mirror of
https://github.com/openssl/openssl.git
synced 2024-11-23 10:03:32 +08:00
feat: support the authorityAttributeIdentifier X.509v3 extension
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/25244)
This commit is contained in:
parent
ad1d0cc999
commit
a6e0d6d5c0
@ -17,7 +17,7 @@ SOURCE[../../libcrypto]=\
|
||||
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \
|
||||
v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c \
|
||||
x509_acert.c x509aset.c t_acert.c x_ietfatt.c v3_ac_tgt.c v3_sda.c \
|
||||
v3_usernotice.c v3_battcons.c v3_audit_id.c v3_iobo.c
|
||||
v3_usernotice.c v3_battcons.c v3_audit_id.c v3_iobo.c v3_authattid.c
|
||||
|
||||
IF[{- !$disabled{'deprecated-3.0'} -}]
|
||||
SOURCE[../../libcrypto]=x509type.c
|
||||
|
@ -42,3 +42,4 @@ extern const X509V3_EXT_METHOD ossl_v3_user_notice;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_battcons;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_audit_identity;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_issued_on_behalf_of;
|
||||
extern const X509V3_EXT_METHOD ossl_v3_authority_attribute_identifier;
|
||||
|
@ -76,6 +76,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
|
||||
&ossl_v3_issuer_sign_tool,
|
||||
&ossl_v3_tls_feature,
|
||||
&ossl_v3_ext_admission,
|
||||
&ossl_v3_authority_attribute_identifier,
|
||||
&ossl_v3_battcons,
|
||||
&ossl_v3_delegated_name_constraints,
|
||||
&ossl_v3_user_notice,
|
||||
|
80
crypto/x509/v3_authattid.c
Normal file
80
crypto/x509/v3_authattid.c
Normal file
@ -0,0 +1,80 @@
|
||||
/*
|
||||
* Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
*
|
||||
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
* this file except in compliance with the License. You can obtain a copy
|
||||
* in the file LICENSE in the source distribution or at
|
||||
* https://www.openssl.org/source/license.html
|
||||
*/
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/x509v3.h>
|
||||
#include <crypto/x509_acert.h>
|
||||
#include <openssl/x509_acert.h>
|
||||
#include "crypto/asn1.h"
|
||||
#include "ext_dat.h"
|
||||
|
||||
DECLARE_ASN1_ITEM(OSSL_ISSUER_SERIAL)
|
||||
|
||||
ASN1_ITEM_TEMPLATE(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX) =
|
||||
ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX, OSSL_ISSUER_SERIAL)
|
||||
ASN1_ITEM_TEMPLATE_END(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX)
|
||||
|
||||
IMPLEMENT_ASN1_FUNCTIONS(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX)
|
||||
|
||||
static int i2r_ISSUER_SERIAL(X509V3_EXT_METHOD *method,
|
||||
OSSL_ISSUER_SERIAL *iss,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
if (iss->issuer != NULL) {
|
||||
BIO_printf(out, "%*sIssuer Names:\n", indent, "");
|
||||
OSSL_GENERAL_NAMES_print(out, iss->issuer, indent);
|
||||
BIO_puts(out, "\n");
|
||||
} else {
|
||||
BIO_printf(out, "%*sIssuer Names: <none>\n", indent, "");
|
||||
}
|
||||
BIO_printf(out, "%*sIssuer Serial: ", indent, "");
|
||||
if (i2a_ASN1_INTEGER(out, &(iss->serial)) <= 0)
|
||||
return 0;
|
||||
BIO_puts(out, "\n");
|
||||
if (iss->issuerUID != NULL) {
|
||||
BIO_printf(out, "%*sIssuer UID: ", indent, "");
|
||||
if (i2a_ASN1_STRING(out, iss->issuerUID, V_ASN1_BIT_STRING) <= 0)
|
||||
return 0;
|
||||
BIO_puts(out, "\n");
|
||||
} else {
|
||||
BIO_printf(out, "%*sIssuer UID: <none>\n", indent, "");
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
static int i2r_auth_attr_id(X509V3_EXT_METHOD *method,
|
||||
OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX *aids,
|
||||
BIO *out, int indent)
|
||||
{
|
||||
int i;
|
||||
OSSL_ISSUER_SERIAL *aid;
|
||||
|
||||
for (i = 0; i < sk_OSSL_ISSUER_SERIAL_num(aids); i++) {
|
||||
if (BIO_printf(out, "%*sIssuer-Serials:\n", indent, "") <= 0)
|
||||
return 0;
|
||||
aid = sk_OSSL_ISSUER_SERIAL_value(aids, i);
|
||||
if (i2r_ISSUER_SERIAL(method, aid, out, indent + 4) <= 0)
|
||||
return 0;
|
||||
if (BIO_puts(out, "\n") <= 0)
|
||||
return 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
const X509V3_EXT_METHOD ossl_v3_authority_attribute_identifier = {
|
||||
NID_authority_attribute_identifier, X509V3_EXT_MULTILINE,
|
||||
ASN1_ITEM_ref(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX),
|
||||
0, 0, 0, 0,
|
||||
0,
|
||||
0,
|
||||
0, 0,
|
||||
(X509V3_EXT_I2R)i2r_auth_attr_id,
|
||||
0,
|
||||
NULL
|
||||
};
|
@ -189,4 +189,11 @@ DECLARE_ASN1_FUNCTIONS(OSSL_TARGET)
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_TARGETS)
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_TARGETING_INFORMATION)
|
||||
|
||||
typedef STACK_OF(OSSL_ISSUER_SERIAL) OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX;
|
||||
DECLARE_ASN1_FUNCTIONS(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX)
|
||||
|
||||
{-
|
||||
generate_stack_macros("OSSL_ISSUER_SERIAL");
|
||||
-}
|
||||
|
||||
#endif
|
||||
|
@ -5734,3 +5734,8 @@ EVP_CIPHER_CTX_get_algor 5861 3_4_0 EXIST::FUNCTION:
|
||||
EVP_PKEY_CTX_set_algor_params 5862 3_4_0 EXIST::FUNCTION:
|
||||
EVP_PKEY_CTX_get_algor_params 5863 3_4_0 EXIST::FUNCTION:
|
||||
EVP_PKEY_CTX_get_algor 5864 3_4_0 EXIST::FUNCTION:
|
||||
d2i_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX ? 3_5_0 EXIST::FUNCTION:
|
||||
i2d_OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX ? 3_5_0 EXIST::FUNCTION:
|
||||
OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_free ? 3_5_0 EXIST::FUNCTION:
|
||||
OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_new ? 3_5_0 EXIST::FUNCTION:
|
||||
OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX_it ? 3_5_0 EXIST::FUNCTION:
|
||||
|
Loading…
Reference in New Issue
Block a user