summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp/ocsp_ext.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/ocsp/ocsp_ext.c')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ext.c43
1 files changed, 26 insertions, 17 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 6ec8ca4adf..45b072750f 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -15,7 +15,7 @@
15 * are met: 15 * are met:
16 * 16 *
17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.
19 * 19 *
20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in
@@ -129,8 +129,8 @@ OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
129int 129int
130OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) 130OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
131{ 131{
132 return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != 132 return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex,
133 NULL; 133 loc) != NULL;
134} 134}
135 135
136/* Single extensions */ 136/* Single extensions */
@@ -172,7 +172,8 @@ OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
172 return X509v3_delete_ext(x->singleRequestExtensions, loc); 172 return X509v3_delete_ext(x->singleRequestExtensions, loc);
173} 173}
174 174
175void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) 175void *
176OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
176{ 177{
177 return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); 178 return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
178} 179}
@@ -203,7 +204,7 @@ int
203OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) 204OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
204{ 205{
205 return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, 206 return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,
206 nid ,lastpos); 207 nid, lastpos);
207} 208}
208 209
209int 210int
@@ -216,8 +217,8 @@ OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
216int 217int
217OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) 218OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
218{ 219{
219 return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions, 220 return X509v3_get_ext_by_critical(
220 crit, lastpos); 221 x->tbsResponseData->responseExtensions, crit, lastpos);
221} 222}
222 223
223X509_EXTENSION * 224X509_EXTENSION *
@@ -329,14 +330,15 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data,
329 if (i2d(data, &p) <= 0) 330 if (i2d(data, &p) <= 0)
330 goto err; 331 goto err;
331 } else if (sk) { 332 } else if (sk) {
332 if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, 333 if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
333 (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 334 (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
334 IS_SEQUENCE)) <= 0) 335 IS_SEQUENCE)) <= 0)
335 goto err; 336 goto err;
336 if (!(b = p = malloc((unsigned int)i))) 337 if (!(b = p = malloc((unsigned int)i)))
337 goto err; 338 goto err;
338 if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, 339 if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p,
339 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) 340 (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE,
341 V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
340 goto err; 342 goto err;
341 } else { 343 } else {
342 OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); 344 OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
@@ -348,6 +350,7 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data,
348 goto err; 350 goto err;
349 free(b); 351 free(b);
350 return s; 352 return s;
353
351err: 354err:
352 free(b); 355 free(b);
353 return NULL; 356 return NULL;
@@ -358,7 +361,7 @@ err:
358 361
359/* Add a nonce to an extension stack. A nonce can be specificed or if NULL 362/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
360 * a random nonce will be generated. 363 * a random nonce will be generated.
361 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 364 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
362 * nonce, previous versions used the raw nonce. 365 * nonce, previous versions used the raw nonce.
363 */ 366 */
364 367
@@ -390,6 +393,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
390 X509V3_ADD_REPLACE)) 393 X509V3_ADD_REPLACE))
391 goto err; 394 goto err;
392 ret = 1; 395 ret = 1;
396
393err: 397err:
394 free(os.data); 398 free(os.data);
395 return ret; 399 return ret;
@@ -436,7 +440,8 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
436 X509_EXTENSION *req_ext, *resp_ext; 440 X509_EXTENSION *req_ext, *resp_ext;
437 441
438 req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); 442 req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
439 resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); 443 resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs,
444 NID_id_pkix_OCSP_Nonce, -1);
440 /* Check both absent */ 445 /* Check both absent */
441 if (req_idx < 0 && resp_idx < 0) 446 if (req_idx < 0 && resp_idx < 0)
442 return 2; 447 return 2;
@@ -454,7 +459,7 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
454 return 1; 459 return 1;
455} 460}
456 461
457/* Copy the nonce value (if any) from an OCSP request to 462/* Copy the nonce value (if any) from an OCSP request to
458 * a response. 463 * a response.
459 */ 464 */
460int 465int
@@ -477,7 +482,7 @@ OCSP_crlID_new(char *url, long *n, char *tim)
477{ 482{
478 X509_EXTENSION *x = NULL; 483 X509_EXTENSION *x = NULL;
479 OCSP_CRLID *cid = NULL; 484 OCSP_CRLID *cid = NULL;
480 485
481 if (!(cid = OCSP_CRLID_new())) 486 if (!(cid = OCSP_CRLID_new()))
482 goto err; 487 goto err;
483 if (url) { 488 if (url) {
@@ -495,10 +500,11 @@ OCSP_crlID_new(char *url, long *n, char *tim)
495 if (tim) { 500 if (tim) {
496 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) 501 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
497 goto err; 502 goto err;
498 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 503 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
499 goto err; 504 goto err;
500 } 505 }
501 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); 506 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
507
502err: 508err:
503 if (cid) 509 if (cid)
504 OCSP_CRLID_free(cid); 510 OCSP_CRLID_free(cid);
@@ -518,11 +524,12 @@ OCSP_accept_responses_new(char **oids)
518 goto err; 524 goto err;
519 while (oids && *oids) { 525 while (oids && *oids) {
520 if ((nid = OBJ_txt2nid(*oids)) != NID_undef && 526 if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
521 (o = OBJ_nid2obj(nid))) 527 (o = OBJ_nid2obj(nid)))
522 sk_ASN1_OBJECT_push(sk, o); 528 sk_ASN1_OBJECT_push(sk, o);
523 oids++; 529 oids++;
524 } 530 }
525 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); 531 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
532
526err: 533err:
527 if (sk) 534 if (sk)
528 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); 535 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
@@ -541,6 +548,7 @@ OCSP_archive_cutoff_new(char* tim)
541 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) 548 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
542 goto err; 549 goto err;
543 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); 550 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
551
544err: 552err:
545 if (gt) 553 if (gt)
546 ASN1_GENERALIZEDTIME_free(gt); 554 ASN1_GENERALIZEDTIME_free(gt);
@@ -558,7 +566,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
558 ASN1_IA5STRING *ia5 = NULL; 566 ASN1_IA5STRING *ia5 = NULL;
559 OCSP_SERVICELOC *sloc = NULL; 567 OCSP_SERVICELOC *sloc = NULL;
560 ACCESS_DESCRIPTION *ad = NULL; 568 ACCESS_DESCRIPTION *ad = NULL;
561 569
562 if (!(sloc = OCSP_SERVICELOC_new())) 570 if (!(sloc = OCSP_SERVICELOC_new()))
563 goto err; 571 goto err;
564 if (!(sloc->issuer = X509_NAME_dup(issuer))) 572 if (!(sloc->issuer = X509_NAME_dup(issuer)))
@@ -584,6 +592,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
584 urls++; 592 urls++;
585 } 593 }
586 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); 594 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
595
587err: 596err:
588 if (sloc) 597 if (sloc)
589 OCSP_SERVICELOC_free(sloc); 598 OCSP_SERVICELOC_free(sloc);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-25 19:53:23 +0000