From: Sascha Steinbiss Date: Tue, 8 Nov 2016 09:16:45 +0000 (+0100) Subject: Add OCSP_resp_get1_id() accessor X-Git-Tag: OpenSSL_1_1_1-pre1~1223 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=db17e43d882ecde217e1dce4a2b8c76c3ed134bf;p=oweals%2Fopenssl.git Add OCSP_resp_get1_id() accessor Adding a get1 style accessor as brought up in mailing list post https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html Reviewed-by: Matt Caswell Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/1876) --- diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c index a42b80fa5b..118b66a2f5 100644 --- a/crypto/ocsp/ocsp_cl.c +++ b/crypto/ocsp/ocsp_cl.c @@ -10,6 +10,7 @@ #include #include #include "internal/cryptlib.h" +#include #include #include #include @@ -199,9 +200,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname) - { const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; + if (rid->type == V_OCSP_RESPID_NAME) { *pname = rid->value.byName; *pid = NULL; @@ -214,6 +215,26 @@ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, return 1; } +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname) +{ + const OCSP_RESPID *rid = &bs->tbsResponseData.responderId; + + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = X509_NAME_dup(rid->value.byName); + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = ASN1_OCTET_STRING_dup(rid->value.byKey); + *pname = NULL; + } else { + return 0; + } + if (pname == NULL && pid == NULL) + return 0; + return 1; +} + /* Look single response matching a given certificate ID */ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod index c8e4218291..e1442eb97e 100644 --- a/doc/man3/OCSP_resp_find_status.pod +++ b/doc/man3/OCSP_resp_find_status.pod @@ -4,6 +4,7 @@ OCSP_resp_get0_certs, OCSP_resp_get0_id, +OCSP_resp_get1_id, OCSP_resp_get0_produced_at, OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find, OCSP_single_get0_status, OCSP_check_validity @@ -35,6 +36,9 @@ OCSP_single_get0_status, OCSP_check_validity int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); + int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd, ASN1_GENERALIZEDTIME *nextupd, @@ -75,7 +79,10 @@ OCSP_resp_get0_certs() returns any certificates included in B. OCSP_resp_get0_id() gets the responder id of . If the responder ID is a name then <*pname> is set to the name and B<*pid> is set to NULL. If the responder ID is by key ID then B<*pid> is set to the key ID and B<*pname> -is set to NULL. +is set to NULL. OCSP_resp_get1_id() leaves ownership of B<*pid> and B<*pname> +with the caller, who is responsible for freeing them. Both functions return 1 +in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0, +no freeing of the results is necessary. OCSP_check_validity() checks the validity of B and B values which will be typically obtained from OCSP_resp_find_status() or diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h index 6b1a4903f8..0937d972be 100644 --- a/include/openssl/ocsp.h +++ b/include/openssl/ocsp.h @@ -221,6 +221,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, const X509_NAME **pname); +int OCSP_resp_get1_id(const OCSP_BASICRESP *bs, + ASN1_OCTET_STRING **pid, + X509_NAME **pname); int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, diff --git a/util/libcrypto.num b/util/libcrypto.num index c45042da6a..523a281c6a 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -4299,3 +4299,4 @@ UI_method_get_data_destructor 4241 1_1_1 EXIST::FUNCTION:UI ERR_load_strings_const 4242 1_1_1 EXIST::FUNCTION: ASN1_TIME_to_tm 4243 1_1_1 EXIST::FUNCTION: ASN1_TIME_set_string_X509 4244 1_1_1 EXIST::FUNCTION: +OCSP_resp_get1_id 4245 1_1_1 EXIST::FUNCTION:OCSP