Update openssl to 1.0.2d

Also update Cryptlib to edk2 r17731 Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
author: Gary Ching-Pang Lin <glin@suse.com> 2015-07-28 11:46:38 -0400
committer: Peter Jones <pjones@redhat.com> 2015-07-28 11:46:38 -0400
commit: 5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch)
tree: 2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
parent: 69ba24ff72921ecabbb47178de40dc5a79350040 (diff)
download: efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz
efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip
1 files changed, 12 insertions, 51 deletions
diff --git a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
index e341caea..c19648c7 100644
--- a/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
+++ b/Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
@@ -287,7 +287,7 @@ int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc)
 }
 
 /* also CRL Entry Extensions */
-
+#if 0
 ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
                                 void *data, STACK_OF(ASN1_OBJECT) *sk)
 {
@@ -329,6 +329,7 @@ ASN1_STRING *ASN1_STRING_encode(ASN1_STRING *s, i2d_of_void *i2d,
         OPENSSL_free(b);
     return NULL;
 }
+#endif
 
 /* Nonce handling functions */
 
@@ -360,8 +361,8 @@ static int ocsp_add1_nonce(STACK_OF(X509_EXTENSION) **exts,
     ASN1_put_object(&tmpval, 0, len, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL);
     if (val)
         memcpy(tmpval, val, len);
-    else
-        RAND_pseudo_bytes(tmpval, len);
+    else if (RAND_pseudo_bytes(tmpval, len) < 0)
+        goto err;
     if (!X509V3_add1_i2d(exts, NID_id_pkix_OCSP_Nonce,
                          &os, 0, X509V3_ADD_REPLACE))
         goto err;
@@ -476,21 +477,11 @@ X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)
         if (!(ASN1_GENERALIZEDTIME_set_string(cid->crlTime, tim)))
             goto err;
     }
-    if (!(x = X509_EXTENSION_new()))
-        goto err;
-    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_CrlID)))
-        goto err;
-    if (!(ASN1_STRING_encode_of(OCSP_CRLID, x->value, i2d_OCSP_CRLID, cid,
-                                NULL)))
-         goto err;
-    OCSP_CRLID_free(cid);
-    return x;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_CrlID, 0, cid);
  err:
-    if (x)
-        X509_EXTENSION_free(x);
     if (cid)
         OCSP_CRLID_free(cid);
-    return NULL;
+    return x;
 }
 
 /*   AcceptableResponses ::= SEQUENCE OF OBJECT IDENTIFIER */
@@ -508,21 +499,11 @@ X509_EXTENSION *OCSP_accept_responses_new(char **oids)
             sk_ASN1_OBJECT_push(sk, o);
         oids++;
     }
-    if (!(x = X509_EXTENSION_new()))
-        goto err;
-    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_acceptableResponses)))
-        goto err;
-    if (!(ASN1_STRING_encode_of(ASN1_OBJECT, x->value, i2d_ASN1_OBJECT, NULL,
-                                sk)))
-         goto err;
-    sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-    return x;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_acceptableResponses, 0, sk);
  err:
-    if (x)
-        X509_EXTENSION_free(x);
     if (sk)
         sk_ASN1_OBJECT_pop_free(sk, ASN1_OBJECT_free);
-    return NULL;
+    return x;
 }
 
 /*  ArchiveCutoff ::= GeneralizedTime */
@@ -535,21 +516,11 @@ X509_EXTENSION *OCSP_archive_cutoff_new(char *tim)
         goto err;
     if (!(ASN1_GENERALIZEDTIME_set_string(gt, tim)))
         goto err;
-    if (!(x = X509_EXTENSION_new()))
-        goto err;
-    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_archiveCutoff)))
-        goto err;
-    if (!(ASN1_STRING_encode_of(ASN1_GENERALIZEDTIME, x->value,
-                                i2d_ASN1_GENERALIZEDTIME, gt, NULL)))
-         goto err;
-    ASN1_GENERALIZEDTIME_free(gt);
-    return x;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_archiveCutoff, 0, gt);
  err:
     if (gt)
         ASN1_GENERALIZEDTIME_free(gt);
-    if (x)
-        X509_EXTENSION_free(x);
-    return NULL;
+    return x;
 }
 
 /*
@@ -587,19 +558,9 @@ X509_EXTENSION *OCSP_url_svcloc_new(X509_NAME *issuer, char **urls)
             goto err;
         urls++;
     }
-    if (!(x = X509_EXTENSION_new()))
-        goto err;
-    if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_serviceLocator)))
-        goto err;
-    if (!(ASN1_STRING_encode_of(OCSP_SERVICELOC, x->value,
-                                i2d_OCSP_SERVICELOC, sloc, NULL)))
-         goto err;
-    OCSP_SERVICELOC_free(sloc);
-    return x;
+    x = X509V3_EXT_i2d(NID_id_pkix_OCSP_serviceLocator, 0, sloc);
  err:
-    if (x)
-        X509_EXTENSION_free(x);
     if (sloc)
         OCSP_SERVICELOC_free(sloc);
-    return NULL;
+    return x;
 }
author	Gary Ching-Pang Lin <glin@suse.com>	2015-07-28 11:46:38 -0400
committer	Peter Jones <pjones@redhat.com>	2015-07-28 11:46:38 -0400
commit	5ce38c90cf43ee79cd999716ea83a5a44eeb819e (patch)
tree	2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/OpenSSL/crypto/ocsp/ocsp_ext.c
parent	69ba24ff72921ecabbb47178de40dc5a79350040 (diff)
download	efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.tar.gz efi-boot-shim-5ce38c90cf43ee79cd999716ea83a5a44eeb819e.zip