x509_acert: Add and retrieve certificate extensions

Add API to manage attribute certificate extensions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)

diff --git a/crypto/x509/x509_acert.c b/crypto/x509/x509_acert.c
index 7e0d5f139b4bfd32f7ec1f2b0945a87a4a39a22d..9499a14cc0bb1d68069c7bd02725b939984fb3da 100644 (file)
--- a/crypto/x509/x509_acert.c
+++ b/crypto/x509/x509_acert.c
@@ -242,3 +242,19 @@ int X509_ACERT_add1_attr_by_txt(X509_ACERT *x, const char *attrname, int type,
 
     return X509at_add1_attr_by_txt(attrs, attrname, type, bytes, len) != NULL;
 }
+
+void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx)
+{
+    return X509V3_get_d2i(x->acinfo->extensions, nid, crit, idx);
+}
+
+int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit,
+                            unsigned long flags)
+{
+    return X509V3_add1_i2d(&x->acinfo->extensions, nid, value, crit, flags);
+}
+
+const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509_ACERT *x)
+{
+    return x->acinfo->extensions;
+}

diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod
index 4a2e81b0dbdff9ec966ccdc7acdc5e7fb4abc7dc..b5abd2ff28c8545055b4420d74f72bb9be9eb9b4 100644 (file)
--- a/doc/man3/X509V3_get_d2i.pod
+++ b/doc/man3/X509V3_get_d2i.pod
@@ -4,9 +4,10 @@
 
 X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d,
 X509_get_ext_d2i, X509_add1_ext_i2d,
+X509_ACERT_get_ext_d2i, X509_ACERT_add1_ext_i2d,
 X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d,
 X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d,
-X509_get0_extensions, X509_CRL_get0_extensions,
+X509_get0_extensions, X509_ACERT_get0_extensions, X509_CRL_get0_extensions,
 X509_REVOKED_get0_extensions - X509 extension decode and encode functions
 
 =head1 SYNOPSIS
@@ -25,6 +26,10 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions
  int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit,
                        unsigned long flags);
 
+ void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx);
+ int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit,
+                             unsigned long flags);
+
  void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx);
  int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit,
                            unsigned long flags);
@@ -34,6 +39,7 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions
                                unsigned long flags);
 
  const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
+ const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509 *x);
  const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl);
  const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r);
 
@@ -64,6 +70,10 @@ X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of
 certificate I<x>. They are otherwise identical to X509V3_get_d2i() and
 X509V3_add1_i2d().
 
+X509_ACERT_get_ext_d2i() and X509_ACERT_add1_ext_i2d() operate on the extensions
+of B<X509_ACERT> structure I<x>. They are otherwise identical to X509V3_get_d2i()
+and X509V3_add1_i2d().
+
 X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions
 of CRL I<crl>. They are otherwise identical to X509V3_get_d2i() and
 X509V3_add1_i2d().
@@ -72,9 +82,10 @@ X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the
 extensions of B<X509_REVOKED> structure I<r> (i.e for CRL entry extensions).
 They are otherwise identical to X509V3_get_d2i() and X509V3_add1_i2d().
 
-X509_get0_extensions(), X509_CRL_get0_extensions() and
-X509_REVOKED_get0_extensions() return a STACK of all the extensions
-of a certificate, a CRL or a CRL entry respectively.
+X509_get0_extensions(), X509_ACERT_get0_extensions(),
+X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a
+STACK of all the extensions of a certificate, an attribute certificate,
+a CRL or a CRL entry respectively.
 
 =head1 NOTES
 

diff --git a/include/openssl/x509_acert.h.in b/include/openssl/x509_acert.h.in
index cbbb43ec86fdd1f6f605f75c8bb8917df8b5280e..6a56169325f15dca375339242678d8365fb3ba56 100644 (file)
--- a/include/openssl/x509_acert.h.in
+++ b/include/openssl/x509_acert.h.in
@@ -77,6 +77,11 @@ int X509_ACERT_get_attr_by_OBJ(const X509_ACERT *x, const ASN1_OBJECT *obj,
 X509_ATTRIBUTE *X509_ACERT_get_attr(const X509_ACERT *x, int loc);
 X509_ATTRIBUTE *X509_ACERT_delete_attr(X509_ACERT *x, int loc);
 
+void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx);
+int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit,
+                            unsigned long flags);
+const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509_ACERT *x);
+
 # define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY        0
 # define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY_CERT   1
 # define OSSL_OBJECT_DIGEST_INFO_OTHER             2  /* must not be used in RFC 5755 profile */

diff --git a/util/libcrypto.num b/util/libcrypto.num
index 9b4cd8388b6ea464cca987e8ab4850ca202ad26c..f9ff950f21f24c50fc45968d14f15eef6f5a7da5 100644 (file)
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -5615,3 +5615,6 @@ X509_ACERT_add1_attr_by_txt             ? 3_4_0   EXIST::FUNCTION:
 X509_ACERT_sign                         ?      3_4_0   EXIST::FUNCTION:
 X509_ACERT_sign_ctx                     ?      3_4_0   EXIST::FUNCTION:
 X509_ACERT_verify                       ?      3_4_0   EXIST::FUNCTION:
+X509_ACERT_get_ext_d2i                  ?      3_4_0   EXIST::FUNCTION:
+X509_ACERT_add1_ext_i2d                 ?      3_4_0   EXIST::FUNCTION:
+X509_ACERT_get0_extensions              ?      3_4_0   EXIST::FUNCTION: