OCSP library tidy. Use extension to encode OCSP extensions instead of doing

it manually. Make OCSP_CERTID_dup() a real function instead of a macro.

diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h
index 6643cf53022562e57a1302f194eda3a6b768382e..5eee6071fe18198db2ac418da8cfd323356bafb7 100644 (file)
--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -391,12 +391,12 @@ typedef struct ocsp_service_locator_st
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 

-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
-

 #define OCSP_CERTSTATUS_dup(cs)\
                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
 
 #define OCSP_CERTSTATUS_dup(cs)\
                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
 

+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+

 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                int maxline);
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                int maxline);

diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c
index 815cc29d58fe2fad641022c1eaf84da6342bec62..2c342817ea0ce56f426618ad6cc0d36fe195b392 100644 (file)
--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -442,17 +442,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                        goto err;
                }
                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                        goto err;
                }

-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-       if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
-                                   NULL)))
-               goto err;
-       OCSP_CRLID_free(cid);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);

 err:
 err:

-       if (x) X509_EXTENSION_free(x);

        if (cid) OCSP_CRLID_free(cid);
        if (cid) OCSP_CRLID_free(cid);

-       return NULL;
+       return x;

        }
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
        }
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */


@@ -470,18 +463,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
                        sk_ASN1_OBJECT_push(sk, o);
                oids++;
                }
                        sk_ASN1_OBJECT_push(sk, o);
                oids++;
                }

-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-               goto err;
-       if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
-                                   sk)))
-               goto err;
-       sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);

 err:
 err:

-       if (x) X509_EXTENSION_free(x);

        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);

-       return NULL;
+       return x;

         }
 
 /*  ArchiveCutoff ::= GeneralizedTime */
         }
 
 /*  ArchiveCutoff ::= GeneralizedTime */


@@ -492,16 +477,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
 
        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
 
        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;

-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-       if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
-                                   i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
-       ASN1_GENERALIZEDTIME_free(gt);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);

 err:
        if (gt) ASN1_GENERALIZEDTIME_free(gt);
 err:
        if (gt) ASN1_GENERALIZEDTIME_free(gt);

-       if (x) X509_EXTENSION_free(x);
-       return NULL;
+       return x;

        }
 
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
        }
 
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently


@@ -530,16 +509,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                urls++;
                }
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                urls++;
                }

-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-               goto err;
-       if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
-                                   i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
-       OCSP_SERVICELOC_free(sloc);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);

 err:
 err:

-       if (x) X509_EXTENSION_free(x);

        if (sloc) OCSP_SERVICELOC_free(sloc);
        if (sloc) OCSP_SERVICELOC_free(sloc);

-       return NULL;
+       return x;

        }
 
        }
 

diff --git a/crypto/ocsp/ocsp_lib.c b/crypto/ocsp/ocsp_lib.c
index 27450811d7208529a8ef99b5b089e9ce6c3c0bcc..36905d76cd4249b8838f90683eb7548535b6a8f6 100644 (file)
--- a/crypto/ocsp/ocsp_lib.c
+++ b/crypto/ocsp/ocsp_lib.c
@@ -69,6 +69,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>

+#include <openssl/asn1t.h>

 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 


@@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        return 0;
 
        }
        return 0;
 
        }

+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)