Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add OCSP_resp_get1_id() accessor #1876

Closed
wants to merge 3 commits into from
Closed

add OCSP_resp_get1_id() accessor #1876

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
139c44f
add OCSP_resp_get1_id() accessor
satta Nov 8, 2016
f155c09
return 0 as error code
satta Feb 9, 2017
b6e0e89
document OCSP_resp_get*_id() return values
satta Feb 9, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
23 changes: 22 additions & 1 deletion crypto/ocsp/ocsp_cl.c
View file
Open in desktop
Expand Up @@ -10,6 +10,7 @@
#include <stdio.h>
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
#include <openssl/pem.h>
Expand Down Expand Up @@ -199,9 +200,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs)
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname)

{
const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;

if (rid->type == V_OCSP_RESPID_NAME) {
*pname = rid->value.byName;
*pid = NULL;
Expand All @@ -214,6 +215,26 @@ int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
return 1;
}

int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
ASN1_OCTET_STRING **pid,
X509_NAME **pname)
{
const OCSP_RESPID *rid = &bs->tbsResponseData.responderId;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

blank line after the decl.


if (rid->type == V_OCSP_RESPID_NAME) {
*pname = X509_NAME_dup(rid->value.byName);
*pid = NULL;
} else if (rid->type == V_OCSP_RESPID_KEY) {
*pid = ASN1_OCTET_STRING_dup(rid->value.byKey);
*pname = NULL;
} else {
return 0;
}
if (pname == NULL && pid == NULL)
return 0;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Checking for NULLness of arguments seems quite late (and pointless) here; it seems that if (*pname && NULL && *pid == NULL) was the intended check.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sigh, we missed this. Wanna open a PR or issue?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, I'll make a PR; just wanted to give the OP first crack if they wanted.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#3775

return 1;
}

/* Look single response matching a given certificate ID */

int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last)
Expand Down
9 changes: 8 additions & 1 deletion doc/man3/OCSP_resp_find_status.pod
View file
Open in desktop
Expand Up @@ -4,6 +4,7 @@

OCSP_resp_get0_certs,
OCSP_resp_get0_id,
OCSP_resp_get1_id,
OCSP_resp_get0_produced_at,
OCSP_resp_find_status, OCSP_resp_count, OCSP_resp_get0, OCSP_resp_find,
OCSP_single_get0_status, OCSP_check_validity
Expand Down Expand Up @@ -35,6 +36,9 @@ OCSP_single_get0_status, OCSP_check_validity
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname);
int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
ASN1_OCTET_STRING **pid,
X509_NAME **pname);

int OCSP_check_validity(ASN1_GENERALIZEDTIME *thisupd,
ASN1_GENERALIZEDTIME *nextupd,
Expand Down Expand Up @@ -75,7 +79,10 @@ OCSP_resp_get0_certs() returns any certificates included in B<bs>.
OCSP_resp_get0_id() gets the responder id of <bs>. If the responder ID is
a name then <*pname> is set to the name and B<*pid> is set to NULL. If the
responder ID is by key ID then B<*pid> is set to the key ID and B<*pname>
is set to NULL.
is set to NULL. OCSP_resp_get1_id() leaves ownership of B<*pid> and B<*pname>
with the caller, who is responsible for freeing them. Both functions return 1
in case of success and 0 in case of failure. If OCSP_resp_get1_id() returns 0,
no freeing of the results is necessary.

OCSP_check_validity() checks the validity of B<thisupd> and B<nextupd> values
which will be typically obtained from OCSP_resp_find_status() or
Expand Down
3 changes: 3 additions & 0 deletions include/openssl/ocsp.h
View file
Open in desktop
Expand Up @@ -218,6 +218,9 @@ const STACK_OF(X509) *OCSP_resp_get0_certs(const OCSP_BASICRESP *bs);
int OCSP_resp_get0_id(const OCSP_BASICRESP *bs,
const ASN1_OCTET_STRING **pid,
const X509_NAME **pname);
int OCSP_resp_get1_id(const OCSP_BASICRESP *bs,
ASN1_OCTET_STRING **pid,
X509_NAME **pname);

int OCSP_resp_find(OCSP_BASICRESP *bs, OCSP_CERTID *id, int last);
int OCSP_single_get0_status(OCSP_SINGLERESP *single, int *reason,
Expand Down
1 change: 1 addition & 0 deletions util/libcrypto.num
View file
Open in desktop
Expand Up @@ -4270,3 +4270,4 @@ UINT32_it 4214 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTIO
UINT32_it 4214 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
ZINT64_it 4215 1_1_0f EXIST:!EXPORT_VAR_AS_FUNCTION:VARIABLE:
ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION:FUNCTION:
OCSP_resp_get1_id 4216 1_1_0f EXIST::FUNCTION:OCSP