summaryrefslogtreecommitdiff
path: root/src/lib/libssl/src
diff options
context:
space:
mode:
authorjsing <>2014-05-18 11:28:41 +0000
committerjsing <>2014-05-18 11:28:41 +0000
commit130b79d13e9e609dc1fa21b6dcce5ec8335c37dd (patch)
tree73b1744a184fd1987676d03b6f2ec63ada8a7410 /src/lib/libssl/src
parent4869c44223ad25dc8438902faece1f2e1d066bd3 (diff)
downloadopenbsd-130b79d13e9e609dc1fa21b6dcce5ec8335c37dd.tar.gz
openbsd-130b79d13e9e609dc1fa21b6dcce5ec8335c37dd.tar.bz2
openbsd-130b79d13e9e609dc1fa21b6dcce5ec8335c37dd.zip
More KNF.
Diffstat (limited to 'src/lib/libssl/src')
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp.h6
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_asn.c46
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_cl.c17
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_err.c131
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_ext.c43
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_ht.c8
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_lib.c11
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_prn.c100
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_srv.c15
-rw-r--r--src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c24
10 files changed, 208 insertions, 193 deletions
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp.h b/src/lib/libssl/src/crypto/ocsp/ocsp.h
index 9401f7db2f..09733aff63 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp.h
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp.h
@@ -15,7 +15,7 @@
15 * are met: 15 * are met:
16 * 16 *
17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.
19 * 19 *
20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in
@@ -335,7 +335,7 @@ typedef struct ocsp_service_locator_st {
335 X509_NAME* issuer; 335 X509_NAME* issuer;
336 STACK_OF(ACCESS_DESCRIPTION) *locator; 336 STACK_OF(ACCESS_DESCRIPTION) *locator;
337} OCSP_SERVICELOC; 337} OCSP_SERVICELOC;
338 338
339#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" 339#define PEM_STRING_OCSP_REQUEST "OCSP REQUEST"
340#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" 340#define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE"
341 341
@@ -454,7 +454,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
454int OCSP_request_is_signed(OCSP_REQUEST *req); 454int OCSP_request_is_signed(OCSP_REQUEST *req);
455OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); 455OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs);
456OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, 456OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid,
457 int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, 457 int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd,
458 ASN1_TIME *nextupd); 458 ASN1_TIME *nextupd);
459int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); 459int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert);
460int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, 460int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c
index bfe892ac70..2a7ed1a187 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -102,8 +102,8 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST)
102/* OCSP_RESPONSE templates */ 102/* OCSP_RESPONSE templates */
103 103
104ASN1_SEQUENCE(OCSP_RESPBYTES) = { 104ASN1_SEQUENCE(OCSP_RESPBYTES) = {
105 ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), 105 ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT),
106 ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) 106 ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING)
107} ASN1_SEQUENCE_END(OCSP_RESPBYTES) 107} ASN1_SEQUENCE_END(OCSP_RESPBYTES)
108 108
109IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) 109IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES)
@@ -116,15 +116,15 @@ ASN1_SEQUENCE(OCSP_RESPONSE) = {
116IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) 116IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
117 117
118ASN1_CHOICE(OCSP_RESPID) = { 118ASN1_CHOICE(OCSP_RESPID) = {
119 ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), 119 ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1),
120 ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) 120 ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2)
121} ASN1_CHOICE_END(OCSP_RESPID) 121} ASN1_CHOICE_END(OCSP_RESPID)
122 122
123IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) 123IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID)
124 124
125ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { 125ASN1_SEQUENCE(OCSP_REVOKEDINFO) = {
126 ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), 126 ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME),
127 ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) 127 ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0)
128} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) 128} ASN1_SEQUENCE_END(OCSP_REVOKEDINFO)
129 129
130IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) 130IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
@@ -138,38 +138,38 @@ ASN1_CHOICE(OCSP_CERTSTATUS) = {
138IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) 138IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
139 139
140ASN1_SEQUENCE(OCSP_SINGLERESP) = { 140ASN1_SEQUENCE(OCSP_SINGLERESP) = {
141 ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), 141 ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID),
142 ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), 142 ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS),
143 ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), 143 ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME),
144 ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), 144 ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0),
145 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) 145 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1)
146} ASN1_SEQUENCE_END(OCSP_SINGLERESP) 146} ASN1_SEQUENCE_END(OCSP_SINGLERESP)
147 147
148IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) 148IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
149 149
150ASN1_SEQUENCE(OCSP_RESPDATA) = { 150ASN1_SEQUENCE(OCSP_RESPDATA) = {
151 ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), 151 ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
152 ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), 152 ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
153 ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), 153 ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
154 ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), 154 ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
155 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) 155 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
156} ASN1_SEQUENCE_END(OCSP_RESPDATA) 156} ASN1_SEQUENCE_END(OCSP_RESPDATA)
157 157
158IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) 158IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
159 159
160ASN1_SEQUENCE(OCSP_BASICRESP) = { 160ASN1_SEQUENCE(OCSP_BASICRESP) = {
161 ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), 161 ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
162 ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), 162 ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
163 ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), 163 ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
164 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) 164 ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
165} ASN1_SEQUENCE_END(OCSP_BASICRESP) 165} ASN1_SEQUENCE_END(OCSP_BASICRESP)
166 166
167IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) 167IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
168 168
169ASN1_SEQUENCE(OCSP_CRLID) = { 169ASN1_SEQUENCE(OCSP_CRLID) = {
170 ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), 170 ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0),
171 ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), 171 ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1),
172 ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) 172 ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2)
173} ASN1_SEQUENCE_END(OCSP_CRLID) 173} ASN1_SEQUENCE_END(OCSP_CRLID)
174 174
175IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) 175IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID)
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c
index 716513d2f9..aabd497dde 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c
@@ -15,7 +15,7 @@
15 * are met: 15 * are met:
16 * 16 *
17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.
19 * 19 *
20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in
@@ -75,7 +75,7 @@
75 * relevant information from the response. 75 * relevant information from the response.
76 */ 76 */
77 77
78/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ 78/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
79 * pointer: useful if we want to add extensions. 79 * pointer: useful if we want to add extensions.
80 */ 80 */
81OCSP_ONEREQ * 81OCSP_ONEREQ *
@@ -91,6 +91,7 @@ OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
91 if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) 91 if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
92 goto err; 92 goto err;
93 return one; 93 return one;
94
94err: 95err:
95 OCSP_ONEREQ_free(one); 96 OCSP_ONEREQ_free(one);
96 return NULL; 97 return NULL;
@@ -115,7 +116,7 @@ OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
115 req->tbsRequest->requestorName = gen; 116 req->tbsRequest->requestorName = gen;
116 return 1; 117 return 1;
117} 118}
118 119
119/* Add a certificate to an OCSP request */ 120/* Add a certificate to an OCSP request */
120int 121int
121OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) 122OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
@@ -132,7 +133,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert)
132 if (!sig->certs && !(sig->certs = sk_X509_new_null())) 133 if (!sig->certs && !(sig->certs = sk_X509_new_null()))
133 return 0; 134 return 0;
134 135
135 if(!sk_X509_push(sig->certs, cert)) 136 if (!sk_X509_push(sig->certs, cert))
136 return 0; 137 return 0;
137 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); 138 CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
138 return 1; 139 return 1;
@@ -167,7 +168,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
167 } 168 }
168 169
169 if (!(flags & OCSP_NOCERTS)) { 170 if (!(flags & OCSP_NOCERTS)) {
170 if(!OCSP_request_add1_cert(req, signer)) 171 if (!OCSP_request_add1_cert(req, signer))
171 goto err; 172 goto err;
172 for (i = 0; i < sk_X509_num(certs); i++) { 173 for (i = 0; i < sk_X509_num(certs); i++) {
173 x = sk_X509_value(certs, i); 174 x = sk_X509_value(certs, i);
@@ -177,6 +178,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
177 } 178 }
178 179
179 return 1; 180 return 1;
181
180err: 182err:
181 OCSP_SIGNATURE_free(req->optionalSignature); 183 OCSP_SIGNATURE_free(req->optionalSignature);
182 req->optionalSignature = NULL; 184 req->optionalSignature = NULL;
@@ -257,7 +259,7 @@ OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
257} 259}
258 260
259/* Extract status information from an OCSP_SINGLERESP structure. 261/* Extract status information from an OCSP_SINGLERESP structure.
260 * Note: the revtime and reason values are only set if the 262 * Note: the revtime and reason values are only set if the
261 * certificate status is revoked. Returns numerical value of 263 * certificate status is revoked. Returns numerical value of
262 * status. 264 * status.
263 */ 265 */
@@ -280,7 +282,8 @@ OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
280 *revtime = rev->revocationTime; 282 *revtime = rev->revocationTime;
281 if (reason) { 283 if (reason) {
282 if (rev->revocationReason) 284 if (rev->revocationReason)
283 *reason = ASN1_ENUMERATED_get(rev->revocationReason); 285 *reason = ASN1_ENUMERATED_get(
286 rev->revocationReason);
284 else 287 else
285 *reason = -1; 288 *reason = -1;
286 } 289 }
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
index 0cedcea682..8faf35d7c3 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c
@@ -7,7 +7,7 @@
7 * are met: 7 * are met:
8 * 8 *
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
11 * 11 *
12 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in 13 * notice, this list of conditions and the following disclaimer in
@@ -68,75 +68,72 @@
68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) 68#define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0)
69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) 69#define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason)
70 70
71static ERR_STRING_DATA OCSP_str_functs[]= 71static ERR_STRING_DATA OCSP_str_functs[]= {
72 { 72 {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"},
73{ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, 73 {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"},
74{ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, 74 {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"},
75{ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, 75 {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"},
76{ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, 76 {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"},
77{ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, 77 {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"},
78{ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, 78 {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"},
79{ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, 79 {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"},
80{ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, 80 {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"},
81{ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, 81 {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"},
82{ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, 82 {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"},
83{ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, 83 {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"},
84{ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, 84 {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"},
85{ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, 85 {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"},
86{ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, 86 {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"},
87{ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, 87 {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"},
88{ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, 88 {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"},
89{ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, 89 {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"},
90{ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, 90 {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"},
91{ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, 91 {0, NULL}
92{0,NULL} 92};
93 };
94 93
95static ERR_STRING_DATA OCSP_str_reasons[]= 94static ERR_STRING_DATA OCSP_str_reasons[]= {
96 { 95 {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"},
97{ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, 96 {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"},
98{ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, 97 {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"},
99{ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, 98 {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"},
100{ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, 99 {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"},
101{ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, 100 {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"},
102{ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, 101 {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"},
103{ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, 102 {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"},
104{ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, 103 {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"},
105{ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, 104 {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"},
106{ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, 105 {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"},
107{ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, 106 {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"},
108{ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, 107 {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"},
109{ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, 108 {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"},
110{ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, 109 {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"},
111{ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, 110 {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"},
112{ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, 111 {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"},
113{ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, 112 {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"},
114{ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, 113 {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"},
115{ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, 114 {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"},
116{ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, 115 {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"},
117{ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, 116 {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"},
118{ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, 117 {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"},
119{ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, 118 {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"},
120{ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, 119 {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"},
121{ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, 120 {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"},
122{ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, 121 {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"},
123{ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, 122 {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"},
124{ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, 123 {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"},
125{ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, 124 {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"},
126{ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, 125 {0, NULL}
127{0,NULL} 126};
128 };
129 127
130#endif 128#endif
131 129
132void ERR_load_OCSP_strings(void) 130void
133 { 131ERR_load_OCSP_strings(void)
132{
134#ifndef OPENSSL_NO_ERR 133#ifndef OPENSSL_NO_ERR
135 134 if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) {
136 if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) 135 ERR_load_strings(0, OCSP_str_functs);
137 { 136 ERR_load_strings(0, OCSP_str_reasons);
138 ERR_load_strings(0,OCSP_str_functs);
139 ERR_load_strings(0,OCSP_str_reasons);
140 }
141#endif
142 } 137 }
138#endif
139}
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
index 6ec8ca4adf..45b072750f 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c
@@ -15,7 +15,7 @@
15 * are met: 15 * are met:
16 * 16 *
17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.
19 * 19 *
20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in
@@ -129,8 +129,8 @@ OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
129int 129int
130OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) 130OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
131{ 131{
132 return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != 132 return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex,
133 NULL; 133 loc) != NULL;
134} 134}
135 135
136/* Single extensions */ 136/* Single extensions */
@@ -172,7 +172,8 @@ OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc)
172 return X509v3_delete_ext(x->singleRequestExtensions, loc); 172 return X509v3_delete_ext(x->singleRequestExtensions, loc);
173} 173}
174 174
175void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) 175void *
176OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx)
176{ 177{
177 return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); 178 return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx);
178} 179}
@@ -203,7 +204,7 @@ int
203OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) 204OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
204{ 205{
205 return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, 206 return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions,
206 nid ,lastpos); 207 nid, lastpos);
207} 208}
208 209
209int 210int
@@ -216,8 +217,8 @@ OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos)
216int 217int
217OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) 218OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos)
218{ 219{
219 return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions, 220 return X509v3_get_ext_by_critical(
220 crit, lastpos); 221 x->tbsResponseData->responseExtensions, crit, lastpos);
221} 222}
222 223
223X509_EXTENSION * 224X509_EXTENSION *
@@ -329,14 +330,15 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data,
329 if (i2d(data, &p) <= 0) 330 if (i2d(data, &p) <= 0)
330 goto err; 331 goto err;
331 } else if (sk) { 332 } else if (sk) {
332 if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, 333 if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
333 (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 334 (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL,
334 IS_SEQUENCE)) <= 0) 335 IS_SEQUENCE)) <= 0)
335 goto err; 336 goto err;
336 if (!(b = p = malloc((unsigned int)i))) 337 if (!(b = p = malloc((unsigned int)i)))
337 goto err; 338 goto err;
338 if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, 339 if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p,
339 V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) 340 (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE,
341 V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
340 goto err; 342 goto err;
341 } else { 343 } else {
342 OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); 344 OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
@@ -348,6 +350,7 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data,
348 goto err; 350 goto err;
349 free(b); 351 free(b);
350 return s; 352 return s;
353
351err: 354err:
352 free(b); 355 free(b);
353 return NULL; 356 return NULL;
@@ -358,7 +361,7 @@ err:
358 361
359/* Add a nonce to an extension stack. A nonce can be specificed or if NULL 362/* Add a nonce to an extension stack. A nonce can be specificed or if NULL
360 * a random nonce will be generated. 363 * a random nonce will be generated.
361 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the 364 * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the
362 * nonce, previous versions used the raw nonce. 365 * nonce, previous versions used the raw nonce.
363 */ 366 */
364 367
@@ -390,6 +393,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len)
390 X509V3_ADD_REPLACE)) 393 X509V3_ADD_REPLACE))
391 goto err; 394 goto err;
392 ret = 1; 395 ret = 1;
396
393err: 397err:
394 free(os.data); 398 free(os.data);
395 return ret; 399 return ret;
@@ -436,7 +440,8 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
436 X509_EXTENSION *req_ext, *resp_ext; 440 X509_EXTENSION *req_ext, *resp_ext;
437 441
438 req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); 442 req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
439 resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); 443 resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs,
444 NID_id_pkix_OCSP_Nonce, -1);
440 /* Check both absent */ 445 /* Check both absent */
441 if (req_idx < 0 && resp_idx < 0) 446 if (req_idx < 0 && resp_idx < 0)
442 return 2; 447 return 2;
@@ -454,7 +459,7 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
454 return 1; 459 return 1;
455} 460}
456 461
457/* Copy the nonce value (if any) from an OCSP request to 462/* Copy the nonce value (if any) from an OCSP request to
458 * a response. 463 * a response.
459 */ 464 */
460int 465int
@@ -477,7 +482,7 @@ OCSP_crlID_new(char *url, long *n, char *tim)
477{ 482{
478 X509_EXTENSION *x = NULL; 483 X509_EXTENSION *x = NULL;
479 OCSP_CRLID *cid = NULL; 484 OCSP_CRLID *cid = NULL;
480 485
481 if (!(cid = OCSP_CRLID_new())) 486 if (!(cid = OCSP_CRLID_new()))
482 goto err; 487 goto err;
483 if (url) { 488 if (url) {
@@ -495,10 +500,11 @@ OCSP_crlID_new(char *url, long *n, char *tim)
495 if (tim) { 500 if (tim) {
496 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) 501 if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new()))
497 goto err; 502 goto err;
498 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 503 if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
499 goto err; 504 goto err;
500 } 505 }
501 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); 506 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
507
502err: 508err:
503 if (cid) 509 if (cid)
504 OCSP_CRLID_free(cid); 510 OCSP_CRLID_free(cid);
@@ -518,11 +524,12 @@ OCSP_accept_responses_new(char **oids)
518 goto err; 524 goto err;
519 while (oids && *oids) { 525 while (oids && *oids) {
520 if ((nid = OBJ_txt2nid(*oids)) != NID_undef && 526 if ((nid = OBJ_txt2nid(*oids)) != NID_undef &&
521 (o = OBJ_nid2obj(nid))) 527 (o = OBJ_nid2obj(nid)))
522 sk_ASN1_OBJECT_push(sk, o); 528 sk_ASN1_OBJECT_push(sk, o);
523 oids++; 529 oids++;
524 } 530 }
525 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); 531 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
532
526err: 533err:
527 if (sk) 534 if (sk)
528 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); 535 sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
@@ -541,6 +548,7 @@ OCSP_archive_cutoff_new(char* tim)
541 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) 548 if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
542 goto err; 549 goto err;
543 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); 550 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
551
544err: 552err:
545 if (gt) 553 if (gt)
546 ASN1_GENERALIZEDTIME_free(gt); 554 ASN1_GENERALIZEDTIME_free(gt);
@@ -558,7 +566,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
558 ASN1_IA5STRING *ia5 = NULL; 566 ASN1_IA5STRING *ia5 = NULL;
559 OCSP_SERVICELOC *sloc = NULL; 567 OCSP_SERVICELOC *sloc = NULL;
560 ACCESS_DESCRIPTION *ad = NULL; 568 ACCESS_DESCRIPTION *ad = NULL;
561 569
562 if (!(sloc = OCSP_SERVICELOC_new())) 570 if (!(sloc = OCSP_SERVICELOC_new()))
563 goto err; 571 goto err;
564 if (!(sloc->issuer = X509_NAME_dup(issuer))) 572 if (!(sloc->issuer = X509_NAME_dup(issuer)))
@@ -584,6 +592,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
584 urls++; 592 urls++;
585 } 593 }
586 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); 594 x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
595
587err: 596err:
588 if (sloc) 597 if (sloc)
589 OCSP_SERVICELOC_free(sloc); 598 OCSP_SERVICELOC_free(sloc);
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c
index 7f73a4195c..f3ee29ccbb 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -233,7 +233,7 @@ parse_http_line1(char *line)
233 return 0; 233 return 0;
234 } 234 }
235 235
236 /* Set end of response code and start of message */ 236 /* Set end of response code and start of message */
237 *q++ = 0; 237 *q++ = 0;
238 238
239 /* Attempt to parse numeric code */ 239 /* Attempt to parse numeric code */
@@ -290,7 +290,7 @@ next_io:
290 case OHS_ASN1_WRITE: 290 case OHS_ASN1_WRITE:
291 n = BIO_get_mem_data(rctx->mem, &p); 291 n = BIO_get_mem_data(rctx->mem, &p);
292 i = BIO_write(rctx->io, 292 i = BIO_write(rctx->io,
293 p + (n - rctx->asn1_len), rctx->asn1_len); 293 p + (n - rctx->asn1_len), rctx->asn1_len);
294 if (i <= 0) { 294 if (i <= 0) {
295 if (BIO_should_retry(rctx->io)) 295 if (BIO_should_retry(rctx->io))
296 return -1; 296 return -1;
@@ -422,7 +422,7 @@ next_line:
422 rctx->state = OHS_ASN1_CONTENT; 422 rctx->state = OHS_ASN1_CONTENT;
423 423
424 /* FALLTHROUGH */ 424 /* FALLTHROUGH */
425 425
426 case OHS_ASN1_CONTENT: 426 case OHS_ASN1_CONTENT:
427 n = BIO_get_mem_data(rctx->mem, &p); 427 n = BIO_get_mem_data(rctx->mem, &p);
428 if (n < (int)rctx->asn1_len) 428 if (n < (int)rctx->asn1_len)
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
index 056bd27665..3f6007f40a 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c
@@ -15,7 +15,7 @@
15 * are met: 15 * are met:
16 * 16 *
17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.
19 * 19 *
20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in
@@ -115,11 +115,11 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
115 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); 115 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
116 goto err; 116 goto err;
117 } 117 }
118 if (!(alg->algorithm=OBJ_nid2obj(nid))) 118 if (!(alg->algorithm = OBJ_nid2obj(nid)))
119 goto err; 119 goto err;
120 if ((alg->parameter=ASN1_TYPE_new()) == NULL) 120 if ((alg->parameter = ASN1_TYPE_new()) == NULL)
121 goto err; 121 goto err;
122 alg->parameter->type=V_ASN1_NULL; 122 alg->parameter->type = V_ASN1_NULL;
123 123
124 if (!X509_NAME_digest(issuerName, dgst, md, &i)) 124 if (!X509_NAME_digest(issuerName, dgst, md, &i))
125 goto digerr; 125 goto digerr;
@@ -139,6 +139,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName,
139 goto err; 139 goto err;
140 } 140 }
141 return cid; 141 return cid;
142
142digerr: 143digerr:
143 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); 144 OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR);
144err: 145err:
@@ -216,7 +217,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl)
216 217
217 /* Check for trailing part of path */ 218 /* Check for trailing part of path */
218 p = strchr(p, '/'); 219 p = strchr(p, '/');
219 if (!p) 220 if (!p)
220 *ppath = BUF_strdup("/"); 221 *ppath = BUF_strdup("/");
221 else { 222 else {
222 *ppath = BUF_strdup(p); 223 *ppath = BUF_strdup(p);
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c
index 9e4b81f061..b5031cd091 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c
@@ -15,7 +15,7 @@
15 * are met: 15 * are met:
16 * 16 *
17 * 1. Redistributions of source code must retain the above copyright 17 * 1. Redistributions of source code must retain the above copyright
18 * notice, this list of conditions and the following disclaimer. 18 * notice, this list of conditions and the following disclaimer.
19 * 19 *
20 * 2. Redistributions in binary form must reproduce the above copyright 20 * 2. Redistributions in binary form must reproduce the above copyright
21 * notice, this list of conditions and the following disclaimer in 21 * notice, this list of conditions and the following disclaimer in
@@ -93,7 +93,7 @@ table2string(long s, const OCSP_TBLSTR *ts, int len)
93{ 93{
94 const OCSP_TBLSTR *p; 94 const OCSP_TBLSTR *p;
95 95
96 for (p=ts; p < ts + len; p++) 96 for (p = ts; p < ts + len; p++)
97 if (p->t == s) 97 if (p->t == s)
98 return p->m; 98 return p->m;
99 return "(UNKNOWN)"; 99 return "(UNKNOWN)";
@@ -103,42 +103,42 @@ const char *
103OCSP_response_status_str(long s) 103OCSP_response_status_str(long s)
104{ 104{
105 static const OCSP_TBLSTR rstat_tbl[] = { 105 static const OCSP_TBLSTR rstat_tbl[] = {
106 { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, 106 { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" },
107 { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, 107 { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" },
108 { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, 108 { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" },
109 { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, 109 { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" },
110 { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, 110 { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" },
111 { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } 111 { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" }
112 }; 112 };
113 return table2string(s, rstat_tbl, 6); 113 return table2string(s, rstat_tbl, 6);
114} 114}
115 115
116const char * 116const char *
117OCSP_cert_status_str(long s) 117OCSP_cert_status_str(long s)
118{ 118{
119 static const OCSP_TBLSTR cstat_tbl[] = { 119 static const OCSP_TBLSTR cstat_tbl[] = {
120 { V_OCSP_CERTSTATUS_GOOD, "good" }, 120 { V_OCSP_CERTSTATUS_GOOD, "good" },
121 { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, 121 { V_OCSP_CERTSTATUS_REVOKED, "revoked" },
122 { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } 122 { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" }
123 }; 123 };
124 return table2string(s, cstat_tbl, 3); 124 return table2string(s, cstat_tbl, 3);
125} 125}
126 126
127const char * 127const char *
128OCSP_crl_reason_str(long s) 128OCSP_crl_reason_str(long s)
129{ 129{
130 static const OCSP_TBLSTR reason_tbl[] = { 130 static const OCSP_TBLSTR reason_tbl[] = {
131 { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, 131 { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" },
132 { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, 132 { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" },
133 { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, 133 { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" },
134 { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, 134 { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" },
135 { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, 135 { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" },
136 { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, 136 { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" },
137 { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, 137 { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" },
138 { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } 138 { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" }
139 }; 139 };
140 return table2string(s, reason_tbl, 8); 140 return table2string(s, reason_tbl, 8);
141} 141}
142 142
143int 143int
144OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) 144OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
@@ -150,17 +150,17 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
150 OCSP_REQINFO *inf = o->tbsRequest; 150 OCSP_REQINFO *inf = o->tbsRequest;
151 OCSP_SIGNATURE *sig = o->optionalSignature; 151 OCSP_SIGNATURE *sig = o->optionalSignature;
152 152
153 if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) 153 if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
154 goto err; 154 goto err;
155 l = ASN1_INTEGER_get(inf->version); 155 l = ASN1_INTEGER_get(inf->version);
156 if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) 156 if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0)
157 goto err; 157 goto err;
158 if (inf->requestorName != NULL) { 158 if (inf->requestorName != NULL) {
159 if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) 159 if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0)
160 goto err; 160 goto err;
161 GENERAL_NAME_print(bp, inf->requestorName); 161 GENERAL_NAME_print(bp, inf->requestorName);
162 } 162 }
163 if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) 163 if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0)
164 goto err; 164 goto err;
165 for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { 165 for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) {
166 one = sk_OCSP_ONEREQ_value(inf->requestList, i); 166 one = sk_OCSP_ONEREQ_value(inf->requestList, i);
@@ -176,12 +176,13 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags)
176 if (sig) { 176 if (sig) {
177 X509_signature_print(bp, sig->signatureAlgorithm, 177 X509_signature_print(bp, sig->signatureAlgorithm,
178 sig->signature); 178 sig->signature);
179 for (i=0; i<sk_X509_num(sig->certs); i++) { 179 for (i = 0; i < sk_X509_num(sig->certs); i++) {
180 X509_print(bp, sk_X509_value(sig->certs,i)); 180 X509_print(bp, sk_X509_value(sig->certs, i));
181 PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); 181 PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
182 } 182 }
183 } 183 }
184 return 1; 184 return 1;
185
185err: 186err:
186 return 0; 187 return 0;
187} 188}
@@ -200,20 +201,20 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
200 OCSP_SINGLERESP *single = NULL; 201 OCSP_SINGLERESP *single = NULL;
201 OCSP_RESPBYTES *rb = o->responseBytes; 202 OCSP_RESPBYTES *rb = o->responseBytes;
202 203
203 if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) 204 if (BIO_puts(bp, "OCSP Response Data:\n") <= 0)
204 goto err; 205 goto err;
205 l = ASN1_ENUMERATED_get(o->responseStatus); 206 l = ASN1_ENUMERATED_get(o->responseStatus);
206 if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", 207 if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n",
207 OCSP_response_status_str(l), l) <= 0) 208 OCSP_response_status_str(l), l) <= 0)
208 goto err; 209 goto err;
209 if (rb == NULL) 210 if (rb == NULL)
210 return 1; 211 return 1;
211 if (BIO_puts(bp," Response Type: ") <= 0) 212 if (BIO_puts(bp, " Response Type: ") <= 0)
212 goto err; 213 goto err;
213 if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) 214 if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0)
214 goto err; 215 goto err;
215 if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { 216 if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) {
216 BIO_puts(bp," (unknown response type)\n"); 217 BIO_puts(bp, " (unknown response type)\n");
217 return 1; 218 return 1;
218 } 219 }
219 220
@@ -222,12 +223,12 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
222 goto err; 223 goto err;
223 rd = br->tbsResponseData; 224 rd = br->tbsResponseData;
224 l = ASN1_INTEGER_get(rd->version); 225 l = ASN1_INTEGER_get(rd->version);
225 if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0) 226 if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0)
226 goto err; 227 goto err;
227 if (BIO_puts(bp," Responder Id: ") <= 0) 228 if (BIO_puts(bp, " Responder Id: ") <= 0)
228 goto err; 229 goto err;
229 230
230 rid = rd->responderId; 231 rid = rd->responderId;
231 switch (rid->type) { 232 switch (rid->type) {
232 case V_OCSP_RESPID_NAME: 233 case V_OCSP_RESPID_NAME:
233 X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); 234 X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
@@ -237,11 +238,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
237 break; 238 break;
238 } 239 }
239 240
240 if (BIO_printf(bp,"\n Produced At: ")<=0) 241 if (BIO_printf(bp, "\n Produced At: ")<=0)
241 goto err; 242 goto err;
242 if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) 243 if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt))
243 goto err; 244 goto err;
244 if (BIO_printf(bp,"\n Responses:\n") <= 0) 245 if (BIO_printf(bp, "\n Responses:\n") <= 0)
245 goto err; 246 goto err;
246 for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { 247 for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) {
247 if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) 248 if (! sk_OCSP_SINGLERESP_value(rd->responses, i))
@@ -251,15 +252,15 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
251 if (ocsp_certid_print(bp, cid, 4) <= 0) 252 if (ocsp_certid_print(bp, cid, 4) <= 0)
252 goto err; 253 goto err;
253 cst = single->certStatus; 254 cst = single->certStatus;
254 if (BIO_printf(bp," Cert Status: %s", 255 if (BIO_printf(bp, " Cert Status: %s",
255 OCSP_cert_status_str(cst->type)) <= 0) 256 OCSP_cert_status_str(cst->type)) <= 0)
256 goto err; 257 goto err;
257 if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { 258 if (cst->type == V_OCSP_CERTSTATUS_REVOKED) {
258 rev = cst->value.revoked; 259 rev = cst->value.revoked;
259 if (BIO_printf(bp, "\n Revocation Time: ") <= 0) 260 if (BIO_printf(bp, "\n Revocation Time: ") <= 0)
260 goto err; 261 goto err;
261 if (!ASN1_GENERALIZEDTIME_print(bp, 262 if (!ASN1_GENERALIZEDTIME_print(bp,
262 rev->revocationTime)) 263 rev->revocationTime))
263 goto err; 264 goto err;
264 if (rev->revocationReason) { 265 if (rev->revocationReason) {
265 l = ASN1_ENUMERATED_get(rev->revocationReason); 266 l = ASN1_ENUMERATED_get(rev->revocationReason);
@@ -269,22 +270,22 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
269 goto err; 270 goto err;
270 } 271 }
271 } 272 }
272 if (BIO_printf(bp,"\n This Update: ") <= 0) 273 if (BIO_printf(bp, "\n This Update: ") <= 0)
273 goto err; 274 goto err;
274 if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) 275 if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate))
275 goto err; 276 goto err;
276 if (single->nextUpdate) { 277 if (single->nextUpdate) {
277 if (BIO_printf(bp,"\n Next Update: ") <= 0) 278 if (BIO_printf(bp, "\n Next Update: ") <= 0)
278 goto err; 279 goto err;
279 if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) 280 if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate))
280 goto err; 281 goto err;
281 } 282 }
282 if (BIO_write(bp,"\n",1) <= 0) 283 if (BIO_write(bp, "\n", 1) <= 0)
283 goto err; 284 goto err;
284 if (!X509V3_extensions_print(bp, "Response Single Extensions", 285 if (!X509V3_extensions_print(bp, "Response Single Extensions",
285 single->singleExtensions, flags, 8)) 286 single->singleExtensions, flags, 8))
286 goto err; 287 goto err;
287 if (BIO_write(bp,"\n",1) <= 0) 288 if (BIO_write(bp, "\n", 1) <= 0)
288 goto err; 289 goto err;
289 } 290 }
290 if (!X509V3_extensions_print(bp, "Response Extensions", 291 if (!X509V3_extensions_print(bp, "Response Extensions",
@@ -296,10 +297,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags)
296 297
297 for (i = 0; i < sk_X509_num(br->certs); i++) { 298 for (i = 0; i < sk_X509_num(br->certs); i++) {
298 X509_print(bp, sk_X509_value(br->certs, i)); 299 X509_print(bp, sk_X509_value(br->certs, i));
299 PEM_write_bio_X509(bp,sk_X509_value(br->certs, i)); 300 PEM_write_bio_X509(bp, sk_X509_value(br->certs, i));
300 } 301 }
301 302
302 ret = 1; 303 ret = 1;
304
303err: 305err:
304 OCSP_BASICRESP_free(br); 306 OCSP_BASICRESP_free(br);
305 return ret; 307 return ret;
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c
index c14e8e2bc3..18c8f26852 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -131,6 +131,7 @@ OCSP_response_create(int status, OCSP_BASICRESP *bs)
131 &rsp->responseBytes->response)) 131 &rsp->responseBytes->response))
132 goto err; 132 goto err;
133 return rsp; 133 return rsp;
134
134err: 135err:
135 if (rsp) 136 if (rsp)
136 OCSP_RESPONSE_free(rsp); 137 OCSP_RESPONSE_free(rsp);
@@ -164,7 +165,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
164 goto err; 165 goto err;
165 166
166 cs = single->certStatus; 167 cs = single->certStatus;
167 switch(cs->type = status) { 168 switch (cs->type = status) {
168 case V_OCSP_CERTSTATUS_REVOKED: 169 case V_OCSP_CERTSTATUS_REVOKED:
169 if (!revtime) { 170 if (!revtime) {
170 OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, 171 OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
@@ -174,14 +175,14 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
174 if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) 175 if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
175 goto err; 176 goto err;
176 if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) 177 if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
177 goto err; 178 goto err;
178 if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { 179 if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
179 if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 180 if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
180 goto err; 181 goto err;
181 if (!(ASN1_ENUMERATED_set(ri->revocationReason, 182 if (!(ASN1_ENUMERATED_set(ri->revocationReason,
182 reason))) 183 reason)))
183 goto err; 184 goto err;
184 } 185 }
185 break; 186 break;
186 187
187 case V_OCSP_CERTSTATUS_GOOD: 188 case V_OCSP_CERTSTATUS_GOOD:
@@ -198,6 +199,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
198 if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) 199 if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
199 goto err; 200 goto err;
200 return single; 201 return single;
202
201err: 203err:
202 OCSP_SINGLERESP_free(single); 204 OCSP_SINGLERESP_free(single);
203 return NULL; 205 return NULL;
@@ -268,6 +270,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
268 goto err; 270 goto err;
269 271
270 return 1; 272 return 1;
273
271err: 274err:
272 return 0; 275 return 0;
273} 276}
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
index aede155871..5d8b2eebcf 100644
--- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,17 +61,17 @@
61#include <string.h> 61#include <string.h>
62 62
63static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, 63static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
64 STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); 64 STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags);
65static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); 65static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id);
66static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, 66static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
67 unsigned long flags); 67 unsigned long flags);
68static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); 68static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret);
69static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, 69static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
70 STACK_OF(OCSP_SINGLERESP) *sresp); 70 STACK_OF(OCSP_SINGLERESP) *sresp);
71static int ocsp_check_delegated(X509 *x, int flags); 71static int ocsp_check_delegated(X509 *x, int flags);
72static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, 72static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req,
73 X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, 73 X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st,
74 unsigned long flags); 74 unsigned long flags);
75 75
76/* Verify a basic response message */ 76/* Verify a basic response message */
77int 77int
@@ -108,14 +108,14 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
108 if (!(flags & OCSP_NOVERIFY)) { 108 if (!(flags & OCSP_NOVERIFY)) {
109 int init_res; 109 int init_res;
110 110
111 if(flags & OCSP_NOCHAIN) 111 if (flags & OCSP_NOCHAIN)
112 init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); 112 init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL);
113 else 113 else
114 init_res = X509_STORE_CTX_init(&ctx, st, signer, 114 init_res = X509_STORE_CTX_init(&ctx, st, signer,
115 bs->certs); 115 bs->certs);
116 if (!init_res) { 116 if (!init_res) {
117 ret = -1; 117 ret = -1;
118 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); 118 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB);
119 goto end; 119 goto end;
120 } 120 }
121 121
@@ -131,7 +131,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
131 X509_verify_cert_error_string(i)); 131 X509_verify_cert_error_string(i));
132 goto end; 132 goto end;
133 } 133 }
134 if(flags & OCSP_NOCHECKS) { 134 if (flags & OCSP_NOCHECKS) {
135 ret = 1; 135 ret = 1;
136 goto end; 136 goto end;
137 } 137 }
@@ -152,7 +152,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st,
152 152
153 x = sk_X509_value(chain, sk_X509_num(chain) - 1); 153 x = sk_X509_value(chain, sk_X509_num(chain) - 1);
154 if (X509_check_trust(x, NID_OCSP_sign, 0) != 154 if (X509_check_trust(x, NID_OCSP_sign, 0) !=
155 X509_TRUST_TRUSTED) { 155 X509_TRUST_TRUSTED) {
156 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, 156 OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,
157 OCSP_R_ROOT_CA_NOT_TRUSTED); 157 OCSP_R_ROOT_CA_NOT_TRUSTED);
158 goto end; 158 goto end;
@@ -411,7 +411,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
411 init_res = X509_STORE_CTX_init(&ctx, store, signer, 411 init_res = X509_STORE_CTX_init(&ctx, store, signer,
412 req->optionalSignature->certs); 412 req->optionalSignature->certs);
413 if (!init_res) { 413 if (!init_res) {
414 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); 414 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB);
415 return 0; 415 return 0;
416 } 416 }
417 417
@@ -420,7 +420,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store,
420 ret = X509_verify_cert(&ctx); 420 ret = X509_verify_cert(&ctx);
421 X509_STORE_CTX_cleanup(&ctx); 421 X509_STORE_CTX_cleanup(&ctx);
422 if (ret <= 0) { 422 if (ret <= 0) {
423 ret = X509_STORE_CTX_get_error(&ctx); 423 ret = X509_STORE_CTX_get_error(&ctx);
424 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, 424 OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
425 OCSP_R_CERTIFICATE_VERIFY_ERROR); 425 OCSP_R_CERTIFICATE_VERIFY_ERROR);
426 ERR_asprintf_error_data("Verify error:%s", 426 ERR_asprintf_error_data("Verify error:%s",
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-23 08:03:23 +0000