wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Make editorial changes suggested by Matt Caswell and fixed Travis failures.

Browse source 
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4190)
This commit is contained in:
David Cooper 2018-01-23 14:22:17 -05:00 committed by Matt Caswell
parent 89623f8429
commit 0494014781
4 changed files with 21 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
apps/ocsp.c
View file

@ -78,7 +78,7 @@ typedef enum OPTION_choice {
OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT, OPT_VALIDITY_PERIOD, OPT_STATUS_AGE, OPT_SIGNKEY, OPT_REQOUT,
OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL, OPT_RESPOUT, OPT_PATH, OPT_ISSUER, OPT_CERT, OPT_SERIAL,
OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER, OPT_INDEX, OPT_CA, OPT_NMIN, OPT_REQUEST, OPT_NDAYS, OPT_RSIGNER,
OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_SIGOPT, OPT_HEADER, OPT_RKEY, OPT_ROTHER, OPT_RMD, OPT_RSIGOPT, OPT_HEADER,
OPT_V_ENUM, OPT_V_ENUM,
OPT_MD OPT_MD
} OPTION_CHOICE; } OPTION_CHOICE;
@ -155,7 +155,7 @@ const OPTIONS ocsp_options[] = {
{"rkey", OPT_RKEY, '<', "Responder key to sign responses with"}, {"rkey", OPT_RKEY, '<', "Responder key to sign responses with"},
{"rother", OPT_ROTHER, '<', "Other certificates to include in response"}, {"rother", OPT_ROTHER, '<', "Other certificates to include in response"},
{"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"}, {"rmd", OPT_RMD, 's', "Digest Algorithm to use in signature of OCSP response"},
{"rsigopt", OPT_SIGOPT, 's', "OCSP response signature parameter in n:v form"}, {"rsigopt", OPT_RSIGOPT, 's', "OCSP response signature parameter in n:v form"},
{"header", OPT_HEADER, 's', "key=value header to add"}, {"header", OPT_HEADER, 's', "key=value header to add"},
{"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"}, {"", OPT_MD, '-', "Any supported digest algorithm (sha1,sha256, ... )"},
OPT_V_OPTIONS, OPT_V_OPTIONS,
@ -422,7 +422,7 @@ int ocsp_main(int argc, char **argv)
if (!opt_md(opt_arg(), &rsign_md)) if (!opt_md(opt_arg(), &rsign_md))
goto end; goto end;
break; break;
case OPT_SIGOPT: case OPT_RSIGOPT:
if (rsign_sigopts == NULL) if (rsign_sigopts == NULL)
rsign_sigopts = sk_OPENSSL_STRING_new_null(); rsign_sigopts = sk_OPENSSL_STRING_new_null();
if (rsign_sigopts == NULL || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg())) if (rsign_sigopts == NULL || !sk_OPENSSL_STRING_push(rsign_sigopts, opt_arg()))

3
crypto/err/openssl.txt
View file

@ -1,4 +1,4 @@
# Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. # Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
# #
# Licensed under the OpenSSL license (the "License"). You may not use # Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy # this file except in compliance with the License. You can obtain a copy
@ -735,6 +735,7 @@ OBJ_F_OBJ_NID2SN:104:OBJ_nid2sn
OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce OCSP_F_D2I_OCSP_NONCE:102:d2i_ocsp_nonce
OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status OCSP_F_OCSP_BASIC_ADD1_STATUS:103:OCSP_basic_add1_status
OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign OCSP_F_OCSP_BASIC_SIGN:104:OCSP_basic_sign
OCSP_F_OCSP_BASIC_SIGN_CTX:119:OCSP_basic_sign_ctx
OCSP_F_OCSP_BASIC_VERIFY:105:OCSP_basic_verify OCSP_F_OCSP_BASIC_VERIFY:105:OCSP_basic_verify
OCSP_F_OCSP_CERT_ID_NEW:101:OCSP_cert_id_new OCSP_F_OCSP_CERT_ID_NEW:101:OCSP_cert_id_new
OCSP_F_OCSP_CHECK_DELEGATED:106:ocsp_check_delegated OCSP_F_OCSP_CHECK_DELEGATED:106:ocsp_check_delegated

19
crypto/ocsp/ocsp_srv.c
View file

@ -1,5 +1,5 @@
/* /*
* Copyright 2001-2016 The OpenSSL Project Authors. All Rights Reserved. * Copyright 2001-2018 The OpenSSL Project Authors. All Rights Reserved.
* *
* Licensed under the OpenSSL license (the "License"). You may not use * Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy * this file except in compliance with the License. You can obtain a copy
@ -168,16 +168,27 @@ int OCSP_basic_add1_cert(OCSP_BASICRESP *resp, X509 *cert)
return 1; return 1;
} }
/*
* Sign an OCSP response using the parameters contained in the digest context,
* set the responderID to the subject name in the signer's certificate, and
* include one or more optional certificates in the response.
*/
int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp, int OCSP_basic_sign_ctx(OCSP_BASICRESP *brsp,
X509 *signer, EVP_MD_CTX *ctx, X509 *signer, EVP_MD_CTX *ctx,
STACK_OF(X509) *certs, unsigned long flags) STACK_OF(X509) *certs, unsigned long flags)
{ {
int i; int i;
OCSP_RESPID *rid; OCSP_RESPID *rid;
EVP_PKEY *pkey;
if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL if (ctx == NULL || EVP_MD_CTX_pkey_ctx(ctx) == NULL) {
|| EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)) == NULL OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSP_R_NO_SIGNER_KEY);
|| !X509_check_private_key(signer, EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)))) { goto err;
}
pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx));
if (pkey == NULL || !X509_check_private_key(signer, pkey)) {
OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX, OCSPerr(OCSP_F_OCSP_BASIC_SIGN_CTX,
OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE);
goto err; goto err;

2
include/openssl/ocsperr.h
View file

@ -25,7 +25,7 @@ int ERR_load_OCSP_strings(void);
# define OCSP_F_D2I_OCSP_NONCE 102 # define OCSP_F_D2I_OCSP_NONCE 102
# define OCSP_F_OCSP_BASIC_ADD1_STATUS 103 # define OCSP_F_OCSP_BASIC_ADD1_STATUS 103
# define OCSP_F_OCSP_BASIC_SIGN 104 # define OCSP_F_OCSP_BASIC_SIGN 104
# define OCSP_F_OCSP_BASIC_SIGN_CTX 131 # define OCSP_F_OCSP_BASIC_SIGN_CTX 119
# define OCSP_F_OCSP_BASIC_VERIFY 105 # define OCSP_F_OCSP_BASIC_VERIFY 105
# define OCSP_F_OCSP_CERT_ID_NEW 101 # define OCSP_F_OCSP_CERT_ID_NEW 101
# define OCSP_F_OCSP_CHECK_DELEGATED 106 # define OCSP_F_OCSP_CHECK_DELEGATED 106