From: Dr. Stephen Henson Date: Tue, 23 Nov 1999 18:50:28 +0000 (+0000) Subject: Support for authority information access extension. X-Git-Tag: OpenSSL_0_9_5beta1~411 X-Git-Url: https://git.openssl.org/?p=openssl.git;a=commitdiff_plain;h=6d3724d3b0e0b2dff99feb815d46ef41e65db0d2 Support for authority information access extension. Fix so EVP_PKEY_rset_*() check return codes. --- diff --git a/CHANGES b/CHANGES index 56d2c6e3c7..870847d5c5 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.4 and 0.9.5 [xx XXX 1999] + *) Support for the authority information access extension. Not + very well tested yet. + [Steve Henson] + *) Modify RSA and DSA PEM read routines to transparently handle PKCS#8 format private keys. New *_PUBKEY_* functions that handle public keys in a format compatible with certificate diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index ab89027ade..d36e868e90 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -789,6 +789,7 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_A2I_ASN1_ENUMERATED 236 #define ASN1_F_A2I_ASN1_INTEGER 101 #define ASN1_F_A2I_ASN1_STRING 102 +#define ASN1_F_ACCESS_DESCRIPTION_NEW 291 #define ASN1_F_ASN1_COLLATE_PRIMITIVE 103 #define ASN1_F_ASN1_D2I_BIO 104 #define ASN1_F_ASN1_D2I_FP 105 @@ -823,6 +824,7 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_BASIC_CONSTRAINTS_NEW 226 #define ASN1_F_BN_TO_ASN1_ENUMERATED 234 #define ASN1_F_BN_TO_ASN1_INTEGER 122 +#define ASN1_F_D2I_ACCESS_DESCRIPTION 292 #define ASN1_F_D2I_ASN1_BIT_STRING 123 #define ASN1_F_D2I_ASN1_BMPSTRING 124 #define ASN1_F_D2I_ASN1_BOOLEAN 125 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 6d11e13c3f..c322d643ef 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -69,6 +69,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, +{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0), "ACCESS_DESCRIPTION_new"}, {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, @@ -103,6 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0), "BASIC_CONSTRAINTS_new"}, {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, +{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0), "d2i_ACCESS_DESCRIPTION"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "d2i_ASN1_BIT_STRING"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0), "d2i_ASN1_BMPSTRING"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index eb592f0752..414387d2b1 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -682,10 +682,10 @@ void EVP_PBE_cleanup(void); #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 #define EVP_F_EVP_PKEY_DECRYPT 104 #define EVP_F_EVP_PKEY_ENCRYPT 105 -#define EVP_F_EVP_PKEY_GET_DH 119 -#define EVP_F_EVP_PKEY_GET_DSA 120 -#define EVP_F_EVP_PKEY_GET_RSA 121 #define EVP_F_EVP_PKEY_NEW 106 +#define EVP_F_EVP_PKEY_RGET_DH 119 +#define EVP_F_EVP_PKEY_RGET_DSA 120 +#define EVP_F_EVP_PKEY_RGET_RSA 121 #define EVP_F_EVP_SIGNFINAL 107 #define EVP_F_EVP_VERIFYFINAL 108 #define EVP_F_PKCS5_PBE_KEYIVGEN 117 diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 7d21938ec5..6ef158ca95 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -77,10 +77,10 @@ static ERR_STRING_DATA EVP_str_functs[]= {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET_DH,0), "EVP_PKEY_get_DH"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET_DSA,0), "EVP_PKEY_get_DSA"}, -{ERR_PACK(0,EVP_F_EVP_PKEY_GET_RSA,0), "EVP_PKEY_get_RSA"}, {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_DH,0), "EVP_PKEY_rget_DH"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_DSA,0), "EVP_PKEY_rget_DSA"}, +{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_RSA,0), "EVP_PKEY_rget_RSA"}, {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index 14ad90cec5..94c4047a5e 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -208,14 +208,15 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) #ifndef NO_RSA int EVP_PKEY_rset_RSA(EVP_PKEY *pkey, RSA *key) { - CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA); - return EVP_PKEY_assign_RSA(pkey, key); + int ret = EVP_PKEY_assign_RSA(pkey, key); + if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA); + return ret; } RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey) { if(pkey->type != EVP_PKEY_RSA) { - EVPerr(EVP_F_EVP_PKEY_GET_RSA, EVP_R_EXPECTING_AN_RSA_KEY); + EVPerr(EVP_F_EVP_PKEY_RGET_RSA, EVP_R_EXPECTING_AN_RSA_KEY); return NULL; } CRYPTO_add(&pkey->pkey.rsa->references, 1, CRYPTO_LOCK_RSA); @@ -226,14 +227,15 @@ RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey) #ifndef NO_DSA int EVP_PKEY_rset_DSA(EVP_PKEY *pkey, DSA *key) { - CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA); - return EVP_PKEY_assign_DSA(pkey, key); + int ret = EVP_PKEY_assign_DSA(pkey, key); + if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA); + return ret; } DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey) { if(pkey->type != EVP_PKEY_DSA) { - EVPerr(EVP_F_EVP_PKEY_GET_DSA, EVP_R_EXPECTING_A_DSA_KEY); + EVPerr(EVP_F_EVP_PKEY_RGET_DSA, EVP_R_EXPECTING_A_DSA_KEY); return NULL; } CRYPTO_add(&pkey->pkey.dsa->references, 1, CRYPTO_LOCK_DSA); @@ -245,14 +247,15 @@ DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey) int EVP_PKEY_rset_DH(EVP_PKEY *pkey, DH *key) { - CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH); - return EVP_PKEY_assign_DH(pkey, key); + int ret = EVP_PKEY_assign_DH(pkey, key); + if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH); + return ret; } DH *EVP_PKEY_rget_DH(EVP_PKEY *pkey) { if(pkey->type != EVP_PKEY_DH) { - EVPerr(EVP_F_EVP_PKEY_GET_DH, EVP_R_EXPECTING_A_DH_KEY); + EVPerr(EVP_F_EVP_PKEY_RGET_DH, EVP_R_EXPECTING_A_DH_KEY); return NULL; } CRYPTO_add(&pkey->pkey.dh->references, 1, CRYPTO_LOCK_DH); diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 88a899548d..89b134ffd3 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -61,12 +61,12 @@ * perl obj_dat.pl objects.h obj_dat.h */ -#define NUM_NID 175 -#define NUM_SN 123 -#define NUM_LN 171 -#define NUM_OBJ 146 +#define NUM_NID 180 +#define NUM_SN 128 +#define NUM_LN 174 +#define NUM_OBJ 151 -static unsigned char lvalues[1011]={ +static unsigned char lvalues[1049]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -213,6 +213,11 @@ static unsigned char lvalues[1011]={ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [995] OBJ_ext_req */ 0x55,0x04,0x29, /* [1004] OBJ_name */ 0x55,0x04,0x2E, /* [1007] OBJ_dnQualifier */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01, /* [1010] OBJ_id_pe */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30, /* [1017] OBJ_id_ad */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01, /* [1024] OBJ_info_access */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01, /* [1032] OBJ_ad_OCSP */ +0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02, /* [1040] OBJ_ad_ca_issuers */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -460,6 +465,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"extReq","Extension Request",NID_ext_req,9,&(lvalues[995]),0}, {"name","name",NID_name,3,&(lvalues[1004]),0}, {"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1007]),0}, +{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1010]),0}, +{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1017]),0}, +{"authorityInfoAccess","Authority Information Access",NID_info_access, + 8,&(lvalues[1024]),0}, +{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1032]),0}, +{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1040]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -507,6 +518,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[95]),/* "MDC2" */ &(nid_objs[57]),/* "Netscape" */ &(nid_objs[17]),/* "O" */ +&(nid_objs[178]),/* "OCSP" */ &(nid_objs[18]),/* "OU" */ &(nid_objs[127]),/* "PKIX" */ &(nid_objs[98]),/* "RC2-40-CBC" */ @@ -543,8 +555,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[102]),/* "UID" */ &(nid_objs[ 0]),/* "UNDEF" */ &(nid_objs[125]),/* "ZLIB" */ +&(nid_objs[177]),/* "authorityInfoAccess" */ &(nid_objs[90]),/* "authorityKeyIdentifier" */ &(nid_objs[87]),/* "basicConstraints" */ +&(nid_objs[179]),/* "caIssuers" */ &(nid_objs[89]),/* "certificatePolicies" */ &(nid_objs[130]),/* "clientAuth" */ &(nid_objs[131]),/* "codeSigning" */ @@ -555,7 +569,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[132]),/* "emailProtection" */ &(nid_objs[172]),/* "extReq" */ &(nid_objs[126]),/* "extendedKeyUsage" */ +&(nid_objs[176]),/* "id-ad" */ &(nid_objs[128]),/* "id-kp" */ +&(nid_objs[175]),/* "id-pe" */ &(nid_objs[164]),/* "id-qt-cps" */ &(nid_objs[165]),/* "id-qt-unotice" */ &(nid_objs[142]),/* "invalidityDate" */ @@ -589,6 +605,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ }; static ASN1_OBJECT *ln_objs[NUM_LN]={ +&(nid_objs[177]),/* "Authority Information Access" */ +&(nid_objs[179]),/* "CA Issuers" */ &(nid_objs[141]),/* "CRL Reason Code" */ &(nid_objs[131]),/* "Code Signing" */ &(nid_objs[132]),/* "E-mail Protection" */ @@ -613,6 +631,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[73]),/* "Netscape Revocation Url" */ &(nid_objs[77]),/* "Netscape SSL Server Name" */ &(nid_objs[139]),/* "Netscape Server Gated Crypto" */ +&(nid_objs[178]),/* "OCSP" */ &(nid_objs[161]),/* "PBES2" */ &(nid_objs[69]),/* "PBKDF2" */ &(nid_objs[162]),/* "PBMAC1" */ @@ -823,7 +842,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 2]),/* OBJ_pkcs 1 2 840 113549 1 */ &(nid_objs[116]),/* OBJ_dsa 1 2 840 10040 4 1 */ &(nid_objs[113]),/* OBJ_dsaWithSHA1 1 2 840 10040 4 3 */ +&(nid_objs[175]),/* OBJ_id_pe 1 3 6 1 5 5 7 1 */ &(nid_objs[128]),/* OBJ_id_kp 1 3 6 1 5 5 7 3 */ +&(nid_objs[176]),/* OBJ_id_ad 1 3 6 1 5 5 7 48 */ &(nid_objs[57]),/* OBJ_netscape 2 16 840 1 113730 */ &(nid_objs[27]),/* OBJ_pkcs3 1 2 840 113549 1 3 */ &(nid_objs[20]),/* OBJ_pkcs7 1 2 840 113549 1 7 */ @@ -835,6 +856,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[ 5]),/* OBJ_rc4 1 2 840 113549 3 4 */ &(nid_objs[44]),/* OBJ_des_ede3_cbc 1 2 840 113549 3 7 */ &(nid_objs[120]),/* OBJ_rc5_cbc 1 2 840 113549 3 8 */ +&(nid_objs[177]),/* OBJ_info_access 1 3 6 1 5 5 7 1 1 */ &(nid_objs[164]),/* OBJ_id_qt_cps 1 3 6 1 5 5 7 2 1 */ &(nid_objs[165]),/* OBJ_id_qt_unotice 1 3 6 1 5 5 7 2 2 */ &(nid_objs[129]),/* OBJ_server_auth 1 3 6 1 5 5 7 3 1 */ @@ -842,6 +864,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[131]),/* OBJ_code_sign 1 3 6 1 5 5 7 3 3 */ &(nid_objs[132]),/* OBJ_email_protect 1 3 6 1 5 5 7 3 4 */ &(nid_objs[133]),/* OBJ_time_stamp 1 3 6 1 5 5 7 3 8 */ +&(nid_objs[178]),/* OBJ_ad_OCSP 1 3 6 1 5 5 7 48 1 */ +&(nid_objs[179]),/* OBJ_ad_ca_issuers 1 3 6 1 5 5 7 48 2 */ &(nid_objs[58]),/* OBJ_netscape_cert_extension 2 16 840 1 113730 1 */ &(nid_objs[59]),/* OBJ_netscape_data_type 2 16 840 1 113730 2 */ &(nid_objs[108]),/* OBJ_cast5_cbc 1 2 840 113533 7 66 10 */ diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index bbbef901e6..d7d1c533ab 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -912,6 +912,29 @@ extern "C" { #define NID_dnQualifier 174 #define OBJ_dnQualifier OBJ_X509,46L +#define SN_id_pe "id-pe" +#define NID_id_pe 175 +#define OBJ_id_pe OBJ_id_pkix,1L + +#define SN_id_ad "id-ad" +#define NID_id_ad 176 +#define OBJ_id_ad OBJ_id_pkix,48L + +#define SN_info_access "authorityInfoAccess" +#define LN_info_access "Authority Information Access" +#define NID_info_access 177 +#define OBJ_info_access OBJ_id_pe,1L + +#define SN_ad_OCSP "OCSP" +#define LN_ad_OCSP "OCSP" +#define NID_ad_OCSP 178 +#define OBJ_ad_OCSP OBJ_id_ad,1L + +#define SN_ad_ca_issuers "caIssuers" +#define LN_ad_ca_issuers "CA Issuers" +#define NID_ad_ca_issuers 179 +#define OBJ_ad_ca_issuers OBJ_id_ad,2L + #include #include diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index a19e59615e..83bd70e313 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -24,10 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ -v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c +v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ -v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o +v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o SRC= $(LIBSRC) @@ -285,6 +285,25 @@ v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h +v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h +v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h +v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h +v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h +v3_info.o: ../cryptlib.h v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c new file mode 100644 index 0000000000..df338d1429 --- /dev/null +++ b/crypto/x509v3/v3_info.c @@ -0,0 +1,236 @@ +/* v3_info.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include "cryptlib.h" +#include +#include +#include +#include + +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + STACK_OF(ACCESS_DESCRIPTION) *ainfo, + STACK_OF(CONF_VALUE) *ret); +static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); + +X509V3_EXT_METHOD v3_info = +{ NID_info_access, X509V3_EXT_MULTILINE, +(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, +(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, +(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS, +(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS, +NULL, NULL, +(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, +(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, +NULL, NULL, NULL}; + +static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + STACK_OF(ACCESS_DESCRIPTION) *ainfo, + STACK_OF(CONF_VALUE) *ret) +{ + ACCESS_DESCRIPTION *desc; + int i; + char objtmp[80], *ntmp; + CONF_VALUE *vtmp; + for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) { + desc = sk_ACCESS_DESCRIPTION_value(ainfo, i); + ret = i2v_GENERAL_NAME(method, desc->location, ret); + if(!ret) break; + vtmp = sk_CONF_VALUE_value(ret, i); + i2t_ASN1_OBJECT(objtmp, 80, desc->method); + ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); + if(!ntmp) { + X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, + ERR_R_MALLOC_FAILURE); + return NULL; + } + strcpy(ntmp, objtmp); + strcat(ntmp, " - "); + strcat(ntmp, vtmp->name); + Free(vtmp->name); + vtmp->name = ntmp; + + } + if(!ret) return sk_CONF_VALUE_new_null(); + return ret; +} + +static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) +{ + STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; + CONF_VALUE *cnf, ctmp; + ACCESS_DESCRIPTION *acc; + int i, objlen; + char *objtmp, *ptmp; + if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + return NULL; + } + for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { + cnf = sk_CONF_VALUE_value(nval, i); + if(!(acc = ACCESS_DESCRIPTION_new()) + || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + goto err; + } + ptmp = strchr(cnf->name, ';'); + if(!ptmp) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX); + goto err; + } + objlen = ptmp - cnf->name; + ctmp.name = ptmp + 1; + ctmp.value = cnf->value; + if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) + goto err; + if(!(objtmp = Malloc(objlen + 1))) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); + goto err; + } + strncpy(objtmp, cnf->name, objlen); + objtmp[objlen] = 0; + acc->method = OBJ_txt2obj(objtmp, 0); + if(!acc->method) { + X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", objtmp); + Free(objtmp); + goto err; + } + Free(objtmp); + + } + return ainfo; + err: + sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free); + return NULL; +} + +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); + M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT); + M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME); + + M_ASN1_I2D_finish(); +} + +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void) +{ + ACCESS_DESCRIPTION *ret=NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION); + ret->method = OBJ_nid2obj(NID_undef); + ret->location = NULL; + return (ret); + M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW); +} + +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, + long length) +{ + M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new); + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT); + M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME); + M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION); +} + +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) +{ + if (a == NULL) return; + ASN1_OBJECT_free(a->method); + GENERAL_NAME_free(a->location); + Free ((char *)a); +} + +STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new() +{ + return sk_ACCESS_DESCRIPTION_new(NULL); +} + +void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a) +{ + sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free); +} + +STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, + unsigned char **pp, long length) +{ +return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION, + ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); +} + +int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp) +{ +return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE, + V_ASN1_UNIVERSAL, IS_SEQUENCE); +} + +IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION) +IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION) + + diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 6219d27883..edf7a960b3 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -140,7 +140,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext) } extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; +extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; @@ -158,6 +158,7 @@ int X509V3_add_standard_extensions(void) X509V3_EXT_add(&v3_pkey_usage_period); X509V3_EXT_add(&v3_crl_num); X509V3_EXT_add(&v3_sxnet); + X509V3_EXT_add(&v3_info); X509V3_EXT_add(&v3_crl_reason); X509V3_EXT_add(&v3_cpols); X509V3_EXT_add(&v3_crld); diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 6c233d2cc3..b7d4e350c4 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -72,6 +72,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, +{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, @@ -87,6 +88,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, +{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, @@ -133,6 +135,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]= {X509V3_R_INVALID_OPTION ,"invalid option"}, {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, {X509V3_R_INVALID_SECTION ,"invalid section"}, +{X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, {X509V3_R_MISSING_VALUE ,"missing value"}, {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 82c5ca78ca..988cdb8d95 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -178,9 +178,17 @@ union { } d; } GENERAL_NAME; +typedef struct ACCESS_DESCRIPTION_st { +ASN1_OBJECT *method; +GENERAL_NAME *location; +} ACCESS_DESCRIPTION; + DECLARE_STACK_OF(GENERAL_NAME) DECLARE_ASN1_SET_OF(GENERAL_NAME) +DECLARE_STACK_OF(ACCESS_DESCRIPTION) +DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) + typedef struct DIST_POINT_NAME_st { /* NB: this is a CHOICE type and only one of these should be set */ STACK_OF(GENERAL_NAME) *fullname; @@ -439,6 +447,20 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a); DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, long length); +int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp); +ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void); +void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a); +ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, + long length); + +STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(); +void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a); +STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, + unsigned char **pp, long length); +int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp); + + + #ifdef HEADER_CONF_H GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); void X509V3_conf_free(CONF_VALUE *val); @@ -522,6 +544,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *); #define X509V3_F_HEX_TO_STRING 111 #define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 +#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 #define X509V3_F_NOTICE_SECTION 132 #define X509V3_F_NREF_NOS 133 #define X509V3_F_POLICY_SECTION 131 @@ -537,6 +560,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *); #define X509V3_F_SXNET_ADD_ID_ULONG 127 #define X509V3_F_SXNET_GET_ID_ASC 128 #define X509V3_F_SXNET_GET_ID_ULONG 129 +#define X509V3_F_V2I_ACCESS_DESCRIPTION 139 #define X509V3_F_V2I_ASN1_BIT_STRING 101 #define X509V3_F_V2I_AUTHORITY_KEYID 119 #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 @@ -580,6 +604,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *); #define X509V3_R_INVALID_OPTION 138 #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 #define X509V3_R_INVALID_SECTION 135 +#define X509V3_R_INVALID_SYNTAX 143 #define X509V3_R_ISSUER_DECODE_ERROR 126 #define X509V3_R_MISSING_VALUE 124 #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 diff --git a/util/libeay.num b/util/libeay.num index a7003bd1a5..399165d0bf 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -2048,3 +2048,31 @@ PEM_write_RSA_PUBKEY 2072 EVP_PKEY_rset_DH 2073 i2d_RSA_PUBKEY_fp 2074 PEM_write_bio_PUBKEY 2075 +sk_ACCESS_DESCRIPTION_shift 2076 +d2i_AUTHORITY_INFO_ACCESS 2077 +sk_ACCESS_DESCRIPTION_delete 2078 +ACCESS_DESCRIPTION_new 2079 +d2i_ACCESS_DESCRIPTION 2080 +sk_ACCESS_DESCRIPTION_set 2081 +i2d_ASN1_SET_OF_ACCESS_DESCRIPTION 2082 +sk_ACCESS_DESCRIPTION_free 2083 +sk_ACCESS_DESCRIPTION_value 2084 +sk_ACCESS_DESCRIPTION_unshift 2085 +sk_ACCESS_DESCRIPTION_pop_free 2086 +ACCESS_DESCRIPTION_free 2087 +sk_ACCESS_DESCRIPTION_dup 2088 +sk_ACCESS_DESCRIPTION_zero 2089 +sk_ACCESS_DESCRIPTION_new 2090 +sk_ACCESS_DESCRIPTION_push 2091 +d2i_ASN1_SET_OF_ACCESS_DESCRIPTION 2092 +sk_ACCESS_DESCRIPTION_find 2093 +AUTHORITY_INFO_ACCESS_free 2094 +sk_ACCESS_DESCRIPTION_pop 2095 +i2d_AUTHORITY_INFO_ACCESS 2096 +sk_ACCESS_DESCRIPTION_num 2097 +i2d_ACCESS_DESCRIPTION 2098 +sk_ACCESS_DESCRIPTION_new_null 2099 +sk_ACCESS_DESCRIPTION_delete_ptr 2100 +sk_ACCESS_DESCRIPTION_insert 2101 +sk_ACCESS_DESCRIPTION_sort 2102 +sk_ACCESS_DESCRIPTION_set_cmp_func 2103