OLD | NEW |
1 /* ocsp_ext.c */ | 1 /* ocsp_ext.c */ |
2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL | 2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL |
3 * project. */ | 3 * project. */ |
4 | 4 |
5 /* History: | 5 /* History: |
6 This file was transfered to Richard Levitte from CertCo by Kathy | 6 This file was transfered to Richard Levitte from CertCo by Kathy |
7 Weinhold in mid-spring 2000 to be included in OpenSSL or released | 7 Weinhold in mid-spring 2000 to be included in OpenSSL or released |
8 as a patch kit. */ | 8 as a patch kit. */ |
9 | 9 |
10 /* ==================================================================== | 10 /* ==================================================================== |
(...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
257 { | 257 { |
258 return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); | 258 return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); |
259 } | 259 } |
260 | 260 |
261 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) | 261 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) |
262 { | 262 { |
263 return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); | 263 return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); |
264 } | 264 } |
265 | 265 |
266 /* also CRL Entry Extensions */ | 266 /* also CRL Entry Extensions */ |
267 | 267 #if 0 |
268 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, | 268 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, |
269 void *data, STACK_OF(ASN1_OBJECT) *sk) | 269 void *data, STACK_OF(ASN1_OBJECT) *sk) |
270 { | 270 { |
271 int i; | 271 int i; |
272 unsigned char *p, *b = NULL; | 272 unsigned char *p, *b = NULL; |
273 | 273 |
274 if (data) | 274 if (data) |
275 { | 275 { |
276 if ((i=i2d(data,NULL)) <= 0) goto err; | 276 if ((i=i2d(data,NULL)) <= 0) goto err; |
277 if (!(b=p=OPENSSL_malloc((unsigned int)i))) | 277 if (!(b=p=OPENSSL_malloc((unsigned int)i))) |
(...skipping 20 matching lines...) Expand all Loading... |
298 goto err; | 298 goto err; |
299 } | 299 } |
300 if (!s && !(s = ASN1_STRING_new())) goto err; | 300 if (!s && !(s = ASN1_STRING_new())) goto err; |
301 if (!(ASN1_STRING_set(s, b, i))) goto err; | 301 if (!(ASN1_STRING_set(s, b, i))) goto err; |
302 OPENSSL_free(b); | 302 OPENSSL_free(b); |
303 return s; | 303 return s; |
304 err: | 304 err: |
305 if (b) OPENSSL_free(b); | 305 if (b) OPENSSL_free(b); |
306 return NULL; | 306 return NULL; |
307 } | 307 } |
| 308 #endif |
308 | 309 |
309 /* Nonce handling functions */ | 310 /* Nonce handling functions */ |
310 | 311 |
311 /* Add a nonce to an extension stack. A nonce can be specificed or if NULL | 312 /* Add a nonce to an extension stack. A nonce can be specificed or if NULL |
312 * a random nonce will be generated. | 313 * a random nonce will be generated. |
313 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the | 314 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the |
314 * nonce, previous versions used the raw nonce. | 315 * nonce, previous versions used the raw nonce. |
315 */ | 316 */ |
316 | 317 |
317 static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
int len) | 318 static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
int len) |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
435 { | 436 { |
436 if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; | 437 if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; |
437 if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; | 438 if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; |
438 } | 439 } |
439 if (tim) | 440 if (tim) |
440 { | 441 { |
441 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; | 442 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; |
442 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) | 443 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) |
443 goto err; | 444 goto err; |
444 } | 445 } |
445 » if (!(x = X509_EXTENSION_new())) goto err; | 446 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); |
446 » if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; | 447 err: |
447 » if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, | 448 » if (cid) OCSP_CRLID_free(cid); |
448 » » » » NULL))) | |
449 » goto err; | |
450 » OCSP_CRLID_free(cid); | |
451 return x; | 449 return x; |
452 err: | |
453 if (x) X509_EXTENSION_free(x); | |
454 if (cid) OCSP_CRLID_free(cid); | |
455 return NULL; | |
456 } | 450 } |
457 | 451 |
458 /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ | 452 /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ |
459 X509_EXTENSION *OCSP_accept_responses_new(char **oids) | 453 X509_EXTENSION *OCSP_accept_responses_new(char **oids) |
460 { | 454 { |
461 int nid; | 455 int nid; |
462 STACK_OF(ASN1_OBJECT) *sk = NULL; | 456 STACK_OF(ASN1_OBJECT) *sk = NULL; |
463 ASN1_OBJECT *o = NULL; | 457 ASN1_OBJECT *o = NULL; |
464 X509_EXTENSION *x = NULL; | 458 X509_EXTENSION *x = NULL; |
465 | 459 |
466 if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; | 460 if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; |
467 while (oids && *oids) | 461 while (oids && *oids) |
468 { | 462 { |
469 if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) | 463 if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) |
470 sk_ASN1_OBJECT_push(sk, o); | 464 sk_ASN1_OBJECT_push(sk, o); |
471 oids++; | 465 oids++; |
472 } | 466 } |
473 » if (!(x = X509_EXTENSION_new())) goto err; | 467 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); |
474 » if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) | 468 err: |
475 » » goto err; | 469 » if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); |
476 » if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, | |
477 » » » » sk))) | |
478 » goto err; | |
479 » sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | |
480 return x; | 470 return x; |
481 err: | |
482 if (x) X509_EXTENSION_free(x); | |
483 if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | |
484 return NULL; | |
485 } | 471 } |
486 | 472 |
487 /* ArchiveCutoff ::= GeneralizedTime */ | 473 /* ArchiveCutoff ::= GeneralizedTime */ |
488 X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) | 474 X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) |
489 { | 475 { |
490 X509_EXTENSION *x=NULL; | 476 X509_EXTENSION *x=NULL; |
491 ASN1_GENERALIZEDTIME *gt = NULL; | 477 ASN1_GENERALIZEDTIME *gt = NULL; |
492 | 478 |
493 if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; | 479 if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; |
494 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; | 480 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; |
495 » if (!(x = X509_EXTENSION_new())) goto err; | 481 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); |
496 » if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; | |
497 » if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, | |
498 » » » » i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err
; | |
499 » ASN1_GENERALIZEDTIME_free(gt); | |
500 » return x; | |
501 err: | 482 err: |
502 if (gt) ASN1_GENERALIZEDTIME_free(gt); | 483 if (gt) ASN1_GENERALIZEDTIME_free(gt); |
503 » if (x) X509_EXTENSION_free(x); | 484 » return x; |
504 » return NULL; | |
505 } | 485 } |
506 | 486 |
507 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently | 487 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently |
508 * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This | 488 * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This |
509 * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. | 489 * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. |
510 */ | 490 */ |
511 X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | 491 X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) |
512 { | 492 { |
513 X509_EXTENSION *x = NULL; | 493 X509_EXTENSION *x = NULL; |
514 ASN1_IA5STRING *ia5 = NULL; | 494 ASN1_IA5STRING *ia5 = NULL; |
515 OCSP_SERVICELOC *sloc = NULL; | 495 OCSP_SERVICELOC *sloc = NULL; |
516 ACCESS_DESCRIPTION *ad = NULL; | 496 ACCESS_DESCRIPTION *ad = NULL; |
517 | 497 |
518 if (!(sloc = OCSP_SERVICELOC_new())) goto err; | 498 if (!(sloc = OCSP_SERVICELOC_new())) goto err; |
519 if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; | 499 if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; |
520 if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())
) goto err; | 500 if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())
) goto err; |
521 while (urls && *urls) | 501 while (urls && *urls) |
522 { | 502 { |
523 if (!(ad = ACCESS_DESCRIPTION_new())) goto err; | 503 if (!(ad = ACCESS_DESCRIPTION_new())) goto err; |
524 if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; | 504 if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; |
525 if (!(ad->location = GENERAL_NAME_new())) goto err; | 505 if (!(ad->location = GENERAL_NAME_new())) goto err; |
526 if (!(ia5 = ASN1_IA5STRING_new())) goto err; | 506 if (!(ia5 = ASN1_IA5STRING_new())) goto err; |
527 if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; | 507 if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; |
528 ad->location->type = GEN_URI; | 508 ad->location->type = GEN_URI; |
529 ad->location->d.ia5 = ia5; | 509 ad->location->d.ia5 = ia5; |
530 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; | 510 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; |
531 urls++; | 511 urls++; |
532 } | 512 } |
533 » if (!(x = X509_EXTENSION_new())) goto err; | 513 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); |
534 » if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) | 514 err: |
535 » goto err; | 515 » if (sloc) OCSP_SERVICELOC_free(sloc); |
536 » if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, | |
537 » » » » i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; | |
538 » OCSP_SERVICELOC_free(sloc); | |
539 return x; | 516 return x; |
540 err: | |
541 if (x) X509_EXTENSION_free(x); | |
542 if (sloc) OCSP_SERVICELOC_free(sloc); | |
543 return NULL; | |
544 } | 517 } |
545 | 518 |
OLD | NEW |