| OLD | NEW |
|---|
| 1 /* ocsp_ext.c */ | 1 /* ocsp_ext.c */ |
| 2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL | 2 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL |
| 3 * project. */ | 3 * project. */ |
| 4 | 4 |
| 5 /* History: | 5 /* History: |
| 6 This file was transfered to Richard Levitte from CertCo by Kathy | 6 This file was transfered to Richard Levitte from CertCo by Kathy |
| 7 Weinhold in mid-spring 2000 to be included in OpenSSL or released | 7 Weinhold in mid-spring 2000 to be included in OpenSSL or released |
| 8 as a patch kit. */ | 8 as a patch kit. */ |
| 9 | 9 |
| 10 /* ==================================================================== | 10 /* ==================================================================== |
| (...skipping 246 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 257 { | 257 { |
| 258 return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); | 258 return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); |
| 259 } | 259 } |
| 260 | 260 |
| 261 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) | 261 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) |
| 262 { | 262 { |
| 263 return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); | 263 return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); |
| 264 } | 264 } |
| 265 | 265 |
| 266 /* also CRL Entry Extensions */ | 266 /* also CRL Entry Extensions */ |
| 267 | 267 #if 0 |
| 268 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, | 268 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, |
| 269 void *data, STACK_OF(ASN1_OBJECT) *sk) | 269 void *data, STACK_OF(ASN1_OBJECT) *sk) |
| 270 { | 270 { |
| 271 int i; | 271 int i; |
| 272 unsigned char *p, *b = NULL; | 272 unsigned char *p, *b = NULL; |
| 273 | 273 |
| 274 if (data) | 274 if (data) |
| 275 { | 275 { |
| 276 if ((i=i2d(data,NULL)) <= 0) goto err; | 276 if ((i=i2d(data,NULL)) <= 0) goto err; |
| 277 if (!(b=p=OPENSSL_malloc((unsigned int)i))) | 277 if (!(b=p=OPENSSL_malloc((unsigned int)i))) |
| (...skipping 20 matching lines...) Expand all Loading... |
| 298 goto err; | 298 goto err; |
| 299 } | 299 } |
| 300 if (!s && !(s = ASN1_STRING_new())) goto err; | 300 if (!s && !(s = ASN1_STRING_new())) goto err; |
| 301 if (!(ASN1_STRING_set(s, b, i))) goto err; | 301 if (!(ASN1_STRING_set(s, b, i))) goto err; |
| 302 OPENSSL_free(b); | 302 OPENSSL_free(b); |
| 303 return s; | 303 return s; |
| 304 err: | 304 err: |
| 305 if (b) OPENSSL_free(b); | 305 if (b) OPENSSL_free(b); |
| 306 return NULL; | 306 return NULL; |
| 307 } | 307 } |
| 308 #endif |
| 308 | 309 |
| 309 /* Nonce handling functions */ | 310 /* Nonce handling functions */ |
| 310 | 311 |
| 311 /* Add a nonce to an extension stack. A nonce can be specificed or if NULL | 312 /* Add a nonce to an extension stack. A nonce can be specificed or if NULL |
| 312 * a random nonce will be generated. | 313 * a random nonce will be generated. |
| 313 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the | 314 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the |
| 314 * nonce, previous versions used the raw nonce. | 315 * nonce, previous versions used the raw nonce. |
| 315 */ | 316 */ |
| 316 | 317 |
| 317 static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
int len) | 318 static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
int len) |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 435 { | 436 { |
| 436 if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; | 437 if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; |
| 437 if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; | 438 if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; |
| 438 } | 439 } |
| 439 if (tim) | 440 if (tim) |
| 440 { | 441 { |
| 441 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; | 442 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; |
| 442 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) | 443 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) |
| 443 goto err; | 444 goto err; |
| 444 } | 445 } |
| 445 » if (!(x = X509_EXTENSION_new())) goto err; | 446 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); |
| 446 » if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; | 447 err: |
| 447 » if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid, | 448 » if (cid) OCSP_CRLID_free(cid); |
| 448 » » » » NULL))) | |
| 449 » goto err; | |
| 450 » OCSP_CRLID_free(cid); | |
| 451 return x; | 449 return x; |
| 452 err: | |
| 453 if (x) X509_EXTENSION_free(x); | |
| 454 if (cid) OCSP_CRLID_free(cid); | |
| 455 return NULL; | |
| 456 } | 450 } |
| 457 | 451 |
| 458 /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ | 452 /* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ |
| 459 X509_EXTENSION *OCSP_accept_responses_new(char **oids) | 453 X509_EXTENSION *OCSP_accept_responses_new(char **oids) |
| 460 { | 454 { |
| 461 int nid; | 455 int nid; |
| 462 STACK_OF(ASN1_OBJECT) *sk = NULL; | 456 STACK_OF(ASN1_OBJECT) *sk = NULL; |
| 463 ASN1_OBJECT *o = NULL; | 457 ASN1_OBJECT *o = NULL; |
| 464 X509_EXTENSION *x = NULL; | 458 X509_EXTENSION *x = NULL; |
| 465 | 459 |
| 466 if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; | 460 if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; |
| 467 while (oids && *oids) | 461 while (oids && *oids) |
| 468 { | 462 { |
| 469 if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) | 463 if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) |
| 470 sk_ASN1_OBJECT_push(sk, o); | 464 sk_ASN1_OBJECT_push(sk, o); |
| 471 oids++; | 465 oids++; |
| 472 } | 466 } |
| 473 » if (!(x = X509_EXTENSION_new())) goto err; | 467 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); |
| 474 » if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) | 468 err: |
| 475 » » goto err; | 469 » if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); |
| 476 » if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL, | |
| 477 » » » » sk))) | |
| 478 » goto err; | |
| 479 » sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | |
| 480 return x; | 470 return x; |
| 481 err: | |
| 482 if (x) X509_EXTENSION_free(x); | |
| 483 if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | |
| 484 return NULL; | |
| 485 } | 471 } |
| 486 | 472 |
| 487 /* ArchiveCutoff ::= GeneralizedTime */ | 473 /* ArchiveCutoff ::= GeneralizedTime */ |
| 488 X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) | 474 X509_EXTENSION *OCSP_archive_cutoff_new(char* tim) |
| 489 { | 475 { |
| 490 X509_EXTENSION *x=NULL; | 476 X509_EXTENSION *x=NULL; |
| 491 ASN1_GENERALIZEDTIME *gt = NULL; | 477 ASN1_GENERALIZEDTIME *gt = NULL; |
| 492 | 478 |
| 493 if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; | 479 if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; |
| 494 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; | 480 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; |
| 495 » if (!(x = X509_EXTENSION_new())) goto err; | 481 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); |
| 496 » if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; | |
| 497 » if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value, | |
| 498 » » » » i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err
; | |
| 499 » ASN1_GENERALIZEDTIME_free(gt); | |
| 500 » return x; | |
| 501 err: | 482 err: |
| 502 if (gt) ASN1_GENERALIZEDTIME_free(gt); | 483 if (gt) ASN1_GENERALIZEDTIME_free(gt); |
| 503 » if (x) X509_EXTENSION_free(x); | 484 » return x; |
| 504 » return NULL; | |
| 505 } | 485 } |
| 506 | 486 |
| 507 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently | 487 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently |
| 508 * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This | 488 * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This |
| 509 * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. | 489 * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. |
| 510 */ | 490 */ |
| 511 X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | 491 X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) |
| 512 { | 492 { |
| 513 X509_EXTENSION *x = NULL; | 493 X509_EXTENSION *x = NULL; |
| 514 ASN1_IA5STRING *ia5 = NULL; | 494 ASN1_IA5STRING *ia5 = NULL; |
| 515 OCSP_SERVICELOC *sloc = NULL; | 495 OCSP_SERVICELOC *sloc = NULL; |
| 516 ACCESS_DESCRIPTION *ad = NULL; | 496 ACCESS_DESCRIPTION *ad = NULL; |
| 517 | 497 |
| 518 if (!(sloc = OCSP_SERVICELOC_new())) goto err; | 498 if (!(sloc = OCSP_SERVICELOC_new())) goto err; |
| 519 if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; | 499 if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; |
| 520 if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())
) goto err; | 500 if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())
) goto err; |
| 521 while (urls && *urls) | 501 while (urls && *urls) |
| 522 { | 502 { |
| 523 if (!(ad = ACCESS_DESCRIPTION_new())) goto err; | 503 if (!(ad = ACCESS_DESCRIPTION_new())) goto err; |
| 524 if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; | 504 if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; |
| 525 if (!(ad->location = GENERAL_NAME_new())) goto err; | 505 if (!(ad->location = GENERAL_NAME_new())) goto err; |
| 526 if (!(ia5 = ASN1_IA5STRING_new())) goto err; | 506 if (!(ia5 = ASN1_IA5STRING_new())) goto err; |
| 527 if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; | 507 if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; |
| 528 ad->location->type = GEN_URI; | 508 ad->location->type = GEN_URI; |
| 529 ad->location->d.ia5 = ia5; | 509 ad->location->d.ia5 = ia5; |
| 530 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; | 510 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; |
| 531 urls++; | 511 urls++; |
| 532 } | 512 } |
| 533 » if (!(x = X509_EXTENSION_new())) goto err; | 513 » x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); |
| 534 » if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) | 514 err: |
| 535 » goto err; | 515 » if (sloc) OCSP_SERVICELOC_free(sloc); |
| 536 » if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value, | |
| 537 » » » » i2d_OCSP_SERVICELOC,sloc,NULL))) goto err; | |
| 538 » OCSP_SERVICELOC_free(sloc); | |
| 539 return x; | 516 return x; |
| 540 err: | |
| 541 if (x) X509_EXTENSION_free(x); | |
| 542 if (sloc) OCSP_SERVICELOC_free(sloc); | |
| 543 return NULL; | |
| 544 } | 517 } |
| 545 | 518 |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/