Introduce X509_get0_uids() accessor function

By introducing X509_get0_uids(), one can add RPKI profile compliance checks to conform the absence of the issuerUID and subjectUID. OK tb@ jsing@
author: job <> 2023-02-23 18:12:32 +0000
committer: job <> 2023-02-23 18:12:32 +0000
commit: a08222b8bebdd9bb3795304dce3e988df2c7595c (patch)
tree: a66ebeded65ea7f94fc6820531700d59a0ed41b5 /src/lib/libcrypto/man
parent: 8f4cd3e0e032f13354ee58ce3544243dfb8b9553 (diff)
download: openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.tar.gz
openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.tar.bz2
openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.zip
1 files changed, 24 insertions, 3 deletions
diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3
index 4e1a003365..30f03c6395 100644
--- a/src/lib/libcrypto/man/X509V3_get_d2i.3
+++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
-.\" $OpenBSD: X509V3_get_d2i.3,v 1.19 2021/07/12 14:54:00 schwarze Exp $
+.\" $OpenBSD: X509V3_get_d2i.3,v 1.20 2023/02/23 18:12:32 job Exp $
 .\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000
 .\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
 .\"
@@ -49,7 +49,7 @@
 .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
 .\" OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 12 2021 $
+.Dd $Mdocdate: February 23 2023 $
 .Dt X509V3_GET_D2I 3
 .Os
 .Sh NAME
@@ -65,7 +65,8 @@
 .Nm X509_REVOKED_add1_ext_i2d ,
 .Nm X509_get0_extensions ,
 .Nm X509_CRL_get0_extensions ,
-.Nm X509_REVOKED_get0_extensions
+.Nm X509_REVOKED_get0_extensions ,
+.Nm X509_get0_uids
 .Nd X509 extension decode and encode functions
 .Sh SYNOPSIS
 .In openssl/x509v3.h
@@ -151,6 +152,12 @@
 .Fo X509_REVOKED_get0_extensions
 .Fa "const X509_REVOKED *r"
 .Fc
+.Ft void
+.Fo X509_get0_uids
+.Fa "const X509 *x"
+.Fa "const ASN1_BIT_STRING **piuid"
+.Fa "const ASN1_BIT_STRING **psuid"
+.Fc
 .Sh DESCRIPTION
 .Fn X509V3_get_d2i
 looks for an extension with OID
@@ -300,6 +307,16 @@ if the extension is not found, occurs multiple times or cannot be
 decoded.
 It is possible to determine the precise reason by checking the value of
 .Pf * Fa crit .
+.Pp
+.Fn X509_get0_uids
+sets
+.Fa *piuid
+and
+.Fa *psuid
+to the issuer and subject unique identifiers of certificate
+.Fa x
+or NULL if the fields are not present.
+These fields are rarely used.
 .Sh SUPPORTED EXTENSIONS
 The following sections contain a list of all supported extensions
 including their name and NID.
@@ -449,3 +466,7 @@ and
 .Fn X509_REVOKED_get0_extensions
 first appeared in OpenSSL 1.1.0 and have been available since
 .Ox 6.3 .
+.Pp
+.Fn X509_get0_uids
+first appeared in OpenSSL 1.1.0 and has been available since
+.Ox 7.3 .
author	job <>	2023-02-23 18:12:32 +0000
committer	job <>	2023-02-23 18:12:32 +0000
commit	a08222b8bebdd9bb3795304dce3e988df2c7595c (patch)
tree	a66ebeded65ea7f94fc6820531700d59a0ed41b5 /src/lib/libcrypto/man
parent	8f4cd3e0e032f13354ee58ce3544243dfb8b9553 (diff)
download	openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.tar.gz openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.tar.bz2 openbsd-a08222b8bebdd9bb3795304dce3e988df2c7595c.zip

diff --git a/src/lib/libcrypto/man/X509V3_get_d2i.3 b/src/lib/libcrypto/man/X509V3_get_d2i.3 index 4e1a003365..30f03c6395 100644 --- a/src/lib/libcrypto/man/X509V3_get_d2i.3 +++ b/src/lib/libcrypto/man/X509V3_get_d2i.3
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: X509V3_get_d2i.3,v 1.19 2021/07/12 14:54:00 schwarze Exp $	1	.\" $OpenBSD: X509V3_get_d2i.3,v 1.20 2023/02/23 18:12:32 job Exp $
2	.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000	2	.\" full merge up to: OpenSSL ff7fbfd5 Nov 2 11:52:01 2015 +0000
3	.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400	3	.\" selective merge up to: OpenSSL 99d63d46 Oct 26 13:56:48 2016 -0400
4	.\"	4	.\"
@@ -49,7 +49,7 @@
49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED	49	.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.	50	.\" OF THE POSSIBILITY OF SUCH DAMAGE.
51	.\"	51	.\"
52	.Dd $Mdocdate: July 12 2021 $	52	.Dd $Mdocdate: February 23 2023 $
53	.Dt X509V3_GET_D2I 3	53	.Dt X509V3_GET_D2I 3
54	.Os	54	.Os
55	.Sh NAME	55	.Sh NAME
@@ -65,7 +65,8 @@
65	.Nm X509_REVOKED_add1_ext_i2d ,	65	.Nm X509_REVOKED_add1_ext_i2d ,
66	.Nm X509_get0_extensions ,	66	.Nm X509_get0_extensions ,
67	.Nm X509_CRL_get0_extensions ,	67	.Nm X509_CRL_get0_extensions ,
68	.Nm X509_REVOKED_get0_extensions	68	.Nm X509_REVOKED_get0_extensions ,
		69	.Nm X509_get0_uids
69	.Nd X509 extension decode and encode functions	70	.Nd X509 extension decode and encode functions
70	.Sh SYNOPSIS	71	.Sh SYNOPSIS
71	.In openssl/x509v3.h	72	.In openssl/x509v3.h
@@ -151,6 +152,12 @@
151	.Fo X509_REVOKED_get0_extensions	152	.Fo X509_REVOKED_get0_extensions
152	.Fa "const X509_REVOKED *r"	153	.Fa "const X509_REVOKED *r"
153	.Fc	154	.Fc
		155	.Ft void
		156	.Fo X509_get0_uids
		157	.Fa "const X509 *x"
		158	.Fa "const ASN1_BIT_STRING **piuid"
		159	.Fa "const ASN1_BIT_STRING **psuid"
		160	.Fc
154	.Sh DESCRIPTION	161	.Sh DESCRIPTION
155	.Fn X509V3_get_d2i	162	.Fn X509V3_get_d2i
156	looks for an extension with OID	163	looks for an extension with OID
@@ -300,6 +307,16 @@ if the extension is not found, occurs multiple times or cannot be
300	decoded.	307	decoded.
301	It is possible to determine the precise reason by checking the value of	308	It is possible to determine the precise reason by checking the value of
302	.Pf * Fa crit .	309	.Pf * Fa crit .
		310	.Pp
		311	.Fn X509_get0_uids
		312	sets
		313	.Fa *piuid
		314	and
		315	.Fa *psuid
		316	to the issuer and subject unique identifiers of certificate
		317	.Fa x
		318	or NULL if the fields are not present.
		319	These fields are rarely used.
303	.Sh SUPPORTED EXTENSIONS	320	.Sh SUPPORTED EXTENSIONS
304	The following sections contain a list of all supported extensions	321	The following sections contain a list of all supported extensions
305	including their name and NID.	322	including their name and NID.
@@ -449,3 +466,7 @@ and
449	.Fn X509_REVOKED_get0_extensions	466	.Fn X509_REVOKED_get0_extensions
450	first appeared in OpenSSL 1.1.0 and have been available since	467	first appeared in OpenSSL 1.1.0 and have been available since
451	.Ox 6.3 .	468	.Ox 6.3 .
		469	.Pp
		470	.Fn X509_get0_uids
		471	first appeared in OpenSSL 1.1.0 and has been available since
		472	.Ox 7.3 .