Loading apps/ocsp.c +6 −2 Original line number Diff line number Diff line Loading @@ -1110,8 +1110,12 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags); if (badsig) bs->signature->data[bs->signature->length - 1] ^= 0x1; if (badsig) { ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); unsigned char *sigptr; sigptr = ASN1_STRING_data(sig); sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1; } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); Loading crypto/ocsp/Makefile +3 −3 Original line number Diff line number Diff line Loading @@ -18,15 +18,15 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \ ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c v3_ocsp.c LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \ ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o v3_ocsp.o SRC= $(LIBSRC) EXHEADER= ocsp.h HEADER= $(EXHEADER) HEADER= ocsp_lcl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) Loading crypto/ocsp/ocsp.h +19 −200 Original line number Diff line number Diff line Loading @@ -93,76 +93,19 @@ extern "C" { # define OCSP_RESPID_KEY 0x400 # define OCSP_NOTIME 0x800 /*- CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * issuerNameHash OCTET STRING, -- Hash of Issuer's DN * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) * serialNumber CertificateSerialNumber } */ typedef struct ocsp_cert_id_st { X509_ALGOR *hashAlgorithm; ASN1_OCTET_STRING *issuerNameHash; ASN1_OCTET_STRING *issuerKeyHash; ASN1_INTEGER *serialNumber; } OCSP_CERTID; typedef struct ocsp_cert_id_st OCSP_CERTID; DECLARE_STACK_OF(OCSP_CERTID) /*- Request ::= SEQUENCE { * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_one_request_st { OCSP_CERTID *reqCert; STACK_OF(X509_EXTENSION) *singleRequestExtensions; } OCSP_ONEREQ; typedef struct ocsp_one_request_st OCSP_ONEREQ; DECLARE_STACK_OF(OCSP_ONEREQ) DECLARE_ASN1_SET_OF(OCSP_ONEREQ) /*- TBSRequest ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * requestorName [1] EXPLICIT GeneralName OPTIONAL, * requestList SEQUENCE OF Request, * requestExtensions [2] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_req_info_st { ASN1_INTEGER *version; GENERAL_NAME *requestorName; STACK_OF(OCSP_ONEREQ) *requestList; STACK_OF(X509_EXTENSION) *requestExtensions; } OCSP_REQINFO; /*- Signature ::= SEQUENCE { * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ typedef struct ocsp_signature_st { X509_ALGOR *signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; } OCSP_SIGNATURE; /*- OCSPRequest ::= SEQUENCE { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } */ typedef struct ocsp_request_st { OCSP_REQINFO *tbsRequest; OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ } OCSP_REQUEST; /*- OCSPResponseStatus ::= ENUMERATED { * successful (0), --Response has valid confirmations * malformedRequest (1), --Illegal confirmation request * internalError (2), --Internal error in issuer * tryLater (3), --Try again later * --(4) is not used * sigRequired (5), --Must sign the request * unauthorized (6) --Request unauthorized * } */ typedef struct ocsp_req_info_st OCSP_REQINFO; typedef struct ocsp_signature_st OCSP_SIGNATURE; typedef struct ocsp_request_st OCSP_REQUEST; # define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 # define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 # define OCSP_RESPONSE_STATUS_INTERNALERROR 2 Loading @@ -170,136 +113,29 @@ typedef struct ocsp_request_st { # define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 # define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 /*- ResponseBytes ::= SEQUENCE { * responseType OBJECT IDENTIFIER, * response OCTET STRING } */ typedef struct ocsp_resp_bytes_st { ASN1_OBJECT *responseType; ASN1_OCTET_STRING *response; } OCSP_RESPBYTES; /*- OCSPResponse ::= SEQUENCE { * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ struct ocsp_response_st { ASN1_ENUMERATED *responseStatus; OCSP_RESPBYTES *responseBytes; }; /*- ResponderID ::= CHOICE { * byName [1] Name, * byKey [2] KeyHash } */ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; # define V_OCSP_RESPID_NAME 0 # define V_OCSP_RESPID_KEY 1 struct ocsp_responder_id_st { int type; union { X509_NAME *byName; ASN1_OCTET_STRING *byKey; } value; }; DECLARE_STACK_OF(OCSP_RESPID) DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) /*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; /*- RevokedInfo ::= SEQUENCE { * revocationTime GeneralizedTime, * revocationReason [0] EXPLICIT CRLReason OPTIONAL } */ typedef struct ocsp_revoked_info_st { ASN1_GENERALIZEDTIME *revocationTime; ASN1_ENUMERATED *revocationReason; } OCSP_REVOKEDINFO; /*- CertStatus ::= CHOICE { * good [0] IMPLICIT NULL, * revoked [1] IMPLICIT RevokedInfo, * unknown [2] IMPLICIT UnknownInfo } */ # define V_OCSP_CERTSTATUS_GOOD 0 # define V_OCSP_CERTSTATUS_REVOKED 1 # define V_OCSP_CERTSTATUS_UNKNOWN 2 typedef struct ocsp_cert_status_st { int type; union { ASN1_NULL *good; OCSP_REVOKEDINFO *revoked; ASN1_NULL *unknown; } value; } OCSP_CERTSTATUS; /*- SingleResponse ::= SEQUENCE { * certID CertID, * certStatus CertStatus, * thisUpdate GeneralizedTime, * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, * singleExtensions [1] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_single_response_st { OCSP_CERTID *certId; OCSP_CERTSTATUS *certStatus; ASN1_GENERALIZEDTIME *thisUpdate; ASN1_GENERALIZEDTIME *nextUpdate; STACK_OF(X509_EXTENSION) *singleExtensions; } OCSP_SINGLERESP; typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; typedef struct ocsp_single_response_st OCSP_SINGLERESP; DECLARE_STACK_OF(OCSP_SINGLERESP) DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) /*- ResponseData ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * responderID ResponderID, * producedAt GeneralizedTime, * responses SEQUENCE OF SingleResponse, * responseExtensions [1] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_response_data_st { ASN1_INTEGER *version; OCSP_RESPID *responderId; ASN1_GENERALIZEDTIME *producedAt; STACK_OF(OCSP_SINGLERESP) *responses; STACK_OF(X509_EXTENSION) *responseExtensions; } OCSP_RESPDATA; /*- BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ /* * Note 1: The value for "signature" is specified in the OCSP rfc2560 as * follows: "The value for the signature SHALL be computed on the hash of * the DER encoding ResponseData." This means that you must hash the * DER-encoded tbsResponseData, and then run it through a crypto-signing * function, which will (at least w/RSA) do a hash-'n'-private-encrypt * operation. This seems a bit odd, but that's the spec. Also note that * the data structures do not leave anywhere to independently specify the * algorithm used for the initial hash. So, we look at the * signature-specification algorithm, and try to do something intelligent. * -- Kathy Weinhold, CertCo */ /* * Note 2: It seems that the mentioned passage from RFC 2560 (section * 4.2.1) is open for interpretation. I've done tests against another * responder, and found that it doesn't do the double hashing that the RFC * seems to say one should. Therefore, all relevant functions take a flag * saying which variant should be used. -- Richard Levitte, OpenSSL team * and CeloCom */ typedef struct ocsp_basic_response_st { OCSP_RESPDATA *tbsResponseData; X509_ALGOR *signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; } OCSP_BASICRESP; typedef struct ocsp_response_data_st OCSP_RESPDATA; typedef struct ocsp_basic_response_st OCSP_BASICRESP; /*- * CRLReason ::= ENUMERATED { Loading @@ -322,27 +158,8 @@ typedef struct ocsp_basic_response_st { # define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 # define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 /*- * CrlID ::= SEQUENCE { * crlUrl [0] EXPLICIT IA5String OPTIONAL, * crlNum [1] EXPLICIT INTEGER OPTIONAL, * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } */ typedef struct ocsp_crl_id_st { ASN1_IA5STRING *crlUrl; ASN1_INTEGER *crlNum; ASN1_GENERALIZEDTIME *crlTime; } OCSP_CRLID; /*- * ServiceLocator ::= SEQUENCE { * issuer Name, * locator AuthorityInfoAccessSyntax OPTIONAL } */ typedef struct ocsp_service_locator_st { X509_NAME *issuer; STACK_OF(ACCESS_DESCRIPTION) *locator; } OCSP_SERVICELOC; typedef struct ocsp_crl_id_st OCSP_CRLID; typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" # define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" Loading Loading @@ -440,6 +257,8 @@ int OCSP_request_sign(OCSP_REQUEST *req, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); Loading crypto/ocsp/ocsp_asn.c +1 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,7 @@ #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/ocsp.h> #include "ocsp_lcl.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), Loading crypto/ocsp/ocsp_cl.c +6 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,7 @@ #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/ocsp.h> #include "ocsp_lcl.h" /* * Utility functions related to sending OCSP requests and extracting relevant Loading Loading @@ -216,6 +217,11 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); } ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs) { return bs->signature; } /* * Return number of OCSP_SINGLERESP reponses present in a basic response. */ Loading Loading
apps/ocsp.c +6 −2 Original line number Diff line number Diff line Loading @@ -1110,8 +1110,12 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags); if (badsig) bs->signature->data[bs->signature->length - 1] ^= 0x1; if (badsig) { ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs); unsigned char *sigptr; sigptr = ASN1_STRING_data(sig); sigptr[ASN1_STRING_length(sig) - 1] ^= 0x1; } *resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs); Loading
crypto/ocsp/Makefile +3 −3 Original line number Diff line number Diff line Loading @@ -18,15 +18,15 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c \ ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c v3_ocsp.c LIBOBJ= ocsp_asn.o ocsp_ext.o ocsp_ht.o ocsp_lib.o ocsp_cl.o \ ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o ocsp_srv.o ocsp_prn.o ocsp_vfy.o ocsp_err.o v3_ocsp.o SRC= $(LIBSRC) EXHEADER= ocsp.h HEADER= $(EXHEADER) HEADER= ocsp_lcl.h $(EXHEADER) ALL= $(GENERAL) $(SRC) $(HEADER) Loading
crypto/ocsp/ocsp.h +19 −200 Original line number Diff line number Diff line Loading @@ -93,76 +93,19 @@ extern "C" { # define OCSP_RESPID_KEY 0x400 # define OCSP_NOTIME 0x800 /*- CertID ::= SEQUENCE { * hashAlgorithm AlgorithmIdentifier, * issuerNameHash OCTET STRING, -- Hash of Issuer's DN * issuerKeyHash OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields) * serialNumber CertificateSerialNumber } */ typedef struct ocsp_cert_id_st { X509_ALGOR *hashAlgorithm; ASN1_OCTET_STRING *issuerNameHash; ASN1_OCTET_STRING *issuerKeyHash; ASN1_INTEGER *serialNumber; } OCSP_CERTID; typedef struct ocsp_cert_id_st OCSP_CERTID; DECLARE_STACK_OF(OCSP_CERTID) /*- Request ::= SEQUENCE { * reqCert CertID, * singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_one_request_st { OCSP_CERTID *reqCert; STACK_OF(X509_EXTENSION) *singleRequestExtensions; } OCSP_ONEREQ; typedef struct ocsp_one_request_st OCSP_ONEREQ; DECLARE_STACK_OF(OCSP_ONEREQ) DECLARE_ASN1_SET_OF(OCSP_ONEREQ) /*- TBSRequest ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * requestorName [1] EXPLICIT GeneralName OPTIONAL, * requestList SEQUENCE OF Request, * requestExtensions [2] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_req_info_st { ASN1_INTEGER *version; GENERAL_NAME *requestorName; STACK_OF(OCSP_ONEREQ) *requestList; STACK_OF(X509_EXTENSION) *requestExtensions; } OCSP_REQINFO; /*- Signature ::= SEQUENCE { * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ typedef struct ocsp_signature_st { X509_ALGOR *signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; } OCSP_SIGNATURE; /*- OCSPRequest ::= SEQUENCE { * tbsRequest TBSRequest, * optionalSignature [0] EXPLICIT Signature OPTIONAL } */ typedef struct ocsp_request_st { OCSP_REQINFO *tbsRequest; OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ } OCSP_REQUEST; /*- OCSPResponseStatus ::= ENUMERATED { * successful (0), --Response has valid confirmations * malformedRequest (1), --Illegal confirmation request * internalError (2), --Internal error in issuer * tryLater (3), --Try again later * --(4) is not used * sigRequired (5), --Must sign the request * unauthorized (6) --Request unauthorized * } */ typedef struct ocsp_req_info_st OCSP_REQINFO; typedef struct ocsp_signature_st OCSP_SIGNATURE; typedef struct ocsp_request_st OCSP_REQUEST; # define OCSP_RESPONSE_STATUS_SUCCESSFUL 0 # define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST 1 # define OCSP_RESPONSE_STATUS_INTERNALERROR 2 Loading @@ -170,136 +113,29 @@ typedef struct ocsp_request_st { # define OCSP_RESPONSE_STATUS_SIGREQUIRED 5 # define OCSP_RESPONSE_STATUS_UNAUTHORIZED 6 /*- ResponseBytes ::= SEQUENCE { * responseType OBJECT IDENTIFIER, * response OCTET STRING } */ typedef struct ocsp_resp_bytes_st { ASN1_OBJECT *responseType; ASN1_OCTET_STRING *response; } OCSP_RESPBYTES; /*- OCSPResponse ::= SEQUENCE { * responseStatus OCSPResponseStatus, * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } */ struct ocsp_response_st { ASN1_ENUMERATED *responseStatus; OCSP_RESPBYTES *responseBytes; }; /*- ResponderID ::= CHOICE { * byName [1] Name, * byKey [2] KeyHash } */ typedef struct ocsp_resp_bytes_st OCSP_RESPBYTES; # define V_OCSP_RESPID_NAME 0 # define V_OCSP_RESPID_KEY 1 struct ocsp_responder_id_st { int type; union { X509_NAME *byName; ASN1_OCTET_STRING *byKey; } value; }; DECLARE_STACK_OF(OCSP_RESPID) DECLARE_ASN1_FUNCTIONS(OCSP_RESPID) /*- KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key * --(excluding the tag and length fields) */ typedef struct ocsp_revoked_info_st OCSP_REVOKEDINFO; /*- RevokedInfo ::= SEQUENCE { * revocationTime GeneralizedTime, * revocationReason [0] EXPLICIT CRLReason OPTIONAL } */ typedef struct ocsp_revoked_info_st { ASN1_GENERALIZEDTIME *revocationTime; ASN1_ENUMERATED *revocationReason; } OCSP_REVOKEDINFO; /*- CertStatus ::= CHOICE { * good [0] IMPLICIT NULL, * revoked [1] IMPLICIT RevokedInfo, * unknown [2] IMPLICIT UnknownInfo } */ # define V_OCSP_CERTSTATUS_GOOD 0 # define V_OCSP_CERTSTATUS_REVOKED 1 # define V_OCSP_CERTSTATUS_UNKNOWN 2 typedef struct ocsp_cert_status_st { int type; union { ASN1_NULL *good; OCSP_REVOKEDINFO *revoked; ASN1_NULL *unknown; } value; } OCSP_CERTSTATUS; /*- SingleResponse ::= SEQUENCE { * certID CertID, * certStatus CertStatus, * thisUpdate GeneralizedTime, * nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, * singleExtensions [1] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_single_response_st { OCSP_CERTID *certId; OCSP_CERTSTATUS *certStatus; ASN1_GENERALIZEDTIME *thisUpdate; ASN1_GENERALIZEDTIME *nextUpdate; STACK_OF(X509_EXTENSION) *singleExtensions; } OCSP_SINGLERESP; typedef struct ocsp_cert_status_st OCSP_CERTSTATUS; typedef struct ocsp_single_response_st OCSP_SINGLERESP; DECLARE_STACK_OF(OCSP_SINGLERESP) DECLARE_ASN1_SET_OF(OCSP_SINGLERESP) /*- ResponseData ::= SEQUENCE { * version [0] EXPLICIT Version DEFAULT v1, * responderID ResponderID, * producedAt GeneralizedTime, * responses SEQUENCE OF SingleResponse, * responseExtensions [1] EXPLICIT Extensions OPTIONAL } */ typedef struct ocsp_response_data_st { ASN1_INTEGER *version; OCSP_RESPID *responderId; ASN1_GENERALIZEDTIME *producedAt; STACK_OF(OCSP_SINGLERESP) *responses; STACK_OF(X509_EXTENSION) *responseExtensions; } OCSP_RESPDATA; /*- BasicOCSPResponse ::= SEQUENCE { * tbsResponseData ResponseData, * signatureAlgorithm AlgorithmIdentifier, * signature BIT STRING, * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ /* * Note 1: The value for "signature" is specified in the OCSP rfc2560 as * follows: "The value for the signature SHALL be computed on the hash of * the DER encoding ResponseData." This means that you must hash the * DER-encoded tbsResponseData, and then run it through a crypto-signing * function, which will (at least w/RSA) do a hash-'n'-private-encrypt * operation. This seems a bit odd, but that's the spec. Also note that * the data structures do not leave anywhere to independently specify the * algorithm used for the initial hash. So, we look at the * signature-specification algorithm, and try to do something intelligent. * -- Kathy Weinhold, CertCo */ /* * Note 2: It seems that the mentioned passage from RFC 2560 (section * 4.2.1) is open for interpretation. I've done tests against another * responder, and found that it doesn't do the double hashing that the RFC * seems to say one should. Therefore, all relevant functions take a flag * saying which variant should be used. -- Richard Levitte, OpenSSL team * and CeloCom */ typedef struct ocsp_basic_response_st { OCSP_RESPDATA *tbsResponseData; X509_ALGOR *signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; } OCSP_BASICRESP; typedef struct ocsp_response_data_st OCSP_RESPDATA; typedef struct ocsp_basic_response_st OCSP_BASICRESP; /*- * CRLReason ::= ENUMERATED { Loading @@ -322,27 +158,8 @@ typedef struct ocsp_basic_response_st { # define OCSP_REVOKED_STATUS_CERTIFICATEHOLD 6 # define OCSP_REVOKED_STATUS_REMOVEFROMCRL 8 /*- * CrlID ::= SEQUENCE { * crlUrl [0] EXPLICIT IA5String OPTIONAL, * crlNum [1] EXPLICIT INTEGER OPTIONAL, * crlTime [2] EXPLICIT GeneralizedTime OPTIONAL } */ typedef struct ocsp_crl_id_st { ASN1_IA5STRING *crlUrl; ASN1_INTEGER *crlNum; ASN1_GENERALIZEDTIME *crlTime; } OCSP_CRLID; /*- * ServiceLocator ::= SEQUENCE { * issuer Name, * locator AuthorityInfoAccessSyntax OPTIONAL } */ typedef struct ocsp_service_locator_st { X509_NAME *issuer; STACK_OF(ACCESS_DESCRIPTION) *locator; } OCSP_SERVICELOC; typedef struct ocsp_crl_id_st OCSP_CRLID; typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" # define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" Loading Loading @@ -440,6 +257,8 @@ int OCSP_request_sign(OCSP_REQUEST *req, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs); int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); Loading
crypto/ocsp/ocsp_asn.c +1 −0 Original line number Diff line number Diff line Loading @@ -59,6 +59,7 @@ #include <openssl/asn1.h> #include <openssl/asn1t.h> #include <openssl/ocsp.h> #include "ocsp_lcl.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), Loading
crypto/ocsp/ocsp_cl.c +6 −0 Original line number Diff line number Diff line Loading @@ -73,6 +73,7 @@ #include <openssl/pem.h> #include <openssl/x509v3.h> #include <openssl/ocsp.h> #include "ocsp_lcl.h" /* * Utility functions related to sending OCSP requests and extracting relevant Loading Loading @@ -216,6 +217,11 @@ OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp) return ASN1_item_unpack(rb->response, ASN1_ITEM_rptr(OCSP_BASICRESP)); } ASN1_OCTET_STRING *OCSP_resp_get0_signature(OCSP_BASICRESP *bs) { return bs->signature; } /* * Return number of OCSP_SINGLERESP reponses present in a basic response. */ Loading
Matt Caswell <matt@openssl.org>Matt Caswell <matt@openssl.org>