/** * Parse OCSP response data * * @v ocsp OCSP check * @v raw ASN.1 cursor * @ret rc Return status code */ static int ocsp_parse_tbs_response_data ( struct ocsp_check *ocsp, const struct asn1_cursor *raw ) { struct ocsp_response *response = &ocsp->response; struct asn1_cursor cursor; int rc; /* Record raw tbsResponseData */ memcpy ( &cursor, raw, sizeof ( cursor ) ); asn1_shrink_any ( &cursor ); memcpy ( &response->tbs, &cursor, sizeof ( response->tbs ) ); /* Enter tbsResponseData */ asn1_enter ( &cursor, ASN1_SEQUENCE ); /* Skip version, if present */ asn1_skip_if_exists ( &cursor, ASN1_EXPLICIT_TAG ( 0 ) ); /* Parse responderID */ if ( ( rc = ocsp_parse_responder_id ( ocsp, &cursor ) ) != 0 ) return rc; asn1_skip_any ( &cursor ); /* Skip producedAt */ asn1_skip_any ( &cursor ); /* Parse responses */ if ( ( rc = ocsp_parse_responses ( ocsp, &cursor ) ) != 0 ) return rc; return 0; }
/** * Parse OCSP certificate ID * * @v ocsp OCSP check * @v raw ASN.1 cursor * @ret rc Return status code */ static int ocsp_parse_cert_id ( struct ocsp_check *ocsp, const struct asn1_cursor *raw ) { struct asn1_cursor cursor; /* Check certID matches request */ memcpy ( &cursor, raw, sizeof ( cursor ) ); asn1_shrink_any ( &cursor ); if ( asn1_compare ( &cursor, &ocsp->request.cert_id ) != 0 ) { DBGC ( ocsp, "OCSP %p \"%s\" certID mismatch:\n", ocsp, x509_name ( ocsp->cert ) ); DBGC_HDA ( ocsp, 0, ocsp->request.cert_id.data, ocsp->request.cert_id.len ); DBGC_HDA ( ocsp, 0, cursor.data, cursor.len ); return -EACCES_CERT_MISMATCH; } return 0; }