1 files changed, 104 insertions, 95 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c
index 1c606dd0b6..c14e8e2bc3 100644
--- a/src/lib/libcrypto/ocsp/ocsp_srv.c
+++ b/src/lib/libcrypto/ocsp/ocsp_srv.c
@@ -69,107 +69,118 @@
 * relevant information from the request.
 */
-int OCSP_request_onereq_count(OCSP_REQUEST *req)
+int
-        {
+OCSP_request_onereq_count(OCSP_REQUEST *req)
+{
        return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
-        }
+}
-OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+OCSP_ONEREQ *
-        {
+OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
+{
        return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
-        }
+}
-OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+OCSP_CERTID *
-        {
+OCSP_onereq_get0_id(OCSP_ONEREQ *one)
+{
        return one->reqCert;
-        }
+}
-int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
+int
-                        ASN1_OCTET_STRING **pikeyHash,
+OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
-                        ASN1_INTEGER **pserial, OCSP_CERTID *cid)
+    ASN1_OCTET_STRING **pikeyHash, ASN1_INTEGER **pserial, OCSP_CERTID *cid)
-        {
+{
-        if (!cid) return 0;
+        if (!cid)
-        if (pmd) *pmd = cid->hashAlgorithm->algorithm;
+                return 0;
-        if(piNameHash) *piNameHash = cid->issuerNameHash;
+        if (pmd)
-        if (pikeyHash) *pikeyHash = cid->issuerKeyHash;
+                *pmd = cid->hashAlgorithm->algorithm;
-        if (pserial) *pserial = cid->serialNumber;
+        if (piNameHash)
+                *piNameHash = cid->issuerNameHash;
+        if (pikeyHash)
+                *pikeyHash = cid->issuerKeyHash;
+        if (pserial)
+                *pserial = cid->serialNumber;
        return 1;
-        }
+}
-int OCSP_request_is_signed(OCSP_REQUEST *req)
+int
-        {
+OCSP_request_is_signed(OCSP_REQUEST *req)
-        if(req->optionalSignature) return 1;
+{
+        if (req->optionalSignature)
+                return 1;
        return 0;
-        }
+}
 /* Create an OCSP response and encode an optional basic response */
-OCSP_RESPONSE *OCSP_response_create(int status, OCSP_BASICRESP *bs)
+OCSP_RESPONSE *
-        {
+OCSP_response_create(int status, OCSP_BASICRESP *bs)
-        OCSP_RESPONSE *rsp = NULL;
+{
+        OCSP_RESPONSE *rsp = NULL;
-        if (!(rsp = OCSP_RESPONSE_new())) goto err;
+        if (!(rsp = OCSP_RESPONSE_new()))
-        if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;
+                goto err;
-        if (!bs) return rsp;
+        if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
-        if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;
+                goto err;
+        if (!bs)
+                return rsp;
+        if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
+                goto err;
        rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
-        if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))
+        if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP),
-                                goto err;
+            &rsp->responseBytes->response))
+                goto err;
        return rsp;
 err:
-        if (rsp) OCSP_RESPONSE_free(rsp);
+        if (rsp)
+                OCSP_RESPONSE_free(rsp);
        return NULL;
-        }
+}
-OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
+OCSP_SINGLERESP *
-                                                OCSP_CERTID *cid,
+OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTID *cid, int status,
-                                                int status, int reason,
+    int reason, ASN1_TIME *revtime, ASN1_TIME *thisupd, ASN1_TIME *nextupd)
-                                                ASN1_TIME *revtime,
+{
-                                        ASN1_TIME *thisupd, ASN1_TIME *nextupd)
-        {
        OCSP_SINGLERESP *single = NULL;
        OCSP_CERTSTATUS *cs;
        OCSP_REVOKEDINFO *ri;
-        if(!rsp->tbsResponseData->responses &&
+        if (!rsp->tbsResponseData->responses &&
            !(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
                goto err;
        if (!(single = OCSP_SINGLERESP_new()))
                goto err;
        if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
                goto err;
        if (nextupd &&
-                !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
+            !ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
                goto err;
        OCSP_CERTID_free(single->certId);
-        if(!(single->certId = OCSP_CERTID_dup(cid)))
+        if (!(single->certId = OCSP_CERTID_dup(cid)))
                goto err;
        cs = single->certStatus;
-        switch(cs->type = status)
+        switch(cs->type = status) {
-                {
        case V_OCSP_CERTSTATUS_REVOKED:
-                if (!revtime)
+                if (!revtime) {
-                        {
+                        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
-                        OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);
+                            OCSP_R_NO_REVOKED_TIME);
+                        goto err;
+                }
+                if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
                        goto err;
-                        }
-                if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
                if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
                        goto err;       
-                if (reason != OCSP_REVOKED_STATUS_NOSTATUS)
+                if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
-                        {
                        if (!(ri->revocationReason = ASN1_ENUMERATED_new())) 
-                                goto err;
+                                goto err;
-                        if (!(ASN1_ENUMERATED_set(ri->revocationReason, 
+                        if (!(ASN1_ENUMERATED_set(ri->revocationReason,
-                                                  reason)))
+                            reason)))
-                                goto err;       
+                                goto err;       
                        }
                break;
@@ -183,82 +194,80 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
        default:
                goto err;
+        }
-                }
        if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
                goto err;
        return single;
 err:
        OCSP_SINGLERESP_free(single);
        return NULL;
-        }
+}
 /* Add a certificate to an OCSP request */
+int
-int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
+OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
-        {
+{
        if (!resp->certs && !(resp->certs = sk_X509_new_null()))
                return 0;
-        if(!sk_X509_push(resp->certs, cert)) return 0;
+        if (!sk_X509_push(resp->certs, cert))
+                return 0;
        CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
        return 1;
-        }
+}
-int OCSP_basic_sign(OCSP_BASICRESP *brsp, 
+int
-                        X509 *signer, EVP_PKEY *key, const EVP_MD *dgst,
+OCSP_basic_sign(OCSP_BASICRESP *brsp, X509 *signer, EVP_PKEY *key,
-                        STACK_OF(X509) *certs, unsigned long flags)
+    const EVP_MD *dgst, STACK_OF(X509) *certs, unsigned long flags)
-        {
+{
        int i;
        OCSP_RESPID *rid;
-        if (!X509_check_private_key(signer, key))
+        if (!X509_check_private_key(signer, key)) {
-                {
+                OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
-                OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
+                    OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
                goto err;
-                }
+        }
-        if(!(flags & OCSP_NOCERTS))
+        if (!(flags & OCSP_NOCERTS)) {
-                {
+                if (!OCSP_basic_add1_cert(brsp, signer))
-                if(!OCSP_basic_add1_cert(brsp, signer))
                        goto err;
-                for (i = 0; i < sk_X509_num(certs); i++)
+                for (i = 0; i < sk_X509_num(certs); i++) {
-                        {
                        X509 *tmpcert = sk_X509_value(certs, i);
-                        if(!OCSP_basic_add1_cert(brsp, tmpcert))
+                        if (!OCSP_basic_add1_cert(brsp, tmpcert))
                                goto err;
-                        }
                }
+        }
        rid = brsp->tbsResponseData->responderId;
-        if (flags & OCSP_RESPID_KEY)
+        if (flags & OCSP_RESPID_KEY) {
-                {
                unsigned char md[SHA_DIGEST_LENGTH];
                X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
                if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
                        goto err;
-                if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))
+                if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md,
-                                goto err;
+                    SHA_DIGEST_LENGTH)))
+                        goto err;
                rid->type = V_OCSP_RESPID_KEY;
-                }
+        } else {
-        else
-                {
                if (!X509_NAME_set(&rid->value.byName,
-                                        X509_get_subject_name(signer)))
+                    X509_get_subject_name(signer)))
-                                goto err;
+                        goto err;
                rid->type = V_OCSP_RESPID_NAME;
-                }
+        }
        if (!(flags & OCSP_NOTIME) &&
-                !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+            !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
                goto err;
        /* Right now, I think that not doing double hashing is the right
           thing.       -- Richard Levitte */
-        if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;
+        if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
+                goto err;
        return 1;
 err:
        return 0;
-        }
+}

diff --git a/src/lib/libcrypto/ocsp/ocsp_srv.c b/src/lib/libcrypto/ocsp/ocsp_srv.c index 1c606dd0b6..c14e8e2bc3 100644 --- a/src/lib/libcrypto/ocsp/ocsp_srv.c +++ b/src/lib/libcrypto/ocsp/ocsp_srv.c
@@ -69,107 +69,118 @@
69	* relevant information from the request.	69	* relevant information from the request.
70	*/	70	*/
71		71
72	int OCSP_request_onereq_count(OCSP_REQUEST *req)	72	int
73	{	73	OCSP_request_onereq_count(OCSP_REQUEST *req)
		74	{
74	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);	75	return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
75	}	76	}
76		77
77	OCSP_ONEREQ OCSP_request_onereq_get0(OCSP_REQUEST req, int i)	78	OCSP_ONEREQ *
78	{	79	OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
		80	{
79	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);	81	return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
80	}	82	}
81		83
82	OCSP_CERTID OCSP_onereq_get0_id(OCSP_ONEREQ one)	84	OCSP_CERTID *
83	{	85	OCSP_onereq_get0_id(OCSP_ONEREQ *one)
		86	{
84	return one->reqCert;	87	return one->reqCert;
85	}	88	}
86		89
87	int OCSP_id_get0_info(ASN1_OCTET_STRING piNameHash, ASN1_OBJECT pmd,	90	int
88	ASN1_OCTET_STRING **pikeyHash,	91	OCSP_id_get0_info(ASN1_OCTET_STRING piNameHash, ASN1_OBJECT pmd,
89	ASN1_INTEGER *pserial, OCSP_CERTID cid)	92	ASN1_OCTET_STRING pikeyHash, ASN1_INTEGER pserial, OCSP_CERTID *cid)
90	{	93	{
91	if (!cid) return 0;	94	if (!cid)
92	if (pmd) *pmd = cid->hashAlgorithm->algorithm;	95	return 0;
93	if(piNameHash) *piNameHash = cid->issuerNameHash;	96	if (pmd)
94	if (pikeyHash) *pikeyHash = cid->issuerKeyHash;	97	*pmd = cid->hashAlgorithm->algorithm;
95	if (pserial) *pserial = cid->serialNumber;	98	if (piNameHash)
		99	*piNameHash = cid->issuerNameHash;
		100	if (pikeyHash)
		101	*pikeyHash = cid->issuerKeyHash;
		102	if (pserial)
		103	*pserial = cid->serialNumber;
96	return 1;	104	return 1;
97	}	105	}
98		106
99	int OCSP_request_is_signed(OCSP_REQUEST *req)	107	int
100	{	108	OCSP_request_is_signed(OCSP_REQUEST *req)
101	if(req->optionalSignature) return 1;	109	{
		110	if (req->optionalSignature)
		111	return 1;
102	return 0;	112	return 0;
103	}	113	}
104		114
105	/* Create an OCSP response and encode an optional basic response */	115	/* Create an OCSP response and encode an optional basic response */
106	OCSP_RESPONSE OCSP_response_create(int status, OCSP_BASICRESP bs)	116	OCSP_RESPONSE *
107	{	117	OCSP_response_create(int status, OCSP_BASICRESP *bs)
108	OCSP_RESPONSE *rsp = NULL;	118	{
		119	OCSP_RESPONSE *rsp = NULL;
109		120
110	if (!(rsp = OCSP_RESPONSE_new())) goto err;	121	if (!(rsp = OCSP_RESPONSE_new()))
111	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status))) goto err;	122	goto err;
112	if (!bs) return rsp;	123	if (!(ASN1_ENUMERATED_set(rsp->responseStatus, status)))
113	if (!(rsp->responseBytes = OCSP_RESPBYTES_new())) goto err;	124	goto err;
		125	if (!bs)
		126	return rsp;
		127	if (!(rsp->responseBytes = OCSP_RESPBYTES_new()))
		128	goto err;
114	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);	129	rsp->responseBytes->responseType = OBJ_nid2obj(NID_id_pkix_OCSP_basic);
115	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP), &rsp->responseBytes->response))	130	if (!ASN1_item_pack(bs, ASN1_ITEM_rptr(OCSP_BASICRESP),
116	goto err;	131	&rsp->responseBytes->response))
		132	goto err;
117	return rsp;	133	return rsp;
118	err:	134	err:
119	if (rsp) OCSP_RESPONSE_free(rsp);	135	if (rsp)
		136	OCSP_RESPONSE_free(rsp);
120	return NULL;	137	return NULL;
121	}	138	}
122
123		139
124	OCSP_SINGLERESP OCSP_basic_add1_status(OCSP_BASICRESP rsp,	140	OCSP_SINGLERESP *
125	OCSP_CERTID *cid,	141	OCSP_basic_add1_status(OCSP_BASICRESP rsp, OCSP_CERTID cid, int status,
126	int status, int reason,	142	int reason, ASN1_TIME revtime, ASN1_TIME thisupd, ASN1_TIME *nextupd)
127	ASN1_TIME *revtime,	143	{
128	ASN1_TIME thisupd, ASN1_TIME nextupd)
129	{
130	OCSP_SINGLERESP *single = NULL;	144	OCSP_SINGLERESP *single = NULL;
131	OCSP_CERTSTATUS *cs;	145	OCSP_CERTSTATUS *cs;
132	OCSP_REVOKEDINFO *ri;	146	OCSP_REVOKEDINFO *ri;
133		147
134	if(!rsp->tbsResponseData->responses &&	148	if (!rsp->tbsResponseData->responses &&
135	!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))	149	!(rsp->tbsResponseData->responses = sk_OCSP_SINGLERESP_new_null()))
136	goto err;	150	goto err;
137		151
138	if (!(single = OCSP_SINGLERESP_new()))	152	if (!(single = OCSP_SINGLERESP_new()))
139	goto err;	153	goto err;
140		154
141
142
143	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))	155	if (!ASN1_TIME_to_generalizedtime(thisupd, &single->thisUpdate))
144	goto err;	156	goto err;
145	if (nextupd &&	157	if (nextupd &&
146	!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))	158	!ASN1_TIME_to_generalizedtime(nextupd, &single->nextUpdate))
147	goto err;	159	goto err;
148		160
149	OCSP_CERTID_free(single->certId);	161	OCSP_CERTID_free(single->certId);
150		162
151	if(!(single->certId = OCSP_CERTID_dup(cid)))	163	if (!(single->certId = OCSP_CERTID_dup(cid)))
152	goto err;	164	goto err;
153		165
154	cs = single->certStatus;	166	cs = single->certStatus;
155	switch(cs->type = status)	167	switch(cs->type = status) {
156	{
157	case V_OCSP_CERTSTATUS_REVOKED:	168	case V_OCSP_CERTSTATUS_REVOKED:
158	if (!revtime)	169	if (!revtime) {
159	{	170	OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,
160	OCSPerr(OCSP_F_OCSP_BASIC_ADD1_STATUS,OCSP_R_NO_REVOKED_TIME);	171	OCSP_R_NO_REVOKED_TIME);
		172	goto err;
		173	}
		174	if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new()))
161	goto err;	175	goto err;
162	}
163	if (!(cs->value.revoked = ri = OCSP_REVOKEDINFO_new())) goto err;
164	if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))	176	if (!ASN1_TIME_to_generalizedtime(revtime, &ri->revocationTime))
165	goto err;	177	goto err;
166	if (reason != OCSP_REVOKED_STATUS_NOSTATUS)	178	if (reason != OCSP_REVOKED_STATUS_NOSTATUS) {
167	{
168	if (!(ri->revocationReason = ASN1_ENUMERATED_new()))	179	if (!(ri->revocationReason = ASN1_ENUMERATED_new()))
169	goto err;	180	goto err;
170	if (!(ASN1_ENUMERATED_set(ri->revocationReason,	181	if (!(ASN1_ENUMERATED_set(ri->revocationReason,
171	reason)))	182	reason)))
172	goto err;	183	goto err;
173	}	184	}
174	break;	185	break;
175		186
@@ -183,82 +194,80 @@ OCSP_SINGLERESP OCSP_basic_add1_status(OCSP_BASICRESP rsp,
183		194
184	default:	195	default:
185	goto err;	196	goto err;
186		197	}
187	}
188	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))	198	if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
189	goto err;	199	goto err;
190	return single;	200	return single;
191	err:	201	err:
192	OCSP_SINGLERESP_free(single);	202	OCSP_SINGLERESP_free(single);
193	return NULL;	203	return NULL;
194	}	204	}
195		205
196	/* Add a certificate to an OCSP request */	206	/* Add a certificate to an OCSP request */
197		207	int
198	int OCSP_basic_add1_cert(OCSP_BASICRESP resp, X509 cert)	208	OCSP_basic_add1_cert(OCSP_BASICRESP resp, X509 cert)
199	{	209	{
200	if (!resp->certs && !(resp->certs = sk_X509_new_null()))	210	if (!resp->certs && !(resp->certs = sk_X509_new_null()))
201	return 0;	211	return 0;
202		212
203	if(!sk_X509_push(resp->certs, cert)) return 0;	213	if (!sk_X509_push(resp->certs, cert))
		214	return 0;
204	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);	215	CRYPTO_add(&cert->references, 1, CRYPTO_LOCK_X509);
205	return 1;	216	return 1;
206	}	217	}
207		218
208	int OCSP_basic_sign(OCSP_BASICRESP *brsp,	219	int
209	X509 signer, EVP_PKEY key, const EVP_MD *dgst,	220	OCSP_basic_sign(OCSP_BASICRESP brsp, X509 signer, EVP_PKEY *key,
210	STACK_OF(X509) *certs, unsigned long flags)	221	const EVP_MD dgst, STACK_OF(X509) certs, unsigned long flags)
211	{	222	{
212	int i;	223	int i;
213	OCSP_RESPID *rid;	224	OCSP_RESPID *rid;
214		225
215	if (!X509_check_private_key(signer, key))	226	if (!X509_check_private_key(signer, key)) {
216	{	227	OCSPerr(OCSP_F_OCSP_BASIC_SIGN,
217	OCSPerr(OCSP_F_OCSP_BASIC_SIGN, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);	228	OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
218	goto err;	229	goto err;
219	}	230	}
220		231
221	if(!(flags & OCSP_NOCERTS))	232	if (!(flags & OCSP_NOCERTS)) {
222	{	233	if (!OCSP_basic_add1_cert(brsp, signer))
223	if(!OCSP_basic_add1_cert(brsp, signer))
224	goto err;	234	goto err;
225	for (i = 0; i < sk_X509_num(certs); i++)	235	for (i = 0; i < sk_X509_num(certs); i++) {
226	{
227	X509 *tmpcert = sk_X509_value(certs, i);	236	X509 *tmpcert = sk_X509_value(certs, i);
228	if(!OCSP_basic_add1_cert(brsp, tmpcert))	237	if (!OCSP_basic_add1_cert(brsp, tmpcert))
229	goto err;	238	goto err;
230	}
231	}	239	}
		240	}
232		241
233	rid = brsp->tbsResponseData->responderId;	242	rid = brsp->tbsResponseData->responderId;
234	if (flags & OCSP_RESPID_KEY)	243	if (flags & OCSP_RESPID_KEY) {
235	{
236	unsigned char md[SHA_DIGEST_LENGTH];	244	unsigned char md[SHA_DIGEST_LENGTH];
		245
237	X509_pubkey_digest(signer, EVP_sha1(), md, NULL);	246	X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
238	if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))	247	if (!(rid->value.byKey = ASN1_OCTET_STRING_new()))
239	goto err;	248	goto err;
240	if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH)))	249	if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md,
241	goto err;	250	SHA_DIGEST_LENGTH)))
		251	goto err;
242	rid->type = V_OCSP_RESPID_KEY;	252	rid->type = V_OCSP_RESPID_KEY;
243	}	253	} else {
244	else
245	{
246	if (!X509_NAME_set(&rid->value.byName,	254	if (!X509_NAME_set(&rid->value.byName,
247	X509_get_subject_name(signer)))	255	X509_get_subject_name(signer)))
248	goto err;	256	goto err;
249	rid->type = V_OCSP_RESPID_NAME;	257	rid->type = V_OCSP_RESPID_NAME;
250	}	258	}
251		259
252	if (!(flags & OCSP_NOTIME) &&	260	if (!(flags & OCSP_NOTIME) &&
253	!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))	261	!X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
254	goto err;	262	goto err;
255		263
256	/* Right now, I think that not doing double hashing is the right	264	/* Right now, I think that not doing double hashing is the right
257	thing. -- Richard Levitte */	265	thing. -- Richard Levitte */
258		266
259	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0)) goto err;	267	if (!OCSP_BASICRESP_sign(brsp, key, dgst, 0))
		268	goto err;
260		269
261	return 1;	270	return 1;
262	err:	271	err:
263	return 0;	272	return 0;
264	}	273	}