generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

embed OCSP_CERTID

Browse Source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
This commit is contained in:
Dr. Stephen Henson 2015-10-07 14:42:34 +01:00
parent 47c9a1b509
commit af170194a8
6 changed files with 22 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
crypto/ocsp/ocsp_asn.c
View File

@ -71,9 +71,9 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
ASN1_SEQUENCE(OCSP_CERTID) = { ASN1_SEQUENCE(OCSP_CERTID) = {
ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER)
} ASN1_SEQUENCE_END(OCSP_CERTID) } ASN1_SEQUENCE_END(OCSP_CERTID)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID)

6
crypto/ocsp/ocsp_lcl.h
View File

@ -72,9 +72,9 @@
*/ */
struct ocsp_cert_id_st { struct ocsp_cert_id_st {
X509_ALGOR hashAlgorithm; X509_ALGOR hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash; ASN1_OCTET_STRING issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash; ASN1_OCTET_STRING issuerKeyHash;
ASN1_INTEGER *serialNumber; ASN1_INTEGER serialNumber;
}; };
/*- Request ::= SEQUENCE { /*- Request ::= SEQUENCE {

13
crypto/ocsp/ocsp_lib.c
View File

@ -123,19 +123,18 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
if (!X509_NAME_digest(issuerName, dgst, md, &i)) if (!X509_NAME_digest(issuerName, dgst, md, &i))
goto digerr; goto digerr;
if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i)))
goto err; goto err;
/* Calculate the issuerKey hash, excluding tag and length */ /* Calculate the issuerKey hash, excluding tag and length */
if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL))
goto err; goto err;
if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i)))
goto err; goto err;
if (serialNumber) { if (serialNumber) {
ASN1_INTEGER_free(cid->serialNumber); if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0)
if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL)
goto err; goto err;
} }
return cid; return cid;
@ -152,10 +151,10 @@ int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
if (ret) if (ret)
return ret; return ret;
ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash);
if (ret) if (ret)
return ret; return ret;
return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash);
} }
int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
@ -164,7 +163,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
ret = OCSP_id_issuer_cmp(a, b); ret = OCSP_id_issuer_cmp(a, b);
if (ret) if (ret)
return ret; return ret;
return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber);
} }
/* /*

6
crypto/ocsp/ocsp_prn.c
View File

@ -77,11 +77,11 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING);
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING);
BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); BIO_printf(bp, "\n%*sSerial Number: ", indent, "");
i2a_ASN1_INTEGER(bp, a->serialNumber); i2a_ASN1_INTEGER(bp, &a->serialNumber);
BIO_printf(bp, "\n"); BIO_printf(bp, "\n");
return 1; return 1;
} }

6
crypto/ocsp/ocsp_srv.c
View File

@ -96,11 +96,11 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
if (pmd) if (pmd)
*pmd = cid->hashAlgorithm.algorithm; *pmd = cid->hashAlgorithm.algorithm;
if (piNameHash) if (piNameHash)
*piNameHash = cid->issuerNameHash; *piNameHash = &cid->issuerNameHash;
if (pikeyHash) if (pikeyHash)
*pikeyHash = cid->issuerKeyHash; *pikeyHash = &cid->issuerKeyHash;
if (pserial) if (pserial)
*pserial = cid->serialNumber; *pserial = &cid->serialNumber;
return 1; return 1;
} }

8
crypto/ocsp/ocsp_vfy.c
View File

@ -324,16 +324,16 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
mdlen = EVP_MD_size(dgst); mdlen = EVP_MD_size(dgst);
if (mdlen < 0) if (mdlen < 0)
return -1; return -1;
if ((cid->issuerNameHash->length != mdlen) || if ((cid->issuerNameHash.length != mdlen) ||
(cid->issuerKeyHash->length != mdlen)) (cid->issuerKeyHash.length != mdlen))
return 0; return 0;
iname = X509_get_subject_name(cert); iname = X509_get_subject_name(cert);
if (!X509_NAME_digest(iname, dgst, md, NULL)) if (!X509_NAME_digest(iname, dgst, md, NULL))
return -1; return -1;
if (memcmp(md, cid->issuerNameHash->data, mdlen)) if (memcmp(md, cid->issuerNameHash.data, mdlen))
return 0; return 0;
X509_pubkey_digest(cert, dgst, md, NULL); X509_pubkey_digest(cert, dgst, md, NULL);
if (memcmp(md, cid->issuerKeyHash->data, mdlen)) if (memcmp(md, cid->issuerKeyHash.data, mdlen))
return 0; return 0;
return 1; return 1;