From 8b55fc9c96b80714a5afd9ac6448c09fca4d5de5 Mon Sep 17 00:00:00 2001 From: Marcel Poul Date: Tue, 7 Aug 2012 23:56:34 +0000 Subject: [PATCH] init/free canl_store() and ocsprequest() funcions. --- emi.canl.canl-c/src/canl_locl.h | 17 ----- emi.canl.canl-c/src/canl_ocsp.c | 136 +++++++++++++++++++++++------------ emi.canl.canl-c/src/proxy/sslutils.c | 2 + emi.canl.canl-c/src/proxy/sslutils.h | 3 +- 4 files changed, 95 insertions(+), 63 deletions(-) diff --git a/emi.canl.canl-c/src/canl_locl.h b/emi.canl.canl-c/src/canl_locl.h index 95f7903..d253efc 100644 --- a/emi.canl.canl-c/src/canl_locl.h +++ b/emi.canl.canl-c/src/canl_locl.h @@ -116,23 +116,6 @@ typedef struct canl_mech { } canl_mech; -typedef struct { - char *ca_dir; - char *ca_file; - char *crl_dir; -} canl_x509store_t; - -typedef struct { - char *url; - X509 *cert; - X509 *issuer; - canl_x509store_t *store; - X509 *sign_cert; - EVP_PKEY *sign_key; - long skew; - long maxage; -} canl_ocsprequest_t; - /* Mechanism specific */ extern canl_mech canl_mech_ssl; diff --git a/emi.canl.canl-c/src/canl_ocsp.c b/emi.canl.canl-c/src/canl_ocsp.c index 733501d..4eda8dc 100644 --- a/emi.canl.canl-c/src/canl_ocsp.c +++ b/emi.canl.canl-c/src/canl_ocsp.c @@ -1,37 +1,9 @@ -#include "canl_locl.h" +#include "canl_ocsp.h" #include "canl_mech_ssl.h" #include #define USENONCE 0 -typedef enum { - CANL_OCSPRESULT_ERROR_NOSTATUS = -17, - CANL_OCSPRESULT_ERROR_INVTIME = -16, - CANL_OCSPRESULT_ERROR_VERIFYRESPONSE = -15, - CANL_OCSPRESULT_ERROR_NOTCONFIGURED = -14, - CANL_OCSPRESULT_ERROR_NOAIAOCSPURI = -13, - CANL_OCSPRESULT_ERROR_INVALIDRESPONSE = -12, - CANL_OCSPRESULT_ERROR_CONNECTFAILURE = -11, - CANL_OCSPRESULT_ERROR_SIGNFAILURE = -10, - CANL_OCSPRESULT_ERROR_BADOCSPADDRESS = -9, - CANL_OCSPRESULT_ERROR_OUTOFMEMORY = -8, - CANL_OCSPRESULT_ERROR_UNKNOWN = -7, - CANL_OCSPRESULT_ERROR_UNAUTHORIZED = -6, - CANL_OCSPRESULT_ERROR_SIGREQUIRED = -5, - CANL_OCSPRESULT_ERROR_TRYLATER = -3, - CANL_OCSPRESULT_ERROR_INTERNALERROR = -2, - CANL_OCSPRESULT_ERROR_MALFORMEDREQUEST = -1, - CANL_OCSPRESULT_CERTIFICATE_VALID = 0, - CANL_OCSPRESULT_CERTIFICATE_REVOKED = 1 -} canl_ocspresult_t; - -static int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert); -static int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key); -static int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert); -static int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew); -static int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage); -static int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url); -static int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer); static canl_x509store_t * store_dup(canl_x509store_t *store_from); static X509_STORE * canl_create_x509store(canl_x509store_t *store); @@ -43,8 +15,89 @@ query_responder(BIO *conn, char *path, OCSP_REQUEST *req, int req_timeout); static char *get_ocsp_url_from_aia(X509 * cert, char** urls); -static int -set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert) +int ocsprequest_init(canl_ocsprequest_t **ocspreq) +{ + if (!ocspreq) + return 1; + if (*ocspreq) { + ocsprequest_free(*ocspreq); + } + else { + *ocspreq = calloc(1, sizeof(**ocspreq)); + if (!(*ocspreq)) + return 1; + } + + return 0; +} + +int canl_x509store_init(canl_x509store_t **cs) +{ + if (!cs) + return 1; + if (*cs) { + canl_x509store_free(*cs); + } + else { + *cs = calloc(1, sizeof(**cs)); + if (!(*cs)) + return 1; + } + + return 0; +} + +void ocsprequest_free(canl_ocsprequest_t *or) +{ + if (!or) + return; + if (or->url){ + free(or->url); + or->url = NULL; + } + if (or->cert){ + X509_free(or->cert); + or->cert = NULL; + } + if (or->issuer){ + X509_free(or->issuer); + or->issuer = NULL; + } + if (or->store){ + canl_x509store_free((or->store)); + or->store = NULL; + } + if (or->sign_cert){ + X509_free(or->sign_cert); + or->sign_cert = NULL; + } + if (or->sign_key){ + EVP_PKEY_free(or->sign_key); + or->sign_key = NULL; + } + or->skew = 0; + or->maxage = 0; +} + +void canl_x509store_free(canl_x509store_t *cs) +{ + if (!cs) + return; + if (cs->ca_dir){ + free(cs->ca_dir); + cs->ca_dir = NULL; + } + if (cs->crl_dir){ + free(cs->crl_dir); + cs->crl_dir = NULL; + } + if (cs->ca_file){ + free(cs->ca_file); + cs->ca_file = NULL; + } +} + +int set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert) { if (!ocspreq) @@ -64,8 +117,7 @@ set_ocsp_cert(canl_ocsprequest_t *ocspreq, X509 *cert) return 0; } - static int -set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url) +int set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url) { int len = 0; @@ -88,8 +140,7 @@ set_ocsp_url(canl_ocsprequest_t *ocspreq, char *url) return 0; } - static int -set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer) +int set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer) { if (!ocspreq) @@ -108,8 +159,7 @@ set_ocsp_issuer(canl_ocsprequest_t *ocspreq, X509 *issuer) return 0; } - static int -set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert) +int set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert) { if (!ocspreq) @@ -128,8 +178,7 @@ set_ocsp_sign_cert(canl_ocsprequest_t *ocspreq, X509 *sign_cert) return 0; } - static int -set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key) +int set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key) { if (!ocspreq) @@ -147,8 +196,7 @@ set_ocsp_sign_key(canl_ocsprequest_t *ocspreq, EVP_PKEY *sign_key) } return 0; } - static int -set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew) +int set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew) { if (!ocspreq) @@ -159,8 +207,7 @@ set_ocsp_skew(canl_ocsprequest_t *ocspreq, int skew) ocspreq->skew = skew; return 0; } - static int -set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage) +int set_ocsp_maxage(canl_ocsprequest_t *ocspreq, int maxage) { if (!ocspreq) @@ -200,7 +247,7 @@ store_dup(canl_x509store_t *store_from) return store_to; } - static int +static int set_ocsp_store(canl_ocsprequest_t *ocspreq, canl_x509store_t *store) { @@ -222,7 +269,6 @@ canl_create_x509store(canl_x509store_t *c_store) X509_STORE *store = NULL; X509_LOOKUP *lookup = NULL; - if (!c_store) return NULL; if(!(store = X509_STORE_new())) diff --git a/emi.canl.canl-c/src/proxy/sslutils.c b/emi.canl.canl-c/src/proxy/sslutils.c index a9e2f7c..588053d 100644 --- a/emi.canl.canl-c/src/proxy/sslutils.c +++ b/emi.canl.canl-c/src/proxy/sslutils.c @@ -1821,6 +1821,7 @@ proxy_verify_callback( char * cert_dir = NULL; EVP_PKEY *key = NULL; int objset = 0; + canl_ocsprequest_t *ocsp_data = NULL; /* * If we are being called recursivly to check delegate @@ -2188,6 +2189,7 @@ proxy_verify_callback( /* OCSP check */ +// do_ocsp_verify (ocsp_data); EVP_PKEY_free(key); diff --git a/emi.canl.canl-c/src/proxy/sslutils.h b/emi.canl.canl-c/src/proxy/sslutils.h index 3a5725c..d36b6ee 100644 --- a/emi.canl.canl-c/src/proxy/sslutils.h +++ b/emi.canl.canl-c/src/proxy/sslutils.h @@ -59,7 +59,8 @@ EXTERN_C_BEGIN #include #include "openssl/crypto.h" - +//canl headers +#include "canl_ocsp.h" #if defined(__GNUC__) #if (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 4)) -- 1.8.2.3