1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/ossrv/ssl/libcrypto/src/crypto/x509v3/v3_ocsp.c Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,350 @@
1.4 +/* v3_ocsp.c */
1.5 +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
1.6 + * project 1999.
1.7 + */
1.8 +/* ====================================================================
1.9 + * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
1.10 + *
1.11 + * Redistribution and use in source and binary forms, with or without
1.12 + * modification, are permitted provided that the following conditions
1.13 + * are met:
1.14 + *
1.15 + * 1. Redistributions of source code must retain the above copyright
1.16 + * notice, this list of conditions and the following disclaimer.
1.17 + *
1.18 + * 2. Redistributions in binary form must reproduce the above copyright
1.19 + * notice, this list of conditions and the following disclaimer in
1.20 + * the documentation and/or other materials provided with the
1.21 + * distribution.
1.22 + *
1.23 + * 3. All advertising materials mentioning features or use of this
1.24 + * software must display the following acknowledgment:
1.25 + * "This product includes software developed by the OpenSSL Project
1.26 + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
1.27 + *
1.28 + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
1.29 + * endorse or promote products derived from this software without
1.30 + * prior written permission. For written permission, please contact
1.31 + * licensing@OpenSSL.org.
1.32 + *
1.33 + * 5. Products derived from this software may not be called "OpenSSL"
1.34 + * nor may "OpenSSL" appear in their names without prior written
1.35 + * permission of the OpenSSL Project.
1.36 + *
1.37 + * 6. Redistributions of any form whatsoever must retain the following
1.38 + * acknowledgment:
1.39 + * "This product includes software developed by the OpenSSL Project
1.40 + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
1.41 + *
1.42 + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
1.43 + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1.44 + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
1.45 + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
1.46 + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
1.47 + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
1.48 + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
1.49 + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
1.50 + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
1.51 + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
1.52 + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
1.53 + * OF THE POSSIBILITY OF SUCH DAMAGE.
1.54 + * ====================================================================
1.55 + *
1.56 + * This product includes cryptographic software written by Eric Young
1.57 + * (eay@cryptsoft.com). This product includes software written by Tim
1.58 + * Hudson (tjh@cryptsoft.com).
1.59 + *
1.60 + */
1.61 + /*
1.62 + © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
1.63 + */
1.64 +
1.65 +#ifndef OPENSSL_NO_OCSP
1.66 +
1.67 +#include <stdio.h>
1.68 +#include "cryptlib.h"
1.69 +#include <openssl/conf.h>
1.70 +#include <openssl/asn1.h>
1.71 +#include <openssl/ocsp.h>
1.72 +#include <openssl/x509v3.h>
1.73 +#if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
1.74 +#include "libcrypto_wsd_macros.h"
1.75 +#include "libcrypto_wsd.h"
1.76 +#endif
1.77 +
1.78 +/* OCSP extensions and a couple of CRL entry extensions
1.79 + */
1.80 +
1.81 +static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
1.82 +static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
1.83 +static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, int indent);
1.84 +
1.85 +static void *ocsp_nonce_new(void);
1.86 +static int i2d_ocsp_nonce(void *a, unsigned char **pp);
1.87 +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
1.88 +static void ocsp_nonce_free(void *a);
1.89 +static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent);
1.90 +
1.91 +static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent);
1.92 +static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str);
1.93 +static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind);
1.94 +
1.95 +#ifndef EMULATOR
1.96 +X509V3_EXT_METHOD v3_ocsp_crlid = {
1.97 + NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
1.98 + 0,0,0,0,
1.99 + 0,0,
1.100 + 0,0,
1.101 + i2r_ocsp_crlid,0,
1.102 + NULL
1.103 +};
1.104 +
1.105 +X509V3_EXT_METHOD v3_ocsp_acutoff = {
1.106 + NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
1.107 + 0,0,0,0,
1.108 + 0,0,
1.109 + 0,0,
1.110 + i2r_ocsp_acutoff,0,
1.111 + NULL
1.112 +};
1.113 +
1.114 +X509V3_EXT_METHOD v3_crl_invdate = {
1.115 + NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
1.116 + 0,0,0,0,
1.117 + 0,0,
1.118 + 0,0,
1.119 + i2r_ocsp_acutoff,0,
1.120 + NULL
1.121 +};
1.122 +
1.123 +X509V3_EXT_METHOD v3_crl_hold = {
1.124 + NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
1.125 + 0,0,0,0,
1.126 + 0,0,
1.127 + 0,0,
1.128 + i2r_object,0,
1.129 + NULL
1.130 +};
1.131 +
1.132 +X509V3_EXT_METHOD v3_ocsp_nonce = {
1.133 + NID_id_pkix_OCSP_Nonce, 0, NULL,
1.134 + ocsp_nonce_new,
1.135 + ocsp_nonce_free,
1.136 + d2i_ocsp_nonce,
1.137 + i2d_ocsp_nonce,
1.138 + 0,0,
1.139 + 0,0,
1.140 + i2r_ocsp_nonce,0,
1.141 + NULL
1.142 +};
1.143 +
1.144 +X509V3_EXT_METHOD v3_ocsp_nocheck = {
1.145 + NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
1.146 + 0,0,0,0,
1.147 + 0,s2i_ocsp_nocheck,
1.148 + 0,0,
1.149 + i2r_ocsp_nocheck,0,
1.150 + NULL
1.151 +};
1.152 +
1.153 +X509V3_EXT_METHOD v3_ocsp_serviceloc = {
1.154 + NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
1.155 + 0,0,0,0,
1.156 + 0,0,
1.157 + 0,0,
1.158 + i2r_ocsp_serviceloc,0,
1.159 + NULL
1.160 +};
1.161 +#else
1.162 +const X509V3_EXT_METHOD v3_ocsp_crlid = {
1.163 + NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
1.164 + 0,0,0,0,
1.165 + 0,0,
1.166 + 0,0,
1.167 + i2r_ocsp_crlid,0,
1.168 + NULL
1.169 +};
1.170 +
1.171 +const X509V3_EXT_METHOD v3_ocsp_acutoff = {
1.172 + NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
1.173 + 0,0,0,0,
1.174 + 0,0,
1.175 + 0,0,
1.176 + i2r_ocsp_acutoff,0,
1.177 + NULL
1.178 +};
1.179 +
1.180 +const X509V3_EXT_METHOD v3_crl_invdate = {
1.181 + NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
1.182 + 0,0,0,0,
1.183 + 0,0,
1.184 + 0,0,
1.185 + i2r_ocsp_acutoff,0,
1.186 + NULL
1.187 +};
1.188 +
1.189 +const X509V3_EXT_METHOD v3_crl_hold = {
1.190 + NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
1.191 + 0,0,0,0,
1.192 + 0,0,
1.193 + 0,0,
1.194 + i2r_object,0,
1.195 + NULL
1.196 +};
1.197 +
1.198 +const X509V3_EXT_METHOD v3_ocsp_nonce = {
1.199 + NID_id_pkix_OCSP_Nonce, 0, NULL,
1.200 + ocsp_nonce_new,
1.201 + ocsp_nonce_free,
1.202 + d2i_ocsp_nonce,
1.203 + i2d_ocsp_nonce,
1.204 + 0,0,
1.205 + 0,0,
1.206 + i2r_ocsp_nonce,0,
1.207 + NULL
1.208 +};
1.209 +
1.210 +const X509V3_EXT_METHOD v3_ocsp_nocheck = {
1.211 + NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
1.212 + 0,0,0,0,
1.213 + 0,s2i_ocsp_nocheck,
1.214 + 0,0,
1.215 + i2r_ocsp_nocheck,0,
1.216 + NULL
1.217 +};
1.218 +
1.219 +const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
1.220 + NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
1.221 + 0,0,0,0,
1.222 + 0,0,
1.223 + 0,0,
1.224 + i2r_ocsp_serviceloc,0,
1.225 + NULL
1.226 +};
1.227 +
1.228 +#endif
1.229 +static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
1.230 +{
1.231 + OCSP_CRLID *a = in;
1.232 + if (a->crlUrl)
1.233 + {
1.234 + if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
1.235 + if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
1.236 + if (!BIO_write(bp, "\n", 1)) goto err;
1.237 + }
1.238 + if (a->crlNum)
1.239 + {
1.240 + if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
1.241 + if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
1.242 + if (!BIO_write(bp, "\n", 1)) goto err;
1.243 + }
1.244 + if (a->crlTime)
1.245 + {
1.246 + if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
1.247 + if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
1.248 + if (!BIO_write(bp, "\n", 1)) goto err;
1.249 + }
1.250 + return 1;
1.251 + err:
1.252 + return 0;
1.253 +}
1.254 +
1.255 +static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, int ind)
1.256 +{
1.257 + if (!BIO_printf(bp, "%*s", ind, "")) return 0;
1.258 + if(!ASN1_GENERALIZEDTIME_print(bp, cutoff)) return 0;
1.259 + return 1;
1.260 +}
1.261 +
1.262 +
1.263 +static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind)
1.264 +{
1.265 + if (!BIO_printf(bp, "%*s", ind, "")) return 0;
1.266 + if(!i2a_ASN1_OBJECT(bp, oid)) return 0;
1.267 + return 1;
1.268 +}
1.269 +
1.270 +/* OCSP nonce. This is needs special treatment because it doesn't have
1.271 + * an ASN1 encoding at all: it just contains arbitrary data.
1.272 + */
1.273 +
1.274 +static void *ocsp_nonce_new(void)
1.275 +{
1.276 + return ASN1_OCTET_STRING_new();
1.277 +}
1.278 +
1.279 +static int i2d_ocsp_nonce(void *a, unsigned char **pp)
1.280 +{
1.281 + ASN1_OCTET_STRING *os = a;
1.282 + if(pp) {
1.283 + memcpy(*pp, os->data, os->length);
1.284 + *pp += os->length;
1.285 + }
1.286 + return os->length;
1.287 +}
1.288 +
1.289 +static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
1.290 +{
1.291 + ASN1_OCTET_STRING *os, **pos;
1.292 + pos = a;
1.293 + if(!pos || !*pos) os = ASN1_OCTET_STRING_new();
1.294 + else os = *pos;
1.295 + if(!ASN1_OCTET_STRING_set(os, *pp, length)) goto err;
1.296 +
1.297 + *pp += length;
1.298 +
1.299 + if(pos) *pos = os;
1.300 + return os;
1.301 +
1.302 + err:
1.303 + if(os && (!pos || (*pos != os))) M_ASN1_OCTET_STRING_free(os);
1.304 + OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
1.305 + return NULL;
1.306 +}
1.307 +
1.308 +static void ocsp_nonce_free(void *a)
1.309 +{
1.310 + M_ASN1_OCTET_STRING_free(a);
1.311 +}
1.312 +
1.313 +static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, int indent)
1.314 +{
1.315 + if(BIO_printf(out, "%*s", indent, "") <= 0) return 0;
1.316 + if(i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) return 0;
1.317 + return 1;
1.318 +}
1.319 +
1.320 +/* Nocheck is just a single NULL. Don't print anything and always set it */
1.321 +
1.322 +static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, BIO *out, int indent)
1.323 +{
1.324 + return 1;
1.325 +}
1.326 +
1.327 +static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
1.328 +{
1.329 + return ASN1_NULL_new();
1.330 +}
1.331 +
1.332 +static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, int ind)
1.333 + {
1.334 + int i;
1.335 + OCSP_SERVICELOC *a = in;
1.336 + ACCESS_DESCRIPTION *ad;
1.337 +
1.338 + if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) goto err;
1.339 + if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) goto err;
1.340 + for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
1.341 + {
1.342 + ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
1.343 + if (BIO_printf(bp, "\n%*s", (2*ind), "") <= 0)
1.344 + goto err;
1.345 + if(i2a_ASN1_OBJECT(bp, ad->method) <= 0) goto err;
1.346 + if(BIO_puts(bp, " - ") <= 0) goto err;
1.347 + if(GENERAL_NAME_print(bp, ad->location) <= 0) goto err;
1.348 + }
1.349 + return 1;
1.350 +err:
1.351 + return 0;
1.352 + }
1.353 +#endif