/src/openssl/crypto/ocsp/v3_ocsp.c

Source (jump to first uncovered line)
/*
 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

# include <stdio.h>
# include "internal/cryptlib.h"
# include <openssl/conf.h>
# include <openssl/asn1.h>
# include <openssl/ocsp.h>
# include "ocsp_lcl.h"
# include <openssl/x509v3.h>
# include "../x509v3/ext_dat.h"

/*
 * OCSP extensions and a couple of CRL entry extensions
 */

static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
                          BIO *out, int indent);
static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
                            BIO *out, int indent);
static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
                      int indent);

static void *ocsp_nonce_new(void);
static int i2d_ocsp_nonce(void *a, unsigned char **pp);
static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
static void ocsp_nonce_free(void *a);
static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
                          BIO *out, int indent);

static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
                            void *nocheck, BIO *out, int indent);
static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
                              X509V3_CTX *ctx, const char *str);
static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
                               BIO *bp, int ind);

const X509V3_EXT_METHOD v3_ocsp_crlid = {
    NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
    0, 0, 0, 0,
    0, 0,
    0, 0,
    i2r_ocsp_crlid, 0,
    NULL
};

const X509V3_EXT_METHOD v3_ocsp_acutoff = {
    NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
    0, 0, 0, 0,
    0, 0,
    0, 0,
    i2r_ocsp_acutoff, 0,
    NULL
};

const X509V3_EXT_METHOD v3_crl_invdate = {
    NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
    0, 0, 0, 0,
    0, 0,
    0, 0,
    i2r_ocsp_acutoff, 0,
    NULL
};

const X509V3_EXT_METHOD v3_crl_hold = {
    NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
    0, 0, 0, 0,
    0, 0,
    0, 0,
    i2r_object, 0,
    NULL
};

const X509V3_EXT_METHOD v3_ocsp_nonce = {
    NID_id_pkix_OCSP_Nonce, 0, NULL,
    ocsp_nonce_new,
    ocsp_nonce_free,
    d2i_ocsp_nonce,
    i2d_ocsp_nonce,
    0, 0,
    0, 0,
    i2r_ocsp_nonce, 0,
    NULL
};

const X509V3_EXT_METHOD v3_ocsp_nocheck = {
    NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
    0, 0, 0, 0,
    0, s2i_ocsp_nocheck,
    0, 0,
    i2r_ocsp_nocheck, 0,
    NULL
};

const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
    NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
    0, 0, 0, 0,
    0, 0,
    0, 0,
    i2r_ocsp_serviceloc, 0,
    NULL
};

static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
                          int ind)
{
    OCSP_CRLID *a = in;
    if (a->crlUrl) {
        if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
            goto err;
        if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
            goto err;
        if (BIO_write(bp, "\n", 1) <= 0)
            goto err;
    }
    if (a->crlNum) {
        if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
            goto err;
        if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
            goto err;
        if (BIO_write(bp, "\n", 1) <= 0)
            goto err;
    }
    if (a->crlTime) {
        if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
            goto err;
        if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
            goto err;
        if (BIO_write(bp, "\n", 1) <= 0)
            goto err;
    }
    return 1;
 err:
    return 0;
}

static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
                            BIO *bp, int ind)
{
    if (BIO_printf(bp, "%*s", ind, "") <= 0)
        return 0;
    if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
        return 0;
    return 1;
}

static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
                      int ind)
{
    if (BIO_printf(bp, "%*s", ind, "") <= 0)
        return 0;
    if (i2a_ASN1_OBJECT(bp, oid) <= 0)
        return 0;
    return 1;
}

/*
 * OCSP nonce. This is needs special treatment because it doesn't have an
 * ASN1 encoding at all: it just contains arbitrary data.
 */

static void *ocsp_nonce_new(void)
{
    return ASN1_OCTET_STRING_new();
}

static int i2d_ocsp_nonce(void *a, unsigned char **pp)
{
    ASN1_OCTET_STRING *os = a;
    if (pp) {
        memcpy(*pp, os->data, os->length);
        *pp += os->length;
    }
    return os->length;
}

static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
{
    ASN1_OCTET_STRING *os, **pos;
    pos = a;
    if (pos == NULL || *pos == NULL) {
        os = ASN1_OCTET_STRING_new();
        if (os == NULL)
            goto err;
    } else {
        os = *pos;
    }
    if (!ASN1_OCTET_STRING_set(os, *pp, length))
        goto err;

    *pp += length;

    if (pos)
        *pos = os;
    return os;

 err:
    if ((pos == NULL) || (*pos != os))
        ASN1_OCTET_STRING_free(os);
    OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
    return NULL;
}

static void ocsp_nonce_free(void *a)
{
    ASN1_OCTET_STRING_free(a);
}

static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
                          BIO *out, int indent)
{
    if (BIO_printf(out, "%*s", indent, "") <= 0)
        return 0;
    if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
        return 0;
    return 1;
}

/* Nocheck is just a single NULL. Don't print anything and always set it */

static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
                            BIO *out, int indent)
{
    return 1;
}

static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
                              X509V3_CTX *ctx, const char *str)
{
    return ASN1_NULL_new();
}

static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
                               BIO *bp, int ind)
{
    int i;
    OCSP_SERVICELOC *a = in;
    ACCESS_DESCRIPTION *ad;

    if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
        goto err;
    if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
        goto err;
    for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
        ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
        if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
            goto err;
        if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
            goto err;
        if (BIO_puts(bp, " - ") <= 0)
            goto err;
        if (GENERAL_NAME_print(bp, ad->location) <= 0)
            goto err;
    }
    return 1;
 err:
    return 0;
}

Coverage Report

Created: 2018-08-29 13:53

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the OpenSSL license (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		# include <stdio.h>
11		# include "internal/cryptlib.h"
12		# include <openssl/conf.h>
13		# include <openssl/asn1.h>
14		# include <openssl/ocsp.h>
15		# include "ocsp_lcl.h"
16		# include <openssl/x509v3.h>
17		# include "../x509v3/ext_dat.h"
18
19		/*
20		* OCSP extensions and a couple of CRL entry extensions
21		*/
22
23		static int i2r_ocsp_crlid(const X509V3_EXT_METHOD method, void nonce,
24		BIO *out, int indent);
25		static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD method, void nonce,
26		BIO *out, int indent);
27		static int i2r_object(const X509V3_EXT_METHOD method, void obj, BIO *out,
28		int indent);
29
30		static void *ocsp_nonce_new(void);
31		static int i2d_ocsp_nonce(void a, unsigned char *pp);
32		static void d2i_ocsp_nonce(void a, const unsigned char **pp, long length);
33		static void ocsp_nonce_free(void *a);
34		static int i2r_ocsp_nonce(const X509V3_EXT_METHOD method, void nonce,
35		BIO *out, int indent);
36
37		static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
38		void nocheck, BIO out, int indent);
39		static void s2i_ocsp_nocheck(const X509V3_EXT_METHOD method,
40		X509V3_CTX ctx, const char str);
41		static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD method, void in,
42		BIO *bp, int ind);
43
44		const X509V3_EXT_METHOD v3_ocsp_crlid = {
45		NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
46		0, 0, 0, 0,
47		0, 0,
48		0, 0,
49		i2r_ocsp_crlid, 0,
50		NULL
51		};
52
53		const X509V3_EXT_METHOD v3_ocsp_acutoff = {
54		NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
55		0, 0, 0, 0,
56		0, 0,
57		0, 0,
58		i2r_ocsp_acutoff, 0,
59		NULL
60		};
61
62		const X509V3_EXT_METHOD v3_crl_invdate = {
63		NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
64		0, 0, 0, 0,
65		0, 0,
66		0, 0,
67		i2r_ocsp_acutoff, 0,
68		NULL
69		};
70
71		const X509V3_EXT_METHOD v3_crl_hold = {
72		NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
73		0, 0, 0, 0,
74		0, 0,
75		0, 0,
76		i2r_object, 0,
77		NULL
78		};
79
80		const X509V3_EXT_METHOD v3_ocsp_nonce = {
81		NID_id_pkix_OCSP_Nonce, 0, NULL,
82		ocsp_nonce_new,
83		ocsp_nonce_free,
84		d2i_ocsp_nonce,
85		i2d_ocsp_nonce,
86		0, 0,
87		0, 0,
88		i2r_ocsp_nonce, 0,
89		NULL
90		};
91
92		const X509V3_EXT_METHOD v3_ocsp_nocheck = {
93		NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
94		0, 0, 0, 0,
95		0, s2i_ocsp_nocheck,
96		0, 0,
97		i2r_ocsp_nocheck, 0,
98		NULL
99		};
100
101		const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
102		NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
103		0, 0, 0, 0,
104		0, 0,
105		0, 0,
106		i2r_ocsp_serviceloc, 0,
107		NULL
108		};
109
110		static int i2r_ocsp_crlid(const X509V3_EXT_METHOD method, void in, BIO *bp,
111		int ind)
112	0	{
113	0	OCSP_CRLID *a = in;
114	0	if (a->crlUrl) {
115	0	if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
116	0	goto err;
117	0	if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
118	0	goto err;
119	0	if (BIO_write(bp, "\n", 1) <= 0)
120	0	goto err;
121	0	}
122	0	if (a->crlNum) {
123	0	if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
124	0	goto err;
125	0	if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
126	0	goto err;
127	0	if (BIO_write(bp, "\n", 1) <= 0)
128	0	goto err;
129	0	}
130	0	if (a->crlTime) {
131	0	if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
132	0	goto err;
133	0	if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
134	0	goto err;
135	0	if (BIO_write(bp, "\n", 1) <= 0)
136	0	goto err;
137	0	}
138	0	return 1;
139	0	err:
140	0	return 0;
141	0	}
142
143		static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD method, void cutoff,
144		BIO *bp, int ind)
145	0	{
146	0	if (BIO_printf(bp, "%*s", ind, "") <= 0)
147	0	return 0;
148	0	if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
149	0	return 0;
150	0	return 1;
151	0	}
152
153		static int i2r_object(const X509V3_EXT_METHOD method, void oid, BIO *bp,
154		int ind)
155	0	{
156	0	if (BIO_printf(bp, "%*s", ind, "") <= 0)
157	0	return 0;
158	0	if (i2a_ASN1_OBJECT(bp, oid) <= 0)
159	0	return 0;
160	0	return 1;
161	0	}
162
163		/*
164		* OCSP nonce. This is needs special treatment because it doesn't have an
165		* ASN1 encoding at all: it just contains arbitrary data.
166		*/
167
168		static void *ocsp_nonce_new(void)
169	0	{
170	0	return ASN1_OCTET_STRING_new();
171	0	}
172
173		static int i2d_ocsp_nonce(void a, unsigned char *pp)
174	0	{
175	0	ASN1_OCTET_STRING *os = a;
176	0	if (pp) {
177	0	memcpy(*pp, os->data, os->length);
178	0	*pp += os->length;
179	0	}
180	0	return os->length;
181	0	}
182
183		static void d2i_ocsp_nonce(void a, const unsigned char **pp, long length)
184	0	{
185	0	ASN1_OCTET_STRING os, *pos;
186	0	pos = a;
187	0	if (pos == NULL \|\| *pos == NULL) {
188	0	os = ASN1_OCTET_STRING_new();
189	0	if (os == NULL)
190	0	goto err;
191	0	} else {
192	0	os = *pos;
193	0	}
194	0	if (!ASN1_OCTET_STRING_set(os, *pp, length))
195	0	goto err;
196	0
197	0	*pp += length;
198	0
199	0	if (pos)
200	0	*pos = os;
201	0	return os;
202	0
203	0	err:
204	0	if ((pos == NULL) \|\| (*pos != os))
205	0	ASN1_OCTET_STRING_free(os);
206	0	OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
207	0	return NULL;
208	0	}
209
210		static void ocsp_nonce_free(void *a)
211	0	{
212	0	ASN1_OCTET_STRING_free(a);
213	0	}
214
215		static int i2r_ocsp_nonce(const X509V3_EXT_METHOD method, void nonce,
216		BIO *out, int indent)
217	0	{
218	0	if (BIO_printf(out, "%*s", indent, "") <= 0)
219	0	return 0;
220	0	if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
221	0	return 0;
222	0	return 1;
223	0	}
224
225		/* Nocheck is just a single NULL. Don't print anything and always set it */
226
227		static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD method, void nocheck,
228		BIO *out, int indent)
229	0	{
230	0	return 1;
231	0	}
232
233		static void s2i_ocsp_nocheck(const X509V3_EXT_METHOD method,
234		X509V3_CTX ctx, const char str)
235	0	{
236	0	return ASN1_NULL_new();
237	0	}
238
239		static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD method, void in,
240		BIO *bp, int ind)
241	0	{
242	0	int i;
243	0	OCSP_SERVICELOC *a = in;
244	0	ACCESS_DESCRIPTION *ad;
245	0
246	0	if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
247	0	goto err;
248	0	if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
249	0	goto err;
250	0	for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
251	0	ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
252	0	if (BIO_printf(bp, "\n%s", (2 ind), "") <= 0)
253	0	goto err;
254	0	if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
255	0	goto err;
256	0	if (BIO_puts(bp, " - ") <= 0)
257	0	goto err;
258	0	if (GENERAL_NAME_print(bp, ad->location) <= 0)
259	0	goto err;
260	0	}
261	0	return 1;
262	0	err:
263	0	return 0;
264	0	}