/src/openssl111/crypto/ocsp/ocsp_ht.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2001-2017 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the OpenSSL license (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include "e_os.h" |
11 | | #include <stdio.h> |
12 | | #include <stdlib.h> |
13 | | #include "crypto/ctype.h" |
14 | | #include <string.h> |
15 | | #include <openssl/asn1.h> |
16 | | #include <openssl/ocsp.h> |
17 | | #include <openssl/err.h> |
18 | | #include <openssl/buffer.h> |
19 | | |
20 | | /* Stateful OCSP request code, supporting non-blocking I/O */ |
21 | | |
22 | | /* Opaque OCSP request status structure */ |
23 | | |
24 | | struct ocsp_req_ctx_st { |
25 | | int state; /* Current I/O state */ |
26 | | unsigned char *iobuf; /* Line buffer */ |
27 | | int iobuflen; /* Line buffer length */ |
28 | | BIO *io; /* BIO to perform I/O with */ |
29 | | BIO *mem; /* Memory BIO response is built into */ |
30 | | unsigned long asn1_len; /* ASN1 length of response */ |
31 | | unsigned long max_resp_len; /* Maximum length of response */ |
32 | | }; |
33 | | |
34 | 0 | #define OCSP_MAX_RESP_LENGTH (100 * 1024) |
35 | 0 | #define OCSP_MAX_LINE_LEN 4096; |
36 | | |
37 | | /* OCSP states */ |
38 | | |
39 | | /* If set no reading should be performed */ |
40 | 0 | #define OHS_NOREAD 0x1000 |
41 | | /* Error condition */ |
42 | 0 | #define OHS_ERROR (0 | OHS_NOREAD) |
43 | | /* First line being read */ |
44 | 0 | #define OHS_FIRSTLINE 1 |
45 | | /* MIME headers being read */ |
46 | 0 | #define OHS_HEADERS 2 |
47 | | /* OCSP initial header (tag + length) being read */ |
48 | 0 | #define OHS_ASN1_HEADER 3 |
49 | | /* OCSP content octets being read */ |
50 | 0 | #define OHS_ASN1_CONTENT 4 |
51 | | /* First call: ready to start I/O */ |
52 | 0 | #define OHS_ASN1_WRITE_INIT (5 | OHS_NOREAD) |
53 | | /* Request being sent */ |
54 | 0 | #define OHS_ASN1_WRITE (6 | OHS_NOREAD) |
55 | | /* Request being flushed */ |
56 | 0 | #define OHS_ASN1_FLUSH (7 | OHS_NOREAD) |
57 | | /* Completed */ |
58 | 0 | #define OHS_DONE (8 | OHS_NOREAD) |
59 | | /* Headers set, no final \r\n included */ |
60 | 0 | #define OHS_HTTP_HEADER (9 | OHS_NOREAD) |
61 | | |
62 | | static int parse_http_line1(char *line); |
63 | | |
64 | | OCSP_REQ_CTX *OCSP_REQ_CTX_new(BIO *io, int maxline) |
65 | 0 | { |
66 | 0 | OCSP_REQ_CTX *rctx = OPENSSL_zalloc(sizeof(*rctx)); |
67 | |
|
68 | 0 | if (rctx == NULL) |
69 | 0 | return NULL; |
70 | 0 | rctx->state = OHS_ERROR; |
71 | 0 | rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; |
72 | 0 | rctx->mem = BIO_new(BIO_s_mem()); |
73 | 0 | rctx->io = io; |
74 | 0 | if (maxline > 0) |
75 | 0 | rctx->iobuflen = maxline; |
76 | 0 | else |
77 | 0 | rctx->iobuflen = OCSP_MAX_LINE_LEN; |
78 | 0 | rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); |
79 | 0 | if (rctx->iobuf == NULL || rctx->mem == NULL) { |
80 | 0 | OCSP_REQ_CTX_free(rctx); |
81 | 0 | return NULL; |
82 | 0 | } |
83 | 0 | return rctx; |
84 | 0 | } |
85 | | |
86 | | void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx) |
87 | 0 | { |
88 | 0 | if (!rctx) |
89 | 0 | return; |
90 | 0 | BIO_free(rctx->mem); |
91 | 0 | OPENSSL_free(rctx->iobuf); |
92 | 0 | OPENSSL_free(rctx); |
93 | 0 | } |
94 | | |
95 | | BIO *OCSP_REQ_CTX_get0_mem_bio(OCSP_REQ_CTX *rctx) |
96 | 0 | { |
97 | 0 | return rctx->mem; |
98 | 0 | } |
99 | | |
100 | | void OCSP_set_max_response_length(OCSP_REQ_CTX *rctx, unsigned long len) |
101 | 0 | { |
102 | 0 | if (len == 0) |
103 | 0 | rctx->max_resp_len = OCSP_MAX_RESP_LENGTH; |
104 | 0 | else |
105 | 0 | rctx->max_resp_len = len; |
106 | 0 | } |
107 | | |
108 | | int OCSP_REQ_CTX_i2d(OCSP_REQ_CTX *rctx, const ASN1_ITEM *it, ASN1_VALUE *val) |
109 | 0 | { |
110 | 0 | static const char req_hdr[] = |
111 | 0 | "Content-Type: application/ocsp-request\r\n" |
112 | 0 | "Content-Length: %d\r\n\r\n"; |
113 | 0 | int reqlen = ASN1_item_i2d(val, NULL, it); |
114 | 0 | if (BIO_printf(rctx->mem, req_hdr, reqlen) <= 0) |
115 | 0 | return 0; |
116 | 0 | if (ASN1_item_i2d_bio(it, rctx->mem, val) <= 0) |
117 | 0 | return 0; |
118 | 0 | rctx->state = OHS_ASN1_WRITE_INIT; |
119 | 0 | return 1; |
120 | 0 | } |
121 | | |
122 | | int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx, |
123 | | ASN1_VALUE **pval, const ASN1_ITEM *it) |
124 | 0 | { |
125 | 0 | int rv, len; |
126 | 0 | const unsigned char *p; |
127 | |
|
128 | 0 | rv = OCSP_REQ_CTX_nbio(rctx); |
129 | 0 | if (rv != 1) |
130 | 0 | return rv; |
131 | | |
132 | 0 | len = BIO_get_mem_data(rctx->mem, &p); |
133 | 0 | *pval = ASN1_item_d2i(NULL, &p, len, it); |
134 | 0 | if (*pval == NULL) { |
135 | 0 | rctx->state = OHS_ERROR; |
136 | 0 | return 0; |
137 | 0 | } |
138 | 0 | return 1; |
139 | 0 | } |
140 | | |
141 | | int OCSP_REQ_CTX_http(OCSP_REQ_CTX *rctx, const char *op, const char *path) |
142 | 0 | { |
143 | 0 | static const char http_hdr[] = "%s %s HTTP/1.0\r\n"; |
144 | |
|
145 | 0 | if (!path) |
146 | 0 | path = "/"; |
147 | |
|
148 | 0 | if (BIO_printf(rctx->mem, http_hdr, op, path) <= 0) |
149 | 0 | return 0; |
150 | 0 | rctx->state = OHS_HTTP_HEADER; |
151 | 0 | return 1; |
152 | 0 | } |
153 | | |
154 | | int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req) |
155 | 0 | { |
156 | 0 | return OCSP_REQ_CTX_i2d(rctx, ASN1_ITEM_rptr(OCSP_REQUEST), |
157 | 0 | (ASN1_VALUE *)req); |
158 | 0 | } |
159 | | |
160 | | int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, |
161 | | const char *name, const char *value) |
162 | 0 | { |
163 | 0 | if (!name) |
164 | 0 | return 0; |
165 | 0 | if (BIO_puts(rctx->mem, name) <= 0) |
166 | 0 | return 0; |
167 | 0 | if (value) { |
168 | 0 | if (BIO_write(rctx->mem, ": ", 2) != 2) |
169 | 0 | return 0; |
170 | 0 | if (BIO_puts(rctx->mem, value) <= 0) |
171 | 0 | return 0; |
172 | 0 | } |
173 | 0 | if (BIO_write(rctx->mem, "\r\n", 2) != 2) |
174 | 0 | return 0; |
175 | 0 | rctx->state = OHS_HTTP_HEADER; |
176 | 0 | return 1; |
177 | 0 | } |
178 | | |
179 | | OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, |
180 | | int maxline) |
181 | 0 | { |
182 | |
|
183 | 0 | OCSP_REQ_CTX *rctx = NULL; |
184 | 0 | rctx = OCSP_REQ_CTX_new(io, maxline); |
185 | 0 | if (rctx == NULL) |
186 | 0 | return NULL; |
187 | | |
188 | 0 | if (!OCSP_REQ_CTX_http(rctx, "POST", path)) |
189 | 0 | goto err; |
190 | | |
191 | 0 | if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) |
192 | 0 | goto err; |
193 | | |
194 | 0 | return rctx; |
195 | | |
196 | 0 | err: |
197 | 0 | OCSP_REQ_CTX_free(rctx); |
198 | 0 | return NULL; |
199 | 0 | } |
200 | | |
201 | | /* |
202 | | * Parse the HTTP response. This will look like this: "HTTP/1.0 200 OK". We |
203 | | * need to obtain the numeric code and (optional) informational message. |
204 | | */ |
205 | | |
206 | | static int parse_http_line1(char *line) |
207 | 0 | { |
208 | 0 | int retcode; |
209 | 0 | char *p, *q, *r; |
210 | | /* Skip to first white space (passed protocol info) */ |
211 | |
|
212 | 0 | for (p = line; *p && !ossl_isspace(*p); p++) |
213 | 0 | continue; |
214 | 0 | if (!*p) { |
215 | 0 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); |
216 | 0 | return 0; |
217 | 0 | } |
218 | | |
219 | | /* Skip past white space to start of response code */ |
220 | 0 | while (*p && ossl_isspace(*p)) |
221 | 0 | p++; |
222 | |
|
223 | 0 | if (!*p) { |
224 | 0 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); |
225 | 0 | return 0; |
226 | 0 | } |
227 | | |
228 | | /* Find end of response code: first whitespace after start of code */ |
229 | 0 | for (q = p; *q && !ossl_isspace(*q); q++) |
230 | 0 | continue; |
231 | |
|
232 | 0 | if (!*q) { |
233 | 0 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_PARSE_ERROR); |
234 | 0 | return 0; |
235 | 0 | } |
236 | | |
237 | | /* Set end of response code and start of message */ |
238 | 0 | *q++ = 0; |
239 | | |
240 | | /* Attempt to parse numeric code */ |
241 | 0 | retcode = strtoul(p, &r, 10); |
242 | |
|
243 | 0 | if (*r) |
244 | 0 | return 0; |
245 | | |
246 | | /* Skip over any leading white space in message */ |
247 | 0 | while (*q && ossl_isspace(*q)) |
248 | 0 | q++; |
249 | |
|
250 | 0 | if (*q) { |
251 | | /* |
252 | | * Finally zap any trailing white space in message (include CRLF) |
253 | | */ |
254 | | |
255 | | /* We know q has a non white space character so this is OK */ |
256 | 0 | for (r = q + strlen(q) - 1; ossl_isspace(*r); r--) |
257 | 0 | *r = 0; |
258 | 0 | } |
259 | 0 | if (retcode != 200) { |
260 | 0 | OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR); |
261 | 0 | if (!*q) |
262 | 0 | ERR_add_error_data(2, "Code=", p); |
263 | 0 | else |
264 | 0 | ERR_add_error_data(4, "Code=", p, ",Reason=", q); |
265 | 0 | return 0; |
266 | 0 | } |
267 | | |
268 | 0 | return 1; |
269 | |
|
270 | 0 | } |
271 | | |
272 | | int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) |
273 | 0 | { |
274 | 0 | int i, n; |
275 | 0 | const unsigned char *p; |
276 | 0 | next_io: |
277 | 0 | if (!(rctx->state & OHS_NOREAD)) { |
278 | 0 | n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); |
279 | |
|
280 | 0 | if (n <= 0) { |
281 | 0 | if (BIO_should_retry(rctx->io)) |
282 | 0 | return -1; |
283 | 0 | return 0; |
284 | 0 | } |
285 | | |
286 | | /* Write data to memory BIO */ |
287 | | |
288 | 0 | if (BIO_write(rctx->mem, rctx->iobuf, n) != n) |
289 | 0 | return 0; |
290 | 0 | } |
291 | | |
292 | 0 | switch (rctx->state) { |
293 | 0 | case OHS_HTTP_HEADER: |
294 | | /* Last operation was adding headers: need a final \r\n */ |
295 | 0 | if (BIO_write(rctx->mem, "\r\n", 2) != 2) { |
296 | 0 | rctx->state = OHS_ERROR; |
297 | 0 | return 0; |
298 | 0 | } |
299 | 0 | rctx->state = OHS_ASN1_WRITE_INIT; |
300 | | |
301 | | /* fall thru */ |
302 | 0 | case OHS_ASN1_WRITE_INIT: |
303 | 0 | rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); |
304 | 0 | rctx->state = OHS_ASN1_WRITE; |
305 | | |
306 | | /* fall thru */ |
307 | 0 | case OHS_ASN1_WRITE: |
308 | 0 | n = BIO_get_mem_data(rctx->mem, &p); |
309 | |
|
310 | 0 | i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len); |
311 | |
|
312 | 0 | if (i <= 0) { |
313 | 0 | if (BIO_should_retry(rctx->io)) |
314 | 0 | return -1; |
315 | 0 | rctx->state = OHS_ERROR; |
316 | 0 | return 0; |
317 | 0 | } |
318 | | |
319 | 0 | rctx->asn1_len -= i; |
320 | |
|
321 | 0 | if (rctx->asn1_len > 0) |
322 | 0 | goto next_io; |
323 | | |
324 | 0 | rctx->state = OHS_ASN1_FLUSH; |
325 | |
|
326 | 0 | (void)BIO_reset(rctx->mem); |
327 | | |
328 | | /* fall thru */ |
329 | 0 | case OHS_ASN1_FLUSH: |
330 | |
|
331 | 0 | i = BIO_flush(rctx->io); |
332 | |
|
333 | 0 | if (i > 0) { |
334 | 0 | rctx->state = OHS_FIRSTLINE; |
335 | 0 | goto next_io; |
336 | 0 | } |
337 | | |
338 | 0 | if (BIO_should_retry(rctx->io)) |
339 | 0 | return -1; |
340 | | |
341 | 0 | rctx->state = OHS_ERROR; |
342 | 0 | return 0; |
343 | | |
344 | 0 | case OHS_ERROR: |
345 | 0 | return 0; |
346 | | |
347 | 0 | case OHS_FIRSTLINE: |
348 | 0 | case OHS_HEADERS: |
349 | | |
350 | | /* Attempt to read a line in */ |
351 | |
|
352 | 0 | next_line: |
353 | | /* |
354 | | * Due to &%^*$" memory BIO behaviour with BIO_gets we have to check |
355 | | * there's a complete line in there before calling BIO_gets or we'll |
356 | | * just get a partial read. |
357 | | */ |
358 | 0 | n = BIO_get_mem_data(rctx->mem, &p); |
359 | 0 | if ((n <= 0) || !memchr(p, '\n', n)) { |
360 | 0 | if (n >= rctx->iobuflen) { |
361 | 0 | rctx->state = OHS_ERROR; |
362 | 0 | return 0; |
363 | 0 | } |
364 | 0 | goto next_io; |
365 | 0 | } |
366 | 0 | n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); |
367 | |
|
368 | 0 | if (n <= 0) { |
369 | 0 | if (BIO_should_retry(rctx->mem)) |
370 | 0 | goto next_io; |
371 | 0 | rctx->state = OHS_ERROR; |
372 | 0 | return 0; |
373 | 0 | } |
374 | | |
375 | | /* Don't allow excessive lines */ |
376 | 0 | if (n == rctx->iobuflen) { |
377 | 0 | rctx->state = OHS_ERROR; |
378 | 0 | return 0; |
379 | 0 | } |
380 | | |
381 | | /* First line */ |
382 | 0 | if (rctx->state == OHS_FIRSTLINE) { |
383 | 0 | if (parse_http_line1((char *)rctx->iobuf)) { |
384 | 0 | rctx->state = OHS_HEADERS; |
385 | 0 | goto next_line; |
386 | 0 | } else { |
387 | 0 | rctx->state = OHS_ERROR; |
388 | 0 | return 0; |
389 | 0 | } |
390 | 0 | } else { |
391 | | /* Look for blank line: end of headers */ |
392 | 0 | for (p = rctx->iobuf; *p; p++) { |
393 | 0 | if ((*p != '\r') && (*p != '\n')) |
394 | 0 | break; |
395 | 0 | } |
396 | 0 | if (*p) |
397 | 0 | goto next_line; |
398 | | |
399 | 0 | rctx->state = OHS_ASN1_HEADER; |
400 | |
|
401 | 0 | } |
402 | | |
403 | | /* Fall thru */ |
404 | | |
405 | 0 | case OHS_ASN1_HEADER: |
406 | | /* |
407 | | * Now reading ASN1 header: can read at least 2 bytes which is enough |
408 | | * for ASN1 SEQUENCE header and either length field or at least the |
409 | | * length of the length field. |
410 | | */ |
411 | 0 | n = BIO_get_mem_data(rctx->mem, &p); |
412 | 0 | if (n < 2) |
413 | 0 | goto next_io; |
414 | | |
415 | | /* Check it is an ASN1 SEQUENCE */ |
416 | 0 | if (*p++ != (V_ASN1_SEQUENCE | V_ASN1_CONSTRUCTED)) { |
417 | 0 | rctx->state = OHS_ERROR; |
418 | 0 | return 0; |
419 | 0 | } |
420 | | |
421 | | /* Check out length field */ |
422 | 0 | if (*p & 0x80) { |
423 | | /* |
424 | | * If MSB set on initial length octet we can now always read 6 |
425 | | * octets: make sure we have them. |
426 | | */ |
427 | 0 | if (n < 6) |
428 | 0 | goto next_io; |
429 | 0 | n = *p & 0x7F; |
430 | | /* Not NDEF or excessive length */ |
431 | 0 | if (!n || (n > 4)) { |
432 | 0 | rctx->state = OHS_ERROR; |
433 | 0 | return 0; |
434 | 0 | } |
435 | 0 | p++; |
436 | 0 | rctx->asn1_len = 0; |
437 | 0 | for (i = 0; i < n; i++) { |
438 | 0 | rctx->asn1_len <<= 8; |
439 | 0 | rctx->asn1_len |= *p++; |
440 | 0 | } |
441 | |
|
442 | 0 | if (rctx->asn1_len > rctx->max_resp_len) { |
443 | 0 | rctx->state = OHS_ERROR; |
444 | 0 | return 0; |
445 | 0 | } |
446 | | |
447 | 0 | rctx->asn1_len += n + 2; |
448 | 0 | } else |
449 | 0 | rctx->asn1_len = *p + 2; |
450 | | |
451 | 0 | rctx->state = OHS_ASN1_CONTENT; |
452 | | |
453 | | /* Fall thru */ |
454 | |
|
455 | 0 | case OHS_ASN1_CONTENT: |
456 | 0 | n = BIO_get_mem_data(rctx->mem, NULL); |
457 | 0 | if (n < (int)rctx->asn1_len) |
458 | 0 | goto next_io; |
459 | | |
460 | 0 | rctx->state = OHS_DONE; |
461 | 0 | return 1; |
462 | | |
463 | 0 | case OHS_DONE: |
464 | 0 | return 1; |
465 | |
|
466 | 0 | } |
467 | | |
468 | 0 | return 0; |
469 | |
|
470 | 0 | } |
471 | | |
472 | | int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) |
473 | 0 | { |
474 | 0 | return OCSP_REQ_CTX_nbio_d2i(rctx, |
475 | 0 | (ASN1_VALUE **)presp, |
476 | 0 | ASN1_ITEM_rptr(OCSP_RESPONSE)); |
477 | 0 | } |
478 | | |
479 | | /* Blocking OCSP request handler: now a special case of non-blocking I/O */ |
480 | | |
481 | | OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req) |
482 | 0 | { |
483 | 0 | OCSP_RESPONSE *resp = NULL; |
484 | 0 | OCSP_REQ_CTX *ctx; |
485 | 0 | int rv; |
486 | |
|
487 | 0 | ctx = OCSP_sendreq_new(b, path, req, -1); |
488 | |
|
489 | 0 | if (ctx == NULL) |
490 | 0 | return NULL; |
491 | | |
492 | 0 | do { |
493 | 0 | rv = OCSP_sendreq_nbio(&resp, ctx); |
494 | 0 | } while ((rv == -1) && BIO_should_retry(b)); |
495 | |
|
496 | 0 | OCSP_REQ_CTX_free(ctx); |
497 | |
|
498 | 0 | if (rv) |
499 | 0 | return resp; |
500 | | |
501 | 0 | return NULL; |
502 | 0 | } |