The majority of the OCSP code from CertCo.

Makefile.org

@@ -163,7 +163,7 @@ SDIRS=  \
 	des rc2 rc4 rc5 idea bf cast \
 	bn rsa dsa dh dso engine rijndael \
 	buffer bio stack lhash rand err objects \
-	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp
+	evp asn1 pem x509 x509v3 conf txt_db pkcs7 pkcs12 comp ocsp
 
 MAKEFILE= Makefile.ssl
 MAKE=     make -f Makefile.ssl

apps/x509.c

@@ -106,6 +106,7 @@ static char *x509_usage[]={
 " -fingerprint    - print the certificate fingerprint\n",
 " -alias          - output certificate alias\n",
 " -noout          - no certificate output\n",
+" -ocspid         - print OCSP hash values for the subject name and public key\n",
 " -trustout       - output a \"trusted\" certificate\n",
 " -clrtrust       - clear all trusted purposes\n",
 " -clrreject      - clear all rejected purposes\n",
@@ -163,6 +164,7 @@ int MAIN(int argc, char **argv)
 	char *CAkeyfile=NULL,*CAserial=NULL;
 	char *alias=NULL;
 	int text=0,serial=0,hash=0,subject=0,issuer=0,startdate=0,enddate=0;
+	int ocspid=0;
 	int noout=0,sign_flag=0,CA_flag=0,CA_createserial=0,email=0;
 	int trustout=0,clrtrust=0,clrreject=0,aliasout=0,clrext=0;
 	int C=0;
@@ -412,6 +414,8 @@ int MAIN(int argc, char **argv)
 			clrext = 1;
 			}
 #endif
+		else if (strcmp(*argv,"-ocspid") == 0)
+			ocspid= ++num;
 		else if ((md_alg=EVP_get_digestbyname(*argv + 1)))
 			{
 			/* ok */
@@ -917,6 +921,10 @@ bad:
 					}
 				noout=1;
 				}
+			else if (ocspid == i)
+				{
+				X509_ocspid_print(out, x);
+				}
 			}
 		}
 

crypto/asn1/asn1.h

@@ -956,6 +956,21 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_D2I_NETSCAPE_SPKAC			 143
 #define ASN1_F_D2I_NETSCAPE_SPKI			 144
 #define ASN1_F_D2I_NOTICEREF				 268
+#define ASN1_F_D2I_OCSP_BASICRESP			 293
+#define ASN1_F_D2I_OCSP_CERTID				 294
+#define ASN1_F_D2I_OCSP_CERTSTATUS			 295
+#define ASN1_F_D2I_OCSP_CRLID				 296
+#define ASN1_F_D2I_OCSP_ONEREQ				 297
+#define ASN1_F_D2I_OCSP_REQINFO				 298
+#define ASN1_F_D2I_OCSP_REQUEST				 299
+#define ASN1_F_D2I_OCSP_RESPBYTES			 300
+#define ASN1_F_D2I_OCSP_RESPDATA			 301
+#define ASN1_F_D2I_OCSP_RESPID				 302
+#define ASN1_F_D2I_OCSP_RESPONSE			 303
+#define ASN1_F_D2I_OCSP_REVOKEDINFO			 304
+#define ASN1_F_D2I_OCSP_SERVICELOC			 305
+#define ASN1_F_D2I_OCSP_SIGNATURE			 306
+#define ASN1_F_D2I_OCSP_SINGLERESP			 307
 #define ASN1_F_D2I_OTHERNAME				 287
 #define ASN1_F_D2I_PBE2PARAM				 262
 #define ASN1_F_D2I_PBEPARAM				 249
@@ -1027,6 +1042,21 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_NETSCAPE_SPKAC_NEW			 190
 #define ASN1_F_NETSCAPE_SPKI_NEW			 191
 #define ASN1_F_NOTICEREF_NEW				 272
+#define ASN1_F_OCSP_BASICRESP_NEW			 308
+#define ASN1_F_OCSP_CERTID_NEW				 309
+#define ASN1_F_OCSP_CERTSTATUS_NEW			 310
+#define ASN1_F_OCSP_CRLID_NEW				 311
+#define ASN1_F_OCSP_ONEREQ_NEW				 312
+#define ASN1_F_OCSP_REQINFO_NEW				 313
+#define ASN1_F_OCSP_REQUEST_NEW				 314
+#define ASN1_F_OCSP_RESPBYTES_NEW			 315
+#define ASN1_F_OCSP_RESPDATA_NEW			 316
+#define ASN1_F_OCSP_RESPID_NEW				 317
+#define ASN1_F_OCSP_RESPONSE_NEW			 318
+#define ASN1_F_OCSP_REVOKEDINFO_NEW			 319
+#define ASN1_F_OCSP_SERVICELOC_NEW			 320
+#define ASN1_F_OCSP_SIGNATURE_NEW			 321
+#define ASN1_F_OCSP_SINGLERESP_NEW			 322
 #define ASN1_F_OTHERNAME_NEW				 288
 #define ASN1_F_PBE2PARAM_NEW				 264
 #define ASN1_F_PBEPARAM_NEW				 251

crypto/asn1/asn1_err.c

@@ -141,6 +141,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0),	"d2i_NETSCAPE_SPKAC"},
 {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0),	"d2i_NETSCAPE_SPKI"},
 {ERR_PACK(0,ASN1_F_D2I_NOTICEREF,0),	"d2i_NOTICEREF"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_BASICRESP,0),	"d2i_OCSP_BASICRESP"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTID,0),	"d2i_OCSP_CERTID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CERTSTATUS,0),	"d2i_OCSP_CERTSTATUS"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_CRLID,0),	"d2i_OCSP_CRLID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_ONEREQ,0),	"d2i_OCSP_ONEREQ"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REQINFO,0),	"d2i_OCSP_REQINFO"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REQUEST,0),	"d2i_OCSP_REQUEST"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPBYTES,0),	"d2i_OCSP_RESPBYTES"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPDATA,0),	"d2i_OCSP_RESPDATA"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPID,0),	"d2i_OCSP_RESPID"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_RESPONSE,0),	"d2i_OCSP_RESPONSE"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_REVOKEDINFO,0),	"d2i_OCSP_REVOKEDINFO"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SERVICELOC,0),	"d2i_OCSP_SERVICELOC"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SIGNATURE,0),	"d2i_OCSP_SIGNATURE"},
+{ERR_PACK(0,ASN1_F_D2I_OCSP_SINGLERESP,0),	"d2i_OCSP_SINGLERESP"},
 {ERR_PACK(0,ASN1_F_D2I_OTHERNAME,0),	"d2i_OTHERNAME"},
 {ERR_PACK(0,ASN1_F_D2I_PBE2PARAM,0),	"d2i_PBE2PARAM"},
 {ERR_PACK(0,ASN1_F_D2I_PBEPARAM,0),	"d2i_PBEPARAM"},
@@ -212,6 +227,21 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0),	"NETSCAPE_SPKAC_new"},
 {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0),	"NETSCAPE_SPKI_new"},
 {ERR_PACK(0,ASN1_F_NOTICEREF_NEW,0),	"NOTICEREF_new"},
+{ERR_PACK(0,ASN1_F_OCSP_BASICRESP_NEW,0),	"OCSP_BASICRESP_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CERTID_NEW,0),	"OCSP_CERTID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CERTSTATUS_NEW,0),	"OCSP_CERTSTATUS_new"},
+{ERR_PACK(0,ASN1_F_OCSP_CRLID_NEW,0),	"OCSP_CRLID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_ONEREQ_NEW,0),	"OCSP_ONEREQ_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REQINFO_NEW,0),	"OCSP_REQINFO_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REQUEST_NEW,0),	"OCSP_REQUEST_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPBYTES_NEW,0),	"OCSP_RESPBYTES_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPDATA_NEW,0),	"OCSP_RESPDATA_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPID_NEW,0),	"OCSP_RESPID_new"},
+{ERR_PACK(0,ASN1_F_OCSP_RESPONSE_NEW,0),	"OCSP_RESPONSE_new"},
+{ERR_PACK(0,ASN1_F_OCSP_REVOKEDINFO_NEW,0),	"OCSP_REVOKEDINFO_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SERVICELOC_NEW,0),	"OCSP_SERVICELOC_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SIGNATURE_NEW,0),	"OCSP_SIGNATURE_new"},
+{ERR_PACK(0,ASN1_F_OCSP_SINGLERESP_NEW,0),	"OCSP_SINGLERESP_new"},
 {ERR_PACK(0,ASN1_F_OTHERNAME_NEW,0),	"OTHERNAME_new"},
 {ERR_PACK(0,ASN1_F_PBE2PARAM_NEW,0),	"PBE2PARAM_new"},
 {ERR_PACK(0,ASN1_F_PBEPARAM_NEW,0),	"PBEPARAM_new"},

crypto/asn1/t_x509.c

@@ -282,6 +282,56 @@ err:
 	return(ret);
 	}
 
+int X509_ocspid_print (BIO *bp, X509 *x)
+	{
+	unsigned char *der=NULL ;
+	unsigned char *dertmp;
+	int derlen;
+	int i;
+	SHA_CTX SHA1buf ;
+	unsigned char SHA1md[SHA_DIGEST_LENGTH];
+
+	/* display the hash of the subject as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"        Subject OCSP hash: ") <= 0)
+		goto err;
+	derlen = i2d_X509_NAME(x->cert_info->subject, NULL);
+	if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL)
+		goto err;
+	i2d_X509_NAME(x->cert_info->subject, &dertmp);
+
+	SHA1_Init(&SHA1buf);
+	SHA1_Update(&SHA1buf, der, derlen);
+	SHA1_Final(SHA1md,&SHA1buf);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err;
+		}
+	OPENSSL_free (der);
+	der=NULL;
+
+	/* display the hash of the public key as it would appear
+	   in OCSP requests */
+	if (BIO_printf(bp,"\n        Public key OCSP hash: ") <= 0)
+		goto err;
+
+	SHA1_Init(&SHA1buf);
+	SHA1_Update(&SHA1buf, x->cert_info->key->public_key->data,
+		x->cert_info->key->public_key->length);
+	SHA1_Final(SHA1md,&SHA1buf);
+	for (i=0; i < SHA_DIGEST_LENGTH; i++)
+		{
+		if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0)
+			goto err;
+		}
+	BIO_printf(bp,"\n");
+
+	return (1);
+err:
+	if (der != NULL) OPENSSL_free(der);
+	return(0);
+	}
+
 int ASN1_STRING_print(BIO *bp, ASN1_STRING *v)
 	{
 	int i,n;

crypto/err/err.h

@@ -133,6 +133,7 @@ typedef struct err_state_st
 #define ERR_LIB_RAND		36
 #define ERR_LIB_DSO		37
 #define ERR_LIB_ENGINE		38
+#define ERR_LIB_OCSP            39
 
 #define ERR_LIB_USER		128
 
@@ -163,6 +164,7 @@ typedef struct err_state_st
 #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),ERR_file_name,__LINE__)
 #define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),ERR_file_name,__LINE__)
 #define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),ERR_file_name,__LINE__)
+#define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),ERR_file_name,__LINE__)
 
 /* Borland C seems too stupid to be able to shift and do longs in
  * the pre-processor :-( */

crypto/err/openssl.ec

@@ -9,6 +9,7 @@ L EVP		crypto/evp/evp.h		crypto/evp/evp_err.c
 L BUF		crypto/buffer/buffer.h		crypto/buffer/buf_err.c
 L BIO		crypto/bio/bio.h		crypto/bio/bio_err.c
 L OBJ		crypto/objects/objects.h	crypto/objects/obj_err.c
+L OCSP		crypto/ocsp/ocsp.h		crypto/ocsp/ocsp_err.c
 L PEM		crypto/pem/pem.h		crypto/pem/pem_err.c
 L X509		crypto/x509/x509.h		crypto/x509/x509_err.c
 L NONE		crypto/x509/x509_vfy.h		NONE

crypto/ocsp/Makefile.ssl

+#
+# OpenSSL/ocsp/Makefile.ssl
+#
+
+DIR=	ocsp
+TOP=	../..
+CC=	cc
+INCLUDES= -I.. -I../../include
+CFLAG=-g
+INSTALL_PREFIX=
+OPENSSLDIR=     /usr/local/ssl
+INSTALLTOP=/usr/local/ssl
+MAKE=		make -f Makefile.ssl
+MAKEDEPEND=	$(TOP)/util/domd $(TOP)
+MAKEFILE=	Makefile.ssl
+AR=		ar r
+
+CFLAGS= $(INCLUDES) $(CFLAG)
+
+GENERAL=Makefile README
+TEST=
+APPS=
+
+LIB=$(TOP)/libcrypto.a
+LIBSRC= ocsp_req.c ocsp_res.c ocsp_sig.c ocsp_cid.c ocsp_ext.c \
+	ocsp_lib.c ocsp_err.c 
+#ocsp_v3.c
+LIBOBJ= ocsp_req.o ocsp_res.o ocsp_sig.o ocsp_cid.o ocsp_ext.o \
+	ocsp_lib.o ocsp_err.o 
+#ocsp_v3.o
+
+SRC= $(LIBSRC)
+
+EXHEADER= ocsp.h
+HEADER=	$(EXHEADER)
+
+ALL=    $(GENERAL) $(SRC) $(HEADER)
+
+top:
+	(cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
+
+all:	lib
+
+lib:	$(LIBOBJ)
+	$(AR) $(LIB) $(LIBOBJ)
+	$(RANLIB) $(LIB)
+	@touch lib
+
+files:
+	perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
+
+links:
+	$(TOP)/util/point.sh Makefile.ssl Makefile ;
+	$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
+	$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
+	$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
+
+install:
+	@for i in $(EXHEADER) ; \
+	do  \
+	(cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
+	chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
+	done;
+
+tags:
+	ctags $(SRC)
+
+tests:
+
+lint:
+	lint -DLINT $(INCLUDES) $(SRC)>fluff
+
+depend:
+	$(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(LIBSRC)
+
+dclean:
+	$(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
+	mv -f Makefile.new $(MAKEFILE)
+
+clean:
+	rm -f *.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
+
+# DO NOT DELETE THIS LINE -- make depend depends on it.
+
+ocsp_cid.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_cid.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_cid.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_cid.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_cid.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_cid.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_cid.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_cid.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_cid.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_cid.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_cid.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_cid.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_cid.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_cid.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_cid.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_cid.o: ../../include/openssl/rc5.h
+ocsp_cid.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_cid.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_cid.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_cid.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_cid.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_cid.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
+ocsp_err.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
+ocsp_err.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
+ocsp_err.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h
+ocsp_err.o: ../../include/openssl/des.h ../../include/openssl/dh.h
+ocsp_err.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h
+ocsp_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_err.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_err.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_err.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_err.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_err.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_err.o: ../../include/openssl/opensslconf.h
+ocsp_err.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_err.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_err.o: ../../include/openssl/rc5.h
+ocsp_err.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_err.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_err.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_err.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_err.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_ext.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_ext.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_ext.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_ext.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_ext.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_ext.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+ocsp_ext.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_ext.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_ext.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_ext.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_ext.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_ext.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_ext.o: ../../include/openssl/opensslconf.h
+ocsp_ext.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_ext.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_ext.o: ../../include/openssl/rc5.h
+ocsp_ext.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_ext.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_ext.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_ext.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_ext.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_ext.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_ext.o: ../cryptlib.h
+ocsp_lib.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_lib.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_lib.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_lib.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_lib.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os.h
+ocsp_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
+ocsp_lib.o: ../../include/openssl/evp.h ../../include/openssl/idea.h
+ocsp_lib.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h
+ocsp_lib.o: ../../include/openssl/md4.h ../../include/openssl/md5.h
+ocsp_lib.o: ../../include/openssl/mdc2.h ../../include/openssl/obj_mac.h
+ocsp_lib.o: ../../include/openssl/objects.h ../../include/openssl/ocsp.h
+ocsp_lib.o: ../../include/openssl/opensslconf.h
+ocsp_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/pem.h
+ocsp_lib.o: ../../include/openssl/pem2.h ../../include/openssl/pkcs7.h
+ocsp_lib.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_lib.o: ../../include/openssl/rc5.h
+ocsp_lib.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_lib.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_lib.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_lib.o: ../cryptlib.h
+ocsp_req.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_req.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_req.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_req.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_req.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_req.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_req.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_req.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_req.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_req.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_req.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_req.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_req.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_req.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_req.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_req.o: ../../include/openssl/rc5.h
+ocsp_req.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_req.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_req.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_req.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_req.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_req.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_res.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_res.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_res.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_res.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_res.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_res.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_res.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_res.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_res.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_res.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_res.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_res.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_res.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_res.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_res.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_res.o: ../../include/openssl/rc5.h
+ocsp_res.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_res.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_res.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_res.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_res.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_res.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+ocsp_sig.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+ocsp_sig.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+ocsp_sig.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+ocsp_sig.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+ocsp_sig.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+ocsp_sig.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+ocsp_sig.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+ocsp_sig.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+ocsp_sig.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+ocsp_sig.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
+ocsp_sig.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
+ocsp_sig.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+ocsp_sig.o: ../../include/openssl/ocsp.h ../../include/openssl/opensslconf.h
+ocsp_sig.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
+ocsp_sig.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
+ocsp_sig.o: ../../include/openssl/rc5.h
+ocsp_sig.o: ../../include/openssl/rijndael-alg-fst.h
+ocsp_sig.o: ../../include/openssl/rijndael.h ../../include/openssl/ripemd.h
+ocsp_sig.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+ocsp_sig.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+ocsp_sig.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
+ocsp_sig.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h

crypto/ocsp/ocsp_cid.c

+/* ocsp_cid.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+OCSP_CERTID *OCSP_CERTID_new(void)
+	{
+	ASN1_CTX c;
+	OCSP_CERTID *ret=NULL;
+
+	M_ASN1_New_Malloc(ret, OCSP_CERTID);
+	M_ASN1_New(ret->hashAlgorithm, X509_ALGOR_new);
+	M_ASN1_New(ret->issuerNameHash, ASN1_OCTET_STRING_new);
+	M_ASN1_New(ret->issuerKeyHash, ASN1_OCTET_STRING_new);
+	M_ASN1_New(ret->serialNumber, ASN1_INTEGER_new);
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_OCSP_CERTID_NEW);
+	}
+	
+void OCSP_CERTID_free(OCSP_CERTID *a)
+	{
+	if (a == NULL) return;
+	X509_ALGOR_free(a->hashAlgorithm);
+	ASN1_OCTET_STRING_free(a->issuerNameHash);
+	ASN1_OCTET_STRING_free(a->issuerKeyHash);
+	ASN1_INTEGER_free(a->serialNumber);
+	OPENSSL_free((char *)a);
+	}
+
+int i2d_OCSP_CERTID(OCSP_CERTID *a,
+		    unsigned char **pp)
+	{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->hashAlgorithm, i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_len(a->serialNumber, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->hashAlgorithm, i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->issuerNameHash, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put(a->issuerKeyHash, i2d_ASN1_OCTET_STRING);
+	M_ASN1_I2D_put(a->serialNumber, i2d_ASN1_INTEGER);
+	M_ASN1_I2D_finish();
+	}
+
+OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a,
+			     unsigned char **pp,
+			     long length)
+	{
+	M_ASN1_D2I_vars(a,OCSP_CERTID *,OCSP_CERTID_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->hashAlgorithm, d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->issuerNameHash, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get(ret->issuerKeyHash, d2i_ASN1_OCTET_STRING);
+	M_ASN1_D2I_get(ret->serialNumber, d2i_ASN1_INTEGER);
+
+	/* protect against malformed CERTID's */
+	if (ASN1_STRING_length(ret->issuerNameHash) == 0 ||
+		ASN1_STRING_length(ret->issuerKeyHash) == 0 ||
+		ASN1_STRING_length(ret->serialNumber) == 0)
+		goto err;
+
+	M_ASN1_D2I_Finish(a,OCSP_CERTID_free,ASN1_F_D2I_OCSP_CERTID);
+	}
+
+int i2a_OCSP_CERTID(BIO *bp,
+		    OCSP_CERTID* a)
+        {
+#ifdef UNDEF
+	/* XXX this guy isn't implemented. */
+	i2a_X509_ALGOR(bp, a->hashAlgorithm);
+#else   /* instead, just show OID, not param */
+	i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+#endif
+	i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+	i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+	i2a_ASN1_INTEGER(bp, a->serialNumber);
+	return 4;
+	}

crypto/ocsp/ocsp_err.c

+/* crypto/ocsp/ocsp_err.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+
+/* BEGIN ERROR CODES */
+#ifndef NO_ERR
+static ERR_STRING_DATA OCSP_str_functs[]=
+	{
+{ERR_PACK(0,OCSP_F_ASN1_STRING_ENCODE,0),	"ASN1_STRING_encode"},
+{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_NEW,0),	"BASIC_RESPONSE_NEW"},
+{ERR_PACK(0,OCSP_F_BASIC_RESPONSE_VERIFY,0),	"BASIC_RESPONSE_VERIFY"},
+{ERR_PACK(0,OCSP_F_CERT_ID_NEW,0),	"CERT_ID_NEW"},
+{ERR_PACK(0,OCSP_F_CERT_STATUS_NEW,0),	"CERT_STATUS_NEW"},
+{ERR_PACK(0,OCSP_F_REQUEST_VERIFY,0),	"REQUEST_VERIFY"},
+{ERR_PACK(0,OCSP_F_RESPONSE_VERIFY,0),	"RESPONSE_VERIFY"},
+{ERR_PACK(0,OCSP_F_S2I_OCSP_NONCE,0),	"S2I_OCSP_NONCE"},
+{ERR_PACK(0,OCSP_F_V2I_OCSP_CRLID,0),	"V2I_OCSP_CRLID"},
+{0,NULL}
+	};
+
+static ERR_STRING_DATA OCSP_str_reasons[]=
+	{
+{OCSP_R_BAD_DATA                         ,"bad data"},
+{OCSP_R_BAD_TAG                          ,"bad tag"},
+{OCSP_R_DIGEST_ERR                       ,"digest err"},
+{OCSP_R_FAILED_TO_OPEN                   ,"failed to open"},
+{OCSP_R_FAILED_TO_READ                   ,"failed to read"},
+{OCSP_R_FAILED_TO_STAT                   ,"failed to stat"},
+{OCSP_R_MISSING_VALUE                    ,"missing value"},
+{OCSP_R_NO_CERTIFICATE                   ,"no certificate"},
+{OCSP_R_NO_PUBLIC_KEY                    ,"no public key"},
+{OCSP_R_NO_RESPONSE_DATA                 ,"no response data"},
+{OCSP_R_NO_SIGNATURE                     ,"no signature"},
+{OCSP_R_REVOKED_NO_TIME                  ,"revoked no time"},
+{OCSP_R_UNKNOWN_NID                      ,"unknown nid"},
+{OCSP_R_UNSUPPORTED_OPTION               ,"unsupported option"},
+{OCSP_R_VALUE_ALREADY                    ,"value already"},
+{0,NULL}
+	};
+
+#endif
+
+void ERR_load_OCSP_strings(void)
+	{
+	static int init=1;
+
+	if (init)
+		{
+		init=0;
+#ifndef NO_ERR
+		ERR_load_strings(ERR_LIB_OCSP,OCSP_str_functs);
+		ERR_load_strings(ERR_LIB_OCSP,OCSP_str_reasons);
+#endif
+
+		}
+	}

crypto/ocsp/ocsp_ext.c

+/* ocsp_ext.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was transfered to Richard Levitte from CertCo by Kathy
+   Weinhold in mid-spring 2000 to be included in OpenSSL or released
+   as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include <cryptlib.h>
+#include <openssl/objects.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+/* also CRL Entry Extensions */
+
+ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 
+				char *data, STACK *sk)
+        {
+	int i;
+	unsigned char *p, *b = NULL;
+
+	if (data)
+	        {
+		if ((i=i2d(data,NULL)) <= 0) goto err;
+		if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+			goto err;
+	        if (i2d(data, &p) <= 0) goto err;
+		}
+	else if (sk)
+	        {
+		if ((i=i2d_ASN1_SET(sk,NULL,i2d,V_ASN1_SEQUENCE,
+				   V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err;
+		if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i)))
+			goto err;
+		if (i2d_ASN1_SET(sk,&p,i2d,V_ASN1_SEQUENCE,
+				 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err;
+		}
+	else
+		{
+		OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA);
+		goto err;
+		}
+	if (!s && !(s = ASN1_STRING_new())) goto err;
+	if (!(ASN1_STRING_set(s, b, i))) goto err;
+	OPENSSL_free(b);
+	return s;
+err:
+	if (b) OPENSSL_free(b);
+	return NULL;
+	}
+
+X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len)
+        {
+	X509_EXTENSION *x=NULL;
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err;
+	if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err;
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	return NULL;
+	}
+
+X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
+        {
+	X509_EXTENSION *x = NULL;
+	OCSP_CRLID *cid = NULL;
+	
+	if (!(cid = OCSP_CRLID_new())) goto err;
+	if (url)
+	        {
+		if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err;
+		if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err;
+		}
+	if (n)
+	        {
+		if (!(cid->crlNum = ASN1_INTEGER_new())) goto err;
+		if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err;
+		}
+	if (time)
+	        {
+		if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err;
+		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
+		        goto err;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL)))
+	        goto err;
+	OCSP_CRLID_free(cid);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (cid) OCSP_CRLID_free(cid);
+	return NULL;
+	}
+
+/*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
+X509_EXTENSION *OCSP_accept_responses_new(char **oids)
+        {
+	int nid;
+	STACK *sk = NULL;
+	ASN1_OBJECT *o = NULL;
+        X509_EXTENSION *x = NULL;
+	if (!(sk = sk_new(NULL))) goto err;
+	while (oids && *oids)
+	        {
+		if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 
+		        sk_push(sk, (char*) o);
+		oids++;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
+		goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk)))
+	        goto err;
+	sk_pop_free(sk, ASN1_OBJECT_free);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (sk) sk_pop_free(sk, ASN1_OBJECT_free);
+	return NULL;
+        }
+
+/*  ArchiveCutoff ::= GeneralizedTime */
+X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
+        {
+	X509_EXTENSION *x=NULL;
+	ASN1_GENERALIZEDTIME *gt = NULL;
+
+	if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
+	if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
+	if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME,
+				 (char*)gt,NULL))) goto err;
+	ASN1_GENERALIZEDTIME_free(gt);
+	return x;
+err:
+	if (gt) ASN1_GENERALIZEDTIME_free(gt);
+	if (x) X509_EXTENSION_free(x);
+	return NULL;
+	}
+
+/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
+ * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value.  This
+ * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String.
+ */
+X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
+        {
+	X509_EXTENSION *x = NULL;
+	ASN1_IA5STRING *ia5 = NULL;
+	OCSP_SERVICELOC *sloc = NULL;
+	ACCESS_DESCRIPTION *ad = NULL;
+	
+	if (!(sloc = OCSP_SERVICELOC_new())) goto err;
+	if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err;
+	if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new(NULL))) goto err;
+	while (urls && *urls)
+	        {
+		if (!(ad = ACCESS_DESCRIPTION_new())) goto err;
+		if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err;
+		if (!(ad->location = GENERAL_NAME_new())) goto err;
+	        if (!(ia5 = ASN1_IA5STRING_new())) goto err;
+		if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err;
+		ad->location->type = GEN_URI;
+		ad->location->d.ia5 = ia5;
+		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
+		urls++;
+		}
+	if (!(x = X509_EXTENSION_new())) goto err;
+	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
+	        goto err;
+	if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC,
+				 (char*)sloc, NULL))) goto err;
+	OCSP_SERVICELOC_free(sloc);
+	return x;
+err:
+	if (x) X509_EXTENSION_free(x);
+	if (sloc) OCSP_SERVICELOC_free(sloc);
+	return NULL;
+	}
+
+int OCSP_extensions_print(BIO *bp,
+			  STACK_OF(X509_EXTENSION) *sk,
+			  char *title)
+        {
+	int i;
+	if (!sk) return 1;
+	if (BIO_printf(bp, "%s:\n", title) <= 0) return 0; 
+	for (i=0; i<sk_X509_EXTENSION_num(sk); i++)
+	        OCSP_extension_print(bp, sk_X509_EXTENSION_value(sk,i), 4);
+	return sk_X509_EXTENSION_num(sk);
+	}
+
+int OCSP_extension_print(BIO *bp,
+			 X509_EXTENSION *x,
+			 int ind)
+        {
+	int i, j;
+	STACK *sk = NULL;
+	unsigned char *p;
+	OCSP_CRLID *crlid = NULL;
+	OCSP_SERVICELOC *sloc = NULL;
+	ASN1_GENERALIZEDTIME *gt = NULL;
+
+	if (!x) return 1;
+	switch (OBJ_obj2nid(x->object))
+	        {
+		case NID_id_pkix_OCSP_Nonce:
+		        if (BIO_printf(bp, "%*snonce: ", ind, "") <= 0) 
+			        goto err;
+			if (M_ASN1_OCTET_STRING_print(bp, x->value) <= 0)
+			        goto err;
+			if (BIO_write(bp, "\n", 1) <= 0) goto err;
+		        break;
+		case NID_id_pkix_OCSP_CrlID:
+		        if (BIO_printf(bp, "%*scrlId:\n", ind, "") <= 0) 
+			        goto err;
+		        p = x->value->data;
+		        if (!(d2i_OCSP_CRLID(&crlid, &p, x->value->length)))
+			        goto err;
+			if (!OCSP_CRLID_print(bp, crlid, (2*ind))) goto err;
+			OCSP_CRLID_free(crlid);
+		        break;
+		case NID_id_pkix_OCSP_acceptableResponses:
+		        if (BIO_printf(bp, 
+				      "%*sacceptable responses: ", 
+				      ind, "") <= 0)
+			        goto err;
+		        p = x->value->data;
+		        if (!(d2i_ASN1_SET(&sk, &p, x->value->length, 
+					   (char *(*)())d2i_ASN1_OBJECT, 
+					   ASN1_OBJECT_free, V_ASN1_SEQUENCE, 
+					   V_ASN1_UNIVERSAL)))
+			        goto err;
+			for (i = 0; i < sk_num(sk); i++)
+			        {
+		                j=OBJ_obj2nid((ASN1_OBJECT*)sk->data[i]);
+		                if (BIO_printf(bp," %s ",
+					       (j == NID_undef)?"UNKNOWN":
+					                   OBJ_nid2ln(j)) <= 0)
+				          goto err;
+				}
+			if (BIO_write(bp, "\n", 1) <= 0) goto err;
+			sk_pop_free(sk, ASN1_OBJECT_free);
+		        break;
+		case NID_id_pkix_OCSP_archiveCutoff:
+		        if (BIO_printf(bp, "%*sarchive cutoff: ", ind, "")<=0)
+			        goto err;
+		        p = x->value->data;
+			if (!d2i_ASN1_GENERALIZEDTIME(&gt, &p, 
+						      x->value->length))
+			        goto err;
+			if (!ASN1_GENERALIZEDTIME_print(bp, gt)) goto err;
+			if (BIO_write(bp, "\n", 1) <= 0) goto err;
+			ASN1_GENERALIZEDTIME_free(gt);
+		        break;
+		case NID_id_pkix_OCSP_serviceLocator:
+		  if (BIO_printf(bp, "%*sservice locator:\n", ind, "") <= 0)
+			        goto err;
+		        p = x->value->data;
+			if (!d2i_OCSP_SERVICELOC(&sloc, &p, 
+						 x->value->length))
+			        goto err;
+			if (!OCSP_SERVICELOC_print(bp,sloc,(2*ind))) goto err;
+			OCSP_SERVICELOC_free(sloc);
+		        break;
+	        case NID_undef:
+	        default:
+		        if (BIO_printf(bp,"%*sunrecognized oid: ",ind,"") <= 0)
+			        goto err;
+		        break;
+		}
+	return 1;
+err:
+	return 0;
+	}

crypto/ocsp/ocsp_req.c

+/* ocsp_req.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509v3.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+IMPLEMENT_STACK_OF(OCSP_ONEREQ)
+IMPLEMENT_ASN1_SET_OF(OCSP_ONEREQ)
+
+OCSP_REQINFO *OCSP_REQINFO_new(void)
+	{
+	OCSP_REQINFO *ret=NULL;
+	ASN1_CTX c;
+
+	M_ASN1_New_Malloc(ret, OCSP_REQINFO);
+	ret->version = NULL;
+	ret->requestorName = NULL;
+	ret->requestList = NULL;
+	ret->requestExtensions = NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_OCSP_REQINFO_NEW);
+	}
+
+void OCSP_REQINFO_free(OCSP_REQINFO *a)
+	{
+	if (a == NULL) return;
+	ASN1_INTEGER_free(a->version);
+	GENERAL_NAME_free(a->requestorName);
+	sk_OCSP_ONEREQ_pop_free(a->requestList, OCSP_ONEREQ_free);
+	sk_X509_EXTENSION_pop_free(a->requestExtensions, X509_EXTENSION_free);
+	OPENSSL_free((char *)a);
+	}
+
+int i2d_OCSP_REQINFO(OCSP_REQINFO *a,
+		     unsigned char **pp)
+	{
+	int v1=0,v2=0,v3=0;
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+	M_ASN1_I2D_len_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
+	M_ASN1_I2D_len_SEQUENCE_type(OCSP_ONEREQ,
+		     a->requestList, i2d_OCSP_ONEREQ);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+	     a->requestExtensions, i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
+
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put_EXP_opt(a->version,i2d_ASN1_INTEGER,0,v1);
+	M_ASN1_I2D_put_EXP_opt(a->requestorName,i2d_GENERAL_NAME,1,v2);
+	M_ASN1_I2D_put_SEQUENCE_type(OCSP_ONEREQ,a->requestList,i2d_OCSP_ONEREQ);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,a->requestExtensions,i2d_X509_EXTENSION,2,V_ASN1_SEQUENCE,v3);
+
+	M_ASN1_I2D_finish();
+	}
+
+OCSP_REQINFO *d2i_OCSP_REQINFO(OCSP_REQINFO **a,
+			       unsigned char **pp,
+			       long length)
+	{
+	M_ASN1_D2I_vars(a,OCSP_REQINFO *,OCSP_REQINFO_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	/* we have the optional version field */
+	if (M_ASN1_next == (V_ASN1_CONTEXT_SPECIFIC | V_ASN1_CONSTRUCTED | 0))
+		{ M_ASN1_D2I_get_EXP_opt(ret->version,d2i_ASN1_INTEGER,0);}
+	else
+		{
+		if (ret->version != NULL)
+			{
+			ASN1_INTEGER_free(ret->version);
+			ret->version=NULL;
+			}
+		}
+	M_ASN1_D2I_get_EXP_opt(ret->requestorName,d2i_GENERAL_NAME,1);
+	M_ASN1_D2I_get_seq_type(OCSP_ONEREQ, ret->requestList,
+				d2i_OCSP_ONEREQ,OCSP_ONEREQ_free);
+	/* there is no M_ASN1_D2I_get_EXP_seq* code, so
+	   we're using the set version */
+	M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+		ret->requestExtensions,d2i_X509_EXTENSION,
+		X509_EXTENSION_free,2,V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a,OCSP_REQINFO_free,ASN1_F_D2I_OCSP_REQINFO);
+	}
+
+int i2a_OCSP_REQINFO(BIO *bp,
+		     OCSP_REQINFO* a)
+        {
+	int i, j=1;
+	if (a->version == NULL) BIO_puts(bp, "0");
+	else i2a_ASN1_INTEGER(bp, a->version);
+	if (a->requestorName != NULL) 
+		{
+		j++;
+#ifdef UNDEF
+		i2a_GENERAL_NAME(bp, a->requestorName); /* does not exist */
+#endif
+		}
+	if (a->requestList != NULL)
+		{
+		for (i=0; i<sk_OCSP_ONEREQ_num(a->requestList); i++)
+			if (sk_OCSP_ONEREQ_value(a->requestList,i) != NULL)
+				i2a_OCSP_ONEREQ(bp, 
+				      sk_OCSP_ONEREQ_value(a->requestList,i));
+		j+=sk_OCSP_ONEREQ_num(a->requestList);
+		}
+	j+=OCSP_extensions_print(bp, a->requestExtensions,
+				 "Request Extensions");
+	return j;
+	}
+
+OCSP_REQUEST *OCSP_REQUEST_new(void)
+	{
+	ASN1_CTX c;
+	OCSP_REQUEST *ret=NULL;
+
+	M_ASN1_New_Malloc(ret, OCSP_REQUEST);
+	M_ASN1_New(ret->tbsRequest, OCSP_REQINFO_new);
+	ret->optionalSignature = NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_OCSP_REQUEST_NEW);
+	}
+	
+void OCSP_REQUEST_free(OCSP_REQUEST *a)
+	{
+	if (a == NULL) return;
+	OCSP_REQINFO_free(a->tbsRequest);
+	OCSP_SIGNATURE_free(a->optionalSignature);
+	OPENSSL_free((char *)a);
+	}
+
+int i2d_OCSP_REQUEST(OCSP_REQUEST *a,
+		     unsigned char **pp)
+	{
+	int v=0;
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->tbsRequest, i2d_OCSP_REQINFO);
+	M_ASN1_I2D_len_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->tbsRequest, i2d_OCSP_REQINFO); 
+	M_ASN1_I2D_put_EXP_opt(a->optionalSignature, i2d_OCSP_SIGNATURE, 0, v);
+	M_ASN1_I2D_finish();
+	}
+
+OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a,
+			       unsigned char **pp,
+			       long length)
+	{
+	M_ASN1_D2I_vars(a,OCSP_REQUEST *,OCSP_REQUEST_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->tbsRequest, d2i_OCSP_REQINFO);
+	M_ASN1_D2I_get_EXP_opt(ret->optionalSignature, d2i_OCSP_SIGNATURE, 0);
+	M_ASN1_D2I_Finish(a,OCSP_REQUEST_free,ASN1_F_D2I_OCSP_REQUEST);
+	}
+
+int i2a_OCSP_REQUEST(BIO *bp,
+		     OCSP_REQUEST* a)
+        {
+	i2a_OCSP_REQINFO(bp, a->tbsRequest);
+	i2a_OCSP_SIGNATURE(bp, a->optionalSignature);
+	return a->optionalSignature ? 2 : 1;
+	}
+
+OCSP_ONEREQ *OCSP_ONEREQ_new(void)
+	{
+	ASN1_CTX c;
+	OCSP_ONEREQ *ret=NULL;
+
+	M_ASN1_New_Malloc(ret, OCSP_ONEREQ);
+	M_ASN1_New(ret->reqCert, OCSP_CERTID_new);
+	ret->singleRequestExtensions = NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_OCSP_ONEREQ_NEW);
+	}
+	
+void OCSP_ONEREQ_free(OCSP_ONEREQ *a)
+	{
+	if (a == NULL) return;
+	OCSP_CERTID_free(a->reqCert);
+	sk_X509_EXTENSION_pop_free(a->singleRequestExtensions, X509_EXTENSION_free);
+	OPENSSL_free((char *)a);
+	}
+
+int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a,
+		    unsigned char **pp)
+	{
+	int v=0;
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->reqCert, i2d_OCSP_CERTID);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+	     a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
+	     V_ASN1_SEQUENCE, v);
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->reqCert, i2d_OCSP_CERTID);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509_EXTENSION,
+	     a->singleRequestExtensions, i2d_X509_EXTENSION, 0,
+	     V_ASN1_SEQUENCE, v);
+	M_ASN1_I2D_finish();
+	}
+
+OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a,
+			     unsigned char **pp,
+			     long length)
+	{
+	M_ASN1_D2I_vars(a,OCSP_ONEREQ *,OCSP_ONEREQ_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->reqCert, d2i_OCSP_CERTID);
+	/* there is no M_ASN1_D2I_get_EXP_seq* code, so
+	   we're using the set version */
+	M_ASN1_D2I_get_EXP_set_opt_type(X509_EXTENSION,
+		ret->singleRequestExtensions, d2i_X509_EXTENSION,
+		X509_EXTENSION_free, 0, V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a,OCSP_ONEREQ_free,ASN1_F_D2I_OCSP_ONEREQ);
+	}
+
+int i2a_OCSP_ONEREQ(BIO *bp,
+		    OCSP_ONEREQ* a)
+        {
+	i2a_OCSP_CERTID(bp, a->reqCert);
+#ifdef UNDEF
+	/* XXX need generic extension print method or need to register
+	 * ocsp extensions with existing extension handler mechanism,
+	 * invoke i2a callbacks.
+	 */
+	if (a->singleRequestExtensions != NULL)
+		{
+		for (i=0; i<sk_X509_EXTENSION_num(a->singleRequestExtensions); i++)
+			if (sk_X509_EXTENSION_value(a->singleRequestExtensions,i) != NULL)
+			  i2a_X509_EXTENSION(bp, 
+				     sk_X509_EXTENSION_value(
+				        a->singleRequestExtensions, i));
+		j+=sk_X509_EXTENSION_num(a->singleRequestExtensions);
+		}
+#endif
+	return 1;
+	}

crypto/ocsp/ocsp_sig.c

+/* ocsp_sig.c */
+/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
+ * project. */
+
+/* History:
+   This file was originally part of ocsp.c and was transfered to Richard
+   Levitte from CertCo by Kathy Weinhold in mid-spring 2000 to be included
+   in OpenSSL or released as a patch kit. */
+
+/* ====================================================================
+ * Copyright (c) 1998-2000 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <openssl/bio.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/err.h>
+#include <openssl/ocsp.h>
+#include <openssl/x509.h>
+
+/* Make sure we work well with older variants of OpenSSL */
+#ifndef OPENSSL_malloc
+#define OPENSSL_malloc Malloc
+#endif
+#ifndef OPENSSL_realloc
+#define OPENSSL_realloc Realloc
+#endif
+#ifndef OPENSSL_free
+#define OPENSSL_free Free
+#endif
+
+OCSP_SIGNATURE *OCSP_SIGNATURE_new(void)
+	{
+	ASN1_CTX c;
+	OCSP_SIGNATURE *ret=NULL;
+
+	M_ASN1_New_Malloc(ret, OCSP_SIGNATURE);
+	M_ASN1_New(ret->signatureAlgorithm, X509_ALGOR_new);
+	M_ASN1_New(ret->signature, ASN1_BIT_STRING_new);
+	ret->certs = NULL;
+	return(ret);
+	M_ASN1_New_Error(ASN1_F_OCSP_SIGNATURE_NEW);
+	}
+	
+void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a)
+	{
+	if (a == NULL) return;
+	X509_ALGOR_free(a->signatureAlgorithm);
+	ASN1_BIT_STRING_free(a->signature);
+	if (a->certs) sk_X509_pop_free(a->certs, X509_free);
+	OPENSSL_free((char *)a);
+	}
+
+int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a,
+		       unsigned char **pp)
+	{
+	int v=0;
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->signatureAlgorithm, i2d_X509_ALGOR);
+	M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509,
+			     0,	V_ASN1_SEQUENCE, v);
+	M_ASN1_I2D_seq_total();
+	M_ASN1_I2D_put(a->signatureAlgorithm, i2d_X509_ALGOR);
+	M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING);
+	M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509, a->certs, i2d_X509, 0,
+					V_ASN1_SEQUENCE, v);
+	M_ASN1_I2D_finish();
+	}
+
+OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a,
+				   unsigned char **pp,
+				   long length)
+	{
+	M_ASN1_D2I_vars(a,OCSP_SIGNATURE *,OCSP_SIGNATURE_new);
+
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->signatureAlgorithm, d2i_X509_ALGOR);
+	M_ASN1_D2I_get(ret->signature, d2i_ASN1_BIT_STRING);
+	/* there is no M_ASN1_D2I_get_EXP_seq* code, so
+	   we're using the set version */
+	M_ASN1_D2I_get_EXP_set_opt_type(X509, ret->certs, d2i_X509,
+				   X509_free, 0, V_ASN1_SEQUENCE);
+	M_ASN1_D2I_Finish(a,OCSP_SIGNATURE_free,ASN1_F_D2I_OCSP_SIGNATURE);
+	}
+
+int i2a_OCSP_SIGNATURE(BIO *bp,
+		       OCSP_SIGNATURE* a)
+        {
+	int i, j=2;
+#ifdef UNDEF
+	/* XXX this guy isn't implemented. */
+	i2a_X509_ALGOR(bp, a->signatureAlgorithm);
+#else   /* instead, just show OID, not param */
+	i2a_ASN1_OBJECT(bp, a->signatureAlgorithm->algorithm);
+#endif
+	i2a_ASN1_STRING(bp, a->signature, V_ASN1_BIT_STRING);
+	if (a->certs != NULL)
+		{
+		for (i=0; i<sk_X509_num(a->certs); i++)
+			if (sk_X509_value(a->certs,i) != NULL)
+				X509_print(bp, sk_X509_value(a->certs,i));
+		j+=sk_X509_num(a->certs);
+		}
+	return j;
+	}

crypto/stack/safestack.h

@@ -484,6 +484,46 @@ STACK_OF(type) \
 #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st))
 #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st))
 
+#define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ)
+#define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val))
+#define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val))
+#define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i))
+#define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr))
+#define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i))
+#define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp))
+#define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st)
+#define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func))
+#define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st))
+#define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st))
+
+#define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP)
+#define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val))
+#define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val))
+#define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i))
+#define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr))
+#define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i))
+#define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp))
+#define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st)
+#define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func))
+#define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st))
+#define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st))
+
 #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st))
 #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG)
 #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st))
@@ -998,6 +1038,24 @@ STACK_OF(type) \
 #define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \
 	SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func))
 
+#define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func))
+
+#define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
+	SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
+#define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \
+	SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set))
+#define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \
+	SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len))
+#define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \
+	SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func))
+
 #define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \
 	SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) 
 #define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \

crypto/x509/x509.h

@@ -1061,6 +1061,7 @@ int		X509_NAME_print(BIO *bp, X509_NAME *name, int obase);
 int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags);
 int		X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag);
 int		X509_print(BIO *bp,X509 *x);
+int		X509_ocspid_print(BIO *bp,X509 *x);
 int		X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent);
 int		X509_CRL_print(BIO *bp,X509_CRL *x);
 int		X509_REQ_print(BIO *bp,X509_REQ *req);

crypto/x509v3/v3_info.c

@@ -207,6 +207,15 @@ void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
 	OPENSSL_free (a);
 }
 
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a)
+        {
+	i2a_ASN1_OBJECT(bp, a->method);
+#ifdef UNDEF
+	i2a_GENERAL_NAME(bp, a->location);
+#endif
+	return 2;
+	}
+
 STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void)
 {
 	return sk_ACCESS_DESCRIPTION_new_null();

crypto/x509v3/x509v3.h

@@ -477,6 +477,7 @@ ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
 void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
 ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
              long length);
+int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a);
 
 STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void);
 void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);

util/mkdef.pl

@@ -202,6 +202,7 @@ $crypto.=" crypto/x509/x509_vfy.h";
 $crypto.=" crypto/x509v3/x509v3.h";
 $crypto.=" crypto/rand/rand.h";
 $crypto.=" crypto/comp/comp.h";
+$crypto.=" crypto/ocsp/ocsp.h";
 $crypto.=" crypto/tmdiff.h";
 
 my $symhacks="crypto/symhacks.h";

util/mkfiles.pl

@@ -46,6 +46,7 @@ my @dirs = (
 "crypto/pkcs12",
 "crypto/comp",
 "crypto/engine",
+"crypto/ocsp",
 "ssl",
 "rsaref",
 "apps",