New function to copy nonce values from OCSP

request to response.

New function to copy nonce values from OCSP
request to response.
26e083cc · Dr. Stephen Henson · 49783612 · 26e083cc · 26e083cc · 26e083cc
隐藏空白更改
内联并排

Showing with 21 addition and 12 deletion

CHANGES CHANGES +4 -0

crypto/ocsp/ocsp.h crypto/ocsp/ocsp.h +3 -2

crypto/ocsp/ocsp_ext.c crypto/ocsp/ocsp_ext.c +14 -10

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -3,6 +3,10 @@

 Changes between 0.9.6 and 0.9.7  [xx XXX 2000]

+  *) New function OCSP_copy_nonce() to copy nonce value (if present) from
+     request to response.
+     [Steve Henson]
+
  *) Functions for OCSP responders. OCSP_request_onereq_count(),
     OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info()
     extract information from a certificate request. OCSP_response_create()

--- a/crypto/ocsp/ocsp.h
+++ b/crypto/ocsp/ocsp.h
@@ -412,11 +412,12 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst,
 			      ASN1_BIT_STRING* issuerKey, 
 			      ASN1_INTEGER *serialNumber);

-OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim);
-
 OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid);
+
 int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len);
 int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs);
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req);
+
 int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm);
 int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert);


--- a/crypto/ocsp/ocsp_ext.c
+++ b/crypto/ocsp/ocsp_ext.c
@@ -371,16 +371,20 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs)
 	return ret;
 	}

-X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len)
-        {
-	X509_EXTENSION *x=NULL;
-	if (!(x = X509_EXTENSION_new())) goto err;
-	if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err;
-	if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err;
-	return x;
-err:
-	if (x) X509_EXTENSION_free(x);
-	return NULL;
+/* Copy the nonce value (if any) from an OCSP request to 
+ * a response.
+ */
+
+int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req)
+	{
+	X509_EXTENSION *req_ext;
+	int req_idx;
+	/* Check for nonce in request */
+	req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1);
+	/* If no nonce that's OK */
+	if (req_idx < 0) return 2;
+	req_ext = OCSP_REQUEST_get_ext(req, req_idx);
+	return OCSP_BASICRESP_add_ext(resp, req_ext, -1);
 	}

 X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)