Support for authority information access extension.

Fix so EVP_PKEY_rset_*() check return codes.

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.4 and 0.9.5  [xx XXX 1999]
 
+  *) Support for the authority information access extension. Not
+     very well tested yet.
+     [Steve Henson]
+
   *) Modify RSA and DSA PEM read routines to transparently handle
      PKCS#8 format private keys. New *_PUBKEY_* functions that handle
      public keys in a format compatible with certificate

crypto/asn1/asn1.h

@@ -789,6 +789,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_A2I_ASN1_ENUMERATED			 236
 #define ASN1_F_A2I_ASN1_INTEGER				 101
 #define ASN1_F_A2I_ASN1_STRING				 102
+#define ASN1_F_ACCESS_DESCRIPTION_NEW			 291
 #define ASN1_F_ASN1_COLLATE_PRIMITIVE			 103
 #define ASN1_F_ASN1_D2I_BIO				 104
 #define ASN1_F_ASN1_D2I_FP				 105
@@ -823,6 +824,7 @@ void ASN1_STRING_TABLE_cleanup(void);
 #define ASN1_F_BASIC_CONSTRAINTS_NEW			 226
 #define ASN1_F_BN_TO_ASN1_ENUMERATED			 234
 #define ASN1_F_BN_TO_ASN1_INTEGER			 122
+#define ASN1_F_D2I_ACCESS_DESCRIPTION			 292
 #define ASN1_F_D2I_ASN1_BIT_STRING			 123
 #define ASN1_F_D2I_ASN1_BMPSTRING			 124
 #define ASN1_F_D2I_ASN1_BOOLEAN				 125

crypto/asn1/asn1_err.c

@@ -69,6 +69,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0),	"a2i_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0),	"a2i_ASN1_INTEGER"},
 {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0),	"a2i_ASN1_STRING"},
+{ERR_PACK(0,ASN1_F_ACCESS_DESCRIPTION_NEW,0),	"ACCESS_DESCRIPTION_new"},
 {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0),	"ASN1_COLLATE_PRIMITIVE"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0),	"ASN1_d2i_bio"},
 {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0),	"ASN1_d2i_fp"},
@@ -103,6 +104,7 @@ static ERR_STRING_DATA ASN1_str_functs[]=
 {ERR_PACK(0,ASN1_F_BASIC_CONSTRAINTS_NEW,0),	"BASIC_CONSTRAINTS_new"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0),	"BN_to_ASN1_ENUMERATED"},
 {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0),	"BN_to_ASN1_INTEGER"},
+{ERR_PACK(0,ASN1_F_D2I_ACCESS_DESCRIPTION,0),	"d2i_ACCESS_DESCRIPTION"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0),	"d2i_ASN1_BIT_STRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0),	"d2i_ASN1_BMPSTRING"},
 {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0),	"d2i_ASN1_BOOLEAN"},

crypto/evp/evp.h

@@ -682,10 +682,10 @@ void EVP_PBE_cleanup(void);
 #define EVP_F_EVP_PKEY_COPY_PARAMETERS			 103
 #define EVP_F_EVP_PKEY_DECRYPT				 104
 #define EVP_F_EVP_PKEY_ENCRYPT				 105
-#define EVP_F_EVP_PKEY_GET_DH				 119
-#define EVP_F_EVP_PKEY_GET_DSA				 120
-#define EVP_F_EVP_PKEY_GET_RSA				 121
 #define EVP_F_EVP_PKEY_NEW				 106
+#define EVP_F_EVP_PKEY_RGET_DH				 119
+#define EVP_F_EVP_PKEY_RGET_DSA				 120
+#define EVP_F_EVP_PKEY_RGET_RSA				 121
 #define EVP_F_EVP_SIGNFINAL				 107
 #define EVP_F_EVP_VERIFYFINAL				 108
 #define EVP_F_PKCS5_PBE_KEYIVGEN			 117

crypto/evp/evp_err.c

@@ -77,10 +77,10 @@ static ERR_STRING_DATA EVP_str_functs[]=
 {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0),	"EVP_PKEY_copy_parameters"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0),	"EVP_PKEY_decrypt"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0),	"EVP_PKEY_encrypt"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET_DH,0),	"EVP_PKEY_get_DH"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET_DSA,0),	"EVP_PKEY_get_DSA"},
-{ERR_PACK(0,EVP_F_EVP_PKEY_GET_RSA,0),	"EVP_PKEY_get_RSA"},
 {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0),	"EVP_PKEY_new"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_DH,0),	"EVP_PKEY_rget_DH"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_DSA,0),	"EVP_PKEY_rget_DSA"},
+{ERR_PACK(0,EVP_F_EVP_PKEY_RGET_RSA,0),	"EVP_PKEY_rget_RSA"},
 {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0),	"EVP_SignFinal"},
 {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0),	"EVP_VerifyFinal"},
 {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0),	"PKCS5_PBE_keyivgen"},

crypto/evp/p_lib.c

@@ -208,14 +208,15 @@ int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key)
 #ifndef NO_RSA
 int EVP_PKEY_rset_RSA(EVP_PKEY *pkey, RSA *key)
 {
-	CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA);
-	return EVP_PKEY_assign_RSA(pkey, key);
+	int ret = EVP_PKEY_assign_RSA(pkey, key);
+	if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_RSA);
+	return ret;
 }
 
 RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey)
 	{
 	if(pkey->type != EVP_PKEY_RSA) {
-		EVPerr(EVP_F_EVP_PKEY_GET_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
+		EVPerr(EVP_F_EVP_PKEY_RGET_RSA, EVP_R_EXPECTING_AN_RSA_KEY);
 		return NULL;
 	}
 	CRYPTO_add(&pkey->pkey.rsa->references, 1, CRYPTO_LOCK_RSA);
@@ -226,14 +227,15 @@ RSA *EVP_PKEY_rget_RSA(EVP_PKEY *pkey)
 #ifndef NO_DSA
 int EVP_PKEY_rset_DSA(EVP_PKEY *pkey, DSA *key)
 {
-	CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA);
-	return EVP_PKEY_assign_DSA(pkey, key);
+	int ret = EVP_PKEY_assign_DSA(pkey, key);
+	if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DSA);
+	return ret;
 }
 
 DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey)
 	{
 	if(pkey->type != EVP_PKEY_DSA) {
-		EVPerr(EVP_F_EVP_PKEY_GET_DSA, EVP_R_EXPECTING_A_DSA_KEY);
+		EVPerr(EVP_F_EVP_PKEY_RGET_DSA, EVP_R_EXPECTING_A_DSA_KEY);
 		return NULL;
 	}
 	CRYPTO_add(&pkey->pkey.dsa->references, 1, CRYPTO_LOCK_DSA);
@@ -245,14 +247,15 @@ DSA *EVP_PKEY_rget_DSA(EVP_PKEY *pkey)
 
 int EVP_PKEY_rset_DH(EVP_PKEY *pkey, DH *key)
 {
-	CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH);
-	return EVP_PKEY_assign_DH(pkey, key);
+	int ret = EVP_PKEY_assign_DH(pkey, key);
+	if(ret) CRYPTO_add(&key->references, 1, CRYPTO_LOCK_DH);
+	return ret;
 }
 
 DH *EVP_PKEY_rget_DH(EVP_PKEY *pkey)
 	{
 	if(pkey->type != EVP_PKEY_DH) {
-		EVPerr(EVP_F_EVP_PKEY_GET_DH, EVP_R_EXPECTING_A_DH_KEY);
+		EVPerr(EVP_F_EVP_PKEY_RGET_DH, EVP_R_EXPECTING_A_DH_KEY);
 		return NULL;
 	}
 	CRYPTO_add(&pkey->pkey.dh->references, 1, CRYPTO_LOCK_DH);

crypto/objects/obj_dat.h

@@ -61,12 +61,12 @@
  * perl obj_dat.pl objects.h obj_dat.h
  */
 
-#define NUM_NID 175
-#define NUM_SN 123
-#define NUM_LN 171
-#define NUM_OBJ 146
+#define NUM_NID 180
+#define NUM_SN 128
+#define NUM_LN 174
+#define NUM_OBJ 151
 
-static unsigned char lvalues[1011]={
+static unsigned char lvalues[1049]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -213,6 +213,11 @@ static unsigned char lvalues[1011]={
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,0x09,0x0E,/* [995] OBJ_ext_req */
 0x55,0x04,0x29,                              /* [1004] OBJ_name */
 0x55,0x04,0x2E,                              /* [1007] OBJ_dnQualifier */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,          /* [1010] OBJ_id_pe */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,          /* [1017] OBJ_id_ad */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x01,0x01,     /* [1024] OBJ_info_access */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x01,     /* [1032] OBJ_ad_OCSP */
+0x2B,0x06,0x01,0x05,0x05,0x07,0x30,0x02,     /* [1040] OBJ_ad_ca_issuers */
 };
 
 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -460,6 +465,12 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"extReq","Extension Request",NID_ext_req,9,&(lvalues[995]),0},
 {"name","name",NID_name,3,&(lvalues[1004]),0},
 {"dnQualifier","dnQualifier",NID_dnQualifier,3,&(lvalues[1007]),0},
+{"id-pe","id-pe",NID_id_pe,7,&(lvalues[1010]),0},
+{"id-ad","id-ad",NID_id_ad,7,&(lvalues[1017]),0},
+{"authorityInfoAccess","Authority Information Access",NID_info_access,
+	8,&(lvalues[1024]),0},
+{"OCSP","OCSP",NID_ad_OCSP,8,&(lvalues[1032]),0},
+{"caIssuers","CA Issuers",NID_ad_ca_issuers,8,&(lvalues[1040]),0},
 };
 
 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -507,6 +518,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[95]),/* "MDC2" */
 &(nid_objs[57]),/* "Netscape" */
 &(nid_objs[17]),/* "O" */
+&(nid_objs[178]),/* "OCSP" */
 &(nid_objs[18]),/* "OU" */
 &(nid_objs[127]),/* "PKIX" */
 &(nid_objs[98]),/* "RC2-40-CBC" */
@@ -543,8 +555,10 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[102]),/* "UID" */
 &(nid_objs[ 0]),/* "UNDEF" */
 &(nid_objs[125]),/* "ZLIB" */
+&(nid_objs[177]),/* "authorityInfoAccess" */
 &(nid_objs[90]),/* "authorityKeyIdentifier" */
 &(nid_objs[87]),/* "basicConstraints" */
+&(nid_objs[179]),/* "caIssuers" */
 &(nid_objs[89]),/* "certificatePolicies" */
 &(nid_objs[130]),/* "clientAuth" */
 &(nid_objs[131]),/* "codeSigning" */
@@ -555,7 +569,9 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[132]),/* "emailProtection" */
 &(nid_objs[172]),/* "extReq" */
 &(nid_objs[126]),/* "extendedKeyUsage" */
+&(nid_objs[176]),/* "id-ad" */
 &(nid_objs[128]),/* "id-kp" */
+&(nid_objs[175]),/* "id-pe" */
 &(nid_objs[164]),/* "id-qt-cps" */
 &(nid_objs[165]),/* "id-qt-unotice" */
 &(nid_objs[142]),/* "invalidityDate" */
@@ -589,6 +605,8 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 };
 
 static ASN1_OBJECT *ln_objs[NUM_LN]={
+&(nid_objs[177]),/* "Authority Information Access" */
+&(nid_objs[179]),/* "CA Issuers" */
 &(nid_objs[141]),/* "CRL Reason Code" */
 &(nid_objs[131]),/* "Code Signing" */
 &(nid_objs[132]),/* "E-mail Protection" */
@@ -613,6 +631,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[73]),/* "Netscape Revocation Url" */
 &(nid_objs[77]),/* "Netscape SSL Server Name" */
 &(nid_objs[139]),/* "Netscape Server Gated Crypto" */
+&(nid_objs[178]),/* "OCSP" */
 &(nid_objs[161]),/* "PBES2" */
 &(nid_objs[69]),/* "PBKDF2" */
 &(nid_objs[162]),/* "PBMAC1" */
@@ -823,7 +842,9 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 2]),/* OBJ_pkcs                         1 2 840 113549 1 */
 &(nid_objs[116]),/* OBJ_dsa                          1 2 840 10040 4 1 */
 &(nid_objs[113]),/* OBJ_dsaWithSHA1                  1 2 840 10040 4 3 */
+&(nid_objs[175]),/* OBJ_id_pe                        1 3 6 1 5 5 7 1 */
 &(nid_objs[128]),/* OBJ_id_kp                        1 3 6 1 5 5 7 3 */
+&(nid_objs[176]),/* OBJ_id_ad                        1 3 6 1 5 5 7 48 */
 &(nid_objs[57]),/* OBJ_netscape                     2 16 840 1 113730 */
 &(nid_objs[27]),/* OBJ_pkcs3                        1 2 840 113549 1 3 */
 &(nid_objs[20]),/* OBJ_pkcs7                        1 2 840 113549 1 7 */
@@ -835,6 +856,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[ 5]),/* OBJ_rc4                          1 2 840 113549 3 4 */
 &(nid_objs[44]),/* OBJ_des_ede3_cbc                 1 2 840 113549 3 7 */
 &(nid_objs[120]),/* OBJ_rc5_cbc                      1 2 840 113549 3 8 */
+&(nid_objs[177]),/* OBJ_info_access                  1 3 6 1 5 5 7 1 1 */
 &(nid_objs[164]),/* OBJ_id_qt_cps                    1 3 6 1 5 5 7 2 1 */
 &(nid_objs[165]),/* OBJ_id_qt_unotice                1 3 6 1 5 5 7 2 2 */
 &(nid_objs[129]),/* OBJ_server_auth                  1 3 6 1 5 5 7 3 1 */
@@ -842,6 +864,8 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[131]),/* OBJ_code_sign                    1 3 6 1 5 5 7 3 3 */
 &(nid_objs[132]),/* OBJ_email_protect                1 3 6 1 5 5 7 3 4 */
 &(nid_objs[133]),/* OBJ_time_stamp                   1 3 6 1 5 5 7 3 8 */
+&(nid_objs[178]),/* OBJ_ad_OCSP                      1 3 6 1 5 5 7 48 1 */
+&(nid_objs[179]),/* OBJ_ad_ca_issuers                1 3 6 1 5 5 7 48 2 */
 &(nid_objs[58]),/* OBJ_netscape_cert_extension      2 16 840 1 113730 1 */
 &(nid_objs[59]),/* OBJ_netscape_data_type           2 16 840 1 113730 2 */
 &(nid_objs[108]),/* OBJ_cast5_cbc                    1 2 840 113533 7 66 10 */

crypto/objects/objects.h

@@ -912,6 +912,29 @@ extern "C" {
 #define NID_dnQualifier			174
 #define OBJ_dnQualifier			OBJ_X509,46L
 
+#define SN_id_pe			"id-pe"
+#define NID_id_pe			175
+#define OBJ_id_pe			OBJ_id_pkix,1L
+
+#define SN_id_ad			"id-ad"
+#define NID_id_ad			176
+#define OBJ_id_ad			OBJ_id_pkix,48L
+
+#define SN_info_access			"authorityInfoAccess"
+#define LN_info_access			"Authority Information Access"
+#define NID_info_access			177
+#define OBJ_info_access			OBJ_id_pe,1L
+
+#define SN_ad_OCSP			"OCSP"
+#define LN_ad_OCSP			"OCSP"
+#define NID_ad_OCSP			178
+#define OBJ_ad_OCSP			OBJ_id_ad,1L
+
+#define SN_ad_ca_issuers		"caIssuers"
+#define LN_ad_ca_issuers		"CA Issuers"
+#define NID_ad_ca_issuers		179
+#define OBJ_ad_ca_issuers		OBJ_id_ad,2L
+
 #include <openssl/bio.h>
 #include <openssl/asn1.h>
 

crypto/x509v3/Makefile.ssl

@@ -24,10 +24,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC=	v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c \
 v3_lib.c v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
-v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c
+v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
 LIBOBJ= v3_bcons.o v3_bitst.o v3_conf.o v3_extku.o v3_ia5.o v3_lib.o \
 v3_prn.o v3_utl.o v3err.o v3_genn.o v3_alt.o v3_skey.o v3_akey.o v3_pku.o \
-v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o
+v3_int.o v3_enum.o v3_sxnet.o v3_cpols.o v3_crld.o v3_purp.o v3_info.o
 
 SRC= $(LIBSRC)
 
@@ -285,6 +285,25 @@ v3_ia5.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
 v3_ia5.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
 v3_ia5.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
 v3_ia5.o: ../../include/openssl/x509v3.h ../cryptlib.h
+v3_info.o: ../../include/openssl/asn1.h ../../include/openssl/asn1_mac.h
+v3_info.o: ../../include/openssl/bio.h ../../include/openssl/blowfish.h
+v3_info.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+v3_info.o: ../../include/openssl/cast.h ../../include/openssl/conf.h
+v3_info.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
+v3_info.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
+v3_info.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
+v3_info.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+v3_info.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
+v3_info.o: ../../include/openssl/md2.h ../../include/openssl/md5.h
+v3_info.o: ../../include/openssl/mdc2.h ../../include/openssl/objects.h
+v3_info.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+v3_info.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
+v3_info.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
+v3_info.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
+v3_info.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+v3_info.o: ../../include/openssl/stack.h ../../include/openssl/x509.h
+v3_info.o: ../../include/openssl/x509_vfy.h ../../include/openssl/x509v3.h
+v3_info.o: ../cryptlib.h
 v3_int.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
 v3_int.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
 v3_int.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

crypto/x509v3/v3_info.c

@@ -0,0 +1,236 @@
+/* v3_info.c */
+/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+ * project 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/conf.h>
+#include <openssl/asn1.h>
+#include <openssl/asn1_mac.h>
+#include <openssl/x509v3.h>
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+						STACK_OF(CONF_VALUE) *ret);
+static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
+
+X509V3_EXT_METHOD v3_info =
+{ NID_info_access, X509V3_EXT_MULTILINE,
+(X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new,
+(X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free,
+(X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS,
+NULL, NULL,
+(X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS,
+(X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS,
+NULL, NULL, NULL};
+
+static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				STACK_OF(ACCESS_DESCRIPTION) *ainfo,
+						STACK_OF(CONF_VALUE) *ret)
+{
+	ACCESS_DESCRIPTION *desc;
+	int i;
+	char objtmp[80], *ntmp;
+	CONF_VALUE *vtmp;
+	for(i = 0; i < sk_ACCESS_DESCRIPTION_num(ainfo); i++) {
+		desc = sk_ACCESS_DESCRIPTION_value(ainfo, i);
+		ret = i2v_GENERAL_NAME(method, desc->location, ret);
+		if(!ret) break;
+		vtmp = sk_CONF_VALUE_value(ret, i);
+		i2t_ASN1_OBJECT(objtmp, 80, desc->method);
+		ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5);
+		if(!ntmp) {
+			X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS,
+					ERR_R_MALLOC_FAILURE);
+			return NULL;
+		}
+		strcpy(ntmp, objtmp);
+		strcat(ntmp, " - ");
+		strcat(ntmp, vtmp->name);
+		Free(vtmp->name);
+		vtmp->name = ntmp;
+		
+	}
+	if(!ret) return sk_CONF_VALUE_new_null();
+	return ret;
+}
+
+static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method,
+				 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+{
+	STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL;
+	CONF_VALUE *cnf, ctmp;
+	ACCESS_DESCRIPTION *acc;
+	int i, objlen;
+	char *objtmp, *ptmp;
+	if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) {
+		X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+		return NULL;
+	}
+	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
+		cnf = sk_CONF_VALUE_value(nval, i);
+		if(!(acc = ACCESS_DESCRIPTION_new())
+			|| !sk_ACCESS_DESCRIPTION_push(ainfo, acc)) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		ptmp = strchr(cnf->name, ';');
+		if(!ptmp) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_INVALID_SYNTAX);
+			goto err;
+		}
+		objlen = ptmp - cnf->name;
+		ctmp.name = ptmp + 1;
+		ctmp.value = cnf->value;
+		if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp)))
+								 goto err; 
+		if(!(objtmp = Malloc(objlen + 1))) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE);
+			goto err;
+		}
+		strncpy(objtmp, cnf->name, objlen);
+		objtmp[objlen] = 0;
+		acc->method = OBJ_txt2obj(objtmp, 0);
+		if(!acc->method) {
+			X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT);
+			ERR_add_error_data(2, "value=", objtmp);
+			Free(objtmp);
+			goto err;
+		}
+		Free(objtmp);
+
+	}
+	return ainfo;
+	err:
+	sk_ACCESS_DESCRIPTION_pop_free(ainfo, ACCESS_DESCRIPTION_free);
+	return NULL;
+}
+
+int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp)
+{
+	M_ASN1_I2D_vars(a);
+
+	M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME);
+
+	M_ASN1_I2D_seq_total();
+
+	M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT);
+	M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME);
+
+	M_ASN1_I2D_finish();
+}
+
+ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void)
+{
+	ACCESS_DESCRIPTION *ret=NULL;
+	ASN1_CTX c;
+	M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION);
+	ret->method = OBJ_nid2obj(NID_undef);
+	ret->location = NULL;
+	return (ret);
+	M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW);
+}
+
+ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
+	     long length)
+{
+	M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new);
+	M_ASN1_D2I_Init();
+	M_ASN1_D2I_start_sequence();
+	M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT);
+	M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME);
+	M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION);
+}
+
+void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a)
+{
+	if (a == NULL) return;
+	ASN1_OBJECT_free(a->method);
+	GENERAL_NAME_free(a->location);
+	Free ((char *)a);
+}
+
+STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new()
+{
+	return sk_ACCESS_DESCRIPTION_new(NULL);
+}
+
+void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a)
+{
+	sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free);
+}
+
+STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
+					 unsigned char **pp, long length)
+{
+return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION,
+			 ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
+}
+
+int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp)
+{
+return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE,
+						 V_ASN1_UNIVERSAL, IS_SEQUENCE);
+}
+
+IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION)
+IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
+

crypto/x509v3/v3_lib.c

@@ -140,7 +140,7 @@ static void ext_list_free(X509V3_EXT_METHOD *ext)
 }
 
 extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku;
-extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet;
+extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info;
 extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id;
 
 extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld;
@@ -158,6 +158,7 @@ int X509V3_add_standard_extensions(void)
 	X509V3_EXT_add(&v3_pkey_usage_period);
 	X509V3_EXT_add(&v3_crl_num);
 	X509V3_EXT_add(&v3_sxnet);
+	X509V3_EXT_add(&v3_info);
 	X509V3_EXT_add(&v3_crl_reason);
 	X509V3_EXT_add(&v3_cpols);
 	X509V3_EXT_add(&v3_crld);

crypto/x509v3/v3err.c

@@ -72,6 +72,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0),	"hex_to_string"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0),	"i2s_ASN1_ENUMERATED"},
 {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0),	"i2s_ASN1_INTEGER"},
+{ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0),	"I2V_AUTHORITY_INFO_ACCESS"},
 {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0),	"NOTICE_SECTION"},
 {ERR_PACK(0,X509V3_F_NREF_NOS,0),	"NREF_NOS"},
 {ERR_PACK(0,X509V3_F_POLICY_SECTION,0),	"POLICY_SECTION"},
@@ -87,6 +88,7 @@ static ERR_STRING_DATA X509V3_str_functs[]=
 {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0),	"SXNET_add_id_ulong"},
 {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0),	"SXNET_get_id_asc"},
 {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0),	"SXNET_get_id_ulong"},
+{ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0),	"V2I_ACCESS_DESCRIPTION"},
 {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0),	"V2I_ASN1_BIT_STRING"},
 {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0),	"V2I_AUTHORITY_KEYID"},
 {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0),	"V2I_BASIC_CONSTRAINTS"},
@@ -133,6 +135,7 @@ static ERR_STRING_DATA X509V3_str_reasons[]=
 {X509V3_R_INVALID_OPTION                 ,"invalid option"},
 {X509V3_R_INVALID_POLICY_IDENTIFIER      ,"invalid policy identifier"},
 {X509V3_R_INVALID_SECTION                ,"invalid section"},
+{X509V3_R_INVALID_SYNTAX                 ,"invalid syntax"},
 {X509V3_R_ISSUER_DECODE_ERROR            ,"issuer decode error"},
 {X509V3_R_MISSING_VALUE                  ,"missing value"},
 {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS  ,"need organization and numbers"},

crypto/x509v3/x509v3.h

@@ -178,9 +178,17 @@ union {
 } d;
 } GENERAL_NAME;
 
+typedef struct ACCESS_DESCRIPTION_st {
+ASN1_OBJECT *method;
+GENERAL_NAME *location;
+} ACCESS_DESCRIPTION;
+
 DECLARE_STACK_OF(GENERAL_NAME)
 DECLARE_ASN1_SET_OF(GENERAL_NAME)
 
+DECLARE_STACK_OF(ACCESS_DESCRIPTION)
+DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION)
+
 typedef struct DIST_POINT_NAME_st {
 /* NB: this is a CHOICE type and only one of these should be set */
 STACK_OF(GENERAL_NAME) *fullname;
@@ -439,6 +447,20 @@ void DIST_POINT_NAME_free(DIST_POINT_NAME *a);
 DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp,
              long length);
 
+int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp);
+ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void);
+void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a);
+ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp,
+             long length);
+
+STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new();
+void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a);
+STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a,
+					 unsigned char **pp, long length);
+int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp);
+
+
+
 #ifdef HEADER_CONF_H
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf);
 void X509V3_conf_free(CONF_VALUE *val);
@@ -522,6 +544,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *);
 #define X509V3_F_HEX_TO_STRING				 111
 #define X509V3_F_I2S_ASN1_ENUMERATED			 121
 #define X509V3_F_I2S_ASN1_INTEGER			 120
+#define X509V3_F_I2V_AUTHORITY_INFO_ACCESS		 138
 #define X509V3_F_NOTICE_SECTION				 132
 #define X509V3_F_NREF_NOS				 133
 #define X509V3_F_POLICY_SECTION				 131
@@ -537,6 +560,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *);
 #define X509V3_F_SXNET_ADD_ID_ULONG			 127
 #define X509V3_F_SXNET_GET_ID_ASC			 128
 #define X509V3_F_SXNET_GET_ID_ULONG			 129
+#define X509V3_F_V2I_ACCESS_DESCRIPTION			 139
 #define X509V3_F_V2I_ASN1_BIT_STRING			 101
 #define X509V3_F_V2I_AUTHORITY_KEYID			 119
 #define X509V3_F_V2I_BASIC_CONSTRAINTS			 102
@@ -580,6 +604,7 @@ char * X509_PURPOSE_get_name(X509_PURPOSE *);
 #define X509V3_R_INVALID_OPTION				 138
 #define X509V3_R_INVALID_POLICY_IDENTIFIER		 134
 #define X509V3_R_INVALID_SECTION			 135
+#define X509V3_R_INVALID_SYNTAX				 143
 #define X509V3_R_ISSUER_DECODE_ERROR			 126
 #define X509V3_R_MISSING_VALUE				 124
 #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS		 142

util/libeay.num

@@ -2048,3 +2048,31 @@ PEM_write_RSA_PUBKEY                    2072
 EVP_PKEY_rset_DH                        2073
 i2d_RSA_PUBKEY_fp                       2074
 PEM_write_bio_PUBKEY                    2075
+sk_ACCESS_DESCRIPTION_shift             2076
+d2i_AUTHORITY_INFO_ACCESS               2077
+sk_ACCESS_DESCRIPTION_delete            2078
+ACCESS_DESCRIPTION_new                  2079
+d2i_ACCESS_DESCRIPTION                  2080
+sk_ACCESS_DESCRIPTION_set               2081
+i2d_ASN1_SET_OF_ACCESS_DESCRIPTION      2082
+sk_ACCESS_DESCRIPTION_free              2083
+sk_ACCESS_DESCRIPTION_value             2084
+sk_ACCESS_DESCRIPTION_unshift           2085
+sk_ACCESS_DESCRIPTION_pop_free          2086
+ACCESS_DESCRIPTION_free                 2087
+sk_ACCESS_DESCRIPTION_dup               2088
+sk_ACCESS_DESCRIPTION_zero              2089
+sk_ACCESS_DESCRIPTION_new               2090
+sk_ACCESS_DESCRIPTION_push              2091
+d2i_ASN1_SET_OF_ACCESS_DESCRIPTION      2092
+sk_ACCESS_DESCRIPTION_find              2093
+AUTHORITY_INFO_ACCESS_free              2094
+sk_ACCESS_DESCRIPTION_pop               2095
+i2d_AUTHORITY_INFO_ACCESS               2096
+sk_ACCESS_DESCRIPTION_num               2097
+i2d_ACCESS_DESCRIPTION                  2098
+sk_ACCESS_DESCRIPTION_new_null          2099
+sk_ACCESS_DESCRIPTION_delete_ptr        2100
+sk_ACCESS_DESCRIPTION_insert            2101
+sk_ACCESS_DESCRIPTION_sort              2102
+sk_ACCESS_DESCRIPTION_set_cmp_func      2103