diff --git a/CHANGES b/CHANGES index 13e41f3ed..e02e74859 100644 --- a/CHANGES +++ b/CHANGES @@ -5,6 +5,10 @@ Changes between 0.9.2b and 0.9.3 + *) Add a new 'indent' option to some X509V3 extension code. Initial ASN1 + and display support for Thawte strong extranet extension. + [Steve Henson] + *) Add LinuxPPC support. [Jeff Dubrule ] diff --git a/crypto/asn1/asn1.err b/crypto/asn1/asn1.err index 92acb0a06..3146d470b 100644 --- a/crypto/asn1/asn1.err +++ b/crypto/asn1/asn1.err @@ -75,6 +75,8 @@ #define ASN1_F_D2I_PUBLICKEY 156 #define ASN1_F_D2I_RSAPRIVATEKEY 157 #define ASN1_F_D2I_RSAPUBLICKEY 158 +#define ASN1_F_D2I_SXNET 241 +#define ASN1_F_D2I_SXNETID 243 #define ASN1_F_D2I_X509 159 #define ASN1_F_D2I_X509_ALGOR 160 #define ASN1_F_D2I_X509_ATTRIBUTE 161 @@ -122,6 +124,8 @@ #define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 #define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 +#define ASN1_F_SXNETID_NEW 244 +#define ASN1_F_SXNET_NEW 242 #define ASN1_F_X509_ALGOR_NEW 202 #define ASN1_F_X509_ATTRIBUTE_NEW 203 #define ASN1_F_X509_CINF_NEW 204 diff --git a/crypto/asn1/asn1.h b/crypto/asn1/asn1.h index d2f81e524..7e605c83d 100644 --- a/crypto/asn1/asn1.h +++ b/crypto/asn1/asn1.h @@ -768,6 +768,8 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_D2I_PUBLICKEY 156 #define ASN1_F_D2I_RSAPRIVATEKEY 157 #define ASN1_F_D2I_RSAPUBLICKEY 158 +#define ASN1_F_D2I_SXNET 241 +#define ASN1_F_D2I_SXNETID 243 #define ASN1_F_D2I_X509 159 #define ASN1_F_D2I_X509_ALGOR 160 #define ASN1_F_D2I_X509_ATTRIBUTE 161 @@ -815,6 +817,8 @@ ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(); #define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 #define ASN1_F_PKEY_USAGE_PERIOD_NEW 240 +#define ASN1_F_SXNETID_NEW 244 +#define ASN1_F_SXNET_NEW 242 #define ASN1_F_X509_ALGOR_NEW 202 #define ASN1_F_X509_ATTRIBUTE_NEW 203 #define ASN1_F_X509_CINF_NEW 204 diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index aead3126c..900358249 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -137,6 +137,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "D2I_PUBLICKEY"}, {ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0), "D2I_RSAPRIVATEKEY"}, {ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "D2I_RSAPUBLICKEY"}, +{ERR_PACK(0,ASN1_F_D2I_SXNET,0), "D2I_SXNET"}, +{ERR_PACK(0,ASN1_F_D2I_SXNETID,0), "D2I_SXNETID"}, {ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0), "D2I_X509_ALGOR"}, {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0), "D2I_X509_ATTRIBUTE"}, @@ -184,6 +186,8 @@ static ERR_STRING_DATA ASN1_str_functs[]= {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0), "PKCS7_SIGNER_INFO_NEW"}, {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"}, {ERR_PACK(0,ASN1_F_PKEY_USAGE_PERIOD_NEW,0), "PKEY_USAGE_PERIOD_NEW"}, +{ERR_PACK(0,ASN1_F_SXNETID_NEW,0), "SXNETID_NEW"}, +{ERR_PACK(0,ASN1_F_SXNET_NEW,0), "SXNET_NEW"}, {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0), "X509_ALGOR_NEW"}, {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0), "X509_ATTRIBUTE_NEW"}, {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, diff --git a/crypto/asn1/t_crl.c b/crypto/asn1/t_crl.c index d36b0c23a..eb0ab2e32 100644 --- a/crypto/asn1/t_crl.c +++ b/crypto/asn1/t_crl.c @@ -167,8 +167,10 @@ X509_EXTENSION *ex; obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(out,obj); j=X509_EXTENSION_get_critical(ex); - BIO_printf(out, ": %s\n%16s", j ? "critical":"",""); - if(!X509V3_EXT_print(out, ex, 0)) - ASN1_OCTET_STRING_print(out,ex->value); + BIO_printf(out, ": %s\n", j ? "critical":"",""); + if(!X509V3_EXT_print(out, ex, 0, 16)) { + BIO_printf(out, "%16s", ""); + ASN1_OCTET_STRING_print(out,ex->value); + } BIO_write(out,"\n",1); } diff --git a/crypto/asn1/t_x509.c b/crypto/asn1/t_x509.c index f0534efc0..12e170488 100644 --- a/crypto/asn1/t_x509.c +++ b/crypto/asn1/t_x509.c @@ -201,42 +201,11 @@ X509 *x; obj=X509_EXTENSION_get_object(ex); i2a_ASN1_OBJECT(bp,obj); j=X509_EXTENSION_get_critical(ex); - if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0) + if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) goto err; -#if 0 - pack_type=X509v3_pack_type_by_OBJ(obj); - data_type=X509v3_data_type_by_OBJ(obj); - - if (pack_type == X509_EXT_PACK_STRING) - { - if (X509v3_unpack_string( - &str,data_type, - X509_EXTENSION_get_data(ex)) == NULL) - { - /* hmm... */ - goto err; - } - if ( (data_type == V_ASN1_IA5STRING) || - (data_type == V_ASN1_PRINTABLESTRING) || - (data_type == V_ASN1_T61STRING)) - { - if (BIO_write(bp,(char *)str->data, - str->length) <= 0) - goto err; - } - else if (data_type == V_ASN1_BIT_STRING) - { - BIO_printf(bp,"0x"); - for (j=0; jlength; j++) - { - BIO_printf(bp,"%02X", - str->data[j]); - } - } - } -#endif - if(!X509V3_EXT_print(bp, ex, 0)) + if(!X509V3_EXT_print(bp, ex, 0, 16)) { + BIO_printf(bp, "%16s", ""); ASN1_OCTET_STRING_print(bp,ex->value); } if (BIO_write(bp,"\n",1) <= 0) goto err; diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 5362bad76..b5dd338fb 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -61,12 +61,12 @@ * perl obj_dat.pl < objects.h > obj_dat.h */ -#define NUM_NID 143 -#define NUM_SN 114 -#define NUM_LN 139 -#define NUM_OBJ 115 +#define NUM_NID 144 +#define NUM_SN 115 +#define NUM_LN 140 +#define NUM_OBJ 116 -static unsigned char lvalues[735]={ +static unsigned char lvalues[740]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -182,6 +182,7 @@ static unsigned char lvalues[735]={ 0x55,0x1D,0x1B, /* [725] OBJ_delta_crl */ 0x55,0x1D,0x15, /* [728] OBJ_crl_reason */ 0x55,0x1D,0x18, /* [731] OBJ_invalidity_date */ +0x2B,0x65,0x01,0x04,0x01, /* [734] OBJ_sxnet */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -380,6 +381,7 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"CRLReason","CRL Reason Code",NID_crl_reason,3,&(lvalues[728]),0}, {"invalidityDate","Invalidity Date",NID_invalidity_date,3, &(lvalues[731]),0}, +{"SXNetID","Strong Extranet ID",NID_sxnet,5,&(lvalues[734]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -456,6 +458,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[64]),/* "SHA1" */ &(nid_objs[105]),/* "SN" */ &(nid_objs[16]),/* "ST" */ +&(nid_objs[143]),/* "SXNetID" */ &(nid_objs[106]),/* "T" */ &(nid_objs[102]),/* "UID" */ &(nid_objs[ 0]),/* "UNDEF" */ @@ -522,6 +525,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[73]),/* "Netscape Revocation Url" */ &(nid_objs[77]),/* "Netscape SSL Server Name" */ &(nid_objs[139]),/* "Netscape Server Gated Crypto" */ +&(nid_objs[143]),/* "Strong Extranet ID" */ &(nid_objs[130]),/* "TLS Web Client Authentication" */ &(nid_objs[129]),/* "TLS Web Server Authentication" */ &(nid_objs[133]),/* "Time Stamping" */ @@ -692,6 +696,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[70]),/* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */ &(nid_objs[115]),/* OBJ_sha1WithRSA 1 3 14 3 2 29 */ &(nid_objs[117]),/* OBJ_ripemd160 1 3 36 3 2 1 */ +&(nid_objs[143]),/* OBJ_sxnet 1 3 101 1 4 1 */ &(nid_objs[ 1]),/* OBJ_rsadsi 1 2 840 113549 */ &(nid_objs[127]),/* OBJ_id_pkix 1 3 6 1 5 5 7 */ &(nid_objs[119]),/* OBJ_ripemd160WithRSA 1 3 36 3 3 1 2 */ diff --git a/crypto/objects/objects.h b/crypto/objects/objects.h index 6ee2d4ff2..bc140ee6c 100644 --- a/crypto/objects/objects.h +++ b/crypto/objects/objects.h @@ -754,6 +754,11 @@ extern "C" { #define NID_invalidity_date 142 #define OBJ_invalidity_date OBJ_ld_ce,24L +#define SN_sxnet "SXNetID" +#define LN_sxnet "Strong Extranet ID" +#define NID_sxnet 143 +#define OBJ_sxnet 1L,3L,101L,1L,4L,1L + #include "bio.h" #include "asn1.h" diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 6b5399cc0..5c27afcc8 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -24,10 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ -v3_pku.c v3_int.c v3_enum.c +v3_pku.c v3_int.c v3_enum.c v3_sxnet.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ -v3_int.o v3_enum.o +v3_int.o v3_enum.o v3_sxnet.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/v3_akey.c b/crypto/x509v3/v3_akey.c index 8bee98cc1..016a6a806 100644 --- a/crypto/x509v3/v3_akey.c +++ b/crypto/x509v3/v3_akey.c @@ -75,7 +75,7 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(); #endif X509V3_EXT_METHOD v3_akey_id = { -NID_authority_key_identifier, 0, +NID_authority_key_identifier, X509V3_EXT_MULTILINE, (X509V3_EXT_NEW)AUTHORITY_KEYID_new, AUTHORITY_KEYID_free, (X509V3_EXT_D2I)d2i_AUTHORITY_KEYID, diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 268617303..7abac2997 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -146,7 +146,7 @@ X509V3_EXT_METHOD *ext; } extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; -extern X509V3_EXT_METHOD v3_pkey_usage_period; +extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason; @@ -163,6 +163,7 @@ int X509V3_add_standard_extensions() X509V3_EXT_add(&v3_akey_id); X509V3_EXT_add(&v3_pkey_usage_period); X509V3_EXT_add(&v3_crl_num); + X509V3_EXT_add(&v3_sxnet); X509V3_EXT_add(&v3_crl_reason); return 1; } diff --git a/crypto/x509v3/v3_pku.c b/crypto/x509v3/v3_pku.c index a602191c5..23a71522f 100644 --- a/crypto/x509v3/v3_pku.c +++ b/crypto/x509v3/v3_pku.c @@ -63,7 +63,7 @@ #include "x509v3.h" #ifndef NOPROTO -static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out); +static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); /* static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK *values); */ @@ -143,11 +143,13 @@ PKEY_USAGE_PERIOD *a; Free ((char *)a); } -static int i2r_PKEY_USAGE_PERIOD(method, usage, out) +static int i2r_PKEY_USAGE_PERIOD(method, usage, out, indent) X509V3_EXT_METHOD *method; PKEY_USAGE_PERIOD *usage; BIO *out; +int indent; { + BIO_printf(out, "%*s", indent, ""); if(usage->notBefore) { BIO_write(out, "Not Before: ", 12); ASN1_GENERALIZEDTIME_print(out, usage->notBefore); diff --git a/crypto/x509v3/v3_prn.c b/crypto/x509v3/v3_prn.c index f3cca7a8d..34bc9c86a 100644 --- a/crypto/x509v3/v3_prn.c +++ b/crypto/x509v3/v3_prn.c @@ -66,28 +66,34 @@ /* Print out a name+value stack */ -void X509V3_EXT_val_prn(out, val) +void X509V3_EXT_val_prn(out, val, indent, ml) BIO *out; STACK *val; +int indent; +int ml; { int i; CONF_VALUE *nval; if(!val) return; + if(!ml) BIO_printf(out, "%*s", indent, ""); for(i = 0; i < sk_num(val); i++) { - if(i > 0) BIO_printf(out, ", "); + if(ml) BIO_printf(out, "%*s", indent, ""); + else if(i > 0) BIO_printf(out, ", "); nval = (CONF_VALUE *)sk_value(val, i); if(!nval->name) BIO_printf(out, "%s", nval->value); else if(!nval->value) BIO_printf(out, "%s", nval->name); else BIO_printf(out, "%s:%s", nval->name, nval->value); + if(ml) BIO_puts(out, "\n"); } } /* Main routine: print out a general extension */ -int X509V3_EXT_print(out, ext, flag) +int X509V3_EXT_print(out, ext, flag, indent) BIO *out; X509_EXTENSION *ext; int flag; +int indent; { char *ext_str = NULL, *p, *value = NULL; X509V3_EXT_METHOD *method; @@ -101,15 +107,16 @@ int flag; ok = 0; goto err; } - BIO_printf(out, value); + BIO_printf(out, "%*s%s", indent, "", value); } else if(method->i2v) { if(!(nval = method->i2v(method, ext_str, NULL))) { ok = 0; goto err; } - X509V3_EXT_val_prn(out, nval); + X509V3_EXT_val_prn(out, nval, indent, + method->ext_flags & X509V3_EXT_MULTILINE); } else if(method->i2r) { - if(!method->i2r(method, ext_str, out)) ok = 0; + if(!method->i2r(method, ext_str, out, indent)) ok = 0; } else ok = 0; err: @@ -119,15 +126,16 @@ int flag; return ok; } -int X509V3_EXT_print_fp(fp, ext, flag) +int X509V3_EXT_print_fp(fp, ext, flag, indent) FILE *fp; X509_EXTENSION *ext; int flag; +int indent; { BIO *bio_tmp; int ret; if(!(bio_tmp = BIO_new_fp(fp, BIO_NOCLOSE))) return 0; - ret = X509V3_EXT_print(bio_tmp, ext, flag); + ret = X509V3_EXT_print(bio_tmp, ext, flag, indent); BIO_free(bio_tmp); return ret; } diff --git a/crypto/x509v3/v3prin.c b/crypto/x509v3/v3prin.c index 3a8ce9314..36f78b25d 100644 --- a/crypto/x509v3/v3prin.c +++ b/crypto/x509v3/v3prin.c @@ -95,7 +95,7 @@ char **argv; for(i = 0; i < count; i++) { ext = X509_get_ext(cert, i); printf("%s\n", OBJ_nid2ln(OBJ_obj2nid(ext->object))); - if(!X509V3_EXT_print_fp(stdout, ext, 0)) ERR_print_errors_fp(stderr); + if(!X509V3_EXT_print_fp(stdout, ext, 0, 0)) ERR_print_errors_fp(stderr); printf("\n"); } diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index 0d1b34055..89147cf93 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -79,7 +79,7 @@ typedef STACK * (*X509V3_EXT_I2V)(struct v3_ext_method *method, char *ext, STACK typedef char * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK *values); typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, char *ext); typedef char * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); -typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out); +typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, char *ext, BIO *out, int indent); typedef char *(*X509V3_EXT_R2I)(struct v3_ext_method *method, char *db, char *value); /* V3 extension structure */ @@ -123,8 +123,9 @@ typedef struct v3_ext_method X509V3_EXT_METHOD; typedef struct v3_ext_ctx X509V3_CTX; /* ext_flags values */ -#define X509V3_EXT_DYNAMIC 0x1 -#define X509V3_EXT_CTX_DEP 0x2 +#define X509V3_EXT_DYNAMIC 0x1 +#define X509V3_EXT_CTX_DEP 0x2 +#define X509V3_EXT_MULTILINE 0x4 typedef struct { int bitnum; @@ -173,8 +174,17 @@ union { } d; } GENERAL_NAME; +/* Strong extranet structures */ +typedef struct { + ASN1_INTEGER *version; + STACK /* SXNETID */ *ids; +} SXNET; +typedef struct { + ASN1_INTEGER *zone; + ASN1_OCTET_STRING *user; +} SXNETID; #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ ",name:", val->name, ",value:", val->value); @@ -215,6 +225,16 @@ GENERAL_NAME *GENERAL_NAME_new(void); void GENERAL_NAME_free(GENERAL_NAME *a); STACK *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK *ret); +int i2d_SXNET(SXNET *a, unsigned char **pp); +SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length); +SXNET *SXNET_new(void); +void SXNET_free(SXNET *a); + +int i2d_SXNETID(SXNETID *a, unsigned char **pp); +SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length); +SXNETID *SXNETID_new(void); +void SXNETID_free(SXNETID *a); + int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp); AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, long length); AUTHORITY_KEYID *AUTHORITY_KEYID_new(void); @@ -272,8 +292,8 @@ char *hex_to_string(unsigned char *buffer, long len); unsigned char *string_to_hex(char *str, long *len); int name_cmp(char *name, char *cmp); -int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag); -int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag); +int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent); +int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); #else @@ -290,6 +310,16 @@ void GENERAL_NAME_free(); STACK *i2v_GENERAL_NAME(); GENERAL_NAME *v2i_GENERAL_NAME(); +int i2d_SXNET(); +SXNET *d2i_SXNET(); +SXNET *SXNET_new(); +void SXNET_free(); + +int i2d_SXNETID(); +SXNETID *d2i_SXNETID(); +SXNETID *SXNETID_new(); +void SXNETID_free(); + int i2d_AUTHORITY_KEYID(); AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(); AUTHORITY_KEYID *AUTHORITY_KEYID_new();