(02e4fbed) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+13 −0

Original line number	Diff line number	Diff line
		@@ -3,6 +3,19 @@

		Changes between 0.9.6 and 0.9.7 [xx XXX 2000]

		*) Functions for OCSP responders. OCSP_request_onereq_count(),
		OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
		extract information from a certificate request. OCSP_response_create()
		creates a response and optionally adds a basic response structure.
		OCSP_basic_add1_status() adds a complete single response to a basic
		reponse and returns the OCSP_SINGLERESP structure just added (to allow
		extensions to be included for example). OCSP_basic_add1_cert() adds a
		certificate to a basic response and OCSP_basic_sign() signs a basic
		response with various flags. New helper functions ASN1_TIME_check()
		(checks validity of ASN1_TIME structure) and ASN1_TIME_to_generalizedtime()
		(converts ASN1_TIME to GeneralizedTime).
		[Steve Henson]

		*) Various new functions. EVP_Digest() combines EVP_Digest{Init,Update,Final}()
		in a single operation. X509_get0_pubkey_bitstr() extracts the public_key
		structure from a certificate. X509_pubkey_digest() digests tha public_key

crypto/asn1/a_time.c

+46 −0

Original line number	Diff line number	Diff line
		@@ -112,3 +112,49 @@ ASN1_TIME ASN1_TIME_set(ASN1_TIME s, time_t t)
		return ASN1_UTCTIME_set(s, t);
		return ASN1_GENERALIZEDTIME_set(s,t);
		}

		int ASN1_TIME_check(ASN1_TIME *t)
		{
		if (t->type == V_ASN1_GENERALIZEDTIME)
		return ASN1_GENERALIZEDTIME_check(t);
		else if (t->type == V_ASN1_UTCTIME)
		return ASN1_UTCTIME_check(t);
		return 0;
		}

		/* Convert an ASN1_TIME structure to GeneralizedTime */
		ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(ASN1_TIME t, ASN1_GENERALIZEDTIME **out)
		{
		ASN1_GENERALIZEDTIME *ret;
		char *str;

		if (!ASN1_TIME_check(t)) return NULL;

		if (!out \|\| !*out)
		{
		if (!(ret = ASN1_GENERALIZEDTIME_new ()))
		return NULL;
		if (out) *out = ret;
		}
		else ret = *out;

		/* If already GeneralizedTime just copy across */
		if (t->type == V_ASN1_GENERALIZEDTIME)
		{
		if(!ASN1_STRING_set(ret, t->data, t->length))
		return NULL;
		return ret;
		}

		/* grow the string */
		if (!ASN1_STRING_set(ret, NULL, t->length + 2))
		return NULL;
		/* Work out the century and prepend */
		str = (char *)t->data;
		if (*str >= '5') strcpy(str, "19");
		else strcpy(str, "20");

		strcat(str, (char *)t->data);

		return ret;
		}

crypto/asn1/asn1.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -756,6 +756,8 @@ DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME)
		DECLARE_ASN1_FUNCTIONS(ASN1_TIME)

		ASN1_TIME ASN1_TIME_set(ASN1_TIME s,time_t t);
		int ASN1_TIME_check(ASN1_TIME *t);
		ASN1_GENERALIZEDTIME ASN1_TIME_to_generalizedtime(ASN1_TIME t, ASN1_GENERALIZEDTIME **out);

		int i2d_ASN1_SET(STACK a, unsigned char *pp,
		int (*func)(), int ex_tag, int ex_class, int is_set);

crypto/ocsp/Makefile.ssl

+2 −2

Original line number	Diff line number	Diff line
		@@ -23,10 +23,10 @@ APPS=

		LIB=$(TOP)/libcrypto.a
		LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \
		ocsp_prn.c ocsp_vfy.c ocsp_err.c
		ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c

		LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \
		ocsp_prn.o ocsp_vfy.o ocsp_err.o
		ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o

		SRC= $(LIBSRC)

crypto/ocsp/ocsp.h

+19 −23

Original line number	Diff line number	Diff line
		@@ -86,6 +86,8 @@ extern "C" {
		#define OCSP_NODELEGATED 0x80
		#define OCSP_NOCHECKS 0x100
		#define OCSP_TRUSTOTHER 0x200
		#define OCSP_RESPID_KEY 0x400
		#define OCSP_NOTIME 0x800

		/* CertID ::= SEQUENCE {
		* hashAlgorithm AlgorithmIdentifier,
		@@ -446,29 +448,21 @@ int OCSP_request_verify(OCSP_REQUEST req, EVP_PKEY pkey);
		int OCSP_id_issuer_cmp(OCSP_CERTID a, OCSP_CERTID b);
		int OCSP_id_cmp(OCSP_CERTID a, OCSP_CERTID b);

		OCSP_BASICRESP *OCSP_basic_response_new(int tag,
		X509* cert);

		int OCSP_basic_response_add(OCSP_BASICRESP *rsp,
		int OCSP_request_onereq_count(OCSP_REQUEST *req);
		OCSP_ONEREQ OCSP_request_onereq_get0(OCSP_REQUEST req, int i);
		OCSP_CERTID OCSP_onereq_get0_id(OCSP_ONEREQ one);
		int OCSP_id_get0_info(ASN1_OCTET_STRING piNameHash, ASN1_OBJECT pmd,
		ASN1_OCTET_STRING **pikeyHash,
		ASN1_INTEGER *pserial, OCSP_CERTID cid);
		OCSP_SINGLERESP OCSP_basic_add1_status(OCSP_BASICRESP rsp,
		OCSP_CERTID *cid,
		OCSP_CERTSTATUS *cst,
		char *thisUpdate,
		char *nextUpdate);

		int OCSP_basic_response_sign(OCSP_BASICRESP *brsp,
		EVP_PKEY *key,
		const EVP_MD *dgst,
		STACK_OF(X509) *certs);

		int OCSP_response_verify(OCSP_RESPONSE rsp, EVP_PKEY pkey);

		int OCSP_basic_response_verify(OCSP_BASICRESP rsp, EVP_PKEY pkey);


		OCSP_RESPONSE *OCSP_response_new(int status,
		int nid,
		int (*i2d)(),
		char *data);
		int status, int reason,
		ASN1_TIME *revtime,
		ASN1_TIME thisupd, ASN1_TIME nextupd);
		int OCSP_basic_add1_cert(OCSP_BASICRESP resp, X509 cert);
		int OCSP_basic_sign(OCSP_BASICRESP *brsp,
		X509 signer, EVP_PKEY key, const EVP_MD *dgst,
		STACK_OF(X509) *certs, unsigned long flags);

		ASN1_STRING ASN1_STRING_encode(ASN1_STRING s, int (*i2d)(),
		char data, STACK_OF(ASN1_OBJECT) sk);
		@@ -567,6 +561,7 @@ void ERR_load_OCSP_strings(void);
		#define OCSP_F_CERT_ID_NEW 102
		#define OCSP_F_CERT_STATUS_NEW 103
		#define OCSP_F_D2I_OCSP_NONCE 109
		#define OCSP_F_OCSP_BASIC_ADD1_STATUS 118
		#define OCSP_F_OCSP_BASIC_VERIFY 113
		#define OCSP_F_OCSP_CHECK_DELEGATED 117
		#define OCSP_F_OCSP_CHECK_IDS 114
		@@ -598,6 +593,7 @@ void ERR_load_OCSP_strings(void);
		#define OCSP_R_NO_CONTENT 115
		#define OCSP_R_NO_PUBLIC_KEY 103
		#define OCSP_R_NO_RESPONSE_DATA 104
		#define OCSP_R_NO_REVOKED_TIME 132
		#define OCSP_R_NO_SIGNATURE 105
		#define OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA 129
		#define OCSP_R_REVOKED_NO_TIME 106