diff options
| author | Matt Caswell <matt@openssl.org> | 2016-09-12 17:39:55 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-09-22 09:28:07 +0100 |
| commit | 1645f3f4b9f717133ffcaf3398508ed2ddc81374 (patch) | |
| tree | 94b61117f2cc52cf105619e9369e36dfd7f3c211 /crypto | |
| parent | a59ab1c4dd27a4c7c6e88f3c33747532fd144412 (diff) | |
Add the ability to set OCSP_RESPID fields
OCSP_RESPID was made opaque in 1.1.0, but no accessors were provided for
setting the name/key value for the OCSP_RESPID.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/ocsp/ocsp_srv.c | 47 |
1 files changed, 37 insertions, 10 deletions
diff --git a/crypto/ocsp/ocsp_srv.c b/crypto/ocsp/ocsp_srv.c index 443161cd25..5d590bae85 100644 --- a/crypto/ocsp/ocsp_srv.c +++ b/crypto/ocsp/ocsp_srv.c @@ -193,17 +193,10 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, rid = &brsp->tbsResponseData.responderId; if (flags & OCSP_RESPID_KEY) { - unsigned char md[SHA_DIGEST_LENGTH]; - X509_pubkey_digest(signer, EVP_sha1(), md, NULL); - if ((rid->value.byKey = ASN1_OCTET_STRING_new()) == NULL) + if (!OCSP_RESPID_set_by_key(rid, signer)) goto err; - if (!(ASN1_OCTET_STRING_set(rid->value.byKey, md, SHA_DIGEST_LENGTH))) - goto err; - rid->type = V_OCSP_RESPID_KEY; - } else { - if (!X509_NAME_set(&rid->value.byName, X509_get_subject_name(signer))) - goto err; - rid->type = V_OCSP_RESPID_NAME; + } else if (!OCSP_RESPID_set_by_name(rid, signer)) { + goto err; } if (!(flags & OCSP_NOTIME) && @@ -222,3 +215,37 @@ int OCSP_basic_sign(OCSP_BASICRESP *brsp, err: return 0; } + +int OCSP_RESPID_set_by_name(OCSP_RESPID *respid, X509 *cert) +{ + if (!X509_NAME_set(&respid->value.byName, X509_get_subject_name(cert))) + return 0; + + respid->type = V_OCSP_RESPID_NAME; + + return 1; +} + +int OCSP_RESPID_set_by_key(OCSP_RESPID *respid, X509 *cert) +{ + ASN1_OCTET_STRING *byKey = NULL; + unsigned char md[SHA_DIGEST_LENGTH]; + + /* RFC2560 requires SHA1 */ + if (!X509_pubkey_digest(cert, EVP_sha1(), md, NULL)) + return 0; + + byKey = ASN1_OCTET_STRING_new(); + if (byKey == NULL) + return 0; + + if (!(ASN1_OCTET_STRING_set(respid->value.byKey, md, SHA_DIGEST_LENGTH))) { + ASN1_OCTET_STRING_free(byKey); + return 0; + } + + respid->type = V_OCSP_RESPID_KEY; + respid->value.byKey = byKey; + + return 1; +} |