v3_ocsp.c revision 296341
1/* v3_ocsp.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 1999. 5 */ 6/* ==================================================================== 7 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#ifndef OPENSSL_NO_OCSP 61 62# include <stdio.h> 63# include "cryptlib.h" 64# include <openssl/conf.h> 65# include <openssl/asn1.h> 66# include <openssl/ocsp.h> 67# include <openssl/x509v3.h> 68 69/* 70 * OCSP extensions and a couple of CRL entry extensions 71 */ 72 73static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce, 74 BIO *out, int indent); 75static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce, 76 BIO *out, int indent); 77static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out, 78 int indent); 79 80static void *ocsp_nonce_new(void); 81static int i2d_ocsp_nonce(void *a, unsigned char **pp); 82static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length); 83static void ocsp_nonce_free(void *a); 84static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, 85 BIO *out, int indent); 86 87static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, 88 void *nocheck, BIO *out, int indent); 89static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, 90 X509V3_CTX *ctx, const char *str); 91static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, 92 BIO *bp, int ind); 93 94const X509V3_EXT_METHOD v3_ocsp_crlid = { 95 NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID), 96 0, 0, 0, 0, 97 0, 0, 98 0, 0, 99 i2r_ocsp_crlid, 0, 100 NULL 101}; 102 103const X509V3_EXT_METHOD v3_ocsp_acutoff = { 104 NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), 105 0, 0, 0, 0, 106 0, 0, 107 0, 0, 108 i2r_ocsp_acutoff, 0, 109 NULL 110}; 111 112const X509V3_EXT_METHOD v3_crl_invdate = { 113 NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME), 114 0, 0, 0, 0, 115 0, 0, 116 0, 0, 117 i2r_ocsp_acutoff, 0, 118 NULL 119}; 120 121const X509V3_EXT_METHOD v3_crl_hold = { 122 NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT), 123 0, 0, 0, 0, 124 0, 0, 125 0, 0, 126 i2r_object, 0, 127 NULL 128}; 129 130const X509V3_EXT_METHOD v3_ocsp_nonce = { 131 NID_id_pkix_OCSP_Nonce, 0, NULL, 132 ocsp_nonce_new, 133 ocsp_nonce_free, 134 d2i_ocsp_nonce, 135 i2d_ocsp_nonce, 136 0, 0, 137 0, 0, 138 i2r_ocsp_nonce, 0, 139 NULL 140}; 141 142const X509V3_EXT_METHOD v3_ocsp_nocheck = { 143 NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL), 144 0, 0, 0, 0, 145 0, s2i_ocsp_nocheck, 146 0, 0, 147 i2r_ocsp_nocheck, 0, 148 NULL 149}; 150 151const X509V3_EXT_METHOD v3_ocsp_serviceloc = { 152 NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC), 153 0, 0, 0, 0, 154 0, 0, 155 0, 0, 156 i2r_ocsp_serviceloc, 0, 157 NULL 158}; 159 160static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp, 161 int ind) 162{ 163 OCSP_CRLID *a = in; 164 if (a->crlUrl) { 165 if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0) 166 goto err; 167 if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl)) 168 goto err; 169 if (BIO_write(bp, "\n", 1) <= 0) 170 goto err; 171 } 172 if (a->crlNum) { 173 if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0) 174 goto err; 175 if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0) 176 goto err; 177 if (BIO_write(bp, "\n", 1) <= 0) 178 goto err; 179 } 180 if (a->crlTime) { 181 if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0) 182 goto err; 183 if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime)) 184 goto err; 185 if (BIO_write(bp, "\n", 1) <= 0) 186 goto err; 187 } 188 return 1; 189 err: 190 return 0; 191} 192 193static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff, 194 BIO *bp, int ind) 195{ 196 if (BIO_printf(bp, "%*s", ind, "") <= 0) 197 return 0; 198 if (!ASN1_GENERALIZEDTIME_print(bp, cutoff)) 199 return 0; 200 return 1; 201} 202 203static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp, 204 int ind) 205{ 206 if (BIO_printf(bp, "%*s", ind, "") <= 0) 207 return 0; 208 if (i2a_ASN1_OBJECT(bp, oid) <= 0) 209 return 0; 210 return 1; 211} 212 213/* 214 * OCSP nonce. This is needs special treatment because it doesn't have an 215 * ASN1 encoding at all: it just contains arbitrary data. 216 */ 217 218static void *ocsp_nonce_new(void) 219{ 220 return ASN1_OCTET_STRING_new(); 221} 222 223static int i2d_ocsp_nonce(void *a, unsigned char **pp) 224{ 225 ASN1_OCTET_STRING *os = a; 226 if (pp) { 227 memcpy(*pp, os->data, os->length); 228 *pp += os->length; 229 } 230 return os->length; 231} 232 233static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length) 234{ 235 ASN1_OCTET_STRING *os, **pos; 236 pos = a; 237 if (!pos || !*pos) 238 os = ASN1_OCTET_STRING_new(); 239 else 240 os = *pos; 241 if (!ASN1_OCTET_STRING_set(os, *pp, length)) 242 goto err; 243 244 *pp += length; 245 246 if (pos) 247 *pos = os; 248 return os; 249 250 err: 251 if (os && (!pos || (*pos != os))) 252 M_ASN1_OCTET_STRING_free(os); 253 OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE); 254 return NULL; 255} 256 257static void ocsp_nonce_free(void *a) 258{ 259 M_ASN1_OCTET_STRING_free(a); 260} 261 262static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce, 263 BIO *out, int indent) 264{ 265 if (BIO_printf(out, "%*s", indent, "") <= 0) 266 return 0; 267 if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0) 268 return 0; 269 return 1; 270} 271 272/* Nocheck is just a single NULL. Don't print anything and always set it */ 273 274static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck, 275 BIO *out, int indent) 276{ 277 return 1; 278} 279 280static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method, 281 X509V3_CTX *ctx, const char *str) 282{ 283 return ASN1_NULL_new(); 284} 285 286static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in, 287 BIO *bp, int ind) 288{ 289 int i; 290 OCSP_SERVICELOC *a = in; 291 ACCESS_DESCRIPTION *ad; 292 293 if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0) 294 goto err; 295 if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0) 296 goto err; 297 for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) { 298 ad = sk_ACCESS_DESCRIPTION_value(a->locator, i); 299 if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0) 300 goto err; 301 if (i2a_ASN1_OBJECT(bp, ad->method) <= 0) 302 goto err; 303 if (BIO_puts(bp, " - ") <= 0) 304 goto err; 305 if (GENERAL_NAME_print(bp, ad->location) <= 0) 306 goto err; 307 } 308 return 1; 309 err: 310 return 0; 311} 312#endif 313