#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/ocsp.h>
+#include "ocsp_lcl.h"
#include <openssl/rand.h>
#include <openssl/x509v3.h>
}
/* also CRL Entry Extensions */
-#if 0
-ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
- void *data, STACK_OF(ASN1_OBJECT) *sk)
-{
- int i;
- unsigned char *p, *b = NULL;
-
- if (data) {
- if ((i = i2d(data, NULL)) <= 0)
- goto err;
- if (!(b = p = OPENSSL_malloc((unsigned int)i)))
- goto err;
- if (i2d(data, &p) <= 0)
- goto err;
- } else if (sk) {
- if ((i = i2d_ASN1_SET_OF_ASN1_OBJECT(sk, NULL,
- (I2D_OF(ASN1_OBJECT)) i2d,
- V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL,
- IS_SEQUENCE)) <= 0)
- goto err;
- if (!(b = p = OPENSSL_malloc((unsigned int)i)))
- goto err;
- if (i2d_ASN1_SET_OF_ASN1_OBJECT(sk, &p, (I2D_OF(ASN1_OBJECT)) i2d,
- V_ASN1_SEQUENCE,
- V_ASN1_UNIVERSAL, IS_SEQUENCE) <= 0)
- goto err;
- } else {
- OCSPerr(OCSP_F_ASN1_STRING_ENCODE, OCSP_R_BAD_DATA);
- goto err;
- }
- if (!s && !(s = ASN1_STRING_new()))
- goto err;
- if (!(ASN1_STRING_set(s, b, i)))
- goto err;
- OPENSSL_free(b);
- return s;
- err:
- if (b)
- OPENSSL_free(b);
- return NULL;
-}
-#endif
/* Nonce handling functions */
ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
if (val)
memcpy(tmpval, val, len);
- else
- RAND_pseudo_bytes(tmpval, len);
+ else if (RAND_bytes(tmpval, len) <= 0)
+ goto err;
if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
&os, 0, X509V3_ADD_REPLACE))
goto err;
*/
req_ext = OCSP_REQUEST_get_ext(req, req_idx);
resp_ext = OCSP_BASICRESP_get_ext(bs, resp_idx);
- if (ASN1_OCTET_STRING_cmp(req_ext->value, resp_ext->value))
+ if (ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(req_ext),
+ X509_EXTENSION_get_data(resp_ext)))
return 0;
return 1;
}