Commit 0c71c88bb3fdc570218ad575f5f560ae5a9a40c8 - openssl

Remove obsolete OCSP demo Reviewed-by: Dr. Stephen Henson <steve@openssl.org> Rich Salz 8 years ago

2 changed file(s) with 0 addition(s) and 368 deletion(s). Raw diff Collapse all Expand all

-7

~~demos/asn1/README.ASN1~~ less more

0		This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
1		do much yet other than demonstrate what the new ASN1 modules might look
2		like.
3
4		It wont even compile yet: the new code isn't in place.
5
6

-361

~~demos/asn1/ocsp.c~~ less more

0		/* ocsp.c */
1		/*
2		* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
3		* 2000.
4		*/
5		/* ====================================================================
6		* Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7		*
8		* Redistribution and use in source and binary forms, with or without
9		* modification, are permitted provided that the following conditions
10		* are met:
11		*
12		* 1. Redistributions of source code must retain the above copyright
13		* notice, this list of conditions and the following disclaimer.
14		*
15		* 2. Redistributions in binary form must reproduce the above copyright
16		* notice, this list of conditions and the following disclaimer in
17		* the documentation and/or other materials provided with the
18		* distribution.
19		*
20		* 3. All advertising materials mentioning features or use of this
21		* software must display the following acknowledgment:
22		* "This product includes software developed by the OpenSSL Project
23		* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24		*
25		* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26		* endorse or promote products derived from this software without
27		* prior written permission. For written permission, please contact
28		* licensing@OpenSSL.org.
29		*
30		* 5. Products derived from this software may not be called "OpenSSL"
31		* nor may "OpenSSL" appear in their names without prior written
32		* permission of the OpenSSL Project.
33		*
34		* 6. Redistributions of any form whatsoever must retain the following
35		* acknowledgment:
36		* "This product includes software developed by the OpenSSL Project
37		* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38		*
39		* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40		* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42		* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43		* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45		* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48		* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49		* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50		* OF THE POSSIBILITY OF SUCH DAMAGE.
51		* ====================================================================
52		*
53		* This product includes cryptographic software written by Eric Young
54		* (eay@cryptsoft.com). This product includes software written by Tim
55		* Hudson (tjh@cryptsoft.com).
56		*
57		*/
58		#include <openssl/asn1.h>
59		#include <openssl/asn1t.h>
60		#include <openssl/x509v3.h>
61
62		/*-
63		Example of new ASN1 code, OCSP request
64
65		OCSPRequest ::= SEQUENCE {
66		tbsRequest TBSRequest,
67		optionalSignature [0] EXPLICIT Signature OPTIONAL }
68
69		TBSRequest ::= SEQUENCE {
70		version [0] EXPLICIT Version DEFAULT v1,
71		requestorName [1] EXPLICIT GeneralName OPTIONAL,
72		requestList SEQUENCE OF Request,
73		requestExtensions [2] EXPLICIT Extensions OPTIONAL }
74
75		Signature ::= SEQUENCE {
76		signatureAlgorithm AlgorithmIdentifier,
77		signature BIT STRING,
78		certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
79
80		Version ::= INTEGER { v1(0) }
81
82		Request ::= SEQUENCE {
83		reqCert CertID,
84		singleRequestExtensions [0] EXPLICIT Extensions OPTIONAL }
85
86		CertID ::= SEQUENCE {
87		hashAlgorithm AlgorithmIdentifier,
88		issuerNameHash OCTET STRING, -- Hash of Issuer's DN
89		issuerKeyHash OCTET STRING, -- Hash of Issuers public key
90		serialNumber CertificateSerialNumber }
91
92		OCSPResponse ::= SEQUENCE {
93		responseStatus OCSPResponseStatus,
94		responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
95
96		OCSPResponseStatus ::= ENUMERATED {
97		successful (0), --Response has valid confirmations
98		malformedRequest (1), --Illegal confirmation request
99		internalError (2), --Internal error in issuer
100		tryLater (3), --Try again later
101		--(4) is not used
102		sigRequired (5), --Must sign the request
103		unauthorized (6) --Request unauthorized
104		}
105
106		ResponseBytes ::= SEQUENCE {
107		responseType OBJECT IDENTIFIER,
108		response OCTET STRING }
109
110		BasicOCSPResponse ::= SEQUENCE {
111		tbsResponseData ResponseData,
112		signatureAlgorithm AlgorithmIdentifier,
113		signature BIT STRING,
114		certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
115
116		ResponseData ::= SEQUENCE {
117		version [0] EXPLICIT Version DEFAULT v1,
118		responderID ResponderID,
119		producedAt GeneralizedTime,
120		responses SEQUENCE OF SingleResponse,
121		responseExtensions [1] EXPLICIT Extensions OPTIONAL }
122
123		ResponderID ::= CHOICE {
124		byName [1] Name, --EXPLICIT
125		byKey [2] KeyHash }
126
127		KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
128		--(excluding the tag and length fields)
129
130		SingleResponse ::= SEQUENCE {
131		certID CertID,
132		certStatus CertStatus,
133		thisUpdate GeneralizedTime,
134		nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
135		singleExtensions [1] EXPLICIT Extensions OPTIONAL }
136
137		CertStatus ::= CHOICE {
138		good [0] IMPLICIT NULL,
139		revoked [1] IMPLICIT RevokedInfo,
140		unknown [2] IMPLICIT UnknownInfo }
141
142		RevokedInfo ::= SEQUENCE {
143		revocationTime GeneralizedTime,
144		revocationReason [0] EXPLICIT CRLReason OPTIONAL }
145
146		UnknownInfo ::= NULL -- this can be replaced with an enumeration
147
148		ArchiveCutoff ::= GeneralizedTime
149
150		AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
151
152		ServiceLocator ::= SEQUENCE {
153		issuer Name,
154		locator AuthorityInfoAccessSyntax }
155
156		-- Object Identifiers
157
158		id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 }
159		id-pkix-ocsp OBJECT IDENTIFIER ::= { id-ad-ocsp }
160		id-pkix-ocsp-basic OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
161		id-pkix-ocsp-nonce OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
162		id-pkix-ocsp-crl OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
163		id-pkix-ocsp-response OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
164		id-pkix-ocsp-nocheck OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
165		id-pkix-ocsp-archive-cutoff OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
166		id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
167
168		*/
169
170		/* Request Structures */
171
172		DECLARE_STACK_OF(Request)
173
174		typedef struct {
175		ASN1_INTEGER *version;
176		GENERAL_NAME *requestorName;
177		STACK_OF(Request) *requestList;
178		STACK_OF(X509_EXTENSION) *requestExtensions;
179		} TBSRequest;
180
181		typedef struct {
182		X509_ALGOR *signatureAlgorithm;
183		ASN1_BIT_STRING *signature;
184		STACK_OF(X509) *certs;
185		} Signature;
186
187		typedef struct {
188		TBSRequest *tbsRequest;
189		Signature *optionalSignature;
190		} OCSPRequest;
191
192		typedef struct {
193		X509_ALGOR *hashAlgorithm;
194		ASN1_OCTET_STRING *issuerNameHash;
195		ASN1_OCTET_STRING *issuerKeyHash;
196		ASN1_INTEGER *certificateSerialNumber;
197		} CertID;
198
199		typedef struct {
200		CertID *reqCert;
201		STACK_OF(X509_EXTENSION) *singleRequestExtensions;
202		} Request;
203
204		/* Response structures */
205
206		typedef struct {
207		ASN1_OBJECT *responseType;
208		ASN1_OCTET_STRING *response;
209		} ResponseBytes;
210
211		typedef struct {
212		ASN1_ENUMERATED *responseStatus;
213		ResponseBytes *responseBytes;
214		} OCSPResponse;
215
216		typedef struct {
217		int type;
218		union {
219		X509_NAME *byName;
220		ASN1_OCTET_STRING *byKey;
221		} d;
222		} ResponderID;
223
224		typedef struct {
225		ASN1_INTEGER *version;
226		ResponderID *responderID;
227		ASN1_GENERALIZEDTIME *producedAt;
228		STACK_OF(SingleResponse) *responses;
229		STACK_OF(X509_EXTENSION) *responseExtensions;
230		} ResponseData;
231
232		typedef struct {
233		ResponseData *tbsResponseData;
234		X509_ALGOR *signatureAlgorithm;
235		ASN1_BIT_STRING *signature;
236		STACK_OF(X509) *certs;
237		} BasicOCSPResponse;
238
239		typedef struct {
240		ASN1_GENERALIZEDTIME *revocationTime;
241		ASN1_ENUMERATED *revocationReason;
242		} RevokedInfo;
243
244		typedef struct {
245		int type;
246		union {
247		ASN1_NULL *good;
248		RevokedInfo *revoked;
249		ASN1_NULL *unknown;
250		} d;
251		} CertStatus;
252
253		typedef struct {
254		CertID *certID;
255		CertStatus *certStatus;
256		ASN1_GENERALIZEDTIME *thisUpdate;
257		ASN1_GENERALIZEDTIME *nextUpdate;
258		STACK_OF(X509_EXTENSION) *singleExtensions;
259		} SingleResponse;
260
261		typedef struct {
262		X509_NAME *issuer;
263		STACK_OF(ACCESS_DESCRIPTION) *locator;
264		} ServiceLocator;
265
266		/* Now the ASN1 templates */
267
268		IMPLEMENT_COMPAT_ASN1(X509);
269		IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
270		// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
271		IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
272		IMPLEMENT_COMPAT_ASN1(X509_NAME);
273
274		ASN1_SEQUENCE(X509_EXTENSION) = {
275		ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
276		ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
277		ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
278		} ASN1_SEQUENCE_END(X509_EXTENSION);
279
280
281		ASN1_SEQUENCE(Signature) = {
282		ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
283		ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
284		ASN1_SEQUENCE_OF(Signature, certs, X509)
285		} ASN1_SEQUENCE_END(Signature);
286
287		ASN1_SEQUENCE(CertID) = {
288		ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
289		ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
290		ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
291		ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
292		} ASN1_SEQUENCE_END(CertID);
293
294		ASN1_SEQUENCE(Request) = {
295		ASN1_SIMPLE(Request, reqCert, CertID),
296		ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
297		} ASN1_SEQUENCE_END(Request);
298
299		ASN1_SEQUENCE(TBSRequest) = {
300		ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
301		ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
302		ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
303		ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
304		} ASN1_SEQUENCE_END(TBSRequest);
305
306		ASN1_SEQUENCE(OCSPRequest) = {
307		ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
308		ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
309		} ASN1_SEQUENCE_END(OCSPRequest);
310
311		/* Response templates */
312
313		ASN1_SEQUENCE(ResponseBytes) = {
314		ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
315		ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
316		} ASN1_SEQUENCE_END(ResponseBytes);
317
318		ASN1_SEQUENCE(OCSPResponse) = {
319		ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
320		ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
321		} ASN1_SEQUENCE_END(OCSPResponse);
322
323		ASN1_CHOICE(ResponderID) = {
324		ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
325		ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
326		} ASN1_CHOICE_END(ResponderID);
327
328		ASN1_SEQUENCE(RevokedInfo) = {
329		ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
330		ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
331		} ASN1_SEQUENCE_END(RevokedInfo);
332
333		ASN1_CHOICE(CertStatus) = {
334		ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
335		ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
336		ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
337		} ASN1_CHOICE_END(CertStatus);
338
339		ASN1_SEQUENCE(SingleResponse) = {
340		ASN1_SIMPLE(SingleResponse, certID, CertID),
341		ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
342		ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
343		ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
344		ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
345		} ASN1_SEQUENCE_END(SingleResponse);
346
347		ASN1_SEQUENCE(ResponseData) = {
348		ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
349		ASN1_SIMPLE(ResponseData, responderID, ResponderID),
350		ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
351		ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
352		ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
353		} ASN1_SEQUENCE_END(ResponseData);
354
355		ASN1_SEQUENCE(BasicOCSPResponse) = {
356		ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
357		ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
358		ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
359		ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
360		} ASN1_SEQUENCE_END(BasicOCSPResponse);