Implement some standard OCSP extensions in the v3 code. These (c08523d8) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+1 −1

Original line number	Diff line number	Diff line
		@@ -8,7 +8,7 @@

		*) Move common extension printing code to new function
		X509V3_print_extensions(). Reorganise OCSP print routines and
		implement some needed OCSP ASN1 functions.
		implement some needed OCSP ASN1 functions. Add OCSP extensions.
		[Steve Henson]

		*) New function X509_signature_print() to remove duplication in some

crypto/ocsp/ocsp.h

+4 −16

Original line number	Diff line number	Diff line
		@@ -444,10 +444,7 @@ X509_EXTENSION OCSP_archive_cutoff_new(char tim);

		X509_EXTENSION OCSP_url_svcloc_new(X509_NAME issuer, char **urls);

		OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
		void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
		int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP a, unsigned char *pp);
		OCSP_SINGLERESP d2i_OCSP_SINGLERESP(OCSP_SINGLERESP a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
		int i2a_OCSP_SINGLERESP(BIO bp, OCSP_SINGLERESP a);

		OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
		@@ -518,23 +515,14 @@ int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE a, unsigned char *pp);
		OCSP_SIGNATURE d2i_OCSP_SIGNATURE(OCSP_SIGNATURE a, unsigned char *pp, long length);
		int i2a_OCSP_SIGNATURE(BIO bp, OCSP_SIGNATURE a);

		OCSP_REQINFO *OCSP_REQINFO_new(void);
		void OCSP_REQINFO_free(OCSP_REQINFO *a);
		int i2d_OCSP_REQINFO(OCSP_REQINFO a, unsigned char *pp);
		OCSP_REQINFO d2i_OCSP_REQINFO(OCSP_REQINFO a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
		int i2a_OCSP_REQINFO(BIO bp, OCSP_REQINFO a);

		OCSP_CRLID *OCSP_CRLID_new(void);
		void OCSP_CRLID_free(OCSP_CRLID *a);
		int i2d_OCSP_CRLID(OCSP_CRLID a, unsigned char *pp);
		OCSP_CRLID d2i_OCSP_CRLID(OCSP_CRLID a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
		int i2a_OCSP_CRLID(BIO bp, OCSP_CRLID a);
		int OCSP_CRLID_print(BIO bp, OCSP_CRLID a, int ind);

		OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
		void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
		int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC a, unsigned char *pp);
		OCSP_SERVICELOC d2i_OCSP_SERVICELOC(OCSP_SERVICELOC a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
		int i2a_OCSP_SERVICELOC(BIO bp, OCSP_SERVICELOC a);
		int OCSP_SERVICELOC_print(BIO bp, OCSP_SERVICELOC a, int ind);

crypto/x509v3/Makefile.ssl

+2 −2

Original line number	Diff line number	Diff line
		@@ -25,11 +25,11 @@ LIB=$(TOP)/libcrypto.a
		LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
		v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
		v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
		v3_nonce.c
		v3_ocsp.c
		LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
		v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
		v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o \
		v3_nonce.o
		v3_ocsp.o

		SRC= $(LIBSRC)

crypto/x509v3/ext_dat.h

+6 −2

Original line number	Diff line number	Diff line
		@@ -61,7 +61,8 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
		extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
		extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
		extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
		extern X509V3_EXT_METHOD v3_ocsp_nonce;
		extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
		extern X509V3_EXT_METHOD v3_ocsp_crlid;

		/* This table will be searched using OBJ_bsearch so it must kept in
		* order of the ext_nid values.
		@@ -90,7 +91,10 @@ static X509V3_EXT_METHOD *standard_exts[] = {
		&v3_crl_reason,
		&v3_sxnet,
		&v3_info,
		&v3_ocsp_nonce
		&v3_ocsp_nonce,
		&v3_ocsp_crlid,
		&v3_ocsp_accresp,
		&v3_ocsp_acutoff
		};

		/* Number of standard extensions */

crypto/x509v3/v3_extku.c

+55 −42

Original line number	Diff line number	Diff line
		@@ -63,18 +63,30 @@
		#include <openssl/conf.h>
		#include <openssl/x509v3.h>

		static EXTENDED_KEY_USAGE v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD method,
		static void v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD method,
		X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval);
		static STACK_OF(CONF_VALUE) i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD method,
		EXTENDED_KEY_USAGE eku, STACK_OF(CONF_VALUE) extlist);
		void eku, STACK_OF(CONF_VALUE) extlist);

		X509V3_EXT_METHOD v3_ext_ku = {
		NID_ext_key_usage, 0,
		&EXTENDED_KEY_USAGE_it,
		0,0,0,0,
		0,0,
		(X509V3_EXT_I2V)i2v_EXTENDED_KEY_USAGE,
		(X509V3_EXT_V2I)v2i_EXTENDED_KEY_USAGE,
		i2v_EXTENDED_KEY_USAGE,
		v2i_EXTENDED_KEY_USAGE,
		0,0,
		NULL
		};

		/* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */
		X509V3_EXT_METHOD v3_ocsp_accresp = {
		NID_id_pkix_OCSP_acceptableResponses, 0,
		&EXTENDED_KEY_USAGE_it,
		0,0,0,0,
		0,0,
		i2v_EXTENDED_KEY_USAGE,
		v2i_EXTENDED_KEY_USAGE,
		0,0,
		NULL
		};
		@@ -86,8 +98,9 @@ ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE);
		IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE)

		static STACK_OF(CONF_VALUE) i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD method,
		EXTENDED_KEY_USAGE eku, STACK_OF(CONF_VALUE) ext_list)
		void a, STACK_OF(CONF_VALUE) ext_list)
		{
		EXTENDED_KEY_USAGE *eku = a;
		int i;
		ASN1_OBJECT *obj;
		char obj_tmp[80];
		@@ -99,7 +112,7 @@ for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) {
		return ext_list;
		}

		static EXTENDED_KEY_USAGE v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD method,
		static void v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD method,
		X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval)
		{
		EXTENDED_KEY_USAGE *extku;

Original line number	Diff line number	Diff line
		@@ -444,10 +444,7 @@ X509_EXTENSION OCSP_archive_cutoff_new(char tim);

		X509_EXTENSION OCSP_url_svcloc_new(X509_NAME issuer, char **urls);

		OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
		void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
		int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP a, unsigned char *pp);
		OCSP_SINGLERESP d2i_OCSP_SINGLERESP(OCSP_SINGLERESP a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
		int i2a_OCSP_SINGLERESP(BIO bp, OCSP_SINGLERESP a);

		OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
		@@ -518,23 +515,14 @@ int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE a, unsigned char *pp);
		OCSP_SIGNATURE d2i_OCSP_SIGNATURE(OCSP_SIGNATURE a, unsigned char *pp, long length);
		int i2a_OCSP_SIGNATURE(BIO bp, OCSP_SIGNATURE a);

		OCSP_REQINFO *OCSP_REQINFO_new(void);
		void OCSP_REQINFO_free(OCSP_REQINFO *a);
		int i2d_OCSP_REQINFO(OCSP_REQINFO a, unsigned char *pp);
		OCSP_REQINFO d2i_OCSP_REQINFO(OCSP_REQINFO a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
		int i2a_OCSP_REQINFO(BIO bp, OCSP_REQINFO a);

		OCSP_CRLID *OCSP_CRLID_new(void);
		void OCSP_CRLID_free(OCSP_CRLID *a);
		int i2d_OCSP_CRLID(OCSP_CRLID a, unsigned char *pp);
		OCSP_CRLID d2i_OCSP_CRLID(OCSP_CRLID a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
		int i2a_OCSP_CRLID(BIO bp, OCSP_CRLID a);
		int OCSP_CRLID_print(BIO bp, OCSP_CRLID a, int ind);

		OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
		void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
		int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC a, unsigned char *pp);
		OCSP_SERVICELOC d2i_OCSP_SERVICELOC(OCSP_SERVICELOC a, unsigned char *pp, long length);
		DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
		int i2a_OCSP_SERVICELOC(BIO bp, OCSP_SERVICELOC a);
		int OCSP_SERVICELOC_print(BIO bp, OCSP_SERVICELOC a, int ind);