Support for authority information access extension.
authorDr. Stephen Henson <steve@openssl.org>
Tue, 23 Nov 1999 18:50:28 +0000 (18:50 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Tue, 23 Nov 1999 18:50:28 +0000 (18:50 +0000)
Fix so EVP_PKEY_rset_*() check return codes.

14 files changed:
CHANGES
crypto/asn1/asn1.h
crypto/asn1/asn1_err.c
crypto/evp/evp.h
crypto/evp/evp_err.c
crypto/evp/p_lib.c
crypto/objects/obj_dat.h
crypto/objects/objects.h
crypto/x509v3/Makefile.ssl
crypto/x509v3/v3_info.c [new file with mode: 0644]
crypto/x509v3/v3_lib.c
crypto/x509v3/v3err.c
crypto/x509v3/x509v3.h
util/libeay.num

diff --git a/CHANGES b/CHANGES
index 56d2c6e..870847d 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Support for the authority information access extension. Not
+     very well tested yet.
+     [Steve Henson]
+
   *) Modify RSA and DSA PEM read routines to transparently handle
      PKCS#8 format private keys. New *_PUBKEY_* functions that handle
      public keys in a format compatible with certificate
index ab89027..d36e868 100644 (file)
@@ -789,6 +789,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_A2I_ASN1_ENUMERATED                      236
 #define ASN1_F_A2I_ASN1_INTEGER                                 101
 #define ASN1_F_A2I_ASN1_STRING                          102
+#define ASN1_F_ACCESS_DESCRIPTION_NEW                   291
 #define ASN1_F_ASN1_COLLATE_PRIMITIVE                   103
 #define ASN1_F_ASN1_D2I_BIO                             104
 #define ASN1_F_ASN1_D2I_FP                              105
@@ -823,6 +824,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_BASIC_CONSTRAINTS_NEW                    226
 #define ASN1_F_BN_TO_ASN1_ENUMERATED                    234
 #define ASN1_F_BN_TO_ASN1_INTEGER                       122
+#define ASN1_F_D2I_ACCESS_DESCRIPTION                   292
 #define ASN1_F_D2I_ASN1_BIT_STRING                      123
 #define ASN1_F_D2I_ASN1_BMPSTRING                       124
 #define ASN1_F_D2I_ASN1_BOOLEAN                                 125
index 6d11e13..c322d64 100644 (file)
@@ -69,6 +69,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),     "a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),        "a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),  "ACCESS_DESCRIPTION_new"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),  "ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),    "ASN1_d2i_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),     "ASN1_d2i_fp"},
@@ -103,6 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),   "BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),   "BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),      "BN_to_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),  "d2i_ACCESS_DESCRIPTION"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),     "d2i_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),      "d2i_ASN1_BMPSTRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),        "d2i_ASN1_BOOLEAN"},
index eb592f0..414387d 100644 (file)
@@ -682,10 +682,10 @@ void EVP_PBE_cleanup(void);
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS                  103
 #define EVP_F_EVP_PKEY_DECRYPT                          104
 #define EVP_F_EVP_PKEY_ENCRYPT                          105
-#define EVP_F_EVP_PKEY_GET_DH                           119
-#define EVP_F_EVP_PKEY_GET_DSA                          120
-#define EVP_F_EVP_PKEY_GET_RSA                          121
 #define EVP_F_EVP_PKEY_NEW                              106
+#define EVP_F_EVP_PKEY_RGET_DH                          119
+#define EVP_F_EVP_PKEY_RGET_DSA                                 120
+#define EVP_F_EVP_PKEY_RGET_RSA                                 121
 #define EVP_F_EVP_SIGNFINAL                             107
 #define EVP_F_EVP_VERIFYFINAL                           108
 #define EVP_F_PKCS5_PBE_KEYIVGEN                        117
index 7d21938..6ef158c 100644 (file)
@@ -77,10 +77,10 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET_DH,0),  "EVP_PKEY_get_DH"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET_DSA,0), "EVP_PKEY_get_DSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET_RSA,0), "EVP_PKEY_get_RSA"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),     "EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_DH,0), "EVP_PKEY_rget_DH"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_DSA,0),        "EVP_PKEY_rget_DSA"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_RSA,0),        "EVP_PKEY_rget_RSA"},
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),    "EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),  "EVP_VerifyFinal"},
 {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),       "PKCS5_PBE_keyivgen"},
index 14ad90c..94c4047 100644 (file)
@@ -208,14 +208,15 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
 #ifndef NO_RSA
 int EVP_PKEY_rset_RSA(EVP_PKEY *pkey, RSA *key)
 {
-       CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA);
-       return EVP_PKEY_assign_RSA(pkey, key);
+       int ret = EVP_PKEY_assign_RSA(pkey, key);
+       if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA);
+       return ret;
 }
 
 RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey)
        {
        if(pkey->type != EVP_PKEY_RSA) {
-               EVPerr(EVP_F_EVP_PKEY_GET_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+               EVPerr(EVP_F_EVP_PKEY_RGET_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
                return NULL;
        }
        CRYPTO_add(&pkey->pkey.rsa->references, 1, CRYPTO_LOCK_RSA);
@@ -226,14 +227,15 @@ RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey)
 #ifndef NO_DSA
 int EVP_PKEY_rset_DSA(EVP_PKEY *pkey, DSA *key)
 {
-       CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA);
-       return EVP_PKEY_assign_DSA(pkey, key);
+       int ret = EVP_PKEY_assign_DSA(pkey, key);
+       if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA);
+       return ret;
 }
 
 DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey)
        {
        if(pkey->type != EVP_PKEY_DSA) {
-               EVPerr(EVP_F_EVP_PKEY_GET_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+               EVPerr(EVP_F_EVP_PKEY_RGET_DSA, EVP_R_EXPECTING_A_DSA_KEY);
                return NULL;
        }
        CRYPTO_add(&pkey->pkey.dsa->references, 1, CRYPTO_LOCK_DSA);
@@ -245,14 +247,15 @@ DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey)
 
 int EVP_PKEY_rset_DH(EVP_PKEY *pkey, DH *key)
 {
-       CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH);
-       return EVP_PKEY_assign_DH(pkey, key);
+       int ret = EVP_PKEY_assign_DH(pkey, key);
+       if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH);
+       return ret;
 }
 
 DH *EVP_PKEY_rget_DH(EVP_PKEY *pkey)
        {
        if(pkey->type != EVP_PKEY_DH) {
-               EVPerr(EVP_F_EVP_PKEY_GET_DH, EVP_R_EXPECTING_A_DH_KEY);
+               EVPerr(EVP_F_EVP_PKEY_RGET_DH, EVP_R_EXPECTING_A_DH_KEY);
                return NULL;
        }
        CRYPTO_add(&pkey->pkey.dh->references, 1, CRYPTO_LOCK_DH);
index 88a8995..89b134f 100644 (file)
  * perl obj_dat.pl objects.h obj_dat.h
  */
 
-#define NUM_NID 175
-#define NUM_SN 123
-#define NUM_LN 171
-#define NUM_OBJ 146
+#define NUM_NID 180
+#define NUM_SN 128
+#define NUM_LN 174
+#define NUM_OBJ 151
 
-static unsigned char lvalues[1011]={
+static unsigned char lvalues[1049]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -213,6 +213,11 @@ static unsigned char lvalues[1011]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [995] OBJ_ext_req */
 0x55,0x04,0x29,                              /* [1004] OBJ_name */
 0x55,0x04,0x2E,                              /* [1007] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1010] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1017] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1024] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1032] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1040] OBJ_ad_ca_issuers */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -460,6 +465,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"extReq","Extension Request",NID_ext_req,9,&(lvalues[995]),0},
 {"name","name",NID_name,3,&(lvalues[1004]),0},
 {"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1007]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1010]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1017]),0},
+{"authorityInfoAccess","Authority Information Access",NID_info_access,
+       8,&(lvalues[1024]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1032]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1040]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -507,6 +518,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[95]),/* "MDC2" */
 &(nid_objs[57]),/* "Netscape" */
 &(nid_objs[17]),/* "O" */
+&(nid_objs[178]),/* "OCSP" */
 &(nid_objs[18]),/* "OU" */
 &(nid_objs[127]),/* "PKIX" */
 &(nid_objs[98]),/* "RC2-40-CBC" */
@@ -543,8 +555,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[102]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
 &(nid_objs[125]),/* "ZLIB" */
+&(nid_objs[177]),/* "authorityInfoAccess" */
 &(nid_objs[90]),/* "authorityKeyIdentifier" */
 &(nid_objs[87]),/* "basicConstraints" */
+&(nid_objs[179]),/* "caIssuers" */
 &(nid_objs[89]),/* "certificatePolicies" */
 &(nid_objs[130]),/* "clientAuth" */
 &(nid_objs[131]),/* "codeSigning" */
@@ -555,7 +569,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[172]),/* "extReq" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
+&(nid_objs[176]),/* "id-ad" */
 &(nid_objs[128]),/* "id-kp" */
+&(nid_objs[175]),/* "id-pe" */
 &(nid_objs[164]),/* "id-qt-cps" */
 &(nid_objs[165]),/* "id-qt-unotice" */
 &(nid_objs[142]),/* "invalidityDate" */
@@ -589,6 +605,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 };
 
 static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[177]),/* "Authority Information Access" */
+&(nid_objs[179]),/* "CA Issuers" */
 &(nid_objs[141]),/* "CRL Reason Code" */
 &(nid_objs[131]),/* "Code Signing" */
 &(nid_objs[132]),/* "E-mail Protection" */
@@ -613,6 +631,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
 &(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[178]),/* "OCSP" */
 &(nid_objs[161]),/* "PBES2" */
 &(nid_objs[69]),/* "PBKDF2" */
 &(nid_objs[162]),/* "PBMAC1" */
@@ -823,7 +842,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
 &(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
 &(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 &(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
 &(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
 &(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
 &(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
@@ -835,6 +856,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
 &(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
 &(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
 &(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
 &(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
@@ -842,6 +864,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
 &(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
 &(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
 &(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
 &(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
 &(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */
index bbbef90..d7d1c53 100644 (file)
@@ -912,6 +912,29 @@ extern "C" {
 #define NID_dnQualifier                        174
 #define OBJ_dnQualifier                        OBJ_X509,46L
 
+#define SN_id_pe                       "id-pe"
+#define NID_id_pe                      175
+#define OBJ_id_pe                      OBJ_id_pkix,1L
+
+#define SN_id_ad                       "id-ad"
+#define NID_id_ad                      176
+#define OBJ_id_ad                      OBJ_id_pkix,48L
+
+#define SN_info_access                 "authorityInfoAccess"
+#define LN_info_access                 "Authority Information Access"
+#define NID_info_access                        177
+#define OBJ_info_access                        OBJ_id_pe,1L
+
+#define SN_ad_OCSP                     "OCSP"
+#define LN_ad_OCSP                     "OCSP"
+#define NID_ad_OCSP                    178
+#define OBJ_ad_OCSP                    OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers               "caIssuers"
+#define LN_ad_ca_issuers               "CA Issuers"
+#define NID_ad_ca_issuers              179
+#define OBJ_ad_ca_issuers              OBJ_id_ad,2L
+
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
 
index a19e596..83bd70e 100644 (file)
@@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=        v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
 
 SRC= $(LIBSRC)
 
@@ -285,6 +285,25 @@ v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h
 v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
diff --git a/crypto/x509v3/v3_info.c b/crypto/x509v3/v3_info.c
new file mode 100644 (file)
index 0000000..df338d1
--- /dev/null
@@ -0,0 +1,236 @@
+/* v3_info.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                               STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+                                               STACK_OF(CONF_VALUE) *ret);
+static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_info =
+{ NID_info_access, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
+(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
+(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+NULL, NULL, NULL};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                               STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+                                               STACK_OF(CONF_VALUE) *ret)
+{
+       ACCESS_DESCRIPTION *desc;
+       int i;
+       char objtmp[80], *ntmp;
+       CONF_VALUE *vtmp;
+       for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+               desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+               ret = i2v_GENERAL_NAME(method, desc->location, ret);
+               if(!ret) break;
+               vtmp = sk_CONF_VALUE_value(ret, i);
+               i2t_ASN1_OBJECT(objtmp, 80, desc->method);
+               ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+               if(!ntmp) {
+                       X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+                                       ERR_R_MALLOC_FAILURE);
+                       return NULL;
+               }
+               strcpy(ntmp, objtmp);
+               strcat(ntmp, " - ");
+               strcat(ntmp, vtmp->name);
+               Free(vtmp->name);
+               vtmp->name = ntmp;
+               
+       }
+       if(!ret) return sk_CONF_VALUE_new_null();
+       return ret;
+}
+
+static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+       STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
+       CONF_VALUE *cnf, ctmp;
+       ACCESS_DESCRIPTION *acc;
+       int i, objlen;
+       char *objtmp, *ptmp;
+       if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
+               X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+               return NULL;
+       }
+       for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+               cnf = sk_CONF_VALUE_value(nval, i);
+               if(!(acc = ACCESS_DESCRIPTION_new())
+                       || !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+                       X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+                       goto err;
+               }
+               ptmp = strchr(cnf->name, ';');
+               if(!ptmp) {
+                       X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
+                       goto err;
+               }
+               objlen = ptmp - cnf->name;
+               ctmp.name = ptmp + 1;
+               ctmp.value = cnf->value;
+               if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
+                                                                goto err; 
+               if(!(objtmp = Malloc(objlen + 1))) {
+                       X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+                       goto err;
+               }
+               strncpy(objtmp, cnf->name, objlen);
+               objtmp[objlen] = 0;
+               acc->method = OBJ_txt2obj(objtmp, 0);
+               if(!acc->method) {
+                       X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
+                       ERR_add_error_data(2, "value=", objtmp);
+                       Free(objtmp);
+                       goto err;
+               }
+               Free(objtmp);
+
+       }
+       return ainfo;
+       err:
+       sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+       return NULL;
+}
+
+int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
+{
+       M_ASN1_I2D_vars(a);
+
+       M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
+       M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
+
+       M_ASN1_I2D_seq_total();
+
+       M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
+       M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
+
+       M_ASN1_I2D_finish();
+}
+
+ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
+{
+       ACCESS_DESCRIPTION *ret=NULL;
+       ASN1_CTX c;
+       M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
+       ret->method = OBJ_nid2obj(NID_undef);
+       ret->location = NULL;
+       return (ret);
+       M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
+}
+
+ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
+            long length)
+{
+       M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
+       M_ASN1_D2I_Init();
+       M_ASN1_D2I_start_sequence();
+       M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
+       M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
+       M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
+}
+
+void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
+{
+       if (a == NULL) return;
+       ASN1_OBJECT_free(a->method);
+       GENERAL_NAME_free(a->location);
+       Free ((char *)a);
+}
+
+STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new()
+{
+       return sk_ACCESS_DESCRIPTION_new(NULL);
+}
+
+void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
+{
+       sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
+}
+
+STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
+                                        unsigned char **pp, long length)
+{
+return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
+                        ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
+{
+return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
+                                                V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
+IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
+
index 6219d27..edf7a96 100644 (file)
@@ -140,7 +140,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext)
 }
 
 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
@@ -158,6 +158,7 @@ int X509V3_add_standard_extensions(void)
        X509V3_EXT_add(&v3_pkey_usage_period);
        X509V3_EXT_add(&v3_crl_num);
        X509V3_EXT_add(&v3_sxnet);
+       X509V3_EXT_add(&v3_info);
        X509V3_EXT_add(&v3_crl_reason);
        X509V3_EXT_add(&v3_cpols);
        X509V3_EXT_add(&v3_crld);
index 6c233d2..b7d4e35 100644 (file)
@@ -72,6 +72,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),   "i2s_ASN1_ENUMERATED"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),      "i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0),     "I2V_AUTHORITY_INFO_ACCESS"},
 {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0),        "NOTICE_SECTION"},
 {ERR_PACK(0,X509V3_F_NREF_NOS,0),      "NREF_NOS"},
 {ERR_PACK(0,X509V3_F_POLICY_SECTION,0),        "POLICY_SECTION"},
@@ -87,6 +88,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0),    "SXNET_add_id_ulong"},
 {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0),      "SXNET_get_id_asc"},
 {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0),    "SXNET_get_id_ulong"},
+{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0),        "V2I_ACCESS_DESCRIPTION"},
 {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),   "V2I_ASN1_BIT_STRING"},
 {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0),   "V2I_AUTHORITY_KEYID"},
 {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"},
@@ -133,6 +135,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_INVALID_OPTION                 ,"invalid option"},
 {X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
 {X509V3_R_INVALID_SECTION                ,"invalid section"},
+{X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
 {X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
 {X509V3_R_MISSING_VALUE                  ,"missing value"},
 {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS  ,"need organization and numbers"},
index 82c5ca7..988cdb8 100644 (file)
@@ -178,9 +178,17 @@ union {
 } d;
 } GENERAL_NAME;
 
+typedef struct ACCESS_DESCRIPTION_st {
+ASN1_OBJECT *method;
+GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
 DECLARE_STACK_OF(GENERAL_NAME)
 DECLARE_ASN1_SET_OF(GENERAL_NAME)
 
+DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
 typedef struct DIST_POINT_NAME_st {
 /* NB: this is a CHOICE type and only one of these should be set */
 STACK_OF(GENERAL_NAME) *fullname;
@@ -439,6 +447,20 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
 DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
              long length);
 
+int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp);
+ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
+void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
+ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
+             long length);
+
+STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new();
+void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
+STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
+                                        unsigned char **pp, long length);
+int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp);
+
+
+
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
@@ -522,6 +544,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *);
 #define X509V3_F_HEX_TO_STRING                          111
 #define X509V3_F_I2S_ASN1_ENUMERATED                    121
 #define X509V3_F_I2S_ASN1_INTEGER                       120
+#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS              138
 #define X509V3_F_NOTICE_SECTION                                 132
 #define X509V3_F_NREF_NOS                               133
 #define X509V3_F_POLICY_SECTION                                 131
@@ -537,6 +560,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *);
 #define X509V3_F_SXNET_ADD_ID_ULONG                     127
 #define X509V3_F_SXNET_GET_ID_ASC                       128
 #define X509V3_F_SXNET_GET_ID_ULONG                     129
+#define X509V3_F_V2I_ACCESS_DESCRIPTION                         139
 #define X509V3_F_V2I_ASN1_BIT_STRING                    101
 #define X509V3_F_V2I_AUTHORITY_KEYID                    119
 #define X509V3_F_V2I_BASIC_CONSTRAINTS                  102
@@ -580,6 +604,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *);
 #define X509V3_R_INVALID_OPTION                                 138
 #define X509V3_R_INVALID_POLICY_IDENTIFIER              134
 #define X509V3_R_INVALID_SECTION                        135
+#define X509V3_R_INVALID_SYNTAX                                 143
 #define X509V3_R_ISSUER_DECODE_ERROR                    126
 #define X509V3_R_MISSING_VALUE                          124
 #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS          142
index a7003bd..399165d 100755 (executable)
@@ -2048,3 +2048,31 @@ PEM_write_RSA_PUBKEY                    2072
 EVP_PKEY_rset_DH                        2073
 i2d_RSA_PUBKEY_fp                       2074
 PEM_write_bio_PUBKEY                    2075
+sk_ACCESS_DESCRIPTION_shift             2076
+d2i_AUTHORITY_INFO_ACCESS               2077
+sk_ACCESS_DESCRIPTION_delete            2078
+ACCESS_DESCRIPTION_new                  2079
+d2i_ACCESS_DESCRIPTION                  2080
+sk_ACCESS_DESCRIPTION_set               2081
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      2082
+sk_ACCESS_DESCRIPTION_free              2083
+sk_ACCESS_DESCRIPTION_value             2084
+sk_ACCESS_DESCRIPTION_unshift           2085
+sk_ACCESS_DESCRIPTION_pop_free          2086
+ACCESS_DESCRIPTION_free                 2087
+sk_ACCESS_DESCRIPTION_dup               2088
+sk_ACCESS_DESCRIPTION_zero              2089
+sk_ACCESS_DESCRIPTION_new               2090
+sk_ACCESS_DESCRIPTION_push              2091
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2092
+sk_ACCESS_DESCRIPTION_find              2093
+AUTHORITY_INFO_ACCESS_free              2094
+sk_ACCESS_DESCRIPTION_pop               2095
+i2d_AUTHORITY_INFO_ACCESS               2096
+sk_ACCESS_DESCRIPTION_num               2097
+i2d_ACCESS_DESCRIPTION                  2098
+sk_ACCESS_DESCRIPTION_new_null          2099
+sk_ACCESS_DESCRIPTION_delete_ptr        2100
+sk_ACCESS_DESCRIPTION_insert            2101
+sk_ACCESS_DESCRIPTION_sort              2102
+sk_ACCESS_DESCRIPTION_set_cmp_func      2103