generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Support for inhibitAnyPolicy extension.

Browse Source
This commit is contained in:
Dr. Stephen Henson 2004-03-08 13:56:31 +00:00
parent 2457c19df1
commit edec614efd
7 changed files with 45 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@ -4,6 +4,9 @@
Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] Changes between 0.9.7c and 0.9.8 [xx XXX xxxx]
*) Support for inhibitAnyPolicy certificate extension.
[Steve Henson]
*) An audit of the BIGNUM code is underway, for which debugging code is *) An audit of the BIGNUM code is underway, for which debugging code is
enabled when BN_DEBUG is defined. This makes stricter enforcements on what enabled when BN_DEBUG is defined. This makes stricter enforcements on what
is considered valid when processing BIGNUMs, and causes execution to is considered valid when processing BIGNUMs, and causes execution to

16
crypto/objects/obj_dat.h
View File

@ -62,12 +62,12 @@
* [including the GNU Public Licence.] * [including the GNU Public Licence.]
*/ */
#define NUM_NID 736 #define NUM_NID 737
#define NUM_SN 731 #define NUM_SN 732
#define NUM_LN 731 #define NUM_LN 732
#define NUM_OBJ 693 #define NUM_OBJ 694
static unsigned char lvalues[4882]={ static unsigned char lvalues[4885]={
0x00, /* [ 0] OBJ_undef */ 0x00, /* [ 0] OBJ_undef */
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */
@ -761,6 +761,7 @@ static unsigned char lvalues[4882]={
0x00, /* [4878] OBJ_itu_t */ 0x00, /* [4878] OBJ_itu_t */
0x50, /* [4879] OBJ_joint_iso_itu_t */ 0x50, /* [4879] OBJ_joint_iso_itu_t */
0x67, /* [4880] OBJ_international_organizations */ 0x67, /* [4880] OBJ_international_organizations */
0x55,0x1D,0x36, /* [4881] OBJ_inhibit_any_policy */
}; };
static ASN1_OBJECT nid_objs[NUM_NID]={ static ASN1_OBJECT nid_objs[NUM_NID]={
@ -1906,6 +1907,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
{"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL}, {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL},
{"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL},
{"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL},
{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
NID_inhibit_any_policy,3,&(lvalues[4881]),0},
}; };
static ASN1_OBJECT *sn_objs[NUM_SN]={ static ASN1_OBJECT *sn_objs[NUM_SN]={
@ -2323,6 +2326,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
&(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
&(nid_objs[527]),/* "identified-organization" */ &(nid_objs[527]),/* "identified-organization" */
&(nid_objs[461]),/* "info" */ &(nid_objs[461]),/* "info" */
&(nid_objs[736]),/* "inhibitAnyPolicy" */
&(nid_objs[101]),/* "initials" */ &(nid_objs[101]),/* "initials" */
&(nid_objs[723]),/* "international-organizations" */ &(nid_objs[723]),/* "international-organizations" */
&(nid_objs[142]),/* "invalidityDate" */ &(nid_objs[142]),/* "invalidityDate" */
@ -2736,6 +2740,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
&(nid_objs[89]),/* "X509v3 Certificate Policies" */ &(nid_objs[89]),/* "X509v3 Certificate Policies" */
&(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ &(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
&(nid_objs[126]),/* "X509v3 Extended Key Usage" */ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
&(nid_objs[736]),/* "X509v3 Inhibit Any Policy" */
&(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
&(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[83]),/* "X509v3 Key Usage" */
&(nid_objs[720]),/* "X509v3 Name Constraints" */ &(nid_objs[720]),/* "X509v3 Name Constraints" */
@ -3436,6 +3441,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
&(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */
&(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */
&(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */
&(nid_objs[736]),/* OBJ_inhibit_any_policy 2 5 29 54 */
&(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */
&(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */
&(nid_objs[577]),/* OBJ_set_ctype 2 23 42 0 */ &(nid_objs[577]),/* OBJ_set_ctype 2 23 42 0 */

5
crypto/objects/obj_mac.h
View File

@ -2082,6 +2082,11 @@
#define NID_ext_key_usage 126 #define NID_ext_key_usage 126
#define OBJ_ext_key_usage OBJ_id_ce,37L #define OBJ_ext_key_usage OBJ_id_ce,37L
#define SN_inhibit_any_policy "inhibitAnyPolicy"
#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy"
#define NID_inhibit_any_policy 736
#define OBJ_inhibit_any_policy OBJ_id_ce,54L
#define SN_target_information "targetInformation" #define SN_target_information "targetInformation"
#define LN_target_information "X509v3 AC Targeting" #define LN_target_information "X509v3 AC Targeting"
#define NID_target_information 402 #define NID_target_information 402

1
crypto/objects/obj_mac.num
View File

@ -733,3 +733,4 @@ des_cfb1 732
des_cfb8 733 des_cfb8 733
des_ede3_cfb1 734 des_ede3_cfb1 734
des_ede3_cfb8 735 des_ede3_cfb8 735
inhibit_any_policy 736

2
crypto/objects/objects.txt
View File

@ -679,6 +679,8 @@ id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier
id-ce 36 : policyConstraints : X509v3 Policy Constraints id-ce 36 : policyConstraints : X509v3 Policy Constraints
!Cname ext-key-usage !Cname ext-key-usage
id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage
!Cname inhibit-any-policy
id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy
!Cname target-information !Cname target-information
id-ce 55 : targetInformation : X509v3 AC Targeting id-ce 55 : targetInformation : X509v3 AC Targeting
!Cname no-rev-avail !Cname no-rev-avail

7
crypto/x509v3/ext_dat.h
View File

@ -3,7 +3,7 @@
* project 1999. * project 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -65,7 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
extern X509V3_EXT_METHOD v3_crl_hold; extern X509V3_EXT_METHOD v3_crl_hold;
extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
extern X509V3_EXT_METHOD v3_name_constraints; extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;
/* This table will be searched using OBJ_bsearch so it *must* kept in /* This table will be searched using OBJ_bsearch so it *must* kept in
* order of the ext_nid values. * order of the ext_nid values.
@ -111,7 +111,8 @@ static X509V3_EXT_METHOD *standard_exts[] = {
&v3_crl_hold, &v3_crl_hold,
#endif #endif
&v3_policy_mappings, &v3_policy_mappings,
&v3_name_constraints &v3_name_constraints,
&v3_inhibit_anyp
}; };
/* Number of standard extensions */ /* Number of standard extensions */

25
crypto/x509v3/v3_int.c
View File

@ -3,7 +3,7 @@
* project 1999. * project 1999.
*/ */
/* ==================================================================== /* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved. * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved.
* *
* Redistribution and use in source and binary forms, with or without * Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions * modification, are permitted provided that the following conditions
@ -61,9 +61,22 @@
#include <openssl/x509v3.h> #include <openssl/x509v3.h>
X509V3_EXT_METHOD v3_crl_num = { X509V3_EXT_METHOD v3_crl_num = {
NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
0,0,0,0, 0,0,0,0,
(X509V3_EXT_I2S)i2s_ASN1_INTEGER, (X509V3_EXT_I2S)i2s_ASN1_INTEGER,
0, 0,
0,0,0,0, NULL}; 0,0,0,0, NULL};
void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
{
return s2i_ASN1_INTEGER(meth, value);
}
X509V3_EXT_METHOD v3_inhibit_anyp = {
NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
0,0,0,0,
(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
(X509V3_EXT_S2I)s2i_asn1_int,
0,0,0,0, NULL};