/usr/src/lib/libcrypto/ocsp/ocsp

clang -cc1 -cc1 -triple amd64-unknown-openbsd7.4 -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name ocsp_cl.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 1 -pic-is-pie -mframe-pointer=all -relaxed-aliasing -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -target-feature +retpoline-indirect-calls -target-feature +retpoline-indirect-branches -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/usr/src/lib/libcrypto/obj -resource-dir /usr/local/llvm16/lib/clang/16 -D LIBRESSL_INTERNAL -D HAVE_FUNOPEN -I /usr/src/lib/libcrypto -I /usr/src/lib/libcrypto/arch/amd64 -I /usr/src/lib/libcrypto/asn1 -I /usr/src/lib/libcrypto/bio -I /usr/src/lib/libcrypto/bn -I /usr/src/lib/libcrypto/bn/arch/amd64 -I /usr/src/lib/libcrypto/bytestring -I /usr/src/lib/libcrypto/curve25519 -I /usr/src/lib/libcrypto/dh -I /usr/src/lib/libcrypto/dsa -I /usr/src/lib/libcrypto/ec -I /usr/src/lib/libcrypto/ecdsa -I /usr/src/lib/libcrypto/evp -I /usr/src/lib/libcrypto/hidden -I /usr/src/lib/libcrypto/hmac -I /usr/src/lib/libcrypto/kdf -I /usr/src/lib/libcrypto/modes -I /usr/src/lib/libcrypto/ocsp -I /usr/src/lib/libcrypto/pkcs12 -I /usr/src/lib/libcrypto/rsa -I /usr/src/lib/libcrypto/sha -I /usr/src/lib/libcrypto/ts -I /usr/src/lib/libcrypto/x509 -I /usr/src/lib/libcrypto/obj -D AES_ASM -D BSAES_ASM -D VPAES_ASM -D OPENSSL_IA32_SSE2 -D RSA_ASM -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D MD5_ASM -D GHASH_ASM -D RC4_MD5_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D WHIRLPOOL_ASM -D OPENSSL_CPUID_OBJ -internal-isystem /usr/local/llvm16/lib/clang/16/include -internal-externc-isystem /usr/include -O2 -fdebug-compilation-dir=/usr/src/lib/libcrypto/obj -ferror-limit 19 -fwrapv -D_RET_PROTECTOR -ret-protector -fcf-protection=branch -fno-jump-tables -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -fno-builtin-malloc -fno-builtin-calloc -fno-builtin-realloc -fno-builtin-valloc -fno-builtin-free -fno-builtin-strdup -fno-builtin-strndup -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /home/ben/Projects/scan/2024-01-11-140451-98009-1 -x c /usr/src/lib/libcrypto/ocsp/ocsp_cl.c

File:	src/lib/libcrypto/ocsp/ocsp_cl.c
Warning:	line 164, column 33 Although the value stored to 'sig' is used in the enclosing expression, the value is never actually read from 'sig'

Bug Summary

Annotated Source Code

1	/* $OpenBSD: ocsp_cl.c,v 1.23 2023/07/08 10:44:00 beck Exp $ */
2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3	* project. */
4
5	/* History:
6	This file was transfered to Richard Levitte from CertCo by Kathy
7	Weinhold in mid-spring 2000 to be included in OpenSSL or released
8	as a patch kit. */
9
10	/* ====================================================================
11	* Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved.
12	*
13	* Redistribution and use in source and binary forms, with or without
14	* modification, are permitted provided that the following conditions
15	* are met:
16	*
17	* 1. Redistributions of source code must retain the above copyright
18	* notice, this list of conditions and the following disclaimer.
19	*
20	* 2. Redistributions in binary form must reproduce the above copyright
21	* notice, this list of conditions and the following disclaimer in
22	* the documentation and/or other materials provided with the
23	* distribution.
24	*
25	* 3. All advertising materials mentioning features or use of this
26	* software must display the following acknowledgment:
27	* "This product includes software developed by the OpenSSL Project
28	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
29	*
30	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
31	* endorse or promote products derived from this software without
32	* prior written permission. For written permission, please contact
33	* openssl-core@openssl.org.
34	*
35	* 5. Products derived from this software may not be called "OpenSSL"
36	* nor may "OpenSSL" appear in their names without prior written
37	* permission of the OpenSSL Project.
38	*
39	* 6. Redistributions of any form whatsoever must retain the following
40	* acknowledgment:
41	* "This product includes software developed by the OpenSSL Project
42	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
43	*
44	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
45	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
46	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
47	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
48	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
49	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
50	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
51	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
53	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
54	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
55	* OF THE POSSIBILITY OF SUCH DAMAGE.
56	* ====================================================================
57	*
58	* This product includes cryptographic software written by Eric Young
59	* (eay@cryptsoft.com). This product includes software written by Tim
60	* Hudson (tjh@cryptsoft.com).
61	*
62	*/
63
64	#include <stdio.h>
65	#include <time.h>
66
67	#include <openssl/err.h>
68	#include <openssl/ocsp.h>
69	#include <openssl/objects.h>
70	#include <openssl/pem.h>
71	#include <openssl/x509.h>
72	#include <openssl/x509v3.h>
73
74	#include "ocsp_local.h"
75
76	/* Utility functions related to sending OCSP requests and extracting
77	* relevant information from the response.
78	*/
79
80	/* Add an OCSP_CERTID to an OCSP request. Return new OCSP_ONEREQ
81	* pointer: useful if we want to add extensions.
82	*/
83	OCSP_ONEREQ *
84	OCSP_request_add0_id(OCSP_REQUEST req, OCSP_CERTID cid)
85	{
86	OCSP_ONEREQ *one;
87
88	if ((one = OCSP_ONEREQ_new()) == NULL((void *)0))
89	goto err;
90	if (req != NULL((void *)0)) {
91	if (!sk_OCSP_ONEREQ_push(req->tbsRequest->requestList, one)sk_push(((_STACK) (1 ? (req->tbsRequest->requestList) : (struct stack_st_OCSP_ONEREQ)0)), ((void) (1 ? (one) : (OCSP_ONEREQ )0))))
92	goto err;
93	}
94	OCSP_CERTID_free(one->reqCert);
95	one->reqCert = cid;
96	return one;
97
98	err:
99	OCSP_ONEREQ_free(one);
100	return NULL((void *)0);
101	}
102	LCRYPTO_ALIAS(OCSP_request_add0_id)asm("");
103
104	/* Set requestorName from an X509_NAME structure */
105	int
106	OCSP_request_set1_name(OCSP_REQUEST req, X509_NAME nm)
107	{
108	GENERAL_NAME *gen;
109
110	gen = GENERAL_NAME_new();
111	if (gen == NULL((void *)0))
112	return 0;
113	if (!X509_NAME_set(&gen->d.directoryName, nm)) {
114	GENERAL_NAME_free(gen);
115	return 0;
116	}
117	gen->type = GEN_DIRNAME4;
118	if (req->tbsRequest->requestorName)
119	GENERAL_NAME_free(req->tbsRequest->requestorName);
120	req->tbsRequest->requestorName = gen;
121	return 1;
122	}
123	LCRYPTO_ALIAS(OCSP_request_set1_name)asm("");
124
125	/* Add a certificate to an OCSP request */
126	int
127	OCSP_request_add1_cert(OCSP_REQUEST req, X509 cert)
128	{
129	OCSP_SIGNATURE *sig;
130
131	if (!req->optionalSignature)
132	req->optionalSignature = OCSP_SIGNATURE_new();
133	sig = req->optionalSignature;
134	if (!sig)
135	return 0;
136	if (!cert)
137	return 1;
138	if (!sig->certs && !(sig->certs = sk_X509_new_null()((struct stack_st_X509 *)sk_new_null())))
139	return 0;
140
141	if (!sk_X509_push(sig->certs, cert)sk_push(((_STACK) (1 ? (sig->certs) : (struct stack_st_X509 )0)), ((void) (1 ? (cert) : (X509)0))))
142	return 0;
143	X509_up_ref(cert);
144	return 1;
145	}
146	LCRYPTO_ALIAS(OCSP_request_add1_cert)asm("");
147
148	/* Sign an OCSP request set the requestorName to the subject
149	* name of an optional signers certificate and include one
150	* or more optional certificates in the request. Behaves
151	* like PKCS7_sign().
152	*/
153	int
154	OCSP_request_sign(OCSP_REQUEST req, X509 signer, EVP_PKEY *key,
155	const EVP_MD dgst, STACK_OF(X509)struct stack_st_X509 certs, unsigned long flags)
156	{
157	int i;
158	OCSP_SIGNATURE *sig;
159	X509 *x;
160
161	if (!OCSP_request_set1_name(req, X509_get_subject_name(signer)))
162	goto err;
163
164	if (!(req->optionalSignature = sig = OCSP_SIGNATURE_new()))
	Although the value stored to 'sig' is used in the enclosing expression, the value is never actually read from 'sig'
165	goto err;
166	if (key) {
167	if (!X509_check_private_key(signer, key)) {
168	OCSPerror(OCSP_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE)ERR_put_error(39,(0xfff),(110),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,168);
169	goto err;
170	}
171	if (!OCSP_REQUEST_sign(req, key, dgst)ASN1_item_sign(&OCSP_REQINFO_it, (req)->optionalSignature ->signatureAlgorithm, ((void *)0), (req)->optionalSignature ->signature,req->tbsRequest, (key), (dgst)))
172	goto err;
173	}
174
175	if (!(flags & OCSP_NOCERTS0x1)) {
176	if (!OCSP_request_add1_cert(req, signer))
177	goto err;
178	for (i = 0; i < sk_X509_num(certs)sk_num(((_STACK) (1 ? (certs) : (struct stack_st_X509)0))); i++) {
179	x = sk_X509_value(certs, i)((X509 )sk_value(((_STACK) (1 ? (certs) : (struct stack_st_X509 *)0)), (i)));
180	if (!OCSP_request_add1_cert(req, x))
181	goto err;
182	}
183	}
184
185	return 1;
186
187	err:
188	OCSP_SIGNATURE_free(req->optionalSignature);
189	req->optionalSignature = NULL((void *)0);
190	return 0;
191	}
192	LCRYPTO_ALIAS(OCSP_request_sign)asm("");
193
194	/* Get response status */
195	int
196	OCSP_response_status(OCSP_RESPONSE *resp)
197	{
198	return ASN1_ENUMERATED_get(resp->responseStatus);
199	}
200	LCRYPTO_ALIAS(OCSP_response_status)asm("");
201
202	/* Extract basic response from OCSP_RESPONSE or NULL if
203	* no basic response present.
204	*/
205	OCSP_BASICRESP *
206	OCSP_response_get1_basic(OCSP_RESPONSE *resp)
207	{
208	OCSP_RESPBYTES *rb;
209
210	rb = resp->responseBytes;
211	if (!rb) {
212	OCSPerror(OCSP_R_NO_RESPONSE_DATA)ERR_put_error(39,(0xfff),(108),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,212);
213	return NULL((void *)0);
214	}
215	if (OBJ_obj2nid(rb->responseType) != NID_id_pkix_OCSP_basic365) {
216	OCSPerror(OCSP_R_NOT_BASIC_RESPONSE)ERR_put_error(39,(0xfff),(104),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,216);
217	return NULL((void *)0);
218	}
219
220	return ASN1_item_unpack(rb->response, &OCSP_BASICRESP_it);
221	}
222	LCRYPTO_ALIAS(OCSP_response_get1_basic)asm("");
223
224	/* Return number of OCSP_SINGLERESP responses present in
225	* a basic response.
226	*/
227	int
228	OCSP_resp_count(OCSP_BASICRESP *bs)
229	{
230	if (!bs)
231	return -1;
232	return sk_OCSP_SINGLERESP_num(bs->tbsResponseData->responses)sk_num(((_STACK) (1 ? (bs->tbsResponseData->responses) : (struct stack_st_OCSP_SINGLERESP)0)));
233	}
234	LCRYPTO_ALIAS(OCSP_resp_count)asm("");
235
236	/* Extract an OCSP_SINGLERESP response with a given index */
237	OCSP_SINGLERESP *
238	OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
239	{
240	if (!bs)
241	return NULL((void *)0);
242	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx)((OCSP_SINGLERESP )sk_value(((_STACK) (1 ? (bs->tbsResponseData ->responses) : (struct stack_st_OCSP_SINGLERESP*)0)), (idx )));
243	}
244	LCRYPTO_ALIAS(OCSP_resp_get0)asm("");
245
246	const ASN1_GENERALIZEDTIME *
247	OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs)
248	{
249	return bs->tbsResponseData->producedAt;
250	}
251	LCRYPTO_ALIAS(OCSP_resp_get0_produced_at)asm("");
252
253	const STACK_OF(X509)struct stack_st_X509 *
254	OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
255	{
256	return bs->certs;
257	}
258	LCRYPTO_ALIAS(OCSP_resp_get0_certs)asm("");
259
260	int
261	OCSP_resp_get0_id(const OCSP_BASICRESP bs, const ASN1_OCTET_STRING *pid,
262	const X509_NAME **pname)
263	{
264	const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
265
266	if (rid->type == V_OCSP_RESPID_NAME0) {
267	*pname = rid->value.byName;
268	pid = NULL((void )0);
269	} else if (rid->type == V_OCSP_RESPID_KEY1) {
270	*pid = rid->value.byKey;
271	pname = NULL((void )0);
272	} else {
273	return 0;
274	}
275
276	return 1;
277	}
278	LCRYPTO_ALIAS(OCSP_resp_get0_id)asm("");
279
280	const ASN1_OCTET_STRING *
281	OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
282	{
283	return bs->signature;
284	}
285	LCRYPTO_ALIAS(OCSP_resp_get0_signature)asm("");
286
287	const X509_ALGOR *
288	OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
289	{
290	return bs->signatureAlgorithm;
291	}
292	LCRYPTO_ALIAS(OCSP_resp_get0_tbs_sigalg)asm("");
293
294	const OCSP_RESPDATA *
295	OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
296	{
297	return bs->tbsResponseData;
298	}
299	LCRYPTO_ALIAS(OCSP_resp_get0_respdata)asm("");
300
301	/* Look single response matching a given certificate ID */
302	int
303	OCSP_resp_find(OCSP_BASICRESP bs, OCSP_CERTID id, int last)
304	{
305	int i;
306	STACK_OF(OCSP_SINGLERESP)struct stack_st_OCSP_SINGLERESP *sresp;
307	OCSP_SINGLERESP *single;
308
309	if (!bs)
310	return -1;
311	if (last < 0)
312	last = 0;
313	else
314	last++;
315	sresp = bs->tbsResponseData->responses;
316	for (i = last; i < sk_OCSP_SINGLERESP_num(sresp)sk_num(((_STACK) (1 ? (sresp) : (struct stack_st_OCSP_SINGLERESP )0))); i++) {
317	single = sk_OCSP_SINGLERESP_value(sresp, i)((OCSP_SINGLERESP )sk_value(((_STACK) (1 ? (sresp) : (struct stack_st_OCSP_SINGLERESP*)0)), (i)));
318	if (!OCSP_id_cmp(id, single->certId))
319	return i;
320	}
321	return -1;
322	}
323	LCRYPTO_ALIAS(OCSP_resp_find)asm("");
324
325	/* Extract status information from an OCSP_SINGLERESP structure.
326	* Note: the revtime and reason values are only set if the
327	* certificate status is revoked. Returns numerical value of
328	* status.
329	*/
330	int
331	OCSP_single_get0_status(OCSP_SINGLERESP single, int reason,
332	ASN1_GENERALIZEDTIME revtime, ASN1_GENERALIZEDTIME thisupd,
333	ASN1_GENERALIZEDTIME **nextupd)
334	{
335	int ret;
336	OCSP_CERTSTATUS *cst;
337
338	if (!single)
339	return -1;
340	cst = single->certStatus;
341	ret = cst->type;
342	if (ret == V_OCSP_CERTSTATUS_REVOKED1) {
343	OCSP_REVOKEDINFO *rev = cst->value.revoked;
344
345	if (revtime)
346	*revtime = rev->revocationTime;
347	if (reason) {
348	if (rev->revocationReason)
349	*reason = ASN1_ENUMERATED_get(
350	rev->revocationReason);
351	else
352	*reason = -1;
353	}
354	}
355	if (thisupd)
356	*thisupd = single->thisUpdate;
357	if (nextupd)
358	*nextupd = single->nextUpdate;
359	return ret;
360	}
361	LCRYPTO_ALIAS(OCSP_single_get0_status)asm("");
362
363	/* This function combines the previous ones: look up a certificate ID and
364	* if found extract status information. Return 0 is successful.
365	*/
366	int
367	OCSP_resp_find_status(OCSP_BASICRESP bs, OCSP_CERTID id, int *status,
368	int reason, ASN1_GENERALIZEDTIME revtime, ASN1_GENERALIZEDTIME *thisupd,
369	ASN1_GENERALIZEDTIME **nextupd)
370	{
371	int i;
372	OCSP_SINGLERESP *single;
373
374	i = OCSP_resp_find(bs, id, -1);
375	/* Maybe check for multiple responses and give an error? */
376	if (i < 0)
377	return 0;
378	single = OCSP_resp_get0(bs, i);
379	i = OCSP_single_get0_status(single, reason, revtime, thisupd, nextupd);
380	if (status)
381	*status = i;
382	return 1;
383	}
384	LCRYPTO_ALIAS(OCSP_resp_find_status)asm("");
385
386	/* Check validity of thisUpdate and nextUpdate fields. It is possible that the request will
387	* take a few seconds to process and/or the time wont be totally accurate. Therefore to avoid
388	* rejecting otherwise valid time we allow the times to be within 'nsec' of the current time.
389	* Also to avoid accepting very old responses without a nextUpdate field an optional maxage
390	* parameter specifies the maximum age the thisUpdate field can be.
391	*/
392	int
393	OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
394	ASN1_GENERALIZEDTIME *nextupd, long nsec, long maxsec)
395	{
396	time_t t_now, t_tmp;
397	struct tm tm_this, tm_next, tm_tmp;
398
399	time(&t_now);
400
401	/*
402	* Times must explicitly be a GENERALIZEDTIME as per section
403	* 4.2.2.1 of RFC 6960 - It is invalid to accept other times
404	* (such as UTCTIME permitted/required by RFC 5280 for certificates)
405	*/
406
407	/* Check thisUpdate is valid and not more than nsec in the future */
408	if (ASN1_time_parse(thisupd->data, thisupd->length, &tm_this,
409	V_ASN1_GENERALIZEDTIME24) != V_ASN1_GENERALIZEDTIME24) {
410	OCSPerror(OCSP_R_ERROR_IN_THISUPDATE_FIELD)ERR_put_error(39,(0xfff),(123),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,410);
411	return 0;
412	} else {
413	t_tmp = t_now + nsec;
414	if (gmtime_r(&t_tmp, &tm_tmp) == NULL((void *)0))
415	return 0;
416	if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) > 0) {
417	OCSPerror(OCSP_R_STATUS_NOT_YET_VALID)ERR_put_error(39,(0xfff),(126),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,417);
418	return 0;
419	}
420
421	/*
422	* If maxsec specified check thisUpdate is not more than maxsec
423	* in the past
424	*/
425	if (maxsec >= 0) {
426	t_tmp = t_now - maxsec;
427	if (gmtime_r(&t_tmp, &tm_tmp) == NULL((void *)0))
428	return 0;
429	if (ASN1_time_tm_cmp(&tm_this, &tm_tmp) < 0) {
430	OCSPerror(OCSP_R_STATUS_TOO_OLD)ERR_put_error(39,(0xfff),(127),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,430);
431	return 0;
432	}
433	}
434	}
435
436	if (!nextupd)
437	return 1;
438
439	/* Check nextUpdate is valid and not more than nsec in the past */
440	if (ASN1_time_parse(nextupd->data, nextupd->length, &tm_next,
441	V_ASN1_GENERALIZEDTIME24) != V_ASN1_GENERALIZEDTIME24) {
442	OCSPerror(OCSP_R_ERROR_IN_NEXTUPDATE_FIELD)ERR_put_error(39,(0xfff),(122),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,442);
443	return 0;
444	} else {
445	t_tmp = t_now - nsec;
446	if (gmtime_r(&t_tmp, &tm_tmp) == NULL((void *)0))
447	return 0;
448	if (ASN1_time_tm_cmp(&tm_next, &tm_tmp) < 0) {
449	OCSPerror(OCSP_R_STATUS_EXPIRED)ERR_put_error(39,(0xfff),(125),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,449);
450	return 0;
451	}
452	}
453
454	/* Also don't allow nextUpdate to precede thisUpdate */
455	if (ASN1_time_tm_cmp(&tm_next, &tm_this) < 0) {
456	OCSPerror(OCSP_R_NEXTUPDATE_BEFORE_THISUPDATE)ERR_put_error(39,(0xfff),(124),"/usr/src/lib/libcrypto/ocsp/ocsp_cl.c" ,456);
457	return 0;
458	}
459
460	return 1;
461	}
462	LCRYPTO_ALIAS(OCSP_check_validity)asm("");
463
464	const OCSP_CERTID *
465	OCSP_SINGLERESP_get0_id(const OCSP_SINGLERESP *single)
466	{
467	return single->certId;
468	}
469	LCRYPTO_ALIAS(OCSP_SINGLERESP_get0_id)asm("");