From edec614efddb8dc275f5537a8af98e2a1cac91b5 Mon Sep 17 00:00:00 2001 From: "Dr. Stephen Henson" Date: Mon, 8 Mar 2004 13:56:31 +0000 Subject: [PATCH] Support for inhibitAnyPolicy extension. --- CHANGES | 3 +++ crypto/objects/obj_dat.h | 16 +++++++++++----- crypto/objects/obj_mac.h | 5 +++++ crypto/objects/obj_mac.num | 1 + crypto/objects/objects.txt | 2 ++ crypto/x509v3/ext_dat.h | 7 ++++--- crypto/x509v3/v3_int.c | 25 +++++++++++++++++++------ 7 files changed, 45 insertions(+), 14 deletions(-) diff --git a/CHANGES b/CHANGES index 19803f2935..22449a3ac9 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,9 @@ Changes between 0.9.7c and 0.9.8 [xx XXX xxxx] + *) Support for inhibitAnyPolicy certificate extension. + [Steve Henson] + *) An audit of the BIGNUM code is underway, for which debugging code is enabled when BN_DEBUG is defined. This makes stricter enforcements on what is considered valid when processing BIGNUMs, and causes execution to diff --git a/crypto/objects/obj_dat.h b/crypto/objects/obj_dat.h index 7889f2c9c1..10781b79c1 100644 --- a/crypto/objects/obj_dat.h +++ b/crypto/objects/obj_dat.h @@ -62,12 +62,12 @@ * [including the GNU Public Licence.] */ -#define NUM_NID 736 -#define NUM_SN 731 -#define NUM_LN 731 -#define NUM_OBJ 693 +#define NUM_NID 737 +#define NUM_SN 732 +#define NUM_LN 732 +#define NUM_OBJ 694 -static unsigned char lvalues[4882]={ +static unsigned char lvalues[4885]={ 0x00, /* [ 0] OBJ_undef */ 0x2A,0x86,0x48,0x86,0xF7,0x0D, /* [ 1] OBJ_rsadsi */ 0x2A,0x86,0x48,0x86,0xF7,0x0D,0x01, /* [ 7] OBJ_pkcs */ @@ -761,6 +761,7 @@ static unsigned char lvalues[4882]={ 0x00, /* [4878] OBJ_itu_t */ 0x50, /* [4879] OBJ_joint_iso_itu_t */ 0x67, /* [4880] OBJ_international_organizations */ +0x55,0x1D,0x36, /* [4881] OBJ_inhibit_any_policy */ }; static ASN1_OBJECT nid_objs[NUM_NID]={ @@ -1906,6 +1907,8 @@ static ASN1_OBJECT nid_objs[NUM_NID]={ {"DES-CFB8","des-cfb8",NID_des_cfb8,0,NULL}, {"DES-EDE3-CFB1","des-ede3-cfb1",NID_des_ede3_cfb1,0,NULL}, {"DES-EDE3-CFB8","des-ede3-cfb8",NID_des_ede3_cfb8,0,NULL}, +{"inhibitAnyPolicy","X509v3 Inhibit Any Policy", + NID_inhibit_any_policy,3,&(lvalues[4881]),0}, }; static ASN1_OBJECT *sn_objs[NUM_SN]={ @@ -2323,6 +2326,7 @@ static ASN1_OBJECT *sn_objs[NUM_SN]={ &(nid_objs[249]),/* "id-smime-spq-ets-sqt-uri" */ &(nid_objs[527]),/* "identified-organization" */ &(nid_objs[461]),/* "info" */ +&(nid_objs[736]),/* "inhibitAnyPolicy" */ &(nid_objs[101]),/* "initials" */ &(nid_objs[723]),/* "international-organizations" */ &(nid_objs[142]),/* "invalidityDate" */ @@ -2736,6 +2740,7 @@ static ASN1_OBJECT *ln_objs[NUM_LN]={ &(nid_objs[89]),/* "X509v3 Certificate Policies" */ &(nid_objs[140]),/* "X509v3 Delta CRL Indicator" */ &(nid_objs[126]),/* "X509v3 Extended Key Usage" */ +&(nid_objs[736]),/* "X509v3 Inhibit Any Policy" */ &(nid_objs[86]),/* "X509v3 Issuer Alternative Name" */ &(nid_objs[83]),/* "X509v3 Key Usage" */ &(nid_objs[720]),/* "X509v3 Name Constraints" */ @@ -3436,6 +3441,7 @@ static ASN1_OBJECT *obj_objs[NUM_OBJ]={ &(nid_objs[90]),/* OBJ_authority_key_identifier 2 5 29 35 */ &(nid_objs[401]),/* OBJ_policy_constraints 2 5 29 36 */ &(nid_objs[126]),/* OBJ_ext_key_usage 2 5 29 37 */ +&(nid_objs[736]),/* OBJ_inhibit_any_policy 2 5 29 54 */ &(nid_objs[402]),/* OBJ_target_information 2 5 29 55 */ &(nid_objs[403]),/* OBJ_no_rev_avail 2 5 29 56 */ &(nid_objs[577]),/* OBJ_set_ctype 2 23 42 0 */ diff --git a/crypto/objects/obj_mac.h b/crypto/objects/obj_mac.h index f04ff9be49..0e20e94a8a 100644 --- a/crypto/objects/obj_mac.h +++ b/crypto/objects/obj_mac.h @@ -2082,6 +2082,11 @@ #define NID_ext_key_usage 126 #define OBJ_ext_key_usage OBJ_id_ce,37L +#define SN_inhibit_any_policy "inhibitAnyPolicy" +#define LN_inhibit_any_policy "X509v3 Inhibit Any Policy" +#define NID_inhibit_any_policy 736 +#define OBJ_inhibit_any_policy OBJ_id_ce,54L + #define SN_target_information "targetInformation" #define LN_target_information "X509v3 AC Targeting" #define NID_target_information 402 diff --git a/crypto/objects/obj_mac.num b/crypto/objects/obj_mac.num index 65ecec0fb7..6833811455 100644 --- a/crypto/objects/obj_mac.num +++ b/crypto/objects/obj_mac.num @@ -733,3 +733,4 @@ des_cfb1 732 des_cfb8 733 des_ede3_cfb1 734 des_ede3_cfb8 735 +inhibit_any_policy 736 diff --git a/crypto/objects/objects.txt b/crypto/objects/objects.txt index ae78c0dfbb..18a2334d9c 100644 --- a/crypto/objects/objects.txt +++ b/crypto/objects/objects.txt @@ -679,6 +679,8 @@ id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier id-ce 36 : policyConstraints : X509v3 Policy Constraints !Cname ext-key-usage id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage +!Cname inhibit-any-policy +id-ce 54 : inhibitAnyPolicy : X509v3 Inhibit Any Policy !Cname target-information id-ce 55 : targetInformation : X509v3 AC Targeting !Cname no-rev-avail diff --git a/crypto/x509v3/ext_dat.h b/crypto/x509v3/ext_dat.h index 0879ae5ddc..bf693698b7 100644 --- a/crypto/x509v3/ext_dat.h +++ b/crypto/x509v3/ext_dat.h @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -65,7 +65,7 @@ extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; extern X509V3_EXT_METHOD v3_crl_hold; extern X509V3_EXT_METHOD v3_policy_mappings, v3_policy_constraints; -extern X509V3_EXT_METHOD v3_name_constraints; +extern X509V3_EXT_METHOD v3_name_constraints, v3_inhibit_anyp; /* This table will be searched using OBJ_bsearch so it *must* kept in * order of the ext_nid values. @@ -111,7 +111,8 @@ static X509V3_EXT_METHOD *standard_exts[] = { &v3_crl_hold, #endif &v3_policy_mappings, -&v3_name_constraints +&v3_name_constraints, +&v3_inhibit_anyp }; /* Number of standard extensions */ diff --git a/crypto/x509v3/v3_int.c b/crypto/x509v3/v3_int.c index f34cbfb731..a352f68a99 100644 --- a/crypto/x509v3/v3_int.c +++ b/crypto/x509v3/v3_int.c @@ -3,7 +3,7 @@ * project 1999. */ /* ==================================================================== - * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2004 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -61,9 +61,22 @@ #include X509V3_EXT_METHOD v3_crl_num = { -NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), -0,0,0,0, -(X509V3_EXT_I2S)i2s_ASN1_INTEGER, -0, -0,0,0,0, NULL}; + NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), + 0,0,0,0, + (X509V3_EXT_I2S)i2s_ASN1_INTEGER, + 0, + 0,0,0,0, NULL}; + +void * s2i_asn1_int(X509V3_EXT_METHOD *meth, X509V3_CTX *ctx, char *value) + { + return s2i_ASN1_INTEGER(meth, value); + } + +X509V3_EXT_METHOD v3_inhibit_anyp = { + NID_inhibit_any_policy, 0, ASN1_ITEM_ref(ASN1_INTEGER), + 0,0,0,0, + (X509V3_EXT_I2S)i2s_ASN1_INTEGER, + (X509V3_EXT_S2I)s2i_asn1_int, + 0,0,0,0, NULL}; + -- GitLab