提交 d19a50c9 编写于 作者: D Dr. Stephen Henson

New function X509_get0_subject_key_id()

Reviewed-by: NRich Salz <rsalz@openssl.org>
上级 2c81e476
......@@ -585,10 +585,11 @@ int cms_ias_cert_cmp(CMS_IssuerAndSerialNumber *ias, X509 *cert)
int cms_keyid_cert_cmp(ASN1_OCTET_STRING *keyid, X509 *cert)
{
X509_check_purpose(cert, -1, -1);
if (!cert->skid)
const ASN1_OCTET_STRING *cert_keyid = X509_get0_subject_key_id(cert);
if (cert_keyid == NULL)
return -1;
return ASN1_OCTET_STRING_cmp(keyid, cert->skid);
return ASN1_OCTET_STRING_cmp(keyid, cert_keyid);
}
int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
......@@ -613,12 +614,13 @@ int cms_set1_ias(CMS_IssuerAndSerialNumber **pias, X509 *cert)
int cms_set1_keyid(ASN1_OCTET_STRING **pkeyid, X509 *cert)
{
ASN1_OCTET_STRING *keyid = NULL;
X509_check_purpose(cert, -1, -1);
if (!cert->skid) {
const ASN1_OCTET_STRING *cert_keyid;
cert_keyid = X509_get0_subject_key_id(cert);
if (cert_keyid == NULL) {
CMSerr(CMS_F_CMS_SET1_KEYID, CMS_R_CERTIFICATE_HAS_NO_KEYID);
return 0;
}
keyid = ASN1_STRING_dup(cert->skid);
keyid = ASN1_STRING_dup(cert_keyid);
if (!keyid) {
CMSerr(CMS_F_CMS_SET1_KEYID, ERR_R_MALLOC_FAILURE);
return 0;
......
......@@ -62,6 +62,7 @@
#include "internal/numbers.h"
#include <openssl/x509v3.h>
#include <openssl/x509_vfy.h>
#include "internal/x509_int.h"
static void x509v3_cache_extensions(X509 *x);
......@@ -868,3 +869,9 @@ uint32_t X509_get_extended_key_usage(X509 *x)
return x->ex_xkusage;
return UINT32_MAX;
}
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x)
{
X509_check_purpose(x, -1, -1);
return x->skid;
}
......@@ -700,6 +700,7 @@ int X509_check_akid(X509 *issuer, AUTHORITY_KEYID *akid);
uint32_t X509_get_extension_flags(X509 *x);
uint32_t X509_get_key_usage(X509 *x);
uint32_t X509_get_extended_key_usage(X509 *x);
const ASN1_OCTET_STRING *X509_get0_subject_key_id(X509 *x);
int X509_PURPOSE_get_count(void);
X509_PURPOSE *X509_PURPOSE_get0(int idx);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册