[openssl-commits] [openssl] master update
Rich Salz
rsalz at openssl.org
Tue Jun 20 13:34:07 UTC 2017
The branch master has been updated
via 0c9d6818c85ad185ac7a8904c70486724473420b (commit)
from 8d1598b0ce994c35f16701c0630ba9ed3c8c02e0 (commit)
- Log -----------------------------------------------------------------
commit 0c9d6818c85ad185ac7a8904c70486724473420b
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Tue Jun 20 09:24:53 2017 -0400
Declare a new x509v3 extension: x509ExtAdmission
Reviewed-by: Stephen Henson <steve at openssl.org>
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2759)
-----------------------------------------------------------------------
Summary of changes:
crypto/objects/obj_dat.h | 15 ++--
crypto/objects/obj_mac.num | 1 +
crypto/objects/objects.txt | 3 +
crypto/x509v3/build.info | 2 +-
crypto/x509v3/ext_dat.h | 3 +-
crypto/x509v3/standard_exts.h | 3 +-
crypto/x509v3/v3_admis.c | 204 ++++++++++++++++++++++++++++++++++++++++++
crypto/x509v3/v3_admis.h | 59 ++++++++++++
include/openssl/obj_mac.h | 5 ++
9 files changed, 287 insertions(+), 8 deletions(-)
create mode 100644 crypto/x509v3/v3_admis.c
create mode 100644 crypto/x509v3/v3_admis.h
diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h
index 63422c7..eadc07b 100644
--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -10,7 +10,7 @@
*/
/* Serialized OID's */
-static const unsigned char so[6929] = {
+static const unsigned char so[6934] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@@ -983,9 +983,10 @@ static const unsigned char so[6929] = {
0x55,0x04,0x62, /* [ 6919] OBJ_countryCode3c */
0x55,0x04,0x63, /* [ 6922] OBJ_countryCode3n */
0x55,0x04,0x64, /* [ 6925] OBJ_dnsName */
+ 0x2B,0x24,0x08,0x03,0x03, /* [ 6928] OBJ_x509ExtAdmission */
};
-#define NUM_NID 1093
+#define NUM_NID 1094
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@@ -2080,9 +2081,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"c3", "countryCode3c", NID_countryCode3c, 3, &so[6919]},
{"n3", "countryCode3n", NID_countryCode3n, 3, &so[6922]},
{"dnsName", "dnsName", NID_dnsName, 3, &so[6925]},
+ {"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6928]},
};
-#define NUM_SN 1084
+#define NUM_SN 1085
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@@ -3168,9 +3170,10 @@ static const unsigned int sn_objs[NUM_SN] = {
503, /* "x500UniqueIdentifier" */
158, /* "x509Certificate" */
160, /* "x509Crl" */
+ 1093, /* "x509ExtAdmission" */
};
-#define NUM_LN 1084
+#define NUM_LN 1085
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@@ -3288,6 +3291,7 @@ static const unsigned int ln_objs[NUM_LN] = {
164, /* "Policy Qualifier CPS" */
165, /* "Policy Qualifier User Notice" */
385, /* "Private" */
+ 1093, /* "Professional Information or basis for Admission" */
663, /* "Proxy Certificate Information" */
1, /* "RSA Data Security, Inc." */
2, /* "RSA Data Security, Inc. PKCS" */
@@ -4258,7 +4262,7 @@ static const unsigned int ln_objs[NUM_LN] = {
125, /* "zlib compression" */
};
-#define NUM_OBJ 978
+#define NUM_OBJ 979
static const unsigned int obj_objs[NUM_OBJ] = {
0, /* OBJ_undef 0 */
181, /* OBJ_iso 1 */
@@ -4528,6 +4532,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */
115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */
117, /* OBJ_ripemd160 1 3 36 3 2 1 */
+ 1093, /* OBJ_x509ExtAdmission 1 3 36 8 3 3 */
143, /* OBJ_sxnet 1 3 101 1 4 1 */
721, /* OBJ_sect163k1 1 3 132 0 1 */
722, /* OBJ_sect163r1 1 3 132 0 2 */
diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num
index b8e6a39..ab587a4 100644
--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -1090,3 +1090,4 @@ organizationIdentifier 1089
countryCode3c 1090
countryCode3n 1091
dnsName 1092
+x509ExtAdmission 1093
diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt
index 1917066..073b342 100644
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -15,6 +15,9 @@ iso 3 : identified-organization
identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
+# "1.3.36.8.3.3"
+identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission
+
identified-organization 132 : certicom-arc
joint-iso-itu-t 23 : international-organizations : International Organizations
diff --git a/crypto/x509v3/build.info b/crypto/x509v3/build.info
index 452a8b0..4ab6488 100644
--- a/crypto/x509v3/build.info
+++ b/crypto/x509v3/build.info
@@ -5,4 +5,4 @@ SOURCE[../../libcrypto]=\
v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
- v3_asid.c v3_addr.c v3_tlsf.c
+ v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h
index c9ede96..762e264 100644
--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -22,3 +22,4 @@ extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
extern const X509V3_EXT_METHOD v3_addr, v3_asid;
extern const X509V3_EXT_METHOD v3_ct_scts[3];
extern const X509V3_EXT_METHOD v3_tls_feature;
+extern const X509V3_EXT_METHOD v3_ext_admission;
diff --git a/crypto/x509v3/standard_exts.h b/crypto/x509v3/standard_exts.h
index 05e0869..944f4de 100644
--- a/crypto/x509v3/standard_exts.h
+++ b/crypto/x509v3/standard_exts.h
@@ -1,5 +1,5 @@
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -69,6 +69,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
&v3_ct_scts[2],
#endif
&v3_tls_feature,
+ &v3_ext_admission
};
/* Number of standard extensions */
diff --git a/crypto/x509v3/v3_admis.c b/crypto/x509v3/v3_admis.c
new file mode 100644
index 0000000..86978e6
--- /dev/null
+++ b/crypto/x509v3/v3_admis.c
@@ -0,0 +1,204 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/ossl_typ.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+
+#include <openssl/x509v3.h>
+
+#include <openssl/safestack.h>
+
+#include "v3_admis.h"
+#include "ext_dat.h"
+
+
+ASN1_SEQUENCE(NAMING_AUTHORITY) = {
+ ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
+ ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
+ ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING),
+} ASN1_SEQUENCE_END(NAMING_AUTHORITY)
+
+ASN1_SEQUENCE(PROFESSION_INFO) = {
+ ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0),
+ ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING),
+ ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT),
+ ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING),
+ ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING),
+} ASN1_SEQUENCE_END(PROFESSION_INFO)
+
+ASN1_SEQUENCE(ADMISSIONS) = {
+ ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0),
+ ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1),
+ ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO),
+} ASN1_SEQUENCE_END(ADMISSIONS)
+
+ASN1_SEQUENCE(ADMISSION_SYNTAX) = {
+ ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
+ ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
+} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)
+
+IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
+IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+ BIO *bp, int ind);
+
+const X509V3_EXT_METHOD v3_ext_admission = {
+ NID_x509ExtAdmission, /* .ext_nid = */
+ 0, /* .ext_flags = */
+ ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
+ NULL, NULL, NULL, NULL,
+ NULL, /* .i2s = */
+ NULL, /* .s2i = */
+ NULL, /* .i2v = */
+ NULL, /* .v2i = */
+ &i2r_ADMISSION_SYNTAX, /* .i2r = */
+ NULL, /* .r2i = */
+ NULL /* extension-specific data */
+};
+
+
+static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
+ BIO *bp, int ind)
+{
+ NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
+
+ if (namingAuthority == NULL)
+ return 0;
+
+ if (namingAuthority->namingAuthorityId == NULL
+ && namingAuthority->namingAuthorityText == NULL
+ && namingAuthority->namingAuthorityUrl == NULL)
+ return 0;
+
+ if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
+ goto err;
+
+ if (namingAuthority->namingAuthorityId != NULL) {
+ char objbuf[128];
+ const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
+
+ if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0)
+ goto err;
+
+ OBJ_obj2txt(objbuf, sizeof objbuf, namingAuthority->namingAuthorityId, 1);
+
+ if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "",
+ ln ? " (" : "", objbuf, ln ? ")" : "") <= 0)
+ goto err;
+ }
+ if (namingAuthority->namingAuthorityText != NULL) {
+ if (BIO_printf(bp, "%*s namingAuthorityText: ", ind, "") <= 0
+ || ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0
+ || BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+ if (namingAuthority->namingAuthorityUrl != NULL ) {
+ if (BIO_printf(bp, "%*s namingAuthorityUrl: ", ind, "") <= 0
+ || ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0
+ || BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+ return 1;
+
+err:
+ return 0;
+}
+
+static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
+ BIO *bp, int ind)
+{
+ ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in;
+ int i, j, k;
+
+ if (admission->admissionAuthority != NULL) {
+ if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0
+ || BIO_printf(bp, "%*s ", ind, "") <= 0
+ || GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0
+ || BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+
+ for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
+ ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
+
+ if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
+
+ if (entry->admissionAuthority != NULL) {
+ if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0
+ || BIO_printf(bp, "%*s ", ind, "") <= 0
+ || GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0
+ || BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+
+ if (entry->namingAuthority != NULL) {
+ if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
+ goto err;
+ }
+
+ for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
+ PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
+
+ if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
+ goto err;
+
+ if (pinfo->registrationNumber != NULL) {
+ if (BIO_printf(bp, "%*s registrationNumber: ", ind, "") <= 0
+ || ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0
+ || BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+
+ if (pinfo->namingAuthority != NULL) {
+ if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
+ goto err;
+ }
+
+ if (pinfo->professionItems != NULL) {
+
+ if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0)
+ goto err;
+ for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
+ ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
+
+ if (BIO_printf(bp, "%*s ", ind, "") <= 0
+ || ASN1_STRING_print(bp, val) <= 0
+ || BIO_printf(bp, "\n") <= 0)
+ goto err;
+ }
+ }
+
+ if (pinfo->professionOIDs != NULL) {
+ if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0)
+ goto err;
+ for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
+ ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
+ const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
+ char objbuf[128];
+
+ OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1);
+ if (BIO_printf(bp, "%*s %s%s%s%s\n", ind, "",
+ ln ? ln : "", ln ? " (" : "",
+ objbuf, ln ? ")" : "") <= 0)
+ goto err;
+ }
+ }
+ }
+ }
+ return 1;
+
+err:
+ return -1;
+}
diff --git a/crypto/x509v3/v3_admis.h b/crypto/x509v3/v3_admis.h
new file mode 100644
index 0000000..4f65b6d
--- /dev/null
+++ b/crypto/x509v3/v3_admis.h
@@ -0,0 +1,59 @@
+/*
+ * Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_V3_ADMISSION_H
+# define HEADER_V3_ADMISSION_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+typedef struct NamingAuthority_st {
+ ASN1_OBJECT* namingAuthorityId;
+ ASN1_IA5STRING* namingAuthorityUrl;
+ ASN1_STRING* namingAuthorityText; /* i.e. DIRECTORYSTRING */
+} NAMING_AUTHORITY;
+
+typedef struct ProfessionInfo_st {
+ NAMING_AUTHORITY* namingAuthority;
+ STACK_OF(ASN1_STRING)* professionItems; /* i.e. DIRECTORYSTRING */
+ STACK_OF(ASN1_OBJECT)* professionOIDs;
+ ASN1_PRINTABLESTRING* registrationNumber;
+ ASN1_OCTET_STRING* addProfessionInfo;
+} PROFESSION_INFO;
+
+typedef struct Admissions_st {
+ GENERAL_NAME* admissionAuthority;
+ NAMING_AUTHORITY* namingAuthority;
+ STACK_OF(PROFESSION_INFO)* professionInfos;
+} ADMISSIONS;
+
+typedef struct AdmissionSyntax_st {
+ GENERAL_NAME* admissionAuthority;
+ STACK_OF(ADMISSIONS)* contentsOfAdmissions;
+} ADMISSION_SYNTAX;
+
+DECLARE_ASN1_ITEM(ADMISSIONS)
+DECLARE_ASN1_ITEM(NAMING_AUTHORITY)
+DECLARE_ASN1_ITEM(PROFESSION_INFO)
+DECLARE_ASN1_ITEM(ADMISSION_SYNTAX)
+
+DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
+DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
+DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
+DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
+
+DEFINE_STACK_OF(ADMISSIONS)
+DEFINE_STACK_OF(PROFESSION_INFO)
+DEFINE_STACK_OF(ASN1_STRING)
+
+#ifdef __cplusplus
+}
+#endif
+#endif
diff --git a/include/openssl/obj_mac.h b/include/openssl/obj_mac.h
index 2cac971..82836d2 100644
--- a/include/openssl/obj_mac.h
+++ b/include/openssl/obj_mac.h
@@ -54,6 +54,11 @@
#define NID_hmac_sha1 781
#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
+#define SN_x509ExtAdmission "x509ExtAdmission"
+#define LN_x509ExtAdmission "Professional Information or basis for Admission"
+#define NID_x509ExtAdmission 1093
+#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L
+
#define SN_certicom_arc "certicom-arc"
#define NID_certicom_arc 677
#define OBJ_certicom_arc OBJ_identified_organization,132L
More information about the openssl-commits
mailing list