Support for inhibitAnyPolicy extension.

edec614e · Dr. Stephen Henson · 2457c19d · edec614e · edec614e · edec614e
7 changed file
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,9 @@

 Changes between 0.9.7c and 0.9.8  [xx XXX xxxx]

+  *) Support for inhibitAnyPolicy certificate extension.
+     [Steve Henson]
+
  *) An audit of the BIGNUM code is underway, for which debugging code is
     enabled when BN_DEBUG is defined. This makes stricter enforcements on what
     is considered valid when processing BIGNUMs, and causes execution to

--- a/crypto/objects/obj_dat.h
+++ b/crypto/objects/obj_dat.h
@@ -62,12 +62,12 @@
 * [including the GNU Public Licence.]
 */

-#define NUM_NID 736
-#define NUM_SN 731
-#define NUM_LN 731
-#define NUM_OBJ 693
+#define NUM_NID 737
+#define NUM_SN 732
+#define NUM_LN 732
+#define NUM_OBJ 694

-static unsigned char lvalues[4882]={
+static unsigned char lvalues[4885]={
 0x00,                                        /* [  0] OBJ_undef */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,               /* [  1] OBJ_rsadsi */
 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01,          /* [  7] OBJ_pkcs */
@@ -761,6 +761,7 @@ static unsigned char lvalues[4882]={
 0x00,                                        /* [4878] OBJ_itu_t */
 0x50,                                        /* [4879] OBJ_joint_iso_itu_t */
 0x67,                                        /* [4880] OBJ_international_organizations */
+0x55,0x1D,0x36,                              /* [4881] OBJ_inhibit_any_policy */
 };

 static ASN1_OBJECT nid_objs[NUM_NID]={
@@ -1906,6 +1907,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={
 {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL},
 {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL},
 {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL},
+{"inhibitAnyPolicy","X509v3 Inhibit Any Policy",
+	NID_inhibit_any_policy,3,&(lvalues[4881]),0},
 };

 static ASN1_OBJECT *sn_objs[NUM_SN]={
@@ -2323,6 +2326,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={
 &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */
 &(nid_objs[527]),/* "identified-organization" */
 &(nid_objs[461]),/* "info" */
+&(nid_objs[736]),/* "inhibitAnyPolicy" */
 &(nid_objs[101]),/* "initials" */
 &(nid_objs[723]),/* "international-organizations" */
 &(nid_objs[142]),/* "invalidityDate" */
@@ -2736,6 +2740,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={
 &(nid_objs[89]),/* "X509v3 Certificate Policies" */
 &(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */
 &(nid_objs[126]),/* "X509v3 Extended Key Usage" */
+&(nid_objs[736]),/* "X509v3 Inhibit Any Policy" */
 &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */
 &(nid_objs[83]),/* "X509v3 Key Usage" */
 &(nid_objs[720]),/* "X509v3 Name Constraints" */
@@ -3436,6 +3441,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={
 &(nid_objs[90]),/* OBJ_authority_key_identifier     2 5 29 35 */
 &(nid_objs[401]),/* OBJ_policy_constraints           2 5 29 36 */
 &(nid_objs[126]),/* OBJ_ext_key_usage                2 5 29 37 */
+&(nid_objs[736]),/* OBJ_inhibit_any_policy           2 5 29 54 */
 &(nid_objs[402]),/* OBJ_target_information           2 5 29 55 */
 &(nid_objs[403]),/* OBJ_no_rev_avail                 2 5 29 56 */
 &(nid_objs[577]),/* OBJ_set_ctype                    2 23 42 0 */

--- a/crypto/objects/obj_mac.h
+++ b/crypto/objects/obj_mac.h
@@ -2082,6 +2082,11 @@
 #define NID_ext_key_usage		126
 #define OBJ_ext_key_usage		OBJ_id_ce,37L

+#define SN_inhibit_any_policy		"inhibitAnyPolicy"
+#define LN_inhibit_any_policy		"X509v3 Inhibit Any Policy"
+#define NID_inhibit_any_policy		736
+#define OBJ_inhibit_any_policy		OBJ_id_ce,54L
+
 #define SN_target_information		"targetInformation"
 #define LN_target_information		"X509v3 AC Targeting"
 #define NID_target_information		402

--- a/crypto/objects/obj_mac.num
+++ b/crypto/objects/obj_mac.num
@@ -733,3 +733,4 @@ des_cfb1		732
 des_cfb8		733
 des_ede3_cfb1		734
 des_ede3_cfb8		735
+inhibit_any_policy		736
--- a/crypto/objects/objects.txt
+++ b/crypto/objects/objects.txt
@@ -679,6 +679,8 @@ id-ce 35		: authorityKeyIdentifier : X509v3 Authority Key Identifier
 id-ce 36		: policyConstraints	: X509v3 Policy Constraints
 !Cname ext-key-usage
 id-ce 37		: extendedKeyUsage	: X509v3 Extended Key Usage
+!Cname inhibit-any-policy
+id-ce 54		: inhibitAnyPolicy	: X509v3 Inhibit Any Policy
 !Cname target-information
 id-ce 55		: targetInformation	: X509v3 AC Targeting
 !Cname no-rev-avail

--- a/crypto/x509v3/ext_dat.h
+++ b/crypto/x509v3/ext_dat.h
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -65,7 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff;
 extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc;
 extern X509V3_EXT_METHOD v3_crl_hold;
 extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints;
-extern X509V3_EXT_METHOD v3_name_constraints;
+extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp;

 /* This table will be searched using OBJ_bsearch so it *must* kept in
 * order of the ext_nid values.
@@ -111,7 +111,8 @@ static X509V3_EXT_METHOD *standard_exts[] = {
 &v3_crl_hold,
 #endif
 &v3_policy_mappings,
-&v3_name_constraints
+&v3_name_constraints,
+&v3_inhibit_anyp
 };

 /* Number of standard extensions */

--- a/crypto/x509v3/v3_int.c
+++ b/crypto/x509v3/v3_int.c
@@ -3,7 +3,7 @@
 * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999-2004 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -61,9 +61,22 @@
 #include <openssl/x509v3.h>

 X509V3_EXT_METHOD v3_crl_num = { 
-NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
-0,0,0,0,
-(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
-0,
-0,0,0,0, NULL};
+	NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+	0,0,0,0,
+	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+	0,
+	0,0,0,0, NULL};
+
+void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value)
+	{
+	return s2i_ASN1_INTEGER(meth, value);
+	}
+
+X509V3_EXT_METHOD v3_inhibit_anyp = { 
+	NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER),
+	0,0,0,0,
+	(X509V3_EXT_I2S)i2s_ASN1_INTEGER,
+	(X509V3_EXT_S2I)s2i_asn1_int,
+	0,0,0,0, NULL};
+