The branch OpenSSL_1_1_0-stable has been updated
       via  058f12b7266a21f04893e88d8240b81e7c51fcd5 (commit)
      from  c99eaf2135c9c3ff5a00dccd00d332c0c5351776 (commit)


- Log -----------------------------------------------------------------
commit 058f12b7266a21f04893e88d8240b81e7c51fcd5
Author: Massimiliano Pala <direc...@openca.org>
Date:   Mon Feb 19 15:47:02 2018 -0500

    Add X509_get0_authority_key_id() function
    
    This function makes it easier to retrieve a reference to the
    authority key identifier (akid->keyid) inside a certificate.
    
    Reviewed-by: Matt Caswell <m...@openssl.org>
    Reviewed-by: Rich Salz <rs...@openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/5271)
    
    (cherry picked from commit b383aa2081467e8d49c3362d295da7bd5cb4e1d8)

-----------------------------------------------------------------------

Summary of changes:
 crypto/x509v3/v3_purp.c                 | 7 +++++++
 doc/crypto/X509_get_extension_flags.pod | 6 ++++++
 include/openssl/x509v3.h                | 1 +
 util/libcrypto.num                      | 1 +
 4 files changed, 15 insertions(+)

diff --git a/crypto/x509v3/v3_purp.c b/crypto/x509v3/v3_purp.c
index fa5c425..9030d53 100644
--- a/crypto/x509v3/v3_purp.c
+++ b/crypto/x509v3/v3_purp.c
@@ -847,6 +847,13 @@ const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
     return x->skid;
 }
 
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x)
+{
+    /* Call for side-effect of computing hash and caching extensions */
+    X509_check_purpose(x, -1, -1);
+    return (x->akid != NULL ? x->akid->keyid : NULL);
+}
+
 long X509_get_pathlen(X509 *x)
 {
     /* Called for side effect of caching extensions */
diff --git a/doc/crypto/X509_get_extension_flags.pod 
b/doc/crypto/X509_get_extension_flags.pod
index c78e457..4a25560 100644
--- a/doc/crypto/X509_get_extension_flags.pod
+++ b/doc/crypto/X509_get_extension_flags.pod
@@ -3,6 +3,7 @@
 =head1 NAME
 
 X509_get0_subject_key_id,
+X509_get0_authority_key_id,
 X509_get_pathlen,
 X509_get_extension_flags,
 X509_get_key_usage,
@@ -20,6 +21,7 @@ X509_get_proxy_pathlen - retrieve certificate extension data
    uint32_t X509_get_key_usage(X509 *x);
    uint32_t X509_get_extended_key_usage(X509 *x);
    const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+   const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
    void X509_set_proxy_flag(X509 *x);
    void X509_set_proxy_pathlen(int l);
    long X509_get_proxy_pathlen(X509 *x);
@@ -109,6 +111,10 @@ X509_get0_subject_key_id() returns an internal pointer to 
the subject key
 identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
 is not present or cannot be parsed.
 
+X509_get0_authority_key_id() returns an internal pointer to the authority key
+identifier of B<x> as an B<ASN1_OCTET_STRING> or B<NULL> if the extension
+is not present or cannot be parsed.
+
 X509_set_proxy_flag() marks the certificate with the B<EXFLAG_PROXY> flag.
 This is for the users who need to mark non-RFC3820 proxy certificates as
 such, as OpenSSL only detects RFC3820 compliant ones.
diff --git a/include/openssl/x509v3.h b/include/openssl/x509v3.h
index 533a38d..bc23307 100644
--- a/include/openssl/x509v3.h
+++ b/include/openssl/x509v3.h
@@ -658,6 +658,7 @@ uint32_t X509_get_extension_flags(X509 *x);
 uint32_t X509_get_key_usage(X509 *x);
 uint32_t X509_get_extended_key_usage(X509 *x);
 const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
+const ASN1_OCTET_STRING *X509_get0_authority_key_id(X509 *x);
 
 int X509_PURPOSE_get_count(void);
 X509_PURPOSE *X509_PURPOSE_get0(int idx);
diff --git a/util/libcrypto.num b/util/libcrypto.num
index 05c66e9..8414d97 100644
--- a/util/libcrypto.num
+++ b/util/libcrypto.num
@@ -4233,3 +4233,4 @@ ZINT64_it                               4215      1_1_0f  
EXIST:EXPORT_VAR_AS_FUNCTION
 CRYPTO_secure_clear_free                4315   1_1_0g  EXIST::FUNCTION:
 EVP_PKEY_set1_engine                    4347   1_1_0g  EXIST::FUNCTION:ENGINE
 OCSP_resp_get0_signer                   4374   1_1_0h  EXIST::FUNCTION:OCSP
+X509_get0_authority_key_id              4448   1_1_0h  EXIST::FUNCTION:
_____
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

Reply via email to