(hx509_ocsp_request): Add nonce to ocsp request.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16908 ec53bebd-3082-4978-b11e-865c3cabbd6b
2006-04-01 01:36:21 +00:00
parent 046a67d1ea
commit ca809dc7cf
1 changed files with 36 additions and 1 deletions
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -701,12 +701,14 @@ hx509_ocsp_request(hx509_context context,
 		   hx509_certs pool,
 		   hx509_cert signer,
 		   const AlgorithmIdentifier *digest,
-		   heim_octet_string *request)
+		   heim_octet_string *request,
+		   heim_octet_string *nonce)
 {
    OCSPRequest req;
    size_t size;
    int ret;
    struct ocsp_add_ctx ctx;
+    Extensions *es;

    memset(&req, 0, sizeof(req));

@@ -725,6 +727,39 @@ hx509_ocsp_request(hx509_context context,
 	return ret;
    }
    
+    if (nonce) {
+
+	req.tbsRequest.requestExtensions = 
+	    calloc(1, sizeof(*req.tbsRequest.requestExtensions));
+	if (req.tbsRequest.requestExtensions == NULL) {
+	    free_OCSPRequest(&req);
+	    return ENOMEM;
+	}
+
+	es = req.tbsRequest.requestExtensions;
+	
+	es->len = 1;
+	es->val = calloc(es->len, sizeof(es->val[0]));
+	
+	ret = copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID);
+	if (ret)
+	    abort();
+	
+	es->val[0].extnValue.data = malloc(10);
+	if (es->val[0].extnValue.data == NULL) {
+	    free_OCSPRequest(&req);
+	    return ENOMEM;
+	}
+	es->val[0].extnValue.length = 10;
+	
+	ret = RAND_bytes(es->val[0].extnValue.data,
+			 es->val[0].extnValue.length);
+	if (ret != 1) {
+	    free_OCSPRequest(&req);
+	    return HX509_CRYPTO_INTERNAL_ERROR;
+	}
+    }
+
    ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length,
 		       &req, &size, ret);
    free_OCSPRequest(&req);