wolfSSL SSL/TLS library, support up to TLS1.3
Dependents: CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more
src/ocsp.c@0:d92f9d21154c, 2015-06-26 (annotated)
- Committer:
- wolfSSL
- Date:
- Fri Jun 26 00:39:20 2015 +0000
- Revision:
- 0:d92f9d21154c
wolfSSL 3.6.0
Who changed what in which revision?
User | Revision | Line number | New contents of line |
---|---|---|---|
wolfSSL | 0:d92f9d21154c | 1 | /* ocsp.c |
wolfSSL | 0:d92f9d21154c | 2 | * |
wolfSSL | 0:d92f9d21154c | 3 | * Copyright (C) 2006-2015 wolfSSL Inc. |
wolfSSL | 0:d92f9d21154c | 4 | * |
wolfSSL | 0:d92f9d21154c | 5 | * This file is part of wolfSSL. (formerly known as CyaSSL) |
wolfSSL | 0:d92f9d21154c | 6 | * |
wolfSSL | 0:d92f9d21154c | 7 | * wolfSSL is free software; you can redistribute it and/or modify |
wolfSSL | 0:d92f9d21154c | 8 | * it under the terms of the GNU General Public License as published by |
wolfSSL | 0:d92f9d21154c | 9 | * the Free Software Foundation; either version 2 of the License, or |
wolfSSL | 0:d92f9d21154c | 10 | * (at your option) any later version. |
wolfSSL | 0:d92f9d21154c | 11 | * |
wolfSSL | 0:d92f9d21154c | 12 | * wolfSSL is distributed in the hope that it will be useful, |
wolfSSL | 0:d92f9d21154c | 13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
wolfSSL | 0:d92f9d21154c | 14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
wolfSSL | 0:d92f9d21154c | 15 | * GNU General Public License for more details. |
wolfSSL | 0:d92f9d21154c | 16 | * |
wolfSSL | 0:d92f9d21154c | 17 | * You should have received a copy of the GNU General Public License |
wolfSSL | 0:d92f9d21154c | 18 | * along with this program; if not, write to the Free Software |
wolfSSL | 0:d92f9d21154c | 19 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA |
wolfSSL | 0:d92f9d21154c | 20 | */ |
wolfSSL | 0:d92f9d21154c | 21 | |
wolfSSL | 0:d92f9d21154c | 22 | /* Name change compatibility layer no longer needs to be included here */ |
wolfSSL | 0:d92f9d21154c | 23 | |
wolfSSL | 0:d92f9d21154c | 24 | #ifdef HAVE_CONFIG_H |
wolfSSL | 0:d92f9d21154c | 25 | #include <config.h> |
wolfSSL | 0:d92f9d21154c | 26 | #endif |
wolfSSL | 0:d92f9d21154c | 27 | |
wolfSSL | 0:d92f9d21154c | 28 | #include <wolfssl/wolfcrypt/settings.h> |
wolfSSL | 0:d92f9d21154c | 29 | |
wolfSSL | 0:d92f9d21154c | 30 | #ifdef HAVE_OCSP |
wolfSSL | 0:d92f9d21154c | 31 | |
wolfSSL | 0:d92f9d21154c | 32 | #include <wolfssl/error-ssl.h> |
wolfSSL | 0:d92f9d21154c | 33 | #include <wolfssl/ocsp.h> |
wolfSSL | 0:d92f9d21154c | 34 | #include <wolfssl/internal.h> |
wolfSSL | 0:d92f9d21154c | 35 | |
wolfSSL | 0:d92f9d21154c | 36 | |
wolfSSL | 0:d92f9d21154c | 37 | int InitOCSP(WOLFSSL_OCSP* ocsp, WOLFSSL_CERT_MANAGER* cm) |
wolfSSL | 0:d92f9d21154c | 38 | { |
wolfSSL | 0:d92f9d21154c | 39 | WOLFSSL_ENTER("InitOCSP"); |
wolfSSL | 0:d92f9d21154c | 40 | XMEMSET(ocsp, 0, sizeof(*ocsp)); |
wolfSSL | 0:d92f9d21154c | 41 | ocsp->cm = cm; |
wolfSSL | 0:d92f9d21154c | 42 | if (InitMutex(&ocsp->ocspLock) != 0) |
wolfSSL | 0:d92f9d21154c | 43 | return BAD_MUTEX_E; |
wolfSSL | 0:d92f9d21154c | 44 | |
wolfSSL | 0:d92f9d21154c | 45 | return 0; |
wolfSSL | 0:d92f9d21154c | 46 | } |
wolfSSL | 0:d92f9d21154c | 47 | |
wolfSSL | 0:d92f9d21154c | 48 | |
wolfSSL | 0:d92f9d21154c | 49 | static int InitOCSP_Entry(OCSP_Entry* ocspe, DecodedCert* cert) |
wolfSSL | 0:d92f9d21154c | 50 | { |
wolfSSL | 0:d92f9d21154c | 51 | WOLFSSL_ENTER("InitOCSP_Entry"); |
wolfSSL | 0:d92f9d21154c | 52 | |
wolfSSL | 0:d92f9d21154c | 53 | XMEMSET(ocspe, 0, sizeof(*ocspe)); |
wolfSSL | 0:d92f9d21154c | 54 | XMEMCPY(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE); |
wolfSSL | 0:d92f9d21154c | 55 | XMEMCPY(ocspe->issuerKeyHash, cert->issuerKeyHash, SHA_DIGEST_SIZE); |
wolfSSL | 0:d92f9d21154c | 56 | |
wolfSSL | 0:d92f9d21154c | 57 | return 0; |
wolfSSL | 0:d92f9d21154c | 58 | } |
wolfSSL | 0:d92f9d21154c | 59 | |
wolfSSL | 0:d92f9d21154c | 60 | |
wolfSSL | 0:d92f9d21154c | 61 | static void FreeOCSP_Entry(OCSP_Entry* ocspe) |
wolfSSL | 0:d92f9d21154c | 62 | { |
wolfSSL | 0:d92f9d21154c | 63 | CertStatus* tmp = ocspe->status; |
wolfSSL | 0:d92f9d21154c | 64 | |
wolfSSL | 0:d92f9d21154c | 65 | WOLFSSL_ENTER("FreeOCSP_Entry"); |
wolfSSL | 0:d92f9d21154c | 66 | |
wolfSSL | 0:d92f9d21154c | 67 | while (tmp) { |
wolfSSL | 0:d92f9d21154c | 68 | CertStatus* next = tmp->next; |
wolfSSL | 0:d92f9d21154c | 69 | XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_STATUS); |
wolfSSL | 0:d92f9d21154c | 70 | tmp = next; |
wolfSSL | 0:d92f9d21154c | 71 | } |
wolfSSL | 0:d92f9d21154c | 72 | } |
wolfSSL | 0:d92f9d21154c | 73 | |
wolfSSL | 0:d92f9d21154c | 74 | |
wolfSSL | 0:d92f9d21154c | 75 | void FreeOCSP(WOLFSSL_OCSP* ocsp, int dynamic) |
wolfSSL | 0:d92f9d21154c | 76 | { |
wolfSSL | 0:d92f9d21154c | 77 | OCSP_Entry* tmp = ocsp->ocspList; |
wolfSSL | 0:d92f9d21154c | 78 | |
wolfSSL | 0:d92f9d21154c | 79 | WOLFSSL_ENTER("FreeOCSP"); |
wolfSSL | 0:d92f9d21154c | 80 | |
wolfSSL | 0:d92f9d21154c | 81 | while (tmp) { |
wolfSSL | 0:d92f9d21154c | 82 | OCSP_Entry* next = tmp->next; |
wolfSSL | 0:d92f9d21154c | 83 | FreeOCSP_Entry(tmp); |
wolfSSL | 0:d92f9d21154c | 84 | XFREE(tmp, NULL, DYNAMIC_TYPE_OCSP_ENTRY); |
wolfSSL | 0:d92f9d21154c | 85 | tmp = next; |
wolfSSL | 0:d92f9d21154c | 86 | } |
wolfSSL | 0:d92f9d21154c | 87 | |
wolfSSL | 0:d92f9d21154c | 88 | FreeMutex(&ocsp->ocspLock); |
wolfSSL | 0:d92f9d21154c | 89 | if (dynamic) |
wolfSSL | 0:d92f9d21154c | 90 | XFREE(ocsp, NULL, DYNAMIC_TYPE_OCSP); |
wolfSSL | 0:d92f9d21154c | 91 | } |
wolfSSL | 0:d92f9d21154c | 92 | |
wolfSSL | 0:d92f9d21154c | 93 | |
wolfSSL | 0:d92f9d21154c | 94 | static int xstat2err(int stat) |
wolfSSL | 0:d92f9d21154c | 95 | { |
wolfSSL | 0:d92f9d21154c | 96 | switch (stat) { |
wolfSSL | 0:d92f9d21154c | 97 | case CERT_GOOD: |
wolfSSL | 0:d92f9d21154c | 98 | return 0; |
wolfSSL | 0:d92f9d21154c | 99 | case CERT_REVOKED: |
wolfSSL | 0:d92f9d21154c | 100 | return OCSP_CERT_REVOKED; |
wolfSSL | 0:d92f9d21154c | 101 | default: |
wolfSSL | 0:d92f9d21154c | 102 | return OCSP_CERT_UNKNOWN; |
wolfSSL | 0:d92f9d21154c | 103 | } |
wolfSSL | 0:d92f9d21154c | 104 | } |
wolfSSL | 0:d92f9d21154c | 105 | |
wolfSSL | 0:d92f9d21154c | 106 | |
wolfSSL | 0:d92f9d21154c | 107 | int CheckCertOCSP(WOLFSSL_OCSP* ocsp, DecodedCert* cert) |
wolfSSL | 0:d92f9d21154c | 108 | { |
wolfSSL | 0:d92f9d21154c | 109 | byte* ocspReqBuf = NULL; |
wolfSSL | 0:d92f9d21154c | 110 | int ocspReqSz = 2048; |
wolfSSL | 0:d92f9d21154c | 111 | byte* ocspRespBuf = NULL; |
wolfSSL | 0:d92f9d21154c | 112 | int result = -1; |
wolfSSL | 0:d92f9d21154c | 113 | OCSP_Entry* ocspe; |
wolfSSL | 0:d92f9d21154c | 114 | CertStatus* certStatus = NULL; |
wolfSSL | 0:d92f9d21154c | 115 | const char *url; |
wolfSSL | 0:d92f9d21154c | 116 | int urlSz; |
wolfSSL | 0:d92f9d21154c | 117 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 118 | CertStatus* newStatus; |
wolfSSL | 0:d92f9d21154c | 119 | OcspRequest* ocspRequest; |
wolfSSL | 0:d92f9d21154c | 120 | OcspResponse* ocspResponse; |
wolfSSL | 0:d92f9d21154c | 121 | #else |
wolfSSL | 0:d92f9d21154c | 122 | CertStatus newStatus[1]; |
wolfSSL | 0:d92f9d21154c | 123 | OcspRequest ocspRequest[1]; |
wolfSSL | 0:d92f9d21154c | 124 | OcspResponse ocspResponse[1]; |
wolfSSL | 0:d92f9d21154c | 125 | #endif |
wolfSSL | 0:d92f9d21154c | 126 | |
wolfSSL | 0:d92f9d21154c | 127 | WOLFSSL_ENTER("CheckCertOCSP"); |
wolfSSL | 0:d92f9d21154c | 128 | |
wolfSSL | 0:d92f9d21154c | 129 | if (LockMutex(&ocsp->ocspLock) != 0) { |
wolfSSL | 0:d92f9d21154c | 130 | WOLFSSL_LEAVE("CheckCertOCSP", BAD_MUTEX_E); |
wolfSSL | 0:d92f9d21154c | 131 | return BAD_MUTEX_E; |
wolfSSL | 0:d92f9d21154c | 132 | } |
wolfSSL | 0:d92f9d21154c | 133 | |
wolfSSL | 0:d92f9d21154c | 134 | ocspe = ocsp->ocspList; |
wolfSSL | 0:d92f9d21154c | 135 | while (ocspe) { |
wolfSSL | 0:d92f9d21154c | 136 | if (XMEMCMP(ocspe->issuerHash, cert->issuerHash, SHA_DIGEST_SIZE) == 0 |
wolfSSL | 0:d92f9d21154c | 137 | && XMEMCMP(ocspe->issuerKeyHash, cert->issuerKeyHash, |
wolfSSL | 0:d92f9d21154c | 138 | SHA_DIGEST_SIZE) == 0) |
wolfSSL | 0:d92f9d21154c | 139 | break; |
wolfSSL | 0:d92f9d21154c | 140 | else |
wolfSSL | 0:d92f9d21154c | 141 | ocspe = ocspe->next; |
wolfSSL | 0:d92f9d21154c | 142 | } |
wolfSSL | 0:d92f9d21154c | 143 | |
wolfSSL | 0:d92f9d21154c | 144 | if (ocspe == NULL) { |
wolfSSL | 0:d92f9d21154c | 145 | ocspe = (OCSP_Entry*)XMALLOC(sizeof(OCSP_Entry), |
wolfSSL | 0:d92f9d21154c | 146 | NULL, DYNAMIC_TYPE_OCSP_ENTRY); |
wolfSSL | 0:d92f9d21154c | 147 | if (ocspe != NULL) { |
wolfSSL | 0:d92f9d21154c | 148 | InitOCSP_Entry(ocspe, cert); |
wolfSSL | 0:d92f9d21154c | 149 | ocspe->next = ocsp->ocspList; |
wolfSSL | 0:d92f9d21154c | 150 | ocsp->ocspList = ocspe; |
wolfSSL | 0:d92f9d21154c | 151 | } |
wolfSSL | 0:d92f9d21154c | 152 | else { |
wolfSSL | 0:d92f9d21154c | 153 | UnLockMutex(&ocsp->ocspLock); |
wolfSSL | 0:d92f9d21154c | 154 | WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); |
wolfSSL | 0:d92f9d21154c | 155 | return MEMORY_ERROR; |
wolfSSL | 0:d92f9d21154c | 156 | } |
wolfSSL | 0:d92f9d21154c | 157 | } |
wolfSSL | 0:d92f9d21154c | 158 | else { |
wolfSSL | 0:d92f9d21154c | 159 | certStatus = ocspe->status; |
wolfSSL | 0:d92f9d21154c | 160 | while (certStatus) { |
wolfSSL | 0:d92f9d21154c | 161 | if (certStatus->serialSz == cert->serialSz && |
wolfSSL | 0:d92f9d21154c | 162 | XMEMCMP(certStatus->serial, cert->serial, cert->serialSz) == 0) |
wolfSSL | 0:d92f9d21154c | 163 | break; |
wolfSSL | 0:d92f9d21154c | 164 | else |
wolfSSL | 0:d92f9d21154c | 165 | certStatus = certStatus->next; |
wolfSSL | 0:d92f9d21154c | 166 | } |
wolfSSL | 0:d92f9d21154c | 167 | } |
wolfSSL | 0:d92f9d21154c | 168 | |
wolfSSL | 0:d92f9d21154c | 169 | if (certStatus != NULL) { |
wolfSSL | 0:d92f9d21154c | 170 | if (!ValidateDate(certStatus->thisDate, |
wolfSSL | 0:d92f9d21154c | 171 | certStatus->thisDateFormat, BEFORE) || |
wolfSSL | 0:d92f9d21154c | 172 | (certStatus->nextDate[0] == 0) || |
wolfSSL | 0:d92f9d21154c | 173 | !ValidateDate(certStatus->nextDate, |
wolfSSL | 0:d92f9d21154c | 174 | certStatus->nextDateFormat, AFTER)) { |
wolfSSL | 0:d92f9d21154c | 175 | WOLFSSL_MSG("\tinvalid status date, looking up cert"); |
wolfSSL | 0:d92f9d21154c | 176 | } |
wolfSSL | 0:d92f9d21154c | 177 | else { |
wolfSSL | 0:d92f9d21154c | 178 | result = xstat2err(certStatus->status); |
wolfSSL | 0:d92f9d21154c | 179 | UnLockMutex(&ocsp->ocspLock); |
wolfSSL | 0:d92f9d21154c | 180 | WOLFSSL_LEAVE("CheckCertOCSP", result); |
wolfSSL | 0:d92f9d21154c | 181 | return result; |
wolfSSL | 0:d92f9d21154c | 182 | } |
wolfSSL | 0:d92f9d21154c | 183 | } |
wolfSSL | 0:d92f9d21154c | 184 | |
wolfSSL | 0:d92f9d21154c | 185 | UnLockMutex(&ocsp->ocspLock); |
wolfSSL | 0:d92f9d21154c | 186 | |
wolfSSL | 0:d92f9d21154c | 187 | if (ocsp->cm->ocspUseOverrideURL) { |
wolfSSL | 0:d92f9d21154c | 188 | url = ocsp->cm->ocspOverrideURL; |
wolfSSL | 0:d92f9d21154c | 189 | if (url != NULL && url[0] != '\0') |
wolfSSL | 0:d92f9d21154c | 190 | urlSz = (int)XSTRLEN(url); |
wolfSSL | 0:d92f9d21154c | 191 | else |
wolfSSL | 0:d92f9d21154c | 192 | return OCSP_NEED_URL; |
wolfSSL | 0:d92f9d21154c | 193 | } |
wolfSSL | 0:d92f9d21154c | 194 | else if (cert->extAuthInfoSz != 0 && cert->extAuthInfo != NULL) { |
wolfSSL | 0:d92f9d21154c | 195 | url = (const char *)cert->extAuthInfo; |
wolfSSL | 0:d92f9d21154c | 196 | urlSz = cert->extAuthInfoSz; |
wolfSSL | 0:d92f9d21154c | 197 | } |
wolfSSL | 0:d92f9d21154c | 198 | else { |
wolfSSL | 0:d92f9d21154c | 199 | /* cert doesn't have extAuthInfo, assuming CERT_GOOD */ |
wolfSSL | 0:d92f9d21154c | 200 | return 0; |
wolfSSL | 0:d92f9d21154c | 201 | } |
wolfSSL | 0:d92f9d21154c | 202 | |
wolfSSL | 0:d92f9d21154c | 203 | ocspReqBuf = (byte*)XMALLOC(ocspReqSz, NULL, DYNAMIC_TYPE_IN_BUFFER); |
wolfSSL | 0:d92f9d21154c | 204 | if (ocspReqBuf == NULL) { |
wolfSSL | 0:d92f9d21154c | 205 | WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); |
wolfSSL | 0:d92f9d21154c | 206 | return MEMORY_ERROR; |
wolfSSL | 0:d92f9d21154c | 207 | } |
wolfSSL | 0:d92f9d21154c | 208 | |
wolfSSL | 0:d92f9d21154c | 209 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 210 | newStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, |
wolfSSL | 0:d92f9d21154c | 211 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 212 | ocspRequest = (OcspRequest*)XMALLOC(sizeof(OcspRequest), NULL, |
wolfSSL | 0:d92f9d21154c | 213 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 214 | ocspResponse = (OcspResponse*)XMALLOC(sizeof(OcspResponse), NULL, |
wolfSSL | 0:d92f9d21154c | 215 | DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 216 | |
wolfSSL | 0:d92f9d21154c | 217 | if (newStatus == NULL || ocspRequest == NULL || ocspResponse == NULL) { |
wolfSSL | 0:d92f9d21154c | 218 | if (newStatus) XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 219 | if (ocspRequest) XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 220 | if (ocspResponse) XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 221 | |
wolfSSL | 0:d92f9d21154c | 222 | XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 223 | |
wolfSSL | 0:d92f9d21154c | 224 | WOLFSSL_LEAVE("CheckCertOCSP", MEMORY_ERROR); |
wolfSSL | 0:d92f9d21154c | 225 | return MEMORY_E; |
wolfSSL | 0:d92f9d21154c | 226 | } |
wolfSSL | 0:d92f9d21154c | 227 | #endif |
wolfSSL | 0:d92f9d21154c | 228 | |
wolfSSL | 0:d92f9d21154c | 229 | InitOcspRequest(ocspRequest, cert, ocsp->cm->ocspSendNonce, |
wolfSSL | 0:d92f9d21154c | 230 | ocspReqBuf, ocspReqSz); |
wolfSSL | 0:d92f9d21154c | 231 | ocspReqSz = EncodeOcspRequest(ocspRequest); |
wolfSSL | 0:d92f9d21154c | 232 | |
wolfSSL | 0:d92f9d21154c | 233 | if (ocsp->cm->ocspIOCb) |
wolfSSL | 0:d92f9d21154c | 234 | result = ocsp->cm->ocspIOCb(ocsp->cm->ocspIOCtx, url, urlSz, |
wolfSSL | 0:d92f9d21154c | 235 | ocspReqBuf, ocspReqSz, &ocspRespBuf); |
wolfSSL | 0:d92f9d21154c | 236 | |
wolfSSL | 0:d92f9d21154c | 237 | if (result >= 0 && ocspRespBuf) { |
wolfSSL | 0:d92f9d21154c | 238 | XMEMSET(newStatus, 0, sizeof(CertStatus)); |
wolfSSL | 0:d92f9d21154c | 239 | |
wolfSSL | 0:d92f9d21154c | 240 | InitOcspResponse(ocspResponse, newStatus, ocspRespBuf, result); |
wolfSSL | 0:d92f9d21154c | 241 | OcspResponseDecode(ocspResponse); |
wolfSSL | 0:d92f9d21154c | 242 | |
wolfSSL | 0:d92f9d21154c | 243 | if (ocspResponse->responseStatus != OCSP_SUCCESSFUL) |
wolfSSL | 0:d92f9d21154c | 244 | result = OCSP_LOOKUP_FAIL; |
wolfSSL | 0:d92f9d21154c | 245 | else { |
wolfSSL | 0:d92f9d21154c | 246 | if (CompareOcspReqResp(ocspRequest, ocspResponse) == 0) { |
wolfSSL | 0:d92f9d21154c | 247 | result = xstat2err(ocspResponse->status->status); |
wolfSSL | 0:d92f9d21154c | 248 | |
wolfSSL | 0:d92f9d21154c | 249 | if (LockMutex(&ocsp->ocspLock) != 0) |
wolfSSL | 0:d92f9d21154c | 250 | result = BAD_MUTEX_E; |
wolfSSL | 0:d92f9d21154c | 251 | else { |
wolfSSL | 0:d92f9d21154c | 252 | if (certStatus != NULL) |
wolfSSL | 0:d92f9d21154c | 253 | /* Replace existing certificate entry with updated */ |
wolfSSL | 0:d92f9d21154c | 254 | XMEMCPY(certStatus, newStatus, sizeof(CertStatus)); |
wolfSSL | 0:d92f9d21154c | 255 | else { |
wolfSSL | 0:d92f9d21154c | 256 | /* Save new certificate entry */ |
wolfSSL | 0:d92f9d21154c | 257 | certStatus = (CertStatus*)XMALLOC(sizeof(CertStatus), |
wolfSSL | 0:d92f9d21154c | 258 | NULL, DYNAMIC_TYPE_OCSP_STATUS); |
wolfSSL | 0:d92f9d21154c | 259 | if (certStatus != NULL) { |
wolfSSL | 0:d92f9d21154c | 260 | XMEMCPY(certStatus, newStatus, sizeof(CertStatus)); |
wolfSSL | 0:d92f9d21154c | 261 | certStatus->next = ocspe->status; |
wolfSSL | 0:d92f9d21154c | 262 | ocspe->status = certStatus; |
wolfSSL | 0:d92f9d21154c | 263 | ocspe->totalStatus++; |
wolfSSL | 0:d92f9d21154c | 264 | } |
wolfSSL | 0:d92f9d21154c | 265 | } |
wolfSSL | 0:d92f9d21154c | 266 | |
wolfSSL | 0:d92f9d21154c | 267 | UnLockMutex(&ocsp->ocspLock); |
wolfSSL | 0:d92f9d21154c | 268 | } |
wolfSSL | 0:d92f9d21154c | 269 | } |
wolfSSL | 0:d92f9d21154c | 270 | else |
wolfSSL | 0:d92f9d21154c | 271 | result = OCSP_LOOKUP_FAIL; |
wolfSSL | 0:d92f9d21154c | 272 | } |
wolfSSL | 0:d92f9d21154c | 273 | } |
wolfSSL | 0:d92f9d21154c | 274 | else |
wolfSSL | 0:d92f9d21154c | 275 | result = OCSP_LOOKUP_FAIL; |
wolfSSL | 0:d92f9d21154c | 276 | |
wolfSSL | 0:d92f9d21154c | 277 | XFREE(ocspReqBuf, NULL, DYNAMIC_TYPE_IN_BUFFER); |
wolfSSL | 0:d92f9d21154c | 278 | |
wolfSSL | 0:d92f9d21154c | 279 | #ifdef WOLFSSL_SMALL_STACK |
wolfSSL | 0:d92f9d21154c | 280 | XFREE(newStatus, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 281 | XFREE(ocspRequest, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 282 | XFREE(ocspResponse, NULL, DYNAMIC_TYPE_TMP_BUFFER); |
wolfSSL | 0:d92f9d21154c | 283 | #endif |
wolfSSL | 0:d92f9d21154c | 284 | |
wolfSSL | 0:d92f9d21154c | 285 | if (ocspRespBuf != NULL && ocsp->cm->ocspRespFreeCb) |
wolfSSL | 0:d92f9d21154c | 286 | ocsp->cm->ocspRespFreeCb(ocsp->cm->ocspIOCtx, ocspRespBuf); |
wolfSSL | 0:d92f9d21154c | 287 | |
wolfSSL | 0:d92f9d21154c | 288 | WOLFSSL_LEAVE("CheckCertOCSP", result); |
wolfSSL | 0:d92f9d21154c | 289 | return result; |
wolfSSL | 0:d92f9d21154c | 290 | } |
wolfSSL | 0:d92f9d21154c | 291 | |
wolfSSL | 0:d92f9d21154c | 292 | |
wolfSSL | 0:d92f9d21154c | 293 | #else /* HAVE_OCSP */ |
wolfSSL | 0:d92f9d21154c | 294 | |
wolfSSL | 0:d92f9d21154c | 295 | |
wolfSSL | 0:d92f9d21154c | 296 | #ifdef _MSC_VER |
wolfSSL | 0:d92f9d21154c | 297 | /* 4206 warning for blank file */ |
wolfSSL | 0:d92f9d21154c | 298 | #pragma warning(disable: 4206) |
wolfSSL | 0:d92f9d21154c | 299 | #endif |
wolfSSL | 0:d92f9d21154c | 300 | |
wolfSSL | 0:d92f9d21154c | 301 | |
wolfSSL | 0:d92f9d21154c | 302 | #endif /* HAVE_OCSP */ |
wolfSSL | 0:d92f9d21154c | 303 | |
wolfSSL | 0:d92f9d21154c | 304 |