Merge branch 'main' into supportcallbacks

aws · Aug 1, 2024 · 7d39eff · 7d39eff
2 parents a9fbcfc + 2fb00e7
commit 7d39eff
Show file tree

Hide file tree

Showing 4 changed files with 60 additions and 2 deletions.
diff --git a/crypto/ocsp/ocsp_asn.c b/crypto/ocsp/ocsp_asn.c
@@ -101,6 +101,7 @@ IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPONSE)
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_RESPDATA)
 IMPLEMENT_ASN1_FUNCTIONS(OCSP_BASICRESP)
 IMPLEMENT_ASN1_DUP_FUNCTION(OCSP_CERTID)
+IMPLEMENT_ASN1_FUNCTIONS(OCSP_SINGLERESP)
 
 OCSP_RESPONSE *d2i_OCSP_RESPONSE_bio(BIO *bp, OCSP_RESPONSE **presp) {
   return ASN1_item_d2i_bio(ASN1_ITEM_rptr(OCSP_RESPONSE), bp, presp);

diff --git a/crypto/ocsp/ocsp_extension.c b/crypto/ocsp/ocsp_extension.c
@@ -37,6 +37,22 @@ X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *bs, int loc) {
   return X509v3_get_ext(bs->tbsResponseData->responseExtensions, loc);
 }
 
+int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *sresp, X509_EXTENSION *ex,
+                            int loc) {
+  GUARD_PTR(sresp);
+  return (X509v3_add_ext(&sresp->singleExtensions, ex, loc) != NULL);
+}
+
+int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *sresp) {
+  GUARD_PTR(sresp);
+  return X509v3_get_ext_count(sresp->singleExtensions);
+}
+
+X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *sresp, int loc) {
+  GUARD_PTR(sresp);
+  return X509v3_get_ext(sresp->singleExtensions, loc);
+}
+
 static int ocsp_add_nonce(STACK_OF(X509_EXTENSION) **exts, unsigned char *val,
                           int len) {
   unsigned char *tmpval;
@@ -80,15 +96,15 @@ int OCSP_request_add1_nonce(OCSP_REQUEST *req, unsigned char *val, int len) {
     OPENSSL_PUT_ERROR(OCSP, ERR_R_PASSED_NULL_PARAMETER);
     return 0;
   }
-  if(val != NULL && len <= 0) {
+  if (val != NULL && len <= 0) {
     OPENSSL_PUT_ERROR(OCSP, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
     return 0;
   }
   return ocsp_add_nonce(&req->tbsRequest->requestExtensions, val, len);
 }
 
 int OCSP_check_nonce(OCSP_REQUEST *req, OCSP_BASICRESP *bs) {
-  if(req == NULL || bs == NULL) {
+  if (req == NULL || bs == NULL) {
     OPENSSL_PUT_ERROR(OCSP, ERR_R_PASSED_NULL_PARAMETER);
     return OCSP_NONCE_NOT_EQUAL;
   }

diff --git a/crypto/ocsp/ocsp_test.cc b/crypto/ocsp/ocsp_test.cc
@@ -1608,3 +1608,23 @@ TEST(OCSPTest, OCSPUtilityFunctions) {
   ASSERT_EQ(returned_id, cert_id);
 }
 
+TEST(OCSPTest, OCSP_SINGLERESP) {
+  bssl::UniquePtr<OCSP_SINGLERESP> single_resp(OCSP_SINGLERESP_new());
+  ASSERT_TRUE(single_resp);
+
+  // Initialize an |X509_EXTENSION| for testing.
+  bssl::UniquePtr<ASN1_OCTET_STRING> ext_oct(ASN1_OCTET_STRING_new());
+  const uint8_t data[] = {0x01, 0x02, 0x03, 0x04, 0x05};
+  ASSERT_TRUE(ASN1_OCTET_STRING_set(ext_oct.get(), data, sizeof(data)));
+  bssl::UniquePtr<X509_EXTENSION> ext(X509_EXTENSION_create_by_NID(
+      nullptr, NID_id_pkix_OCSP_CrlID, 0, ext_oct.get()));
+  ASSERT_TRUE(ext);
+
+  // Test |X509_EXTENSION|s work with |OCSP_SINGLERESP|.
+  EXPECT_TRUE(OCSP_SINGLERESP_add_ext(single_resp.get(), ext.get(), -1));
+  EXPECT_EQ(OCSP_SINGLERESP_get_ext_count(single_resp.get()), 1);
+  X509_EXTENSION *retrieved_ext = OCSP_SINGLERESP_get_ext(single_resp.get(), 0);
+  ASSERT_EQ(ASN1_OCTET_STRING_cmp(X509_EXTENSION_get_data(retrieved_ext),
+                                  X509_EXTENSION_get_data(ext.get())),
+            0);
+}
diff --git a/include/openssl/ocsp.h b/include/openssl/ocsp.h
@@ -70,6 +70,7 @@ DECLARE_ASN1_FUNCTIONS(OCSP_BASICRESP)
 DECLARE_ASN1_FUNCTIONS(OCSP_RESPONSE)
 DECLARE_ASN1_FUNCTIONS(OCSP_CERTID)
 DECLARE_ASN1_FUNCTIONS(OCSP_REQUEST)
+DECLARE_ASN1_FUNCTIONS(OCSP_SINGLERESP)
 
 // d2i_OCSP_REQUEST_bio parses a DER-encoded OCSP request from |bp|, converts it
 // into an |OCSP_REQUEST|, and writes the result in |preq|.
@@ -410,6 +411,25 @@ OPENSSL_EXPORT X509_EXTENSION *OCSP_BASICRESP_get_ext(OCSP_BASICRESP *bs,
                                                       int loc);
 
 
+// OCSP |X509_EXTENSION| Functions
+
+// OCSP_SINGLERESP_add_ext adds a copy of |ex| to the extension list in
+// |*sresp|. It returns 1 on success and 0 on error. The new extension is
+// inserted at index |loc|, shifting extensions to the right. If |loc| is -1 or
+// out of bounds, the new extension is appended to the list.
+OPENSSL_EXPORT int OCSP_SINGLERESP_add_ext(OCSP_SINGLERESP *sresp,
+                                           X509_EXTENSION *ex, int loc);
+
+// OCSP_SINGLERESP_get_ext_count returns the number of |X509_EXTENSION|s in
+// |sresp|.
+OPENSSL_EXPORT int OCSP_SINGLERESP_get_ext_count(OCSP_SINGLERESP *sresp);
+
+// OCSP_SINGLERESP_get_ext returns the |X509_EXTENSION| in |sresp|
+// at index |loc|, or NULL if |loc| is out of bounds.
+OPENSSL_EXPORT X509_EXTENSION *OCSP_SINGLERESP_get_ext(OCSP_SINGLERESP *sresp,
+                                                       int loc);
+
+
 #if defined(__cplusplus)
 }  // extern C
 #endif
@@ -424,6 +444,7 @@ BORINGSSL_MAKE_DELETER(OCSP_REQ_CTX, OCSP_REQ_CTX_free)
 BORINGSSL_MAKE_DELETER(OCSP_RESPONSE, OCSP_RESPONSE_free)
 BORINGSSL_MAKE_DELETER(OCSP_BASICRESP, OCSP_BASICRESP_free)
 BORINGSSL_MAKE_DELETER(OCSP_CERTID, OCSP_CERTID_free)
+BORINGSSL_MAKE_DELETER(OCSP_SINGLERESP, OCSP_SINGLERESP_free)
 
 BSSL_NAMESPACE_END