From: Jonathan M. Wilbur <jonathan@wilbur.space>
Date: Tue, 20 Aug 2024 23:24:01 +0000 (+0000)
Subject: feat: add support for issuedOnBehalfOf X.509v3 extension
X-Git-Tag: openssl-3.4.0-alpha1~41
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=254693280d1a93f5c1ab81f0f8d171b980ac0664;p=thirdparty%2Fopenssl.git

feat: add support for issuedOnBehalfOf X.509v3 extension

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25241)
---

diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 7bcb576bfa3..8f3e0528468 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -17,7 +17,7 @@ SOURCE[../../libcrypto]=\
         v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \
         v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c \
         x509_acert.c x509aset.c t_acert.c x_ietfatt.c v3_ac_tgt.c v3_sda.c \
-        v3_usernotice.c v3_battcons.c v3_audit_id.c
+        v3_usernotice.c v3_battcons.c v3_audit_id.c v3_iobo.c
 
 IF[{- !$disabled{'deprecated-3.0'} -}]
   SOURCE[../../libcrypto]=x509type.c
diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h
index 8bb4ed66382..7ad8303f7d1 100644
--- a/crypto/x509/ext_dat.h
+++ b/crypto/x509/ext_dat.h
@@ -41,3 +41,4 @@ extern const X509V3_EXT_METHOD ossl_v3_acc_priv_policies;
 extern const X509V3_EXT_METHOD ossl_v3_user_notice;
 extern const X509V3_EXT_METHOD ossl_v3_battcons;
 extern const X509V3_EXT_METHOD ossl_v3_audit_identity;
+extern const X509V3_EXT_METHOD ossl_v3_issued_on_behalf_of;
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index 9c4f38fe35d..fc9a4c44955 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -84,6 +84,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_acc_priv_policies,
     &ossl_v3_indirect_issuer,
     &ossl_v3_no_assertion,
+    &ossl_v3_issued_on_behalf_of,
     &ossl_v3_single_use,
     &ossl_v3_group_ac,
     &ossl_v3_holder_name_constraints,
diff --git a/crypto/x509/v3_iobo.c b/crypto/x509/v3_iobo.c
new file mode 100644
index 00000000000..23f991f6b6c
--- /dev/null
+++ b/crypto/x509/v3_iobo.c
@@ -0,0 +1,32 @@
+/*
+ * Copyright 2024 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_ISSUED_ON_BEHALF_OF(X509V3_EXT_METHOD *method,
+                                   GENERAL_NAME *gn, BIO *out,
+                                   int indent)
+{
+    if (BIO_printf(out, "%*s", indent, "") <= 0)
+        return 0;
+    if (GENERAL_NAME_print(out, gn) <= 0)
+        return 0;
+    return BIO_puts(out, "\n") > 0;
+}
+
+const X509V3_EXT_METHOD ossl_v3_issued_on_behalf_of = {
+    NID_issued_on_behalf_of, 0, ASN1_ITEM_ref(GENERAL_NAME),
+    0, 0, 0, 0,
+    0, 0,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_ISSUED_ON_BEHALF_OF,
+    0,
+    NULL
+};