summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp
diff options
context:
space:
mode:
authordjm <>2008-09-06 12:17:54 +0000
committerdjm <>2008-09-06 12:17:54 +0000
commit38ce604e3cc97706b876b0525ddff0121115456d (patch)
tree7ccc28afe1789ea3dbedf72365f955d5b8e105b5 /src/lib/libcrypto/ocsp
parent12867252827c8efaa8ddd1fa3b3d6e321e2bcdef (diff)
downloadopenbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.gz
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.tar.bz2
openbsd-38ce604e3cc97706b876b0525ddff0121115456d.zip
resolve conflicts
Diffstat (limited to 'src/lib/libcrypto/ocsp')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp.h42
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_asn.c2
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_cl.c2
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_err.c14
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ext.c35
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ht.c468
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_lib.c4
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_prn.c4
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_vfy.c2
9 files changed, 441 insertions, 132 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index fab3c03182..a0577a717e 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -186,11 +186,11 @@ typedef struct ocsp_resp_bytes_st
186 * responseStatus OCSPResponseStatus, 186 * responseStatus OCSPResponseStatus,
187 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL } 187 * responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
188 */ 188 */
189typedef struct ocsp_response_st 189struct ocsp_response_st
190 { 190 {
191 ASN1_ENUMERATED *responseStatus; 191 ASN1_ENUMERATED *responseStatus;
192 OCSP_RESPBYTES *responseBytes; 192 OCSP_RESPBYTES *responseBytes;
193 } OCSP_RESPONSE; 193 };
194 194
195/* ResponderID ::= CHOICE { 195/* ResponderID ::= CHOICE {
196 * byName [1] Name, 196 * byName [1] Name,
@@ -198,14 +198,18 @@ typedef struct ocsp_response_st
198 */ 198 */
199#define V_OCSP_RESPID_NAME 0 199#define V_OCSP_RESPID_NAME 0
200#define V_OCSP_RESPID_KEY 1 200#define V_OCSP_RESPID_KEY 1
201typedef struct ocsp_responder_id_st 201struct ocsp_responder_id_st
202 { 202 {
203 int type; 203 int type;
204 union { 204 union {
205 X509_NAME* byName; 205 X509_NAME* byName;
206 ASN1_OCTET_STRING *byKey; 206 ASN1_OCTET_STRING *byKey;
207 } value; 207 } value;
208 } OCSP_RESPID; 208 };
209
210DECLARE_STACK_OF(OCSP_RESPID)
211DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
212
209/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key 213/* KeyHash ::= OCTET STRING --SHA-1 hash of responder's public key
210 * --(excluding the tag and length fields) 214 * --(excluding the tag and length fields)
211 */ 215 */
@@ -349,13 +353,9 @@ typedef struct ocsp_service_locator_st
349#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" 353#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
350#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" 354#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
351 355
352#define d2i_OCSP_REQUEST_bio(bp,p) (OCSP_REQUEST*)ASN1_d2i_bio((char*(*)()) \ 356#define d2i_OCSP_REQUEST_bio(bp,p) ASN1_d2i_bio_of(OCSP_REQUEST,OCSP_REQUEST_new,d2i_OCSP_REQUEST,bp,p)
353 OCSP_REQUEST_new,(char *(*)())d2i_OCSP_REQUEST, (bp),\
354 (unsigned char **)(p))
355 357
356#define d2i_OCSP_RESPONSE_bio(bp,p) (OCSP_RESPONSE*)ASN1_d2i_bio((char*(*)())\ 358#define d2i_OCSP_RESPONSE_bio(bp,p) ASN1_d2i_bio_of(OCSP_RESPONSE,OCSP_RESPONSE_new,d2i_OCSP_RESPONSE,bp,p)
357 OCSP_REQUEST_new,(char *(*)())d2i_OCSP_RESPONSE, (bp),\
358 (unsigned char **)(p))
359 359
360#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \ 360#define PEM_read_bio_OCSP_REQUEST(bp,x,cb) (OCSP_REQUEST *)PEM_ASN1_read_bio( \
361 (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL) 361 (char *(*)())d2i_OCSP_REQUEST,PEM_STRING_OCSP_REQUEST,bp,(char **)x,cb,NULL)
@@ -371,11 +371,9 @@ typedef struct ocsp_service_locator_st
371 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\ 371 PEM_ASN1_write_bio((int (*)())i2d_OCSP_RESPONSE,PEM_STRING_OCSP_RESPONSE,\
372 bp,(char *)o, NULL,NULL,0,NULL,NULL) 372 bp,(char *)o, NULL,NULL,0,NULL,NULL)
373 373
374#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_RESPONSE,bp,\ 374#define i2d_OCSP_RESPONSE_bio(bp,o) ASN1_i2d_bio_of(OCSP_RESPONSE,i2d_OCSP_RESPONSE,bp,o)
375 (unsigned char *)o)
376 375
377#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio(i2d_OCSP_REQUEST,bp,\ 376#define i2d_OCSP_REQUEST_bio(bp,o) ASN1_i2d_bio_of(OCSP_REQUEST,i2d_OCSP_REQUEST,bp,o)
378 (unsigned char *)o)
379 377
380#define OCSP_REQUEST_sign(o,pkey,md) \ 378#define OCSP_REQUEST_sign(o,pkey,md) \
381 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ 379 ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
@@ -396,14 +394,17 @@ typedef struct ocsp_service_locator_st
396#define ASN1_BIT_STRING_digest(data,type,md,len) \ 394#define ASN1_BIT_STRING_digest(data,type,md,len) \
397 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) 395 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
398 396
399#define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\ 397#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
400 (char *(*)())d2i_OCSP_CERTID,(char *)(cid))
401 398
402#define OCSP_CERTSTATUS_dup(cs)\ 399#define OCSP_CERTSTATUS_dup(cs)\
403 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ 400 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
404 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) 401 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
405 402
406OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); 403OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
404OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
405 int maxline);
406int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
407void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
407 408
408OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); 409OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
409 410
@@ -473,8 +474,10 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
473 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, 474 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
474 STACK_OF(X509) *certs, unsigned long flags); 475 STACK_OF(X509) *certs, unsigned long flags);
475 476
476ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 477ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
477 char *data, STACK_OF(ASN1_OBJECT) *sk); 478 void *data, STACK_OF(ASN1_OBJECT) *sk);
479#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
480 ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
478 481
479X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); 482X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
480 483
@@ -564,11 +567,11 @@ void ERR_load_OCSP_strings(void);
564 567
565/* Function codes. */ 568/* Function codes. */
566#define OCSP_F_ASN1_STRING_ENCODE 100 569#define OCSP_F_ASN1_STRING_ENCODE 100
567#define OCSP_F_CERT_ID_NEW 101
568#define OCSP_F_D2I_OCSP_NONCE 102 570#define OCSP_F_D2I_OCSP_NONCE 102
569#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 571#define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
570#define OCSP_F_OCSP_BASIC_SIGN 104 572#define OCSP_F_OCSP_BASIC_SIGN 104
571#define OCSP_F_OCSP_BASIC_VERIFY 105 573#define OCSP_F_OCSP_BASIC_VERIFY 105
574#define OCSP_F_OCSP_CERT_ID_NEW 101
572#define OCSP_F_OCSP_CHECK_DELEGATED 106 575#define OCSP_F_OCSP_CHECK_DELEGATED 106
573#define OCSP_F_OCSP_CHECK_IDS 107 576#define OCSP_F_OCSP_CHECK_IDS 107
574#define OCSP_F_OCSP_CHECK_ISSUER 108 577#define OCSP_F_OCSP_CHECK_ISSUER 108
@@ -579,6 +582,7 @@ void ERR_load_OCSP_strings(void);
579#define OCSP_F_OCSP_REQUEST_VERIFY 116 582#define OCSP_F_OCSP_REQUEST_VERIFY 116
580#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 583#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
581#define OCSP_F_OCSP_SENDREQ_BIO 112 584#define OCSP_F_OCSP_SENDREQ_BIO 112
585#define OCSP_F_PARSE_HTTP_LINE1 117
582#define OCSP_F_REQUEST_VERIFY 113 586#define OCSP_F_REQUEST_VERIFY 113
583 587
584/* Reason codes. */ 588/* Reason codes. */
diff --git a/src/lib/libcrypto/ocsp/ocsp_asn.c b/src/lib/libcrypto/ocsp/ocsp_asn.c
index 6a3a360d54..39b7a1c568 100644
--- a/src/lib/libcrypto/ocsp/ocsp_asn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_asn.c
@@ -62,7 +62,7 @@
62ASN1_SEQUENCE(OCSP_SIGNATURE) = { 62ASN1_SEQUENCE(OCSP_SIGNATURE) = {
63 ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), 63 ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
64 ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), 64 ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
65 ASN1_EXP_SEQUENCE_OF(OCSP_SIGNATURE, certs, X509, 0) 65 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
66} ASN1_SEQUENCE_END(OCSP_SIGNATURE) 66} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
67 67
68IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) 68IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 9b3e6dd8ca..17bab5fc59 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -101,6 +101,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
101 { 101 {
102 GENERAL_NAME *gen; 102 GENERAL_NAME *gen;
103 gen = GENERAL_NAME_new(); 103 gen = GENERAL_NAME_new();
104 if (gen == NULL)
105 return 0;
104 if (!X509_NAME_set(&gen->d.directoryName, nm)) 106 if (!X509_NAME_set(&gen->d.directoryName, nm))
105 { 107 {
106 GENERAL_NAME_free(gen); 108 GENERAL_NAME_free(gen);
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index 65e6093fbc..d2f2e79f44 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
1/* crypto/ocsp/ocsp_err.c */ 1/* crypto/ocsp/ocsp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -71,11 +71,11 @@
71static ERR_STRING_DATA OCSP_str_functs[]= 71static ERR_STRING_DATA OCSP_str_functs[]=
72 { 72 {
73{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, 73{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
74{ERR_FUNC(OCSP_F_CERT_ID_NEW), "CERT_ID_NEW"},
75{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, 74{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
76{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, 75{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
77{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, 76{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
78{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, 77{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
78{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
79{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, 79{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
80{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, 80{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
81{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, 81{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
@@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, 86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, 87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, 88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
89{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
89{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, 90{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
90{0,NULL} 91{0,NULL}
91 }; 92 };
@@ -129,15 +130,12 @@ static ERR_STRING_DATA OCSP_str_reasons[]=
129 130
130void ERR_load_OCSP_strings(void) 131void ERR_load_OCSP_strings(void)
131 { 132 {
132 static int init=1; 133#ifndef OPENSSL_NO_ERR
133 134
134 if (init) 135 if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL)
135 { 136 {
136 init=0;
137#ifndef OPENSSL_NO_ERR
138 ERR_load_strings(0,OCSP_str_functs); 137 ERR_load_strings(0,OCSP_str_functs);
139 ERR_load_strings(0,OCSP_str_reasons); 138 ERR_load_strings(0,OCSP_str_reasons);
140#endif
141
142 } 139 }
140#endif
143 } 141 }
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 57399433fc..815cc29d58 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -265,8 +265,8 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
265 265
266/* also CRL Entry Extensions */ 266/* also CRL Entry Extensions */
267 267
268ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(), 268ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
269 char *data, STACK_OF(ASN1_OBJECT) *sk) 269 void *data, STACK_OF(ASN1_OBJECT) *sk)
270 { 270 {
271 int i; 271 int i;
272 unsigned char *p, *b = NULL; 272 unsigned char *p, *b = NULL;
@@ -274,18 +274,23 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, int (*i2d)(),
274 if (data) 274 if (data)
275 { 275 {
276 if ((i=i2d(data,NULL)) <= 0) goto err; 276 if ((i=i2d(data,NULL)) <= 0) goto err;
277 if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) 277 if (!(b=p=OPENSSL_malloc((unsigned int)i)))
278 goto err; 278 goto err;
279 if (i2d(data, &p) <= 0) goto err; 279 if (i2d(data, &p) <= 0) goto err;
280 } 280 }
281 else if (sk) 281 else if (sk)
282 { 282 {
283 if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,i2d,V_ASN1_SEQUENCE, 283 if ((i=i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL,
284 V_ASN1_UNIVERSAL,IS_SEQUENCE))<=0) goto err; 284 (I2D_OF(ASN1_OBJECT))i2d,
285 if (!(b=p=(unsigned char*)OPENSSL_malloc((unsigned int)i))) 285 V_ASN1_SEQUENCE,
286 V_ASN1_UNIVERSAL,
287 IS_SEQUENCE))<=0) goto err;
288 if (!(b=p=OPENSSL_malloc((unsigned int)i)))
286 goto err; 289 goto err;
287 if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,i2d,V_ASN1_SEQUENCE, 290 if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d,
288 V_ASN1_UNIVERSAL,IS_SEQUENCE)<=0) goto err; 291 V_ASN1_SEQUENCE,
292 V_ASN1_UNIVERSAL,
293 IS_SEQUENCE)<=0) goto err;
289 } 294 }
290 else 295 else
291 { 296 {
@@ -439,7 +444,8 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
439 } 444 }
440 if (!(x = X509_EXTENSION_new())) goto err; 445 if (!(x = X509_EXTENSION_new())) goto err;
441 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err; 446 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
442 if (!(ASN1_STRING_encode(x->value,i2d_OCSP_CRLID,(char*)cid,NULL))) 447 if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
448 NULL)))
443 goto err; 449 goto err;
444 OCSP_CRLID_free(cid); 450 OCSP_CRLID_free(cid);
445 return x; 451 return x;
@@ -467,7 +473,8 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
467 if (!(x = X509_EXTENSION_new())) goto err; 473 if (!(x = X509_EXTENSION_new())) goto err;
468 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses))) 474 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
469 goto err; 475 goto err;
470 if (!(ASN1_STRING_encode(x->value,i2d_ASN1_OBJECT,NULL,sk))) 476 if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
477 sk)))
471 goto err; 478 goto err;
472 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); 479 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
473 return x; 480 return x;
@@ -487,8 +494,8 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
487 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; 494 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
488 if (!(x = X509_EXTENSION_new())) goto err; 495 if (!(x = X509_EXTENSION_new())) goto err;
489 if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err; 496 if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
490 if (!(ASN1_STRING_encode(x->value,i2d_ASN1_GENERALIZEDTIME, 497 if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
491 (char*)gt,NULL))) goto err; 498 i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
492 ASN1_GENERALIZEDTIME_free(gt); 499 ASN1_GENERALIZEDTIME_free(gt);
493 return x; 500 return x;
494err: 501err:
@@ -526,8 +533,8 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
526 if (!(x = X509_EXTENSION_new())) goto err; 533 if (!(x = X509_EXTENSION_new())) goto err;
527 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 534 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
528 goto err; 535 goto err;
529 if (!(ASN1_STRING_encode(x->value, i2d_OCSP_SERVICELOC, 536 if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
530 (char*)sloc, NULL))) goto err; 537 i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
531 OCSP_SERVICELOC_free(sloc); 538 OCSP_SERVICELOC_free(sloc);
532 return x; 539 return x;
533err: 540err:
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 2c48171883..a8e569b74a 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -1,9 +1,9 @@
1/* ocsp_ht.c */ 1/* ocsp_ht.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 2000. 3 * project 2006.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -68,106 +68,404 @@
68#define strtoul (unsigned long)strtol 68#define strtoul (unsigned long)strtol
69#endif /* OPENSSL_SYS_SUNOS */ 69#endif /* OPENSSL_SYS_SUNOS */
70 70
71/* Quick and dirty HTTP OCSP request handler. 71/* Stateful OCSP request code, supporting non-blocking I/O */
72 * Could make this a bit cleverer by adding
73 * support for non blocking BIOs and a few
74 * other refinements.
75 */
76 72
77OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req) 73/* Opaque OCSP request status structure */
78{ 74
79 BIO *mem = NULL; 75struct ocsp_req_ctx_st {
80 char tmpbuf[1024]; 76 int state; /* Current I/O state */
81 OCSP_RESPONSE *resp = NULL; 77 unsigned char *iobuf; /* Line buffer */
82 char *p, *q, *r; 78 int iobuflen; /* Line buffer length */
83 int len, retcode; 79 BIO *io; /* BIO to perform I/O with */
84 static char req_txt[] = 80 BIO *mem; /* Memory BIO response is built into */
85"POST %s HTTP/1.0\r\n\ 81 unsigned long asn1_len; /* ASN1 length of response */
86Content-Type: application/ocsp-request\r\n\ 82 };
87Content-Length: %d\r\n\r\n"; 83
88 84#define OCSP_MAX_REQUEST_LENGTH (100 * 1024)
89 len = i2d_OCSP_REQUEST(req, NULL); 85#define OCSP_MAX_LINE_LEN 4096;
90 if(BIO_printf(b, req_txt, path, len) < 0) { 86
91 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); 87/* OCSP states */
92 goto err; 88
93 } 89/* If set no reading should be performed */
94 if(i2d_OCSP_REQUEST_bio(b, req) <= 0) { 90#define OHS_NOREAD 0x1000
95 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_WRITE_ERROR); 91/* Error condition */
96 goto err; 92#define OHS_ERROR (0 | OHS_NOREAD)
93/* First line being read */
94#define OHS_FIRSTLINE 1
95/* MIME headers being read */
96#define OHS_HEADERS 2
97/* OCSP initial header (tag + length) being read */
98#define OHS_ASN1_HEADER 3
99/* OCSP content octets being read */
100#define OHS_ASN1_CONTENT 4
101/* Request being sent */
102#define OHS_ASN1_WRITE (6 | OHS_NOREAD)
103/* Request being flushed */
104#define OHS_ASN1_FLUSH (7 | OHS_NOREAD)
105/* Completed */
106#define OHS_DONE (8 | OHS_NOREAD)
107
108
109static int parse_http_line1(char *line);
110
111void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
112 {
113 if (rctx->mem)
114 BIO_free(rctx->mem);
115 if (rctx->iobuf)
116 OPENSSL_free(rctx->iobuf);
117 OPENSSL_free(rctx);
97 } 118 }
98 if(!(mem = BIO_new(BIO_s_mem()))) goto err; 119
99 /* Copy response to a memory BIO: socket bios can't do gets! */ 120OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
100 while ((len = BIO_read(b, tmpbuf, sizeof tmpbuf))) { 121 int maxline)
101 if(len < 0) { 122 {
102 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_READ_ERROR); 123 static char post_hdr[] = "POST %s HTTP/1.0\r\n"
103 goto err; 124 "Content-Type: application/ocsp-request\r\n"
125 "Content-Length: %d\r\n\r\n";
126
127 OCSP_REQ_CTX *rctx;
128 rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
129 rctx->state = OHS_FIRSTLINE;
130 rctx->mem = BIO_new(BIO_s_mem());
131 rctx->io = io;
132 if (maxline > 0)
133 rctx->iobuflen = maxline;
134 else
135 rctx->iobuflen = OCSP_MAX_LINE_LEN;
136 rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
137 if (!path)
138 path = "/";
139
140 if (BIO_printf(rctx->mem, post_hdr, path,
141 i2d_OCSP_REQUEST(req, NULL)) <= 0)
142 {
143 rctx->state = OHS_ERROR;
144 return 0;
104 } 145 }
105 BIO_write(mem, tmpbuf, len); 146 if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
106 } 147 {
107 if(BIO_gets(mem, tmpbuf, 512) <= 0) { 148 rctx->state = OHS_ERROR;
108 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); 149 return 0;
109 goto err; 150 }
151 rctx->state = OHS_ASN1_WRITE;
152 rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
153
154 return rctx;
110 } 155 }
111 /* Parse the HTTP response. This will look like this:
112 * "HTTP/1.0 200 OK". We need to obtain the numeric code and
113 * (optional) informational message.
114 */
115 156
157/* Parse the HTTP response. This will look like this:
158 * "HTTP/1.0 200 OK". We need to obtain the numeric code and
159 * (optional) informational message.
160 */
161
162static int parse_http_line1(char *line)
163 {
164 int retcode;
165 char *p, *q, *r;
116 /* Skip to first white space (passed protocol info) */ 166 /* Skip to first white space (passed protocol info) */
117 for(p = tmpbuf; *p && !isspace((unsigned char)*p); p++) continue; 167
118 if(!*p) { 168 for(p = line; *p && !isspace((unsigned char)*p); p++)
119 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); 169 continue;
120 goto err; 170 if(!*p)
121 } 171 {
172 OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
173 OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
174 return 0;
175 }
176
122 /* Skip past white space to start of response code */ 177 /* Skip past white space to start of response code */
123 while(isspace((unsigned char)*p)) p++; 178 while(*p && isspace((unsigned char)*p))
124 if(!*p) { 179 p++;
125 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); 180
126 goto err; 181 if(!*p)
127 } 182 {
183 OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
184 OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
185 return 0;
186 }
187
128 /* Find end of response code: first whitespace after start of code */ 188 /* Find end of response code: first whitespace after start of code */
129 for(q = p; *q && !isspace((unsigned char)*q); q++) continue; 189 for(q = p; *q && !isspace((unsigned char)*q); q++)
130 if(!*q) { 190 continue;
131 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_PARSE_ERROR); 191
132 goto err; 192 if(!*q)
133 } 193 {
194 OCSPerr(OCSP_F_PARSE_HTTP_LINE1,
195 OCSP_R_SERVER_RESPONSE_PARSE_ERROR);
196 return 0;
197 }
198
134 /* Set end of response code and start of message */ 199 /* Set end of response code and start of message */
135 *q++ = 0; 200 *q++ = 0;
201
136 /* Attempt to parse numeric code */ 202 /* Attempt to parse numeric code */
137 retcode = strtoul(p, &r, 10); 203 retcode = strtoul(p, &r, 10);
138 if(*r) goto err; 204
205 if(*r)
206 return 0;
207
139 /* Skip over any leading white space in message */ 208 /* Skip over any leading white space in message */
140 while(isspace((unsigned char)*q)) q++; 209 while(*q && isspace((unsigned char)*q))
141 if(*q) { 210 q++;
142 /* Finally zap any trailing white space in message (include CRLF) */ 211
143 /* We know q has a non white space character so this is OK */ 212 if(*q)
144 for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--) *r = 0; 213 {
145 } 214 /* Finally zap any trailing white space in message (include
146 if(retcode != 200) { 215 * CRLF) */
147 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_SERVER_RESPONSE_ERROR); 216
148 if(!*q) { 217 /* We know q has a non white space character so this is OK */
149 ERR_add_error_data(2, "Code=", p); 218 for(r = q + strlen(q) - 1; isspace((unsigned char)*r); r--)
219 *r = 0;
150 } 220 }
151 else { 221 if(retcode != 200)
222 {
223 OCSPerr(OCSP_F_PARSE_HTTP_LINE1, OCSP_R_SERVER_RESPONSE_ERROR);
224 if(!*q)
225 ERR_add_error_data(2, "Code=", p);
226 else
152 ERR_add_error_data(4, "Code=", p, ",Reason=", q); 227 ERR_add_error_data(4, "Code=", p, ",Reason=", q);
228 return 0;
153 } 229 }
154 goto err; 230
231
232 return 1;
233
155 } 234 }
156 /* Find blank line marking beginning of content */ 235
157 while(BIO_gets(mem, tmpbuf, 512) > 0) 236int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx)
158 { 237 {
159 for(p = tmpbuf; isspace((unsigned char)*p); p++) continue; 238 int i, n;
160 if(!*p) break; 239 const unsigned char *p;
161 } 240 next_io:
162 if(*p) { 241 if (!(rctx->state & OHS_NOREAD))
163 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,OCSP_R_NO_CONTENT); 242 {
164 goto err; 243 n = BIO_read(rctx->io, rctx->iobuf, rctx->iobuflen);
244
245 if (n <= 0)
246 {
247 if (BIO_should_retry(rctx->io))
248 return -1;
249 return 0;
250 }
251
252 /* Write data to memory BIO */
253
254 if (BIO_write(rctx->mem, rctx->iobuf, n) != n)
255 return 0;
256 }
257
258 switch(rctx->state)
259 {
260
261 case OHS_ASN1_WRITE:
262 n = BIO_get_mem_data(rctx->mem, &p);
263
264 i = BIO_write(rctx->io,
265 p + (n - rctx->asn1_len), rctx->asn1_len);
266
267 if (i <= 0)
268 {
269 if (BIO_should_retry(rctx->io))
270 return -1;
271 rctx->state = OHS_ERROR;
272 return 0;
273 }
274
275 rctx->asn1_len -= i;
276
277 if (rctx->asn1_len > 0)
278 goto next_io;
279
280 rctx->state = OHS_ASN1_FLUSH;
281
282 (void)BIO_reset(rctx->mem);
283
284 case OHS_ASN1_FLUSH:
285
286 i = BIO_flush(rctx->io);
287
288 if (i > 0)
289 {
290 rctx->state = OHS_FIRSTLINE;
291 goto next_io;
292 }
293
294 if (BIO_should_retry(rctx->io))
295 return -1;
296
297 rctx->state = OHS_ERROR;
298 return 0;
299
300 case OHS_ERROR:
301 return 0;
302
303 case OHS_FIRSTLINE:
304 case OHS_HEADERS:
305
306 /* Attempt to read a line in */
307
308 next_line:
309 /* Due to &%^*$" memory BIO behaviour with BIO_gets we
310 * have to check there's a complete line in there before
311 * calling BIO_gets or we'll just get a partial read.
312 */
313 n = BIO_get_mem_data(rctx->mem, &p);
314 if ((n <= 0) || !memchr(p, '\n', n))
315 {
316 if (n >= rctx->iobuflen)
317 {
318 rctx->state = OHS_ERROR;
319 return 0;
320 }
321 goto next_io;
322 }
323 n = BIO_gets(rctx->mem, (char *)rctx->iobuf, rctx->iobuflen);
324
325 if (n <= 0)
326 {
327 if (BIO_should_retry(rctx->mem))
328 goto next_io;
329 rctx->state = OHS_ERROR;
330 return 0;
331 }
332
333 /* Don't allow excessive lines */
334 if (n == rctx->iobuflen)
335 {
336 rctx->state = OHS_ERROR;
337 return 0;
338 }
339
340 /* First line */
341 if (rctx->state == OHS_FIRSTLINE)
342 {
343 if (parse_http_line1((char *)rctx->iobuf))
344 {
345 rctx->state = OHS_HEADERS;
346 goto next_line;
347 }
348 else
349 {
350 rctx->state = OHS_ERROR;
351 return 0;
352 }
353 }
354 else
355 {
356 /* Look for blank line: end of headers */
357 for (p = rctx->iobuf; *p; p++)
358 {
359 if ((*p != '\r') && (*p != '\n'))
360 break;
361 }
362 if (*p)
363 goto next_line;
364
365 rctx->state = OHS_ASN1_HEADER;
366
367 }
368
369 /* Fall thru */
370
371
372 case OHS_ASN1_HEADER:
373 /* Now reading ASN1 header: can read at least 6 bytes which
374 * is more than enough for any valid ASN1 SEQUENCE header
375 */
376 n = BIO_get_mem_data(rctx->mem, &p);
377 if (n < 6)
378 goto next_io;
379
380 /* Check it is an ASN1 SEQUENCE */
381 if (*p++ != (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED))
382 {
383 rctx->state = OHS_ERROR;
384 return 0;
385 }
386
387 /* Check out length field */
388 if (*p & 0x80)
389 {
390 n = *p & 0x7F;
391 /* Not NDEF or excessive length */
392 if (!n || (n > 4))
393 {
394 rctx->state = OHS_ERROR;
395 return 0;
396 }
397 p++;
398 rctx->asn1_len = 0;
399 for (i = 0; i < n; i++)
400 {
401 rctx->asn1_len <<= 8;
402 rctx->asn1_len |= *p++;
403 }
404
405 if (rctx->asn1_len > OCSP_MAX_REQUEST_LENGTH)
406 {
407 rctx->state = OHS_ERROR;
408 return 0;
409 }
410
411 rctx->asn1_len += n + 2;
412 }
413 else
414 rctx->asn1_len = *p + 2;
415
416 rctx->state = OHS_ASN1_CONTENT;
417
418 /* Fall thru */
419
420 case OHS_ASN1_CONTENT:
421 n = BIO_get_mem_data(rctx->mem, &p);
422 if (n < (int)rctx->asn1_len)
423 goto next_io;
424
425
426 *presp = d2i_OCSP_RESPONSE(NULL, &p, rctx->asn1_len);
427 if (*presp)
428 {
429 rctx->state = OHS_DONE;
430 return 1;
431 }
432
433 rctx->state = OHS_ERROR;
434 return 0;
435
436 break;
437
438 case OHS_DONE:
439 return 1;
440
441 }
442
443
444
445 return 0;
446
447
165 } 448 }
166 if(!(resp = d2i_OCSP_RESPONSE_bio(mem, NULL))) { 449
167 OCSPerr(OCSP_F_OCSP_SENDREQ_BIO,ERR_R_NESTED_ASN1_ERROR); 450/* Blocking OCSP request handler: now a special case of non-blocking I/O */
168 goto err; 451
452OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req)
453 {
454 OCSP_RESPONSE *resp = NULL;
455 OCSP_REQ_CTX *ctx;
456 int rv;
457
458 ctx = OCSP_sendreq_new(b, path, req, -1);
459
460 do
461 {
462 rv = OCSP_sendreq_nbio(&resp, ctx);
463 } while ((rv == -1) && BIO_should_retry(b));
464
465 OCSP_REQ_CTX_free(ctx);
466
467 if (rv)
468 return resp;
469
470 return NULL;
169 } 471 }
170 err:
171 BIO_free(mem);
172 return resp;
173}
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 9e87fc7895..27450811d7 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -112,7 +112,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
112 if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm); 112 if (alg->algorithm != NULL) ASN1_OBJECT_free(alg->algorithm);
113 if ((nid = EVP_MD_type(dgst)) == NID_undef) 113 if ((nid = EVP_MD_type(dgst)) == NID_undef)
114 { 114 {
115 OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_UNKNOWN_NID); 115 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_UNKNOWN_NID);
116 goto err; 116 goto err;
117 } 117 }
118 if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err; 118 if (!(alg->algorithm=OBJ_nid2obj(nid))) goto err;
@@ -134,7 +134,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
134 } 134 }
135 return cid; 135 return cid;
136digerr: 136digerr:
137 OCSPerr(OCSP_F_CERT_ID_NEW,OCSP_R_DIGEST_ERR); 137 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW,OCSP_R_DIGEST_ERR);
138err: 138err:
139 if (cid) OCSP_CERTID_free(cid); 139 if (cid) OCSP_CERTID_free(cid);
140 return NULL; 140 return NULL;
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 4b7bc28769..3dfb51c1e4 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -194,7 +194,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
194 194
195 if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err; 195 if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) goto err;
196 l=ASN1_ENUMERATED_get(o->responseStatus); 196 l=ASN1_ENUMERATED_get(o->responseStatus);
197 if (BIO_printf(bp," OCSP Response Status: %s (0x%x)\n", 197 if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n",
198 OCSP_response_status_str(l), l) <= 0) goto err; 198 OCSP_response_status_str(l), l) <= 0) goto err;
199 if (rb == NULL) return 1; 199 if (rb == NULL) return 1;
200 if (BIO_puts(bp," Response Type: ") <= 0) 200 if (BIO_puts(bp," Response Type: ") <= 0)
@@ -252,7 +252,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
252 { 252 {
253 l=ASN1_ENUMERATED_get(rev->revocationReason); 253 l=ASN1_ENUMERATED_get(rev->revocationReason);
254 if (BIO_printf(bp, 254 if (BIO_printf(bp,
255 "\n Revocation Reason: %s (0x%x)", 255 "\n Revocation Reason: %s (0x%lx)",
256 OCSP_crl_reason_str(l), l) <= 0) 256 OCSP_crl_reason_str(l), l) <= 0)
257 goto err; 257 goto err;
258 } 258 }
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 3d58dfb06c..23ea41c847 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -367,7 +367,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *st
367 return 0; 367 return 0;
368 } 368 }
369 gen = req->tbsRequest->requestorName; 369 gen = req->tbsRequest->requestorName;
370 if (gen->type != GEN_DIRNAME) 370 if (!gen || gen->type != GEN_DIRNAME)
371 { 371 {
372 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); 372 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
373 return 0; 373 return 0;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-26 18:10:38 +0000