Add NO_ASN1_OLD to remove some old style functions:

currently OpenSSL itself wont compile with this set because some old style stuff remains. Change old functions X509_sign(), X509_verify() etc to use new item based functions. Replace OCSP function declarations with DECLARE macros.

Add NO_ASN1_OLD to remove some old style functions:
currently OpenSSL itself wont compile with this set because some old style stuff remains. Change old functions X509_sign(), X509_verify() etc to use new item based functions. Replace OCSP function declarations with DECLARE macros.
73e92de5 · Dr. Stephen Henson · 09ab755c · 73e92de5 · 73e92de5 · 73e92de5
7 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,7 +4,10 @@
 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

  *) New ASN1 functions to handle sign, verify, digest, pack and
-     unpack operations in terms of ASN1_ITEM.
+     unpack operations in terms of ASN1_ITEM. Modify existing wrappers
+     to use new functions. Add NO_ASN1_OLD which can be set to remove
+     some old style ASN1 functions: this can be used to determine if old
+     code will still work when these eventually go away.
     [Steve Henson]

  *) New extension functions for OCSP structures, these follow the

--- a/crypto/asn1/a_digest.c
+++ b/crypto/asn1/a_digest.c
@@ -69,6 +69,8 @@
 #include <openssl/buffer.h>
 #include <openssl/x509.h>

+#ifndef NO_ASN1_OLD
+
 int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 		unsigned char *md, unsigned int *len)
 	{
@@ -88,6 +90,8 @@ int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data,
 	return(1);
 	}

+#endif
+

 int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
 		unsigned char *md, unsigned int *len)

--- a/crypto/asn1/a_set.c
+++ b/crypto/asn1/a_set.c
@@ -60,6 +60,8 @@
 #include "cryptlib.h"
 #include <openssl/asn1_mac.h>

+#ifndef NO_ASN1_OLD
+
 typedef struct
    {
    unsigned char *pbData;
@@ -215,3 +217,4 @@ err:
 	return(NULL);
 	}

+#endif
--- a/crypto/asn1/a_sign.c
+++ b/crypto/asn1/a_sign.c
@@ -71,6 +71,8 @@
 #include <openssl/objects.h>
 #include <openssl/buffer.h>

+#ifndef NO_ASN1_OLD
+
 int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey,
 	     const EVP_MD *type)
@@ -147,6 +149,8 @@ err:
 	return(outl);
 	}

+#endif
+
 int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
 	     ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey,
 	     const EVP_MD *type)

--- a/crypto/asn1/a_verify.c
+++ b/crypto/asn1/a_verify.c
@@ -71,6 +71,8 @@
 #include <openssl/buffer.h>
 #include <openssl/evp.h>

+#ifndef NO_ASN1_OLD
+
 int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     char *data, EVP_PKEY *pkey)
 	{
@@ -118,6 +120,8 @@ err:
 	return(ret);
 	}

+#endif
+

 int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature,
 	     void *asn, EVP_PKEY *pkey)

--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -359,23 +359,23 @@ typedef struct ocsp_service_locator_st
 		(unsigned char *)o)

 #define OCSP_REQUEST_sign(o,pkey,md) \
-	ASN1_sign((int(*)())i2d_OCSP_REQINFO,\
+	ASN1_item_sign(&OCSP_REQINFO_it,\
 		o->optionalSignature->signatureAlgorithm,NULL,\
 	        o->optionalSignature->signature,(char *)o->tbsRequest,pkey,md)

 #define OCSP_BASICRESP_sign(o,pkey,md,d) \
-	ASN1_sign((int(*)())i2d_OCSP_RESPDATA,o->signatureAlgorithm,NULL,\
+	ASN1_item_sign(&OCSP_RESPDATA_it,o->signatureAlgorithm,NULL,\
 		o->signature,(char *)o->tbsResponseData,pkey,md)

-#define OCSP_REQUEST_verify(a,r) ASN1_verify((int (*)())i2d_OCSP_REQINFO,\
+#define OCSP_REQUEST_verify(a,r) ASN1_item_verify(&OCSP_REQINFO_it,\
        a->optionalSignature->signatureAlgorithm,\
 	a->optionalSignature->signature,(char *)a->tbsRequest,r)

-#define OCSP_BASICRESP_verify(a,r,d) ASN1_verify((int (*)())i2d_OCSP_RESPDATA,\
+#define OCSP_BASICRESP_verify(a,r,d) ASN1_item_verify(&OCSP_RESPDATA_it,\
 	a->signatureAlgorithm,a->signature,(char *)a->tbsResponseData,r)

 #define ASN1_BIT_STRING_digest(data,type,md,len) \
-	ASN1_digest((int (*)())i2d_ASN1_BIT_STRING,type,(char *)data,md,len)
+	ASN1_item_digest(&ASN1_BIT_STRING_it,type,(char *)data,md,len)

 #define OCSP_CERTID_dup(cid) (OCSP_CERTID*)ASN1_dup((int(*)())i2d_OCSP_CERTID,\
 		(char *(*)())d2i_OCSP_CERTID,(char *)(cid))
@@ -489,70 +489,24 @@ int OCSP_SINGLERESP_add1_ext_i2d(OCSP_SINGLERESP *x, int nid, void *value, int c
 int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *x, X509_EXTENSION *ex, int loc);

 DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
-
-OCSP_CERTSTATUS *OCSP_CERTSTATUS_new(void);
-void OCSP_CERTSTATUS_free(OCSP_CERTSTATUS *a);
-int i2d_OCSP_CERTSTATUS(OCSP_CERTSTATUS *a, unsigned char **pp);
-OCSP_CERTSTATUS *d2i_OCSP_CERTSTATUS(OCSP_CERTSTATUS **a, unsigned char **pp, long length);
-
-OCSP_REVOKEDINFO *OCSP_REVOKEDINFO_new(void);
-void OCSP_REVOKEDINFO_free(OCSP_REVOKEDINFO *a);
-int i2d_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO *a, unsigned char **pp);
-OCSP_REVOKEDINFO *d2i_OCSP_REVOKEDINFO(OCSP_REVOKEDINFO **a, unsigned char **pp, long length);
-
-OCSP_BASICRESP *OCSP_BASICRESP_new(void);
-void OCSP_BASICRESP_free(OCSP_BASICRESP *a);
-int i2d_OCSP_BASICRESP(OCSP_BASICRESP *a, unsigned char **pp);
-OCSP_BASICRESP *d2i_OCSP_BASICRESP(OCSP_BASICRESP **a, unsigned char **pp, long length);
-
-OCSP_RESPDATA *OCSP_RESPDATA_new(void);
-void OCSP_RESPDATA_free(OCSP_RESPDATA *a);
-int i2d_OCSP_RESPDATA(OCSP_RESPDATA *a, unsigned char **pp);
-OCSP_RESPDATA *d2i_OCSP_RESPDATA(OCSP_RESPDATA **a, unsigned char **pp, long length);
-
-OCSP_RESPID *OCSP_RESPID_new(void);
-void OCSP_RESPID_free(OCSP_RESPID *a);
-int i2d_OCSP_RESPID(OCSP_RESPID *a, unsigned char **pp);
-OCSP_RESPID *d2i_OCSP_RESPID(OCSP_RESPID **a, unsigned char **pp, long length);
-
-OCSP_RESPONSE *OCSP_RESPONSE_new(void);
-void OCSP_RESPONSE_free(OCSP_RESPONSE *a);
-int i2d_OCSP_RESPONSE(OCSP_RESPONSE *a, unsigned char **pp);
-OCSP_RESPONSE *d2i_OCSP_RESPONSE(OCSP_RESPONSE **a, unsigned char **pp, long length);
-int OCSP_RESPONSE_print(BIO *bp, OCSP_RESPONSE* a, unsigned long flags);
-
-OCSP_RESPBYTES *OCSP_RESPBYTES_new(void);
-void OCSP_RESPBYTES_free(OCSP_RESPBYTES *a);
-int i2d_OCSP_RESPBYTES(OCSP_RESPBYTES *a, unsigned char **pp);
-OCSP_RESPBYTES *d2i_OCSP_RESPBYTES(OCSP_RESPBYTES **a, unsigned char **pp, long length);
-
-OCSP_ONEREQ *OCSP_ONEREQ_new(void);
-void OCSP_ONEREQ_free(OCSP_ONEREQ *a);
-int i2d_OCSP_ONEREQ(OCSP_ONEREQ *a, unsigned char **pp);
-OCSP_ONEREQ *d2i_OCSP_ONEREQ(OCSP_ONEREQ **a, unsigned char **pp, long length);
-
-OCSP_CERTID *OCSP_CERTID_new(void);
-void OCSP_CERTID_free(OCSP_CERTID *a);
-int i2d_OCSP_CERTID(OCSP_CERTID *a, unsigned char **pp);
-OCSP_CERTID *d2i_OCSP_CERTID(OCSP_CERTID **a, unsigned char **pp, long length);
-
-OCSP_REQUEST *OCSP_REQUEST_new(void);
-void OCSP_REQUEST_free(OCSP_REQUEST *a);
-int i2d_OCSP_REQUEST(OCSP_REQUEST *a, unsigned char **pp);
-OCSP_REQUEST *d2i_OCSP_REQUEST(OCSP_REQUEST **a, unsigned char **pp, long length);
-
-int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
-
-OCSP_SIGNATURE *OCSP_SIGNATURE_new(void);
-void OCSP_SIGNATURE_free(OCSP_SIGNATURE *a);
-int i2d_OCSP_SIGNATURE(OCSP_SIGNATURE *a, unsigned char **pp);
-OCSP_SIGNATURE *d2i_OCSP_SIGNATURE(OCSP_SIGNATURE **a, unsigned char **pp, long length);
-
-
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTSTATUS)
+DECLARE_ASN1_FUNCTIONS(OCSP_REVOKEDINFO)
+DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPDATA)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPID)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
+DECLARE_ASN1_FUNCTIONS(OCSP_RESPBYTES)
+DECLARE_ASN1_FUNCTIONS(OCSP_ONEREQ)
+DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
+DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SIGNATURE)
 DECLARE_ASN1_FUNCTIONS(OCSP_REQINFO)
 DECLARE_ASN1_FUNCTIONS(OCSP_CRLID)
 DECLARE_ASN1_FUNCTIONS(OCSP_SERVICELOC)

+int OCSP_REQUEST_print(BIO *bp, OCSP_REQUEST* a, unsigned long flags);
+
+
 void ERR_load_OCSP_strings(void);

 /* BEGIN ERROR CODES */

--- a/crypto/x509/x_all.c
+++ b/crypto/x509/x_all.c
@@ -67,49 +67,49 @@

 int X509_verify(X509 *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,
+	return(ASN1_item_verify(&X509_CINF_it,a->sig_alg,
 		a->signature,(char *)a->cert_info,r));
 	}

 int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r)
 	{
-	return( ASN1_verify((int (*)())i2d_X509_REQ_INFO,
+	return( ASN1_item_verify(&X509_REQ_INFO_it,
 		a->sig_alg,a->signature,(char *)a->req_info,r));
 	}

 int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_X509_CRL_INFO,
+	return(ASN1_item_verify(&X509_CRL_INFO_it,
 		a->sig_alg, a->signature,(char *)a->crl,r));
 	}

 int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r)
 	{
-	return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC,
+	return(ASN1_item_verify(&NETSCAPE_SPKAC_it,
 		a->sig_algor,a->signature, (char *)a->spkac,r));
 	}

 int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature,
+	return(ASN1_item_sign(&X509_CINF_it, x->cert_info->signature,
 		x->sig_alg, x->signature, (char *)x->cert_info,pkey,md));
 	}

 int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL,
+	return(ASN1_item_sign(&X509_REQ_INFO_it,x->sig_alg, NULL,
 		x->signature, (char *)x->req_info,pkey,md));
 	}

 int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg,
+	return(ASN1_item_sign(&X509_CRL_INFO_it,x->crl->sig_alg,
 		x->sig_alg, x->signature, (char *)x->crl,pkey,md));
 	}

 int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md)
 	{
-	return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL,
+	return(ASN1_item_sign(&NETSCAPE_SPKAC_it, x->sig_algor,NULL,
 		x->signature, (char *)x->spkac,pkey,md));
 	}

@@ -414,31 +414,31 @@ X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne)
 int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len));
+	return(ASN1_item_digest(&X509_it,type,(char *)data,md,len));
 	}

 int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_CRL,type,(char *)data,md,len));
+	return(ASN1_item_digest(&X509_CRL_it,type,(char *)data,md,len));
 	}

 int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_REQ,type,(char *)data,md,len));
+	return(ASN1_item_digest(&X509_REQ_it,type,(char *)data,md,len));
 	}

 int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md,
 	     unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len));
+	return(ASN1_item_digest(&X509_NAME_it,type,(char *)data,md,len));
 	}

 int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type,
 	     unsigned char *md, unsigned int *len)
 	{
-	return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,
+	return(ASN1_item_digest(&PKCS7_ISSUER_AND_SERIAL_it,type,
 		(char *)data,md,len));
 	}