Line data Source code
1 : /* v3_ocsp.c */
2 : /*
3 : * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
4 : * 1999.
5 : */
6 : /* ====================================================================
7 : * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 : *
9 : * Redistribution and use in source and binary forms, with or without
10 : * modification, are permitted provided that the following conditions
11 : * are met:
12 : *
13 : * 1. Redistributions of source code must retain the above copyright
14 : * notice, this list of conditions and the following disclaimer.
15 : *
16 : * 2. Redistributions in binary form must reproduce the above copyright
17 : * notice, this list of conditions and the following disclaimer in
18 : * the documentation and/or other materials provided with the
19 : * distribution.
20 : *
21 : * 3. All advertising materials mentioning features or use of this
22 : * software must display the following acknowledgment:
23 : * "This product includes software developed by the OpenSSL Project
24 : * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 : *
26 : * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 : * endorse or promote products derived from this software without
28 : * prior written permission. For written permission, please contact
29 : * licensing@OpenSSL.org.
30 : *
31 : * 5. Products derived from this software may not be called "OpenSSL"
32 : * nor may "OpenSSL" appear in their names without prior written
33 : * permission of the OpenSSL Project.
34 : *
35 : * 6. Redistributions of any form whatsoever must retain the following
36 : * acknowledgment:
37 : * "This product includes software developed by the OpenSSL Project
38 : * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 : *
40 : * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 : * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 : * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 : * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 : * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 : * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 : * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 : * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 : * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 : * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 : * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 : * OF THE POSSIBILITY OF SUCH DAMAGE.
52 : * ====================================================================
53 : *
54 : * This product includes cryptographic software written by Eric Young
55 : * (eay@cryptsoft.com). This product includes software written by Tim
56 : * Hudson (tjh@cryptsoft.com).
57 : *
58 : */
59 :
60 : #ifndef OPENSSL_NO_OCSP
61 :
62 : # include <stdio.h>
63 : # include "cryptlib.h"
64 : # include <openssl/conf.h>
65 : # include <openssl/asn1.h>
66 : # include <openssl/ocsp.h>
67 : # include <openssl/x509v3.h>
68 :
69 : /*
70 : * OCSP extensions and a couple of CRL entry extensions
71 : */
72 :
73 : static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
74 : BIO *out, int indent);
75 : static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
76 : BIO *out, int indent);
77 : static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
78 : int indent);
79 :
80 : static void *ocsp_nonce_new(void);
81 : static int i2d_ocsp_nonce(void *a, unsigned char **pp);
82 : static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
83 : static void ocsp_nonce_free(void *a);
84 : static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
85 : BIO *out, int indent);
86 :
87 : static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
88 : void *nocheck, BIO *out, int indent);
89 : static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
90 : X509V3_CTX *ctx, const char *str);
91 : static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
92 : BIO *bp, int ind);
93 :
94 : const X509V3_EXT_METHOD v3_ocsp_crlid = {
95 : NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
96 : 0, 0, 0, 0,
97 : 0, 0,
98 : 0, 0,
99 : i2r_ocsp_crlid, 0,
100 : NULL
101 : };
102 :
103 : const X509V3_EXT_METHOD v3_ocsp_acutoff = {
104 : NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
105 : 0, 0, 0, 0,
106 : 0, 0,
107 : 0, 0,
108 : i2r_ocsp_acutoff, 0,
109 : NULL
110 : };
111 :
112 : const X509V3_EXT_METHOD v3_crl_invdate = {
113 : NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
114 : 0, 0, 0, 0,
115 : 0, 0,
116 : 0, 0,
117 : i2r_ocsp_acutoff, 0,
118 : NULL
119 : };
120 :
121 : const X509V3_EXT_METHOD v3_crl_hold = {
122 : NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
123 : 0, 0, 0, 0,
124 : 0, 0,
125 : 0, 0,
126 : i2r_object, 0,
127 : NULL
128 : };
129 :
130 : const X509V3_EXT_METHOD v3_ocsp_nonce = {
131 : NID_id_pkix_OCSP_Nonce, 0, NULL,
132 : ocsp_nonce_new,
133 : ocsp_nonce_free,
134 : d2i_ocsp_nonce,
135 : i2d_ocsp_nonce,
136 : 0, 0,
137 : 0, 0,
138 : i2r_ocsp_nonce, 0,
139 : NULL
140 : };
141 :
142 : const X509V3_EXT_METHOD v3_ocsp_nocheck = {
143 : NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
144 : 0, 0, 0, 0,
145 : 0, s2i_ocsp_nocheck,
146 : 0, 0,
147 : i2r_ocsp_nocheck, 0,
148 : NULL
149 : };
150 :
151 : const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
152 : NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
153 : 0, 0, 0, 0,
154 : 0, 0,
155 : 0, 0,
156 : i2r_ocsp_serviceloc, 0,
157 : NULL
158 : };
159 :
160 0 : static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
161 : int ind)
162 : {
163 : OCSP_CRLID *a = in;
164 0 : if (a->crlUrl) {
165 0 : if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
166 : goto err;
167 0 : if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
168 : goto err;
169 0 : if (BIO_write(bp, "\n", 1) <= 0)
170 : goto err;
171 : }
172 0 : if (a->crlNum) {
173 0 : if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
174 : goto err;
175 0 : if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
176 : goto err;
177 0 : if (BIO_write(bp, "\n", 1) <= 0)
178 : goto err;
179 : }
180 0 : if (a->crlTime) {
181 0 : if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
182 : goto err;
183 0 : if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
184 : goto err;
185 0 : if (BIO_write(bp, "\n", 1) <= 0)
186 : goto err;
187 : }
188 : return 1;
189 : err:
190 : return 0;
191 : }
192 :
193 0 : static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
194 : BIO *bp, int ind)
195 : {
196 0 : if (BIO_printf(bp, "%*s", ind, "") <= 0)
197 : return 0;
198 0 : if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
199 : return 0;
200 0 : return 1;
201 : }
202 :
203 0 : static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
204 : int ind)
205 : {
206 0 : if (BIO_printf(bp, "%*s", ind, "") <= 0)
207 : return 0;
208 0 : if (i2a_ASN1_OBJECT(bp, oid) <= 0)
209 : return 0;
210 0 : return 1;
211 : }
212 :
213 : /*
214 : * OCSP nonce. This is needs special treatment because it doesn't have an
215 : * ASN1 encoding at all: it just contains arbitrary data.
216 : */
217 :
218 0 : static void *ocsp_nonce_new(void)
219 : {
220 0 : return ASN1_OCTET_STRING_new();
221 : }
222 :
223 0 : static int i2d_ocsp_nonce(void *a, unsigned char **pp)
224 : {
225 : ASN1_OCTET_STRING *os = a;
226 0 : if (pp) {
227 0 : memcpy(*pp, os->data, os->length);
228 0 : *pp += os->length;
229 : }
230 0 : return os->length;
231 : }
232 :
233 0 : static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
234 : {
235 : ASN1_OCTET_STRING *os, **pos;
236 : pos = a;
237 0 : if (!pos || !*pos)
238 0 : os = ASN1_OCTET_STRING_new();
239 : else
240 : os = *pos;
241 0 : if (!ASN1_OCTET_STRING_set(os, *pp, length))
242 : goto err;
243 :
244 0 : *pp += length;
245 :
246 0 : if (pos)
247 0 : *pos = os;
248 0 : return os;
249 :
250 : err:
251 0 : if (os && (!pos || (*pos != os)))
252 0 : M_ASN1_OCTET_STRING_free(os);
253 0 : OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
254 0 : return NULL;
255 : }
256 :
257 0 : static void ocsp_nonce_free(void *a)
258 : {
259 0 : M_ASN1_OCTET_STRING_free(a);
260 0 : }
261 :
262 0 : static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
263 : BIO *out, int indent)
264 : {
265 0 : if (BIO_printf(out, "%*s", indent, "") <= 0)
266 : return 0;
267 0 : if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
268 : return 0;
269 0 : return 1;
270 : }
271 :
272 : /* Nocheck is just a single NULL. Don't print anything and always set it */
273 :
274 0 : static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
275 : BIO *out, int indent)
276 : {
277 0 : return 1;
278 : }
279 :
280 0 : static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
281 : X509V3_CTX *ctx, const char *str)
282 : {
283 0 : return ASN1_NULL_new();
284 : }
285 :
286 0 : static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
287 : BIO *bp, int ind)
288 : {
289 : int i;
290 : OCSP_SERVICELOC *a = in;
291 : ACCESS_DESCRIPTION *ad;
292 :
293 0 : if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
294 : goto err;
295 0 : if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
296 : goto err;
297 0 : for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
298 0 : ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
299 0 : if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
300 : goto err;
301 0 : if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
302 : goto err;
303 0 : if (BIO_puts(bp, " - ") <= 0)
304 : goto err;
305 0 : if (GENERAL_NAME_print(bp, ad->location) <= 0)
306 : goto err;
307 : }
308 : return 1;
309 : err:
310 : return 0;
311 : }
312 : #endif
|
