/src/openssl/crypto/ocsp/v3_ocsp.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include <openssl/conf.h> |
13 | | #include <openssl/asn1.h> |
14 | | #include <openssl/ocsp.h> |
15 | | #include "ocsp_local.h" |
16 | | #include <openssl/x509v3.h> |
17 | | #include "../x509/ext_dat.h" |
18 | | |
19 | | /* |
20 | | * OCSP extensions and a couple of CRL entry extensions |
21 | | */ |
22 | | |
23 | | static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, |
24 | | BIO *out, int indent); |
25 | | static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, |
26 | | BIO *out, int indent); |
27 | | |
28 | | static void *ocsp_nonce_new(void); |
29 | | static int i2d_ocsp_nonce(const void *a, unsigned char **pp); |
30 | | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); |
31 | | static void ocsp_nonce_free(void *a); |
32 | | static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, |
33 | | BIO *out, int indent); |
34 | | |
35 | | static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, |
36 | | void *nocheck, BIO *out, int indent); |
37 | | static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, |
38 | | X509V3_CTX *ctx, const char *str); |
39 | | static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, |
40 | | BIO *bp, int ind); |
41 | | |
42 | | const X509V3_EXT_METHOD ossl_v3_ocsp_crlid = { |
43 | | NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), |
44 | | 0, 0, 0, 0, |
45 | | 0, 0, |
46 | | 0, 0, |
47 | | i2r_ocsp_crlid, 0, |
48 | | NULL |
49 | | }; |
50 | | |
51 | | const X509V3_EXT_METHOD ossl_v3_ocsp_acutoff = { |
52 | | NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), |
53 | | 0, 0, 0, 0, |
54 | | 0, 0, |
55 | | 0, 0, |
56 | | i2r_ocsp_acutoff, 0, |
57 | | NULL |
58 | | }; |
59 | | |
60 | | const X509V3_EXT_METHOD ossl_v3_ocsp_nonce = { |
61 | | NID_id_pkix_OCSP_Nonce, 0, NULL, |
62 | | ocsp_nonce_new, |
63 | | ocsp_nonce_free, |
64 | | d2i_ocsp_nonce, |
65 | | i2d_ocsp_nonce, |
66 | | 0, 0, |
67 | | 0, 0, |
68 | | i2r_ocsp_nonce, 0, |
69 | | NULL |
70 | | }; |
71 | | |
72 | | const X509V3_EXT_METHOD ossl_v3_ocsp_nocheck = { |
73 | | NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), |
74 | | 0, 0, 0, 0, |
75 | | 0, s2i_ocsp_nocheck, |
76 | | 0, 0, |
77 | | i2r_ocsp_nocheck, 0, |
78 | | NULL |
79 | | }; |
80 | | |
81 | | const X509V3_EXT_METHOD ossl_v3_ocsp_serviceloc = { |
82 | | NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), |
83 | | 0, 0, 0, 0, |
84 | | 0, 0, |
85 | | 0, 0, |
86 | | i2r_ocsp_serviceloc, 0, |
87 | | NULL |
88 | | }; |
89 | | |
90 | | static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, |
91 | | int ind) |
92 | 0 | { |
93 | 0 | OCSP_CRLID *a = in; |
94 | 0 | if (a->crlUrl) { |
95 | 0 | if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) |
96 | 0 | goto err; |
97 | 0 | if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) |
98 | 0 | goto err; |
99 | 0 | if (BIO_write(bp, "\n", 1) <= 0) |
100 | 0 | goto err; |
101 | 0 | } |
102 | 0 | if (a->crlNum) { |
103 | 0 | if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) |
104 | 0 | goto err; |
105 | 0 | if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) |
106 | 0 | goto err; |
107 | 0 | if (BIO_write(bp, "\n", 1) <= 0) |
108 | 0 | goto err; |
109 | 0 | } |
110 | 0 | if (a->crlTime) { |
111 | 0 | if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) |
112 | 0 | goto err; |
113 | 0 | if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) |
114 | 0 | goto err; |
115 | 0 | if (BIO_write(bp, "\n", 1) <= 0) |
116 | 0 | goto err; |
117 | 0 | } |
118 | 0 | return 1; |
119 | 0 | err: |
120 | 0 | return 0; |
121 | 0 | } |
122 | | |
123 | | static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, |
124 | | BIO *bp, int ind) |
125 | 0 | { |
126 | 0 | if (BIO_printf(bp, "%*s", ind, "") <= 0) |
127 | 0 | return 0; |
128 | 0 | if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) |
129 | 0 | return 0; |
130 | 0 | return 1; |
131 | 0 | } |
132 | | |
133 | | /* |
134 | | * OCSP nonce. This is needs special treatment because it doesn't have an |
135 | | * ASN1 encoding at all: it just contains arbitrary data. |
136 | | */ |
137 | | |
138 | | static void *ocsp_nonce_new(void) |
139 | 0 | { |
140 | 0 | return ASN1_OCTET_STRING_new(); |
141 | 0 | } |
142 | | |
143 | | static int i2d_ocsp_nonce(const void *a, unsigned char **pp) |
144 | 0 | { |
145 | 0 | const ASN1_OCTET_STRING *os = a; |
146 | 0 | if (pp) { |
147 | 0 | memcpy(*pp, os->data, os->length); |
148 | 0 | *pp += os->length; |
149 | 0 | } |
150 | 0 | return os->length; |
151 | 0 | } |
152 | | |
153 | | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) |
154 | 0 | { |
155 | 0 | ASN1_OCTET_STRING *os, **pos; |
156 | 0 | pos = a; |
157 | 0 | if (pos == NULL || *pos == NULL) { |
158 | 0 | os = ASN1_OCTET_STRING_new(); |
159 | 0 | if (os == NULL) |
160 | 0 | goto err; |
161 | 0 | } else { |
162 | 0 | os = *pos; |
163 | 0 | } |
164 | 0 | if (!ASN1_OCTET_STRING_set(os, *pp, length)) |
165 | 0 | goto err; |
166 | | |
167 | 0 | *pp += length; |
168 | |
|
169 | 0 | if (pos) |
170 | 0 | *pos = os; |
171 | 0 | return os; |
172 | | |
173 | 0 | err: |
174 | 0 | if ((pos == NULL) || (*pos != os)) |
175 | 0 | ASN1_OCTET_STRING_free(os); |
176 | 0 | ERR_raise(ERR_LIB_OCSP, ERR_R_ASN1_LIB); |
177 | 0 | return NULL; |
178 | 0 | } |
179 | | |
180 | | static void ocsp_nonce_free(void *a) |
181 | 0 | { |
182 | 0 | ASN1_OCTET_STRING_free(a); |
183 | 0 | } |
184 | | |
185 | | static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, |
186 | | BIO *out, int indent) |
187 | 0 | { |
188 | 0 | if (BIO_printf(out, "%*s", indent, "") <= 0) |
189 | 0 | return 0; |
190 | 0 | if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) |
191 | 0 | return 0; |
192 | 0 | return 1; |
193 | 0 | } |
194 | | |
195 | | /* Nocheck is just a single NULL. Don't print anything and always set it */ |
196 | | |
197 | | static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, |
198 | | BIO *out, int indent) |
199 | 0 | { |
200 | 0 | return 1; |
201 | 0 | } |
202 | | |
203 | | static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, |
204 | | X509V3_CTX *ctx, const char *str) |
205 | 0 | { |
206 | 0 | return ASN1_NULL_new(); |
207 | 0 | } |
208 | | |
209 | | static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, |
210 | | BIO *bp, int ind) |
211 | 0 | { |
212 | 0 | int i; |
213 | 0 | OCSP_SERVICELOC *a = in; |
214 | 0 | ACCESS_DESCRIPTION *ad; |
215 | |
|
216 | 0 | if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) |
217 | 0 | goto err; |
218 | 0 | if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) |
219 | 0 | goto err; |
220 | 0 | for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { |
221 | 0 | ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); |
222 | 0 | if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) |
223 | 0 | goto err; |
224 | 0 | if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) |
225 | 0 | goto err; |
226 | 0 | if (BIO_puts(bp, " - ") <= 0) |
227 | 0 | goto err; |
228 | 0 | if (GENERAL_NAME_print(bp, ad->location) <= 0) |
229 | 0 | goto err; |
230 | 0 | } |
231 | 0 | return 1; |
232 | 0 | err: |
233 | 0 | return 0; |
234 | 0 | } |