[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Matt Caswell matt at openssl.org
Tue Nov 7 10:50:34 UTC 2017


The branch OpenSSL_1_1_0-stable has been updated
       via  fb969d09b0a9a1ae4ad27fbc1372aa31ade30667 (commit)
      from  470a601705673102b9d33359408bef6334f07078 (commit)


- Log -----------------------------------------------------------------
commit fb969d09b0a9a1ae4ad27fbc1372aa31ade30667
Author: Matt Caswell <matt at openssl.org>
Date:   Tue Oct 31 15:55:22 2017 +0000

    Remove 4 broken macros from ocsp.h
    
    There were 4 macros in ocsp.h that have not worked since 1.1.0 because
    they attempt to access the internals of an opaque structure.
    
    For OCSP_REQUEST_sign() applications should use OCSP_request_sign() instead.
    For OCSP_BASICRESP_sign() applications should use OCSP_basic_sign() instead.
    For OCSP_REQUEST_verify() applications should use OCSP_request_verify()
    instead.
    For OCSP_BASICRESP_verify() applications should use OCSP_basic_verify()
    instead.
    
    Reviewed-by: Ben Kaduk <kaduk at mit.edu>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/4635)
    
    (cherry picked from commit 9f5671c7e9f30dfa53b1a2b553f234c2761ceb66)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ocsp/ocsp_lcl.h | 16 ++++++++++++++++
 include/openssl/ocsp.h | 16 ----------------
 2 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h
index f93a268..d1cf158 100644
--- a/crypto/ocsp/ocsp_lcl.h
+++ b/crypto/ocsp/ocsp_lcl.h
@@ -214,3 +214,19 @@ struct ocsp_service_locator_st {
     X509_NAME *issuer;
     STACK_OF(ACCESS_DESCRIPTION) *locator;
 };
+
+#  define OCSP_REQUEST_sign(o,pkey,md) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
+                &(o)->optionalSignature->signatureAlgorithm,NULL,\
+                (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md)
+
+#  define OCSP_BASICRESP_sign(o,pkey,md,d) \
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\
+                NULL,(o)->signature,&(o)->tbsResponseData,pkey,md)
+
+#  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
+        &(a)->optionalSignature->signatureAlgorithm,\
+        (a)->optionalSignature->signature,&(a)->tbsRequest,r)
+
+#  define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
+        &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r)
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index 08debc5..f2281c0 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -137,22 +137,6 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
 
 #  define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
 
-#  define OCSP_REQUEST_sign(o,pkey,md) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
-                &o->optionalSignature->signatureAlgorithm,NULL,\
-                o->optionalSignature->signature,&o->tbsRequest,pkey,md)
-
-#  define OCSP_BASICRESP_sign(o,pkey,md,d) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
-                o->signature,&o->tbsResponseData,pkey,md)
-
-#  define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-        &a->optionalSignature->signatureAlgorithm,\
-        a->optionalSignature->signature,&a->tbsRequest,r)
-
-#  define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-        &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
-
 #  define ASN1_BIT_STRING_digest(data,type,md,len) \
         ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 


More information about the openssl-commits mailing list