Add nonces to OCSP requests and responses

[scolby33]

I would like to make the following functionality be exposed via the Rust API:

• [x] int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
• [x] int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
• [x] int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
• [x] int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)

I am happy to make a pull request for this, however I am a bit unfamiliar (read: almost totally unfamiliar) with Rust FFI and am not sure exactly how to expose the unsigned char *val, int len tuple in Rust.

Also, where should the check and copy functionality be implemented? My instinct is OCSP_check_nonce should be a free function and that OCSP_copy_nonce should be on the response object, but input on this is welcome.

Here is an outline of my proposed implementation of this. The version for OCSP_BASICRESP is obviously similar.

impl OcspRequestRef {
    pub fn add_nonce(&mut self, &val: Option<some_type>) -> Result<something, ErrorStack> {
        unsafe {
            // if val is None, pass NULL as val and 0 as len--how best to do?
            cvt(ffi::OCSP_request_add1_nonce(self.as_ptr(), val.as_ptr(), val.len()))?;
            Ok(something)
        }
    }
}

[sfackler]

Awesome! The standard equivalent Rust type for that would be a &[u8], so add_nonce would look like this:

impl OcspRequestRef {
    pub fn add_nonce(&mut self, val: Option<&[u8]>) -> Result<(), ErrorStack> {
        unsafe {
            let (ptr, len) = match val {
                Some(slice) => (slice.as_ptr() as *mut _, slice.len() as c_int),
                None => (ptr::null_mut(), 0),
            };
            cvt(ffi::OCSP_request_add1_nonce(self.as_ptr(), ptr, len))?;
            Ok(())
        }
    }
}

Your intuition about check_nonce and copy_nonce makes sense to me.