From b39330c4873d4c3923a577e89690fc0e43b0c61a Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 22 Aug 2007 06:46:34 +0000
Subject: r24614: Merge with current lorikeet-heimdal.  This brings us one step
 closer to an alpha release.

Andrew Bartlett
(This used to be commit 30e02747d511630659c59eafec8d28f58605943b)
---
 source4/heimdal/lib/hx509/ca.c            |  4 +--
 source4/heimdal/lib/hx509/cert.c          |  4 +--
 source4/heimdal/lib/hx509/hx509-private.h | 32 ---------------------
 source4/heimdal/lib/hx509/ks_p11.c        | 11 ++++++-
 source4/heimdal/lib/hx509/peer.c          |  6 ++--
 source4/heimdal/lib/hx509/print.c         | 48 +++++++++++++++++++++++++++++--
 6 files changed, 62 insertions(+), 43 deletions(-)

(limited to 'source4/heimdal/lib/hx509')

diff --git a/source4/heimdal/lib/hx509/ca.c b/source4/heimdal/lib/hx509/ca.c
index 0e48269aa4..bf8fe1be1a 100644
--- a/source4/heimdal/lib/hx509/ca.c
+++ b/source4/heimdal/lib/hx509/ca.c
@@ -33,7 +33,7 @@
 
 #include "hx_locl.h"
 #include <pkinit_asn1.h>
-RCSID("$Id: ca.c 20904 2007-06-05 01:58:45Z lha $");
+RCSID("$Id: ca.c 21379 2007-06-28 07:38:17Z lha $");
 
 struct hx509_ca_tbs {
     hx509_name subject;
@@ -1002,7 +1002,7 @@ ca_sign(hx509_context context,
 	if (size != data.length)
 	    _hx509_abort("internal ASN.1 encoder error");
 	ret = add_extension(context, tbsc, 0,
-			    oid_id_pe_proxyCertInfo(),
+			    oid_id_pkix_pe_proxyCertInfo(),
 			    &data);
 	free(data.data);
 	if (ret)
diff --git a/source4/heimdal/lib/hx509/cert.c b/source4/heimdal/lib/hx509/cert.c
index caf163f8e4..b7f19d152a 100644
--- a/source4/heimdal/lib/hx509/cert.c
+++ b/source4/heimdal/lib/hx509/cert.c
@@ -32,7 +32,7 @@
  */
 
 #include "hx_locl.h"
-RCSID("$Id: cert.c 21294 2007-06-25 14:37:15Z lha $");
+RCSID("$Id: cert.c 21380 2007-06-28 07:38:38Z lha $");
 #include "crypto-headers.h"
 #include <rtbl.h>
 
@@ -898,7 +898,7 @@ is_proxy_cert(hx509_context context,
     if (rinfo)
 	memset(rinfo, 0, sizeof(*rinfo));
 
-    e = find_extension(cert, oid_id_pe_proxyCertInfo(), &i);
+    e = find_extension(cert, oid_id_pkix_pe_proxyCertInfo(), &i);
     if (e == NULL) {
 	hx509_clear_error_string(context);
 	return HX509_EXTENSION_NOT_FOUND;
diff --git a/source4/heimdal/lib/hx509/hx509-private.h b/source4/heimdal/lib/hx509/hx509-private.h
index 451c3c89f2..acbc3218c6 100644
--- a/source4/heimdal/lib/hx509/hx509-private.h
+++ b/source4/heimdal/lib/hx509/hx509-private.h
@@ -314,14 +314,6 @@ _hx509_pbe_decrypt (
 	const heim_octet_string */*econtent*/,
 	heim_octet_string */*content*/);
 
-int
-_hx509_pbe_encrypt (
-	hx509_context /*context*/,
-	hx509_lock /*lock*/,
-	const AlgorithmIdentifier */*ai*/,
-	const heim_octet_string */*content*/,
-	heim_octet_string */*econtent*/);
-
 void
 _hx509_pi_printf (
 	int (*/*func*/)(void *, const char *),
@@ -422,35 +414,11 @@ _hx509_request_add_email (
 void
 _hx509_request_free (hx509_request */*req*/);
 
-int
-_hx509_request_get_SubjectPublicKeyInfo (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	SubjectPublicKeyInfo */*key*/);
-
-int
-_hx509_request_get_name (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	hx509_name */*name*/);
-
 int
 _hx509_request_init (
 	hx509_context /*context*/,
 	hx509_request */*req*/);
 
-int
-_hx509_request_parse (
-	hx509_context /*context*/,
-	const char */*path*/,
-	hx509_request */*req*/);
-
-int
-_hx509_request_print (
-	hx509_context /*context*/,
-	hx509_request /*req*/,
-	FILE */*f*/);
-
 int
 _hx509_request_set_SubjectPublicKeyInfo (
 	hx509_context /*context*/,
diff --git a/source4/heimdal/lib/hx509/ks_p11.c b/source4/heimdal/lib/hx509/ks_p11.c
index b899005b33..e3066bbcfa 100644
--- a/source4/heimdal/lib/hx509/ks_p11.c
+++ b/source4/heimdal/lib/hx509/ks_p11.c
@@ -32,7 +32,7 @@
  */
 
 #include "hx_locl.h"
-RCSID("$Id: ks_p11.c 21085 2007-06-13 06:39:53Z lha $");
+RCSID("$Id: ks_p11.c 21387 2007-06-28 08:53:45Z lha $");
 #ifdef HAVE_DLFCN_H
 #include <dlfcn.h>
 #endif
@@ -1129,8 +1129,17 @@ p11_printinfo(hx509_context context,
 		MECHNAME(CKM_RSA_X_509, "rsa-x-509");
 		MECHNAME(CKM_MD5_RSA_PKCS, "md5-rsa-pkcs");
 		MECHNAME(CKM_SHA1_RSA_PKCS, "sha1-rsa-pkcs");
+		MECHNAME(CKM_SHA256_RSA_PKCS, "sha256-rsa-pkcs");
+		MECHNAME(CKM_SHA384_RSA_PKCS, "sha384-rsa-pkcs");
+		MECHNAME(CKM_SHA512_RSA_PKCS, "sha512-rsa-pkcs");
 		MECHNAME(CKM_RIPEMD160_RSA_PKCS, "ripemd160-rsa-pkcs");
 		MECHNAME(CKM_RSA_PKCS_OAEP, "rsa-pkcs-oaep");
+		MECHNAME(CKM_SHA512_HMAC, "sha512-hmac");
+		MECHNAME(CKM_SHA512, "sha512");
+		MECHNAME(CKM_SHA384_HMAC, "sha384-hmac");
+		MECHNAME(CKM_SHA384, "sha384");
+		MECHNAME(CKM_SHA256_HMAC, "sha256-hmac");
+		MECHNAME(CKM_SHA256, "sha256");
 		MECHNAME(CKM_SHA_1, "sha1");
 		MECHNAME(CKM_MD5, "md5");
 		MECHNAME(CKM_MD2, "md2");
diff --git a/source4/heimdal/lib/hx509/peer.c b/source4/heimdal/lib/hx509/peer.c
index eccedf1043..e90f8f34b0 100644
--- a/source4/heimdal/lib/hx509/peer.c
+++ b/source4/heimdal/lib/hx509/peer.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2006 Kungliga Tekniska Högskolan
+ * Copyright (c) 2006 - 2007 Kungliga Tekniska Högskolan
  * (Royal Institute of Technology, Stockholm, Sweden). 
  * All rights reserved. 
  *
@@ -32,7 +32,7 @@
  */
 
 #include "hx_locl.h"
-RCSID("$Id: peer.c 20938 2007-06-06 20:51:34Z lha $");
+RCSID("$Id: peer.c 21481 2007-07-10 16:33:23Z lha $");
 
 int
 hx509_peer_info_alloc(hx509_context context, hx509_peer_info *peer)
@@ -143,7 +143,7 @@ hx509_peer_info_parse(hx509_peer_info peer,
 
 int
 hx509_peer_info_unparse(hx509_peer_info peer,
-		     heim_octet_string *data)
+			heim_octet_string *data)
 {
     return 0;
 }
diff --git a/source4/heimdal/lib/hx509/print.c b/source4/heimdal/lib/hx509/print.c
index dc9d4cfa58..e6f71ea2ce 100644
--- a/source4/heimdal/lib/hx509/print.c
+++ b/source4/heimdal/lib/hx509/print.c
@@ -32,7 +32,7 @@
  */
 
 #include "hx_locl.h"
-RCSID("$Id: print.c 20908 2007-06-05 02:59:33Z lha $");
+RCSID("$Id: print.c 21381 2007-06-28 08:29:22Z lha $");
 
 
 struct hx509_validate_ctx_data {
@@ -591,11 +591,50 @@ check_proxyCertInfo(hx509_validate_ctx ctx,
 		    enum critical_flag cf, 
 		    const Extension *e)
 {
+    check_Null(ctx, status, cf, e);
     status->isproxy = 1;
+    return 0;
+}
+
+static int
+check_authorityInfoAccess(hx509_validate_ctx ctx, 
+			  struct cert_status *status,
+			  enum critical_flag cf, 
+			  const Extension *e)
+{
+    AuthorityInfoAccessSyntax aia;
+    size_t size;
+    int ret, i;
+
+    check_Null(ctx, status, cf, e);
+
+    ret = decode_AuthorityInfoAccessSyntax(e->extnValue.data, 
+					   e->extnValue.length,
+					   &aia, &size);
+    if (ret) {
+	printf("\tret = %d while decoding AuthorityInfoAccessSyntax\n", ret);
+	return 0;
+    }
+
+    for (i = 0; i < aia.len; i++) {
+	char *str;
+	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+		       "\ttype: ");
+	hx509_oid_print(&aia.val[i].accessMethod, validate_vprint, ctx);
+	hx509_general_name_unparse(&aia.val[i].accessLocation, &str);
+	validate_print(ctx, HX509_VALIDATE_F_VERBOSE,
+		       "\n\tdirname: %s\n", str);
+	free(str);
+    }
+    free_AuthorityInfoAccessSyntax(&aia);
 
     return 0;
 }
 
+/*
+ *
+ */
+
 struct {
     const char *name;
     const heim_oid *(*oid)(void);
@@ -628,8 +667,11 @@ struct {
     { ext(extKeyUsage, Null), D_C },
     { ext(freshestCRL, Null), M_N_C },
     { ext(inhibitAnyPolicy, Null), M_C },
-    { "proxyCertInfo", oid_id_pe_proxyCertInfo, 
-      check_proxyCertInfo, M_C },
+#undef ext
+#define ext(name, checkname) #name, &oid_id_pkix_pe_##name, check_##checkname 
+    { ext(proxyCertInfo, proxyCertInfo), M_C },
+    { ext(authorityInfoAccess, authorityInfoAccess), M_C },
+#undef ext
     { "US Fed PKI - PIV Interim", oid_id_uspkicommon_piv_interim, 
       check_Null, D_C },
     { "Netscape cert comment", oid_id_netscape_cert_comment, 
-- 
cgit