This patch incorporates additional suggestions to 342461 fix from Wan-Teh review.

This commit is contained in:
alexei.volkov.bugs%sun.com 2007-01-09 23:39:08 +00:00
parent f2f2471535
commit 87d8b45572
2 changed files with 15 additions and 5 deletions

View File

@ -38,7 +38,7 @@
* Implementation of OCSP services, for both client and server.
* (XXX, really, mostly just for client right now, but intended to do both.)
*
* $Id: ocsp.c,v 1.33 2007/01/04 20:38:29 alexei.volkov.bugs%sun.com Exp $
* $Id: ocsp.c,v 1.34 2007/01/09 23:39:08 alexei.volkov.bugs%sun.com Exp $
*/
#include "prerror.h"
@ -1585,6 +1585,16 @@ loser:
* is only used internally. When this interface is officially exported,
* each assertion below will need to be followed-up with setting an error
* and returning (null).
*
* FUNCTION: ocsp_GetResponseData
* Returns ocspResponseData structure and a pointer to tbs response
* data DER from a valid ocsp response.
* INPUTS:
* CERTOCSPResponse *response
* structure of a valid ocsp response
* RETURN:
* Returns a pointer to ocspResponseData structure: decoded OCSP response
* data, and a pointer(tbsResponseDataDER) to its undecoded data DER.
*/
static ocspResponseData *
ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER)
@ -1608,6 +1618,8 @@ ocsp_GetResponseData(CERTOCSPResponse *response, SECItem **tbsResponseDataDER)
if (tbsResponseDataDER) {
*tbsResponseDataDER = &basic->tbsResponseDataDER;
}
PORT_Assert((*tbsResponseDataDER)->data != NULL);
PORT_Assert((*tbsResponseDataDER)->len != 0);
return responseData;
}
@ -2560,7 +2572,6 @@ ocsp_CertGetDefaultResponder(CERTCertDBHandle *handle,CERTOCSPCertID *certID);
*/
static SECStatus
ocsp_CheckSignature(ocspSignature *signature, SECItem *encodedTBS,
const SEC_ASN1Template *encodeTemplate,
CERTCertDBHandle *handle, SECCertUsage certUsage,
int64 checkTime, PRBool lookupByName, void *certIndex,
void *pwArg, CERTCertificate **pSignerCert,
@ -2800,7 +2811,6 @@ CERT_VerifyOCSPResponseSignature(CERTOCSPResponse *response,
return ocsp_CheckSignature(ocsp_GetResponseSignature(response),
tbsResponseDataDER,
ocsp_ResponseDataTemplate,
handle, certUsageStatusResponder, producedAt,
byName, certIndex, pwArg, pSignerCert, issuer);
}

View File

@ -37,7 +37,7 @@
/*
* Private header defining OCSP types.
*
* $Id: ocspti.h,v 1.6 2007/01/04 20:38:29 alexei.volkov.bugs%sun.com Exp $
* $Id: ocspti.h,v 1.7 2007/01/09 23:39:08 alexei.volkov.bugs%sun.com Exp $
*/
#ifndef _OCSPTI_H_
@ -279,9 +279,9 @@ struct ocspResponseBytesStr {
* the C data structure here and in some shared code to operate on them.
*/
struct ocspBasicOCSPResponseStr {
SECItem tbsResponseDataDER;
ocspResponseData *tbsResponseData; /* "tbs" == To Be Signed */
ocspSignature responseSignature;
SECItem tbsResponseDataDER;
};
/*