Prepare to provide a bunch of OCSP_resp_* getters.

ok beck jsing
author: tb <> 2021-10-24 13:50:14 +0000
committer: tb <> 2021-10-24 13:50:14 +0000
commit: 9d8621b7e81419d953ce51428f69003f546bec2a (patch)
tree: eed60dd7494a63e3394016ae80a2600ee0f7bcac /src/lib
parent: 48c471e6a98e03acff50a033e9a20091e4842f90 (diff)
download: openbsd-9d8621b7e81419d953ce51428f69003f546bec2a.tar.gz
openbsd-9d8621b7e81419d953ce51428f69003f546bec2a.tar.bz2
openbsd-9d8621b7e81419d953ce51428f69003f546bec2a.zip
3 files changed, 74 insertions, 3 deletions
diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h
index 316fb8ed93..554d164601 100644
--- a/src/lib/libcrypto/ocsp/ocsp.h
+++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */
+/* $OpenBSD: ocsp.h,v 1.17 2021/10/24 13:50:14 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */
@@ -414,8 +414,23 @@ int	OCSP_request_sign(OCSP_REQUEST *req, X509 *signer, EVP_PKEY *key,
 int     OCSP_response_status(OCSP_RESPONSE *resp);
 OCSP_BASICRESP *OCSP_response_get1_basic(OCSP_RESPONSE *resp);
+#if defined(LIBRESSL_NEW_API)
+const ASN1_OCTET_STRING *OCSP_resp_get0_signature(const OCSP_BASICRESP *bs);
+const X509_ALGOR *OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs);
+const OCSP_RESPDATA *OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs);
+int     OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+            STACK_OF(X509) *extra_certs);
+#endif
 int     OCSP_resp_count(OCSP_BASICRESP *bs);
 OCSP_SINGLERESP *OCSP_resp_get0(OCSP_BASICRESP *bs, int idx);
+#if defined(LIBRESSL_NEW_API)
+const ASN1_GENERALIZEDTIME *OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs);
+const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
+int     OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
+            const ASN1_OCTET_STRING **pid, const X509_NAME **pname);
+#endif
 int     OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
 int     OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
            ASN1_GENERALIZEDTIME **revtime, ASN1_GENERALIZEDTIME **thisupd,
diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c
index cb5a2f3d18..677a1b35dd 100644
--- a/src/lib/libcrypto/ocsp/ocsp_cl.c
+++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_cl.c,v 1.17 2020/10/09 17:19:35 tb Exp $ */
+/* $OpenBSD: ocsp_cl.c,v 1.18 2021/10/24 13:50:14 tb Exp $ */
 /* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
 * project. */
@@ -233,6 +233,55 @@ OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
        return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
 }
+const ASN1_GENERALIZEDTIME *
+OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs)
+{
+        return bs->tbsResponseData->producedAt;
+}
+const STACK_OF(X509) *
+OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
+{
+        return bs->certs;
+}
+int
+OCSP_resp_get0_id(const OCSP_BASICRESP *bs, const ASN1_OCTET_STRING **pid,
+    const X509_NAME **pname)
+{
+        const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
+        if (rid->type == V_OCSP_RESPID_NAME) {
+                *pname = rid->value.byName;
+                *pid = NULL;
+        } else if (rid->type == V_OCSP_RESPID_KEY) {
+                *pid = rid->value.byKey;
+                *pname = NULL;
+        } else {
+                return 0;
+        }
+        return 1;
+}
+const ASN1_OCTET_STRING *
+OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
+{
+        return bs->signature;
+}
+const X509_ALGOR *
+OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
+{
+        return bs->signatureAlgorithm;
+}
+const OCSP_RESPDATA *
+OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
+{
+        return bs->tbsResponseData;
+}
 /* Look single response matching a given certificate ID */
 int
 OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c
index ebdd826878..e92b5d7326 100644
--- a/src/lib/libcrypto/ocsp/ocsp_vfy.c
+++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
+/* $OpenBSD: ocsp_vfy.c,v 1.16 2021/10/24 13:50:14 tb Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2000.
 */
@@ -179,6 +179,13 @@ end:
        return ret;
 }
+int
+OCSP_resp_get0_signer(OCSP_BASICRESP *bs, X509 **signer,
+    STACK_OF(X509) *extra_certs)
+{
+        return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0;
+}
 static int
 ocsp_find_signer(X509 **psigner, OCSP_BASICRESP *bs, STACK_OF(X509) *certs,
    X509_STORE *st, unsigned long flags)
author	tb <>	2021-10-24 13:50:14 +0000
committer	tb <>	2021-10-24 13:50:14 +0000
commit	9d8621b7e81419d953ce51428f69003f546bec2a (patch)
tree	eed60dd7494a63e3394016ae80a2600ee0f7bcac /src/lib
parent	48c471e6a98e03acff50a033e9a20091e4842f90 (diff)
download	openbsd-9d8621b7e81419d953ce51428f69003f546bec2a.tar.gz openbsd-9d8621b7e81419d953ce51428f69003f546bec2a.tar.bz2 openbsd-9d8621b7e81419d953ce51428f69003f546bec2a.zip

diff --git a/src/lib/libcrypto/ocsp/ocsp.h b/src/lib/libcrypto/ocsp/ocsp.h index 316fb8ed93..554d164601 100644 --- a/src/lib/libcrypto/ocsp/ocsp.h +++ b/src/lib/libcrypto/ocsp/ocsp.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocsp.h,v 1.16 2018/08/24 20:03:21 tb Exp $ */	1	/* $OpenBSD: ocsp.h,v 1.17 2021/10/24 13:50:14 tb Exp $ */
2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL	2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3	* project. */	3	* project. */
4		4
@@ -414,8 +414,23 @@ int OCSP_request_sign(OCSP_REQUEST req, X509 signer, EVP_PKEY *key,
414	int OCSP_response_status(OCSP_RESPONSE *resp);	414	int OCSP_response_status(OCSP_RESPONSE *resp);
415	OCSP_BASICRESP OCSP_response_get1_basic(OCSP_RESPONSE resp);	415	OCSP_BASICRESP OCSP_response_get1_basic(OCSP_RESPONSE resp);
416		416
		417	#if defined(LIBRESSL_NEW_API)
		418	const ASN1_OCTET_STRING OCSP_resp_get0_signature(const OCSP_BASICRESP bs);
		419	const X509_ALGOR OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP bs);
		420	const OCSP_RESPDATA OCSP_resp_get0_respdata(const OCSP_BASICRESP bs);
		421	int OCSP_resp_get0_signer(OCSP_BASICRESP bs, X509 *signer,
		422	STACK_OF(X509) *extra_certs);
		423	#endif
		424
417	int OCSP_resp_count(OCSP_BASICRESP *bs);	425	int OCSP_resp_count(OCSP_BASICRESP *bs);
418	OCSP_SINGLERESP OCSP_resp_get0(OCSP_BASICRESP bs, int idx);	426	OCSP_SINGLERESP OCSP_resp_get0(OCSP_BASICRESP bs, int idx);
		427	#if defined(LIBRESSL_NEW_API)
		428	const ASN1_GENERALIZEDTIME OCSP_resp_get0_produced_at(const OCSP_BASICRESP bs);
		429	const STACK_OF(X509) OCSP_resp_get0_certs(const OCSP_BASICRESP bs);
		430	int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
		431	const ASN1_OCTET_STRING pid, const X509_NAME pname);
		432	#endif
		433
419	int OCSP_resp_find(OCSP_BASICRESP bs, OCSP_CERTID id, int last);	434	int OCSP_resp_find(OCSP_BASICRESP bs, OCSP_CERTID id, int last);
420	int OCSP_single_get0_status(OCSP_SINGLERESP single, int reason,	435	int OCSP_single_get0_status(OCSP_SINGLERESP single, int reason,
421	ASN1_GENERALIZEDTIME revtime, ASN1_GENERALIZEDTIME thisupd,	436	ASN1_GENERALIZEDTIME revtime, ASN1_GENERALIZEDTIME thisupd,


diff --git a/src/lib/libcrypto/ocsp/ocsp_cl.c b/src/lib/libcrypto/ocsp/ocsp_cl.c index cb5a2f3d18..677a1b35dd 100644 --- a/src/lib/libcrypto/ocsp/ocsp_cl.c +++ b/src/lib/libcrypto/ocsp/ocsp_cl.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocsp_cl.c,v 1.17 2020/10/09 17:19:35 tb Exp $ */	1	/* $OpenBSD: ocsp_cl.c,v 1.18 2021/10/24 13:50:14 tb Exp $ */
2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL	2	/* Written by Tom Titchener <Tom_Titchener@groove.net> for the OpenSSL
3	* project. */	3	* project. */
4		4
@@ -233,6 +233,55 @@ OCSP_resp_get0(OCSP_BASICRESP *bs, int idx)
233	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);	233	return sk_OCSP_SINGLERESP_value(bs->tbsResponseData->responses, idx);
234	}	234	}
235		235
		236	const ASN1_GENERALIZEDTIME *
		237	OCSP_resp_get0_produced_at(const OCSP_BASICRESP *bs)
		238	{
		239	return bs->tbsResponseData->producedAt;
		240	}
		241
		242	const STACK_OF(X509) *
		243	OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
		244	{
		245	return bs->certs;
		246	}
		247
		248	int
		249	OCSP_resp_get0_id(const OCSP_BASICRESP bs, const ASN1_OCTET_STRING *pid,
		250	const X509_NAME **pname)
		251	{
		252	const OCSP_RESPID *rid = bs->tbsResponseData->responderId;
		253
		254	if (rid->type == V_OCSP_RESPID_NAME) {
		255	*pname = rid->value.byName;
		256	*pid = NULL;
		257	} else if (rid->type == V_OCSP_RESPID_KEY) {
		258	*pid = rid->value.byKey;
		259	*pname = NULL;
		260	} else {
		261	return 0;
		262	}
		263
		264	return 1;
		265	}
		266
		267	const ASN1_OCTET_STRING *
		268	OCSP_resp_get0_signature(const OCSP_BASICRESP *bs)
		269	{
		270	return bs->signature;
		271	}
		272
		273	const X509_ALGOR *
		274	OCSP_resp_get0_tbs_sigalg(const OCSP_BASICRESP *bs)
		275	{
		276	return bs->signatureAlgorithm;
		277	}
		278
		279	const OCSP_RESPDATA *
		280	OCSP_resp_get0_respdata(const OCSP_BASICRESP *bs)
		281	{
		282	return bs->tbsResponseData;
		283	}
		284
236	/* Look single response matching a given certificate ID */	285	/* Look single response matching a given certificate ID */
237	int	286	int
238	OCSP_resp_find(OCSP_BASICRESP bs, OCSP_CERTID id, int last)	287	OCSP_resp_find(OCSP_BASICRESP bs, OCSP_CERTID id, int last)


diff --git a/src/lib/libcrypto/ocsp/ocsp_vfy.c b/src/lib/libcrypto/ocsp/ocsp_vfy.c index ebdd826878..e92b5d7326 100644 --- a/src/lib/libcrypto/ocsp/ocsp_vfy.c +++ b/src/lib/libcrypto/ocsp/ocsp_vfy.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ocsp_vfy.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */	1	/* $OpenBSD: ocsp_vfy.c,v 1.16 2021/10/24 13:50:14 tb Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2000.	3	* project 2000.
4	*/	4	*/
@@ -179,6 +179,13 @@ end:
179	return ret;	179	return ret;
180	}	180	}
181		181
		182	int
		183	OCSP_resp_get0_signer(OCSP_BASICRESP bs, X509 *signer,
		184	STACK_OF(X509) *extra_certs)
		185	{
		186	return ocsp_find_signer(signer, bs, extra_certs, NULL, 0) > 0;
		187	}
		188
182	static int	189	static int
183	ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs, STACK_OF(X509) *certs,	190	ocsp_find_signer(X509 *psigner, OCSP_BASICRESP bs, STACK_OF(X509) *certs,
184	X509_STORE *st, unsigned long flags)	191	X509_STORE *st, unsigned long flags)