From 26e083ccb72f0bfabb443c67b121ad8f9192217e Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 5 Feb 2001 00:35:06 +0000 Subject: [PATCH] New function to copy nonce values from OCSP request to response. --- CHANGES | 4 ++++ crypto/ocsp/ocsp.h | 5 +++-- crypto/ocsp/ocsp_ext.c | 24 ++++++++++++++---------- 3 files changed, 21 insertions(+), 12 deletions(-) diff --git a/CHANGES b/CHANGES index dc68c9c17..f817e9356 100644 --- a/CHANGES +++ b/CHANGES @@ -3,6 +3,10 @@ Changes between 0.9.6 and 0.9.7 [xx XXX 2000] + *) New function OCSP_copy_nonce() to copy nonce value (if present) from + request to response. + [Steve Henson] + *) Functions for OCSP responders. OCSP_request_onereq_count(), OCSP_request_onereq_get0(), OCSP_onereq_get0_id() and OCSP_id_get0_info() extract information from a certificate request. OCSP_response_create() diff --git a/crypto/ocsp/ocsp.h b/crypto/ocsp/ocsp.h index f77c4fd03..4826a709f 100644 --- a/crypto/ocsp/ocsp.h +++ b/crypto/ocsp/ocsp.h @@ -412,11 +412,12 @@ OCSP_CERTID *OCSP_cert_id_new(const EVP_MD *dgst, ASN1_BIT_STRING* issuerKey, ASN1_INTEGER *serialNumber); -OCSP_CERTSTATUS *OCSP_cert_status_new(int status, int reason, char *tim); - OCSP_ONEREQ *OCSP_request_add0_id(OCSP_REQUEST *req, OCSP_CERTID *cid); + int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len); int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs); +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req); + int OCSP_request_set1_name(OCSP_REQUEST *req, X509_NAME *nm); int OCSP_request_add1_cert(OCSP_REQUEST *req, X509 *cert); diff --git a/crypto/ocsp/ocsp_ext.c b/crypto/ocsp/ocsp_ext.c index 36e51ddd9..56c54f735 100644 --- a/crypto/ocsp/ocsp_ext.c +++ b/crypto/ocsp/ocsp_ext.c @@ -371,16 +371,20 @@ int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) return ret; } -X509_EXTENSION *OCSP_nonce_new(void *p, unsigned int len) - { - X509_EXTENSION *x=NULL; - if (!(x = X509_EXTENSION_new())) goto err; - if (!(x->object = OBJ_nid2obj(NID_id_pkix_OCSP_Nonce))) goto err; - if (!(ASN1_OCTET_STRING_set(x->value, p, len))) goto err; - return x; -err: - if (x) X509_EXTENSION_free(x); - return NULL; +/* Copy the nonce value (if any) from an OCSP request to + * a response. + */ + +int OCSP_copy_nonce(OCSP_BASICRESP *resp, OCSP_REQUEST *req) + { + X509_EXTENSION *req_ext; + int req_idx; + /* Check for nonce in request */ + req_idx = OCSP_REQUEST_get_ext_by_NID(req, NID_id_pkix_OCSP_Nonce, -1); + /* If no nonce that's OK */ + if (req_idx < 0) return 2; + req_ext = OCSP_REQUEST_get_ext(req, req_idx); + return OCSP_BASICRESP_add_ext(resp, req_ext, -1); } X509_EXTENSION *OCSP_crlID_new(char *url, long *n, char *tim)