wolfSSL - wolfSSL SSL/TLS library, support up to TLS1.3

Users » wolfSSL » Code » wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/ocsp.c@11:cee25a834751, 2017-05-30 (annotated)

Committer:: wolfSSL
Date:: Tue May 30 01:44:10 2017 +0000
Revision:: 11:cee25a834751

wolfSSL 3.11.0

Who changed what in which revision?

User	Revision	Line number	New contents of line
wolfSSL	11:cee25a834751	1	/* ocsp.c
wolfSSL	11:cee25a834751	2	*
wolfSSL	11:cee25a834751	3	* Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL	11:cee25a834751	4	*
wolfSSL	11:cee25a834751	5	* This file is part of wolfSSL.
wolfSSL	11:cee25a834751	6	*
wolfSSL	11:cee25a834751	7	* wolfSSL is free software; you can redistribute it and/or modify
wolfSSL	11:cee25a834751	8	* it under the terms of the GNU General Public License as published by
wolfSSL	11:cee25a834751	9	* the Free Software Foundation; either version 2 of the License, or
wolfSSL	11:cee25a834751	10	* (at your option) any later version.
wolfSSL	11:cee25a834751	11	*
wolfSSL	11:cee25a834751	12	* wolfSSL is distributed in the hope that it will be useful,
wolfSSL	11:cee25a834751	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL	11:cee25a834751	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL	11:cee25a834751	15	* GNU General Public License for more details.
wolfSSL	11:cee25a834751	16	*
wolfSSL	11:cee25a834751	17	* You should have received a copy of the GNU General Public License
wolfSSL	11:cee25a834751	18	* along with this program; if not, write to the Free Software
wolfSSL	11:cee25a834751	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL	11:cee25a834751	20	*/
wolfSSL	11:cee25a834751	21
wolfSSL	11:cee25a834751	22
wolfSSL	11:cee25a834751	23	/* Name change compatibility layer no longer needs to be included here */
wolfSSL	11:cee25a834751	24
wolfSSL	11:cee25a834751	25	#ifdef HAVE_CONFIG_H
wolfSSL	11:cee25a834751	26	#include <config.h>
wolfSSL	11:cee25a834751	27	#endif
wolfSSL	11:cee25a834751	28
wolfSSL	11:cee25a834751	29	#include <wolfssl/wolfcrypt/settings.h>
wolfSSL	11:cee25a834751	30
wolfSSL	11:cee25a834751	31	#ifndef WOLFCRYPT_ONLY
wolfSSL	11:cee25a834751	32	#ifdef HAVE_OCSP
wolfSSL	11:cee25a834751	33
wolfSSL	11:cee25a834751	34	#include <wolfssl/error-ssl.h>
wolfSSL	11:cee25a834751	35	#include <wolfssl/ocsp.h>
wolfSSL	11:cee25a834751	36	#include <wolfssl/internal.h>
wolfSSL	11:cee25a834751	37
wolfSSL	11:cee25a834751	38	#ifdef NO_INLINE
wolfSSL	11:cee25a834751	39	#include <wolfssl/wolfcrypt/misc.h>
wolfSSL	11:cee25a834751	40	#else
wolfSSL	11:cee25a834751	41	#define WOLFSSL_MISC_INCLUDED
wolfSSL	11:cee25a834751	42	#include <wolfcrypt/src/misc.c>
wolfSSL	11:cee25a834751	43	#endif
wolfSSL	11:cee25a834751	44
wolfSSL	11:cee25a834751	45
wolfSSL	11:cee25a834751	46	int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm)
wolfSSL	11:cee25a834751	47	{
wolfSSL	11:cee25a834751	48	WOLFSSL_ENTER("InitOCSP");
wolfSSL	11:cee25a834751	49
wolfSSL	11:cee25a834751	50	ForceZero(ocsp, sizeof(WOLFSSL_OCSP));
wolfSSL	11:cee25a834751	51
wolfSSL	11:cee25a834751	52	if (wc_InitMutex(&ocsp->ocspLock) != 0)
wolfSSL	11:cee25a834751	53	return BAD_MUTEX_E;
wolfSSL	11:cee25a834751	54
wolfSSL	11:cee25a834751	55	ocsp->cm = cm;
wolfSSL	11:cee25a834751	56
wolfSSL	11:cee25a834751	57	return 0;
wolfSSL	11:cee25a834751	58	}
wolfSSL	11:cee25a834751	59
wolfSSL	11:cee25a834751	60
wolfSSL	11:cee25a834751	61	static int InitOcspEntry(OcspEntry* entry, OcspRequest* request)
wolfSSL	11:cee25a834751	62	{
wolfSSL	11:cee25a834751	63	WOLFSSL_ENTER("InitOcspEntry");
wolfSSL	11:cee25a834751	64
wolfSSL	11:cee25a834751	65	ForceZero(entry, sizeof(OcspEntry));
wolfSSL	11:cee25a834751	66
wolfSSL	11:cee25a834751	67	XMEMCPY(entry->issuerHash, request->issuerHash, OCSP_DIGEST_SIZE);
wolfSSL	11:cee25a834751	68	XMEMCPY(entry->issuerKeyHash, request->issuerKeyHash, OCSP_DIGEST_SIZE);
wolfSSL	11:cee25a834751	69
wolfSSL	11:cee25a834751	70	return 0;
wolfSSL	11:cee25a834751	71	}
wolfSSL	11:cee25a834751	72
wolfSSL	11:cee25a834751	73
wolfSSL	11:cee25a834751	74	static void FreeOcspEntry(OcspEntry* entry, void* heap)
wolfSSL	11:cee25a834751	75	{
wolfSSL	11:cee25a834751	76	CertStatus status, next;
wolfSSL	11:cee25a834751	77
wolfSSL	11:cee25a834751	78	WOLFSSL_ENTER("FreeOcspEntry");
wolfSSL	11:cee25a834751	79
wolfSSL	11:cee25a834751	80	for (status = entry->status; status; status = next) {
wolfSSL	11:cee25a834751	81	next = status->next;
wolfSSL	11:cee25a834751	82
wolfSSL	11:cee25a834751	83	if (status->rawOcspResponse)
wolfSSL	11:cee25a834751	84	XFREE(status->rawOcspResponse, heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	11:cee25a834751	85
wolfSSL	11:cee25a834751	86	XFREE(status, heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	11:cee25a834751	87	}
wolfSSL	11:cee25a834751	88
wolfSSL	11:cee25a834751	89	(void)heap;
wolfSSL	11:cee25a834751	90	}
wolfSSL	11:cee25a834751	91
wolfSSL	11:cee25a834751	92
wolfSSL	11:cee25a834751	93	void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic)
wolfSSL	11:cee25a834751	94	{
wolfSSL	11:cee25a834751	95	OcspEntry entry, next;
wolfSSL	11:cee25a834751	96
wolfSSL	11:cee25a834751	97	WOLFSSL_ENTER("FreeOCSP");
wolfSSL	11:cee25a834751	98
wolfSSL	11:cee25a834751	99	for (entry = ocsp->ocspList; entry; entry = next) {
wolfSSL	11:cee25a834751	100	next = entry->next;
wolfSSL	11:cee25a834751	101	FreeOcspEntry(entry, ocsp->cm->heap);
wolfSSL	11:cee25a834751	102	XFREE(entry, ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY);
wolfSSL	11:cee25a834751	103	}
wolfSSL	11:cee25a834751	104
wolfSSL	11:cee25a834751	105	wc_FreeMutex(&ocsp->ocspLock);
wolfSSL	11:cee25a834751	106
wolfSSL	11:cee25a834751	107	if (dynamic)
wolfSSL	11:cee25a834751	108	XFREE(ocsp, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
wolfSSL	11:cee25a834751	109
wolfSSL	11:cee25a834751	110	}
wolfSSL	11:cee25a834751	111
wolfSSL	11:cee25a834751	112
wolfSSL	11:cee25a834751	113	static int xstat2err(int st)
wolfSSL	11:cee25a834751	114	{
wolfSSL	11:cee25a834751	115	switch (st) {
wolfSSL	11:cee25a834751	116	case CERT_GOOD:
wolfSSL	11:cee25a834751	117	return 0;
wolfSSL	11:cee25a834751	118	case CERT_REVOKED:
wolfSSL	11:cee25a834751	119	return OCSP_CERT_REVOKED;
wolfSSL	11:cee25a834751	120	default:
wolfSSL	11:cee25a834751	121	return OCSP_CERT_UNKNOWN;
wolfSSL	11:cee25a834751	122	}
wolfSSL	11:cee25a834751	123	}
wolfSSL	11:cee25a834751	124
wolfSSL	11:cee25a834751	125
wolfSSL	11:cee25a834751	126	int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert, buffer* responseBuffer)
wolfSSL	11:cee25a834751	127	{
wolfSSL	11:cee25a834751	128	int ret = OCSP_LOOKUP_FAIL;
wolfSSL	11:cee25a834751	129
wolfSSL	11:cee25a834751	130	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	11:cee25a834751	131	OcspRequest* ocspRequest;
wolfSSL	11:cee25a834751	132	#else
wolfSSL	11:cee25a834751	133	OcspRequest ocspRequest[1];
wolfSSL	11:cee25a834751	134	#endif
wolfSSL	11:cee25a834751	135
wolfSSL	11:cee25a834751	136	WOLFSSL_ENTER("CheckCertOCSP");
wolfSSL	11:cee25a834751	137
wolfSSL	11:cee25a834751	138
wolfSSL	11:cee25a834751	139	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	11:cee25a834751	140	ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
wolfSSL	11:cee25a834751	141	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	142	if (ocspRequest == NULL) {
wolfSSL	11:cee25a834751	143	WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
wolfSSL	11:cee25a834751	144	return MEMORY_E;
wolfSSL	11:cee25a834751	145	}
wolfSSL	11:cee25a834751	146	#endif
wolfSSL	11:cee25a834751	147
wolfSSL	11:cee25a834751	148	if (InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce,
wolfSSL	11:cee25a834751	149	ocsp->cm->heap) == 0) {
wolfSSL	11:cee25a834751	150	ret = CheckOcspRequest(ocsp, ocspRequest, responseBuffer);
wolfSSL	11:cee25a834751	151
wolfSSL	11:cee25a834751	152	FreeOcspRequest(ocspRequest);
wolfSSL	11:cee25a834751	153	}
wolfSSL	11:cee25a834751	154
wolfSSL	11:cee25a834751	155	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	11:cee25a834751	156	XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	157	#endif
wolfSSL	11:cee25a834751	158
wolfSSL	11:cee25a834751	159	WOLFSSL_LEAVE("CheckCertOCSP", ret);
wolfSSL	11:cee25a834751	160	return ret;
wolfSSL	11:cee25a834751	161	}
wolfSSL	11:cee25a834751	162
wolfSSL	11:cee25a834751	163	static int GetOcspEntry(WOLFSSL_OCSP* ocsp, OcspRequest* request,
wolfSSL	11:cee25a834751	164	OcspEntry** entry)
wolfSSL	11:cee25a834751	165	{
wolfSSL	11:cee25a834751	166	WOLFSSL_ENTER("GetOcspEntry");
wolfSSL	11:cee25a834751	167
wolfSSL	11:cee25a834751	168	*entry = NULL;
wolfSSL	11:cee25a834751	169
wolfSSL	11:cee25a834751	170	if (wc_LockMutex(&ocsp->ocspLock) != 0) {
wolfSSL	11:cee25a834751	171	WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
wolfSSL	11:cee25a834751	172	return BAD_MUTEX_E;
wolfSSL	11:cee25a834751	173	}
wolfSSL	11:cee25a834751	174
wolfSSL	11:cee25a834751	175	for (entry = ocsp->ocspList; entry; entry = (entry)->next)
wolfSSL	11:cee25a834751	176	if (XMEMCMP((*entry)->issuerHash, request->issuerHash,
wolfSSL	11:cee25a834751	177	OCSP_DIGEST_SIZE) == 0
wolfSSL	11:cee25a834751	178	&& XMEMCMP((*entry)->issuerKeyHash, request->issuerKeyHash,
wolfSSL	11:cee25a834751	179	OCSP_DIGEST_SIZE) == 0)
wolfSSL	11:cee25a834751	180	break;
wolfSSL	11:cee25a834751	181
wolfSSL	11:cee25a834751	182	if (*entry == NULL) {
wolfSSL	11:cee25a834751	183	entry = (OcspEntry)XMALLOC(sizeof(OcspEntry),
wolfSSL	11:cee25a834751	184	ocsp->cm->heap, DYNAMIC_TYPE_OCSP_ENTRY);
wolfSSL	11:cee25a834751	185	if (*entry) {
wolfSSL	11:cee25a834751	186	InitOcspEntry(*entry, request);
wolfSSL	11:cee25a834751	187	(*entry)->next = ocsp->ocspList;
wolfSSL	11:cee25a834751	188	ocsp->ocspList = *entry;
wolfSSL	11:cee25a834751	189	}
wolfSSL	11:cee25a834751	190	}
wolfSSL	11:cee25a834751	191
wolfSSL	11:cee25a834751	192	wc_UnLockMutex(&ocsp->ocspLock);
wolfSSL	11:cee25a834751	193
wolfSSL	11:cee25a834751	194	return *entry ? 0 : MEMORY_ERROR;
wolfSSL	11:cee25a834751	195	}
wolfSSL	11:cee25a834751	196
wolfSSL	11:cee25a834751	197
wolfSSL	11:cee25a834751	198	static int GetOcspStatus(WOLFSSL_OCSP* ocsp, OcspRequest* request,
wolfSSL	11:cee25a834751	199	OcspEntry* entry, CertStatus** status, buffer* responseBuffer)
wolfSSL	11:cee25a834751	200	{
wolfSSL	11:cee25a834751	201	int ret = OCSP_INVALID_STATUS;
wolfSSL	11:cee25a834751	202
wolfSSL	11:cee25a834751	203	WOLFSSL_ENTER("GetOcspStatus");
wolfSSL	11:cee25a834751	204
wolfSSL	11:cee25a834751	205	*status = NULL;
wolfSSL	11:cee25a834751	206
wolfSSL	11:cee25a834751	207	if (wc_LockMutex(&ocsp->ocspLock) != 0) {
wolfSSL	11:cee25a834751	208	WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E);
wolfSSL	11:cee25a834751	209	return BAD_MUTEX_E;
wolfSSL	11:cee25a834751	210	}
wolfSSL	11:cee25a834751	211
wolfSSL	11:cee25a834751	212	for (status = entry->status; status; status = (status)->next)
wolfSSL	11:cee25a834751	213	if ((*status)->serialSz == request->serialSz
wolfSSL	11:cee25a834751	214	&& !XMEMCMP((status)->serial, request->serial, (status)->serialSz))
wolfSSL	11:cee25a834751	215	break;
wolfSSL	11:cee25a834751	216
wolfSSL	11:cee25a834751	217	if (responseBuffer && status && !(status)->rawOcspResponse) {
wolfSSL	11:cee25a834751	218	/* force fetching again */
wolfSSL	11:cee25a834751	219	ret = OCSP_INVALID_STATUS;
wolfSSL	11:cee25a834751	220	}
wolfSSL	11:cee25a834751	221	else if (*status) {
wolfSSL	11:cee25a834751	222	#ifndef NO_ASN_TIME
wolfSSL	11:cee25a834751	223	if (ValidateDate((status)->thisDate, (status)->thisDateFormat, BEFORE)
wolfSSL	11:cee25a834751	224	&& ((*status)->nextDate[0] != 0)
wolfSSL	11:cee25a834751	225	&& ValidateDate((status)->nextDate, (status)->nextDateFormat, AFTER))
wolfSSL	11:cee25a834751	226	#endif
wolfSSL	11:cee25a834751	227	{
wolfSSL	11:cee25a834751	228	ret = xstat2err((*status)->status);
wolfSSL	11:cee25a834751	229
wolfSSL	11:cee25a834751	230	if (responseBuffer) {
wolfSSL	11:cee25a834751	231	responseBuffer->buffer = (byte*)XMALLOC(
wolfSSL	11:cee25a834751	232	(*status)->rawOcspResponseSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	233
wolfSSL	11:cee25a834751	234	if (responseBuffer->buffer) {
wolfSSL	11:cee25a834751	235	responseBuffer->length = (*status)->rawOcspResponseSz;
wolfSSL	11:cee25a834751	236	XMEMCPY(responseBuffer->buffer,
wolfSSL	11:cee25a834751	237	(*status)->rawOcspResponse,
wolfSSL	11:cee25a834751	238	(*status)->rawOcspResponseSz);
wolfSSL	11:cee25a834751	239	}
wolfSSL	11:cee25a834751	240	}
wolfSSL	11:cee25a834751	241	}
wolfSSL	11:cee25a834751	242	}
wolfSSL	11:cee25a834751	243
wolfSSL	11:cee25a834751	244	wc_UnLockMutex(&ocsp->ocspLock);
wolfSSL	11:cee25a834751	245
wolfSSL	11:cee25a834751	246	return ret;
wolfSSL	11:cee25a834751	247	}
wolfSSL	11:cee25a834751	248
wolfSSL	11:cee25a834751	249	/* Check that the response for validity. Store result in status.
wolfSSL	11:cee25a834751	250	*
wolfSSL	11:cee25a834751	251	* ocsp Context object for OCSP status.
wolfSSL	11:cee25a834751	252	* response OCSP response message data.
wolfSSL	11:cee25a834751	253	* responseSz Length of OCSP response message data.
wolfSSL	11:cee25a834751	254	* reponseBuffer Buffer object to return the response with.
wolfSSL	11:cee25a834751	255	* status The certificate status object.
wolfSSL	11:cee25a834751	256	* entry The OCSP entry for this certificate.
wolfSSL	11:cee25a834751	257	* returns OCSP_LOOKUP_FAIL when the response is bad and 0 otherwise.
wolfSSL	11:cee25a834751	258	*/
wolfSSL	11:cee25a834751	259	static int CheckResponse(WOLFSSL_OCSP* ocsp, byte* response, int responseSz,
wolfSSL	11:cee25a834751	260	buffer* responseBuffer, CertStatus* status,
wolfSSL	11:cee25a834751	261	OcspEntry* entry, OcspRequest* ocspRequest)
wolfSSL	11:cee25a834751	262	{
wolfSSL	11:cee25a834751	263	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	11:cee25a834751	264	CertStatus* newStatus;
wolfSSL	11:cee25a834751	265	OcspResponse* ocspResponse;
wolfSSL	11:cee25a834751	266	#else
wolfSSL	11:cee25a834751	267	CertStatus newStatus[1];
wolfSSL	11:cee25a834751	268	OcspResponse ocspResponse[1];
wolfSSL	11:cee25a834751	269	#endif
wolfSSL	11:cee25a834751	270	int ret;
wolfSSL	11:cee25a834751	271	int validated = 0; /* ocsp validation flag */
wolfSSL	11:cee25a834751	272
wolfSSL	11:cee25a834751	273	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	11:cee25a834751	274	newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL	11:cee25a834751	275	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	276	ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
wolfSSL	11:cee25a834751	277	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	278
wolfSSL	11:cee25a834751	279	if (newStatus == NULL \|\| ocspResponse == NULL) {
wolfSSL	11:cee25a834751	280	if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	281	if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	282
wolfSSL	11:cee25a834751	283	WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
wolfSSL	11:cee25a834751	284	return MEMORY_E;
wolfSSL	11:cee25a834751	285	}
wolfSSL	11:cee25a834751	286	#endif
wolfSSL	11:cee25a834751	287	XMEMSET(newStatus, 0, sizeof(CertStatus));
wolfSSL	11:cee25a834751	288
wolfSSL	11:cee25a834751	289	InitOcspResponse(ocspResponse, newStatus, response, responseSz);
wolfSSL	11:cee25a834751	290	ret = OcspResponseDecode(ocspResponse, ocsp->cm, ocsp->cm->heap, 0);
wolfSSL	11:cee25a834751	291	if (ret != 0) {
wolfSSL	11:cee25a834751	292	WOLFSSL_MSG("OcspResponseDecode failed");
wolfSSL	11:cee25a834751	293	goto end;
wolfSSL	11:cee25a834751	294	}
wolfSSL	11:cee25a834751	295
wolfSSL	11:cee25a834751	296	if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) {
wolfSSL	11:cee25a834751	297	WOLFSSL_MSG("OcspResponse status bad");
wolfSSL	11:cee25a834751	298	goto end;
wolfSSL	11:cee25a834751	299	}
wolfSSL	11:cee25a834751	300	if (ocspRequest != NULL) {
wolfSSL	11:cee25a834751	301	ret = CompareOcspReqResp(ocspRequest, ocspResponse);
wolfSSL	11:cee25a834751	302	if (ret != 0) {
wolfSSL	11:cee25a834751	303	goto end;
wolfSSL	11:cee25a834751	304	}
wolfSSL	11:cee25a834751	305	}
wolfSSL	11:cee25a834751	306
wolfSSL	11:cee25a834751	307	if (responseBuffer) {
wolfSSL	11:cee25a834751	308	responseBuffer->buffer = (byte*)XMALLOC(responseSz, ocsp->cm->heap,
wolfSSL	11:cee25a834751	309	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	310
wolfSSL	11:cee25a834751	311	if (responseBuffer->buffer) {
wolfSSL	11:cee25a834751	312	responseBuffer->length = responseSz;
wolfSSL	11:cee25a834751	313	XMEMCPY(responseBuffer->buffer, response, responseSz);
wolfSSL	11:cee25a834751	314	}
wolfSSL	11:cee25a834751	315	}
wolfSSL	11:cee25a834751	316
wolfSSL	11:cee25a834751	317	ret = xstat2err(ocspResponse->status->status);
wolfSSL	11:cee25a834751	318	if (ret == 0) {
wolfSSL	11:cee25a834751	319	validated = 1;
wolfSSL	11:cee25a834751	320	}
wolfSSL	11:cee25a834751	321
wolfSSL	11:cee25a834751	322	if (wc_LockMutex(&ocsp->ocspLock) != 0) {
wolfSSL	11:cee25a834751	323	ret = BAD_MUTEX_E;
wolfSSL	11:cee25a834751	324	goto end;
wolfSSL	11:cee25a834751	325	}
wolfSSL	11:cee25a834751	326
wolfSSL	11:cee25a834751	327	if (status != NULL) {
wolfSSL	11:cee25a834751	328	if (status->rawOcspResponse) {
wolfSSL	11:cee25a834751	329	XFREE(status->rawOcspResponse, ocsp->cm->heap,
wolfSSL	11:cee25a834751	330	DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	11:cee25a834751	331	}
wolfSSL	11:cee25a834751	332
wolfSSL	11:cee25a834751	333	/* Replace existing certificate entry with updated */
wolfSSL	11:cee25a834751	334	XMEMCPY(status, newStatus, sizeof(CertStatus));
wolfSSL	11:cee25a834751	335	}
wolfSSL	11:cee25a834751	336	else {
wolfSSL	11:cee25a834751	337	/* Save new certificate entry */
wolfSSL	11:cee25a834751	338	status = (CertStatus*)XMALLOC(sizeof(CertStatus),
wolfSSL	11:cee25a834751	339	ocsp->cm->heap, DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	11:cee25a834751	340	if (status != NULL) {
wolfSSL	11:cee25a834751	341	XMEMCPY(status, newStatus, sizeof(CertStatus));
wolfSSL	11:cee25a834751	342	status->next = entry->status;
wolfSSL	11:cee25a834751	343	entry->status = status;
wolfSSL	11:cee25a834751	344	entry->totalStatus++;
wolfSSL	11:cee25a834751	345	}
wolfSSL	11:cee25a834751	346	}
wolfSSL	11:cee25a834751	347
wolfSSL	11:cee25a834751	348	if (status && responseBuffer && responseBuffer->buffer) {
wolfSSL	11:cee25a834751	349	status->rawOcspResponse = (byte*)XMALLOC(responseBuffer->length,
wolfSSL	11:cee25a834751	350	ocsp->cm->heap,
wolfSSL	11:cee25a834751	351	DYNAMIC_TYPE_OCSP_STATUS);
wolfSSL	11:cee25a834751	352
wolfSSL	11:cee25a834751	353	if (status->rawOcspResponse) {
wolfSSL	11:cee25a834751	354	status->rawOcspResponseSz = responseBuffer->length;
wolfSSL	11:cee25a834751	355	XMEMCPY(status->rawOcspResponse, responseBuffer->buffer,
wolfSSL	11:cee25a834751	356	responseBuffer->length);
wolfSSL	11:cee25a834751	357	}
wolfSSL	11:cee25a834751	358	}
wolfSSL	11:cee25a834751	359
wolfSSL	11:cee25a834751	360	wc_UnLockMutex(&ocsp->ocspLock);
wolfSSL	11:cee25a834751	361
wolfSSL	11:cee25a834751	362	end:
wolfSSL	11:cee25a834751	363	if (ret == 0 && validated == 1) {
wolfSSL	11:cee25a834751	364	WOLFSSL_MSG("New OcspResponse validated");
wolfSSL	11:cee25a834751	365	} else if (ret != OCSP_CERT_REVOKED) {
wolfSSL	11:cee25a834751	366	ret = OCSP_LOOKUP_FAIL;
wolfSSL	11:cee25a834751	367	}
wolfSSL	11:cee25a834751	368
wolfSSL	11:cee25a834751	369	#ifdef WOLFSSL_SMALL_STACK
wolfSSL	11:cee25a834751	370	XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	371	XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	372	#endif
wolfSSL	11:cee25a834751	373	return ret;
wolfSSL	11:cee25a834751	374	}
wolfSSL	11:cee25a834751	375
wolfSSL	11:cee25a834751	376	/* 0 on success */
wolfSSL	11:cee25a834751	377	int CheckOcspRequest(WOLFSSL_OCSP* ocsp, OcspRequest* ocspRequest,
wolfSSL	11:cee25a834751	378	buffer* responseBuffer)
wolfSSL	11:cee25a834751	379	{
wolfSSL	11:cee25a834751	380	OcspEntry* entry = NULL;
wolfSSL	11:cee25a834751	381	CertStatus* status = NULL;
wolfSSL	11:cee25a834751	382	byte* request = NULL;
wolfSSL	11:cee25a834751	383	int requestSz = 2048;
wolfSSL	11:cee25a834751	384	int responseSz = 0;
wolfSSL	11:cee25a834751	385	byte* response = NULL;
wolfSSL	11:cee25a834751	386	const char* url = NULL;
wolfSSL	11:cee25a834751	387	int urlSz = 0;
wolfSSL	11:cee25a834751	388	int ret = -1;
wolfSSL	11:cee25a834751	389
wolfSSL	11:cee25a834751	390	WOLFSSL_ENTER("CheckOcspRequest");
wolfSSL	11:cee25a834751	391
wolfSSL	11:cee25a834751	392	if (responseBuffer) {
wolfSSL	11:cee25a834751	393	responseBuffer->buffer = NULL;
wolfSSL	11:cee25a834751	394	responseBuffer->length = 0;
wolfSSL	11:cee25a834751	395	}
wolfSSL	11:cee25a834751	396
wolfSSL	11:cee25a834751	397	ret = GetOcspEntry(ocsp, ocspRequest, &entry);
wolfSSL	11:cee25a834751	398	if (ret != 0)
wolfSSL	11:cee25a834751	399	return ret;
wolfSSL	11:cee25a834751	400
wolfSSL	11:cee25a834751	401	ret = GetOcspStatus(ocsp, ocspRequest, entry, &status, responseBuffer);
wolfSSL	11:cee25a834751	402	if (ret != OCSP_INVALID_STATUS)
wolfSSL	11:cee25a834751	403	return ret;
wolfSSL	11:cee25a834751	404
wolfSSL	11:cee25a834751	405	#if defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	406	if (ocsp->statusCb != NULL && ocspRequest->ssl != NULL) {
wolfSSL	11:cee25a834751	407	ret = ocsp->statusCb((WOLFSSL*)ocspRequest->ssl, ocsp->cm->ocspIOCtx);
wolfSSL	11:cee25a834751	408	if (ret == 0) {
wolfSSL	11:cee25a834751	409	ret = wolfSSL_get_ocsp_response((WOLFSSL*)ocspRequest->ssl,
wolfSSL	11:cee25a834751	410	&response);
wolfSSL	11:cee25a834751	411	ret = CheckResponse(ocsp, response, ret, responseBuffer, status,
wolfSSL	11:cee25a834751	412	entry, NULL);
wolfSSL	11:cee25a834751	413	if (response != NULL)
wolfSSL	11:cee25a834751	414	XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	415	return ret;
wolfSSL	11:cee25a834751	416	}
wolfSSL	11:cee25a834751	417	return OCSP_LOOKUP_FAIL;
wolfSSL	11:cee25a834751	418	}
wolfSSL	11:cee25a834751	419	#endif
wolfSSL	11:cee25a834751	420
wolfSSL	11:cee25a834751	421	if (ocsp->cm->ocspUseOverrideURL) {
wolfSSL	11:cee25a834751	422	url = ocsp->cm->ocspOverrideURL;
wolfSSL	11:cee25a834751	423	if (url != NULL && url[0] != '\0')
wolfSSL	11:cee25a834751	424	urlSz = (int)XSTRLEN(url);
wolfSSL	11:cee25a834751	425	else
wolfSSL	11:cee25a834751	426	return OCSP_NEED_URL;
wolfSSL	11:cee25a834751	427	}
wolfSSL	11:cee25a834751	428	else if (ocspRequest->urlSz != 0 && ocspRequest->url != NULL) {
wolfSSL	11:cee25a834751	429	url = (const char *)ocspRequest->url;
wolfSSL	11:cee25a834751	430	urlSz = ocspRequest->urlSz;
wolfSSL	11:cee25a834751	431	}
wolfSSL	11:cee25a834751	432	else {
wolfSSL	11:cee25a834751	433	/* cert doesn't have extAuthInfo, assuming CERT_GOOD */
wolfSSL	11:cee25a834751	434	return 0;
wolfSSL	11:cee25a834751	435	}
wolfSSL	11:cee25a834751	436
wolfSSL	11:cee25a834751	437	request = (byte*)XMALLOC(requestSz, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
wolfSSL	11:cee25a834751	438	if (request == NULL) {
wolfSSL	11:cee25a834751	439	WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR);
wolfSSL	11:cee25a834751	440	return MEMORY_ERROR;
wolfSSL	11:cee25a834751	441	}
wolfSSL	11:cee25a834751	442
wolfSSL	11:cee25a834751	443	requestSz = EncodeOcspRequest(ocspRequest, request, requestSz);
wolfSSL	11:cee25a834751	444	if (requestSz > 0 && ocsp->cm->ocspIOCb) {
wolfSSL	11:cee25a834751	445	responseSz = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz,
wolfSSL	11:cee25a834751	446	request, requestSz, &response);
wolfSSL	11:cee25a834751	447	}
wolfSSL	11:cee25a834751	448
wolfSSL	11:cee25a834751	449	XFREE(request, ocsp->cm->heap, DYNAMIC_TYPE_OCSP);
wolfSSL	11:cee25a834751	450
wolfSSL	11:cee25a834751	451	if (responseSz >= 0 && response) {
wolfSSL	11:cee25a834751	452	ret = CheckResponse(ocsp, response, responseSz, responseBuffer, status,
wolfSSL	11:cee25a834751	453	entry, ocspRequest);
wolfSSL	11:cee25a834751	454	}
wolfSSL	11:cee25a834751	455
wolfSSL	11:cee25a834751	456	if (response != NULL && ocsp->cm->ocspRespFreeCb)
wolfSSL	11:cee25a834751	457	ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, response);
wolfSSL	11:cee25a834751	458
wolfSSL	11:cee25a834751	459	WOLFSSL_LEAVE("CheckOcspRequest", ret);
wolfSSL	11:cee25a834751	460	return ret;
wolfSSL	11:cee25a834751	461	}
wolfSSL	11:cee25a834751	462
wolfSSL	11:cee25a834751	463	#if defined(WOLFSSL_NGINX) \|\| defined(WOLFSSL_HAPROXY)
wolfSSL	11:cee25a834751	464
wolfSSL	11:cee25a834751	465	int wolfSSL_OCSP_resp_find_status(WOLFSSL_OCSP_BASICRESP *bs,
wolfSSL	11:cee25a834751	466	WOLFSSL_OCSP_CERTID* id, int* status, int* reason,
wolfSSL	11:cee25a834751	467	WOLFSSL_ASN1_TIME revtime, WOLFSSL_ASN1_TIME thisupd,
wolfSSL	11:cee25a834751	468	WOLFSSL_ASN1_TIME** nextupd)
wolfSSL	11:cee25a834751	469	{
wolfSSL	11:cee25a834751	470	if (bs == NULL \|\| id == NULL)
wolfSSL	11:cee25a834751	471	return SSL_FAILURE;
wolfSSL	11:cee25a834751	472
wolfSSL	11:cee25a834751	473	/* Only supporting one certificate status in asn.c. */
wolfSSL	11:cee25a834751	474	if (CompareOcspReqResp(id, bs) != 0)
wolfSSL	11:cee25a834751	475	return SSL_FAILURE;
wolfSSL	11:cee25a834751	476
wolfSSL	11:cee25a834751	477	if (status != NULL)
wolfSSL	11:cee25a834751	478	*status = bs->status->status;
wolfSSL	11:cee25a834751	479	if (thisupd != NULL)
wolfSSL	11:cee25a834751	480	thisupd = (WOLFSSL_ASN1_TIME)bs->status->thisDateAsn;
wolfSSL	11:cee25a834751	481	if (nextupd != NULL)
wolfSSL	11:cee25a834751	482	nextupd = (WOLFSSL_ASN1_TIME)bs->status->nextDateAsn;
wolfSSL	11:cee25a834751	483
wolfSSL	11:cee25a834751	484	/* TODO: Not needed for Nginx. */
wolfSSL	11:cee25a834751	485	if (reason != NULL)
wolfSSL	11:cee25a834751	486	*reason = 0;
wolfSSL	11:cee25a834751	487	if (revtime != NULL)
wolfSSL	11:cee25a834751	488	*revtime = NULL;
wolfSSL	11:cee25a834751	489
wolfSSL	11:cee25a834751	490	return SSL_SUCCESS;
wolfSSL	11:cee25a834751	491	}
wolfSSL	11:cee25a834751	492
wolfSSL	11:cee25a834751	493	const char *wolfSSL_OCSP_cert_status_str(long s)
wolfSSL	11:cee25a834751	494	{
wolfSSL	11:cee25a834751	495	switch (s) {
wolfSSL	11:cee25a834751	496	case CERT_GOOD:
wolfSSL	11:cee25a834751	497	return "good";
wolfSSL	11:cee25a834751	498	case CERT_REVOKED:
wolfSSL	11:cee25a834751	499	return "revoked";
wolfSSL	11:cee25a834751	500	case CERT_UNKNOWN:
wolfSSL	11:cee25a834751	501	return "unknown";
wolfSSL	11:cee25a834751	502	default:
wolfSSL	11:cee25a834751	503	return "(UNKNOWN)";
wolfSSL	11:cee25a834751	504	}
wolfSSL	11:cee25a834751	505	}
wolfSSL	11:cee25a834751	506
wolfSSL	11:cee25a834751	507	int wolfSSL_OCSP_check_validity(WOLFSSL_ASN1_TIME* thisupd,
wolfSSL	11:cee25a834751	508	WOLFSSL_ASN1_TIME* nextupd, long sec, long maxsec)
wolfSSL	11:cee25a834751	509	{
wolfSSL	11:cee25a834751	510	(void)thisupd;
wolfSSL	11:cee25a834751	511	(void)nextupd;
wolfSSL	11:cee25a834751	512	(void)sec;
wolfSSL	11:cee25a834751	513	(void)maxsec;
wolfSSL	11:cee25a834751	514	/* Dates validated in DecodeSingleResponse. */
wolfSSL	11:cee25a834751	515	return SSL_SUCCESS;
wolfSSL	11:cee25a834751	516	}
wolfSSL	11:cee25a834751	517
wolfSSL	11:cee25a834751	518	void wolfSSL_OCSP_CERTID_free(WOLFSSL_OCSP_CERTID* certId)
wolfSSL	11:cee25a834751	519	{
wolfSSL	11:cee25a834751	520	FreeOcspRequest(certId);
wolfSSL	11:cee25a834751	521	XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	522	}
wolfSSL	11:cee25a834751	523
wolfSSL	11:cee25a834751	524	WOLFSSL_OCSP_CERTID* wolfSSL_OCSP_cert_to_id(
wolfSSL	11:cee25a834751	525	const WOLFSSL_EVP_MD dgst, const WOLFSSL_X509 subject,
wolfSSL	11:cee25a834751	526	const WOLFSSL_X509 *issuer)
wolfSSL	11:cee25a834751	527	{
wolfSSL	11:cee25a834751	528	WOLFSSL_OCSP_CERTID* certId;
wolfSSL	11:cee25a834751	529	DecodedCert cert;
wolfSSL	11:cee25a834751	530	WOLFSSL_CERT_MANAGER* cm;
wolfSSL	11:cee25a834751	531	int ret;
wolfSSL	11:cee25a834751	532	DerBuffer* derCert = NULL;
wolfSSL	11:cee25a834751	533
wolfSSL	11:cee25a834751	534	(void)dgst;
wolfSSL	11:cee25a834751	535
wolfSSL	11:cee25a834751	536	cm = wolfSSL_CertManagerNew();
wolfSSL	11:cee25a834751	537	if (cm == NULL)
wolfSSL	11:cee25a834751	538	return NULL;
wolfSSL	11:cee25a834751	539
wolfSSL	11:cee25a834751	540	ret = AllocDer(&derCert, issuer->derCert->length,
wolfSSL	11:cee25a834751	541	issuer->derCert->type, NULL);
wolfSSL	11:cee25a834751	542	if (ret == 0) {
wolfSSL	11:cee25a834751	543	/* AddCA() frees the buffer. */
wolfSSL	11:cee25a834751	544	XMEMCPY(derCert->buffer, issuer->derCert->buffer,
wolfSSL	11:cee25a834751	545	issuer->derCert->length);
wolfSSL	11:cee25a834751	546	AddCA(cm, &derCert, WOLFSSL_USER_CA, 1);
wolfSSL	11:cee25a834751	547	}
wolfSSL	11:cee25a834751	548
wolfSSL	11:cee25a834751	549	certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(WOLFSSL_OCSP_CERTID), NULL,
wolfSSL	11:cee25a834751	550	DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	551	if (certId != NULL) {
wolfSSL	11:cee25a834751	552	InitDecodedCert(&cert, subject->derCert->buffer,
wolfSSL	11:cee25a834751	553	subject->derCert->length, NULL);
wolfSSL	11:cee25a834751	554	if (ParseCertRelative(&cert, CERT_TYPE, VERIFY_OCSP, cm) != 0) {
wolfSSL	11:cee25a834751	555	XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	556	certId = NULL;
wolfSSL	11:cee25a834751	557	}
wolfSSL	11:cee25a834751	558	else {
wolfSSL	11:cee25a834751	559	ret = InitOcspRequest(certId, &cert, 0, NULL);
wolfSSL	11:cee25a834751	560	if (ret != 0) {
wolfSSL	11:cee25a834751	561	XFREE(certId, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	562	certId = NULL;
wolfSSL	11:cee25a834751	563	}
wolfSSL	11:cee25a834751	564	}
wolfSSL	11:cee25a834751	565	FreeDecodedCert(&cert);
wolfSSL	11:cee25a834751	566	}
wolfSSL	11:cee25a834751	567
wolfSSL	11:cee25a834751	568	wolfSSL_CertManagerFree(cm);
wolfSSL	11:cee25a834751	569
wolfSSL	11:cee25a834751	570	return certId;
wolfSSL	11:cee25a834751	571	}
wolfSSL	11:cee25a834751	572
wolfSSL	11:cee25a834751	573	void wolfSSL_OCSP_BASICRESP_free(WOLFSSL_OCSP_BASICRESP* basicResponse)
wolfSSL	11:cee25a834751	574	{
wolfSSL	11:cee25a834751	575	wolfSSL_OCSP_RESPONSE_free(basicResponse);
wolfSSL	11:cee25a834751	576	}
wolfSSL	11:cee25a834751	577
wolfSSL	11:cee25a834751	578	/* Signature verified in DecodeBasicOcspResponse.
wolfSSL	11:cee25a834751	579	* But no store available to verify certificate. */
wolfSSL	11:cee25a834751	580	int wolfSSL_OCSP_basic_verify(WOLFSSL_OCSP_BASICRESP *bs,
wolfSSL	11:cee25a834751	581	STACK_OF(WOLFSSL_X509) certs, WOLFSSL_X509_STORE st, unsigned long flags)
wolfSSL	11:cee25a834751	582	{
wolfSSL	11:cee25a834751	583	DecodedCert cert;
wolfSSL	11:cee25a834751	584	int ret = SSL_SUCCESS;
wolfSSL	11:cee25a834751	585
wolfSSL	11:cee25a834751	586	(void)certs;
wolfSSL	11:cee25a834751	587
wolfSSL	11:cee25a834751	588	if (flags & OCSP_NOVERIFY)
wolfSSL	11:cee25a834751	589	return SSL_SUCCESS;
wolfSSL	11:cee25a834751	590
wolfSSL	11:cee25a834751	591	InitDecodedCert(&cert, bs->cert, bs->certSz, NULL);
wolfSSL	11:cee25a834751	592	if (ParseCertRelative(&cert, CERT_TYPE, VERIFY, st->cm) < 0)
wolfSSL	11:cee25a834751	593	ret = SSL_FAILURE;
wolfSSL	11:cee25a834751	594	FreeDecodedCert(&cert);
wolfSSL	11:cee25a834751	595
wolfSSL	11:cee25a834751	596	return ret;
wolfSSL	11:cee25a834751	597	}
wolfSSL	11:cee25a834751	598
wolfSSL	11:cee25a834751	599	void wolfSSL_OCSP_RESPONSE_free(OcspResponse* response)
wolfSSL	11:cee25a834751	600	{
wolfSSL	11:cee25a834751	601	if (response->status != NULL)
wolfSSL	11:cee25a834751	602	XFREE(response->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	603	if (response->source != NULL)
wolfSSL	11:cee25a834751	604	XFREE(response->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	605	XFREE(response, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	606	}
wolfSSL	11:cee25a834751	607
wolfSSL	11:cee25a834751	608	OcspResponse* wolfSSL_d2i_OCSP_RESPONSE_bio(WOLFSSL_BIO* bio,
wolfSSL	11:cee25a834751	609	OcspResponse** response)
wolfSSL	11:cee25a834751	610	{
wolfSSL	11:cee25a834751	611	byte* data;
wolfSSL	11:cee25a834751	612	byte* p;
wolfSSL	11:cee25a834751	613	int len;
wolfSSL	11:cee25a834751	614	int dataAlloced = 0;
wolfSSL	11:cee25a834751	615	OcspResponse* ret = NULL;
wolfSSL	11:cee25a834751	616
wolfSSL	11:cee25a834751	617	if (bio == NULL)
wolfSSL	11:cee25a834751	618	return NULL;
wolfSSL	11:cee25a834751	619
wolfSSL	11:cee25a834751	620	if (bio->type == BIO_MEMORY) {
wolfSSL	11:cee25a834751	621	len = wolfSSL_BIO_get_mem_data(bio, &data);
wolfSSL	11:cee25a834751	622	if (len <= 0 \|\| data == NULL) {
wolfSSL	11:cee25a834751	623	return NULL;
wolfSSL	11:cee25a834751	624	}
wolfSSL	11:cee25a834751	625	}
wolfSSL	11:cee25a834751	626	else if (bio->type == BIO_FILE) {
wolfSSL	11:cee25a834751	627	long i;
wolfSSL	11:cee25a834751	628	long l;
wolfSSL	11:cee25a834751	629
wolfSSL	11:cee25a834751	630	i = XFTELL(bio->file);
wolfSSL	11:cee25a834751	631	if (i < 0)
wolfSSL	11:cee25a834751	632	return NULL;
wolfSSL	11:cee25a834751	633	XFSEEK(bio->file, 0, SEEK_END);
wolfSSL	11:cee25a834751	634	l = XFTELL(bio->file);
wolfSSL	11:cee25a834751	635	if (l < 0)
wolfSSL	11:cee25a834751	636	return NULL;
wolfSSL	11:cee25a834751	637	XFSEEK(bio->file, i, SEEK_SET);
wolfSSL	11:cee25a834751	638
wolfSSL	11:cee25a834751	639	/* check calulated length */
wolfSSL	11:cee25a834751	640	if (l - i <= 0)
wolfSSL	11:cee25a834751	641	return NULL;
wolfSSL	11:cee25a834751	642
wolfSSL	11:cee25a834751	643	data = (byte*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	644	if (data == NULL)
wolfSSL	11:cee25a834751	645	return NULL;
wolfSSL	11:cee25a834751	646	dataAlloced = 1;
wolfSSL	11:cee25a834751	647
wolfSSL	11:cee25a834751	648	len = wolfSSL_BIO_read(bio, (char *)data, (int)l);
wolfSSL	11:cee25a834751	649	}
wolfSSL	11:cee25a834751	650	else
wolfSSL	11:cee25a834751	651	return NULL;
wolfSSL	11:cee25a834751	652
wolfSSL	11:cee25a834751	653	if (len > 0) {
wolfSSL	11:cee25a834751	654	p = data;
wolfSSL	11:cee25a834751	655	ret = wolfSSL_d2i_OCSP_RESPONSE(response, (const unsigned char **)&p, len);
wolfSSL	11:cee25a834751	656	}
wolfSSL	11:cee25a834751	657
wolfSSL	11:cee25a834751	658	if (dataAlloced)
wolfSSL	11:cee25a834751	659	XFREE(data, 0, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	660
wolfSSL	11:cee25a834751	661	return ret;
wolfSSL	11:cee25a834751	662	}
wolfSSL	11:cee25a834751	663
wolfSSL	11:cee25a834751	664	OcspResponse* wolfSSL_d2i_OCSP_RESPONSE(OcspResponse** response,
wolfSSL	11:cee25a834751	665	const unsigned char** data, int len)
wolfSSL	11:cee25a834751	666	{
wolfSSL	11:cee25a834751	667	OcspResponse *resp = NULL;
wolfSSL	11:cee25a834751	668	word32 idx = 0;
wolfSSL	11:cee25a834751	669	int length = 0;
wolfSSL	11:cee25a834751	670
wolfSSL	11:cee25a834751	671	if (data == NULL)
wolfSSL	11:cee25a834751	672	return NULL;
wolfSSL	11:cee25a834751	673
wolfSSL	11:cee25a834751	674	if (response != NULL)
wolfSSL	11:cee25a834751	675	resp = *response;
wolfSSL	11:cee25a834751	676	if (resp == NULL) {
wolfSSL	11:cee25a834751	677	resp = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL,
wolfSSL	11:cee25a834751	678	DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	679	if (resp == NULL)
wolfSSL	11:cee25a834751	680	return NULL;
wolfSSL	11:cee25a834751	681	XMEMSET(resp, 0, sizeof(OcspResponse));
wolfSSL	11:cee25a834751	682	}
wolfSSL	11:cee25a834751	683
wolfSSL	11:cee25a834751	684	resp->source = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	685	if (resp->source == NULL) {
wolfSSL	11:cee25a834751	686	XFREE(resp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	687	return NULL;
wolfSSL	11:cee25a834751	688	}
wolfSSL	11:cee25a834751	689	resp->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL	11:cee25a834751	690	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	691	if (resp->status == NULL) {
wolfSSL	11:cee25a834751	692	XFREE(resp->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	693	XFREE(resp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	694	return NULL;
wolfSSL	11:cee25a834751	695	}
wolfSSL	11:cee25a834751	696
wolfSSL	11:cee25a834751	697	XMEMCPY(resp->source, *data, len);
wolfSSL	11:cee25a834751	698	resp->maxIdx = len;
wolfSSL	11:cee25a834751	699
wolfSSL	11:cee25a834751	700	if (OcspResponseDecode(resp, NULL, NULL, 1) != 0) {
wolfSSL	11:cee25a834751	701	wolfSSL_OCSP_RESPONSE_free(resp);
wolfSSL	11:cee25a834751	702	return NULL;
wolfSSL	11:cee25a834751	703	}
wolfSSL	11:cee25a834751	704
wolfSSL	11:cee25a834751	705	if (GetSequence(*data, &idx, &length, len) >= 0)
wolfSSL	11:cee25a834751	706	(*data) += idx + length;
wolfSSL	11:cee25a834751	707
wolfSSL	11:cee25a834751	708	return resp;
wolfSSL	11:cee25a834751	709	}
wolfSSL	11:cee25a834751	710
wolfSSL	11:cee25a834751	711	int wolfSSL_i2d_OCSP_RESPONSE(OcspResponse* response,
wolfSSL	11:cee25a834751	712	unsigned char** data)
wolfSSL	11:cee25a834751	713	{
wolfSSL	11:cee25a834751	714	if (data == NULL)
wolfSSL	11:cee25a834751	715	return response->maxIdx;
wolfSSL	11:cee25a834751	716
wolfSSL	11:cee25a834751	717	XMEMCPY(*data, response->source, response->maxIdx);
wolfSSL	11:cee25a834751	718	return response->maxIdx;
wolfSSL	11:cee25a834751	719	}
wolfSSL	11:cee25a834751	720
wolfSSL	11:cee25a834751	721	int wolfSSL_OCSP_response_status(OcspResponse *response)
wolfSSL	11:cee25a834751	722	{
wolfSSL	11:cee25a834751	723	return response->responseStatus;
wolfSSL	11:cee25a834751	724	}
wolfSSL	11:cee25a834751	725
wolfSSL	11:cee25a834751	726	const char *wolfSSL_OCSP_response_status_str(long s)
wolfSSL	11:cee25a834751	727	{
wolfSSL	11:cee25a834751	728	switch (s) {
wolfSSL	11:cee25a834751	729	case OCSP_SUCCESSFUL:
wolfSSL	11:cee25a834751	730	return "successful";
wolfSSL	11:cee25a834751	731	case OCSP_MALFORMED_REQUEST:
wolfSSL	11:cee25a834751	732	return "malformedrequest";
wolfSSL	11:cee25a834751	733	case OCSP_INTERNAL_ERROR:
wolfSSL	11:cee25a834751	734	return "internalerror";
wolfSSL	11:cee25a834751	735	case OCSP_TRY_LATER:
wolfSSL	11:cee25a834751	736	return "trylater";
wolfSSL	11:cee25a834751	737	case OCSP_SIG_REQUIRED:
wolfSSL	11:cee25a834751	738	return "sigrequired";
wolfSSL	11:cee25a834751	739	case OCSP_UNAUTHROIZED:
wolfSSL	11:cee25a834751	740	return "unauthorized";
wolfSSL	11:cee25a834751	741	default:
wolfSSL	11:cee25a834751	742	return "(UNKNOWN)";
wolfSSL	11:cee25a834751	743	}
wolfSSL	11:cee25a834751	744	}
wolfSSL	11:cee25a834751	745
wolfSSL	11:cee25a834751	746	WOLFSSL_OCSP_BASICRESP* wolfSSL_OCSP_response_get1_basic(OcspResponse* response)
wolfSSL	11:cee25a834751	747	{
wolfSSL	11:cee25a834751	748	WOLFSSL_OCSP_BASICRESP* bs;
wolfSSL	11:cee25a834751	749
wolfSSL	11:cee25a834751	750	bs = (WOLFSSL_OCSP_BASICRESP*)XMALLOC(sizeof(WOLFSSL_OCSP_BASICRESP), NULL,
wolfSSL	11:cee25a834751	751	DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	752	if (bs == NULL)
wolfSSL	11:cee25a834751	753	return NULL;
wolfSSL	11:cee25a834751	754
wolfSSL	11:cee25a834751	755	XMEMCPY(bs, response, sizeof(OcspResponse));
wolfSSL	11:cee25a834751	756	bs->status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL,
wolfSSL	11:cee25a834751	757	DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	758	bs->source = (byte*)XMALLOC(bs->maxIdx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	759	if (bs->status == NULL \|\| bs->source == NULL) {
wolfSSL	11:cee25a834751	760	if (bs->status) XFREE(bs->status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	761	if (bs->source) XFREE(bs->source, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL	11:cee25a834751	762	wolfSSL_OCSP_RESPONSE_free(bs);
wolfSSL	11:cee25a834751	763	bs = NULL;
wolfSSL	11:cee25a834751	764	}
wolfSSL	11:cee25a834751	765	else {
wolfSSL	11:cee25a834751	766	XMEMCPY(bs->status, response->status, sizeof(CertStatus));
wolfSSL	11:cee25a834751	767	XMEMCPY(bs->source, response->source, response->maxIdx);
wolfSSL	11:cee25a834751	768	}
wolfSSL	11:cee25a834751	769	return bs;
wolfSSL	11:cee25a834751	770	}
wolfSSL	11:cee25a834751	771
wolfSSL	11:cee25a834751	772	OcspRequest* wolfSSL_OCSP_REQUEST_new(void)
wolfSSL	11:cee25a834751	773	{
wolfSSL	11:cee25a834751	774	OcspRequest* request;
wolfSSL	11:cee25a834751	775
wolfSSL	11:cee25a834751	776	request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL,
wolfSSL	11:cee25a834751	777	DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	778	if (request != NULL)
wolfSSL	11:cee25a834751	779	XMEMSET(request, 0, sizeof(OcspRequest));
wolfSSL	11:cee25a834751	780
wolfSSL	11:cee25a834751	781	return request;
wolfSSL	11:cee25a834751	782	}
wolfSSL	11:cee25a834751	783
wolfSSL	11:cee25a834751	784	void wolfSSL_OCSP_REQUEST_free(OcspRequest* request)
wolfSSL	11:cee25a834751	785	{
wolfSSL	11:cee25a834751	786	FreeOcspRequest(request);
wolfSSL	11:cee25a834751	787	XFREE(request, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL	11:cee25a834751	788	}
wolfSSL	11:cee25a834751	789
wolfSSL	11:cee25a834751	790	int wolfSSL_i2d_OCSP_REQUEST(OcspRequest* request, unsigned char** data)
wolfSSL	11:cee25a834751	791	{
wolfSSL	11:cee25a834751	792	word32 size;
wolfSSL	11:cee25a834751	793
wolfSSL	11:cee25a834751	794	size = EncodeOcspRequest(request, NULL, 0);
wolfSSL	11:cee25a834751	795	if (size <= 0 \|\| data == NULL)
wolfSSL	11:cee25a834751	796	return size;
wolfSSL	11:cee25a834751	797
wolfSSL	11:cee25a834751	798	return EncodeOcspRequest(request, *data, size);
wolfSSL	11:cee25a834751	799	}
wolfSSL	11:cee25a834751	800
wolfSSL	11:cee25a834751	801	WOLFSSL_OCSP_ONEREQ* wolfSSL_OCSP_request_add0_id(OcspRequest *req,
wolfSSL	11:cee25a834751	802	WOLFSSL_OCSP_CERTID *cid)
wolfSSL	11:cee25a834751	803	{
wolfSSL	11:cee25a834751	804	if (req == NULL \|\| cid == NULL)
wolfSSL	11:cee25a834751	805	return NULL;
wolfSSL	11:cee25a834751	806
wolfSSL	11:cee25a834751	807	FreeOcspRequest(req);
wolfSSL	11:cee25a834751	808	XMEMCPY(req, cid, sizeof(OcspRequest));
wolfSSL	11:cee25a834751	809
wolfSSL	11:cee25a834751	810	if (cid->serial != NULL) {
wolfSSL	11:cee25a834751	811	req->serial = (byte*)XMALLOC(cid->serialSz, NULL,
wolfSSL	11:cee25a834751	812	DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	11:cee25a834751	813	req->url = (byte*)XMALLOC(cid->urlSz, NULL, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL	11:cee25a834751	814	if (req->serial == NULL \|\| req->url == NULL) {
wolfSSL	11:cee25a834751	815	FreeOcspRequest(req);
wolfSSL	11:cee25a834751	816	return NULL;
wolfSSL	11:cee25a834751	817	}
wolfSSL	11:cee25a834751	818
wolfSSL	11:cee25a834751	819	XMEMCPY(req->serial, cid->serial, cid->serialSz);
wolfSSL	11:cee25a834751	820	XMEMCPY(req->url, cid->url, cid->urlSz);
wolfSSL	11:cee25a834751	821	}
wolfSSL	11:cee25a834751	822
wolfSSL	11:cee25a834751	823	wolfSSL_OCSP_REQUEST_free(cid);
wolfSSL	11:cee25a834751	824
wolfSSL	11:cee25a834751	825	return req;
wolfSSL	11:cee25a834751	826	}
wolfSSL	11:cee25a834751	827
wolfSSL	11:cee25a834751	828	#endif
wolfSSL	11:cee25a834751	829
wolfSSL	11:cee25a834751	830	#else /* HAVE_OCSP */
wolfSSL	11:cee25a834751	831
wolfSSL	11:cee25a834751	832
wolfSSL	11:cee25a834751	833	#ifdef _MSC_VER
wolfSSL	11:cee25a834751	834	/* 4206 warning for blank file */
wolfSSL	11:cee25a834751	835	#pragma warning(disable: 4206)
wolfSSL	11:cee25a834751	836	#endif
wolfSSL	11:cee25a834751	837
wolfSSL	11:cee25a834751	838
wolfSSL	11:cee25a834751	839	#endif /* HAVE_OCSP */
wolfSSL	11:cee25a834751	840	#endif /* WOLFCRYPT_ONLY */
wolfSSL	11:cee25a834751	841
wolfSSL	11:cee25a834751	842

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	26 Jun 2015
Imports:	673
Forks:	0
Commits:	18
Dependents:	29
Dependencies:	0
Followers:	21

src/ocsp.c@11:cee25a834751, 2017-05-30 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning