1 files changed, 0 insertions, 469 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
deleted file mode 100644
index 69723c2154..0000000000
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ /dev/null
@@ -1,469 +0,0 @@
-/* $OpenBSD: ocsp_ht.c,v 1.27 2023/11/28 09:29:20 jsg Exp $ */
-/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
- * project 2006.
- */
-/* ====================================================================
- * Copyright (c) 2006 The OpenSSL Project.  All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- *    notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. All advertising materials mentioning features or use of this
- *    software must display the following acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
- *
- * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
- *    endorse or promote products derived from this software without
- *    prior written permission. For written permission, please contact
- *    licensing@OpenSSL.org.
- *
- * 5. Products derived from this software may not be called "OpenSSL"
- *    nor may "OpenSSL" appear in their names without prior written
- *    permission of the OpenSSL Project.
- *
- * 6. Redistributions of any form whatsoever must retain the following
- *    acknowledgment:
- *    "This product includes software developed by the OpenSSL Project
- *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
- *
- * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
- * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
- * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
- * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
- * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
- * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
- * OF THE POSSIBILITY OF SUCH DAMAGE.
- * ====================================================================
- *
- * This product includes cryptographic software written by Eric Young
- * (eay@cryptsoft.com).  This product includes software written by Tim
- * Hudson (tjh@cryptsoft.com).
- *
- */
-#include <stdio.h>
-#include <stdlib.h>
-#include <ctype.h>
-#include <string.h>
-#include <openssl/asn1.h>
-#include <openssl/ocsp.h>
-#include <openssl/err.h>
-#include <openssl/buffer.h>
-/* Stateful OCSP request code, supporting non-blocking I/O */
-/* Opaque OCSP request status structure */
-struct ocsp_req_ctx_st {
-        int state;              /* Current I/O state */
-        unsigned char *iobuf;   /* Line buffer */
-        int iobuflen;           /* Line buffer length */
-        BIO *io;                /* BIO to perform I/O with */
-        BIO *mem;               /* Memory BIO response is built into */
-        unsigned long asn1_len; /* ASN1 length of response */
-};
-#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
-#define OCSP_MAX_LINE_LEN       4096;
-/* OCSP states */
-/* If set no reading should be performed */
-#define OHS_NOREAD              0x1000
-/* Error condition */
-#define OHS_ERROR               (0 | OHS_NOREAD)
-/* First line being read */
-#define OHS_FIRSTLINE           1
-/* MIME headers being read */
-#define OHS_HEADERS             2
-/* OCSP initial header (tag + length) being read */
-#define OHS_ASN1_HEADER         3
-/* OCSP content octets being read */
-#define OHS_ASN1_CONTENT        4
-/* Request being sent */
-#define OHS_ASN1_WRITE          (6 | OHS_NOREAD)
-/* Request being flushed */
-#define OHS_ASN1_FLUSH          (7 | OHS_NOREAD)
-/* Completed */
-#define OHS_DONE                (8 | OHS_NOREAD)
-static int parse_http_line1(char *line);
-void
-OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
-{
-        if (rctx == NULL)
-                return;
-        BIO_free(rctx->mem);
-        free(rctx->iobuf);
-        free(rctx);
-}
-LCRYPTO_ALIAS(OCSP_REQ_CTX_free);
-int
-OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
-{
-        if (BIO_printf(rctx->mem, "Content-Type: application/ocsp-request\r\n"
-            "Content-Length: %d\r\n\r\n", i2d_OCSP_REQUEST(req, NULL)) <= 0)
-                return 0;
-        if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
-                return 0;
-        rctx->state = OHS_ASN1_WRITE;
-        rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
-        return 1;
-}
-LCRYPTO_ALIAS(OCSP_REQ_CTX_set1_req);
-int
-OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx, const char *name,
-    const char *value)
-{
-        if (!name)
-                return 0;
-        if (BIO_puts(rctx->mem, name) <= 0)
-                return 0;
-        if (value) {
-                if (BIO_write(rctx->mem, ": ", 2) != 2)
-                        return 0;
-                if (BIO_puts(rctx->mem, value) <= 0)
-                        return 0;
-        }
-        if (BIO_write(rctx->mem, "\r\n", 2) != 2)
-                return 0;
-        return 1;
-}
-LCRYPTO_ALIAS(OCSP_REQ_CTX_add1_header);
-OCSP_REQ_CTX *
-OCSP_sendreq_new(BIO *io, const char *path, OCSP_REQUEST *req, int maxline)
-{
-        OCSP_REQ_CTX *rctx;
-        rctx = malloc(sizeof(OCSP_REQ_CTX));
-        if (rctx == NULL)
-                return NULL;
-        rctx->state = OHS_ERROR;
-        if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL) {
-                free(rctx);
-                return NULL;
-        }
-        rctx->io = io;
-        rctx->asn1_len = 0;
-        if (maxline > 0)
-                rctx->iobuflen = maxline;
-        else
-                rctx->iobuflen = OCSP_MAX_LINE_LEN;
-        rctx->iobuf = malloc(rctx->iobuflen);
-        if (!rctx->iobuf) {
-                BIO_free(rctx->mem);
-                free(rctx);
-                return NULL;
-        }
-        if (!path)
-                path = "/";
-        if (BIO_printf(rctx->mem, "POST %s HTTP/1.0\r\n", path) <= 0) {
-                free(rctx->iobuf);
-                BIO_free(rctx->mem);
-                free(rctx);
-                return NULL;
-        }
-        if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) {
-                free(rctx->iobuf);
-                BIO_free(rctx->mem);
-                free(rctx);
-                return NULL;
-        }
-        return rctx;
-}
-LCRYPTO_ALIAS(OCSP_sendreq_new);
-/* Parse the HTTP response. This will look like this:
- * "HTTP/1.0 200 OK". We need to obtain the numeric code and
- * (optional) informational message.
- */
-static int
-parse_http_line1(char *line)
-{
-        int retcode;
-        char *p, *q, *r;
-        /* Skip to first white space (passed protocol info) */
-        for (p = line; *p && !isspace((unsigned char)*p); p++)
-                continue;
-        if (!*p) {
-                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                return 0;
-        }
-        /* Skip past white space to start of response code */
-        while (*p && isspace((unsigned char)*p))
-                p++;
-        if (!*p) {
-                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                return 0;
-        }
-        /* Find end of response code: first whitespace after start of code */
-        for (q = p; *q && !isspace((unsigned char)*q); q++)
-                continue;
-        if (!*q) {
-                OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
-                return 0;
-        }
-        /* Set end of response code and start of message */
-        *q++ = 0;
-        /* Attempt to parse numeric code */
-        retcode = strtoul(p, &r, 10);
-        if (*r)
-                return 0;
-        /* Skip over any leading white space in message */
-        while (*q && isspace((unsigned char)*q))
-                q++;
-        if (*q) {
-                /* Finally zap any trailing white space in message (include
-                 * CRLF) */
-                /* We know q has a non white space character so this is OK */
-                for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
-                        *r = 0;
-        }
-        if (retcode != 200) {
-                OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR);
-                if (!*q)
-                        ERR_asprintf_error_data("Code=%s", p);
-                else
-                        ERR_asprintf_error_data("Code=%s,Reason=%s", p, q);
-                return 0;
-        }
-        return 1;
-}
-int
-OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
-{
-        int i, n;
-        const unsigned char *p;
-next_io:
-        if (!(rctx->state & OHS_NOREAD)) {
-                n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
-                if (n <= 0) {
-                        if (BIO_should_retry(rctx->io))
-                                return -1;
-                        return 0;
-                }
-                /* Write data to memory BIO */
-                if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
-                        return 0;
-        }
-        switch (rctx->state) {
-        case OHS_ASN1_WRITE:
-                n = BIO_get_mem_data(rctx->mem, &p);
-                i = BIO_write(rctx->io,
-                    p + (n - rctx->asn1_len), rctx->asn1_len);
-                if (i <= 0) {
-                        if (BIO_should_retry(rctx->io))
-                                return -1;
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                }
-                rctx->asn1_len -= i;
-                if (rctx->asn1_len > 0)
-                        goto next_io;
-                rctx->state = OHS_ASN1_FLUSH;
-                (void)BIO_reset(rctx->mem);
-                /* FALLTHROUGH */
-        case OHS_ASN1_FLUSH:
-                i = BIO_flush(rctx->io);
-                if (i > 0) {
-                        rctx->state = OHS_FIRSTLINE;
-                        goto next_io;
-                }
-                if (BIO_should_retry(rctx->io))
-                        return -1;
-                rctx->state = OHS_ERROR;
-                return 0;
-        case OHS_ERROR:
-                return 0;
-        case OHS_FIRSTLINE:
-        case OHS_HEADERS:
-                /* Attempt to read a line in */
-next_line:
-                /* Due to &%^*$" memory BIO behaviour with BIO_gets we
-                 * have to check there's a complete line in there before
-                 * calling BIO_gets or we'll just get a partial read.
-                 */
-                n = BIO_get_mem_data(rctx->mem, &p);
-                if ((n <= 0) || !memchr(p, '\n', n)) {
-                        if (n >= rctx->iobuflen) {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                        }
-                        goto next_io;
-                }
-                n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
-                if (n <= 0) {
-                        if (BIO_should_retry(rctx->mem))
-                                goto next_io;
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                }
-                /* Don't allow excessive lines */
-                if (n == rctx->iobuflen) {
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                }
-                /* First line */
-                if (rctx->state == OHS_FIRSTLINE) {
-                        if (parse_http_line1((char *)rctx->iobuf)) {
-                                rctx->state = OHS_HEADERS;
-                                goto next_line;
-                        } else {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                        }
-                } else {
-                        /* Look for blank line: end of headers */
-                        for (p = rctx->iobuf; *p; p++) {
-                                if ((*p != '\r') && (*p != '\n'))
-                                        break;
-                        }
-                        if (*p)
-                                goto next_line;
-                        rctx->state = OHS_ASN1_HEADER;
-                }
-                /* FALLTHROUGH */
-        case OHS_ASN1_HEADER:
-                /* Now reading ASN1 header: can read at least 2 bytes which
-                 * is enough for ASN1 SEQUENCE header and either length field
-                 * or at least the length of the length field.
-                 */
-                n = BIO_get_mem_data(rctx->mem, &p);
-                if (n < 2)
-                        goto next_io;
-                /* Check it is an ASN1 SEQUENCE */
-                if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) {
-                        rctx->state = OHS_ERROR;
-                        return 0;
-                }
-                /* Check out length field */
-                if (*p & 0x80) {
-                        /* If MSB set on initial length octet we can now
-                         * always read 6 octets: make sure we have them.
-                         */
-                        if (n < 6)
-                                goto next_io;
-                        n = *p & 0x7F;
-                        /* Not NDEF or excessive length */
-                        if (!n || (n > 4)) {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                        }
-                        p++;
-                        rctx->asn1_len = 0;
-                        for (i = 0; i < n; i++) {
-                                rctx->asn1_len <<= 8;
-                                rctx->asn1_len |= *p++;
-                        }
-                        if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) {
-                                rctx->state = OHS_ERROR;
-                                return 0;
-                        }
-                        rctx->asn1_len += n + 2;
-                } else
-                        rctx->asn1_len = *p + 2;
-                rctx->state = OHS_ASN1_CONTENT;
-                /* FALLTHROUGH */
-        case OHS_ASN1_CONTENT:
-                n = BIO_get_mem_data(rctx->mem, &p);
-                if (n < (int)rctx->asn1_len)
-                        goto next_io;
-                *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
-                if (*presp) {
-                        rctx->state = OHS_DONE;
-                        return 1;
-                }
-                rctx->state = OHS_ERROR;
-                return 0;
-        case OHS_DONE:
-                return 1;
-        }
-        return 0;
-}
-LCRYPTO_ALIAS(OCSP_sendreq_nbio);
-/* Blocking OCSP request handler: now a special case of non-blocking I/O */
-OCSP_RESPONSE *
-OCSP_sendreq_bio(BIO *b, const char *path, OCSP_REQUEST *req)
-{
-        OCSP_RESPONSE *resp = NULL;
-        OCSP_REQ_CTX *ctx;
-        int rv;
-        ctx = OCSP_sendreq_new(b, path, req, -1);
-        if (ctx == NULL)
-                return NULL;
-        do {
-                rv = OCSP_sendreq_nbio(&resp, ctx);
-        } while ((rv == -1) && BIO_should_retry(b));
-        OCSP_REQ_CTX_free(ctx);
-        if (rv)
-                return resp;
-        return NULL;
-}
-LCRYPTO_ALIAS(OCSP_sendreq_bio);

diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c deleted file mode 100644 index 69723c2154..0000000000 --- a/src/lib/libcrypto/ocsp/ocsp_ht.c +++ /dev/null
@@ -1,469 +0,0 @@
1	/* $OpenBSD: ocsp_ht.c,v 1.27 2023/11/28 09:29:20 jsg Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.
4	*/
5	/* ====================================================================
6	* Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7	*
8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions
10	* are met:
11	*
12	* 1. Redistributions of source code must retain the above copyright
13	* notice, this list of conditions and the following disclaimer.
14	*
15	* 2. Redistributions in binary form must reproduce the above copyright
16	* notice, this list of conditions and the following disclaimer in
17	* the documentation and/or other materials provided with the
18	* distribution.
19	*
20	* 3. All advertising materials mentioning features or use of this
21	* software must display the following acknowledgment:
22	* "This product includes software developed by the OpenSSL Project
23	* for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24	*
25	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26	* endorse or promote products derived from this software without
27	* prior written permission. For written permission, please contact
28	* licensing@OpenSSL.org.
29	*
30	* 5. Products derived from this software may not be called "OpenSSL"
31	* nor may "OpenSSL" appear in their names without prior written
32	* permission of the OpenSSL Project.
33	*
34	* 6. Redistributions of any form whatsoever must retain the following
35	* acknowledgment:
36	* "This product includes software developed by the OpenSSL Project
37	* for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38	*
39	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	* OF THE POSSIBILITY OF SUCH DAMAGE.
51	* ====================================================================
52	*
53	* This product includes cryptographic software written by Eric Young
54	* (eay@cryptsoft.com). This product includes software written by Tim
55	* Hudson (tjh@cryptsoft.com).
56	*
57	*/
58
59	#include <stdio.h>
60	#include <stdlib.h>
61	#include <ctype.h>
62	#include <string.h>
63	#include <openssl/asn1.h>
64	#include <openssl/ocsp.h>
65	#include <openssl/err.h>
66	#include <openssl/buffer.h>
67
68	/* Stateful OCSP request code, supporting non-blocking I/O */
69
70	/* Opaque OCSP request status structure */
71
72	struct ocsp_req_ctx_st {
73	int state; /* Current I/O state */
74	unsigned char iobuf; / Line buffer */
75	int iobuflen; /* Line buffer length */
76	BIO io; / BIO to perform I/O with */
77	BIO mem; / Memory BIO response is built into */
78	unsigned long asn1_len; /* ASN1 length of response */
79	};
80
81	#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
82	#define OCSP_MAX_LINE_LEN 4096;
83
84	/* OCSP states */
85
86	/* If set no reading should be performed */
87	#define OHS_NOREAD 0x1000
88	/* Error condition */
89	#define OHS_ERROR (0 \| OHS_NOREAD)
90	/* First line being read */
91	#define OHS_FIRSTLINE 1
92	/* MIME headers being read */
93	#define OHS_HEADERS 2
94	/* OCSP initial header (tag + length) being read */
95	#define OHS_ASN1_HEADER 3
96	/* OCSP content octets being read */
97	#define OHS_ASN1_CONTENT 4
98	/* Request being sent */
99	#define OHS_ASN1_WRITE (6 \| OHS_NOREAD)
100	/* Request being flushed */
101	#define OHS_ASN1_FLUSH (7 \| OHS_NOREAD)
102	/* Completed */
103	#define OHS_DONE (8 \| OHS_NOREAD)
104
105
106	static int parse_http_line1(char *line);
107
108	void
109	OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
110	{
111	if (rctx == NULL)
112	return;
113
114	BIO_free(rctx->mem);
115	free(rctx->iobuf);
116	free(rctx);
117	}
118	LCRYPTO_ALIAS(OCSP_REQ_CTX_free);
119
120	int
121	OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX rctx, OCSP_REQUEST req)
122	{
123	if (BIO_printf(rctx->mem, "Content-Type: application/ocsp-request\r\n"
124	"Content-Length: %d\r\n\r\n", i2d_OCSP_REQUEST(req, NULL)) <= 0)
125	return 0;
126	if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
127	return 0;
128	rctx->state = OHS_ASN1_WRITE;
129	rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
130	return 1;
131	}
132	LCRYPTO_ALIAS(OCSP_REQ_CTX_set1_req);
133
134	int
135	OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX rctx, const char name,
136	const char *value)
137	{
138	if (!name)
139	return 0;
140	if (BIO_puts(rctx->mem, name) <= 0)
141	return 0;
142	if (value) {
143	if (BIO_write(rctx->mem, ": ", 2) != 2)
144	return 0;
145	if (BIO_puts(rctx->mem, value) <= 0)
146	return 0;
147	}
148	if (BIO_write(rctx->mem, "\r\n", 2) != 2)
149	return 0;
150	return 1;
151	}
152	LCRYPTO_ALIAS(OCSP_REQ_CTX_add1_header);
153
154	OCSP_REQ_CTX *
155	OCSP_sendreq_new(BIO io, const char path, OCSP_REQUEST *req, int maxline)
156	{
157	OCSP_REQ_CTX *rctx;
158
159	rctx = malloc(sizeof(OCSP_REQ_CTX));
160	if (rctx == NULL)
161	return NULL;
162	rctx->state = OHS_ERROR;
163	if ((rctx->mem = BIO_new(BIO_s_mem())) == NULL) {
164	free(rctx);
165	return NULL;
166	}
167	rctx->io = io;
168	rctx->asn1_len = 0;
169	if (maxline > 0)
170	rctx->iobuflen = maxline;
171	else
172	rctx->iobuflen = OCSP_MAX_LINE_LEN;
173	rctx->iobuf = malloc(rctx->iobuflen);
174	if (!rctx->iobuf) {
175	BIO_free(rctx->mem);
176	free(rctx);
177	return NULL;
178	}
179	if (!path)
180	path = "/";
181
182	if (BIO_printf(rctx->mem, "POST %s HTTP/1.0\r\n", path) <= 0) {
183	free(rctx->iobuf);
184	BIO_free(rctx->mem);
185	free(rctx);
186	return NULL;
187	}
188
189	if (req && !OCSP_REQ_CTX_set1_req(rctx, req)) {
190	free(rctx->iobuf);
191	BIO_free(rctx->mem);
192	free(rctx);
193	return NULL;
194	}
195
196	return rctx;
197	}
198	LCRYPTO_ALIAS(OCSP_sendreq_new);
199
200	/* Parse the HTTP response. This will look like this:
201	* "HTTP/1.0 200 OK". We need to obtain the numeric code and
202	* (optional) informational message.
203	*/
204	static int
205	parse_http_line1(char *line)
206	{
207	int retcode;
208	char p, q, *r;
209
210	/* Skip to first white space (passed protocol info) */
211	for (p = line; p && !isspace((unsigned char)p); p++)
212	continue;
213	if (!*p) {
214	OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
215	return 0;
216	}
217
218	/* Skip past white space to start of response code */
219	while (p && isspace((unsigned char)p))
220	p++;
221	if (!*p) {
222	OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
223	return 0;
224	}
225
226	/* Find end of response code: first whitespace after start of code */
227	for (q = p; q && !isspace((unsigned char)q); q++)
228	continue;
229	if (!*q) {
230	OCSPerror(OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
231	return 0;
232	}
233
234	/* Set end of response code and start of message */
235	*q++ = 0;
236
237	/* Attempt to parse numeric code */
238	retcode = strtoul(p, &r, 10);
239
240	if (*r)
241	return 0;
242
243	/* Skip over any leading white space in message */
244	while (q && isspace((unsigned char)q))
245	q++;
246	if (*q) {
247	/* Finally zap any trailing white space in message (include
248	* CRLF) */
249
250	/* We know q has a non white space character so this is OK */
251	for (r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
252	*r = 0;
253	}
254	if (retcode != 200) {
255	OCSPerror(OCSP_R_SERVER_RESPONSE_ERROR);
256	if (!*q)
257	ERR_asprintf_error_data("Code=%s", p);
258	else
259	ERR_asprintf_error_data("Code=%s,Reason=%s", p, q);
260	return 0;
261	}
262
263	return 1;
264	}
265
266	int
267	OCSP_sendreq_nbio(OCSP_RESPONSE *presp, OCSP_REQ_CTX rctx)
268	{
269	int i, n;
270	const unsigned char *p;
271
272	next_io:
273	if (!(rctx->state & OHS_NOREAD)) {
274	n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
275
276	if (n <= 0) {
277	if (BIO_should_retry(rctx->io))
278	return -1;
279	return 0;
280	}
281
282	/* Write data to memory BIO */
283	if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
284	return 0;
285	}
286
287	switch (rctx->state) {
288	case OHS_ASN1_WRITE:
289	n = BIO_get_mem_data(rctx->mem, &p);
290	i = BIO_write(rctx->io,
291	p + (n - rctx->asn1_len), rctx->asn1_len);
292	if (i <= 0) {
293	if (BIO_should_retry(rctx->io))
294	return -1;
295	rctx->state = OHS_ERROR;
296	return 0;
297	}
298
299	rctx->asn1_len -= i;
300	if (rctx->asn1_len > 0)
301	goto next_io;
302
303	rctx->state = OHS_ASN1_FLUSH;
304
305	(void)BIO_reset(rctx->mem);
306	/* FALLTHROUGH */
307
308	case OHS_ASN1_FLUSH:
309	i = BIO_flush(rctx->io);
310	if (i > 0) {
311	rctx->state = OHS_FIRSTLINE;
312	goto next_io;
313	}
314
315	if (BIO_should_retry(rctx->io))
316	return -1;
317
318	rctx->state = OHS_ERROR;
319	return 0;
320
321	case OHS_ERROR:
322	return 0;
323
324	case OHS_FIRSTLINE:
325	case OHS_HEADERS:
326	/* Attempt to read a line in */
327	next_line:
328	/* Due to &%^*$" memory BIO behaviour with BIO_gets we
329	* have to check there's a complete line in there before
330	* calling BIO_gets or we'll just get a partial read.
331	*/
332	n = BIO_get_mem_data(rctx->mem, &p);
333	if ((n <= 0) \|\| !memchr(p, '\n', n)) {
334	if (n >= rctx->iobuflen) {
335	rctx->state = OHS_ERROR;
336	return 0;
337	}
338	goto next_io;
339	}
340	n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
341	if (n <= 0) {
342	if (BIO_should_retry(rctx->mem))
343	goto next_io;
344	rctx->state = OHS_ERROR;
345	return 0;
346	}
347
348	/* Don't allow excessive lines */
349	if (n == rctx->iobuflen) {
350	rctx->state = OHS_ERROR;
351	return 0;
352	}
353
354	/* First line */
355	if (rctx->state == OHS_FIRSTLINE) {
356	if (parse_http_line1((char *)rctx->iobuf)) {
357	rctx->state = OHS_HEADERS;
358	goto next_line;
359	} else {
360	rctx->state = OHS_ERROR;
361	return 0;
362	}
363	} else {
364	/* Look for blank line: end of headers */
365	for (p = rctx->iobuf; *p; p++) {
366	if ((p != '\r') && (p != '\n'))
367	break;
368	}
369	if (*p)
370	goto next_line;
371
372	rctx->state = OHS_ASN1_HEADER;
373	}
374	/* FALLTHROUGH */
375
376	case OHS_ASN1_HEADER:
377	/* Now reading ASN1 header: can read at least 2 bytes which
378	* is enough for ASN1 SEQUENCE header and either length field
379	* or at least the length of the length field.
380	*/
381	n = BIO_get_mem_data(rctx->mem, &p);
382	if (n < 2)
383	goto next_io;
384
385	/* Check it is an ASN1 SEQUENCE */
386	if (*p++ != (V_ASN1_SEQUENCE\|V_ASN1_CONSTRUCTED)) {
387	rctx->state = OHS_ERROR;
388	return 0;
389	}
390
391	/* Check out length field */
392	if (*p & 0x80) {
393	/* If MSB set on initial length octet we can now
394	* always read 6 octets: make sure we have them.
395	*/
396	if (n < 6)
397	goto next_io;
398	n = *p & 0x7F;
399	/* Not NDEF or excessive length */
400	if (!n \|\| (n > 4)) {
401	rctx->state = OHS_ERROR;
402	return 0;
403	}
404	p++;
405	rctx->asn1_len = 0;
406	for (i = 0; i < n; i++) {
407	rctx->asn1_len <<= 8;
408	rctx->asn1_len \|= *p++;
409	}
410
411	if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) {
412	rctx->state = OHS_ERROR;
413	return 0;
414	}
415
416	rctx->asn1_len += n + 2;
417	} else
418	rctx->asn1_len = *p + 2;
419
420	rctx->state = OHS_ASN1_CONTENT;
421
422	/* FALLTHROUGH */
423
424	case OHS_ASN1_CONTENT:
425	n = BIO_get_mem_data(rctx->mem, &p);
426	if (n < (int)rctx->asn1_len)
427	goto next_io;
428
429	*presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
430	if (*presp) {
431	rctx->state = OHS_DONE;
432	return 1;
433	}
434
435	rctx->state = OHS_ERROR;
436	return 0;
437
438	case OHS_DONE:
439	return 1;
440	}
441
442	return 0;
443	}
444	LCRYPTO_ALIAS(OCSP_sendreq_nbio);
445
446	/* Blocking OCSP request handler: now a special case of non-blocking I/O */
447	OCSP_RESPONSE *
448	OCSP_sendreq_bio(BIO b, const char path, OCSP_REQUEST *req)
449	{
450	OCSP_RESPONSE *resp = NULL;
451	OCSP_REQ_CTX *ctx;
452	int rv;
453
454	ctx = OCSP_sendreq_new(b, path, req, -1);
455	if (ctx == NULL)
456	return NULL;
457
458	do {
459	rv = OCSP_sendreq_nbio(&resp, ctx);
460	} while ((rv == -1) && BIO_should_retry(b));
461
462	OCSP_REQ_CTX_free(ctx);
463
464	if (rv)
465	return resp;
466
467	return NULL;
468	}
469	LCRYPTO_ALIAS(OCSP_sendreq_bio);