]>
Commit | Line | Data |
---|---|---|
0f113f3e | 1 | /* |
b1322259 | 2 | * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. |
2fc0d1f1 | 3 | * |
0c496700 | 4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
b1322259 RS |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
2fc0d1f1 DSH |
8 | */ |
9 | ||
0f113f3e | 10 | # include <stdio.h> |
b39fc560 | 11 | # include "internal/cryptlib.h" |
0f113f3e MC |
12 | # include <openssl/conf.h> |
13 | # include <openssl/asn1.h> | |
14 | # include <openssl/ocsp.h> | |
706457b7 | 15 | # include "ocsp_local.h" |
0f113f3e | 16 | # include <openssl/x509v3.h> |
878dc8dd | 17 | # include "../x509/ext_dat.h" |
2fc0d1f1 | 18 | |
0f113f3e MC |
19 | /* |
20 | * OCSP extensions and a couple of CRL entry extensions | |
2fc0d1f1 DSH |
21 | */ |
22 | ||
babb3798 | 23 | static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, |
0f113f3e | 24 | BIO *out, int indent); |
babb3798 | 25 | static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, |
0f113f3e | 26 | BIO *out, int indent); |
babb3798 | 27 | static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, |
0f113f3e | 28 | int indent); |
c08523d8 | 29 | |
2fc0d1f1 | 30 | static void *ocsp_nonce_new(void); |
9fdcc21f | 31 | static int i2d_ocsp_nonce(const void *a, unsigned char **pp); |
875a644a | 32 | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); |
2fc0d1f1 | 33 | static void ocsp_nonce_free(void *a); |
babb3798 | 34 | static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, |
0f113f3e | 35 | BIO *out, int indent); |
2fc0d1f1 | 36 | |
babb3798 | 37 | static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, |
0f113f3e MC |
38 | void *nocheck, BIO *out, int indent); |
39 | static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, | |
40 | X509V3_CTX *ctx, const char *str); | |
babb3798 | 41 | static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, |
0f113f3e | 42 | BIO *bp, int ind); |
f1a6a0d4 | 43 | |
560b79cb | 44 | const X509V3_EXT_METHOD v3_ocsp_crlid = { |
0f113f3e MC |
45 | NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), |
46 | 0, 0, 0, 0, | |
47 | 0, 0, | |
48 | 0, 0, | |
49 | i2r_ocsp_crlid, 0, | |
50 | NULL | |
c08523d8 DSH |
51 | }; |
52 | ||
560b79cb | 53 | const X509V3_EXT_METHOD v3_ocsp_acutoff = { |
0f113f3e MC |
54 | NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), |
55 | 0, 0, 0, 0, | |
56 | 0, 0, | |
57 | 0, 0, | |
58 | i2r_ocsp_acutoff, 0, | |
59 | NULL | |
c08523d8 DSH |
60 | }; |
61 | ||
560b79cb | 62 | const X509V3_EXT_METHOD v3_crl_invdate = { |
0f113f3e MC |
63 | NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), |
64 | 0, 0, 0, 0, | |
65 | 0, 0, | |
66 | 0, 0, | |
67 | i2r_ocsp_acutoff, 0, | |
68 | NULL | |
a6b7ffdd DSH |
69 | }; |
70 | ||
560b79cb | 71 | const X509V3_EXT_METHOD v3_crl_hold = { |
0f113f3e MC |
72 | NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), |
73 | 0, 0, 0, 0, | |
74 | 0, 0, | |
75 | 0, 0, | |
76 | i2r_object, 0, | |
77 | NULL | |
a6b7ffdd DSH |
78 | }; |
79 | ||
560b79cb | 80 | const X509V3_EXT_METHOD v3_ocsp_nonce = { |
0f113f3e MC |
81 | NID_id_pkix_OCSP_Nonce, 0, NULL, |
82 | ocsp_nonce_new, | |
83 | ocsp_nonce_free, | |
84 | d2i_ocsp_nonce, | |
85 | i2d_ocsp_nonce, | |
86 | 0, 0, | |
87 | 0, 0, | |
88 | i2r_ocsp_nonce, 0, | |
89 | NULL | |
2fc0d1f1 DSH |
90 | }; |
91 | ||
560b79cb | 92 | const X509V3_EXT_METHOD v3_ocsp_nocheck = { |
0f113f3e MC |
93 | NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), |
94 | 0, 0, 0, 0, | |
95 | 0, s2i_ocsp_nocheck, | |
96 | 0, 0, | |
97 | i2r_ocsp_nocheck, 0, | |
98 | NULL | |
f1a6a0d4 DSH |
99 | }; |
100 | ||
560b79cb | 101 | const X509V3_EXT_METHOD v3_ocsp_serviceloc = { |
0f113f3e MC |
102 | NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), |
103 | 0, 0, 0, 0, | |
104 | 0, 0, | |
105 | 0, 0, | |
106 | i2r_ocsp_serviceloc, 0, | |
107 | NULL | |
6546fdfa DSH |
108 | }; |
109 | ||
babb3798 | 110 | static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, |
0f113f3e | 111 | int ind) |
c08523d8 | 112 | { |
0f113f3e MC |
113 | OCSP_CRLID *a = in; |
114 | if (a->crlUrl) { | |
115 | if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) | |
116 | goto err; | |
117 | if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) | |
118 | goto err; | |
119 | if (BIO_write(bp, "\n", 1) <= 0) | |
120 | goto err; | |
121 | } | |
122 | if (a->crlNum) { | |
123 | if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) | |
124 | goto err; | |
125 | if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) | |
126 | goto err; | |
127 | if (BIO_write(bp, "\n", 1) <= 0) | |
128 | goto err; | |
129 | } | |
130 | if (a->crlTime) { | |
131 | if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) | |
132 | goto err; | |
133 | if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) | |
134 | goto err; | |
135 | if (BIO_write(bp, "\n", 1) <= 0) | |
136 | goto err; | |
137 | } | |
138 | return 1; | |
139 | err: | |
140 | return 0; | |
c08523d8 DSH |
141 | } |
142 | ||
babb3798 | 143 | static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, |
0f113f3e | 144 | BIO *bp, int ind) |
c08523d8 | 145 | { |
0f113f3e MC |
146 | if (BIO_printf(bp, "%*s", ind, "") <= 0) |
147 | return 0; | |
148 | if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) | |
149 | return 0; | |
150 | return 1; | |
c08523d8 DSH |
151 | } |
152 | ||
babb3798 | 153 | static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, |
0f113f3e | 154 | int ind) |
a6b7ffdd | 155 | { |
0f113f3e MC |
156 | if (BIO_printf(bp, "%*s", ind, "") <= 0) |
157 | return 0; | |
158 | if (i2a_ASN1_OBJECT(bp, oid) <= 0) | |
159 | return 0; | |
160 | return 1; | |
a6b7ffdd DSH |
161 | } |
162 | ||
0f113f3e MC |
163 | /* |
164 | * OCSP nonce. This is needs special treatment because it doesn't have an | |
165 | * ASN1 encoding at all: it just contains arbitrary data. | |
c08523d8 DSH |
166 | */ |
167 | ||
2fc0d1f1 DSH |
168 | static void *ocsp_nonce_new(void) |
169 | { | |
0f113f3e | 170 | return ASN1_OCTET_STRING_new(); |
2fc0d1f1 DSH |
171 | } |
172 | ||
9fdcc21f | 173 | static int i2d_ocsp_nonce(const void *a, unsigned char **pp) |
2fc0d1f1 | 174 | { |
9fdcc21f | 175 | const ASN1_OCTET_STRING *os = a; |
0f113f3e MC |
176 | if (pp) { |
177 | memcpy(*pp, os->data, os->length); | |
178 | *pp += os->length; | |
179 | } | |
180 | return os->length; | |
2fc0d1f1 DSH |
181 | } |
182 | ||
875a644a | 183 | static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) |
2fc0d1f1 | 184 | { |
0f113f3e MC |
185 | ASN1_OCTET_STRING *os, **pos; |
186 | pos = a; | |
90945fa3 | 187 | if (pos == NULL || *pos == NULL) { |
0f113f3e | 188 | os = ASN1_OCTET_STRING_new(); |
90945fa3 MC |
189 | if (os == NULL) |
190 | goto err; | |
191 | } else { | |
0f113f3e | 192 | os = *pos; |
90945fa3 | 193 | } |
0f113f3e MC |
194 | if (!ASN1_OCTET_STRING_set(os, *pp, length)) |
195 | goto err; | |
2fc0d1f1 | 196 | |
0f113f3e | 197 | *pp += length; |
2fc0d1f1 | 198 | |
0f113f3e MC |
199 | if (pos) |
200 | *pos = os; | |
201 | return os; | |
2fc0d1f1 | 202 | |
0f113f3e | 203 | err: |
0dfb9398 | 204 | if ((pos == NULL) || (*pos != os)) |
f422a514 | 205 | ASN1_OCTET_STRING_free(os); |
0f113f3e MC |
206 | OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); |
207 | return NULL; | |
2fc0d1f1 DSH |
208 | } |
209 | ||
210 | static void ocsp_nonce_free(void *a) | |
211 | { | |
f422a514 | 212 | ASN1_OCTET_STRING_free(a); |
2fc0d1f1 DSH |
213 | } |
214 | ||
babb3798 | 215 | static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, |
0f113f3e | 216 | BIO *out, int indent) |
2fc0d1f1 | 217 | { |
0f113f3e MC |
218 | if (BIO_printf(out, "%*s", indent, "") <= 0) |
219 | return 0; | |
220 | if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) | |
221 | return 0; | |
222 | return 1; | |
2fc0d1f1 | 223 | } |
c08523d8 | 224 | |
f1a6a0d4 | 225 | /* Nocheck is just a single NULL. Don't print anything and always set it */ |
c08523d8 | 226 | |
babb3798 | 227 | static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, |
0f113f3e | 228 | BIO *out, int indent) |
f1a6a0d4 | 229 | { |
0f113f3e | 230 | return 1; |
f1a6a0d4 DSH |
231 | } |
232 | ||
0f113f3e MC |
233 | static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, |
234 | X509V3_CTX *ctx, const char *str) | |
f1a6a0d4 | 235 | { |
0f113f3e | 236 | return ASN1_NULL_new(); |
f1a6a0d4 | 237 | } |
6546fdfa | 238 | |
babb3798 | 239 | static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, |
0f113f3e MC |
240 | BIO *bp, int ind) |
241 | { | |
242 | int i; | |
243 | OCSP_SERVICELOC *a = in; | |
244 | ACCESS_DESCRIPTION *ad; | |
6546fdfa | 245 | |
0f113f3e MC |
246 | if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) |
247 | goto err; | |
248 | if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) | |
249 | goto err; | |
250 | for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { | |
251 | ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); | |
252 | if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) | |
253 | goto err; | |
254 | if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) | |
255 | goto err; | |
256 | if (BIO_puts(bp, " - ") <= 0) | |
257 | goto err; | |
258 | if (GENERAL_NAME_print(bp, ad->location) <= 0) | |
259 | goto err; | |
260 | } | |
261 | return 1; | |
262 | err: | |
263 | return 0; | |
264 | } |