Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing

diff --git a/lib/libcrypto/ocsp/ocsp.h b/lib/libcrypto/ocsp/ocsp.h
index 316fb8e..554d164 100644 (file)
--- a/lib/libcrypto/ocsp/ocsp.h
+++ b/lib/libcrypto/ocsp/ocsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */
+/* $OpenBSD: ocsp.h,v 1.17 2021/10/24 13:50:14 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -414,8 +414,23 @@ int        OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
 int    OCSP_response_status(OCSP_RESPONSE *resp);
 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
 
+#if defined(LIBRESSL_NEW_API)
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+int    OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+           STACK_OF(X509) *extra_certs);
+#endif
+
 int    OCSP_resp_count(OCSP_BASICRESP *bs);
 OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+#if defined(LIBRESSL_NEW_API)
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int    OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+           const ASN1_OCTET_STRING **pid, const X509_NAME **pname);
+#endif
+
 int    OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
 int    OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
            ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd,

diff --git a/lib/libcrypto/ocsp/ocsp_cl.c b/lib/libcrypto/ocsp/ocsp_cl.c
index cb5a2f3..677a1b3 100644 (file)
--- a/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/lib/libcrypto/ocsp/ocsp_cl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_cl.c,v 1.17 2020/10/09 17:19:35 tb Exp $ */
+/* $OpenBSD: ocsp_cl.c,v 1.18 2021/10/24 13:50:14 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
  * project. */
 
@@ -233,6 +233,55 @@ OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
        return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
 }
 
+const ASN1_GENERALIZEDTIME *
+OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs)
+{
+       return bs->tbsResponseData->producedAt;
+}
+
+const STACK_OF(X509) *
+OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+       return bs->certs;
+}
+
+int
+OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid,
+    const X509_NAME **pname)
+{
+       const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+
+       if (rid->type == V_OCSP_RESPID_NAME) {
+               *pname = rid->value.byName;
+               *pid = NULL;
+       } else if (rid->type == V_OCSP_RESPID_KEY) {
+               *pid = rid->value.byKey;
+               *pname = NULL;
+       } else {
+               return 0;
+       }
+
+       return 1;
+}
+
+const ASN1_OCTET_STRING *
+OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
+{
+       return bs->signature;
+}
+
+const X509_ALGOR *
+OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+{
+       return bs->signatureAlgorithm;
+}
+
+const OCSP_RESPDATA *
+OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
+{
+       return bs->tbsResponseData;
+}
+
 /* Look single response matching a given certificate ID */
 int
 OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)

diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c
index ebdd826..e92b5d7 100644 (file)
--- a/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.16 2021/10/24 13:50:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
  * project 2000.
  */
@@ -179,6 +179,13 @@ end:
        return ret;
 }
 
+int
+OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+    STACK_OF(X509) *extra_certs)
+{
+       return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0;
+}
+
 static int
 ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
     X509_STORE *st, unsigned long flags)