Add initial support for Thawte strong extranet certificate extensions and

include an 'indent' option to V3 stuff.
1999-03-27 14:06:25 +00:00 · 1999-03-27 14:06:25 +00:00 · 785cdf2048
commit 785cdf2048
parent ba423adddd
15 changed files with 100 additions and 62 deletions
--- a/4
+++ b/4
@ -5,6 +5,10 @@

 Changes between 0.9.2b and 0.9.3

+  *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1
+     and display support for Thawte strong extranet extension.
+     [Steve Henson]
+
  *) Add LinuxPPC support.
     [Jeff Dubrule <igor@pobox.org>]

--- a/crypto/asn1/asn1.err
+++ b/crypto/asn1/asn1.err
@ -75,6 +75,8 @@
 #define ASN1_F_D2I_PUBLICKEY				 156
 #define ASN1_F_D2I_RSAPRIVATEKEY			 157
 #define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_SXNET				 241
+#define ASN1_F_D2I_SXNETID				 243
 #define ASN1_F_D2I_X509					 159
 #define ASN1_F_D2I_X509_ALGOR				 160
 #define ASN1_F_D2I_X509_ATTRIBUTE			 161
@ -122,6 +124,8 @@
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
+#define ASN1_F_SXNETID_NEW				 244
+#define ASN1_F_SXNET_NEW				 242
 #define ASN1_F_X509_ALGOR_NEW				 202
 #define ASN1_F_X509_ATTRIBUTE_NEW			 203
 #define ASN1_F_X509_CINF_NEW				 204
--- a/crypto/asn1/asn1.h
+++ b/crypto/asn1/asn1.h
@ -768,6 +768,8 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_D2I_PUBLICKEY				 156
 #define ASN1_F_D2I_RSAPRIVATEKEY			 157
 #define ASN1_F_D2I_RSAPUBLICKEY				 158
+#define ASN1_F_D2I_SXNET				 241
+#define ASN1_F_D2I_SXNETID				 243
 #define ASN1_F_D2I_X509					 159
 #define ASN1_F_D2I_X509_ALGOR				 160
 #define ASN1_F_D2I_X509_ATTRIBUTE			 161
@ -815,6 +817,8 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING();
 #define ASN1_F_PKCS7_SIGNER_INFO_NEW			 200
 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW			 201
 #define ASN1_F_PKEY_USAGE_PERIOD_NEW			 240
+#define ASN1_F_SXNETID_NEW				 244
+#define ASN1_F_SXNET_NEW				 242
 #define ASN1_F_X509_ALGOR_NEW				 202
 #define ASN1_F_X509_ATTRIBUTE_NEW			 203
 #define ASN1_F_X509_CINF_NEW				 204
--- a/crypto/asn1/asn1_err.c
+++ b/crypto/asn1/asn1_err.c
@ -137,6 +137,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0),	"D2I_PUBLICKEY"},
 {ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0),	"D2I_RSAPRIVATEKEY"},
 {ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0),	"D2I_RSAPUBLICKEY"},
+{ERR_PACK(0,ASN1_F_D2I_SXNET,0),	"D2I_SXNET"},
+{ERR_PACK(0,ASN1_F_D2I_SXNETID,0),	"D2I_SXNETID"},
 {ERR_PACK(0,ASN1_F_D2I_X509,0),	"D2I_X509"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0),	"D2I_X509_ALGOR"},
 {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0),	"D2I_X509_ATTRIBUTE"},
@ -184,6 +186,8 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0),	"PKCS7_SIGNER_INFO_NEW"},
 {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0),	"PKCS7_SIGN_ENVELOPE_NEW"},
 {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0),	"PKEY_USAGE_PERIOD_NEW"},
+{ERR_PACK(0,ASN1_F_SXNETID_NEW,0),	"SXNETID_NEW"},
+{ERR_PACK(0,ASN1_F_SXNET_NEW,0),	"SXNET_NEW"},
 {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0),	"X509_ALGOR_NEW"},
 {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0),	"X509_ATTRIBUTE_NEW"},
 {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0),	"X509_CINF_NEW"},
--- a/crypto/asn1/t_crl.c
+++ b/crypto/asn1/t_crl.c
@ -167,8 +167,10 @@ X509_EXTENSION *ex;
 	obj=X509_EXTENSION_get_object(ex);
 	i2a_ASN1_OBJECT(out,obj);
 	j=X509_EXTENSION_get_critical(ex);
-	BIO_printf(out, ": %s\n%16s", j ? "critical":"","");
-	if(!X509V3_EXT_print(out, ex, 0))
-				 ASN1_OCTET_STRING_print(out,ex->value);
+	BIO_printf(out, ": %s\n", j ? "critical":"","");
+	if(!X509V3_EXT_print(out, ex, 0, 16)) {
+		BIO_printf(out, "%16s", "");
+		ASN1_OCTET_STRING_print(out,ex->value);
+	}
 	BIO_write(out,"\n",1);
 }
--- a/crypto/asn1/t_x509.c
+++ b/crypto/asn1/t_x509.c
@ -201,42 +201,11 @@ X509 *x;
 			obj=X509_EXTENSION_get_object(ex);
 			i2a_ASN1_OBJECT(bp,obj);
 			j=X509_EXTENSION_get_critical(ex);
-			if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0)
+			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
 				goto err;
-#if 0
-			pack_type=X509v3_pack_type_by_OBJ(obj);
-			data_type=X509v3_data_type_by_OBJ(obj);
-			
-			if (pack_type == X509_EXT_PACK_STRING)
-				{
-				if (X509v3_unpack_string(
-					&str,data_type,
-					X509_EXTENSION_get_data(ex)) == NULL)
-					{
-					/* hmm... */
-					goto err;
-					}
-				if (	(data_type == V_ASN1_IA5STRING) ||
-					(data_type == V_ASN1_PRINTABLESTRING) ||
-					(data_type == V_ASN1_T61STRING))
-					{
-					if (BIO_write(bp,(char *)str->data,
-							str->length) <= 0)
-						goto err;
-					}
-				else if (data_type == V_ASN1_BIT_STRING)
-					{
-					BIO_printf(bp,"0x");
-					for (j=0; j<str->length; j++)
-						{
-						BIO_printf(bp,"%02X",
-							str->data[j]);
-						}
-					}
-				}
-#endif
-			if(!X509V3_EXT_print(bp, ex, 0))
+			if(!X509V3_EXT_print(bp, ex, 0, 16))
 				{
+				BIO_printf(bp, "%16s", "");
 				ASN1_OCTET_STRING_print(bp,ex->value);
 				}
 			if (BIO_write(bp,"\n",1) <= 0) goto err;
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@ -61,12 +61,12 @@
 * perl obj_dat.pl < objects.h > obj_dat.h
 */

-#define NUM_NID 143
-#define NUM_SN 114
-#define NUM_LN 139
-#define NUM_OBJ 115
+#define NUM_NID 144
+#define NUM_SN 115
+#define NUM_LN 140
+#define NUM_OBJ 116

-static unsigned char lvalues[735]={
+static unsigned char lvalues[740]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@ -182,6 +182,7 @@ static unsigned char lvalues[735]={
 0x55,0x1D,0x1B,                              /* [725] OBJ_delta_crl */
 0x55,0x1D,0x15,                              /* [728] OBJ_crl_reason */
 0x55,0x1D,0x18,                              /* [731] OBJ_invalidity_date */
+0x2B,0x65,0x01,0x04,0x01,                    /* [734] OBJ_sxnet */
 };

 static ASN1_OBJECT nid_objs[NUM_NID]={
@ -380,6 +381,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0},
 {"invalidityDate","Invalidity Date",NID_invalidity_date,3,
 	&(lvalues[731]),0},
+{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[734]),0},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -456,6 +458,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[64]),/* "SHA1" */
 &(nid_objs[105]),/* "SN" */
 &(nid_objs[16]),/* "ST" */
+&(nid_objs[143]),/* "SXNetID" */
 &(nid_objs[106]),/* "T" */
 &(nid_objs[102]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
@ -522,6 +525,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
 &(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[143]),/* "Strong Extranet ID" */
 &(nid_objs[130]),/* "TLS Web Client Authentication" */
 &(nid_objs[129]),/* "TLS Web Server Authentication" */
 &(nid_objs[133]),/* "Time Stamping" */
@ -692,6 +696,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[70]),/* OBJ_dsaWithSHA1_2                1 3 14 3 2 27 */
 &(nid_objs[115]),/* OBJ_sha1WithRSA                  1 3 14 3 2 29 */
 &(nid_objs[117]),/* OBJ_ripemd160                    1 3 36 3 2 1 */
+&(nid_objs[143]),/* OBJ_sxnet                        1 3 101 1 4 1 */
 &(nid_objs[ 1]),/* OBJ_rsadsi                       1 2 840 113549 */
 &(nid_objs[127]),/* OBJ_id_pkix                      1 3 6 1 5 5 7 */
 &(nid_objs[119]),/* OBJ_ripemd160WithRSA             1 3 36 3 3 1 2 */
--- a/crypto/objects/objects.h
+++ b/crypto/objects/objects.h
@ -754,6 +754,11 @@ extern "C" {
 #define NID_invalidity_date		142
 #define OBJ_invalidity_date		OBJ_ld_ce,24L

+#define SN_sxnet			"SXNetID"
+#define LN_sxnet			"Strong Extranet ID"
+#define NID_sxnet			143
+#define OBJ_sxnet			1L,3L,101L,1L,4L,1L
+
 #include "bio.h"
 #include "asn1.h"

--- a/crypto/x509v3/Makefile.ssl
+++ b/crypto/x509v3/Makefile.ssl
@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o
+v3_int.o v3_enum.o v3_sxnet.o

 SRC= $(LIBSRC)

--- a/crypto/x509v3/v3_akey.c
+++ b/crypto/x509v3/v3_akey.c
@ -75,7 +75,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID();
 #endif

 X509V3_EXT_METHOD v3_akey_id = {
-NID_authority_key_identifier, 0,
+NID_authority_key_identifier, X509V3_EXT_MULTILINE,
 (X509V3_EXT_NEW)AUTHORITY_KEYID_new,
 AUTHORITY_KEYID_free,
 (X509V3_EXT_D2I)d2i_AUTHORITY_KEYID,
--- a/crypto/x509v3/v3_lib.c
+++ b/crypto/x509v3/v3_lib.c
@ -146,7 +146,7 @@ X509V3_EXT_METHOD *ext;
 }

 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;

 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason;
@ -163,6 +163,7 @@ int X509V3_add_standard_extensions()
 	X509V3_EXT_add(&v3_akey_id);
 	X509V3_EXT_add(&v3_pkey_usage_period);
 	X509V3_EXT_add(&v3_crl_num);
+	X509V3_EXT_add(&v3_sxnet);
 	X509V3_EXT_add(&v3_crl_reason);
 	return 1;
 }
--- a/crypto/x509v3/v3_pku.c
+++ b/crypto/x509v3/v3_pku.c
@ -63,7 +63,7 @@
 #include "x509v3.h"

 #ifndef NOPROTO
-static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out);
+static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent);
 /*
 static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values);
 */
@ -143,11 +143,13 @@ PKEY_USAGE_PERIOD *a;
 	Free ((char *)a);
 }

-static int i2r_PKEY_USAGE_PERIOD(method, usage, out)
+static int i2r_PKEY_USAGE_PERIOD(method, usage, out, indent)
 X509V3_EXT_METHOD *method;
 PKEY_USAGE_PERIOD *usage;
 BIO *out;
+int indent;
 {
+	BIO_printf(out, "%*s", indent, "");
 	if(usage->notBefore) {
 		BIO_write(out, "Not Before: ", 12);
 		ASN1_GENERALIZEDTIME_print(out, usage->notBefore);
--- a/crypto/x509v3/v3_prn.c
+++ b/crypto/x509v3/v3_prn.c
@ -66,28 +66,34 @@

 /* Print out a name+value stack */

-void X509V3_EXT_val_prn(out, val)
+void X509V3_EXT_val_prn(out, val, indent, ml)
 BIO *out;
 STACK *val;
+int indent;
+int ml;
 {
 	int i;
 	CONF_VALUE *nval;
 	if(!val) return;
+	if(!ml) BIO_printf(out, "%*s", indent, "");
 	for(i = 0; i < sk_num(val); i++) {
-		if(i > 0) BIO_printf(out, ", ");
+		if(ml) BIO_printf(out, "%*s", indent, "");
+		else if(i > 0) BIO_printf(out, ", ");
 		nval = (CONF_VALUE *)sk_value(val, i);
 		if(!nval->name) BIO_printf(out, "%s", nval->value);
 		else if(!nval->value) BIO_printf(out, "%s", nval->name);
 		else BIO_printf(out, "%s:%s", nval->name, nval->value);
+		if(ml) BIO_puts(out, "\n");
 	}
 }

 /* Main routine: print out a general extension */

-int X509V3_EXT_print(out, ext, flag)
+int X509V3_EXT_print(out, ext, flag, indent)
 BIO *out;
 X509_EXTENSION *ext;
 int flag;
+int indent;
 {
 	char *ext_str = NULL, *p, *value = NULL;
 	X509V3_EXT_METHOD *method;	
@ -101,15 +107,16 @@ int flag;
 			ok = 0;
 			goto err;
 		}
-		BIO_printf(out, value);
+		BIO_printf(out, "%*s%s", indent, "", value);
 	} else if(method->i2v) {
 		if(!(nval = method->i2v(method, ext_str, NULL))) {
 			ok = 0;
 			goto err;
 		}
-		X509V3_EXT_val_prn(out, nval);
+		X509V3_EXT_val_prn(out, nval, indent,
+				 method->ext_flags & X509V3_EXT_MULTILINE);
 	} else if(method->i2r) {
-		if(!method->i2r(method, ext_str, out)) ok = 0;
+		if(!method->i2r(method, ext_str, out, indent)) ok = 0;
 	} else ok = 0;

 	err:
@ -119,15 +126,16 @@ int flag;
 		return ok;
 }

-int X509V3_EXT_print_fp(fp, ext, flag)
+int X509V3_EXT_print_fp(fp, ext, flag, indent)
 FILE *fp;
 X509_EXTENSION *ext;
 int flag;
+int indent;
 {
 	BIO *bio_tmp;
 	int ret;
 	if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0;
-	ret = X509V3_EXT_print(bio_tmp, ext, flag);
+	ret = X509V3_EXT_print(bio_tmp, ext, flag, indent);
 	BIO_free(bio_tmp);
 	return ret;
 }
--- a/crypto/x509v3/v3prin.c
+++ b/crypto/x509v3/v3prin.c
@ -95,7 +95,7 @@ char **argv;
 	for(i = 0; i < count; i++) {
 		ext = X509_get_ext(cert, i);
 		printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object)));
-		if(!X509V3_EXT_print_fp(stdout, ext, 0)) ERR_print_errors_fp(stderr);
+		if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr);
 		printf("\n");
 		
 	}
--- a/crypto/x509v3/x509v3.h
+++ b/crypto/x509v3/x509v3.h
@ -79,7 +79,7 @@ typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext, STACK
 typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values);
 typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext);
 typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str);
-typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out);
+typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent);
 typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value);

 /* V3 extension structure */
@ -123,8 +123,9 @@ typedef struct v3_ext_method X509V3_EXT_METHOD;
 typedef struct v3_ext_ctx X509V3_CTX;

 /* ext_flags values */
-#define X509V3_EXT_DYNAMIC 0x1
-#define X509V3_EXT_CTX_DEP 0x2
+#define X509V3_EXT_DYNAMIC	0x1
+#define X509V3_EXT_CTX_DEP	0x2
+#define X509V3_EXT_MULTILINE	0x4

 typedef struct {
 int bitnum;
@ -173,8 +174,17 @@ union {
 } d;
 } GENERAL_NAME;

+/* Strong extranet structures */

+typedef struct {
+	ASN1_INTEGER *version;
+	STACK /* SXNETID */ *ids;
+} SXNET;

+typedef struct {
+	ASN1_INTEGER *zone;
+	ASN1_OCTET_STRING *user;
+} SXNETID;

 #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \
 ",name:", val->name, ",value:", val->value);
@ -215,6 +225,16 @@ GENERAL_NAME *GENERAL_NAME_new(void);
 void GENERAL_NAME_free(GENERAL_NAME *a);
 STACK *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK *ret);

+int i2d_SXNET(SXNET *a, unsigned char **pp);
+SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length);
+SXNET *SXNET_new(void);
+void SXNET_free(SXNET *a);
+
+int i2d_SXNETID(SXNETID *a, unsigned char **pp);
+SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length);
+SXNETID *SXNETID_new(void);
+void SXNETID_free(SXNETID *a);
+
 int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp);
 AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length);
 AUTHORITY_KEYID *AUTHORITY_KEYID_new(void);
@ -272,8 +292,8 @@ char *hex_to_string(unsigned char *buffer, long len);
 unsigned char *string_to_hex(char *str, long *len);
 int name_cmp(char *name, char *cmp);

-int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag);
-int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag);
+int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent);
+int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent);

 #else

@ -290,6 +310,16 @@ void GENERAL_NAME_free();
 STACK *i2v_GENERAL_NAME();
 GENERAL_NAME *v2i_GENERAL_NAME();

+int i2d_SXNET();
+SXNET *d2i_SXNET();
+SXNET *SXNET_new();
+void SXNET_free();
+
+int i2d_SXNETID();
+SXNETID *d2i_SXNETID();
+SXNETID *SXNETID_new();
+void SXNETID_free();
+
 int i2d_AUTHORITY_KEYID();
 AUTHORITY_KEYID *d2i_AUTHORITY_KEYID();
 AUTHORITY_KEYID *AUTHORITY_KEYID_new();