Embed various OCSP fields.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 6 Oct 2015 22:04:08 +0000 (23:04 +0100)
committerDr. Stephen Henson <steve@openssl.org>
Sun, 11 Oct 2015 19:33:57 +0000 (20:33 +0100)
Reviewed-by: Rich Salz <rsalz@openssl.org>
crypto/ocsp/ocsp_asn.c
crypto/ocsp/ocsp_cl.c
crypto/ocsp/ocsp_ext.c
crypto/ocsp/ocsp_lcl.h
crypto/ocsp/ocsp_lib.c
crypto/ocsp/ocsp_prn.c
crypto/ocsp/ocsp_srv.c
crypto/ocsp/ocsp_vfy.c
include/openssl/ocsp.h

index c3362f0..c3f9395 100644 (file)
@@ -62,7 +62,7 @@
 #include "ocsp_lcl.h"
 
 ASN1_SEQUENCE(OCSP_SIGNATURE) = {
-        ASN1_SIMPLE(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_SIGNATURE, signatureAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(OCSP_SIGNATURE, signature, ASN1_BIT_STRING),
         ASN1_EXP_SEQUENCE_OF_OPT(OCSP_SIGNATURE, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_SIGNATURE)
@@ -70,7 +70,7 @@ ASN1_SEQUENCE(OCSP_SIGNATURE) = {
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 
 ASN1_SEQUENCE(OCSP_CERTID) = {
-        ASN1_SIMPLE(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
+        ASN1_EMBED(OCSP_CERTID, hashAlgorithm, X509_ALGOR),
         ASN1_SIMPLE(OCSP_CERTID, issuerNameHash, ASN1_OCTET_STRING),
         ASN1_SIMPLE(OCSP_CERTID, issuerKeyHash, ASN1_OCTET_STRING),
         ASN1_SIMPLE(OCSP_CERTID, serialNumber, ASN1_INTEGER)
@@ -95,7 +95,7 @@ ASN1_SEQUENCE(OCSP_REQINFO) = {
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_REQINFO)
 
 ASN1_SEQUENCE(OCSP_REQUEST) = {
-        ASN1_SIMPLE(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
+        ASN1_EMBED(OCSP_REQUEST, tbsRequest, OCSP_REQINFO),
         ASN1_EXP_OPT(OCSP_REQUEST, optionalSignature, OCSP_SIGNATURE, 0)
 } ASN1_SEQUENCE_END(OCSP_REQUEST)
 
@@ -151,7 +151,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
 
 ASN1_SEQUENCE(OCSP_RESPDATA) = {
            ASN1_EXP_OPT(OCSP_RESPDATA, version, ASN1_INTEGER, 0),
-           ASN1_SIMPLE(OCSP_RESPDATA, responderId, OCSP_RESPID),
+           ASN1_EMBED(OCSP_RESPDATA, responderId, OCSP_RESPID),
            ASN1_SIMPLE(OCSP_RESPDATA, producedAt, ASN1_GENERALIZEDTIME),
            ASN1_SEQUENCE_OF(OCSP_RESPDATA, responses, OCSP_SINGLERESP),
            ASN1_EXP_SEQUENCE_OF_OPT(OCSP_RESPDATA, responseExtensions, X509_EXTENSION, 1)
@@ -160,8 +160,8 @@ ASN1_SEQUENCE(OCSP_RESPDATA) = {
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
 
 ASN1_SEQUENCE(OCSP_BASICRESP) = {
-           ASN1_SIMPLE(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
-           ASN1_SIMPLE(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
+           ASN1_EMBED(OCSP_BASICRESP, tbsResponseData, OCSP_RESPDATA),
+           ASN1_EMBED(OCSP_BASICRESP, signatureAlgorithm, X509_ALGOR),
            ASN1_SIMPLE(OCSP_BASICRESP, signature, ASN1_BIT_STRING),
            ASN1_EXP_SEQUENCE_OF_OPT(OCSP_BASICRESP, certs, X509, 0)
 } ASN1_SEQUENCE_END(OCSP_BASICRESP)
index 8143389..2b77146 100644 (file)
@@ -93,7 +93,7 @@ OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid)
         goto err;
     OCSP_CERTID_free(one->reqCert);
     one->reqCert = cid;
-    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one))
+    if (req && !sk_OCSP_ONEREQ_push(req->tbsRequest.requestList, one))
         goto err;
     return one;
  err:
@@ -115,8 +115,8 @@ int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm)
         return 0;
     }
     gen->type = GEN_DIRNAME;
-    GENERAL_NAME_free(req->tbsRequest->requestorName);
-    req->tbsRequest->requestorName = gen;
+    GENERAL_NAME_free(req->tbsRequest.requestorName);
+    req->tbsRequest.requestorName = gen;
     return 1;
 }
 
@@ -230,7 +230,7 @@ int OCSP_resp_count(OCSP_BASICRESP *bs)
 {
     if (!bs)
         return -1;
-    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses);
+    return sk_OCSP_SINGLERESP_num(bs->tbsResponseData.responses);
 }
 
 /* Extract an OCSP_SINGLERESP response with a given index */
@@ -239,7 +239,7 @@ OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
 {
     if (!bs)
         return NULL;
-    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
+    return sk_OCSP_SINGLERESP_value(bs->tbsResponseData.responses, idx);
 }
 
 /* Look single response matching a given certificate ID */
@@ -255,7 +255,7 @@ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
         last = 0;
     else
         last++;
-    sresp = bs->tbsResponseData->responses;
+    sresp = bs->tbsResponseData.responses;
     for (i = last; i < sk_OCSP_SINGLERESP_num(sresp); i++) {
         single = sk_OCSP_SINGLERESP_value(sresp, i);
         if (!OCSP_id_cmp(id, single->certId))
index 95c61e6..f9553f0 100644 (file)
 
 int OCSP_REQUEST_get_ext_count(OCSP_REQUEST *x)
 {
-    return (X509v3_get_ext_count(x->tbsRequest->requestExtensions));
+    return (X509v3_get_ext_count(x->tbsRequest.requestExtensions));
 }
 
 int OCSP_REQUEST_get_ext_by_NID(OCSP_REQUEST *x, int nid, int lastpos)
 {
     return (X509v3_get_ext_by_NID
-            (x->tbsRequest->requestExtensions, nid, lastpos));
+            (x->tbsRequest.requestExtensions, nid, lastpos));
 }
 
 int OCSP_REQUEST_get_ext_by_OBJ(OCSP_REQUEST *x, ASN1_OBJECT *obj,
                                 int lastpos)
 {
     return (X509v3_get_ext_by_OBJ
-            (x->tbsRequest->requestExtensions, obj, lastpos));
+            (x->tbsRequest.requestExtensions, obj, lastpos));
 }
 
 int OCSP_REQUEST_get_ext_by_critical(OCSP_REQUEST *x, int crit, int lastpos)
 {
     return (X509v3_get_ext_by_critical
-            (x->tbsRequest->requestExtensions, crit, lastpos));
+            (x->tbsRequest.requestExtensions, crit, lastpos));
 }
 
 X509_EXTENSION *OCSP_REQUEST_get_ext(OCSP_REQUEST *x, int loc)
 {
-    return (X509v3_get_ext(x->tbsRequest->requestExtensions, loc));
+    return (X509v3_get_ext(x->tbsRequest.requestExtensions, loc));
 }
 
 X509_EXTENSION *OCSP_REQUEST_delete_ext(OCSP_REQUEST *x, int loc)
 {
-    return (X509v3_delete_ext(x->tbsRequest->requestExtensions, loc));
+    return (X509v3_delete_ext(x->tbsRequest.requestExtensions, loc));
 }
 
 void *OCSP_REQUEST_get1_ext_d2i(OCSP_REQUEST *x, int nid, int *crit, int *idx)
 {
-    return X509V3_get_d2i(x->tbsRequest->requestExtensions, nid, crit, idx);
+    return X509V3_get_d2i(x->tbsRequest.requestExtensions, nid, crit, idx);
 }
 
 int OCSP_REQUEST_add1_ext_i2d(OCSP_REQUEST *x, int nid, void *value, int crit,
                               unsigned long flags)
 {
-    return X509V3_add1_i2d(&x->tbsRequest->requestExtensions, nid, value,
+    return X509V3_add1_i2d(&x->tbsRequest.requestExtensions, nid, value,
                            crit, flags);
 }
 
 int OCSP_REQUEST_add_ext(OCSP_REQUEST *x, X509_EXTENSION *ex, int loc)
 {
-    return (X509v3_add_ext(&(x->tbsRequest->requestExtensions), ex, loc) !=
+    return (X509v3_add_ext(&(x->tbsRequest.requestExtensions), ex, loc) !=
             NULL);
 }
 
@@ -183,56 +183,56 @@ int OCSP_ONEREQ_add_ext(OCSP_ONEREQ *x, X509_EXTENSION *ex, int loc)
 
 int OCSP_BASICRESP_get_ext_count(OCSP_BASICRESP *x)
 {
-    return (X509v3_get_ext_count(x->tbsResponseData->responseExtensions));
+    return (X509v3_get_ext_count(x->tbsResponseData.responseExtensions));
 }
 
 int OCSP_BASICRESP_get_ext_by_NID(OCSP_BASICRESP *x, int nid, int lastpos)
 {
     return (X509v3_get_ext_by_NID
-            (x->tbsResponseData->responseExtensions, nid, lastpos));
+            (x->tbsResponseData.responseExtensions, nid, lastpos));
 }
 
 int OCSP_BASICRESP_get_ext_by_OBJ(OCSP_BASICRESP *x, ASN1_OBJECT *obj,
                                   int lastpos)
 {
     return (X509v3_get_ext_by_OBJ
-            (x->tbsResponseData->responseExtensions, obj, lastpos));
+            (x->tbsResponseData.responseExtensions, obj, lastpos));
 }
 
 int OCSP_BASICRESP_get_ext_by_critical(OCSP_BASICRESP *x, int crit,
                                        int lastpos)
 {
     return (X509v3_get_ext_by_critical
-            (x->tbsResponseData->responseExtensions, crit, lastpos));
+            (x->tbsResponseData.responseExtensions, crit, lastpos));
 }
 
 X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *x, int loc)
 {
-    return (X509v3_get_ext(x->tbsResponseData->responseExtensions, loc));
+    return (X509v3_get_ext(x->tbsResponseData.responseExtensions, loc));
 }
 
 X509_EXTENSION *OCSP_BASICRESP_delete_ext(OCSP_BASICRESP *x, int loc)
 {
-    return (X509v3_delete_ext(x->tbsResponseData->responseExtensions, loc));
+    return (X509v3_delete_ext(x->tbsResponseData.responseExtensions, loc));
 }
 
 void *OCSP_BASICRESP_get1_ext_d2i(OCSP_BASICRESP *x, int nid, int *crit,
                                   int *idx)
 {
-    return X509V3_get_d2i(x->tbsResponseData->responseExtensions, nid, crit,
+    return X509V3_get_d2i(x->tbsResponseData.responseExtensions, nid, crit,
                           idx);
 }
 
 int OCSP_BASICRESP_add1_ext_i2d(OCSP_BASICRESP *x, int nid, void *value,
                                 int crit, unsigned long flags)
 {
-    return X509V3_add1_i2d(&x->tbsResponseData->responseExtensions, nid,
+    return X509V3_add1_i2d(&x->tbsResponseData.responseExtensions, nid,
                            value, crit, flags);
 }
 
 int OCSP_BASICRESP_add_ext(OCSP_BASICRESP *x, X509_EXTENSION *ex, int loc)
 {
-    return (X509v3_add_ext(&(x->tbsResponseData->responseExtensions), ex, loc)
+    return (X509v3_add_ext(&(x->tbsResponseData.responseExtensions), ex, loc)
             != NULL);
 }
 
@@ -334,14 +334,14 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
 
 int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len)
 {
-    return ocsp_add1_nonce(&req->tbsRequest->requestExtensions, val, len);
+    return ocsp_add1_nonce(&req->tbsRequest.requestExtensions, val, len);
 }
 
 /* Same as above but for a response */
 
 int OCSP_basic_add1_nonce(OCSP_BASICRESP *resp, unsigned char *val, int len)
 {
-    return ocsp_add1_nonce(&resp->tbsResponseData->responseExtensions, val,
+    return ocsp_add1_nonce(&resp->tbsResponseData.responseExtensions, val,
                            len);
 }
 
index 86fb0b9..8e6e5e8 100644 (file)
@@ -71,7 +71,7 @@
  *       serialNumber       CertificateSerialNumber }
  */
 struct ocsp_cert_id_st {
-    X509_ALGOR *hashAlgorithm;
+    X509_ALGOR hashAlgorithm;
     ASN1_OCTET_STRING *issuerNameHash;
     ASN1_OCTET_STRING *issuerKeyHash;
     ASN1_INTEGER *serialNumber;
@@ -105,7 +105,7 @@ struct ocsp_req_info_st {
  *       certs                [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
  */
 struct ocsp_signature_st {
-    X509_ALGOR *signatureAlgorithm;
+    X509_ALGOR signatureAlgorithm;
     ASN1_BIT_STRING *signature;
     STACK_OF(X509) *certs;
 };
@@ -115,7 +115,7 @@ struct ocsp_signature_st {
  *       optionalSignature   [0]     EXPLICIT Signature OPTIONAL }
  */
 struct ocsp_request_st {
-    OCSP_REQINFO *tbsRequest;
+    OCSP_REQINFO tbsRequest;
     OCSP_SIGNATURE *optionalSignature; /* OPTIONAL */
 };
 
@@ -211,7 +211,7 @@ struct ocsp_single_response_st {
  */
 struct ocsp_response_data_st {
     ASN1_INTEGER *version;
-    OCSP_RESPID *responderId;
+    OCSP_RESPID responderId;
     ASN1_GENERALIZEDTIME *producedAt;
     STACK_OF(OCSP_SINGLERESP) *responses;
     STACK_OF(X509_EXTENSION) *responseExtensions;
@@ -244,8 +244,8 @@ struct ocsp_response_data_st {
    * and CeloCom
    */
 struct ocsp_basic_response_st {
-    OCSP_RESPDATA *tbsResponseData;
-    X509_ALGOR *signatureAlgorithm;
+    OCSP_RESPDATA tbsResponseData;
+    X509_ALGOR signatureAlgorithm;
     ASN1_BIT_STRING *signature;
     STACK_OF(X509) *certs;
 };
index aa0723c..f8dd610 100644 (file)
@@ -109,7 +109,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
     if ((cid = OCSP_CERTID_new()) == NULL)
         goto err;
 
-    alg = cid->hashAlgorithm;
+    alg = &cid->hashAlgorithm;
     ASN1_OBJECT_free(alg->algorithm);
     if ((nid = EVP_MD_type(dgst)) == NID_undef) {
         OCSPerr(OCSP_F_OCSP_CERT_ID_NEW, OCSP_R_UNKNOWN_NID);
@@ -149,7 +149,7 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 int OCSP_id_issuer_cmp(OCSP_CERTID *a, OCSP_CERTID *b)
 {
     int ret;
-    ret = OBJ_cmp(a->hashAlgorithm->algorithm, b->hashAlgorithm->algorithm);
+    ret = OBJ_cmp(a->hashAlgorithm.algorithm, b->hashAlgorithm.algorithm);
     if (ret)
         return ret;
     ret = ASN1_OCTET_STRING_cmp(a->issuerNameHash, b->issuerNameHash);
index b826292..f0b44ce 100644 (file)
@@ -75,7 +75,7 @@ static int ocsp_certid_print(BIO *bp, OCSP_CERTID *a, int indent)
     BIO_printf(bp, "%*sCertificate ID:\n", indent, "");
     indent += 2;
     BIO_printf(bp, "%*sHash Algorithm: ", indent, "");
-    i2a_ASN1_OBJECT(bp, a->hashAlgorithm->algorithm);
+    i2a_ASN1_OBJECT(bp, a->hashAlgorithm.algorithm);
     BIO_printf(bp, "\n%*sIssuer Name Hash: ", indent, "");
     i2a_ASN1_STRING(bp, a->issuerNameHash, V_ASN1_OCTET_STRING);
     BIO_printf(bp, "\n%*sIssuer Key Hash: ", indent, "");
@@ -144,7 +144,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
     long l;
     OCSP_CERTID *cid = NULL;
     OCSP_ONEREQ *one = NULL;
-    OCSP_REQINFO *inf = o->tbsRequest;
+    OCSP_REQINFO *inf = &o->tbsRequest;
     OCSP_SIGNATURE *sig = o->optionalSignature;
 
     if (BIO_write(bp, "OCSP Request Data:\n", 19) <= 0)
@@ -172,7 +172,7 @@ int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST *o, unsigned long flags)
                                  inf->requestExtensions, flags, 4))
         goto err;
     if (sig) {
-        X509_signature_print(bp, sig->signatureAlgorithm, sig->signature);
+        X509_signature_print(bp, &sig->signatureAlgorithm, sig->signature);
         for (i = 0; i < sk_X509_num(sig->certs); i++) {
             X509_print(bp, sk_X509_value(sig->certs, i));
             PEM_write_bio_X509(bp, sk_X509_value(sig->certs, i));
@@ -216,14 +216,14 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
     i = ASN1_STRING_length(rb->response);
     if ((br = OCSP_response_get1_basic(o)) == NULL)
         goto err;
-    rd = br->tbsResponseData;
+    rd = &br->tbsResponseData;
     l = ASN1_INTEGER_get(rd->version);
     if (BIO_printf(bp, "\n    Version: %lu (0x%lx)\n", l + 1, l) <= 0)
         goto err;
     if (BIO_puts(bp, "    Responder Id: ") <= 0)
         goto err;
 
-    rid = rd->responderId;
+    rid = &rd->responderId;
     switch (rid->type) {
     case V_OCSP_RESPID_NAME:
         X509_NAME_print_ex(bp, rid->value.byName, 0, XN_FLAG_ONELINE);
@@ -286,7 +286,7 @@ int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE *o, unsigned long flags)
     if (!X509V3_extensions_print(bp, "Response Extensions",
                                  rd->responseExtensions, flags, 4))
         goto err;
-    if (X509_signature_print(bp, br->signatureAlgorithm, br->signature) <= 0)
+    if (X509_signature_print(bp, &br->signatureAlgorithm, br->signature) <= 0)
         goto err;
 
     for (i = 0; i < sk_X509_num(br->certs); i++) {
index 948eff9..0280070 100644 (file)
 
 int OCSP_request_onereq_count(OCSP_REQUEST *req)
 {
-    return sk_OCSP_ONEREQ_num(req->tbsRequest->requestList);
+    return sk_OCSP_ONEREQ_num(req->tbsRequest.requestList);
 }
 
 OCSP_ONEREQ *OCSP_request_onereq_get0(OCSP_REQUEST *req, int i)
 {
-    return sk_OCSP_ONEREQ_value(req->tbsRequest->requestList, i);
+    return sk_OCSP_ONEREQ_value(req->tbsRequest.requestList, i);
 }
 
 OCSP_CERTID *OCSP_onereq_get0_id(OCSP_ONEREQ *one)
@@ -94,7 +94,7 @@ int OCSP_id_get0_info(ASN1_OCTET_STRING **piNameHash, ASN1_OBJECT **pmd,
     if (!cid)
         return 0;
     if (pmd)
-        *pmd = cid->hashAlgorithm->algorithm;
+        *pmd = cid->hashAlgorithm.algorithm;
     if (piNameHash)
         *piNameHash = cid->issuerNameHash;
     if (pikeyHash)
@@ -145,8 +145,8 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
     OCSP_CERTSTATUS *cs;
     OCSP_REVOKEDINFO *ri;
 
-    if (rsp->tbsResponseData->responses == NULL
-        && (rsp->tbsResponseData->responses
+    if (rsp->tbsResponseData.responses == NULL
+        && (rsp->tbsResponseData.responses
                 = sk_OCSP_SINGLERESP_new_null()) == NULL)
         goto err;
 
@@ -195,7 +195,7 @@ OCSP_SINGLERESP *OCSP_basic_add1_status(OCSP_BASICRESP *rsp,
         goto err;
 
     }
-    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData->responses, single)))
+    if (!(sk_OCSP_SINGLERESP_push(rsp->tbsResponseData.responses, single)))
         goto err;
     return single;
  err:
@@ -240,7 +240,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
         }
     }
 
-    rid = brsp->tbsResponseData->responderId;
+    rid = &brsp->tbsResponseData.responderId;
     if (flags & OCSP_RESPID_KEY) {
         unsigned char md[SHA_DIGEST_LENGTH];
         X509_pubkey_digest(signer, EVP_sha1(), md, NULL);
@@ -256,7 +256,7 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp,
     }
 
     if (!(flags & OCSP_NOTIME) &&
-        !X509_gmtime_adj(brsp->tbsResponseData->producedAt, 0))
+        !X509_gmtime_adj(brsp->tbsResponseData.producedAt, 0))
         goto err;
 
     /*
index 9dd3f3a..4fb00df 100644 (file)
@@ -182,7 +182,7 @@ static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs,
                             unsigned long flags)
 {
     X509 *signer;
-    OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+    OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
     if ((signer = ocsp_find_signer_sk(certs, rid))) {
         *psigner = signer;
         return 2;
@@ -231,7 +231,7 @@ static int ocsp_check_issuer(OCSP_BASICRESP *bs, STACK_OF(X509) *chain,
     X509 *signer, *sca;
     OCSP_CERTID *caid = NULL;
     int i;
-    sresp = bs->tbsResponseData->responses;
+    sresp = bs->tbsResponseData.responses;
 
     if (sk_X509_num(chain) <= 0) {
         OCSPerr(OCSP_F_OCSP_CHECK_ISSUER, OCSP_R_NO_CERTIFICATES_IN_CHAIN);
@@ -292,8 +292,8 @@ static int ocsp_check_ids(STACK_OF(OCSP_SINGLERESP) *sresp, OCSP_CERTID **ret)
         /* Check to see if IDs match */
         if (OCSP_id_issuer_cmp(cid, tmpid)) {
             /* If algoritm mismatch let caller deal with it */
-            if (OBJ_cmp(tmpid->hashAlgorithm->algorithm,
-                        cid->hashAlgorithm->algorithm))
+            if (OBJ_cmp(tmpid->hashAlgorithm.algorithm,
+                        cid->hashAlgorithm.algorithm))
                 return 2;
             /* Else mismatch */
             return 0;
@@ -314,7 +314,7 @@ static int ocsp_match_issuerid(X509 *cert, OCSP_CERTID *cid,
         X509_NAME *iname;
         int mdlen;
         unsigned char md[EVP_MAX_MD_SIZE];
-        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm->algorithm))
+        if ((dgst = EVP_get_digestbyobj(cid->hashAlgorithm.algorithm))
                 == NULL) {
             OCSPerr(OCSP_F_OCSP_MATCH_ISSUERID,
                     OCSP_R_UNKNOWN_MESSAGE_DIGEST);
@@ -380,7 +380,7 @@ int OCSP_request_verify(OCSP_REQUEST *req, STACK_OF(X509) *certs,
         OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY, OCSP_R_REQUEST_NOT_SIGNED);
         return 0;
     }
-    gen = req->tbsRequest->requestorName;
+    gen = req->tbsRequest.requestorName;
     if (!gen || gen->type != GEN_DIRNAME) {
         OCSPerr(OCSP_F_OCSP_REQUEST_VERIFY,
                 OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE);
index ab45db4..79b4c37 100644 (file)
@@ -186,19 +186,19 @@ typedef struct ocsp_service_locator_st OCSP_SERVICELOC;
 
 # define OCSP_REQUEST_sign(o,pkey,md) \
         ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\
-                o->optionalSignature->signatureAlgorithm,NULL,\
-                o->optionalSignature->signature,o->tbsRequest,pkey,md)
+                &o->optionalSignature->signatureAlgorithm,NULL,\
+                o->optionalSignature->signature,&o->tbsRequest,pkey,md)
 
 # define OCSP_BASICRESP_sign(o,pkey,md,d) \
-        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),o->signatureAlgorithm,NULL,\
-                o->signature,o->tbsResponseData,pkey,md)
+        ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&o->signatureAlgorithm,NULL,\
+                o->signature,&o->tbsResponseData,pkey,md)
 
 # define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\
-        a->optionalSignature->signatureAlgorithm,\
-        a->optionalSignature->signature,a->tbsRequest,r)
+        &a->optionalSignature->signatureAlgorithm,\
+        a->optionalSignature->signature,&a->tbsRequest,r)
 
 # define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\
-        a->signatureAlgorithm,a->signature,a->tbsResponseData,r)
+        &a->signatureAlgorithm,a->signature,&a->tbsResponseData,r)
 
 # define ASN1_BIT_STRING_digest(data,type,md,len) \
         ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)