From d779a45b0d8f17dff369d5e80288ac12f5d0fef1 Mon Sep 17 00:00:00 2001 From: tb Date: Sun, 24 Oct 2021 13:50:14 +0000 Subject: [PATCH] Prepare to provide a bunch of OCSP_resp_* getters. ok beck jsing --- lib/libcrypto/ocsp/ocsp.h | 17 +++++++++++- lib/libcrypto/ocsp/ocsp_cl.c | 51 ++++++++++++++++++++++++++++++++++- lib/libcrypto/ocsp/ocsp_vfy.c | 9 ++++++- 3 files changed, 74 insertions(+), 3 deletions(-) diff --git a/lib/libcrypto/ocsp/ocsp.h b/lib/libcrypto/ocsp/ocsp.h index 316fb8ed937..554d1646010 100644 --- a/lib/libcrypto/ocsp/ocsp.h +++ b/lib/libcrypto/ocsp/ocsp.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */ +/* $OpenBSD: ocsp.h,v 1.17 2021/10/24 13:50:14 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -414,8 +414,23 @@ int OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key, int OCSP_response_status(OCSP_RESPONSE *resp); OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp); +#if defined(LIBRESSL_NEW_API) +const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs); +const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs); +const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs); +#endif + int OCSP_resp_count(OCSP_BASICRESP *bs); OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx); +#if defined(LIBRESSL_NEW_API) +const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs); +const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs); +int OCSP_resp_get0_id(const OCSP_BASICRESP *bs, + const ASN1_OCTET_STRING **pid, const X509_NAME **pname); +#endif + int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last); int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason, ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd, diff --git a/lib/libcrypto/ocsp/ocsp_cl.c b/lib/libcrypto/ocsp/ocsp_cl.c index cb5a2f3d188..677a1b35ddd 100644 --- a/lib/libcrypto/ocsp/ocsp_cl.c +++ b/lib/libcrypto/ocsp/ocsp_cl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_cl.c,v 1.17 2020/10/09 17:19:35 tb Exp $ */ +/* $OpenBSD: ocsp_cl.c,v 1.18 2021/10/24 13:50:14 tb Exp $ */ /* Written by Tom Titchener for the OpenSSL * project. */ @@ -233,6 +233,55 @@ OCSP_resp_get0(OCSP_BASICRESP *bs, int idx) return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx); } +const ASN1_GENERALIZEDTIME * +OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs) +{ + return bs->tbsResponseData->producedAt; +} + +const STACK_OF(X509) * +OCSP_resp_get0_certs(const OCSP_BASICRESP *bs) +{ + return bs->certs; +} + +int +OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid, + const X509_NAME **pname) +{ + const OCSP_RESPID *rid = bs->tbsResponseData->responderId; + + if (rid->type == V_OCSP_RESPID_NAME) { + *pname = rid->value.byName; + *pid = NULL; + } else if (rid->type == V_OCSP_RESPID_KEY) { + *pid = rid->value.byKey; + *pname = NULL; + } else { + return 0; + } + + return 1; +} + +const ASN1_OCTET_STRING * +OCSP_resp_get0_signature(const OCSP_BASICRESP *bs) +{ + return bs->signature; +} + +const X509_ALGOR * +OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs) +{ + return bs->signatureAlgorithm; +} + +const OCSP_RESPDATA * +OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs) +{ + return bs->tbsResponseData; +} + /* Look single response matching a given certificate ID */ int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last) diff --git a/lib/libcrypto/ocsp/ocsp_vfy.c b/lib/libcrypto/ocsp/ocsp_vfy.c index ebdd826878e..e92b5d73262 100644 --- a/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/lib/libcrypto/ocsp/ocsp_vfy.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */ +/* $OpenBSD: ocsp_vfy.c,v 1.16 2021/10/24 13:50:14 tb Exp $ */ /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL * project 2000. */ @@ -179,6 +179,13 @@ end: return ret; } +int +OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer, + STACK_OF(X509) *extra_certs) +{ + return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0; +} + static int ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs, X509_STORE *st, unsigned long flags) -- 2.20.1