Add support for freshest CRL extension.

diff --git a/CHANGES b/CHANGES
index 15ad43999041ec60a1aa6a125eb3890218f30830..654537ee3e94cf06c3c58b5151299ff56d97dfb3 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,11 @@
 
  Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 
 
  Changes between 0.9.8i and 0.9.9  [xx XXX xxxx]
 

+  *) Support for freshest CRL extension.
+
+     This work was sponsored by Google.
+     [Steve Henson]
+

   *) Initial indirect CRL support. Currently only supported in the CRLs
      passed directly and not via lookup. Process certificate issuer
      CRL entry extension and lookup CRL entries by bother issuer name
   *) Initial indirect CRL support. Currently only supported in the CRLs
      passed directly and not via lookup. Process certificate issuer
      CRL entry extension and lookup CRL entries by bother issuer name

diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 77f45227817c43f8815cd486349fa97591bdfacd..857b71a363f4802658450626400500186afaa699 100644 (file)
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
  * [including the GNU Public Licence.]
  */
 
  * [including the GNU Public Licence.]
  */
 

-#define NUM_NID 857
-#define NUM_SN 850
-#define NUM_LN 850
-#define NUM_OBJ 804
+#define NUM_NID 858
+#define NUM_SN 851
+#define NUM_LN 851
+#define NUM_OBJ 805

 
 

-static const unsigned char lvalues[5711]={
+static const unsigned char lvalues[5714]={

 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */


@@ -872,6 +872,7 @@ static const unsigned char lvalues[5711]={
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x03,0x04,     /* [5685] OBJ_id_GostR3411_94_with_GostR3410_2001_cc */
 0x2A,0x85,0x03,0x02,0x09,0x01,0x08,0x01,     /* [5693] OBJ_id_GostR3410_2001_ParamSet_cc */
 0x2B,0x06,0x01,0x04,0x01,0x82,0x37,0x11,0x02,/* [5701] OBJ_LocalKeySet */

+0x55,0x1D,0x2E,                              /* [5710] OBJ_freshest_crl */

 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={
 };
 
 static const ASN1_OBJECT nid_objs[NUM_NID]={


@@ -2256,6 +2257,8 @@ static const ASN1_OBJECT nid_objs[NUM_NID]={
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
        &(lvalues[5701]),0},
 {"HMAC","hmac",NID_hmac,0,NULL,0},
 {"LocalKeySet","Microsoft Local Key set",NID_LocalKeySet,9,
        &(lvalues[5701]),0},

+{"freshestCRL","X509v3 Freshest CRL",NID_freshest_crl,3,
+       &(lvalues[5710]),0},

 };
 
 static const unsigned int sn_objs[NUM_SN]={
 };
 
 static const unsigned int sn_objs[NUM_SN]={


@@ -2534,6 +2537,7 @@ static const unsigned int sn_objs[NUM_SN]={
 126,   /* "extendedKeyUsage" */
 372,   /* "extendedStatus" */
 462,   /* "favouriteDrink" */
 126,   /* "extendedKeyUsage" */
 372,   /* "extendedStatus" */
 462,   /* "favouriteDrink" */

+857,   /* "freshestCRL" */

 453,   /* "friendlyCountry" */
 490,   /* "friendlyCountryName" */
 156,   /* "friendlyName" */
 453,   /* "friendlyCountry" */
 490,   /* "friendlyCountryName" */
 156,   /* "friendlyName" */


@@ -3230,6 +3234,7 @@ static const unsigned int ln_objs[NUM_LN]={
 89,    /* "X509v3 Certificate Policies" */
 140,   /* "X509v3 Delta CRL Indicator" */
 126,   /* "X509v3 Extended Key Usage" */
 89,    /* "X509v3 Certificate Policies" */
 140,   /* "X509v3 Delta CRL Indicator" */
 126,   /* "X509v3 Extended Key Usage" */

+857,   /* "X509v3 Freshest CRL" */

 748,   /* "X509v3 Inhibit Any Policy" */
 86,    /* "X509v3 Issuer Alternative Name" */
 770,   /* "X509v3 Issuing Distrubution Point" */
 748,   /* "X509v3 Inhibit Any Policy" */
 86,    /* "X509v3 Issuer Alternative Name" */
 770,   /* "X509v3 Issuing Distrubution Point" */


@@ -4029,6 +4034,7 @@ static const unsigned int obj_objs[NUM_OBJ]={
 90,    /* OBJ_authority_key_identifier     2 5 29 35 */
 401,   /* OBJ_policy_constraints           2 5 29 36 */
 126,   /* OBJ_ext_key_usage                2 5 29 37 */
 90,    /* OBJ_authority_key_identifier     2 5 29 35 */
 401,   /* OBJ_policy_constraints           2 5 29 36 */
 126,   /* OBJ_ext_key_usage                2 5 29 37 */

+857,   /* OBJ_freshest_crl                 2 5 29 46 */

 748,   /* OBJ_inhibit_any_policy           2 5 29 54 */
 402,   /* OBJ_target_information           2 5 29 55 */
 403,   /* OBJ_no_rev_avail                 2 5 29 56 */
 748,   /* OBJ_inhibit_any_policy           2 5 29 54 */
 402,   /* OBJ_target_information           2 5 29 55 */
 403,   /* OBJ_no_rev_avail                 2 5 29 56 */

diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h
index 05fcbe7aa1f22b5ff3f6179c2b4b8adb054a2275..81d1dd711b6a73c99d33365d1fd8469066023d86 100644 (file)
--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -2235,6 +2235,11 @@
 #define NID_ext_key_usage              126
 #define OBJ_ext_key_usage              OBJ_id_ce,37L
 
 #define NID_ext_key_usage              126
 #define OBJ_ext_key_usage              OBJ_id_ce,37L
 

+#define SN_freshest_crl                "freshestCRL"
+#define LN_freshest_crl                "X509v3 Freshest CRL"
+#define NID_freshest_crl               857
+#define OBJ_freshest_crl               OBJ_id_ce,46L
+

 #define SN_inhibit_any_policy          "inhibitAnyPolicy"
 #define LN_inhibit_any_policy          "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy         748
 #define SN_inhibit_any_policy          "inhibitAnyPolicy"
 #define LN_inhibit_any_policy          "X509v3 Inhibit Any Policy"
 #define NID_inhibit_any_policy         748

diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index 53c9cb0d6ae6a7a432daad95a34a710a0c48b55f..29d490b1fdaf723a902fee2c5d4369f260d2aaed 100644 (file)
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -854,3 +854,4 @@ id_GostR3411_94_with_GostR3410_2001_cc              853
 id_GostR3410_2001_ParamSet_cc          854
 hmac           855
 LocalKeySet            856
 id_GostR3410_2001_ParamSet_cc          854
 hmac           855
 LocalKeySet            856

+freshest_crl           857

diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index e009702e553a744864614e184814a480cfaeaccb..5129ed9d27780f9354a027a46fa5ea612009e577 100644 (file)
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -726,6 +726,8 @@ id-ce 35            : authorityKeyIdentifier : X509v3 Authority Key Identifier
 id-ce 36               : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37               : extendedKeyUsage      : X509v3 Extended Key Usage
 id-ce 36               : policyConstraints     : X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37               : extendedKeyUsage      : X509v3 Extended Key Usage

+!Cname freshest-crl
+id-ce 46               : freshestCRL           : X509v3 Freshest CRL

 !Cname inhibit-any-policy
 id-ce 54               : inhibitAnyPolicy      : X509v3 Inhibit Any Policy
 !Cname target-information
 !Cname inhibit-any-policy
 id-ce 54               : inhibitAnyPolicy      : X509v3 Inhibit Any Policy
 !Cname target-information

diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index be3aaee99d1146f0fed42d8ca4b3b033db08edc3..59837a44be5cf23e0ae939c9d0e7b18b765f1da6 100644 (file)
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -61,7 +61,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;
 extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate;

-extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld;
+extern X509V3_EXT_METHOD v3_delta_crl, v3_cpols, v3_crld, v3_freshest_crl;

 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;
 extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold, v3_pci;


@@ -123,6 +123,7 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_inhibit_anyp,
 &v3_idp,
 &v3_alt[2],
 &v3_inhibit_anyp,
 &v3_idp,
 &v3_alt[2],

+&v3_freshest_crl,

 };
 
 /* Number of standard extensions */
 };
 
 /* Number of standard extensions */

diff --git a/crypto/x509v3/v3_crld.c b/crypto/x509v3/v3_crld.c
index 4d06ea664e7468825126c35d0b38566370e779dc..001edec39a446f6f318ef93971068d5268639f0f 100644 (file)
--- a/crypto/x509v3/v3_crld.c
+++ b/crypto/x509v3/v3_crld.c
@@ -79,6 +79,17 @@ const X509V3_EXT_METHOD v3_crld =
        NULL
        };
 
        NULL
        };
 

+const X509V3_EXT_METHOD v3_freshest_crl =
+       {
+       NID_freshest_crl, 0, ASN1_ITEM_ref(CRL_DIST_POINTS),
+       0,0,0,0,
+       0,0,
+       0,
+       v2i_crld,
+       i2r_crldp,0,
+       NULL
+       };
+

 static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
        {
        STACK_OF(CONF_VALUE) *gnsect;
 static STACK_OF(GENERAL_NAME) *gnames_from_sectname(X509V3_CTX *ctx, char *sect)
        {
        STACK_OF(CONF_VALUE) *gnsect;