are all raw print only extensions at present.
*) Move common extension printing code to new function
X509V3_print_extensions(). Reorganise OCSP print routines and
- implement some needed OCSP ASN1 functions.
+ implement some needed OCSP ASN1 functions. Add OCSP extensions.
[Steve Henson]
*) New function X509_signature_print() to remove duplication in some
X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
-OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
-void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
-int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp);
-OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a);
OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length);
int i2a_OCSP_SIGNATURE(BIO *bp, OCSP_SIGNATURE* a);
-OCSP_REQINFO *OCSP_REQINFO_new(void);
-void OCSP_REQINFO_free(OCSP_REQINFO *a);
-int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **pp);
-OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
int i2a_OCSP_REQINFO(BIO *bp, OCSP_REQINFO* a);
-OCSP_CRLID *OCSP_CRLID_new(void);
-void OCSP_CRLID_free(OCSP_CRLID *a);
-int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **pp);
-OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a);
int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind);
-OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
-void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
-int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **pp);
-OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, unsigned char **pp, long length);
+DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
int i2a_OCSP_SERVICELOC(BIO *bp, OCSP_SERVICELOC* a);
int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind);
LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
-v3_nonce.c
+v3_ocsp.c
LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
-v3_nonce.o
+v3_ocsp.o
SRC= $(LIBSRC)
extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
-extern X509V3_EXT_METHOD v3_ocsp_nonce;
+extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
+extern X509V3_EXT_METHOD v3_ocsp_crlid;
/* This table will be searched using OBJ_bsearch so it *must* kept in
* order of the ext_nid values.
&v3_crl_reason,
&v3_sxnet,
&v3_info,
-&v3_ocsp_nonce
+&v3_ocsp_nonce,
+&v3_ocsp_crlid,
+&v3_ocsp_accresp,
+&v3_ocsp_acutoff
};
/* Number of standard extensions */
#include <openssl/conf.h>
#include <openssl/x509v3.h>
-static EXTENDED_KEY_USAGE *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
- EXTENDED_KEY_USAGE *eku, STACK_OF(CONF_VALUE) *extlist);
+ void *eku, STACK_OF(CONF_VALUE) *extlist);
X509V3_EXT_METHOD v3_ext_ku = {
-NID_ext_key_usage, 0,
-&EXTENDED_KEY_USAGE_it,
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_EXTENDED_KEY_USAGE,
-(X509V3_EXT_V2I)v2i_EXTENDED_KEY_USAGE,
-0,0,
-NULL
+ NID_ext_key_usage, 0,
+ &EXTENDED_KEY_USAGE_it,
+ 0,0,0,0,
+ 0,0,
+ i2v_EXTENDED_KEY_USAGE,
+ v2i_EXTENDED_KEY_USAGE,
+ 0,0,
+ NULL
+};
+
+/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
+X509V3_EXT_METHOD v3_ocsp_accresp = {
+ NID_id_pkix_OCSP_acceptableResponses, 0,
+ &EXTENDED_KEY_USAGE_it,
+ 0,0,0,0,
+ 0,0,
+ i2v_EXTENDED_KEY_USAGE,
+ v2i_EXTENDED_KEY_USAGE,
+ 0,0,
+ NULL
};
ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) =
IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)
static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
- EXTENDED_KEY_USAGE *eku, STACK_OF(CONF_VALUE) *ext_list)
+ void *a, STACK_OF(CONF_VALUE) *ext_list)
{
-int i;
-ASN1_OBJECT *obj;
-char obj_tmp[80];
-for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
- obj = sk_ASN1_OBJECT_value(eku, i);
- i2t_ASN1_OBJECT(obj_tmp, 80, obj);
- X509V3_add_value(NULL, obj_tmp, &ext_list);
-}
-return ext_list;
+ EXTENDED_KEY_USAGE *eku = a;
+ int i;
+ ASN1_OBJECT *obj;
+ char obj_tmp[80];
+ for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
+ obj = sk_ASN1_OBJECT_value(eku, i);
+ i2t_ASN1_OBJECT(obj_tmp, 80, obj);
+ X509V3_add_value(NULL, obj_tmp, &ext_list);
+ }
+ return ext_list;
}
-static EXTENDED_KEY_USAGE *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
+static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
{
-EXTENDED_KEY_USAGE *extku;
-char *extval;
-ASN1_OBJECT *objtmp;
-CONF_VALUE *val;
-int i;
+ EXTENDED_KEY_USAGE *extku;
+ char *extval;
+ ASN1_OBJECT *objtmp;
+ CONF_VALUE *val;
+ int i;
-if(!(extku = sk_ASN1_OBJECT_new_null())) {
- X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
- return NULL;
-}
-
-for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
- val = sk_CONF_VALUE_value(nval, i);
- if(val->value) extval = val->value;
- else extval = val->name;
- if(!(objtmp = OBJ_txt2obj(extval, 0))) {
- sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
- X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
- X509V3_conf_err(val);
+ if(!(extku = sk_ASN1_OBJECT_new_null())) {
+ X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE);
return NULL;
}
- sk_ASN1_OBJECT_push(extku, objtmp);
-}
-return extku;
+
+ for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+ val = sk_CONF_VALUE_value(nval, i);
+ if(val->value) extval = val->value;
+ else extval = val->name;
+ if(!(objtmp = OBJ_txt2obj(extval, 0))) {
+ sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free);
+ X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER);
+ X509V3_conf_err(val);
+ return NULL;
+ }
+ sk_ASN1_OBJECT_push(extku, objtmp);
+ }
+ return extku;
}
+++ /dev/null
-/* v3_nonce.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project 1999.
- */
-/* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- * software must display the following acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For written permission, please contact
- * licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- * nor may "OpenSSL" appear in their names without prior written
- * permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by the OpenSSL Project
- * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com). This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/conf.h>
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/x509v3.h>
-
-/* OCSP nonce. This is needs special treatment because it doesn't have
- * an ASN1 encoding at all: it just contains arbitrary data.
- */
-
-static void *ocsp_nonce_new(void);
-static int i2d_ocsp_nonce(void *a, unsigned char **pp);
-static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
-static void ocsp_nonce_free(void *a);
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
-
-X509V3_EXT_METHOD v3_ocsp_nonce = {
- NID_id_pkix_OCSP_Nonce, 0, NULL,
- ocsp_nonce_new,
- ocsp_nonce_free,
- d2i_ocsp_nonce,
- i2d_ocsp_nonce,
- 0,0,
- 0,0,
- i2r_ocsp_nonce,0,
- NULL
-};
-
-static void *ocsp_nonce_new(void)
-{
- return ASN1_OCTET_STRING_new();
-}
-
-static int i2d_ocsp_nonce(void *a, unsigned char **pp)
-{
- ASN1_OCTET_STRING *os = a;
- if(*pp) {
- memcpy(*pp, os->data, os->length);
- *pp += os->length;
- }
- return os->length;
-}
-
-static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
-{
- ASN1_OCTET_STRING *os, **pos;
- pos = a;
- if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
- else os = *pos;
- if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
-
- *pp += length;
-
- if(pos) *pos = os;
- return os;
-
- err:
- if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
- OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
- return NULL;
-}
-
-static void ocsp_nonce_free(void *a)
-{
- M_ASN1_OCTET_STRING_free(a);
-}
-
-static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
-{
- if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
- if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
- return 1;
-}
--- /dev/null
+/* v3_ocsp.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* OCSP extensions.
+ */
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+
+static void *ocsp_nonce_new(void);
+static int i2d_ocsp_nonce(void *a, unsigned char **pp);
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length);
+static void ocsp_nonce_free(void *a);
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
+
+X509V3_EXT_METHOD v3_ocsp_crlid = {
+ NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it,
+ 0,0,0,0,
+ 0,0,
+ 0,0,
+ i2r_ocsp_crlid,0,
+ NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_acutoff = {
+ NID_id_pkix_OCSP_archiveCutoff, 0, &ASN1_GENERALIZEDTIME_it,
+ 0,0,0,0,
+ 0,0,
+ 0,0,
+ i2r_ocsp_acutoff,0,
+ NULL
+};
+
+X509V3_EXT_METHOD v3_ocsp_nonce = {
+ NID_id_pkix_OCSP_Nonce, 0, NULL,
+ ocsp_nonce_new,
+ ocsp_nonce_free,
+ d2i_ocsp_nonce,
+ i2d_ocsp_nonce,
+ 0,0,
+ 0,0,
+ i2r_ocsp_nonce,0,
+ NULL
+};
+
+static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
+{
+ OCSP_CRLID *a = in;
+ if (a->crlUrl)
+ {
+ if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+ if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+ if (!BIO_write(bp, "\n", 1)) goto err;
+ }
+ if (a->crlNum)
+ {
+ if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+ if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+ if (!BIO_write(bp, "\n", 1)) goto err;
+ }
+ if (a->crlTime)
+ {
+ if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+ if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+ if (!BIO_write(bp, "\n", 1)) goto err;
+ }
+ return 1;
+ err:
+ return 0;
+}
+
+static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
+{
+ if (!BIO_printf(bp, "%*s", ind, "")) return 0;
+ if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
+ return 1;
+}
+
+
+/* OCSP nonce. This is needs special treatment because it doesn't have
+ * an ASN1 encoding at all: it just contains arbitrary data.
+ */
+
+static void *ocsp_nonce_new(void)
+{
+ return ASN1_OCTET_STRING_new();
+}
+
+static int i2d_ocsp_nonce(void *a, unsigned char **pp)
+{
+ ASN1_OCTET_STRING *os = a;
+ if(*pp) {
+ memcpy(*pp, os->data, os->length);
+ *pp += os->length;
+ }
+ return os->length;
+}
+
+static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length)
+{
+ ASN1_OCTET_STRING *os, **pos;
+ pos = a;
+ if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
+ else os = *pos;
+ if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
+
+ *pp += length;
+
+ if(pos) *pos = os;
+ return os;
+
+ err:
+ if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
+ OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
+ return NULL;
+}
+
+static void ocsp_nonce_free(void *a)
+{
+ M_ASN1_OCTET_STRING_free(a);
+}
+
+static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
+{
+ if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
+ if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
+ return 1;
+}
+
+
projects / oweals / openssl.git / commitdiff