[openssl-commits] [openssl] master update
Dr. Stephen Henson
steve at openssl.org
Sun Oct 11 19:38:17 UTC 2015
The branch master has been updated
via af170194a88d6127d447bea826845c23ca192727 (commit)
via 47c9a1b5096be684c18335137284f0dfcefd12d6 (commit)
via a332635ea0ec7dab14d550c2f151bb4ea8c64f78 (commit)
via 44c734e95c4242af5ccfd7e5c4653eb196705cb9 (commit)
from 71a64af3312d4dfdff2597a979868d2bdd7e3642 (commit)
- Log -----------------------------------------------------------------
commit af170194a88d6127d447bea826845c23ca192727
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Oct 7 14:42:34 2015 +0100
embed OCSP_CERTID
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 47c9a1b5096be684c18335137284f0dfcefd12d6
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Wed Oct 7 13:28:46 2015 +0100
embed support for ASN1_STRING
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit a332635ea0ec7dab14d550c2f151bb4ea8c64f78
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Oct 6 23:04:08 2015 +0100
Embed various OCSP fields.
Reviewed-by: Rich Salz <rsalz at openssl.org>
commit 44c734e95c4242af5ccfd7e5c4653eb196705cb9
Author: Dr. Stephen Henson <steve at openssl.org>
Date: Tue Oct 6 22:53:48 2015 +0100
embed support for CHOICE type
Reviewed-by: Rich Salz <rsalz at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/asn1/asn1_lib.c | 3 ++-
crypto/asn1/tasn_fre.c | 6 ++++--
crypto/asn1/tasn_new.c | 30 +++++++++++++++++++++---------
crypto/ocsp/ocsp_asn.c | 18 +++++++++---------
crypto/ocsp/ocsp_cl.c | 12 ++++++------
crypto/ocsp/ocsp_ext.c | 40 ++++++++++++++++++++--------------------
crypto/ocsp/ocsp_lcl.h | 18 +++++++++---------
crypto/ocsp/ocsp_lib.c | 17 ++++++++---------
crypto/ocsp/ocsp_prn.c | 18 +++++++++---------
crypto/ocsp/ocsp_srv.c | 22 +++++++++++-----------
crypto/ocsp/ocsp_vfy.c | 20 ++++++++++----------
include/openssl/asn1.h | 2 ++
include/openssl/ocsp.h | 14 +++++++-------
13 files changed, 118 insertions(+), 102 deletions(-)
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 3b36644..12248db 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -363,7 +363,8 @@ void ASN1_STRING_free(ASN1_STRING *a)
return;
if (!(a->flags & ASN1_STRING_FLAG_NDEF))
OPENSSL_free(a->data);
- OPENSSL_free(a);
+ if (!(a->flags & ASN1_STRING_FLAG_EMBED))
+ OPENSSL_free(a);
}
void ASN1_STRING_clear_free(ASN1_STRING *a)
diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c
index bd955d9..1e77885 100644
--- a/crypto/asn1/tasn_fre.c
+++ b/crypto/asn1/tasn_fre.c
@@ -125,8 +125,10 @@ static void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it,
}
if (asn1_cb)
asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
- OPENSSL_free(*pval);
- *pval = NULL;
+ if (embed == 0) {
+ OPENSSL_free(*pval);
+ *pval = NULL;
+ }
break;
case ASN1_ITYPE_EXTERN:
diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c
index 294912c..33a8e97 100644
--- a/crypto/asn1/tasn_new.c
+++ b/crypto/asn1/tasn_new.c
@@ -67,7 +67,8 @@
static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
int embed);
-static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int embed);
static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
@@ -120,12 +121,12 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
if (it->templates) {
if (!asn1_template_new(pval, it->templates))
goto memerr;
- } else if (!asn1_primitive_new(pval, it))
+ } else if (!asn1_primitive_new(pval, it, embed))
goto memerr;
break;
case ASN1_ITYPE_MSTRING:
- if (!asn1_primitive_new(pval, it))
+ if (!asn1_primitive_new(pval, it, embed))
goto memerr;
break;
@@ -142,9 +143,13 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed)
return 1;
}
}
- *pval = OPENSSL_zalloc(it->size);
- if (!*pval)
- goto memerr;
+ if (embed) {
+ memset(*pval, 0, it->size);
+ } else {
+ *pval = OPENSSL_zalloc(it->size);
+ if (!*pval)
+ goto memerr;
+ }
asn1_set_choice_selector(pval, -1, it);
if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
goto auxerr;
@@ -301,7 +306,8 @@ static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
* all the old functions.
*/
-static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it,
+ int embed)
{
ASN1_TYPE *typ;
ASN1_STRING *str;
@@ -343,10 +349,16 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
break;
default:
- str = ASN1_STRING_type_new(utype);
+ if (embed) {
+ str = *(ASN1_STRING **)pval;
+ memset(str, 0, sizeof(*str));
+ str->flags = ASN1_STRING_FLAG_EMBED;
+ } else {
+ str = ASN1_STRING_type_new(utype);
+ *pval = (ASN1_VALUE *)str;
+ }
if (it->itype == ASN1_ITYPE_MSTRING && str)
str->flags |= ASN1_STRING_FLAG_MSTRING;
- *pval = (ASN1_VALUE *)str;
break;
}
if (*pval)
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
index c3362f0..00be995 100644
--- a/crypto/ocsp/ocsp_asn.c
+++ b/crypto/ocsp/ocsp_asn.c
@@ -62,7 +62,7 @@
#include "ocsp_lcl.h"
ASN1_SEQUENCE(OCSP_SIGNATURE) = {
- ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+ ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
@@ -70,10 +70,10 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = {
IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
ASN1_SEQUENCE(OCSP_CERTID) = {
- ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
- ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
- ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
+ ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+ ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
+ ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
+ ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER)
} ASN1_SEQUENCE_END(OCSP_CERTID)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = {
IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
ASN1_SEQUENCE(OCSP_REQUEST) = {
- ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+ ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
} ASN1_SEQUENCE_END(OCSP_REQUEST)
@@ -151,7 +151,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
ASN1_SEQUENCE(OCSP_RESPDATA) = {
ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+ ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
@@ -160,8 +160,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = {
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
ASN1_SEQUENCE(OCSP_BASICRESP) = {
- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+ ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+ ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_BASICRESP)
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index 8143389..2b77146 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -93,7 +93,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
goto err;
OCSP_CERTID_free(one->reqCert);
one->reqCert = cid;
- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
goto err;
return one;
err:
@@ -115,8 +115,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
return 0;
}
gen->type = GEN_DIRNAME;
- GENERAL_NAME_free(req->tbsRequest->requestorName);
- req->tbsRequest->requestorName = gen;
+ GENERAL_NAME_free(req->tbsRequest.requestorName);
+ req->tbsRequest.requestorName = gen;
return 1;
}
@@ -230,7 +230,7 @@ int OCSP_resp_count(OCSP_BASICRESP *bs)
{
if (!bs)
return -1;
- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
}
/* Extract an OCSP_SINGLERESP response with a given index */
@@ -239,7 +239,7 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
{
if (!bs)
return NULL;
- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
}
/* Look single response matching a given certificate ID */
@@ -255,7 +255,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
last = 0;
else
last++;
- sresp = bs->tbsResponseData->responses;
+ sresp = bs->tbsResponseData.responses;
for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
single = sk_OCSP_SINGLERESP_value(sresp, i);
if (!OCSP_id_cmp(id, single->certId))
diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 95c61e6..f9553f0 100644
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -79,53 +79,53 @@
int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
{
- return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+ return (X509v3_get_ext_count(x->tbsRequest.requestExtensions));
}
int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
{
return (X509v3_get_ext_by_NID
- (x->tbsRequest->requestExtensions, nid, lastpos));
+ (x->tbsRequest.requestExtensions, nid, lastpos));
}
int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
int lastpos)
{
return (X509v3_get_ext_by_OBJ
- (x->tbsRequest->requestExtensions, obj, lastpos));
+ (x->tbsRequest.requestExtensions, obj, lastpos));
}
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
{
return (X509v3_get_ext_by_critical
- (x->tbsRequest->requestExtensions, crit, lastpos));
+ (x->tbsRequest.requestExtensions, crit, lastpos));
}
X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
{
- return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+ return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc));
}
X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
{
- return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+ return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc));
}
void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
{
- return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+ return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
}
int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
unsigned long flags)
{
- return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+ return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
crit, flags);
}
int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
{
- return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+ return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
NULL);
}
@@ -183,56 +183,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
{
- return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+ return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions));
}
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
{
return (X509v3_get_ext_by_NID
- (x->tbsResponseData->responseExtensions, nid, lastpos));
+ (x->tbsResponseData.responseExtensions, nid, lastpos));
}
int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
int lastpos)
{
return (X509v3_get_ext_by_OBJ
- (x->tbsResponseData->responseExtensions, obj, lastpos));
+ (x->tbsResponseData.responseExtensions, obj, lastpos));
}
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
int lastpos)
{
return (X509v3_get_ext_by_critical
- (x->tbsResponseData->responseExtensions, crit, lastpos));
+ (x->tbsResponseData.responseExtensions, crit, lastpos));
}
X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
{
- return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+ return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc));
}
X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
{
- return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+ return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc));
}
void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
int *idx)
{
- return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+ return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
idx);
}
int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
int crit, unsigned long flags)
{
- return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+ return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
value, crit, flags);
}
int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
{
- return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+ return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
!= NULL);
}
@@ -334,14 +334,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
{
- return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+ return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
}
/* Same as above but for a response */
int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
{
- return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+ return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
len);
}
diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h
index 86fb0b9..c60d956 100644
--- a/crypto/ocsp/ocsp_lcl.h
+++ b/crypto/ocsp/ocsp_lcl.h
@@ -71,10 +71,10 @@
* serialNumber CertificateSerialNumber }
*/
struct ocsp_cert_id_st {
- X509_ALGOR *hashAlgorithm;
- ASN1_OCTET_STRING *issuerNameHash;
- ASN1_OCTET_STRING *issuerKeyHash;
- ASN1_INTEGER *serialNumber;
+ X509_ALGOR hashAlgorithm;
+ ASN1_OCTET_STRING issuerNameHash;
+ ASN1_OCTET_STRING issuerKeyHash;
+ ASN1_INTEGER serialNumber;
};
/*- Request ::= SEQUENCE {
@@ -105,7 +105,7 @@ struct ocsp_req_info_st {
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
struct ocsp_signature_st {
- X509_ALGOR *signatureAlgorithm;
+ X509_ALGOR signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
};
@@ -115,7 +115,7 @@ struct ocsp_signature_st {
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
*/
struct ocsp_request_st {
- OCSP_REQINFO *tbsRequest;
+ OCSP_REQINFO tbsRequest;
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
};
@@ -211,7 +211,7 @@ struct ocsp_single_response_st {
*/
struct ocsp_response_data_st {
ASN1_INTEGER *version;
- OCSP_RESPID *responderId;
+ OCSP_RESPID responderId;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(OCSP_SINGLERESP) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
@@ -244,8 +244,8 @@ struct ocsp_response_data_st {
* and CeloCom
*/
struct ocsp_basic_response_st {
- OCSP_RESPDATA *tbsResponseData;
- X509_ALGOR *signatureAlgorithm;
+ OCSP_RESPDATA tbsResponseData;
+ X509_ALGOR signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
};
diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index aa0723c..0120194 100644
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -109,7 +109,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
if ((cid = OCSP_CERTID_new()) == NULL)
goto err;
- alg = cid->hashAlgorithm;
+ alg = &cid->hashAlgorithm;
ASN1_OBJECT_free(alg->algorithm);
if ((nid = EVP_MD_type(dgst)) == NID_undef) {
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
@@ -123,19 +123,18 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
if (!X509_NAME_digest(issuerName, dgst, md, &i))
goto digerr;
- if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i)))
+ if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
goto err;
/* Calculate the issuerKey hash, excluding tag and length */
if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
goto err;
- if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i)))
+ if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
goto err;
if (serialNumber) {
- ASN1_INTEGER_free(cid->serialNumber);
- if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL)
+ if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
goto err;
}
return cid;
@@ -149,13 +148,13 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
{
int ret;
- ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+ ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
if (ret)
return ret;
- ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
+ ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
if (ret)
return ret;
- return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash);
+ return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
}
int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
@@ -164,7 +163,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
ret = OCSP_id_issuer_cmp(a, b);
if (ret)
return ret;
- return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber);
+ return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
}
/*
diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c
index b826292..70b6904 100644
--- a/crypto/ocsp/ocsp_prn.c
+++ b/crypto/ocsp/ocsp_prn.c
@@ -75,13 +75,13 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
indent += 2;
BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
- i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+ i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
- i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING);
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
- i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING);
+ i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING);
BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
- i2a_ASN1_INTEGER(bp, a->serialNumber);
+ i2a_ASN1_INTEGER(bp, &a->serialNumber);
BIO_printf(bp, "\n");
return 1;
}
@@ -144,7 +144,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
long l;
OCSP_CERTID *cid = NULL;
OCSP_ONEREQ *one = NULL;
- OCSP_REQINFO *inf = o->tbsRequest;
+ OCSP_REQINFO *inf = &o->tbsRequest;
OCSP_SIGNATURE *sig = o->optionalSignature;
if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
@@ -172,7 +172,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
inf->requestExtensions, flags, 4))
goto err;
if (sig) {
- X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+ X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
for (i = 0; i < sk_X509_num(sig->certs); i++) {
X509_print(bp, sk_X509_value(sig->certs, i));
PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
@@ -216,14 +216,14 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
i = ASN1_STRING_length(rb->response);
if ((br = OCSP_response_get1_basic(o)) == NULL)
goto err;
- rd = br->tbsResponseData;
+ rd = &br->tbsResponseData;
l = ASN1_INTEGER_get(rd->version);
if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0)
goto err;
if (BIO_puts(bp, " Responder Id: ") <= 0)
goto err;
- rid = rd->responderId;
+ rid = &rd->responderId;
switch (rid->type) {
case V_OCSP_RESPID_NAME:
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
@@ -286,7 +286,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
if (!X509V3_extensions_print(bp, "Response Extensions",
rd->responseExtensions, flags, 4))
goto err;
- if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+ if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
goto err;
for (i = 0; i < sk_X509_num(br->certs); i++) {
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c
index 948eff9..8f196c8 100644
--- a/crypto/ocsp/ocsp_srv.c
+++ b/crypto/ocsp/ocsp_srv.c
@@ -74,12 +74,12 @@
int OCSP_request_onereq_count(OCSP_REQUEST *req)
{
- return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+ return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
}
OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
{
- return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+ return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
}
OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
@@ -94,13 +94,13 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
if (!cid)
return 0;
if (pmd)
- *pmd = cid->hashAlgorithm->algorithm;
+ *pmd = cid->hashAlgorithm.algorithm;
if (piNameHash)
- *piNameHash = cid->issuerNameHash;
+ *piNameHash = &cid->issuerNameHash;
if (pikeyHash)
- *pikeyHash = cid->issuerKeyHash;
+ *pikeyHash = &cid->issuerKeyHash;
if (pserial)
- *pserial = cid->serialNumber;
+ *pserial = &cid->serialNumber;
return 1;
}
@@ -145,8 +145,8 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
OCSP_CERTSTATUS *cs;
OCSP_REVOKEDINFO *ri;
- if (rsp->tbsResponseData->responses == NULL
- && (rsp->tbsResponseData->responses
+ if (rsp->tbsResponseData.responses == NULL
+ && (rsp->tbsResponseData.responses
= sk_OCSP_SINGLERESP_new_null()) == NULL)
goto err;
@@ -195,7 +195,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
goto err;
}
- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
goto err;
return single;
err:
@@ -240,7 +240,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
}
}
- rid = brsp->tbsResponseData->responderId;
+ rid = &brsp->tbsResponseData.responderId;
if (flags & OCSP_RESPID_KEY) {
unsigned char md[SHA_DIGEST_LENGTH];
X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
@@ -256,7 +256,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
}
if (!(flags & OCSP_NOTIME) &&
- !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+ !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
goto err;
/*
diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c
index 9dd3f3a..629ebf0 100644
--- a/crypto/ocsp/ocsp_vfy.c
+++ b/crypto/ocsp/ocsp_vfy.c
@@ -182,7 +182,7 @@ static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
unsigned long flags)
{
X509 *signer;
- OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+ OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
if ((signer = ocsp_find_signer_sk(certs, rid))) {
*psigner = signer;
return 2;
@@ -231,7 +231,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
X509 *signer, *sca;
OCSP_CERTID *caid = NULL;
int i;
- sresp = bs->tbsResponseData->responses;
+ sresp = bs->tbsResponseData.responses;
if (sk_X509_num(chain) <= 0) {
OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
@@ -292,8 +292,8 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
/* Check to see if IDs match */
if (OCSP_id_issuer_cmp(cid, tmpid)) {
/* If algoritm mismatch let caller deal with it */
- if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
- cid->hashAlgorithm->algorithm))
+ if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+ cid->hashAlgorithm.algorithm))
return 2;
/* Else mismatch */
return 0;
@@ -314,7 +314,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
X509_NAME *iname;
int mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
- if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))
+ if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
== NULL) {
OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
OCSP_R_UNKNOWN_MESSAGE_DIGEST);
@@ -324,16 +324,16 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
mdlen = EVP_MD_size(dgst);
if (mdlen < 0)
return -1;
- if ((cid->issuerNameHash->length != mdlen) ||
- (cid->issuerKeyHash->length != mdlen))
+ if ((cid->issuerNameHash.length != mdlen) ||
+ (cid->issuerKeyHash.length != mdlen))
return 0;
iname = X509_get_subject_name(cert);
if (!X509_NAME_digest(iname, dgst, md, NULL))
return -1;
- if (memcmp(md, cid->issuerNameHash->data, mdlen))
+ if (memcmp(md, cid->issuerNameHash.data, mdlen))
return 0;
X509_pubkey_digest(cert, dgst, md, NULL);
- if (memcmp(md, cid->issuerKeyHash->data, mdlen))
+ if (memcmp(md, cid->issuerKeyHash.data, mdlen))
return 0;
return 1;
@@ -380,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
return 0;
}
- gen = req->tbsRequest->requestorName;
+ gen = req->tbsRequest.requestorName;
if (!gen || gen->type != GEN_DIRNAME) {
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 2405bd6..0768869 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -179,6 +179,8 @@ DECLARE_STACK_OF(X509_ALGOR)
* type.
*/
# define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+# define ASN1_STRING_FLAG_EMBED 0x080
/* This is the base type that holds just about everything :-) */
struct asn1_string_st {
int length;
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index ab45db4..79b4c37 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -186,19 +186,19 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
# define OCSP_REQUEST_sign(o,pkey,md) \
ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
- o->optionalSignature->signatureAlgorithm,NULL,\
- o->optionalSignature->signature,o->tbsRequest,pkey,md)
+ &o->optionalSignature->signatureAlgorithm,NULL,\
+ o->optionalSignature->signature,&o->tbsRequest,pkey,md)
# define OCSP_BASICRESP_sign(o,pkey,md,d) \
- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
- o->signature,o->tbsResponseData,pkey,md)
+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
+ o->signature,&o->tbsResponseData,pkey,md)
# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
- a->optionalSignature->signatureAlgorithm,\
- a->optionalSignature->signature,a->tbsRequest,r)
+ &a->optionalSignature->signatureAlgorithm,\
+ a->optionalSignature->signature,&a->tbsRequest,r)
# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
- a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+ &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
# define ASN1_BIT_STRING_digest(data,type,md,len) \
ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
More information about the openssl-commits
mailing list