[openssl-commits] [openssl] master update

Rich Salz rsalz at openssl.org
Wed Jun 21 19:12:49 UTC 2017 

The branch master has been updated
       via  db17e43d882ecde217e1dce4a2b8c76c3ed134bf (commit)
      from  15b1688ac9d1f31ad87d3390dabed42061d90dd8 (commit)


- Log -----------------------------------------------------------------
commit db17e43d882ecde217e1dce4a2b8c76c3ed134bf
Author: Sascha Steinbiss <sascha at steinbiss.name>
Date:   Tue Nov 8 10:16:45 2016 +0100

    Add OCSP_resp_get1_id() accessor
    
    Adding a get1 style accessor as brought up in mailing list post
    https://mta.openssl.org/pipermail/openssl-users/2016-November/004796.html
    
    Reviewed-by: Matt Caswell <matt at openssl.org>
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/1876)

-----------------------------------------------------------------------

Summary of changes:
 crypto/ocsp/ocsp_cl.c              | 23 ++++++++++++++++++++++-
 doc/man3/OCSP_resp_find_status.pod |  9 ++++++++-
 include/openssl/ocsp.h             |  3 +++
 util/libcrypto.num                 |  1 +
 4 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/crypto/ocsp/ocsp_cl.c b/crypto/ocsp/ocsp_cl.c
index a42b80f..118b66a 100644
--- a/crypto/ocsp/ocsp_cl.c
+++ b/crypto/ocsp/ocsp_cl.c
@@ -10,6 +10,7 @@
 #include <stdio.h>
 #include <time.h>
 #include "internal/cryptlib.h"
+#include <openssl/asn1.h>
 #include <openssl/objects.h>
 #include <openssl/x509.h>
 #include <openssl/pem.h>
@@ -199,9 +200,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
 int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
                       const ASN1_OCTET_STRING **pid,
                       const X509_NAME **pname)
-
 {
     const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
     if (rid->type == V_OCSP_RESPID_NAME) {
         *pname = rid->value.byName;
         *pid = NULL;
@@ -214,6 +215,26 @@ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
     return 1;
 }
 
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname)
+{
+    const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
+
+    if (rid->type == V_OCSP_RESPID_NAME) {
+        *pname = X509_NAME_dup(rid->value.byName);
+        *pid = NULL;
+    } else if (rid->type == V_OCSP_RESPID_KEY) {
+        *pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
+        *pname = NULL;
+    } else {
+        return 0;
+    }
+    if (pname == NULL && pid == NULL)
+        return 0;
+    return 1;
+}
+
 /* Look single response matching a given certificate ID */
 
 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
diff --git a/doc/man3/OCSP_resp_find_status.pod b/doc/man3/OCSP_resp_find_status.pod
index c8e4218..e1442eb 100644
--- a/doc/man3/OCSP_resp_find_status.pod
+++ b/doc/man3/OCSP_resp_find_status.pod
@@ -4,6 +4,7 @@
 
 OCSP_resp_get0_certs,
 OCSP_resp_get0_id,
+OCSP_resp_get1_id,
 OCSP_resp_get0_produced_at,
 OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
 OCSP_single_get0_status, OCSP_check_validity
@@ -35,6 +36,9 @@ OCSP_single_get0_status, OCSP_check_validity
  int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
                        const ASN1_OCTET_STRING **pid,
                        const X509_NAME **pname);
+ int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                       ASN1_OCTET_STRING **pid,
+                       X509_NAME **pname);
 
  int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
                          ASN1_GENERALIZEDTIME *nextupd,
@@ -75,7 +79,10 @@ OCSP_resp_get0_certs() returns any certificates included in B<bs>.
 OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
 a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
 responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
-is set to NULL.
+is set to NULL. OCSP_resp_get1_id() leaves ownership of B<*pid> and B<*pname>
+with the caller, who is responsible for freeing them. Both functions return 1
+in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0,
+no freeing of the results is necessary.
 
 OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
 which will be typically obtained from OCSP_resp_find_status() or
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
index 6b1a490..0937d97 100644
--- a/include/openssl/ocsp.h
+++ b/include/openssl/ocsp.h
@@ -221,6 +221,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
 int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
                       const ASN1_OCTET_STRING **pid,
                       const X509_NAME **pname);
+int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
+                      ASN1_OCTET_STRING **pid,
+                      X509_NAME **pname);
 
 int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
 int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
diff --git a/util/libcrypto.num b/util/libcrypto.num
index c45042d..523a281 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4299,3 +4299,4 @@ UI_method_get_data_destructor           4241	1_1_1	EXIST::FUNCTION:UI
 ERR_load_strings_const                  4242	1_1_1	EXIST::FUNCTION:
 ASN1_TIME_to_tm                         4243	1_1_1	EXIST::FUNCTION:
 ASN1_TIME_set_string_X509               4244	1_1_1	EXIST::FUNCTION:
+OCSP_resp_get1_id                       4245	1_1_1	EXIST::FUNCTION:OCSP

More information about the openssl-commits mailing list