[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Thu Apr 20 19:00:15 UTC 2017
The branch master has been updated
via 0444c52a5ff3c2c09f8d7f0f5b464e10231de032 (commit)
from 623d1056de175ee5cd17839617fbfabac72cba91 (commit)
- Log -----------------------------------------------------------------
commit 0444c52a5ff3c2c09f8d7f0f5b464e10231de032
Author: Marek Klein <kleinmrk at gmail.com>
Date: Thu Jan 21 18:43:57 2016 +0000
explicitText encoding
Reviewed-by: Richard Levitte <levitte at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/576)
-----------------------------------------------------------------------
Summary of changes:
crypto/x509v3/v3_cpols.c | 49 ++++++++++++++++++++++++++++++++++++++++++----
doc/man5/x509v3_config.pod | 6 ++++++
2 files changed, 51 insertions(+), 4 deletions(-)
diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c
index 22c56ba..ea65e07 100644
--- a/crypto/x509v3/v3_cpols.c
+++ b/crypto/x509v3/v3_cpols.c
@@ -31,6 +31,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org);
static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos);
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len);
+static int displaytext_get_tag_len(const char *tagstr);
const X509V3_EXT_METHOD v3_cpols = {
NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES),
@@ -242,13 +244,48 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx,
}
+static int displaytext_get_tag_len(const char *tagstr)
+{
+ char *colon = strchr(tagstr, ':');
+
+ return (colon == NULL) ? -1 : colon - tagstr;
+}
+
+static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len)
+{
+ int len;
+
+ *tag_len = 0;
+ len = displaytext_get_tag_len(tagstr);
+
+ if (len == -1)
+ return V_ASN1_VISIBLESTRING;
+ *tag_len = len;
+ if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0)
+ return V_ASN1_UTF8STRING;
+ if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0)
+ return V_ASN1_UTF8STRING;
+ if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0)
+ return V_ASN1_BMPSTRING;
+ if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0)
+ return V_ASN1_BMPSTRING;
+ if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0)
+ return V_ASN1_VISIBLESTRING;
+ if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0)
+ return V_ASN1_VISIBLESTRING;
+ *tag_len = 0;
+ return V_ASN1_VISIBLESTRING;
+}
+
static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
STACK_OF(CONF_VALUE) *unot, int ia5org)
{
- int i, ret;
+ int i, ret, len, tag;
+ unsigned int tag_len;
CONF_VALUE *cnf;
USERNOTICE *not;
POLICYQUALINFO *qual;
+ char *value = NULL;
if ((qual = POLICYQUALINFO_new()) == NULL)
goto merr;
@@ -261,11 +298,15 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx,
qual->d.usernotice = not;
for (i = 0; i < sk_CONF_VALUE_num(unot); i++) {
cnf = sk_CONF_VALUE_value(unot, i);
+ value = cnf->value;
if (strcmp(cnf->name, "explicitText") == 0) {
- if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL)
+ tag = displaytext_str2tag(value, &tag_len);
+ if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL)
goto merr;
- if (!ASN1_STRING_set(not->exptext, cnf->value,
- strlen(cnf->value)))
+ if (tag_len != 0)
+ value += tag_len + 1;
+ len = strlen(value);
+ if (!ASN1_STRING_set(not->exptext, value, len))
goto merr;
} else if (strcmp(cnf->name, "organization") == 0) {
NOTICEREF *nref;
diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod
index 17800ea..0662326 100644
--- a/doc/man5/x509v3_config.pod
+++ b/doc/man5/x509v3_config.pod
@@ -353,6 +353,12 @@ The B<ia5org> option changes the type of the I<organization> field. In RFC2459
it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible.
Some software (for example some versions of MSIE) may require ia5org.
+ASN1 type of explicitText can be specified by prepending B<UTF8>,
+B<BMP> or B<VISIBLE> prefix followed by colon. For example:
+
+ [notice]
+ explicitText="UTF8:Explicit Text Here"
+
=head2 Policy Constraints
This is a multi-valued extension which consisting of the names
More information about the openssl-commits
mailing list