Support for parsing of certificate extensions in PKCS#10 requests: these are (87c49f62) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

CHANGES

+6 −0

Original line number	Original line	Diff line number	Diff line
	@@ -4,6 +4,12 @@

	Changes between 0.9.4 and 0.9.5 [xx XXX 1999]		Changes between 0.9.4 and 0.9.5 [xx XXX 1999]

			*) Initial support for certificate extension requests, these are included
			in things like Xenroll certificate requests. They will later be used to
			allow PKCS#10 requests to include a list of "requested extensions" which
			can be added.
			[Steve Henson]

	*) -crlf option to s_client and s_server for sending newlines as		*) -crlf option to s_client and s_server for sending newlines as
	CRLF (as required by many protocols).		CRLF (as required by many protocols).
	[Bodo Moeller]		[Bodo Moeller]

STATUS

+2 −2

Original line number	Original line	Diff line number	Diff line

	OpenSSL STATUS Last modified at		OpenSSL STATUS Last modified at
	______________ $Date: 1999/08/09 11:14:06 $		______________ $Date: 1999/08/09 22:37:59 $

	DEVELOPMENT STATE		DEVELOPMENT STATE

	@@ -15,7 +15,6 @@

	AVAILABLE PATCHES		AVAILABLE PATCHES

	o OCSP (titchenert@certco.com)
	o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)		o getenv in ca.c and x509_def.c (jaltman@watsun.cc.columbia.edu)

	IN PROGRESS		IN PROGRESS
	@@ -24,6 +23,7 @@
	Proper (or at least usable) certificate chain verification.		Proper (or at least usable) certificate chain verification.
	Private key, certificate and CRL API and implementation.		Private key, certificate and CRL API and implementation.
	Checking and bugfixing PKCS#7 (S/MIME code).		Checking and bugfixing PKCS#7 (S/MIME code).
			Various X509 issues: character sets, certificate request extensions.

	o Mark is currently working on:		o Mark is currently working on:
	Folding in any changes that are in the C2Net code base that were		Folding in any changes that are in the C2Net code base that were

crypto/asn1/t_req.c

+27 −0

Original line number	Original line	Diff line number	Diff line
	@@ -62,6 +62,7 @@
	#include <openssl/bn.h>		#include <openssl/bn.h>
	#include <openssl/objects.h>		#include <openssl/objects.h>
	#include <openssl/x509.h>		#include <openssl/x509.h>
			#include <openssl/x509v3.h>

	#ifndef NO_FP_API		#ifndef NO_FP_API
	int X509_REQ_print_fp(FILE fp, X509_REQ x)		int X509_REQ_print_fp(FILE fp, X509_REQ x)
	@@ -90,6 +91,7 @@ int X509_REQ_print(BIO bp, X509_REQ x)
	X509_REQ_INFO *ri;		X509_REQ_INFO *ri;
	EVP_PKEY *pkey;		EVP_PKEY *pkey;
	STACK_OF(X509_ATTRIBUTE) *sk;		STACK_OF(X509_ATTRIBUTE) *sk;
			STACK_OF(X509_EXTENSION) *exts;
	char str[128];		char str[128];

	ri=x->req_info;		ri=x->req_info;
	@@ -161,6 +163,8 @@ int X509_REQ_print(BIO bp, X509_REQ x)
	int j,type=0,count=1,ii=0;		int j,type=0,count=1,ii=0;

	a=sk_X509_ATTRIBUTE_value(sk,i);		a=sk_X509_ATTRIBUTE_value(sk,i);
			if(X509_REQ_extension_nid(OBJ_obj2nid(a->object)))
			continue;
	sprintf(str,"%12s","");		sprintf(str,"%12s","");
	if (BIO_puts(bp,str) <= 0) goto err;		if (BIO_puts(bp,str) <= 0) goto err;
	if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)		if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0)
	@@ -201,6 +205,29 @@ get_next:
	}		}
	}		}

			exts = X509_REQ_get_extensions(x);
			if(exts) {
			BIO_printf(bp,"%8sRequested Extensions:\n","");
			for (i=0; i<sk_X509_EXTENSION_num(exts); i++) {
			ASN1_OBJECT *obj;
			X509_EXTENSION *ex;
			int j;
			ex=sk_X509_EXTENSION_value(exts, i);
			if (BIO_printf(bp,"%12s","") <= 0) goto err;
			obj=X509_EXTENSION_get_object(ex);
			i2a_ASN1_OBJECT(bp,obj);
			j=X509_EXTENSION_get_critical(ex);
			if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0)
			goto err;
			if(!X509V3_EXT_print(bp, ex, 0, 16)) {
			BIO_printf(bp, "%16s", "");
			ASN1_OCTET_STRING_print(bp,ex->value);
			}
			if (BIO_write(bp,"\n",1) <= 0) goto err;
			}
			sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
			}

	i=OBJ_obj2nid(x->sig_alg->algorithm);		i=OBJ_obj2nid(x->sig_alg->algorithm);
	sprintf(str,"%4sSignature Algorithm: %s","",		sprintf(str,"%4sSignature Algorithm: %s","",
	(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));		(i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i));

crypto/asn1/t_x509.c

+0 −4

Original line number	Original line	Diff line number	Diff line
	@@ -188,11 +188,7 @@ int X509_print(BIO bp, X509 x)
	BIO_printf(bp,"%8sX509v3 extensions:\n","");		BIO_printf(bp,"%8sX509v3 extensions:\n","");
	for (i=0; i<n; i++)		for (i=0; i<n; i++)
	{		{
	#if 0
	int data_type,pack_type;
	#endif
	ASN1_OBJECT *obj;		ASN1_OBJECT *obj;

	ex=X509_get_ext(x,i);		ex=X509_get_ext(x,i);
	if (BIO_printf(bp,"%12s","") <= 0) goto err;		if (BIO_printf(bp,"%12s","") <= 0) goto err;
	obj=X509_EXTENSION_get_object(ex);		obj=X509_EXTENSION_get_object(ex);

crypto/objects/objects.h

+12 −0

Original line number	Original line	Diff line number	Diff line
	@@ -890,6 +890,18 @@ extern "C" {
	#define NID_pbeWithSHA1AndDES_CBC 170		#define NID_pbeWithSHA1AndDES_CBC 170
	#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L		#define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L

			/* Extension request OIDs */

			#define LN_ms_ext_req "Microsoft Extension Request"
			#define SN_ms_ext_req "msExtReq"
			#define NID_ms_ext_req 171
			#define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L

			#define LN_ext_req "Extension Request"
			#define SN_ext_req "extReq"
			#define NID_ext_req 172
			#define OBJ_ext_req OBJ_pkcs9,14L

	#include <openssl/bio.h>		#include <openssl/bio.h>
	#include <openssl/asn1.h>		#include <openssl/asn1.h>