OCSP library tidy. Use extension to encode OCSP extensions instead of doing
authorDr. Stephen Henson <steve@openssl.org>
Mon, 13 Nov 2006 13:18:28 +0000 (13:18 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 13 Nov 2006 13:18:28 +0000 (13:18 +0000)
it manually. Make OCSP_CERTID_dup() a real function instead of a macro.

crypto/ocsp/ocsp.h
crypto/ocsp/ocsp_ext.c
crypto/ocsp/ocsp_lib.c

index 6643cf5..5eee607 100644 (file)
@@ -391,12 +391,12 @@ typedef struct ocsp_service_locator_st
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 
 #define ASN1_BIT_STRING_digest(data,type,md,len) \
        ASN1_item_digest(ASN1_ITEM_rptr(ASN1_BIT_STRING),type,data,md,len)
 
-#define OCSP_CERTID_dup(cid) ASN1_dup_of(OCSP_CERTID,i2d_OCSP_CERTID,d2i_OCSP_CERTID,cid)
-
 #define OCSP_CERTSTATUS_dup(cs)\
                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
 
 #define OCSP_CERTSTATUS_dup(cs)\
                 (OCSP_CERTSTATUS*)ASN1_dup((int(*)())i2d_OCSP_CERTSTATUS,\
                (char *(*)())d2i_OCSP_CERTSTATUS,(char *)(cs))
 
+OCSP_CERTID *OCSP_CERTID_dup(OCSP_CERTID *id);
+
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                int maxline);
 OCSP_RESPONSE *OCSP_sendreq_bio(BIO *b, char *path, OCSP_REQUEST *req);
 OCSP_REQ_CTX *OCSP_sendreq_new(BIO *io, char *path, OCSP_REQUEST *req,
                                                                int maxline);
index 815cc29..2c34281 100644 (file)
@@ -442,17 +442,10 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                        goto err;
                }
                if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim))) 
                        goto err;
                }
-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID))) goto err;
-       if (!(ASN1_STRING_encode_of(OCSP_CRLID,x->value,i2d_OCSP_CRLID,cid,
-                                   NULL)))
-               goto err;
-       OCSP_CRLID_free(cid);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
 err:
 err:
-       if (x) X509_EXTENSION_free(x);
        if (cid) OCSP_CRLID_free(cid);
        if (cid) OCSP_CRLID_free(cid);
-       return NULL;
+       return x;
        }
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
        }
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
@@ -470,18 +463,10 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
                        sk_ASN1_OBJECT_push(sk, o);
                oids++;
                }
                        sk_ASN1_OBJECT_push(sk, o);
                oids++;
                }
-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-               goto err;
-       if (!(ASN1_STRING_encode_of(ASN1_OBJECT,x->value,i2d_ASN1_OBJECT,NULL,
-                                   sk)))
-               goto err;
-       sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
 err:
 err:
-       if (x) X509_EXTENSION_free(x);
        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
        if (sk) sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-       return NULL;
+       return x;
         }
 
 /*  ArchiveCutoff ::= GeneralizedTime */
         }
 
 /*  ArchiveCutoff ::= GeneralizedTime */
@@ -492,16 +477,10 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char* tim)
 
        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
 
        if (!(gt = ASN1_GENERALIZEDTIME_new())) goto err;
        if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim))) goto err;
-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object=OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))goto err;
-       if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME,x->value,
-                                   i2d_ASN1_GENERALIZEDTIME,gt,NULL))) goto err;
-       ASN1_GENERALIZEDTIME_free(gt);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
 err:
        if (gt) ASN1_GENERALIZEDTIME_free(gt);
 err:
        if (gt) ASN1_GENERALIZEDTIME_free(gt);
-       if (x) X509_EXTENSION_free(x);
-       return NULL;
+       return x;
        }
 
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
        }
 
 /* per ACCESS_DESCRIPTION parameter are oids, of which there are currently
@@ -530,16 +509,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME* issuer, char **urls)
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                urls++;
                }
                if (!sk_ACCESS_DESCRIPTION_push(sloc->locator, ad)) goto err;
                urls++;
                }
-       if (!(x = X509_EXTENSION_new())) goto err;
-       if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator))) 
-               goto err;
-       if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC,x->value,
-                                   i2d_OCSP_SERVICELOC,sloc,NULL))) goto err;
-       OCSP_SERVICELOC_free(sloc);
-       return x;
+       x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
 err:
 err:
-       if (x) X509_EXTENSION_free(x);
        if (sloc) OCSP_SERVICELOC_free(sloc);
        if (sloc) OCSP_SERVICELOC_free(sloc);
-       return NULL;
+       return x;
        }
 
        }
 
index 2745081..36905d7 100644 (file)
@@ -69,6 +69,7 @@
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
 #include <openssl/pem.h>
 #include <openssl/x509v3.h>
 #include <openssl/ocsp.h>
+#include <openssl/asn1t.h>
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
 
 /* Convert a certificate and its issuer to an OCSP_CERTID */
 
@@ -260,3 +261,5 @@ int OCSP_parse_url(char *url, char **phost, char **pport, char **ppath, int *pss
        return 0;
 
        }
        return 0;
 
        }
+
+IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)