From ca809dc7cf49a013ed2d48da56a985959e7a6055 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= <lha@kth.se>
Date: Sat, 1 Apr 2006 01:36:21 +0000
Subject: [PATCH] (hx509_ocsp_request): Add nonce to ocsp request.

git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@16908 ec53bebd-3082-4978-b11e-865c3cabbd6b
---
 lib/hx509/revoke.c | 37 ++++++++++++++++++++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/lib/hx509/revoke.c b/lib/hx509/revoke.c
index a2d70f7d4..d4519f3b5 100644
--- a/lib/hx509/revoke.c
+++ b/lib/hx509/revoke.c
@@ -701,12 +701,14 @@ hx509_ocsp_request(hx509_context context,
 		   hx509_certs pool,
 		   hx509_cert signer,
 		   const AlgorithmIdentifier *digest,
-		   heim_octet_string *request)
+		   heim_octet_string *request,
+		   heim_octet_string *nonce)
 {
     OCSPRequest req;
     size_t size;
     int ret;
     struct ocsp_add_ctx ctx;
+    Extensions *es;
 
     memset(&req, 0, sizeof(req));
 
@@ -725,6 +727,39 @@ hx509_ocsp_request(hx509_context context,
 	return ret;
     }
     
+    if (nonce) {
+
+	req.tbsRequest.requestExtensions = 
+	    calloc(1, sizeof(*req.tbsRequest.requestExtensions));
+	if (req.tbsRequest.requestExtensions == NULL) {
+	    free_OCSPRequest(&req);
+	    return ENOMEM;
+	}
+
+	es = req.tbsRequest.requestExtensions;
+	
+	es->len = 1;
+	es->val = calloc(es->len, sizeof(es->val[0]));
+	
+	ret = copy_oid(oid_id_pkix_ocsp_nonce(), &es->val[0].extnID);
+	if (ret)
+	    abort();
+	
+	es->val[0].extnValue.data = malloc(10);
+	if (es->val[0].extnValue.data == NULL) {
+	    free_OCSPRequest(&req);
+	    return ENOMEM;
+	}
+	es->val[0].extnValue.length = 10;
+	
+	ret = RAND_bytes(es->val[0].extnValue.data,
+			 es->val[0].extnValue.length);
+	if (ret != 1) {
+	    free_OCSPRequest(&req);
+	    return HX509_CRYPTO_INTERNAL_ERROR;
+	}
+    }
+
     ASN1_MALLOC_ENCODE(OCSPRequest, request->data, request->length,
 		       &req, &size, ret);
     free_OCSPRequest(&req);