int OCSP_REQ_CTX_nbio(OCSP_REQ_CTX *rctx) { int i, n; const unsigned char *p; next_io: if (!(rctx->state & OHS_NOREAD)) { n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); if (n <= 0) { if (BIO_should_retry(rctx->io)) return -1; return 0; } /* Write data to memory BIO */ if (BIO_write(rctx->mem, rctx->iobuf, n) != n) return 0; } switch(rctx->state) { case OHS_HTTP_HEADER: /* Last operation was adding headers: need a final \r\n */ if (BIO_write(rctx->mem, "\r\n", 2) != 2) { rctx->state = OHS_ERROR; return 0; } rctx->state = OHS_ASN1_WRITE_INIT; case OHS_ASN1_WRITE_INIT: rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL); rctx->state = OHS_ASN1_WRITE; case OHS_ASN1_WRITE: n = BIO_get_mem_data(rctx->mem, &p); i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len); if (i <= 0) { if (BIO_should_retry(rctx->io)) return -1; rctx->state = OHS_ERROR; return 0; } rctx->asn1_len -= i; if (rctx->asn1_len > 0) goto next_io; rctx->state = OHS_ASN1_FLUSH; (void)BIO_reset(rctx->mem); case OHS_ASN1_FLUSH: i = BIO_flush(rctx->io); if (i > 0) { rctx->state = OHS_FIRSTLINE; goto next_io; } if (BIO_should_retry(rctx->io)) return -1; rctx->state = OHS_ERROR; return 0; case OHS_ERROR: return 0; case OHS_FIRSTLINE: case OHS_HEADERS: /* Attempt to read a line in */ next_line: /* Due to &%^*$" memory BIO behaviour with BIO_gets we * have to check there's a complete line in there before * calling BIO_gets or we'll just get a partial read. */ n = BIO_get_mem_data(rctx->mem, &p); if ((n <= 0) || !memchr(p, '\n', n)) { if (n >= rctx->iobuflen) { rctx->state = OHS_ERROR; return 0; } goto next_io; } n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); if (n <= 0) { if (BIO_should_retry(rctx->mem)) goto next_io; rctx->state = OHS_ERROR; return 0; } /* Don't allow excessive lines */ if (n == rctx->iobuflen) { rctx->state = OHS_ERROR; return 0; } /* First line */ if (rctx->state == OHS_FIRSTLINE) { if (parse_http_line1((char *)rctx->iobuf)) { rctx->state = OHS_HEADERS; goto next_line; } else { rctx->state = OHS_ERROR; return 0; } } else { /* Look for blank line: end of headers */ for (p = rctx->iobuf; *p; p++) { if ((*p != '\r') && (*p != '\n')) break; } if (*p) goto next_line; rctx->state = OHS_ASN1_HEADER; } /* Fall thru */ case OHS_ASN1_HEADER: /* Now reading ASN1 header: can read at least 2 bytes which * is enough for ASN1 SEQUENCE header and either length field * or at least the length of the length field. */ n = BIO_get_mem_data(rctx->mem, &p); if (n < 2) goto next_io; /* Check it is an ASN1 SEQUENCE */ if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { rctx->state = OHS_ERROR; return 0; } /* Check out length field */ if (*p & 0x80) { /* If MSB set on initial length octet we can now * always read 6 octets: make sure we have them. */ if (n < 6) goto next_io; n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) { rctx->state = OHS_ERROR; return 0; } p++; rctx->asn1_len = 0; for (i = 0; i < n; i++) { rctx->asn1_len <<= 8; rctx->asn1_len |= *p++; } if (rctx->asn1_len > rctx->max_resp_len) { rctx->state = OHS_ERROR; return 0; } rctx->asn1_len += n + 2; } else rctx->asn1_len = *p + 2; rctx->state = OHS_ASN1_CONTENT; /* Fall thru */ case OHS_ASN1_CONTENT: n = BIO_get_mem_data(rctx->mem, NULL); if (n < (int)rctx->asn1_len) goto next_io; rctx->state = OHS_DONE; return 1; break; case OHS_DONE: return 1; } return 0; }
int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx) { int i, n; const unsigned char *p; next_io: if (!(rctx->state & OHS_NOREAD)) { n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen); if (n <= 0) { if (BIO_should_retry(rctx->io)) return -1; return 0; } /* Write data to memory BIO */ if (BIO_write(rctx->mem, rctx->iobuf, n) != n) return 0; } switch(rctx->state) { case OHS_ASN1_WRITE: n = BIO_get_mem_data(rctx->mem, &p); i = BIO_write(rctx->io, p + (n - rctx->asn1_len), rctx->asn1_len); if (i <= 0) { if (BIO_should_retry(rctx->io)) return -1; rctx->state = OHS_ERROR; return 0; } rctx->asn1_len -= i; if (rctx->asn1_len > 0) goto next_io; rctx->state = OHS_ASN1_FLUSH; (void)BIO_reset(rctx->mem); case OHS_ASN1_FLUSH: i = BIO_flush(rctx->io); if (i > 0) { rctx->state = OHS_FIRSTLINE; goto next_io; } if (BIO_should_retry(rctx->io)) return -1; rctx->state = OHS_ERROR; return 0; case OHS_ERROR: return 0; case OHS_FIRSTLINE: case OHS_HEADERS: /* Attempt to read a line in */ next_line: /* Due to &%^*$" memory BIO behaviour with BIO_gets we * have to check there's a complete line in there before * calling BIO_gets or we'll just get a partial read. */ n = BIO_get_mem_data(rctx->mem, &p); if ((n <= 0) || !TINYCLR_SSL_MEMCHR(p, '\n', n)) { if (n >= rctx->iobuflen) { rctx->state = OHS_ERROR; return 0; } goto next_io; } n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen); if (n <= 0) { if (BIO_should_retry(rctx->mem)) goto next_io; rctx->state = OHS_ERROR; return 0; } /* Don't allow excessive lines */ if (n == rctx->iobuflen) { rctx->state = OHS_ERROR; return 0; } /* First line */ if (rctx->state == OHS_FIRSTLINE) { if (parse_http_line1((char *)rctx->iobuf)) { rctx->state = OHS_HEADERS; goto next_line; } else { rctx->state = OHS_ERROR; return 0; } } else { /* Look for blank line: end of headers */ for (p = rctx->iobuf; *p; p++) { if ((*p != '\r') && (*p != '\n')) break; } if (*p) goto next_line; rctx->state = OHS_ASN1_HEADER; } /* Fall thru */ case OHS_ASN1_HEADER: /* Now reading ASN1 header: can read at least 6 bytes which * is more than enough for any valid ASN1 SEQUENCE header */ n = BIO_get_mem_data(rctx->mem, &p); if (n < 6) goto next_io; /* Check it is an ASN1 SEQUENCE */ if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { rctx->state = OHS_ERROR; return 0; } /* Check out length field */ if (*p & 0x80) { n = *p & 0x7F; /* Not NDEF or excessive length */ if (!n || (n > 4)) { rctx->state = OHS_ERROR; return 0; } p++; rctx->asn1_len = 0; for (i = 0; i < n; i++) { rctx->asn1_len <<= 8; rctx->asn1_len |= *p++; } if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH) { rctx->state = OHS_ERROR; return 0; } rctx->asn1_len += n + 2; } else rctx->asn1_len = *p + 2; rctx->state = OHS_ASN1_CONTENT; /* Fall thru */ case OHS_ASN1_CONTENT: n = BIO_get_mem_data(rctx->mem, &p); if (n < (int)rctx->asn1_len) goto next_io; *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len); if (*presp) { rctx->state = OHS_DONE; return 1; } rctx->state = OHS_ERROR; return 0; break; case OHS_DONE: return 1; } return 0; }