Add support for freshest CRL extension.
authorDr. Stephen Henson <steve@openssl.org>
Wed, 27 Aug 2008 15:52:05 +0000 (15:52 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Wed, 27 Aug 2008 15:52:05 +0000 (15:52 +0000)
CHANGES
crypto/objects/obj_dat.h
crypto/objects/obj_mac.h
crypto/objects/obj_mac.num
crypto/objects/objects.txt
crypto/x509v3/ext_dat.h
crypto/x509v3/v3_crld.c

diff --git a/CHANGES b/CHANGES
index 15ad439..654537e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 
 
  Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 
+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+
   *) Initial indirect CRL support. Currently only supported in the CRLs
      passed directly and not via lookup. Process certificate issuer
      CRL entry extension and lookup CRL entries by bother issuer name
   *) Initial indirect CRL support. Currently only supported in the CRLs
      passed directly and not via lookup. Process certificate issuer
      CRL entry extension and lookup CRL entries by bother issuer name
index 77f4522..857b71a 100644 (file)
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 
-#define NUM_NID 857
-#define NUM_SN 850
-#define NUM_LN 850
-#define NUM_OBJ 804
+#define NUM_NID 858
+#define NUM_SN 851
+#define NUM_LN 851
+#define NUM_OBJ 805
 
 
-static const unsigned char lvalues[5711]={
+static const unsigned char lvalues[5714]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -872,6 +872,7 @@ static const unsigned char lvalues[5711]={
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
+0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
@@ -2256,6 +2257,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
        &(lvalues[5701]),0},
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
        &(lvalues[5701]),0},
+{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
+       &(lvalues[5710]),0},
 };
 
 static const unsigned int sn_objs[NUM_SN]={
 };
 
 static const unsigned int sn_objs[NUM_SN]={
@@ -2534,6 +2537,7 @@ static const unsigned int sn_objs[NUM_SN]={
 126,   /* "extendedKeyUsage" */
 372,   /* "extendedStatus" */
 462,   /* "favouriteDrink" */
 126,   /* "extendedKeyUsage" */
 372,   /* "extendedStatus" */
 462,   /* "favouriteDrink" */
+857,   /* "freshestCRL" */
 453,   /* "friendlyCountry" */
 490,   /* "friendlyCountryName" */
 156,   /* "friendlyName" */
 453,   /* "friendlyCountry" */
 490,   /* "friendlyCountryName" */
 156,   /* "friendlyName" */
@@ -3230,6 +3234,7 @@ static const unsigned int ln_objs[NUM_LN]={
 89,    /* "X509v3 Certificate Policies" */
 140,   /* "X509v3 Delta CRL Indicator" */
 126,   /* "X509v3 Extended Key Usage" */
 89,    /* "X509v3 Certificate Policies" */
 140,   /* "X509v3 Delta CRL Indicator" */
 126,   /* "X509v3 Extended Key Usage" */
+857,   /* "X509v3 Freshest CRL" */
 748,   /* "X509v3 Inhibit Any Policy" */
 86,    /* "X509v3 Issuer Alternative Name" */
 770,   /* "X509v3 Issuing Distrubution Point" */
 748,   /* "X509v3 Inhibit Any Policy" */
 86,    /* "X509v3 Issuer Alternative Name" */
 770,   /* "X509v3 Issuing Distrubution Point" */
@@ -4029,6 +4034,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 90,    /* OBJ_authority_key_identifier     2 5 29 35 */
 401,   /* OBJ_policy_constraints           2 5 29 36 */
 126,   /* OBJ_ext_key_usage                2 5 29 37 */
 90,    /* OBJ_authority_key_identifier     2 5 29 35 */
 401,   /* OBJ_policy_constraints           2 5 29 36 */
 126,   /* OBJ_ext_key_usage                2 5 29 37 */
+857,   /* OBJ_freshest_crl                 2 5 29 46 */
 748,   /* OBJ_inhibit_any_policy           2 5 29 54 */
 402,   /* OBJ_target_information           2 5 29 55 */
 403,   /* OBJ_no_rev_avail                 2 5 29 56 */
 748,   /* OBJ_inhibit_any_policy           2 5 29 54 */
 402,   /* OBJ_target_information           2 5 29 55 */
 403,   /* OBJ_no_rev_avail                 2 5 29 56 */
index 05fcbe7..81d1dd7 100644 (file)
 #define NID_ext_key_usage              126
 #define OBJ_ext_key_usage              OBJ_id_ce,37L
 
 #define NID_ext_key_usage              126
 #define OBJ_ext_key_usage              OBJ_id_ce,37L
 
+#define SN_freshest_crl                "freshestCRL"
+#define LN_freshest_crl                "X509v3 Freshest CRL"
+#define NID_freshest_crl               857
+#define OBJ_freshest_crl               OBJ_id_ce,46L
+
 #define SN_inhibit_any_policy          "inhibitAnyPolicy"
 #define LN_inhibit_any_policy          "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy         748
 #define SN_inhibit_any_policy          "inhibitAnyPolicy"
 #define LN_inhibit_any_policy          "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy         748
index 53c9cb0..29d490b 100644 (file)
@@ -854,3 +854,4 @@ id_GostR3411_94_with_GostR3410_2001_cc              853
 id_GostR3410_2001_ParamSet_cc          854
 hmac           855
 LocalKeySet            856
 id_GostR3410_2001_ParamSet_cc          854
 hmac           855
 LocalKeySet            856
+freshest_crl           857
index e009702..5129ed9 100644 (file)
@@ -726,6 +726,8 @@ id-ce 35            : authorityKeyIdentifier : X509v3 Authority Key Identifier
 id-ce 36               : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37               : extendedKeyUsage      : X509v3 Extended Key Usage
 id-ce 36               : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37               : extendedKeyUsage      : X509v3 Extended Key Usage
+!Cname freshest-crl
+id-ce 46               : freshestCRL           : X509v3 Freshest CRL
 !Cname inhibit-any-policy
 id-ce 54               : inhibitAnyPolicy      : X509v3 Inhibit Any Policy
 !Cname target-information
 !Cname inhibit-any-policy
 id-ce 54               : inhibitAnyPolicy      : X509v3 Inhibit Any Policy
 !Cname target-information
index be3aaee..59837a4 100644 (file)
@@ -61,7 +61,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
@@ -123,6 +123,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_inhibit_anyp,
 &v3_idp,
 &v3_alt[2],
 &v3_inhibit_anyp,
 &v3_idp,
 &v3_alt[2],
+&v3_freshest_crl,
 };
 
 /* Number of standard extensions */
 };
 
 /* Number of standard extensions */
index 4d06ea6..001edec 100644 (file)
@@ -79,6 +79,17 @@ const X509V3_EXT_METHOD v3_crld =
        NULL
        };
 
        NULL
        };
 
+const X509V3_EXT_METHOD v3_freshest_crl =
+       {
+       NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+       0,0,0,0,
+       0,0,
+       0,
+       v2i_crld,
+       i2r_crldp,0,
+       NULL
+       };
+
 static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
        {
        STACK_OF(CONF_VALUE) *gnsect;
 static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
        {
        STACK_OF(CONF_VALUE) *gnsect;