diff options
author | Damian Hobson-Garcia <dhobsong@igel.co.jp> | 2023-06-30 17:03:57 -0400 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2024-04-24 14:05:35 +0100 |
commit | b97fb22f596bfb528e69402b1bdcdf144a563918 (patch) | |
tree | d1595ff10774bf761f6889e9f2131afff8e741fa /crypto | |
parent | 62960b8710a39d58fe386a51dccbd35bd973220f (diff) |
x509_acert: Add API to sign and verify attribute certificates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/x_all.c | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/crypto/x509/x_all.c b/crypto/x509/x_all.c index 95c91a0f20..3083eb1dca 100644 --- a/crypto/x509/x_all.c +++ b/crypto/x509/x_all.c @@ -19,6 +19,7 @@ #include <openssl/asn1.h> #include <openssl/evp.h> #include <openssl/x509.h> +#include <openssl/x509_acert.h> #include <openssl/http.h> #include <openssl/rsa.h> #include <openssl/dsa.h> @@ -52,6 +53,16 @@ int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) return X509_REQ_verify_ex(a, r, NULL, NULL); } +int X509_ACERT_verify(X509_ACERT *a, EVP_PKEY *r) +{ + if (X509_ALGOR_cmp(&a->sig_alg, &a->acinfo->signature) != 0) + return 0; + + return ASN1_item_verify_ex(ASN1_ITEM_rptr(X509_ACERT_INFO), &a->sig_alg, + &a->signature, a->acinfo, + NULL, r, NULL, NULL); +} + int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) { return ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), @@ -174,6 +185,21 @@ X509_CRL *X509_CRL_load_http(const char *url, BIO *bio, BIO *rbio, int timeout) ASN1_ITEM_rptr(X509_CRL)); } +int X509_ACERT_sign(X509_ACERT *x, EVP_PKEY *pkey, const EVP_MD *md) +{ + return ASN1_item_sign_ex(ASN1_ITEM_rptr(X509_ACERT_INFO), &x->sig_alg, + &x->acinfo->signature, + &x->signature, x->acinfo, NULL, + pkey, md, NULL, NULL); +} + +int X509_ACERT_sign_ctx(X509_ACERT *x, EVP_MD_CTX *ctx) +{ + return ASN1_item_sign_ctx(ASN1_ITEM_rptr(X509_ACERT_INFO), + &x->sig_alg, &x->acinfo->signature, &x->signature, + &x->acinfo, ctx); +} + int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) { return |