summaryrefslogtreecommitdiffstats
path: root/crypto
diff options
context:
space:
mode:
Diffstat (limited to 'crypto')
-rw-r--r--crypto/asn1/asn1.h30
-rw-r--r--crypto/asn1/asn1_err.c30
-rw-r--r--crypto/asn1/t_x509.c50
-rw-r--r--crypto/err/err.h2
-rw-r--r--crypto/err/openssl.ec1
-rw-r--r--crypto/ocsp/Makefile.ssl243
-rw-r--r--crypto/ocsp/ocsp.h591
-rw-r--r--crypto/ocsp/ocsp_cid.c157
-rw-r--r--crypto/ocsp/ocsp_err.c116
-rw-r--r--crypto/ocsp/ocsp_ext.c347
-rw-r--r--crypto/ocsp/ocsp_lib.c791
-rw-r--r--crypto/ocsp/ocsp_req.c316
-rw-r--r--crypto/ocsp/ocsp_res.c896
-rw-r--r--crypto/ocsp/ocsp_sig.c157
-rw-r--r--crypto/stack/safestack.h58
-rw-r--r--crypto/x509/x509.h1
-rw-r--r--crypto/x509v3/v3_info.c9
-rw-r--r--crypto/x509v3/x509v3.h1
18 files changed, 3796 insertions, 0 deletions
diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h
index 6f956b1963..3daf4e483a 100644
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@@ -956,6 +956,21 @@ void ASN1_STRING_TABLE_cleanup(void);
#define ASN1_F_D2I_NETSCAPE_SPKAC 143
#define ASN1_F_D2I_NETSCAPE_SPKI 144
#define ASN1_F_D2I_NOTICEREF 268
+#define ASN1_F_D2I_OCSP_BASICRESP 293
+#define ASN1_F_D2I_OCSP_CERTID 294
+#define ASN1_F_D2I_OCSP_CERTSTATUS 295
+#define ASN1_F_D2I_OCSP_CRLID 296
+#define ASN1_F_D2I_OCSP_ONEREQ 297
+#define ASN1_F_D2I_OCSP_REQINFO 298
+#define ASN1_F_D2I_OCSP_REQUEST 299
+#define ASN1_F_D2I_OCSP_RESPBYTES 300
+#define ASN1_F_D2I_OCSP_RESPDATA 301
+#define ASN1_F_D2I_OCSP_RESPID 302
+#define ASN1_F_D2I_OCSP_RESPONSE 303
+#define ASN1_F_D2I_OCSP_REVOKEDINFO 304
+#define ASN1_F_D2I_OCSP_SERVICELOC 305
+#define ASN1_F_D2I_OCSP_SIGNATURE 306
+#define ASN1_F_D2I_OCSP_SINGLERESP 307
#define ASN1_F_D2I_OTHERNAME 287
#define ASN1_F_D2I_PBE2PARAM 262
#define ASN1_F_D2I_PBEPARAM 249
@@ -1027,6 +1042,21 @@ void ASN1_STRING_TABLE_cleanup(void);
#define ASN1_F_NETSCAPE_SPKAC_NEW 190
#define ASN1_F_NETSCAPE_SPKI_NEW 191
#define ASN1_F_NOTICEREF_NEW 272
+#define ASN1_F_OCSP_BASICRESP_NEW 308
+#define ASN1_F_OCSP_CERTID_NEW 309
+#define ASN1_F_OCSP_CERTSTATUS_NEW 310
+#define ASN1_F_OCSP_CRLID_NEW 311
+#define ASN1_F_OCSP_ONEREQ_NEW 312
+#define ASN1_F_OCSP_REQINFO_NEW 313
+#define ASN1_F_OCSP_REQUEST_NEW 314
+#define ASN1_F_OCSP_RESPBYTES_NEW 315
+#define ASN1_F_OCSP_RESPDATA_NEW 316
+#define ASN1_F_OCSP_RESPID_NEW 317
+#define ASN1_F_OCSP_RESPONSE_NEW 318
+#define ASN1_F_OCSP_REVOKEDINFO_NEW 319
+#define ASN1_F_OCSP_SERVICELOC_NEW 320
+#define ASN1_F_OCSP_SIGNATURE_NEW 321
+#define ASN1_F_OCSP_SINGLERESP_NEW 322
#define ASN1_F_OTHERNAME_NEW 288
#define ASN1_F_PBE2PARAM_NEW 264
#define ASN1_F_PBEPARAM_NEW 251
diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c
index cecd555c88..3a53cb33c5 100644
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@@ -141,6 +141,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "d2i_NETSCAPE_SPKAC"},
{ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "d2i_NETSCAPE_SPKI"},
{ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0), "d2i_NOTICEREF"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0), "d2i_OCSP_BASICRESP"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0), "d2i_OCSP_CERTID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0), "d2i_OCSP_CERTSTATUS"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0), "d2i_OCSP_CRLID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0), "d2i_OCSP_ONEREQ"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0), "d2i_OCSP_REQINFO"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0), "d2i_OCSP_REQUEST"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0), "d2i_OCSP_RESPBYTES"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0), "d2i_OCSP_RESPDATA"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0), "d2i_OCSP_RESPID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0), "d2i_OCSP_RESPONSE"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0), "d2i_OCSP_REVOKEDINFO"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0), "d2i_OCSP_SERVICELOC"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0), "d2i_OCSP_SIGNATURE"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0), "d2i_OCSP_SINGLERESP"},
{ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0), "d2i_OTHERNAME"},
{ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0), "d2i_PBE2PARAM"},
{ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0), "d2i_PBEPARAM"},
@@ -212,6 +227,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_new"},
{ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_new"},
{ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0), "NOTICEREF_new"},
+{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0), "OCSP_BASICRESP_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0), "OCSP_CERTID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0), "OCSP_CERTSTATUS_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0), "OCSP_CRLID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0), "OCSP_ONEREQ_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0), "OCSP_REQINFO_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0), "OCSP_REQUEST_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0), "OCSP_RESPBYTES_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0), "OCSP_RESPDATA_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0), "OCSP_RESPID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0), "OCSP_RESPONSE_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0), "OCSP_REVOKEDINFO_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0), "OCSP_SERVICELOC_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0), "OCSP_SIGNATURE_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0), "OCSP_SINGLERESP_new"},
{ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0), "OTHERNAME_new"},
{ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0), "PBE2PARAM_new"},
{ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0), "PBEPARAM_new"},
diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c
index f2979bf5a7..823c20860c 100644
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@@ -282,6 +282,56 @@ err:
return(ret);
}
+int X509_ocspid_print (BIO *bp, X509 *x)
+ {
+ unsigned char *der=NULL ;
+ unsigned char *dertmp;
+ int derlen;
+ int i;
+ SHA_CTX SHA1buf ;
+ unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+ /* display the hash of the subject as it would appear
+ in OCSP requests */
+ if (BIO_printf(bp," Subject OCSP hash: ") <= 0)
+ goto err;
+ derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+ if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+ goto err;
+ i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+ SHA1_Init(&SHA1buf);
+ SHA1_Update(&SHA1buf, der, derlen);
+ SHA1_Final(SHA1md,&SHA1buf);
+ for (i=0; i < SHA_DIGEST_LENGTH; i++)
+ {
+ if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+ }
+ OPENSSL_free (der);
+ der=NULL;
+
+ /* display the hash of the public key as it would appear
+ in OCSP requests */
+ if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0)
+ goto err;
+
+ SHA1_Init(&SHA1buf);
+ SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
+ x->cert_info->key->public_key->length);
+ SHA1_Final(SHA1md,&SHA1buf);
+ for (i=0; i < SHA_DIGEST_LENGTH; i++)
+ {
+ if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+ goto err;
+ }
+ BIO_printf(bp,"\n");
+
+ return (1);
+err:
+ if (der != NULL) OPENSSL_free(der);
+ return(0);
+ }
+
int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
{
int i,n;
diff --git a/crypto/err/err.h b/crypto/err/err.h
index 7388a4a937..b4ced575df 100644
--- a/crypto/err/err.h
+++ b/crypto/err/err.h
@@ -133,6 +133,7 @@ typedef struct err_state_st
#define ERR_LIB_RAND 36
#define ERR_LIB_DSO 37
#define ERR_LIB_ENGINE 38
+#define ERR_LIB_OCSP 39
#define ERR_LIB_USER 128
@@ -163,6 +164,7 @@ typedef struct err_state_st
#define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
#define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
#define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
+#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),ERR_file_name,__LINE__)
/* Borland C seems too stupid to be able to shift and do longs in
* the pre-processor :-( */
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index 861d680e07..9bd267bda2 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -9,6 +9,7 @@ L EVP crypto/evp/evp.h crypto/evp/evp_err.c
L BUF crypto/buffer/buffer.h crypto/buffer/buf_err.c
L BIO crypto/bio/bio.h crypto/bio/bio_err.c
L OBJ crypto/objects/objects.h crypto/objects/obj_err.c
+L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c
L PEM crypto/pem/pem.h crypto/pem/pem_err.c
L X509 crypto/x509/x509.h crypto/x509/x509_err.c
L NONE crypto/x509/x509_vfy.h NONE
diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl
new file mode 100644
index 0000000000..4f6378cd34
--- /dev/null
+++ b/crypto/ocsp/Makefile.ssl
@@ -0,0 +1,243 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR= ocsp
+TOP= ../..
+CC= cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR= /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE= make -f Makefile.ssl
+MAKEDEPEND= $(TOP)/util/domd $(TOP)
+MAKEFILE= Makefile.ssl
+AR= ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_req.c ocsp_res.c ocsp_sig.c ocsp_cid.c ocsp_ext.c \
+ ocsp_lib.c ocsp_err.c
+#ocsp_v3.c
+LIBOBJ= ocsp_req.o ocsp_res.o ocsp_sig.o ocsp_cid.o ocsp_ext.o \
+ ocsp_lib.o ocsp_err.o
+#ocsp_v3.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER= $(EXHEADER)
+
+ALL= $(GENERAL) $(SRC) $(HEADER)
+
+top:
+ (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all: lib
+
+lib: $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
+ $(RANLIB) $(LIB)
+ @touch lib
+
+files:
+ perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+ $(TOP)/util/point.sh Makefile.ssl Makefile ;
+ $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+ $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+ $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+ @for i in $(EXHEADER) ; \
+ do \
+ (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+ chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+ done;
+
+tags:
+ ctags $(SRC)
+
+tests:
+
+lint:
+ lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+ $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+ $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+ mv -f Makefile.new $(MAKEFILE)
+
+clean:
+ rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_cid.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_cid.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_cid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_cid.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_cid.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_cid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cid.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_cid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_cid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_cid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_cid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_cid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cid.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cid.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_cid.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_cid.o: ../../include/openssl/rc5.h
+ocsp_cid.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_cid.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_cid.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_cid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_cid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_cid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+ocsp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_err.o: ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ext.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ext.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h
+ocsp_ext.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_ext.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+ocsp_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h
+ocsp_lib.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h
+ocsp_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_req.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_req.o: ../../include/openssl/rc5.h
+ocsp_req.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_res.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_res.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_res.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_res.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_res.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_res.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_res.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_res.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_res.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_res.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_res.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_res.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_res.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_res.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_res.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_res.o: ../../include/openssl/rc5.h
+ocsp_res.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_res.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_res.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_res.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_res.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_res.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_sig.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_sig.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_sig.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_sig.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_sig.o: ../../include/openssl/rc5.h
+ocsp_sig.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_sig.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
new file mode 100644
index 0000000000..34563bf9c4
--- /dev/null
+++ b/crypto/ocsp/ocsp.h
@@ -0,0 +1,591 @@
+/* ocsp.h */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was transfered to Richard Levitte from CertCo by Kathy
+ Weinhold in mid-spring 2000 to be included in OpenSSL or released
+ as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OCSP_H
+#define HEADER_OCSP_H
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/* CertID ::= SEQUENCE {
+ * hashAlgorithm AlgorithmIdentifier,
+ * issuerNameHash OCTET STRING, -- Hash of Issuer's DN
+ * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ * serialNumber CertificateSerialNumber }
+ */
+typedef struct ocsp_cert_id_st
+ {
+ X509_ALGOR *hashAlgorithm;
+ ASN1_OCTET_STRING *issuerNameHash;
+ ASN1_OCTET_STRING *issuerKeyHash;
+ ASN1_INTEGER *serialNumber;
+ } OCSP_CERTID;
+
+/* Request ::= SEQUENCE {
+ * reqCert CertID,
+ * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_one_request_st
+ {
+ OCSP_CERTID *reqCert;
+ STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+ } OCSP_ONEREQ;
+
+DECLARE_STACK_OF(OCSP_ONEREQ)
+DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
+
+
+/* TBSRequest ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * requestorName [1] EXPLICIT GeneralName OPTIONAL,
+ * requestList SEQUENCE OF Request,
+ * requestExtensions [2] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_req_info_st
+ {
+ ASN1_INTEGER *version;
+ GENERAL_NAME *requestorName;
+ STACK_OF(OCSP_ONEREQ) *requestList;
+ STACK_OF(X509_EXTENSION) *requestExtensions;
+ } OCSP_REQINFO;
+
+/* Signature ::= SEQUENCE {
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING,
+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct ocsp_signature_st
+ {
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+ } OCSP_SIGNATURE;
+
+/* OCSPRequest ::= SEQUENCE {
+ * tbsRequest TBSRequest,
+ * optionalSignature [0] EXPLICIT Signature OPTIONAL }
+ */
+typedef struct ocsp_request_st
+ {
+ OCSP_REQINFO *tbsRequest;
+ OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+ } OCSP_REQUEST;
+
+/* OCSPResponseStatus ::= ENUMERATED {
+ * successful (0), --Response has valid confirmations
+ * malformedRequest (1), --Illegal confirmation request
+ * internalError (2), --Internal error in issuer
+ * tryLater (3), --Try again later
+ * --(4) is not used
+ * sigRequired (5), --Must sign the request
+ * unauthorized (6) --Request unauthorized
+ * }
+ */
+#define OCSP_RESPONSE_STATUS_SUCCESSFULL 0
+#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1
+#define OCSP_RESPONSE_STATUS_INTERNALERROR 2
+#define OCSP_RESPONSE_STATUS_TRYLATER 3
+#define OCSP_RESPONSE_STATUS_SIGREQUIRED 5
+#define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6
+
+/* ResponseBytes ::= SEQUENCE {
+ * responseType OBJECT IDENTIFIER,
+ * response OCTET STRING }
+ */
+typedef struct ocsp_resp_bytes_st
+ {
+ ASN1_OBJECT *responseType;
+ ASN1_OCTET_STRING *response;
+ } OCSP_RESPBYTES;
+
+/* OCSPResponse ::= SEQUENCE {
+ * responseStatus OCSPResponseStatus,
+ * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+typedef struct ocsp_response_st
+ {
+ ASN1_ENUMERATED *responseStatus;
+ OCSP_RESPBYTES *responseBytes;
+ } OCSP_RESPONSE;
+
+/* ResponderID ::= CHOICE {
+ * byName [1] Name,
+ * byKey [2] KeyHash }
+ */
+#define V_OCSP_RESPID_NAME 1
+#define V_OCSP_RESPID_KEY 2
+typedef struct ocsp_responder_id_st
+ {
+ int tag;
+ union {
+ X509_NAME* byName;
+ ASN1_OCTET_STRING *byKey;
+ } value;
+ } OCSP_RESPID;
+/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ * --(excluding the tag and length fields)
+ */
+
+/* RevokedInfo ::= SEQUENCE {
+ * revocationTime GeneralizedTime,
+ * revocationReason [0] EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct ocsp_revoked_info_st
+ {
+ ASN1_GENERALIZEDTIME *revocationTime;
+ ASN1_ENUMERATED *revocationReason;
+ } OCSP_REVOKEDINFO;
+
+/* CertStatus ::= CHOICE {
+ * good [0] IMPLICIT NULL,
+ * revoked [1] IMPLICIT RevokedInfo,
+ * unknown [2] IMPLICIT UnknownInfo }
+ */
+#define V_OCSP_CERTSTATUS_GOOD 0
+#define V_OCSP_CERTSTATUS_REVOKED 1
+#define V_OCSP_CERTSTATUS_UNKNOWN 2
+typedef struct ocsp_cert_status_st
+ {
+ int tag;
+ /* good [0] IMPLICIT NULL */
+ OCSP_REVOKEDINFO *revoked;
+ /* unknown [2] OCSP_UNKNOWNINFO *unknown, which is NULL */
+ } OCSP_CERTSTATUS;
+
+/* SingleResponse ::= SEQUENCE {
+ * certID CertID,
+ * certStatus CertStatus,
+ * thisUpdate GeneralizedTime,
+ * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
+ * singleExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_single_response_st
+ {
+ OCSP_CERTID *certId;
+ OCSP_CERTSTATUS *certStatus;
+ ASN1_GENERALIZEDTIME *thisUpdate;
+ ASN1_GENERALIZEDTIME *nextUpdate;
+ STACK_OF(X509_EXTENSION) *singleExtensions;
+ } OCSP_SINGLERESP;
+
+DECLARE_STACK_OF(OCSP_SINGLERESP)
+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
+
+/* ResponseData ::= SEQUENCE {
+ * version [0] EXPLICIT Version DEFAULT v1,
+ * responderID ResponderID,
+ * producedAt GeneralizedTime,
+ * responses SEQUENCE OF SingleResponse,
+ * responseExtensions [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_response_data_st
+ {
+ ASN1_INTEGER *version;
+ OCSP_RESPID *responderId;
+ ASN1_GENERALIZEDTIME *producedAt;
+ STACK_OF(OCSP_SINGLERESP) *responses;
+ STACK_OF(X509_EXTENSION) *responseExtensions;
+ } OCSP_RESPDATA;
+
+/* BasicOCSPResponse ::= SEQUENCE {
+ * tbsResponseData ResponseData,
+ * signatureAlgorithm AlgorithmIdentifier,
+ * signature BIT STRING,
+ * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+ /* Note 1:
+ The value for "signature" is specified in the OCSP rfc2560 as follows:
+ "The value for the signature SHALL be computed on the hash of the DER
+ encoding ResponseData." This means that you must hash the DER-encoded
+ tbsResponseData, and then run it through a crypto-signing function, which
+ will (at least w/RSA) do a hash-'n'-private-encrypt operation. This seems
+ a bit odd, but that's the spec. Also note that the data structures do not
+ leave anywhere to independently specify the algorithm used for the initial
+ hash. So, we look at the signature-specification algorithm, and try to do
+ something intelligent. -- Kathy Weinhold, CertCo */
+ /* Note 2:
+ It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
+ for interpretation. I've done tests against another responder, and found
+ that it doesn't do the double hashing that the RFC seems to say one
+ should. Therefore, all relevant functions take a flag saying which
+ variant should be used. -- Richard Levitte, OpenSSL team and CeloCom */
+typedef struct ocsp_basic_response_st
+ {
+ OCSP_RESPDATA *tbsResponseData;
+ X509_ALGOR *signatureAlgorithm;
+ ASN1_BIT_STRING *signature;
+ STACK_OF(X509) *certs;
+ } OCSP_BASICRESP;
+
+/*
+ * CRLReason ::= ENUMERATED {
+ * unspecified (0),
+ * keyCompromise (1),
+ * cACompromise (2),
+ * affiliationChanged (3),
+ * superseded (4),
+ * cessationOfOperation (5),
+ * certificateHold (6),
+ * removeFromCRL (8) }
+ */
+#define OCSP_REVOKED_STATUS_NOSTATUS -1
+#define OCSP_REVOKED_STATUS_UNSPECIFIED 0
+#define OCSP_REVOKED_STATUS_KEYCOMPROMISE 1
+#define OCSP_REVOKED_STATUS_CACOMPROMISE 2
+#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED 3
+#define OCSP_REVOKED_STATUS_SUPERSEDED 4
+#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION 5
+#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6
+#define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8
+
+/* CrlID ::= SEQUENCE {
+ * crlUrl [0] EXPLICIT IA5String OPTIONAL,
+ * crlNum [1] EXPLICIT INTEGER OPTIONAL,
+ * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL }
+ */
+typedef struct ocsp_crl_id_st
+ {
+ ASN1_IA5STRING *crlUrl;
+ ASN1_INTEGER *crlNum;
+ ASN1_GENERALIZEDTIME *crlTime;
+ } OCSP_CRLID;
+
+/* ServiceLocator ::= SEQUENCE {
+ * issuer Name,
+ * locator AuthorityInfoAccessSyntax OPTIONAL }
+ */
+typedef struct ocsp_service_locator_st
+ {
+ X509_NAME* issuer;
+ STACK_OF(ACCESS_DESCRIPTION) *locator;
+ } OCSP_SERVICELOC;
+
+#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
+#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
+ OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
+ (unsigned char **)(p))
+
+#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
+ OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
+ (unsigned char **)(p))
+
+#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+ (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+#define PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+ (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+#define PEM_write_bio_OCSP_REQUEST(bp,o) \
+ PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+ bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+ PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+ bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
+ (unsigned char *)o)
+
+#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
+ (unsigned char *)o)
+
+#define OCSP_REQUEST_sign(o,pkey,md) \
+ ASN1_sign((int(*)())i2d_OCSP_REQINFO,\
+ o->optionalSignature->signatureAlgorithm,NULL,\
+ o->optionalSignature->signature,(char *)o->tbsRequest,pkey,md)
+
+#define OCSP_BASICRESP_sign(o,pkey,md,d) \
+ ASN1_sign((int(*)())i2d_OCSP_RESPDATA,o->signatureAlgorithm,NULL,\
+ o->signature,(char *)o->tbsResponseData,pkey,md)
+
+#define OCSP_REQUEST_verify(a,r) ASN1_verify((int (*)())i2d_OCSP_REQINFO,\
+ a->optionalSignature->signatureAlgorithm,\
+ a->optionalSignature->signature,(char *)a->tbsRequest,r)
+
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_verify((int (*)())i2d_OCSP_RESPDATA,\
+ a->signatureAlgorithm,a->signature,(char *)a->tbsResponseData,r)
+
+#define ASN1_BIT_STRING_digest(data,type,md,len) \
+ ASN1_digest((int (*)())i2d_ASN1_BIT_STRING,type,(char *)data,md,len)
+
+#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
+ (char *(*)())d2i_OCSP_CERTID,(char *)(cid))
+
+#define OCSP_CERTSTATUS_dup(cs)\
+ (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+ (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+ X509_NAME *issuerName,
+ ASN1_BIT_STRING* issuerKey,
+ ASN1_INTEGER *serialNumber);
+
+OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
+
+OCSP_REQUEST *OCSP_request_new(X509_NAME* name,
+ STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_request_add(OCSP_REQUEST *req,
+ OCSP_CERTID *cid,
+ STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+ EVP_PKEY *key,
+ const EVP_MD *dgst,
+ STACK_OF(X509) *certs);
+
+int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);
+
+OCSP_BASICRESP *OCSP_basic_response_new(int tag,
+ X509* cert,
+ STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_basic_response_add(OCSP_BASICRESP *rsp,
+ OCSP_CERTID *cid,
+ OCSP_CERTSTATUS *cst,
+ char *thisUpdate,
+ char *nextUpdate,
+ STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_basic_response_sign(OCSP_BASICRESP *brsp,
+ EVP_PKEY *key,
+ const EVP_MD *dgst,
+ STACK_OF(X509) *certs);
+
+int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey);
+
+int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey);
+
+
+OCSP_RESPONSE *OCSP_response_new(int status,
+ int nid,
+ int (*i2d)(),
+ char *data);
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
+ char *data, STACK *sk);
+
+X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len);
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+
+OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
+void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
+int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp);
+OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, unsigned char **pp, long length);
+int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a);
+
+OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
+void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a);
+int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp);
+OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, unsigned char **pp, long length);
+int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a);
+
+OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void);
+void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a);
+int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp);
+OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, unsigned char **pp, long length);
+int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a);
+
+OCSP_BASICRESP *OCSP_BASICRESP_new(void);
+void OCSP_BASICRESP_free(OCSP_BASICRESP *a);
+int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp);
+OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, unsigned char **pp, long length);
+int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a);
+
+OCSP_RESPDATA *OCSP_RESPDATA_new(void);
+void OCSP_RESPDATA_free(OCSP_RESPDATA *a);
+int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **pp);
+OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a);
+
+OCSP_RESPID *OCSP_RESPID_new(void);
+void OCSP_RESPID_free(OCSP_RESPID *a);
+int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp);
+OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a);
+
+OCSP_RESPONSE *OCSP_RESPONSE_new(void);
+void OCSP_RESPONSE_free(OCSP_RESPONSE *a);
+int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **pp);
+OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* a);
+
+OCSP_RESPBYTES *OCSP_RESPBYTES_new(void);
+void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a);
+int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **pp);
+OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPBYTES(BIO *bp, OCSP_RESPBYTES* a);
+
+OCSP_ONEREQ *OCSP_ONEREQ_new(void);
+void OCSP_ONEREQ_free(OCSP_ONEREQ *a);
+int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **pp);
+OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, unsigned char **pp, long length);
+int i2a_OCSP_ONEREQ(BIO *bp, OCSP_ONEREQ* a);
+
+OCSP_CERTID *OCSP_CERTID_new(void);
+void OCSP_CERTID_free(OCSP_CERTID *a);
+int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **pp);
+OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, unsigned char **pp, long length);
+int i2a_OCSP_CERTID(BIO *bp, OCSP_CERTID* a);
+
+OCSP_REQUEST *OCSP_REQUEST_new(void);
+void OCSP_REQUEST_free(OCSP_REQUEST *a);
+int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **pp);
+OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, unsigned char **pp, long length);
+int i2a_OCSP_REQUEST(BIO *bp, OCSP_REQUEST* a);
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a);
+
+OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
+void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);
+int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **pp);
+OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length);
+int i2a_OCSP_SIGNATURE(BIO *bp, OCSP_SIGNATURE* a);
+
+OCSP_REQINFO *OCSP_REQINFO_new(void);
+void OCSP_REQINFO_free(OCSP_REQINFO *a);
+int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **pp);
+OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, unsigned char **pp, long length);
+int i2a_OCSP_REQINFO(BIO *bp, OCSP_REQINFO* a);
+
+OCSP_CRLID *OCSP_CRLID_new(void);
+void OCSP_CRLID_free(OCSP_CRLID *a);
+int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **pp);
+OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, unsigned char **pp, long length);
+int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a);
+int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind);
+
+OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
+void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
+int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **pp);
+OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, unsigned char **pp, long length);
+int i2a_OCSP_SERVICELOC(BIO *bp, OCSP_SERVICELOC* a);
+int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind);
+
+int OCSP_extensions_print(BIO *bp, STACK_OF(X509_EXTENSION) *sk, char *title);
+int OCSP_extension_print(BIO *bp, X509_EXTENSION *x, int ind);
+
+void ERR_load_OCSP_strings(void);
+
+X509_EXTENSION *OCSP_nochain_new(void);
+
+char* ocspResponseStatus2string(long s);
+char* ocspCertStatus2string(long s);
+char * cRLReason2string(long s);
+
+void OCSP_add_standard_extension(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+#define OCSP_F_ASN1_STRING_ENCODE 106
+#define OCSP_F_BASIC_RESPONSE_NEW 100
+#define OCSP_F_BASIC_RESPONSE_VERIFY 101
+#define OCSP_F_CERT_ID_NEW 102
+#define OCSP_F_CERT_STATUS_NEW 103
+#define OCSP_F_REQUEST_VERIFY 104
+#define OCSP_F_RESPONSE_VERIFY 105
+#define OCSP_F_S2I_OCSP_NONCE 107
+#define OCSP_F_V2I_OCSP_CRLID 108
+
+/* Reason codes. */
+#define OCSP_R_BAD_DATA 108
+#define OCSP_R_BAD_TAG 100
+#define OCSP_R_DIGEST_ERR 101
+#define OCSP_R_FAILED_TO_OPEN 109
+#define OCSP_R_FAILED_TO_READ 110
+#define OCSP_R_FAILED_TO_STAT 111
+#define OCSP_R_MISSING_VALUE 112
+#define OCSP_R_NO_CERTIFICATE 102
+#define OCSP_R_NO_PUBLIC_KEY 103
+#define OCSP_R_NO_RESPONSE_DATA 104
+#define OCSP_R_NO_SIGNATURE 105
+#define OCSP_R_REVOKED_NO_TIME 106
+#define OCSP_R_UNKNOWN_NID 107
+#define OCSP_R_UNSUPPORTED_OPTION 113
+#define OCSP_R_VALUE_ALREADY 114
+
+#ifdef __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/ocsp/ocsp_cid.c b/crypto/ocsp/ocsp_cid.c
new file mode 100644
index 0000000000..b27531b5e2
--- /dev/null
+++ b/crypto/ocsp/ocsp_cid.c
@@ -0,0 +1,157 @@
+/* ocsp_cid.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was originally part of ocsp.c and was transfered to Richard
+ Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+ in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+OCSP_CERTID *OCSP_CERTID_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_CERTID *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_CERTID);
+ M_ASN1_New(ret->hashAlgorithm, X509_ALGOR_new);
+ M_ASN1_New(ret->issuerNameHash, ASN1_OCTET_STRING_new);
+ M_ASN1_New(ret->issuerKeyHash, ASN1_OCTET_STRING_new);
+ M_ASN1_New(ret->serialNumber, ASN1_INTEGER_new);
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_CERTID_NEW);
+ }
+
+void OCSP_CERTID_free(OCSP_CERTID *a)
+ {
+ if (a == NULL) return;
+ X509_ALGOR_free(a->hashAlgorithm);
+ ASN1_OCTET_STRING_free(a->issuerNameHash);
+ ASN1_OCTET_STRING_free(a->issuerKeyHash);
+ ASN1_INTEGER_free(a->serialNumber);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_CERTID(OCSP_CERTID *a,
+ unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->hashAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_len(a->serialNumber, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->hashAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_put(a->serialNumber, i2d_ASN1_INTEGER);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_CERTID *,OCSP_CERTID_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->hashAlgorithm, d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->issuerNameHash, d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get(ret->issuerKeyHash, d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_get(ret->serialNumber, d2i_ASN1_INTEGER);
+
+ /* protect against malformed CERTID's */
+ if (ASN1_STRING_length(ret->issuerNameHash) == 0 ||
+ ASN1_STRING_length(ret->issuerKeyHash) == 0 ||
+ ASN1_STRING_length(ret->serialNumber) == 0)
+ goto err;
+
+ M_ASN1_D2I_Finish(a,OCSP_CERTID_free,ASN1_F_D2I_OCSP_CERTID);
+ }
+
+int i2a_OCSP_CERTID(BIO *bp,
+ OCSP_CERTID* a)
+ {
+#ifdef UNDEF
+ /* XXX this guy isn't implemented. */
+ i2a_X509_ALGOR(bp, a->hashAlgorithm);
+#else /* instead, just show OID, not param */
+ i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+#endif
+ i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_INTEGER(bp, a->serialNumber);
+ return 4;
+ }
diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
new file mode 100644
index 0000000000..e7e0c90b4e
--- /dev/null
+++ b/crypto/ocsp/ocsp_err.c
@@ -0,0 +1,116 @@
+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA OCSP_str_functs[]=
+ {
+{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0), "ASN1_STRING_encode"},
+{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_NEW,0), "BASIC_RESPONSE_NEW"},
+{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_VERIFY,0), "BASIC_RESPONSE_VERIFY"},
+{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0), "CERT_ID_NEW"},
+{ERR_PACK(0,OCSP_F_CERT_STATUS_NEW,0), "CERT_STATUS_NEW"},
+{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0), "REQUEST_VERIFY"},
+{ERR_PACK(0,OCSP_F_RESPONSE_VERIFY,0), "RESPONSE_VERIFY"},
+{ERR_PACK(0,OCSP_F_S2I_OCSP_NONCE,0), "S2I_OCSP_NONCE"},
+{ERR_PACK(0,OCSP_F_V2I_OCSP_CRLID,0), "V2I_OCSP_CRLID"},
+{0,NULL}
+ };
+
+static ERR_STRING_DATA OCSP_str_reasons[]=
+ {
+{OCSP_R_BAD_DATA ,"bad data"},
+{OCSP_R_BAD_TAG ,"bad tag"},
+{OCSP_R_DIGEST_ERR ,"digest err"},
+{OCSP_R_FAILED_TO_OPEN ,"failed to open"},
+{OCSP_R_FAILED_TO_READ ,"failed to read"},
+{OCSP_R_FAILED_TO_STAT ,"failed to stat"},
+{OCSP_R_MISSING_VALUE ,"missing value"},
+{OCSP_R_NO_CERTIFICATE ,"no certificate"},
+{OCSP_R_NO_PUBLIC_KEY ,"no public key"},
+{OCSP_R_NO_RESPONSE_DATA ,"no response data"},
+{OCSP_R_NO_SIGNATURE ,"no signature"},
+{OCSP_R_REVOKED_NO_TIME ,"revoked no time"},
+{OCSP_R_UNKNOWN_NID ,"unknown nid"},
+{OCSP_R_UNSUPPORTED_OPTION ,"unsupported option"},
+{OCSP_R_VALUE_ALREADY ,"value already"},
+{0,NULL}
+ };
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+ {
+ static int init=1;
+
+ if (init)
+ {
+ init=0;
+#ifndef NO_ERR
+ ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
+ ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+#endif
+
+ }
+ }
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
new file mode 100644
index 0000000000..b55f572e1a
--- /dev/null
+++ b/crypto/ocsp/ocsp_ext.c
@@ -0,0 +1,347 @@
+/* ocsp_ext.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was transfered to Richard Levitte from CertCo by Kathy
+ Weinhold in mid-spring 2000 to be included in OpenSSL or released
+ as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
+ char *data, STACK *sk)
+ {
+ int i;
+ unsigned char *p, *b = NULL;
+
+ if (data)
+ {
+ if ((i=i2d(data,NULL)) <= 0) goto err;
+ if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+ goto err;
+ if (i2d(data, &p) <= 0) goto err;
+ }
+ else if (sk)
+ {
+ if ((i=i2d_ASN1_SET(sk,NULL,i2d,V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
+ if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+ goto err;
+ if (i2d_ASN1_SET(sk,&p,i2d,V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+ }
+ else
+ {
+ OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
+ goto err;
+ }
+ if (!s && !(s = ASN1_STRING_new())) goto err;
+ if (!(ASN1_STRING_set(s, b, i))) goto err;
+ OPENSSL_free(b);
+ return s;
+err:
+ if (b) OPENSSL_free(b);
+ return NULL;
+ }
+
+X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len)
+ {
+ X509_EXTENSION *x=NULL;
+ if (!(x = X509_EXTENSION_new())) goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err;
+ if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err;
+ return x;
+err:
+ if (x) X509_EXTENSION_free(x);
+ return NULL;
+ }
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+ {
+ X509_EXTENSION *x = NULL;
+ OCSP_CRLID *cid = NULL;
+
+ if (!(cid = OCSP_CRLID_new())) goto err;
+ if (url)
+ {
+ if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
+ if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
+ }
+ if (n)
+ {
+ if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
+ if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
+ }
+ if (time)
+ {
+ if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
+ if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
+ goto err;
+ }
+ if (!(x = X509_EXTENSION_new())) goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
+ if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+ goto err;
+ OCSP_CRLID_free(cid);
+ return x;
+err:
+ if (x) X509_EXTENSION_free(x);
+ if (cid) OCSP_CRLID_free(cid);
+ return NULL;
+ }
+
+/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+ {
+ int nid;
+ STACK *sk = NULL;
+ ASN1_OBJECT *o = NULL;
+ X509_EXTENSION *x = NULL;
+ if (!(sk = sk_new(NULL))) goto err;
+ while (oids && *oids)
+ {
+ if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid)))
+ sk_push(sk, (char*) o);
+ oids++;
+ }
+ if (!(x = X509_EXTENSION_new())) goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+ goto err;
+ if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+ goto err;
+ sk_pop_free(sk, ASN1_OBJECT_free);
+ return x;
+err:
+ if (x) X509_EXTENSION_free(x);
+ if (sk) sk_pop_free(sk, ASN1_OBJECT_free);
+ return NULL;
+ }
+
+/* ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
+ {
+ X509_EXTENSION *x=NULL;
+ ASN1_GENERALIZEDTIME *gt = NULL;
+
+ if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
+ if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
+ if (!(x = X509_EXTENSION_new())) goto err;
+ if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
+ if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
+ (char*)gt,NULL))) goto err;
+ ASN1_GENERALIZEDTIME_free(gt);
+ return x;
+err:
+ if (gt) ASN1_GENERALIZEDTIME_free(gt);
+ if (x) X509_EXTENSION_free(x);
+ return NULL;
+ }
+
+/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This
+ * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+ {
+ X509_EXTENSION *x = NULL;
+ ASN1_IA5STRING *ia5 = NULL;
+ OCSP_SERVICELOC *sloc = NULL;
+ ACCESS_DESCRIPTION *ad = NULL;
+
+ if (!(sloc = OCSP_SERVICELOC_new())) goto err;
+ if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
+ if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new(NULL))) goto err;
+ while (urls && *urls)
+ {
+ if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
+ if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
+ if (!(ad->location = GENERAL_NAME_new())) goto err;
+ if (!(ia5 = ASN1_IA5STRING_new())) goto err;
+ if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
+ ad->location->type = GEN_URI;
+ ad->location->d.ia5 = ia5;
+ if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
+ urls++;
+ }
+ if (!(x = X509_EXTENSION_new())) goto err;
+ if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
+ goto err;
+ if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
+ (char*)sloc, NULL))) goto err;
+ OCSP_SERVICELOC_free(sloc);
+ return x;
+err:
+ if (x) X509_EXTENSION_free(x);
+ if (sloc) OCSP_SERVICELOC_free(sloc);
+ return NULL;
+ }
+
+int OCSP_extensions_print(BIO *bp,
+ STACK_OF(X509_EXTENSION) *sk,
+ char *title)
+ {
+ int i;
+ if (!sk) return 1;
+ if (BIO_printf(bp, "%s:\n", title) <= 0) return 0;
+ for (i=0; i<sk_X509_EXTENSION_num(sk); i++)
+ OCSP_extension_print(bp, sk_X509_EXTENSION_value(sk,i), 4);
+ return sk_X509_EXTENSION_num(sk);
+ }
+
+int OCSP_extension_print(BIO *bp,
+ X509_EXTENSION *x,
+ int ind)
+ {
+ int i, j;
+ STACK *sk = NULL;
+ unsigned char *p;
+ OCSP_CRLID *crlid = NULL;
+ OCSP_SERVICELOC *sloc = NULL;
+ ASN1_GENERALIZEDTIME *gt = NULL;
+
+ if (!x) return 1;
+ switch (OBJ_obj2nid(x->object))
+ {
+ case NID_id_pkix_OCSP_Nonce:
+ if (BIO_printf(bp, "%*snonce: ", ind, "") <= 0)
+ goto err;
+ if (M_ASN1_OCTET_STRING_print(bp, x->value) <= 0)
+ goto err;
+ if (BIO_write(bp, "\n", 1) <= 0) goto err;
+ break;
+ case NID_id_pkix_OCSP_CrlID:
+ if (BIO_printf(bp, "%*scrlId:\n", ind, "") <= 0)
+ goto err;
+ p = x->value->data;
+ if (!(d2i_OCSP_CRLID(&crlid, &p, x->value->length)))
+ goto err;
+ if (!OCSP_CRLID_print(bp, crlid, (2*ind))) goto err;
+ OCSP_CRLID_free(crlid);
+ break;
+ case NID_id_pkix_OCSP_acceptableResponses:
+ if (BIO_printf(bp,
+ "%*sacceptable responses: ",
+ ind, "") <= 0)
+ goto err;
+ p = x->value->data;
+ if (!(d2i_ASN1_SET(&sk, &p, x->value->length,
+ (char *(*)())d2i_ASN1_OBJECT,
+ ASN1_OBJECT_free, V_ASN1_SEQUENCE,
+ V_ASN1_UNIVERSAL)))
+ goto err;
+ for (i = 0; i < sk_num(sk); i++)
+ {
+ j=OBJ_obj2nid((ASN1_OBJECT*)sk->data[i]);
+ if (BIO_printf(bp," %s ",
+ (j == NID_undef)?"UNKNOWN":
+ OBJ_nid2ln(j)) <= 0)
+ goto err;
+ }
+ if (BIO_write(bp, "\n", 1) <= 0) goto err;
+ sk_pop_free(sk, ASN1_OBJECT_free);
+ break;
+ case NID_id_pkix_OCSP_archiveCutoff:
+ if (BIO_printf(bp, "%*sarchive cutoff: ", ind, "")<=0)
+ goto err;
+ p = x->value->data;
+ if (!d2i_ASN1_GENERALIZEDTIME(&gt, &p,
+ x->value->length))
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, gt)) goto err;
+ if (BIO_write(bp, "\n", 1) <= 0) goto err;
+ ASN1_GENERALIZEDTIME_free(gt);
+ break;
+ case NID_id_pkix_OCSP_serviceLocator:
+ if (BIO_printf(bp, "%*sservice locator:\n", ind, "") <= 0)
+ goto err;
+ p = x->value->data;
+ if (!d2i_OCSP_SERVICELOC(&sloc, &p,
+ x->value->length))
+ goto err;
+ if (!OCSP_SERVICELOC_print(bp,sloc,(2*ind))) goto err;
+ OCSP_SERVICELOC_free(sloc);
+ break;
+ case NID_undef:
+ default:
+ if (BIO_printf(bp,"%*sunrecognized oid: ",ind,"") <= 0)
+ goto err;
+ break;
+ }
+ return 1;
+err:
+ return 0;
+ }
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
new file mode 100644
index 0000000000..d04213df3f
--- /dev/null
+++ b/crypto/ocsp/ocsp_lib.c
@@ -0,0 +1,791 @@
+/* ocsp_lib.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was transfered to Richard Levitte from CertCo by Kathy
+ Weinhold in mid-spring 2000 to be included in OpenSSL or released
+ as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+#include <openssl/ocsp.h>
+
+static STACK_OF(X509_EXTENSION) *ext_dup(STACK_OF(X509_EXTENSION) *fr)
+ {
+ int i;
+ STACK_OF(X509_EXTENSION) *to = NULL;
+
+ if (!(to = sk_X509_EXTENSION_dup(fr)))
+ goto err;
+ for (i = 0; i < sk_X509_EXTENSION_num(fr); i++)
+ {
+ sk_X509_EXTENSION_set(to, i,
+ X509_EXTENSION_dup(sk_X509_EXTENSION_value(fr, i)));
+ if (! sk_X509_EXTENSION_value(to, i))
+ goto err;
+ }
+ return to;
+err:
+ if (to) sk_X509_EXTENSION_pop_free(to, X509_EXTENSION_free);
+ return NULL;
+ }
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
+ X509_NAME *issuerName,
+ ASN1_BIT_STRING* issuerKey,
+ ASN1_INTEGER *serialNumber)
+ {
+ int nid;
+ unsigned int i;
+ X509_ALGOR *alg;
+ OCSP_CERTID *cid = NULL;
+ unsigned char md[EVP_MAX_MD_SIZE];
+ EVP_MD_CTX ctx;
+
+ if (!(cid = OCSP_CERTID_new())) goto err;
+
+ alg = cid->hashAlgorithm;
+ if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
+ if ((nid = EVP_MD_type(dgst)) == NID_undef)
+ {
+ OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+ goto err;
+ }
+ if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
+ if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+ alg->parameter->type=V_ASN1_NULL;
+
+ if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
+ if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
+
+ /* Calculate the issuerKey hash, excluding tag and length */
+ EVP_DigestInit(&ctx,dgst);
+ EVP_DigestUpdate(&ctx,issuerKey->data, issuerKey->length);
+ EVP_DigestFinal(&ctx,md,&i);
+
+ if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
+
+ if (cid->serialNumber != NULL) ASN1_INTEGER_free(cid->serialNumber);
+ if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+ return cid;
+digerr:
+ OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+err:
+ if (cid) OCSP_CERTID_free(cid);
+ return NULL;
+ }
+
+OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim)
+ {
+ OCSP_REVOKEDINFO *ri;
+ OCSP_CERTSTATUS *cs = NULL;
+
+ if (!(cs = OCSP_CERTSTATUS_new())) goto err;
+ if ((cs->tag = status) == V_OCSP_CERTSTATUS_REVOKED)
+ {
+ if (!time)
+ {
+ OCSPerr(OCSP_F_CERT_STATUS_NEW,OCSP_R_REVOKED_NO_TIME);
+ goto err;
+ }
+ if (!(cs->revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
+ if (!ASN1_GENERALIZEDTIME_set_string(ri->revocationTime,tim))
+ goto err;
+ if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
+ {
+ if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
+ goto err;
+ if (!(ASN1_ENUMERATED_set(ri->revocationReason,
+ reason)))
+ goto err;
+ }
+ }
+ return cs;
+err:
+ if (cs) OCSP_CERTSTATUS_free(cs);
+ return NULL;
+ }
+
+OCSP_REQUEST *OCSP_request_new(X509_NAME* name,
+ STACK_OF(X509_EXTENSION) *extensions)
+ {
+ OCSP_REQUEST *req = NULL;
+
+ if ((req = OCSP_REQUEST_new()) == NULL) goto err;
+ if (name) /* optional */
+ {
+ if (!(req->tbsRequest->requestorName=GENERAL_NAME_new()))
+ goto err;
+ req->tbsRequest->requestorName->type = GEN_DIRNAME;
+ req->tbsRequest->requestorName->d.dirn = X509_NAME_dup(name);
+ }
+ if (!(req->tbsRequest->requestList = sk_OCSP_ONEREQ_new(NULL))) goto err;
+ if (extensions &&
+ (!(req->tbsRequest->requestExtensions = ext_dup(extensions))))
+ goto err;
+ return req;
+err:
+ if (req) OCSP_REQUEST_free(req);
+ return NULL;
+ }
+
+int OCSP_request_add(OCSP_REQUEST *req,
+ OCSP_CERTID *cid,
+ STACK_OF(X509_EXTENSION) *extensions)
+ {
+ OCSP_ONEREQ *one = NULL;
+
+ if (!(one = OCSP_ONEREQ_new())) goto err;
+ if (one->reqCert) OCSP_CERTID_free(one->reqCert);
+ if (!(one->reqCert = OCSP_CERTID_dup(cid))) goto err;
+ if (extensions&&(!(one->singleRequestExtensions=ext_dup(extensions))))
+ goto err;
+ if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err;
+ return 1;
+err:
+ if (one) OCSP_ONEREQ_free(one);
+ return 0;
+ }
+
+int OCSP_request_sign(OCSP_REQUEST *req,
+ EVP_PKEY *key,
+ const EVP_MD *dgst,
+ STACK_OF(X509) *certs)
+ {
+ int i;
+ OCSP_SIGNATURE *sig;
+
+ if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
+ if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
+ if (certs)
+ {
+ if (!(sig->certs = sk_X509_dup(certs))) goto err;
+ for (i = 0; i < sk_X509_num(sig->certs); i++)
+ {
+ sk_X509_set(sig->certs, i,
+ X509_dup(sk_X509_value(certs,i)));
+ if (! sk_X509_value(sig->certs, i))
+ goto err;
+ }
+ }
+ return 1;
+err:
+ if (req->optionalSignature)
+ {
+ OCSP_SIGNATURE_free(req->optionalSignature);
+ req->optionalSignature = NULL;
+ }
+ return 0;
+ }
+
+OCSP_BASICRESP *OCSP_basic_response_new(int tag,
+ X509* cert,
+ STACK_OF(X509_EXTENSION) *extensions)
+ {
+ time_t t;
+ OCSP_RESPID *rid;
+ ASN1_BIT_STRING *bs;
+ OCSP_BASICRESP *rsp = NULL;
+ unsigned char md[SHA_DIGEST_LENGTH];
+
+ if (!(rsp = OCSP_BASICRESP_new())) goto err;
+ rid = rsp->tbsResponseData->responderId;
+ switch (rid->tag = tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ /* cert is user cert */
+ if (!(rid->value.byName =
+ X509_NAME_dup(X509_get_subject_name(cert))))
+ goto err;
+ break;
+ case V_OCSP_RESPID_KEY:
+ /* cert is issuer cert */
+ /* SHA-1 hash of responder's public key
+ * (excluding the tag and length fields)
+ */
+ bs = cert->cert_info->key->public_key;
+ SHA1(ASN1_STRING_data((ASN1_STRING*)bs),
+ ASN1_STRING_length((ASN1_STRING*)bs), md);
+ if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+ goto err;
+ if (!(ASN1_OCTET_STRING_set(rid->value.byKey,
+ md, sizeof md)))
+ goto err;
+ break;
+ default:
+ OCSPerr(OCSP_F_BASIC_RESPONSE_NEW,OCSP_R_BAD_TAG);
+ goto err;
+ break;
+ }
+ time(&t);
+ if (!(ASN1_GENERALIZEDTIME_set(rsp->tbsResponseData->producedAt, t)))
+ goto err;
+ if (!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new(NULL))) goto err;
+ if (extensions && (!(rsp->tbsResponseData->responseExtensions =
+ ext_dup(extensions))))
+ goto err;
+ return rsp;
+err:
+ if (rsp) OCSP_BASICRESP_free(rsp);
+ return NULL;
+ }
+
+int OCSP_basic_response_add(OCSP_BASICRESP *rsp,
+ OCSP_CERTID *cid,
+ OCSP_CERTSTATUS *cst,
+ char *this,
+ char *next,
+ STACK_OF(X509_EXTENSION) *extensions)
+ {
+ OCSP_SINGLERESP *single = NULL;
+
+ if (!(single = OCSP_SINGLERESP_new())) goto err;
+ if (single->certId) OCSP_CERTID_free(single->certId);
+ if (!(single->certId = OCSP_CERTID_dup(cid))) goto err;
+ if (single->certStatus) OCSP_CERTSTATUS_free(single->certStatus);
+ if (!(single->certStatus = OCSP_CERTSTATUS_dup(cst))) goto err;
+ if (!ASN1_GENERALIZEDTIME_set_string(single->thisUpdate,this))goto err;
+ if (next)
+ {
+ if (!(single->nextUpdate = ASN1_GENERALIZEDTIME_new()))
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_set_string(single->nextUpdate,next))
+ goto err;
+ }
+ if (extensions && (!(single->singleExtensions = ext_dup(extensions))))
+ goto err;
+ if (!sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses,single)) goto err;
+ return 1;
+err:
+ if (single) OCSP_SINGLERESP_free(single);
+ return 0;
+ }
+
+int OCSP_basic_response_sign(OCSP_BASICRESP *brsp,
+ EVP_PKEY *key,
+ const EVP_MD *dgst,
+ STACK_OF(X509) *certs)
+ {
+ int i;
+
+ /* Right now, I think that not doing double hashing is the right
+ thing. -- Richard Levitte */
+ if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
+ if (certs)
+ {
+ if (!(brsp->certs = sk_X509_dup(certs))) goto err;
+ for (i = 0; i < sk_X509_num(brsp->certs); i++)
+ {
+ sk_X509_set(brsp->certs, i,
+ X509_dup(sk_X509_value(certs, i)));
+ if (! sk_X509_value(brsp->certs, i))
+ goto err;
+ }
+ }
+ return 1;
+err:
+ return 0;
+ }
+
+OCSP_RESPONSE *OCSP_response_new(int status,
+ int nid,
+ int (*i2d)(),
+ char *data)
+ {
+ OCSP_RESPONSE *rsp = NULL;
+
+ if (!(rsp = OCSP_RESPONSE_new())) goto err;
+ if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
+ if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
+ if (rsp->responseBytes->responseType) ASN1_OBJECT_free(rsp->responseBytes->responseType);
+ if (!(rsp->responseBytes->responseType = OBJ_nid2obj(nid))) goto err;
+ if (!ASN1_STRING_encode((ASN1_STRING*)rsp->responseBytes->response,
+ i2d, data, NULL)) goto err;
+ return rsp;
+err:
+ if (rsp) OCSP_RESPONSE_free(rsp);
+ return NULL;
+ }
+
+char* ocspResponseStatus2string(long s)
+ {
+ static struct { long t; char *m; } ts[6]= {
+ { OCSP_RESPONSE_STATUS_SUCCESSFULL, "successful" },
+ { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+ { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+ { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+ { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+ { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }, *p;
+ for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
+ if (p->t == s)
+ return p->m;
+ return "(UNKNOWN)";
+ }
+
+char* ocspCertStatus2string(long s)
+ {
+ static struct { long t; char *m; } ts[3]= {
+ { V_OCSP_CERTSTATUS_GOOD, "good" },
+ { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+ { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }, *p;
+ for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
+ if (p->t == s)
+ return p->m;
+ return "(UNKNOWN)";
+ }
+
+char * cRLReason2string(long s)
+ {
+ static struct { long t; char *m; } ts[8]= {
+ { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+ { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+ { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+ { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+ { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+ { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+ { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+ { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }, *p;
+ for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
+ if (p->t == s)
+ return p->m;
+ return "(UNKNOWN)";
+ }
+
+static int i2a_GENERAL_NAME(bp,n)
+BIO *bp;
+GENERAL_NAME *n;
+ {
+ int j;
+ char *p;
+
+ if (n == NULL) return(0);
+
+ switch (n->type)
+ {
+
+ case GEN_DIRNAME:
+ X509_NAME_print(bp,n->d.dirn,16);
+ break;
+
+ case GEN_EMAIL:
+ case GEN_DNS:
+ case GEN_URI:
+ case GEN_IPADD:
+ p=(char *)n->d.ip->data;
+ for (j=n->d.ip->length;j>0;j--)
+ {
+ if ((*p >= ' ') && (*p <= '~'))
+ BIO_printf(bp,"%c",*p);
+ else if (*p & 0x80)
+ BIO_printf(bp,"\\0x%02X",*p);
+ else if ((unsigned char)*p == 0xf7)
+ BIO_printf(bp,"^?");
+ else BIO_printf(bp,"^%c",*p+'@');
+ p++;
+ }
+ break;
+
+ case GEN_RID:
+ i2a_ASN1_OBJECT(bp, n->d.rid);
+ break;
+
+ /* XXX these are legit, need to support at some time... */
+ case GEN_OTHERNAME:
+ case GEN_X400:
+ case GEN_EDIPARTY:
+ default:
+ return 0;
+ }
+
+ return 1;
+ }
+
+
+int OCSP_REQUEST_print(bp, o)
+BIO *bp;
+OCSP_REQUEST* o;
+ {
+ int i,j,n;
+ long l;
+ char *s;
+ OCSP_CERTID* cid = NULL;
+ OCSP_ONEREQ *one = NULL;
+ OCSP_REQINFO *inf = o->tbsRequest;
+ OCSP_SIGNATURE *sig = o->optionalSignature;
+
+ if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
+ l=ASN1_INTEGER_get(inf->version);
+ if (BIO_printf(bp,"%4sVersion: %lu (0x%lx)","",l+1,l) <= 0) goto err;
+ if (inf->requestorName != NULL)
+ {
+ if (BIO_write(bp,"\n Requestor Name: ",21) <= 0)
+ goto err;
+ i2a_GENERAL_NAME(bp, inf->requestorName);
+ }
+ if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) goto err;
+ for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
+ {
+ if (! sk_OCSP_ONEREQ_value(inf->requestList, i)) continue;
+ one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+ cid = one->reqCert;
+ j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
+ if (BIO_printf(bp,"%8sHash Algorithm: %s","",
+ (j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
+ goto err;
+ if (BIO_write(bp,"\n Issuer Name Hash: ",27) <= 0)
+ goto err;
+ i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
+ if (BIO_write(bp,"\n Issuer Key Hash: ",26) <= 0)
+ goto err;
+ i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
+ if (BIO_write(bp,"\n Serial Number: ",24) <= 0)
+ goto err;
+ if (!i2a_ASN1_INTEGER(bp, cid->serialNumber))
+ goto err;
+ if (!BIO_write(bp,"\n",1)) goto err;
+ if (!OCSP_extensions_print(bp, one->singleRequestExtensions,
+ "Request Single Extensions"))
+ goto err;
+ }
+ if (!OCSP_extensions_print(bp, inf->requestExtensions,
+ "Request Extensions"))
+ goto err;
+ if (sig)
+ {
+ i=OBJ_obj2nid(sig->signatureAlgorithm->algorithm);
+ if (BIO_printf(bp,"OCSP Request Signature Algorithm: %s",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+ goto err;
+ n=sig->signature->length;
+ s=(char *)sig->signature->data;
+ for (i=0; i<n; i++)
+ {
+ if ((i%18) == 0)
+ if (BIO_write(bp,"\n ",9) <= 0) goto err;
+ if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+ ((i+1) == n)?"":":") <= 0) goto err;
+ }
+ if (BIO_write(bp,"\n",1) != 1) goto err;
+ if (sig->certs)
+ {
+ for (i=0; i<sk_X509_num(sig->certs); i++)
+ if (sk_X509_value(sig->certs,i) != NULL)
+ X509_print(bp,
+ sk_X509_value(sig->certs,i));
+ }
+ }
+ return 1;
+err:
+ return 0;
+ }
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o)
+ {
+ int i, j, n;
+ long l;
+ char *s;
+ unsigned char *p;
+ OCSP_CERTID *cid = NULL;
+ OCSP_BASICRESP *br = NULL;
+ OCSP_RESPDATA *rd = NULL;
+ OCSP_CERTSTATUS *cst = NULL;
+ OCSP_REVOKEDINFO *rev = NULL;
+ OCSP_SINGLERESP *single = NULL;
+ OCSP_RESPBYTES *rb = o->responseBytes;
+
+ l=ASN1_ENUMERATED_get(o->responseStatus);
+ if (BIO_printf(bp,"OCSP Response Status: %s (0x%x)\n",
+ ocspResponseStatus2string(l), l) <= 0) goto err;
+ if (rb == NULL) return 1;
+ i=OBJ_obj2nid(rb->responseType);
+ if (BIO_printf(bp,"OCSP Response Bytes Response Type: %s",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2sn(i)) <= 0)
+ goto err;
+ if (i != NID_id_pkix_OCSP_basic)
+ {
+ BIO_printf(bp," (unknown response type)\n");
+ return 1;
+ }
+ p = ASN1_STRING_data(rb->response);
+ i = ASN1_STRING_length(rb->response);
+ if (!(d2i_OCSP_BASICRESP(&br, &p, i))) goto err;
+ rd = br->tbsResponseData;
+ l=ASN1_INTEGER_get(rd->version);
+ if (BIO_printf(bp,"\nBasic Response Data Version: %lu (0x%lx)\n",
+ l+1,l) <= 0) goto err;
+ if (BIO_printf(bp,"Basic Response Data Responder Id: ") <= 0) goto err;
+ i2a_OCSP_RESPID(bp, rd->responderId);
+ if (BIO_printf(bp,"\nBasic Response Data Produced At: ")<=0) goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
+ if (BIO_printf(bp,"\nBasic Response Data Responses:\n") <= 0) goto err;
+ for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
+ {
+ if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
+ single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+ cid = single->certId;
+ j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
+ if (BIO_printf(bp," Cert Id:") <= 0) goto err;
+ if (BIO_printf(bp,"\n%8sHash Algorithm: %s","",
+ (j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
+ goto err;
+ if (BIO_write(bp,"\n Issuer Name Hash: ",27) <= 0)
+ goto err;
+ i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
+ if (BIO_write(bp,"\n Issuer Key Hash: ",26) <= 0)
+ goto err;
+ i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
+ if (BIO_write(bp,"\n Serial Number: ",24) <= 0)
+ goto err;
+ if (!i2a_ASN1_INTEGER(bp, cid->serialNumber))
+ goto err;
+ cst = single->certStatus;
+ if (BIO_printf(bp,"\n Cert Status: %s (0x%x)",
+ ocspCertStatus2string(cst->tag), cst->tag) <= 0)
+ goto err;
+ if (cst->tag == V_OCSP_CERTSTATUS_REVOKED)
+ {
+ rev = cst->revoked;
+ if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
+ goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp,
+ rev->revocationTime))
+ goto err;
+ if (rev->revocationReason)
+ {
+ l=ASN1_ENUMERATED_get(rev->revocationReason);
+ if (BIO_printf(bp,
+ "\n Revocation Reason: %s (0x%x)",
+ cRLReason2string(l), l) <= 0)
+ goto err;
+ }
+ }
+ if (BIO_printf(bp,"\n This Update: ") <= 0) goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
+ goto err;
+ if (single->nextUpdate)
+ {
+ if (BIO_printf(bp,"\n Next Update: ") <= 0)goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+ goto err;
+ }
+ if (!BIO_write(bp,"\n",1)) goto err;
+ if (!OCSP_extensions_print(bp, single->singleExtensions,
+ "Basic Response Single Extensions"))
+ goto err;
+ }
+ if (!OCSP_extensions_print(bp, rd->responseExtensions,
+ "Basic Response Extensions")) goto err;
+ i=OBJ_obj2nid(br->signatureAlgorithm->algorithm);
+ if (BIO_printf(bp,"Basic Response Signature Algorithm: %s",
+ (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+ goto err;
+ n=br->signature->length;
+ s=(char *)br->signature->data;
+ for (i=0; i<n; i++)
+ {
+ if ((i%18) == 0)
+ if (BIO_write(bp,"\n ",9) <= 0) goto err;
+ if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+ ((i+1) == n)?"":":") <= 0) goto err;
+ }
+ if (BIO_write(bp,"\n",1) != 1) goto err;
+ if (br->certs)
+ {
+ for (i=0; i<sk_X509_num(br->certs); i++)
+ if (sk_X509_value(br->certs,i) != NULL) {
+ X509_print(bp, sk_X509_value(br->certs,i));
+ PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+ }
+ }
+ return 1;
+err:
+ return 0;
+ }
+
+int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind)
+ {
+ if (a->crlUrl)
+ {
+ if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+ if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+ if (!BIO_write(bp, "\n", 1)) goto err;
+ }
+ if (a->crlNum)
+ {
+ if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+ if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+ if (!BIO_write(bp, "\n", 1)) goto err;
+ }
+ if (a->crlTime)
+ {
+ if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+ if (!BIO_write(bp, "\n", 1)) goto err;
+ }
+ return 1;
+err:
+ return 0;
+ }
+
+int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind)
+ {
+ int i, j;
+ ACCESS_DESCRIPTION *ad;
+
+ if (BIO_printf(bp, "%*sissuer: ", ind, "") <= 0) goto err;
+ if (X509_NAME_print(bp, a->issuer, 16) <= 0) goto err;
+ if (BIO_printf(bp, "\n", 1) <= 0) goto err;
+
+ /* Service locator is optional */
+ if (a->locator != NULL) {
+ if (BIO_printf(bp, "%*slocator:\n", ind, "") <= 0) goto err;
+ for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+ {
+ ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+ if (BIO_printf(bp, "%*smethod: ", (2*ind), "") <= 0)
+ goto err;
+ j=OBJ_obj2nid(ad->method);
+ if (BIO_printf(bp,"%s", (j == NID_undef)?"UNKNOWN":
+ OBJ_nid2ln(j)) <= 0)
+ goto err;
+ if (BIO_printf(bp, "\n%*sname: ", (2*ind), "") <= 0)
+ goto err;
+ if (i2a_GENERAL_NAME(bp, ad->location) <= 0) goto err;
+ if (BIO_write(bp, "\n", 1) <= 0) goto err;
+ }
+ }
+ return 1;
+err:
+ return 0;
+ }
+
+/* XXX assumes certs in signature are sorted root to leaf XXX */
+int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
+ {
+ STACK_OF(X509) *sk;
+
+ if (!req->optionalSignature) return 0;
+ if (pkey == NULL)
+ {
+ if (!(sk = req->optionalSignature->certs)) return 0;
+ if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
+ {
+ OCSPerr(OCSP_F_REQUEST_VERIFY,OCSP_R_NO_PUBLIC_KEY);
+ return 0;
+ }
+ }
+ return OCSP_REQUEST_verify(req, pkey);
+ }
+
+int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey)
+ {
+ int i, r;
+ unsigned char *p;
+ OCSP_RESPBYTES *rb;
+ OCSP_BASICRESP *br = NULL;
+
+ if ((rb = rsp->responseBytes) == NULL)
+ {
+ OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_NO_RESPONSE_DATA);
+ return 0;
+ }
+ if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic)
+ {
+ OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_BAD_TAG);
+ return 0;
+ }
+ p = ASN1_STRING_data(rb->response);
+ i = ASN1_STRING_length(rb->response);
+ if (!(d2i_OCSP_BASICRESP(&br, &p, i))) return 0;
+ r = OCSP_basic_response_verify(br, pkey);
+ OCSP_BASICRESP_free(br);
+ return r;
+ }
+
+int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey)
+ {
+ STACK_OF(X509) *sk;
+ int ret;
+
+ if (!rsp->signature)
+ {
+ OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_SIGNATURE);
+ return 0;
+ }
+ if (pkey == NULL)
+ {
+ if (!(sk = rsp->certs))
+ {
+ OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_CERTIFICATE);
+ return 0;
+ }
+ if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
+ {
+ OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_PUBLIC_KEY);
+ return 0;
+ }
+ }
+ ret = OCSP_BASICRESP_verify(rsp, pkey, 0);
+ return ret;
+ }
diff --git a/crypto/ocsp/ocsp_req.c b/crypto/ocsp/ocsp_req.c
new file mode 100644
index 0000000000..e1be8bdf3a
--- /dev/null
+++ b/crypto/ocsp/ocsp_req.c
@@ -0,0 +1,316 @@
+/* ocsp_req.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was originally part of ocsp.c and was transfered to Richard
+ Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+ in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+IMPLEMENT_STACK_OF(OCSP_ONEREQ)
+IMPLEMENT_ASN1_SET_OF(OCSP_ONEREQ)
+
+OCSP_REQINFO *OCSP_REQINFO_new(void)
+ {
+ OCSP_REQINFO *ret=NULL;
+ ASN1_CTX c;
+
+ M_ASN1_New_Malloc(ret, OCSP_REQINFO);
+ ret->version = NULL;
+ ret->requestorName = NULL;
+ ret->requestList = NULL;
+ ret->requestExtensions = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_REQINFO_NEW);
+ }
+
+void OCSP_REQINFO_free(OCSP_REQINFO *a)
+ {
+ if (a == NULL) return;
+ ASN1_INTEGER_free(a->version);
+ GENERAL_NAME_free(a->requestorName);
+ sk_OCSP_ONEREQ_pop_free(a->requestList, OCSP_ONEREQ_free);
+ sk_X509_EXTENSION_pop_free(a->requestExtensions, X509_EXTENSION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_REQINFO(OCSP_REQINFO *a,
+ unsigned char **pp)
+ {
+ int v1=0,v2=0,v3=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+ M_ASN1_I2D_len_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
+ M_ASN1_I2D_len_SEQUENCE_type(OCSP_ONEREQ,
+ a->requestList, i2d_OCSP_ONEREQ);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->requestExtensions, i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
+
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+ M_ASN1_I2D_put_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
+ M_ASN1_I2D_put_SEQUENCE_type(OCSP_ONEREQ,a->requestList,i2d_OCSP_ONEREQ);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->requestExtensions,i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
+
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_REQINFO *,OCSP_REQINFO_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ /* we have the optional version field */
+ if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+ { M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
+ else
+ {
+ if (ret->version != NULL)
+ {
+ ASN1_INTEGER_free(ret->version);
+ ret->version=NULL;
+ }
+ }
+ M_ASN1_D2I_get_EXP_opt(ret->requestorName,d2i_GENERAL_NAME,1);
+ M_ASN1_D2I_get_seq_type(OCSP_ONEREQ, ret->requestList,
+ d2i_OCSP_ONEREQ,OCSP_ONEREQ_free);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+ ret->requestExtensions,d2i_X509_EXTENSION,
+ X509_EXTENSION_free,2,V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_REQINFO_free,ASN1_F_D2I_OCSP_REQINFO);
+ }
+
+int i2a_OCSP_REQINFO(BIO *bp,
+ OCSP_REQINFO* a)
+ {
+ int i, j=1;
+ if (a->version == NULL) BIO_puts(bp, "0");
+ else i2a_ASN1_INTEGER(bp, a->version);
+ if (a->requestorName != NULL)
+ {
+ j++;
+#ifdef UNDEF
+ i2a_GENERAL_NAME(bp, a->requestorName); /* does not exist */
+#endif
+ }
+ if (a->requestList != NULL)
+ {
+ for (i=0; i<sk_OCSP_ONEREQ_num(a->requestList); i++)
+ if (sk_OCSP_ONEREQ_value(a->requestList,i) != NULL)
+ i2a_OCSP_ONEREQ(bp,
+ sk_OCSP_ONEREQ_value(a->requestList,i));
+ j+=sk_OCSP_ONEREQ_num(a->requestList);
+ }
+ j+=OCSP_extensions_print(bp, a->requestExtensions,
+ "Request Extensions");
+ return j;
+ }
+
+OCSP_REQUEST *OCSP_REQUEST_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_REQUEST *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_REQUEST);
+ M_ASN1_New(ret->tbsRequest, OCSP_REQINFO_new);
+ ret->optionalSignature = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_REQUEST_NEW);
+ }
+
+void OCSP_REQUEST_free(OCSP_REQUEST *a)
+ {
+ if (a == NULL) return;
+ OCSP_REQINFO_free(a->tbsRequest);
+ OCSP_SIGNATURE_free(a->optionalSignature);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_REQUEST(OCSP_REQUEST *a,
+ unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->tbsRequest, i2d_OCSP_REQINFO);
+ M_ASN1_I2D_len_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->tbsRequest, i2d_OCSP_REQINFO);
+ M_ASN1_I2D_put_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_REQUEST *,OCSP_REQUEST_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->tbsRequest, d2i_OCSP_REQINFO);
+ M_ASN1_D2I_get_EXP_opt(ret->optionalSignature, d2i_OCSP_SIGNATURE, 0);
+ M_ASN1_D2I_Finish(a,OCSP_REQUEST_free,ASN1_F_D2I_OCSP_REQUEST);
+ }
+
+int i2a_OCSP_REQUEST(BIO *bp,
+ OCSP_REQUEST* a)
+ {
+ i2a_OCSP_REQINFO(bp, a->tbsRequest);
+ i2a_OCSP_SIGNATURE(bp, a->optionalSignature);
+ return a->optionalSignature ? 2 : 1;
+ }
+
+OCSP_ONEREQ *OCSP_ONEREQ_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_ONEREQ *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_ONEREQ);
+ M_ASN1_New(ret->reqCert, OCSP_CERTID_new);
+ ret->singleRequestExtensions = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_ONEREQ_NEW);
+ }
+
+void OCSP_ONEREQ_free(OCSP_ONEREQ *a)
+ {
+ if (a == NULL) return;
+ OCSP_CERTID_free(a->reqCert);
+ sk_X509_EXTENSION_pop_free(a->singleRequestExtensions, X509_EXTENSION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a,
+ unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->reqCert, i2d_OCSP_CERTID);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
+ V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->reqCert, i2d_OCSP_CERTID);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
+ V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_ONEREQ *,OCSP_ONEREQ_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->reqCert, d2i_OCSP_CERTID);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+ ret->singleRequestExtensions, d2i_X509_EXTENSION,
+ X509_EXTENSION_free, 0, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_ONEREQ_free,ASN1_F_D2I_OCSP_ONEREQ);
+ }
+
+int i2a_OCSP_ONEREQ(BIO *bp,
+ OCSP_ONEREQ* a)
+ {
+ i2a_OCSP_CERTID(bp, a->reqCert);
+#ifdef UNDEF
+ /* XXX need generic extension print method or need to register
+ * ocsp extensions with existing extension handler mechanism,
+ * invoke i2a callbacks.
+ */
+ if (a->singleRequestExtensions != NULL)
+ {
+ for (i=0; i<sk_X509_EXTENSION_num(a->singleRequestExtensions); i++)
+ if (sk_X509_EXTENSION_value(a->singleRequestExtensions,i) != NULL)
+ i2a_X509_EXTENSION(bp,
+ sk_X509_EXTENSION_value(
+ a->singleRequestExtensions, i));
+ j+=sk_X509_EXTENSION_num(a->singleRequestExtensions);
+ }
+#endif
+ return 1;
+ }
diff --git a/crypto/ocsp/ocsp_res.c b/crypto/ocsp/ocsp_res.c
new file mode 100644
index 0000000000..34443aba11
--- /dev/null
+++ b/crypto/ocsp/ocsp_res.c
@@ -0,0 +1,896 @@
+/* ocsp_req.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was originally part of ocsp.c and was transfered to Richard
+ Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+ in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+IMPLEMENT_STACK_OF(OCSP_SINGLERESP)
+IMPLEMENT_ASN1_SET_OF(OCSP_SINGLERESP)
+
+OCSP_RESPBYTES *OCSP_RESPBYTES_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPBYTES *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPBYTES);
+ M_ASN1_New(ret->responseType, ASN1_OBJECT_new);
+ M_ASN1_New(ret->response, ASN1_OCTET_STRING_new);
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPBYTES_NEW);
+ }
+
+void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a)
+ {
+ if (a == NULL) return;
+ ASN1_OBJECT_free(a->responseType);
+ ASN1_OCTET_STRING_free(a->response);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a,
+ unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->responseType, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_len(a->response, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->responseType, i2d_ASN1_OBJECT);
+ M_ASN1_I2D_put(a->response, i2d_ASN1_OCTET_STRING);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_RESPBYTES *,OCSP_RESPBYTES_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->responseType, d2i_ASN1_OBJECT);
+ M_ASN1_D2I_get(ret->response, d2i_ASN1_OCTET_STRING);
+ M_ASN1_D2I_Finish(a,OCSP_RESPBYTES_free,ASN1_F_D2I_OCSP_RESPBYTES);
+ }
+
+int i2a_OCSP_RESPBYTES(BIO *bp,
+ OCSP_RESPBYTES* a)
+ {
+ i2a_ASN1_OBJECT(bp, a->responseType);
+ i2a_ASN1_STRING(bp, a->response, V_ASN1_OCTET_STRING);
+ return 2;
+ }
+
+OCSP_RESPONSE *OCSP_RESPONSE_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPONSE *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPONSE);
+ M_ASN1_New(ret->responseStatus, ASN1_ENUMERATED_new);
+ ret->responseBytes = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPONSE_NEW);
+ }
+
+void OCSP_RESPONSE_free(OCSP_RESPONSE *a)
+ {
+ if (a == NULL) return;
+ ASN1_ENUMERATED_free(a->responseStatus);
+ OCSP_RESPBYTES_free(a->responseBytes);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a,
+ unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->responseStatus, i2d_ASN1_ENUMERATED);
+ M_ASN1_I2D_len_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->responseStatus, i2d_ASN1_ENUMERATED);
+ M_ASN1_I2D_put_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_RESPONSE *,OCSP_RESPONSE_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->responseStatus, d2i_ASN1_ENUMERATED);
+ M_ASN1_D2I_get_EXP_opt(ret->responseBytes, d2i_OCSP_RESPBYTES, 0);
+ M_ASN1_D2I_Finish(a,OCSP_RESPONSE_free,ASN1_F_D2I_OCSP_RESPONSE);
+ }
+
+int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a)
+ {
+ i2a_ASN1_STRING(bp, a->responseStatus, V_ASN1_ENUMERATED);
+ i2a_OCSP_RESPBYTES(bp, a->responseBytes);
+ return a->responseBytes ? 2 : 1;
+ }
+
+OCSP_RESPID *OCSP_RESPID_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPID *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPID);
+ ret->tag = -1;
+ ret->value.byName = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPID_NEW);
+ }
+
+void OCSP_RESPID_free(OCSP_RESPID *a)
+ {
+ if (a == NULL) return;
+ switch (a->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ X509_NAME_free(a->value.byName);
+ break;
+ case V_OCSP_RESPID_KEY:
+ ASN1_OCTET_STRING_free(a->value.byKey);
+ break;
+ }
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+ switch (a->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ v = i2d_X509_NAME(a->value.byName,NULL);
+ ret += ASN1_object_size(1, v, V_OCSP_RESPID_NAME);
+ if (pp==NULL) return ret;
+ p=*pp;
+ ASN1_put_object(&p, 1, v,
+ V_OCSP_RESPID_NAME,
+ V_ASN1_CONTEXT_SPECIFIC);
+ i2d_X509_NAME(a->value.byName,&p);
+ break;
+ case V_OCSP_RESPID_KEY:
+ v = i2d_ASN1_OCTET_STRING(a->value.byKey,NULL);
+ ret += ASN1_object_size(1, v, V_OCSP_RESPID_KEY);
+ if (pp==NULL) return ret;
+ p=*pp;
+ ASN1_put_object(&p, 1, v,
+ V_OCSP_RESPID_KEY,
+ V_ASN1_CONTEXT_SPECIFIC);
+ i2d_ASN1_OCTET_STRING(a->value.byKey,&p);
+ break;
+ }
+ if (pp && *pp) *pp=p;
+ return(r);
+ }
+
+OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a,
+ unsigned char **pp,
+ long length)
+ {
+ int inf,xclass;
+ M_ASN1_D2I_vars(a,OCSP_RESPID *,OCSP_RESPID_new);
+
+ M_ASN1_D2I_Init();
+ c.slen = length; /* simulate sequence */
+ inf=ASN1_get_object(&c.p,&c.slen,&ret->tag,&xclass,c.slen);
+ if (inf & 0x80) goto err;
+ switch (ret->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ M_ASN1_D2I_get(ret->value.byName, d2i_X509_NAME);
+ break;
+ case V_OCSP_RESPID_KEY:
+ M_ASN1_D2I_get(ret->value.byKey, d2i_ASN1_OCTET_STRING);
+ break;
+ default:
+ ASN1err(ASN1_F_D2I_OCSP_RESPID,ASN1_R_BAD_TYPE);
+ break;
+ }
+ M_ASN1_D2I_Finish(a,OCSP_RESPID_free,ASN1_F_D2I_OCSP_RESPID);
+ }
+
+int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a)
+ {
+ switch (a->tag)
+ {
+ case V_OCSP_RESPID_NAME:
+ X509_NAME_print(bp, a->value.byName, 16);
+ break;
+ case V_OCSP_RESPID_KEY:
+ i2a_ASN1_STRING(bp, a->value.byKey, V_ASN1_OCTET_STRING);
+ break;
+ }
+
+ return 1;
+ }
+
+OCSP_RESPDATA *OCSP_RESPDATA_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_RESPDATA *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_RESPDATA);
+ ret->version = NULL;
+ M_ASN1_New(ret->responderId, OCSP_RESPID_new);
+ M_ASN1_New(ret->producedAt, ASN1_GENERALIZEDTIME_new);
+ ret->responses = NULL;
+ ret->responseExtensions = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_RESPDATA_NEW);
+ }
+
+void OCSP_RESPDATA_free(OCSP_RESPDATA *a)
+ {
+ if (a == NULL) return;
+ ASN1_INTEGER_free(a->version);
+ OCSP_RESPID_free(a->responderId);
+ ASN1_GENERALIZEDTIME_free(a->producedAt);
+ sk_OCSP_SINGLERESP_pop_free(a->responses, OCSP_SINGLERESP_free);
+ sk_X509_EXTENSION_pop_free(a->responseExtensions, X509_EXTENSION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a,
+ unsigned char **pp)
+ {
+ int v1=0,v2=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
+ M_ASN1_I2D_len(a->responderId, i2d_OCSP_RESPID);
+ M_ASN1_I2D_len(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_len_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
+ i2d_OCSP_SINGLERESP);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->responseExtensions, i2d_X509_EXTENSION, 1,
+ V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
+ M_ASN1_I2D_put(a->responderId, i2d_OCSP_RESPID);
+ M_ASN1_I2D_put(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_put_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
+ i2d_OCSP_SINGLERESP);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->responseExtensions, i2d_X509_EXTENSION, 1,
+ V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_RESPDATA *,OCSP_RESPDATA_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ /* we have the optional version field */
+ if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+ { M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
+ else
+ {
+ if (ret->version != NULL)
+ {
+ ASN1_INTEGER_free(ret->version);
+ ret->version=NULL;
+ }
+ }
+ M_ASN1_D2I_get(ret->responderId, d2i_OCSP_RESPID);
+ M_ASN1_D2I_get(ret->producedAt, d2i_ASN1_GENERALIZEDTIME);
+ M_ASN1_D2I_get_seq_type(OCSP_SINGLERESP, ret->responses,
+ d2i_OCSP_SINGLERESP, OCSP_SINGLERESP_free);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+ ret->responseExtensions, d2i_X509_EXTENSION,
+ X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_RESPDATA_free,ASN1_F_D2I_OCSP_RESPDATA);
+ }
+
+int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a)
+ {
+ int i, j=2;
+ if (a->version == NULL) BIO_puts(bp, "0");
+ else i2a_ASN1_INTEGER(bp, a->version);
+ i2a_OCSP_RESPID(bp, a->responderId);
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->producedAt)) return 0;
+ if (a->responses != NULL)
+ {
+ for (i=0; i<sk_OCSP_SINGLERESP_num(a->responses); i++)
+ if (sk_OCSP_SINGLERESP_value(a->responses,i) != NULL)
+ i2a_OCSP_SINGLERESP(bp,
+ sk_OCSP_SINGLERESP_value(a->responses,i));
+ j+=sk_OCSP_SINGLERESP_num(a->responses);
+ }
+#ifdef UNDEF
+ /* XXX need generic extension print method or need to register
+ * ocsp extensions with existing extension handler mechanism,
+ * invoke i2a callbacks.
+ */
+ if (a->responseExtensions != NULL)
+ {
+ for (i=0; i<sk_X509_EXTENSION_num(a->responseExtensions); i++)
+ if (sk_X509_EXTENSION_value(a->responseExtensions,i) != NULL)
+ i2a_X509_EXTENSION(bp,
+ sk_X509_EXTENSION_value(a->responseExtensions,i));
+ j+=sk_X509_EXTENSION_num(a->responseExtensions);
+ }
+#endif
+ return j;
+ }
+
+OCSP_BASICRESP *OCSP_BASICRESP_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_BASICRESP *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_BASICRESP);
+ M_ASN1_New(ret->tbsResponseData, OCSP_RESPDATA_new);
+ M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
+ M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+ ret->certs = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_BASICRESP_NEW);
+ }
+
+void OCSP_BASICRESP_free(OCSP_BASICRESP *a)
+ {
+ if (a == NULL) return;
+ OCSP_RESPDATA_free(a->tbsResponseData);
+ X509_ALGOR_free(a->signatureAlgorithm);
+ ASN1_BIT_STRING_free(a->signature);
+ sk_X509_pop_free(a->certs, X509_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->tbsResponseData, i2d_OCSP_RESPDATA);
+ M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs,
+ i2d_X509, 0, V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->tbsResponseData, i2d_OCSP_RESPDATA);
+ M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs,
+ i2d_X509, 0, V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_BASICRESP *,OCSP_BASICRESP_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->tbsResponseData, d2i_OCSP_RESPDATA);
+ M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
+ X509_free, 0, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_BASICRESP_free,ASN1_F_D2I_OCSP_BASICRESP);
+ }
+
+int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a)
+ {
+ int i, j=3;
+ i2a_OCSP_RESPDATA(bp, a->tbsResponseData);
+#ifdef UNDEF
+ /* XXX this guy isn't implemented. */
+ i2a_X509_ALGOR(bp, a->signatureAlgorithm);
+#else /* instead, just show OID, not param */
+ i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
+#endif
+ i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
+ if (a->certs != NULL)
+ {
+ for (i=0; i<sk_X509_num(a->certs); i++)
+ if (sk_X509_value(a->certs,i) != NULL)
+ X509_print(bp, sk_X509_value(a->certs,i));
+ j+=sk_X509_num(a->certs);
+ }
+ return j;
+ }
+
+OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_REVOKEDINFO *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_REVOKEDINFO);
+ M_ASN1_New(ret->revocationTime, ASN1_GENERALIZEDTIME_new);
+ ret->revocationReason = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_REVOKEDINFO_NEW);
+ }
+
+void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a)
+ {
+ if (a == NULL) return;
+ ASN1_GENERALIZEDTIME_free(a->revocationTime);
+ ASN1_ENUMERATED_free(a->revocationReason);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_len_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_put_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_REVOKEDINFO *,OCSP_REVOKEDINFO_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->revocationTime, d2i_ASN1_GENERALIZEDTIME);
+ M_ASN1_D2I_get_EXP_opt(ret->revocationReason, d2i_ASN1_ENUMERATED, 0);
+ M_ASN1_D2I_Finish(a,OCSP_REVOKEDINFO_free,ASN1_F_D2I_OCSP_REVOKEDINFO);
+ }
+
+int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a)
+ {
+ int i=0;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->revocationTime)) return 0;
+ if (a->revocationReason)
+ {
+ i2a_ASN1_STRING(bp, a->revocationReason, V_ASN1_ENUMERATED);
+ i++;
+ }
+ return i;
+ }
+
+OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void)
+
+ {
+ ASN1_CTX c;
+ OCSP_CERTSTATUS *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_CERTSTATUS);
+ ret->tag = -1;
+ ret->revoked = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_CERTSTATUS_NEW);
+ }
+
+void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a)
+ {
+ if (a == NULL) return;
+ OCSP_REVOKEDINFO_free(a->revoked);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp)
+ {
+ unsigned char *qq;
+ M_ASN1_I2D_vars(a);
+ ret += 0; /* shush, compiler, shush... */
+ if (a == NULL) return(0);
+ switch (a->tag)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ r = 2;
+ if (pp)
+ {
+ qq=p=*pp;
+ ASN1_put_object(&p,0,0,
+ V_ASN1_NULL,V_ASN1_UNIVERSAL);
+ *qq=(V_ASN1_CONTEXT_SPECIFIC|a->tag|
+ (*qq&V_ASN1_CONSTRUCTED));
+ }
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ r = i2d_OCSP_REVOKEDINFO(a->revoked,NULL);
+ if (pp)
+ {
+ p=*pp;
+ M_ASN1_I2D_put_IMP_opt(a->revoked,
+ i2d_OCSP_REVOKEDINFO,
+ a->tag);
+ }
+ break;
+
+ }
+ if (pp && *pp) *pp=p;
+ return(r);
+ }
+
+OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a,
+ unsigned char **pp,
+ long length)
+ {
+ int tag, xclass, error=0;
+ long len;
+ unsigned char *p, *q, t;
+ OCSP_CERTSTATUS* ret=NULL;
+
+ if ((a == NULL) || ((*a) == NULL))
+ {
+ if ((ret=(OCSP_CERTSTATUS*)OCSP_CERTSTATUS_new()) == NULL)
+ goto err;
+ }
+ else ret=(*a);
+ p=*pp;
+ ret->tag = (*p & ~(V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC));
+ switch (ret->tag)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ ret->revoked = NULL;
+ q=p;
+ ASN1_get_object(&p,&len,&tag,&xclass,length);
+ if (len)
+ {
+ error = ASN1_R_BAD_TYPE;
+ goto err;
+ }
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ q=p;
+ ASN1_get_object(&q,&len,&tag,&xclass,length);
+ t=*p;
+ *p=(t&~V_ASN1_PRIMATIVE_TAG)|V_ASN1_SEQUENCE;
+ q=p;
+ if (d2i_OCSP_REVOKEDINFO(&ret->revoked,
+ &p,length) == NULL)
+ goto err;
+ *q=t;
+ if ((p-q) != (len+2))
+ {
+ error = ASN1_R_BAD_TYPE;
+ goto err;
+ }
+ break;
+ default:
+ ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,ASN1_R_BAD_TYPE);
+ break;
+ }
+ *pp=p;
+ if (a != NULL) (*a)=ret;
+ return(ret);
+err:
+ ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,error);
+ asn1_add_error(*pp,(int)(q- *pp));
+ if ((ret != NULL) && ((a == NULL) || (*a != ret)))
+ OCSP_CERTSTATUS_free(ret);
+ return(NULL);
+ }
+
+int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a)
+ {
+ switch (a->tag)
+ {
+ case V_OCSP_CERTSTATUS_GOOD:
+ BIO_puts(bp, "CertStatus: good");
+ break;
+ case V_OCSP_CERTSTATUS_REVOKED:
+ BIO_puts(bp, "CertStatus: revoked");
+ i2a_OCSP_REVOKEDINFO(bp, a->revoked);
+ break;
+ case V_OCSP_CERTSTATUS_UNKNOWN:
+ BIO_puts(bp, "CertStatus: unknown");
+ break;
+ }
+ return 1;
+ }
+
+OCSP_SINGLERESP *OCSP_SINGLERESP_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_SINGLERESP *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_SINGLERESP);
+ M_ASN1_New(ret->certId, OCSP_CERTID_new);
+ M_ASN1_New(ret->certStatus, OCSP_CERTSTATUS_new);
+ M_ASN1_New(ret->thisUpdate, ASN1_GENERALIZEDTIME_new);
+ ret->nextUpdate = NULL;
+ ret->singleExtensions = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_SINGLERESP_NEW);
+ }
+
+void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a)
+ {
+ if (a == NULL) return;
+ OCSP_CERTID_free(a->certId);
+ OCSP_CERTSTATUS_free(a->certStatus);
+ ASN1_GENERALIZEDTIME_free(a->thisUpdate);
+ ASN1_GENERALIZEDTIME_free(a->nextUpdate);
+ sk_X509_EXTENSION_pop_free(a->singleExtensions, X509_EXTENSION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp)
+ {
+ int v1=0,v2=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->certId, i2d_OCSP_CERTID);
+ M_ASN1_I2D_len(a->certStatus, i2d_OCSP_CERTSTATUS);
+ M_ASN1_I2D_len(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_len_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->certId, i2d_OCSP_CERTID);
+ M_ASN1_I2D_put(a->certStatus, i2d_OCSP_CERTSTATUS);
+ M_ASN1_I2D_put(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
+ M_ASN1_I2D_put_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+ a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_SINGLERESP *,OCSP_SINGLERESP_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->certId, d2i_OCSP_CERTID);
+ M_ASN1_D2I_get(ret->certStatus, d2i_OCSP_CERTSTATUS);
+ M_ASN1_D2I_get(ret->thisUpdate, d2i_ASN1_GENERALIZEDTIME);
+ M_ASN1_D2I_get_EXP_opt(ret->nextUpdate, d2i_ASN1_GENERALIZEDTIME, 0);
+ /* there is no M_ASN1_D2I_get_EXP_seq*, so had to use set here*/
+ M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION, ret->singleExtensions,
+ d2i_X509_EXTENSION, X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_SINGLERESP_free,ASN1_F_D2I_OCSP_SINGLERESP);
+ }
+
+int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a)
+ {
+ int /* XXX i, */ j=3;
+ i2a_OCSP_CERTID(bp, a->certId);
+ i2a_OCSP_CERTSTATUS(bp, a->certStatus);
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->thisUpdate)) return 0;
+ if (a->nextUpdate)
+ {
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->nextUpdate)) return 0;
+ j++;
+ }
+#ifdef UNDEF
+ /* XXX need generic extension print method or need to register
+ * ocsp extensions with existing extension handler mechanism,
+ * invoke i2a callbacks.
+ */
+ if (a->singleExtensions != NULL)
+ {
+ for (i=0; i<sk_X509_EXTENSION_num(a->singleExtensions); i++)
+ if (sk_X509_EXTENSION_value(a->singleExtensions,i) != NULL)
+ i2a_X509_EXTENSION(bp,
+ sk_X509_EXTENSION_value(a->singleExtensions,i));
+ j+=sk_X509_EXTENSION_num(a->singleExtensions);
+ }
+#endif
+ return j;
+ }
+
+OCSP_CRLID *OCSP_CRLID_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_CRLID *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_CRLID);
+ ret->crlUrl = NULL;
+ ret->crlNum = NULL;
+ ret->crlTime = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_CRLID_NEW);
+ }
+
+void OCSP_CRLID_free(OCSP_CRLID *a)
+ {
+ if (a == NULL) return;
+ ASN1_IA5STRING_free(a->crlUrl);
+ ASN1_INTEGER_free(a->crlNum);
+ ASN1_GENERALIZEDTIME_free(a->crlTime);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_CRLID(OCSP_CRLID *a,
+ unsigned char **pp)
+ {
+ int v1=0,v2=0,v3=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
+ M_ASN1_I2D_len_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
+ M_ASN1_I2D_len_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
+ M_ASN1_I2D_put_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
+ M_ASN1_I2D_put_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_CRLID *,OCSP_CRLID_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get_EXP_opt(ret->crlUrl, d2i_ASN1_IA5STRING, 0);
+ M_ASN1_D2I_get_EXP_opt(ret->crlNum, d2i_ASN1_INTEGER, 1);
+ M_ASN1_D2I_get_EXP_opt(ret->crlTime, d2i_ASN1_GENERALIZEDTIME, 2);
+ M_ASN1_D2I_Finish(a,OCSP_CRLID_free,ASN1_F_D2I_OCSP_CRLID);
+ }
+
+int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a)
+ {
+ int i = 0;
+ char buf[1024];
+ if (a->crlUrl && ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) i++;
+ if (a->crlNum && a2i_ASN1_INTEGER(bp, a->crlNum, buf, sizeof buf)) i++;
+ if (a->crlTime && ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) i++;
+ return i;
+ }
+
+OCSP_SERVICELOC *OCSP_SERVICELOC_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_SERVICELOC *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_SERVICELOC);
+ M_ASN1_New(ret->issuer, X509_NAME_new);
+ ret->locator = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_SERVICELOC_NEW);
+ }
+
+void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a)
+ {
+ if (a == NULL) return;
+ X509_NAME_free(a->issuer);
+ sk_ACCESS_DESCRIPTION_pop_free(a->locator, ACCESS_DESCRIPTION_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a,
+ unsigned char **pp)
+ {
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->issuer, i2d_X509_NAME);
+ M_ASN1_I2D_len_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
+ a->locator, i2d_ACCESS_DESCRIPTION);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->issuer, i2d_X509_NAME);
+ M_ASN1_I2D_put_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
+ a->locator, i2d_ACCESS_DESCRIPTION);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_SERVICELOC *,OCSP_SERVICELOC_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
+ M_ASN1_D2I_get_seq_opt_type(ACCESS_DESCRIPTION, ret->locator,
+ d2i_ACCESS_DESCRIPTION,ACCESS_DESCRIPTION_free);
+ M_ASN1_D2I_Finish(a,OCSP_SERVICELOC_free,ASN1_F_D2I_OCSP_SERVICELOC);
+ }
+
+int i2a_OCSP_SERVICELOC(BIO *bp,
+ OCSP_SERVICELOC* a)
+ {
+ int i;
+ X509_NAME_print(bp, a->issuer, 16);
+ if (!a->locator) return 1;
+ for (i=0; i<sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+ i2a_ACCESS_DESCRIPTION(bp,
+ sk_ACCESS_DESCRIPTION_value(a->locator,i));
+ return i+2;
+ }
diff --git a/crypto/ocsp/ocsp_sig.c b/crypto/ocsp/ocsp_sig.c
new file mode 100644
index 0000000000..c94167eabe
--- /dev/null
+++ b/crypto/ocsp/ocsp_sig.c
@@ -0,0 +1,157 @@
+/* ocsp_sig.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+ This file was originally part of ocsp.c and was transfered to Richard
+ Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+ in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+OCSP_SIGNATURE *OCSP_SIGNATURE_new(void)
+ {
+ ASN1_CTX c;
+ OCSP_SIGNATURE *ret=NULL;
+
+ M_ASN1_New_Malloc(ret, OCSP_SIGNATURE);
+ M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
+ M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+ ret->certs = NULL;
+ return(ret);
+ M_ASN1_New_Error(ASN1_F_OCSP_SIGNATURE_NEW);
+ }
+
+void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a)
+ {
+ if (a == NULL) return;
+ X509_ALGOR_free(a->signatureAlgorithm);
+ ASN1_BIT_STRING_free(a->signature);
+ if (a->certs) sk_X509_pop_free(a->certs, X509_free);
+ OPENSSL_free((char *)a);
+ }
+
+int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a,
+ unsigned char **pp)
+ {
+ int v=0;
+ M_ASN1_I2D_vars(a);
+
+ M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509,
+ 0, V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_seq_total();
+ M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
+ M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+ M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509, 0,
+ V_ASN1_SEQUENCE, v);
+ M_ASN1_I2D_finish();
+ }
+
+OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a,
+ unsigned char **pp,
+ long length)
+ {
+ M_ASN1_D2I_vars(a,OCSP_SIGNATURE *,OCSP_SIGNATURE_new);
+
+ M_ASN1_D2I_Init();
+ M_ASN1_D2I_start_sequence();
+ M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
+ M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+ /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+ we're using the set version */
+ M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
+ X509_free, 0, V_ASN1_SEQUENCE);
+ M_ASN1_D2I_Finish(a,OCSP_SIGNATURE_free,ASN1_F_D2I_OCSP_SIGNATURE);
+ }
+
+int i2a_OCSP_SIGNATURE(BIO *bp,
+ OCSP_SIGNATURE* a)
+ {
+ int i, j=2;
+#ifdef UNDEF
+ /* XXX this guy isn't implemented. */
+ i2a_X509_ALGOR(bp, a->signatureAlgorithm);
+#else /* instead, just show OID, not param */
+ i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
+#endif
+ i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
+ if (a->certs != NULL)
+ {
+ for (i=0; i<sk_X509_num(a->certs); i++)
+ if (sk_X509_value(a->certs,i) != NULL)
+ X509_print(bp, sk_X509_value(a->certs,i));
+ j+=sk_X509_num(a->certs);
+ }
+ return j;
+ }
diff --git a/crypto/stack/safestack.h b/crypto/stack/safestack.h
index 9fa63e1be5..38eea51547 100644
--- a/crypto/stack/safestack.h
+++ b/crypto/stack/safestack.h
@@ -484,6 +484,46 @@ STACK_OF(type) \
#define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
#define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
+#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+
+#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+
#define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
#define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
#define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
@@ -998,6 +1038,24 @@ STACK_OF(type) \
#define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
+#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+ SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
+#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+ SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+ SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+ SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
#define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class))
#define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
diff --git a/crypto/x509/x509.h b/crypto/x509/x509.h
index 6b053359b7..228a0b7062 100644
--- a/crypto/x509/x509.h
+++ b/crypto/x509/x509.h
@@ -1061,6 +1061,7 @@ int X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
int X509_print(BIO *bp,X509 *x);
+int X509_ocspid_print(BIO *bp,X509 *x);
int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
int X509_CRL_print(BIO *bp,X509_CRL *x);
int X509_REQ_print(BIO *bp,X509_REQ *req);
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
index a045a629ee..44d95a6205 100644
--- a/crypto/x509v3/v3_info.c
+++ b/crypto/x509v3/v3_info.c
@@ -207,6 +207,15 @@ void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
OPENSSL_free (a);
}
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
+ {
+ i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+ i2a_GENERAL_NAME(bp, a->location);
+#endif
+ return 2;
+ }
+
STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
{
return sk_ACCESS_DESCRIPTION_new_null();
diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h
index 4c3edc3daf..908c3ae185 100644
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@@ -477,6 +477,7 @@ ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
long length);
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);