1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ocsp_ext.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * project. */ 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* History: 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project This file was transfered to Richard Levitte from CertCo by Kathy 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project Weinhold in mid-spring 2000 to be included in OpenSSL or released 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project as a patch kit. */ 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <cryptlib.h> 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/objects.h> 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509.h> 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/ocsp.h> 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/x509v3.h> 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Standard wrapper functions for extensions */ 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* OCSP request extensions */ 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_count(x->tbsRequest->requestExtensions)); 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_NID(x->tbsRequest->requestExtensions,nid,lastpos)); 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos) 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_OBJ(x->tbsRequest->requestExtensions,obj,lastpos)); 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_critical(x->tbsRequest->requestExtensions,crit,lastpos)); 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext(x->tbsRequest->requestExtensions,loc)); 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_delete_ext(x->tbsRequest->requestExtensions,loc)); 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long flags) 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, crit, flags); 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) 118656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_add_ext(&(x->tbsRequest->requestExtensions),ex,loc) != NULL); 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Single extensions */ 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_ONEREQ_get_ext_count(OCSP_ONEREQ *x) 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_count(x->singleRequestExtensions)); 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_ONEREQ_get_ext_by_NID(OCSP_ONEREQ *x, int nid, int lastpos) 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_NID(x->singleRequestExtensions,nid,lastpos)); 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_ONEREQ_get_ext_by_OBJ(OCSP_ONEREQ *x, ASN1_OBJECT *obj, int lastpos) 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_OBJ(x->singleRequestExtensions,obj,lastpos)); 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_ONEREQ_get_ext_by_critical(OCSP_ONEREQ *x, int crit, int lastpos) 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_critical(x->singleRequestExtensions,crit,lastpos)); 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_ONEREQ_get_ext(OCSP_ONEREQ *x, int loc) 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext(x->singleRequestExtensions,loc)); 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_delete_ext(x->singleRequestExtensions,loc)); 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_ONEREQ_add1_ext_i2d(OCSP_ONEREQ *x, int nid, void *value, int crit, 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long flags) 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_add1_i2d(&x->singleRequestExtensions, nid, value, crit, flags); 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_add_ext(&(x->singleRequestExtensions),ex,loc) != NULL); 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* OCSP Basic response */ 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,nid,lastpos)); 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_OBJ(x->tbsResponseData->responseExtensions,obj,lastpos)); 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions,crit,lastpos)); 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext(x->tbsResponseData->responseExtensions,loc)); 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_delete_ext(x->tbsResponseData->responseExtensions,loc)); 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx) 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, idx); 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long flags) 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, value, crit, flags); 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_add_ext(&(x->tbsResponseData->responseExtensions),ex,loc) != NULL); 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* OCSP single response extensions */ 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *x) 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_count(x->singleExtensions)); 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_SINGLERESP_get_ext_by_NID(OCSP_SINGLERESP *x, int nid, int lastpos) 226656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 227656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_NID(x->singleExtensions,nid,lastpos)); 228656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_SINGLERESP_get_ext_by_OBJ(OCSP_SINGLERESP *x, ASN1_OBJECT *obj, int lastpos) 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_OBJ(x->singleExtensions,obj,lastpos)); 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_SINGLERESP_get_ext_by_critical(OCSP_SINGLERESP *x, int crit, int lastpos) 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext_by_critical(x->singleExtensions,crit,lastpos)); 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *x, int loc) 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_get_ext(x->singleExtensions,loc)); 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_SINGLERESP_delete_ext(OCSP_SINGLERESP *x, int loc) 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_delete_ext(x->singleExtensions,loc)); 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectvoid *OCSP_SINGLERESP_get1_ext_d2i(OCSP_SINGLERESP *x, int nid, int *crit, int *idx) 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_get_d2i(x->singleExtensions, nid, crit, idx); 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int crit, 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned long flags) 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return X509V3_add1_i2d(&x->singleExtensions, nid, value, crit, flags); 259656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc) 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(X509v3_add_ext(&(x->singleExtensions),ex,loc) != NULL); 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* also CRL Entry Extensions */ 267221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#if 0 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project void *data, STACK_OF(ASN1_OBJECT) *sk) 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i; 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p, *b = NULL; 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (data) 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i=i2d(data,NULL)) <= 0) goto err; 277656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(b=p=OPENSSL_malloc((unsigned int)i))) 278656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i2d(data, &p) <= 0) goto err; 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else if (sk) 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (I2D_OF(ASN1_OBJECT))i2d, 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_ASN1_SEQUENCE, 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_ASN1_UNIVERSAL, 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project IS_SEQUENCE))<=0) goto err; 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(b=p=OPENSSL_malloc((unsigned int)i))) 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_ASN1_SEQUENCE, 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project V_ASN1_UNIVERSAL, 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project IS_SEQUENCE)<=0) goto err; 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSPerr(OCSP_F_ASN1_STRING_ENCODE,OCSP_R_BAD_DATA); 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!s && !(s = ASN1_STRING_new())) goto err; 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ASN1_STRING_set(s, b, i))) goto err; 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(b); 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return s; 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (b) OPENSSL_free(b); 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return NULL; 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 308221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#endif 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Nonce handling functions */ 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Add a nonce to an extension stack. A nonce can be specificed or if NULL 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * a random nonce will be generated. 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nonce, previous versions used the raw nonce. 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *tmpval; 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OCTET_STRING os; 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret = 0; 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (len <= 0) len = OCSP_DEFAULT_NONCE_LENGTH; 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Create the OCTET STRING manually by writing out the header and 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * appending the content octets. This avoids an extra memory allocation 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * operation in some cases. Applications should *NOT* do this because 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * it relies on library internals. 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project os.length = ASN1_object_size(0, len, V_ASN1_OCTET_STRING); 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project os.data = OPENSSL_malloc(os.length); 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (os.data == NULL) 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project tmpval = os.data; 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL); 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (val) 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project memcpy(tmpval, val, len); 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RAND_pseudo_bytes(tmpval, len); 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce, 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project &os, 0, X509V3_ADD_REPLACE)) 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = 1; 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (os.data) 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(os.data); 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Add nonce to an OCSP request */ 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Same as above but for a response */ 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, len); 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Check nonce validity in a request and response. 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Return value reflects result: 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1: nonces present and equal. 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2: nonces both absent. 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3: nonce present in response only. 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 0: nonces both present and not equal. 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * -1: nonce in request only. 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * For most responders clients can check return > 0. 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If responder doesn't handle nonces return != 0 may be 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * necessary. return == 0 is always an error. 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Since we are only interested in the presence or absence of 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the nonce and comparing its value there is no need to use 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the X509V3 routines: this way we can avoid them allocating an 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ASN1_OCTET_STRING structure for the value which would be 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * freed immediately anyway. 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_idx, resp_idx; 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *req_ext, *resp_ext; 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check both absent */ 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((req_idx < 0) && (resp_idx < 0)) 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 2; 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check in request only */ 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((req_idx >= 0) && (resp_idx < 0)) 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check in response but not request */ 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((req_idx < 0) && (resp_idx >= 0)) 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 3; 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Otherwise nonce in request and response so retrieve the extensions */ 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_ext = OCSP_REQUEST_get_ext(req, req_idx); 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx); 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value)) 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 0; 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return 1; 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copy the nonce value (if any) from an OCSP request to 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * a response. 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectint OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *req_ext; 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int req_idx; 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Check for nonce in request */ 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If no nonce that's OK */ 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (req_idx < 0) return 2; 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project req_ext = OCSP_REQUEST_get_ext(req, req_idx); 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return OCSP_BASICRESP_add_ext(resp, req_ext, -1); 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim) 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *x = NULL; 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_CRLID *cid = NULL; 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(cid = OCSP_CRLID_new())) goto err; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (url) 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(cid->crlUrl = ASN1_IA5STRING_new())) goto err; 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ASN1_STRING_set(cid->crlUrl, url, -1))) goto err; 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 435656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (n) 436656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 437656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(cid->crlNum = ASN1_INTEGER_new())) goto err; 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ASN1_INTEGER_set(cid->crlNum, *n))) goto err; 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (tim) 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) goto err; 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 446221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (cid) OCSP_CRLID_free(cid); 449221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return x; 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_accept_responses_new(char **oids) 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int nid; 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project STACK_OF(ASN1_OBJECT) *sk = NULL; 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_OBJECT *o = NULL; 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *x = NULL; 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(sk = sk_ASN1_OBJECT_new_null())) goto err; 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (oids && *oids) 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((nid=OBJ_txt2nid(*oids))!=NID_undef&&(o=OBJ_nid2obj(nid))) 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project sk_ASN1_OBJECT_push(sk, o); 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project oids++; 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 467221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); 470221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return x; 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ArchiveCutoff ::= GeneralizedTime */ 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_archive_cutoff_new(char* tim) 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *x=NULL; 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_GENERALIZEDTIME *gt = NULL; 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; 481221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (gt) ASN1_GENERALIZEDTIME_free(gt); 484221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return x; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * two--NID_ad_ocsp, NID_id_ad_caIssuers--and GeneralName value. This 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * method forces NID_ad_ocsp and uniformResourceLocator [6] IA5String. 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source ProjectX509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project X509_EXTENSION *x = NULL; 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ASN1_IA5STRING *ia5 = NULL; 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OCSP_SERVICELOC *sloc = NULL; 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ACCESS_DESCRIPTION *ad = NULL; 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(sloc = OCSP_SERVICELOC_new())) goto err; 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(sloc->issuer = X509_NAME_dup(issuer))) goto err; 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (urls && *urls && !(sloc->locator = sk_ACCESS_DESCRIPTION_new_null())) goto err; 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project while (urls && *urls) 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ad = ACCESS_DESCRIPTION_new())) goto err; 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ad->method=OBJ_nid2obj(NID_ad_OCSP))) goto err; 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ad->location = GENERAL_NAME_new())) goto err; 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(ia5 = ASN1_IA5STRING_new())) goto err; 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!ASN1_STRING_set((ASN1_STRING*)ia5, *urls, -1)) goto err; 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ad->location->type = GEN_URI; 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ad->location->d.ia5 = ia5; 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project urls++; 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 513221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (sloc) OCSP_SERVICELOC_free(sloc); 516221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom return x; 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 519