From: Nikos Mavrogiannopoulos Date: Thu, 13 Nov 2014 15:31:21 +0000 (+0100) Subject: replaced gnutls_ocsp_resp_get_responder_by_key with gnutls_ocsp_resp_get_responder_raw_id X-Git-Tag: gnutls_3_4_0~622 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fc72cd1296856a2e1e1033a709c4b5b2ac21f73a;p=thirdparty%2Fgnutls.git replaced gnutls_ocsp_resp_get_responder_by_key with gnutls_ocsp_resp_get_responder_raw_id In addition reverted gnutls_ocsp_resp_get_responder() to the old buggy behavior of returning 0 if the element was missing. --- diff --git a/lib/includes/gnutls/ocsp.h b/lib/includes/gnutls/ocsp.h index 1a9679c08b..1a96ce8a29 100644 --- a/lib/includes/gnutls/ocsp.h +++ b/lib/includes/gnutls/ocsp.h @@ -211,9 +211,15 @@ int gnutls_ocsp_resp_get_response(gnutls_ocsp_resp_t resp, int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp); int gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, gnutls_datum_t * dn); + +/* the raw key ID of the responder */ +#define GNUTLS_OCSP_RESP_ID_KEY 1 +/* the raw DN of the responder */ +#define GNUTLS_OCSP_RESP_ID_DN 2 int -gnutls_ocsp_resp_get_responder_by_key(gnutls_ocsp_resp_t resp, - gnutls_datum_t * id); +gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_t resp, + unsigned type, + gnutls_datum_t * raw); time_t gnutls_ocsp_resp_get_produced(gnutls_ocsp_resp_t resp); int gnutls_ocsp_resp_get_single(gnutls_ocsp_resp_t resp, diff --git a/lib/libgnutls.map b/lib/libgnutls.map index 340832c32a..cad05281ba 100644 --- a/lib/libgnutls.map +++ b/lib/libgnutls.map @@ -1062,7 +1062,7 @@ GNUTLS_3_1_0 { gnutls_memcmp; gnutls_pkcs12_bag_set_privkey; gnutls_x509_privkey_set_pin_function; - gnutls_ocsp_resp_get_responder_by_key; + gnutls_ocsp_resp_get_responder_raw_id; } GNUTLS_3_0_0; GNUTLS_FIPS140 { diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c index 5a5b60267b..aa494ab146 100644 --- a/lib/x509/ocsp.c +++ b/lib/x509/ocsp.c @@ -1115,7 +1115,7 @@ int gnutls_ocsp_resp_get_version(gnutls_ocsp_resp_t resp) * will be ASCII or UTF-8 encoded, depending on the certificate data. * * If the responder ID is not a name but a hash, this function - * will return %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. + * will return zero and the @dn elements will be set to %NULL. * * The caller needs to deallocate memory by calling gnutls_free() on * @dn->data. @@ -1142,6 +1142,8 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, (resp->basicresp, "tbsResponseData.responderID.byName", NULL, &l); if (ret != GNUTLS_E_SHORT_MEMORY_BUFFER) { + if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) + return 0; /* for backwards compatibility */ gnutls_assert(); return ret; } @@ -1168,9 +1170,10 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, /** * gnutls_ocsp_resp_get_responder_by_key: * @resp: should contain a #gnutls_ocsp_resp_t structure - * @id: newly allocated buffer with ID + * @type: should be %GNUTLS_OCSP_RESP_ID_KEY or %GNUTLS_OCSP_RESP_ID_DN + * @raw: newly allocated buffer with the raw ID * - * This function will extract the key ID of the Basic OCSP Response in + * This function will extract the raw key (or DN) ID of the Basic OCSP Response in * the provided buffer. If the responder ID is not a key ID then * this function will return %GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE. * @@ -1181,18 +1184,22 @@ gnutls_ocsp_resp_get_responder(gnutls_ocsp_resp_t resp, * negative error code is returned. **/ int -gnutls_ocsp_resp_get_responder_by_key(gnutls_ocsp_resp_t resp, - gnutls_datum_t * id) +gnutls_ocsp_resp_get_responder_raw_id(gnutls_ocsp_resp_t resp, + unsigned type, + gnutls_datum_t * raw) { int ret; - if (resp == NULL || id == NULL) { + if (resp == NULL || raw == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; } - ret = _gnutls_x509_read_value(resp->basicresp, "tbsResponseData.responderID.byKey", id); - if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND) + if (type == GNUTLS_OCSP_RESP_ID_KEY) + ret = _gnutls_x509_read_value(resp->basicresp, "tbsResponseData.responderID.byKey", raw); + else + ret = _gnutls_x509_read_value(resp->basicresp, "tbsResponseData.responderID.byName", raw); + if (ret == GNUTLS_E_ASN1_ELEMENT_NOT_FOUND || ret == GNUTLS_E_ASN1_VALUE_NOT_FOUND) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; return ret; } diff --git a/lib/x509/ocsp_output.c b/lib/x509/ocsp_output.c index ed96e8e777..294ebb142b 100644 --- a/lib/x509/ocsp_output.c +++ b/lib/x509/ocsp_output.c @@ -285,9 +285,9 @@ print_resp(gnutls_buffer_st * str, gnutls_ocsp_resp_t resp, gnutls_datum_t dn; ret = gnutls_ocsp_resp_get_responder(resp, &dn); - if (ret < 0) { - if (ret == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - ret = gnutls_ocsp_resp_get_responder_by_key(resp, &dn); + if (ret < 0 || dn.data == NULL) { + if (dn.data == 0) { + ret = gnutls_ocsp_resp_get_responder_raw_id(resp, GNUTLS_OCSP_RESP_ID_KEY, &dn); if (ret >= 0) { addf(str, _("\tResponder Key ID: ")); diff --git a/tests/ocsp.c b/tests/ocsp.c index 30afae2b5e..b8a5e8da8b 100644 --- a/tests/ocsp.c +++ b/tests/ocsp.c @@ -645,11 +645,17 @@ static void ocsp_invalid_calls(void) } rc = gnutls_ocsp_resp_get_responder(resp, &dat); - if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + if (rc != 0 && dat.data != NULL) { fail("gnutls_ocsp_resp_get_responder %d\n", rc); exit(1); } + rc = gnutls_ocsp_resp_get_responder_raw_id(resp, GNUTLS_OCSP_RESP_ID_KEY, &dat); + if (rc != GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + fail("gnutls_ocsp_resp_get_responder_raw_id %s\n", gnutls_strerror(rc)); + exit(1); + } + gnutls_free(dat.data); gnutls_ocsp_req_deinit(req);