Add implementation of OCSP nonce functions.

References sfackler#1045.

openssl-sys/src/ocsp.rs

@@ -66,6 +66,7 @@ cfg_if! {
 
 extern "C" {
     pub fn OCSP_request_add0_id(r: *mut OCSP_REQUEST, id: *mut OCSP_CERTID) -> *mut OCSP_ONEREQ;
+    pub fn OCSP_request_add1_nonce(req: *mut OCSP_REQUEST, val: *mut c_uchar, len: c_int) -> c_int;
 
     pub fn OCSP_resp_find_status(
         bs: *mut OCSP_BASICRESP,
@@ -85,6 +86,9 @@ extern "C" {
 
     pub fn OCSP_response_status(resp: *mut OCSP_RESPONSE) -> c_int;
     pub fn OCSP_response_get1_basic(resp: *mut OCSP_RESPONSE) -> *mut OCSP_BASICRESP;
+    pub fn OCSP_basic_add1_nonce(resp: *mut OCSP_BASICRESP, val: *mut c_uchar, len: c_int)
+        -> c_int;
+    pub fn OCSP_copy_nonce(resp: *mut OCSP_BASICRESP, req: *mut OCSP_REQUEST) -> c_int;
 
     pub fn OCSP_response_create(status: c_int, bs: *mut OCSP_BASICRESP) -> *mut OCSP_RESPONSE;
 
@@ -115,4 +119,6 @@ extern "C" {
         st: *mut X509_STORE,
         flags: c_ulong,
     ) -> c_int;
+
+    pub fn OCSP_check_nonce(req: *mut OCSP_REQUEST, bs: *mut OCSP_BASICRESP) -> c_int;
 }

openssl/src/ocsp.rs

@@ -200,6 +200,24 @@ impl OcspBasicResponseRef {
             }
         }
     }
+
+    pub fn add_nonce(&mut self, val: Option<&[u8]>) -> Result<(), ErrorStack> {
+        unsafe {
+            let (ptr, len) = match val {
+                Some(slice) => (slice.as_ptr() as *mut _, slice.len() as c_int),
+                None => (ptr::null_mut(), 0),
+            };
+            cvt(ffi::OCSP_basic_add1_nonce(self.as_ptr(), ptr, len))?;
+            Ok(())
+        }
+    }
+
+    pub fn copy_nonce(&mut self, req: OcspRequestRef) -> Result<(), ErrorStack> {
+        unsafe {
+            cvt(ffi::OCSP_copy_nonce(self.as_ptr(), req.as_ptr()))?;
+            Ok(())
+        }
+    }
 }
 
 foreign_type_and_impl_send_sync! {
@@ -336,6 +354,17 @@ impl OcspRequestRef {
             Ok(OcspOneReqRef::from_ptr_mut(ptr))
         }
     }
+
+    pub fn add_nonce(&mut self, val: Option<&[u8]>) -> Result<(), ErrorStack> {
+        unsafe {
+            let (ptr, len) = match val {
+                Some(slice) => (slice.as_ptr() as *mut _, slice.len() as c_int),
+                None => (ptr::null_mut(), 0),
+            };
+            cvt(ffi::OCSP_request_add1_nonce(self.as_ptr(), ptr, len))?;
+            Ok(())
+        }
+    }
 }
 
 foreign_type_and_impl_send_sync! {
@@ -345,3 +374,10 @@ foreign_type_and_impl_send_sync! {
     pub struct OcspOneReq;
     pub struct OcspOneReqRef;
 }
+
+pub fn check_nonce(req: &OcspRequestRef, bs: &OcspBasicResponseRef) -> Result<(), ErrorStack> {
+    unsafe {
+        cvt(ffi::OCSP_check_nonce(req.as_ptr(), bs.as_ptr()))?;
+        Ok(())
+    }
+}