Cryptlib/OpenSSL/crypto/x509v3/v3_ocsp.c

   1 /* v3_ocsp.c */
   2 /*
   3  * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
   4  * 1999.
   5  */
   6 /* ====================================================================
   7  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
   8  *
   9  * Redistribution and use in source and binary forms, with or without
  10  * modification, are permitted provided that the following conditions
  11  * are met:
  12  *
  13  * 1. Redistributions of source code must retain the above copyright
  14  *    notice, this list of conditions and the following disclaimer.
  15  *
  16  * 2. Redistributions in binary form must reproduce the above copyright
  17  *    notice, this list of conditions and the following disclaimer in
  18  *    the documentation and/or other materials provided with the
  19  *    distribution.
  20  *
  21  * 3. All advertising materials mentioning features or use of this
  22  *    software must display the following acknowledgment:
  23  *    "This product includes software developed by the OpenSSL Project
  24  *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
  25  *
  26  * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
  27  *    endorse or promote products derived from this software without
  28  *    prior written permission. For written permission, please contact
  29  *    licensing@OpenSSL.org.
  30  *
  31  * 5. Products derived from this software may not be called "OpenSSL"
  32  *    nor may "OpenSSL" appear in their names without prior written
  33  *    permission of the OpenSSL Project.
  34  *
  35  * 6. Redistributions of any form whatsoever must retain the following
  36  *    acknowledgment:
  37  *    "This product includes software developed by the OpenSSL Project
  38  *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
  39  *
  40  * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
  41  * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  43  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
  44  * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  45  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
  46  * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
  47  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
  49  * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
  50  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
  51  * OF THE POSSIBILITY OF SUCH DAMAGE.
  52  * ====================================================================
  53  *
  54  * This product includes cryptographic software written by Eric Young
  55  * (eay@cryptsoft.com).  This product includes software written by Tim
  56  * Hudson (tjh@cryptsoft.com).
  57  *
  58  */
  59
  60 #ifndef OPENSSL_NO_OCSP
  61
  62 # include <stdio.h>
  63 # include "cryptlib.h"
  64 # include <openssl/conf.h>
  65 # include <openssl/asn1.h>
  66 # include <openssl/ocsp.h>
  67 # include <openssl/x509v3.h>
  68
  69 /*
  70  * OCSP extensions and a couple of CRL entry extensions
  71  */
  72
  73 static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *nonce,
  74                           BIO *out, int indent);
  75 static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *nonce,
  76                             BIO *out, int indent);
  77 static int i2r_object(const X509V3_EXT_METHOD *method, void *obj, BIO *out,
  78                       int indent);
  79
  80 static void *ocsp_nonce_new(void);
  81 static int i2d_ocsp_nonce(void *a, unsigned char **pp);
  82 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length);
  83 static void ocsp_nonce_free(void *a);
  84 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
  85                           BIO *out, int indent);
  86
  87 static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method,
  88                             void *nocheck, BIO *out, int indent);
  89 static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
  90                               X509V3_CTX *ctx, const char *str);
  91 static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
  92                                BIO *bp, int ind);
  93
  94 const X509V3_EXT_METHOD v3_ocsp_crlid = {
  95     NID_id_pkix_OCSP_CrlID, 0, ASN1_ITEM_ref(OCSP_CRLID),
  96     0, 0, 0, 0,
  97     0, 0,
  98     0, 0,
  99     i2r_ocsp_crlid, 0,
 100     NULL
 101 };
 102
 103 const X509V3_EXT_METHOD v3_ocsp_acutoff = {
 104     NID_id_pkix_OCSP_archiveCutoff, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
 105     0, 0, 0, 0,
 106     0, 0,
 107     0, 0,
 108     i2r_ocsp_acutoff, 0,
 109     NULL
 110 };
 111
 112 const X509V3_EXT_METHOD v3_crl_invdate = {
 113     NID_invalidity_date, 0, ASN1_ITEM_ref(ASN1_GENERALIZEDTIME),
 114     0, 0, 0, 0,
 115     0, 0,
 116     0, 0,
 117     i2r_ocsp_acutoff, 0,
 118     NULL
 119 };
 120
 121 const X509V3_EXT_METHOD v3_crl_hold = {
 122     NID_hold_instruction_code, 0, ASN1_ITEM_ref(ASN1_OBJECT),
 123     0, 0, 0, 0,
 124     0, 0,
 125     0, 0,
 126     i2r_object, 0,
 127     NULL
 128 };
 129
 130 const X509V3_EXT_METHOD v3_ocsp_nonce = {
 131     NID_id_pkix_OCSP_Nonce, 0, NULL,
 132     ocsp_nonce_new,
 133     ocsp_nonce_free,
 134     d2i_ocsp_nonce,
 135     i2d_ocsp_nonce,
 136     0, 0,
 137     0, 0,
 138     i2r_ocsp_nonce, 0,
 139     NULL
 140 };
 141
 142 const X509V3_EXT_METHOD v3_ocsp_nocheck = {
 143     NID_id_pkix_OCSP_noCheck, 0, ASN1_ITEM_ref(ASN1_NULL),
 144     0, 0, 0, 0,
 145     0, s2i_ocsp_nocheck,
 146     0, 0,
 147     i2r_ocsp_nocheck, 0,
 148     NULL
 149 };
 150
 151 const X509V3_EXT_METHOD v3_ocsp_serviceloc = {
 152     NID_id_pkix_OCSP_serviceLocator, 0, ASN1_ITEM_ref(OCSP_SERVICELOC),
 153     0, 0, 0, 0,
 154     0, 0,
 155     0, 0,
 156     i2r_ocsp_serviceloc, 0,
 157     NULL
 158 };
 159
 160 static int i2r_ocsp_crlid(const X509V3_EXT_METHOD *method, void *in, BIO *bp,
 161                           int ind)
 162 {
 163     OCSP_CRLID *a = in;
 164     if (a->crlUrl) {
 165         if (BIO_printf(bp, "%*scrlUrl: ", ind, "") <= 0)
 166             goto err;
 167         if (!ASN1_STRING_print(bp, (ASN1_STRING *)a->crlUrl))
 168             goto err;
 169         if (BIO_write(bp, "\n", 1) <= 0)
 170             goto err;
 171     }
 172     if (a->crlNum) {
 173         if (BIO_printf(bp, "%*scrlNum: ", ind, "") <= 0)
 174             goto err;
 175         if (i2a_ASN1_INTEGER(bp, a->crlNum) <= 0)
 176             goto err;
 177         if (BIO_write(bp, "\n", 1) <= 0)
 178             goto err;
 179     }
 180     if (a->crlTime) {
 181         if (BIO_printf(bp, "%*scrlTime: ", ind, "") <= 0)
 182             goto err;
 183         if (!ASN1_GENERALIZEDTIME_print(bp, a->crlTime))
 184             goto err;
 185         if (BIO_write(bp, "\n", 1) <= 0)
 186             goto err;
 187     }
 188     return 1;
 189  err:
 190     return 0;
 191 }
 192
 193 static int i2r_ocsp_acutoff(const X509V3_EXT_METHOD *method, void *cutoff,
 194                             BIO *bp, int ind)
 195 {
 196     if (BIO_printf(bp, "%*s", ind, "") <= 0)
 197         return 0;
 198     if (!ASN1_GENERALIZEDTIME_print(bp, cutoff))
 199         return 0;
 200     return 1;
 201 }
 202
 203 static int i2r_object(const X509V3_EXT_METHOD *method, void *oid, BIO *bp,
 204                       int ind)
 205 {
 206     if (BIO_printf(bp, "%*s", ind, "") <= 0)
 207         return 0;
 208     if (i2a_ASN1_OBJECT(bp, oid) <= 0)
 209         return 0;
 210     return 1;
 211 }
 212
 213 /*
 214  * OCSP nonce. This is needs special treatment because it doesn't have an
 215  * ASN1 encoding at all: it just contains arbitrary data.
 216  */
 217
 218 static void *ocsp_nonce_new(void)
 219 {
 220     return ASN1_OCTET_STRING_new();
 221 }
 222
 223 static int i2d_ocsp_nonce(void *a, unsigned char **pp)
 224 {
 225     ASN1_OCTET_STRING *os = a;
 226     if (pp) {
 227         memcpy(*pp, os->data, os->length);
 228         *pp += os->length;
 229     }
 230     return os->length;
 231 }
 232
 233 static void *d2i_ocsp_nonce(void *a, const unsigned char **pp, long length)
 234 {
 235     ASN1_OCTET_STRING *os, **pos;
 236     pos = a;
 237     if (!pos || !*pos)
 238         os = ASN1_OCTET_STRING_new();
 239     else
 240         os = *pos;
 241     if (!ASN1_OCTET_STRING_set(os, *pp, length))
 242         goto err;
 243
 244     *pp += length;
 245
 246     if (pos)
 247         *pos = os;
 248     return os;
 249
 250  err:
 251     if (os && (!pos || (*pos != os)))
 252         M_ASN1_OCTET_STRING_free(os);
 253     OCSPerr(OCSP_F_D2I_OCSP_NONCE, ERR_R_MALLOC_FAILURE);
 254     return NULL;
 255 }
 256
 257 static void ocsp_nonce_free(void *a)
 258 {
 259     M_ASN1_OCTET_STRING_free(a);
 260 }
 261
 262 static int i2r_ocsp_nonce(const X509V3_EXT_METHOD *method, void *nonce,
 263                           BIO *out, int indent)
 264 {
 265     if (BIO_printf(out, "%*s", indent, "") <= 0)
 266         return 0;
 267     if (i2a_ASN1_STRING(out, nonce, V_ASN1_OCTET_STRING) <= 0)
 268         return 0;
 269     return 1;
 270 }
 271
 272 /* Nocheck is just a single NULL. Don't print anything and always set it */
 273
 274 static int i2r_ocsp_nocheck(const X509V3_EXT_METHOD *method, void *nocheck,
 275                             BIO *out, int indent)
 276 {
 277     return 1;
 278 }
 279
 280 static void *s2i_ocsp_nocheck(const X509V3_EXT_METHOD *method,
 281                               X509V3_CTX *ctx, const char *str)
 282 {
 283     return ASN1_NULL_new();
 284 }
 285
 286 static int i2r_ocsp_serviceloc(const X509V3_EXT_METHOD *method, void *in,
 287                                BIO *bp, int ind)
 288 {
 289     int i;
 290     OCSP_SERVICELOC *a = in;
 291     ACCESS_DESCRIPTION *ad;
 292
 293     if (BIO_printf(bp, "%*sIssuer: ", ind, "") <= 0)
 294         goto err;
 295     if (X509_NAME_print_ex(bp, a->issuer, 0, XN_FLAG_ONELINE) <= 0)
 296         goto err;
 297     for (i = 0; i < sk_ACCESS_DESCRIPTION_num(a->locator); i++) {
 298         ad = sk_ACCESS_DESCRIPTION_value(a->locator, i);
 299         if (BIO_printf(bp, "\n%*s", (2 * ind), "") <= 0)
 300             goto err;
 301         if (i2a_ASN1_OBJECT(bp, ad->method) <= 0)
 302             goto err;
 303         if (BIO_puts(bp, " - ") <= 0)
 304             goto err;
 305         if (GENERAL_NAME_print(bp, ad->location) <= 0)
 306             goto err;
 307     }
 308     return 1;
 309  err:
 310     return 0;
 311 }
 312 #endif