This commit was manufactured by cvs2git to create tag 'tb_20250414'.tb_20250414

author: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
committer: cvs2svn <admin@example.com> 2025-04-14 17:32:06 +0000
commit: eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree: edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/ocsp/ocsp_srv.c
parent: 247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download: openbsd-tb_20250414.tar.gz
openbsd-tb_20250414.tar.bz2
openbsd-tb_20250414.zip
1 files changed, 0 insertions, 285 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c
deleted file mode 100644
index 77c5e2e0fd..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_srv.c
+++ /dev/null
@@ -1,285 +0,0 @@
-/* $OpenBSD: ocsp_srv.c,v 1.13 2023/07/08 10:44:00 beck Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2001.
- */
-/* ====================================================================
- * Copyright (c) 1998-2001 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    openssl-core@openssl.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <openssl/err.h>
-#include <openssl/objects.h>
-#include <openssl/ocsp.h>
-#include <openssl/pem.h>
-#include <openssl/x509.h>
-#include <openssl/x509v3.h>
-#include "ocsp_local.h"
-/* Utility functions related to sending OCSP responses and extracting
- * relevant information from the request.
- */
-int
-OCSP_request_onereq_count(OCSP_REQUEST *req)
-{
-        return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
-}
-LCRYPTO_ALIAS(OCSP_request_onereq_count);
-OCSP_ONEREQ *
-OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
-{
-        return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
-}
-LCRYPTO_ALIAS(OCSP_request_onereq_get0);
-OCSP_CERTID *
-OCSP_onereq_get0_id(OCSP_ONEREQ *one)
-{
-        return one->reqCert;
-}
-LCRYPTO_ALIAS(OCSP_onereq_get0_id);
-int
-OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-    ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, OCSP_CERTID *cid)
-{
-        if (!cid)
-                return 0;
-        if (pmd)
-                *pmd = cid->hashAlgorithm->algorithm;
-        if (piNameHash)
-                *piNameHash = cid->issuerNameHash;
-        if (pikeyHash)
-                *pikeyHash = cid->issuerKeyHash;
-        if (pserial)
-                *pserial = cid->serialNumber;
-        return 1;
-}
-LCRYPTO_ALIAS(OCSP_id_get0_info);
-int
-OCSP_request_is_signed(OCSP_REQUEST *req)
-{
-        if (req->optionalSignature)
-                return 1;
-        return 0;
-}
-LCRYPTO_ALIAS(OCSP_request_is_signed);
-/* Create an OCSP response and encode an optional basic response */
-OCSP_RESPONSE *
-OCSP_response_create(int status, OCSP_BASICRESP *bs)
-{
-        OCSP_RESPONSE *rsp = NULL;
-        if (!(rsp = OCSP_RESPONSE_new()))
-                goto err;
-        if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
-                goto err;
-        if (!bs)
-                return rsp;
-        if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
-                goto err;
-        rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
-        if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it,
-            &rsp->responseBytes->response))
-                goto err;
-        return rsp;
-err:
-        if (rsp)
-                OCSP_RESPONSE_free(rsp);
-        return NULL;
-}
-LCRYPTO_ALIAS(OCSP_response_create);
-OCSP_SINGLERESP *
-OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
-    int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd)
-{
-        OCSP_SINGLERESP *single = NULL;
-        OCSP_CERTSTATUS *cs;
-        OCSP_REVOKEDINFO *ri;
-        if (!rsp->tbsResponseData->responses &&
-            !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
-                goto err;
-        if (!(single = OCSP_SINGLERESP_new()))
-                goto err;
-        if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
-                goto err;
-        if (nextupd &&
-            !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
-                goto err;
-        OCSP_CERTID_free(single->certId);
-        if (!(single->certId = OCSP_CERTID_dup(cid)))
-                goto err;
-        cs = single->certStatus;
-        switch (cs->type = status) {
-        case V_OCSP_CERTSTATUS_REVOKED:
-                if (!revtime) {
-                        OCSPerror(OCSP_R_NO_REVOKED_TIME);
-                        goto err;
-                }
-                if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
-                        goto err;
-                if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
-                        goto err;
-                if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
-                        if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
-                                goto err;
-                        if (!(ASN1_ENUMERATED_set(ri->revocationReason,
-                            reason)))
-                                goto err;
-                }
-                break;
-        case V_OCSP_CERTSTATUS_GOOD:
-                cs->value.good = ASN1_NULL_new();
-                break;
-        case V_OCSP_CERTSTATUS_UNKNOWN:
-                cs->value.unknown = ASN1_NULL_new();
-                break;
-        default:
-                goto err;
-        }
-        if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
-                goto err;
-        return single;
-err:
-        OCSP_SINGLERESP_free(single);
-        return NULL;
-}
-LCRYPTO_ALIAS(OCSP_basic_add1_status);
-/* Add a certificate to an OCSP request */
-int
-OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
-{
-        if (!resp->certs && !(resp->certs = sk_X509_new_null()))
-                return 0;
-        if (!sk_X509_push(resp->certs, cert))
-                return 0;
-        X509_up_ref(cert);
-        return 1;
-}
-LCRYPTO_ALIAS(OCSP_basic_add1_cert);
-int
-OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
-    const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags)
-{
-        int i;
-        OCSP_RESPID *rid;
-        if (!X509_check_private_key(signer, key)) {
-                OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
-                goto err;
-        }
-        if (!(flags & OCSP_NOCERTS)) {
-                if (!OCSP_basic_add1_cert(brsp, signer))
-                        goto err;
-                for (i = 0; i < sk_X509_num(certs); i++) {
-                        X509 *tmpcert = sk_X509_value(certs, i);
-                        if (!OCSP_basic_add1_cert(brsp, tmpcert))
-                                goto err;
-                }
-        }
-        rid = brsp->tbsResponseData->responderId;
-        if (flags & OCSP_RESPID_KEY) {
-                unsigned char md[SHA_DIGEST_LENGTH];
-                X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
-                if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
-                        goto err;
-                if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md,
-                    SHA_DIGEST_LENGTH)))
-                        goto err;
-                rid->type = V_OCSP_RESPID_KEY;
-        } else {
-                if (!X509_NAME_set(&rid->value.byName,
-                    X509_get_subject_name(signer)))
-                        goto err;
-                rid->type = V_OCSP_RESPID_NAME;
-        }
-        if (!(flags & OCSP_NOTIME) &&
-            !ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL)))
-                goto err;
-        /* Right now, I think that not doing double hashing is the right
-           thing.       -- Richard Levitte */
-        if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
-                goto err;
-        return 1;
-err:
-        return 0;
-}
-LCRYPTO_ALIAS(OCSP_basic_sign);
author	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
committer	cvs2svn <admin@example.com>	2025-04-14 17:32:06 +0000
commit	eb8dd9dca1228af0cd132f515509051ecfabf6f6 (patch)
tree	edb6da6af7e865d488dc1a29309f1e1ec226e603 /src/lib/libcrypto/ocsp/ocsp_srv.c
parent	247f0352e0ed72a4f476db9dc91f4d982bc83eb2 (diff)
download	openbsd-tb_20250414.tar.gz openbsd-tb_20250414.tar.bz2 openbsd-tb_20250414.zip

diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c deleted file mode 100644 index 77c5e2e0fd..0000000000 --- a/src/lib/libcrypto/ocsp/ocsp_srv.c +++ /dev/null
@@ -1,285 +0,0 @@
1	/* $OpenBSD: ocsp_srv.c,v 1.13 2023/07/08 10:44:00 beck Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2001.
4	*/
5	/* ====================================================================
6	* Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* openssl-core@openssl.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60
61	#include <openssl/err.h>
62	#include <openssl/objects.h>
63	#include <openssl/ocsp.h>
64	#include <openssl/pem.h>
65	#include <openssl/x509.h>
66	#include <openssl/x509v3.h>
67
68	#include "ocsp_local.h"
69
70	/* Utility functions related to sending OCSP responses and extracting
71	* relevant information from the request.
72	*/
73
74	int
75	OCSP_request_onereq_count(OCSP_REQUEST *req)
76	{
77	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
78	}
79	LCRYPTO_ALIAS(OCSP_request_onereq_count);
80
81	OCSP_ONEREQ *
82	OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
83	{
84	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
85	}
86	LCRYPTO_ALIAS(OCSP_request_onereq_get0);
87
88	OCSP_CERTID *
89	OCSP_onereq_get0_id(OCSP_ONEREQ *one)
90	{
91	return one->reqCert;
92	}
93	LCRYPTO_ALIAS(OCSP_onereq_get0_id);
94
95	int
96	OCSP_id_get0_info(ASN1_OCTET_STRING piNameHash, ASN1_OBJECT pmd,
97	ASN1_OCTET_STRING pikeyHash, ASN1_INTEGER pserial, OCSP_CERTID *cid)
98	{
99	if (!cid)
100	return 0;
101	if (pmd)
102	*pmd = cid->hashAlgorithm->algorithm;
103	if (piNameHash)
104	*piNameHash = cid->issuerNameHash;
105	if (pikeyHash)
106	*pikeyHash = cid->issuerKeyHash;
107	if (pserial)
108	*pserial = cid->serialNumber;
109	return 1;
110	}
111	LCRYPTO_ALIAS(OCSP_id_get0_info);
112
113	int
114	OCSP_request_is_signed(OCSP_REQUEST *req)
115	{
116	if (req->optionalSignature)
117	return 1;
118	return 0;
119	}
120	LCRYPTO_ALIAS(OCSP_request_is_signed);
121
122	/* Create an OCSP response and encode an optional basic response */
123	OCSP_RESPONSE *
124	OCSP_response_create(int status, OCSP_BASICRESP *bs)
125	{
126	OCSP_RESPONSE *rsp = NULL;
127
128	if (!(rsp = OCSP_RESPONSE_new()))
129	goto err;
130	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
131	goto err;
132	if (!bs)
133	return rsp;
134	if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
135	goto err;
136	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
137	if (!ASN1_item_pack(bs, &OCSP_BASICRESP_it,
138	&rsp->responseBytes->response))
139	goto err;
140	return rsp;
141
142	err:
143	if (rsp)
144	OCSP_RESPONSE_free(rsp);
145	return NULL;
146	}
147	LCRYPTO_ALIAS(OCSP_response_create);
148
149	OCSP_SINGLERESP *
150	OCSP_basic_add1_status(OCSP_BASICRESP rsp, OCSP_CERTID cid, int status,
151	int reason, ASN1_TIME revtime, ASN1_TIME thisupd, ASN1_TIME *nextupd)
152	{
153	OCSP_SINGLERESP *single = NULL;
154	OCSP_CERTSTATUS *cs;
155	OCSP_REVOKEDINFO *ri;
156
157	if (!rsp->tbsResponseData->responses &&
158	!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
159	goto err;
160
161	if (!(single = OCSP_SINGLERESP_new()))
162	goto err;
163
164	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
165	goto err;
166	if (nextupd &&
167	!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
168	goto err;
169
170	OCSP_CERTID_free(single->certId);
171
172	if (!(single->certId = OCSP_CERTID_dup(cid)))
173	goto err;
174
175	cs = single->certStatus;
176	switch (cs->type = status) {
177	case V_OCSP_CERTSTATUS_REVOKED:
178	if (!revtime) {
179	OCSPerror(OCSP_R_NO_REVOKED_TIME);
180	goto err;
181	}
182	if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
183	goto err;
184	if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
185	goto err;
186	if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
187	if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
188	goto err;
189	if (!(ASN1_ENUMERATED_set(ri->revocationReason,
190	reason)))
191	goto err;
192	}
193	break;
194
195	case V_OCSP_CERTSTATUS_GOOD:
196	cs->value.good = ASN1_NULL_new();
197	break;
198
199	case V_OCSP_CERTSTATUS_UNKNOWN:
200	cs->value.unknown = ASN1_NULL_new();
201	break;
202
203	default:
204	goto err;
205	}
206	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
207	goto err;
208	return single;
209
210	err:
211	OCSP_SINGLERESP_free(single);
212	return NULL;
213	}
214	LCRYPTO_ALIAS(OCSP_basic_add1_status);
215
216	/* Add a certificate to an OCSP request */
217	int
218	OCSP_basic_add1_cert(OCSP_BASICRESP resp, X509 cert)
219	{
220	if (!resp->certs && !(resp->certs = sk_X509_new_null()))
221	return 0;
222
223	if (!sk_X509_push(resp->certs, cert))
224	return 0;
225	X509_up_ref(cert);
226	return 1;
227	}
228	LCRYPTO_ALIAS(OCSP_basic_add1_cert);
229
230	int
231	OCSP_basic_sign(OCSP_BASICRESP brsp, X509 signer, EVP_PKEY *key,
232	const EVP_MD dgst, STACK_OF(X509) certs, unsigned long flags)
233	{
234	int i;
235	OCSP_RESPID *rid;
236
237	if (!X509_check_private_key(signer, key)) {
238	OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
239	goto err;
240	}
241
242	if (!(flags & OCSP_NOCERTS)) {
243	if (!OCSP_basic_add1_cert(brsp, signer))
244	goto err;
245	for (i = 0; i < sk_X509_num(certs); i++) {
246	X509 *tmpcert = sk_X509_value(certs, i);
247	if (!OCSP_basic_add1_cert(brsp, tmpcert))
248	goto err;
249	}
250	}
251
252	rid = brsp->tbsResponseData->responderId;
253	if (flags & OCSP_RESPID_KEY) {
254	unsigned char md[SHA_DIGEST_LENGTH];
255
256	X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
257	if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
258	goto err;
259	if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md,
260	SHA_DIGEST_LENGTH)))
261	goto err;
262	rid->type = V_OCSP_RESPID_KEY;
263	} else {
264	if (!X509_NAME_set(&rid->value.byName,
265	X509_get_subject_name(signer)))
266	goto err;
267	rid->type = V_OCSP_RESPID_NAME;
268	}
269
270	if (!(flags & OCSP_NOTIME) &&
271	!ASN1_GENERALIZEDTIME_set(brsp->tbsResponseData->producedAt, time(NULL)))
272	goto err;
273
274	/* Right now, I think that not doing double hashing is the right
275	thing. -- Richard Levitte */
276
277	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
278	goto err;
279
280	return 1;
281
282	err:
283	return 0;
284	}
285	LCRYPTO_ALIAS(OCSP_basic_sign);