The majority of the OCSP code from CertCo.
authorRichard Levitte <levitte@openssl.org>
Fri, 27 Oct 2000 11:05:35 +0000 (11:05 +0000)
committerRichard Levitte <levitte@openssl.org>
Fri, 27 Oct 2000 11:05:35 +0000 (11:05 +0000)
22 files changed:
Makefile.org
apps/x509.c
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/asn1/t_x509.c
crypto/err/err.h
crypto/err/openssl.ec
crypto/ocsp/Makefile.ssl [new file with mode: 0644]
crypto/ocsp/ocsp.h [new file with mode: 0644]
crypto/ocsp/ocsp_cid.c [new file with mode: 0644]
crypto/ocsp/ocsp_err.c [new file with mode: 0644]
crypto/ocsp/ocsp_ext.c [new file with mode: 0644]
crypto/ocsp/ocsp_lib.c [new file with mode: 0644]
crypto/ocsp/ocsp_req.c [new file with mode: 0644]
crypto/ocsp/ocsp_res.c [new file with mode: 0644]
crypto/ocsp/ocsp_sig.c [new file with mode: 0644]
crypto/stack/safestack.h
crypto/x509/x509.h
crypto/x509v3/v3_info.c
crypto/x509v3/x509v3.h
util/mkdef.pl
util/mkfiles.pl

index 184fd76..fe19c52 100644 (file)
@@ -163,7 +163,7 @@ SDIRS=  \
        des rc2 rc4 rc5 idea bf cast \
        bn rsa dsa dh dso engine rijndael \
        buffer bio stack lhash rand err objects \
-       evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+       evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
 
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl
index 8712339..ea5b0b8 100644 (file)
@@ -106,6 +106,7 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
+" -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -163,6 +164,7 @@ int MAIN(int argc, char **argv)
        char *CAkeyfile=NULL,*CAserial=NULL;
        char *alias=NULL;
        int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+       int ocspid=0;
        int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
        int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
        int C=0;
@@ -412,6 +414,8 @@ int MAIN(int argc, char **argv)
                        clrext = 1;
                        }
 #endif
+               else if (strcmp(*argv,"-ocspid") == 0)
+                       ocspid= ++num;
                else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
                        {
                        /* ok */
@@ -917,6 +921,10 @@ bad:
                                        }
                                noout=1;
                                }
+                       else if (ocspid == i)
+                               {
+                               X509_ocspid_print(out, x);
+                               }
                        }
                }
 
index 6f956b1..3daf4e4 100644 (file)
@@ -956,6 +956,21 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_D2I_NETSCAPE_SPKAC                       143
 #define ASN1_F_D2I_NETSCAPE_SPKI                        144
 #define ASN1_F_D2I_NOTICEREF                            268
+#define ASN1_F_D2I_OCSP_BASICRESP                       293
+#define ASN1_F_D2I_OCSP_CERTID                          294
+#define ASN1_F_D2I_OCSP_CERTSTATUS                      295
+#define ASN1_F_D2I_OCSP_CRLID                           296
+#define ASN1_F_D2I_OCSP_ONEREQ                          297
+#define ASN1_F_D2I_OCSP_REQINFO                                 298
+#define ASN1_F_D2I_OCSP_REQUEST                                 299
+#define ASN1_F_D2I_OCSP_RESPBYTES                       300
+#define ASN1_F_D2I_OCSP_RESPDATA                        301
+#define ASN1_F_D2I_OCSP_RESPID                          302
+#define ASN1_F_D2I_OCSP_RESPONSE                        303
+#define ASN1_F_D2I_OCSP_REVOKEDINFO                     304
+#define ASN1_F_D2I_OCSP_SERVICELOC                      305
+#define ASN1_F_D2I_OCSP_SIGNATURE                       306
+#define ASN1_F_D2I_OCSP_SINGLERESP                      307
 #define ASN1_F_D2I_OTHERNAME                            287
 #define ASN1_F_D2I_PBE2PARAM                            262
 #define ASN1_F_D2I_PBEPARAM                             249
@@ -1027,6 +1042,21 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_NETSCAPE_SPKAC_NEW                       190
 #define ASN1_F_NETSCAPE_SPKI_NEW                        191
 #define ASN1_F_NOTICEREF_NEW                            272
+#define ASN1_F_OCSP_BASICRESP_NEW                       308
+#define ASN1_F_OCSP_CERTID_NEW                          309
+#define ASN1_F_OCSP_CERTSTATUS_NEW                      310
+#define ASN1_F_OCSP_CRLID_NEW                           311
+#define ASN1_F_OCSP_ONEREQ_NEW                          312
+#define ASN1_F_OCSP_REQINFO_NEW                                 313
+#define ASN1_F_OCSP_REQUEST_NEW                                 314
+#define ASN1_F_OCSP_RESPBYTES_NEW                       315
+#define ASN1_F_OCSP_RESPDATA_NEW                        316
+#define ASN1_F_OCSP_RESPID_NEW                          317
+#define ASN1_F_OCSP_RESPONSE_NEW                        318
+#define ASN1_F_OCSP_REVOKEDINFO_NEW                     319
+#define ASN1_F_OCSP_SERVICELOC_NEW                      320
+#define ASN1_F_OCSP_SIGNATURE_NEW                       321
+#define ASN1_F_OCSP_SINGLERESP_NEW                      322
 #define ASN1_F_OTHERNAME_NEW                            288
 #define ASN1_F_PBE2PARAM_NEW                            264
 #define ASN1_F_PBEPARAM_NEW                             251
index cecd555..3a53cb3 100644 (file)
@@ -141,6 +141,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),      "d2i_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),       "d2i_NETSCAPE_SPKI"},
 {ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),   "d2i_NOTICEREF"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0),      "d2i_OCSP_BASICRESP"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0), "d2i_OCSP_CERTID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0),     "d2i_OCSP_CERTSTATUS"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0),  "d2i_OCSP_CRLID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0), "d2i_OCSP_ONEREQ"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0),        "d2i_OCSP_REQINFO"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0),        "d2i_OCSP_REQUEST"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0),      "d2i_OCSP_RESPBYTES"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0),       "d2i_OCSP_RESPDATA"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0), "d2i_OCSP_RESPID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0),       "d2i_OCSP_RESPONSE"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0),    "d2i_OCSP_REVOKEDINFO"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0),     "d2i_OCSP_SERVICELOC"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0),      "d2i_OCSP_SIGNATURE"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0),     "d2i_OCSP_SINGLERESP"},
 {ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),   "d2i_OTHERNAME"},
 {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),   "d2i_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),    "d2i_PBEPARAM"},
@@ -212,6 +227,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),      "NETSCAPE_SPKAC_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),       "NETSCAPE_SPKI_new"},
 {ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),   "NOTICEREF_new"},
+{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0),      "OCSP_BASICRESP_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0), "OCSP_CERTID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0),     "OCSP_CERTSTATUS_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0),  "OCSP_CRLID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0), "OCSP_ONEREQ_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0),        "OCSP_REQINFO_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0),        "OCSP_REQUEST_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0),      "OCSP_RESPBYTES_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0),       "OCSP_RESPDATA_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0), "OCSP_RESPID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0),       "OCSP_RESPONSE_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0),    "OCSP_REVOKEDINFO_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0),     "OCSP_SERVICELOC_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0),      "OCSP_SIGNATURE_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0),     "OCSP_SINGLERESP_new"},
 {ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),   "OTHERNAME_new"},
 {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),   "PBE2PARAM_new"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),    "PBEPARAM_new"},
index f2979bf..823c208 100644 (file)
@@ -282,6 +282,56 @@ err:
        return(ret);
        }
 
+int X509_ocspid_print (BIO *bp, X509 *x)
+       {
+       unsigned char *der=NULL ;
+       unsigned char *dertmp;
+       int derlen;
+       int i;
+       SHA_CTX SHA1buf ;
+       unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+       /* display the hash of the subject as it would appear
+          in OCSP requests */
+       if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+               goto err;
+       derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+       if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+               goto err;
+       i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+       SHA1_Init(&SHA1buf);
+       SHA1_Update(&SHA1buf, der, derlen);
+       SHA1_Final(SHA1md,&SHA1buf);
+       for (i=0; i < SHA_DIGEST_LENGTH; i++)
+               {
+               if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+               }
+       OPENSSL_free (der);
+       der=NULL;
+
+       /* display the hash of the public key as it would appear
+          in OCSP requests */
+       if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+               goto err;
+
+       SHA1_Init(&SHA1buf);
+       SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
+               x->cert_info->key->public_key->length);
+       SHA1_Final(SHA1md,&SHA1buf);
+       for (i=0; i < SHA_DIGEST_LENGTH; i++)
+               {
+               if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+                       goto err;
+               }
+       BIO_printf(bp,"\n");
+
+       return (1);
+err:
+       if (der != NULL) OPENSSL_free(der);
+       return(0);
+       }
+
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
        {
        int i,n;
index 7388a4a..b4ced57 100644 (file)
@@ -133,6 +133,7 @@ typedef struct err_state_st
 #define ERR_LIB_RAND           36
 #define ERR_LIB_DSO            37
 #define ERR_LIB_ENGINE         38
+#define ERR_LIB_OCSP            39
 
 #define ERR_LIB_USER           128
 
@@ -163,6 +164,7 @@ typedef struct err_state_st
 #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
 #define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
 #define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
+#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),ERR_file_name,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */
index 861d680..9bd267b 100644 (file)
@@ -9,6 +9,7 @@ L EVP           crypto/evp/evp.h                crypto/evp/evp_err.c
 L BUF          crypto/buffer/buffer.h          crypto/buffer/buf_err.c
 L BIO          crypto/bio/bio.h                crypto/bio/bio_err.c
 L OBJ          crypto/objects/objects.h        crypto/objects/obj_err.c
+L OCSP         crypto/ocsp/ocsp.h              crypto/ocsp/ocsp_err.c
 L PEM          crypto/pem/pem.h                crypto/pem/pem_err.c
 L X509         crypto/x509/x509.h              crypto/x509/x509_err.c
 L NONE         crypto/x509/x509_vfy.h          NONE
diff --git a/crypto/ocsp/Makefile.ssl b/crypto/ocsp/Makefile.ssl
new file mode 100644 (file)
index 0000000..4f6378c
--- /dev/null
@@ -0,0 +1,243 @@
+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR=   ocsp
+TOP=   ../..
+CC=    cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=          make -f Makefile.ssl
+MAKEDEPEND=    $(TOP)/util/domd $(TOP)
+MAKEFILE=      Makefile.ssl
+AR=            ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_req.c ocsp_res.c ocsp_sig.c ocsp_cid.c ocsp_ext.c \
+       ocsp_lib.c ocsp_err.c 
+#ocsp_v3.c
+LIBOBJ= ocsp_req.o ocsp_res.o ocsp_sig.o ocsp_cid.o ocsp_ext.o \
+       ocsp_lib.o ocsp_err.o 
+#ocsp_v3.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER=        $(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+       (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:   lib
+
+lib:   $(LIBOBJ)
+       $(AR) $(LIB) $(LIBOBJ)
+       $(RANLIB) $(LIB)
+       @touch lib
+
+files:
+       perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+       $(TOP)/util/point.sh Makefile.ssl Makefile ;
+       $(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+       $(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+       $(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+       @for i in $(EXHEADER) ; \
+       do  \
+       (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+       chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+       done;
+
+tags:
+       ctags $(SRC)
+
+tests:
+
+lint:
+       lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+       $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+       $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+       mv -f Makefile.new $(MAKEFILE)
+
+clean:
+       rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_cid.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_cid.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_cid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_cid.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_cid.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_cid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cid.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_cid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_cid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_cid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_cid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_cid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cid.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cid.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_cid.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_cid.o: ../../include/openssl/rc5.h
+ocsp_cid.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_cid.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_cid.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_cid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_cid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_cid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+ocsp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_err.o: ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ext.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ext.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h
+ocsp_ext.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_ext.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+ocsp_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h
+ocsp_lib.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h
+ocsp_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_req.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_req.o: ../../include/openssl/rc5.h
+ocsp_req.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_res.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_res.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_res.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_res.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_res.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_res.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_res.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_res.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_res.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_res.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_res.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_res.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_res.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_res.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_res.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_res.o: ../../include/openssl/rc5.h
+ocsp_res.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_res.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_res.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_res.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_res.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_res.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_sig.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_sig.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_sig.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_sig.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_sig.o: ../../include/openssl/rc5.h
+ocsp_sig.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_sig.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
new file mode 100644 (file)
index 0000000..34563bf
--- /dev/null
@@ -0,0 +1,591 @@
+/* ocsp.h */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#ifndef HEADER_OCSP_H
+#define HEADER_OCSP_H
+
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+
+#ifdef  __cplusplus
+extern "C" {
+#endif
+
+/*   CertID ::= SEQUENCE {
+ *       hashAlgorithm            AlgorithmIdentifier,
+ *       issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
+ *       issuerKeyHash      OCTET STRING, -- Hash of Issuers public key (excluding the tag & length fields)
+ *       serialNumber       CertificateSerialNumber }
+ */
+typedef struct ocsp_cert_id_st
+       {
+       X509_ALGOR *hashAlgorithm;
+       ASN1_OCTET_STRING *issuerNameHash;
+       ASN1_OCTET_STRING *issuerKeyHash;
+       ASN1_INTEGER *serialNumber;
+       } OCSP_CERTID;
+
+/*   Request ::=     SEQUENCE {
+ *       reqCert                    CertID,
+ *       singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_one_request_st
+       {
+       OCSP_CERTID *reqCert;
+       STACK_OF(X509_EXTENSION) *singleRequestExtensions;
+       } OCSP_ONEREQ;
+
+DECLARE_STACK_OF(OCSP_ONEREQ)
+DECLARE_ASN1_SET_OF(OCSP_ONEREQ)
+
+
+/*   TBSRequest      ::=     SEQUENCE {
+ *       version             [0] EXPLICIT Version DEFAULT v1,
+ *       requestorName       [1] EXPLICIT GeneralName OPTIONAL,
+ *       requestList             SEQUENCE OF Request,
+ *       requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_req_info_st
+       {
+       ASN1_INTEGER *version;
+       GENERAL_NAME *requestorName;
+       STACK_OF(OCSP_ONEREQ) *requestList;
+       STACK_OF(X509_EXTENSION) *requestExtensions;
+       } OCSP_REQINFO;
+
+/*   Signature       ::=     SEQUENCE {
+ *       signatureAlgorithm   AlgorithmIdentifier,
+ *       signature            BIT STRING,
+ *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+typedef struct ocsp_signature_st
+       {
+       X509_ALGOR *signatureAlgorithm;
+       ASN1_BIT_STRING *signature;
+       STACK_OF(X509) *certs;
+       } OCSP_SIGNATURE;
+
+/*   OCSPRequest     ::=     SEQUENCE {
+ *       tbsRequest                  TBSRequest,
+ *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
+ */
+typedef struct ocsp_request_st
+       {
+       OCSP_REQINFO *tbsRequest;
+       OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
+       } OCSP_REQUEST;
+
+/*   OCSPResponseStatus ::= ENUMERATED {
+ *       successful            (0),      --Response has valid confirmations
+ *       malformedRequest      (1),      --Illegal confirmation request
+ *       internalError         (2),      --Internal error in issuer
+ *       tryLater              (3),      --Try again later
+ *                                       --(4) is not used
+ *       sigRequired           (5),      --Must sign the request
+ *       unauthorized          (6)       --Request unauthorized
+ *   }
+ */
+#define OCSP_RESPONSE_STATUS_SUCCESSFULL          0
+#define OCSP_RESPONSE_STATUS_MALFORMEDREQUEST     1
+#define OCSP_RESPONSE_STATUS_INTERNALERROR        2
+#define OCSP_RESPONSE_STATUS_TRYLATER             3
+#define OCSP_RESPONSE_STATUS_SIGREQUIRED          5
+#define OCSP_RESPONSE_STATUS_UNAUTHORIZED         6
+
+/*   ResponseBytes ::=       SEQUENCE {
+ *       responseType   OBJECT IDENTIFIER,
+ *       response       OCTET STRING }
+ */
+typedef struct ocsp_resp_bytes_st
+       {
+       ASN1_OBJECT *responseType;
+       ASN1_OCTET_STRING *response;
+       } OCSP_RESPBYTES;
+
+/*   OCSPResponse ::= SEQUENCE {
+ *      responseStatus         OCSPResponseStatus,
+ *      responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
+ */
+typedef struct ocsp_response_st
+       {
+       ASN1_ENUMERATED *responseStatus;
+       OCSP_RESPBYTES  *responseBytes;
+       } OCSP_RESPONSE;
+
+/*   ResponderID ::= CHOICE {
+ *      byName   [1] Name,
+ *      byKey    [2] KeyHash }
+ */
+#define V_OCSP_RESPID_NAME 1
+#define V_OCSP_RESPID_KEY  2
+typedef struct ocsp_responder_id_st
+       {
+       int tag;
+       union   {
+               X509_NAME* byName;
+               ASN1_OCTET_STRING *byKey;
+               } value;
+       } OCSP_RESPID;
+/*   KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
+ *                            --(excluding the tag and length fields)
+ */
+
+/*   RevokedInfo ::= SEQUENCE {
+ *       revocationTime              GeneralizedTime,
+ *       revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
+ */
+typedef struct ocsp_revoked_info_st
+       {
+       ASN1_GENERALIZEDTIME *revocationTime;
+       ASN1_ENUMERATED *revocationReason;
+       } OCSP_REVOKEDINFO;
+
+/*   CertStatus ::= CHOICE {
+ *       good                [0]     IMPLICIT NULL,
+ *       revoked             [1]     IMPLICIT RevokedInfo,
+ *       unknown             [2]     IMPLICIT UnknownInfo }
+ */
+#define V_OCSP_CERTSTATUS_GOOD    0
+#define V_OCSP_CERTSTATUS_REVOKED 1
+#define V_OCSP_CERTSTATUS_UNKNOWN 2
+typedef struct ocsp_cert_status_st
+       {
+       int tag;
+       /* good [0] IMPLICIT NULL */
+       OCSP_REVOKEDINFO *revoked;
+       /* unknown [2] OCSP_UNKNOWNINFO *unknown, which is NULL */
+       } OCSP_CERTSTATUS;
+
+/*   SingleResponse ::= SEQUENCE {
+ *      certID                       CertID,
+ *      certStatus                   CertStatus,
+ *      thisUpdate                   GeneralizedTime,
+ *      nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
+ *      singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_single_response_st
+       {
+       OCSP_CERTID *certId;
+       OCSP_CERTSTATUS *certStatus;
+       ASN1_GENERALIZEDTIME *thisUpdate;
+       ASN1_GENERALIZEDTIME *nextUpdate;
+       STACK_OF(X509_EXTENSION) *singleExtensions;
+       } OCSP_SINGLERESP;
+
+DECLARE_STACK_OF(OCSP_SINGLERESP)
+DECLARE_ASN1_SET_OF(OCSP_SINGLERESP)
+
+/*   ResponseData ::= SEQUENCE {
+ *      version              [0] EXPLICIT Version DEFAULT v1,
+ *      responderID              ResponderID,
+ *      producedAt               GeneralizedTime,
+ *      responses                SEQUENCE OF SingleResponse,
+ *      responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
+ */
+typedef struct ocsp_response_data_st
+       {
+       ASN1_INTEGER *version;
+       OCSP_RESPID  *responderId;
+       ASN1_GENERALIZEDTIME *producedAt;
+       STACK_OF(OCSP_SINGLERESP) *responses;
+       STACK_OF(X509_EXTENSION) *responseExtensions;
+       } OCSP_RESPDATA;
+
+/*   BasicOCSPResponse       ::= SEQUENCE {
+ *      tbsResponseData      ResponseData,
+ *      signatureAlgorithm   AlgorithmIdentifier,
+ *      signature            BIT STRING,
+ *      certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
+ */
+  /* Note 1:
+     The value for "signature" is specified in the OCSP rfc2560 as follows:
+     "The value for the signature SHALL be computed on the hash of the DER
+     encoding ResponseData."  This means that you must hash the DER-encoded
+     tbsResponseData, and then run it through a crypto-signing function, which
+     will (at least w/RSA) do a hash-'n'-private-encrypt operation.  This seems
+     a bit odd, but that's the spec.  Also note that the data structures do not
+     leave anywhere to independently specify the algorithm used for the initial
+     hash. So, we look at the signature-specification algorithm, and try to do
+     something intelligent.    -- Kathy Weinhold, CertCo */
+  /* Note 2:
+     It seems that the mentioned passage from RFC 2560 (section 4.2.1) is open
+     for interpretation.  I've done tests against another responder, and found
+     that it doesn't do the double hashing that the RFC seems to say one
+     should.  Therefore, all relevant functions take a flag saying which
+     variant should be used.   -- Richard Levitte, OpenSSL team and CeloCom */
+typedef struct ocsp_basic_response_st
+       {
+       OCSP_RESPDATA *tbsResponseData;
+       X509_ALGOR *signatureAlgorithm;
+       ASN1_BIT_STRING *signature;
+       STACK_OF(X509) *certs;
+       } OCSP_BASICRESP;
+
+/*
+ *   CRLReason ::= ENUMERATED {
+ *        unspecified             (0),
+ *        keyCompromise           (1),
+ *        cACompromise            (2),
+ *        affiliationChanged      (3),
+ *        superseded              (4),
+ *        cessationOfOperation    (5),
+ *        certificateHold         (6),
+ *        removeFromCRL           (8) }
+ */
+#define OCSP_REVOKED_STATUS_NOSTATUS               -1
+#define OCSP_REVOKED_STATUS_UNSPECIFIED             0
+#define OCSP_REVOKED_STATUS_KEYCOMPROMISE           1
+#define OCSP_REVOKED_STATUS_CACOMPROMISE            2
+#define OCSP_REVOKED_STATUS_AFFILIATIONCHANGED      3
+#define OCSP_REVOKED_STATUS_SUPERSEDED              4
+#define OCSP_REVOKED_STATUS_CESSATIONOFOPERATION    5
+#define OCSP_REVOKED_STATUS_CERTIFICATEHOLD         6
+#define OCSP_REVOKED_STATUS_REMOVEFROMCRL           8
+
+/* CrlID ::= SEQUENCE {
+ *     crlUrl               [0]     EXPLICIT IA5String OPTIONAL,
+ *     crlNum               [1]     EXPLICIT INTEGER OPTIONAL,
+ *     crlTime              [2]     EXPLICIT GeneralizedTime OPTIONAL }
+ */
+typedef struct ocsp_crl_id_st
+        {
+       ASN1_IA5STRING *crlUrl;
+       ASN1_INTEGER *crlNum;
+       ASN1_GENERALIZEDTIME *crlTime;
+        } OCSP_CRLID;
+
+/* ServiceLocator ::= SEQUENCE {
+ *      issuer    Name,
+ *      locator   AuthorityInfoAccessSyntax OPTIONAL }
+ */
+typedef struct ocsp_service_locator_st
+        {
+       X509_NAME* issuer;
+       STACK_OF(ACCESS_DESCRIPTION) *locator;
+        } OCSP_SERVICELOC;
+#define PEM_STRING_OCSP_REQUEST        "OCSP REQUEST"
+#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
+
+#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \
+               OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
+               (unsigned char **)(p))
+
+#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\
+               OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
+               (unsigned char **)(p))
+
+#define        PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
+     (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
+
+#define        PEM_read_bio_OCSP_RESPONSE(bp,x,cb)(OCSP_RESPONSE *)PEM_ASN1_read_bio(\
+     (char *(*)())d2i_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,bp,(char **)x,cb,NULL)
+
+#define PEM_write_bio_OCSP_REQUEST(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,\
+                       bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define PEM_write_bio_OCSP_RESPONSE(bp,o) \
+    PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
+                       bp,(char *)o, NULL,NULL,0,NULL,NULL)
+
+#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\
+               (unsigned char *)o)
+
+#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\
+               (unsigned char *)o)
+
+#define OCSP_REQUEST_sign(o,pkey,md) \
+       ASN1_sign((int(*)())i2d_OCSP_REQINFO,\
+               o->optionalSignature->signatureAlgorithm,NULL,\
+               o->optionalSignature->signature,(char *)o->tbsRequest,pkey,md)
+
+#define OCSP_BASICRESP_sign(o,pkey,md,d) \
+       ASN1_sign((int(*)())i2d_OCSP_RESPDATA,o->signatureAlgorithm,NULL,\
+               o->signature,(char *)o->tbsResponseData,pkey,md)
+
+#define OCSP_REQUEST_verify(a,r) ASN1_verify((int (*)())i2d_OCSP_REQINFO,\
+        a->optionalSignature->signatureAlgorithm,\
+       a->optionalSignature->signature,(char *)a->tbsRequest,r)
+
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_verify((int (*)())i2d_OCSP_RESPDATA,\
+       a->signatureAlgorithm,a->signature,(char *)a->tbsResponseData,r)
+
+#define ASN1_BIT_STRING_digest(data,type,md,len) \
+       ASN1_digest((int (*)())i2d_ASN1_BIT_STRING,type,(char *)data,md,len)
+
+#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
+               (char *(*)())d2i_OCSP_CERTID,(char *)(cid))
+
+#define OCSP_CERTSTATUS_dup(cs)\
+                (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
+               (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+                             X509_NAME *issuerName, 
+                             ASN1_BIT_STRING* issuerKey, 
+                             ASN1_INTEGER *serialNumber);
+
+OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
+
+OCSP_REQUEST *OCSP_request_new(X509_NAME* name,
+                              STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_request_add(OCSP_REQUEST             *req,
+                    OCSP_CERTID              *cid,
+                    STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+                     EVP_PKEY       *key,
+                     const EVP_MD   *dgst,
+                     STACK_OF(X509) *certs);
+
+int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey);
+
+OCSP_BASICRESP *OCSP_basic_response_new(int tag,
+                                       X509* cert,
+                                       STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_basic_response_add(OCSP_BASICRESP           *rsp,
+                           OCSP_CERTID              *cid,
+                           OCSP_CERTSTATUS          *cst,
+                           char                     *thisUpdate,
+                           char                     *nextUpdate,
+                           STACK_OF(X509_EXTENSION) *extensions);
+
+int OCSP_basic_response_sign(OCSP_BASICRESP *brsp, 
+                            EVP_PKEY       *key,
+                            const EVP_MD   *dgst,
+                            STACK_OF(X509) *certs);
+
+int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey);
+
+int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey);
+
+
+OCSP_RESPONSE *OCSP_response_new(int status,
+                                int nid,
+                                int (*i2d)(),
+                                char *data);
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+                               char *data, STACK *sk);
+
+X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len);
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
+
+X509_EXTENSION *OCSP_accept_responses_new(char **oids);
+
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim);
+
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls);
+
+OCSP_SINGLERESP *OCSP_SINGLERESP_new(void);
+void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a);
+int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp);
+OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a, unsigned char **pp, long length);
+int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a);
+
+OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
+void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a);
+int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp);
+OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, unsigned char **pp, long length);
+int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a);
+
+OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void);
+void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a);
+int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp);
+OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, unsigned char **pp, long length);
+int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a);
+
+OCSP_BASICRESP *OCSP_BASICRESP_new(void);
+void OCSP_BASICRESP_free(OCSP_BASICRESP *a);
+int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp);
+OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, unsigned char **pp, long length);
+int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a);
+
+OCSP_RESPDATA *OCSP_RESPDATA_new(void);
+void OCSP_RESPDATA_free(OCSP_RESPDATA *a);
+int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **pp);
+OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a);
+
+OCSP_RESPID *OCSP_RESPID_new(void);
+void OCSP_RESPID_free(OCSP_RESPID *a);
+int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp);
+OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a);
+
+OCSP_RESPONSE *OCSP_RESPONSE_new(void);
+void OCSP_RESPONSE_free(OCSP_RESPONSE *a);
+int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **pp);
+OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a);
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* a);
+
+OCSP_RESPBYTES *OCSP_RESPBYTES_new(void);
+void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a);
+int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **pp);
+OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, unsigned char **pp, long length);
+int i2a_OCSP_RESPBYTES(BIO *bp, OCSP_RESPBYTES* a);
+
+OCSP_ONEREQ *OCSP_ONEREQ_new(void);
+void OCSP_ONEREQ_free(OCSP_ONEREQ *a);
+int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **pp);
+OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, unsigned char **pp, long length);
+int i2a_OCSP_ONEREQ(BIO *bp, OCSP_ONEREQ* a);
+
+OCSP_CERTID *OCSP_CERTID_new(void);
+void OCSP_CERTID_free(OCSP_CERTID *a);
+int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **pp);
+OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, unsigned char **pp, long length);
+int i2a_OCSP_CERTID(BIO *bp, OCSP_CERTID* a);
+
+OCSP_REQUEST *OCSP_REQUEST_new(void);
+void OCSP_REQUEST_free(OCSP_REQUEST *a);
+int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **pp);
+OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, unsigned char **pp, long length);
+int i2a_OCSP_REQUEST(BIO *bp, OCSP_REQUEST* a);
+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a);
+
+OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
+void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);
+int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **pp);
+OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length);
+int i2a_OCSP_SIGNATURE(BIO *bp, OCSP_SIGNATURE* a);
+
+OCSP_REQINFO *OCSP_REQINFO_new(void);
+void OCSP_REQINFO_free(OCSP_REQINFO *a);
+int i2d_OCSP_REQINFO(OCSP_REQINFO *a, unsigned char **pp);
+OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a, unsigned char **pp, long length);
+int i2a_OCSP_REQINFO(BIO *bp, OCSP_REQINFO* a);
+
+OCSP_CRLID *OCSP_CRLID_new(void);
+void OCSP_CRLID_free(OCSP_CRLID *a);
+int i2d_OCSP_CRLID(OCSP_CRLID *a, unsigned char **pp);
+OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a, unsigned char **pp, long length);
+int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a);
+int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind);
+
+OCSP_SERVICELOC *OCSP_SERVICELOC_new(void);
+void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a);
+int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a, unsigned char **pp);
+OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a, unsigned char **pp, long length);
+int i2a_OCSP_SERVICELOC(BIO *bp, OCSP_SERVICELOC* a);
+int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind);
+
+int OCSP_extensions_print(BIO *bp, STACK_OF(X509_EXTENSION) *sk, char *title);
+int OCSP_extension_print(BIO *bp, X509_EXTENSION *x, int ind);
+
+void ERR_load_OCSP_strings(void);
+
+X509_EXTENSION *OCSP_nochain_new(void);
+
+char* ocspResponseStatus2string(long s);
+char* ocspCertStatus2string(long s);
+char * cRLReason2string(long s);
+
+void OCSP_add_standard_extension(void);
+
+/* BEGIN ERROR CODES */
+/* The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+/* Error codes for the OCSP functions. */
+
+/* Function codes. */
+#define OCSP_F_ASN1_STRING_ENCODE                       106
+#define OCSP_F_BASIC_RESPONSE_NEW                       100
+#define OCSP_F_BASIC_RESPONSE_VERIFY                    101
+#define OCSP_F_CERT_ID_NEW                              102
+#define OCSP_F_CERT_STATUS_NEW                          103
+#define OCSP_F_REQUEST_VERIFY                           104
+#define OCSP_F_RESPONSE_VERIFY                          105
+#define OCSP_F_S2I_OCSP_NONCE                           107
+#define OCSP_F_V2I_OCSP_CRLID                           108
+
+/* Reason codes. */
+#define OCSP_R_BAD_DATA                                         108
+#define OCSP_R_BAD_TAG                                  100
+#define OCSP_R_DIGEST_ERR                               101
+#define OCSP_R_FAILED_TO_OPEN                           109
+#define OCSP_R_FAILED_TO_READ                           110
+#define OCSP_R_FAILED_TO_STAT                           111
+#define OCSP_R_MISSING_VALUE                            112
+#define OCSP_R_NO_CERTIFICATE                           102
+#define OCSP_R_NO_PUBLIC_KEY                            103
+#define OCSP_R_NO_RESPONSE_DATA                                 104
+#define OCSP_R_NO_SIGNATURE                             105
+#define OCSP_R_REVOKED_NO_TIME                          106
+#define OCSP_R_UNKNOWN_NID                              107
+#define OCSP_R_UNSUPPORTED_OPTION                       113
+#define OCSP_R_VALUE_ALREADY                            114
+
+#ifdef  __cplusplus
+}
+#endif
+#endif
+
diff --git a/crypto/ocsp/ocsp_cid.c b/crypto/ocsp/ocsp_cid.c
new file mode 100644 (file)
index 0000000..b27531b
--- /dev/null
@@ -0,0 +1,157 @@
+/* ocsp_cid.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+OCSP_CERTID *OCSP_CERTID_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_CERTID *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_CERTID);
+       M_ASN1_New(ret->hashAlgorithm, X509_ALGOR_new);
+       M_ASN1_New(ret->issuerNameHash, ASN1_OCTET_STRING_new);
+       M_ASN1_New(ret->issuerKeyHash, ASN1_OCTET_STRING_new);
+       M_ASN1_New(ret->serialNumber, ASN1_INTEGER_new);
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_CERTID_NEW);
+       }
+       
+void OCSP_CERTID_free(OCSP_CERTID *a)
+       {
+       if (a == NULL) return;
+       X509_ALGOR_free(a->hashAlgorithm);
+       ASN1_OCTET_STRING_free(a->issuerNameHash);
+       ASN1_OCTET_STRING_free(a->issuerKeyHash);
+       ASN1_INTEGER_free(a->serialNumber);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_CERTID(OCSP_CERTID *a,
+                   unsigned char **pp)
+       {
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->hashAlgorithm, i2d_X509_ALGOR);
+       M_ASN1_I2D_len(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_len(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_len(a->serialNumber, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->hashAlgorithm, i2d_X509_ALGOR);
+       M_ASN1_I2D_put(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_put(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_put(a->serialNumber, i2d_ASN1_INTEGER);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a,
+                            unsigned char **pp,
+                            long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_CERTID *,OCSP_CERTID_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->hashAlgorithm, d2i_X509_ALGOR);
+       M_ASN1_D2I_get(ret->issuerNameHash, d2i_ASN1_OCTET_STRING);
+       M_ASN1_D2I_get(ret->issuerKeyHash, d2i_ASN1_OCTET_STRING);
+       M_ASN1_D2I_get(ret->serialNumber, d2i_ASN1_INTEGER);
+
+       /* protect against malformed CERTID's */
+       if (ASN1_STRING_length(ret->issuerNameHash) == 0 ||
+               ASN1_STRING_length(ret->issuerKeyHash) == 0 ||
+               ASN1_STRING_length(ret->serialNumber) == 0)
+               goto err;
+
+       M_ASN1_D2I_Finish(a,OCSP_CERTID_free,ASN1_F_D2I_OCSP_CERTID);
+       }
+
+int i2a_OCSP_CERTID(BIO *bp,
+                   OCSP_CERTID* a)
+        {
+#ifdef UNDEF
+       /* XXX this guy isn't implemented. */
+       i2a_X509_ALGOR(bp, a->hashAlgorithm);
+#else   /* instead, just show OID, not param */
+       i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+#endif
+       i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+       i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+       i2a_ASN1_INTEGER(bp, a->serialNumber);
+       return 4;
+       }
diff --git a/crypto/ocsp/ocsp_err.c b/crypto/ocsp/ocsp_err.c
new file mode 100644 (file)
index 0000000..e7e0c90
--- /dev/null
@@ -0,0 +1,116 @@
+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA OCSP_str_functs[]=
+       {
+{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0),      "ASN1_STRING_encode"},
+{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_NEW,0),      "BASIC_RESPONSE_NEW"},
+{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_VERIFY,0),   "BASIC_RESPONSE_VERIFY"},
+{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0),     "CERT_ID_NEW"},
+{ERR_PACK(0,OCSP_F_CERT_STATUS_NEW,0), "CERT_STATUS_NEW"},
+{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0),  "REQUEST_VERIFY"},
+{ERR_PACK(0,OCSP_F_RESPONSE_VERIFY,0), "RESPONSE_VERIFY"},
+{ERR_PACK(0,OCSP_F_S2I_OCSP_NONCE,0),  "S2I_OCSP_NONCE"},
+{ERR_PACK(0,OCSP_F_V2I_OCSP_CRLID,0),  "V2I_OCSP_CRLID"},
+{0,NULL}
+       };
+
+static ERR_STRING_DATA OCSP_str_reasons[]=
+       {
+{OCSP_R_BAD_DATA                         ,"bad data"},
+{OCSP_R_BAD_TAG                          ,"bad tag"},
+{OCSP_R_DIGEST_ERR                       ,"digest err"},
+{OCSP_R_FAILED_TO_OPEN                   ,"failed to open"},
+{OCSP_R_FAILED_TO_READ                   ,"failed to read"},
+{OCSP_R_FAILED_TO_STAT                   ,"failed to stat"},
+{OCSP_R_MISSING_VALUE                    ,"missing value"},
+{OCSP_R_NO_CERTIFICATE                   ,"no certificate"},
+{OCSP_R_NO_PUBLIC_KEY                    ,"no public key"},
+{OCSP_R_NO_RESPONSE_DATA                 ,"no response data"},
+{OCSP_R_NO_SIGNATURE                     ,"no signature"},
+{OCSP_R_REVOKED_NO_TIME                  ,"revoked no time"},
+{OCSP_R_UNKNOWN_NID                      ,"unknown nid"},
+{OCSP_R_UNSUPPORTED_OPTION               ,"unsupported option"},
+{OCSP_R_VALUE_ALREADY                    ,"value already"},
+{0,NULL}
+       };
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+       {
+       static int init=1;
+
+       if (init)
+               {
+               init=0;
+#ifndef NO_ERR
+               ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
+               ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+#endif
+
+               }
+       }
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
new file mode 100644 (file)
index 0000000..b55f572
--- /dev/null
@@ -0,0 +1,347 @@
+/* ocsp_ext.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+                               char *data, STACK *sk)
+        {
+       int i;
+       unsigned char *p, *b = NULL;
+
+       if (data)
+               {
+               if ((i=i2d(data,NULL)) <= 0) goto err;
+               if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+                       goto err;
+               if (i2d(data, &p) <= 0) goto err;
+               }
+       else if (sk)
+               {
+               if ((i=i2d_ASN1_SET(sk,NULL,i2d,V_ASN1_SEQUENCE,
+                                  V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
+               if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+                       goto err;
+               if (i2d_ASN1_SET(sk,&p,i2d,V_ASN1_SEQUENCE,
+                                V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+               }
+       else
+               {
+               OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
+               goto err;
+               }
+       if (!s && !(s = ASN1_STRING_new())) goto err;
+       if (!(ASN1_STRING_set(s, b, i))) goto err;
+       OPENSSL_free(b);
+       return s;
+err:
+       if (b) OPENSSL_free(b);
+       return NULL;
+       }
+
+X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len)
+        {
+       X509_EXTENSION *x=NULL;
+       if (!(x = X509_EXTENSION_new())) goto err;
+       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err;
+       if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err;
+       return x;
+err:
+       if (x) X509_EXTENSION_free(x);
+       return NULL;
+       }
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+        {
+       X509_EXTENSION *x = NULL;
+       OCSP_CRLID *cid = NULL;
+       
+       if (!(cid = OCSP_CRLID_new())) goto err;
+       if (url)
+               {
+               if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
+               if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
+               }
+       if (n)
+               {
+               if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
+               if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
+               }
+       if (time)
+               {
+               if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
+               if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
+                       goto err;
+               }
+       if (!(x = X509_EXTENSION_new())) goto err;
+       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
+       if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+               goto err;
+       OCSP_CRLID_free(cid);
+       return x;
+err:
+       if (x) X509_EXTENSION_free(x);
+       if (cid) OCSP_CRLID_free(cid);
+       return NULL;
+       }
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+        {
+       int nid;
+       STACK *sk = NULL;
+       ASN1_OBJECT *o = NULL;
+        X509_EXTENSION *x = NULL;
+       if (!(sk = sk_new(NULL))) goto err;
+       while (oids && *oids)
+               {
+               if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
+                       sk_push(sk, (char*) o);
+               oids++;
+               }
+       if (!(x = X509_EXTENSION_new())) goto err;
+       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+               goto err;
+       if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+               goto err;
+       sk_pop_free(sk, ASN1_OBJECT_free);
+       return x;
+err:
+       if (x) X509_EXTENSION_free(x);
+       if (sk) sk_pop_free(sk, ASN1_OBJECT_free);
+       return NULL;
+        }
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
+        {
+       X509_EXTENSION *x=NULL;
+       ASN1_GENERALIZEDTIME *gt = NULL;
+
+       if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
+       if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
+       if (!(x = X509_EXTENSION_new())) goto err;
+       if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
+       if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
+                                (char*)gt,NULL))) goto err;
+       ASN1_GENERALIZEDTIME_free(gt);
+       return x;
+err:
+       if (gt) ASN1_GENERALIZEDTIME_free(gt);
+       if (x) X509_EXTENSION_free(x);
+       return NULL;
+       }
+
+/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
+ * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+        {
+       X509_EXTENSION *x = NULL;
+       ASN1_IA5STRING *ia5 = NULL;
+       OCSP_SERVICELOC *sloc = NULL;
+       ACCESS_DESCRIPTION *ad = NULL;
+       
+       if (!(sloc = OCSP_SERVICELOC_new())) goto err;
+       if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
+       if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new(NULL))) goto err;
+       while (urls && *urls)
+               {
+               if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
+               if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
+               if (!(ad->location = GENERAL_NAME_new())) goto err;
+               if (!(ia5 = ASN1_IA5STRING_new())) goto err;
+               if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
+               ad->location->type = GEN_URI;
+               ad->location->d.ia5 = ia5;
+               if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
+               urls++;
+               }
+       if (!(x = X509_EXTENSION_new())) goto err;
+       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
+               goto err;
+       if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
+                                (char*)sloc, NULL))) goto err;
+       OCSP_SERVICELOC_free(sloc);
+       return x;
+err:
+       if (x) X509_EXTENSION_free(x);
+       if (sloc) OCSP_SERVICELOC_free(sloc);
+       return NULL;
+       }
+
+int OCSP_extensions_print(BIO *bp,
+                         STACK_OF(X509_EXTENSION) *sk,
+                         char *title)
+        {
+       int i;
+       if (!sk) return 1;
+       if (BIO_printf(bp, "%s:\n", title) <= 0) return 0; 
+       for (i=0; i<sk_X509_EXTENSION_num(sk); i++)
+               OCSP_extension_print(bp, sk_X509_EXTENSION_value(sk,i), 4);
+       return sk_X509_EXTENSION_num(sk);
+       }
+
+int OCSP_extension_print(BIO *bp,
+                        X509_EXTENSION *x,
+                        int ind)
+        {
+       int i, j;
+       STACK *sk = NULL;
+       unsigned char *p;
+       OCSP_CRLID *crlid = NULL;
+       OCSP_SERVICELOC *sloc = NULL;
+       ASN1_GENERALIZEDTIME *gt = NULL;
+
+       if (!x) return 1;
+       switch (OBJ_obj2nid(x->object))
+               {
+               case NID_id_pkix_OCSP_Nonce:
+                       if (BIO_printf(bp, "%*snonce: ", ind, "") <= 0) 
+                               goto err;
+                       if (M_ASN1_OCTET_STRING_print(bp, x->value) <= 0)
+                               goto err;
+                       if (BIO_write(bp, "\n", 1) <= 0) goto err;
+                       break;
+               case NID_id_pkix_OCSP_CrlID:
+                       if (BIO_printf(bp, "%*scrlId:\n", ind, "") <= 0) 
+                               goto err;
+                       p = x->value->data;
+                       if (!(d2i_OCSP_CRLID(&crlid, &p, x->value->length)))
+                               goto err;
+                       if (!OCSP_CRLID_print(bp, crlid, (2*ind))) goto err;
+                       OCSP_CRLID_free(crlid);
+                       break;
+               case NID_id_pkix_OCSP_acceptableResponses:
+                       if (BIO_printf(bp, 
+                                     "%*sacceptable responses: ", 
+                                     ind, "") <= 0)
+                               goto err;
+                       p = x->value->data;
+                       if (!(d2i_ASN1_SET(&sk, &p, x->value->length, 
+                                          (char *(*)())d2i_ASN1_OBJECT, 
+                                          ASN1_OBJECT_free, V_ASN1_SEQUENCE, 
+                                          V_ASN1_UNIVERSAL)))
+                               goto err;
+                       for (i = 0; i < sk_num(sk); i++)
+                               {
+                               j=OBJ_obj2nid((ASN1_OBJECT*)sk->data[i]);
+                               if (BIO_printf(bp," %s ",
+                                              (j == NID_undef)?"UNKNOWN":
+                                                          OBJ_nid2ln(j)) <= 0)
+                                         goto err;
+                               }
+                       if (BIO_write(bp, "\n", 1) <= 0) goto err;
+                       sk_pop_free(sk, ASN1_OBJECT_free);
+                       break;
+               case NID_id_pkix_OCSP_archiveCutoff:
+                       if (BIO_printf(bp, "%*sarchive cutoff: ", ind, "")<=0)
+                               goto err;
+                       p = x->value->data;
+                       if (!d2i_ASN1_GENERALIZEDTIME(&gt, &p, 
+                                                     x->value->length))
+                               goto err;
+                       if (!ASN1_GENERALIZEDTIME_print(bp, gt)) goto err;
+                       if (BIO_write(bp, "\n", 1) <= 0) goto err;
+                       ASN1_GENERALIZEDTIME_free(gt);
+                       break;
+               case NID_id_pkix_OCSP_serviceLocator:
+                 if (BIO_printf(bp, "%*sservice locator:\n", ind, "") <= 0)
+                               goto err;
+                       p = x->value->data;
+                       if (!d2i_OCSP_SERVICELOC(&sloc, &p, 
+                                                x->value->length))
+                               goto err;
+                       if (!OCSP_SERVICELOC_print(bp,sloc,(2*ind))) goto err;
+                       OCSP_SERVICELOC_free(sloc);
+                       break;
+               case NID_undef:
+               default:
+                       if (BIO_printf(bp,"%*sunrecognized oid: ",ind,"") <= 0)
+                               goto err;
+                       break;
+               }
+       return 1;
+err:
+       return 0;
+       }
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
new file mode 100644 (file)
index 0000000..d04213d
--- /dev/null
@@ -0,0 +1,791 @@
+/* ocsp_lib.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/x509v3.h>
+#include <openssl/safestack.h>
+#include <openssl/ocsp.h>
+
+static STACK_OF(X509_EXTENSION) *ext_dup(STACK_OF(X509_EXTENSION) *fr)
+       {
+       int i;
+       STACK_OF(X509_EXTENSION) *to = NULL;
+
+       if (!(to = sk_X509_EXTENSION_dup(fr)))
+               goto err;
+       for (i = 0; i < sk_X509_EXTENSION_num(fr); i++)
+               {
+               sk_X509_EXTENSION_set(to, i,
+                     X509_EXTENSION_dup(sk_X509_EXTENSION_value(fr, i)));
+               if (! sk_X509_EXTENSION_value(to, i))
+                       goto err;
+               }
+       return to;
+err:
+       if (to) sk_X509_EXTENSION_pop_free(to, X509_EXTENSION_free);
+       return NULL;
+       }
+
+OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, 
+                             X509_NAME *issuerName, 
+                             ASN1_BIT_STRING* issuerKey, 
+                             ASN1_INTEGER *serialNumber)
+        {
+       int nid;
+        unsigned int i;
+       X509_ALGOR *alg;
+       OCSP_CERTID *cid = NULL;
+       unsigned char md[EVP_MAX_MD_SIZE];
+       EVP_MD_CTX ctx;
+
+       if (!(cid = OCSP_CERTID_new())) goto err;
+
+       alg = cid->hashAlgorithm;
+       if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
+       if ((nid = EVP_MD_type(dgst)) == NID_undef)
+               {
+               OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
+               goto err;
+               }
+       if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
+       if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err;
+       alg->parameter->type=V_ASN1_NULL;
+
+       if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr;
+       if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) goto err;
+
+       /* Calculate the issuerKey hash, excluding tag and length */
+       EVP_DigestInit(&ctx,dgst);
+       EVP_DigestUpdate(&ctx,issuerKey->data, issuerKey->length);
+       EVP_DigestFinal(&ctx,md,&i);
+
+       if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) goto err;
+       
+       if (cid->serialNumber != NULL) ASN1_INTEGER_free(cid->serialNumber);
+       if (!(cid->serialNumber = ASN1_INTEGER_dup(serialNumber))) goto err;
+       return cid;
+digerr:
+       OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
+err:
+       if (cid) OCSP_CERTID_free(cid);
+       return NULL;
+       }
+
+OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim)
+        {
+       OCSP_REVOKEDINFO *ri;
+       OCSP_CERTSTATUS *cs = NULL;
+
+       if (!(cs = OCSP_CERTSTATUS_new())) goto err;
+       if ((cs->tag = status) == V_OCSP_CERTSTATUS_REVOKED)
+               {
+               if (!time)
+                       {
+                       OCSPerr(OCSP_F_CERT_STATUS_NEW,OCSP_R_REVOKED_NO_TIME);
+                       goto err;
+                       }
+               if (!(cs->revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
+               if (!ASN1_GENERALIZEDTIME_set_string(ri->revocationTime,tim))
+                       goto err;       
+               if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
+                       {
+                       if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
+                               goto err;
+                       if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
+                                                 reason)))
+                               goto err;       
+                       }
+               }
+       return cs;
+err:
+       if (cs) OCSP_CERTSTATUS_free(cs);
+       return NULL;
+       }
+
+OCSP_REQUEST *OCSP_request_new(X509_NAME* name,
+                              STACK_OF(X509_EXTENSION) *extensions)
+        {
+       OCSP_REQUEST *req = NULL;
+
+       if ((req = OCSP_REQUEST_new()) == NULL) goto err;
+       if (name) /* optional */
+               {
+               if (!(req->tbsRequest->requestorName=GENERAL_NAME_new()))
+                       goto err;
+               req->tbsRequest->requestorName->type = GEN_DIRNAME;
+               req->tbsRequest->requestorName->d.dirn = X509_NAME_dup(name);
+               }
+       if (!(req->tbsRequest->requestList = sk_OCSP_ONEREQ_new(NULL))) goto err;
+       if (extensions && 
+           (!(req->tbsRequest->requestExtensions = ext_dup(extensions))))
+               goto err;
+       return req;
+err:
+       if (req) OCSP_REQUEST_free(req);
+       return NULL;
+       }
+
+int OCSP_request_add(OCSP_REQUEST             *req,
+                    OCSP_CERTID              *cid,
+                    STACK_OF(X509_EXTENSION) *extensions)
+        {
+       OCSP_ONEREQ *one = NULL;
+
+       if (!(one = OCSP_ONEREQ_new())) goto err;
+       if (one->reqCert) OCSP_CERTID_free(one->reqCert);
+       if (!(one->reqCert = OCSP_CERTID_dup(cid))) goto err;
+       if (extensions&&(!(one->singleRequestExtensions=ext_dup(extensions))))
+               goto err;
+       if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) goto err;
+       return 1;
+err:
+       if (one) OCSP_ONEREQ_free(one);
+       return 0;
+        }
+
+int OCSP_request_sign(OCSP_REQUEST   *req,
+                     EVP_PKEY       *key,
+                     const EVP_MD   *dgst,
+                     STACK_OF(X509) *certs)
+        {
+       int i;
+       OCSP_SIGNATURE *sig;
+
+       if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
+       if (!OCSP_REQUEST_sign(req, key, dgst)) goto err;
+       if (certs)
+               {
+               if (!(sig->certs = sk_X509_dup(certs))) goto err;
+               for (i = 0; i < sk_X509_num(sig->certs); i++)
+                       {
+                       sk_X509_set(sig->certs, i, 
+                              X509_dup(sk_X509_value(certs,i)));
+                       if (! sk_X509_value(sig->certs, i))
+                             goto err;
+                       }
+               }
+       return 1;
+err:
+       if (req->optionalSignature)
+               {
+               OCSP_SIGNATURE_free(req->optionalSignature);
+               req->optionalSignature = NULL;
+               }
+       return 0;
+       }
+
+OCSP_BASICRESP *OCSP_basic_response_new(int tag,
+                                       X509* cert,
+                                       STACK_OF(X509_EXTENSION) *extensions)
+        {
+       time_t t;
+       OCSP_RESPID *rid;
+        ASN1_BIT_STRING *bs;
+       OCSP_BASICRESP *rsp = NULL;
+       unsigned char md[SHA_DIGEST_LENGTH];
+       
+       if (!(rsp = OCSP_BASICRESP_new())) goto err;
+       rid = rsp->tbsResponseData->responderId;
+       switch (rid->tag = tag)
+               {
+               case V_OCSP_RESPID_NAME:
+                       /* cert is user cert */
+                       if (!(rid->value.byName =
+                                 X509_NAME_dup(X509_get_subject_name(cert))))
+                               goto err;
+                       break;
+               case V_OCSP_RESPID_KEY:
+                       /* cert is issuer cert */
+                       /* SHA-1 hash of responder's public key
+                         * (excluding the tag and length fields)
+                        */
+                       bs = cert->cert_info->key->public_key;
+                       SHA1(ASN1_STRING_data((ASN1_STRING*)bs), 
+                            ASN1_STRING_length((ASN1_STRING*)bs), md);
+                       if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
+                               goto err;
+                       if (!(ASN1_OCTET_STRING_set(rid->value.byKey,
+                                                   md, sizeof md)))
+                               goto err;
+                       break;
+               default:
+                       OCSPerr(OCSP_F_BASIC_RESPONSE_NEW,OCSP_R_BAD_TAG);
+                       goto err;
+                       break;
+               }
+       time(&t);
+       if (!(ASN1_GENERALIZEDTIME_set(rsp->tbsResponseData->producedAt, t)))
+               goto err;
+       if (!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new(NULL))) goto err;
+       if (extensions && (!(rsp->tbsResponseData->responseExtensions = 
+                                             ext_dup(extensions))))
+               goto err;
+       return rsp;
+err:
+       if (rsp) OCSP_BASICRESP_free(rsp);
+       return NULL;
+       }
+
+int OCSP_basic_response_add(OCSP_BASICRESP           *rsp,
+                           OCSP_CERTID              *cid,
+                           OCSP_CERTSTATUS          *cst,
+                           char                     *this,
+                           char                     *next,
+                           STACK_OF(X509_EXTENSION) *extensions)
+        {
+       OCSP_SINGLERESP *single = NULL;
+
+       if (!(single = OCSP_SINGLERESP_new())) goto err;
+       if (single->certId) OCSP_CERTID_free(single->certId);
+       if (!(single->certId = OCSP_CERTID_dup(cid))) goto err;
+       if (single->certStatus) OCSP_CERTSTATUS_free(single->certStatus);
+       if (!(single->certStatus = OCSP_CERTSTATUS_dup(cst))) goto err;
+       if (!ASN1_GENERALIZEDTIME_set_string(single->thisUpdate,this))goto err;
+       if (next)
+                { 
+               if (!(single->nextUpdate = ASN1_GENERALIZEDTIME_new()))
+                       goto err;
+               if (!ASN1_GENERALIZEDTIME_set_string(single->nextUpdate,next))
+                       goto err;
+               }
+       if (extensions && (!(single->singleExtensions = ext_dup(extensions))))
+               goto err;
+       if (!sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses,single)) goto err;
+       return 1;
+err:
+       if (single) OCSP_SINGLERESP_free(single);
+       return 0;
+       }
+
+int OCSP_basic_response_sign(OCSP_BASICRESP *brsp, 
+                            EVP_PKEY       *key,
+                            const EVP_MD   *dgst,
+                            STACK_OF(X509) *certs)
+        {
+       int i;
+
+       /* Right now, I think that not doing double hashing is the right
+          thing.       -- Richard Levitte */
+       if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
+       if (certs)
+               {
+               if (!(brsp->certs = sk_X509_dup(certs))) goto err;
+               for (i = 0; i < sk_X509_num(brsp->certs); i++)
+                       {
+                       sk_X509_set(brsp->certs, i,
+                              X509_dup(sk_X509_value(certs, i)));
+                       if (! sk_X509_value(brsp->certs, i))
+                               goto err;
+                       }
+               }
+       return 1;
+err:
+       return 0;
+       }
+
+OCSP_RESPONSE *OCSP_response_new(int status,
+                                int nid,
+                                int (*i2d)(),
+                                char *data)
+        {
+        OCSP_RESPONSE *rsp = NULL;
+
+       if (!(rsp = OCSP_RESPONSE_new())) goto err;
+       if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
+       if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
+       if (rsp->responseBytes->responseType) ASN1_OBJECT_free(rsp->responseBytes->responseType);
+       if (!(rsp->responseBytes->responseType = OBJ_nid2obj(nid))) goto err;
+       if (!ASN1_STRING_encode((ASN1_STRING*)rsp->responseBytes->response,
+                               i2d, data, NULL)) goto err;
+       return rsp;
+err:
+       if (rsp) OCSP_RESPONSE_free(rsp);
+       return NULL;
+       }
+
+char* ocspResponseStatus2string(long s)
+        {
+       static struct { long t; char *m; } ts[6]= { 
+               { OCSP_RESPONSE_STATUS_SUCCESSFULL, "successful" },
+               { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
+               { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
+               { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
+               { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
+               { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } }, *p;
+       for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
+               if (p->t == s)
+                        return p->m;
+       return "(UNKNOWN)";
+       } 
+
+char* ocspCertStatus2string(long s)
+        {
+       static struct { long t; char *m; } ts[3]= { 
+               { V_OCSP_CERTSTATUS_GOOD, "good" },
+               { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
+               { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }, *p;
+       for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
+               if (p->t == s)
+                        return p->m;
+       return "(UNKNOWN)";
+       } 
+
+char * cRLReason2string(long s)
+        {
+       static struct { long t; char *m; } ts[8]= { 
+         { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
+          { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
+          { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
+          { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
+          { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
+          { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
+          { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
+          { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } }, *p;
+       for (p=ts; p < &ts[sizeof ts/sizeof ts[0]]; p++)
+               if (p->t == s)
+                        return p->m;
+       return "(UNKNOWN)";
+       } 
+
+static int i2a_GENERAL_NAME(bp,n)
+BIO *bp; 
+GENERAL_NAME *n;
+       {
+       int j;
+        char *p;
+
+       if (n == NULL) return(0);
+
+       switch (n->type)
+               {
+
+       case GEN_DIRNAME:
+               X509_NAME_print(bp,n->d.dirn,16);
+               break;
+
+       case GEN_EMAIL:
+       case GEN_DNS:
+       case GEN_URI:
+       case GEN_IPADD:
+               p=(char *)n->d.ip->data;
+               for (j=n->d.ip->length;j>0;j--)
+                       {
+                       if ((*p >= ' ') && (*p <= '~'))
+                               BIO_printf(bp,"%c",*p);
+                       else if (*p & 0x80)
+                               BIO_printf(bp,"\\0x%02X",*p);
+                       else if ((unsigned char)*p == 0xf7)
+                               BIO_printf(bp,"^?");
+                       else    BIO_printf(bp,"^%c",*p+'@');
+                       p++;
+                       }
+               break;
+
+       case GEN_RID:
+               i2a_ASN1_OBJECT(bp, n->d.rid);
+               break;
+
+       /* XXX these are legit, need to support at some time... */
+       case GEN_OTHERNAME:
+       case GEN_X400:
+       case GEN_EDIPARTY:
+       default:
+               return 0;
+               }
+
+       return 1;
+       }
+
+
+int OCSP_REQUEST_print(bp, o)
+BIO *bp; 
+OCSP_REQUEST* o;
+        {
+       int i,j,n;
+       long l;
+       char *s;
+       OCSP_CERTID* cid = NULL;
+       OCSP_ONEREQ *one = NULL;
+       OCSP_REQINFO *inf = o->tbsRequest;
+       OCSP_SIGNATURE *sig = o->optionalSignature;
+
+       if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) goto err;
+       l=ASN1_INTEGER_get(inf->version);
+       if (BIO_printf(bp,"%4sVersion: %lu (0x%lx)","",l+1,l) <= 0) goto err;
+       if (inf->requestorName != NULL)
+               {
+               if (BIO_write(bp,"\n    Requestor Name: ",21) <= 0) 
+                       goto err;
+               i2a_GENERAL_NAME(bp, inf->requestorName);
+               }
+       if (BIO_write(bp,"\n    Requestor List:\n",21) <= 0) goto err;
+       for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++)
+               {
+               if (! sk_OCSP_ONEREQ_value(inf->requestList, i)) continue;
+               one = sk_OCSP_ONEREQ_value(inf->requestList, i);
+               cid = one->reqCert;
+               j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
+               if (BIO_printf(bp,"%8sHash Algorithm: %s","",
+                              (j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
+                       goto err;
+               if (BIO_write(bp,"\n        Issuer Name Hash: ",27) <= 0)
+                       goto err;
+               i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
+               if (BIO_write(bp,"\n        Issuer Key Hash: ",26) <= 0) 
+                       goto err;
+               i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
+               if (BIO_write(bp,"\n        Serial Number: ",24) <= 0) 
+                       goto err;
+               if (!i2a_ASN1_INTEGER(bp, cid->serialNumber)) 
+                       goto err;
+               if (!BIO_write(bp,"\n",1)) goto err;
+               if (!OCSP_extensions_print(bp, one->singleRequestExtensions,
+                                          "Request Single Extensions"))
+                       goto err;
+               }
+       if (!OCSP_extensions_print(bp, inf->requestExtensions, 
+                                  "Request Extensions"))
+               goto err;
+       if (sig)
+               {
+               i=OBJ_obj2nid(sig->signatureAlgorithm->algorithm);
+               if (BIO_printf(bp,"OCSP Request Signature Algorithm: %s",
+                              (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+                       goto err;
+               n=sig->signature->length;
+               s=(char *)sig->signature->data;
+               for (i=0; i<n; i++)
+                       {
+                       if ((i%18) == 0)
+                       if (BIO_write(bp,"\n        ",9) <= 0) goto err;
+                       if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+                               ((i+1) == n)?"":":") <= 0) goto err;
+                       }
+               if (BIO_write(bp,"\n",1) != 1) goto err;
+               if (sig->certs)
+                       {
+                       for (i=0; i<sk_X509_num(sig->certs); i++)
+                               if (sk_X509_value(sig->certs,i) != NULL)
+                                       X509_print(bp,
+                                           sk_X509_value(sig->certs,i));
+                       }
+               }
+       return 1;
+err:
+       return 0;
+       }
+
+int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o)
+        {
+       int i, j, n;
+       long l;
+       char *s;
+       unsigned char *p;
+       OCSP_CERTID *cid = NULL;
+       OCSP_BASICRESP *br = NULL;
+       OCSP_RESPDATA  *rd = NULL;
+       OCSP_CERTSTATUS *cst = NULL;
+       OCSP_REVOKEDINFO *rev = NULL;
+       OCSP_SINGLERESP *single = NULL;
+       OCSP_RESPBYTES *rb = o->responseBytes;
+
+       l=ASN1_ENUMERATED_get(o->responseStatus);
+       if (BIO_printf(bp,"OCSP Response Status: %s (0x%x)\n", 
+                      ocspResponseStatus2string(l), l) <= 0) goto err;
+       if (rb == NULL) return 1;
+       i=OBJ_obj2nid(rb->responseType);
+        if (BIO_printf(bp,"OCSP Response Bytes Response Type: %s",
+                      (i == NID_undef)?"UNKNOWN":OBJ_nid2sn(i)) <= 0)
+               goto err;
+       if (i != NID_id_pkix_OCSP_basic) 
+               {
+               BIO_printf(bp," (unknown response type)\n");
+               return 1;
+               }
+       p = ASN1_STRING_data(rb->response);
+       i = ASN1_STRING_length(rb->response);
+       if (!(d2i_OCSP_BASICRESP(&br, &p, i))) goto err;
+       rd = br->tbsResponseData;
+       l=ASN1_INTEGER_get(rd->version);
+       if (BIO_printf(bp,"\nBasic Response Data Version: %lu (0x%lx)\n",
+                      l+1,l) <= 0) goto err;
+       if (BIO_printf(bp,"Basic Response Data Responder Id: ") <= 0) goto err;
+       i2a_OCSP_RESPID(bp, rd->responderId);
+       if (BIO_printf(bp,"\nBasic Response Data Produced At: ")<=0) goto err;
+       if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) goto err;
+       if (BIO_printf(bp,"\nBasic Response Data Responses:\n") <= 0) goto err;
+       for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++)
+               {
+               if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) continue;
+               single = sk_OCSP_SINGLERESP_value(rd->responses, i);
+               cid = single->certId;
+               j=OBJ_obj2nid(cid->hashAlgorithm->algorithm);
+               if (BIO_printf(bp,"    Cert Id:") <= 0) goto err;
+               if (BIO_printf(bp,"\n%8sHash Algorithm: %s","",
+                              (j == NID_undef)?"UNKNOWN":OBJ_nid2ln(j)) <= 0)
+                       goto err;
+               if (BIO_write(bp,"\n        Issuer Name Hash: ",27) <= 0)
+                       goto err;
+               i2a_ASN1_STRING(bp, cid->issuerNameHash, V_ASN1_OCTET_STRING);
+               if (BIO_write(bp,"\n        Issuer Key Hash: ",26) <= 0) 
+                       goto err;
+               i2a_ASN1_STRING(bp, cid->issuerKeyHash, V_ASN1_OCTET_STRING);
+               if (BIO_write(bp,"\n        Serial Number: ",24) <= 0) 
+                       goto err;
+               if (!i2a_ASN1_INTEGER(bp, cid->serialNumber)) 
+                       goto err;
+               cst = single->certStatus;
+               if (BIO_printf(bp,"\n    Cert Status: %s (0x%x)",
+                              ocspCertStatus2string(cst->tag), cst->tag) <= 0)
+                       goto err;
+               if (cst->tag == V_OCSP_CERTSTATUS_REVOKED)
+                       {
+                       rev = cst->revoked;
+                       if (BIO_printf(bp, "\n    Revocation Time: ") <= 0) 
+                               goto err;
+                       if (!ASN1_GENERALIZEDTIME_print(bp, 
+                                                       rev->revocationTime)) 
+                               goto err;
+                       if (rev->revocationReason) 
+                               {
+                               l=ASN1_ENUMERATED_get(rev->revocationReason);
+                               if (BIO_printf(bp, 
+                                        "\n    Revocation Reason: %s (0x%x)",
+                                              cRLReason2string(l), l) <= 0)
+                                       goto err;
+                               }
+                       }
+               if (BIO_printf(bp,"\n    This Update: ") <= 0) goto err;
+               if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 
+                       goto err;
+               if (single->nextUpdate)
+                       {
+                       if (BIO_printf(bp,"\n    Next Update: ") <= 0)goto err;
+                       if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
+                               goto err;
+                       }
+               if (!BIO_write(bp,"\n",1)) goto err;
+               if (!OCSP_extensions_print(bp, single->singleExtensions,
+                                          "Basic Response Single Extensions"))
+                       goto err;
+               }
+       if (!OCSP_extensions_print(bp, rd->responseExtensions,
+                                  "Basic Response Extensions")) goto err;
+       i=OBJ_obj2nid(br->signatureAlgorithm->algorithm);
+       if (BIO_printf(bp,"Basic Response Signature Algorithm: %s",
+                      (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0)
+               goto err;
+       n=br->signature->length;
+       s=(char *)br->signature->data;
+       for (i=0; i<n; i++)
+               {
+               if ((i%18) == 0)
+               if (BIO_write(bp,"\n        ",9) <= 0) goto err;
+               if (BIO_printf(bp,"%02x%s",(unsigned char)s[i],
+                       ((i+1) == n)?"":":") <= 0) goto err;
+               }
+       if (BIO_write(bp,"\n",1) != 1) goto err;
+       if (br->certs)
+               {
+               for (i=0; i<sk_X509_num(br->certs); i++)
+                       if (sk_X509_value(br->certs,i) != NULL) {
+                               X509_print(bp, sk_X509_value(br->certs,i));
+                               PEM_write_bio_X509(bp,sk_X509_value(br->certs,i));
+                       }
+               }
+       return 1;
+err:
+       return 0;
+       }
+
+int OCSP_CRLID_print(BIO *bp, OCSP_CRLID *a, int ind)
+        {
+       if (a->crlUrl)
+               {
+               if (!BIO_printf(bp, "%*scrlUrl: ", ind, "")) goto err;
+               if (!ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) goto err;
+               if (!BIO_write(bp, "\n", 1)) goto err;
+               }
+       if (a->crlNum)
+               {
+               if (!BIO_printf(bp, "%*scrlNum: ", ind, "")) goto err;
+               if (!i2a_ASN1_INTEGER(bp, a->crlNum)) goto err;
+               if (!BIO_write(bp, "\n", 1)) goto err;
+               }
+       if (a->crlTime)
+               {
+               if (!BIO_printf(bp, "%*scrlTime: ", ind, "")) goto err;
+               if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) goto err;
+               if (!BIO_write(bp, "\n", 1)) goto err;
+               }
+       return 1;
+err:
+       return 0;
+       }
+
+int OCSP_SERVICELOC_print(BIO *bp, OCSP_SERVICELOC* a, int ind)
+        {
+       int i, j;
+       ACCESS_DESCRIPTION *ad;
+
+        if (BIO_printf(bp, "%*sissuer: ", ind, "") <= 0) goto err;
+        if (X509_NAME_print(bp, a->issuer, 16) <= 0) goto err;
+        if (BIO_printf(bp, "\n", 1) <= 0) goto err;
+
+               /* Service locator is optional */
+               if (a->locator != NULL) {
+                       if (BIO_printf(bp, "%*slocator:\n", ind, "") <= 0) goto err;
+                       for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+               {
+                               ad = sk_ACCESS_DESCRIPTION_value(a->locator,i);
+                               if (BIO_printf(bp, "%*smethod: ", (2*ind), "") <= 0) 
+                                       goto err;
+                               j=OBJ_obj2nid(ad->method);
+                               if (BIO_printf(bp,"%s", (j == NID_undef)?"UNKNOWN":
+                                                          OBJ_nid2ln(j)) <= 0)
+                                       goto err;
+                               if (BIO_printf(bp, "\n%*sname: ", (2*ind), "") <= 0) 
+                                       goto err;
+                               if (i2a_GENERAL_NAME(bp, ad->location) <= 0) goto err;
+                               if (BIO_write(bp, "\n", 1) <= 0) goto err;
+                       }
+               }
+       return 1;
+err:
+       return 0;
+       }
+
+/* XXX assumes certs in signature are sorted root to leaf XXX */
+int OCSP_request_verify(OCSP_REQUEST *req, EVP_PKEY *pkey)
+        {
+       STACK_OF(X509) *sk;
+
+       if (!req->optionalSignature) return 0;
+       if (pkey == NULL)
+               {
+               if (!(sk = req->optionalSignature->certs)) return 0;
+               if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
+                       {
+                       OCSPerr(OCSP_F_REQUEST_VERIFY,OCSP_R_NO_PUBLIC_KEY);
+                       return 0;
+                       }
+               }
+       return OCSP_REQUEST_verify(req, pkey);
+        }
+
+int OCSP_response_verify(OCSP_RESPONSE *rsp, EVP_PKEY *pkey)
+        {
+       int i, r;
+       unsigned char *p;
+       OCSP_RESPBYTES *rb;
+       OCSP_BASICRESP *br = NULL;
+
+       if ((rb = rsp->responseBytes) == NULL) 
+               {
+               OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_NO_RESPONSE_DATA);
+                return 0;
+               }
+       if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) 
+               {
+               OCSPerr(OCSP_F_RESPONSE_VERIFY,OCSP_R_BAD_TAG);
+                return 0;
+               }
+       p = ASN1_STRING_data(rb->response);
+       i = ASN1_STRING_length(rb->response);
+       if (!(d2i_OCSP_BASICRESP(&br, &p, i))) return 0;
+       r = OCSP_basic_response_verify(br, pkey);
+       OCSP_BASICRESP_free(br);
+       return r;
+        }
+
+int OCSP_basic_response_verify(OCSP_BASICRESP *rsp, EVP_PKEY *pkey)
+        {
+       STACK_OF(X509) *sk;
+       int ret;
+
+       if (!rsp->signature) 
+               {
+               OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_SIGNATURE);
+                return 0;
+               }
+       if (pkey == NULL)
+               {
+               if (!(sk = rsp->certs))
+                       {
+                       OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_CERTIFICATE);
+                       return 0;
+                       }
+               if (!(pkey=X509_get_pubkey(sk_X509_value(sk, sk_X509_num(sk)-1))))
+                       {
+                       OCSPerr(OCSP_F_BASIC_RESPONSE_VERIFY,OCSP_R_NO_PUBLIC_KEY);
+                       return 0;
+                       }
+               }
+       ret = OCSP_BASICRESP_verify(rsp, pkey, 0);
+       return ret;
+        }
diff --git a/crypto/ocsp/ocsp_req.c b/crypto/ocsp/ocsp_req.c
new file mode 100644 (file)
index 0000000..e1be8bd
--- /dev/null
@@ -0,0 +1,316 @@
+/* ocsp_req.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+IMPLEMENT_STACK_OF(OCSP_ONEREQ)
+IMPLEMENT_ASN1_SET_OF(OCSP_ONEREQ)
+
+OCSP_REQINFO *OCSP_REQINFO_new(void)
+       {
+       OCSP_REQINFO *ret=NULL;
+       ASN1_CTX c;
+
+       M_ASN1_New_Malloc(ret, OCSP_REQINFO);
+       ret->version = NULL;
+       ret->requestorName = NULL;
+       ret->requestList = NULL;
+       ret->requestExtensions = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_REQINFO_NEW);
+       }
+
+void OCSP_REQINFO_free(OCSP_REQINFO *a)
+       {
+       if (a == NULL) return;
+       ASN1_INTEGER_free(a->version);
+       GENERAL_NAME_free(a->requestorName);
+       sk_OCSP_ONEREQ_pop_free(a->requestList, OCSP_ONEREQ_free);
+       sk_X509_EXTENSION_pop_free(a->requestExtensions, X509_EXTENSION_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_REQINFO(OCSP_REQINFO *a,
+                    unsigned char **pp)
+       {
+       int v1=0,v2=0,v3=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+       M_ASN1_I2D_len_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
+       M_ASN1_I2D_len_SEQUENCE_type(OCSP_ONEREQ,
+                    a->requestList, i2d_OCSP_ONEREQ);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->requestExtensions, i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
+
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+       M_ASN1_I2D_put_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
+       M_ASN1_I2D_put_SEQUENCE_type(OCSP_ONEREQ,a->requestList,i2d_OCSP_ONEREQ);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->requestExtensions,i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
+
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a,
+                              unsigned char **pp,
+                              long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_REQINFO *,OCSP_REQINFO_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       /* we have the optional version field */
+       if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+               { M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
+       else
+               {
+               if (ret->version != NULL)
+                       {
+                       ASN1_INTEGER_free(ret->version);
+                       ret->version=NULL;
+                       }
+               }
+       M_ASN1_D2I_get_EXP_opt(ret->requestorName,d2i_GENERAL_NAME,1);
+       M_ASN1_D2I_get_seq_type(OCSP_ONEREQ, ret->requestList,
+                               d2i_OCSP_ONEREQ,OCSP_ONEREQ_free);
+       /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+          we're using the set version */
+       M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+               ret->requestExtensions,d2i_X509_EXTENSION,
+               X509_EXTENSION_free,2,V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a,OCSP_REQINFO_free,ASN1_F_D2I_OCSP_REQINFO);
+       }
+
+int i2a_OCSP_REQINFO(BIO *bp,
+                    OCSP_REQINFO* a)
+        {
+       int i, j=1;
+       if (a->version == NULL) BIO_puts(bp, "0");
+       else i2a_ASN1_INTEGER(bp, a->version);
+       if (a->requestorName != NULL) 
+               {
+               j++;
+#ifdef UNDEF
+               i2a_GENERAL_NAME(bp, a->requestorName); /* does not exist */
+#endif
+               }
+       if (a->requestList != NULL)
+               {
+               for (i=0; i<sk_OCSP_ONEREQ_num(a->requestList); i++)
+                       if (sk_OCSP_ONEREQ_value(a->requestList,i) != NULL)
+                               i2a_OCSP_ONEREQ(bp, 
+                                     sk_OCSP_ONEREQ_value(a->requestList,i));
+               j+=sk_OCSP_ONEREQ_num(a->requestList);
+               }
+       j+=OCSP_extensions_print(bp, a->requestExtensions,
+                                "Request Extensions");
+       return j;
+       }
+
+OCSP_REQUEST *OCSP_REQUEST_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_REQUEST *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_REQUEST);
+       M_ASN1_New(ret->tbsRequest, OCSP_REQINFO_new);
+       ret->optionalSignature = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_REQUEST_NEW);
+       }
+       
+void OCSP_REQUEST_free(OCSP_REQUEST *a)
+       {
+       if (a == NULL) return;
+       OCSP_REQINFO_free(a->tbsRequest);
+       OCSP_SIGNATURE_free(a->optionalSignature);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_REQUEST(OCSP_REQUEST *a,
+                    unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->tbsRequest, i2d_OCSP_REQINFO);
+       M_ASN1_I2D_len_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->tbsRequest, i2d_OCSP_REQINFO); 
+       M_ASN1_I2D_put_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a,
+                              unsigned char **pp,
+                              long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_REQUEST *,OCSP_REQUEST_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->tbsRequest, d2i_OCSP_REQINFO);
+       M_ASN1_D2I_get_EXP_opt(ret->optionalSignature, d2i_OCSP_SIGNATURE, 0);
+       M_ASN1_D2I_Finish(a,OCSP_REQUEST_free,ASN1_F_D2I_OCSP_REQUEST);
+       }
+
+int i2a_OCSP_REQUEST(BIO *bp,
+                    OCSP_REQUEST* a)
+        {
+       i2a_OCSP_REQINFO(bp, a->tbsRequest);
+       i2a_OCSP_SIGNATURE(bp, a->optionalSignature);
+       return a->optionalSignature ? 2 : 1;
+       }
+
+OCSP_ONEREQ *OCSP_ONEREQ_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_ONEREQ *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_ONEREQ);
+       M_ASN1_New(ret->reqCert, OCSP_CERTID_new);
+       ret->singleRequestExtensions = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_ONEREQ_NEW);
+       }
+       
+void OCSP_ONEREQ_free(OCSP_ONEREQ *a)
+       {
+       if (a == NULL) return;
+       OCSP_CERTID_free(a->reqCert);
+       sk_X509_EXTENSION_pop_free(a->singleRequestExtensions, X509_EXTENSION_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a,
+                   unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->reqCert, i2d_OCSP_CERTID);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
+            V_ASN1_SEQUENCE, v);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->reqCert, i2d_OCSP_CERTID);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
+            V_ASN1_SEQUENCE, v);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a,
+                            unsigned char **pp,
+                            long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_ONEREQ *,OCSP_ONEREQ_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->reqCert, d2i_OCSP_CERTID);
+       /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+          we're using the set version */
+       M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+               ret->singleRequestExtensions, d2i_X509_EXTENSION,
+               X509_EXTENSION_free, 0, V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a,OCSP_ONEREQ_free,ASN1_F_D2I_OCSP_ONEREQ);
+       }
+
+int i2a_OCSP_ONEREQ(BIO *bp,
+                   OCSP_ONEREQ* a)
+        {
+       i2a_OCSP_CERTID(bp, a->reqCert);
+#ifdef UNDEF
+       /* XXX need generic extension print method or need to register
+        * ocsp extensions with existing extension handler mechanism,
+        * invoke i2a callbacks.
+        */
+       if (a->singleRequestExtensions != NULL)
+               {
+               for (i=0; i<sk_X509_EXTENSION_num(a->singleRequestExtensions); i++)
+                       if (sk_X509_EXTENSION_value(a->singleRequestExtensions,i) != NULL)
+                         i2a_X509_EXTENSION(bp, 
+                                    sk_X509_EXTENSION_value(
+                                       a->singleRequestExtensions, i));
+               j+=sk_X509_EXTENSION_num(a->singleRequestExtensions);
+               }
+#endif
+       return 1;
+       }
diff --git a/crypto/ocsp/ocsp_res.c b/crypto/ocsp/ocsp_res.c
new file mode 100644 (file)
index 0000000..34443ab
--- /dev/null
@@ -0,0 +1,896 @@
+/* ocsp_req.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/err.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+IMPLEMENT_STACK_OF(OCSP_SINGLERESP)
+IMPLEMENT_ASN1_SET_OF(OCSP_SINGLERESP)
+
+OCSP_RESPBYTES *OCSP_RESPBYTES_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_RESPBYTES *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_RESPBYTES);
+       M_ASN1_New(ret->responseType, ASN1_OBJECT_new);
+       M_ASN1_New(ret->response, ASN1_OCTET_STRING_new);
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_RESPBYTES_NEW);
+       }
+       
+void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a)
+       {
+       if (a == NULL) return;
+       ASN1_OBJECT_free(a->responseType);
+       ASN1_OCTET_STRING_free(a->response);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a,
+                      unsigned char **pp)
+       {
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->responseType, i2d_ASN1_OBJECT);
+       M_ASN1_I2D_len(a->response, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->responseType, i2d_ASN1_OBJECT);
+       M_ASN1_I2D_put(a->response, i2d_ASN1_OCTET_STRING);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a,
+                                  unsigned char **pp,
+                                  long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_RESPBYTES *,OCSP_RESPBYTES_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->responseType, d2i_ASN1_OBJECT);
+       M_ASN1_D2I_get(ret->response, d2i_ASN1_OCTET_STRING);
+       M_ASN1_D2I_Finish(a,OCSP_RESPBYTES_free,ASN1_F_D2I_OCSP_RESPBYTES);
+       }
+
+int i2a_OCSP_RESPBYTES(BIO *bp,
+                      OCSP_RESPBYTES* a)
+        {
+       i2a_ASN1_OBJECT(bp, a->responseType);
+       i2a_ASN1_STRING(bp, a->response, V_ASN1_OCTET_STRING);
+       return 2;
+       }
+
+OCSP_RESPONSE *OCSP_RESPONSE_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_RESPONSE *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_RESPONSE);
+       M_ASN1_New(ret->responseStatus, ASN1_ENUMERATED_new);
+       ret->responseBytes = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_RESPONSE_NEW);
+       }
+       
+void OCSP_RESPONSE_free(OCSP_RESPONSE *a)
+       {
+       if (a == NULL) return;
+       ASN1_ENUMERATED_free(a->responseStatus);
+       OCSP_RESPBYTES_free(a->responseBytes);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a,
+                     unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->responseStatus, i2d_ASN1_ENUMERATED);
+       M_ASN1_I2D_len_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->responseStatus, i2d_ASN1_ENUMERATED);
+       M_ASN1_I2D_put_EXP_opt(a->responseBytes, i2d_OCSP_RESPBYTES, 0, v);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a,
+                                unsigned char **pp,
+                                long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_RESPONSE *,OCSP_RESPONSE_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->responseStatus, d2i_ASN1_ENUMERATED);
+       M_ASN1_D2I_get_EXP_opt(ret->responseBytes, d2i_OCSP_RESPBYTES, 0);
+       M_ASN1_D2I_Finish(a,OCSP_RESPONSE_free,ASN1_F_D2I_OCSP_RESPONSE);
+       }
+
+int i2a_OCSP_RESPONSE(BIO *bp, OCSP_RESPONSE* a)
+        {
+       i2a_ASN1_STRING(bp, a->responseStatus, V_ASN1_ENUMERATED);
+       i2a_OCSP_RESPBYTES(bp, a->responseBytes);
+       return a->responseBytes ? 2 : 1;
+       }
+
+OCSP_RESPID *OCSP_RESPID_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_RESPID *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_RESPID);
+       ret->tag = -1;
+       ret->value.byName = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_RESPID_NEW);
+       }
+       
+void OCSP_RESPID_free(OCSP_RESPID *a)
+       {
+       if (a == NULL) return;
+       switch (a->tag)
+               {
+               case V_OCSP_RESPID_NAME:
+                       X509_NAME_free(a->value.byName);
+                       break;
+               case V_OCSP_RESPID_KEY:
+                       ASN1_OCTET_STRING_free(a->value.byKey);
+                       break;
+               }
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+       switch (a->tag)
+               {
+               case V_OCSP_RESPID_NAME:
+                       v = i2d_X509_NAME(a->value.byName,NULL);
+                       ret += ASN1_object_size(1, v, V_OCSP_RESPID_NAME);
+                       if (pp==NULL) return ret;
+                       p=*pp;
+                       ASN1_put_object(&p, 1, v, 
+                                       V_OCSP_RESPID_NAME,
+                                       V_ASN1_CONTEXT_SPECIFIC);
+                       i2d_X509_NAME(a->value.byName,&p);
+                       break;
+               case V_OCSP_RESPID_KEY:
+                       v = i2d_ASN1_OCTET_STRING(a->value.byKey,NULL);
+                       ret += ASN1_object_size(1, v, V_OCSP_RESPID_KEY);
+                       if (pp==NULL) return ret;
+                       p=*pp;
+                       ASN1_put_object(&p, 1, v, 
+                                       V_OCSP_RESPID_KEY,
+                                       V_ASN1_CONTEXT_SPECIFIC);
+                       i2d_ASN1_OCTET_STRING(a->value.byKey,&p);
+                       break;
+               }
+       if (pp && *pp) *pp=p;
+       return(r);
+       }
+
+OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a,
+                            unsigned char **pp,
+                            long length)
+       {
+       int inf,xclass;
+       M_ASN1_D2I_vars(a,OCSP_RESPID *,OCSP_RESPID_new);
+
+       M_ASN1_D2I_Init();
+       c.slen = length; /* simulate sequence */
+       inf=ASN1_get_object(&c.p,&c.slen,&ret->tag,&xclass,c.slen);
+       if (inf & 0x80) goto err;
+       switch (ret->tag)
+               {
+               case V_OCSP_RESPID_NAME:
+                       M_ASN1_D2I_get(ret->value.byName, d2i_X509_NAME);
+                       break;
+               case V_OCSP_RESPID_KEY:
+                       M_ASN1_D2I_get(ret->value.byKey, d2i_ASN1_OCTET_STRING);
+                       break;
+               default:
+                       ASN1err(ASN1_F_D2I_OCSP_RESPID,ASN1_R_BAD_TYPE);
+                       break;
+               }
+       M_ASN1_D2I_Finish(a,OCSP_RESPID_free,ASN1_F_D2I_OCSP_RESPID);
+       }
+
+int i2a_OCSP_RESPID(BIO *bp, OCSP_RESPID* a)
+        {
+       switch (a->tag)
+               {
+               case V_OCSP_RESPID_NAME:
+                       X509_NAME_print(bp, a->value.byName, 16);
+                       break;
+               case V_OCSP_RESPID_KEY:
+                       i2a_ASN1_STRING(bp, a->value.byKey, V_ASN1_OCTET_STRING);
+                       break;
+               }
+
+       return 1;
+       }
+
+OCSP_RESPDATA *OCSP_RESPDATA_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_RESPDATA *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_RESPDATA);
+       ret->version = NULL;
+       M_ASN1_New(ret->responderId, OCSP_RESPID_new);
+       M_ASN1_New(ret->producedAt, ASN1_GENERALIZEDTIME_new);
+       ret->responses = NULL;
+       ret->responseExtensions = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_RESPDATA_NEW);
+       }
+       
+void OCSP_RESPDATA_free(OCSP_RESPDATA *a)
+       {
+       if (a == NULL) return;
+       ASN1_INTEGER_free(a->version);
+       OCSP_RESPID_free(a->responderId);
+       ASN1_GENERALIZEDTIME_free(a->producedAt);
+       sk_OCSP_SINGLERESP_pop_free(a->responses, OCSP_SINGLERESP_free);
+       sk_X509_EXTENSION_pop_free(a->responseExtensions, X509_EXTENSION_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a,
+                     unsigned char **pp)
+       {
+       int v1=0,v2=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
+       M_ASN1_I2D_len(a->responderId, i2d_OCSP_RESPID);
+       M_ASN1_I2D_len(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
+       M_ASN1_I2D_len_SEQUENCE_type(OCSP_SINGLERESP, a->responses, 
+                               i2d_OCSP_SINGLERESP);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->responseExtensions, i2d_X509_EXTENSION, 1,
+            V_ASN1_SEQUENCE, v2);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put_EXP_opt(a->version, i2d_ASN1_INTEGER, 0, v1);
+       M_ASN1_I2D_put(a->responderId, i2d_OCSP_RESPID);
+       M_ASN1_I2D_put(a->producedAt, i2d_ASN1_GENERALIZEDTIME);
+       M_ASN1_I2D_put_SEQUENCE_type(OCSP_SINGLERESP, a->responses,
+                                    i2d_OCSP_SINGLERESP);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->responseExtensions, i2d_X509_EXTENSION, 1,
+            V_ASN1_SEQUENCE, v2);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a,
+                                unsigned char **pp,
+                                long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_RESPDATA *,OCSP_RESPDATA_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       /* we have the optional version field */
+       if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+               { M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
+       else
+               {
+               if (ret->version != NULL)
+                       {
+                       ASN1_INTEGER_free(ret->version);
+                       ret->version=NULL;
+                       }
+               }
+       M_ASN1_D2I_get(ret->responderId, d2i_OCSP_RESPID);
+       M_ASN1_D2I_get(ret->producedAt, d2i_ASN1_GENERALIZEDTIME);
+       M_ASN1_D2I_get_seq_type(OCSP_SINGLERESP, ret->responses,
+                       d2i_OCSP_SINGLERESP, OCSP_SINGLERESP_free);
+       /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+          we're using the set version */
+       M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+               ret->responseExtensions, d2i_X509_EXTENSION, 
+               X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a,OCSP_RESPDATA_free,ASN1_F_D2I_OCSP_RESPDATA);
+       }
+
+int i2a_OCSP_RESPDATA(BIO *bp, OCSP_RESPDATA* a)
+        {
+       int i, j=2;
+       if (a->version == NULL) BIO_puts(bp, "0");
+       else i2a_ASN1_INTEGER(bp, a->version);
+       i2a_OCSP_RESPID(bp, a->responderId);
+       if (!ASN1_GENERALIZEDTIME_print(bp, a->producedAt)) return 0;
+       if (a->responses != NULL)
+               {
+               for (i=0; i<sk_OCSP_SINGLERESP_num(a->responses); i++)
+                       if (sk_OCSP_SINGLERESP_value(a->responses,i) != NULL)
+                               i2a_OCSP_SINGLERESP(bp, 
+                                     sk_OCSP_SINGLERESP_value(a->responses,i));
+               j+=sk_OCSP_SINGLERESP_num(a->responses);
+               }
+#ifdef UNDEF
+       /* XXX need generic extension print method or need to register
+        * ocsp extensions with existing extension handler mechanism,
+        * invoke i2a callbacks.
+        */
+       if (a->responseExtensions != NULL)
+               {
+               for (i=0; i<sk_X509_EXTENSION_num(a->responseExtensions); i++)
+                       if (sk_X509_EXTENSION_value(a->responseExtensions,i) != NULL)
+                               i2a_X509_EXTENSION(bp, 
+                                  sk_X509_EXTENSION_value(a->responseExtensions,i));
+               j+=sk_X509_EXTENSION_num(a->responseExtensions);
+               }
+#endif
+       return j;
+       }
+
+OCSP_BASICRESP *OCSP_BASICRESP_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_BASICRESP *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_BASICRESP);
+       M_ASN1_New(ret->tbsResponseData, OCSP_RESPDATA_new);
+       M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
+       M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+       ret->certs = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_BASICRESP_NEW);
+       }
+       
+void OCSP_BASICRESP_free(OCSP_BASICRESP *a)
+       {
+       if (a == NULL) return;
+       OCSP_RESPDATA_free(a->tbsResponseData);
+       X509_ALGOR_free(a->signatureAlgorithm);
+       ASN1_BIT_STRING_free(a->signature);
+       sk_X509_pop_free(a->certs, X509_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->tbsResponseData, i2d_OCSP_RESPDATA);
+       M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
+       M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs, 
+                            i2d_X509, 0, V_ASN1_SEQUENCE, v);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->tbsResponseData, i2d_OCSP_RESPDATA);
+       M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
+       M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs,
+                            i2d_X509, 0, V_ASN1_SEQUENCE, v);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a,
+                                  unsigned char **pp,
+                                  long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_BASICRESP *,OCSP_BASICRESP_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->tbsResponseData, d2i_OCSP_RESPDATA);
+       M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
+       M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+       /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+          we're using the set version */
+       M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509, 
+                                  X509_free, 0, V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a,OCSP_BASICRESP_free,ASN1_F_D2I_OCSP_BASICRESP);
+       }
+
+int i2a_OCSP_BASICRESP(BIO *bp, OCSP_BASICRESP* a)
+        {
+       int i, j=3;
+       i2a_OCSP_RESPDATA(bp, a->tbsResponseData);
+#ifdef UNDEF
+       /* XXX this guy isn't implemented. */
+       i2a_X509_ALGOR(bp, a->signatureAlgorithm);
+#else   /* instead, just show OID, not param */
+       i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
+#endif
+       i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
+       if (a->certs != NULL)
+               {
+               for (i=0; i<sk_X509_num(a->certs); i++)
+                       if (sk_X509_value(a->certs,i) != NULL)
+                               X509_print(bp, sk_X509_value(a->certs,i));
+               j+=sk_X509_num(a->certs);
+               }
+       return j;
+       }
+
+OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_REVOKEDINFO *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_REVOKEDINFO);
+       M_ASN1_New(ret->revocationTime, ASN1_GENERALIZEDTIME_new);
+       ret->revocationReason = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_REVOKEDINFO_NEW);
+       }
+       
+void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a)
+       {
+       if (a == NULL) return;
+       ASN1_GENERALIZEDTIME_free(a->revocationTime);
+       ASN1_ENUMERATED_free(a->revocationReason);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->revocationTime, i2d_ASN1_GENERALIZEDTIME);
+       M_ASN1_I2D_len_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->revocationTime, i2d_ASN1_GENERALIZEDTIME); 
+       M_ASN1_I2D_put_EXP_opt(a->revocationReason, i2d_ASN1_ENUMERATED, 0, v);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a,
+                                      unsigned char **pp,
+                                      long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_REVOKEDINFO *,OCSP_REVOKEDINFO_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->revocationTime, d2i_ASN1_GENERALIZEDTIME);
+       M_ASN1_D2I_get_EXP_opt(ret->revocationReason, d2i_ASN1_ENUMERATED, 0);
+       M_ASN1_D2I_Finish(a,OCSP_REVOKEDINFO_free,ASN1_F_D2I_OCSP_REVOKEDINFO);
+       }
+
+int i2a_OCSP_REVOKEDINFO(BIO *bp, OCSP_REVOKEDINFO* a)
+        {
+       int i=0; 
+       if (!ASN1_GENERALIZEDTIME_print(bp, a->revocationTime)) return 0;
+       if (a->revocationReason)
+               {
+                i2a_ASN1_STRING(bp, a->revocationReason, V_ASN1_ENUMERATED);
+               i++;
+               }
+       return i;
+       }
+
+OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void)
+
+       {
+       ASN1_CTX c;
+       OCSP_CERTSTATUS *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_CERTSTATUS);
+       ret->tag = -1;
+       ret->revoked = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_CERTSTATUS_NEW);
+       }
+       
+void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a)
+       {
+       if (a == NULL) return;
+       OCSP_REVOKEDINFO_free(a->revoked);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp)
+       {
+       unsigned char *qq;
+       M_ASN1_I2D_vars(a);
+       ret += 0; /* shush, compiler, shush... */
+       if (a == NULL) return(0);
+       switch (a->tag)
+               {
+               case V_OCSP_CERTSTATUS_GOOD:
+               case V_OCSP_CERTSTATUS_UNKNOWN:
+                       r = 2;
+                       if (pp)
+                               {
+                               qq=p=*pp;
+                               ASN1_put_object(&p,0,0,
+                                               V_ASN1_NULL,V_ASN1_UNIVERSAL);
+                               *qq=(V_ASN1_CONTEXT_SPECIFIC|a->tag|
+                                                  (*qq&V_ASN1_CONSTRUCTED));
+                               }
+                       break;
+               case V_OCSP_CERTSTATUS_REVOKED:
+                       r = i2d_OCSP_REVOKEDINFO(a->revoked,NULL);
+                       if (pp)
+                               {
+                               p=*pp;
+                               M_ASN1_I2D_put_IMP_opt(a->revoked,
+                                                      i2d_OCSP_REVOKEDINFO, 
+                                                      a->tag);
+                               }
+                       break;
+
+               }
+       if (pp && *pp) *pp=p;
+       return(r);
+       }
+
+OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a,
+                                    unsigned char **pp,
+                                    long length)
+       {
+       int tag, xclass, error=0;
+       long len;
+       unsigned char *p, *q, t;
+       OCSP_CERTSTATUS* ret=NULL;
+
+       if ((a == NULL) || ((*a) == NULL))
+               { 
+               if ((ret=(OCSP_CERTSTATUS*)OCSP_CERTSTATUS_new()) == NULL) 
+                       goto err; 
+               }
+       else    ret=(*a);
+       p=*pp;
+       ret->tag = (*p & ~(V_ASN1_CONSTRUCTED | V_ASN1_CONTEXT_SPECIFIC));
+       switch (ret->tag)
+               {
+               case V_OCSP_CERTSTATUS_GOOD:
+               case V_OCSP_CERTSTATUS_UNKNOWN:
+                       ret->revoked = NULL;
+                       q=p;
+                       ASN1_get_object(&p,&len,&tag,&xclass,length);
+                       if (len) 
+                                {
+                               error = ASN1_R_BAD_TYPE;
+                               goto err;
+                               }
+                       break;
+               case V_OCSP_CERTSTATUS_REVOKED:
+                       q=p;
+                       ASN1_get_object(&q,&len,&tag,&xclass,length);
+                       t=*p;
+                       *p=(t&~V_ASN1_PRIMATIVE_TAG)|V_ASN1_SEQUENCE;
+                       q=p; 
+                       if (d2i_OCSP_REVOKEDINFO(&ret->revoked,
+                                                &p,length) == NULL)
+                               goto err;
+                       *q=t;
+                       if ((p-q) != (len+2))
+                                {
+                               error = ASN1_R_BAD_TYPE;
+                               goto err;
+                               }
+                       break;
+               default:
+                       ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,ASN1_R_BAD_TYPE);
+                       break;
+               }
+       *pp=p;
+       if (a != NULL) (*a)=ret;
+       return(ret);
+err:
+       ASN1err(ASN1_F_D2I_OCSP_CERTSTATUS,error); 
+       asn1_add_error(*pp,(int)(q- *pp)); 
+       if ((ret != NULL) && ((a == NULL) || (*a != ret))) 
+               OCSP_CERTSTATUS_free(ret); 
+       return(NULL);
+       }
+
+int i2a_OCSP_CERTSTATUS(BIO *bp, OCSP_CERTSTATUS* a)
+        {
+       switch (a->tag)
+               {
+               case V_OCSP_CERTSTATUS_GOOD:
+                       BIO_puts(bp, "CertStatus: good");
+                       break;
+               case V_OCSP_CERTSTATUS_REVOKED:
+                       BIO_puts(bp, "CertStatus: revoked");
+                       i2a_OCSP_REVOKEDINFO(bp, a->revoked);
+                       break;
+               case V_OCSP_CERTSTATUS_UNKNOWN:
+                       BIO_puts(bp, "CertStatus: unknown");
+                       break;
+               }
+       return 1;
+       }
+
+OCSP_SINGLERESP *OCSP_SINGLERESP_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_SINGLERESP *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_SINGLERESP);
+       M_ASN1_New(ret->certId, OCSP_CERTID_new);
+       M_ASN1_New(ret->certStatus, OCSP_CERTSTATUS_new);
+       M_ASN1_New(ret->thisUpdate, ASN1_GENERALIZEDTIME_new);
+       ret->nextUpdate = NULL;
+       ret->singleExtensions = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_SINGLERESP_NEW);
+       }
+       
+void OCSP_SINGLERESP_free(OCSP_SINGLERESP *a)
+       {
+       if (a == NULL) return;
+       OCSP_CERTID_free(a->certId);
+       OCSP_CERTSTATUS_free(a->certStatus);
+       ASN1_GENERALIZEDTIME_free(a->thisUpdate);
+       ASN1_GENERALIZEDTIME_free(a->nextUpdate);
+       sk_X509_EXTENSION_pop_free(a->singleExtensions, X509_EXTENSION_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_SINGLERESP(OCSP_SINGLERESP *a, unsigned char **pp)
+       {
+       int v1=0,v2=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->certId, i2d_OCSP_CERTID);
+       M_ASN1_I2D_len(a->certStatus, i2d_OCSP_CERTSTATUS);
+       M_ASN1_I2D_len(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
+       M_ASN1_I2D_len_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->certId, i2d_OCSP_CERTID);
+       M_ASN1_I2D_put(a->certStatus, i2d_OCSP_CERTSTATUS);
+       M_ASN1_I2D_put(a->thisUpdate, i2d_ASN1_GENERALIZEDTIME);
+       M_ASN1_I2D_put_EXP_opt(a->nextUpdate, i2d_ASN1_GENERALIZEDTIME, 0, v1);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+            a->singleExtensions, i2d_X509_EXTENSION, 1, V_ASN1_SEQUENCE, v2);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_SINGLERESP *d2i_OCSP_SINGLERESP(OCSP_SINGLERESP **a,
+                                    unsigned char **pp,
+                                    long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_SINGLERESP *,OCSP_SINGLERESP_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->certId, d2i_OCSP_CERTID);
+       M_ASN1_D2I_get(ret->certStatus, d2i_OCSP_CERTSTATUS);
+       M_ASN1_D2I_get(ret->thisUpdate, d2i_ASN1_GENERALIZEDTIME);
+       M_ASN1_D2I_get_EXP_opt(ret->nextUpdate, d2i_ASN1_GENERALIZEDTIME, 0);
+       /* there is no M_ASN1_D2I_get_EXP_seq*, so had to use set here*/
+       M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION, ret->singleExtensions, 
+          d2i_X509_EXTENSION, X509_EXTENSION_free, 1, V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a,OCSP_SINGLERESP_free,ASN1_F_D2I_OCSP_SINGLERESP);
+       }
+
+int i2a_OCSP_SINGLERESP(BIO *bp, OCSP_SINGLERESP* a)
+        {
+       int /* XXX i, */ j=3;
+       i2a_OCSP_CERTID(bp, a->certId);
+       i2a_OCSP_CERTSTATUS(bp, a->certStatus);
+       if (!ASN1_GENERALIZEDTIME_print(bp, a->thisUpdate)) return 0;
+       if (a->nextUpdate) 
+               {
+               if (!ASN1_GENERALIZEDTIME_print(bp, a->nextUpdate)) return 0;
+               j++;
+               }
+#ifdef UNDEF
+       /* XXX need generic extension print method or need to register
+        * ocsp extensions with existing extension handler mechanism,
+        * invoke i2a callbacks.
+        */
+       if (a->singleExtensions != NULL)
+               {
+               for (i=0; i<sk_X509_EXTENSION_num(a->singleExtensions); i++)
+                       if (sk_X509_EXTENSION_value(a->singleExtensions,i) != NULL)
+                               i2a_X509_EXTENSION(bp, 
+                                 sk_X509_EXTENSION_value(a->singleExtensions,i));
+               j+=sk_X509_EXTENSION_num(a->singleExtensions);
+               }
+#endif
+       return j;
+       }
+
+OCSP_CRLID *OCSP_CRLID_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_CRLID *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_CRLID);
+       ret->crlUrl = NULL;
+       ret->crlNum = NULL;
+       ret->crlTime = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_CRLID_NEW);
+       }
+       
+void OCSP_CRLID_free(OCSP_CRLID *a)
+       {
+       if (a == NULL) return;
+       ASN1_IA5STRING_free(a->crlUrl);
+       ASN1_INTEGER_free(a->crlNum);
+       ASN1_GENERALIZEDTIME_free(a->crlTime);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_CRLID(OCSP_CRLID *a,
+                  unsigned char **pp)
+       {
+       int v1=0,v2=0,v3=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
+       M_ASN1_I2D_len_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
+       M_ASN1_I2D_len_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put_EXP_opt(a->crlUrl, i2d_ASN1_IA5STRING, 0, v1);
+       M_ASN1_I2D_put_EXP_opt(a->crlNum, i2d_ASN1_INTEGER, 1, v2);
+       M_ASN1_I2D_put_EXP_opt(a->crlTime, i2d_ASN1_GENERALIZEDTIME, 2, v3);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_CRLID *d2i_OCSP_CRLID(OCSP_CRLID **a,
+                          unsigned char **pp,
+                          long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_CRLID *,OCSP_CRLID_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get_EXP_opt(ret->crlUrl, d2i_ASN1_IA5STRING, 0);
+       M_ASN1_D2I_get_EXP_opt(ret->crlNum, d2i_ASN1_INTEGER, 1);
+       M_ASN1_D2I_get_EXP_opt(ret->crlTime, d2i_ASN1_GENERALIZEDTIME, 2);
+       M_ASN1_D2I_Finish(a,OCSP_CRLID_free,ASN1_F_D2I_OCSP_CRLID);
+       }
+
+int i2a_OCSP_CRLID(BIO *bp, OCSP_CRLID* a)
+        {
+       int i = 0;
+       char buf[1024];
+       if (a->crlUrl && ASN1_STRING_print(bp, (ASN1_STRING*)a->crlUrl)) i++;
+       if (a->crlNum && a2i_ASN1_INTEGER(bp, a->crlNum, buf, sizeof buf)) i++;
+       if (a->crlTime && ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) i++;
+       return i;
+       }
+
+OCSP_SERVICELOC *OCSP_SERVICELOC_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_SERVICELOC *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_SERVICELOC);
+       M_ASN1_New(ret->issuer, X509_NAME_new);
+       ret->locator = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_SERVICELOC_NEW);
+       }
+       
+void OCSP_SERVICELOC_free(OCSP_SERVICELOC *a)
+       {
+       if (a == NULL) return;
+       X509_NAME_free(a->issuer);
+       sk_ACCESS_DESCRIPTION_pop_free(a->locator, ACCESS_DESCRIPTION_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_SERVICELOC(OCSP_SERVICELOC *a,
+                       unsigned char **pp)
+       {
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->issuer, i2d_X509_NAME);
+       M_ASN1_I2D_len_SEQUENCE_opt_type(ACCESS_DESCRIPTION, 
+                        a->locator, i2d_ACCESS_DESCRIPTION);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->issuer, i2d_X509_NAME);
+       M_ASN1_I2D_put_SEQUENCE_opt_type(ACCESS_DESCRIPTION,
+                        a->locator, i2d_ACCESS_DESCRIPTION);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_SERVICELOC *d2i_OCSP_SERVICELOC(OCSP_SERVICELOC **a,
+                                    unsigned char **pp,
+                                    long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_SERVICELOC *,OCSP_SERVICELOC_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->issuer, d2i_X509_NAME);
+       M_ASN1_D2I_get_seq_opt_type(ACCESS_DESCRIPTION, ret->locator,
+                   d2i_ACCESS_DESCRIPTION,ACCESS_DESCRIPTION_free);
+       M_ASN1_D2I_Finish(a,OCSP_SERVICELOC_free,ASN1_F_D2I_OCSP_SERVICELOC);
+       }
+
+int i2a_OCSP_SERVICELOC(BIO *bp,
+                       OCSP_SERVICELOC* a)
+        {
+       int i;
+       X509_NAME_print(bp, a->issuer, 16);
+       if (!a->locator) return 1;
+       for (i=0; i<sk_ACCESS_DESCRIPTION_num(a->locator); i++)
+               i2a_ACCESS_DESCRIPTION(bp,
+                            sk_ACCESS_DESCRIPTION_value(a->locator,i));
+       return i+2;
+       }
diff --git a/crypto/ocsp/ocsp_sig.c b/crypto/ocsp/ocsp_sig.c
new file mode 100644 (file)
index 0000000..c94167e
--- /dev/null
@@ -0,0 +1,157 @@
+/* ocsp_sig.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+OCSP_SIGNATURE *OCSP_SIGNATURE_new(void)
+       {
+       ASN1_CTX c;
+       OCSP_SIGNATURE *ret=NULL;
+
+       M_ASN1_New_Malloc(ret, OCSP_SIGNATURE);
+       M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
+       M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+       ret->certs = NULL;
+       return(ret);
+       M_ASN1_New_Error(ASN1_F_OCSP_SIGNATURE_NEW);
+       }
+       
+void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a)
+       {
+       if (a == NULL) return;
+       X509_ALGOR_free(a->signatureAlgorithm);
+       ASN1_BIT_STRING_free(a->signature);
+       if (a->certs) sk_X509_pop_free(a->certs, X509_free);
+       OPENSSL_free((char *)a);
+       }
+
+int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a,
+                      unsigned char **pp)
+       {
+       int v=0;
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
+       M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+       M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509,
+                            0, V_ASN1_SEQUENCE, v);
+       M_ASN1_I2D_seq_total();
+       M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
+       M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+       M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509, 0,
+                                       V_ASN1_SEQUENCE, v);
+       M_ASN1_I2D_finish();
+       }
+
+OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a,
+                                  unsigned char **pp,
+                                  long length)
+       {
+       M_ASN1_D2I_vars(a,OCSP_SIGNATURE *,OCSP_SIGNATURE_new);
+
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
+       M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+       /* there is no M_ASN1_D2I_get_EXP_seq* code, so
+          we're using the set version */
+       M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
+                                  X509_free, 0, V_ASN1_SEQUENCE);
+       M_ASN1_D2I_Finish(a,OCSP_SIGNATURE_free,ASN1_F_D2I_OCSP_SIGNATURE);
+       }
+
+int i2a_OCSP_SIGNATURE(BIO *bp,
+                      OCSP_SIGNATURE* a)
+        {
+       int i, j=2;
+#ifdef UNDEF
+       /* XXX this guy isn't implemented. */
+       i2a_X509_ALGOR(bp, a->signatureAlgorithm);
+#else   /* instead, just show OID, not param */
+       i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
+#endif
+       i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
+       if (a->certs != NULL)
+               {
+               for (i=0; i<sk_X509_num(a->certs); i++)
+                       if (sk_X509_value(a->certs,i) != NULL)
+                               X509_print(bp, sk_X509_value(a->certs,i));
+               j+=sk_X509_num(a->certs);
+               }
+       return j;
+       }
index 9fa63e1..38eea51 100644 (file)
@@ -484,6 +484,46 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
 
+#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+
+#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+
 #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
 #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
@@ -998,6 +1038,24 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
        SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
 
+#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+       SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+       SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+       SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+       SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+       SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+       SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+       SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+       SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
 #define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
        SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \
index 6b05335..228a0b7 100644 (file)
@@ -1061,6 +1061,7 @@ int               X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
 int            X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int            X509_print(BIO *bp,X509 *x);
+int            X509_ocspid_print(BIO *bp,X509 *x);
 int            X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int            X509_CRL_print(BIO *bp,X509_CRL *x);
 int            X509_REQ_print(BIO *bp,X509_REQ *req);
index a045a62..44d95a6 100644 (file)
@@ -207,6 +207,15 @@ void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
        OPENSSL_free (a);
 }
 
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
+        {
+       i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+       i2a_GENERAL_NAME(bp, a->location);
+#endif
+       return 2;
+       }
+
 STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
 {
        return sk_ACCESS_DESCRIPTION_new_null();
index 4c3edc3..908c3ae 100644 (file)
@@ -477,6 +477,7 @@ ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
 void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
 ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
              long length);
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
 
 STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
 void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
index ba45335..6d0f2cd 100755 (executable)
@@ -202,6 +202,7 @@ $crypto.=" crypto/x509/x509_vfy.h";
 $crypto.=" crypto/x509v3/x509v3.h";
 $crypto.=" crypto/rand/rand.h";
 $crypto.=" crypto/comp/comp.h";
+$crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/tmdiff.h";
 
 my $symhacks="crypto/symhacks.h";
index 470feea..47bc934 100755 (executable)
@@ -46,6 +46,7 @@ my @dirs = (
 "crypto/pkcs12",
 "crypto/comp",
 "crypto/engine",
+"crypto/ocsp",
 "ssl",
 "rsaref",
 "apps",