diff options
author | Dr. Stephen Henson <steve@openssl.org> | 1999-11-04 00:45:35 +0000 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 1999-11-04 00:45:35 +0000 |
commit | ce1b4fe14648007bf054cf54846c0620e4605251 (patch) | |
tree | e3c5e114c8c622564482e88831ef6c4799fa53cb /crypto | |
parent | ce2c95b2a249256ec92bd060ff083de8e3a22be2 (diff) |
Allow additional information to be attached to a
certificate: currently this includes trust settings
and a "friendly name".
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/asn1/Makefile.ssl | 60 | ||||
-rw-r--r-- | crypto/asn1/a_mbstr.c | 2 | ||||
-rw-r--r-- | crypto/asn1/asn1.h | 17 | ||||
-rw-r--r-- | crypto/asn1/asn1_err.c | 2 | ||||
-rw-r--r-- | crypto/asn1/asn1_mac.h | 14 | ||||
-rw-r--r-- | crypto/asn1/t_bitst.c | 99 | ||||
-rw-r--r-- | crypto/asn1/t_x509.c | 1 | ||||
-rw-r--r-- | crypto/asn1/t_x509a.c | 138 | ||||
-rw-r--r-- | crypto/asn1/x_x509.c | 36 | ||||
-rw-r--r-- | crypto/asn1/x_x509a.c | 218 | ||||
-rw-r--r-- | crypto/dsa/dsa_ossl.c | 4 | ||||
-rw-r--r-- | crypto/pem/pem.h | 3 | ||||
-rw-r--r-- | crypto/pem/pem_all.c | 2 | ||||
-rw-r--r-- | crypto/pem/pem_lib.c | 54 | ||||
-rw-r--r-- | crypto/x509/x509.h | 43 | ||||
-rw-r--r-- | crypto/x509v3/v3_purp.c | 6 | ||||
-rw-r--r-- | crypto/x509v3/x509v3.h | 6 |
17 files changed, 674 insertions, 31 deletions
diff --git a/crypto/asn1/Makefile.ssl b/crypto/asn1/Makefile.ssl index f3f9056c54..ccdba3c33c 100644 --- a/crypto/asn1/Makefile.ssl +++ b/crypto/asn1/Makefile.ssl @@ -26,11 +26,11 @@ LIBSRC= a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c a_int.c a_octet.c \ a_print.c a_type.c a_set.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_bmp.c \ a_enum.c a_vis.c a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c \ x_algor.c x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c \ - x_name.c x_cinf.c x_x509.c x_crl.c x_info.c x_spki.c nsseq.c \ + x_name.c x_cinf.c x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c \ d2i_r_pr.c i2d_r_pr.c d2i_r_pu.c i2d_r_pu.c \ d2i_s_pr.c i2d_s_pr.c d2i_s_pu.c i2d_s_pu.c \ d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ - t_req.c t_x509.c t_crl.c t_pkey.c t_spki.c \ + t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c t_spki.c t_bitst.c \ p7_i_s.c p7_signi.c p7_signd.c p7_recip.c p7_enc_c.c p7_evp.c \ p7_dgst.c p7_s_e.c p7_enc.c p7_lib.c \ f_int.c f_string.c i2d_dhp.c i2d_dsap.c d2i_dhp.c d2i_dsap.c n_pkey.c \ @@ -41,11 +41,11 @@ LIBOBJ= a_object.o a_bitstr.o a_utctm.o a_gentm.o a_time.o a_int.o a_octet.o \ a_print.o a_type.o a_set.o a_dup.o a_d2i_fp.o a_i2d_fp.o a_bmp.o \ a_enum.o a_vis.o a_utf8.o a_sign.o a_digest.o a_verify.o a_mbstr.o \ x_algor.o x_val.o x_pubkey.o x_sig.o x_req.o x_attrib.o \ - x_name.o x_cinf.o x_x509.o x_crl.o x_info.o x_spki.o nsseq.o \ + x_name.o x_cinf.o x_x509.o x_x509a.o x_crl.o x_info.o x_spki.o nsseq.o \ d2i_r_pr.o i2d_r_pr.o d2i_r_pu.o i2d_r_pu.o \ d2i_s_pr.o i2d_s_pr.o d2i_s_pu.o i2d_s_pu.o \ d2i_pu.o d2i_pr.o i2d_pu.o i2d_pr.o \ - t_req.o t_x509.o t_crl.o t_pkey.o t_spki.o \ + t_req.o t_x509.o t_x509a.o t_crl.o t_pkey.o t_spki.o t_bitst.o \ p7_i_s.o p7_signi.o p7_signd.o p7_recip.o p7_enc_c.o p7_evp.o \ p7_dgst.o p7_s_e.o p7_enc.o p7_lib.o \ f_int.o f_string.o i2d_dhp.o i2d_dsap.o d2i_dhp.o d2i_dsap.o n_pkey.o \ @@ -804,6 +804,24 @@ p8_pkey.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h p8_pkey.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h p8_pkey.o: ../../include/openssl/stack.h ../../include/openssl/x509.h p8_pkey.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +t_bitst.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +t_bitst.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +t_bitst.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +t_bitst.o: ../../include/openssl/conf.h ../../include/openssl/crypto.h +t_bitst.o: ../../include/openssl/des.h ../../include/openssl/dh.h +t_bitst.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +t_bitst.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +t_bitst.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +t_bitst.o: ../../include/openssl/lhash.h ../../include/openssl/md2.h +t_bitst.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +t_bitst.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +t_bitst.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +t_bitst.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +t_bitst.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +t_bitst.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +t_bitst.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +t_bitst.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +t_bitst.o: ../../include/openssl/x509v3.h ../cryptlib.h t_crl.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h t_crl.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h t_crl.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h @@ -882,6 +900,23 @@ t_x509.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h t_x509.o: ../../include/openssl/sha.h ../../include/openssl/stack.h t_x509.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h t_x509.o: ../../include/openssl/x509v3.h ../cryptlib.h +t_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +t_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +t_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +t_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +t_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h +t_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +t_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +t_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +t_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +t_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +t_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +t_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +t_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +t_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +t_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +t_x509a.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +t_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h x_algor.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h x_algor.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h x_algor.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h @@ -1122,3 +1157,20 @@ x_x509.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h x_x509.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h x_x509.o: ../../include/openssl/stack.h ../../include/openssl/x509.h x_x509.o: ../../include/openssl/x509_vfy.h ../cryptlib.h +x_x509a.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h +x_x509a.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h +x_x509a.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h +x_x509a.o: ../../include/openssl/cast.h ../../include/openssl/crypto.h +x_x509a.o: ../../include/openssl/des.h ../../include/openssl/dh.h +x_x509a.o: ../../include/openssl/dsa.h ../../include/openssl/e_os.h +x_x509a.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h +x_x509a.o: ../../include/openssl/evp.h ../../include/openssl/idea.h +x_x509a.o: ../../include/openssl/md2.h ../../include/openssl/md5.h +x_x509a.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h +x_x509a.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +x_x509a.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h +x_x509a.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h +x_x509a.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h +x_x509a.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h +x_x509a.o: ../../include/openssl/stack.h ../../include/openssl/x509.h +x_x509a.o: ../../include/openssl/x509_vfy.h ../cryptlib.h diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index 9e7c7c39e5..bc9cb14248 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -144,7 +144,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, ASN1_STRING *dest; unsigned char *p; int nchar; - unsigned char strbuf[32]; + char strbuf[32]; int (*cpyfunc)(unsigned long,void *) = NULL; if(len == -1) len = strlen((const char *)in); if(!mask) mask = dirstring_mask; diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index 8c42101d55..7fb9d23821 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -311,6 +311,14 @@ typedef struct asn1_header_st ASN1_METHOD *meth; } ASN1_HEADER; +/* This is used to contain a list of bit names */ +typedef struct BIT_STRING_BITNAME_st { + int bitnum; + const char *lname; + const char *sname; +} BIT_STRING_BITNAME; + + #define M_ASN1_STRING_length(x) ((x)->length) #define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) #define M_ASN1_STRING_type(x) ((x)->type) @@ -531,6 +539,13 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); +#ifdef HEADER_BIO_H +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent); +#endif +int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl); int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); @@ -870,6 +885,7 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_D2I_X509 159 #define ASN1_F_D2I_X509_ALGOR 160 #define ASN1_F_D2I_X509_ATTRIBUTE 161 +#define ASN1_F_D2I_X509_CERT_AUX 285 #define ASN1_F_D2I_X509_CINF 162 #define ASN1_F_D2I_X509_CRL 163 #define ASN1_F_D2I_X509_CRL_INFO 164 @@ -933,6 +949,7 @@ void ASN1_STRING_TABLE_cleanup(void); #define ASN1_F_USERNOTICE_NEW 275 #define ASN1_F_X509_ALGOR_NEW 202 #define ASN1_F_X509_ATTRIBUTE_NEW 203 +#define ASN1_F_X509_CERT_AUX_NEW 286 #define ASN1_F_X509_CINF_NEW 204 #define ASN1_F_X509_CRL_INFO_NEW 205 #define ASN1_F_X509_CRL_NEW 206 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index 3b1fb7b25b..a577dafb89 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -169,6 +169,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_X509,0), "d2i_X509"}, {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0), "d2i_X509_ALGOR"}, {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0), "d2i_X509_ATTRIBUTE"}, +{ERR_PACK(0,ASN1_F_D2I_X509_CERT_AUX,0), "d2i_X509_CERT_AUX"}, {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "d2i_X509_CINF"}, {ERR_PACK(0,ASN1_F_D2I_X509_CRL,0), "d2i_X509_CRL"}, {ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0), "d2i_X509_CRL_INFO"}, @@ -232,6 +233,7 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_USERNOTICE_NEW,0), "USERNOTICE_new"}, {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0), "X509_ALGOR_new"}, {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0), "X509_ATTRIBUTE_new"}, +{ERR_PACK(0,ASN1_F_X509_CERT_AUX_NEW,0), "X509_CERT_AUX_new"}, {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_new"}, {ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0), "X509_CRL_INFO_new"}, {ERR_PACK(0,ASN1_F_X509_CRL_NEW,0), "X509_CRL_new"}, diff --git a/crypto/asn1/asn1_mac.h b/crypto/asn1/asn1_mac.h index 93f9c5193c..a9026d7cd4 100644 --- a/crypto/asn1/asn1_mac.h +++ b/crypto/asn1/asn1_mac.h @@ -106,6 +106,20 @@ err:\ #define M_ASN1_D2I_start_sequence() \ if (!asn1_GetSequence(&c,&length)) \ { c.line=__LINE__; goto err; } +/* Begin reading ASN1 without a surrounding sequence */ +#define M_ASN1_D2I_begin() \ + c.slen = length; + +/* End reading ASN1 with no check on length */ +#define M_ASN1_D2I_Finish_nolen() \ + *pp=c.p; \ + if (a != NULL) (*a)=ret; \ + return(ret); \ +err:\ + ASN1_MAC_H_err((e),c.error,c.line); \ + asn1_add_error(*pp,(int)(c.q- *pp)); \ + if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ + return(NULL) #define M_ASN1_D2I_end_sequence() \ (((c.inf&1) == 0)?(c.slen <= 0): \ diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c new file mode 100644 index 0000000000..8ee789f082 --- /dev/null +++ b/crypto/asn1/t_bitst.c @@ -0,0 +1,99 @@ +/* t_bitst.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/conf.h> +#include <openssl/x509v3.h> + +int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, + BIT_STRING_BITNAME *tbl, int indent) +{ + BIT_STRING_BITNAME *bnam; + char first = 1; + BIO_printf(out, "%*s", indent, ""); + for(bnam = tbl; bnam->lname; bnam++) { + if(ASN1_BIT_STRING_get_bit(bs, bnam->bitnum)) { + if(!first) BIO_puts(out, ", "); + BIO_puts(out, bnam->lname); + first = 0; + } + } + BIO_puts(out, "\n"); + return 1; +} + +int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, + BIT_STRING_BITNAME *tbl) +{ + int bitnum; + bitnum = ASN1_BIT_STRING_num_asc(name, tbl); + if(bitnum < 0) return 0; + if(bs) ASN1_BIT_STRING_set_bit(bs, bitnum, value); + return 1; +} + +int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl) +{ + BIT_STRING_BITNAME *bnam; + for(bnam = tbl; bnam->lname; bnam++) { + if(!strcmp(bnam->sname, name) || + !strcmp(bnam->lname, name) ) return bnam->bitnum; + } + return -1; +} diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index 0e2727e470..bf6a797d68 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -219,6 +219,7 @@ int X509_print(BIO *bp, X509 *x) ((i+1) == n)?"":":") <= 0) goto err; } if (BIO_write(bp,"\n",1) != 1) goto err; + if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; ret=1; err: if (str != NULL) ASN1_STRING_free(str); diff --git a/crypto/asn1/t_x509a.c b/crypto/asn1/t_x509a.c new file mode 100644 index 0000000000..26d03f5f9b --- /dev/null +++ b/crypto/asn1/t_x509a.c @@ -0,0 +1,138 @@ +/* t_x509a.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/asn1_mac.h> +#include <openssl/x509.h> + +/* X509_CERT_AUX and string set routines + */ + +static BIT_STRING_BITNAME tbits[] = { +{X509_TRUST_ALL, "All Purposes", "all"}, +{X509_TRUST_SSL_CLIENT, "SSL client", "sslclient"}, +{X509_TRUST_SSL_SERVER, "SSL server", "sslserver"}, +{X509_TRUST_EMAIL, "S/MIME email", "email"}, +{X509_TRUST_OBJECT_SIGN, "Object Signing", "objsign"}, +{-1, NULL, NULL} +}; + +int X509_trust_set_bit_asc(X509 *x, char *str, int value) +{ + int bitnum; + bitnum = ASN1_BIT_STRING_num_asc(str, tbits); + if(bitnum < 0) return 0; + if(x) return X509_trust_set_bit(x, bitnum, value); + return 1; +} + +int X509_notrust_set_bit_asc(X509 *x, char *str, int value) +{ + int bitnum; + bitnum = ASN1_BIT_STRING_num_asc(str, tbits); + if(bitnum < 0) return 0; + if(x) return X509_notrust_set_bit(x, bitnum, value); + return 1; +} + + +int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) +{ + char oidstr[80], first; + int i; + if(!aux) return 1; + if(aux->trust) { + BIO_printf(out, "%*sTrusted for:\n", indent, ""); + ASN1_BIT_STRING_name_print(out, aux->trust, tbits, indent + 2); + } else BIO_printf(out, "%*sNo Trust Settings\n", indent + 2, ""); + if(aux->notrust) { + BIO_printf(out, "%*sUntrusted for:\n", indent, ""); + ASN1_BIT_STRING_name_print(out, aux->notrust, tbits, indent + 2); + } else BIO_printf(out, "%*sNo Untrusted Settings\n", indent + 2, ""); + if(aux->othertrust) { + first = 1; + BIO_printf(out, "%*sOther Trusted Uses:\n%*s", + indent, "", indent + 2, ""); + for(i = 0; i < sk_ASN1_OBJECT_num(aux->othertrust); i++) { + if(!first) BIO_puts(out, ", "); + else first = 0; + OBJ_obj2txt(oidstr, 80, + sk_ASN1_OBJECT_value(aux->othertrust, i), 0); + BIO_puts(out, oidstr); + } + BIO_puts(out, "\n"); + } + if(aux->othernotrust) { + first = 1; + BIO_printf(out, "%*sOther Untrusted Uses:\n%*s", + indent, "", indent + 2, ""); + for(i = 0; i < sk_ASN1_OBJECT_num(aux->othernotrust); i++) { + if(!first) BIO_puts(out, ", "); + else first = 0; + OBJ_obj2txt(oidstr, 80, + sk_ASN1_OBJECT_value(aux->othernotrust, i), 0); + BIO_puts(out, oidstr); + } + BIO_puts(out, "\n"); + } + if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", + aux->alias->data); + return 1; +} diff --git a/crypto/asn1/x_x509.c b/crypto/asn1/x_x509.c index 3352c61c60..ee3213045e 100644 --- a/crypto/asn1/x_x509.c +++ b/crypto/asn1/x_x509.c @@ -118,6 +118,7 @@ X509 *X509_new(void) ret->valid=0; ret->ex_flags = 0; ret->name=NULL; + ret->aux=NULL; M_ASN1_New(ret->cert_info,X509_CINF_new); M_ASN1_New(ret->sig_alg,X509_ALGOR_new); M_ASN1_New(ret->signature,M_ASN1_BIT_STRING_new); @@ -149,6 +150,7 @@ void X509_free(X509 *a) X509_CINF_free(a->cert_info); X509_ALGOR_free(a->sig_alg); M_ASN1_BIT_STRING_free(a->signature); + X509_CERT_AUX_free(a->aux); if (a->name != NULL) Free(a->name); Free((char *)a); @@ -172,3 +174,37 @@ char *X509_get_ex_data(X509 *r, int idx) return(CRYPTO_get_ex_data(&r->ex_data,idx)); } +/* X509_AUX ASN1 routines. X509_AUX is the name given to + * a certificate with extra info tagged on the end. Since these + * functions set how a certificate is trusted they should only + * be used when the certificate comes from a reliable source + * such as local storage. + * + */ + +X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length) +{ + unsigned char *q; + X509 *ret; + /* Save start position */ + q = *pp; + ret = d2i_X509(a, pp, length); + /* If certificate unreadable then forget it */ + if(!ret) return NULL; + /* update length */ + length -= *pp - q; + if(!length) return ret; + if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; + return ret; + err: + X509_free(ret); + return NULL; +} + +int i2d_X509_AUX(X509 *a, unsigned char **pp) +{ + int length; + length = i2d_X509(a, pp); + if(a) length += i2d_X509_CERT_AUX(a->aux, pp); + return length; +} diff --git a/crypto/asn1/x_x509a.c b/crypto/asn1/x_x509a.c new file mode 100644 index 0000000000..4b1f448d84 --- /dev/null +++ b/crypto/asn1/x_x509a.c @@ -0,0 +1,218 @@ +/* a_x509a.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include <stdio.h> +#include "cryptlib.h" +#include <openssl/evp.h> +#include <openssl/asn1_mac.h> +#include <openssl/x509.h> + +/* X509_CERT_AUX routines. These are used to encode additional + * user modifiable data about a certificate. This data is + * appended to the X509 encoding when the *_X509_AUX routines + * are used. This means that the "traditional" X509 routines + * will simply ignore the extra data. + */ + +static X509_CERT_AUX *aux_get(X509 *x); + +X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length) +{ + M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new); + + M_ASN1_D2I_Init(); + M_ASN1_D2I_start_sequence(); + + M_ASN1_D2I_get_opt(ret->trust, d2i_ASN1_BIT_STRING, + V_ASN1_BIT_STRING); + M_ASN1_D2I_get_IMP_opt(ret->notrust, d2i_ASN1_BIT_STRING,0, + V_ASN1_BIT_STRING); + + M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->othertrust, + d2i_ASN1_OBJECT, ASN1_OBJECT_free); + M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->othernotrust, + d2i_ASN1_OBJECT, ASN1_OBJECT_free, 1); + M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING); + M_ASN1_D2I_get_opt(ret->other, d2i_ASN1_TYPE, V_ASN1_SEQUENCE); + + M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX); +} + +X509_CERT_AUX *X509_CERT_AUX_new() +{ + X509_CERT_AUX *ret = NULL; + ASN1_CTX c; + M_ASN1_New_Malloc(ret, X509_CERT_AUX); + ret->trust = NULL; + ret->notrust = NULL; + ret->othertrust = NULL; + ret->othernotrust = NULL; + ret->alias = NULL; + ret->other = NULL; + return(ret); + M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW); +} + +void X509_CERT_AUX_free(X509_CERT_AUX *a) +{ + if(a == NULL) return; + ASN1_BIT_STRING_free(a->trust); + ASN1_BIT_STRING_free(a->notrust); + sk_ASN1_OBJECT_pop_free(a->othertrust, ASN1_OBJECT_free); + sk_ASN1_OBJECT_pop_free(a->othernotrust, ASN1_OBJECT_free); + ASN1_UTF8STRING_free(a->alias); + ASN1_TYPE_free(a->other); +} + +int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp) +{ + M_ASN1_I2D_vars(a); + + M_ASN1_I2D_len(a->trust, i2d_ASN1_BIT_STRING); + M_ASN1_I2D_len_IMP_opt(a->notrust, i2d_ASN1_BIT_STRING); + + M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->othertrust, i2d_ASN1_OBJECT); + M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->othernotrust, i2d_ASN1_OBJECT, 1); + + M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING); + M_ASN1_I2D_len(a->other, i2d_ASN1_TYPE); + + M_ASN1_I2D_seq_total(); + + M_ASN1_I2D_put(a->trust, i2d_ASN1_BIT_STRING); + M_ASN1_I2D_put_IMP_opt(a->notrust, i2d_ASN1_BIT_STRING, 0); + + M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->othertrust, i2d_ASN1_OBJECT); + M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->othernotrust, i2d_ASN1_OBJECT, 1); + + M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING); + M_ASN1_I2D_put(a->other, i2d_ASN1_TYPE); + + M_ASN1_I2D_finish(); +} + +static X509_CERT_AUX *aux_get(X509 *x) +{ + if(!x) return NULL; + if(!x->aux && !(x->aux = X509_CERT_AUX_new())) return NULL; + return x->aux; +} + +int X509_alias_set(X509 *x, unsigned char *name, int len) +{ + X509_CERT_AUX *aux; + if(!(aux = aux_get(x))) return 0; + if(!aux->alias && !(aux->alias = ASN1_UTF8STRING_new())) return 0; + return ASN1_STRING_set(aux->alias, name, len); +} + +unsigned char *X509_alias_get(X509 *x, int *len) +{ + if(!x->aux || !x->aux->alias) return NULL; + if(len) *len = x->aux->alias->length; + return x->aux->alias->data; +} + +int X509_trust_set_bit(X509 *x, int bit, int value) +{ + X509_CERT_AUX *aux; + if(bit == -1) { + if(x->aux && x->aux->trust) { + ASN1_BIT_STRING_free(x->aux->trust); + x->aux->trust = NULL; + } + return 1; + } + if(!(aux = aux_get(x))) return 0; + if(!aux->trust && !(aux->trust = ASN1_BIT_STRING_new())) return 0; + return ASN1_BIT_STRING_set_bit(aux->trust, bit, value); +} + +int X509_notrust_set_bit(X509 *x, int bit, int value) +{ + X509_CERT_AUX *aux; + if(bit == -1) { + if(x->aux && x->aux->notrust) { + ASN1_BIT_STRING_free(x->aux->notrust); + x->aux->notrust = NULL; + } + return 1; + } + if(!(aux = aux_get(x))) return 0; + if(!aux->notrust && !(aux->notrust = ASN1_BIT_STRING_new())) return 0; + return ASN1_BIT_STRING_set_bit(aux->notrust, bit, value); +} + +int X509_add_trust_object(X509 *x, ASN1_OBJECT *obj) +{ + X509_CERT_AUX *aux; + if(!(aux = aux_get(x))) return 0; + if(!aux->othertrust + && !(aux->othertrust = sk_ASN1_OBJECT_new_null())) return 0; + return sk_ASN1_OBJECT_push(aux->othertrust, obj); +} + +int X509_add_notrust_object(X509 *x, ASN1_OBJECT *obj) +{ + X509_CERT_AUX *aux; + if(!(aux = aux_get(x))) return 0; + if(!aux->othernotrust + && !(aux->othernotrust = sk_ASN1_OBJECT_new_null())) return 0; + return sk_ASN1_OBJECT_push(aux->othernotrust, obj); +} + diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c index 74a84b6e04..b51cf6ad8d 100644 --- a/crypto/dsa/dsa_ossl.c +++ b/crypto/dsa/dsa_ossl.c @@ -66,7 +66,7 @@ #include <openssl/asn1.h> static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); -int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa); static int dsa_init(DSA *dsa); @@ -161,7 +161,7 @@ err: return(ret); } -int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) +static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { BN_CTX *ctx; BIGNUM k,*kinv=NULL,*r=NULL; diff --git a/crypto/pem/pem.h b/crypto/pem/pem.h index 1b0c8a0aa5..ce2c1a3596 100644 --- a/crypto/pem/pem.h +++ b/crypto/pem/pem.h |