diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2007-08-22 06:46:34 +0000 |
|---|---|---|
| committer | Gerald (Jerry) Carter <jerry@samba.org> | 2007-10-10 15:02:25 -0500 |
| commit | b39330c4873d4c3923a577e89690fc0e43b0c61a (patch) | |
| tree | 882a09a9e2ef446d3662ac542d1bf60fb8e7dfb2 /source4/heimdal/lib/hx509 | |
| parent | db24e606f10902de49891e32600403274ece16da (diff) | |
| download | samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.tar.gz samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.tar.bz2 samba-b39330c4873d4c3923a577e89690fc0e43b0c61a.zip | |
r24614: Merge with current lorikeet-heimdal. This brings us one step closer
to an alpha release.
Andrew Bartlett
(This used to be commit 30e02747d511630659c59eafec8d28f58605943b)
Diffstat (limited to 'source4/heimdal/lib/hx509')
| -rw-r--r-- | source4/heimdal/lib/hx509/ca.c | 4 | ||||
| -rw-r--r-- | source4/heimdal/lib/hx509/cert.c | 4 | ||||
| -rw-r--r-- | source4/heimdal/lib/hx509/hx509-private.h | 32 | ||||
| -rw-r--r-- | source4/heimdal/lib/hx509/ks_p11.c | 11 | ||||
| -rw-r--r-- | source4/heimdal/lib/hx509/peer.c | 6 | ||||
| -rw-r--r-- | source4/heimdal/lib/hx509/print.c | 48 |
6 files changed, 62 insertions, 43 deletions
diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c index 0e48269aa4..bf8fe1be1a 100644 --- a/source4/heimdal/lib/hx509/ca.c +++ b/source4/heimdal/lib/hx509/ca.c @@ -33,7 +33,7 @@ #include "hx_locl.h" #include <pkinit_asn1.h> -RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $"); +RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $"); struct hx509_ca_tbs { hx509_name subject; @@ -1002,7 +1002,7 @@ ca_sign(hx509_context context, if (size != data.length) _hx509_abort("internal ASN.1 encoder error"); ret = add_extension(context, tbsc, 0, - oid_id_pe_proxyCertInfo(), + oid_id_pkix_pe_proxyCertInfo(), &data); free(data.data); if (ret) diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c index caf163f8e4..b7f19d152a 100644 --- a/source4/heimdal/lib/hx509/cert.c +++ b/source4/heimdal/lib/hx509/cert.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $"); +RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $"); #include "crypto-headers.h" #include <rtbl.h> @@ -898,7 +898,7 @@ is_proxy_cert(hx509_context context, if (rinfo) memset(rinfo, 0, sizeof(*rinfo)); - e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i); + e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i); if (e == NULL) { hx509_clear_error_string(context); return HX509_EXTENSION_NOT_FOUND; diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h index 451c3c89f2..acbc3218c6 100644 --- a/source4/heimdal/lib/hx509/hx509-private.h +++ b/source4/heimdal/lib/hx509/hx509-private.h @@ -314,14 +314,6 @@ _hx509_pbe_decrypt ( const heim_octet_string */*econtent*/, heim_octet_string */*content*/); -int -_hx509_pbe_encrypt ( - hx509_context /*context*/, - hx509_lock /*lock*/, - const AlgorithmIdentifier */*ai*/, - const heim_octet_string */*content*/, - heim_octet_string */*econtent*/); - void _hx509_pi_printf ( int (*/*func*/)(void *, const char *), @@ -423,35 +415,11 @@ void _hx509_request_free (hx509_request */*req*/); int -_hx509_request_get_SubjectPublicKeyInfo ( - hx509_context /*context*/, - hx509_request /*req*/, - SubjectPublicKeyInfo */*key*/); - -int -_hx509_request_get_name ( - hx509_context /*context*/, - hx509_request /*req*/, - hx509_name */*name*/); - -int _hx509_request_init ( hx509_context /*context*/, hx509_request */*req*/); int -_hx509_request_parse ( - hx509_context /*context*/, - const char */*path*/, - hx509_request */*req*/); - -int -_hx509_request_print ( - hx509_context /*context*/, - hx509_request /*req*/, - FILE */*f*/); - -int _hx509_request_set_SubjectPublicKeyInfo ( hx509_context /*context*/, hx509_request /*req*/, diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c index b899005b33..e3066bbcfa 100644 --- a/source4/heimdal/lib/hx509/ks_p11.c +++ b/source4/heimdal/lib/hx509/ks_p11.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $"); +RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $"); #ifdef HAVE_DLFCN_H #include <dlfcn.h> #endif @@ -1129,8 +1129,17 @@ p11_printinfo(hx509_context context, MECHNAME(CKM_RSA_X_509, "rsa-x-509"); MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs"); MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs"); + MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs"); + MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs"); + MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs"); MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs"); MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep"); + MECHNAME(CKM_SHA512_HMAC, "sha512-hmac"); + MECHNAME(CKM_SHA512, "sha512"); + MECHNAME(CKM_SHA384_HMAC, "sha384-hmac"); + MECHNAME(CKM_SHA384, "sha384"); + MECHNAME(CKM_SHA256_HMAC, "sha256-hmac"); + MECHNAME(CKM_SHA256, "sha256"); MECHNAME(CKM_SHA_1, "sha1"); MECHNAME(CKM_MD5, "md5"); MECHNAME(CKM_MD2, "md2"); diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c index eccedf1043..e90f8f34b0 100644 --- a/source4/heimdal/lib/hx509/peer.c +++ b/source4/heimdal/lib/hx509/peer.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 2006 Kungliga Tekniska Högskolan + * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $"); +RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $"); int hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer) @@ -143,7 +143,7 @@ hx509_peer_info_parse(hx509_peer_info peer, int hx509_peer_info_unparse(hx509_peer_info peer, - heim_octet_string *data) + heim_octet_string *data) { return 0; } diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c index dc9d4cfa58..e6f71ea2ce 100644 --- a/source4/heimdal/lib/hx509/print.c +++ b/source4/heimdal/lib/hx509/print.c @@ -32,7 +32,7 @@ */ #include "hx_locl.h" -RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $"); +RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $"); struct hx509_validate_ctx_data { @@ -591,11 +591,50 @@ check_proxyCertInfo(hx509_validate_ctx ctx, enum critical_flag cf, const Extension *e) { + check_Null(ctx, status, cf, e); status->isproxy = 1; + return 0; +} + +static int +check_authorityInfoAccess(hx509_validate_ctx ctx, + struct cert_status *status, + enum critical_flag cf, + const Extension *e) +{ + AuthorityInfoAccessSyntax aia; + size_t size; + int ret, i; + + check_Null(ctx, status, cf, e); + + ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, + e->extnValue.length, + &aia, &size); + if (ret) { + printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret); + return 0; + } + + for (i = 0; i < aia.len; i++) { + char *str; + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\ttype: "); + hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx); + hx509_general_name_unparse(&aia.val[i].accessLocation, &str); + validate_print(ctx, HX509_VALIDATE_F_VERBOSE, + "\n\tdirname: %s\n", str); + free(str); + } + free_AuthorityInfoAccessSyntax(&aia); return 0; } +/* + * + */ + struct { const char *name; const heim_oid *(*oid)(void); @@ -628,8 +667,11 @@ struct { { ext(extKeyUsage, Null), D_C }, { ext(freshestCRL, Null), M_N_C }, { ext(inhibitAnyPolicy, Null), M_C }, - { "proxyCertInfo", oid_id_pe_proxyCertInfo, - check_proxyCertInfo, M_C }, +#undef ext +#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname + { ext(proxyCertInfo, proxyCertInfo), M_C }, + { ext(authorityInfoAccess, authorityInfoAccess), M_C }, +#undef ext { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, check_Null, D_C }, { "Netscape cert comment", oid_id_netscape_cert_comment, |