Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add nonces to OCSP requests and responses #1045

Open
4 tasks done
scolby33 opened this issue Jan 24, 2019 · 1 comment · May be fixed by #2274
Open
4 tasks done

Add nonces to OCSP requests and responses #1045

scolby33 opened this issue Jan 24, 2019 · 1 comment · May be fixed by #2274

Comments

@scolby33
Copy link

scolby33 commented Jan 24, 2019
edited
Loading

I would like to make the following functionality be exposed via the Rust API:

  • int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
  • int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
  • int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
  • int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)

I am happy to make a pull request for this, however I am a bit unfamiliar (read: almost totally unfamiliar) with Rust FFI and am not sure exactly how to expose the unsigned char *val, int len tuple in Rust.

Also, where should the check and copy functionality be implemented? My instinct is OCSP_check_nonce should be a free function and that OCSP_copy_nonce should be on the response object, but input on this is welcome.

Here is an outline of my proposed implementation of this. The version for OCSP_BASICRESP is obviously similar.

impl OcspRequestRef {
    pub fn add_nonce(&mut self, &val: Option<some_type>) -> Result<something, ErrorStack> {
        unsafe {
            // if val is None, pass NULL as val and 0 as len--how best to do?
            cvt(ffi::OCSP_request_add1_nonce(self.as_ptr(), val.as_ptr(), val.len()))?;
            Ok(something)
        }
    }
}
@sfackler
Copy link
Owner

Awesome! The standard equivalent Rust type for that would be a &[u8], so add_nonce would look like this:

impl OcspRequestRef {
    pub fn add_nonce(&mut self, val: Option<&[u8]>) -> Result<(), ErrorStack> {
        unsafe {
            let (ptr, len) = match val {
                Some(slice) => (slice.as_ptr() as *mut _, slice.len() as c_int),
                None => (ptr::null_mut(), 0),
            };
            cvt(ffi::OCSP_request_add1_nonce(self.as_ptr(), ptr, len))?;
            Ok(())
        }
    }
}

Your intuition about check_nonce and copy_nonce makes sense to me.

scolby33 added a commit to scolby33/rust-openssl that referenced this issue Jan 24, 2019
@scolby33
Add implementation of OCSP nonce functions.
f6676a2 
References sfackler#1045.
@scolby33 scolby33 mentioned this issue Jan 24, 2019
Closed
5 tasks
mvertescher pushed a commit to mvertescher/rust-openssl that referenced this issue Sep 27, 2019
@scolby33 @mvertescher
Add implementation of OCSP nonce functions.
265bfec 
- References sfackler#1045.
- Add test for creation of OCSP request.
- With and without a nonce.
- Add custom return/error type for ocsp::check_nonce.
- Fix signature of ocsp::BasicResponseRef::copy_nonce.
- Add Error::description implementation as required by older versions of Rust.
@sgilson sgilson linked a pull request Aug 4, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Support OCSP nonce sgilson/rust-openssl
Add OCSP nonce functionality scolby33/rust-openssl
2 participants
@sfackler @scolby33