From c74f1eb9bde5c66be3d6685dcc395f39a53add55 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Sat, 20 Feb 1999 01:15:41 +0000 Subject: [PATCH] Preliminary support for reason code CRL extension. --- crypto/x509v3/Makefile.ssl | 4 +- crypto/x509v3/v3_enum.c | 105 +++++++++++++++++++++++++++++++++++++ crypto/x509v3/v3_lib.c | 3 +- crypto/x509v3/v3_utl.c | 18 ++++++- crypto/x509v3/v3err.c | 3 +- crypto/x509v3/x509v3.err | 1 + crypto/x509v3/x509v3.h | 9 ++++ 7 files changed, 137 insertions(+), 6 deletions(-) create mode 100644 crypto/x509v3/v3_enum.c diff --git a/crypto/x509v3/Makefile.ssl b/crypto/x509v3/Makefile.ssl index 77604d6fed..ee04a58dea 100644 --- a/crypto/x509v3/Makefile.ssl +++ b/crypto/x509v3/Makefile.ssl @@ -24,10 +24,10 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \ v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \ -v3_pku.c v3_int.c +v3_pku.c v3_int.c v3_enum.c LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \ v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \ -v3_int.o +v3_int.o v3_enum.o SRC= $(LIBSRC) diff --git a/crypto/x509v3/v3_enum.c b/crypto/x509v3/v3_enum.c new file mode 100644 index 0000000000..017f6f3607 --- /dev/null +++ b/crypto/x509v3/v3_enum.c @@ -0,0 +1,105 @@ +/* v3_enum.c */ +/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL + * project 1999. + */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#include +#include +#include +#include +#include "x509v3.h" + +static ASN1_ENUMERATED *asn1_enumerated_new(); + +static ENUMERATED_NAMES crl_reasons[] = { +{0, "Unspecified", "unspecified"}, +{1, "Key Compromise", "keyCompromise"}, +{2, "CA Compromise", "CACompromise"}, +{3, "Affiliation Changed", "affiliationChanged"}, +{4, "Superseded", "superseded"}, +{5, "Cessation Of Operation", "cessationOfOperation"}, +{6, "Certificate Hold", "certificateHold"}, +{8, "Remove From CRL", "removeFromCRL"}, +{-1, NULL, NULL} +}; + +X509V3_EXT_METHOD v3_crl_reason = { +NID_crl_reason, 0, +(X509V3_EXT_NEW)asn1_enumerated_new, ASN1_STRING_free, +(X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, +i2d_ASN1_ENUMERATED, +(X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, +(X509V3_EXT_S2I)NULL, +NULL, NULL, NULL, (char *)crl_reasons}; + + +static ASN1_ENUMERATED *asn1_enumerated_new() +{ + return ASN1_ENUMERATED_new(); +} + +char *i2s_ASN1_ENUMERATED_TABLE(method, e) +X509V3_EXT_METHOD *method; +ASN1_ENUMERATED *e; +{ + ENUMERATED_NAMES *enam; + long strval; + strval = ASN1_ENUMERATED_get(e); + for(enam =(ENUMERATED_NAMES *)method->usr_data; enam->lname; enam++) { + if(strval == enam->bitnum) return str_dup(enam->lname); + } + return i2s_ASN1_ENUMERATED(method, e); +} diff --git a/crypto/x509v3/v3_lib.c b/crypto/x509v3/v3_lib.c index 7b6bda4f2c..b40df76850 100644 --- a/crypto/x509v3/v3_lib.c +++ b/crypto/x509v3/v3_lib.c @@ -150,7 +150,7 @@ extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; extern X509V3_EXT_METHOD v3_pkey_usage_period; extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; -extern X509V3_EXT_METHOD v3_crl_num; +extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason; int X509V3_add_standard_extensions() { @@ -164,6 +164,7 @@ int X509V3_add_standard_extensions() X509V3_EXT_add(&v3_akey_id); X509V3_EXT_add(&v3_pkey_usage_period); X509V3_EXT_add(&v3_crl_num); + X509V3_EXT_add(&v3_crl_reason); return 1; } diff --git a/crypto/x509v3/v3_utl.c b/crypto/x509v3/v3_utl.c index 2b4d079b0e..dc43fcb7bd 100644 --- a/crypto/x509v3/v3_utl.c +++ b/crypto/x509v3/v3_utl.c @@ -65,10 +65,9 @@ #include #include "x509v3.h" -static char * str_dup(char *str); static char *strip_spaces(char *name); -static char *str_dup(str) +char *str_dup(str) char *str; { char *tmp; @@ -133,6 +132,21 @@ STACK **extlist; return 1; } + +char *i2s_ASN1_ENUMERATED(method, a) +X509V3_EXT_METHOD *method; +ASN1_ENUMERATED *a; +{ + BIGNUM *bntmp = NULL; + char *strtmp = NULL; + if(!a) return NULL; + if(!(bntmp = ASN1_ENUMERATED_to_BN(a, NULL)) || + !(strtmp = BN_bn2dec(bntmp)) ) + X509V3err(X509V3_F_I2S_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); + BN_free(bntmp); + return strtmp; +} + char *i2s_ASN1_INTEGER(method, a) X509V3_EXT_METHOD *method; ASN1_INTEGER *a; diff --git a/crypto/x509v3/v3err.c b/crypto/x509v3/v3err.c index 41367e00e7..633c53045c 100644 --- a/crypto/x509v3/v3err.c +++ b/crypto/x509v3/v3err.c @@ -64,7 +64,8 @@ static ERR_STRING_DATA X509V3_str_functs[]= { {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, -{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "I2S_ASN1_INTEGER"}, +{ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "I2S_ASN1_ENUMERATED"}, +{ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_IA5STRING,0), "S2I_ASN1_IA5STRING"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_OCTET_STRING,0), "s2i_ASN1_OCTET_STRING"}, {ERR_PACK(0,X509V3_F_S2I_ASN1_SKEY_ID,0), "S2I_ASN1_SKEY_ID"}, diff --git a/crypto/x509v3/x509v3.err b/crypto/x509v3/x509v3.err index fddbafd3ab..f389768680 100644 --- a/crypto/x509v3/x509v3.err +++ b/crypto/x509v3/x509v3.err @@ -2,6 +2,7 @@ /* Function codes. */ #define X509V3_F_HEX_TO_STRING 111 +#define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h index c6f7a4824c..1998643dff 100644 --- a/crypto/x509v3/x509v3.h +++ b/crypto/x509v3/x509v3.h @@ -130,6 +130,8 @@ char *lname; char *sname; } BIT_STRING_BITNAME; +typedef BIT_STRING_BITNAME ENUMERATED_NAMES; + typedef struct { int ca; ASN1_INTEGER *pathlen; @@ -241,6 +243,7 @@ GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_ void X509V3_conf_free(CONF_VALUE *val); X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); +char *str_dup(char *val); int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); int X509V3_EXT_check_conf(LHASH *conf, char *section); int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); @@ -251,6 +254,8 @@ int X509V3_add_value(char *name, char *value, STACK **extlist); int X509V3_add_value_bool(char *name, int asn1_bool, STACK **extlist); int X509V3_add_value_int( char *name, ASN1_INTEGER *aint, STACK **extlist); char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); +char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); +char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); int X509V3_EXT_add(X509V3_EXT_METHOD *ext); int X509V3_EXT_add_alias(int nid_to, int nid_from); void X509V3_EXT_cleanup(void); @@ -305,6 +310,7 @@ STACK *ext_ku_new(); #ifdef HEADER_CONF_H void X509V3_conf_free(); +char *str_dup(); X509_EXTENSION *X509V3_EXT_conf_nid(); X509_EXTENSION *X509V3_EXT_conf(); int X509V3_EXT_add_conf(); @@ -317,6 +323,8 @@ int X509V3_add_value(); int X509V3_add_value_bool(); int X509V3_add_value_int(); char *i2s_ASN1_INTEGER(); +char * i2s_ASN1_ENUMERATED(); +char * i2s_ASN1_ENUMERATED_TABLE(); int X509V3_EXT_add(); int X509V3_EXT_add_alias(); void X509V3_EXT_cleanup(); @@ -340,6 +348,7 @@ int X509V3_EXT_print_fp(); /* Function codes. */ #define X509V3_F_HEX_TO_STRING 111 +#define X509V3_F_I2S_ASN1_ENUMERATED 121 #define X509V3_F_I2S_ASN1_INTEGER 120 #define X509V3_F_S2I_ASN1_IA5STRING 100 #define X509V3_F_S2I_ASN1_OCTET_STRING 112 -- 2.25.1