summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/ocsp
diff options
context:
space:
mode:
authordjm <>2010-10-01 22:54:21 +0000
committerdjm <>2010-10-01 22:54:21 +0000
commit829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
treee03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/ocsp
parente6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
downloadopenbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libcrypto/ocsp')
-rw-r--r--src/lib/libcrypto/ocsp/ocsp.h22
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_cl.c1
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_err.c3
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ext.c47
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_ht.c56
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_lib.c3
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_prn.c23
-rw-r--r--src/lib/libcrypto/ocsp/ocsp_vfy.c4
8 files changed, 82 insertions, 77 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index a0577a717e..31e45744ba 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -64,6 +64,7 @@
64#ifndef HEADER_OCSP_H 64#ifndef HEADER_OCSP_H
65#define HEADER_OCSP_H 65#define HEADER_OCSP_H
66 66
67#include <openssl/ossl_typ.h>
67#include <openssl/x509.h> 68#include <openssl/x509.h>
68#include <openssl/x509v3.h> 69#include <openssl/x509v3.h>
69#include <openssl/safestack.h> 70#include <openssl/safestack.h>
@@ -394,17 +395,20 @@ typedef struct ocsp_service_locator_st
394#define ASN1_BIT_STRING_digest(data,type,md,len) \ 395#define ASN1_BIT_STRING_digest(data,type,md,len) \
395 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) 396 ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
396 397
397#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
398
399#define OCSP_CERTSTATUS_dup(cs)\ 398#define OCSP_CERTSTATUS_dup(cs)\
400 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\ 399 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
401 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs)) 400 (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
402 401
402OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
403
403OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req); 404OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
404OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, 405OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
405 int maxline); 406 int maxline);
406int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx); 407int OCSP_sendreq_nbio(OCSP_RESPONSE **presp, OCSP_REQ_CTX *rctx);
407void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx); 408void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx);
409int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req);
410int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
411 const char *name, const char *value);
408 412
409OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer); 413OCSP_CERTID *OCSP_cert_to_id(const EVP_MD *dgst, X509 *subject, X509 *issuer);
410 414
@@ -474,11 +478,6 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
474 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst, 478 X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
475 STACK_OF(X509) *certs, unsigned long flags); 479 STACK_OF(X509) *certs, unsigned long flags);
476 480
477ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
478 void *data, STACK_OF(ASN1_OBJECT) *sk);
479#define ASN1_STRING_encode_of(type,s,i2d,data,sk) \
480 ASN1_STRING_encode(s, CHECKED_I2D_OF(type, i2d), data, sk)
481
482X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim); 481X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim);
483 482
484X509_EXTENSION *OCSP_accept_responses_new(char **oids); 483X509_EXTENSION *OCSP_accept_responses_new(char **oids);
@@ -547,9 +546,9 @@ DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
547DECLARE_ASN1_FUNCTIONS(OCSP_CRLID) 546DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
548DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC) 547DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)
549 548
550char *OCSP_response_status_str(long s); 549const char *OCSP_response_status_str(long s);
551char *OCSP_cert_status_str(long s); 550const char *OCSP_cert_status_str(long s);
552char *OCSP_crl_reason_str(long s); 551const char *OCSP_crl_reason_str(long s);
553 552
554int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags); 553int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
555int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags); 554int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags);
@@ -582,7 +581,8 @@ void ERR_load_OCSP_strings(void);
582#define OCSP_F_OCSP_REQUEST_VERIFY 116 581#define OCSP_F_OCSP_REQUEST_VERIFY 116
583#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111 582#define OCSP_F_OCSP_RESPONSE_GET1_BASIC 111
584#define OCSP_F_OCSP_SENDREQ_BIO 112 583#define OCSP_F_OCSP_SENDREQ_BIO 112
585#define OCSP_F_PARSE_HTTP_LINE1 117 584#define OCSP_F_OCSP_SENDREQ_NBIO 117
585#define OCSP_F_PARSE_HTTP_LINE1 118
586#define OCSP_F_REQUEST_VERIFY 113 586#define OCSP_F_REQUEST_VERIFY 113
587 587
588/* Reason codes. */ 588/* Reason codes. */
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index 17bab5fc59..9c14d9da27 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -155,7 +155,6 @@ int OCSP_request_sign(OCSP_REQUEST *req,
155 goto err; 155 goto err;
156 156
157 if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err; 157 if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new())) goto err;
158 if (!dgst) dgst = EVP_sha1();
159 if (key) 158 if (key)
160 { 159 {
161 if (!X509_check_private_key(signer, key)) 160 if (!X509_check_private_key(signer, key))
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c
index d2f2e79f44..0cedcea682 100644
--- a/src/lib/libcrypto/ocsp/ocsp_err.c
+++ b/src/lib/libcrypto/ocsp/ocsp_err.c
@@ -1,6 +1,6 @@
1/* crypto/ocsp/ocsp_err.c */ 1/* crypto/ocsp/ocsp_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2006 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -86,6 +86,7 @@ static ERR_STRING_DATA OCSP_str_functs[]=
86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, 86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, 87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, 88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
89{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
89{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, 90{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
90{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, 91{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
91{0,NULL} 92{0,NULL}
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c
index 815cc29d58..ec884cb08f 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ext.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ext.c
@@ -264,7 +264,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
264 } 264 }
265 265
266/* also CRL Entry Extensions */ 266/* also CRL Entry Extensions */
267 267#if 0
268ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, 268ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
269 void *data, STACK_OF(ASN1_OBJECT) *sk) 269 void *data, STACK_OF(ASN1_OBJECT) *sk)
270 { 270 {
@@ -305,6 +305,7 @@ err:
305 if (b) OPENSSL_free(b); 305 if (b) OPENSSL_free(b);
306 return NULL; 306 return NULL;
307 } 307 }
308#endif
308 309
309/* Nonce handling functions */ 310/* Nonce handling functions */
310 311
@@ -442,17 +443,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
442 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 443 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
443 goto err; 444 goto err;
444 } 445 }
445 if (!(x = X509_EXTENSION_new())) goto err; 446 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
446 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
447 if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
448 NULL)))
449 goto err;
450 OCSP_CRLID_free(cid);
451 return x;
452err: 447err:
453 if (x) X509_EXTENSION_free(x);
454 if (cid) OCSP_CRLID_free(cid); 448 if (cid) OCSP_CRLID_free(cid);
455 return NULL; 449 return x;
456 } 450 }
457 451
458/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */ 452/* AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
@@ -470,18 +464,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
470 sk_ASN1_OBJECT_push(sk, o); 464 sk_ASN1_OBJECT_push(sk, o);
471 oids++; 465 oids++;
472 } 466 }
473 if (!(x = X509_EXTENSION_new())) goto err; 467 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
474 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
475 goto err;
476 if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
477 sk)))
478 goto err;
479 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
480 return x;
481err: 468err:
482 if (x) X509_EXTENSION_free(x);
483 if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); 469 if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
484 return NULL; 470 return x;
485 } 471 }
486 472
487/* ArchiveCutoff ::= GeneralizedTime */ 473/* ArchiveCutoff ::= GeneralizedTime */
@@ -492,16 +478,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
492 478
493 if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err; 479 if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
494 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err; 480 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
495 if (!(x = X509_EXTENSION_new())) goto err; 481 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
496 if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
497 if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
498 i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
499 ASN1_GENERALIZEDTIME_free(gt);
500 return x;
501err: 482err:
502 if (gt) ASN1_GENERALIZEDTIME_free(gt); 483 if (gt) ASN1_GENERALIZEDTIME_free(gt);
503 if (x) X509_EXTENSION_free(x); 484 return x;
504 return NULL;
505 } 485 }
506 486
507/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently 487/* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
@@ -530,16 +510,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
530 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err; 510 if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
531 urls++; 511 urls++;
532 } 512 }
533 if (!(x = X509_EXTENSION_new())) goto err; 513 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
534 if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
535 goto err;
536 if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
537 i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
538 OCSP_SERVICELOC_free(sloc);
539 return x;
540err: 514err:
541 if (x) X509_EXTENSION_free(x);
542 if (sloc) OCSP_SERVICELOC_free(sloc); 515 if (sloc) OCSP_SERVICELOC_free(sloc);
543 return NULL; 516 return x;
544 } 517 }
545 518
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c
index 6abb30b2c0..12bbfcffd1 100644
--- a/src/lib/libcrypto/ocsp/ocsp_ht.c
+++ b/src/lib/libcrypto/ocsp/ocsp_ht.c
@@ -118,39 +118,65 @@ void OCSP_REQ_CTX_free(OCSP_REQ_CTX *rctx)
118 OPENSSL_free(rctx); 118 OPENSSL_free(rctx);
119 } 119 }
120 120
121OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req, 121int OCSP_REQ_CTX_set1_req(OCSP_REQ_CTX *rctx, OCSP_REQUEST *req)
122 int maxline)
123 { 122 {
124 static char post_hdr[] = "POST %s HTTP/1.0\r\n" 123 static const char req_hdr[] =
125 "Content-Type: application/ocsp-request\r\n" 124 "Content-Type: application/ocsp-request\r\n"
126 "Content-Length: %d\r\n\r\n"; 125 "Content-Length: %d\r\n\r\n";
126 if (BIO_printf(rctx->mem, req_hdr, i2d_OCSP_REQUEST(req, NULL)) <= 0)
127 return 0;
128 if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0)
129 return 0;
130 rctx->state = OHS_ASN1_WRITE;
131 rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
132 return 1;
133 }
134
135int OCSP_REQ_CTX_add1_header(OCSP_REQ_CTX *rctx,
136 const char *name, const char *value)
137 {
138 if (!name)
139 return 0;
140 if (BIO_puts(rctx->mem, name) <= 0)
141 return 0;
142 if (value)
143 {
144 if (BIO_write(rctx->mem, ": ", 2) != 2)
145 return 0;
146 if (BIO_puts(rctx->mem, value) <= 0)
147 return 0;
148 }
149 if (BIO_write(rctx->mem, "\r\n", 2) != 2)
150 return 0;
151 return 1;
152 }
153
154OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
155 int maxline)
156 {
157 static const char post_hdr[] = "POST %s HTTP/1.0\r\n";
127 158
128 OCSP_REQ_CTX *rctx; 159 OCSP_REQ_CTX *rctx;
129 rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX)); 160 rctx = OPENSSL_malloc(sizeof(OCSP_REQ_CTX));
130 rctx->state = OHS_FIRSTLINE; 161 rctx->state = OHS_ERROR;
131 rctx->mem = BIO_new(BIO_s_mem()); 162 rctx->mem = BIO_new(BIO_s_mem());
132 rctx->io = io; 163 rctx->io = io;
164 rctx->asn1_len = 0;
133 if (maxline > 0) 165 if (maxline > 0)
134 rctx->iobuflen = maxline; 166 rctx->iobuflen = maxline;
135 else 167 else
136 rctx->iobuflen = OCSP_MAX_LINE_LEN; 168 rctx->iobuflen = OCSP_MAX_LINE_LEN;
137 rctx->iobuf = OPENSSL_malloc(rctx->iobuflen); 169 rctx->iobuf = OPENSSL_malloc(rctx->iobuflen);
170 if (!rctx->iobuf)
171 return 0;
138 if (!path) 172 if (!path)
139 path = "/"; 173 path = "/";
140 174
141 if (BIO_printf(rctx->mem, post_hdr, path, 175 if (BIO_printf(rctx->mem, post_hdr, path) <= 0)
142 i2d_OCSP_REQUEST(req, NULL)) <= 0)
143 {
144 rctx->state = OHS_ERROR;
145 return 0; 176 return 0;
146 } 177
147 if (i2d_OCSP_REQUEST_bio(rctx->mem, req) <= 0) 178 if (req && !OCSP_REQ_CTX_set1_req(rctx, req))
148 {
149 rctx->state = OHS_ERROR;
150 return 0; 179 return 0;
151 }
152 rctx->state = OHS_ASN1_WRITE;
153 rctx->asn1_len = BIO_get_mem_data(rctx->mem, NULL);
154 180
155 return rctx; 181 return rctx;
156 } 182 }
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c
index 27450811d7..36905d76cd 100644
--- a/src/lib/libcrypto/ocsp/ocsp_lib.c
+++ b/src/lib/libcrypto/ocsp/ocsp_lib.c
@@ -69,6 +69,7 @@
69#include <openssl/pem.h> 69#include <openssl/pem.h>
70#include <openssl/x509v3.h> 70#include <openssl/x509v3.h>
71#include <openssl/ocsp.h> 71#include <openssl/ocsp.h>
72#include <openssl/asn1t.h>
72 73
73/* Convert a certificate and its issuer to an OCSP_CERTID */ 74/* Convert a certificate and its issuer to an OCSP_CERTID */
74 75
@@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
260 return 0; 261 return 0;
261 262
262 } 263 }
264
265IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c
index 3dfb51c1e4..1695c9c4ad 100644
--- a/src/lib/libcrypto/ocsp/ocsp_prn.c
+++ b/src/lib/libcrypto/ocsp/ocsp_prn.c
@@ -85,21 +85,21 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID* a, int indent)
85typedef struct 85typedef struct
86 { 86 {
87 long t; 87 long t;
88 char *m; 88 const char *m;
89 } OCSP_TBLSTR; 89 } OCSP_TBLSTR;
90 90
91static char *table2string(long s, OCSP_TBLSTR *ts, int len) 91static const char *table2string(long s, const OCSP_TBLSTR *ts, int len)
92{ 92{
93 OCSP_TBLSTR *p; 93 const OCSP_TBLSTR *p;
94 for (p=ts; p < ts + len; p++) 94 for (p=ts; p < ts + len; p++)
95 if (p->t == s) 95 if (p->t == s)
96 return p->m; 96 return p->m;
97 return "(UNKNOWN)"; 97 return "(UNKNOWN)";
98} 98}
99 99
100char *OCSP_response_status_str(long s) 100const char *OCSP_response_status_str(long s)
101 { 101 {
102 static OCSP_TBLSTR rstat_tbl[] = { 102 static const OCSP_TBLSTR rstat_tbl[] = {
103 { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, 103 { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
104 { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, 104 { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
105 { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, 105 { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
@@ -109,18 +109,18 @@ char *OCSP_response_status_str(long s)
109 return table2string(s, rstat_tbl, 6); 109 return table2string(s, rstat_tbl, 6);
110 } 110 }
111 111
112char *OCSP_cert_status_str(long s) 112const char *OCSP_cert_status_str(long s)
113 { 113 {
114 static OCSP_TBLSTR cstat_tbl[] = { 114 static const OCSP_TBLSTR cstat_tbl[] = {
115 { V_OCSP_CERTSTATUS_GOOD, "good" }, 115 { V_OCSP_CERTSTATUS_GOOD, "good" },
116 { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, 116 { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
117 { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } }; 117 { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } };
118 return table2string(s, cstat_tbl, 3); 118 return table2string(s, cstat_tbl, 3);
119 } 119 }
120 120
121char *OCSP_crl_reason_str(long s) 121const char *OCSP_crl_reason_str(long s)
122 { 122 {
123 OCSP_TBLSTR reason_tbl[] = { 123 static const OCSP_TBLSTR reason_tbl[] = {
124 { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, 124 { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
125 { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, 125 { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
126 { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, 126 { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
@@ -266,15 +266,16 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
266 if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) 266 if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate))
267 goto err; 267 goto err;
268 } 268 }
269 if (!BIO_write(bp,"\n",1)) goto err; 269 if (BIO_write(bp,"\n",1) <= 0) goto err;
270 if (!X509V3_extensions_print(bp, 270 if (!X509V3_extensions_print(bp,
271 "Response Single Extensions", 271 "Response Single Extensions",
272 single->singleExtensions, flags, 8)) 272 single->singleExtensions, flags, 8))
273 goto err; 273 goto err;
274 if (!BIO_write(bp,"\n",1)) goto err; 274 if (BIO_write(bp,"\n",1) <= 0) goto err;
275 } 275 }
276 if (!X509V3_extensions_print(bp, "Response Extensions", 276 if (!X509V3_extensions_print(bp, "Response Extensions",
277 rd->responseExtensions, flags, 4)) 277 rd->responseExtensions, flags, 4))
278 goto err;
278 if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) 279 if(X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
279 goto err; 280 goto err;
280 281
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index 4a0c3870d8..415d67e61c 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -308,6 +308,8 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
308 } 308 }
309 309
310 mdlen = EVP_MD_size(dgst); 310 mdlen = EVP_MD_size(dgst);
311 if (mdlen < 0)
312 return -1;
311 if ((cid->issuerNameHash->length != mdlen) || 313 if ((cid->issuerNameHash->length != mdlen) ||
312 (cid->issuerKeyHash->length != mdlen)) 314 (cid->issuerKeyHash->length != mdlen))
313 return 0; 315 return 0;
@@ -316,7 +318,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
316 return -1; 318 return -1;
317 if (memcmp(md, cid->issuerNameHash->data, mdlen)) 319 if (memcmp(md, cid->issuerNameHash->data, mdlen))
318 return 0; 320 return 0;
319 X509_pubkey_digest(cert, EVP_sha1(), md, NULL); 321 X509_pubkey_digest(cert, dgst, md, NULL);
320 if (memcmp(md, cid->issuerKeyHash->data, mdlen)) 322 if (memcmp(md, cid->issuerKeyHash->data, mdlen))
321 return 0; 323 return 0;
322 324
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-05 04:41:29 +0000