diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-01-06 13:23:12 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2004-01-06 13:23:12 +0000 |
| commit | 44344e2c94ecfbf57de79d3683ef59188e6a00c7 (patch) | |
| tree | 8a4b4705029bc7ac00fb60c03404778e7e4da1e4 | |
| parent | 692436f63d9c0615f50444101cbe56855bb6f255 (diff) | |
| download | gnutls-44344e2c94ecfbf57de79d3683ef59188e6a00c7.tar.gz | |
* Added the gnutls_sign_algorithm type.
* Improved the DN parser.
| -rw-r--r-- | NEWS | 3 | ||||
| -rw-r--r-- | doc/TODO | 2 | ||||
| -rw-r--r-- | includes/gnutls/x509.h | 18 | ||||
| -rw-r--r-- | lib/gnutls.h.in.in | 5 | ||||
| -rw-r--r-- | lib/gnutls_handshake.c | 2 | ||||
| -rw-r--r-- | lib/gnutls_int.h | 5 | ||||
| -rw-r--r-- | lib/pkix.asn | 137 | ||||
| -rw-r--r-- | lib/pkix_asn1_tab.c | 156 | ||||
| -rw-r--r-- | lib/x509/common.c | 61 | ||||
| -rw-r--r-- | lib/x509/common.h | 15 | ||||
| -rw-r--r-- | lib/x509/crl.c | 4 | ||||
| -rw-r--r-- | lib/x509/crq.c | 1 | ||||
| -rw-r--r-- | lib/x509/dn.c | 9 | ||||
| -rw-r--r-- | lib/x509/mpi.c | 2 | ||||
| -rw-r--r-- | lib/x509/pkcs12.c | 4 | ||||
| -rw-r--r-- | lib/x509/sign.c | 2 | ||||
| -rw-r--r-- | lib/x509/x509.c | 4 | ||||
| -rw-r--r-- | src/certtool.c | 27 |
18 files changed, 243 insertions, 214 deletions
@@ -1,3 +1,6 @@ +Version 1.1.5 +- Added the gnutls_sign_algorithm type. + Version 1.1.4 (04/01/2004) - Improved gnutls-cli's SRP behaviour in SRP ciphersuites. If they are of highest priority then the abreviated handshake @@ -10,8 +10,6 @@ Current list: * Add function to extract the signers of an openpgp key. Should be similar to gnutls_x509_crt_get_dn_oid(). * Add function to verify an openpgp key against a plain key. -* Add support for adding and reading pictures from a certificate - (see rfc3039). * Convert documentation to texinfo format * Audit the code * Allow sending V2 Hello messages. It seems that some (old) broken diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index d482c8bf62..ab8346d3c9 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -33,7 +33,8 @@ extern "C" { #include <gnutls/gnutls.h> -/* Some OIDs usually found in Distinguished names +/* Some OIDs usually found in Distinguished names, or + * in Subject Directory Attribute extensions. */ #define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6" #define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10" @@ -41,6 +42,21 @@ extern "C" { #define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" #define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" #define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" + +#define GNUTLS_OID_X520_INITIALS "2.5.4.43" +#define GNUTLS_OID_X520_GENERATION_QUALIFIER "2.5.4.44" +#define GNUTLS_OID_X520_SURNAME "2.5.4.4" +#define GNUTLS_OID_X520_GIVEN_NAME "2.5.4.42" +#define GNUTLS_OID_X520_TITLE "2.5.4.12" +#define GNUTLS_OID_X520_DN_QUALIFIER "2.5.4.46" +#define GNUTLS_OID_X520_PSEUDONYM "2.5.4.65" + +#define GNUTLS_OID_PKIX_DATE_OF_BIRTH "1.3.6.1.5.5.7.9.1" +#define GNUTLS_OID_PKIX_PLACE_OF_BIRTH "1.3.6.1.5.5.7.9.2" +#define GNUTLS_OID_PKIX_GENDER "1.3.6.1.5.5.7.9.3" +#define GNUTLS_OID_PKIX_COUNTRY_OF_CITIZENSHIP "1.3.6.1.5.5.7.9.4" +#define GNUTLS_OID_PKIX_COUNTRY_OF_RESIDENCE "1.3.6.1.5.5.7.9.5" + #define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25" #define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1" #define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" diff --git a/lib/gnutls.h.in.in b/lib/gnutls.h.in.in index 7c4cceeac1..5ff1627adb 100644 --- a/lib/gnutls.h.in.in +++ b/lib/gnutls.h.in.in @@ -159,6 +159,11 @@ typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, GNUTLS_PK_UNKNOWN = 0xff } gnutls_pk_algorithm; +typedef enum gnutls_sign_algorithm { GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA, + GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, + GNUTLS_SIGN_UNKNOWN = 0xff +} gnutls_sign_algorithm; + /* If you want to change this, then also change the * define in gnutls_int.h, and recompile. */ diff --git a/lib/gnutls_handshake.c b/lib/gnutls_handshake.c index 8aeb097f3c..38767ba350 100644 --- a/lib/gnutls_handshake.c +++ b/lib/gnutls_handshake.c @@ -269,6 +269,8 @@ int _gnutls_read_client_hello(gnutls_session session, opaque * data, */ ver = _gnutls_version_max(session); if (ver==GNUTLS_VERSION_UNKNOWN) { + /* this check is not really needed. + */ gnutls_assert(); return GNUTLS_E_UNKNOWN_CIPHER_SUITE; } diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 6afd762d3b..c20ab7b8f1 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -212,6 +212,11 @@ typedef enum gnutls_pk_algorithm { GNUTLS_PK_RSA = 1, GNUTLS_PK_DSA, GNUTLS_PK_UNKNOWN = 0xff } gnutls_pk_algorithm; +typedef enum gnutls_sign_algorithm { GNUTLS_SIGN_RSA_SHA = 1, GNUTLS_SIGN_DSA_SHA, + GNUTLS_SIGN_RSA_MD5, GNUTLS_SIGN_RSA_MD2, + GNUTLS_SIGN_UNKNOWN = 0xff +} gnutls_sign_algorithm; + /* STATE (stop) */ typedef void (*LOG_FUNC)( int, const char*); diff --git a/lib/pkix.asn b/lib/pkix.asn index 2ec091e0fc..71cc5645d8 100644 --- a/lib/pkix.asn +++ b/lib/pkix.asn @@ -107,6 +107,15 @@ PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { -- subject alternative name extension OID and syntax +-- Directory string type -- + +DirectoryString ::= CHOICE { + teletexString TeletexString (SIZE (1..MAX)), + printableString PrintableString (SIZE (1..MAX)), + universalString UniversalString (SIZE (1..MAX)), + utf8String UTF8String (SIZE (1..MAX)), + bmpString BMPString (SIZE(1..MAX)) } + id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } SubjectAltName ::= GeneralNames @@ -399,88 +408,38 @@ AttributeTypeAndValue ::= SEQUENCE { id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} -- Attributes of type NameDirectoryString -id-at-name AttributeType ::= {id-at 41} -id-at-surname AttributeType ::= {id-at 4} -id-at-givenName AttributeType ::= {id-at 42} -id-at-initials AttributeType ::= {id-at 43} -id-at-generationQualifier AttributeType ::= {id-at 44} - -X520name ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-name)), - printableString PrintableString (SIZE (1..ub-name)), - universalString UniversalString (SIZE (1..ub-name)), - utf8String UTF8String (SIZE (1..ub-name)), - bmpString BMPString (SIZE(1..ub-name)) } +id-at-initials AttributeType ::= { id-at 43 } +X520initials ::= DirectoryString --- +id-at-generationQualifier AttributeType ::= { id-at 44 } +X520generationQualifier ::= DirectoryString -id-at-commonName AttributeType ::= {id-at 3} +id-at-surname AttributeType ::= { id-at 4 } +X520surName ::= DirectoryString -X520CommonName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-common-name)), - printableString PrintableString (SIZE (1..ub-common-name)), - universalString UniversalString (SIZE (1..ub-common-name)), - utf8String UTF8String (SIZE (1..ub-common-name)), - bmpString BMPString (SIZE(1..ub-common-name)) } +id-at-givenName AttributeType ::= { id-at 42 } +X520givenName ::= DirectoryString --- +id-at-name AttributeType ::= { id-at 41 } +X520name ::= DirectoryString -id-at-localityName AttributeType ::= {id-at 7} - -X520LocalityName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-locality-name)), - printableString PrintableString (SIZE (1..ub-locality-name)), - universalString UniversalString (SIZE (1..ub-locality-name)), - utf8String UTF8String (SIZE (1..ub-locality-name)), - bmpString BMPString (SIZE(1..ub-locality-name)) } +id-at-commonName AttributeType ::= {id-at 3} +X520CommonName ::= DirectoryString --- +id-at-localityName AttributeType ::= {id-at 7} +X520LocalityName ::= DirectoryString id-at-stateOrProvinceName AttributeType ::= {id-at 8} - -X520StateOrProvinceName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-state-name)), - printableString PrintableString (SIZE (1..ub-state-name)), - universalString UniversalString (SIZE (1..ub-state-name)), - utf8String UTF8String (SIZE (1..ub-state-name)), - bmpString BMPString (SIZE(1..ub-state-name)) } - --- +X520StateOrProvinceName ::= DirectoryString id-at-organizationName AttributeType ::= {id-at 10} - -X520OrganizationName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-organization-name)), - printableString PrintableString (SIZE (1..ub-organization-name)), - universalString UniversalString (SIZE (1..ub-organization-name)), - utf8String UTF8String (SIZE (1..ub-organization-name)), - bmpString BMPString (SIZE(1..ub-organization-name)) } - --- +X520OrganizationName ::= DirectoryString id-at-organizationalUnitName AttributeType ::= {id-at 11} - -X520OrganizationalUnitName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-organizational-unit-name)), - printableString PrintableString - (SIZE (1..ub-organizational-unit-name)), - universalString UniversalString - (SIZE (1..ub-organizational-unit-name)), - utf8String UTF8String (SIZE (1..ub-organizational-unit-name)), - bmpString BMPString (SIZE(1..ub-organizational-unit-name)) } - --- +X520OrganizationalUnitName ::= DirectoryString id-at-title AttributeType ::= {id-at 12} - -X520Title ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-title)), - printableString PrintableString (SIZE (1..ub-title)), - universalString UniversalString (SIZE (1..ub-title)), - utf8String UTF8String (SIZE (1..ub-title)), - bmpString BMPString (SIZE(1..ub-title)) } - --- +X520Title ::= DirectoryString id-at-dnQualifier AttributeType ::= {id-at 46} X520dnQualifier ::= PrintableString @@ -488,6 +447,18 @@ X520dnQualifier ::= PrintableString id-at-countryName AttributeType ::= {id-at 6} X520countryName ::= PrintableString (SIZE (2)) -- IS 3166 codes +id-at-pseudonym AttributeType ::= {id-at 65} +X520pseudonym ::= DirectoryString + +id-at-streetAddress AttributeType ::= {id-at 9} +X520streetAddress ::= DirectoryString + +id-at-postalAddress ::= {id-at 16} +X520postalAddress ::= PostalAddress + +PostalAddress ::= SEQUENCE OF DirectoryString + + -- Legacy attributes pkcs OBJECT IDENTIFIER ::= @@ -513,14 +484,6 @@ DistinguishedName ::= RDNSequence RelativeDistinguishedName ::= SET SIZE (1 .. MAX) OF AttributeTypeAndValue --- Directory string type -- - -DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1..MAX)), - bmpString BMPString (SIZE(1..MAX)) } -- -------------------------------------------------------- @@ -1217,4 +1180,26 @@ id-at-ldap-UID AttributeType ::= { 0 9 2342 19200300 100 1 1 } ldap-UID ::= IA5String +-- rfc3039 + +id-pda OBJECT IDENTIFIER ::= { id-pkix 9 } + +id-pda-dateOfBirth AttributeType ::= { id-pda 1 } +DateOfBirth ::= GeneralizedTime + +id-pda-placeOfBirth AttributeType ::= { id-pda 2 } +PlaceOfBirth ::= DirectoryString + +id-pda-gender AttributeType ::= { id-pda 3 } +Gender ::= PrintableString (SIZE(1)) + -- "M", "F", "m" or "f" + +id-pda-countryOfCitizenship AttributeType ::= { id-pda 4 } +CountryOfCitizenship ::= PrintableString (SIZE (2)) + -- ISO 3166 Country Code + +id-pda-countryOfResidence AttributeType ::= { id-pda 5 } +CountryOfResidence ::= PrintableString (SIZE (2)) + -- ISO 3166 Country Code + END diff --git a/lib/pkix_asn1_tab.c b/lib/pkix_asn1_tab.c index 159c0c64be..7a3d22cedf 100644 --- a/lib/pkix_asn1_tab.c +++ b/lib/pkix_asn1_tab.c @@ -84,6 +84,17 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[]={ {0,536870917,0}, {"issuerDomainPolicy",1073741826,"CertPolicyId"}, {"subjectDomainPolicy",2,"CertPolicyId"}, + {"DirectoryString",1610612754,0}, + {"teletexString",1612709890,"TeletexString"}, + {"MAX",524298,"1"}, + {"printableString",1612709890,"PrintableString"}, + {"MAX",524298,"1"}, + {"universalString",1612709890,"UniversalString"}, + {"MAX",524298,"1"}, + {"utf8String",1612709890,"UTF8String"}, + {"MAX",524298,"1"}, + {"bmpString",538968066,"BMPString"}, + {"MAX",524298,"1"}, {"id-ce-subjectAltName",1879048204,0}, {0,1073741825,"id-ce"}, {0,1,"17"}, @@ -363,116 +374,50 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[]={ {"joint-iso-ccitt",1073741825,"2"}, {"ds",1073741825,"5"}, {0,1,"4"}, - {"id-at-name",1880096780,"AttributeType"}, + {"id-at-initials",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, - {0,1,"41"}, + {0,1,"43"}, + {"X520initials",1073741826,"DirectoryString"}, + {"id-at-generationQualifier",1880096780,"AttributeType"}, + {0,1073741825,"id-at"}, + {0,1,"44"}, + {"X520generationQualifier",1073741826,"DirectoryString"}, {"id-at-surname",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"4"}, + {"X520surName",1073741826,"DirectoryString"}, {"id-at-givenName",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"42"}, - {"id-at-initials",1880096780,"AttributeType"}, - {0,1073741825,"id-at"}, - {0,1,"43"}, - {"id-at-generationQualifier",1880096780,"AttributeType"}, + {"X520givenName",1073741826,"DirectoryString"}, + {"id-at-name",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, - {0,1,"44"}, - {"X520name",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-name",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-name",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-name",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-name",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-name",524298,"1"}, + {0,1,"41"}, + {"X520name",1073741826,"DirectoryString"}, {"id-at-commonName",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"3"}, - {"X520CommonName",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-common-name",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-common-name",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-common-name",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-common-name",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-common-name",524298,"1"}, + {"X520CommonName",1073741826,"DirectoryString"}, {"id-at-localityName",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"7"}, - {"X520LocalityName",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-locality-name",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-locality-name",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-locality-name",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-locality-name",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-locality-name",524298,"1"}, + {"X520LocalityName",1073741826,"DirectoryString"}, {"id-at-stateOrProvinceName",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"8"}, - {"X520StateOrProvinceName",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-state-name",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-state-name",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-state-name",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-state-name",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-state-name",524298,"1"}, + {"X520StateOrProvinceName",1073741826,"DirectoryString"}, {"id-at-organizationName",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"10"}, - {"X520OrganizationName",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-organization-name",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-organization-name",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-organization-name",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-organization-name",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-organization-name",524298,"1"}, + {"X520OrganizationName",1073741826,"DirectoryString"}, {"id-at-organizationalUnitName",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"11"}, - {"X520OrganizationalUnitName",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-organizational-unit-name",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-organizational-unit-name",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-organizational-unit-name",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-organizational-unit-name",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-organizational-unit-name",524298,"1"}, + {"X520OrganizationalUnitName",1073741826,"DirectoryString"}, {"id-at-title",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"12"}, - {"X520Title",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"ub-title",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"ub-title",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"ub-title",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"ub-title",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"ub-title",524298,"1"}, + {"X520Title",1073741826,"DirectoryString"}, {"id-at-dnQualifier",1880096780,"AttributeType"}, {0,1073741825,"id-at"}, {0,1,"46"}, @@ -482,6 +427,10 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[]={ {0,1,"6"}, {"X520countryName",1612709890,"PrintableString"}, {0,1048586,"2"}, + {"id-at-pseudonym",1880096780,"AttributeType"}, + {0,1073741825,"id-at"}, + {0,1,"65"}, + {"X520pseudonym",1073741826,"DirectoryString"}, {"pkcs",1879048204,0}, {"iso",1073741825,"1"}, {"member-body",1073741825,"2"}, @@ -504,17 +453,6 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[]={ {"RelativeDistinguishedName",1612709903,0}, {"MAX",1074266122,"1"}, {0,2,"AttributeTypeAndValue"}, - {"DirectoryString",1610612754,0}, - {"teletexString",1612709890,"TeletexString"}, - {"MAX",524298,"1"}, - {"printableString",1612709890,"PrintableString"}, - {"MAX",524298,"1"}, - {"universalString",1612709890,"UniversalString"}, - {"MAX",524298,"1"}, - {"utf8String",1612709890,"UTF8String"}, - {"MAX",524298,"1"}, - {"bmpString",538968066,"BMPString"}, - {"MAX",524298,"1"}, {"Certificate",1610612741,0}, {"tbsCertificate",1073741826,"TBSCertificate"}, {"signatureAlgorithm",1073741826,"AlgorithmIdentifier"}, @@ -1091,6 +1029,32 @@ const ASN1_ARRAY_TYPE pkix_asn1_tab[]={ {0,1073741825,"100"}, {0,1073741825,"1"}, {0,1,"1"}, - {"ldap-UID",2,"IA5String"}, + {"ldap-UID",1073741826,"IA5String"}, + {"id-pda",1879048204,0}, + {0,1073741825,"id-pkix"}, + {0,1,"9"}, + {"id-pda-dateOfBirth",1880096780,"AttributeType"}, + {0,1073741825,"id-pda"}, + {0,1,"1"}, + {"DateOfBirth",1082130449,0}, + {"id-pda-placeOfBirth",1880096780,"AttributeType"}, + {0,1073741825,"id-pda"}, + {0,1,"2"}, + {"PlaceOfBirth",1073741826,"DirectoryString"}, + {"id-pda-gender",1880096780,"AttributeType"}, + {0,1073741825,"id-pda"}, + {0,1,"3"}, + {"Gender",1612709890,"PrintableString"}, + {0,1048586,"1"}, + {"id-pda-countryOfCitizenship",1880096780,"AttributeType"}, + {0,1073741825,"id-pda"}, + {0,1,"4"}, + {"CountryOfCitizenship",1612709890,"PrintableString"}, + {0,1048586,"2"}, + {"id-pda-countryOfResidence",1880096780,"AttributeType"}, + {0,1073741825,"id-pda"}, + {0,1,"5"}, + {"CountryOfResidence",538968066,"PrintableString"}, + {0,1048586,"2"}, {0,0,0} }; diff --git a/lib/x509/common.c b/lib/x509/common.c index a64528fff9..b466ce192c 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -36,7 +36,7 @@ typedef struct _oid2string { const char * oid; const char * ldap_desc; - int choice; + int choice; /* of type DirectoryString */ int printable; } oid2string; @@ -44,15 +44,31 @@ typedef struct _oid2string { * contained in a rdnSequence and are printable. */ static const oid2string _oid2str[] = { + /* PKIX + */ + {"1.3.6.1.5.5.7.9.1", "dateOfBirth", 0, 1}, + {"1.3.6.1.5.5.7.9.2", "placeOfBirth", 0, 1}, + {"1.3.6.1.5.5.7.9.3", "gender", 0, 1}, + {"1.3.6.1.5.5.7.9.4", "countryOfCitizenship", 0, 1}, + {"1.3.6.1.5.5.7.9.5", "countryOfResidence", 0, 1}, + {"2.5.4.6", "C", 0, 1}, + {"2.5.4.9", "STREET", 1, 1}, {"2.5.4.12", "T", 1, 1}, {"2.5.4.10", "O", 1, 1}, {"2.5.4.11", "OU", 1, 1}, {"2.5.4.3", "CN", 1, 1}, {"2.5.4.7", "L", 1, 1}, {"2.5.4.8", "ST", 1, 1}, + {"2.5.4.5", "serialNumber", 0, 1}, {"2.5.4.20", "telephoneNumber", 0, 1}, + {"2.5.4.4", "surName", 1, 1}, + {"2.5.4.43", "initials", 1, 1}, + {"2.5.4.44", "generationQualifier", 1, 1}, + {"2.5.4.42", "givenName", 1, 1}, + {"2.5.4.65", "pseudonym", 1, 1}, + {"2.5.4.46", "dnQualifier", 0, 1}, {"0.9.2342.19200300.100.1.25", "DC", 0, 1}, {"0.9.2342.19200300.100.1.1", "UID", 0, 1}, @@ -245,23 +261,21 @@ gnutls_pk_algorithm _gnutls_x509_oid2pk_algorithm( const char* oid) return GNUTLS_PK_UNKNOWN; } -gnutls_pk_algorithm _gnutls_x509_oid2sign_algorithm( const char* oid, - gnutls_mac_algorithm * mac) +gnutls_sign_algorithm _gnutls_x509_oid2sign_algorithm( const char* oid) { if (strcmp( oid, RSA_MD5_OID) == 0) { - if (mac) *mac = GNUTLS_MAC_MD5; - return GNUTLS_PK_RSA; + return GNUTLS_SIGN_RSA_MD5; } else if (strcmp( oid, RSA_SHA1_OID) == 0) { - if (mac) *mac = GNUTLS_MAC_SHA; - return GNUTLS_PK_RSA; + return GNUTLS_SIGN_RSA_SHA; + } else if (strcmp( oid, RSA_MD2_OID) == 0) { + return GNUTLS_SIGN_RSA_MD2; } else if (strcmp( oid, DSA_SHA1_OID) == 0) { - if (mac) *mac = GNUTLS_MAC_SHA; - return GNUTLS_PK_DSA; + return GNUTLS_SIGN_DSA_SHA; } _gnutls_x509_log("Unknown SIGN OID: '%s'\n", oid); - return GNUTLS_PK_UNKNOWN; + return GNUTLS_SIGN_UNKNOWN; } @@ -277,28 +291,41 @@ gnutls_mac_algorithm _gnutls_x509_oid2mac_algorithm( const char* oid) return GNUTLS_MAC_UNKNOWN; } -const char* _gnutls_x509_mac2oid( gnutls_mac_algorithm mac) +const char* _gnutls_x509_mac_to_oid( gnutls_mac_algorithm mac) { if (mac == GNUTLS_MAC_SHA) return OID_SHA1; else if (mac == GNUTLS_MAC_MD5) return OID_MD5; else return NULL; } -const char* _gnutls_x509_pk2oid( gnutls_pk_algorithm pk) +const char* _gnutls_x509_pk_to_oid( gnutls_pk_algorithm pk) { if (pk == GNUTLS_PK_RSA) return PKIX1_RSA_OID; else if (pk == GNUTLS_PK_DSA) return DSA_OID; else return NULL; } -const char* _gnutls_x509_sign2oid( gnutls_pk_algorithm pk, gnutls_mac_algorithm mac) +gnutls_sign_algorithm _gnutls_x509_pk_to_sign( + gnutls_pk_algorithm pk, gnutls_mac_algorithm mac) { if (pk == GNUTLS_PK_RSA) { - if (mac == GNUTLS_MAC_SHA) return RSA_SHA1_OID; - else if (mac == GNUTLS_MAC_MD5) return RSA_MD5_OID; + if (mac == GNUTLS_MAC_SHA) return GNUTLS_SIGN_RSA_SHA; + else if (mac == GNUTLS_MAC_MD5) return GNUTLS_SIGN_RSA_MD5; } else if (pk == GNUTLS_PK_DSA) { - if (mac == GNUTLS_MAC_SHA) return DSA_SHA1_OID; + if (mac == GNUTLS_MAC_SHA) return GNUTLS_SIGN_DSA_SHA; } + return GNUTLS_SIGN_UNKNOWN; +} + +const char* _gnutls_x509_sign_to_oid( gnutls_pk_algorithm pk, gnutls_mac_algorithm mac) +{ +gnutls_sign_algorithm sign; + + sign = _gnutls_x509_pk_to_sign( pk, mac); + + if (sign == GNUTLS_SIGN_RSA_SHA) return RSA_SHA1_OID; + else if (sign == GNUTLS_SIGN_RSA_MD5) return RSA_MD5_OID; + else if (sign == GNUTLS_SIGN_DSA_SHA) return DSA_SHA1_OID; return NULL; } @@ -959,7 +986,7 @@ gnutls_datum der = {NULL, 0}; int result; char name[128]; - pk = _gnutls_x509_pk2oid( pk_algorithm); + pk = _gnutls_x509_pk_to_oid( pk_algorithm); if (pk == NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_PK_ALGORITHM; diff --git a/lib/x509/common.h b/lib/x509/common.h index 34d07d9a23..f29a28f27b 100644 --- a/lib/x509/common.h +++ b/lib/x509/common.h @@ -13,8 +13,11 @@ void _gnutls_int2str(unsigned int k, char *data); #define PKIX1_RSA_OID "1.2.840.113549.1.1.1" #define DSA_OID "1.2.840.10040.4.1" +/* signature OIDs + */ #define DSA_SHA1_OID "1.2.840.10040.4.3" #define RSA_MD5_OID "1.2.840.113549.1.1.4" +#define RSA_MD2_OID "1.2.840.113549.1.1.2" #define RSA_SHA1_OID "1.2.840.113549.1.1.5" time_t _gnutls_x509_utcTime2gtime(const char *ttime); @@ -31,12 +34,14 @@ int _gnutls_x509_oid_data_printable( const char* OID); gnutls_pk_algorithm _gnutls_x509_oid2pk_algorithm( const char* oid); gnutls_mac_algorithm _gnutls_x509_oid2mac_algorithm( const char* oid); -gnutls_pk_algorithm _gnutls_x509_oid2sign_algorithm( const char* oid, - gnutls_mac_algorithm * mac); +gnutls_sign_algorithm _gnutls_x509_oid2sign_algorithm( const char* oid); -const char* _gnutls_x509_pk2oid( gnutls_pk_algorithm pk); -const char* _gnutls_x509_sign2oid( gnutls_pk_algorithm pk, gnutls_mac_algorithm mac); -const char* _gnutls_x509_mac2oid( gnutls_mac_algorithm mac); +const char* _gnutls_x509_pk_to_oid( gnutls_pk_algorithm pk); + +gnutls_sign_algorithm _gnutls_x509_pk_to_sign( + gnutls_pk_algorithm pk, gnutls_mac_algorithm mac); +const char* _gnutls_x509_sign_to_oid( gnutls_sign_algorithm, gnutls_mac_algorithm mac); +const char* _gnutls_x509_mac_to_oid( gnutls_mac_algorithm mac); time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when); diff --git a/lib/x509/crl.c b/lib/x509/crl.c index 89f2738340..552f1e6c9c 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -254,7 +254,7 @@ int gnutls_x509_crl_get_dn_oid(gnutls_x509_crl crl, * gnutls_x509_crl_get_signature_algorithm - This function returns the CRL's signature algorithm * @crl: should contain a gnutls_x509_crl structure * - * This function will return a value of the gnutls_pk_algorithm enumeration that + * This function will return a value of the gnutls_sign_algorithm enumeration that * is the signature algorithm. * * Returns a negative value on error. @@ -281,7 +281,7 @@ int gnutls_x509_crl_get_signature_algorithm(gnutls_x509_crl crl) return result; } - result = _gnutls_x509_oid2sign_algorithm( (const char*)sa.data, NULL); + result = _gnutls_x509_oid2sign_algorithm( (const char*)sa.data); _gnutls_free_datum( &sa); diff --git a/lib/x509/crq.c b/lib/x509/crq.c index 453c31f966..585b8239ea 100644 --- a/lib/x509/crq.c +++ b/lib/x509/crq.c @@ -600,7 +600,6 @@ int gnutls_x509_crq_sign(gnutls_x509_crq crq, gnutls_x509_privkey key) { int result; gnutls_datum signature; -const char* pk; if (crq==NULL) { gnutls_assert(); diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 3f0f34cba5..ef0e6401cc 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -245,7 +245,7 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, ldap_desc = oid2ldap_string(oid); printable = _gnutls_x509_oid_data_printable(oid); - sizeof_escaped = 2*len; + sizeof_escaped = 2*len + 1; escaped = gnutls_malloc( sizeof_escaped); if (escaped == NULL) { @@ -292,10 +292,13 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, res = _gnutls_bin2hex(value2, len, escaped, sizeof_escaped); + + STR_APPEND(ldap_desc); + STR_APPEND("=#"); if (res) { - STR_APPEND(ldap_desc); - STR_APPEND("=#"); STR_APPEND(res); + } else { + STR_APPEND("(null)"); } } diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 53d4e5e2f9..d2d260f63d 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -346,7 +346,7 @@ const char* pk; _gnutls_str_cpy( name, sizeof(name), dst_name); _gnutls_str_cat( name, sizeof(name), ".algorithm"); - pk = _gnutls_x509_sign2oid( pk_algorithm, GNUTLS_MAC_SHA); + pk = _gnutls_x509_sign_to_oid( pk_algorithm, GNUTLS_MAC_SHA); if (pk == NULL) { gnutls_assert(); return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c index db8245af90..49eed5da4c 100644 --- a/lib/x509/pkcs12.c +++ b/lib/x509/pkcs12.c @@ -265,7 +265,7 @@ static int oid2bag( const char* oid) return GNUTLS_BAG_UNKNOWN; } -static const char* bag2oid( int bag) +static const char* bag_to_oid( int bag) { switch (bag) { case GNUTLS_BAG_PKCS8_KEY: @@ -1051,7 +1051,7 @@ const char* oid; for (i=0;i<bag->bag_elements;i++) { - oid = bag2oid( bag->element[i].type); + oid = bag_to_oid( bag->element[i].type); if (oid==NULL) { gnutls_assert(); continue; diff --git a/lib/x509/sign.c b/lib/x509/sign.c index 73d9d56a9d..b63724e060 100644 --- a/lib/x509/sign.c +++ b/lib/x509/sign.c @@ -53,7 +53,7 @@ ASN1_TYPE dinfo = ASN1_TYPE_EMPTY; int result; const char* algo; - algo = _gnutls_x509_mac2oid( hash); + algo = _gnutls_x509_mac_to_oid( hash); if (algo == NULL) { gnutls_assert(); return GNUTLS_E_UNKNOWN_PK_ALGORITHM; diff --git a/lib/x509/x509.c b/lib/x509/x509.c index f0455bb820..db258a8b2f 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -405,7 +405,7 @@ int gnutls_x509_crt_get_dn_oid(gnutls_x509_crt cert, * gnutls_x509_crt_get_signature_algorithm - This function returns the Certificate's signature algorithm * @cert: should contain a gnutls_x509_crt structure * - * This function will return a value of the gnutls_pk_algorithm enumeration that + * This function will return a value of the gnutls_sign_algorithm enumeration that * is the signature algorithm. * * Returns a negative value on error. @@ -431,7 +431,7 @@ int gnutls_x509_crt_get_signature_algorithm(gnutls_x509_crt cert) return result; } - result = _gnutls_x509_oid2sign_algorithm( sa.data, NULL); + result = _gnutls_x509_oid2sign_algorithm( sa.data); _gnutls_free_datum( &sa); diff --git a/src/certtool.c b/src/certtool.c index e412a29d77..f7cdca28be 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -804,7 +804,7 @@ int ret; } -const char* get_algorithm( int a) +const char* get_pk_algorithm( gnutls_pk_algorithm a) { switch (a) { case GNUTLS_PK_RSA: @@ -817,6 +817,23 @@ const char* get_algorithm( int a) } } +const char* get_sign_algorithm( gnutls_sign_algorithm a) +{ + switch (a) { + case GNUTLS_SIGN_RSA_SHA: + return "RSA-SHA"; + case GNUTLS_SIGN_RSA_MD5: + return "RSA-MD5"; + case GNUTLS_SIGN_RSA_MD2: + return "RSA-MD2"; + case GNUTLS_SIGN_DSA_SHA: + return "DSA-SHA"; + break; + default: + return "UNKNOWN"; + } +} + /* OIDs that are handled by the gnutls' functions. */ static inline int known_oid( const char* oid) @@ -920,7 +937,7 @@ static void print_certificate_info( gnutls_x509_crt crt, FILE* out, unsigned int fprintf(out, "Signature Algorithm: "); ret = gnutls_x509_crt_get_signature_algorithm(crt); - cprint = get_algorithm( ret); + cprint = get_sign_algorithm( ret); fprintf(out, "%s\n", cprint); } @@ -940,7 +957,7 @@ static void print_certificate_info( gnutls_x509_crt crt, FILE* out, unsigned int ret = gnutls_x509_crt_get_pk_algorithm(crt, NULL); fprintf(out, "\tPublic Key Algorithm: "); - cprint = get_algorithm( ret); + cprint = get_pk_algorithm( ret); fprintf(out, "%s\n", cprint); @@ -1165,7 +1182,7 @@ static void print_crl_info( gnutls_x509_crl crl, FILE* out, int all) fprintf(out, "Signature Algorithm: "); ret = gnutls_x509_crl_get_signature_algorithm(crl); - cprint = get_algorithm( ret); + cprint = get_sign_algorithm( ret); fprintf(out, "%s\n", cprint); } @@ -1282,7 +1299,7 @@ void privkey_info( void) ret = gnutls_x509_privkey_get_pk_algorithm(key); fprintf(outfile, "\tPublic Key Algorithm: "); - cprint = get_algorithm( ret); + cprint = get_pk_algorithm( ret); fprintf(outfile, "%s\n", cprint); |