add getter for tbsResponseData and signatureAlgorithm on OCSP_BASICRESP

fixes #7081

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/7082)

diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index a42b80fa5bf823234fcff0379db9d8af4a5f58b6..5d99ae3bd7d1c134bb7b4f24d4240fb0d120a38b 100644 (file)
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -166,6 +166,16 @@ const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
     return bs->signature;
 }
 
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+{
+    return &bs->signatureAlgorithm;
+}
+
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
+{
+    return &bs->tbsResponseData;
+}
+
 /*
  * Return number of OCSP_SINGLERESP responses present in a basic response.
  */

diff --git a/doc/crypto/OCSP_resp_find_status.pod b/doc/crypto/OCSP_resp_find_status.pod
index e014df500b6f6cb9cadd681628c444e13343d9c8..4f704fb56eb2735737512cf8d287a0e6698131ab 100644 (file)
--- a/doc/crypto/OCSP_resp_find_status.pod
+++ b/doc/crypto/OCSP_resp_find_status.pod
@@ -6,6 +6,8 @@ OCSP_resp_get0_certs,
 OCSP_resp_get0_signer,
 OCSP_resp_get0_id,
 OCSP_resp_get0_produced_at,
+OCSP_resp_get0_tbs_sigalg,
+OCSP_resp_get0_respdata,
 OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
 OCSP_single_get0_status, OCSP_check_validity,
 OCSP_basic_verify
@@ -32,6 +34,8 @@ OCSP_basic_verify
  const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(
                              const OCSP_BASICRESP* single);
 
+ const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+ const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
  const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
 
  int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
@@ -78,6 +82,10 @@ B<*revtime>, B<*thisupd> and B<*nextupd>.
 OCSP_resp_get0_produced_at() extracts the B<producedAt> field from the
 single response B<bs>.
 
+OCSP_resp_get0_tbs_sigalg() returns the B<signatureAlgorithm> from B<bs>.
+
+OCSP_resp_get0_respdata() returns the B<tbsResponseData> from B<bs>.
+
 OCSP_resp_get0_certs() returns any certificates included in B<bs>.
 
 OCSP_resp_get0_signer() attempts to retrieve the certificate that directly

diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index 90ebe5ccd05e49af4b097ae3634e71a46a9ad97c..fd172fbf1d509b75adc37bfba94acdfd4a410438 100644 (file)
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -194,6 +194,8 @@ int OCSP_response_status(OCSP_RESPONSE *resp);
 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
 
 const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
 int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
                           STACK_OF(X509) *extra_certs);
 

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 51f1d7d6540a71fbac833899d968991c8076bbf4..c0fe79d71a3480b1168c4d9c776d83ad6e1ea6d5 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4263,3 +4263,5 @@ X509_OBJECT_set1_X509                   4514      1_1_0i  EXIST::FUNCTION:
 X509_LOOKUP_meth_get_get_by_issuer_serial 4515 1_1_0i  EXIST::FUNCTION:
 X509_LOOKUP_meth_set_init               4516   1_1_0i  EXIST::FUNCTION:
 X509_OBJECT_set1_X509_CRL               4517   1_1_0i  EXIST::FUNCTION:
+OCSP_resp_get0_tbs_sigalg               4529   1_1_0j  EXIST::FUNCTION:OCSP
+OCSP_resp_get0_respdata                 4530   1_1_0j  EXIST::FUNCTION:OCSP