v3_ocsp.c revision 296465
1/* v3_ocsp.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#ifndef OPENSSL_NO_OCSP 61 62# include <stdio.h> 63# include "cryptlib.h" 64# include <openssl/conf.h> 65# include <openssl/asn1.h> 66# include <openssl/ocsp.h> 67# include <openssl/x509v3.h> 68 69/* 70 * OCSP extensions and a couple of CRL entry extensions 71 */ 72 73static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *nonce, BIO *out, 74 int indent); 75static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *nonce, BIO *out, 76 int indent); 77static int i2r_object(X509V3_EXT_METHOD *method, void *obj, BIO *out, 78 int indent); 79 80static void *ocsp_nonce_new(void); 81static int i2d_ocsp_nonce(void *a, unsigned char **pp); 82static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); 83static void ocsp_nonce_free(void *a); 84static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, 85 int indent); 86 87static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, 88 BIO *out, int indent); 89static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 90 const char *str); 91static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, 92 int ind); 93 94const X509V3_EXT_METHOD v3_ocsp_crlid = { 95 NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), 96 0, 0, 0, 0, 97 0, 0, 98 0, 0, 99 i2r_ocsp_crlid, 0, 100 NULL 101}; 102 103const X509V3_EXT_METHOD v3_ocsp_acutoff = { 104 NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), 105 0, 0, 0, 0, 106 0, 0, 107 0, 0, 108 i2r_ocsp_acutoff, 0, 109 NULL 110}; 111 112const X509V3_EXT_METHOD v3_crl_invdate = { 113 NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), 114 0, 0, 0, 0, 115 0, 0, 116 0, 0, 117 i2r_ocsp_acutoff, 0, 118 NULL 119}; 120 121const X509V3_EXT_METHOD v3_crl_hold = { 122 NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), 123 0, 0, 0, 0, 124 0, 0, 125 0, 0, 126 i2r_object, 0, 127 NULL 128}; 129 130const X509V3_EXT_METHOD v3_ocsp_nonce = { 131 NID_id_pkix_OCSP_Nonce, 0, NULL, 132 ocsp_nonce_new, 133 ocsp_nonce_free, 134 d2i_ocsp_nonce, 135 i2d_ocsp_nonce, 136 0, 0, 137 0, 0, 138 i2r_ocsp_nonce, 0, 139 NULL 140}; 141 142const X509V3_EXT_METHOD v3_ocsp_nocheck = { 143 NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), 144 0, 0, 0, 0, 145 0, s2i_ocsp_nocheck, 146 0, 0, 147 i2r_ocsp_nocheck, 0, 148 NULL 149}; 150 151const X509V3_EXT_METHOD v3_ocsp_serviceloc = { 152 NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), 153 0, 0, 0, 0, 154 0, 0, 155 0, 0, 156 i2r_ocsp_serviceloc, 0, 157 NULL 158}; 159 160static int i2r_ocsp_crlid(X509V3_EXT_METHOD *method, void *in, BIO *bp, 161 int ind) 162{ 163 OCSP_CRLID *a = in; 164 if (a->crlUrl) { 165 if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) 166 goto err; 167 if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) 168 goto err; 169 if (BIO_write(bp, "\n", 1) <= 0) 170 goto err; 171 } 172 if (a->crlNum) { 173 if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) 174 goto err; 175 if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) 176 goto err; 177 if (BIO_write(bp, "\n", 1) <= 0) 178 goto err; 179 } 180 if (a->crlTime) { 181 if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) 182 goto err; 183 if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) 184 goto err; 185 if (BIO_write(bp, "\n", 1) <= 0) 186 goto err; 187 } 188 return 1; 189 err: 190 return 0; 191} 192 193static int i2r_ocsp_acutoff(X509V3_EXT_METHOD *method, void *cutoff, BIO *bp, 194 int ind) 195{ 196 if (BIO_printf(bp, "%*s", ind, "") <= 0) 197 return 0; 198 if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) 199 return 0; 200 return 1; 201} 202 203static int i2r_object(X509V3_EXT_METHOD *method, void *oid, BIO *bp, int ind) 204{ 205 if (BIO_printf(bp, "%*s", ind, "") <= 0) 206 return 0; 207 if (i2a_ASN1_OBJECT(bp, oid) <= 0) 208 return 0; 209 return 1; 210} 211 212/* 213 * OCSP nonce. This is needs special treatment because it doesn't have an 214 * ASN1 encoding at all: it just contains arbitrary data. 215 */ 216 217static void *ocsp_nonce_new(void) 218{ 219 return ASN1_OCTET_STRING_new(); 220} 221 222static int i2d_ocsp_nonce(void *a, unsigned char **pp) 223{ 224 ASN1_OCTET_STRING *os = a; 225 if (pp) { 226 memcpy(*pp, os->data, os->length); 227 *pp += os->length; 228 } 229 return os->length; 230} 231 232static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) 233{ 234 ASN1_OCTET_STRING *os, **pos; 235 pos = a; 236 if (!pos || !*pos) 237 os = ASN1_OCTET_STRING_new(); 238 else 239 os = *pos; 240 if (!ASN1_OCTET_STRING_set(os, *pp, length)) 241 goto err; 242 243 *pp += length; 244 245 if (pos) 246 *pos = os; 247 return os; 248 249 err: 250 if (os && (!pos || (*pos != os))) 251 M_ASN1_OCTET_STRING_free(os); 252 OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); 253 return NULL; 254} 255 256static void ocsp_nonce_free(void *a) 257{ 258 M_ASN1_OCTET_STRING_free(a); 259} 260 261static int i2r_ocsp_nonce(X509V3_EXT_METHOD *method, void *nonce, BIO *out, 262 int indent) 263{ 264 if (BIO_printf(out, "%*s", indent, "") <= 0) 265 return 0; 266 if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) 267 return 0; 268 return 1; 269} 270 271/* Nocheck is just a single NULL. Don't print anything and always set it */ 272 273static int i2r_ocsp_nocheck(X509V3_EXT_METHOD *method, void *nocheck, 274 BIO *out, int indent) 275{ 276 return 1; 277} 278 279static void *s2i_ocsp_nocheck(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 280 const char *str) 281{ 282 return ASN1_NULL_new(); 283} 284 285static int i2r_ocsp_serviceloc(X509V3_EXT_METHOD *method, void *in, BIO *bp, 286 int ind) 287{ 288 int i; 289 OCSP_SERVICELOC *a = in; 290 ACCESS_DESCRIPTION *ad; 291 292 if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) 293 goto err; 294 if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) 295 goto err; 296 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { 297 ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); 298 if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) 299 goto err; 300 if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) 301 goto err; 302 if (BIO_puts(bp, " - ") <= 0) 303 goto err; 304 if (GENERAL_NAME_print(bp, ad->location) <= 0) 305 goto err; 306 } 307 return 1; 308 err: 309 return 0; 310} 311#endif 312