diff options
author | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:56:39 +0000 |
---|---|---|
committer | Ralf S. Engelschall <rse@openssl.org> | 1998-12-21 10:56:39 +0000 |
commit | 58964a492275ca9a59a0cd9c8155cb2491b4b909 (patch) | |
tree | c7b16876a5789463bbbb468ef4829c8129b3d718 /crypto/x509v3 | |
parent | d02b48c63a58ea4367a0e905979f140b7d090f86 (diff) | |
download | openssl-58964a492275ca9a59a0cd9c8155cb2491b4b909.tar.gz |
Import of old SSLeay release: SSLeay 0.9.0b
Diffstat (limited to 'crypto/x509v3')
-rw-r--r-- | crypto/x509v3/format | 92 | ||||
-rw-r--r-- | crypto/x509v3/header | 6 | ||||
-rw-r--r-- | crypto/x509v3/v3_ku.c | 318 | ||||
-rw-r--r-- | crypto/x509v3/x509v3.h | 87 |
4 files changed, 503 insertions, 0 deletions
diff --git a/crypto/x509v3/format b/crypto/x509v3/format new file mode 100644 index 0000000000..3307978121 --- /dev/null +++ b/crypto/x509v3/format @@ -0,0 +1,92 @@ +AuthorityKeyIdentifier + { + keyIdentifier [0] OCTET_STRING OPTIONAL + authorityCertIssuer [1] GeneralNames OPTIONAL + authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL + } + +SubjectKeyIdentifier OCTET_STRING + +KeyUsage + { + BIT_STRING + digitalSignature 0 + nonRepudiation 1 + keyEncipherment 2 + dataEncipherment 3 + keyAgreement 4 + keyCertSign 5 + cRLSign 6 + encipherOnly 7 + decipherOnly 8 + } + +extKeyUsage + { + SEQUENCE of OBJECT_IDENTIFIER + } + +privateKeyUsagePeriod + { + notBefore [0] GeneralizedTime OPTIONAL + notAfter [1] GeneralizedTime OPTIONAL + } + +certificatePoliciesSyntax + SEQUENCE of PoliciesInformation + +PoliciesInformation XXX +policyMappings XXX +supportedAlgorithms XXX + +subjectAltName + GeneralNames sequence of GeneralName + +GeneralName + { + otherName [0] INSTANCE OF OTHER-NAME + rfc882Name [1] IA5String + dNSName [2] IA5String + x400Address [3] ORAddress + directoryName [4] Name + ediPartyName [5] + { + nameAssigner [0] DirectoryString OPTIONAL + partyName [1] DirectoryString + } + uniformResourceIdentifier [6] IA5String + iPAddress [7] OCTET_STRING + registeredID [8] OBJECT_IDENTIFIER + } + +issuerAltName + GeneralNames sequence of GeneralName + +subjectDirectoryAttribute SEQUENCE of Attribute + +basicConstraints + { + cA BOOLEAN default FALSE + pathLenConstraint INTEGER OPTIONAL + } + +nameConstraints + { + permittedSubtrees [0] sequence of GeneralSubtree OPTIONAL + excludedSubtrees [1] sequence of GeneralSubtree OPTIONAL + } + +GeneralSubtree + { + base GeneralName + minimum [0] BaseDistance DEFAULT 0 + maximum [1] BaseDistance OPTIONAL + } + +PolicyConstraints + { + requiredExplicitPolicy [0] SkipCerts OPTIONAL + inhibitPolicyMapping [1] SkipCerts OPTIONAL + } +SkipCerts == INTEGER + diff --git a/crypto/x509v3/header b/crypto/x509v3/header new file mode 100644 index 0000000000..3d791ca3dd --- /dev/null +++ b/crypto/x509v3/header @@ -0,0 +1,6 @@ +int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size) +int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) +int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp) +ASN1_INTEGER * d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp,long length) + + diff --git a/crypto/x509v3/v3_ku.c b/crypto/x509v3/v3_ku.c new file mode 100644 index 0000000000..87c7402f43 --- /dev/null +++ b/crypto/x509v3/v3_ku.c @@ -0,0 +1,318 @@ +/* crypto/x509v3/v3_ku.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <ctype.h> +#include "stack.h" +#include "cryptlib.h" +#include "bio.h" +#include "asn1.h" +#include "objects.h" +#include "x509.h" + +X509_EXTENSION_METHOD X509v3_key_usage_method= + { + NID_key_usage, + ku_clear, + ex_get_bool, + ex_set_bool, + NULL, + NULL, + NULL, + NULL, + ku_a2i, + ku_i2a, + }; + +static void ku_clear(a) +X509_EXTENSION *a; + { + } + +static int ku_expand(a) +X509_EXTENSION *a; + { + ASN1_BIT_STRING *bs; + + if (a->argp == NULL) + { + bs=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING,value); + if (bs == NULL) return(0); + a->argp=(char *)bs; + a->ex_free=ASN1_STRING_free; + } + return(1); + } + +static int ku_get_bool(a,num) +X509_EXTENSION *a; +int num; + { + int ret; + ASN1_BIT_STRING *bs; + + if ((a->argp == NULL) && !ku_expand(a)) + return(-1); + bs=(ASN1_BIT_STRING *)a->argp; + ret=ASN1_BIT_STRING_get_bit(bs,num); + return(ret); + } + +static int ku_set_bool(a,num,value) +X509_EXTENSION *a; +int num; +int value; + { + ASN1_BIT_STRING *a; + + if ((a->argp == NULL) && !ku_expand(a)) + return(0); + bs=(ASN1_BIT_STRING *)a->argp; + ret=ASN1_BIT_STRING_set_bit(bs,num,value); + } + +static int ku_a2i(bio,a,buf,len) +BIO *bio; +X509_EXTENSION *a; +char *buf; +int len; + { + get token + } + +static char ku_names[X509v3_N_KU_NUM]={ + X509v3_S_KU_digitalSignature, + X509v3_S_KU_nonRepudiation, + X509v3_S_KU_keyEncipherment, + X509v3_S_KU_dataEncipherment, + X509v3_S_KU_keyAgreement, + X509v3_S_KU_keyCertSign, + X509v3_S_KU_cRLSign, + X509v3_S_KU_encipherOnly, + X509v3_S_KU_decipherOnly, + }; + +static int ku_i2a(bio,a); +BIO *bio; +X509_EXTENSION *a; + { + int i,first=1; + char *c; + + for (i=0; i<X509v3_N_KU_NUM; i++) + { + if (ku_get_bool(a,i) > 0) + { + BIO_printf(bio,"%s%s",((first)?"":" "),ku_names[i]); + first=0; + } + } + } + +/***********************/ + +int X509v3_get_key_usage(x,ret) +STACK *x; +unsigned long *ret; + { + X509_EXTENSION *ext; + ASN1_STRING *st; + char *p; + int i; + + i=X509_get_ext_by_NID(x,NID_key_usage,-1); + if (i < 0) return(X509v3_KU_UNDEF); + ext=X509_get_ext(x,i); + st=X509v3_unpack_string(NULL,V_ASN1_BIT_STRING, + X509_EXTENSION_get_data(X509_get_ext(x,i))); + + p=ASN1_STRING_data(st); + if (ASN1_STRING_length(st) == 1) + i=p[0]; + else if (ASN1_STRING_length(st) == 2) + i=p[0]|(p[1]<<8); + else + i=0; + return(i); + } + +static struct + { + char *name; + unsigned int value; + } key_usage_data[] ={ + {"digitalSignature", X509v3_KU_DIGITAL_SIGNATURE}, + {"nonRepudiation", X509v3_KU_NON_REPUDIATION}, + {"keyEncipherment", X509v3_KU_KEY_ENCIPHERMENT}, + {"dataEncipherment", X509v3_KU_DATA_ENCIPHERMENT}, + {"keyAgreement", X509v3_KU_KEY_AGREEMENT}, + {"keyCertSign", X509v3_KU_KEY_CERT_SIGN}, + {"cRLSign", X509v3_KU_CRL_SIGN}, + {"encipherOnly", X509v3_KU_ENCIPHER_ONLY}, + {"decipherOnly", X509v3_KU_DECIPHER_ONLY}, + {NULL,0}, + }; + +#if 0 +static int a2i_key_usage(x,str,len) +X509 *x; +char *str; +int len; + { + return(X509v3_set_key_usage(x,a2i_X509v3_key_usage(str))); + } + +static int i2a_key_usage(bp,x) +BIO *bp; +X509 *x; + { + return(i2a_X509v3_key_usage(bp,X509v3_get_key_usage(x))); + } +#endif + +int i2a_X509v3_key_usage(bp,use) +BIO *bp; +unsigned int use; + { + int i=0,first=1; + + for (;;) + { + if (use | key_usage_data[i].value) + { + BIO_printf(bp,"%s%s",((first)?"":" "), + key_usage_data[i].name); + first=0; + } + } + return(1); + } + +unsigned int a2i_X509v3_key_usage(p) +char *p; + { + unsigned int ret=0; + char *q,*s; + int i,n; + + q=p; + for (;;) + { + while ((*q != '\0') && isalnum(*q)) + q++; + if (*q == '\0') break; + s=q++; + while (isalnum(*q)) + q++; + n=q-s; + i=0; + for (;;) + { + if (strncmp(key_usage_data[i].name,s,n) == 0) + { + ret|=key_usage_data[i].value; + break; + } + i++; + if (key_usage_data[i].name == NULL) + return(X509v3_KU_UNDEF); + } + } + return(ret); + } + +int X509v3_set_key_usage(x,use) +X509 *x; +unsigned int use; + { + ASN1_OCTET_STRING *os; + X509_EXTENSION *ext; + int i; + unsigned char data[4]; + + i=X509_get_ext_by_NID(x,NID_key_usage,-1); + if (i < 0) + { + i=X509_get_ext_count(x)+1; + if ((ext=X509_EXTENSION_new()) == NULL) return(0); + if (!X509_add_ext(x,ext,i)) + { + X509_EXTENSION_free(ext); + return(0); + } + } + else + ext=X509_get_ext(x,i); + + /* fill in 'ext' */ + os=X509_EXTENSION_get_data(ext); + + i=0; + if (use > 0) + { + i=1; + data[0]=use&0xff; + } + if (use > 0xff) + { + i=2; + data[1]=(use>>8)&0xff; + } + return((X509v3_pack_string(&os,V_ASN1_BIT_STRING,data,i) == NULL)?0:1); + } + diff --git a/crypto/x509v3/x509v3.h b/crypto/x509v3/x509v3.h new file mode 100644 index 0000000000..d7945bc9cd --- /dev/null +++ b/crypto/x509v3/x509v3.h @@ -0,0 +1,87 @@ +/* crypto/x509v3/x509v3.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +#define X509v3_N_KU_digitalSignature 0 +#define X509v3_N_KU_nonRepudiation 1 +#define X509v3_N_KU_keyEncipherment 2 +#define X509v3_N_KU_dataEncipherment 3 +#define X509v3_N_KU_keyAgreement 4 +#define X509v3_N_KU_keyCertSign 5 +#define X509v3_N_KU_cRLSign 6 +#define X509v3_N_KU_encipherOnly 7 +#define X509v3_N_KU_decipherOnly 8 +#define X509v3_N_KU_NUM 9 +#define X509v3_S_KU_digitalSignature "digitalSignature" +#define X509v3_S_KU_nonRepudiation "nonRepudiation" +#define X509v3_S_KU_keyEncipherment "keyEncipherment" +#define X509v3_S_KU_dataEncipherment "dataEncipherment" +#define X509v3_S_KU_keyAgreement "keyAgreement" +#define X509v3_S_KU_keyCertSign "keyCertSign" +#define X509v3_S_KU_cRLSign "cRLSign" +#define X509v3_S_KU_encipherOnly "encipherOnly" +#define X509v3_S_KU_decipherOnly "decipherOnly" + + +void X509_ex_clear(X509_EXTENSION *a); +int X509_ex_get_bool(X509_EXTENSION *a,int num); +int X509_ex_set_bool(X509_EXTENSION *a,int num,int value); +int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len); +int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len); +char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p); +int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p); +int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len); +int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a); |