Skip to content

Commit 0c7b9bd

Browse files
julek-wolfssljulek-wolfssl
committed
Add missing features list.
1 parent 0a9cce6 commit 0c7b9bd

1 file changed

Lines changed: 38 additions & 30 deletions

File tree

src/ocsp.c

Lines changed: 38 additions & 30 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,14 @@
3030
* OCSP response signer and direct issuer.
3131
*/
3232

33+
/*
34+
* OCSP responder missing features:
35+
* - Support hash algorithms other than SHA-1
36+
* - Support for multiple requests and responses in a single OCSP exchange
37+
* - Support name-based responder ID
38+
* - Support for singleExtensions
39+
*/
40+
3341
#ifndef WOLFCRYPT_ONLY
3442
#ifdef HAVE_OCSP
3543

@@ -2167,10 +2175,10 @@ static void FreeOcspResponderCa(OcspResponderCa* ca, void* heap)
21672175
{
21682176
OcspResponderCertStatus* status;
21692177
OcspResponderCertStatus* nextStatus;
2170-
2178+
21712179
if (ca == NULL)
21722180
return;
2173-
2181+
21742182
/* Free private key */
21752183
#ifndef NO_RSA
21762184
if (ca->keyType == RSAk) {
@@ -2182,20 +2190,20 @@ static void FreeOcspResponderCa(OcspResponderCa* ca, void* heap)
21822190
wc_ecc_free(&ca->key.ecc);
21832191
}
21842192
#endif
2185-
2193+
21862194
/* Free certificate DER if allocated */
21872195
if (ca->certDer != NULL) {
21882196
XFREE(ca->certDer, heap, DYNAMIC_TYPE_OCSP);
21892197
}
2190-
2198+
21912199
/* Free certificate status list */
21922200
status = ca->statuses;
21932201
while (status != NULL) {
21942202
nextStatus = status->next;
21952203
XFREE(status, heap, DYNAMIC_TYPE_OCSP);
21962204
status = nextStatus;
21972205
}
2198-
2206+
21992207
XFREE(ca, heap, DYNAMIC_TYPE_OCSP);
22002208
}
22012209

@@ -2206,7 +2214,7 @@ OcspResponder* wc_OcspResponder_new(void* heap, int sendCerts)
22062214

22072215
WOLFSSL_ENTER("wc_OcspResponder_new");
22082216

2209-
responder = (OcspResponder*)XMALLOC(sizeof(OcspResponder), heap,
2217+
responder = (OcspResponder*)XMALLOC(sizeof(OcspResponder), heap,
22102218
DYNAMIC_TYPE_OCSP);
22112219
if (responder != NULL) {
22122220
XMEMSET(responder, 0, sizeof(OcspResponder));
@@ -2248,13 +2256,13 @@ int wc_OcspResponder_AddCA(OcspResponder* responder,
22482256
OcspResponderCa* ca = NULL;
22492257
DecodedCert* decoded = NULL;
22502258
word32 keyOID = 0;
2251-
2259+
22522260
WOLFSSL_ENTER("wc_OcspResponder_AddCA");
2253-
2261+
22542262
if (responder == NULL || certDer == NULL || certDerSz == 0 ||
22552263
keyDer == NULL || keyDerSz == 0)
22562264
return BAD_FUNC_ARG;
2257-
2265+
22582266
/* Allocate CA structure */
22592267
ca = (OcspResponderCa*)XMALLOC(sizeof(OcspResponderCa), responder->heap,
22602268
DYNAMIC_TYPE_OCSP);
@@ -2263,15 +2271,15 @@ int wc_OcspResponder_AddCA(OcspResponder* responder,
22632271
goto out;
22642272
}
22652273
XMEMSET(ca, 0, sizeof(OcspResponderCa));
2266-
2274+
22672275
/* Parse certificate */
22682276
decoded = (DecodedCert*)XMALLOC(sizeof(DecodedCert), responder->heap,
22692277
DYNAMIC_TYPE_OCSP);
22702278
if (decoded == NULL) {
22712279
ret = MEMORY_E;
22722280
goto out;
22732281
}
2274-
2282+
22752283
wc_InitDecodedCert(decoded, certDer, certDerSz, responder->heap);
22762284
ret = wc_ParseCert(decoded, CERT_TYPE, 0, NULL);
22772285
if (ret != 0)
@@ -2288,7 +2296,7 @@ int wc_OcspResponder_AddCA(OcspResponder* responder,
22882296
XMEMCPY(ca->issuerHash, decoded->subjectHash, KEYID_SIZE);
22892297
XMEMCPY(ca->issuerKeyHash, decoded->subjectKeyHash, KEYID_SIZE);
22902298
keyOID = decoded->keyOID;
2291-
2299+
22922300
/* Store raw certificate DER if sendCerts is enabled */
22932301
if (responder->sendCerts) {
22942302
ca->certDer = (byte*)XMALLOC(certDerSz, responder->heap, DYNAMIC_TYPE_OCSP);
@@ -2299,7 +2307,7 @@ int wc_OcspResponder_AddCA(OcspResponder* responder,
22992307
XMEMCPY(ca->certDer, certDer, certDerSz);
23002308
ca->certDerSz = certDerSz;
23012309
}
2302-
2310+
23032311
/* Load the private key */
23042312
#ifndef NO_RSA
23052313
if (keyOID == RSAk) {
@@ -2331,7 +2339,7 @@ int wc_OcspResponder_AddCA(OcspResponder* responder,
23312339
ret = NOT_COMPILED_IN;
23322340
goto out;
23332341
}
2334-
2342+
23352343
/* Add CA to list */
23362344
ca->next = responder->caList;
23372345
responder->caList = ca;
@@ -2354,15 +2362,15 @@ static OcspResponderCa* FindCaByHashes(OcspResponder* responder,
23542362
const byte* issuerHash, const byte* issuerKeyHash)
23552363
{
23562364
OcspResponderCa* ca = responder->caList;
2357-
2365+
23582366
while (ca != NULL) {
23592367
if (XMEMCMP(ca->issuerHash, issuerHash, KEYID_SIZE) == 0 &&
23602368
XMEMCMP(ca->issuerKeyHash, issuerKeyHash, KEYID_SIZE) == 0) {
23612369
return ca;
23622370
}
23632371
ca = ca->next;
23642372
}
2365-
2373+
23662374
return NULL;
23672375
}
23682376

@@ -2371,15 +2379,15 @@ static OcspResponderCertStatus* FindCertStatus(OcspResponderCa* ca,
23712379
const byte* serial, word32 serialSz)
23722380
{
23732381
OcspResponderCertStatus* status = ca->statuses;
2374-
2382+
23752383
while (status != NULL) {
23762384
if (status->serialSz == (int)serialSz &&
23772385
XMEMCMP(status->serial, serial, serialSz) == 0) {
23782386
return status;
23792387
}
23802388
status = status->next;
23812389
}
2382-
2390+
23832391
return NULL;
23842392
}
23852393

@@ -2388,7 +2396,7 @@ static OcspResponderCa* FindCaBySubject(OcspResponder* responder,
23882396
const char* caSubject, word32 caSubjectSz)
23892397
{
23902398
OcspResponderCa* ca = responder->caList;
2391-
2399+
23922400
while (ca != NULL) {
23932401
word32 subjectLen = (word32)XSTRLEN(ca->subject);
23942402
if (subjectLen == caSubjectSz &&
@@ -2397,7 +2405,7 @@ static OcspResponderCa* FindCaBySubject(OcspResponder* responder,
23972405
}
23982406
ca = ca->next;
23992407
}
2400-
2408+
24012409
return NULL;
24022410
}
24032411

@@ -2412,41 +2420,41 @@ int wc_OcspResponder_SetCertStatus(OcspResponder* responder,
24122420
OcspResponderCertStatus* certStatus = NULL;
24132421
int ret = BAD_FUNC_ARG;
24142422
int isNew = 0;
2415-
2423+
24162424
WOLFSSL_ENTER("wc_OcspResponder_SetCertStatus");
2417-
2425+
24182426
if (responder == NULL || caSubject == NULL || caSubjectSz == 0 ||
24192427
serial == NULL || serialSz == 0 || serialSz > EXTERNAL_SERIAL_SIZE)
24202428
goto out;
2421-
2422-
if (status != CERT_GOOD && status != CERT_REVOKED &&
2429+
2430+
if (status != CERT_GOOD && status != CERT_REVOKED &&
24232431
status != CERT_UNKNOWN)
24242432
goto out;
2425-
2433+
24262434
/* Validate revocation parameters when status is REVOKED */
24272435
if (status == CERT_REVOKED) {
24282436
if (revocationTime <= 0)
24292437
goto out;
2430-
if (revocationReason < CRL_REASON_UNSPECIFIED ||
2438+
if (revocationReason < CRL_REASON_UNSPECIFIED ||
24312439
revocationReason > CRL_REASON_AA_COMPROMISE)
24322440
goto out;
24332441
/* Skip value 7 which is not used */
24342442
if (revocationReason == 7)
24352443
goto out;
24362444
}
2437-
2445+
24382446
if (status == CERT_GOOD && validityPeriod == 0)
24392447
goto out;
24402448
if (status != CERT_GOOD && validityPeriod != 0)
24412449
goto out;
2442-
2450+
24432451
/* Find the CA */
24442452
ca = FindCaBySubject(responder, caSubject, caSubjectSz);
24452453
if (ca == NULL) {
24462454
ret = ASN_NO_SIGNER_E;
24472455
goto out;
24482456
}
2449-
2457+
24502458
/* Check if status already exists for this serial */
24512459
certStatus = FindCertStatus(ca, serial, serialSz);
24522460
if (certStatus == NULL) {
@@ -2490,7 +2498,7 @@ int wc_OcspResponder_SetCertStatus(OcspResponder* responder,
24902498
out:
24912499
if (isNew && certStatus != NULL)
24922500
XFREE(certStatus, responder->heap, DYNAMIC_TYPE_OCSP);
2493-
2501+
24942502
return ret;
24952503
}
24962504

0 commit comments

Comments
 (0)