#include "ocsp_lcl.h"
ASN1_SEQUENCE(OCSP_SIGNATURE) = {
- ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+ ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_SIGNATURE)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
ASN1_SEQUENCE(OCSP_CERTID) = {
- ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+ ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
ASN1_SEQUENCE(OCSP_REQUEST) = {
- ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+ ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
} ASN1_SEQUENCE_END(OCSP_REQUEST)
ASN1_SEQUENCE(OCSP_RESPDATA) = {
ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
- ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+ ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
ASN1_SEQUENCE(OCSP_BASICRESP) = {
- ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
- ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+ ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+ ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
} ASN1_SEQUENCE_END(OCSP_BASICRESP)
goto err;
OCSP_CERTID_free(one->reqCert);
one->reqCert = cid;
- if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+ if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
goto err;
return one;
err:
return 0;
}
gen->type = GEN_DIRNAME;
- GENERAL_NAME_free(req->tbsRequest->requestorName);
- req->tbsRequest->requestorName = gen;
+ GENERAL_NAME_free(req->tbsRequest.requestorName);
+ req->tbsRequest.requestorName = gen;
return 1;
}
{
if (!bs)
return -1;
- return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+ return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
}
/* Extract an OCSP_SINGLERESP response with a given index */
{
if (!bs)
return NULL;
- return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+ return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
}
/* Look single response matching a given certificate ID */
last = 0;
else
last++;
- sresp = bs->tbsResponseData->responses;
+ sresp = bs->tbsResponseData.responses;
for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
single = sk_OCSP_SINGLERESP_value(sresp, i);
if (!OCSP_id_cmp(id, single->certId))
int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
{
- return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+ return (X509v3_get_ext_count(x->tbsRequest.requestExtensions));
}
int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
{
return (X509v3_get_ext_by_NID
- (x->tbsRequest->requestExtensions, nid, lastpos));
+ (x->tbsRequest.requestExtensions, nid, lastpos));
}
int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
int lastpos)
{
return (X509v3_get_ext_by_OBJ
- (x->tbsRequest->requestExtensions, obj, lastpos));
+ (x->tbsRequest.requestExtensions, obj, lastpos));
}
int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
{
return (X509v3_get_ext_by_critical
- (x->tbsRequest->requestExtensions, crit, lastpos));
+ (x->tbsRequest.requestExtensions, crit, lastpos));
}
X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
{
- return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+ return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc));
}
X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
{
- return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+ return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc));
}
void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
{
- return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+ return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
}
int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
unsigned long flags)
{
- return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+ return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
crit, flags);
}
int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
{
- return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+ return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
NULL);
}
int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
{
- return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+ return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions));
}
int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
{
return (X509v3_get_ext_by_NID
- (x->tbsResponseData->responseExtensions, nid, lastpos));
+ (x->tbsResponseData.responseExtensions, nid, lastpos));
}
int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
int lastpos)
{
return (X509v3_get_ext_by_OBJ
- (x->tbsResponseData->responseExtensions, obj, lastpos));
+ (x->tbsResponseData.responseExtensions, obj, lastpos));
}
int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
int lastpos)
{
return (X509v3_get_ext_by_critical
- (x->tbsResponseData->responseExtensions, crit, lastpos));
+ (x->tbsResponseData.responseExtensions, crit, lastpos));
}
X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
{
- return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+ return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc));
}
X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
{
- return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+ return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc));
}
void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
int *idx)
{
- return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+ return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
idx);
}
int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
int crit, unsigned long flags)
{
- return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+ return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
value, crit, flags);
}
int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
{
- return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+ return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
!= NULL);
}
int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
{
- return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+ return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
}
/* Same as above but for a response */
int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
{
- return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+ return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
len);
}
* serialNumber CertificateSerialNumber }
*/
struct ocsp_cert_id_st {
- X509_ALGOR *hashAlgorithm;
+ X509_ALGOR hashAlgorithm;
ASN1_OCTET_STRING *issuerNameHash;
ASN1_OCTET_STRING *issuerKeyHash;
ASN1_INTEGER *serialNumber;
* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
*/
struct ocsp_signature_st {
- X509_ALGOR *signatureAlgorithm;
+ X509_ALGOR signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
};
* optionalSignature [0] EXPLICIT Signature OPTIONAL }
*/
struct ocsp_request_st {
- OCSP_REQINFO *tbsRequest;
+ OCSP_REQINFO tbsRequest;
OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
};
*/
struct ocsp_response_data_st {
ASN1_INTEGER *version;
- OCSP_RESPID *responderId;
+ OCSP_RESPID responderId;
ASN1_GENERALIZEDTIME *producedAt;
STACK_OF(OCSP_SINGLERESP) *responses;
STACK_OF(X509_EXTENSION) *responseExtensions;
* and CeloCom
*/
struct ocsp_basic_response_st {
- OCSP_RESPDATA *tbsResponseData;
- X509_ALGOR *signatureAlgorithm;
+ OCSP_RESPDATA tbsResponseData;
+ X509_ALGOR signatureAlgorithm;
ASN1_BIT_STRING *signature;
STACK_OF(X509) *certs;
};
if ((cid = OCSP_CERTID_new()) == NULL)
goto err;
- alg = cid->hashAlgorithm;
+ alg = &cid->hashAlgorithm;
ASN1_OBJECT_free(alg->algorithm);
if ((nid = EVP_MD_type(dgst)) == NID_undef) {
OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
{
int ret;
- ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+ ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
if (ret)
return ret;
ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
indent += 2;
BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
- i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+ i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
long l;
OCSP_CERTID *cid = NULL;
OCSP_ONEREQ *one = NULL;
- OCSP_REQINFO *inf = o->tbsRequest;
+ OCSP_REQINFO *inf = &o->tbsRequest;
OCSP_SIGNATURE *sig = o->optionalSignature;
if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
inf->requestExtensions, flags, 4))
goto err;
if (sig) {
- X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+ X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
for (i = 0; i < sk_X509_num(sig->certs); i++) {
X509_print(bp, sk_X509_value(sig->certs, i));
PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
i = ASN1_STRING_length(rb->response);
if ((br = OCSP_response_get1_basic(o)) == NULL)
goto err;
- rd = br->tbsResponseData;
+ rd = &br->tbsResponseData;
l = ASN1_INTEGER_get(rd->version);
if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0)
goto err;
if (BIO_puts(bp, " Responder Id: ") <= 0)
goto err;
- rid = rd->responderId;
+ rid = &rd->responderId;
switch (rid->type) {
case V_OCSP_RESPID_NAME:
X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
if (!X509V3_extensions_print(bp, "Response Extensions",
rd->responseExtensions, flags, 4))
goto err;
- if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+ if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
goto err;
for (i = 0; i < sk_X509_num(br->certs); i++) {
int OCSP_request_onereq_count(OCSP_REQUEST *req)
{
- return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+ return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
}
OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
{
- return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+ return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
}
OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
if (!cid)
return 0;
if (pmd)
- *pmd = cid->hashAlgorithm->algorithm;
+ *pmd = cid->hashAlgorithm.algorithm;
if (piNameHash)
*piNameHash = cid->issuerNameHash;
if (pikeyHash)
OCSP_CERTSTATUS *cs;
OCSP_REVOKEDINFO *ri;
- if (rsp->tbsResponseData->responses == NULL
- && (rsp->tbsResponseData->responses
+ if (rsp->tbsResponseData.responses == NULL
+ && (rsp->tbsResponseData.responses
= sk_OCSP_SINGLERESP_new_null()) == NULL)
goto err;
goto err;
}
- if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+ if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
goto err;
return single;
err:
}
}
- rid = brsp->tbsResponseData->responderId;
+ rid = &brsp->tbsResponseData.responderId;
if (flags & OCSP_RESPID_KEY) {
unsigned char md[SHA_DIGEST_LENGTH];
X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
}
if (!(flags & OCSP_NOTIME) &&
- !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+ !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
goto err;
/*
unsigned long flags)
{
X509 *signer;
- OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+ OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
if ((signer = ocsp_find_signer_sk(certs, rid))) {
*psigner = signer;
return 2;
X509 *signer, *sca;
OCSP_CERTID *caid = NULL;
int i;
- sresp = bs->tbsResponseData->responses;
+ sresp = bs->tbsResponseData.responses;
if (sk_X509_num(chain) <= 0) {
OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
/* Check to see if IDs match */
if (OCSP_id_issuer_cmp(cid, tmpid)) {
/* If algoritm mismatch let caller deal with it */
- if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
- cid->hashAlgorithm->algorithm))
+ if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+ cid->hashAlgorithm.algorithm))
return 2;
/* Else mismatch */
return 0;
X509_NAME *iname;
int mdlen;
unsigned char md[EVP_MAX_MD_SIZE];
- if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))
+ if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
== NULL) {
OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
OCSP_R_UNKNOWN_MESSAGE_DIGEST);
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
return 0;
}
- gen = req->tbsRequest->requestorName;
+ gen = req->tbsRequest.requestorName;
if (!gen || gen->type != GEN_DIRNAME) {
OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
# define OCSP_REQUEST_sign(o,pkey,md) \
ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
- o->optionalSignature->signatureAlgorithm,NULL,\
- o->optionalSignature->signature,o->tbsRequest,pkey,md)
+ &o->optionalSignature->signatureAlgorithm,NULL,\
+ o->optionalSignature->signature,&o->tbsRequest,pkey,md)
# define OCSP_BASICRESP_sign(o,pkey,md,d) \
- ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
- o->signature,o->tbsResponseData,pkey,md)
+ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
+ o->signature,&o->tbsResponseData,pkey,md)
# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
- a->optionalSignature->signatureAlgorithm,\
- a->optionalSignature->signature,a->tbsRequest,r)
+ &a->optionalSignature->signatureAlgorithm,\
+ a->optionalSignature->signature,&a->tbsRequest,r)
# define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
- a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+ &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
# define ASN1_BIT_STRING_digest(data,type,md,len) \
ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)