forked from aws/aws-lc
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathv3_ocsp.c
165 lines (142 loc) · 3.81 KB
/
v3_ocsp.c
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
/*
* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <string.h>
#include <openssl/x509.h>
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/nid.h>
#include "../internal.h"
// OCSP extensions and a couple of CRL entry extensions
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
BIO *bp, int indent);
static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent);
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
BIO *out, int indent);
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
const X509V3_CTX *ctx, const char *str);
const X509V3_EXT_METHOD v3_crl_invdate = {
NID_invalidity_date,
0,
ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
0,
0,
0,
0,
0,
0,
0,
0,
i2r_ocsp_acutoff,
0,
NULL,
};
const X509V3_EXT_METHOD v3_ocsp_nonce = {
NID_id_pkix_OCSP_Nonce,
0,
NULL,
ocsp_nonce_new,
ocsp_nonce_free,
d2i_ocsp_nonce,
i2d_ocsp_nonce,
0,
0,
0,
0,
i2r_ocsp_nonce,
0,
NULL
};
const X509V3_EXT_METHOD v3_ocsp_nocheck = {
NID_id_pkix_OCSP_noCheck,
0,
ASN1_ITEM_ref(ASN1_NULL),
0,
0,
0,
0,
0,
s2i_ocsp_nocheck,
0,
0,
i2r_ocsp_nocheck,
0,
NULL,
};
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
BIO *bp, int ind) {
if (BIO_printf(bp, "%*s", ind, "") <= 0) {
return 0;
}
if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) {
return 0;
}
return 1;
}
// OCSP nonce. This is needs special treatment because it doesn't have an
// ASN1 encoding at all: it just contains arbitrary data.
static void *ocsp_nonce_new(void) { return ASN1_OCTET_STRING_new(); }
static int i2d_ocsp_nonce(void *a, unsigned char **pp) {
ASN1_OCTET_STRING *os = a;
if (pp != NULL) {
OPENSSL_memcpy(*pp, os->data, os->length);
*pp += os->length;
}
return os->length;
}
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) {
ASN1_OCTET_STRING *os, **pos;
pos = a;
if (pos == NULL || *pos == NULL) {
os = ASN1_OCTET_STRING_new();
if (os == NULL) {
goto err;
}
} else {
os = *pos;
}
if (!ASN1_OCTET_STRING_set(os, *pp, (int)length)) {
goto err;
}
*pp += length;
if (pos != NULL) {
*pos = os;
}
return os;
err:
if ((pos == NULL) || (*pos != os)) {
ASN1_OCTET_STRING_free(os);
}
OPENSSL_PUT_ERROR(OCSP, ERR_R_MALLOC_FAILURE);
return NULL;
}
static void ocsp_nonce_free(void *a) { ASN1_OCTET_STRING_free(a); }
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
BIO *out, int indent) {
if (BIO_printf(out, "%*s", indent, "") <= 0) {
return 0;
}
if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) {
return 0;
}
return 1;
}
// Nocheck is just a single NULL. Don't print anything and always set it
static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
BIO *out, int indent) {
return 1;
}
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
const X509V3_CTX *ctx, const char *str) {
return ASN1_NULL_new();
}