From: Dr. Stephen Henson <steve@openssl.org>
Date: Thu, 20 Dec 2012 19:01:55 +0000 (+0000)
Subject: revert, missing commit message
X-Git-Tag: OpenSSL_1_0_2-beta1~533
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=67e217c84cde3d157e5ca2b53e6b277887220e3f;p=oweals%2Fopenssl.git

revert, missing commit message
---

diff --git a/apps/ocsp.c b/apps/ocsp.c
index 7289bde2d0..0b037a3b79 100644
--- a/apps/ocsp.c
+++ b/apps/ocsp.c
@@ -69,7 +69,6 @@
 #include <string.h>
 #include <time.h>
 #include "apps.h" /* needs to be included before the openssl headers! */
-#include "s_apps.h"
 #include <openssl/e_os2.h>
 #include <openssl/crypto.h>
 #include <openssl/err.h>
@@ -106,9 +105,9 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 			      long maxage);
 
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
-			X509 *ca, X509 *rcert, EVP_PKEY *rkey, const EVP_MD *md,
+			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
-			int nmin, int ndays, int badsig);
+			int nmin, int ndays);
 
 static char **lookup_serial(CA_DB *db, ASN1_INTEGER *ser);
 static BIO *init_responder(char *port);
@@ -149,14 +148,12 @@ int MAIN(int argc, char **argv)
 	long nsec = MAX_VALIDITY_PERIOD, maxage = -1;
 	char *CAfile = NULL, *CApath = NULL;
 	X509_STORE *store = NULL;
-	X509_VERIFY_PARAM *vpm = NULL;
 	STACK_OF(X509) *sign_other = NULL, *verify_other = NULL, *rother = NULL;
 	char *sign_certfile = NULL, *verify_certfile = NULL, *rcertfile = NULL;
 	unsigned long sign_flags = 0, verify_flags = 0, rflags = 0;
 	int ret = 1;
 	int accept_count = -1;
 	int badarg = 0;
-	int badsig = 0;
 	int i;
 	int ignore_err = 0;
 	STACK_OF(OPENSSL_STRING) *reqnames = NULL;
@@ -167,7 +164,7 @@ int MAIN(int argc, char **argv)
 	char *rca_filename = NULL;
 	CA_DB *rdb = NULL;
 	int nmin = 0, ndays = -1;
-	const EVP_MD *cert_id_md = NULL, *rsign_md = NULL;
+	const EVP_MD *cert_id_md = NULL;
 
 	if (bio_err == NULL) bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
 
@@ -274,8 +271,6 @@ int MAIN(int argc, char **argv)
 			verify_flags |= OCSP_TRUSTOTHER;
 		else if (!strcmp(*args, "-no_intern"))
 			verify_flags |= OCSP_NOINTERN;
-		else if (!strcmp(*args, "-badsig"))
-			badsig = 1;
 		else if (!strcmp(*args, "-text"))
 			{
 			req_text = 1;
@@ -358,12 +353,6 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
-		else if (args_verify(&args, NULL, &badarg, bio_err, &vpm))
-			{
-			if (badarg)
-				goto end;
-			continue;
-			}
 		else if (!strcmp (*args, "-validity_period"))
 			{
 			if (args[1])
@@ -569,17 +558,6 @@ int MAIN(int argc, char **argv)
 				}
 			else badarg = 1;
 			}
-		else if (!strcmp(*args, "-rmd"))
-			{
-			if (args[1])
-				{
-				args++;
-				rsign_md = EVP_get_digestbyname(*args);
-				if (!rsign_md)
-					badarg = 1;
-				}
-			else badarg = 1;
-			}
 		else if ((cert_id_md = EVP_get_digestbyname((*args)+1))==NULL)
 			{
 			badarg = 1;
@@ -656,10 +634,7 @@ int MAIN(int argc, char **argv)
 
 	if (!req && reqin)
 		{
-		if (!strcmp(reqin, "-"))
-			derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
-		else
-			derbio = BIO_new_file(reqin, "rb");
+		derbio = BIO_new_file(reqin, "rb");
 		if (!derbio)
 			{
 			BIO_printf(bio_err, "Error Opening OCSP request file\n");
@@ -761,10 +736,7 @@ int MAIN(int argc, char **argv)
 
 	if (reqout)
 		{
-		if (!strcmp(reqout, "-"))
-			derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
-		else
-			derbio = BIO_new_file(reqout, "wb");
+		derbio = BIO_new_file(reqout, "wb");
 		if(!derbio)
 			{
 			BIO_printf(bio_err, "Error opening file %s\n", reqout);
@@ -789,7 +761,7 @@ int MAIN(int argc, char **argv)
 
 	if (rdb)
 		{
-		i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey,rsign_md, rother, rflags, nmin, ndays, badsig);
+		i = make_ocsp_response(&resp, req, rdb, rca_cert, rsigner, rkey, rother, rflags, nmin, ndays);
 		if (cbio)
 			send_ocsp_response(cbio, resp);
 		}
@@ -807,10 +779,7 @@ int MAIN(int argc, char **argv)
 		}
 	else if (respin)
 		{
-		if (!strcmp(respin, "-"))
-			derbio = BIO_new_fp(stdin, BIO_NOCLOSE);
-		else
-			derbio = BIO_new_file(respin, "rb");
+		derbio = BIO_new_file(respin, "rb");
 		if (!derbio)
 			{
 			BIO_printf(bio_err, "Error Opening OCSP response file\n");
@@ -835,10 +804,7 @@ int MAIN(int argc, char **argv)
 
 	if (respout)
 		{
-		if (!strcmp(respout, "-"))
-			derbio = BIO_new_fp(stdout, BIO_NOCLOSE);
-		else
-			derbio = BIO_new_file(respout, "wb");
+		derbio = BIO_new_file(respout, "wb");
 		if(!derbio)
 			{
 			BIO_printf(bio_err, "Error opening file %s\n", respout);
@@ -891,8 +857,6 @@ int MAIN(int argc, char **argv)
 		store = setup_verify(bio_err, CAfile, CApath);
 	if (!store)
 		goto end;
-	if (vpm)
-		X509_STORE_set1_param(store, vpm);
 	if (verify_certfile)
 		{
 		verify_other = load_certs(bio_err, verify_certfile, FORMAT_PEM,
@@ -943,8 +907,6 @@ end:
 	ERR_print_errors(bio_err);
 	X509_free(signer);
 	X509_STORE_free(store);
-	if (vpm)
-		X509_VERIFY_PARAM_free(vpm);
 	EVP_PKEY_free(key);
 	EVP_PKEY_free(rkey);
 	X509_free(issuer);
@@ -1095,10 +1057,9 @@ static int print_ocsp_summary(BIO *out, OCSP_BASICRESP *bs, OCSP_REQUEST *req,
 
 
 static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db,
-			X509 *ca, X509 *rcert,
-			EVP_PKEY *rkey, const EVP_MD *rmd,
+			X509 *ca, X509 *rcert, EVP_PKEY *rkey,
 			STACK_OF(X509) *rother, unsigned long flags,
-			int nmin, int ndays, int badsig)
+			int nmin, int ndays)
 	{
 	ASN1_TIME *thisupd = NULL, *nextupd = NULL;
 	OCSP_CERTID *cid, *ca_id = NULL;
@@ -1187,10 +1148,7 @@ static int make_ocsp_response(OCSP_RESPONSE **resp, OCSP_REQUEST *req, CA_DB *db
 
 	OCSP_copy_nonce(bs, req);
 	
-	OCSP_basic_sign(bs, rcert, rkey, rmd, rother, flags);
-
-	if (badsig)
-		bs->signature->data[bs->signature->length -1] ^= 0x1;
+	OCSP_basic_sign(bs, rcert, rkey, NULL, rother, flags);
 
 	*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);