diff options
| author | jsing <> | 2014-05-18 11:28:41 +0000 |
|---|---|---|
| committer | jsing <> | 2014-05-18 11:28:41 +0000 |
| commit | de4eef43c08fef5fd844116a63ef0e4e61d63f34 (patch) | |
| tree | 73b1744a184fd1987676d03b6f2ec63ada8a7410 /src | |
| parent | 05c55ad5106a239e704f8766f942bc882bfeb6ae (diff) | |
| download | openbsd-de4eef43c08fef5fd844116a63ef0e4e61d63f34.tar.gz openbsd-de4eef43c08fef5fd844116a63ef0e4e61d63f34.tar.bz2 openbsd-de4eef43c08fef5fd844116a63ef0e4e61d63f34.zip | |
More KNF.
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp.h | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_asn.c | 46 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_cl.c | 17 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_err.c | 131 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_ext.c | 43 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_ht.c | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_lib.c | 11 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_prn.c | 100 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_srv.c | 15 | ||||
| -rw-r--r-- | src/lib/libcrypto/ocsp/ocsp_vfy.c | 24 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp.h | 6 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_asn.c | 46 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_cl.c | 17 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_err.c | 131 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_ext.c | 43 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_ht.c | 8 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_prn.c | 100 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_srv.c | 15 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c | 24 |
20 files changed, 416 insertions, 386 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h index 9401f7db2f..09733aff63 100644 --- a/src/lib/libcrypto/ocsp/ocsp.h +++ b/src/lib/libcrypto/ocsp/ocsp.h | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -335,7 +335,7 @@ typedef struct ocsp_service_locator_st { | |||
| 335 | X509_NAME* issuer; | 335 | X509_NAME* issuer; |
| 336 | STACK_OF(ACCESS_DESCRIPTION) *locator; | 336 | STACK_OF(ACCESS_DESCRIPTION) *locator; |
| 337 | } OCSP_SERVICELOC; | 337 | } OCSP_SERVICELOC; |
| 338 | 338 | ||
| 339 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" | 339 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" |
| 340 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" | 340 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" |
| 341 | 341 | ||
| @@ -454,7 +454,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, | |||
| 454 | int OCSP_request_is_signed(OCSP_REQUEST *req); | 454 | int OCSP_request_is_signed(OCSP_REQUEST *req); |
| 455 | OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); | 455 | OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); |
| 456 | OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, | 456 | OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, |
| 457 | int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, | 457 | int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, |
| 458 | ASN1_TIME *nextupd); | 458 | ASN1_TIME *nextupd); |
| 459 | int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); | 459 | int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); |
| 460 | int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, | 460 | int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, |
diff --git a/src/lib/libcrypto/ocsp/ocsp_asn.c b/src/lib/libcrypto/ocsp/ocsp_asn.c index bfe892ac70..2a7ed1a187 100644 --- a/src/lib/libcrypto/ocsp/ocsp_asn.c +++ b/src/lib/libcrypto/ocsp/ocsp_asn.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -102,8 +102,8 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) | |||
| 102 | /* OCSP_RESPONSE templates */ | 102 | /* OCSP_RESPONSE templates */ |
| 103 | 103 | ||
| 104 | ASN1_SEQUENCE(OCSP_RESPBYTES) = { | 104 | ASN1_SEQUENCE(OCSP_RESPBYTES) = { |
| 105 | ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), | 105 | ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), |
| 106 | ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) | 106 | ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) |
| 107 | } ASN1_SEQUENCE_END(OCSP_RESPBYTES) | 107 | } ASN1_SEQUENCE_END(OCSP_RESPBYTES) |
| 108 | 108 | ||
| 109 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) | 109 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) |
| @@ -116,15 +116,15 @@ ASN1_SEQUENCE(OCSP_RESPONSE) = { | |||
| 116 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) | 116 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) |
| 117 | 117 | ||
| 118 | ASN1_CHOICE(OCSP_RESPID) = { | 118 | ASN1_CHOICE(OCSP_RESPID) = { |
| 119 | ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), | 119 | ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), |
| 120 | ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) | 120 | ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) |
| 121 | } ASN1_CHOICE_END(OCSP_RESPID) | 121 | } ASN1_CHOICE_END(OCSP_RESPID) |
| 122 | 122 | ||
| 123 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) | 123 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) |
| 124 | 124 | ||
| 125 | ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { | 125 | ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { |
| 126 | ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), | 126 | ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), |
| 127 | ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) | 127 | ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) |
| 128 | } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) | 128 | } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) |
| 129 | 129 | ||
| 130 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) | 130 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) |
| @@ -138,38 +138,38 @@ ASN1_CHOICE(OCSP_CERTSTATUS) = { | |||
| 138 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) | 138 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) |
| 139 | 139 | ||
| 140 | ASN1_SEQUENCE(OCSP_SINGLERESP) = { | 140 | ASN1_SEQUENCE(OCSP_SINGLERESP) = { |
| 141 | ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), | 141 | ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), |
| 142 | ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), | 142 | ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), |
| 143 | ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), | 143 | ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), |
| 144 | ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), | 144 | ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), |
| 145 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) | 145 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) |
| 146 | } ASN1_SEQUENCE_END(OCSP_SINGLERESP) | 146 | } ASN1_SEQUENCE_END(OCSP_SINGLERESP) |
| 147 | 147 | ||
| 148 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) | 148 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) |
| 149 | 149 | ||
| 150 | ASN1_SEQUENCE(OCSP_RESPDATA) = { | 150 | ASN1_SEQUENCE(OCSP_RESPDATA) = { |
| 151 | ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), | 151 | ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), |
| 152 | ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), | 152 | ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), |
| 153 | ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), | 153 | ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), |
| 154 | ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), | 154 | ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), |
| 155 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) | 155 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) |
| 156 | } ASN1_SEQUENCE_END(OCSP_RESPDATA) | 156 | } ASN1_SEQUENCE_END(OCSP_RESPDATA) |
| 157 | 157 | ||
| 158 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) | 158 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) |
| 159 | 159 | ||
| 160 | ASN1_SEQUENCE(OCSP_BASICRESP) = { | 160 | ASN1_SEQUENCE(OCSP_BASICRESP) = { |
| 161 | ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), | 161 | ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), |
| 162 | ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), | 162 | ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), |
| 163 | ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), | 163 | ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), |
| 164 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) | 164 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) |
| 165 | } ASN1_SEQUENCE_END(OCSP_BASICRESP) | 165 | } ASN1_SEQUENCE_END(OCSP_BASICRESP) |
| 166 | 166 | ||
| 167 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) | 167 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) |
| 168 | 168 | ||
| 169 | ASN1_SEQUENCE(OCSP_CRLID) = { | 169 | ASN1_SEQUENCE(OCSP_CRLID) = { |
| 170 | ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), | 170 | ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), |
| 171 | ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), | 171 | ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), |
| 172 | ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) | 172 | ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) |
| 173 | } ASN1_SEQUENCE_END(OCSP_CRLID) | 173 | } ASN1_SEQUENCE_END(OCSP_CRLID) |
| 174 | 174 | ||
| 175 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) | 175 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) |
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c index 716513d2f9..aabd497dde 100644 --- a/src/lib/libcrypto/ocsp/ocsp_cl.c +++ b/src/lib/libcrypto/ocsp/ocsp_cl.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -75,7 +75,7 @@ | |||
| 75 | * relevant information from the response. | 75 | * relevant information from the response. |
| 76 | */ | 76 | */ |
| 77 | 77 | ||
| 78 | /* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ | 78 | /* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ |
| 79 | * pointer: useful if we want to add extensions. | 79 | * pointer: useful if we want to add extensions. |
| 80 | */ | 80 | */ |
| 81 | OCSP_ONEREQ * | 81 | OCSP_ONEREQ * |
| @@ -91,6 +91,7 @@ OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) | |||
| 91 | if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) | 91 | if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) |
| 92 | goto err; | 92 | goto err; |
| 93 | return one; | 93 | return one; |
| 94 | |||
| 94 | err: | 95 | err: |
| 95 | OCSP_ONEREQ_free(one); | 96 | OCSP_ONEREQ_free(one); |
| 96 | return NULL; | 97 | return NULL; |
| @@ -115,7 +116,7 @@ OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) | |||
| 115 | req->tbsRequest->requestorName = gen; | 116 | req->tbsRequest->requestorName = gen; |
| 116 | return 1; | 117 | return 1; |
| 117 | } | 118 | } |
| 118 | 119 | ||
| 119 | /* Add a certificate to an OCSP request */ | 120 | /* Add a certificate to an OCSP request */ |
| 120 | int | 121 | int |
| 121 | OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) | 122 | OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) |
| @@ -132,7 +133,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) | |||
| 132 | if (!sig->certs && !(sig->certs = sk_X509_new_null())) | 133 | if (!sig->certs && !(sig->certs = sk_X509_new_null())) |
| 133 | return 0; | 134 | return 0; |
| 134 | 135 | ||
| 135 | if(!sk_X509_push(sig->certs, cert)) | 136 | if (!sk_X509_push(sig->certs, cert)) |
| 136 | return 0; | 137 | return 0; |
| 137 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); | 138 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); |
| 138 | return 1; | 139 | return 1; |
| @@ -167,7 +168,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, | |||
| 167 | } | 168 | } |
| 168 | 169 | ||
| 169 | if (!(flags & OCSP_NOCERTS)) { | 170 | if (!(flags & OCSP_NOCERTS)) { |
| 170 | if(!OCSP_request_add1_cert(req, signer)) | 171 | if (!OCSP_request_add1_cert(req, signer)) |
| 171 | goto err; | 172 | goto err; |
| 172 | for (i = 0; i < sk_X509_num(certs); i++) { | 173 | for (i = 0; i < sk_X509_num(certs); i++) { |
| 173 | x = sk_X509_value(certs, i); | 174 | x = sk_X509_value(certs, i); |
| @@ -177,6 +178,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, | |||
| 177 | } | 178 | } |
| 178 | 179 | ||
| 179 | return 1; | 180 | return 1; |
| 181 | |||
| 180 | err: | 182 | err: |
| 181 | OCSP_SIGNATURE_free(req->optionalSignature); | 183 | OCSP_SIGNATURE_free(req->optionalSignature); |
| 182 | req->optionalSignature = NULL; | 184 | req->optionalSignature = NULL; |
| @@ -257,7 +259,7 @@ OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) | |||
| 257 | } | 259 | } |
| 258 | 260 | ||
| 259 | /* Extract status information from an OCSP_SINGLERESP structure. | 261 | /* Extract status information from an OCSP_SINGLERESP structure. |
| 260 | * Note: the revtime and reason values are only set if the | 262 | * Note: the revtime and reason values are only set if the |
| 261 | * certificate status is revoked. Returns numerical value of | 263 | * certificate status is revoked. Returns numerical value of |
| 262 | * status. | 264 | * status. |
| 263 | */ | 265 | */ |
| @@ -280,7 +282,8 @@ OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, | |||
| 280 | *revtime = rev->revocationTime; | 282 | *revtime = rev->revocationTime; |
| 281 | if (reason) { | 283 | if (reason) { |
| 282 | if (rev->revocationReason) | 284 | if (rev->revocationReason) |
| 283 | *reason = ASN1_ENUMERATED_get(rev->revocationReason); | 285 | *reason = ASN1_ENUMERATED_get( |
| 286 | rev->revocationReason); | ||
| 284 | else | 287 | else |
| 285 | *reason = -1; | 288 | *reason = -1; |
| 286 | } | 289 | } |
diff --git a/src/lib/libcrypto/ocsp/ocsp_err.c b/src/lib/libcrypto/ocsp/ocsp_err.c index 0cedcea682..8faf35d7c3 100644 --- a/src/lib/libcrypto/ocsp/ocsp_err.c +++ b/src/lib/libcrypto/ocsp/ocsp_err.c | |||
| @@ -7,7 +7,7 @@ | |||
| 7 | * are met: | 7 | * are met: |
| 8 | * | 8 | * |
| 9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * | 11 | * |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in | 13 | * notice, this list of conditions and the following disclaimer in |
| @@ -68,75 +68,72 @@ | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) | 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) |
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) | 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) |
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA OCSP_str_functs[]= | 71 | static ERR_STRING_DATA OCSP_str_functs[]= { |
| 72 | { | 72 | {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, |
| 73 | {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, | 73 | {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, |
| 74 | {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, | 74 | {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, |
| 75 | {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, | 75 | {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, |
| 76 | {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, | 76 | {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, |
| 77 | {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, | 77 | {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, |
| 78 | {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, | 78 | {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, |
| 79 | {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, | 79 | {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, |
| 80 | {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, | 80 | {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, |
| 81 | {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, | 81 | {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, |
| 82 | {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, | 82 | {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, |
| 83 | {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, | 83 | {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, |
| 84 | {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, | 84 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, |
| 85 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, | 85 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, |
| 86 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, | 86 | {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, |
| 87 | {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, | 87 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, |
| 88 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, | 88 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, |
| 89 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, | 89 | {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, |
| 90 | {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, | 90 | {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, |
| 91 | {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, | 91 | {0, NULL} |
| 92 | {0,NULL} | 92 | }; |
| 93 | }; | ||
| 94 | 93 | ||
| 95 | static ERR_STRING_DATA OCSP_str_reasons[]= | 94 | static ERR_STRING_DATA OCSP_str_reasons[]= { |
| 96 | { | 95 | {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"}, |
| 97 | {ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, | 96 | {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, |
| 98 | {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, | 97 | {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"}, |
| 99 | {ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, | 98 | {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"}, |
| 100 | {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, | 99 | {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"}, |
| 101 | {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, | 100 | {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"}, |
| 102 | {ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, | 101 | {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"}, |
| 103 | {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, | 102 | {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"}, |
| 104 | {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, | 103 | {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"}, |
| 105 | {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, | 104 | {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, |
| 106 | {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, | 105 | {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"}, |
| 107 | {ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, | 106 | {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"}, |
| 108 | {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, | 107 | {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"}, |
| 109 | {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, | 108 | {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"}, |
| 110 | {ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, | 109 | {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, |
| 111 | {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, | 110 | {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"}, |
| 112 | {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, | 111 | {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"}, |
| 113 | {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, | 112 | {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"}, |
| 114 | {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, | 113 | {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"}, |
| 115 | {ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, | 114 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, |
| 116 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, | 115 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"}, |
| 117 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, | 116 | {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"}, |
| 118 | {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, | 117 | {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"}, |
| 119 | {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, | 118 | {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, |
| 120 | {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, | 119 | {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"}, |
| 121 | {ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, | 120 | {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"}, |
| 122 | {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, | 121 | {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"}, |
| 123 | {ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, | 122 | {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, |
| 124 | {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, | 123 | {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"}, |
| 125 | {ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, | 124 | {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"}, |
| 126 | {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, | 125 | {0, NULL} |
| 127 | {0,NULL} | 126 | }; |
| 128 | }; | ||
| 129 | 127 | ||
| 130 | #endif | 128 | #endif |
| 131 | 129 | ||
| 132 | void ERR_load_OCSP_strings(void) | 130 | void |
| 133 | { | 131 | ERR_load_OCSP_strings(void) |
| 132 | { | ||
| 134 | #ifndef OPENSSL_NO_ERR | 133 | #ifndef OPENSSL_NO_ERR |
| 135 | 134 | if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { | |
| 136 | if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) | 135 | ERR_load_strings(0, OCSP_str_functs); |
| 137 | { | 136 | ERR_load_strings(0, OCSP_str_reasons); |
| 138 | ERR_load_strings(0,OCSP_str_functs); | ||
| 139 | ERR_load_strings(0,OCSP_str_reasons); | ||
| 140 | } | ||
| 141 | #endif | ||
| 142 | } | 137 | } |
| 138 | #endif | ||
| 139 | } | ||
diff --git a/src/lib/libcrypto/ocsp/ocsp_ext.c b/src/lib/libcrypto/ocsp/ocsp_ext.c index 6ec8ca4adf..45b072750f 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ext.c +++ b/src/lib/libcrypto/ocsp/ocsp_ext.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -129,8 +129,8 @@ OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, | |||
| 129 | int | 129 | int |
| 130 | OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) | 130 | OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) |
| 131 | { | 131 | { |
| 132 | return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != | 132 | return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, |
| 133 | NULL; | 133 | loc) != NULL; |
| 134 | } | 134 | } |
| 135 | 135 | ||
| 136 | /* Single extensions */ | 136 | /* Single extensions */ |
| @@ -172,7 +172,8 @@ OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) | |||
| 172 | return X509v3_delete_ext(x->singleRequestExtensions, loc); | 172 | return X509v3_delete_ext(x->singleRequestExtensions, loc); |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) | 175 | void * |
| 176 | OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) | ||
| 176 | { | 177 | { |
| 177 | return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); | 178 | return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); |
| 178 | } | 179 | } |
| @@ -203,7 +204,7 @@ int | |||
| 203 | OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) | 204 | OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) |
| 204 | { | 205 | { |
| 205 | return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, | 206 | return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, |
| 206 | nid ,lastpos); | 207 | nid, lastpos); |
| 207 | } | 208 | } |
| 208 | 209 | ||
| 209 | int | 210 | int |
| @@ -216,8 +217,8 @@ OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) | |||
| 216 | int | 217 | int |
| 217 | OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) | 218 | OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) |
| 218 | { | 219 | { |
| 219 | return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions, | 220 | return X509v3_get_ext_by_critical( |
| 220 | crit, lastpos); | 221 | x->tbsResponseData->responseExtensions, crit, lastpos); |
| 221 | } | 222 | } |
| 222 | 223 | ||
| 223 | X509_EXTENSION * | 224 | X509_EXTENSION * |
| @@ -329,14 +330,15 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, | |||
| 329 | if (i2d(data, &p) <= 0) | 330 | if (i2d(data, &p) <= 0) |
| 330 | goto err; | 331 | goto err; |
| 331 | } else if (sk) { | 332 | } else if (sk) { |
| 332 | if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, | 333 | if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, |
| 333 | (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, | 334 | (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, |
| 334 | IS_SEQUENCE)) <= 0) | 335 | IS_SEQUENCE)) <= 0) |
| 335 | goto err; | 336 | goto err; |
| 336 | if (!(b = p = malloc((unsigned int)i))) | 337 | if (!(b = p = malloc((unsigned int)i))) |
| 337 | goto err; | 338 | goto err; |
| 338 | if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, | 339 | if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, |
| 339 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) | 340 | (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, |
| 341 | V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) | ||
| 340 | goto err; | 342 | goto err; |
| 341 | } else { | 343 | } else { |
| 342 | OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); | 344 | OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); |
| @@ -348,6 +350,7 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, | |||
| 348 | goto err; | 350 | goto err; |
| 349 | free(b); | 351 | free(b); |
| 350 | return s; | 352 | return s; |
| 353 | |||
| 351 | err: | 354 | err: |
| 352 | free(b); | 355 | free(b); |
| 353 | return NULL; | 356 | return NULL; |
| @@ -358,7 +361,7 @@ err: | |||
| 358 | 361 | ||
| 359 | /* Add a nonce to an extension stack. A nonce can be specificed or if NULL | 362 | /* Add a nonce to an extension stack. A nonce can be specificed or if NULL |
| 360 | * a random nonce will be generated. | 363 | * a random nonce will be generated. |
| 361 | * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the | 364 | * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the |
| 362 | * nonce, previous versions used the raw nonce. | 365 | * nonce, previous versions used the raw nonce. |
| 363 | */ | 366 | */ |
| 364 | 367 | ||
| @@ -390,6 +393,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) | |||
| 390 | X509V3_ADD_REPLACE)) | 393 | X509V3_ADD_REPLACE)) |
| 391 | goto err; | 394 | goto err; |
| 392 | ret = 1; | 395 | ret = 1; |
| 396 | |||
| 393 | err: | 397 | err: |
| 394 | free(os.data); | 398 | free(os.data); |
| 395 | return ret; | 399 | return ret; |
| @@ -436,7 +440,8 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) | |||
| 436 | X509_EXTENSION *req_ext, *resp_ext; | 440 | X509_EXTENSION *req_ext, *resp_ext; |
| 437 | 441 | ||
| 438 | req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); | 442 | req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); |
| 439 | resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); | 443 | resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, |
| 444 | NID_id_pkix_OCSP_Nonce, -1); | ||
| 440 | /* Check both absent */ | 445 | /* Check both absent */ |
| 441 | if (req_idx < 0 && resp_idx < 0) | 446 | if (req_idx < 0 && resp_idx < 0) |
| 442 | return 2; | 447 | return 2; |
| @@ -454,7 +459,7 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) | |||
| 454 | return 1; | 459 | return 1; |
| 455 | } | 460 | } |
| 456 | 461 | ||
| 457 | /* Copy the nonce value (if any) from an OCSP request to | 462 | /* Copy the nonce value (if any) from an OCSP request to |
| 458 | * a response. | 463 | * a response. |
| 459 | */ | 464 | */ |
| 460 | int | 465 | int |
| @@ -477,7 +482,7 @@ OCSP_crlID_new(char *url, long *n, char *tim) | |||
| 477 | { | 482 | { |
| 478 | X509_EXTENSION *x = NULL; | 483 | X509_EXTENSION *x = NULL; |
| 479 | OCSP_CRLID *cid = NULL; | 484 | OCSP_CRLID *cid = NULL; |
| 480 | 485 | ||
| 481 | if (!(cid = OCSP_CRLID_new())) | 486 | if (!(cid = OCSP_CRLID_new())) |
| 482 | goto err; | 487 | goto err; |
| 483 | if (url) { | 488 | if (url) { |
| @@ -495,10 +500,11 @@ OCSP_crlID_new(char *url, long *n, char *tim) | |||
| 495 | if (tim) { | 500 | if (tim) { |
| 496 | if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) | 501 | if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) |
| 497 | goto err; | 502 | goto err; |
| 498 | if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) | 503 | if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) |
| 499 | goto err; | 504 | goto err; |
| 500 | } | 505 | } |
| 501 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); | 506 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); |
| 507 | |||
| 502 | err: | 508 | err: |
| 503 | if (cid) | 509 | if (cid) |
| 504 | OCSP_CRLID_free(cid); | 510 | OCSP_CRLID_free(cid); |
| @@ -518,11 +524,12 @@ OCSP_accept_responses_new(char **oids) | |||
| 518 | goto err; | 524 | goto err; |
| 519 | while (oids && *oids) { | 525 | while (oids && *oids) { |
| 520 | if ((nid = OBJ_txt2nid(*oids)) != NID_undef && | 526 | if ((nid = OBJ_txt2nid(*oids)) != NID_undef && |
| 521 | (o = OBJ_nid2obj(nid))) | 527 | (o = OBJ_nid2obj(nid))) |
| 522 | sk_ASN1_OBJECT_push(sk, o); | 528 | sk_ASN1_OBJECT_push(sk, o); |
| 523 | oids++; | 529 | oids++; |
| 524 | } | 530 | } |
| 525 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); | 531 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); |
| 532 | |||
| 526 | err: | 533 | err: |
| 527 | if (sk) | 534 | if (sk) |
| 528 | sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | 535 | sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); |
| @@ -541,6 +548,7 @@ OCSP_archive_cutoff_new(char* tim) | |||
| 541 | if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) | 548 | if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) |
| 542 | goto err; | 549 | goto err; |
| 543 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); | 550 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); |
| 551 | |||
| 544 | err: | 552 | err: |
| 545 | if (gt) | 553 | if (gt) |
| 546 | ASN1_GENERALIZEDTIME_free(gt); | 554 | ASN1_GENERALIZEDTIME_free(gt); |
| @@ -558,7 +566,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | |||
| 558 | ASN1_IA5STRING *ia5 = NULL; | 566 | ASN1_IA5STRING *ia5 = NULL; |
| 559 | OCSP_SERVICELOC *sloc = NULL; | 567 | OCSP_SERVICELOC *sloc = NULL; |
| 560 | ACCESS_DESCRIPTION *ad = NULL; | 568 | ACCESS_DESCRIPTION *ad = NULL; |
| 561 | 569 | ||
| 562 | if (!(sloc = OCSP_SERVICELOC_new())) | 570 | if (!(sloc = OCSP_SERVICELOC_new())) |
| 563 | goto err; | 571 | goto err; |
| 564 | if (!(sloc->issuer = X509_NAME_dup(issuer))) | 572 | if (!(sloc->issuer = X509_NAME_dup(issuer))) |
| @@ -584,6 +592,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | |||
| 584 | urls++; | 592 | urls++; |
| 585 | } | 593 | } |
| 586 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); | 594 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); |
| 595 | |||
| 587 | err: | 596 | err: |
| 588 | if (sloc) | 597 | if (sloc) |
| 589 | OCSP_SERVICELOC_free(sloc); | 598 | OCSP_SERVICELOC_free(sloc); |
diff --git a/src/lib/libcrypto/ocsp/ocsp_ht.c b/src/lib/libcrypto/ocsp/ocsp_ht.c index 7f73a4195c..f3ee29ccbb 100644 --- a/src/lib/libcrypto/ocsp/ocsp_ht.c +++ b/src/lib/libcrypto/ocsp/ocsp_ht.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -233,7 +233,7 @@ parse_http_line1(char *line) | |||
| 233 | return 0; | 233 | return 0; |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | /* Set end of response code and start of message */ | 236 | /* Set end of response code and start of message */ |
| 237 | *q++ = 0; | 237 | *q++ = 0; |
| 238 | 238 | ||
| 239 | /* Attempt to parse numeric code */ | 239 | /* Attempt to parse numeric code */ |
| @@ -290,7 +290,7 @@ next_io: | |||
| 290 | case OHS_ASN1_WRITE: | 290 | case OHS_ASN1_WRITE: |
| 291 | n = BIO_get_mem_data(rctx->mem, &p); | 291 | n = BIO_get_mem_data(rctx->mem, &p); |
| 292 | i = BIO_write(rctx->io, | 292 | i = BIO_write(rctx->io, |
| 293 | p + (n - rctx->asn1_len), rctx->asn1_len); | 293 | p + (n - rctx->asn1_len), rctx->asn1_len); |
| 294 | if (i <= 0) { | 294 | if (i <= 0) { |
| 295 | if (BIO_should_retry(rctx->io)) | 295 | if (BIO_should_retry(rctx->io)) |
| 296 | return -1; | 296 | return -1; |
| @@ -422,7 +422,7 @@ next_line: | |||
| 422 | rctx->state = OHS_ASN1_CONTENT; | 422 | rctx->state = OHS_ASN1_CONTENT; |
| 423 | 423 | ||
| 424 | /* FALLTHROUGH */ | 424 | /* FALLTHROUGH */ |
| 425 | 425 | ||
| 426 | case OHS_ASN1_CONTENT: | 426 | case OHS_ASN1_CONTENT: |
| 427 | n = BIO_get_mem_data(rctx->mem, &p); | 427 | n = BIO_get_mem_data(rctx->mem, &p); |
| 428 | if (n < (int)rctx->asn1_len) | 428 | if (n < (int)rctx->asn1_len) |
diff --git a/src/lib/libcrypto/ocsp/ocsp_lib.c b/src/lib/libcrypto/ocsp/ocsp_lib.c index 056bd27665..3f6007f40a 100644 --- a/src/lib/libcrypto/ocsp/ocsp_lib.c +++ b/src/lib/libcrypto/ocsp/ocsp_lib.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -115,11 +115,11 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, | |||
| 115 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); | 115 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); |
| 116 | goto err; | 116 | goto err; |
| 117 | } | 117 | } |
| 118 | if (!(alg->algorithm=OBJ_nid2obj(nid))) | 118 | if (!(alg->algorithm = OBJ_nid2obj(nid))) |
| 119 | goto err; | 119 | goto err; |
| 120 | if ((alg->parameter=ASN1_TYPE_new()) == NULL) | 120 | if ((alg->parameter = ASN1_TYPE_new()) == NULL) |
| 121 | goto err; | 121 | goto err; |
| 122 | alg->parameter->type=V_ASN1_NULL; | 122 | alg->parameter->type = V_ASN1_NULL; |
| 123 | 123 | ||
| 124 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) | 124 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) |
| 125 | goto digerr; | 125 | goto digerr; |
| @@ -139,6 +139,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, | |||
| 139 | goto err; | 139 | goto err; |
| 140 | } | 140 | } |
| 141 | return cid; | 141 | return cid; |
| 142 | |||
| 142 | digerr: | 143 | digerr: |
| 143 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); | 144 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); |
| 144 | err: | 145 | err: |
| @@ -216,7 +217,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) | |||
| 216 | 217 | ||
| 217 | /* Check for trailing part of path */ | 218 | /* Check for trailing part of path */ |
| 218 | p = strchr(p, '/'); | 219 | p = strchr(p, '/'); |
| 219 | if (!p) | 220 | if (!p) |
| 220 | *ppath = BUF_strdup("/"); | 221 | *ppath = BUF_strdup("/"); |
| 221 | else { | 222 | else { |
| 222 | *ppath = BUF_strdup(p); | 223 | *ppath = BUF_strdup(p); |
diff --git a/src/lib/libcrypto/ocsp/ocsp_prn.c b/src/lib/libcrypto/ocsp/ocsp_prn.c index 9e4b81f061..b5031cd091 100644 --- a/src/lib/libcrypto/ocsp/ocsp_prn.c +++ b/src/lib/libcrypto/ocsp/ocsp_prn.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -93,7 +93,7 @@ table2string(long s, const OCSP_TBLSTR *ts, int len) | |||
| 93 | { | 93 | { |
| 94 | const OCSP_TBLSTR *p; | 94 | const OCSP_TBLSTR *p; |
| 95 | 95 | ||
| 96 | for (p=ts; p < ts + len; p++) | 96 | for (p = ts; p < ts + len; p++) |
| 97 | if (p->t == s) | 97 | if (p->t == s) |
| 98 | return p->m; | 98 | return p->m; |
| 99 | return "(UNKNOWN)"; | 99 | return "(UNKNOWN)"; |
| @@ -103,42 +103,42 @@ const char * | |||
| 103 | OCSP_response_status_str(long s) | 103 | OCSP_response_status_str(long s) |
| 104 | { | 104 | { |
| 105 | static const OCSP_TBLSTR rstat_tbl[] = { | 105 | static const OCSP_TBLSTR rstat_tbl[] = { |
| 106 | { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, | 106 | { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, |
| 107 | { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, | 107 | { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, |
| 108 | { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, | 108 | { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, |
| 109 | { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, | 109 | { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, |
| 110 | { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, | 110 | { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, |
| 111 | { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } | 111 | { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } |
| 112 | }; | 112 | }; |
| 113 | return table2string(s, rstat_tbl, 6); | 113 | return table2string(s, rstat_tbl, 6); |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | const char * | 116 | const char * |
| 117 | OCSP_cert_status_str(long s) | 117 | OCSP_cert_status_str(long s) |
| 118 | { | 118 | { |
| 119 | static const OCSP_TBLSTR cstat_tbl[] = { | 119 | static const OCSP_TBLSTR cstat_tbl[] = { |
| 120 | { V_OCSP_CERTSTATUS_GOOD, "good" }, | 120 | { V_OCSP_CERTSTATUS_GOOD, "good" }, |
| 121 | { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, | 121 | { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, |
| 122 | { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } | 122 | { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } |
| 123 | }; | 123 | }; |
| 124 | return table2string(s, cstat_tbl, 3); | 124 | return table2string(s, cstat_tbl, 3); |
| 125 | } | 125 | } |
| 126 | 126 | ||
| 127 | const char * | 127 | const char * |
| 128 | OCSP_crl_reason_str(long s) | 128 | OCSP_crl_reason_str(long s) |
| 129 | { | 129 | { |
| 130 | static const OCSP_TBLSTR reason_tbl[] = { | 130 | static const OCSP_TBLSTR reason_tbl[] = { |
| 131 | { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, | 131 | { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, |
| 132 | { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, | 132 | { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, |
| 133 | { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, | 133 | { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, |
| 134 | { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, | 134 | { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, |
| 135 | { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, | 135 | { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, |
| 136 | { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, | 136 | { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, |
| 137 | { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, | 137 | { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, |
| 138 | { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } | 138 | { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } |
| 139 | }; | 139 | }; |
| 140 | return table2string(s, reason_tbl, 8); | 140 | return table2string(s, reason_tbl, 8); |
| 141 | } | 141 | } |
| 142 | 142 | ||
| 143 | int | 143 | int |
| 144 | OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | 144 | OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) |
| @@ -150,17 +150,17 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | |||
| 150 | OCSP_REQINFO *inf = o->tbsRequest; | 150 | OCSP_REQINFO *inf = o->tbsRequest; |
| 151 | OCSP_SIGNATURE *sig = o->optionalSignature; | 151 | OCSP_SIGNATURE *sig = o->optionalSignature; |
| 152 | 152 | ||
| 153 | if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) | 153 | if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) |
| 154 | goto err; | 154 | goto err; |
| 155 | l = ASN1_INTEGER_get(inf->version); | 155 | l = ASN1_INTEGER_get(inf->version); |
| 156 | if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) | 156 | if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0) |
| 157 | goto err; | 157 | goto err; |
| 158 | if (inf->requestorName != NULL) { | 158 | if (inf->requestorName != NULL) { |
| 159 | if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) | 159 | if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) |
| 160 | goto err; | 160 | goto err; |
| 161 | GENERAL_NAME_print(bp, inf->requestorName); | 161 | GENERAL_NAME_print(bp, inf->requestorName); |
| 162 | } | 162 | } |
| 163 | if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) | 163 | if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) |
| 164 | goto err; | 164 | goto err; |
| 165 | for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { | 165 | for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { |
| 166 | one = sk_OCSP_ONEREQ_value(inf->requestList, i); | 166 | one = sk_OCSP_ONEREQ_value(inf->requestList, i); |
| @@ -176,12 +176,13 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | |||
| 176 | if (sig) { | 176 | if (sig) { |
| 177 | X509_signature_print(bp, sig->signatureAlgorithm, | 177 | X509_signature_print(bp, sig->signatureAlgorithm, |
| 178 | sig->signature); | 178 | sig->signature); |
| 179 | for (i=0; i<sk_X509_num(sig->certs); i++) { | 179 | for (i = 0; i < sk_X509_num(sig->certs); i++) { |
| 180 | X509_print(bp, sk_X509_value(sig->certs,i)); | 180 | X509_print(bp, sk_X509_value(sig->certs, i)); |
| 181 | PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); | 181 | PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); |
| 182 | } | 182 | } |
| 183 | } | 183 | } |
| 184 | return 1; | 184 | return 1; |
| 185 | |||
| 185 | err: | 186 | err: |
| 186 | return 0; | 187 | return 0; |
| 187 | } | 188 | } |
| @@ -200,20 +201,20 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 200 | OCSP_SINGLERESP *single = NULL; | 201 | OCSP_SINGLERESP *single = NULL; |
| 201 | OCSP_RESPBYTES *rb = o->responseBytes; | 202 | OCSP_RESPBYTES *rb = o->responseBytes; |
| 202 | 203 | ||
| 203 | if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) | 204 | if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) |
| 204 | goto err; | 205 | goto err; |
| 205 | l = ASN1_ENUMERATED_get(o->responseStatus); | 206 | l = ASN1_ENUMERATED_get(o->responseStatus); |
| 206 | if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", | 207 | if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", |
| 207 | OCSP_response_status_str(l), l) <= 0) | 208 | OCSP_response_status_str(l), l) <= 0) |
| 208 | goto err; | 209 | goto err; |
| 209 | if (rb == NULL) | 210 | if (rb == NULL) |
| 210 | return 1; | 211 | return 1; |
| 211 | if (BIO_puts(bp," Response Type: ") <= 0) | 212 | if (BIO_puts(bp, " Response Type: ") <= 0) |
| 212 | goto err; | 213 | goto err; |
| 213 | if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) | 214 | if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) |
| 214 | goto err; | 215 | goto err; |
| 215 | if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { | 216 | if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { |
| 216 | BIO_puts(bp," (unknown response type)\n"); | 217 | BIO_puts(bp, " (unknown response type)\n"); |
| 217 | return 1; | 218 | return 1; |
| 218 | } | 219 | } |
| 219 | 220 | ||
| @@ -222,12 +223,12 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 222 | goto err; | 223 | goto err; |
| 223 | rd = br->tbsResponseData; | 224 | rd = br->tbsResponseData; |
| 224 | l = ASN1_INTEGER_get(rd->version); | 225 | l = ASN1_INTEGER_get(rd->version); |
| 225 | if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0) | 226 | if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0) |
| 226 | goto err; | 227 | goto err; |
| 227 | if (BIO_puts(bp," Responder Id: ") <= 0) | 228 | if (BIO_puts(bp, " Responder Id: ") <= 0) |
| 228 | goto err; | 229 | goto err; |
| 229 | 230 | ||
| 230 | rid = rd->responderId; | 231 | rid = rd->responderId; |
| 231 | switch (rid->type) { | 232 | switch (rid->type) { |
| 232 | case V_OCSP_RESPID_NAME: | 233 | case V_OCSP_RESPID_NAME: |
| 233 | X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); | 234 | X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); |
| @@ -237,11 +238,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 237 | break; | 238 | break; |
| 238 | } | 239 | } |
| 239 | 240 | ||
| 240 | if (BIO_printf(bp,"\n Produced At: ")<=0) | 241 | if (BIO_printf(bp, "\n Produced At: ")<=0) |
| 241 | goto err; | 242 | goto err; |
| 242 | if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) | 243 | if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) |
| 243 | goto err; | 244 | goto err; |
| 244 | if (BIO_printf(bp,"\n Responses:\n") <= 0) | 245 | if (BIO_printf(bp, "\n Responses:\n") <= 0) |
| 245 | goto err; | 246 | goto err; |
| 246 | for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { | 247 | for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { |
| 247 | if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) | 248 | if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) |
| @@ -251,15 +252,15 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 251 | if (ocsp_certid_print(bp, cid, 4) <= 0) | 252 | if (ocsp_certid_print(bp, cid, 4) <= 0) |
| 252 | goto err; | 253 | goto err; |
| 253 | cst = single->certStatus; | 254 | cst = single->certStatus; |
| 254 | if (BIO_printf(bp," Cert Status: %s", | 255 | if (BIO_printf(bp, " Cert Status: %s", |
| 255 | OCSP_cert_status_str(cst->type)) <= 0) | 256 | OCSP_cert_status_str(cst->type)) <= 0) |
| 256 | goto err; | 257 | goto err; |
| 257 | if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { | 258 | if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { |
| 258 | rev = cst->value.revoked; | 259 | rev = cst->value.revoked; |
| 259 | if (BIO_printf(bp, "\n Revocation Time: ") <= 0) | 260 | if (BIO_printf(bp, "\n Revocation Time: ") <= 0) |
| 260 | goto err; | 261 | goto err; |
| 261 | if (!ASN1_GENERALIZEDTIME_print(bp, | 262 | if (!ASN1_GENERALIZEDTIME_print(bp, |
| 262 | rev->revocationTime)) | 263 | rev->revocationTime)) |
| 263 | goto err; | 264 | goto err; |
| 264 | if (rev->revocationReason) { | 265 | if (rev->revocationReason) { |
| 265 | l = ASN1_ENUMERATED_get(rev->revocationReason); | 266 | l = ASN1_ENUMERATED_get(rev->revocationReason); |
| @@ -269,22 +270,22 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 269 | goto err; | 270 | goto err; |
| 270 | } | 271 | } |
| 271 | } | 272 | } |
| 272 | if (BIO_printf(bp,"\n This Update: ") <= 0) | 273 | if (BIO_printf(bp, "\n This Update: ") <= 0) |
| 273 | goto err; | 274 | goto err; |
| 274 | if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) | 275 | if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) |
| 275 | goto err; | 276 | goto err; |
| 276 | if (single->nextUpdate) { | 277 | if (single->nextUpdate) { |
| 277 | if (BIO_printf(bp,"\n Next Update: ") <= 0) | 278 | if (BIO_printf(bp, "\n Next Update: ") <= 0) |
| 278 | goto err; | 279 | goto err; |
| 279 | if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) | 280 | if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) |
| 280 | goto err; | 281 | goto err; |
| 281 | } | 282 | } |
| 282 | if (BIO_write(bp,"\n",1) <= 0) | 283 | if (BIO_write(bp, "\n", 1) <= 0) |
| 283 | goto err; | 284 | goto err; |
| 284 | if (!X509V3_extensions_print(bp, "Response Single Extensions", | 285 | if (!X509V3_extensions_print(bp, "Response Single Extensions", |
| 285 | single->singleExtensions, flags, 8)) | 286 | single->singleExtensions, flags, 8)) |
| 286 | goto err; | 287 | goto err; |
| 287 | if (BIO_write(bp,"\n",1) <= 0) | 288 | if (BIO_write(bp, "\n", 1) <= 0) |
| 288 | goto err; | 289 | goto err; |
| 289 | } | 290 | } |
| 290 | if (!X509V3_extensions_print(bp, "Response Extensions", | 291 | if (!X509V3_extensions_print(bp, "Response Extensions", |
| @@ -296,10 +297,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 296 | 297 | ||
| 297 | for (i = 0; i < sk_X509_num(br->certs); i++) { | 298 | for (i = 0; i < sk_X509_num(br->certs); i++) { |
| 298 | X509_print(bp, sk_X509_value(br->certs, i)); | 299 | X509_print(bp, sk_X509_value(br->certs, i)); |
| 299 | PEM_write_bio_X509(bp,sk_X509_value(br->certs, i)); | 300 | PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); |
| 300 | } | 301 | } |
| 301 | 302 | ||
| 302 | ret = 1; | 303 | ret = 1; |
| 304 | |||
| 303 | err: | 305 | err: |
| 304 | OCSP_BASICRESP_free(br); | 306 | OCSP_BASICRESP_free(br); |
| 305 | return ret; | 307 | return ret; |
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c index c14e8e2bc3..18c8f26852 100644 --- a/src/lib/libcrypto/ocsp/ocsp_srv.c +++ b/src/lib/libcrypto/ocsp/ocsp_srv.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -131,6 +131,7 @@ OCSP_response_create(int status, OCSP_BASICRESP *bs) | |||
| 131 | &rsp->responseBytes->response)) | 131 | &rsp->responseBytes->response)) |
| 132 | goto err; | 132 | goto err; |
| 133 | return rsp; | 133 | return rsp; |
| 134 | |||
| 134 | err: | 135 | err: |
| 135 | if (rsp) | 136 | if (rsp) |
| 136 | OCSP_RESPONSE_free(rsp); | 137 | OCSP_RESPONSE_free(rsp); |
| @@ -164,7 +165,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, | |||
| 164 | goto err; | 165 | goto err; |
| 165 | 166 | ||
| 166 | cs = single->certStatus; | 167 | cs = single->certStatus; |
| 167 | switch(cs->type = status) { | 168 | switch (cs->type = status) { |
| 168 | case V_OCSP_CERTSTATUS_REVOKED: | 169 | case V_OCSP_CERTSTATUS_REVOKED: |
| 169 | if (!revtime) { | 170 | if (!revtime) { |
| 170 | OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, | 171 | OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, |
| @@ -174,14 +175,14 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, | |||
| 174 | if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) | 175 | if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) |
| 175 | goto err; | 176 | goto err; |
| 176 | if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) | 177 | if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) |
| 177 | goto err; | 178 | goto err; |
| 178 | if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { | 179 | if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { |
| 179 | if (!(ri->revocationReason = ASN1_ENUMERATED_new())) | 180 | if (!(ri->revocationReason = ASN1_ENUMERATED_new())) |
| 180 | goto err; | 181 | goto err; |
| 181 | if (!(ASN1_ENUMERATED_set(ri->revocationReason, | 182 | if (!(ASN1_ENUMERATED_set(ri->revocationReason, |
| 182 | reason))) | 183 | reason))) |
| 183 | goto err; | 184 | goto err; |
| 184 | } | 185 | } |
| 185 | break; | 186 | break; |
| 186 | 187 | ||
| 187 | case V_OCSP_CERTSTATUS_GOOD: | 188 | case V_OCSP_CERTSTATUS_GOOD: |
| @@ -198,6 +199,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, | |||
| 198 | if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) | 199 | if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) |
| 199 | goto err; | 200 | goto err; |
| 200 | return single; | 201 | return single; |
| 202 | |||
| 201 | err: | 203 | err: |
| 202 | OCSP_SINGLERESP_free(single); | 204 | OCSP_SINGLERESP_free(single); |
| 203 | return NULL; | 205 | return NULL; |
| @@ -268,6 +270,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, | |||
| 268 | goto err; | 270 | goto err; |
| 269 | 271 | ||
| 270 | return 1; | 272 | return 1; |
| 273 | |||
| 271 | err: | 274 | err: |
| 272 | return 0; | 275 | return 0; |
| 273 | } | 276 | } |
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c index aede155871..5d8b2eebcf 100644 --- a/src/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -61,17 +61,17 @@ | |||
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | 62 | ||
| 63 | static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, | 63 | static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, |
| 64 | STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); | 64 | STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); |
| 65 | static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); | 65 | static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); |
| 66 | static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, | 66 | static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, |
| 67 | unsigned long flags); | 67 | unsigned long flags); |
| 68 | static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); | 68 | static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); |
| 69 | static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, | 69 | static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, |
| 70 | STACK_OF(OCSP_SINGLERESP) *sresp); | 70 | STACK_OF(OCSP_SINGLERESP) *sresp); |
| 71 | static int ocsp_check_delegated(X509 *x, int flags); | 71 | static int ocsp_check_delegated(X509 *x, int flags); |
| 72 | static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, | 72 | static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, |
| 73 | X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, | 73 | X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, |
| 74 | unsigned long flags); | 74 | unsigned long flags); |
| 75 | 75 | ||
| 76 | /* Verify a basic response message */ | 76 | /* Verify a basic response message */ |
| 77 | int | 77 | int |
| @@ -108,14 +108,14 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 108 | if (!(flags & OCSP_NOVERIFY)) { | 108 | if (!(flags & OCSP_NOVERIFY)) { |
| 109 | int init_res; | 109 | int init_res; |
| 110 | 110 | ||
| 111 | if(flags & OCSP_NOCHAIN) | 111 | if (flags & OCSP_NOCHAIN) |
| 112 | init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); | 112 | init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); |
| 113 | else | 113 | else |
| 114 | init_res = X509_STORE_CTX_init(&ctx, st, signer, | 114 | init_res = X509_STORE_CTX_init(&ctx, st, signer, |
| 115 | bs->certs); | 115 | bs->certs); |
| 116 | if (!init_res) { | 116 | if (!init_res) { |
| 117 | ret = -1; | 117 | ret = -1; |
| 118 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); | 118 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); |
| 119 | goto end; | 119 | goto end; |
| 120 | } | 120 | } |
| 121 | 121 | ||
| @@ -131,7 +131,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 131 | X509_verify_cert_error_string(i)); | 131 | X509_verify_cert_error_string(i)); |
| 132 | goto end; | 132 | goto end; |
| 133 | } | 133 | } |
| 134 | if(flags & OCSP_NOCHECKS) { | 134 | if (flags & OCSP_NOCHECKS) { |
| 135 | ret = 1; | 135 | ret = 1; |
| 136 | goto end; | 136 | goto end; |
| 137 | } | 137 | } |
| @@ -152,7 +152,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 152 | 152 | ||
| 153 | x = sk_X509_value(chain, sk_X509_num(chain) - 1); | 153 | x = sk_X509_value(chain, sk_X509_num(chain) - 1); |
| 154 | if (X509_check_trust(x, NID_OCSP_sign, 0) != | 154 | if (X509_check_trust(x, NID_OCSP_sign, 0) != |
| 155 | X509_TRUST_TRUSTED) { | 155 | X509_TRUST_TRUSTED) { |
| 156 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, | 156 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, |
| 157 | OCSP_R_ROOT_CA_NOT_TRUSTED); | 157 | OCSP_R_ROOT_CA_NOT_TRUSTED); |
| 158 | goto end; | 158 | goto end; |
| @@ -411,7 +411,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 411 | init_res = X509_STORE_CTX_init(&ctx, store, signer, | 411 | init_res = X509_STORE_CTX_init(&ctx, store, signer, |
| 412 | req->optionalSignature->certs); | 412 | req->optionalSignature->certs); |
| 413 | if (!init_res) { | 413 | if (!init_res) { |
| 414 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); | 414 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); |
| 415 | return 0; | 415 | return 0; |
| 416 | } | 416 | } |
| 417 | 417 | ||
| @@ -420,7 +420,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 420 | ret = X509_verify_cert(&ctx); | 420 | ret = X509_verify_cert(&ctx); |
| 421 | X509_STORE_CTX_cleanup(&ctx); | 421 | X509_STORE_CTX_cleanup(&ctx); |
| 422 | if (ret <= 0) { | 422 | if (ret <= 0) { |
| 423 | ret = X509_STORE_CTX_get_error(&ctx); | 423 | ret = X509_STORE_CTX_get_error(&ctx); |
| 424 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, | 424 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, |
| 425 | OCSP_R_CERTIFICATE_VERIFY_ERROR); | 425 | OCSP_R_CERTIFICATE_VERIFY_ERROR); |
| 426 | ERR_asprintf_error_data("Verify error:%s", | 426 | ERR_asprintf_error_data("Verify error:%s", |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp.h b/src/lib/libssl/src/crypto/ocsp/ocsp.h index 9401f7db2f..09733aff63 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp.h +++ b/src/lib/libssl/src/crypto/ocsp/ocsp.h | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -335,7 +335,7 @@ typedef struct ocsp_service_locator_st { | |||
| 335 | X509_NAME* issuer; | 335 | X509_NAME* issuer; |
| 336 | STACK_OF(ACCESS_DESCRIPTION) *locator; | 336 | STACK_OF(ACCESS_DESCRIPTION) *locator; |
| 337 | } OCSP_SERVICELOC; | 337 | } OCSP_SERVICELOC; |
| 338 | 338 | ||
| 339 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" | 339 | #define PEM_STRING_OCSP_REQUEST "OCSP REQUEST" |
| 340 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" | 340 | #define PEM_STRING_OCSP_RESPONSE "OCSP RESPONSE" |
| 341 | 341 | ||
| @@ -454,7 +454,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, | |||
| 454 | int OCSP_request_is_signed(OCSP_REQUEST *req); | 454 | int OCSP_request_is_signed(OCSP_REQUEST *req); |
| 455 | OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); | 455 | OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs); |
| 456 | OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, | 456 | OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, |
| 457 | int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, | 457 | int status, int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, |
| 458 | ASN1_TIME *nextupd); | 458 | ASN1_TIME *nextupd); |
| 459 | int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); | 459 | int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert); |
| 460 | int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, | 460 | int OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c index bfe892ac70..2a7ed1a187 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_asn.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -102,8 +102,8 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQUEST) | |||
| 102 | /* OCSP_RESPONSE templates */ | 102 | /* OCSP_RESPONSE templates */ |
| 103 | 103 | ||
| 104 | ASN1_SEQUENCE(OCSP_RESPBYTES) = { | 104 | ASN1_SEQUENCE(OCSP_RESPBYTES) = { |
| 105 | ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), | 105 | ASN1_SIMPLE(OCSP_RESPBYTES, responseType, ASN1_OBJECT), |
| 106 | ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) | 106 | ASN1_SIMPLE(OCSP_RESPBYTES, response, ASN1_OCTET_STRING) |
| 107 | } ASN1_SEQUENCE_END(OCSP_RESPBYTES) | 107 | } ASN1_SEQUENCE_END(OCSP_RESPBYTES) |
| 108 | 108 | ||
| 109 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) | 109 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPBYTES) |
| @@ -116,15 +116,15 @@ ASN1_SEQUENCE(OCSP_RESPONSE) = { | |||
| 116 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) | 116 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE) |
| 117 | 117 | ||
| 118 | ASN1_CHOICE(OCSP_RESPID) = { | 118 | ASN1_CHOICE(OCSP_RESPID) = { |
| 119 | ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), | 119 | ASN1_EXP(OCSP_RESPID, value.byName, X509_NAME, 1), |
| 120 | ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) | 120 | ASN1_EXP(OCSP_RESPID, value.byKey, ASN1_OCTET_STRING, 2) |
| 121 | } ASN1_CHOICE_END(OCSP_RESPID) | 121 | } ASN1_CHOICE_END(OCSP_RESPID) |
| 122 | 122 | ||
| 123 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) | 123 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPID) |
| 124 | 124 | ||
| 125 | ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { | 125 | ASN1_SEQUENCE(OCSP_REVOKEDINFO) = { |
| 126 | ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), | 126 | ASN1_SIMPLE(OCSP_REVOKEDINFO, revocationTime, ASN1_GENERALIZEDTIME), |
| 127 | ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) | 127 | ASN1_EXP_OPT(OCSP_REVOKEDINFO, revocationReason, ASN1_ENUMERATED, 0) |
| 128 | } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) | 128 | } ASN1_SEQUENCE_END(OCSP_REVOKEDINFO) |
| 129 | 129 | ||
| 130 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) | 130 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_REVOKEDINFO) |
| @@ -138,38 +138,38 @@ ASN1_CHOICE(OCSP_CERTSTATUS) = { | |||
| 138 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) | 138 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTSTATUS) |
| 139 | 139 | ||
| 140 | ASN1_SEQUENCE(OCSP_SINGLERESP) = { | 140 | ASN1_SEQUENCE(OCSP_SINGLERESP) = { |
| 141 | ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), | 141 | ASN1_SIMPLE(OCSP_SINGLERESP, certId, OCSP_CERTID), |
| 142 | ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), | 142 | ASN1_SIMPLE(OCSP_SINGLERESP, certStatus, OCSP_CERTSTATUS), |
| 143 | ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), | 143 | ASN1_SIMPLE(OCSP_SINGLERESP, thisUpdate, ASN1_GENERALIZEDTIME), |
| 144 | ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), | 144 | ASN1_EXP_OPT(OCSP_SINGLERESP, nextUpdate, ASN1_GENERALIZEDTIME, 0), |
| 145 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) | 145 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SINGLERESP, singleExtensions, X509_EXTENSION, 1) |
| 146 | } ASN1_SEQUENCE_END(OCSP_SINGLERESP) | 146 | } ASN1_SEQUENCE_END(OCSP_SINGLERESP) |
| 147 | 147 | ||
| 148 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) | 148 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) |
| 149 | 149 | ||
| 150 | ASN1_SEQUENCE(OCSP_RESPDATA) = { | 150 | ASN1_SEQUENCE(OCSP_RESPDATA) = { |
| 151 | ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), | 151 | ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), |
| 152 | ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), | 152 | ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), |
| 153 | ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), | 153 | ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), |
| 154 | ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), | 154 | ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), |
| 155 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) | 155 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) |
| 156 | } ASN1_SEQUENCE_END(OCSP_RESPDATA) | 156 | } ASN1_SEQUENCE_END(OCSP_RESPDATA) |
| 157 | 157 | ||
| 158 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) | 158 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) |
| 159 | 159 | ||
| 160 | ASN1_SEQUENCE(OCSP_BASICRESP) = { | 160 | ASN1_SEQUENCE(OCSP_BASICRESP) = { |
| 161 | ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), | 161 | ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), |
| 162 | ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), | 162 | ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), |
| 163 | ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), | 163 | ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), |
| 164 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) | 164 | ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) |
| 165 | } ASN1_SEQUENCE_END(OCSP_BASICRESP) | 165 | } ASN1_SEQUENCE_END(OCSP_BASICRESP) |
| 166 | 166 | ||
| 167 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) | 167 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP) |
| 168 | 168 | ||
| 169 | ASN1_SEQUENCE(OCSP_CRLID) = { | 169 | ASN1_SEQUENCE(OCSP_CRLID) = { |
| 170 | ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), | 170 | ASN1_EXP_OPT(OCSP_CRLID, crlUrl, ASN1_IA5STRING, 0), |
| 171 | ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), | 171 | ASN1_EXP_OPT(OCSP_CRLID, crlNum, ASN1_INTEGER, 1), |
| 172 | ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) | 172 | ASN1_EXP_OPT(OCSP_CRLID, crlTime, ASN1_GENERALIZEDTIME, 2) |
| 173 | } ASN1_SEQUENCE_END(OCSP_CRLID) | 173 | } ASN1_SEQUENCE_END(OCSP_CRLID) |
| 174 | 174 | ||
| 175 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) | 175 | IMPLEMENT_ASN1_FUNCTIONS(OCSP_CRLID) |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c index 716513d2f9..aabd497dde 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_cl.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -75,7 +75,7 @@ | |||
| 75 | * relevant information from the response. | 75 | * relevant information from the response. |
| 76 | */ | 76 | */ |
| 77 | 77 | ||
| 78 | /* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ | 78 | /* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ |
| 79 | * pointer: useful if we want to add extensions. | 79 | * pointer: useful if we want to add extensions. |
| 80 | */ | 80 | */ |
| 81 | OCSP_ONEREQ * | 81 | OCSP_ONEREQ * |
| @@ -91,6 +91,7 @@ OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) | |||
| 91 | if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) | 91 | if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) |
| 92 | goto err; | 92 | goto err; |
| 93 | return one; | 93 | return one; |
| 94 | |||
| 94 | err: | 95 | err: |
| 95 | OCSP_ONEREQ_free(one); | 96 | OCSP_ONEREQ_free(one); |
| 96 | return NULL; | 97 | return NULL; |
| @@ -115,7 +116,7 @@ OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) | |||
| 115 | req->tbsRequest->requestorName = gen; | 116 | req->tbsRequest->requestorName = gen; |
| 116 | return 1; | 117 | return 1; |
| 117 | } | 118 | } |
| 118 | 119 | ||
| 119 | /* Add a certificate to an OCSP request */ | 120 | /* Add a certificate to an OCSP request */ |
| 120 | int | 121 | int |
| 121 | OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) | 122 | OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) |
| @@ -132,7 +133,7 @@ OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert) | |||
| 132 | if (!sig->certs && !(sig->certs = sk_X509_new_null())) | 133 | if (!sig->certs && !(sig->certs = sk_X509_new_null())) |
| 133 | return 0; | 134 | return 0; |
| 134 | 135 | ||
| 135 | if(!sk_X509_push(sig->certs, cert)) | 136 | if (!sk_X509_push(sig->certs, cert)) |
| 136 | return 0; | 137 | return 0; |
| 137 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); | 138 | CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509); |
| 138 | return 1; | 139 | return 1; |
| @@ -167,7 +168,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, | |||
| 167 | } | 168 | } |
| 168 | 169 | ||
| 169 | if (!(flags & OCSP_NOCERTS)) { | 170 | if (!(flags & OCSP_NOCERTS)) { |
| 170 | if(!OCSP_request_add1_cert(req, signer)) | 171 | if (!OCSP_request_add1_cert(req, signer)) |
| 171 | goto err; | 172 | goto err; |
| 172 | for (i = 0; i < sk_X509_num(certs); i++) { | 173 | for (i = 0; i < sk_X509_num(certs); i++) { |
| 173 | x = sk_X509_value(certs, i); | 174 | x = sk_X509_value(certs, i); |
| @@ -177,6 +178,7 @@ OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, | |||
| 177 | } | 178 | } |
| 178 | 179 | ||
| 179 | return 1; | 180 | return 1; |
| 181 | |||
| 180 | err: | 182 | err: |
| 181 | OCSP_SIGNATURE_free(req->optionalSignature); | 183 | OCSP_SIGNATURE_free(req->optionalSignature); |
| 182 | req->optionalSignature = NULL; | 184 | req->optionalSignature = NULL; |
| @@ -257,7 +259,7 @@ OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) | |||
| 257 | } | 259 | } |
| 258 | 260 | ||
| 259 | /* Extract status information from an OCSP_SINGLERESP structure. | 261 | /* Extract status information from an OCSP_SINGLERESP structure. |
| 260 | * Note: the revtime and reason values are only set if the | 262 | * Note: the revtime and reason values are only set if the |
| 261 | * certificate status is revoked. Returns numerical value of | 263 | * certificate status is revoked. Returns numerical value of |
| 262 | * status. | 264 | * status. |
| 263 | */ | 265 | */ |
| @@ -280,7 +282,8 @@ OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, | |||
| 280 | *revtime = rev->revocationTime; | 282 | *revtime = rev->revocationTime; |
| 281 | if (reason) { | 283 | if (reason) { |
| 282 | if (rev->revocationReason) | 284 | if (rev->revocationReason) |
| 283 | *reason = ASN1_ENUMERATED_get(rev->revocationReason); | 285 | *reason = ASN1_ENUMERATED_get( |
| 286 | rev->revocationReason); | ||
| 284 | else | 287 | else |
| 285 | *reason = -1; | 288 | *reason = -1; |
| 286 | } | 289 | } |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c index 0cedcea682..8faf35d7c3 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_err.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_err.c | |||
| @@ -7,7 +7,7 @@ | |||
| 7 | * are met: | 7 | * are met: |
| 8 | * | 8 | * |
| 9 | * 1. Redistributions of source code must retain the above copyright | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | 10 | * notice, this list of conditions and the following disclaimer. |
| 11 | * | 11 | * |
| 12 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer in | 13 | * notice, this list of conditions and the following disclaimer in |
| @@ -68,75 +68,72 @@ | |||
| 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) | 68 | #define ERR_FUNC(func) ERR_PACK(ERR_LIB_OCSP,func,0) |
| 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) | 69 | #define ERR_REASON(reason) ERR_PACK(ERR_LIB_OCSP,0,reason) |
| 70 | 70 | ||
| 71 | static ERR_STRING_DATA OCSP_str_functs[]= | 71 | static ERR_STRING_DATA OCSP_str_functs[]= { |
| 72 | { | 72 | {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, |
| 73 | {ERR_FUNC(OCSP_F_ASN1_STRING_ENCODE), "ASN1_STRING_encode"}, | 73 | {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, |
| 74 | {ERR_FUNC(OCSP_F_D2I_OCSP_NONCE), "D2I_OCSP_NONCE"}, | 74 | {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, |
| 75 | {ERR_FUNC(OCSP_F_OCSP_BASIC_ADD1_STATUS), "OCSP_basic_add1_status"}, | 75 | {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, |
| 76 | {ERR_FUNC(OCSP_F_OCSP_BASIC_SIGN), "OCSP_basic_sign"}, | 76 | {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, |
| 77 | {ERR_FUNC(OCSP_F_OCSP_BASIC_VERIFY), "OCSP_basic_verify"}, | 77 | {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, |
| 78 | {ERR_FUNC(OCSP_F_OCSP_CERT_ID_NEW), "OCSP_cert_id_new"}, | 78 | {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, |
| 79 | {ERR_FUNC(OCSP_F_OCSP_CHECK_DELEGATED), "OCSP_CHECK_DELEGATED"}, | 79 | {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, |
| 80 | {ERR_FUNC(OCSP_F_OCSP_CHECK_IDS), "OCSP_CHECK_IDS"}, | 80 | {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, |
| 81 | {ERR_FUNC(OCSP_F_OCSP_CHECK_ISSUER), "OCSP_CHECK_ISSUER"}, | 81 | {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, |
| 82 | {ERR_FUNC(OCSP_F_OCSP_CHECK_VALIDITY), "OCSP_check_validity"}, | 82 | {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, |
| 83 | {ERR_FUNC(OCSP_F_OCSP_MATCH_ISSUERID), "OCSP_MATCH_ISSUERID"}, | 83 | {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, |
| 84 | {ERR_FUNC(OCSP_F_OCSP_PARSE_URL), "OCSP_parse_url"}, | 84 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, |
| 85 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_SIGN), "OCSP_request_sign"}, | 85 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, |
| 86 | {ERR_FUNC(OCSP_F_OCSP_REQUEST_VERIFY), "OCSP_request_verify"}, | 86 | {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, |
| 87 | {ERR_FUNC(OCSP_F_OCSP_RESPONSE_GET1_BASIC), "OCSP_response_get1_basic"}, | 87 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, |
| 88 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_BIO), "OCSP_sendreq_bio"}, | 88 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, |
| 89 | {ERR_FUNC(OCSP_F_OCSP_SENDREQ_NBIO), "OCSP_sendreq_nbio"}, | 89 | {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, |
| 90 | {ERR_FUNC(OCSP_F_PARSE_HTTP_LINE1), "PARSE_HTTP_LINE1"}, | 90 | {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, |
| 91 | {ERR_FUNC(OCSP_F_REQUEST_VERIFY), "REQUEST_VERIFY"}, | 91 | {0, NULL} |
| 92 | {0,NULL} | 92 | }; |
| 93 | }; | ||
| 94 | 93 | ||
| 95 | static ERR_STRING_DATA OCSP_str_reasons[]= | 94 | static ERR_STRING_DATA OCSP_str_reasons[]= { |
| 96 | { | 95 | {ERR_REASON(OCSP_R_BAD_DATA) , "bad data"}, |
| 97 | {ERR_REASON(OCSP_R_BAD_DATA) ,"bad data"}, | 96 | {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR), "certificate verify error"}, |
| 98 | {ERR_REASON(OCSP_R_CERTIFICATE_VERIFY_ERROR),"certificate verify error"}, | 97 | {ERR_REASON(OCSP_R_DIGEST_ERR) , "digest err"}, |
| 99 | {ERR_REASON(OCSP_R_DIGEST_ERR) ,"digest err"}, | 98 | {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD), "error in nextupdate field"}, |
| 100 | {ERR_REASON(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD),"error in nextupdate field"}, | 99 | {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD), "error in thisupdate field"}, |
| 101 | {ERR_REASON(OCSP_R_ERROR_IN_THISUPDATE_FIELD),"error in thisupdate field"}, | 100 | {ERR_REASON(OCSP_R_ERROR_PARSING_URL) , "error parsing url"}, |
| 102 | {ERR_REASON(OCSP_R_ERROR_PARSING_URL) ,"error parsing url"}, | 101 | {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE), "missing ocspsigning usage"}, |
| 103 | {ERR_REASON(OCSP_R_MISSING_OCSPSIGNING_USAGE),"missing ocspsigning usage"}, | 102 | {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE), "nextupdate before thisupdate"}, |
| 104 | {ERR_REASON(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE),"nextupdate before thisupdate"}, | 103 | {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) , "not basic response"}, |
| 105 | {ERR_REASON(OCSP_R_NOT_BASIC_RESPONSE) ,"not basic response"}, | 104 | {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN), "no certificates in chain"}, |
| 106 | {ERR_REASON(OCSP_R_NO_CERTIFICATES_IN_CHAIN),"no certificates in chain"}, | 105 | {ERR_REASON(OCSP_R_NO_CONTENT) , "no content"}, |
| 107 | {ERR_REASON(OCSP_R_NO_CONTENT) ,"no content"}, | 106 | {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) , "no public key"}, |
| 108 | {ERR_REASON(OCSP_R_NO_PUBLIC_KEY) ,"no public key"}, | 107 | {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) , "no response data"}, |
| 109 | {ERR_REASON(OCSP_R_NO_RESPONSE_DATA) ,"no response data"}, | 108 | {ERR_REASON(OCSP_R_NO_REVOKED_TIME) , "no revoked time"}, |
| 110 | {ERR_REASON(OCSP_R_NO_REVOKED_TIME) ,"no revoked time"}, | 109 | {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE), "private key does not match certificate"}, |
| 111 | {ERR_REASON(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE),"private key does not match certificate"}, | 110 | {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) , "request not signed"}, |
| 112 | {ERR_REASON(OCSP_R_REQUEST_NOT_SIGNED) ,"request not signed"}, | 111 | {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA), "response contains no revocation data"}, |
| 113 | {ERR_REASON(OCSP_R_RESPONSE_CONTAINS_NO_REVOCATION_DATA),"response contains no revocation data"}, | 112 | {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) , "root ca not trusted"}, |
| 114 | {ERR_REASON(OCSP_R_ROOT_CA_NOT_TRUSTED) ,"root ca not trusted"}, | 113 | {ERR_REASON(OCSP_R_SERVER_READ_ERROR) , "server read error"}, |
| 115 | {ERR_REASON(OCSP_R_SERVER_READ_ERROR) ,"server read error"}, | 114 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR), "server response error"}, |
| 116 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_ERROR),"server response error"}, | 115 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR), "server response parse error"}, |
| 117 | {ERR_REASON(OCSP_R_SERVER_RESPONSE_PARSE_ERROR),"server response parse error"}, | 116 | {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) , "server write error"}, |
| 118 | {ERR_REASON(OCSP_R_SERVER_WRITE_ERROR) ,"server write error"}, | 117 | {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) , "signature failure"}, |
| 119 | {ERR_REASON(OCSP_R_SIGNATURE_FAILURE) ,"signature failure"}, | 118 | {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND), "signer certificate not found"}, |
| 120 | {ERR_REASON(OCSP_R_SIGNER_CERTIFICATE_NOT_FOUND),"signer certificate not found"}, | 119 | {ERR_REASON(OCSP_R_STATUS_EXPIRED) , "status expired"}, |
| 121 | {ERR_REASON(OCSP_R_STATUS_EXPIRED) ,"status expired"}, | 120 | {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) , "status not yet valid"}, |
| 122 | {ERR_REASON(OCSP_R_STATUS_NOT_YET_VALID) ,"status not yet valid"}, | 121 | {ERR_REASON(OCSP_R_STATUS_TOO_OLD) , "status too old"}, |
| 123 | {ERR_REASON(OCSP_R_STATUS_TOO_OLD) ,"status too old"}, | 122 | {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST), "unknown message digest"}, |
| 124 | {ERR_REASON(OCSP_R_UNKNOWN_MESSAGE_DIGEST),"unknown message digest"}, | 123 | {ERR_REASON(OCSP_R_UNKNOWN_NID) , "unknown nid"}, |
| 125 | {ERR_REASON(OCSP_R_UNKNOWN_NID) ,"unknown nid"}, | 124 | {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE), "unsupported requestorname type"}, |
| 126 | {ERR_REASON(OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE),"unsupported requestorname type"}, | 125 | {0, NULL} |
| 127 | {0,NULL} | 126 | }; |
| 128 | }; | ||
| 129 | 127 | ||
| 130 | #endif | 128 | #endif |
| 131 | 129 | ||
| 132 | void ERR_load_OCSP_strings(void) | 130 | void |
| 133 | { | 131 | ERR_load_OCSP_strings(void) |
| 132 | { | ||
| 134 | #ifndef OPENSSL_NO_ERR | 133 | #ifndef OPENSSL_NO_ERR |
| 135 | 134 | if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) { | |
| 136 | if (ERR_func_error_string(OCSP_str_functs[0].error) == NULL) | 135 | ERR_load_strings(0, OCSP_str_functs); |
| 137 | { | 136 | ERR_load_strings(0, OCSP_str_reasons); |
| 138 | ERR_load_strings(0,OCSP_str_functs); | ||
| 139 | ERR_load_strings(0,OCSP_str_reasons); | ||
| 140 | } | ||
| 141 | #endif | ||
| 142 | } | 137 | } |
| 138 | #endif | ||
| 139 | } | ||
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c index 6ec8ca4adf..45b072750f 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ext.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -129,8 +129,8 @@ OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, | |||
| 129 | int | 129 | int |
| 130 | OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) | 130 | OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) |
| 131 | { | 131 | { |
| 132 | return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != | 132 | return X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, |
| 133 | NULL; | 133 | loc) != NULL; |
| 134 | } | 134 | } |
| 135 | 135 | ||
| 136 | /* Single extensions */ | 136 | /* Single extensions */ |
| @@ -172,7 +172,8 @@ OCSP_ONEREQ_delete_ext(OCSP_ONEREQ *x, int loc) | |||
| 172 | return X509v3_delete_ext(x->singleRequestExtensions, loc); | 172 | return X509v3_delete_ext(x->singleRequestExtensions, loc); |
| 173 | } | 173 | } |
| 174 | 174 | ||
| 175 | void *OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) | 175 | void * |
| 176 | OCSP_ONEREQ_get1_ext_d2i(OCSP_ONEREQ *x, int nid, int *crit, int *idx) | ||
| 176 | { | 177 | { |
| 177 | return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); | 178 | return X509V3_get_d2i(x->singleRequestExtensions, nid, crit, idx); |
| 178 | } | 179 | } |
| @@ -203,7 +204,7 @@ int | |||
| 203 | OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) | 204 | OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) |
| 204 | { | 205 | { |
| 205 | return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, | 206 | return X509v3_get_ext_by_NID(x->tbsResponseData->responseExtensions, |
| 206 | nid ,lastpos); | 207 | nid, lastpos); |
| 207 | } | 208 | } |
| 208 | 209 | ||
| 209 | int | 210 | int |
| @@ -216,8 +217,8 @@ OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) | |||
| 216 | int | 217 | int |
| 217 | OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) | 218 | OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) |
| 218 | { | 219 | { |
| 219 | return X509v3_get_ext_by_critical(x->tbsResponseData->responseExtensions, | 220 | return X509v3_get_ext_by_critical( |
| 220 | crit, lastpos); | 221 | x->tbsResponseData->responseExtensions, crit, lastpos); |
| 221 | } | 222 | } |
| 222 | 223 | ||
| 223 | X509_EXTENSION * | 224 | X509_EXTENSION * |
| @@ -329,14 +330,15 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, | |||
| 329 | if (i2d(data, &p) <= 0) | 330 | if (i2d(data, &p) <= 0) |
| 330 | goto err; | 331 | goto err; |
| 331 | } else if (sk) { | 332 | } else if (sk) { |
| 332 | if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk,NULL, | 333 | if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL, |
| 333 | (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, | 334 | (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, |
| 334 | IS_SEQUENCE)) <= 0) | 335 | IS_SEQUENCE)) <= 0) |
| 335 | goto err; | 336 | goto err; |
| 336 | if (!(b = p = malloc((unsigned int)i))) | 337 | if (!(b = p = malloc((unsigned int)i))) |
| 337 | goto err; | 338 | goto err; |
| 338 | if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk,&p,(I2D_OF(ASN1_OBJECT))i2d, | 339 | if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, |
| 339 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) | 340 | (I2D_OF(ASN1_OBJECT))i2d, V_ASN1_SEQUENCE, |
| 341 | V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0) | ||
| 340 | goto err; | 342 | goto err; |
| 341 | } else { | 343 | } else { |
| 342 | OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); | 344 | OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA); |
| @@ -348,6 +350,7 @@ ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d, void *data, | |||
| 348 | goto err; | 350 | goto err; |
| 349 | free(b); | 351 | free(b); |
| 350 | return s; | 352 | return s; |
| 353 | |||
| 351 | err: | 354 | err: |
| 352 | free(b); | 355 | free(b); |
| 353 | return NULL; | 356 | return NULL; |
| @@ -358,7 +361,7 @@ err: | |||
| 358 | 361 | ||
| 359 | /* Add a nonce to an extension stack. A nonce can be specificed or if NULL | 362 | /* Add a nonce to an extension stack. A nonce can be specificed or if NULL |
| 360 | * a random nonce will be generated. | 363 | * a random nonce will be generated. |
| 361 | * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the | 364 | * Note: OpenSSL 0.9.7d and later create an OCTET STRING containing the |
| 362 | * nonce, previous versions used the raw nonce. | 365 | * nonce, previous versions used the raw nonce. |
| 363 | */ | 366 | */ |
| 364 | 367 | ||
| @@ -390,6 +393,7 @@ ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val, int len) | |||
| 390 | X509V3_ADD_REPLACE)) | 393 | X509V3_ADD_REPLACE)) |
| 391 | goto err; | 394 | goto err; |
| 392 | ret = 1; | 395 | ret = 1; |
| 396 | |||
| 393 | err: | 397 | err: |
| 394 | free(os.data); | 398 | free(os.data); |
| 395 | return ret; | 399 | return ret; |
| @@ -436,7 +440,8 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) | |||
| 436 | X509_EXTENSION *req_ext, *resp_ext; | 440 | X509_EXTENSION *req_ext, *resp_ext; |
| 437 | 441 | ||
| 438 | req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); | 442 | req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); |
| 439 | resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, NID_id_pkix_OCSP_Nonce, -1); | 443 | resp_idx = OCSP_BASICRESP_get_ext_by_NID(bs, |
| 444 | NID_id_pkix_OCSP_Nonce, -1); | ||
| 440 | /* Check both absent */ | 445 | /* Check both absent */ |
| 441 | if (req_idx < 0 && resp_idx < 0) | 446 | if (req_idx < 0 && resp_idx < 0) |
| 442 | return 2; | 447 | return 2; |
| @@ -454,7 +459,7 @@ OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) | |||
| 454 | return 1; | 459 | return 1; |
| 455 | } | 460 | } |
| 456 | 461 | ||
| 457 | /* Copy the nonce value (if any) from an OCSP request to | 462 | /* Copy the nonce value (if any) from an OCSP request to |
| 458 | * a response. | 463 | * a response. |
| 459 | */ | 464 | */ |
| 460 | int | 465 | int |
| @@ -477,7 +482,7 @@ OCSP_crlID_new(char *url, long *n, char *tim) | |||
| 477 | { | 482 | { |
| 478 | X509_EXTENSION *x = NULL; | 483 | X509_EXTENSION *x = NULL; |
| 479 | OCSP_CRLID *cid = NULL; | 484 | OCSP_CRLID *cid = NULL; |
| 480 | 485 | ||
| 481 | if (!(cid = OCSP_CRLID_new())) | 486 | if (!(cid = OCSP_CRLID_new())) |
| 482 | goto err; | 487 | goto err; |
| 483 | if (url) { | 488 | if (url) { |
| @@ -495,10 +500,11 @@ OCSP_crlID_new(char *url, long *n, char *tim) | |||
| 495 | if (tim) { | 500 | if (tim) { |
| 496 | if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) | 501 | if (!(cid->crlTime = ASN1_GENERALIZEDTIME_new())) |
| 497 | goto err; | 502 | goto err; |
| 498 | if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) | 503 | if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) |
| 499 | goto err; | 504 | goto err; |
| 500 | } | 505 | } |
| 501 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); | 506 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid); |
| 507 | |||
| 502 | err: | 508 | err: |
| 503 | if (cid) | 509 | if (cid) |
| 504 | OCSP_CRLID_free(cid); | 510 | OCSP_CRLID_free(cid); |
| @@ -518,11 +524,12 @@ OCSP_accept_responses_new(char **oids) | |||
| 518 | goto err; | 524 | goto err; |
| 519 | while (oids && *oids) { | 525 | while (oids && *oids) { |
| 520 | if ((nid = OBJ_txt2nid(*oids)) != NID_undef && | 526 | if ((nid = OBJ_txt2nid(*oids)) != NID_undef && |
| 521 | (o = OBJ_nid2obj(nid))) | 527 | (o = OBJ_nid2obj(nid))) |
| 522 | sk_ASN1_OBJECT_push(sk, o); | 528 | sk_ASN1_OBJECT_push(sk, o); |
| 523 | oids++; | 529 | oids++; |
| 524 | } | 530 | } |
| 525 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); | 531 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk); |
| 532 | |||
| 526 | err: | 533 | err: |
| 527 | if (sk) | 534 | if (sk) |
| 528 | sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); | 535 | sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free); |
| @@ -541,6 +548,7 @@ OCSP_archive_cutoff_new(char* tim) | |||
| 541 | if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) | 548 | if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) |
| 542 | goto err; | 549 | goto err; |
| 543 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); | 550 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt); |
| 551 | |||
| 544 | err: | 552 | err: |
| 545 | if (gt) | 553 | if (gt) |
| 546 | ASN1_GENERALIZEDTIME_free(gt); | 554 | ASN1_GENERALIZEDTIME_free(gt); |
| @@ -558,7 +566,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | |||
| 558 | ASN1_IA5STRING *ia5 = NULL; | 566 | ASN1_IA5STRING *ia5 = NULL; |
| 559 | OCSP_SERVICELOC *sloc = NULL; | 567 | OCSP_SERVICELOC *sloc = NULL; |
| 560 | ACCESS_DESCRIPTION *ad = NULL; | 568 | ACCESS_DESCRIPTION *ad = NULL; |
| 561 | 569 | ||
| 562 | if (!(sloc = OCSP_SERVICELOC_new())) | 570 | if (!(sloc = OCSP_SERVICELOC_new())) |
| 563 | goto err; | 571 | goto err; |
| 564 | if (!(sloc->issuer = X509_NAME_dup(issuer))) | 572 | if (!(sloc->issuer = X509_NAME_dup(issuer))) |
| @@ -584,6 +592,7 @@ OCSP_url_svcloc_new(X509_NAME* issuer, char **urls) | |||
| 584 | urls++; | 592 | urls++; |
| 585 | } | 593 | } |
| 586 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); | 594 | x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc); |
| 595 | |||
| 587 | err: | 596 | err: |
| 588 | if (sloc) | 597 | if (sloc) |
| 589 | OCSP_SERVICELOC_free(sloc); | 598 | OCSP_SERVICELOC_free(sloc); |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c index 7f73a4195c..f3ee29ccbb 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_ht.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -233,7 +233,7 @@ parse_http_line1(char *line) | |||
| 233 | return 0; | 233 | return 0; |
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | /* Set end of response code and start of message */ | 236 | /* Set end of response code and start of message */ |
| 237 | *q++ = 0; | 237 | *q++ = 0; |
| 238 | 238 | ||
| 239 | /* Attempt to parse numeric code */ | 239 | /* Attempt to parse numeric code */ |
| @@ -290,7 +290,7 @@ next_io: | |||
| 290 | case OHS_ASN1_WRITE: | 290 | case OHS_ASN1_WRITE: |
| 291 | n = BIO_get_mem_data(rctx->mem, &p); | 291 | n = BIO_get_mem_data(rctx->mem, &p); |
| 292 | i = BIO_write(rctx->io, | 292 | i = BIO_write(rctx->io, |
| 293 | p + (n - rctx->asn1_len), rctx->asn1_len); | 293 | p + (n - rctx->asn1_len), rctx->asn1_len); |
| 294 | if (i <= 0) { | 294 | if (i <= 0) { |
| 295 | if (BIO_should_retry(rctx->io)) | 295 | if (BIO_should_retry(rctx->io)) |
| 296 | return -1; | 296 | return -1; |
| @@ -422,7 +422,7 @@ next_line: | |||
| 422 | rctx->state = OHS_ASN1_CONTENT; | 422 | rctx->state = OHS_ASN1_CONTENT; |
| 423 | 423 | ||
| 424 | /* FALLTHROUGH */ | 424 | /* FALLTHROUGH */ |
| 425 | 425 | ||
| 426 | case OHS_ASN1_CONTENT: | 426 | case OHS_ASN1_CONTENT: |
| 427 | n = BIO_get_mem_data(rctx->mem, &p); | 427 | n = BIO_get_mem_data(rctx->mem, &p); |
| 428 | if (n < (int)rctx->asn1_len) | 428 | if (n < (int)rctx->asn1_len) |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c index 056bd27665..3f6007f40a 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_lib.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -115,11 +115,11 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, | |||
| 115 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); | 115 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); |
| 116 | goto err; | 116 | goto err; |
| 117 | } | 117 | } |
| 118 | if (!(alg->algorithm=OBJ_nid2obj(nid))) | 118 | if (!(alg->algorithm = OBJ_nid2obj(nid))) |
| 119 | goto err; | 119 | goto err; |
| 120 | if ((alg->parameter=ASN1_TYPE_new()) == NULL) | 120 | if ((alg->parameter = ASN1_TYPE_new()) == NULL) |
| 121 | goto err; | 121 | goto err; |
| 122 | alg->parameter->type=V_ASN1_NULL; | 122 | alg->parameter->type = V_ASN1_NULL; |
| 123 | 123 | ||
| 124 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) | 124 | if (!X509_NAME_digest(issuerName, dgst, md, &i)) |
| 125 | goto digerr; | 125 | goto digerr; |
| @@ -139,6 +139,7 @@ OCSP_cert_id_new(const EVP_MD *dgst, X509_NAME *issuerName, | |||
| 139 | goto err; | 139 | goto err; |
| 140 | } | 140 | } |
| 141 | return cid; | 141 | return cid; |
| 142 | |||
| 142 | digerr: | 143 | digerr: |
| 143 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); | 144 | OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_DIGEST_ERR); |
| 144 | err: | 145 | err: |
| @@ -216,7 +217,7 @@ OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pssl) | |||
| 216 | 217 | ||
| 217 | /* Check for trailing part of path */ | 218 | /* Check for trailing part of path */ |
| 218 | p = strchr(p, '/'); | 219 | p = strchr(p, '/'); |
| 219 | if (!p) | 220 | if (!p) |
| 220 | *ppath = BUF_strdup("/"); | 221 | *ppath = BUF_strdup("/"); |
| 221 | else { | 222 | else { |
| 222 | *ppath = BUF_strdup(p); | 223 | *ppath = BUF_strdup(p); |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c index 9e4b81f061..b5031cd091 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_prn.c | |||
| @@ -15,7 +15,7 @@ | |||
| 15 | * are met: | 15 | * are met: |
| 16 | * | 16 | * |
| 17 | * 1. Redistributions of source code must retain the above copyright | 17 | * 1. Redistributions of source code must retain the above copyright |
| 18 | * notice, this list of conditions and the following disclaimer. | 18 | * notice, this list of conditions and the following disclaimer. |
| 19 | * | 19 | * |
| 20 | * 2. Redistributions in binary form must reproduce the above copyright | 20 | * 2. Redistributions in binary form must reproduce the above copyright |
| 21 | * notice, this list of conditions and the following disclaimer in | 21 | * notice, this list of conditions and the following disclaimer in |
| @@ -93,7 +93,7 @@ table2string(long s, const OCSP_TBLSTR *ts, int len) | |||
| 93 | { | 93 | { |
| 94 | const OCSP_TBLSTR *p; | 94 | const OCSP_TBLSTR *p; |
| 95 | 95 | ||
| 96 | for (p=ts; p < ts + len; p++) | 96 | for (p = ts; p < ts + len; p++) |
| 97 | if (p->t == s) | 97 | if (p->t == s) |
| 98 | return p->m; | 98 | return p->m; |
| 99 | return "(UNKNOWN)"; | 99 | return "(UNKNOWN)"; |
| @@ -103,42 +103,42 @@ const char * | |||
| 103 | OCSP_response_status_str(long s) | 103 | OCSP_response_status_str(long s) |
| 104 | { | 104 | { |
| 105 | static const OCSP_TBLSTR rstat_tbl[] = { | 105 | static const OCSP_TBLSTR rstat_tbl[] = { |
| 106 | { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, | 106 | { OCSP_RESPONSE_STATUS_SUCCESSFUL, "successful" }, |
| 107 | { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, | 107 | { OCSP_RESPONSE_STATUS_MALFORMEDREQUEST, "malformedrequest" }, |
| 108 | { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, | 108 | { OCSP_RESPONSE_STATUS_INTERNALERROR, "internalerror" }, |
| 109 | { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, | 109 | { OCSP_RESPONSE_STATUS_TRYLATER, "trylater" }, |
| 110 | { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, | 110 | { OCSP_RESPONSE_STATUS_SIGREQUIRED, "sigrequired" }, |
| 111 | { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } | 111 | { OCSP_RESPONSE_STATUS_UNAUTHORIZED, "unauthorized" } |
| 112 | }; | 112 | }; |
| 113 | return table2string(s, rstat_tbl, 6); | 113 | return table2string(s, rstat_tbl, 6); |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | const char * | 116 | const char * |
| 117 | OCSP_cert_status_str(long s) | 117 | OCSP_cert_status_str(long s) |
| 118 | { | 118 | { |
| 119 | static const OCSP_TBLSTR cstat_tbl[] = { | 119 | static const OCSP_TBLSTR cstat_tbl[] = { |
| 120 | { V_OCSP_CERTSTATUS_GOOD, "good" }, | 120 | { V_OCSP_CERTSTATUS_GOOD, "good" }, |
| 121 | { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, | 121 | { V_OCSP_CERTSTATUS_REVOKED, "revoked" }, |
| 122 | { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } | 122 | { V_OCSP_CERTSTATUS_UNKNOWN, "unknown" } |
| 123 | }; | 123 | }; |
| 124 | return table2string(s, cstat_tbl, 3); | 124 | return table2string(s, cstat_tbl, 3); |
| 125 | } | 125 | } |
| 126 | 126 | ||
| 127 | const char * | 127 | const char * |
| 128 | OCSP_crl_reason_str(long s) | 128 | OCSP_crl_reason_str(long s) |
| 129 | { | 129 | { |
| 130 | static const OCSP_TBLSTR reason_tbl[] = { | 130 | static const OCSP_TBLSTR reason_tbl[] = { |
| 131 | { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, | 131 | { OCSP_REVOKED_STATUS_UNSPECIFIED, "unspecified" }, |
| 132 | { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, | 132 | { OCSP_REVOKED_STATUS_KEYCOMPROMISE, "keyCompromise" }, |
| 133 | { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, | 133 | { OCSP_REVOKED_STATUS_CACOMPROMISE, "cACompromise" }, |
| 134 | { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, | 134 | { OCSP_REVOKED_STATUS_AFFILIATIONCHANGED, "affiliationChanged" }, |
| 135 | { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, | 135 | { OCSP_REVOKED_STATUS_SUPERSEDED, "superseded" }, |
| 136 | { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, | 136 | { OCSP_REVOKED_STATUS_CESSATIONOFOPERATION, "cessationOfOperation" }, |
| 137 | { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, | 137 | { OCSP_REVOKED_STATUS_CERTIFICATEHOLD, "certificateHold" }, |
| 138 | { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } | 138 | { OCSP_REVOKED_STATUS_REMOVEFROMCRL, "removeFromCRL" } |
| 139 | }; | 139 | }; |
| 140 | return table2string(s, reason_tbl, 8); | 140 | return table2string(s, reason_tbl, 8); |
| 141 | } | 141 | } |
| 142 | 142 | ||
| 143 | int | 143 | int |
| 144 | OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | 144 | OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) |
| @@ -150,17 +150,17 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | |||
| 150 | OCSP_REQINFO *inf = o->tbsRequest; | 150 | OCSP_REQINFO *inf = o->tbsRequest; |
| 151 | OCSP_SIGNATURE *sig = o->optionalSignature; | 151 | OCSP_SIGNATURE *sig = o->optionalSignature; |
| 152 | 152 | ||
| 153 | if (BIO_write(bp,"OCSP Request Data:\n",19) <= 0) | 153 | if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) |
| 154 | goto err; | 154 | goto err; |
| 155 | l = ASN1_INTEGER_get(inf->version); | 155 | l = ASN1_INTEGER_get(inf->version); |
| 156 | if (BIO_printf(bp," Version: %lu (0x%lx)",l+1,l) <= 0) | 156 | if (BIO_printf(bp, " Version: %lu (0x%lx)", l+1, l) <= 0) |
| 157 | goto err; | 157 | goto err; |
| 158 | if (inf->requestorName != NULL) { | 158 | if (inf->requestorName != NULL) { |
| 159 | if (BIO_write(bp,"\n Requestor Name: ",21) <= 0) | 159 | if (BIO_write(bp, "\n Requestor Name: ", 21) <= 0) |
| 160 | goto err; | 160 | goto err; |
| 161 | GENERAL_NAME_print(bp, inf->requestorName); | 161 | GENERAL_NAME_print(bp, inf->requestorName); |
| 162 | } | 162 | } |
| 163 | if (BIO_write(bp,"\n Requestor List:\n",21) <= 0) | 163 | if (BIO_write(bp, "\n Requestor List:\n", 21) <= 0) |
| 164 | goto err; | 164 | goto err; |
| 165 | for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { | 165 | for (i = 0; i < sk_OCSP_ONEREQ_num(inf->requestList); i++) { |
| 166 | one = sk_OCSP_ONEREQ_value(inf->requestList, i); | 166 | one = sk_OCSP_ONEREQ_value(inf->requestList, i); |
| @@ -176,12 +176,13 @@ OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* o, unsigned long flags) | |||
| 176 | if (sig) { | 176 | if (sig) { |
| 177 | X509_signature_print(bp, sig->signatureAlgorithm, | 177 | X509_signature_print(bp, sig->signatureAlgorithm, |
| 178 | sig->signature); | 178 | sig->signature); |
| 179 | for (i=0; i<sk_X509_num(sig->certs); i++) { | 179 | for (i = 0; i < sk_X509_num(sig->certs); i++) { |
| 180 | X509_print(bp, sk_X509_value(sig->certs,i)); | 180 | X509_print(bp, sk_X509_value(sig->certs, i)); |
| 181 | PEM_write_bio_X509(bp,sk_X509_value(sig->certs,i)); | 181 | PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); |
| 182 | } | 182 | } |
| 183 | } | 183 | } |
| 184 | return 1; | 184 | return 1; |
| 185 | |||
| 185 | err: | 186 | err: |
| 186 | return 0; | 187 | return 0; |
| 187 | } | 188 | } |
| @@ -200,20 +201,20 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 200 | OCSP_SINGLERESP *single = NULL; | 201 | OCSP_SINGLERESP *single = NULL; |
| 201 | OCSP_RESPBYTES *rb = o->responseBytes; | 202 | OCSP_RESPBYTES *rb = o->responseBytes; |
| 202 | 203 | ||
| 203 | if (BIO_puts(bp,"OCSP Response Data:\n") <= 0) | 204 | if (BIO_puts(bp, "OCSP Response Data:\n") <= 0) |
| 204 | goto err; | 205 | goto err; |
| 205 | l = ASN1_ENUMERATED_get(o->responseStatus); | 206 | l = ASN1_ENUMERATED_get(o->responseStatus); |
| 206 | if (BIO_printf(bp," OCSP Response Status: %s (0x%lx)\n", | 207 | if (BIO_printf(bp, " OCSP Response Status: %s (0x%lx)\n", |
| 207 | OCSP_response_status_str(l), l) <= 0) | 208 | OCSP_response_status_str(l), l) <= 0) |
| 208 | goto err; | 209 | goto err; |
| 209 | if (rb == NULL) | 210 | if (rb == NULL) |
| 210 | return 1; | 211 | return 1; |
| 211 | if (BIO_puts(bp," Response Type: ") <= 0) | 212 | if (BIO_puts(bp, " Response Type: ") <= 0) |
| 212 | goto err; | 213 | goto err; |
| 213 | if(i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) | 214 | if (i2a_ASN1_OBJECT(bp, rb->responseType) <= 0) |
| 214 | goto err; | 215 | goto err; |
| 215 | if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { | 216 | if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic) { |
| 216 | BIO_puts(bp," (unknown response type)\n"); | 217 | BIO_puts(bp, " (unknown response type)\n"); |
| 217 | return 1; | 218 | return 1; |
| 218 | } | 219 | } |
| 219 | 220 | ||
| @@ -222,12 +223,12 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 222 | goto err; | 223 | goto err; |
| 223 | rd = br->tbsResponseData; | 224 | rd = br->tbsResponseData; |
| 224 | l = ASN1_INTEGER_get(rd->version); | 225 | l = ASN1_INTEGER_get(rd->version); |
| 225 | if (BIO_printf(bp,"\n Version: %lu (0x%lx)\n", l+1,l) <= 0) | 226 | if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l+1, l) <= 0) |
| 226 | goto err; | 227 | goto err; |
| 227 | if (BIO_puts(bp," Responder Id: ") <= 0) | 228 | if (BIO_puts(bp, " Responder Id: ") <= 0) |
| 228 | goto err; | 229 | goto err; |
| 229 | 230 | ||
| 230 | rid = rd->responderId; | 231 | rid = rd->responderId; |
| 231 | switch (rid->type) { | 232 | switch (rid->type) { |
| 232 | case V_OCSP_RESPID_NAME: | 233 | case V_OCSP_RESPID_NAME: |
| 233 | X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); | 234 | X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); |
| @@ -237,11 +238,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 237 | break; | 238 | break; |
| 238 | } | 239 | } |
| 239 | 240 | ||
| 240 | if (BIO_printf(bp,"\n Produced At: ")<=0) | 241 | if (BIO_printf(bp, "\n Produced At: ")<=0) |
| 241 | goto err; | 242 | goto err; |
| 242 | if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) | 243 | if (!ASN1_GENERALIZEDTIME_print(bp, rd->producedAt)) |
| 243 | goto err; | 244 | goto err; |
| 244 | if (BIO_printf(bp,"\n Responses:\n") <= 0) | 245 | if (BIO_printf(bp, "\n Responses:\n") <= 0) |
| 245 | goto err; | 246 | goto err; |
| 246 | for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { | 247 | for (i = 0; i < sk_OCSP_SINGLERESP_num(rd->responses); i++) { |
| 247 | if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) | 248 | if (! sk_OCSP_SINGLERESP_value(rd->responses, i)) |
| @@ -251,15 +252,15 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 251 | if (ocsp_certid_print(bp, cid, 4) <= 0) | 252 | if (ocsp_certid_print(bp, cid, 4) <= 0) |
| 252 | goto err; | 253 | goto err; |
| 253 | cst = single->certStatus; | 254 | cst = single->certStatus; |
| 254 | if (BIO_printf(bp," Cert Status: %s", | 255 | if (BIO_printf(bp, " Cert Status: %s", |
| 255 | OCSP_cert_status_str(cst->type)) <= 0) | 256 | OCSP_cert_status_str(cst->type)) <= 0) |
| 256 | goto err; | 257 | goto err; |
| 257 | if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { | 258 | if (cst->type == V_OCSP_CERTSTATUS_REVOKED) { |
| 258 | rev = cst->value.revoked; | 259 | rev = cst->value.revoked; |
| 259 | if (BIO_printf(bp, "\n Revocation Time: ") <= 0) | 260 | if (BIO_printf(bp, "\n Revocation Time: ") <= 0) |
| 260 | goto err; | 261 | goto err; |
| 261 | if (!ASN1_GENERALIZEDTIME_print(bp, | 262 | if (!ASN1_GENERALIZEDTIME_print(bp, |
| 262 | rev->revocationTime)) | 263 | rev->revocationTime)) |
| 263 | goto err; | 264 | goto err; |
| 264 | if (rev->revocationReason) { | 265 | if (rev->revocationReason) { |
| 265 | l = ASN1_ENUMERATED_get(rev->revocationReason); | 266 | l = ASN1_ENUMERATED_get(rev->revocationReason); |
| @@ -269,22 +270,22 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 269 | goto err; | 270 | goto err; |
| 270 | } | 271 | } |
| 271 | } | 272 | } |
| 272 | if (BIO_printf(bp,"\n This Update: ") <= 0) | 273 | if (BIO_printf(bp, "\n This Update: ") <= 0) |
| 273 | goto err; | 274 | goto err; |
| 274 | if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) | 275 | if (!ASN1_GENERALIZEDTIME_print(bp, single->thisUpdate)) |
| 275 | goto err; | 276 | goto err; |
| 276 | if (single->nextUpdate) { | 277 | if (single->nextUpdate) { |
| 277 | if (BIO_printf(bp,"\n Next Update: ") <= 0) | 278 | if (BIO_printf(bp, "\n Next Update: ") <= 0) |
| 278 | goto err; | 279 | goto err; |
| 279 | if (!ASN1_GENERALIZEDTIME_print(bp,single->nextUpdate)) | 280 | if (!ASN1_GENERALIZEDTIME_print(bp, single->nextUpdate)) |
| 280 | goto err; | 281 | goto err; |
| 281 | } | 282 | } |
| 282 | if (BIO_write(bp,"\n",1) <= 0) | 283 | if (BIO_write(bp, "\n", 1) <= 0) |
| 283 | goto err; | 284 | goto err; |
| 284 | if (!X509V3_extensions_print(bp, "Response Single Extensions", | 285 | if (!X509V3_extensions_print(bp, "Response Single Extensions", |
| 285 | single->singleExtensions, flags, 8)) | 286 | single->singleExtensions, flags, 8)) |
| 286 | goto err; | 287 | goto err; |
| 287 | if (BIO_write(bp,"\n",1) <= 0) | 288 | if (BIO_write(bp, "\n", 1) <= 0) |
| 288 | goto err; | 289 | goto err; |
| 289 | } | 290 | } |
| 290 | if (!X509V3_extensions_print(bp, "Response Extensions", | 291 | if (!X509V3_extensions_print(bp, "Response Extensions", |
| @@ -296,10 +297,11 @@ OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* o, unsigned long flags) | |||
| 296 | 297 | ||
| 297 | for (i = 0; i < sk_X509_num(br->certs); i++) { | 298 | for (i = 0; i < sk_X509_num(br->certs); i++) { |
| 298 | X509_print(bp, sk_X509_value(br->certs, i)); | 299 | X509_print(bp, sk_X509_value(br->certs, i)); |
| 299 | PEM_write_bio_X509(bp,sk_X509_value(br->certs, i)); | 300 | PEM_write_bio_X509(bp, sk_X509_value(br->certs, i)); |
| 300 | } | 301 | } |
| 301 | 302 | ||
| 302 | ret = 1; | 303 | ret = 1; |
| 304 | |||
| 303 | err: | 305 | err: |
| 304 | OCSP_BASICRESP_free(br); | 306 | OCSP_BASICRESP_free(br); |
| 305 | return ret; | 307 | return ret; |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c index c14e8e2bc3..18c8f26852 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_srv.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -131,6 +131,7 @@ OCSP_response_create(int status, OCSP_BASICRESP *bs) | |||
| 131 | &rsp->responseBytes->response)) | 131 | &rsp->responseBytes->response)) |
| 132 | goto err; | 132 | goto err; |
| 133 | return rsp; | 133 | return rsp; |
| 134 | |||
| 134 | err: | 135 | err: |
| 135 | if (rsp) | 136 | if (rsp) |
| 136 | OCSP_RESPONSE_free(rsp); | 137 | OCSP_RESPONSE_free(rsp); |
| @@ -164,7 +165,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, | |||
| 164 | goto err; | 165 | goto err; |
| 165 | 166 | ||
| 166 | cs = single->certStatus; | 167 | cs = single->certStatus; |
| 167 | switch(cs->type = status) { | 168 | switch (cs->type = status) { |
| 168 | case V_OCSP_CERTSTATUS_REVOKED: | 169 | case V_OCSP_CERTSTATUS_REVOKED: |
| 169 | if (!revtime) { | 170 | if (!revtime) { |
| 170 | OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, | 171 | OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS, |
| @@ -174,14 +175,14 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, | |||
| 174 | if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) | 175 | if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) |
| 175 | goto err; | 176 | goto err; |
| 176 | if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) | 177 | if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime)) |
| 177 | goto err; | 178 | goto err; |
| 178 | if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { | 179 | if (reason != OCSP_REVOKED_STATUS_NOSTATUS) { |
| 179 | if (!(ri->revocationReason = ASN1_ENUMERATED_new())) | 180 | if (!(ri->revocationReason = ASN1_ENUMERATED_new())) |
| 180 | goto err; | 181 | goto err; |
| 181 | if (!(ASN1_ENUMERATED_set(ri->revocationReason, | 182 | if (!(ASN1_ENUMERATED_set(ri->revocationReason, |
| 182 | reason))) | 183 | reason))) |
| 183 | goto err; | 184 | goto err; |
| 184 | } | 185 | } |
| 185 | break; | 186 | break; |
| 186 | 187 | ||
| 187 | case V_OCSP_CERTSTATUS_GOOD: | 188 | case V_OCSP_CERTSTATUS_GOOD: |
| @@ -198,6 +199,7 @@ OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status, | |||
| 198 | if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) | 199 | if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) |
| 199 | goto err; | 200 | goto err; |
| 200 | return single; | 201 | return single; |
| 202 | |||
| 201 | err: | 203 | err: |
| 202 | OCSP_SINGLERESP_free(single); | 204 | OCSP_SINGLERESP_free(single); |
| 203 | return NULL; | 205 | return NULL; |
| @@ -268,6 +270,7 @@ OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key, | |||
| 268 | goto err; | 270 | goto err; |
| 269 | 271 | ||
| 270 | return 1; | 272 | return 1; |
| 273 | |||
| 271 | err: | 274 | err: |
| 272 | return 0; | 275 | return 0; |
| 273 | } | 276 | } |
diff --git a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c index aede155871..5d8b2eebcf 100644 --- a/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c +++ b/src/lib/libssl/src/crypto/ocsp/ocsp_vfy.c | |||
| @@ -10,7 +10,7 @@ | |||
| 10 | * are met: | 10 | * are met: |
| 11 | * | 11 | * |
| 12 | * 1. Redistributions of source code must retain the above copyright | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | 13 | * notice, this list of conditions and the following disclaimer. |
| 14 | * | 14 | * |
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 16 | * notice, this list of conditions and the following disclaimer in | 16 | * notice, this list of conditions and the following disclaimer in |
| @@ -61,17 +61,17 @@ | |||
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | 62 | ||
| 63 | static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, | 63 | static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, |
| 64 | STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); | 64 | STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags); |
| 65 | static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); | 65 | static X509 *ocsp_find_signer_sk(STACK_OF(X509) *certs, OCSP_RESPID *id); |
| 66 | static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, | 66 | static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, |
| 67 | unsigned long flags); | 67 | unsigned long flags); |
| 68 | static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); | 68 | static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret); |
| 69 | static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, | 69 | static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, |
| 70 | STACK_OF(OCSP_SINGLERESP) *sresp); | 70 | STACK_OF(OCSP_SINGLERESP) *sresp); |
| 71 | static int ocsp_check_delegated(X509 *x, int flags); | 71 | static int ocsp_check_delegated(X509 *x, int flags); |
| 72 | static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, | 72 | static int ocsp_req_find_signer(X509 **psigner, OCSP_REQUEST *req, |
| 73 | X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, | 73 | X509_NAME *nm, STACK_OF(X509) *certs, X509_STORE *st, |
| 74 | unsigned long flags); | 74 | unsigned long flags); |
| 75 | 75 | ||
| 76 | /* Verify a basic response message */ | 76 | /* Verify a basic response message */ |
| 77 | int | 77 | int |
| @@ -108,14 +108,14 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 108 | if (!(flags & OCSP_NOVERIFY)) { | 108 | if (!(flags & OCSP_NOVERIFY)) { |
| 109 | int init_res; | 109 | int init_res; |
| 110 | 110 | ||
| 111 | if(flags & OCSP_NOCHAIN) | 111 | if (flags & OCSP_NOCHAIN) |
| 112 | init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); | 112 | init_res = X509_STORE_CTX_init(&ctx, st, signer, NULL); |
| 113 | else | 113 | else |
| 114 | init_res = X509_STORE_CTX_init(&ctx, st, signer, | 114 | init_res = X509_STORE_CTX_init(&ctx, st, signer, |
| 115 | bs->certs); | 115 | bs->certs); |
| 116 | if (!init_res) { | 116 | if (!init_res) { |
| 117 | ret = -1; | 117 | ret = -1; |
| 118 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY,ERR_R_X509_LIB); | 118 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, ERR_R_X509_LIB); |
| 119 | goto end; | 119 | goto end; |
| 120 | } | 120 | } |
| 121 | 121 | ||
| @@ -131,7 +131,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 131 | X509_verify_cert_error_string(i)); | 131 | X509_verify_cert_error_string(i)); |
| 132 | goto end; | 132 | goto end; |
| 133 | } | 133 | } |
| 134 | if(flags & OCSP_NOCHECKS) { | 134 | if (flags & OCSP_NOCHECKS) { |
| 135 | ret = 1; | 135 | ret = 1; |
| 136 | goto end; | 136 | goto end; |
| 137 | } | 137 | } |
| @@ -152,7 +152,7 @@ OCSP_basic_verify(OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, | |||
| 152 | 152 | ||
| 153 | x = sk_X509_value(chain, sk_X509_num(chain) - 1); | 153 | x = sk_X509_value(chain, sk_X509_num(chain) - 1); |
| 154 | if (X509_check_trust(x, NID_OCSP_sign, 0) != | 154 | if (X509_check_trust(x, NID_OCSP_sign, 0) != |
| 155 | X509_TRUST_TRUSTED) { | 155 | X509_TRUST_TRUSTED) { |
| 156 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, | 156 | OCSPerr(OCSP_F_OCSP_BASIC_VERIFY, |
| 157 | OCSP_R_ROOT_CA_NOT_TRUSTED); | 157 | OCSP_R_ROOT_CA_NOT_TRUSTED); |
| 158 | goto end; | 158 | goto end; |
| @@ -411,7 +411,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 411 | init_res = X509_STORE_CTX_init(&ctx, store, signer, | 411 | init_res = X509_STORE_CTX_init(&ctx, store, signer, |
| 412 | req->optionalSignature->certs); | 412 | req->optionalSignature->certs); |
| 413 | if (!init_res) { | 413 | if (!init_res) { |
| 414 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,ERR_R_X509_LIB); | 414 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, ERR_R_X509_LIB); |
| 415 | return 0; | 415 | return 0; |
| 416 | } | 416 | } |
| 417 | 417 | ||
| @@ -420,7 +420,7 @@ OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 420 | ret = X509_verify_cert(&ctx); | 420 | ret = X509_verify_cert(&ctx); |
| 421 | X509_STORE_CTX_cleanup(&ctx); | 421 | X509_STORE_CTX_cleanup(&ctx); |
| 422 | if (ret <= 0) { | 422 | if (ret <= 0) { |
| 423 | ret = X509_STORE_CTX_get_error(&ctx); | 423 | ret = X509_STORE_CTX_get_error(&ctx); |
| 424 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, | 424 | OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, |
| 425 | OCSP_R_CERTIFICATE_VERIFY_ERROR); | 425 | OCSP_R_CERTIFICATE_VERIFY_ERROR); |
| 426 | ERR_asprintf_error_data("Verify error:%s", | 426 | ERR_asprintf_error_data("Verify error:%s", |