wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Declare a new x509v3 extension: x509ExtAdmission

Browse source 
Reviewed-by: Stephen Henson <steve@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2759)
This commit is contained in:
FdaSilvaYY 2017-06-20 09:24:53 -04:00 committed by Rich Salz
parent 8d1598b0ce
commit 0c9d6818c8
9 changed files with 287 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
crypto/objects/obj_dat.h
View file

@ -10,7 +10,7 @@
*/
/* Serialized OID's */
static const unsigned char so[6929] = {
static const unsigned char so[6934] = {
0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 0] OBJ_rsadsi */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 6] OBJ_pkcs */
0x2A,0x86,0x48,0x86,0xF7,0x0D,0x02,0x02, /* [ 13] OBJ_md2 */
@ -983,9 +983,10 @@ static const unsigned char so[6929] = {
0x55,0x04,0x62, /* [ 6919] OBJ_countryCode3c */
0x55,0x04,0x63, /* [ 6922] OBJ_countryCode3n */
0x55,0x04,0x64, /* [ 6925] OBJ_dnsName */
0x2B,0x24,0x08,0x03,0x03, /* [ 6928] OBJ_x509ExtAdmission */
};
#define NUM_NID 1093
#define NUM_NID 1094
static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"UNDEF", "undefined", NID_undef},
{"rsadsi", "RSA Data Security, Inc.", NID_rsadsi, 6, &so[0]},
@ -2080,9 +2081,10 @@ static const ASN1_OBJECT nid_objs[NUM_NID] = {
{"c3", "countryCode3c", NID_countryCode3c, 3, &so[6919]},
{"n3", "countryCode3n", NID_countryCode3n, 3, &so[6922]},
{"dnsName", "dnsName", NID_dnsName, 3, &so[6925]},
{"x509ExtAdmission", "Professional Information or basis for Admission", NID_x509ExtAdmission, 5, &so[6928]},
};
#define NUM_SN 1084
#define NUM_SN 1085
static const unsigned int sn_objs[NUM_SN] = {
364, /* "AD_DVCS" */
419, /* "AES-128-CBC" */
@ -3168,9 +3170,10 @@ static const unsigned int sn_objs[NUM_SN] = {
503, /* "x500UniqueIdentifier" */
158, /* "x509Certificate" */
160, /* "x509Crl" */
1093, /* "x509ExtAdmission" */
};
#define NUM_LN 1084
#define NUM_LN 1085
static const unsigned int ln_objs[NUM_LN] = {
363, /* "AD Time Stamping" */
405, /* "ANSI X9.62" */
@ -3288,6 +3291,7 @@ static const unsigned int ln_objs[NUM_LN] = {
164, /* "Policy Qualifier CPS" */
165, /* "Policy Qualifier User Notice" */
385, /* "Private" */
1093, /* "Professional Information or basis for Admission" */
663, /* "Proxy Certificate Information" */
1, /* "RSA Data Security, Inc." */
2, /* "RSA Data Security, Inc. PKCS" */
@ -4258,7 +4262,7 @@ static const unsigned int ln_objs[NUM_LN] = {
125, /* "zlib compression" */
};
#define NUM_OBJ 978
#define NUM_OBJ 979
static const unsigned int obj_objs[NUM_OBJ] = {
0, /* OBJ_undef 0 */
181, /* OBJ_iso 1 */
@ -4528,6 +4532,7 @@ static const unsigned int obj_objs[NUM_OBJ] = {
70, /* OBJ_dsaWithSHA1_2 1 3 14 3 2 27 */
115, /* OBJ_sha1WithRSA 1 3 14 3 2 29 */
117, /* OBJ_ripemd160 1 3 36 3 2 1 */
1093, /* OBJ_x509ExtAdmission 1 3 36 8 3 3 */
143, /* OBJ_sxnet 1 3 101 1 4 1 */
721, /* OBJ_sect163k1 1 3 132 0 1 */
722, /* OBJ_sect163r1 1 3 132 0 2 */

1
crypto/objects/obj_mac.num
View file

@ -1090,3 +1090,4 @@ organizationIdentifier 1089
countryCode3c 1090
countryCode3n 1091
dnsName 1092
x509ExtAdmission 1093

3
crypto/objects/objects.txt
View file

@ -15,6 +15,9 @@ iso 3 : identified-organization
identified-organization 6 1 5 5 8 1 1 : HMAC-MD5 : hmac-md5
identified-organization 6 1 5 5 8 1 2 : HMAC-SHA1 : hmac-sha1
# "1.3.36.8.3.3"
identified-organization 36 8 3 3 : x509ExtAdmission : Professional Information or basis for Admission
identified-organization 132 : certicom-arc
joint-iso-itu-t 23 : international-organizations : International Organizations

2
crypto/x509v3/build.info
View file

@ -5,4 +5,4 @@ SOURCE[../../libcrypto]=\
v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c \
v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c \
pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
v3_asid.c v3_addr.c v3_tlsf.c
v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c

3
crypto/x509v3/ext_dat.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -22,3 +22,4 @@ extern const X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp, v3_idp;
extern const X509V3_EXT_METHOD v3_addr, v3_asid;
extern const X509V3_EXT_METHOD v3_ct_scts[3];
extern const X509V3_EXT_METHOD v3_tls_feature;
extern const X509V3_EXT_METHOD v3_ext_admission;

3
crypto/x509v3/standard_exts.h
View file

@ -1,5 +1,5 @@
/*
* Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
* Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@ -69,6 +69,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
&v3_ct_scts[2],
#endif
&v3_tls_feature,
&v3_ext_admission
};
/* Number of standard extensions */

204
crypto/x509v3/v3_admis.c Normal file
View file

@ -0,0 +1,204 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/conf.h>
#include <openssl/ossl_typ.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/x509v3.h>
#include <openssl/safestack.h>
#include "v3_admis.h"
#include "ext_dat.h"
ASN1_SEQUENCE(NAMING_AUTHORITY) = {
ASN1_OPT(NAMING_AUTHORITY, namingAuthorityId, ASN1_OBJECT),
ASN1_OPT(NAMING_AUTHORITY, namingAuthorityUrl, ASN1_IA5STRING),
ASN1_OPT(NAMING_AUTHORITY, namingAuthorityText, DIRECTORYSTRING),
} ASN1_SEQUENCE_END(NAMING_AUTHORITY)
ASN1_SEQUENCE(PROFESSION_INFO) = {
ASN1_EXP_OPT(PROFESSION_INFO, namingAuthority, NAMING_AUTHORITY, 0),
ASN1_SEQUENCE_OF(PROFESSION_INFO, professionItems, DIRECTORYSTRING),
ASN1_SEQUENCE_OF_OPT(PROFESSION_INFO, professionOIDs, ASN1_OBJECT),
ASN1_OPT(PROFESSION_INFO, registrationNumber, ASN1_PRINTABLESTRING),
ASN1_OPT(PROFESSION_INFO, addProfessionInfo, ASN1_OCTET_STRING),
} ASN1_SEQUENCE_END(PROFESSION_INFO)
ASN1_SEQUENCE(ADMISSIONS) = {
ASN1_EXP_OPT(ADMISSIONS, admissionAuthority, GENERAL_NAME, 0),
ASN1_EXP_OPT(ADMISSIONS, namingAuthority, NAMING_AUTHORITY, 1),
ASN1_SEQUENCE_OF(ADMISSIONS, professionInfos, PROFESSION_INFO),
} ASN1_SEQUENCE_END(ADMISSIONS)
ASN1_SEQUENCE(ADMISSION_SYNTAX) = {
ASN1_OPT(ADMISSION_SYNTAX, admissionAuthority, GENERAL_NAME),
ASN1_SEQUENCE_OF(ADMISSION_SYNTAX, contentsOfAdmissions, ADMISSIONS),
} ASN1_SEQUENCE_END(ADMISSION_SYNTAX)
IMPLEMENT_ASN1_FUNCTIONS(NAMING_AUTHORITY)
IMPLEMENT_ASN1_FUNCTIONS(PROFESSION_INFO)
IMPLEMENT_ASN1_FUNCTIONS(ADMISSIONS)
IMPLEMENT_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
BIO *bp, int ind);
const X509V3_EXT_METHOD v3_ext_admission = {
NID_x509ExtAdmission, /* .ext_nid = */
0, /* .ext_flags = */
ASN1_ITEM_ref(ADMISSION_SYNTAX), /* .it = */
NULL, NULL, NULL, NULL,
NULL, /* .i2s = */
NULL, /* .s2i = */
NULL, /* .i2v = */
NULL, /* .v2i = */
&i2r_ADMISSION_SYNTAX, /* .i2r = */
NULL, /* .r2i = */
NULL /* extension-specific data */
};
static int i2r_NAMING_AUTHORITY(const struct v3_ext_method *method, void *in,
BIO *bp, int ind)
{
NAMING_AUTHORITY * namingAuthority = (NAMING_AUTHORITY*) in;
if (namingAuthority == NULL)
return 0;
if (namingAuthority->namingAuthorityId == NULL
&& namingAuthority->namingAuthorityText == NULL
&& namingAuthority->namingAuthorityUrl == NULL)
return 0;
if (BIO_printf(bp, "%*snamingAuthority: ", ind, "") <= 0)
goto err;
if (namingAuthority->namingAuthorityId != NULL) {
char objbuf[128];
const char *ln = OBJ_nid2ln(OBJ_obj2nid(namingAuthority->namingAuthorityId));
if (BIO_printf(bp, "%*s admissionAuthorityId: ", ind, "") <= 0)
goto err;
OBJ_obj2txt(objbuf, sizeof objbuf, namingAuthority->namingAuthorityId, 1);
if (BIO_printf(bp, "%s%s%s%s\n", ln ? ln : "",
ln ? " (" : "", objbuf, ln ? ")" : "") <= 0)
goto err;
}
if (namingAuthority->namingAuthorityText != NULL) {
if (BIO_printf(bp, "%*s namingAuthorityText: ", ind, "") <= 0
|| ASN1_STRING_print(bp, namingAuthority->namingAuthorityText) <= 0
|| BIO_printf(bp, "\n") <= 0)
goto err;
}
if (namingAuthority->namingAuthorityUrl != NULL ) {
if (BIO_printf(bp, "%*s namingAuthorityUrl: ", ind, "") <= 0
|| ASN1_STRING_print(bp, namingAuthority->namingAuthorityUrl) <= 0
|| BIO_printf(bp, "\n") <= 0)
goto err;
}
return 1;
err:
return 0;
}
static int i2r_ADMISSION_SYNTAX(const struct v3_ext_method *method, void *in,
BIO *bp, int ind)
{
ADMISSION_SYNTAX * admission = (ADMISSION_SYNTAX *)in;
int i, j, k;
if (admission->admissionAuthority != NULL) {
if (BIO_printf(bp, "%*sadmissionAuthority:\n", ind, "") <= 0
|| BIO_printf(bp, "%*s ", ind, "") <= 0
|| GENERAL_NAME_print(bp, admission->admissionAuthority) <= 0
|| BIO_printf(bp, "\n") <= 0)
goto err;
}
for (i = 0; i < sk_ADMISSIONS_num(admission->contentsOfAdmissions); i++) {
ADMISSIONS* entry = sk_ADMISSIONS_value(admission->contentsOfAdmissions, i);
if (BIO_printf(bp, "%*sEntry %0d:\n", ind, "", 1 + i) <= 0) goto err;
if (entry->admissionAuthority != NULL) {
if (BIO_printf(bp, "%*s admissionAuthority:\n", ind, "") <= 0
|| BIO_printf(bp, "%*s ", ind, "") <= 0
|| GENERAL_NAME_print(bp, entry->admissionAuthority) <= 0
|| BIO_printf(bp, "\n") <= 0)
goto err;
}
if (entry->namingAuthority != NULL) {
if (i2r_NAMING_AUTHORITY(method, entry->namingAuthority, bp, ind) <= 0)
goto err;
}
for (j = 0; j < sk_PROFESSION_INFO_num(entry->professionInfos); j++) {
PROFESSION_INFO* pinfo = sk_PROFESSION_INFO_value(entry->professionInfos, j);
if (BIO_printf(bp, "%*s Profession Info Entry %0d:\n", ind, "", 1 + j) <= 0)
goto err;
if (pinfo->registrationNumber != NULL) {
if (BIO_printf(bp, "%*s registrationNumber: ", ind, "") <= 0
|| ASN1_STRING_print(bp, pinfo->registrationNumber) <= 0
|| BIO_printf(bp, "\n") <= 0)
goto err;
}
if (pinfo->namingAuthority != NULL) {
if (i2r_NAMING_AUTHORITY(method, pinfo->namingAuthority, bp, ind + 2) <= 0)
goto err;
}
if (pinfo->professionItems != NULL) {
if (BIO_printf(bp, "%*s Info Entries:\n", ind, "") <= 0)
goto err;
for (k = 0; k < sk_ASN1_STRING_num(pinfo->professionItems); k++) {
ASN1_STRING* val = sk_ASN1_STRING_value(pinfo->professionItems, k);
if (BIO_printf(bp, "%*s ", ind, "") <= 0
|| ASN1_STRING_print(bp, val) <= 0
|| BIO_printf(bp, "\n") <= 0)
goto err;
}
}
if (pinfo->professionOIDs != NULL) {
if (BIO_printf(bp, "%*s Profession OIDs:\n", ind, "") <= 0)
goto err;
for (k = 0; k < sk_ASN1_OBJECT_num(pinfo->professionOIDs); k++) {
ASN1_OBJECT* obj = sk_ASN1_OBJECT_value(pinfo->professionOIDs, k);
const char *ln = OBJ_nid2ln(OBJ_obj2nid(obj));
char objbuf[128];
OBJ_obj2txt(objbuf, sizeof(objbuf), obj, 1);
if (BIO_printf(bp, "%*s %s%s%s%s\n", ind, "",
ln ? ln : "", ln ? " (" : "",
objbuf, ln ? ")" : "") <= 0)
goto err;
}
}
}
}
return 1;
err:
return -1;
}

59
crypto/x509v3/v3_admis.h Normal file
View file

@ -0,0 +1,59 @@
/*
* Copyright 2017 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
* in the file LICENSE in the source distribution or at
* https://www.openssl.org/source/license.html
*/
#ifndef HEADER_V3_ADMISSION_H
# define HEADER_V3_ADMISSION_H
#ifdef __cplusplus
extern "C" {
#endif
typedef struct NamingAuthority_st {
ASN1_OBJECT* namingAuthorityId;
ASN1_IA5STRING* namingAuthorityUrl;
ASN1_STRING* namingAuthorityText; /* i.e. DIRECTORYSTRING */
} NAMING_AUTHORITY;
typedef struct ProfessionInfo_st {
NAMING_AUTHORITY* namingAuthority;
STACK_OF(ASN1_STRING)* professionItems; /* i.e. DIRECTORYSTRING */
STACK_OF(ASN1_OBJECT)* professionOIDs;
ASN1_PRINTABLESTRING* registrationNumber;
ASN1_OCTET_STRING* addProfessionInfo;
} PROFESSION_INFO;
typedef struct Admissions_st {
GENERAL_NAME* admissionAuthority;
NAMING_AUTHORITY* namingAuthority;
STACK_OF(PROFESSION_INFO)* professionInfos;
} ADMISSIONS;
typedef struct AdmissionSyntax_st {
GENERAL_NAME* admissionAuthority;
STACK_OF(ADMISSIONS)* contentsOfAdmissions;
} ADMISSION_SYNTAX;
DECLARE_ASN1_ITEM(ADMISSIONS)
DECLARE_ASN1_ITEM(NAMING_AUTHORITY)
DECLARE_ASN1_ITEM(PROFESSION_INFO)
DECLARE_ASN1_ITEM(ADMISSION_SYNTAX)
DECLARE_ASN1_FUNCTIONS(NAMING_AUTHORITY)
DECLARE_ASN1_FUNCTIONS(PROFESSION_INFO)
DECLARE_ASN1_FUNCTIONS(ADMISSIONS)
DECLARE_ASN1_FUNCTIONS(ADMISSION_SYNTAX)
DEFINE_STACK_OF(ADMISSIONS)
DEFINE_STACK_OF(PROFESSION_INFO)
DEFINE_STACK_OF(ASN1_STRING)
#ifdef __cplusplus
}
#endif
#endif

5
include/openssl/obj_mac.h
View file

@ -54,6 +54,11 @@
#define NID_hmac_sha1 781
#define OBJ_hmac_sha1 OBJ_identified_organization,6L,1L,5L,5L,8L,1L,2L
#define SN_x509ExtAdmission "x509ExtAdmission"
#define LN_x509ExtAdmission "Professional Information or basis for Admission"
#define NID_x509ExtAdmission 1093
#define OBJ_x509ExtAdmission OBJ_identified_organization,36L,8L,3L,3L
#define SN_certicom_arc "certicom-arc"
#define NID_certicom_arc 677
#define OBJ_certicom_arc OBJ_identified_organization,132L