diff options
Diffstat (limited to 'crypto/ocsp')
-rw-r--r-- | crypto/ocsp/ocsp_cl.c | 2 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_local.h | 46 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_srv.c | 7 | ||||
-rw-r--r-- | crypto/ocsp/ocsp_vfy.c | 4 |
4 files changed, 34 insertions, 25 deletions
diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index cfa85af240..c1dda38414 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -94,7 +94,7 @@ int OCSP_request_sign(OCSP_REQUEST *req, OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } - if (!OCSP_REQUEST_sign(req, key, dgst)) + if (!OCSP_REQUEST_sign(req, key, dgst, signer->libctx, signer->propq)) goto err; } diff --git a/crypto/ocsp/ocsp_local.h b/crypto/ocsp/ocsp_local.h index 6542febc98..e1633403c6 100644 --- a/crypto/ocsp/ocsp_local.h +++ b/crypto/ocsp/ocsp_local.h @@ -217,22 +217,30 @@ struct ocsp_service_locator_st { STACK_OF(ACCESS_DESCRIPTION) *locator; }; -# define OCSP_REQUEST_sign(o,pkey,md) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(o)->optionalSignature->signatureAlgorithm,NULL,\ - (o)->optionalSignature->signature,&(o)->tbsRequest,pkey,md) - -# define OCSP_BASICRESP_sign(o,pkey,md,d) \ - ASN1_item_sign(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ - NULL,(o)->signature,&(o)->tbsResponseData,pkey,md) - -# define OCSP_BASICRESP_sign_ctx(o,ctx,d) \ - ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),&(o)->signatureAlgorithm,\ - NULL,(o)->signature,&(o)->tbsResponseData,ctx) - -# define OCSP_REQUEST_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_REQINFO),\ - &(a)->optionalSignature->signatureAlgorithm,\ - (a)->optionalSignature->signature,&(a)->tbsRequest,r) - -# define OCSP_BASICRESP_verify(a,r) ASN1_item_verify(ASN1_ITEM_rptr(OCSP_RESPDATA),\ - &(a)->signatureAlgorithm,(a)->signature,&(a)->tbsResponseData,r) +# define OCSP_REQUEST_sign(o, pkey, md, libctx, propq)\ + ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ + &(o)->optionalSignature->signatureAlgorithm, NULL,\ + (o)->optionalSignature->signature, &(o)->tbsRequest,\ + NULL, pkey, md, libctx, propq) + +# define OCSP_BASICRESP_sign(o, pkey, md, d, libctx, propq)\ + ASN1_item_sign_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + &(o)->signatureAlgorithm, NULL,\ + (o)->signature, &(o)->tbsResponseData,\ + NULL, pkey, md, libctx, propq) + +# define OCSP_BASICRESP_sign_ctx(o, ctx, d)\ + ASN1_item_sign_ctx(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + &(o)->signatureAlgorithm, NULL,\ + (o)->signature, &(o)->tbsResponseData, ctx) + +# define OCSP_REQUEST_verify(a, r, libctx, propq)\ + ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_REQINFO),\ + &(a)->optionalSignature->signatureAlgorithm,\ + (a)->optionalSignature->signature, &(a)->tbsRequest,\ + NULL, r, libctx, propq) + +# define OCSP_BASICRESP_verify(a, r, libctx, propq)\ + ASN1_item_verify_ex(ASN1_ITEM_rptr(OCSP_RESPDATA),\ + &(a)->signatureAlgorithm, (a)->signature,\ + &(a)->tbsResponseData, NULL, r, libctx, propq) diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index af1277942e..4187446e1c 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -223,7 +223,8 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, if (ctx == NULL) return 0; - if (!EVP_DigestSignInit(ctx, &pkctx, dgst, NULL, key)) { + if (!EVP_DigestSignInit_ex(ctx, &pkctx, EVP_MD_name(dgst), + signer->libctx, signer->propq, key, NULL)) { EVP_MD_CTX_free(ctx); return 0; } @@ -277,7 +278,7 @@ int OCSP_RESPID_set_by_key_ex(OCSP_RESPID *respid, X509 *cert, int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert) { - return OCSP_RESPID_set_by_key_ex(respid, cert, NULL, NULL); + return OCSP_RESPID_set_by_key_ex(respid, cert, cert->libctx, cert->propq); } int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, @@ -318,5 +319,5 @@ int OCSP_RESPID_match_ex(OCSP_RESPID *respid, X509 *cert, OSSL_LIB_CTX *libctx, int OCSP_RESPID_match(OCSP_RESPID *respid, X509 *cert) { - return OCSP_RESPID_match_ex(respid, cert, NULL, NULL); + return OCSP_RESPID_match_ex(respid, cert, cert->libctx, cert->propq); } diff --git a/crypto/ocsp/ocsp_vfy.c b/crypto/ocsp/ocsp_vfy.c index 544748851f..fe878043ca 100644 --- a/crypto/ocsp/ocsp_vfy.c +++ b/crypto/ocsp/ocsp_vfy.c @@ -84,9 +84,9 @@ static int ocsp_verify(OCSP_REQUEST *req, OCSP_BASICRESP *bs, return -1; } if (req != NULL) - ret = OCSP_REQUEST_verify(req, skey); + ret = OCSP_REQUEST_verify(req, skey, signer->libctx, signer->propq); else - ret = OCSP_BASICRESP_verify(bs, skey); + ret = OCSP_BASICRESP_verify(bs, skey, signer->libctx, signer->propq); if (ret <= 0) ERR_raise(ERR_LIB_OCSP, OCSP_R_SIGNATURE_FAILURE); } |