summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjob <>2023-02-23 18:12:32 +0000
committerjob <>2023-02-23 18:12:32 +0000
commita08222b8bebdd9bb3795304dce3e988df2c7595c (patch)
treea66ebeded65ea7f94fc6820531700d59a0ed41b5
parent8f4cd3e0e032f13354ee58ce3544243dfb8b9553 (diff)
downloadopenbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.tar.gz
openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.tar.bz2
openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.zip
Introduce X509_get0_uids() accessor function
By introducing X509_get0_uids(), one can add RPKI profile compliance checks to conform the absence of the issuerUID and subjectUID. OK tb@ jsing@
Diffstat
-rw-r--r--src/lib/libcrypto/Symbols.namespace1
-rw-r--r--src/lib/libcrypto/hidden/openssl/x509.h3
-rw-r--r--src/lib/libcrypto/man/X509V3_get_d2i.327
-rw-r--r--src/lib/libcrypto/x509/x509.h6
-rw-r--r--src/lib/libcrypto/x509/x509_set.c13
5 files changed, 44 insertions, 6 deletions
diff --git a/src/lib/libcrypto/Symbols.namespace b/src/lib/libcrypto/Symbols.namespace
index b4be562f6a..c68e8970de 100644
--- a/src/lib/libcrypto/Symbols.namespace
+++ b/src/lib/libcrypto/Symbols.namespace
@@ -341,6 +341,7 @@ _libre_X509_TRUST_set
341_libre_X509_NAME_oneline 341_libre_X509_NAME_oneline
342_libre_X509_get0_extensions 342_libre_X509_get0_extensions
343_libre_X509_get0_tbs_sigalg 343_libre_X509_get0_tbs_sigalg
344_libre_X509_get0_uids
344_libre_X509_set_version 345_libre_X509_set_version
345_libre_X509_get_version 346_libre_X509_get_version
346_libre_X509_set_serialNumber 347_libre_X509_set_serialNumber
diff --git a/src/lib/libcrypto/hidden/openssl/x509.h b/src/lib/libcrypto/hidden/openssl/x509.h
index 59af41f917..cdd09b4062 100644
--- a/src/lib/libcrypto/hidden/openssl/x509.h
+++ b/src/lib/libcrypto/hidden/openssl/x509.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.h,v 1.1 2022/11/14 17:48:49 beck Exp $ */ 1/* $OpenBSD: x509.h,v 1.2 2023/02/23 18:12:32 job Exp $ */
2/* 2/*
3 * Copyright (c) 2022 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2022 Bob Beck <beck@openbsd.org>
4 * 4 *
@@ -105,6 +105,7 @@ LCRYPTO_USED(X509_TRUST_set);
105LCRYPTO_USED(X509_NAME_oneline); 105LCRYPTO_USED(X509_NAME_oneline);
106LCRYPTO_USED(X509_get0_extensions); 106LCRYPTO_USED(X509_get0_extensions);
107LCRYPTO_USED(X509_get0_tbs_sigalg); 107LCRYPTO_USED(X509_get0_tbs_sigalg);
108LCRYPTO_USED(X509_get0_uids);
108LCRYPTO_USED(X509_set_version); 109LCRYPTO_USED(X509_set_version);
109LCRYPTO_USED(X509_get_version); 110LCRYPTO_USED(X509_get_version);
110LCRYPTO_USED(X509_set_serialNumber); 111LCRYPTO_USED(X509_set_serialNumber);
diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3
index 4e1a003365..30f03c6395 100644
--- a/src/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
1.\" $OpenBSD: X509V3_get_d2i.3,v 1.19 2021/07/12 14:54:00 schwarze Exp $ 1.\" $OpenBSD: X509V3_get_d2i.3,v 1.20 2023/02/23 18:12:32 job Exp $
2.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000 2.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000
3.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400 3.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
4.\" 4.\"
@@ -49,7 +49,7 @@
49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 49.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50.\" OF THE POSSIBILITY OF SUCH DAMAGE. 50.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51.\" 51.\"
52.Dd $Mdocdate: July 12 2021 $ 52.Dd $Mdocdate: February 23 2023 $
53.Dt X509V3_GET_D2I 3 53.Dt X509V3_GET_D2I 3
54.Os 54.Os
55.Sh NAME 55.Sh NAME
@@ -65,7 +65,8 @@
65.Nm X509_REVOKED_add1_ext_i2d , 65.Nm X509_REVOKED_add1_ext_i2d ,
66.Nm X509_get0_extensions , 66.Nm X509_get0_extensions ,
67.Nm X509_CRL_get0_extensions , 67.Nm X509_CRL_get0_extensions ,
68.Nm X509_REVOKED_get0_extensions 68.Nm X509_REVOKED_get0_extensions ,
69.Nm X509_get0_uids
69.Nd X509 extension decode and encode functions 70.Nd X509 extension decode and encode functions
70.Sh SYNOPSIS 71.Sh SYNOPSIS
71.In openssl/x509v3.h 72.In openssl/x509v3.h
@@ -151,6 +152,12 @@
151.Fo X509_REVOKED_get0_extensions 152.Fo X509_REVOKED_get0_extensions
152.Fa "const X509_REVOKED *r" 153.Fa "const X509_REVOKED *r"
153.Fc 154.Fc
155.Ft void
156.Fo X509_get0_uids
157.Fa "const X509 *x"
158.Fa "const ASN1_BIT_STRING **piuid"
159.Fa "const ASN1_BIT_STRING **psuid"
160.Fc
154.Sh DESCRIPTION 161.Sh DESCRIPTION
155.Fn X509V3_get_d2i 162.Fn X509V3_get_d2i
156looks for an extension with OID 163looks for an extension with OID
@@ -300,6 +307,16 @@ if the extension is not found, occurs multiple times or cannot be
300decoded. 307decoded.
301It is possible to determine the precise reason by checking the value of 308It is possible to determine the precise reason by checking the value of
302.Pf * Fa crit . 309.Pf * Fa crit .
310.Pp
311.Fn X509_get0_uids
312sets
313.Fa *piuid
314and
315.Fa *psuid
316to the issuer and subject unique identifiers of certificate
317.Fa x
318or NULL if the fields are not present.
319These fields are rarely used.
303.Sh SUPPORTED EXTENSIONS 320.Sh SUPPORTED EXTENSIONS
304The following sections contain a list of all supported extensions 321The following sections contain a list of all supported extensions
305including their name and NID. 322including their name and NID.
@@ -449,3 +466,7 @@ and
449.Fn X509_REVOKED_get0_extensions 466.Fn X509_REVOKED_get0_extensions
450first appeared in OpenSSL 1.1.0 and have been available since 467first appeared in OpenSSL 1.1.0 and have been available since
451.Ox 6.3 . 468.Ox 6.3 .
469.Pp
470.Fn X509_get0_uids
471first appeared in OpenSSL 1.1.0 and has been available since
472.Ox 7.3 .
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h
index 4ecad066c1..e31f7182d3 100644
--- a/src/lib/libcrypto/x509/x509.h
+++ b/src/lib/libcrypto/x509/x509.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509.h,v 1.92 2022/12/26 16:00:36 tb Exp $ */ 1/* $OpenBSD: x509.h,v 1.93 2023/02/23 18:12:32 job Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -771,6 +771,10 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it,
771#endif 771#endif
772 772
773const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x); 773const STACK_OF(X509_EXTENSION) *X509_get0_extensions(const X509 *x);
774#if defined(LIBRESSL_INTERNAL) || defined(LIBRESSL_NEXT_API)
775void X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
776 const ASN1_BIT_STRING **psuid);
777#endif
774const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x); 778const X509_ALGOR *X509_get0_tbs_sigalg(const X509 *x);
775int X509_set_version(X509 *x, long version); 779int X509_set_version(X509 *x, long version);
776long X509_get_version(const X509 *x); 780long X509_get_version(const X509 *x);
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c
index e65ffb3b4d..19e0f2b55f 100644
--- a/src/lib/libcrypto/x509/x509_set.c
+++ b/src/lib/libcrypto/x509/x509_set.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: x509_set.c,v 1.23 2023/02/16 08:38:17 tb Exp $ */ 1/* $OpenBSD: x509_set.c,v 1.24 2023/02/23 18:12:32 job Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -242,3 +242,14 @@ X509_get_X509_PUBKEY(const X509 *x)
242 return x->cert_info->key; 242 return x->cert_info->key;
243} 243}
244LCRYPTO_ALIAS(X509_get_X509_PUBKEY); 244LCRYPTO_ALIAS(X509_get_X509_PUBKEY);
245
246void
247X509_get0_uids(const X509 *x, const ASN1_BIT_STRING **piuid,
248 const ASN1_BIT_STRING **psuid)
249{
250 if (piuid != NULL)
251 *piuid = x->cert_info->issuerUID;
252 if (psuid != NULL)
253 *psuid = x->cert_info->subjectUID;
254}
255LCRYPTO_ALIAS(X509_get0_uids);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-20 22:11:25 +0000