break;
}
M_ASN1_D2I_Finish(a,OCSP_RESPID_free,ASN1_F_D2I_OCSP_RESPID);
}
int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a)
{
switch (a->tag)
{
case V_OCSP_RESPID_NAME:
X509_NAME_print(bp, a->value.byName, 16);
break;
case V_OCSP_RESPID_KEY:
i2a_ASN1_STRING(bp, a->value.byKey, V_ASN1_OCTET_STRING);
break;
}
return 1;
}
OCSP_RESPDATA *OCSP_RESPDATA_new(void)
{
ASN1_CTX c;
OCSP_RESPDATA *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_RESPDATA);
ret->version = NULL;
M_ASN1_New(ret->responderId, OCSP_RESPID_new);
M_ASN1_New(ret->producedAt, ASN1_GENERALIZEDTIME_new);
ret->responses = NULL;
ret->responseExtensions = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_RESPDATA_NEW);
}
void OCSP_RESPDATA_free(OCSP_RESPDATA *a)
{
if (a == NULL) return;
ASN1_INTEGER_free(a->version);
OCSP_RESPID_free(a->responderId);
ASN1_GENERALIZEDTIME_free(a->producedAt);
sk_OCSP_SINGLERESP_pop_free(a->responses, OCSP_SINGLERESP_free);
sk_X509_EXTENSION_pop_free(a->responseExtensions, X509_EXTENSION_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a,
unsigned char **pp)
{
int v1=0,v2=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
M_ASN1_I2D_len(a->responderId, i2d_OCSP_RESPID);
M_ASN1_I2D_len(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
M_ASN1_I2D_len_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
i2d_OCSP_SINGLERESP);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->responseExtensions, i2d_X509_EXTENSION, 1,
V_ASN1_SEQUENCE, v2);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
M_ASN1_I2D_put(a->responderId, i2d_OCSP_RESPID);
M_ASN1_I2D_put(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
M_ASN1_I2D_put_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
i2d_OCSP_SINGLERESP);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->responseExtensions, i2d_X509_EXTENSION, 1,
V_ASN1_SEQUENCE, v2);
M_ASN1_I2D_finish();
}
OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_RESPDATA *,OCSP_RESPDATA_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
/* we have the optional version field */
if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
{ M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
else
{
if (ret->version != NULL)
{
ASN1_INTEGER_free(ret->version);
ret->version=NULL;
}
}
M_ASN1_D2I_get(ret->responderId, d2i_OCSP_RESPID);
M_ASN1_D2I_get(ret->producedAt, d2i_ASN1_GENERALIZEDTIME);
M_ASN1_D2I_get_seq_type(OCSP_SINGLERESP, ret->responses,
d2i_OCSP_SINGLERESP, OCSP_SINGLERESP_free);
/* there is no M_ASN1_D2I_get_EXP_seq* code, so
we're using the set version */
M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
ret->responseExtensions, d2i_X509_EXTENSION,
X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a,OCSP_RESPDATA_free,ASN1_F_D2I_OCSP_RESPDATA);
}
int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a)
{
int i, j=2;
if (a->version == NULL) BIO_puts(bp, "0");
else i2a_ASN1_INTEGER(bp, a->version);
i2a_OCSP_RESPID(bp, a->responderId);
if (!ASN1_GENERALIZEDTIME_print(bp, a->producedAt)) return 0;
if (a->responses != NULL)
{
for (i=0; i<sk_OCSP_SINGLERESP_num(a->responses); i++)
if (sk_OCSP_SINGLERESP_value(a->responses,i) != NULL)
i2a_OCSP_SINGLERESP(bp,
sk_OCSP_SINGLERESP_value(a->responses,i));
j+=sk_OCSP_SINGLERESP_num(a->responses);
}
#ifdef UNDEF
/* XXX need generic extension print method or need to register
* ocsp extensions with existing extension handler mechanism,
* invoke i2a callbacks.
*/
if (a->responseExtensions != NULL)
{
for (i=0; i<sk_X509_EXTENSION_num(a->responseExtensions); i++)
if (sk_X509_EXTENSION_value(a->responseExtensions,i) != NULL)
i2a_X509_EXTENSION(bp,
sk_X509_EXTENSION_value(a->responseExtensions,i));
j+=sk_X509_EXTENSION_num(a->responseExtensions);
}
#endif
return j;
}
OCSP_BASICRESP *OCSP_BASICRESP_new(void)
{
ASN1_CTX c;
OCSP_BASICRESP *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_BASICRESP);
M_ASN1_New(ret->tbsResponseData, OCSP_RESPDATA_new);
M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
ret->certs = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_BASICRESP_NEW);
}
void OCSP_BASICRESP_free(OCSP_BASICRESP *a)
{
if (a == NULL) return;
OCSP_RESPDATA_free(a->tbsResponseData);
X509_ALGOR_free(a->signatureAlgorithm);
ASN1_BIT_STRING_free(a->signature);
sk_X509_pop_free(a->certs, X509_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->tbsResponseData, i2d_OCSP_RESPDATA);
M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs,
i2d_X509, 0, V_ASN1_SEQUENCE, v);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->tbsResponseData, i2d_OCSP_RESPDATA);
M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs,
i2d_X509, 0, V_ASN1_SEQUENCE, v);
M_ASN1_I2D_finish();
}
OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_BASICRESP *,OCSP_BASICRESP_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->tbsResponseData, d2i_OCSP_RESPDATA);
M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
/* there is no M_ASN1_D2I_get_EXP_seq* code, so
we're using the set version */
M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
X509_free, 0, V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a,OCSP_BASICRESP_free,ASN1_F_D2I_OCSP_BASICRESP);
}
int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a)
{
int i, j=3;
i2a_OCSP_RESPDATA(bp, a->tbsResponseData);
#ifdef UNDEF
/* XXX this guy isn't implemented. */
i2a_X509_ALGOR(bp, a->signatureAlgorithm);
#else /* instead, just show OID, not param */
i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
#endif
i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
if (a->certs != NULL)
{
for (i=0; i<sk_X509_num(a->certs); i++)
if (sk_X509_value(a->certs,i) != NULL)
X509_print(bp, sk_X509_value(a->certs,i));
j+=sk_X509_num(a->certs);
}
return j;
}
OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void)
{
ASN1_CTX c;
OCSP_REVOKEDINFO *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_REVOKEDINFO);
M_ASN1_New(ret->revocationTime, ASN1_GENERALIZEDTIME_new);
ret->revocationReason = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_REVOKEDINFO_NEW);
}
void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a)
{
if (a == NULL) return;
ASN1_GENERALIZEDTIME_free(a->revocationTime);
ASN1_ENUMERATED_free(a->revocationReason);
OPENSSL_free((char *)a);
}
int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
M_ASN1_I2D_len_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
M_ASN1_I2D_put_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
M_ASN1_I2D_finish();
}
OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_REVOKEDINFO *,OCSP_REVOKEDINFO_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->revocationTime, d2i_ASN1_GENERALIZEDTIME);
M_ASN1_D2I_get_EXP_opt(ret->revocationReason, d2i_ASN1_ENUMERATED, 0);
M_ASN1_D2I_Finish(a,OCSP_REVOKEDINFO_free,ASN1_F_D2I_OCSP_REVOKEDINFO);
}
int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a)
{
int i=0;
if (!ASN1_GENERALIZEDTIME_print(bp, a->revocationTime)) return 0;
if (a->revocationReason)
{
i2a_ASN1_STRING(bp, a->revocationReason, V_ASN1_ENUMERATED);
i++;
}
return i;
}
OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void)
{
ASN1_CTX c;
OCSP_CERTSTATUS *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_CERTSTATUS);
ret->tag = -1;
ret->revoked = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_CERTSTATUS_NEW);
}
void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a)
{
if (a == NULL) return;
OCSP_REVOKEDINFO_free(a->revoked);
OPENSSL_free((char *)a);
}
int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp)
{
unsigned char *qq;
M_ASN1_I2D_vars(a);
ret += 0; /* shush, compiler, shush... */
if (a == NULL) return(0);
switch (a->tag)
{
case V_OCSP_CERTSTATUS_GOOD:
case V_OCSP_CERTSTATUS_UNKNOWN:
r = 2;
if (pp)
{
qq=p=*pp;
ASN1_put_object(&p,0,0,
V_ASN1_NULL,V_ASN1_UNIVERSAL);
*qq=(V_ASN1_CONTEXT_SPECIFIC|a->tag|
(*qq&V_ASN1_CONSTRUCTED));
}
break;
case V_OCSP_CERTSTATUS_REVOKED:
r = i2d_OCSP_REVOKEDINFO(a->revoked,NULL);
if (pp)
{
p=*pp;
M_ASN1_I2D_put_IMP_opt(a->revoked,
i2d_OCSP_REVOKEDINFO,
a->tag);
}
break;
}
if (pp && *pp) *pp=p;
return(r);
}
OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a,
unsigned char **pp,
long length)
{
int tag, xclass, error=0;
long len;
unsigned char *p, *q, t;
OCSP_CERTSTATUS* ret=NULL;
if ((a == NULL) || ((*a) == NULL))
{
if ((ret=(OCSP_CERTSTATUS*)OCSP_CERTSTATUS_new()) == NULL)
goto err;
}
else ret=(*a);
p=*pp;
ret->tag = (*p & ~(V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC));
switch (ret->tag)
{
case V_OCSP_CERTSTATUS_GOOD:
case V_OCSP_CERTSTATUS_UNKNOWN:
ret->revoked = NULL;
q=p;
ASN1_get_object(&p,&len,&tag,&xclass,length);
if (len)
{
error = ASN1_R_BAD_TYPE;
goto err;
}
break;
case V_OCSP_CERTSTATUS_REVOKED:
q=p;
ASN1_get_object(&q,&len,&tag,&xclass,length);
t=*p;
*p=(t&~V_ASN1_PRIMATIVE_TAG)|V_ASN1_SEQUENCE;
q=p;
if (d2i_OCSP_REVOKEDINFO(&ret->revoked,
&p,length) == NULL)
goto err;
*q=t;
if ((p-q) != (len+2))
{
error = ASN1_R_BAD_TYPE;
goto err;
}
break;
default:
ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,ASN1_R_BAD_TYPE);
break;
}
*pp=p;
if (a != NULL) (*a)=ret;
return(ret);
err:
ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,error);
asn1_add_error(*pp,(int)(q- *pp));
if ((ret != NULL) && ((a == NULL) || (*a != ret)))
OCSP_CERTSTATUS_free(ret);
return(NULL);
}
int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a)
{
switch (a->tag)
{
case V_OCSP_CERTSTATUS_GOOD:
BIO_puts(bp, "CertStatus: good");
break;
case V_OCSP_CERTSTATUS_REVOKED:
BIO_puts(bp, "CertStatus: revoked");
i2a_OCSP_REVOKEDINFO(bp, a->revoked);
break;
case V_OCSP_CERTSTATUS_UNKNOWN:
BIO_puts(bp, "CertStatus: unknown");
break;
}
return 1;
}
OCSP_SINGLERESP *OCSP_SINGLERESP_new(void)
{
ASN1_CTX c;
OCSP_SINGLERESP *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_SINGLERESP);
M_ASN1_New(ret->certId, OCSP_CERTID_new);
M_ASN1_New(ret->certStatus, OCSP_CERTSTATUS_new);
M_ASN1_New(ret->thisUpdate, ASN1_GENERALIZEDTIME_new);
ret->nextUpdate = NULL;
ret->singleExtensions = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_SINGLERESP_NEW);
}
void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a)
{
if (a == NULL) return;
OCSP_CERTID_free(a->certId);
OCSP_CERTSTATUS_free(a->certStatus);
ASN1_GENERALIZEDTIME_free(a->thisUpdate);
ASN1_GENERALIZEDTIME_free(a->nextUpdate);
sk_X509_EXTENSION_pop_free(a->singleExtensions, X509_EXTENSION_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp)
{
int v1=0,v2=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->certId, i2d_OCSP_CERTID);
M_ASN1_I2D_len(a->certStatus, i2d_OCSP_CERTSTATUS);
M_ASN1_I2D_len(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
M_ASN1_I2D_len_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->certId, i2d_OCSP_CERTID);
M_ASN1_I2D_put(a->certStatus, i2d_OCSP_CERTSTATUS);
M_ASN1_I2D_put(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
M_ASN1_I2D_put_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
M_ASN1_I2D_finish();
}
OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_SINGLERESP *,OCSP_SINGLERESP_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->certId, d2i_OCSP_CERTID);
M_ASN1_D2I_get(ret->certStatus, d2i_OCSP_CERTSTATUS);
M_ASN1_D2I_get(ret->thisUpdate, d2i_ASN1_GENERALIZEDTIME);
M_ASN1_D2I_get_EXP_opt(ret->nextUpdate, d2i_ASN1_GENERALIZEDTIME, 0);
/* there is no M_ASN1_D2I_get_EXP_seq*, so had to use set here*/
M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION, ret->singleExtensions,
d2i_X509_EXTENSION, X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a,OCSP_SINGLERESP_free,ASN1_F_D2I_OCSP_SINGLERESP);
}
int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a)
{
int /* XXX i, */ j=3;
i2a_OCSP_CERTID(bp, a->certId);
i2a_OCSP_CERTSTATUS(bp, a->certStatus);
if (!ASN1_GENERALIZEDTIME_print(bp, a->thisUpdate)) return 0;
if (a->nextUpdate)
{
if (!ASN1_GENERALIZEDTIME_print(bp, a->nextUpdate)) return 0;
j++;
}
#ifdef UNDEF
/* XXX need generic extension print method or need to register
* ocsp extensions with existing extension handler mechanism,
* invoke i2a callbacks.
*/
if (a->singleExtensions != NULL)
{
for (i=0; i<sk_X509_EXTENSION_num(a->singleExtensions); i++)
if (sk_X509_EXTENSION_value(a->singleExtensions,i) != NULL)
i2a_X509_EXTENSION(bp,
sk_X509_EXTENSION_value(a->singleExtensions,i));
j+=sk_X509_EXTENSION_num(a->singleExtensions);
}
#endif
return j;
}
OCSP_CRLID *OCSP_CRLID_new(void)
{
ASN1_CTX c;
OCSP_CRLID *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_CRLID);
ret->crlUrl = NULL;
ret->crlNum = NULL;
ret->crlTime = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_CRLID_NEW);
}
void OCSP_CRLID_free(OCSP_CRLID *a)
{
if (a == NULL) return;
ASN1_IA5STRING_free(a->crlUrl);
ASN1_INTEGER_free(a->crlNum);
ASN1_GENERALIZEDTIME_free(a->crlTime);
OPENSSL_free((char *)a);
}
int i2d_OCSP_CRLID(OCSP_CRLID *a,
unsigned char **pp)
{
int v1=0,v2=0,v3=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
M_ASN1_I2D_len_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
M_ASN1_I2D_len_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
M_ASN1_I2D_put_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
M_ASN1_I2D_put_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
M_ASN1_I2D_finish();
}
OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_CRLID *,OCSP_CRLID_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get_EXP_opt(ret->crlUrl, d2i_ASN1_IA5STRING, 0);
M_ASN1_D2I_get_EXP_opt(ret->crlNum, d2i_ASN1_INTEGER, 1);
M_ASN1_D2I_get_EXP_opt(ret->crlTime, d2i_ASN1_GENERALIZEDTIME, 2);
M_ASN1_D2I_Finish(a,OCSP_CRLID_free,ASN1_F_D2I_OCSP_CRLID);
}
int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a)
{
int i = 0;
char buf[1024];
if (a->crlUrl && ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) i++;
if (a->crlNum && a2i_ASN1_INTEGER(bp, a->crlNum, buf, sizeof buf)) i++;
if (a->crlTime && ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) i++;
return i;
}
OCSP_SERVICELOC *OCSP_SERVICELOC_new(void)
{
ASN1_CTX c;
OCSP_SERVICELOC *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_SERVICELOC);
M_ASN1_New(ret->issuer, X509_NAME_new);
ret->locator = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_SERVICELOC_NEW);
}
void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a)
{
if (a == NULL) return;
X509_NAME_free(a->issuer);
sk_ACCESS_DESCRIPTION_pop_free(a->locator, ACCESS_DESCRIPTION_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a,
unsigned char **pp)
{
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->issuer, i2d_X509_NAME);
M_ASN1_I2D_len_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
a->locator, i2d_ACCESS_DESCRIPTION);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->issuer, i2d_X509_NAME);
M_ASN1_I2D_put_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
a->locator, i2d_ACCESS_DESCRIPTION);
M_ASN1_I2D_finish();
}
OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_SERVICELOC *,OCSP_SERVICELOC_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
M_ASN1_D2I_get_seq_opt_type(ACCESS_DESCRIPTION, ret->locator,
d2i_ACCESS_DESCRIPTION,ACCESS_DESCRIPTION_free);
M_ASN1_D2I_Finish(a,OCSP_SERVICELOC_free,ASN1_F_D2I_OCSP_SERVICELOC);
}
int i2a_OCSP_SERVICELOC(BIO *bp,
OCSP_SERVICELOC* a)
{
int i;
X509_NAME_print(bp, a->issuer, 16);
if (!a->locator) return 1;
for (i=0; i<sk_ACCESS_DESCRIPTION_num(a->locator); i++)
i2a_ACCESS_DESCRIPTION(bp,
sk_ACCESS_DESCRIPTION_value(a->locator,i));
return i+2;
}

157
crypto/ocsp/ocsp_sig.c Normal file
View File

@ -0,0 +1,157 @@
/* ocsp_sig.c */
/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
* project. */
/* History:
This file was originally part of ocsp.c and was transfered to Richard
Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
in OpenSSL or released as a patch kit. */
/* ====================================================================
* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. All advertising materials mentioning features or use of this
* software must display the following acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
*
* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
* endorse or promote products derived from this software without
* prior written permission. For written permission, please contact
* openssl-core@openssl.org.
*
* 5. Products derived from this software may not be called "OpenSSL"
* nor may "OpenSSL" appear in their names without prior written
* permission of the OpenSSL Project.
*
* 6. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by the OpenSSL Project
* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
*
* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
* OF THE POSSIBILITY OF SUCH DAMAGE.
* ====================================================================
*
* This product includes cryptographic software written by Eric Young
* (eay@cryptsoft.com). This product includes software written by Tim
* Hudson (tjh@cryptsoft.com).
*
*/
#include <openssl/bio.h>
#include <openssl/asn1_mac.h>
#include <openssl/err.h>
#include <openssl/ocsp.h>
#include <openssl/x509.h>
/* Make sure we work well with older variants of OpenSSL */
#ifndef OPENSSL_malloc
#define OPENSSL_malloc Malloc
#endif
#ifndef OPENSSL_realloc
#define OPENSSL_realloc Realloc
#endif
#ifndef OPENSSL_free
#define OPENSSL_free Free
#endif
OCSP_SIGNATURE *OCSP_SIGNATURE_new(void)
{
ASN1_CTX c;
OCSP_SIGNATURE *ret=NULL;
M_ASN1_New_Malloc(ret, OCSP_SIGNATURE);
M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
ret->certs = NULL;
return(ret);
M_ASN1_New_Error(ASN1_F_OCSP_SIGNATURE_NEW);
}
void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a)
{
if (a == NULL) return;
X509_ALGOR_free(a->signatureAlgorithm);
ASN1_BIT_STRING_free(a->signature);
if (a->certs) sk_X509_pop_free(a->certs, X509_free);
OPENSSL_free((char *)a);
}
int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a,
unsigned char **pp)
{
int v=0;
M_ASN1_I2D_vars(a);
M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509,
0, V_ASN1_SEQUENCE, v);
M_ASN1_I2D_seq_total();
M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509, 0,
V_ASN1_SEQUENCE, v);
M_ASN1_I2D_finish();
}
OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a,
unsigned char **pp,
long length)
{
M_ASN1_D2I_vars(a,OCSP_SIGNATURE *,OCSP_SIGNATURE_new);
M_ASN1_D2I_Init();
M_ASN1_D2I_start_sequence();
M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
/* there is no M_ASN1_D2I_get_EXP_seq* code, so
we're using the set version */
M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
X509_free, 0, V_ASN1_SEQUENCE);
M_ASN1_D2I_Finish(a,OCSP_SIGNATURE_free,ASN1_F_D2I_OCSP_SIGNATURE);
}
int i2a_OCSP_SIGNATURE(BIO *bp,
OCSP_SIGNATURE* a)
{
int i, j=2;
#ifdef UNDEF
/* XXX this guy isn't implemented. */
i2a_X509_ALGOR(bp, a->signatureAlgorithm);
#else /* instead, just show OID, not param */
i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
#endif
i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
if (a->certs != NULL)
{
for (i=0; i<sk_X509_num(a->certs); i++)
if (sk_X509_value(a->certs,i) != NULL)
X509_print(bp, sk_X509_value(a->certs,i));
j+=sk_X509_num(a->certs);
}
return j;
}

58
crypto/stack/safestack.h
View File

@ -484,6 +484,46 @@ STACK_OF(type) \
#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
@ -998,6 +1038,24 @@ STACK_OF(type) \
#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \

1
crypto/x509/x509.h
View File

@ -1061,6 +1061,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
int X509_print(BIO *bp,X509 *x);
int X509_ocspid_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);
int X509_REQ_print(BIO *bp,X509_REQ *req);

9
crypto/x509v3/v3_info.c
View File

@ -207,6 +207,15 @@ void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
OPENSSL_free (a);
}
int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
{
i2a_ASN1_OBJECT(bp, a->method);
#ifdef UNDEF
i2a_GENERAL_NAME(bp, a->location);
#endif
return 2;
}
STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
{
return sk_ACCESS_DESCRIPTION_new_null();

1
crypto/x509v3/x509v3.h
View File

@ -477,6 +477,7 @@ ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
long length);
int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);

1
util/mkdef.pl
View File

@ -202,6 +202,7 @@ $crypto.=" crypto/x509/x509_vfy.h";
$crypto.=" crypto/x509v3/x509v3.h";
$crypto.=" crypto/rand/rand.h";
$crypto.=" crypto/comp/comp.h";
$crypto.=" crypto/ocsp/ocsp.h";
$crypto.=" crypto/tmdiff.h";
my $symhacks="crypto/symhacks.h";

1
util/mkfiles.pl
View File

@ -46,6 +46,7 @@ my @dirs = (
"crypto/pkcs12",
"crypto/comp",
"crypto/engine",
"crypto/ocsp",
"ssl",
"rsaref",
"apps",