From: Damian Hobson-Garcia Date: Fri, 30 Jun 2023 21:12:57 +0000 (-0400) Subject: x509_acert: Add and retrieve certificate extensions X-Git-Tag: openssl-3.4.0-alpha1~643 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1eeec94f1fd7de60248d1093d5552dc1f05c2fc9;p=thirdparty%2Fopenssl.git x509_acert: Add and retrieve certificate extensions Add API to manage attribute certificate extensions Reviewed-by: Tomas Mraz Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/15857) --- diff --git a/crypto/x509/x509_acert.c b/crypto/x509/x509_acert.c index 7e0d5f139b4..9499a14cc0b 100644 --- a/crypto/x509/x509_acert.c +++ b/crypto/x509/x509_acert.c @@ -242,3 +242,19 @@ int X509_ACERT_add1_attr_by_txt(X509_ACERT *x, const char *attrname, int type, return X509at_add1_attr_by_txt(attrs, attrname, type, bytes, len) != NULL; } + +void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx) +{ + return X509V3_get_d2i(x->acinfo->extensions, nid, crit, idx); +} + +int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit, + unsigned long flags) +{ + return X509V3_add1_i2d(&x->acinfo->extensions, nid, value, crit, flags); +} + +const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509_ACERT *x) +{ + return x->acinfo->extensions; +} diff --git a/doc/man3/X509V3_get_d2i.pod b/doc/man3/X509V3_get_d2i.pod index 4a2e81b0dbd..b5abd2ff28c 100644 --- a/doc/man3/X509V3_get_d2i.pod +++ b/doc/man3/X509V3_get_d2i.pod @@ -4,9 +4,10 @@ X509V3_get_d2i, X509V3_add1_i2d, X509V3_EXT_d2i, X509V3_EXT_i2d, X509_get_ext_d2i, X509_add1_ext_i2d, +X509_ACERT_get_ext_d2i, X509_ACERT_add1_ext_i2d, X509_CRL_get_ext_d2i, X509_CRL_add1_ext_i2d, X509_REVOKED_get_ext_d2i, X509_REVOKED_add1_ext_i2d, -X509_get0_extensions, X509_CRL_get0_extensions, +X509_get0_extensions, X509_ACERT_get0_extensions, X509_CRL_get0_extensions, X509_REVOKED_get0_extensions - X509 extension decode and encode functions =head1 SYNOPSIS @@ -25,6 +26,10 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, unsigned long flags); + void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx); + int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit, + unsigned long flags); + void *X509_CRL_get_ext_d2i(const X509_CRL *crl, int nid, int *crit, int *idx); int X509_CRL_add1_ext_i2d(X509_CRL *crl, int nid, void *value, int crit, unsigned long flags); @@ -34,6 +39,7 @@ X509_REVOKED_get0_extensions - X509 extension decode and encode functions unsigned long flags); const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); + const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509 *x); const STACK_OF(X509_EXTENSION) *X509_CRL_get0_extensions(const X509_CRL *crl); const STACK_OF(X509_EXTENSION) *X509_REVOKED_get0_extensions(const X509_REVOKED *r); @@ -64,6 +70,10 @@ X509_get_ext_d2i() and X509_add1_ext_i2d() operate on the extensions of certificate I. They are otherwise identical to X509V3_get_d2i() and X509V3_add1_i2d(). +X509_ACERT_get_ext_d2i() and X509_ACERT_add1_ext_i2d() operate on the extensions +of B structure I. They are otherwise identical to X509V3_get_d2i() +and X509V3_add1_i2d(). + X509_CRL_get_ext_d2i() and X509_CRL_add1_ext_i2d() operate on the extensions of CRL I. They are otherwise identical to X509V3_get_d2i() and X509V3_add1_i2d(). @@ -72,9 +82,10 @@ X509_REVOKED_get_ext_d2i() and X509_REVOKED_add1_ext_i2d() operate on the extensions of B structure I (i.e for CRL entry extensions). They are otherwise identical to X509V3_get_d2i() and X509V3_add1_i2d(). -X509_get0_extensions(), X509_CRL_get0_extensions() and -X509_REVOKED_get0_extensions() return a STACK of all the extensions -of a certificate, a CRL or a CRL entry respectively. +X509_get0_extensions(), X509_ACERT_get0_extensions(), +X509_CRL_get0_extensions() and X509_REVOKED_get0_extensions() return a +STACK of all the extensions of a certificate, an attribute certificate, +a CRL or a CRL entry respectively. =head1 NOTES diff --git a/include/openssl/x509_acert.h.in b/include/openssl/x509_acert.h.in index cbbb43ec86f..6a56169325f 100644 --- a/include/openssl/x509_acert.h.in +++ b/include/openssl/x509_acert.h.in @@ -77,6 +77,11 @@ int X509_ACERT_get_attr_by_OBJ(const X509_ACERT *x, const ASN1_OBJECT *obj, X509_ATTRIBUTE *X509_ACERT_get_attr(const X509_ACERT *x, int loc); X509_ATTRIBUTE *X509_ACERT_delete_attr(X509_ACERT *x, int loc); +void *X509_ACERT_get_ext_d2i(const X509_ACERT *x, int nid, int *crit, int *idx); +int X509_ACERT_add1_ext_i2d(X509_ACERT *x, int nid, void *value, int crit, + unsigned long flags); +const STACK_OF(X509_EXTENSION) *X509_ACERT_get0_extensions(const X509_ACERT *x); + # define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY 0 # define OSSL_OBJECT_DIGEST_INFO_PUBLIC_KEY_CERT 1 # define OSSL_OBJECT_DIGEST_INFO_OTHER 2 /* must not be used in RFC 5755 profile */ diff --git a/util/libcrypto.num b/util/libcrypto.num index 9b4cd8388b6..f9ff950f21f 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5615,3 +5615,6 @@ X509_ACERT_add1_attr_by_txt ? 3_4_0 EXIST::FUNCTION: X509_ACERT_sign ? 3_4_0 EXIST::FUNCTION: X509_ACERT_sign_ctx ? 3_4_0 EXIST::FUNCTION: X509_ACERT_verify ? 3_4_0 EXIST::FUNCTION: +X509_ACERT_get_ext_d2i ? 3_4_0 EXIST::FUNCTION: +X509_ACERT_add1_ext_i2d ? 3_4_0 EXIST::FUNCTION: +X509_ACERT_get0_extensions ? 3_4_0 EXIST::FUNCTION: