[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Fri Sep 25 15:33:25 UTC 2015


The branch master has been updated
       via  0c71c88bb3fdc570218ad575f5f560ae5a9a40c8 (commit)
      from  51a6081719373d5dabda0d628d1637c501dd2068 (commit)


- Log -----------------------------------------------------------------
commit 0c71c88bb3fdc570218ad575f5f560ae5a9a40c8
Author: Rich Salz <rsalz at openssl.org>
Date:   Fri Sep 25 11:32:45 2015 -0400

    Remove obsolete OCSP demo
    
    Reviewed-by: Dr. Stephen Henson <steve at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 demos/asn1/README.ASN1 |   7 -
 demos/asn1/ocsp.c      | 361 -------------------------------------------------
 2 files changed, 368 deletions(-)
 delete mode 100644 demos/asn1/README.ASN1
 delete mode 100644 demos/asn1/ocsp.c

diff --git a/demos/asn1/README.ASN1 b/demos/asn1/README.ASN1
deleted file mode 100644
index ac497be..0000000
--- a/demos/asn1/README.ASN1
+++ /dev/null
@@ -1,7 +0,0 @@
-This is a demo of the new ASN1 code. Its an OCSP ASN1 module. Doesn't
-do much yet other than demonstrate what the new ASN1 modules might look
-like.
-
-It wont even compile yet: the new code isn't in place.
-
-
diff --git a/demos/asn1/ocsp.c b/demos/asn1/ocsp.c
deleted file mode 100644
index db40719..0000000
--- a/demos/asn1/ocsp.c
+++ /dev/null
@@ -1,361 +0,0 @@
-/* ocsp.c */
-/*
- * Written by Dr Stephen N Henson (steve at openssl.org) for the OpenSSL project
- * 2000.
- */
-/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing at OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay at cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh at cryptsoft.com).
- *
- */
-#include <openssl/asn1.h>
-#include <openssl/asn1t.h>
-#include <openssl/x509v3.h>
-
-/*-
-   Example of new ASN1 code, OCSP request
-
-        OCSPRequest     ::=     SEQUENCE {
-            tbsRequest                  TBSRequest,
-            optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
-
-        TBSRequest      ::=     SEQUENCE {
-            version             [0] EXPLICIT Version DEFAULT v1,
-            requestorName       [1] EXPLICIT GeneralName OPTIONAL,
-            requestList             SEQUENCE OF Request,
-            requestExtensions   [2] EXPLICIT Extensions OPTIONAL }
-
-        Signature       ::=     SEQUENCE {
-            signatureAlgorithm   AlgorithmIdentifier,
-            signature            BIT STRING,
-            certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
-        Version  ::=  INTEGER  {  v1(0) }
-
-        Request ::=     SEQUENCE {
-            reqCert                    CertID,
-            singleRequestExtensions    [0] EXPLICIT Extensions OPTIONAL }
-
-        CertID ::= SEQUENCE {
-            hashAlgorithm            AlgorithmIdentifier,
-            issuerNameHash     OCTET STRING, -- Hash of Issuer's DN
-            issuerKeyHash      OCTET STRING, -- Hash of Issuers public key
-            serialNumber       CertificateSerialNumber }
-
-        OCSPResponse ::= SEQUENCE {
-           responseStatus         OCSPResponseStatus,
-           responseBytes          [0] EXPLICIT ResponseBytes OPTIONAL }
-
-        OCSPResponseStatus ::= ENUMERATED {
-            successful            (0),      --Response has valid confirmations
-            malformedRequest      (1),      --Illegal confirmation request
-            internalError         (2),      --Internal error in issuer
-            tryLater              (3),      --Try again later
-                                            --(4) is not used
-            sigRequired           (5),      --Must sign the request
-            unauthorized          (6)       --Request unauthorized
-        }
-
-        ResponseBytes ::=       SEQUENCE {
-            responseType   OBJECT IDENTIFIER,
-            response       OCTET STRING }
-
-        BasicOCSPResponse       ::= SEQUENCE {
-           tbsResponseData      ResponseData,
-           signatureAlgorithm   AlgorithmIdentifier,
-           signature            BIT STRING,
-           certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
-
-        ResponseData ::= SEQUENCE {
-           version              [0] EXPLICIT Version DEFAULT v1,
-           responderID              ResponderID,
-           producedAt               GeneralizedTime,
-           responses                SEQUENCE OF SingleResponse,
-           responseExtensions   [1] EXPLICIT Extensions OPTIONAL }
-
-        ResponderID ::= CHOICE {
-           byName   [1] Name,    --EXPLICIT
-           byKey    [2] KeyHash }
-
-        KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
-                                 --(excluding the tag and length fields)
-
-        SingleResponse ::= SEQUENCE {
-           certID                       CertID,
-           certStatus                   CertStatus,
-           thisUpdate                   GeneralizedTime,
-           nextUpdate           [0]     EXPLICIT GeneralizedTime OPTIONAL,
-           singleExtensions     [1]     EXPLICIT Extensions OPTIONAL }
-
-        CertStatus ::= CHOICE {
-            good                [0]     IMPLICIT NULL,
-            revoked             [1]     IMPLICIT RevokedInfo,
-            unknown             [2]     IMPLICIT UnknownInfo }
-
-        RevokedInfo ::= SEQUENCE {
-            revocationTime              GeneralizedTime,
-            revocationReason    [0]     EXPLICIT CRLReason OPTIONAL }
-
-        UnknownInfo ::= NULL -- this can be replaced with an enumeration
-
-        ArchiveCutoff ::= GeneralizedTime
-
-        AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER
-
-        ServiceLocator ::= SEQUENCE {
-            issuer    Name,
-            locator   AuthorityInfoAccessSyntax }
-
-        -- Object Identifiers
-
-        id-kp-OCSPSigning            OBJECT IDENTIFIER ::= { id-kp 9 }
-        id-pkix-ocsp                 OBJECT IDENTIFIER ::= { id-ad-ocsp }
-        id-pkix-ocsp-basic           OBJECT IDENTIFIER ::= { id-pkix-ocsp 1 }
-        id-pkix-ocsp-nonce           OBJECT IDENTIFIER ::= { id-pkix-ocsp 2 }
-        id-pkix-ocsp-crl             OBJECT IDENTIFIER ::= { id-pkix-ocsp 3 }
-        id-pkix-ocsp-response        OBJECT IDENTIFIER ::= { id-pkix-ocsp 4 }
-        id-pkix-ocsp-nocheck         OBJECT IDENTIFIER ::= { id-pkix-ocsp 5 }
-        id-pkix-ocsp-archive-cutoff  OBJECT IDENTIFIER ::= { id-pkix-ocsp 6 }
-        id-pkix-ocsp-service-locator OBJECT IDENTIFIER ::= { id-pkix-ocsp 7 }
-
-*/
-
-/* Request Structures */
-
-DECLARE_STACK_OF(Request)
-
-typedef struct {
-    ASN1_INTEGER *version;
-    GENERAL_NAME *requestorName;
-    STACK_OF(Request) *requestList;
-    STACK_OF(X509_EXTENSION) *requestExtensions;
-} TBSRequest;
-
-typedef struct {
-    X509_ALGOR *signatureAlgorithm;
-    ASN1_BIT_STRING *signature;
-    STACK_OF(X509) *certs;
-} Signature;
-
-typedef struct {
-    TBSRequest *tbsRequest;
-    Signature *optionalSignature;
-} OCSPRequest;
-
-typedef struct {
-    X509_ALGOR *hashAlgorithm;
-    ASN1_OCTET_STRING *issuerNameHash;
-    ASN1_OCTET_STRING *issuerKeyHash;
-    ASN1_INTEGER *certificateSerialNumber;
-} CertID;
-
-typedef struct {
-    CertID *reqCert;
-    STACK_OF(X509_EXTENSION) *singleRequestExtensions;
-} Request;
-
-/* Response structures */
-
-typedef struct {
-    ASN1_OBJECT *responseType;
-    ASN1_OCTET_STRING *response;
-} ResponseBytes;
-
-typedef struct {
-    ASN1_ENUMERATED *responseStatus;
-    ResponseBytes *responseBytes;
-} OCSPResponse;
-
-typedef struct {
-    int type;
-    union {
-        X509_NAME *byName;
-        ASN1_OCTET_STRING *byKey;
-    } d;
-} ResponderID;
-
-typedef struct {
-    ASN1_INTEGER *version;
-    ResponderID *responderID;
-    ASN1_GENERALIZEDTIME *producedAt;
-    STACK_OF(SingleResponse) *responses;
-    STACK_OF(X509_EXTENSION) *responseExtensions;
-} ResponseData;
-
-typedef struct {
-    ResponseData *tbsResponseData;
-    X509_ALGOR *signatureAlgorithm;
-    ASN1_BIT_STRING *signature;
-    STACK_OF(X509) *certs;
-} BasicOCSPResponse;
-
-typedef struct {
-    ASN1_GENERALIZEDTIME *revocationTime;
-    ASN1_ENUMERATED *revocationReason;
-} RevokedInfo;
-
-typedef struct {
-    int type;
-    union {
-        ASN1_NULL *good;
-        RevokedInfo *revoked;
-        ASN1_NULL *unknown;
-    } d;
-} CertStatus;
-
-typedef struct {
-    CertID *certID;
-    CertStatus *certStatus;
-    ASN1_GENERALIZEDTIME *thisUpdate;
-    ASN1_GENERALIZEDTIME *nextUpdate;
-    STACK_OF(X509_EXTENSION) *singleExtensions;
-} SingleResponse;
-
-typedef struct {
-    X509_NAME *issuer;
-    STACK_OF(ACCESS_DESCRIPTION) *locator;
-} ServiceLocator;
-
-/* Now the ASN1 templates */
-
-IMPLEMENT_COMPAT_ASN1(X509);
-IMPLEMENT_COMPAT_ASN1(X509_ALGOR);
-// IMPLEMENT_COMPAT_ASN1(X509_EXTENSION);
-IMPLEMENT_COMPAT_ASN1(GENERAL_NAME);
-IMPLEMENT_COMPAT_ASN1(X509_NAME);
-
-ASN1_SEQUENCE(X509_EXTENSION) = {
-        ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
-        ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN),
-        ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(X509_EXTENSION);
-
-
-ASN1_SEQUENCE(Signature) = {
-        ASN1_SIMPLE(Signature, signatureAlgorithm, X509_ALGOR),
-        ASN1_SIMPLE(Signature, signature, ASN1_BIT_STRING),
-        ASN1_SEQUENCE_OF(Signature, certs, X509)
-} ASN1_SEQUENCE_END(Signature);
-
-ASN1_SEQUENCE(CertID) = {
-        ASN1_SIMPLE(CertID, hashAlgorithm, X509_ALGOR),
-        ASN1_SIMPLE(CertID, issuerNameHash, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(CertID, issuerKeyHash, ASN1_OCTET_STRING),
-        ASN1_SIMPLE(CertID, certificateSerialNumber, ASN1_INTEGER)
-} ASN1_SEQUENCE_END(CertID);
-
-ASN1_SEQUENCE(Request) = {
-        ASN1_SIMPLE(Request, reqCert, CertID),
-        ASN1_EXP_SEQUENCE_OF_OPT(Request, singleRequestExtensions, X509_EXTENSION, 0)
-} ASN1_SEQUENCE_END(Request);
-
-ASN1_SEQUENCE(TBSRequest) = {
-        ASN1_EXP_OPT(TBSRequest, version, ASN1_INTEGER, 0),
-        ASN1_EXP_OPT(TBSRequest, requestorName, GENERAL_NAME, 1),
-        ASN1_SEQUENCE_OF(TBSRequest, requestList, Request),
-        ASN1_EXP_SEQUENCE_OF_OPT(TBSRequest, requestExtensions, X509_EXTENSION, 2)
-} ASN1_SEQUENCE_END(TBSRequest);
-
-ASN1_SEQUENCE(OCSPRequest) = {
-        ASN1_SIMPLE(OCSPRequest, tbsRequest, TBSRequest),
-        ASN1_EXP_OPT(OCSPRequest, optionalSignature, Signature, 0)
-} ASN1_SEQUENCE_END(OCSPRequest);
-
-/* Response templates */
-
-ASN1_SEQUENCE(ResponseBytes) = {
-            ASN1_SIMPLE(ResponseBytes, responseType, ASN1_OBJECT),
-            ASN1_SIMPLE(ResponseBytes, response, ASN1_OCTET_STRING)
-} ASN1_SEQUENCE_END(ResponseBytes);
-
-ASN1_SEQUENCE(OCSPResponse) = {
-        ASN1_SIMPLE(OCSPResponse, responseStatus, ASN1_ENUMERATED),
-        ASN1_EXP_OPT(OCSPResponse, responseBytes, ResponseBytes, 0)
-} ASN1_SEQUENCE_END(OCSPResponse);
-
-ASN1_CHOICE(ResponderID) = {
-           ASN1_EXP(ResponderID, d.byName, X509_NAME, 1),
-           ASN1_IMP(ResponderID, d.byKey, ASN1_OCTET_STRING, 2)
-} ASN1_CHOICE_END(ResponderID);
-
-ASN1_SEQUENCE(RevokedInfo) = {
-        ASN1_SIMPLE(RevokedInfo, revocationTime, ASN1_GENERALIZEDTIME),
-        ASN1_EXP_OPT(RevokedInfo, revocationReason, ASN1_ENUMERATED, 0)
-} ASN1_SEQUENCE_END(RevokedInfo);
-
-ASN1_CHOICE(CertStatus) = {
-        ASN1_IMP(CertStatus, d.good, ASN1_NULL, 0),
-        ASN1_IMP(CertStatus, d.revoked, RevokedInfo, 1),
-        ASN1_IMP(CertStatus, d.unknown, ASN1_NULL, 2)
-} ASN1_CHOICE_END(CertStatus);
-
-ASN1_SEQUENCE(SingleResponse) = {
-           ASN1_SIMPLE(SingleResponse, certID, CertID),
-           ASN1_SIMPLE(SingleResponse, certStatus, CertStatus),
-           ASN1_SIMPLE(SingleResponse, thisUpdate, ASN1_GENERALIZEDTIME),
-           ASN1_EXP_OPT(SingleResponse, nextUpdate, ASN1_GENERALIZEDTIME, 0),
-           ASN1_EXP_SEQUENCE_OF_OPT(SingleResponse, singleExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(SingleResponse);
-
-ASN1_SEQUENCE(ResponseData) = {
-           ASN1_EXP_OPT(ResponseData, version, ASN1_INTEGER, 0),
-           ASN1_SIMPLE(ResponseData, responderID, ResponderID),
-           ASN1_SIMPLE(ResponseData, producedAt, ASN1_GENERALIZEDTIME),
-           ASN1_SEQUENCE_OF(ResponseData, responses, SingleResponse),
-           ASN1_EXP_SEQUENCE_OF_OPT(ResponseData, responseExtensions, X509_EXTENSION, 1)
-} ASN1_SEQUENCE_END(ResponseData);
-
-ASN1_SEQUENCE(BasicOCSPResponse) = {
-           ASN1_SIMPLE(BasicOCSPResponse, tbsResponseData, ResponseData),
-           ASN1_SIMPLE(BasicOCSPResponse, signatureAlgorithm, X509_ALGOR),
-           ASN1_SIMPLE(BasicOCSPResponse, signature, ASN1_BIT_STRING),
-           ASN1_EXP_SEQUENCE_OF_OPT(BasicOCSPResponse, certs, X509, 0)
-} ASN1_SEQUENCE_END(BasicOCSPResponse);


More information about the openssl-commits mailing list