Commit 058f12b7 authored by Massimiliano Pala's avatar Massimiliano Pala Committed by Rich Salz
Browse files

Add X509_get0_authority_key_id() function 



This function makes it easier to retrieve a reference to the
authority key identifier (akid->keyid) inside a certificate.

Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5271)

(cherry picked from commit b383aa20)
parent c99eaf21

crypto/x509v3/v3_purp.c

+7 −0
Original line number Diff line number Diff line
@@ -847,6 +847,13 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x) 
    return x->skid;

}



const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)

{

    /* Call for side-effect of computing hash and caching extensions */

    X509_check_purpose(x, -1, -1);

    return (x->akid != NULL ? x->akid->keyid : NULL);

}



long X509_get_pathlen(X509 *x)

{

    /* Called for side effect of caching extensions */

doc/crypto/X509_get_extension_flags.pod

+6 −0
Original line number Diff line number Diff line
@@ -3,6 +3,7 @@ 
=head1 NAME



X509_get0_subject_key_id,

X509_get0_authority_key_id,

X509_get_pathlen,

X509_get_extension_flags,

X509_get_key_usage,
@@ -20,6 +21,7 @@ X509_get_proxy_pathlen - retrieve certificate extension data 
   uint32_t X509_get_key_usage(X509 *x);

   uint32_t X509_get_extended_key_usage(X509 *x);

   const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);

   const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);

   void X509_set_proxy_flag(X509 *x);

   void X509_set_proxy_pathlen(int l);

   long X509_get_proxy_pathlen(X509 *x);
@@ -109,6 +111,10 @@ X509_get0_subject_key_id() returns an internal pointer to the subject key 
identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension

is not present or cannot be parsed.



X509_get0_authority_key_id() returns an internal pointer to the authority key

identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension

is not present or cannot be parsed.



X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.

This is for the users who need to mark non-RFC3820 proxy certificates as

such, as OpenSSL only detects RFC3820 compliant ones.

include/openssl/x509v3.h

+1 −0
Original line number Diff line number Diff line
@@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x); 
uint32_t X509_get_key_usage(X509 *x);

uint32_t X509_get_extended_key_usage(X509 *x);

const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);

const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);



int X509_PURPOSE_get_count(void);

X509_PURPOSE *X509_PURPOSE_get0(int idx);

util/libcrypto.num

+1 −0
Original line number Diff line number Diff line
@@ -4233,3 +4233,4 @@ ZINT64_it 4215 1_1_0f EXIST:EXPORT_VAR_AS_FUNCTION 
CRYPTO_secure_clear_free                4315	1_1_0g	EXIST::FUNCTION:

EVP_PKEY_set1_engine                    4347	1_1_0g	EXIST::FUNCTION:ENGINE

OCSP_resp_get0_signer                   4374	1_1_0h	EXIST::FUNCTION:OCSP

X509_get0_authority_key_id              4448	1_1_0h	EXIST::FUNCTION: