OCSP library tidy. Use extension to encode OCSP extensions instead of doing (fb596f3b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/ocsp/ocsp.h

+2 −2

Original line number	Diff line number	Diff line
		@@ -391,12 +391,12 @@ typedef struct ocsp_service_locator_st
		#define ASN1_BIT_STRING_digest(data,type,md,len) \
		ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)

		#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)

		#define OCSP_CERTSTATUS_dup(cs)\
		(OCSP_CERTSTATUS)ASN1_dup((int()())i2d_OCSP_CERTSTATUS,\
		(char ()())d2i_OCSP_CERTSTATUS,(char *)(cs))

		OCSP_CERTID OCSP_CERTID_dup(OCSP_CERTID id);

		OCSP_RESPONSE OCSP_sendreq_bio(BIO b, char path, OCSP_REQUEST req);
		OCSP_REQ_CTX OCSP_sendreq_new(BIO io, char path, OCSP_REQUEST req,
		int maxline);

crypto/ocsp/ocsp_ext.c

+8 −36

Original line number	Diff line number	Diff line
		@@ -442,17 +442,10 @@ X509_EXTENSION OCSP_crlID_new(char url, long n, char tim)
		if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
		goto err;
		}
		if (!(x = X509_EXTENSION_new())) goto err;
		if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
		if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
		NULL)))
		goto err;
		OCSP_CRLID_free(cid);
		return x;
		x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
		err:
		if (x) X509_EXTENSION_free(x);
		if (cid) OCSP_CRLID_free(cid);
		return NULL;
		return x;
		}

		/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
		@@ -470,18 +463,10 @@ X509_EXTENSION OCSP_accept_responses_new(char *oids)
		sk_ASN1_OBJECT_push(sk, o);
		oids++;
		}
		if (!(x = X509_EXTENSION_new())) goto err;
		if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
		goto err;
		if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
		sk)))
		goto err;
		sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
		return x;
		x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
		err:
		if (x) X509_EXTENSION_free(x);
		if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
		return NULL;
		return x;
		}

		/* ArchiveCutoff ::= GeneralizedTime */
		@@ -492,16 +477,10 @@ X509_EXTENSION OCSP_archive_cutoff_new(char tim)

		if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
		if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
		if (!(x = X509_EXTENSION_new())) goto err;
		if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
		if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
		i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
		ASN1_GENERALIZEDTIME_free(gt);
		return x;
		x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
		err:
		if (gt) ASN1_GENERALIZEDTIME_free(gt);
		if (x) X509_EXTENSION_free(x);
		return NULL;
		return x;
		}

		/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
		@@ -530,16 +509,9 @@ X509_EXTENSION OCSP_url_svcloc_new(X509_NAME issuer, char **urls)
		if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
		urls++;
		}
		if (!(x = X509_EXTENSION_new())) goto err;
		if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
		goto err;
		if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
		i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
		OCSP_SERVICELOC_free(sloc);
		return x;
		x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
		err:
		if (x) X509_EXTENSION_free(x);
		if (sloc) OCSP_SERVICELOC_free(sloc);
		return NULL;
		return x;
		}

crypto/ocsp/ocsp_lib.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -69,6 +69,7 @@
		#include <openssl/pem.h>
		#include <openssl/x509v3.h>
		#include <openssl/ocsp.h>
		#include <openssl/asn1t.h>

		/* Convert a certificate and its issuer to an OCSP_CERTID */

		@@ -260,3 +261,5 @@ int OCSP_parse_url(char url, char phost, char pport, char ppath, int pss
		return 0;

		}

		IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)