From 834eeef995bb3783550d11186f9d649aaacd43ac Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sun, 24 Jan 1999 17:50:32 +0000 Subject: [PATCH 1/1] Continuing adding X509 V3 support. This starts to integrate the code with the main library, but only with printing at present. To see this try: openssl x509 -in cert.pem -text on a certificate with some extensions in it. --- CHANGES | 3 +++ Makefile.org | 2 +- apps/x509.c | 3 ++- crypto/Makefile.ssl | 2 +- crypto/asn1/asn1.err | 2 ++ crypto/asn1/asn1.h | 2 ++ crypto/asn1/asn1_err.c | 2 ++ crypto/asn1/t_x509.c | 8 ++++++-- crypto/err/err.c | 1 + crypto/err/err.h | 2 ++ crypto/err/err_all.c | 2 ++ crypto/err/ssleay.ec | 1 + crypto/objects/obj_dat.h | 2 +- 13 files changed, 26 insertions(+), 6 deletions(-) diff --git a/CHANGES b/CHANGES index 07321a2596..8f567ffe25 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,9 @@ Changes between 0.9.1c and 0.9.2 + *) Continued X509 V3 changes. Add to other makefiles, integrate with the + error code, add initial support to X509_print() and x509 application. + *) Takes a deep breath and start addding X509 V3 extension support code. Add files in crypto/x509v3. Move original stuff to crypto/x509v3/old. All this stuff is currently isolated and isn't even compiled yet. diff --git a/Makefile.org b/Makefile.org index c415184700..090481fde1 100644 --- a/Makefile.org +++ b/Makefile.org @@ -157,7 +157,7 @@ SDIRS= \ des rc2 rc4 rc5 idea bf cast \ bn rsa dsa dh \ buffer bio stack lhash rand pem err objects \ - evp asn1 x509 conf txt_db pkcs7 comp + evp asn1 x509 x509v3 conf txt_db pkcs7 comp # If you change the INSTALLTOP, make sure to also change the values # in crypto/location.h diff --git a/apps/x509.c b/apps/x509.c index fa8537e078..b375ffe32f 100644 --- a/apps/x509.c +++ b/apps/x509.c @@ -69,6 +69,7 @@ #include "bn.h" #include "evp.h" #include "x509.h" +#include "x509v3.h" #include "objects.h" #include "pem.h" @@ -305,7 +306,7 @@ bad: } ERR_load_crypto_strings(); - X509v3_add_netscape_extensions(); + X509V3_add_standard_extensions(); if (!X509_STORE_set_default_paths(ctx)) { diff --git a/crypto/Makefile.ssl b/crypto/Makefile.ssl index b62558f591..1253286a80 100644 --- a/crypto/Makefile.ssl +++ b/crypto/Makefile.ssl @@ -29,7 +29,7 @@ SDIRS= md2 md5 sha mdc2 hmac ripemd \ des rc2 rc4 rc5 idea bf cast \ bn rsa dsa dh \ buffer bio stack lhash rand err objects \ - evp pem x509 \ + evp pem x509 x509v3 \ asn1 conf txt_db pkcs7 comp GENERAL=Makefile README diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err index aacd076c3b..4bd71a15f3 100644 --- a/crypto/asn1/asn1.err +++ b/crypto/asn1/asn1.err @@ -24,6 +24,7 @@ #define ASN1_F_ASN1_TYPE_NEW 119 #define ASN1_F_ASN1_UTCTIME_NEW 120 #define ASN1_F_ASN1_VERIFY 121 +#define ASN1_F_BASIC_CONSTRAINTS_NEW 226 #define ASN1_F_BN_TO_ASN1_INTEGER 122 #define ASN1_F_D2I_ASN1_BIT_STRING 123 #define ASN1_F_D2I_ASN1_BMPSTRING 124 @@ -40,6 +41,7 @@ #define ASN1_F_D2I_ASN1_TYPE 133 #define ASN1_F_D2I_ASN1_TYPE_BYTES 134 #define ASN1_F_D2I_ASN1_UTCTIME 135 +#define ASN1_F_D2I_BASIC_CONSTRAINTS 227 #define ASN1_F_D2I_DHPARAMS 136 #define ASN1_F_D2I_DSAPARAMS 137 #define ASN1_F_D2I_DSAPRIVATEKEY 138 diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 7d925a6733..c3cd6273f6 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -678,6 +678,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_ASN1_TYPE_NEW 119 #define ASN1_F_ASN1_UTCTIME_NEW 120 #define ASN1_F_ASN1_VERIFY 121 +#define ASN1_F_BASIC_CONSTRAINTS_NEW 226 #define ASN1_F_BN_TO_ASN1_INTEGER 122 #define ASN1_F_D2I_ASN1_BIT_STRING 123 #define ASN1_F_D2I_ASN1_BMPSTRING 124 @@ -694,6 +695,7 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_D2I_ASN1_TYPE 133 #define ASN1_F_D2I_ASN1_TYPE_BYTES 134 #define ASN1_F_D2I_ASN1_UTCTIME 135 +#define ASN1_F_D2I_BASIC_CONSTRAINTS 227 #define ASN1_F_D2I_DHPARAMS 136 #define ASN1_F_D2I_DSAPARAMS 137 #define ASN1_F_D2I_DSAPRIVATEKEY 138 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index e36e0ed64d..061ee319b3 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -86,6 +86,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0), "ASN1_TYPE_new"}, {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0), "ASN1_UTCTIME_NEW"}, {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_VERIFY"}, +{ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0), "BASIC_CONSTRAINTS_NEW"}, {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "d2i_ASN1_BIT_STRING"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0), "d2i_ASN1_BMPSTRING"}, @@ -102,6 +103,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0), "d2i_ASN1_TYPE"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, {ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "d2i_ASN1_UTCTIME"}, +{ERR_PACK(0,ASN1_F_D2I_BASIC_CONSTRAINTS,0), "D2I_BASIC_CONSTRAINTS"}, {ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0), "D2I_DHPARAMS"}, {ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0), "D2I_DSAPARAMS"}, {ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0), "D2I_DSAPRIVATEKEY"}, diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 060f99d5a8..f0534efc09 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -68,6 +68,7 @@ #endif #include "objects.h" #include "x509.h" +#include "x509v3.h" #ifndef NO_FP_API int X509_print_fp(fp,x) @@ -190,7 +191,9 @@ X509 *x; BIO_printf(bp,"%8sX509v3 extensions:\n",""); for (i=0; ivalue); } diff --git a/crypto/err/err.c b/crypto/err/err.c index 39c997aef8..fcd92284e0 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -108,6 +108,7 @@ static ERR_STRING_DATA ERR_str_libraries[]= {ERR_PACK(ERR_LIB_PROXY,0,0) ,"Proxy routines"}, {ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, {ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, +{ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, {0,NULL}, }; diff --git a/crypto/err/err.h b/crypto/err/err.h index c81dedd666..fe037109d9 100644 --- a/crypto/err/err.h +++ b/crypto/err/err.h @@ -116,6 +116,7 @@ typedef struct err_state_st #define ERR_LIB_PROXY 31 #define ERR_LIB_BIO 32 #define ERR_LIB_PKCS7 33 +#define ERR_LIB_X509V3 34 #define ERR_LIB_USER 128 @@ -141,6 +142,7 @@ typedef struct err_state_st #define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__) #define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__) #define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__) +#define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),ERR_file_name,__LINE__) /* Borland C seems too stupid to be able to shift and do longs in * the pre-processor :-( */ diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c index f874268e1a..423216e7c1 100644 --- a/crypto/err/err_all.c +++ b/crypto/err/err_all.c @@ -77,6 +77,7 @@ #include "objects.h" #include "pem.h" #include "x509.h" +#include "x509v3.h" #include "conf.h" #include "err.h" @@ -110,6 +111,7 @@ void ERR_load_crypto_strings() ERR_load_OBJ_strings(); ERR_load_PEM_strings(); ERR_load_X509_strings(); + ERR_load_X509V3_strings(); ERR_load_CRYPTO_strings(); ERR_load_PKCS7_strings(); #endif diff --git a/crypto/err/ssleay.ec b/crypto/err/ssleay.ec index 12cb3432a8..fa2df26ca2 100644 --- a/crypto/err/ssleay.ec +++ b/crypto/err/ssleay.ec @@ -10,6 +10,7 @@ L BIO bio/bio.err L OBJ objects/objects.err L PEM pem/pem.err L X509 x509/x509.err +L X509V3 x509v3/x509v3.err L METH meth/meth.err L ASN1 asn1/asn1.err L CONF conf/conf.err diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index eac4d68e05..2b57b8b40b 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -602,8 +602,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[19]),/* OBJ_rsa 2 5 8 1 1 */ &(nid_objs[96]),/* OBJ_mdc2WithRSA 2 5 8 3 100 */ &(nid_objs[95]),/* OBJ_mdc2 2 5 8 3 101 */ -&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */ &(nid_objs[124]),/* OBJ_rle_compression 1 1 1 1 666.1 */ +&(nid_objs[125]),/* OBJ_zlib_compression 1 1 1 1 666.2 */ &(nid_objs[104]),/* OBJ_md5WithRSA 1 3 14 3 2 3 */ &(nid_objs[29]),/* OBJ_des_ecb 1 3 14 3 2 6 */ &(nid_objs[31]),/* OBJ_des_cbc 1 3 14 3 2 7 */ -- 2.34.1