From af170194a88d6127d447bea826845c23ca192727 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Wed, 7 Oct 2015 14:42:34 +0100 Subject: [PATCH] embed OCSP_CERTID Reviewed-by: Rich Salz --- crypto/ocsp/ocsp_asn.c | 6 +++--- crypto/ocsp/ocsp_lcl.h | 6 +++--- crypto/ocsp/ocsp_lib.c | 13 ++++++------- crypto/ocsp/ocsp_prn.c | 6 +++--- crypto/ocsp/ocsp_srv.c | 6 +++--- crypto/ocsp/ocsp_vfy.c | 8 ++++---- 6 files changed, 22 insertions(+), 23 deletions(-) diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c index c3f939531a..00be995ba6 100644 --- a/crypto/ocsp/ocsp_asn.c +++ b/crypto/ocsp/ocsp_asn.c @@ -71,9 +71,9 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE) ASN1_SEQUENCE(OCSP_CERTID) = { ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR), - ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), - ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), - ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER) + ASN1_EMBED(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING), + ASN1_EMBED(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING), + ASN1_EMBED(OCSP_CERTID, serialNumber, ASN1_INTEGER) } ASN1_SEQUENCE_END(OCSP_CERTID) IMPLEMENT_ASN1_FUNCTIONS(OCSP_CERTID) diff --git a/crypto/ocsp/ocsp_lcl.h b/crypto/ocsp/ocsp_lcl.h index 8e6e5e840f..c60d956099 100644 --- a/crypto/ocsp/ocsp_lcl.h +++ b/crypto/ocsp/ocsp_lcl.h @@ -72,9 +72,9 @@ */ struct ocsp_cert_id_st { X509_ALGOR hashAlgorithm; - ASN1_OCTET_STRING *issuerNameHash; - ASN1_OCTET_STRING *issuerKeyHash; - ASN1_INTEGER *serialNumber; + ASN1_OCTET_STRING issuerNameHash; + ASN1_OCTET_STRING issuerKeyHash; + ASN1_INTEGER serialNumber; }; /*- Request ::= SEQUENCE { diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c index f8dd6107ff..012019473e 100644 --- a/crypto/ocsp/ocsp_lib.c +++ b/crypto/ocsp/ocsp_lib.c @@ -123,19 +123,18 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, if (!X509_NAME_digest(issuerName, dgst, md, &i)) goto digerr; - if (!(ASN1_OCTET_STRING_set(cid->issuerNameHash, md, i))) + if (!(ASN1_OCTET_STRING_set(&cid->issuerNameHash, md, i))) goto err; /* Calculate the issuerKey hash, excluding tag and length */ if (!EVP_Digest(issuerKey->data, issuerKey->length, md, &i, dgst, NULL)) goto err; - if (!(ASN1_OCTET_STRING_set(cid->issuerKeyHash, md, i))) + if (!(ASN1_OCTET_STRING_set(&cid->issuerKeyHash, md, i))) goto err; if (serialNumber) { - ASN1_INTEGER_free(cid->serialNumber); - if ((cid->serialNumber = ASN1_INTEGER_dup(serialNumber)) == NULL) + if (ASN1_STRING_copy(&cid->serialNumber, serialNumber) == 0) goto err; } return cid; @@ -152,10 +151,10 @@ int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b) ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm); if (ret) return ret; - ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash); + ret = ASN1_OCTET_STRING_cmp(&a->issuerNameHash, &b->issuerNameHash); if (ret) return ret; - return ASN1_OCTET_STRING_cmp(a->issuerKeyHash, b->issuerKeyHash); + return ASN1_OCTET_STRING_cmp(&a->issuerKeyHash, &b->issuerKeyHash); } int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) @@ -164,7 +163,7 @@ int OCSP_id_cmp(OCSP_CERTID *a, OCSP_CERTID *b) ret = OCSP_id_issuer_cmp(a, b); if (ret) return ret; - return ASN1_INTEGER_cmp(a->serialNumber, b->serialNumber); + return ASN1_INTEGER_cmp(&a->serialNumber, &b->serialNumber); } /* diff --git a/crypto/ocsp/ocsp_prn.c b/crypto/ocsp/ocsp_prn.c index f0b44ce748..70b6904e9b 100644 --- a/crypto/ocsp/ocsp_prn.c +++ b/crypto/ocsp/ocsp_prn.c @@ -77,11 +77,11 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent) BIO_printf(bp, "%*sHash Algorithm: ", indent, ""); i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm); BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, ""); - i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING); + i2a_ASN1_STRING(bp, &a->issuerNameHash, V_ASN1_OCTET_STRING); BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, ""); - i2a_ASN1_STRING(bp, a->issuerKeyHash, V_ASN1_OCTET_STRING); + i2a_ASN1_STRING(bp, &a->issuerKeyHash, V_ASN1_OCTET_STRING); BIO_printf(bp, "\n%*sSerial Number: ", indent, ""); - i2a_ASN1_INTEGER(bp, a->serialNumber); + i2a_ASN1_INTEGER(bp, &a->serialNumber); BIO_printf(bp, "\n"); return 1; } diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 02800705f3..8f196c81ff 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -96,11 +96,11 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd, if (pmd) *pmd = cid->hashAlgorithm.algorithm; if (piNameHash) - *piNameHash = cid->issuerNameHash; + *piNameHash = &cid->issuerNameHash; if (pikeyHash) - *pikeyHash = cid->issuerKeyHash; + *pikeyHash = &cid->issuerKeyHash; if (pserial) - *pserial = cid->serialNumber; + *pserial = &cid->serialNumber; return 1; } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 4fb00df323..629ebf0e29 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -324,16 +324,16 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid, mdlen = EVP_MD_size(dgst); if (mdlen < 0) return -1; - if ((cid->issuerNameHash->length != mdlen) || - (cid->issuerKeyHash->length != mdlen)) + if ((cid->issuerNameHash.length != mdlen) || + (cid->issuerKeyHash.length != mdlen)) return 0; iname = X509_get_subject_name(cert); if (!X509_NAME_digest(iname, dgst, md, NULL)) return -1; - if (memcmp(md, cid->issuerNameHash->data, mdlen)) + if (memcmp(md, cid->issuerNameHash.data, mdlen)) return 0; X509_pubkey_digest(cert, dgst, md, NULL); - if (memcmp(md, cid->issuerKeyHash->data, mdlen)) + if (memcmp(md, cid->issuerKeyHash.data, mdlen)) return 0; return 1; -- 2.25.1