1*0Sstevel@tonic-gate /* ocsp_ht.c */
2*0Sstevel@tonic-gate /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3*0Sstevel@tonic-gate * project 2000.
4*0Sstevel@tonic-gate */
5*0Sstevel@tonic-gate /* ====================================================================
6*0Sstevel@tonic-gate * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7*0Sstevel@tonic-gate *
8*0Sstevel@tonic-gate * Redistribution and use in source and binary forms, with or without
9*0Sstevel@tonic-gate * modification, are permitted provided that the following conditions
10*0Sstevel@tonic-gate * are met:
11*0Sstevel@tonic-gate *
12*0Sstevel@tonic-gate * 1. Redistributions of source code must retain the above copyright
13*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer.
14*0Sstevel@tonic-gate *
15*0Sstevel@tonic-gate * 2. Redistributions in binary form must reproduce the above copyright
16*0Sstevel@tonic-gate * notice, this list of conditions and the following disclaimer in
17*0Sstevel@tonic-gate * the documentation and/or other materials provided with the
18*0Sstevel@tonic-gate * distribution.
19*0Sstevel@tonic-gate *
20*0Sstevel@tonic-gate * 3. All advertising materials mentioning features or use of this
21*0Sstevel@tonic-gate * software must display the following acknowledgment:
22*0Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project
23*0Sstevel@tonic-gate * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24*0Sstevel@tonic-gate *
25*0Sstevel@tonic-gate * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26*0Sstevel@tonic-gate * endorse or promote products derived from this software without
27*0Sstevel@tonic-gate * prior written permission. For written permission, please contact
28*0Sstevel@tonic-gate * licensing@OpenSSL.org.
29*0Sstevel@tonic-gate *
30*0Sstevel@tonic-gate * 5. Products derived from this software may not be called "OpenSSL"
31*0Sstevel@tonic-gate * nor may "OpenSSL" appear in their names without prior written
32*0Sstevel@tonic-gate * permission of the OpenSSL Project.
33*0Sstevel@tonic-gate *
34*0Sstevel@tonic-gate * 6. Redistributions of any form whatsoever must retain the following
35*0Sstevel@tonic-gate * acknowledgment:
36*0Sstevel@tonic-gate * "This product includes software developed by the OpenSSL Project
37*0Sstevel@tonic-gate * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38*0Sstevel@tonic-gate *
39*0Sstevel@tonic-gate * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40*0Sstevel@tonic-gate * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41*0Sstevel@tonic-gate * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42*0Sstevel@tonic-gate * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43*0Sstevel@tonic-gate * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44*0Sstevel@tonic-gate * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45*0Sstevel@tonic-gate * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46*0Sstevel@tonic-gate * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47*0Sstevel@tonic-gate * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48*0Sstevel@tonic-gate * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49*0Sstevel@tonic-gate * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50*0Sstevel@tonic-gate * OF THE POSSIBILITY OF SUCH DAMAGE.
51*0Sstevel@tonic-gate * ====================================================================
52*0Sstevel@tonic-gate *
53*0Sstevel@tonic-gate * This product includes cryptographic software written by Eric Young
54*0Sstevel@tonic-gate * (eay@cryptsoft.com). This product includes software written by Tim
55*0Sstevel@tonic-gate * Hudson (tjh@cryptsoft.com).
56*0Sstevel@tonic-gate *
57*0Sstevel@tonic-gate */
58*0Sstevel@tonic-gate
59*0Sstevel@tonic-gate #include <openssl/asn1.h>
60*0Sstevel@tonic-gate #include <stdio.h>
61*0Sstevel@tonic-gate #include <stdlib.h>
62*0Sstevel@tonic-gate #include <ctype.h>
63*0Sstevel@tonic-gate #include <string.h>
64*0Sstevel@tonic-gate #include <openssl/ocsp.h>
65*0Sstevel@tonic-gate #include <openssl/err.h>
66*0Sstevel@tonic-gate #include <openssl/buffer.h>
67*0Sstevel@tonic-gate #ifdef OPENSSL_SYS_SUNOS
68*0Sstevel@tonic-gate #define strtoul (unsigned long)strtol
69*0Sstevel@tonic-gate #endif /* OPENSSL_SYS_SUNOS */
70*0Sstevel@tonic-gate
71*0Sstevel@tonic-gate /* Quick and dirty HTTP OCSP request handler.
72*0Sstevel@tonic-gate * Could make this a bit cleverer by adding
73*0Sstevel@tonic-gate * support for non blocking BIOs and a few
74*0Sstevel@tonic-gate * other refinements.
75*0Sstevel@tonic-gate */
76*0Sstevel@tonic-gate
OCSP_sendreq_bio(BIO * b,char * path,OCSP_REQUEST * req)77*0Sstevel@tonic-gate OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
78*0Sstevel@tonic-gate {
79*0Sstevel@tonic-gate BIO *mem = NULL;
80*0Sstevel@tonic-gate char tmpbuf[1024];
81*0Sstevel@tonic-gate OCSP_RESPONSE *resp = NULL;
82*0Sstevel@tonic-gate char *p, *q, *r;
83*0Sstevel@tonic-gate int len, retcode;
84*0Sstevel@tonic-gate static char req_txt[] =
85*0Sstevel@tonic-gate "POST %s HTTP/1.0\r\n\
86*0Sstevel@tonic-gate Content-Type: application/ocsp-request\r\n\
87*0Sstevel@tonic-gate Content-Length: %d\r\n\r\n";
88*0Sstevel@tonic-gate
89*0Sstevel@tonic-gate len = i2d_OCSP_REQUEST(req, NULL);
90*0Sstevel@tonic-gate if(BIO_printf(b, req_txt, path, len) < 0) {
91*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
92*0Sstevel@tonic-gate goto err;
93*0Sstevel@tonic-gate }
94*0Sstevel@tonic-gate if(i2d_OCSP_REQUEST_bio(b, req) <= 0) {
95*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR);
96*0Sstevel@tonic-gate goto err;
97*0Sstevel@tonic-gate }
98*0Sstevel@tonic-gate if(!(mem = BIO_new(BIO_s_mem()))) goto err;
99*0Sstevel@tonic-gate /* Copy response to a memory BIO: socket bios can't do gets! */
100*0Sstevel@tonic-gate while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) {
101*0Sstevel@tonic-gate if(len < 0) {
102*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR);
103*0Sstevel@tonic-gate goto err;
104*0Sstevel@tonic-gate }
105*0Sstevel@tonic-gate BIO_write(mem, tmpbuf, len);
106*0Sstevel@tonic-gate }
107*0Sstevel@tonic-gate if(BIO_gets(mem, tmpbuf, 512) <= 0) {
108*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
109*0Sstevel@tonic-gate goto err;
110*0Sstevel@tonic-gate }
111*0Sstevel@tonic-gate /* Parse the HTTP response. This will look like this:
112*0Sstevel@tonic-gate * "HTTP/1.0 200 OK". We need to obtain the numeric code and
113*0Sstevel@tonic-gate * (optional) informational message.
114*0Sstevel@tonic-gate */
115*0Sstevel@tonic-gate
116*0Sstevel@tonic-gate /* Skip to first white space (passed protocol info) */
117*0Sstevel@tonic-gate for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue;
118*0Sstevel@tonic-gate if(!*p) {
119*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
120*0Sstevel@tonic-gate goto err;
121*0Sstevel@tonic-gate }
122*0Sstevel@tonic-gate /* Skip past white space to start of response code */
123*0Sstevel@tonic-gate while(*p && isspace((unsigned char)*p)) p++;
124*0Sstevel@tonic-gate if(!*p) {
125*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
126*0Sstevel@tonic-gate goto err;
127*0Sstevel@tonic-gate }
128*0Sstevel@tonic-gate /* Find end of response code: first whitespace after start of code */
129*0Sstevel@tonic-gate for(q = p; *q && !isspace((unsigned char)*q); q++) continue;
130*0Sstevel@tonic-gate if(!*q) {
131*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
132*0Sstevel@tonic-gate goto err;
133*0Sstevel@tonic-gate }
134*0Sstevel@tonic-gate /* Set end of response code and start of message */
135*0Sstevel@tonic-gate *q++ = 0;
136*0Sstevel@tonic-gate /* Attempt to parse numeric code */
137*0Sstevel@tonic-gate retcode = strtoul(p, &r, 10);
138*0Sstevel@tonic-gate if(*r) goto err;
139*0Sstevel@tonic-gate /* Skip over any leading white space in message */
140*0Sstevel@tonic-gate while(*q && isspace((unsigned char)*q)) q++;
141*0Sstevel@tonic-gate if(*q) {
142*0Sstevel@tonic-gate /* Finally zap any trailing white space in message (include CRLF) */
143*0Sstevel@tonic-gate /* We know q has a non white space character so this is OK */
144*0Sstevel@tonic-gate for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0;
145*0Sstevel@tonic-gate }
146*0Sstevel@tonic-gate if(retcode != 200) {
147*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR);
148*0Sstevel@tonic-gate if(!*q) {
149*0Sstevel@tonic-gate ERR_add_error_data(2, "Code=", p);
150*0Sstevel@tonic-gate }
151*0Sstevel@tonic-gate else {
152*0Sstevel@tonic-gate ERR_add_error_data(4, "Code=", p, ",Reason=", q);
153*0Sstevel@tonic-gate }
154*0Sstevel@tonic-gate goto err;
155*0Sstevel@tonic-gate }
156*0Sstevel@tonic-gate /* Find blank line marking beginning of content */
157*0Sstevel@tonic-gate while(BIO_gets(mem, tmpbuf, 512) > 0)
158*0Sstevel@tonic-gate {
159*0Sstevel@tonic-gate for(p = tmpbuf; *p && isspace((unsigned char)*p); p++) continue;
160*0Sstevel@tonic-gate if(!*p) break;
161*0Sstevel@tonic-gate }
162*0Sstevel@tonic-gate if(*p) {
163*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT);
164*0Sstevel@tonic-gate goto err;
165*0Sstevel@tonic-gate }
166*0Sstevel@tonic-gate if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) {
167*0Sstevel@tonic-gate OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR);
168*0Sstevel@tonic-gate goto err;
169*0Sstevel@tonic-gate }
170*0Sstevel@tonic-gate err:
171*0Sstevel@tonic-gate BIO_free(mem);
172*0Sstevel@tonic-gate return resp;
173*0Sstevel@tonic-gate }
174