Various OCSP responder utility functions.
[openssl.git] / crypto / ocsp / ocsp_lib.c
index 825d023..18511e4 100644 (file)
@@ -129,38 +129,6 @@ err:
        return NULL;
        }
 
-OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim)
-        {
-       OCSP_REVOKEDINFO *ri;
-       OCSP_CERTSTATUS *cs = NULL;
-
-       if (!(cs = OCSP_CERTSTATUS_new())) goto err;
-       if ((cs->type = status) == V_OCSP_CERTSTATUS_REVOKED)
-               {
-               if (!time)
-                       {
-                       OCSPerr(OCSP_F_CERT_STATUS_NEW,OCSP_R_REVOKED_NO_TIME);
-                       goto err;
-                       }
-               if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
-               if (!ASN1_GENERALIZEDTIME_set_string(ri->revocationTime,tim))
-                       goto err;       
-               if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
-                       {
-                       if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
-                               goto err;
-                       if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
-                                                 reason)))
-                               goto err;       
-                       }
-               }
-       return cs;
-err:
-       if (cs) OCSP_CERTSTATUS_free(cs);
-       return NULL;
-       }
-
-
 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
        {
        int ret;
@@ -179,124 +147,6 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
        return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
        }
 
-OCSP_BASICRESP *OCSP_basic_response_new(int type, X509* cert)
-        {
-       time_t t;
-       OCSP_RESPID *rid;
-       OCSP_BASICRESP *rsp = NULL;
-       unsigned char md[SHA_DIGEST_LENGTH];
-       
-       if (!(rsp = OCSP_BASICRESP_new())) goto err;
-       rid = rsp->tbsResponseData->responderId;
-       switch (rid->type = type)
-               {
-               case V_OCSP_RESPID_NAME:
-                       /* cert is user cert */
-                       if (!(rid->value.byName =
-                                 X509_NAME_dup(X509_get_subject_name(cert))))
-                               goto err;
-                       break;
-               case V_OCSP_RESPID_KEY:
-                       /* cert is issuer cert */
-                       /* SHA-1 hash of responder's public key
-                         * (excluding the tag and length fields)
-                        */
-                       X509_pubkey_digest(cert, EVP_sha1(), md, NULL);
-                       if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
-                               goto err;
-                       if (!(ASN1_OCTET_STRING_set(rid->value.byKey,
-                                                   md, sizeof md)))
-                               goto err;
-                       break;
-               default:
-                       OCSPerr(OCSP_F_BASIC_RESPONSE_NEW,OCSP_R_BAD_TAG);
-                       goto err;
-                       break;
-               }
-       time(&t);
-       if (!(ASN1_GENERALIZEDTIME_set(rsp->tbsResponseData->producedAt, t)))
-               goto err;
-       if (!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new(NULL))) goto err;
-       return rsp;
-err:
-       if (rsp) OCSP_BASICRESP_free(rsp);
-       return NULL;
-       }
-
-int OCSP_basic_response_add(OCSP_BASICRESP           *rsp,
-                           OCSP_CERTID              *cid,
-                           OCSP_CERTSTATUS          *cst,
-                           char                     *this,
-                           char                     *next)
-        {
-       OCSP_SINGLERESP *single = NULL;
-
-       if (!(single = OCSP_SINGLERESP_new())) goto err;
-       if (single->certId) OCSP_CERTID_free(single->certId);
-       if (!(single->certId = OCSP_CERTID_dup(cid))) goto err;
-       if (single->certStatus) OCSP_CERTSTATUS_free(single->certStatus);
-       if (!(single->certStatus = OCSP_CERTSTATUS_dup(cst))) goto err;
-       if (!ASN1_GENERALIZEDTIME_set_string(single->thisUpdate,this))goto err;
-       if (next)
-                { 
-               if (!(single->nextUpdate = ASN1_GENERALIZEDTIME_new()))
-                       goto err;
-               if (!ASN1_GENERALIZEDTIME_set_string(single->nextUpdate,next))
-                       goto err;
-               }
-       if (!sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses,single)) goto err;
-       return 1;
-err:
-       if (single) OCSP_SINGLERESP_free(single);
-       return 0;
-       }
-
-int OCSP_basic_response_sign(OCSP_BASICRESP *brsp, 
-                            EVP_PKEY       *key,
-                            const EVP_MD   *dgst,
-                            STACK_OF(X509) *certs)
-        {
-       int i;
-
-       /* Right now, I think that not doing double hashing is the right
-          thing.       -- Richard Levitte */
-       if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
-       if (certs)
-               {
-               if (!(brsp->certs = sk_X509_dup(certs))) goto err;
-               for (i = 0; i < sk_X509_num(brsp->certs); i++)
-                       {
-                       sk_X509_set(brsp->certs, i,
-                              X509_dup(sk_X509_value(certs, i)));
-                       if (! sk_X509_value(brsp->certs, i))
-                               goto err;
-                       }
-               }
-       return 1;
-err:
-       return 0;
-       }
-
-OCSP_RESPONSE *OCSP_response_new(int status,
-                                int nid,
-                                int (*i2d)(),
-                                char *data)
-        {
-        OCSP_RESPONSE *rsp = NULL;
-
-       if (!(rsp = OCSP_RESPONSE_new())) goto err;
-       if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
-       if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
-       if (rsp->responseBytes->responseType) ASN1_OBJECT_free(rsp->responseBytes->responseType);
-       if (!(rsp->responseBytes->responseType = OBJ_nid2obj(nid))) goto err;
-       if (!ASN1_STRING_encode((ASN1_STRING*)rsp->responseBytes->response,
-                               i2d, data, NULL)) goto err;
-       return rsp;
-err:
-       if (rsp) OCSP_RESPONSE_free(rsp);
-       return NULL;
-       }
-
 /* XXX assumes certs in signature are sorted root to leaf XXX */
 int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
         {
@@ -314,55 +164,3 @@ int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
                }
        return OCSP_REQUEST_verify(req, pkey);
         }
-
-int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey)
-        {
-       int i, r;
-       unsigned char *p;
-       OCSP_RESPBYTES *rb;
-       OCSP_BASICRESP *br = NULL;
-
-       if ((rb = rsp->responseBytes) == NULL) 
-               {
-               OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_NO_RESPONSE_DATA);
-                return 0;
-               }
-       if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
-               {
-               OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_BAD_TAG);
-                return 0;
-               }
-       p = ASN1_STRING_data(rb->response);
-       i = ASN1_STRING_length(rb->response);
-       if (!(d2i_OCSP_BASICRESP(&br, &p, i))) return 0;
-       r = OCSP_basic_response_verify(br, pkey);
-       OCSP_BASICRESP_free(br);
-       return r;
-        }
-
-int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey)
-        {
-       STACK_OF(X509) *sk;
-       int ret;
-
-       if (!rsp->signature) 
-               {
-               OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_SIGNATURE);
-                return 0;
-               }
-       if (pkey == NULL)
-               {
-               if (!(sk = rsp->certs))
-                       {
-                       OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_CERTIFICATE);
-                       return 0;
-                       }
-               if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
-                       {
-                       OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_PUBLIC_KEY);
-                       return 0;
-                       }
-               }
-       ret = OCSP_BASICRESP_verify(rsp, pkey, 0);
-       return ret;
-        }