summaryrefslogtreecommitdiffstats
path: root/crypto/ocsp/ocsp_res.c
diff options
context:
space:
mode:
Diffstat (limited to 'crypto/ocsp/ocsp_res.c')
-rw-r--r--crypto/ocsp/ocsp_res.c896
1 files changed, 896 insertions, 0 deletions
diff --git a/crypto/ocsp/ocsp_res.c b/crypto/ocsp/ocsp_res.c
new file mode 100644
index 0000000000..34443aba11
--- /dev/null
+++ b/crypto/ocsp/ocsp_res.c
@@ -0,0 +1,896 @@
+/* ocsp_req.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was originally part of ocsp.c and was transfered to Richard
+ Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+ in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+IMPLEMENT_STACK_OF(OCSP_SINGLERESP)
+IMPLEMENT_ASN1_SET_OF(OCSP_SINGLERESP)
+
+OCSP_RESPBYTES *OCSP_RESPBYTES_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPBYTES *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPBYTES);
+ M_ASN1_New(ret->responseType, ASN1_OBJECT_new);
+ M_ASN1_New(ret->response, ASN1_OCTET_STRING_new);
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPBYTES_NEW);
+ }
+
+void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a)
+ {
+ if (a == NULL) return;
+ ASN1_OBJECT_free(a->responseType);
+ ASN1_OCTET_STRING_free(a->response);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a,
+ unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->responseType, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_len(a->response, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->responseType, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_put(a->response, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_RESPBYTES *,OCSP_RESPBYTES_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->responseType, d2i_ASN1_OBJECT);
+ M_ASN1_D2I_get(ret->response, d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_Finish(a,OCSP_RESPBYTES_free,ASN1_F_D2I_OCSP_RESPBYTES);
+ }
+
+int i2a_OCSP_RESPBYTES(BIO *bp,
+ OCSP_RESPBYTES* a)
+ {
+ i2a_ASN1_OBJECT(bp, a->responseType);
+ i2a_ASN1_STRING(bp, a->response, V_ASN1_OCTET_STRING);
+ return 2;
+ }
+
+OCSP_RESPONSE *OCSP_RESPONSE_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPONSE *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPONSE);
+ M_ASN1_New(ret->responseStatus, ASN1_ENUMERATED_new);
+ ret->responseBytes = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPONSE_NEW);
+ }
+
+void OCSP_RESPONSE_free(OCSP_RESPONSE *a)
+ {
+ if (a == NULL) return;
+ ASN1_ENUMERATED_free(a->responseStatus);
+ OCSP_RESPBYTES_free(a->responseBytes);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a,
+ unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->responseStatus, i2d_ASN1_ENUMERATED);
+ M_ASN1_I2D_len_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->responseStatus, i2d_ASN1_ENUMERATED);
+ M_ASN1_I2D_put_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_RESPONSE *,OCSP_RESPONSE_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->responseStatus, d2i_ASN1_ENUMERATED);
+ M_ASN1_D2I_get_EXP_opt(ret->responseBytes, d2i_OCSP_RESPBYTES, 0);
+ M_ASN1_D2I_Finish(a,OCSP_RESPONSE_free,ASN1_F_D2I_OCSP_RESPONSE);
+ }
+
+int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a)
+ {
+ i2a_ASN1_STRING(bp, a->responseStatus, V_ASN1_ENUMERATED);
+ i2a_OCSP_RESPBYTES(bp, a->responseBytes);
+ return a->responseBytes ? 2 : 1;
+ }
+
+OCSP_RESPID *OCSP_RESPID_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPID *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPID);
+ ret->tag = -1;
+ ret->value.byName = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPID_NEW);
+ }
+
+void OCSP_RESPID_free(OCSP_RESPID *a)
+ {
+ if (a == NULL) return;
+ switch (a->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ X509_NAME_free(a->value.byName);
+ break;
+ case V_OCSP_RESPID_KEY:
+ ASN1_OCTET_STRING_free(a->value.byKey);
+ break;
+ }
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+ switch (a->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ v = i2d_X509_NAME(a->value.byName,NULL);
+ ret += ASN1_object_size(1, v, V_OCSP_RESPID_NAME);
+ if (pp==NULL) return ret;
+ p=*pp;
+ ASN1_put_object(&p, 1, v,
+ V_OCSP_RESPID_NAME,
+ V_ASN1_CONTEXT_SPECIFIC);
+ i2d_X509_NAME(a->value.byName,&p);
+ break;
+ case V_OCSP_RESPID_KEY:
+ v = i2d_ASN1_OCTET_STRING(a->value.byKey,NULL);
+ ret += ASN1_object_size(1, v, V_OCSP_RESPID_KEY);
+ if (pp==NULL) return ret;
+ p=*pp;
+ ASN1_put_object(&p, 1, v,
+ V_OCSP_RESPID_KEY,
+ V_ASN1_CONTEXT_SPECIFIC);
+ i2d_ASN1_OCTET_STRING(a->value.byKey,&p);
+ break;
+ }
+ if (pp && *pp) *pp=p;
+ return(r);
+ }
+
+OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a,
+ unsigned char **pp,
+ long length)
+ {
+ int inf,xclass;
+ M_ASN1_D2I_vars(a,OCSP_RESPID *,OCSP_RESPID_new);
+
+ M_ASN1_D2I_Init();
+ c.slen = length; /* simulate sequence */
+ inf=ASN1_get_object(&c.p,&c.slen,&ret->tag,&xclass,c.slen);
+ if (inf & 0x80) goto err;
+ switch (ret->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ M_ASN1_D2I_get(ret->value.byName, d2i_X509_NAME);
+ break;
+ case V_OCSP_RESPID_KEY:
+ M_ASN1_D2I_get(ret->value.byKey, d2i_ASN1_OCTET_STRING);
+ break;
+ default:
+ ASN1err(ASN1_F_D2I_OCSP_RESPID,ASN1_R_BAD_TYPE);
+ break;
+ }
+ M_ASN1_D2I_Finish(a,OCSP_RESPID_free,ASN1_F_D2I_OCSP_RESPID);
+ }
+
+int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a)
+ {
+ switch (a->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ X509_NAME_print(bp, a->value.byName, 16);
+ break;
+ case V_OCSP_RESPID_KEY:
+ i2a_ASN1_STRING(bp, a->value.byKey, V_ASN1_OCTET_STRING);
+ break;
+ }
+
+ return 1;
+ }
+
+OCSP_RESPDATA *OCSP_RESPDATA_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPDATA *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPDATA);
+ ret->version = NULL;
+ M_ASN1_New(ret->responderId, OCSP_RESPID_new);
+ M_ASN1_New(ret->producedAt, ASN1_GENERALIZEDTIME_new);
+ ret->responses = NULL;
+ ret->responseExtensions = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPDATA_NEW);
+ }
+
+void OCSP_RESPDATA_free(OCSP_RESPDATA *a)
+ {
+ if (a == NULL) return;
+ ASN1_INTEGER_free(a->version);
+ OCSP_RESPID_free(a->responderId);
+ ASN1_GENERALIZEDTIME_free(a->producedAt);
+ sk_OCSP_SINGLERESP_pop_free(a->responses, OCSP_SINGLERESP_free);
+ sk_X509_EXTENSION_pop_free(a->responseExtensions, X509_EXTENSION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a,
+ unsigned char **pp)
+ {
+ int v1=0,v2=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
+ M_ASN1_I2D_len(a->responderId, i2d_OCSP_RESPID);
+ M_ASN1_I2D_len(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_len_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
+ i2d_OCSP_SINGLERESP);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->responseExtensions, i2d_X509_EXTENSION, 1,
+ V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
+ M_ASN1_I2D_put(a->responderId, i2d_OCSP_RESPID);
+ M_ASN1_I2D_put(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_put_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
+ i2d_OCSP_SINGLERESP);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->responseExtensions, i2d_X509_EXTENSION, 1,
+ V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_RESPDATA *,OCSP_RESPDATA_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ /* we have the optional version field */
+ if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+ { M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
+ else
+ {
+ if (ret->version != NULL)
+ {
+ ASN1_INTEGER_free(ret->version);
+ ret->version=NULL;
+ }
+ }
+ M_ASN1_D2I_get(ret->responderId, d2i_OCSP_RESPID);
+ M_ASN1_D2I_get(ret->producedAt, d2i_ASN1_GENERALIZEDTIME);
+ M_ASN1_D2I_get_seq_type(OCSP_SINGLERESP, ret->responses,
+ d2i_OCSP_SINGLERESP, OCSP_SINGLERESP_free);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+ ret->responseExtensions, d2i_X509_EXTENSION,
+ X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_RESPDATA_free,ASN1_F_D2I_OCSP_RESPDATA);
+ }
+
+int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a)
+ {
+ int i, j=2;
+ if (a->version == NULL) BIO_puts(bp, "0");
+ else i2a_ASN1_INTEGER(bp, a->version);
+ i2a_OCSP_RESPID(bp, a->responderId);
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->producedAt)) return 0;
+ if (a->responses != NULL)
+ {
+ for (i=0; i<sk_OCSP_SINGLERESP_num(a->responses); i++)
+ if (sk_OCSP_SINGLERESP_value(a->responses,i) != NULL)
+ i2a_OCSP_SINGLERESP(bp,
+ sk_OCSP_SINGLERESP_value(a->responses,i));
+ j+=sk_OCSP_SINGLERESP_num(a->responses);
+ }
+#ifdef UNDEF
+ /* XXX need generic extension print method or need to register
+ * ocsp extensions with existing extension handler mechanism,
+ * invoke i2a callbacks.
+ */
+ if (a->responseExtensions != NULL)
+ {
+ for (i=0; i<sk_X509_EXTENSION_num(a->responseExtensions); i++)
+ if (sk_X509_EXTENSION_value(a->responseExtensions,i) != NULL)
+ i2a_X509_EXTENSION(bp,
+ sk_X509_EXTENSION_value(a->responseExtensions,i));
+ j+=sk_X509_EXTENSION_num(a->responseExtensions);
+ }
+#endif
+ return j;
+ }
+
+OCSP_BASICRESP *OCSP_BASICRESP_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_BASICRESP *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_BASICRESP);
+ M_ASN1_New(ret->tbsResponseData, OCSP_RESPDATA_new);
+ M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
+ M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+ ret->certs = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_BASICRESP_NEW);
+ }
+
+void OCSP_BASICRESP_free(OCSP_BASICRESP *a)
+ {
+ if (a == NULL) return;
+ OCSP_RESPDATA_free(a->tbsResponseData);
+ X509_ALGOR_free(a->signatureAlgorithm);
+ ASN1_BIT_STRING_free(a->signature);
+ sk_X509_pop_free(a->certs, X509_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->tbsResponseData, i2d_OCSP_RESPDATA);
+ M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs,
+ i2d_X509, 0, V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->tbsResponseData, i2d_OCSP_RESPDATA);
+ M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs,
+ i2d_X509, 0, V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_BASICRESP *,OCSP_BASICRESP_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->tbsResponseData, d2i_OCSP_RESPDATA);
+ M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
+ X509_free, 0, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_BASICRESP_free,ASN1_F_D2I_OCSP_BASICRESP);
+ }
+
+int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a)
+ {
+ int i, j=3;
+ i2a_OCSP_RESPDATA(bp, a->tbsResponseData);
+#ifdef UNDEF
+ /* XXX this guy isn't implemented. */
+ i2a_X509_ALGOR(bp, a->signatureAlgorithm);
+#else /* instead, just show OID, not param */
+ i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
+#endif
+ i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
+ if (a->certs != NULL)
+ {
+ for (i=0; i<sk_X509_num(a->certs); i++)
+ if (sk_X509_value(a->certs,i) != NULL)
+ X509_print(bp, sk_X509_value(a->certs,i));
+ j+=sk_X509_num(a->certs);
+ }
+ return j;
+ }
+
+OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_REVOKEDINFO *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_REVOKEDINFO);
+ M_ASN1_New(ret->revocationTime, ASN1_GENERALIZEDTIME_new);
+ ret->revocationReason = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_REVOKEDINFO_NEW);
+ }
+
+void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a)
+ {
+ if (a == NULL) return;
+ ASN1_GENERALIZEDTIME_free(a->revocationTime);
+ ASN1_ENUMERATED_free(a->revocationReason);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_len_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_put_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_REVOKEDINFO *,OCSP_REVOKEDINFO_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->revocationTime, d2i_ASN1_GENERALIZEDTIME);
+ M_ASN1_D2I_get_EXP_opt(ret->revocationReason, d2i_ASN1_ENUMERATED, 0);
+ M_ASN1_D2I_Finish(a,OCSP_REVOKEDINFO_free,ASN1_F_D2I_OCSP_REVOKEDINFO);
+ }
+
+int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a)
+ {
+ int i=0;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->revocationTime)) return 0;
+ if (a->revocationReason)
+ {
+ i2a_ASN1_STRING(bp, a->revocationReason, V_ASN1_ENUMERATED);
+ i++;
+ }
+ return i;
+ }
+
+OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void)
+
+ {
+ ASN1_CTX c;
+ OCSP_CERTSTATUS *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_CERTSTATUS);
+ ret->tag = -1;
+ ret->revoked = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_CERTSTATUS_NEW);
+ }
+
+void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a)
+ {
+ if (a == NULL) return;
+ OCSP_REVOKEDINFO_free(a->revoked);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp)
+ {
+ unsigned char *qq;
+ M_ASN1_I2D_vars(a);
+ ret += 0; /* shush, compiler, shush... */
+ if (a == NULL) return(0);
+ switch (a->tag)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ r = 2;
+ if (pp)
+ {
+ qq=p=*pp;
+ ASN1_put_object(&p,0,0,
+ V_ASN1_NULL,V_ASN1_UNIVERSAL);
+ *qq=(V_ASN1_CONTEXT_SPECIFIC|a->tag|
+ (*qq&V_ASN1_CONSTRUCTED));
+ }
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ r = i2d_OCSP_REVOKEDINFO(a->revoked,NULL);
+ if (pp)
+ {
+ p=*pp;
+ M_ASN1_I2D_put_IMP_opt(a->revoked,
+ i2d_OCSP_REVOKEDINFO,
+ a->tag);
+ }
+ break;
+
+ }
+ if (pp && *pp) *pp=p;
+ return(r);
+ }
+
+OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a,
+ unsigned char **pp,
+ long length)
+ {
+ int tag, xclass, error=0;
+ long len;
+ unsigned char *p, *q, t;
+ OCSP_CERTSTATUS* ret=NULL;
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=(OCSP_CERTSTATUS*)OCSP_CERTSTATUS_new()) == NULL)
+ goto err;
+ }
+ else ret=(*a);
+ p=*pp;
+ ret->tag = (*p & ~(V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC));
+ switch (ret->tag)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ ret->revoked = NULL;
+ q=p;
+ ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (len)
+ {
+ error = ASN1_R_BAD_TYPE;
+ goto err;
+ }
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ q=p;
+ ASN1_get_object(&q,&len,&tag,&xclass,length);
+ t=*p;
+ *p=(t&~V_ASN1_PRIMATIVE_TAG)|V_ASN1_SEQUENCE;
+ q=p;
+ if (d2i_OCSP_REVOKEDINFO(&ret->revoked,
+ &p,length) == NULL)
+ goto err;
+ *q=t;
+ if ((p-q) != (len+2))
+ {
+ error = ASN1_R_BAD_TYPE;
+ goto err;
+ }
+ break;
+ default:
+ ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,ASN1_R_BAD_TYPE);
+ break;
+ }
+ *pp=p;
+ if (a != NULL) (*a)=ret;
+ return(ret);
+err:
+ ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,error);
+ asn1_add_error(*pp,(int)(q- *pp));
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ OCSP_CERTSTATUS_free(ret);
+ return(NULL);
+ }
+
+int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a)
+ {
+ switch (a->tag)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ BIO_puts(bp, "CertStatus: good");
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ BIO_puts(bp, "CertStatus: revoked");
+ i2a_OCSP_REVOKEDINFO(bp, a->revoked);
+ break;
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ BIO_puts(bp, "CertStatus: unknown");
+ break;
+ }
+ return 1;
+ }
+
+OCSP_SINGLERESP *OCSP_SINGLERESP_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_SINGLERESP *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_SINGLERESP);
+ M_ASN1_New(ret->certId, OCSP_CERTID_new);
+ M_ASN1_New(ret->certStatus, OCSP_CERTSTATUS_new);
+ M_ASN1_New(ret->thisUpdate, ASN1_GENERALIZEDTIME_new);
+ ret->nextUpdate = NULL;
+ ret->singleExtensions = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_SINGLERESP_NEW);
+ }
+
+void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a)
+ {
+ if (a == NULL) return;
+ OCSP_CERTID_free(a->certId);
+ OCSP_CERTSTATUS_free(a->certStatus);
+ ASN1_GENERALIZEDTIME_free(a->thisUpdate);
+ ASN1_GENERALIZEDTIME_free(a->nextUpdate);
+ sk_X509_EXTENSION_pop_free(a->singleExtensions, X509_EXTENSION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp)
+ {
+ int v1=0,v2=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->certId, i2d_OCSP_CERTID);
+ M_ASN1_I2D_len(a->certStatus, i2d_OCSP_CERTSTATUS);
+ M_ASN1_I2D_len(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_len_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->certId, i2d_OCSP_CERTID);
+ M_ASN1_I2D_put(a->certStatus, i2d_OCSP_CERTSTATUS);
+ M_ASN1_I2D_put(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_put_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_SINGLERESP *,OCSP_SINGLERESP_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->certId, d2i_OCSP_CERTID);
+ M_ASN1_D2I_get(ret->certStatus, d2i_OCSP_CERTSTATUS);
+ M_ASN1_D2I_get(ret->thisUpdate, d2i_ASN1_GENERALIZEDTIME);
+ M_ASN1_D2I_get_EXP_opt(ret->nextUpdate, d2i_ASN1_GENERALIZEDTIME, 0);
+ /* there is no M_ASN1_D2I_get_EXP_seq*, so had to use set here*/
+ M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION, ret->singleExtensions,
+ d2i_X509_EXTENSION, X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_SINGLERESP_free,ASN1_F_D2I_OCSP_SINGLERESP);
+ }
+
+int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a)
+ {
+ int /* XXX i, */ j=3;
+ i2a_OCSP_CERTID(bp, a->certId);
+ i2a_OCSP_CERTSTATUS(bp, a->certStatus);
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->thisUpdate)) return 0;
+ if (a->nextUpdate)
+ {
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->nextUpdate)) return 0;
+ j++;
+ }
+#ifdef UNDEF
+ /* XXX need generic extension print method or need to register
+ * ocsp extensions with existing extension handler mechanism,
+ * invoke i2a callbacks.
+ */
+ if (a->singleExtensions != NULL)
+ {
+ for (i=0; i<sk_X509_EXTENSION_num(a->singleExtensions); i++)
+ if (sk_X509_EXTENSION_value(a->singleExtensions,i) != NULL)
+ i2a_X509_EXTENSION(bp,
+ sk_X509_EXTENSION_value(a->singleExtensions,i));
+ j+=sk_X509_EXTENSION_num(a->singleExtensions);
+ }
+#endif
+ return j;
+ }
+
+OCSP_CRLID *OCSP_CRLID_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_CRLID *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_CRLID);
+ ret->crlUrl = NULL;
+ ret->crlNum = NULL;
+ ret->crlTime = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_CRLID_NEW);
+ }
+
+void OCSP_CRLID_free(OCSP_CRLID *a)
+ {
+ if (a == NULL) return;
+ ASN1_IA5STRING_free(a->crlUrl);
+ ASN1_INTEGER_free(a->crlNum);
+ ASN1_GENERALIZEDTIME_free(a->crlTime);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_CRLID(OCSP_CRLID *a,
+ unsigned char **pp)
+ {
+ int v1=0,v2=0,v3=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
+ M_ASN1_I2D_len_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
+ M_ASN1_I2D_len_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
+ M_ASN1_I2D_put_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
+ M_ASN1_I2D_put_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_CRLID *,OCSP_CRLID_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_EXP_opt(ret->crlUrl, d2i_ASN1_IA5STRING, 0);
+ M_ASN1_D2I_get_EXP_opt(ret->crlNum, d2i_ASN1_INTEGER, 1);
+ M_ASN1_D2I_get_EXP_opt(ret->crlTime, d2i_ASN1_GENERALIZEDTIME, 2);
+ M_ASN1_D2I_Finish(a,OCSP_CRLID_free,ASN1_F_D2I_OCSP_CRLID);
+ }
+
+int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a)
+ {
+ int i = 0;
+ char buf[1024];
+ if (a->crlUrl && ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) i++;
+ if (a->crlNum && a2i_ASN1_INTEGER(bp, a->crlNum, buf, sizeof buf)) i++;
+ if (a->crlTime && ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) i++;
+ return i;
+ }
+
+OCSP_SERVICELOC *OCSP_SERVICELOC_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_SERVICELOC *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_SERVICELOC);
+ M_ASN1_New(ret->issuer, X509_NAME_new);
+ ret->locator = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_SERVICELOC_NEW);
+ }
+
+void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a)
+ {
+ if (a == NULL) return;
+ X509_NAME_free(a->issuer);
+ sk_ACCESS_DESCRIPTION_pop_free(a->locator, ACCESS_DESCRIPTION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a,
+ unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->issuer, i2d_X509_NAME);
+ M_ASN1_I2D_len_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
+ a->locator, i2d_ACCESS_DESCRIPTION);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->issuer, i2d_X509_NAME);
+ M_ASN1_I2D_put_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
+ a->locator, i2d_ACCESS_DESCRIPTION);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_SERVICELOC *,OCSP_SERVICELOC_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
+ M_ASN1_D2I_get_seq_opt_type(ACCESS_DESCRIPTION, ret->locator,
+ d2i_ACCESS_DESCRIPTION,ACCESS_DESCRIPTION_free);
+ M_ASN1_D2I_Finish(a,OCSP_SERVICELOC_free,ASN1_F_D2I_OCSP_SERVICELOC);
+ }
+
+int i2a_OCSP_SERVICELOC(BIO *bp,
+ OCSP_SERVICELOC* a)
+ {
+ int i;
+ X509_NAME_print(bp, a->issuer, 16);
+ if (!a->locator) return 1;
+ for (i=0; i<sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+ i2a_ACCESS_DESCRIPTION(bp,
+ sk_ACCESS_DESCRIPTION_value(a->locator,i));
+ return i+2;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 12:04:30 +0000