From: Dr. Stephen Henson Date: Fri, 15 Dec 2000 13:42:00 +0000 (+0000) Subject: Implement some standard OCSP extensions in the v3 code. These X-Git-Tag: OpenSSL_0_9_6a-beta1~81^2~135 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c08523d862276964e65d6a1de07439b9d0c2a6da;p=oweals%2Fopenssl.git Implement some standard OCSP extensions in the v3 code. These are all raw print only extensions at present. --- diff --git a/CHANGES b/CHANGES index 767f134342..d198703876 100644 --- a/CHANGES +++ b/CHANGES @@ -8,7 +8,7 @@ *) Move common extension printing code to new function X509V3_print_extensions(). Reorganise OCSP print routines and - implement some needed OCSP ASN1 functions. + implement some needed OCSP ASN1 functions. Add OCSP extensions. [Steve Henson] *) New function X509_signature_print() to remove duplication in some diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index 5c15bf9191..cd591313ba 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -444,10 +444,7 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim); X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls); -OCSP_SINGLERESP *OCSP_SINGLERESP_new(void); -void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a); -int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp); -OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, unsigned char **pp, long length); +DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP) int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a); OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void); @@ -518,23 +515,14 @@ int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **pp); OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length); int i2a_OCSP_SIGNATURE(BIO *bp, OCSP_SIGNATURE* a); -OCSP_REQINFO *OCSP_REQINFO_new(void); -void OCSP_REQINFO_free(OCSP_REQINFO *a); -int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **pp); -OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, unsigned char **pp, long length); +DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO) int i2a_OCSP_REQINFO(BIO *bp, OCSP_REQINFO* a); -OCSP_CRLID *OCSP_CRLID_new(void); -void OCSP_CRLID_free(OCSP_CRLID *a); -int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **pp); -OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, unsigned char **pp, long length); +DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a); int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind); -OCSP_SERVICELOC *OCSP_SERVICELOC_new(void); -void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a); -int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **pp); -OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, unsigned char **pp, long length); +DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) int i2a_OCSP_SERVICELOC(BIO *bp, OCSP_SERVICELOC* a); int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind); diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 316f5ee8cc..c5cd578d0d 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -25,11 +25,11 @@ LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \ -v3_nonce.c +v3_ocsp.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \ -v3_nonce.o +v3_ocsp.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index edccd2249d..8bf8c7aa35 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -61,7 +61,8 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; -extern X509V3_EXT_METHOD v3_ocsp_nonce; +extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; +extern X509V3_EXT_METHOD v3_ocsp_crlid; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -90,7 +91,10 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_crl_reason, &v3_sxnet, &v3_info, -&v3_ocsp_nonce +&v3_ocsp_nonce, +&v3_ocsp_crlid, +&v3_ocsp_accresp, +&v3_ocsp_acutoff }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_extku.c b/crypto/x509v3/v3_extku.c index a51c738765..a02644ae79 100644 --- a/crypto/x509v3/v3_extku.c +++ b/crypto/x509v3/v3_extku.c @@ -63,20 +63,32 @@ #include #include -static EXTENDED_KEY_USAGE *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - EXTENDED_KEY_USAGE *eku, STACK_OF(CONF_VALUE) *extlist); + void *eku, STACK_OF(CONF_VALUE) *extlist); X509V3_EXT_METHOD v3_ext_ku = { -NID_ext_key_usage, 0, -&EXTENDED_KEY_USAGE_it, -0,0,0,0, -0,0, -(X509V3_EXT_I2V)i2v_EXTENDED_KEY_USAGE, -(X509V3_EXT_V2I)v2i_EXTENDED_KEY_USAGE, -0,0, -NULL + NID_ext_key_usage, 0, + &EXTENDED_KEY_USAGE_it, + 0,0,0,0, + 0,0, + i2v_EXTENDED_KEY_USAGE, + v2i_EXTENDED_KEY_USAGE, + 0,0, + NULL +}; + +/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ +X509V3_EXT_METHOD v3_ocsp_accresp = { + NID_id_pkix_OCSP_acceptableResponses, 0, + &EXTENDED_KEY_USAGE_it, + 0,0,0,0, + 0,0, + i2v_EXTENDED_KEY_USAGE, + v2i_EXTENDED_KEY_USAGE, + 0,0, + NULL }; ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = @@ -86,44 +98,45 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE); IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, - EXTENDED_KEY_USAGE *eku, STACK_OF(CONF_VALUE) *ext_list) + void *a, STACK_OF(CONF_VALUE) *ext_list) { -int i; -ASN1_OBJECT *obj; -char obj_tmp[80]; -for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { - obj = sk_ASN1_OBJECT_value(eku, i); - i2t_ASN1_OBJECT(obj_tmp, 80, obj); - X509V3_add_value(NULL, obj_tmp, &ext_list); -} -return ext_list; + EXTENDED_KEY_USAGE *eku = a; + int i; + ASN1_OBJECT *obj; + char obj_tmp[80]; + for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { + obj = sk_ASN1_OBJECT_value(eku, i); + i2t_ASN1_OBJECT(obj_tmp, 80, obj); + X509V3_add_value(NULL, obj_tmp, &ext_list); + } + return ext_list; } -static EXTENDED_KEY_USAGE *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, +static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { -EXTENDED_KEY_USAGE *extku; -char *extval; -ASN1_OBJECT *objtmp; -CONF_VALUE *val; -int i; + EXTENDED_KEY_USAGE *extku; + char *extval; + ASN1_OBJECT *objtmp; + CONF_VALUE *val; + int i; -if(!(extku = sk_ASN1_OBJECT_new_null())) { - X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); - return NULL; -} - -for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { - val = sk_CONF_VALUE_value(nval, i); - if(val->value) extval = val->value; - else extval = val->name; - if(!(objtmp = OBJ_txt2obj(extval, 0))) { - sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); - X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); - X509V3_conf_err(val); + if(!(extku = sk_ASN1_OBJECT_new_null())) { + X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); return NULL; } - sk_ASN1_OBJECT_push(extku, objtmp); -} -return extku; + + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + val = sk_CONF_VALUE_value(nval, i); + if(val->value) extval = val->value; + else extval = val->name; + if(!(objtmp = OBJ_txt2obj(extval, 0))) { + sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); + X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); + X509V3_conf_err(val); + return NULL; + } + sk_ASN1_OBJECT_push(extku, objtmp); + } + return extku; } diff --git a/crypto/x509v3/v3_nonce.c b/crypto/x509v3/v3_nonce.c deleted file mode 100644 index df7e0bfeaa..0000000000 --- a/crypto/x509v3/v3_nonce.c +++ /dev/null @@ -1,132 +0,0 @@ -/* v3_nonce.c */ -/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL - * project 1999. - */ -/* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). - * - */ - -#include -#include "cryptlib.h" -#include -#include -#include -#include - -/* OCSP nonce. This is needs special treatment because it doesn't have - * an ASN1 encoding at all: it just contains arbitrary data. - */ - -static void *ocsp_nonce_new(void); -static int i2d_ocsp_nonce(void *a, unsigned char **pp); -static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length); -static void ocsp_nonce_free(void *a); -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); - -X509V3_EXT_METHOD v3_ocsp_nonce = { - NID_id_pkix_OCSP_Nonce, 0, NULL, - ocsp_nonce_new, - ocsp_nonce_free, - d2i_ocsp_nonce, - i2d_ocsp_nonce, - 0,0, - 0,0, - i2r_ocsp_nonce,0, - NULL -}; - -static void *ocsp_nonce_new(void) -{ - return ASN1_OCTET_STRING_new(); -} - -static int i2d_ocsp_nonce(void *a, unsigned char **pp) -{ - ASN1_OCTET_STRING *os = a; - if(*pp) { - memcpy(*pp, os->data, os->length); - *pp += os->length; - } - return os->length; -} - -static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length) -{ - ASN1_OCTET_STRING *os, **pos; - pos = a; - if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); - else os = *pos; - if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; - - *pp += length; - - if(pos) *pos = os; - return os; - - err: - if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); - OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); - return NULL; -} - -static void ocsp_nonce_free(void *a) -{ - M_ASN1_OCTET_STRING_free(a); -} - -static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) -{ - if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; - if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; - return 1; -} diff --git a/crypto/x509v3/v3_ocsp.c b/crypto/x509v3/v3_ocsp.c new file mode 100644 index 0000000000..7df71f225a --- /dev/null +++ b/crypto/x509v3/v3_ocsp.c @@ -0,0 +1,192 @@ +/* v3_ocsp.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +/* OCSP extensions. + */ + +static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); +static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); + +static void *ocsp_nonce_new(void); +static int i2d_ocsp_nonce(void *a, unsigned char **pp); +static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length); +static void ocsp_nonce_free(void *a); +static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent); + +X509V3_EXT_METHOD v3_ocsp_crlid = { + NID_id_pkix_OCSP_CrlID, 0, &OCSP_CRLID_it, + 0,0,0,0, + 0,0, + 0,0, + i2r_ocsp_crlid,0, + NULL +}; + +X509V3_EXT_METHOD v3_ocsp_acutoff = { + NID_id_pkix_OCSP_archiveCutoff, 0, &ASN1_GENERALIZEDTIME_it, + 0,0,0,0, + 0,0, + 0,0, + i2r_ocsp_acutoff,0, + NULL +}; + +X509V3_EXT_METHOD v3_ocsp_nonce = { + NID_id_pkix_OCSP_Nonce, 0, NULL, + ocsp_nonce_new, + ocsp_nonce_free, + d2i_ocsp_nonce, + i2d_ocsp_nonce, + 0,0, + 0,0, + i2r_ocsp_nonce,0, + NULL +}; + +static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind) +{ + OCSP_CRLID *a = in; + if (a->crlUrl) + { + if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err; + if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err; + if (!BIO_write(bp, "\n", 1)) goto err; + } + if (a->crlNum) + { + if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err; + if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err; + if (!BIO_write(bp, "\n", 1)) goto err; + } + if (a->crlTime) + { + if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err; + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err; + if (!BIO_write(bp, "\n", 1)) goto err; + } + return 1; + err: + return 0; +} + +static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind) +{ + if (!BIO_printf(bp, "%*s", ind, "")) return 0; + if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0; + return 1; +} + + +/* OCSP nonce. This is needs special treatment because it doesn't have + * an ASN1 encoding at all: it just contains arbitrary data. + */ + +static void *ocsp_nonce_new(void) +{ + return ASN1_OCTET_STRING_new(); +} + +static int i2d_ocsp_nonce(void *a, unsigned char **pp) +{ + ASN1_OCTET_STRING *os = a; + if(*pp) { + memcpy(*pp, os->data, os->length); + *pp += os->length; + } + return os->length; +} + +static void *d2i_ocsp_nonce(void *a, unsigned char **pp, long length) +{ + ASN1_OCTET_STRING *os, **pos; + pos = a; + if(!pos || !*pos) os = ASN1_OCTET_STRING_new(); + else os = *pos; + if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err; + + *pp += length; + + if(pos) *pos = os; + return os; + + err: + if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os); + OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); + return NULL; +} + +static void ocsp_nonce_free(void *a) +{ + M_ASN1_OCTET_STRING_free(a); +} + +static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent) +{ + if(BIO_printf(out, "%*s", indent, "") <= 0) return 0; + if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0; + return 1; +} + +