From a332635ea0ec7dab14d550c2f151bb4ea8c64f78 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Tue, 6 Oct 2015 23:04:08 +0100 Subject: [PATCH] Embed various OCSP fields. Reviewed-by: Rich Salz --- crypto/ocsp/ocsp_asn.c | 12 ++++++------ crypto/ocsp/ocsp_cl.c | 12 ++++++------ crypto/ocsp/ocsp_ext.c | 40 ++++++++++++++++++++-------------------- crypto/ocsp/ocsp_lcl.h | 12 ++++++------ crypto/ocsp/ocsp_lib.c | 4 ++-- crypto/ocsp/ocsp_prn.c | 12 ++++++------ crypto/ocsp/ocsp_srv.c | 16 ++++++++-------- crypto/ocsp/ocsp_vfy.c | 12 ++++++------ include/openssl/ocsp.h | 14 +++++++------- 9 files changed, 67 insertions(+), 67 deletions(-) diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index c3362f0b97..c3f939531a 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -62,7 +62,7 @@ #include "ocsp_lcl.h" ASN1_SEQUENCE(OCSP_SIGNATURE) = { - ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), + ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR), ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING), ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_SIGNATURE) @@ -70,7 +70,7 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) ASN1_SEQUENCE(OCSP_CERTID) = { - ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR), + ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) @@ -95,7 +95,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO) ASN1_SEQUENCE(OCSP_REQUEST) = { - ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), + ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO), ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0) } ASN1_SEQUENCE_END(OCSP_REQUEST) @@ -151,7 +151,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP) ASN1_SEQUENCE(OCSP_RESPDATA) = { ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0), - ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID), + ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID), ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME), ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP), ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1) @@ -160,8 +160,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = { IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA) ASN1_SEQUENCE(OCSP_BASICRESP) = { - ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), - ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), + ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA), + ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR), ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING), ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0) } ASN1_SEQUENCE_END(OCSP_BASICRESP) diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index 8143389873..2b771460e8 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -93,7 +93,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid) goto err; OCSP_CERTID_free(one->reqCert); one->reqCert = cid; - if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)) + if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one)) goto err; return one; err: @@ -115,8 +115,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm) return 0; } gen->type = GEN_DIRNAME; - GENERAL_NAME_free(req->tbsRequest->requestorName); - req->tbsRequest->requestorName = gen; + GENERAL_NAME_free(req->tbsRequest.requestorName); + req->tbsRequest.requestorName = gen; return 1; } @@ -230,7 +230,7 @@ int OCSP_resp_count(OCSP_BASICRESP *bs) { if (!bs) return -1; - return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses); + return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses); } /* Extract an OCSP_SINGLERESP response with a given index */ @@ -239,7 +239,7 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) { if (!bs) return NULL; - return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); + return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx); } /* Look single response matching a given certificate ID */ @@ -255,7 +255,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) last = 0; else last++; - sresp = bs->tbsResponseData->responses; + sresp = bs->tbsResponseData.responses; for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) { single = sk_OCSP_SINGLERESP_value(sresp, i); if (!OCSP_id_cmp(id, single->certId)) diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 95c61e66e5..f9553f0b61 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -79,53 +79,53 @@ int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x) { - return (X509v3_get_ext_count(x->tbsRequest->requestExtensions)); + return (X509v3_get_ext_count(x->tbsRequest.requestExtensions)); } int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID - (x->tbsRequest->requestExtensions, nid, lastpos)); + (x->tbsRequest.requestExtensions, nid, lastpos)); } int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ - (x->tbsRequest->requestExtensions, obj, lastpos)); + (x->tbsRequest.requestExtensions, obj, lastpos)); } int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical - (x->tbsRequest->requestExtensions, crit, lastpos)); + (x->tbsRequest.requestExtensions, crit, lastpos)); } X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc) { - return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc)); + return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc)); } X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc) { - return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc)); + return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc)); } void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx) { - return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx); + return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx); } int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit, unsigned long flags) { - return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value, + return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value, crit, flags); } int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc) { - return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) != + return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) != NULL); } @@ -183,56 +183,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc) int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x) { - return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions)); + return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions)); } int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos) { return (X509v3_get_ext_by_NID - (x->tbsResponseData->responseExtensions, nid, lastpos)); + (x->tbsResponseData.responseExtensions, nid, lastpos)); } int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj, int lastpos) { return (X509v3_get_ext_by_OBJ - (x->tbsResponseData->responseExtensions, obj, lastpos)); + (x->tbsResponseData.responseExtensions, obj, lastpos)); } int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit, int lastpos) { return (X509v3_get_ext_by_critical - (x->tbsResponseData->responseExtensions, crit, lastpos)); + (x->tbsResponseData.responseExtensions, crit, lastpos)); } X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc) { - return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc)); + return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc)); } X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc) { - return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc)); + return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc)); } void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit, int *idx) { - return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit, + return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit, idx); } int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value, int crit, unsigned long flags) { - return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid, + return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid, value, crit, flags); } int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc) { - return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc) + return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc) != NULL); } @@ -334,14 +334,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts, int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) { - return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len); + return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len); } /* Same as above but for a response */ int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len) { - return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val, + return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val, len); } diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h index 86fb0b99b4..8e6e5e840f 100644 --- a/crypto/ocsp/ocsp_lcl.h +++ b/crypto/ocsp/ocsp_lcl.h @@ -71,7 +71,7 @@ * serialNumber CertificateSerialNumber } */ struct ocsp_cert_id_st { - X509_ALGOR *hashAlgorithm; + X509_ALGOR hashAlgorithm; ASN1_OCTET_STRING *issuerNameHash; ASN1_OCTET_STRING *issuerKeyHash; ASN1_INTEGER *serialNumber; @@ -105,7 +105,7 @@ struct ocsp_req_info_st { * certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */ struct ocsp_signature_st { - X509_ALGOR *signatureAlgorithm; + X509_ALGOR signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; }; @@ -115,7 +115,7 @@ struct ocsp_signature_st { * optionalSignature [0] EXPLICIT Signature OPTIONAL } */ struct ocsp_request_st { - OCSP_REQINFO *tbsRequest; + OCSP_REQINFO tbsRequest; OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */ }; @@ -211,7 +211,7 @@ struct ocsp_single_response_st { */ struct ocsp_response_data_st { ASN1_INTEGER *version; - OCSP_RESPID *responderId; + OCSP_RESPID responderId; ASN1_GENERALIZEDTIME *producedAt; STACK_OF(OCSP_SINGLERESP) *responses; STACK_OF(X509_EXTENSION) *responseExtensions; @@ -244,8 +244,8 @@ struct ocsp_response_data_st { * and CeloCom */ struct ocsp_basic_response_st { - OCSP_RESPDATA *tbsResponseData; - X509_ALGOR *signatureAlgorithm; + OCSP_RESPDATA tbsResponseData; + X509_ALGOR signatureAlgorithm; ASN1_BIT_STRING *signature; STACK_OF(X509) *certs; }; diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index aa0723c9ab..f8dd6107ff 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -109,7 +109,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, if ((cid = OCSP_CERTID_new()) == NULL) goto err; - alg = cid->hashAlgorithm; + alg = &cid->hashAlgorithm; ASN1_OBJECT_free(alg->algorithm); if ((nid = EVP_MD_type(dgst)) == NID_undef) { OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID); @@ -149,7 +149,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) { int ret; - ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm); + ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); if (ret) return ret; ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index b826292df8..f0b44ce748 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -75,7 +75,7 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) BIO_printf(bp, "%*sCertificate ID:\n", indent, ""); indent += 2; BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); - i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm); + i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); @@ -144,7 +144,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) long l; OCSP_CERTID *cid = NULL; OCSP_ONEREQ *one = NULL; - OCSP_REQINFO *inf = o->tbsRequest; + OCSP_REQINFO *inf = &o->tbsRequest; OCSP_SIGNATURE *sig = o->optionalSignature; if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0) @@ -172,7 +172,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags) inf->requestExtensions, flags, 4)) goto err; if (sig) { - X509_signature_print(bp, sig->signatureAlgorithm, sig->signature); + X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature); for (i = 0; i < sk_X509_num(sig->certs); i++) { X509_print(bp, sk_X509_value(sig->certs, i)); PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i)); @@ -216,14 +216,14 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) i = ASN1_STRING_length(rb->response); if ((br = OCSP_response_get1_basic(o)) == NULL) goto err; - rd = br->tbsResponseData; + rd = &br->tbsResponseData; l = ASN1_INTEGER_get(rd->version); if (BIO_printf(bp, "\n Version: %lu (0x%lx)\n", l + 1, l) <= 0) goto err; if (BIO_puts(bp, " Responder Id: ") <= 0) goto err; - rid = rd->responderId; + rid = &rd->responderId; switch (rid->type) { case V_OCSP_RESPID_NAME: X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE); @@ -286,7 +286,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags) if (!X509V3_extensions_print(bp, "Response Extensions", rd->responseExtensions, flags, 4)) goto err; - if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0) + if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0) goto err; for (i = 0; i < sk_X509_num(br->certs); i++) { diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 948eff9864..02800705f3 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -74,12 +74,12 @@ int OCSP_request_onereq_count(OCSP_REQUEST *req) { - return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList); + return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList); } OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i) { - return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i); + return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i); } OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one) @@ -94,7 +94,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, if (!cid) return 0; if (pmd) - *pmd = cid->hashAlgorithm->algorithm; + *pmd = cid->hashAlgorithm.algorithm; if (piNameHash) *piNameHash = cid->issuerNameHash; if (pikeyHash) @@ -145,8 +145,8 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, OCSP_CERTSTATUS *cs; OCSP_REVOKEDINFO *ri; - if (rsp->tbsResponseData->responses == NULL - && (rsp->tbsResponseData->responses + if (rsp->tbsResponseData.responses == NULL + && (rsp->tbsResponseData.responses = sk_OCSP_SINGLERESP_new_null()) == NULL) goto err; @@ -195,7 +195,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp, goto err; } - if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single))) + if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single))) goto err; return single; err: @@ -240,7 +240,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, } } - rid = brsp->tbsResponseData->responderId; + rid = &brsp->tbsResponseData.responderId; if (flags & OCSP_RESPID_KEY) { unsigned char md[SHA_DIGEST_LENGTH]; X509_pubkey_digest(signer, EVP_sha1(), md, NULL); @@ -256,7 +256,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, } if (!(flags & OCSP_NOTIME) && - !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0)) + !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0)) goto err; /* diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 9dd3f3a20a..4fb00df323 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -182,7 +182,7 @@ static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, unsigned long flags) { X509 *signer; - OCSP_RESPID *rid = bs->tbsResponseData->responderId; + OCSP_RESPID *rid = &bs->tbsResponseData.responderId; if ((signer = ocsp_find_signer_sk(certs, rid))) { *psigner = signer; return 2; @@ -231,7 +231,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain, X509 *signer, *sca; OCSP_CERTID *caid = NULL; int i; - sresp = bs->tbsResponseData->responses; + sresp = bs->tbsResponseData.responses; if (sk_X509_num(chain) <= 0) { OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN); @@ -292,8 +292,8 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret) /* Check to see if IDs match */ if (OCSP_id_issuer_cmp(cid, tmpid)) { /* If algoritm mismatch let caller deal with it */ - if (OBJ_cmp(tmpid->hashAlgorithm->algorithm, - cid->hashAlgorithm->algorithm)) + if (OBJ_cmp(tmpid->hashAlgorithm.algorithm, + cid->hashAlgorithm.algorithm)) return 2; /* Else mismatch */ return 0; @@ -314,7 +314,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, X509_NAME *iname; int mdlen; unsigned char md[EVP_MAX_MD_SIZE]; - if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm)) + if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm)) == NULL) { OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID, OCSP_R_UNKNOWN_MESSAGE_DIGEST); @@ -380,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs, OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED); return 0; } - gen = req->tbsRequest->requestorName; + gen = req->tbsRequest.requestorName; if (!gen || gen->type != GEN_DIRNAME) { OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE); diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index ab45db4544..79b4c375d5 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -186,19 +186,19 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC; # define OCSP_REQUEST_sign(o,pkey,md) \ ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - o->optionalSignature->signatureAlgorithm,NULL,\ - o->optionalSignature->signature,o->tbsRequest,pkey,md) + &o->optionalSignature->signatureAlgorithm,NULL,\ + o->optionalSignature->signature,&o->tbsRequest,pkey,md) # define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\ - o->signature,o->tbsResponseData,pkey,md) + ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\ + o->signature,&o->tbsResponseData,pkey,md) # define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - a->optionalSignature->signatureAlgorithm,\ - a->optionalSignature->signature,a->tbsRequest,r) + &a->optionalSignature->signatureAlgorithm,\ + a->optionalSignature->signature,&a->tbsRequest,r) # define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - a->signatureAlgorithm,a->signature,a->tbsResponseData,r) + &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r) # define ASN1_BIT_STRING_digest(data,type,md,len) \ ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len) -- 2.25.1