From 4d0e43b5e252b979d50c17592c08ae68ece5fa07 Mon Sep 17 00:00:00 2001 From: Ingela Anderton Andin Date: Fri, 11 Jun 2010 08:21:23 +0000 Subject: OTP-8695 New ssl default Ssl has now switched default implementation and removed deprecated certificate handling. All certificate handling is done by the public_key application. --- lib/ssl/pkix/Makefile | 121 ----- lib/ssl/pkix/OTP-PKIX.asn1config | 2 - lib/ssl/pkix/OTP-PKIX.set.asn | 6 - lib/ssl/pkix/PKCS-1.asn1 | 54 --- lib/ssl/pkix/PKIX1Algorithms88.asn1 | 274 ----------- lib/ssl/pkix/PKIX1Algorithms88.hrl | 94 ---- lib/ssl/pkix/PKIX1Explicit88.asn1 | 619 ------------------------- lib/ssl/pkix/PKIX1Explicit88.hrl | 163 ------- lib/ssl/pkix/PKIX1Implicit88.asn1 | 349 -------------- lib/ssl/pkix/PKIX1Implicit88.hrl | 93 ---- lib/ssl/pkix/PKIXAttributeCertificate.asn1 | 189 -------- lib/ssl/pkix/PKIXAttributeCertificate.hrl | 64 --- lib/ssl/pkix/README | 49 -- lib/ssl/pkix/SSL-PKIX.asn1 | 704 ----------------------------- lib/ssl/pkix/mk_ssl_pkix_oid.erl | 94 ---- lib/ssl/pkix/prebuild.skip | 5 - 16 files changed, 2880 deletions(-) delete mode 100644 lib/ssl/pkix/Makefile delete mode 100644 lib/ssl/pkix/OTP-PKIX.asn1config delete mode 100644 lib/ssl/pkix/OTP-PKIX.set.asn delete mode 100755 lib/ssl/pkix/PKCS-1.asn1 delete mode 100644 lib/ssl/pkix/PKIX1Algorithms88.asn1 delete mode 100644 lib/ssl/pkix/PKIX1Algorithms88.hrl delete mode 100644 lib/ssl/pkix/PKIX1Explicit88.asn1 delete mode 100644 lib/ssl/pkix/PKIX1Explicit88.hrl delete mode 100644 lib/ssl/pkix/PKIX1Implicit88.asn1 delete mode 100644 lib/ssl/pkix/PKIX1Implicit88.hrl delete mode 100644 lib/ssl/pkix/PKIXAttributeCertificate.asn1 delete mode 100644 lib/ssl/pkix/PKIXAttributeCertificate.hrl delete mode 100644 lib/ssl/pkix/README delete mode 100644 lib/ssl/pkix/SSL-PKIX.asn1 delete mode 100644 lib/ssl/pkix/mk_ssl_pkix_oid.erl delete mode 100644 lib/ssl/pkix/prebuild.skip (limited to 'lib/ssl/pkix') diff --git a/lib/ssl/pkix/Makefile b/lib/ssl/pkix/Makefile deleted file mode 100644 index 260361c025..0000000000 --- a/lib/ssl/pkix/Makefile +++ /dev/null @@ -1,121 +0,0 @@ -# -# %CopyrightBegin% -# -# Copyright Ericsson AB 2003-2009. All Rights Reserved. -# -# The contents of this file are subject to the Erlang Public License, -# Version 1.1, (the "License"); you may not use this file except in -# compliance with the License. You should have received a copy of the -# Erlang Public License along with this software. If not, it can be -# retrieved online at http://www.erlang.org/. -# -# Software distributed under the License is distributed on an "AS IS" -# basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. See -# the License for the specific language governing rights and limitations -# under the License. -# -# %CopyrightEnd% -# - -# - -include $(ERL_TOP)/make/target.mk -include $(ERL_TOP)/make/$(TARGET)/otp.mk - -# ---------------------------------------------------- -# Application version -# ---------------------------------------------------- -include ../vsn.mk -VSN=$(SSL_VSN) - -# ---------------------------------------------------- -# Release directory specification -# ---------------------------------------------------- -RELSYSDIR = $(RELEASE_PATH)/lib/ssl-$(VSN) - -# ---------------------------------------------------- -# Common Macros -# ---------------------------------------------------- - -.SUFFIXES: .asn1 -.PRECIOUS: %.erl - -ASN_TOP = OTP-PKIX -ASN_MODULES = PKIX1Explicit88 PKIX1Implicit88 PKIX1Algorithms88 \ - PKIXAttributeCertificate SSL-PKIX -ASN_ASNS = $(ASN_MODULES:%=%.asn1) -ASN_ERLS = $(ASN_TOP).erl -ASN_HRLS = $(ASN_TOP).hrl -ASN_CONFIGS = OTP-PKIX.asn1config -ASN_DBS = $(ASN_MODULES:%=%.asn1db) -ASN_TABLES = $(ASN_MODULES:%=%.table) - -GEN_MODULES = ssl_pkix_oid $(ORBER_TMP_FIX_ERL) -GEN_ERLS = $(GEN_MODULES:%=%.erl) -ERL_MODULES = $(ASN_TOP) $(GEN_MODULES) - -TARGET_FILES= $(ERL_MODULES:%=$(EBIN)/%.$(EMULATOR)) - -HRL_FILES = $(ASN_HRLS:%=$(INCLUDE)/%) - -ORBER_TMP_FIX_HRL = PKIX1Algorithms88.hrl PKIX1Explicit88.hrl \ - PKIX1Implicit88.hrl PKIXAttributeCertificate.hrl - -INCLUDE = ../include -EBIN = ../ebin - -# ---------------------------------------------------- -# FLAGS -# ---------------------------------------------------- -EXTRA_ERLC_FLAGS = -ERL_COMPILE_FLAGS += $(EXTRA_ERLC_FLAGS) - -ASN_FLAGS = -bber_bin +der +compact_bit_string +optimize +noobj +asn1config +inline - -# ---------------------------------------------------- -# Targets -# ---------------------------------------------------- - -debug opt: $(TARGET_FILES) $(HRL_FILES) - -clean: - -rm -f $(ASN_ERLS) $(GEN_ERLS) $(ASN_HRLS) $(HRL_FILES) $(ASN_DBS) \ - $(ASN_TABLES) $(TARGET_FILES) *.beam *~ - -docs: - -%.erl: %.set.asn - erlc $(ASN_FLAGS) $< - -ssl_pkix_oid.erl: mk_ssl_pkix_oid.beam $(EBIN)/OTP-PKIX.beam - erl -pa $(EBIN) -noshell -s mk_ssl_pkix_oid make -s erlang halt - -$(HRL_FILES): $(ASN_HRLS) - cp -p $(ASN_HRLS) $(INCLUDE) - -# ---------------------------------------------------- -# Release Target -# ---------------------------------------------------- -include $(ERL_TOP)/make/otp_release_targets.mk - -release_spec: opt - $(INSTALL_DIR) $(RELSYSDIR)/include - $(INSTALL_DATA) $(HRL_FILES) $(RELSYSDIR)/include - $(INSTALL_DIR) $(RELSYSDIR)/pkix - $(INSTALL_DATA) $(ASN_ASNS) $(ASN_ERLS) $(ASN_HRLS) $(ASN_CONFIGS) \ - $(ORBER_TMP_FIX_HRL) $(GEN_ERLS) mk_ssl_pkix_oid.erl $(RELSYSDIR)/pkix - $(INSTALL_DIR) $(RELSYSDIR)/ebin - $(INSTALL_DATA) $(TARGET_FILES) $(RELSYSDIR)/ebin - -release_docs_spec: - -# -# Dependencies - -$(EBIN)/OTP-PKIX.beam: OTP-PKIX.erl OTP-PKIX.hrl -OTP-PKIX.erl OTP-PKIX.hrl: OTP-PKIX.asn1db -OTP-PKIX.asn1db: PKIX1Algorithms88.asn1 \ - PKIX1Explicit88.asn1 \ - PKIX1Implicit88.asn1 \ - PKIXAttributeCertificate.asn1 \ - SSL-PKIX.asn1 diff --git a/lib/ssl/pkix/OTP-PKIX.asn1config b/lib/ssl/pkix/OTP-PKIX.asn1config deleted file mode 100644 index 0caa158f52..0000000000 --- a/lib/ssl/pkix/OTP-PKIX.asn1config +++ /dev/null @@ -1,2 +0,0 @@ -{exclusive_decode,{'OTP-PKIX', - [{decode_TBSCert_exclusive,['Certificate',[{tbsCertificate,undecoded}]]}]}}. diff --git a/lib/ssl/pkix/OTP-PKIX.set.asn b/lib/ssl/pkix/OTP-PKIX.set.asn deleted file mode 100644 index 1c3483d519..0000000000 --- a/lib/ssl/pkix/OTP-PKIX.set.asn +++ /dev/null @@ -1,6 +0,0 @@ -SSL-PKIX.asn1 -PKIX1Explicit88.asn1 -PKIX1Implicit88.asn1 -PKIXAttributeCertificate.asn1 -PKIX1Algorithms88.asn1 -PKCS-1.asn1 diff --git a/lib/ssl/pkix/PKCS-1.asn1 b/lib/ssl/pkix/PKCS-1.asn1 deleted file mode 100755 index 547cc2e072..0000000000 --- a/lib/ssl/pkix/PKCS-1.asn1 +++ /dev/null @@ -1,54 +0,0 @@ -PKCS-1 { - iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-1(1) - modules(0) pkcs-1(1) -} - - -DEFINITIONS IMPLICIT TAGS ::= BEGIN - --- EXPORTS ALL -- - -IMPORTS - AlgorithmIdentifier - FROM PKIX1Explicit88 {iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) - pkix(7) id-mod(0) id-pkix1-explicit-88(1)} ; - -pkcs-1 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } - -RSAPrivateKey ::= SEQUENCE { - version Version, - modulus INTEGER, -- n - publicExponent INTEGER, -- e - privateExponent INTEGER, -- d - prime1 INTEGER, -- p - prime2 INTEGER, -- q - exponent1 INTEGER, -- d mod (p-1) - exponent2 INTEGER, -- d mod (q-1) - coefficient INTEGER, -- (inverse of q) mod p - otherPrimeInfos OtherPrimeInfos OPTIONAL -} - -Version ::= INTEGER { two-prime(0), multi(1) } - (CONSTRAINED BY { - -- version must be multi if otherPrimeInfos present -- - }) - -OtherPrimeInfos ::= SEQUENCE SIZE(1..MAX) OF OtherPrimeInfo - -OtherPrimeInfo ::= SEQUENCE { - prime INTEGER, -- ri - exponent INTEGER, -- di - coefficient INTEGER -- ti -} - -DigestInfo ::= SEQUENCE { - digestAlgorithm DigestAlgorithmIdentifier, - digest OCTET STRING -} - -DigestAlgorithmIdentifier ::= AlgorithmIdentifier - -END -- PKCS1Definitions - diff --git a/lib/ssl/pkix/PKIX1Algorithms88.asn1 b/lib/ssl/pkix/PKIX1Algorithms88.asn1 deleted file mode 100644 index e78de69b0e..0000000000 --- a/lib/ssl/pkix/PKIX1Algorithms88.asn1 +++ /dev/null @@ -1,274 +0,0 @@ - PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-pkix1-algorithms(17) } - - DEFINITIONS EXPLICIT TAGS ::= BEGIN - - -- EXPORTS All; - - -- IMPORTS NONE; - - -- - -- One-way Hash Functions - -- - - md2 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) - digestAlgorithm(2) 2 } - - md5 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) - digestAlgorithm(2) 5 } - - id-sha1 OBJECT IDENTIFIER ::= { - iso(1) identified-organization(3) oiw(14) secsig(3) - algorithms(2) 26 } - - -- - -- DSA Keys and Signatures - -- - - -- OID for DSA public key - - id-dsa OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) x9-57(10040) x9algorithm(4) 1 } - - -- encoding for DSA public key - - DSAPublicKey ::= INTEGER -- public key, y - - Dss-Parms ::= SEQUENCE { - p INTEGER, - q INTEGER, - g INTEGER } - - -- OID for DSA signature generated with SHA-1 hash - - id-dsa-with-sha1 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) x9-57 (10040) x9algorithm(4) 3 } - - -- encoding for DSA signature generated with SHA-1 hash - - Dss-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER } - - -- - -- RSA Keys and Signatures - -- - - -- arc for RSA public key and RSA signature OIDs - - pkcs-1 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 1 } - - -- OID for RSA public keys - - rsaEncryption OBJECT IDENTIFIER ::= { pkcs-1 1 } - - -- OID for RSA signature generated with MD2 hash - - md2WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 2 } - - -- OID for RSA signature generated with MD5 hash - - md5WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 4 } - - -- OID for RSA signature generated with SHA-1 hash - - sha1WithRSAEncryption OBJECT IDENTIFIER ::= { pkcs-1 5 } - - -- encoding for RSA public key - - RSAPublicKey ::= SEQUENCE { - modulus INTEGER, -- n - publicExponent INTEGER } -- e - - -- - -- Diffie-Hellman Keys - -- - - dhpublicnumber OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) ansi-x942(10046) - number-type(2) 1 } - - -- encoding for DSA public key - - DHPublicKey ::= INTEGER -- public key, y = g^x mod p - - DomainParameters ::= SEQUENCE { - p INTEGER, -- odd prime, p=jq +1 - g INTEGER, -- generator, g - q INTEGER, -- factor of p-1 - j INTEGER OPTIONAL, -- subgroup factor, j>= 2 - validationParms ValidationParms OPTIONAL } - - ValidationParms ::= SEQUENCE { - seed BIT STRING, - pgenCounter INTEGER } - - -- - -- KEA Keys - -- - - id-keyExchangeAlgorithm OBJECT IDENTIFIER ::= - { 2 16 840 1 101 2 1 1 22 } - - KEA-Parms-Id ::= OCTET STRING - - -- - -- Elliptic Curve Keys, Signatures, and Curves - -- - - ansi-X9-62 OBJECT IDENTIFIER ::= { - iso(1) member-body(2) us(840) 10045 } - - FieldID ::= SEQUENCE { -- Finite field - fieldType OBJECT IDENTIFIER, - parameters ANY DEFINED BY fieldType } - - -- Arc for ECDSA signature OIDS - - id-ecSigType OBJECT IDENTIFIER ::= { ansi-X9-62 signatures(4) } - - -- OID for ECDSA signatures with SHA-1 - - ecdsa-with-SHA1 OBJECT IDENTIFIER ::= { id-ecSigType 1 } - - -- OID for an elliptic curve signature - -- format for the value of an ECDSA signature value - - ECDSA-Sig-Value ::= SEQUENCE { - r INTEGER, - s INTEGER } - - -- recognized field type OIDs are defined in the following arc - - id-fieldType OBJECT IDENTIFIER ::= { ansi-X9-62 fieldType(1) } - - -- where fieldType is prime-field, the parameters are of type Prime-p - - prime-field OBJECT IDENTIFIER ::= { id-fieldType 1 } - - Prime-p ::= INTEGER -- Finite field F(p), where p is an odd prime - - -- where fieldType is characteristic-two-field, the parameters are - -- of type Characteristic-two - - characteristic-two-field OBJECT IDENTIFIER ::= { id-fieldType 2 } - - Characteristic-two ::= SEQUENCE { - m INTEGER, -- Field size 2^m - basis OBJECT IDENTIFIER, - parameters ANY DEFINED BY basis } - - -- recognized basis type OIDs are defined in the following arc - - id-characteristic-two-basis OBJECT IDENTIFIER ::= { - characteristic-two-field basisType(3) } - - -- gnbasis is identified by OID gnBasis and indicates - -- parameters are NULL - - gnBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 1 } - - -- parameters for this basis are NULL - - -- trinomial basis is identified by OID tpBasis and indicates - -- parameters of type Pentanomial - - tpBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 2 } - - -- Trinomial basis representation of F2^m - -- Integer k for reduction polynomial xm + xk + 1 - - Trinomial ::= INTEGER - - -- for pentanomial basis is identified by OID ppBasis and indicates - -- parameters of type Pentanomial - - ppBasis OBJECT IDENTIFIER ::= { id-characteristic-two-basis 3 } - - -- Pentanomial basis representation of F2^m - -- reduction polynomial integers k1, k2, k3 - -- f(x) = x**m + x**k3 + x**k2 + x**k1 + 1 - - Pentanomial ::= SEQUENCE { - k1 INTEGER, - k2 INTEGER, - k3 INTEGER } - - -- The object identifiers gnBasis, tpBasis and ppBasis name - -- three kinds of basis for characteristic-two finite fields - - FieldElement ::= OCTET STRING -- Finite field element - - ECPoint ::= OCTET STRING -- Elliptic curve point - - -- Elliptic Curve parameters may be specified explicitly, - -- specified implicitly through a "named curve", or - -- inherited from the CA - - EcpkParameters ::= CHOICE { - ecParameters ECParameters, - namedCurve OBJECT IDENTIFIER, - implicitlyCA NULL } - - ECParameters ::= SEQUENCE { -- Elliptic curve parameters - version ECPVer, - fieldID FieldID, - curve Curve, - base ECPoint, -- Base point G - order INTEGER, -- Order n of the base point - cofactor INTEGER OPTIONAL } -- The integer h = #E(Fq)/n - - ECPVer ::= INTEGER {ecpVer1(1)} - - Curve ::= SEQUENCE { - a FieldElement, -- Elliptic curve coefficient a - b FieldElement, -- Elliptic curve coefficient b - seed BIT STRING OPTIONAL } - - id-publicKeyType OBJECT IDENTIFIER ::= { ansi-X9-62 keyType(2) } - - id-ecPublicKey OBJECT IDENTIFIER ::= { id-publicKeyType 1 } - - -- Named Elliptic Curves in ANSI X9.62. - - ellipticCurve OBJECT IDENTIFIER ::= { ansi-X9-62 curves(3) } - - c-TwoCurve OBJECT IDENTIFIER ::= { - ellipticCurve characteristicTwo(0) } - - c2pnb163v1 OBJECT IDENTIFIER ::= { c-TwoCurve 1 } - c2pnb163v2 OBJECT IDENTIFIER ::= { c-TwoCurve 2 } - c2pnb163v3 OBJECT IDENTIFIER ::= { c-TwoCurve 3 } - c2pnb176w1 OBJECT IDENTIFIER ::= { c-TwoCurve 4 } - c2tnb191v1 OBJECT IDENTIFIER ::= { c-TwoCurve 5 } - c2tnb191v2 OBJECT IDENTIFIER ::= { c-TwoCurve 6 } - c2tnb191v3 OBJECT IDENTIFIER ::= { c-TwoCurve 7 } - c2onb191v4 OBJECT IDENTIFIER ::= { c-TwoCurve 8 } - c2onb191v5 OBJECT IDENTIFIER ::= { c-TwoCurve 9 } - c2pnb208w1 OBJECT IDENTIFIER ::= { c-TwoCurve 10 } - c2tnb239v1 OBJECT IDENTIFIER ::= { c-TwoCurve 11 } - c2tnb239v2 OBJECT IDENTIFIER ::= { c-TwoCurve 12 } - c2tnb239v3 OBJECT IDENTIFIER ::= { c-TwoCurve 13 } - c2onb239v4 OBJECT IDENTIFIER ::= { c-TwoCurve 14 } - c2onb239v5 OBJECT IDENTIFIER ::= { c-TwoCurve 15 } - c2pnb272w1 OBJECT IDENTIFIER ::= { c-TwoCurve 16 } - c2pnb304w1 OBJECT IDENTIFIER ::= { c-TwoCurve 17 } - c2tnb359v1 OBJECT IDENTIFIER ::= { c-TwoCurve 18 } - c2pnb368w1 OBJECT IDENTIFIER ::= { c-TwoCurve 19 } - c2tnb431r1 OBJECT IDENTIFIER ::= { c-TwoCurve 20 } - - primeCurve OBJECT IDENTIFIER ::= { ellipticCurve prime(1) } - - prime192v1 OBJECT IDENTIFIER ::= { primeCurve 1 } - prime192v2 OBJECT IDENTIFIER ::= { primeCurve 2 } - prime192v3 OBJECT IDENTIFIER ::= { primeCurve 3 } - prime239v1 OBJECT IDENTIFIER ::= { primeCurve 4 } - prime239v2 OBJECT IDENTIFIER ::= { primeCurve 5 } - prime239v3 OBJECT IDENTIFIER ::= { primeCurve 6 } - prime256v1 OBJECT IDENTIFIER ::= { primeCurve 7 } - - END diff --git a/lib/ssl/pkix/PKIX1Algorithms88.hrl b/lib/ssl/pkix/PKIX1Algorithms88.hrl deleted file mode 100644 index a11793618d..0000000000 --- a/lib/ssl/pkix/PKIX1Algorithms88.hrl +++ /dev/null @@ -1,94 +0,0 @@ -%% Generated by the Erlang ASN.1 compiler version:1.4.4.8 -%% Purpose: Erlang record definitions for each named and unnamed -%% SEQUENCE and SET, and macro definitions for each value -%% definition,in module PKIX1Algorithms88 - - - --record('Dss-Parms',{ -p, q, g}). - --record('Dss-Sig-Value',{ -r, s}). - --record('RSAPublicKey',{ -modulus, publicExponent}). - --record('DomainParameters',{ -p, g, q, j = asn1_NOVALUE, validationParms = asn1_NOVALUE}). - --record('ValidationParms',{ -seed, pgenCounter}). - --record('FieldID',{ -fieldType, parameters}). - --record('ECDSA-Sig-Value',{ -r, s}). - --record('Characteristic-two',{ -m, basis, parameters}). - --record('Pentanomial',{ -k1, k2, k3}). - --record('ECParameters',{ -version, fieldID, curve, base, order, cofactor = asn1_NOVALUE}). - --record('Curve',{ -a, b, seed = asn1_NOVALUE}). - --define('md2', {1,2,840,113549,2,2}). --define('md5', {1,2,840,113549,2,5}). --define('id-sha1', {1,3,14,3,2,26}). --define('id-dsa', {1,2,840,10040,4,1}). --define('id-dsa-with-sha1', {1,2,840,10040,4,3}). --define('pkcs-1', {1,2,840,113549,1,1}). --define('rsaEncryption', {1,2,840,113549,1,1,1}). --define('md2WithRSAEncryption', {1,2,840,113549,1,1,2}). --define('md5WithRSAEncryption', {1,2,840,113549,1,1,4}). --define('sha1WithRSAEncryption', {1,2,840,113549,1,1,5}). --define('dhpublicnumber', {1,2,840,10046,2,1}). --define('id-keyExchangeAlgorithm', {2,16,840,1,101,2,1,1,22}). --define('ansi-X9-62', {1,2,840,10045}). --define('id-ecSigType', {1,2,840,10045,4}). --define('ecdsa-with-SHA1', {1,2,840,10045,4,1}). --define('id-fieldType', {1,2,840,10045,1}). --define('prime-field', {1,2,840,10045,1,1}). --define('characteristic-two-field', {1,2,840,10045,1,2}). --define('id-characteristic-two-basis', {1,2,840,10045,1,2,3}). --define('gnBasis', {1,2,840,10045,1,2,3,1}). --define('tpBasis', {1,2,840,10045,1,2,3,2}). --define('ppBasis', {1,2,840,10045,1,2,3,3}). --define('id-publicKeyType', {1,2,840,10045,2}). --define('id-ecPublicKey', {1,2,840,10045,2,1}). --define('ellipticCurve', {1,2,840,10045,3}). --define('c-TwoCurve', {1,2,840,10045,3,0}). --define('c2pnb163v1', {1,2,840,10045,3,0,1}). --define('c2pnb163v2', {1,2,840,10045,3,0,2}). --define('c2pnb163v3', {1,2,840,10045,3,0,3}). --define('c2pnb176w1', {1,2,840,10045,3,0,4}). --define('c2tnb191v1', {1,2,840,10045,3,0,5}). --define('c2tnb191v2', {1,2,840,10045,3,0,6}). --define('c2tnb191v3', {1,2,840,10045,3,0,7}). --define('c2onb191v4', {1,2,840,10045,3,0,8}). --define('c2onb191v5', {1,2,840,10045,3,0,9}). --define('c2pnb208w1', {1,2,840,10045,3,0,10}). --define('c2tnb239v1', {1,2,840,10045,3,0,11}). --define('c2tnb239v2', {1,2,840,10045,3,0,12}). --define('c2tnb239v3', {1,2,840,10045,3,0,13}). --define('c2onb239v4', {1,2,840,10045,3,0,14}). --define('c2onb239v5', {1,2,840,10045,3,0,15}). --define('c2pnb272w1', {1,2,840,10045,3,0,16}). --define('c2pnb304w1', {1,2,840,10045,3,0,17}). --define('c2tnb359v1', {1,2,840,10045,3,0,18}). --define('c2pnb368w1', {1,2,840,10045,3,0,19}). --define('c2tnb431r1', {1,2,840,10045,3,0,20}). --define('primeCurve', {1,2,840,10045,3,1}). --define('prime192v1', {1,2,840,10045,3,1,1}). --define('prime192v2', {1,2,840,10045,3,1,2}). --define('prime192v3', {1,2,840,10045,3,1,3}). --define('prime239v1', {1,2,840,10045,3,1,4}). --define('prime239v2', {1,2,840,10045,3,1,5}). --define('prime239v3', {1,2,840,10045,3,1,6}). --define('prime256v1', {1,2,840,10045,3,1,7}). diff --git a/lib/ssl/pkix/PKIX1Explicit88.asn1 b/lib/ssl/pkix/PKIX1Explicit88.asn1 deleted file mode 100644 index 9b8068fed0..0000000000 --- a/lib/ssl/pkix/PKIX1Explicit88.asn1 +++ /dev/null @@ -1,619 +0,0 @@ -PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-explicit(18) } - -DEFINITIONS EXPLICIT TAGS ::= - -BEGIN - --- EXPORTS ALL -- - --- IMPORTS NONE -- - --- UNIVERSAL Types defined in 1993 and 1998 ASN.1 --- and required by this specification - --- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING - -- UniversalString is defined in ASN.1:1993 - --- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING - -- BMPString is the subtype of UniversalString and models - -- the Basic Multilingual Plane of ISO/IEC/ITU 10646-1 - --- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - -- The content of this type conforms to RFC 2279. - --- PKIX specific OIDs - -id-pkix OBJECT IDENTIFIER ::= - { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) } - --- PKIX arcs - -id-pe OBJECT IDENTIFIER ::= { id-pkix 1 } - -- arc for private certificate extensions -id-qt OBJECT IDENTIFIER ::= { id-pkix 2 } - -- arc for policy qualifier types -id-kp OBJECT IDENTIFIER ::= { id-pkix 3 } - -- arc for extended key purpose OIDS -id-ad OBJECT IDENTIFIER ::= { id-pkix 48 } - -- arc for access descriptors - --- policyQualifierIds for Internet policy qualifiers - -id-qt-cps OBJECT IDENTIFIER ::= { id-qt 1 } - -- OID for CPS qualifier -id-qt-unotice OBJECT IDENTIFIER ::= { id-qt 2 } - -- OID for user notice qualifier - --- access descriptor definitions - -id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 } -id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 } -id-ad-timeStamping OBJECT IDENTIFIER ::= { id-ad 3 } -id-ad-caRepository OBJECT IDENTIFIER ::= { id-ad 5 } - --- attribute data types - -Attribute ::= SEQUENCE { - type AttributeType, - values SET OF AttributeValue } - -- at least one value is required - -AttributeType ::= OBJECT IDENTIFIER - -AttributeValue ::= ANY - -AttributeTypeAndValue ::= SEQUENCE { - type AttributeType, - value AttributeValue } - --- suggested naming attributes: Definition of the following --- information object set may be augmented to meet local --- requirements. Note that deleting members of the set may --- prevent interoperability with conforming implementations. --- presented in pairs: the AttributeType followed by the --- type definition for the corresponding AttributeValue ---Arc for standard naming attributes -id-at OBJECT IDENTIFIER ::= { joint-iso-ccitt(2) ds(5) 4 } - --- Naming attributes of type X520name - -id-at-name AttributeType ::= { id-at 41 } -id-at-surname AttributeType ::= { id-at 4 } -id-at-givenName AttributeType ::= { id-at 42 } -id-at-initials AttributeType ::= { id-at 43 } -id-at-generationQualifier AttributeType ::= { id-at 44 } - -X520name ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-name)), - printableString PrintableString (SIZE (1..ub-name)), - universalString UniversalString (SIZE (1..ub-name)), - utf8String UTF8String (SIZE (1..ub-name)), - bmpString BMPString (SIZE (1..ub-name)) } - --- Naming attributes of type X520CommonName - -id-at-commonName AttributeType ::= { id-at 3 } - -X520CommonName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-common-name)), - printableString PrintableString (SIZE (1..ub-common-name)), - universalString UniversalString (SIZE (1..ub-common-name)), - utf8String UTF8String (SIZE (1..ub-common-name)), - bmpString BMPString (SIZE (1..ub-common-name)) } - --- Naming attributes of type X520LocalityName - -id-at-localityName AttributeType ::= { id-at 7 } - -X520LocalityName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-locality-name)), - printableString PrintableString (SIZE (1..ub-locality-name)), - universalString UniversalString (SIZE (1..ub-locality-name)), - utf8String UTF8String (SIZE (1..ub-locality-name)), - bmpString BMPString (SIZE (1..ub-locality-name)) } - --- Naming attributes of type X520StateOrProvinceName - -id-at-stateOrProvinceName AttributeType ::= { id-at 8 } - -X520StateOrProvinceName ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-state-name)), - printableString PrintableString (SIZE (1..ub-state-name)), - universalString UniversalString (SIZE (1..ub-state-name)), - utf8String UTF8String (SIZE (1..ub-state-name)), - bmpString BMPString (SIZE(1..ub-state-name)) } - --- Naming attributes of type X520OrganizationName - -id-at-organizationName AttributeType ::= { id-at 10 } - -X520OrganizationName ::= CHOICE { - teletexString TeletexString - (SIZE (1..ub-organization-name)), - printableString PrintableString - (SIZE (1..ub-organization-name)), - universalString UniversalString - (SIZE (1..ub-organization-name)), - utf8String UTF8String - (SIZE (1..ub-organization-name)), - bmpString BMPString - (SIZE (1..ub-organization-name)) } - --- Naming attributes of type X520OrganizationalUnitName - -id-at-organizationalUnitName AttributeType ::= { id-at 11 } - -X520OrganizationalUnitName ::= CHOICE { - teletexString TeletexString - (SIZE (1..ub-organizational-unit-name)), - printableString PrintableString - (SIZE (1..ub-organizational-unit-name)), - universalString UniversalString - (SIZE (1..ub-organizational-unit-name)), - utf8String UTF8String - (SIZE (1..ub-organizational-unit-name)), - bmpString BMPString - (SIZE (1..ub-organizational-unit-name)) } - --- Naming attributes of type X520Title - -id-at-title AttributeType ::= { id-at 12 } - -X520Title ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-title)), - printableString PrintableString (SIZE (1..ub-title)), - universalString UniversalString (SIZE (1..ub-title)), - utf8String UTF8String (SIZE (1..ub-title)), - bmpString BMPString (SIZE (1..ub-title)) } - --- Naming attributes of type X520dnQualifier - -id-at-dnQualifier AttributeType ::= { id-at 46 } - -X520dnQualifier ::= PrintableString - --- Naming attributes of type X520countryName (digraph from IS 3166) - -id-at-countryName AttributeType ::= { id-at 6 } - -X520countryName ::= PrintableString (SIZE (2)) - --- Naming attributes of type X520SerialNumber - -id-at-serialNumber AttributeType ::= { id-at 5 } - -X520SerialNumber ::= PrintableString (SIZE (1..ub-serial-number)) - --- Naming attributes of type X520Pseudonym - -id-at-pseudonym AttributeType ::= { id-at 65 } - -X520Pseudonym ::= CHOICE { - teletexString TeletexString (SIZE (1..ub-pseudonym)), - printableString PrintableString (SIZE (1..ub-pseudonym)), - universalString UniversalString (SIZE (1..ub-pseudonym)), - utf8String UTF8String (SIZE (1..ub-pseudonym)), - bmpString BMPString (SIZE (1..ub-pseudonym)) } - --- Naming attributes of type DomainComponent (from RFC 2247) - -id-domainComponent AttributeType ::= - { 0 9 2342 19200300 100 1 25 } - -DomainComponent ::= IA5String - --- Legacy attributes - -pkcs-9 OBJECT IDENTIFIER ::= - { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) 9 } - -id-emailAddress AttributeType ::= { pkcs-9 1 } - -EmailAddress ::= IA5String (SIZE (1..ub-emailaddress-length)) - --- naming data types -- - -Name ::= CHOICE { -- only one possibility for now -- - rdnSequence RDNSequence } - -RDNSequence ::= SEQUENCE OF RelativeDistinguishedName - -DistinguishedName ::= RDNSequence - -RelativeDistinguishedName ::= - SET SIZE (1 .. MAX) OF AttributeTypeAndValue - --- Directory string type -- - -DirectoryString ::= CHOICE { - teletexString TeletexString (SIZE (1..MAX)), - printableString PrintableString (SIZE (1..MAX)), - universalString UniversalString (SIZE (1..MAX)), - utf8String UTF8String (SIZE (1..MAX)), - bmpString BMPString (SIZE (1..MAX)) } - --- certificate and CRL specific structures begin here - -Certificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertificate ::= SEQUENCE { - version [0] Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature AlgorithmIdentifier, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - extensions [3] Extensions OPTIONAL - -- If present, version MUST be v3 -- } - -Version ::= INTEGER { v1(0), v2(1), v3(2) } - -CertificateSerialNumber ::= INTEGER - -Validity ::= SEQUENCE { - notBefore Time, - notAfter Time } - -Time ::= CHOICE { - utcTime UTCTime, - generalTime GeneralizedTime } - -UniqueIdentifier ::= BIT STRING - -SubjectPublicKeyInfo ::= SEQUENCE { - algorithm AlgorithmIdentifier, - subjectPublicKey BIT STRING } - -Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension - -Extension ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue OCTET STRING } - --- CRL structures - -CertificateList ::= SEQUENCE { - tbsCertList TBSCertList, - signatureAlgorithm AlgorithmIdentifier, - signature BIT STRING } - -TBSCertList ::= SEQUENCE { - version Version OPTIONAL, - -- if present, MUST be v2 - signature AlgorithmIdentifier, - issuer Name, - thisUpdate Time, - nextUpdate Time OPTIONAL, - revokedCertificates SEQUENCE OF SEQUENCE { - userCertificate CertificateSerialNumber, - revocationDate Time, - crlEntryExtensions Extensions OPTIONAL - -- if present, MUST be v2 - } OPTIONAL, - crlExtensions [0] Extensions OPTIONAL } - -- if present, MUST be v2 - --- Version, Time, CertificateSerialNumber, and Extensions were --- defined earlier for use in the certificate structure - -AlgorithmIdentifier ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY DEFINED BY algorithm OPTIONAL } - -- contains a value of the type - -- registered for use with the - -- algorithm object identifier value - --- X.400 address syntax starts here - -ORAddress ::= SEQUENCE { - built-in-standard-attributes BuiltInStandardAttributes, - built-in-domain-defined-attributes - BuiltInDomainDefinedAttributes OPTIONAL, - -- see also teletex-domain-defined-attributes - extension-attributes ExtensionAttributes OPTIONAL } - --- Built-in Standard Attributes - -BuiltInStandardAttributes ::= SEQUENCE { - country-name CountryName OPTIONAL, - administration-domain-name AdministrationDomainName OPTIONAL, - network-address [0] IMPLICIT NetworkAddress OPTIONAL, - -- see also extended-network-address - terminal-identifier [1] IMPLICIT TerminalIdentifier OPTIONAL, - private-domain-name [2] PrivateDomainName OPTIONAL, - organization-name [3] IMPLICIT OrganizationName OPTIONAL, - -- see also teletex-organization-name - numeric-user-identifier [4] IMPLICIT NumericUserIdentifier - OPTIONAL, - personal-name [5] IMPLICIT PersonalName OPTIONAL, - -- see also teletex-personal-name - organizational-unit-names [6] IMPLICIT OrganizationalUnitNames - OPTIONAL } - -- see also teletex-organizational-unit-names - -CountryName ::= [APPLICATION 1] CHOICE { - x121-dcc-code NumericString - (SIZE (ub-country-name-numeric-length)), - iso-3166-alpha2-code PrintableString - (SIZE (ub-country-name-alpha-length)) } - -AdministrationDomainName ::= [APPLICATION 2] CHOICE { - numeric NumericString (SIZE (0..ub-domain-name-length)), - printable PrintableString (SIZE (0..ub-domain-name-length)) } - -NetworkAddress ::= X121Address -- see also extended-network-address - -X121Address ::= NumericString (SIZE (1..ub-x121-address-length)) - -TerminalIdentifier ::= PrintableString (SIZE -(1..ub-terminal-id-length)) - -PrivateDomainName ::= CHOICE { - numeric NumericString (SIZE (1..ub-domain-name-length)), - printable PrintableString (SIZE (1..ub-domain-name-length)) } - -OrganizationName ::= PrintableString - (SIZE (1..ub-organization-name-length)) - -- see also teletex-organization-name - -NumericUserIdentifier ::= NumericString - (SIZE (1..ub-numeric-user-id-length)) - -PersonalName ::= SET { - surname [0] IMPLICIT PrintableString - (SIZE (1..ub-surname-length)), - given-name [1] IMPLICIT PrintableString - (SIZE (1..ub-given-name-length)) OPTIONAL, - initials [2] IMPLICIT PrintableString - (SIZE (1..ub-initials-length)) OPTIONAL, - generation-qualifier [3] IMPLICIT PrintableString - (SIZE (1..ub-generation-qualifier-length)) - OPTIONAL } - -- see also teletex-personal-name - -OrganizationalUnitNames ::= SEQUENCE SIZE (1..ub-organizational-units) - OF OrganizationalUnitName - -- see also teletex-organizational-unit-names - -OrganizationalUnitName ::= PrintableString (SIZE - (1..ub-organizational-unit-name-length)) - --- Built-in Domain-defined Attributes - -BuiltInDomainDefinedAttributes ::= SEQUENCE SIZE - (1..ub-domain-defined-attributes) OF - BuiltInDomainDefinedAttribute - -BuiltInDomainDefinedAttribute ::= SEQUENCE { - type PrintableString (SIZE - (1..ub-domain-defined-attribute-type-length)), - value PrintableString (SIZE - (1..ub-domain-defined-attribute-value-length)) } - --- Extension Attributes - -ExtensionAttributes ::= SET SIZE (1..ub-extension-attributes) OF - ExtensionAttribute - -ExtensionAttribute ::= SEQUENCE { - extension-attribute-type [0] IMPLICIT INTEGER - (0..ub-extension-attributes), - extension-attribute-value [1] - ANY DEFINED BY extension-attribute-type } - --- Extension types and attribute values - -common-name INTEGER ::= 1 - -CommonName ::= PrintableString (SIZE (1..ub-common-name-length)) - -teletex-common-name INTEGER ::= 2 - -TeletexCommonName ::= TeletexString (SIZE (1..ub-common-name-length)) - -teletex-organization-name INTEGER ::= 3 - -TeletexOrganizationName ::= - TeletexString (SIZE (1..ub-organization-name-length)) - -teletex-personal-name INTEGER ::= 4 - -TeletexPersonalName ::= SET { - surname [0] IMPLICIT TeletexString - (SIZE (1..ub-surname-length)), - given-name [1] IMPLICIT TeletexString - (SIZE (1..ub-given-name-length)) OPTIONAL, - initials [2] IMPLICIT TeletexString - (SIZE (1..ub-initials-length)) OPTIONAL, - generation-qualifier [3] IMPLICIT TeletexString - (SIZE (1..ub-generation-qualifier-length)) - OPTIONAL } - -teletex-organizational-unit-names INTEGER ::= 5 - -TeletexOrganizationalUnitNames ::= SEQUENCE SIZE - (1..ub-organizational-units) OF TeletexOrganizationalUnitName - -TeletexOrganizationalUnitName ::= TeletexString - (SIZE (1..ub-organizational-unit-name-length)) - -pds-name INTEGER ::= 7 - -PDSName ::= PrintableString (SIZE (1..ub-pds-name-length)) - -physical-delivery-country-name INTEGER ::= 8 - -PhysicalDeliveryCountryName ::= CHOICE { - x121-dcc-code NumericString (SIZE -(ub-country-name-numeric-length)), - iso-3166-alpha2-code PrintableString - (SIZE (ub-country-name-alpha-length)) } - -postal-code INTEGER ::= 9 - -PostalCode ::= CHOICE { - numeric-code NumericString (SIZE (1..ub-postal-code-length)), - printable-code PrintableString (SIZE (1..ub-postal-code-length)) } - -physical-delivery-office-name INTEGER ::= 10 - -PhysicalDeliveryOfficeName ::= PDSParameter - -physical-delivery-office-number INTEGER ::= 11 - -PhysicalDeliveryOfficeNumber ::= PDSParameter - -extension-OR-address-components INTEGER ::= 12 - -ExtensionORAddressComponents ::= PDSParameter - -physical-delivery-personal-name INTEGER ::= 13 - -PhysicalDeliveryPersonalName ::= PDSParameter - -physical-delivery-organization-name INTEGER ::= 14 - -PhysicalDeliveryOrganizationName ::= PDSParameter - -extension-physical-delivery-address-components INTEGER ::= 15 - -ExtensionPhysicalDeliveryAddressComponents ::= PDSParameter - -unformatted-postal-address INTEGER ::= 16 - -UnformattedPostalAddress ::= SET { - printable-address SEQUENCE SIZE (1..ub-pds-physical-address-lines) - OF PrintableString (SIZE (1..ub-pds-parameter-length)) - OPTIONAL, - teletex-string TeletexString - (SIZE (1..ub-unformatted-address-length)) OPTIONAL } - -street-address INTEGER ::= 17 - -StreetAddress ::= PDSParameter - -post-office-box-address INTEGER ::= 18 - -PostOfficeBoxAddress ::= PDSParameter - -poste-restante-address INTEGER ::= 19 - -PosteRestanteAddress ::= PDSParameter - -unique-postal-name INTEGER ::= 20 - -UniquePostalName ::= PDSParameter - -local-postal-attributes INTEGER ::= 21 - -LocalPostalAttributes ::= PDSParameter - -PDSParameter ::= SET { - printable-string PrintableString - (SIZE(1..ub-pds-parameter-length)) OPTIONAL, - teletex-string TeletexString - (SIZE(1..ub-pds-parameter-length)) OPTIONAL } - -extended-network-address INTEGER ::= 22 - -ExtendedNetworkAddress ::= CHOICE { - e163-4-address SEQUENCE { - number [0] IMPLICIT NumericString - (SIZE (1..ub-e163-4-number-length)), - sub-address [1] IMPLICIT NumericString - (SIZE (1..ub-e163-4-sub-address-length)) - OPTIONAL }, - psap-address [0] IMPLICIT PresentationAddress } - -PresentationAddress ::= SEQUENCE { - pSelector [0] EXPLICIT OCTET STRING OPTIONAL, - sSelector [1] EXPLICIT OCTET STRING OPTIONAL, - tSelector [2] EXPLICIT OCTET STRING OPTIONAL, - nAddresses [3] EXPLICIT SET SIZE (1..MAX) OF OCTET STRING } - -terminal-type INTEGER ::= 23 - -TerminalType ::= INTEGER { - telex (3), - teletex (4), - g3-facsimile (5), - g4-facsimile (6), - ia5-terminal (7), - videotex (8) } (0..ub-integer-options) - --- Extension Domain-defined Attributes - -teletex-domain-defined-attributes INTEGER ::= 6 - -TeletexDomainDefinedAttributes ::= SEQUENCE SIZE - (1..ub-domain-defined-attributes) OF TeletexDomainDefinedAttribute - -TeletexDomainDefinedAttribute ::= SEQUENCE { - type TeletexString - (SIZE (1..ub-domain-defined-attribute-type-length)), - value TeletexString - (SIZE (1..ub-domain-defined-attribute-value-length)) } - --- specifications of Upper Bounds MUST be regarded as mandatory --- from Annex B of ITU-T X.411 Reference Definition of MTS Parameter --- Upper Bounds - --- Upper Bounds -ub-name INTEGER ::= 32768 -ub-common-name INTEGER ::= 64 -ub-locality-name INTEGER ::= 128 -ub-state-name INTEGER ::= 128 -ub-organization-name INTEGER ::= 64 -ub-organizational-unit-name INTEGER ::= 64 -ub-title INTEGER ::= 64 -ub-serial-number INTEGER ::= 64 -ub-match INTEGER ::= 128 -ub-emailaddress-length INTEGER ::= 128 -ub-common-name-length INTEGER ::= 64 -ub-country-name-alpha-length INTEGER ::= 2 -ub-country-name-numeric-length INTEGER ::= 3 -ub-domain-defined-attributes INTEGER ::= 4 -ub-domain-defined-attribute-type-length INTEGER ::= 8 -ub-domain-defined-attribute-value-length INTEGER ::= 128 -ub-domain-name-length INTEGER ::= 16 -ub-extension-attributes INTEGER ::= 256 -ub-e163-4-number-length INTEGER ::= 15 -ub-e163-4-sub-address-length INTEGER ::= 40 -ub-generation-qualifier-length INTEGER ::= 3 -ub-given-name-length INTEGER ::= 16 -ub-initials-length INTEGER ::= 5 -ub-integer-options INTEGER ::= 256 -ub-numeric-user-id-length INTEGER ::= 32 -ub-organization-name-length INTEGER ::= 64 -ub-organizational-unit-name-length INTEGER ::= 32 -ub-organizational-units INTEGER ::= 4 -ub-pds-name-length INTEGER ::= 16 -ub-pds-parameter-length INTEGER ::= 30 -ub-pds-physical-address-lines INTEGER ::= 6 -ub-postal-code-length INTEGER ::= 16 -ub-pseudonym INTEGER ::= 128 -ub-surname-length INTEGER ::= 40 -ub-terminal-id-length INTEGER ::= 24 -ub-unformatted-address-length INTEGER ::= 180 -ub-x121-address-length INTEGER ::= 16 - --- Note - upper bounds on string types, such as TeletexString, are --- measured in characters. Excepting PrintableString or IA5String, a --- significantly greater number of octets will be required to hold --- such a value. As a minimum, 16 octets, or twice the specified --- upper bound, whichever is the larger, should be allowed for --- TeletexString. For UTF8String or UniversalString at least four --- times the upper bound should be allowed. - -END diff --git a/lib/ssl/pkix/PKIX1Explicit88.hrl b/lib/ssl/pkix/PKIX1Explicit88.hrl deleted file mode 100644 index 5940c1e245..0000000000 --- a/lib/ssl/pkix/PKIX1Explicit88.hrl +++ /dev/null @@ -1,163 +0,0 @@ -%% Generated by the Erlang ASN.1 compiler version:1.4.4.8 -%% Purpose: Erlang record definitions for each named and unnamed -%% SEQUENCE and SET, and macro definitions for each value -%% definition,in module PKIX1Explicit88 - - - --record('Attribute',{ -type, values}). - --record('AttributeTypeAndValue',{ -type, value}). - --record('Certificate',{ -tbsCertificate, signatureAlgorithm, signature}). - --record('TBSCertificate',{ -version = asn1_DEFAULT, serialNumber, signature, issuer, validity, subject, subjectPublicKeyInfo, issuerUniqueID = asn1_NOVALUE, subjectUniqueID = asn1_NOVALUE, extensions = asn1_NOVALUE}). - --record('Validity',{ -notBefore, notAfter}). - --record('SubjectPublicKeyInfo',{ -algorithm, subjectPublicKey}). - --record('Extension',{ -extnID, critical = asn1_DEFAULT, extnValue}). - --record('CertificateList',{ -tbsCertList, signatureAlgorithm, signature}). - --record('TBSCertList',{ -version = asn1_NOVALUE, signature, issuer, thisUpdate, nextUpdate = asn1_NOVALUE, revokedCertificates = asn1_NOVALUE, crlExtensions = asn1_NOVALUE}). - --record('TBSCertList_revokedCertificates_SEQOF',{ -userCertificate, revocationDate, crlEntryExtensions = asn1_NOVALUE}). - --record('AlgorithmIdentifier',{ -algorithm, parameters = asn1_NOVALUE}). - --record('ORAddress',{ -'built-in-standard-attributes', 'built-in-domain-defined-attributes' = asn1_NOVALUE, 'extension-attributes' = asn1_NOVALUE}). - --record('BuiltInStandardAttributes',{ -'country-name' = asn1_NOVALUE, 'administration-domain-name' = asn1_NOVALUE, 'network-address' = asn1_NOVALUE, 'terminal-identifier' = asn1_NOVALUE, 'private-domain-name' = asn1_NOVALUE, 'organization-name' = asn1_NOVALUE, 'numeric-user-identifier' = asn1_NOVALUE, 'personal-name' = asn1_NOVALUE, 'organizational-unit-names' = asn1_NOVALUE}). - --record('PersonalName',{ -surname, 'given-name' = asn1_NOVALUE, initials = asn1_NOVALUE, 'generation-qualifier' = asn1_NOVALUE}). - --record('BuiltInDomainDefinedAttribute',{ -type, value}). - --record('ExtensionAttribute',{ -'extension-attribute-type', 'extension-attribute-value'}). - --record('TeletexPersonalName',{ -surname, 'given-name' = asn1_NOVALUE, initials = asn1_NOVALUE, 'generation-qualifier' = asn1_NOVALUE}). - --record('UnformattedPostalAddress',{ -'printable-address' = asn1_NOVALUE, 'teletex-string' = asn1_NOVALUE}). - --record('PDSParameter',{ -'printable-string' = asn1_NOVALUE, 'teletex-string' = asn1_NOVALUE}). - --record('ExtendedNetworkAddress_e163-4-address',{ -number, 'sub-address' = asn1_NOVALUE}). - --record('PresentationAddress',{ -pSelector = asn1_NOVALUE, sSelector = asn1_NOVALUE, tSelector = asn1_NOVALUE, nAddresses}). - --record('TeletexDomainDefinedAttribute',{ -type, value}). - --define('id-pkix', {1,3,6,1,5,5,7}). --define('id-pe', {1,3,6,1,5,5,7,1}). --define('id-qt', {1,3,6,1,5,5,7,2}). --define('id-kp', {1,3,6,1,5,5,7,3}). --define('id-ad', {1,3,6,1,5,5,7,48}). --define('id-qt-cps', {1,3,6,1,5,5,7,2,1}). --define('id-qt-unotice', {1,3,6,1,5,5,7,2,2}). --define('id-ad-ocsp', {1,3,6,1,5,5,7,48,1}). --define('id-ad-caIssuers', {1,3,6,1,5,5,7,48,2}). --define('id-ad-timeStamping', {1,3,6,1,5,5,7,48,3}). --define('id-ad-caRepository', {1,3,6,1,5,5,7,48,5}). --define('id-at', {2,5,4}). --define('id-at-name', {2,5,4,41}). --define('id-at-surname', {2,5,4,4}). --define('id-at-givenName', {2,5,4,42}). --define('id-at-initials', {2,5,4,43}). --define('id-at-generationQualifier', {2,5,4,44}). --define('id-at-commonName', {2,5,4,3}). --define('id-at-localityName', {2,5,4,7}). --define('id-at-stateOrProvinceName', {2,5,4,8}). --define('id-at-organizationName', {2,5,4,10}). --define('id-at-organizationalUnitName', {2,5,4,11}). --define('id-at-title', {2,5,4,12}). --define('id-at-dnQualifier', {2,5,4,46}). --define('id-at-countryName', {2,5,4,6}). --define('id-at-serialNumber', {2,5,4,5}). --define('id-at-pseudonym', {2,5,4,65}). --define('id-domainComponent', {0,9,2342,19200300,100,1,25}). --define('pkcs-9', {1,2,840,113549,1,9}). --define('id-emailAddress', {1,2,840,113549,1,9,1}). --define('common-name', 1). --define('teletex-common-name', 2). --define('teletex-organization-name', 3). --define('teletex-personal-name', 4). --define('teletex-organizational-unit-names', 5). --define('pds-name', 7). --define('physical-delivery-country-name', 8). --define('postal-code', 9). --define('physical-delivery-office-name', 10). --define('physical-delivery-office-number', 11). --define('extension-OR-address-components', 12). --define('physical-delivery-personal-name', 13). --define('physical-delivery-organization-name', 14). --define('extension-physical-delivery-address-components', 15). --define('unformatted-postal-address', 16). --define('street-address', 17). --define('post-office-box-address', 18). --define('poste-restante-address', 19). --define('unique-postal-name', 20). --define('local-postal-attributes', 21). --define('extended-network-address', 22). --define('terminal-type', 23). --define('teletex-domain-defined-attributes', 6). --define('ub-name', 32768). --define('ub-common-name', 64). --define('ub-locality-name', 128). --define('ub-state-name', 128). --define('ub-organization-name', 64). --define('ub-organizational-unit-name', 64). --define('ub-title', 64). --define('ub-serial-number', 64). --define('ub-match', 128). --define('ub-emailaddress-length', 128). --define('ub-common-name-length', 64). --define('ub-country-name-alpha-length', 2). --define('ub-country-name-numeric-length', 3). --define('ub-domain-defined-attributes', 4). --define('ub-domain-defined-attribute-type-length', 8). --define('ub-domain-defined-attribute-value-length', 128). --define('ub-domain-name-length', 16). --define('ub-extension-attributes', 256). --define('ub-e163-4-number-length', 15). --define('ub-e163-4-sub-address-length', 40). --define('ub-generation-qualifier-length', 3). --define('ub-given-name-length', 16). --define('ub-initials-length', 5). --define('ub-integer-options', 256). --define('ub-numeric-user-id-length', 32). --define('ub-organization-name-length', 64). --define('ub-organizational-unit-name-length', 32). --define('ub-organizational-units', 4). --define('ub-pds-name-length', 16). --define('ub-pds-parameter-length', 30). --define('ub-pds-physical-address-lines', 6). --define('ub-postal-code-length', 16). --define('ub-pseudonym', 128). --define('ub-surname-length', 40). --define('ub-terminal-id-length', 24). --define('ub-unformatted-address-length', 180). --define('ub-x121-address-length', 16). diff --git a/lib/ssl/pkix/PKIX1Implicit88.asn1 b/lib/ssl/pkix/PKIX1Implicit88.asn1 deleted file mode 100644 index ced270baf6..0000000000 --- a/lib/ssl/pkix/PKIX1Implicit88.asn1 +++ /dev/null @@ -1,349 +0,0 @@ -PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) internet(1) - security(5) mechanisms(5) pkix(7) id-mod(0) id-pkix1-implicit(19) } - -DEFINITIONS IMPLICIT TAGS ::= - -BEGIN - --- EXPORTS ALL -- - -IMPORTS - id-pe, id-kp, id-qt-unotice, id-qt-cps, - -- delete following line if "new" types are supported -- - -- BMPString, - -- UTF8String, end "new" types -- - ORAddress, Name, RelativeDistinguishedName, - CertificateSerialNumber, Attribute, DirectoryString - FROM PKIX1Explicit88 { iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) pkix(7) - id-mod(0) id-pkix1-explicit(18) }; - - --- ISO arc for standard certificate and CRL extensions - -id-ce OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 29} - --- authority key identifier OID and syntax - -id-ce-authorityKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 35 } - -AuthorityKeyIdentifier ::= SEQUENCE { - keyIdentifier [0] KeyIdentifier OPTIONAL, - authorityCertIssuer [1] GeneralNames OPTIONAL, - authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL } - -- authorityCertIssuer and authorityCertSerialNumber MUST both - -- be present or both be absent - -KeyIdentifier ::= OCTET STRING - --- subject key identifier OID and syntax - -id-ce-subjectKeyIdentifier OBJECT IDENTIFIER ::= { id-ce 14 } - -SubjectKeyIdentifier ::= KeyIdentifier - --- key usage extension OID and syntax - -id-ce-keyUsage OBJECT IDENTIFIER ::= { id-ce 15 } - -KeyUsage ::= BIT STRING { - digitalSignature (0), - nonRepudiation (1), - keyEncipherment (2), - dataEncipherment (3), - keyAgreement (4), - keyCertSign (5), - cRLSign (6), - encipherOnly (7), - decipherOnly (8) } - --- private key usage period extension OID and syntax - -id-ce-privateKeyUsagePeriod OBJECT IDENTIFIER ::= { id-ce 16 } - -PrivateKeyUsagePeriod ::= SEQUENCE { - notBefore [0] GeneralizedTime OPTIONAL, - notAfter [1] GeneralizedTime OPTIONAL } - -- either notBefore or notAfter MUST be present - --- certificate policies extension OID and syntax - -id-ce-certificatePolicies OBJECT IDENTIFIER ::= { id-ce 32 } - -anyPolicy OBJECT IDENTIFIER ::= { id-ce-certificatePolicies 0 } - -CertificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation - -PolicyInformation ::= SEQUENCE { - policyIdentifier CertPolicyId, - policyQualifiers SEQUENCE SIZE (1..MAX) OF - PolicyQualifierInfo OPTIONAL } - -CertPolicyId ::= OBJECT IDENTIFIER - -PolicyQualifierInfo ::= SEQUENCE { - policyQualifierId PolicyQualifierId, - qualifier ANY DEFINED BY policyQualifierId } - --- Implementations that recognize additional policy qualifiers MUST --- augment the following definition for PolicyQualifierId - -PolicyQualifierId ::= - OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice ) - --- CPS pointer qualifier - -CPSuri ::= IA5String - --- user notice qualifier - -UserNotice ::= SEQUENCE { - noticeRef NoticeReference OPTIONAL, - explicitText DisplayText OPTIONAL} - -NoticeReference ::= SEQUENCE { - organization DisplayText, - noticeNumbers SEQUENCE OF INTEGER } - -DisplayText ::= CHOICE { - ia5String IA5String (SIZE (1..200)), - visibleString VisibleString (SIZE (1..200)), - bmpString BMPString (SIZE (1..200)), - utf8String UTF8String (SIZE (1..200)) } - --- policy mapping extension OID and syntax - -id-ce-policyMappings OBJECT IDENTIFIER ::= { id-ce 33 } - -PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE { - issuerDomainPolicy CertPolicyId, - subjectDomainPolicy CertPolicyId } - --- subject alternative name extension OID and syntax - -id-ce-subjectAltName OBJECT IDENTIFIER ::= { id-ce 17 } - -SubjectAltName ::= GeneralNames - -GeneralNames ::= SEQUENCE SIZE (1..MAX) OF GeneralName - -GeneralName ::= CHOICE { - otherName [0] AnotherName, - rfc822Name [1] IA5String, - dNSName [2] IA5String, - x400Address [3] ORAddress, - directoryName [4] Name, - ediPartyName [5] EDIPartyName, - uniformResourceIdentifier [6] IA5String, - iPAddress [7] OCTET STRING, - registeredID [8] OBJECT IDENTIFIER } - --- AnotherName replaces OTHER-NAME ::= TYPE-IDENTIFIER, as --- TYPE-IDENTIFIER is not supported in the '88 ASN.1 syntax - -AnotherName ::= SEQUENCE { - type-id OBJECT IDENTIFIER, - value [0] EXPLICIT ANY DEFINED BY type-id } - -EDIPartyName ::= SEQUENCE { - nameAssigner [0] DirectoryString OPTIONAL, - partyName [1] DirectoryString } - --- issuer alternative name extension OID and syntax - -id-ce-issuerAltName OBJECT IDENTIFIER ::= { id-ce 18 } - -IssuerAltName ::= GeneralNames - -id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::= { id-ce 9 } - -SubjectDirectoryAttributes ::= SEQUENCE SIZE (1..MAX) OF Attribute - --- basic constraints extension OID and syntax - -id-ce-basicConstraints OBJECT IDENTIFIER ::= { id-ce 19 } - -BasicConstraints ::= SEQUENCE { - cA BOOLEAN DEFAULT FALSE, - pathLenConstraint INTEGER (0..MAX) OPTIONAL } - --- name constraints extension OID and syntax - -id-ce-nameConstraints OBJECT IDENTIFIER ::= { id-ce 30 } - -NameConstraints ::= SEQUENCE { - permittedSubtrees [0] GeneralSubtrees OPTIONAL, - excludedSubtrees [1] GeneralSubtrees OPTIONAL } - -GeneralSubtrees ::= SEQUENCE SIZE (1..MAX) OF GeneralSubtree - -GeneralSubtree ::= SEQUENCE { - base GeneralName, - minimum [0] BaseDistance DEFAULT 0, - maximum [1] BaseDistance OPTIONAL } - -BaseDistance ::= INTEGER (0..MAX) - --- policy constraints extension OID and syntax - -id-ce-policyConstraints OBJECT IDENTIFIER ::= { id-ce 36 } - -PolicyConstraints ::= SEQUENCE { - requireExplicitPolicy [0] SkipCerts OPTIONAL, - inhibitPolicyMapping [1] SkipCerts OPTIONAL } - -SkipCerts ::= INTEGER (0..MAX) - --- CRL distribution points extension OID and syntax - -id-ce-cRLDistributionPoints OBJECT IDENTIFIER ::= {id-ce 31} - -CRLDistributionPoints ::= SEQUENCE SIZE (1..MAX) OF DistributionPoint - -DistributionPoint ::= SEQUENCE { - distributionPoint [0] DistributionPointName OPTIONAL, - reasons [1] ReasonFlags OPTIONAL, - cRLIssuer [2] GeneralNames OPTIONAL } - -DistributionPointName ::= CHOICE { - fullName [0] GeneralNames, - nameRelativeToCRLIssuer [1] RelativeDistinguishedName } - -ReasonFlags ::= BIT STRING { - unused (0), - keyCompromise (1), - cACompromise (2), - affiliationChanged (3), - superseded (4), - cessationOfOperation (5), - certificateHold (6), - privilegeWithdrawn (7), - aACompromise (8) } - --- extended key usage extension OID and syntax - -id-ce-extKeyUsage OBJECT IDENTIFIER ::= {id-ce 37} - -ExtKeyUsageSyntax ::= SEQUENCE SIZE (1..MAX) OF KeyPurposeId - - -KeyPurposeId ::= OBJECT IDENTIFIER - --- permit unspecified key uses - -anyExtendedKeyUsage OBJECT IDENTIFIER ::= { id-ce-extKeyUsage 0 } - --- extended key purpose OIDs - -id-kp-serverAuth OBJECT IDENTIFIER ::= { id-kp 1 } -id-kp-clientAuth OBJECT IDENTIFIER ::= { id-kp 2 } -id-kp-codeSigning OBJECT IDENTIFIER ::= { id-kp 3 } -id-kp-emailProtection OBJECT IDENTIFIER ::= { id-kp 4 } -id-kp-timeStamping OBJECT IDENTIFIER ::= { id-kp 8 } -id-kp-OCSPSigning OBJECT IDENTIFIER ::= { id-kp 9 } - --- inhibit any policy OID and syntax - -id-ce-inhibitAnyPolicy OBJECT IDENTIFIER ::= { id-ce 54 } - -InhibitAnyPolicy ::= SkipCerts - --- freshest (delta)CRL extension OID and syntax - -id-ce-freshestCRL OBJECT IDENTIFIER ::= { id-ce 46 } - -FreshestCRL ::= CRLDistributionPoints - --- authority info access - -id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 } - -AuthorityInfoAccessSyntax ::= - SEQUENCE SIZE (1..MAX) OF AccessDescription - -AccessDescription ::= SEQUENCE { - accessMethod OBJECT IDENTIFIER, - accessLocation GeneralName } - --- subject info access - -id-pe-subjectInfoAccess OBJECT IDENTIFIER ::= { id-pe 11 } - -SubjectInfoAccessSyntax ::= - SEQUENCE SIZE (1..MAX) OF AccessDescription - --- CRL number extension OID and syntax - -id-ce-cRLNumber OBJECT IDENTIFIER ::= { id-ce 20 } - -CRLNumber ::= INTEGER (0..MAX) - --- issuing distribution point extension OID and syntax - -id-ce-issuingDistributionPoint OBJECT IDENTIFIER ::= { id-ce 28 } - -IssuingDistributionPoint ::= SEQUENCE { - distributionPoint [0] DistributionPointName OPTIONAL, - onlyContainsUserCerts [1] BOOLEAN DEFAULT FALSE, - onlyContainsCACerts [2] BOOLEAN DEFAULT FALSE, - onlySomeReasons [3] ReasonFlags OPTIONAL, - indirectCRL [4] BOOLEAN DEFAULT FALSE, - onlyContainsAttributeCerts [5] BOOLEAN DEFAULT FALSE } - -id-ce-deltaCRLIndicator OBJECT IDENTIFIER ::= { id-ce 27 } - -BaseCRLNumber ::= CRLNumber - --- CRL reasons extension OID and syntax - -id-ce-cRLReasons OBJECT IDENTIFIER ::= { id-ce 21 } - -CRLReason ::= ENUMERATED { - unspecified (0), - keyCompromise (1), - cACompromise (2), - affiliationChanged (3), - superseded (4), - cessationOfOperation (5), - certificateHold (6), - removeFromCRL (8), - privilegeWithdrawn (9), - aACompromise (10) } - --- certificate issuer CRL entry extension OID and syntax - -id-ce-certificateIssuer OBJECT IDENTIFIER ::= { id-ce 29 } - -CertificateIssuer ::= GeneralNames - --- hold instruction extension OID and syntax - -id-ce-holdInstructionCode OBJECT IDENTIFIER ::= { id-ce 23 } - -HoldInstructionCode ::= OBJECT IDENTIFIER - --- ANSI x9 holdinstructions - --- ANSI x9 arc holdinstruction arc - -holdInstruction OBJECT IDENTIFIER ::= - {joint-iso-itu-t(2) member-body(2) us(840) x9cm(10040) 2} - --- ANSI X9 holdinstructions referenced by this standard - -id-holdinstruction-none OBJECT IDENTIFIER ::= - {holdInstruction 1} -- deprecated - -id-holdinstruction-callissuer OBJECT IDENTIFIER ::= - {holdInstruction 2} - -id-holdinstruction-reject OBJECT IDENTIFIER ::= - {holdInstruction 3} - --- invalidity date CRL entry extension OID and syntax - -id-ce-invalidityDate OBJECT IDENTIFIER ::= { id-ce 24 } - -InvalidityDate ::= GeneralizedTime - -END diff --git a/lib/ssl/pkix/PKIX1Implicit88.hrl b/lib/ssl/pkix/PKIX1Implicit88.hrl deleted file mode 100644 index 8fa1836284..0000000000 --- a/lib/ssl/pkix/PKIX1Implicit88.hrl +++ /dev/null @@ -1,93 +0,0 @@ -%% Generated by the Erlang ASN.1 compiler version:1.4.4.8 -%% Purpose: Erlang record definitions for each named and unnamed -%% SEQUENCE and SET, and macro definitions for each value -%% definition,in module PKIX1Implicit88 - - - --record('AuthorityKeyIdentifier',{ -keyIdentifier = asn1_NOVALUE, authorityCertIssuer = asn1_NOVALUE, authorityCertSerialNumber = asn1_NOVALUE}). - --record('PrivateKeyUsagePeriod',{ -notBefore = asn1_NOVALUE, notAfter = asn1_NOVALUE}). - --record('PolicyInformation',{ -policyIdentifier, policyQualifiers = asn1_NOVALUE}). - --record('PolicyQualifierInfo',{ -policyQualifierId, qualifier}). - --record('UserNotice',{ -noticeRef = asn1_NOVALUE, explicitText = asn1_NOVALUE}). - --record('NoticeReference',{ -organization, noticeNumbers}). - --record('PolicyMappings_SEQOF',{ -issuerDomainPolicy, subjectDomainPolicy}). - --record('AnotherName',{ -'type-id', value}). - --record('EDIPartyName',{ -nameAssigner = asn1_NOVALUE, partyName}). - --record('BasicConstraints',{ -cA = asn1_DEFAULT, pathLenConstraint = asn1_NOVALUE}). - --record('NameConstraints',{ -permittedSubtrees = asn1_NOVALUE, excludedSubtrees = asn1_NOVALUE}). - --record('GeneralSubtree',{ -base, minimum = asn1_DEFAULT, maximum = asn1_NOVALUE}). - --record('PolicyConstraints',{ -requireExplicitPolicy = asn1_NOVALUE, inhibitPolicyMapping = asn1_NOVALUE}). - --record('DistributionPoint',{ -distributionPoint = asn1_NOVALUE, reasons = asn1_NOVALUE, cRLIssuer = asn1_NOVALUE}). - --record('AccessDescription',{ -accessMethod, accessLocation}). - --record('IssuingDistributionPoint',{ -distributionPoint = asn1_NOVALUE, onlyContainsUserCerts = asn1_DEFAULT, onlyContainsCACerts = asn1_DEFAULT, onlySomeReasons = asn1_NOVALUE, indirectCRL = asn1_DEFAULT, onlyContainsAttributeCerts = asn1_DEFAULT}). - --define('id-ce', {2,5,29}). --define('id-ce-authorityKeyIdentifier', {2,5,29,35}). --define('id-ce-subjectKeyIdentifier', {2,5,29,14}). --define('id-ce-keyUsage', {2,5,29,15}). --define('id-ce-privateKeyUsagePeriod', {2,5,29,16}). --define('id-ce-certificatePolicies', {2,5,29,32}). --define('anyPolicy', {2,5,29,32,0}). --define('id-ce-policyMappings', {2,5,29,33}). --define('id-ce-subjectAltName', {2,5,29,17}). --define('id-ce-issuerAltName', {2,5,29,18}). --define('id-ce-subjectDirectoryAttributes', {2,5,29,9}). --define('id-ce-basicConstraints', {2,5,29,19}). --define('id-ce-nameConstraints', {2,5,29,30}). --define('id-ce-policyConstraints', {2,5,29,36}). --define('id-ce-cRLDistributionPoints', {2,5,29,31}). --define('id-ce-extKeyUsage', {2,5,29,37}). --define('anyExtendedKeyUsage', {2,5,29,37,0}). --define('id-kp-serverAuth', {1,3,6,1,5,5,7,3,1}). --define('id-kp-clientAuth', {1,3,6,1,5,5,7,3,2}). --define('id-kp-codeSigning', {1,3,6,1,5,5,7,3,3}). --define('id-kp-emailProtection', {1,3,6,1,5,5,7,3,4}). --define('id-kp-timeStamping', {1,3,6,1,5,5,7,3,8}). --define('id-kp-OCSPSigning', {1,3,6,1,5,5,7,3,9}). --define('id-ce-inhibitAnyPolicy', {2,5,29,54}). --define('id-ce-freshestCRL', {2,5,29,46}). --define('id-pe-authorityInfoAccess', {1,3,6,1,5,5,7,1,1}). --define('id-pe-subjectInfoAccess', {1,3,6,1,5,5,7,1,11}). --define('id-ce-cRLNumber', {2,5,29,20}). --define('id-ce-issuingDistributionPoint', {2,5,29,28}). --define('id-ce-deltaCRLIndicator', {2,5,29,27}). --define('id-ce-cRLReasons', {2,5,29,21}). --define('id-ce-certificateIssuer', {2,5,29,29}). --define('id-ce-holdInstructionCode', {2,5,29,23}). --define('holdInstruction', {2,2,840,10040,2}). --define('id-holdinstruction-none', {2,2,840,10040,2,1}). --define('id-holdinstruction-callissuer', {2,2,840,10040,2,2}). --define('id-holdinstruction-reject', {2,2,840,10040,2,3}). --define('id-ce-invalidityDate', {2,5,29,24}). diff --git a/lib/ssl/pkix/PKIXAttributeCertificate.asn1 b/lib/ssl/pkix/PKIXAttributeCertificate.asn1 deleted file mode 100644 index 7d93e6b37e..0000000000 --- a/lib/ssl/pkix/PKIXAttributeCertificate.asn1 +++ /dev/null @@ -1,189 +0,0 @@ - PKIXAttributeCertificate {iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-attribute-cert(12)} - - DEFINITIONS IMPLICIT TAGS ::= - - BEGIN - - -- EXPORTS ALL -- - - IMPORTS - - -- IMPORTed module OIDs MAY change if [PKIXPROF] changes - -- PKIX Certificate Extensions - Attribute, AlgorithmIdentifier, CertificateSerialNumber, - Extensions, UniqueIdentifier, - id-pkix, id-pe, id-kp, id-ad, id-at - FROM PKIX1Explicit88 {iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) - pkix(7) id-mod(0) id-pkix1-explicit-88(1)} - - GeneralName, GeneralNames, id-ce - FROM PKIX1Implicit88 {iso(1) identified-organization(3) - dod(6) internet(1) security(5) mechanisms(5) - pkix(7) id-mod(0) id-pkix1-implicit-88(2)} ; - - id-pe-ac-auditIdentity OBJECT IDENTIFIER ::= { id-pe 4 } - id-pe-aaControls OBJECT IDENTIFIER ::= { id-pe 6 } - id-pe-ac-proxying OBJECT IDENTIFIER ::= { id-pe 10 } - id-ce-targetInformation OBJECT IDENTIFIER ::= { id-ce 55 } - - id-aca OBJECT IDENTIFIER ::= { id-pkix 10 } - id-aca-authenticationInfo OBJECT IDENTIFIER ::= { id-aca 1 } - id-aca-accessIdentity OBJECT IDENTIFIER ::= { id-aca 2 } - id-aca-chargingIdentity OBJECT IDENTIFIER ::= { id-aca 3 } - id-aca-group OBJECT IDENTIFIER ::= { id-aca 4 } - -- { id-aca 5 } is reserved - id-aca-encAttrs OBJECT IDENTIFIER ::= { id-aca 6 } - - id-at-role OBJECT IDENTIFIER ::= { id-at 72} - id-at-clearance OBJECT IDENTIFIER ::= - { joint-iso-ccitt(2) ds(5) module(1) - selected-attribute-types(5) clearance (55) } - - -- Uncomment this if using a 1988 level ASN.1 compiler - -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING - - AttributeCertificate ::= SEQUENCE { - acinfo AttributeCertificateInfo, - signatureAlgorithm AlgorithmIdentifier, - signatureValue BIT STRING - } - - AttributeCertificateInfo ::= SEQUENCE { - version AttCertVersion, -- version is v2 - holder Holder, - issuer AttCertIssuer, - signature AlgorithmIdentifier, - serialNumber CertificateSerialNumber, - attrCertValidityPeriod AttCertValidityPeriod, - attributes SEQUENCE OF Attribute, - issuerUniqueID UniqueIdentifier OPTIONAL, - extensions Extensions OPTIONAL - } - - AttCertVersion ::= INTEGER { v2(1) } - - Holder ::= SEQUENCE { - baseCertificateID [0] IssuerSerial OPTIONAL, - -- the issuer and serial number of - -- the holder's Public Key Certificate - entityName [1] GeneralNames OPTIONAL, - -- the name of the claimant or role - objectDigestInfo [2] ObjectDigestInfo OPTIONAL - -- used to directly authenticate the - -- holder, for example, an executable - } - - ObjectDigestInfo ::= SEQUENCE { - digestedObjectType ENUMERATED { - publicKey (0), - publicKeyCert (1), - otherObjectTypes (2) }, - -- otherObjectTypes MUST NOT - -- MUST NOT be used in this profile - otherObjectTypeID OBJECT IDENTIFIER OPTIONAL, - digestAlgorithm AlgorithmIdentifier, - objectDigest BIT STRING - } - - AttCertIssuer ::= CHOICE { - v1Form GeneralNames, -- MUST NOT be used in this - -- profile - v2Form [0] V2Form -- v2 only - } - - V2Form ::= SEQUENCE { - issuerName GeneralNames OPTIONAL, - baseCertificateID [0] IssuerSerial OPTIONAL, - objectDigestInfo [1] ObjectDigestInfo OPTIONAL - -- issuerName MUST be present in this profile - -- baseCertificateID and objectDigestInfo MUST - -- NOT be present in this profile - } - - IssuerSerial ::= SEQUENCE { - issuer GeneralNames, - serial CertificateSerialNumber, - issuerUID UniqueIdentifier OPTIONAL - } - - AttCertValidityPeriod ::= SEQUENCE { - notBeforeTime GeneralizedTime, - notAfterTime GeneralizedTime - } - - Targets ::= SEQUENCE OF Target - - Target ::= CHOICE { - targetName [0] GeneralName, - targetGroup [1] GeneralName, - targetCert [2] TargetCert - } - - TargetCert ::= SEQUENCE { - targetCertificate IssuerSerial, - targetName GeneralName OPTIONAL, - certDigestInfo ObjectDigestInfo OPTIONAL - } - - IetfAttrSyntax ::= SEQUENCE { - policyAuthority[0] GeneralNames OPTIONAL, - values SEQUENCE OF CHOICE { - octets OCTET STRING, - oid OBJECT IDENTIFIER, - string UTF8String - } - } - - SvceAuthInfo ::= SEQUENCE { - service GeneralName, - ident GeneralName, - authInfo OCTET STRING OPTIONAL - } - - RoleSyntax ::= SEQUENCE { - roleAuthority [0] GeneralNames OPTIONAL, - roleName [1] GeneralName - } - - Clearance ::= SEQUENCE { - policyId [0] OBJECT IDENTIFIER, - classList [1] ClassList DEFAULT {unclassified}, - securityCategories - [2] SET OF SecurityCategory OPTIONAL - } - - ClassList ::= BIT STRING { - unmarked (0), - unclassified (1), - restricted (2), - confidential (3), - secret (4), - topSecret (5) - } - - SecurityCategory ::= SEQUENCE { - type [0] IMPLICIT OBJECT IDENTIFIER, - value [1] ANY DEFINED BY type - } - - AAControls ::= SEQUENCE { - pathLenConstraint INTEGER (0..MAX) OPTIONAL, - permittedAttrs [0] AttrSpec OPTIONAL, - excludedAttrs [1] AttrSpec OPTIONAL, - permitUnSpecified BOOLEAN DEFAULT TRUE - } - - AttrSpec::= SEQUENCE OF OBJECT IDENTIFIER - - ACClearAttrs ::= SEQUENCE { - acIssuer GeneralName, - acSerial INTEGER, - attrs SEQUENCE OF Attribute - } - - ProxyInfo ::= SEQUENCE OF Targets - - END diff --git a/lib/ssl/pkix/PKIXAttributeCertificate.hrl b/lib/ssl/pkix/PKIXAttributeCertificate.hrl deleted file mode 100644 index 99389c4852..0000000000 --- a/lib/ssl/pkix/PKIXAttributeCertificate.hrl +++ /dev/null @@ -1,64 +0,0 @@ -%% Generated by the Erlang ASN.1 compiler version:1.4.4.8 -%% Purpose: Erlang record definitions for each named and unnamed -%% SEQUENCE and SET, and macro definitions for each value -%% definition,in module PKIXAttributeCertificate - - - --record('AttributeCertificate',{ -acinfo, signatureAlgorithm, signatureValue}). - --record('AttributeCertificateInfo',{ -version, holder, issuer, signature, serialNumber, attrCertValidityPeriod, attributes, issuerUniqueID = asn1_NOVALUE, extensions = asn1_NOVALUE}). - --record('Holder',{ -baseCertificateID = asn1_NOVALUE, entityName = asn1_NOVALUE, objectDigestInfo = asn1_NOVALUE}). - --record('ObjectDigestInfo',{ -digestedObjectType, otherObjectTypeID = asn1_NOVALUE, digestAlgorithm, objectDigest}). - --record('V2Form',{ -issuerName = asn1_NOVALUE, baseCertificateID = asn1_NOVALUE, objectDigestInfo = asn1_NOVALUE}). - --record('IssuerSerial',{ -issuer, serial, issuerUID = asn1_NOVALUE}). - --record('AttCertValidityPeriod',{ -notBeforeTime, notAfterTime}). - --record('TargetCert',{ -targetCertificate, targetName = asn1_NOVALUE, certDigestInfo = asn1_NOVALUE}). - --record('IetfAttrSyntax',{ -policyAuthority = asn1_NOVALUE, values}). - --record('SvceAuthInfo',{ -service, ident, authInfo = asn1_NOVALUE}). - --record('RoleSyntax',{ -roleAuthority = asn1_NOVALUE, roleName}). - --record('Clearance',{ -policyId, classList = asn1_DEFAULT, securityCategories = asn1_NOVALUE}). - --record('SecurityCategory',{ -type, value}). - --record('AAControls',{ -pathLenConstraint = asn1_NOVALUE, permittedAttrs = asn1_NOVALUE, excludedAttrs = asn1_NOVALUE, permitUnSpecified = asn1_DEFAULT}). - --record('ACClearAttrs',{ -acIssuer, acSerial, attrs}). - --define('id-pe-ac-auditIdentity', {1,3,6,1,5,5,7,1,4}). --define('id-pe-aaControls', {1,3,6,1,5,5,7,1,6}). --define('id-pe-ac-proxying', {1,3,6,1,5,5,7,1,10}). --define('id-ce-targetInformation', {2,5,29,55}). --define('id-aca', {1,3,6,1,5,5,7,10}). --define('id-aca-authenticationInfo', {1,3,6,1,5,5,7,10,1}). --define('id-aca-accessIdentity', {1,3,6,1,5,5,7,10,2}). --define('id-aca-chargingIdentity', {1,3,6,1,5,5,7,10,3}). --define('id-aca-group', {1,3,6,1,5,5,7,10,4}). --define('id-aca-encAttrs', {1,3,6,1,5,5,7,10,6}). --define('id-at-role', {2,5,4,72}). --define('id-at-clearance', {2,5,1,5,55}). diff --git a/lib/ssl/pkix/README b/lib/ssl/pkix/README deleted file mode 100644 index 8be2c15de5..0000000000 --- a/lib/ssl/pkix/README +++ /dev/null @@ -1,49 +0,0 @@ -The files - - PKIX1Algorithms88.asn1 - PKIX1Explicit88.asn1 - PKIX1Implicit88.asn1 - PKIXAttributeCertificate.asn1 - -are from RFCs 3279, 3280 and 3281. - -We have edited PKIX1Explicit88.asn1, PKIX1Implicit88.asn1, and -PKIXAttributeCertificate.asn1 as follows: - - -1. Removal of definition of UniversalString and BMPString: - -diff -r1.1 PKIX1Explicit88.asn1 -15c15 -< UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING ---- -> -- UniversalString ::= [UNIVERSAL 28] IMPLICIT OCTET STRING -18c18 -< BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING ---- -> -- BMPString ::= [UNIVERSAL 30] IMPLICIT OCTET STRING - - -2. Removal of definition of BMPString: - -diff -r1.1 PKIX1Implicit88.asn1 -13c13,14 -< BMPString, UTF8String, -- end "new" types -- ---- -> -- BMPString, -> UTF8String, -- end "new" types -- - - -3. Addition of definition of UTF8String, and correction of a typo. - -diff -r1.1 PKIXAttributeCertificate.asn1 -46c46 -< -- UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING ---- -> UTF8String ::= [UNIVERSAL 12] IMPLICIT OCTET STRING -55c55 -< version AttCertVersion -- version is v2, ---- -> version AttCertVersion, -- version is v2 - -PKIX1Algorithms88.asn1 is unchanged. diff --git a/lib/ssl/pkix/SSL-PKIX.asn1 b/lib/ssl/pkix/SSL-PKIX.asn1 deleted file mode 100644 index ea6333f953..0000000000 --- a/lib/ssl/pkix/SSL-PKIX.asn1 +++ /dev/null @@ -1,704 +0,0 @@ -SSL-PKIX {iso(1) identified-organization(3) dod(6) internet(1) - private(4) enterprices(1) ericsson(193) otp(19) ssl(10) - pkix1(1)} - -DEFINITIONS EXPLICIT TAGS ::= - -BEGIN - --- EXPORTS ALL - -IMPORTS - -- Certificate (parts of) - Version, - CertificateSerialNumber, - --AlgorithmIdentifier, - Validity, - UniqueIdentifier, - - -- AttribyteTypeAndValue - Name, - AttributeType, - id-at-name, - id-at-surname, - id-at-givenName, - id-at-initials, - id-at-generationQualifier, X520name, - id-at-commonName, X520CommonName, - id-at-localityName, X520LocalityName, - id-at-stateOrProvinceName, X520StateOrProvinceName, - id-at-organizationName, X520OrganizationName, - id-at-organizationalUnitName, X520OrganizationalUnitName, - id-at-title, X520Title, - id-at-dnQualifier, X520dnQualifier, - id-at-countryName, X520countryName, - id-at-serialNumber, X520SerialNumber, - id-at-pseudonym, X520Pseudonym, - id-domainComponent, DomainComponent, - id-emailAddress, EmailAddress, - - -- Extension Attributes - common-name, CommonName, - teletex-common-name, TeletexCommonName, - teletex-personal-name, TeletexPersonalName, - pds-name, PDSName, - physical-delivery-country-name, PhysicalDeliveryCountryName, - postal-code, PostalCode, - physical-delivery-office-name, PhysicalDeliveryOfficeName, - physical-delivery-office-number, PhysicalDeliveryOfficeNumber, - extension-OR-address-components, ExtensionORAddressComponents, - physical-delivery-personal-name, PhysicalDeliveryPersonalName, - physical-delivery-organization-name, PhysicalDeliveryOrganizationName, - extension-physical-delivery-address-components, - ExtensionPhysicalDeliveryAddressComponents, - unformatted-postal-address, UnformattedPostalAddress, - street-address, StreetAddress, - post-office-box-address, PostOfficeBoxAddress, - poste-restante-address, PosteRestanteAddress, - unique-postal-name, UniquePostalName, - local-postal-attributes, LocalPostalAttributes, - extended-network-address, ExtendedNetworkAddress, - terminal-type, TerminalType, - teletex-domain-defined-attributes, TeletexDomainDefinedAttributes - - FROM PKIX1Explicit88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-pkix1-explicit(18) } - - -- Extensions - id-ce-authorityKeyIdentifier, AuthorityKeyIdentifier, - id-ce-subjectKeyIdentifier, SubjectKeyIdentifier, - id-ce-keyUsage, KeyUsage, - id-ce-privateKeyUsagePeriod, PrivateKeyUsagePeriod, - id-ce-certificatePolicies, CertificatePolicies, - id-ce-policyMappings, PolicyMappings, - id-ce-subjectAltName, SubjectAltName, - id-ce-issuerAltName, IssuerAltName, - id-ce-subjectDirectoryAttributes, SubjectDirectoryAttributes, - id-ce-basicConstraints, BasicConstraints, - id-ce-nameConstraints, NameConstraints, - id-ce-policyConstraints, PolicyConstraints, - id-ce-cRLDistributionPoints, CRLDistributionPoints, - id-ce-extKeyUsage, ExtKeyUsageSyntax, - id-ce-inhibitAnyPolicy, InhibitAnyPolicy, - id-ce-freshestCRL, FreshestCRL, - id-pe-authorityInfoAccess, AuthorityInfoAccessSyntax, - id-pe-subjectInfoAccess, SubjectInfoAccessSyntax, - id-ce-cRLNumber, CRLNumber, - id-ce-issuingDistributionPoint, IssuingDistributionPoint, - id-ce-deltaCRLIndicator, BaseCRLNumber, - id-ce-cRLReasons, CRLReason, - id-ce-certificateIssuer, CertificateIssuer, - id-ce-holdInstructionCode, HoldInstructionCode, - id-ce-invalidityDate, InvalidityDate - - FROM PKIX1Implicit88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-pkix1-implicit(19) } - - --Keys and Signatures - id-dsa, Dss-Parms, DSAPublicKey, - id-dsa-with-sha1, - md2WithRSAEncryption, - md5WithRSAEncryption, - sha1WithRSAEncryption, - rsaEncryption, RSAPublicKey, - dhpublicnumber, DomainParameters, DHPublicKey, - id-keyExchangeAlgorithm, KEA-Parms-Id, --KEA-PublicKey, - ecdsa-with-SHA1, - prime-field, Prime-p, - characteristic-two-field, --Characteristic-two, - gnBasis, - tpBasis, Trinomial, - ppBasis, Pentanomial, - id-ecPublicKey, EcpkParameters, ECPoint - FROM PKIX1Algorithms88 { iso(1) identified-organization(3) dod(6) - internet(1) security(5) mechanisms(5) pkix(7) id-mod(0) - id-mod-pkix1-algorithms(17) }; - --- --- Certificate --- - -SSLCertificate ::= SEQUENCE { - tbsCertificate TBSCertificate, - signatureAlgorithm SignatureAlgorithm, - signature BIT STRING } - -SSLTBSCertificate ::= SEQUENCE { - version [0] Version DEFAULT v1, - serialNumber CertificateSerialNumber, - signature SignatureAlgorithm, - issuer Name, - validity Validity, - subject Name, - subjectPublicKeyInfo SubjectPublicKeyInfo, - issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL, - -- If present, version MUST be v2 or v3 - extensions [3] Extensions OPTIONAL - -- If present, version MUST be v3 -- } - - --- Attribute type and values --- - -ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= CLASS { - &id AttributeType UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - -SSLAttributeTypeAndValue ::= SEQUENCE { - type ATTRIBUTE-TYPE-AND-VALUE-CLASS.&id - ({SupportedAttributeTypeAndValues}), - value ATTRIBUTE-TYPE-AND-VALUE-CLASS.&Type - ({SupportedAttributeTypeAndValues}{@type}) } - -SupportedAttributeTypeAndValues ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= - { name | surname | givenName | initials | generationQualifier | - commonName | localityName | stateOrProvinceName | organizationName | - organizationalUnitName | title | dnQualifier | countryName | - serialNumber | pseudonym | domainComponent | emailAddress } - -name ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-name - TYPE X520name } - -surname ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-surname - TYPE X520name } - -givenName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-givenName - TYPE X520name } - -initials ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-initials - TYPE X520name } - -generationQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-generationQualifier - TYPE X520name } - -commonName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-commonName - TYPE X520CommonName } - -localityName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-localityName - TYPE X520LocalityName } - -stateOrProvinceName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-stateOrProvinceName - TYPE X520StateOrProvinceName } - -organizationName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-organizationName - TYPE X520OrganizationName } - -organizationalUnitName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-organizationalUnitName - TYPE X520OrganizationalUnitName } - -title ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-title - TYPE X520Title } - -dnQualifier ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-dnQualifier - TYPE X520dnQualifier } - -countryName ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-countryName - TYPE X520countryName } - -serialNumber ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-serialNumber - TYPE X520SerialNumber } - -pseudonym ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-at-pseudonym - TYPE X520Pseudonym } - -domainComponent ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-domainComponent - TYPE DomainComponent } - -emailAddress ATTRIBUTE-TYPE-AND-VALUE-CLASS ::= { - ID id-emailAddress - TYPE EmailAddress } - --- --- Signature and Public Key Algorithms --- - -SSLSubjectPublicKeyInfo ::= SEQUENCE { - algorithm SEQUENCE { - algo PUBLIC-KEY-ALGORITHM-CLASS.&id - ({SupportedPublicKeyAlgorithms}), - parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type - ({SupportedPublicKeyAlgorithms}{@.algo}) - OPTIONAL - }, - subjectPublicKey PUBLIC-KEY-ALGORITHM-CLASS.&PublicKeyType - ({SupportedPublicKeyAlgorithms}{@algorithm.algo}) } - --- The following is needed for conversion of SubjectPublicKeyInfo. - -SSLSubjectPublicKeyInfo-Any ::= SEQUENCE { - algorithm PublicKeyAlgorithm, - subjectPublicKey ANY } - - -SIGNATURE-ALGORITHM-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type OPTIONAL } - WITH SYNTAX { - ID &id - [TYPE &Type] } - -PUBLIC-KEY-ALGORITHM-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type OPTIONAL, - &PublicKeyType OPTIONAL } - WITH SYNTAX { - ID &id - [TYPE &Type] - [PUBLIC-KEY-TYPE &PublicKeyType] } - -SignatureAlgorithm ::= SEQUENCE { - algorithm SIGNATURE-ALGORITHM-CLASS.&id - ({SupportedSignatureAlgorithms}), - parameters SIGNATURE-ALGORITHM-CLASS.&Type - ({SupportedSignatureAlgorithms}{@algorithm}) - OPTIONAL } - -SignatureAlgorithm-Any ::= SEQUENCE { - algorithm OBJECT IDENTIFIER, - parameters ANY OPTIONAL } - -PublicKeyAlgorithm ::= SEQUENCE { - algorithm PUBLIC-KEY-ALGORITHM-CLASS.&id - ({SupportedPublicKeyAlgorithms}), - parameters PUBLIC-KEY-ALGORITHM-CLASS.&Type - ({SupportedPublicKeyAlgorithms}{@algorithm}) - OPTIONAL } - -SupportedSignatureAlgorithms SIGNATURE-ALGORITHM-CLASS ::= { - dsa-with-sha1 | md2-with-rsa-encryption | - md5-with-rsa-encryption | sha1-with-rsa-encryption | - ecdsa-with-sha1 } - -SupportedPublicKeyAlgorithms PUBLIC-KEY-ALGORITHM-CLASS ::= { - dsa | rsa-encryption | dh | kea | ec-public-key } - - -- DSA Keys and Signatures - - -- SubjectPublicKeyInfo: - - dsa PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID id-dsa - TYPE Dss-Parms -- XXX Must be OPTIONAL - PUBLIC-KEY-TYPE DSAPublicKey } - - -- Certificate.signatureAlgorithm - - dsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { - ID id-dsa-with-sha1 - TYPE NULL } -- XXX Must be empty and not NULL - - -- - -- RSA Keys and Signatures - -- - - -- Certificate.signatureAlgorithm - - md2-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { - ID md2WithRSAEncryption - TYPE NULL } - - md5-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { - ID md5WithRSAEncryption - TYPE NULL } - - sha1-with-rsa-encryption SIGNATURE-ALGORITHM-CLASS ::= { - ID sha1WithRSAEncryption - TYPE NULL } - - -- Certificate.signature - -- See PKCS #1 (RFC 2313). XXX - - -- SubjectPublicKeyInfo: - - rsa-encryption PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID rsaEncryption - TYPE NULL - PUBLIC-KEY-TYPE RSAPublicKey } - - -- - -- Diffie-Hellman Keys - -- - - -- SubjectPublicKeyInfo: - - dh PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID dhpublicnumber - TYPE DomainParameters - PUBLIC-KEY-TYPE DHPublicKey } - - -- There are no Diffie-Hellman signature algorithms - - -- - -- KEA Keys - -- - - -- SubjectPublicKeyInfo: - - KEA-PublicKey ::= INTEGER - - kea PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID id-keyExchangeAlgorithm - TYPE KEA-Parms-Id - PUBLIC-KEY-TYPE KEA-PublicKey } - - -- There are no KEA signature algorithms - - -- - -- Elliptic Curve Keys, Signatures, and Curves - -- - - -- Certificate.signatureAlgorithm - - ecdsa-with-sha1 SIGNATURE-ALGORITHM-CLASS ::= { - ID ecdsa-with-SHA1 - TYPE NULL } -- XXX Must be empty and not NULL - - FIELD-ID-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - - SSLFieldID ::= SEQUENCE { -- Finite field - fieldType FIELD-ID-CLASS.&id({SupportedFieldIds}), - parameters FIELD-ID-CLASS.&Type({SupportedFieldIds}{@fieldType}) } - - SupportedFieldIds FIELD-ID-CLASS ::= { - field-prime-field | field-characteristic-two } - - field-prime-field FIELD-ID-CLASS ::= { - ID prime-field - TYPE Prime-p } - - CHARACTERISTIC-TWO-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - - SSLCharacteristic-two ::= SEQUENCE { -- Finite field - m INTEGER, -- Field size 2^m - basis CHARACTERISTIC-TWO-CLASS.&id({SupportedCharacteristicTwos}), - parameters CHARACTERISTIC-TWO-CLASS.&Type - ({SupportedCharacteristicTwos}{@basis}) } - - SupportedCharacteristicTwos CHARACTERISTIC-TWO-CLASS ::= { - gn-basis | tp-basis | pp-basis } - - field-characteristic-two FIELD-ID-CLASS ::= { - ID characteristic-two-field - TYPE Characteristic-two } - - gn-basis CHARACTERISTIC-TWO-CLASS ::= { - ID gnBasis - TYPE NULL } - - tp-basis CHARACTERISTIC-TWO-CLASS ::= { - ID tpBasis - TYPE Trinomial } - - pp-basis CHARACTERISTIC-TWO-CLASS ::= { - ID ppBasis - TYPE Pentanomial } - - -- SubjectPublicKeyInfo.algorithm - - ec-public-key PUBLIC-KEY-ALGORITHM-CLASS ::= { - ID id-ecPublicKey - TYPE EcpkParameters - PUBLIC-KEY-TYPE ECPoint } - --- --- Extension Attributes --- - -EXTENSION-ATTRIBUTE-CLASS ::= CLASS { - &id INTEGER UNIQUE, - &Type } - WITH SYNTAX { - ID &id - TYPE &Type } - -SSLExtensionAttributes ::= SET SIZE (1..MAX) OF ExtensionAttribute - --- XXX Below we should have extension-attribute-type and extension- --- attribute-value but Erlang ASN1 does not like it. -SSLExtensionAttribute ::= SEQUENCE { - extensionAttributeType [0] IMPLICIT EXTENSION-ATTRIBUTE-CLASS.&id - ({SupportedExtensionAttributes}), - extensionAttributeValue [1] EXTENSION-ATTRIBUTE-CLASS.&Type - ({SupportedExtensionAttributes}{@extensionAttributeType}) } - -SupportedExtensionAttributes EXTENSION-ATTRIBUTE-CLASS ::= { - x400-common-name | - x400-teletex-common-name | - x400-teletex-personal-name | - x400-pds-name | - x400-physical-delivery-country-name | - x400-postal-code | - x400-physical-delivery-office-name | - x400-physical-delivery-office-number | - x400-extension-OR-address-components | - x400-physical-delivery-personal-name | - x400-physical-delivery-organization-name | - x400-extension-physical-delivery-address-components | - x400-unformatted-postal-address | - x400-street-address | - x400-post-office-box-address | - x400-poste-restante-address | - x400-unique-postal-name | - x400-local-postal-attributes | - x400-extended-network-address | - x400-terminal-type | - x400-teletex-domain-defined-attributes } - --- Extension types and attribute values - -x400-common-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID common-name - TYPE CommonName } - -x400-teletex-common-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID teletex-common-name - TYPE TeletexCommonName } - -x400-teletex-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID teletex-personal-name - TYPE TeletexPersonalName } - -x400-pds-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID pds-name - TYPE PDSName } - -x400-physical-delivery-country-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-country-name - TYPE PhysicalDeliveryCountryName } - -x400-postal-code EXTENSION-ATTRIBUTE-CLASS ::= { - ID postal-code - TYPE PostalCode } - -x400-physical-delivery-office-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-office-name - TYPE PhysicalDeliveryOfficeName } - -x400-physical-delivery-office-number EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-office-number - TYPE PhysicalDeliveryOfficeNumber } - -x400-extension-OR-address-components EXTENSION-ATTRIBUTE-CLASS ::= { - ID extension-OR-address-components - TYPE ExtensionORAddressComponents } - -x400-physical-delivery-personal-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-personal-name - TYPE PhysicalDeliveryPersonalName } - -x400-physical-delivery-organization-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID physical-delivery-organization-name - TYPE PhysicalDeliveryOrganizationName } - -x400-extension-physical-delivery-address-components - EXTENSION-ATTRIBUTE-CLASS ::= { - ID extension-physical-delivery-address-components - TYPE ExtensionPhysicalDeliveryAddressComponents } - -x400-unformatted-postal-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID unformatted-postal-address - TYPE UnformattedPostalAddress } - -x400-street-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID street-address - TYPE StreetAddress } - -x400-post-office-box-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID post-office-box-address - TYPE PostOfficeBoxAddress } - -x400-poste-restante-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID poste-restante-address - TYPE PosteRestanteAddress } - -x400-unique-postal-name EXTENSION-ATTRIBUTE-CLASS ::= { - ID unique-postal-name - TYPE UniquePostalName } - -x400-local-postal-attributes EXTENSION-ATTRIBUTE-CLASS ::= { - ID local-postal-attributes - TYPE LocalPostalAttributes } - -x400-extended-network-address EXTENSION-ATTRIBUTE-CLASS ::= { - ID extended-network-address - TYPE ExtendedNetworkAddress } - -x400-terminal-type EXTENSION-ATTRIBUTE-CLASS ::= { - ID terminal-type - TYPE TerminalType } - -x400-teletex-domain-defined-attributes EXTENSION-ATTRIBUTE-CLASS ::= { - ID teletex-domain-defined-attributes - TYPE TeletexDomainDefinedAttributes } - --- Extensions - -SSLExtensions ::= SEQUENCE SIZE (1..MAX) OF Extension - -EXTENSION-CLASS ::= CLASS { - &id OBJECT IDENTIFIER UNIQUE, - &Type OPTIONAL} - WITH SYNTAX { - ID &id - [TYPE &Type] } - -SSLExtension ::= SEQUENCE { - extnID EXTENSION-CLASS.&id({SupportedExtensions}), - critical BOOLEAN DEFAULT FALSE, - extnValue EXTENSION-CLASS.&Type({SupportedExtensions}{@extnID}) } - --- The following is needed for conversion between Extension and Extension-Cd - -ObjId ::= OBJECT IDENTIFIER -Boolean ::= BOOLEAN -Any ::= ANY - -Extension-Any ::= SEQUENCE { - extnID OBJECT IDENTIFIER, - critical BOOLEAN DEFAULT FALSE, - extnValue ANY } - -SupportedExtensions EXTENSION-CLASS ::= { authorityKeyIdentifier | - subjectKeyIdentifier | keyUsage | privateKeyUsagePeriod | - certificatePolicies | policyMappings | subjectAltName | - issuerAltName | subjectDirectoryAttributes | basicConstraints | - nameConstraints | policyConstraints | cRLDistributionPoints | - extKeyUsage | inhibitAnyPolicy | freshestCRL | authorityInfoAccess | - subjectInfoAccess | cRLNumber | issuingDistributionPoint | - deltaCRLIndicator | cRLReasons | certificateIssuer | - holdInstructionCode | invalidityDate } - -authorityKeyIdentifier EXTENSION-CLASS ::= { - ID id-ce-authorityKeyIdentifier - TYPE AuthorityKeyIdentifier } - -subjectKeyIdentifier EXTENSION-CLASS ::= { - ID id-ce-subjectKeyIdentifier - TYPE SubjectKeyIdentifier } - -keyUsage EXTENSION-CLASS ::= { - ID id-ce-keyUsage - TYPE KeyUsage } - -privateKeyUsagePeriod EXTENSION-CLASS ::= { - ID id-ce-privateKeyUsagePeriod - TYPE PrivateKeyUsagePeriod } - -certificatePolicies EXTENSION-CLASS ::= { - ID id-ce-certificatePolicies - TYPE CertificatePolicies } - -policyMappings EXTENSION-CLASS ::= { - ID id-ce-policyMappings - TYPE PolicyMappings } - -subjectAltName EXTENSION-CLASS ::= { - ID id-ce-subjectAltName - TYPE SubjectAltName } - -issuerAltName EXTENSION-CLASS ::= { - ID id-ce-issuerAltName - TYPE IssuerAltName } - -subjectDirectoryAttributes EXTENSION-CLASS ::= { - ID id-ce-subjectDirectoryAttributes - TYPE SubjectDirectoryAttributes } - -basicConstraints EXTENSION-CLASS ::= { - ID id-ce-basicConstraints - TYPE BasicConstraints } - -nameConstraints EXTENSION-CLASS ::= { - ID id-ce-nameConstraints - TYPE NameConstraints } - -policyConstraints EXTENSION-CLASS ::= { - ID id-ce-policyConstraints - TYPE PolicyConstraints } - -cRLDistributionPoints EXTENSION-CLASS ::= { - ID id-ce-cRLDistributionPoints - TYPE CRLDistributionPoints } - -extKeyUsage EXTENSION-CLASS ::= { - ID id-ce-extKeyUsage - TYPE ExtKeyUsageSyntax } - -inhibitAnyPolicy EXTENSION-CLASS ::= { - ID id-ce-inhibitAnyPolicy - TYPE InhibitAnyPolicy } - -freshestCRL EXTENSION-CLASS ::= { - ID id-ce-freshestCRL - TYPE FreshestCRL } - -authorityInfoAccess EXTENSION-CLASS ::= { - ID id-pe-authorityInfoAccess - TYPE AuthorityInfoAccessSyntax } - -subjectInfoAccess EXTENSION-CLASS ::= { - ID id-pe-subjectInfoAccess - TYPE SubjectInfoAccessSyntax } - -cRLNumber EXTENSION-CLASS ::= { - ID id-ce-cRLNumber - TYPE CRLNumber } - -issuingDistributionPoint EXTENSION-CLASS ::= { - ID id-ce-issuingDistributionPoint - TYPE IssuingDistributionPoint } - -deltaCRLIndicator EXTENSION-CLASS ::= { - ID id-ce-deltaCRLIndicator - TYPE BaseCRLNumber } - -cRLReasons EXTENSION-CLASS ::= { - ID id-ce-cRLReasons - TYPE CRLReason } - -certificateIssuer EXTENSION-CLASS ::= { - ID id-ce-certificateIssuer - TYPE CertificateIssuer } - -holdInstructionCode EXTENSION-CLASS ::= { - ID id-ce-holdInstructionCode - TYPE HoldInstructionCode } - -invalidityDate EXTENSION-CLASS ::= { - ID id-ce-invalidityDate - TYPE InvalidityDate } - -END diff --git a/lib/ssl/pkix/mk_ssl_pkix_oid.erl b/lib/ssl/pkix/mk_ssl_pkix_oid.erl deleted file mode 100644 index 06edc5113a..0000000000 --- a/lib/ssl/pkix/mk_ssl_pkix_oid.erl +++ /dev/null @@ -1,94 +0,0 @@ --module(mk_ssl_pkix_oid). - --export([make/0]). - --define(PKIX_MODULES, ['OTP-PKIX']). - -make() -> - {ok, Fd} = file:open("ssl_pkix_oid.erl", [write]), - io:fwrite(Fd, "%%% File: ssl_pkix_oid.erl\n" - "%%% NB This file has been automatically generated by " - "mk_ssl_pkix_oid.\n" - "%%% Do not edit it.\n\n", []), - io:fwrite(Fd, "-module(ssl_pkix_oid).\n", []), - io:fwrite(Fd, "-export([id2atom/1, atom2id/1, all_atoms/0, " - "all_ids/0]).\n\n", []), - - - AIds0 = get_atom_ids(?PKIX_MODULES), - - AIds1 = modify_atoms(AIds0), - gen_id2atom(Fd, AIds1), - gen_atom2id(Fd, AIds1), - gen_all(Fd, AIds1), - file:close(Fd). - -get_atom_ids(Ms) -> - get_atom_ids(Ms, []). - -get_atom_ids([], AIdss) -> - lists:flatten(AIdss); -get_atom_ids([M| Ms], AIdss) -> - {value, {exports, Exports}} = - lists:keysearch(exports, 1, M:module_info()), - As = lists:zf( - fun ({info, 0}) -> false; - ({module_info, 0}) -> false; - ({encoding_rule, 0}) -> false; - ({F, 0}) -> - case atom_to_list(F) of - %% Remove upper-bound (ub-) functions - "ub-" ++ _Rest -> - false; - _ -> - {true, F} - end; - (_) -> false - end, Exports), - AIds = lists:map(fun(F) -> {F, M:F()} end, As), - get_atom_ids(Ms, [AIds| AIdss]). - -modify_atoms(AIds) -> - F = fun({A, I}) -> - NAS = case atom_to_list(A) of - "id-" ++ Rest -> - Rest; - Any -> - Any - end, - {list_to_atom(NAS), I} end, - lists:map(F, AIds). - -gen_id2atom(Fd, AIds0) -> - AIds1 = lists:keysort(2, AIds0), - Txt = join(";\n", - lists:map( - fun({Atom, Id}) -> - io_lib:fwrite("id2atom(~p) ->\n ~p", [Id, Atom]) - end, AIds1)), - io:fwrite(Fd, "~s;\nid2atom(Any)->\n Any.\n\n", [Txt]). - -gen_atom2id(Fd, AIds0) -> - AIds1 = lists:keysort(1, AIds0), - Txt = join(";\n", - lists:map( - fun({Atom, Id}) -> - io_lib:fwrite("atom2id(~p) ->\n ~p", [Atom, Id]) - end, AIds1)), - io:fwrite(Fd, "~s;\natom2id(Any)->\n Any.\n\n", [Txt]). - -gen_all(Fd, AIds) -> - Atoms = lists:sort([A || {A, _} <- AIds]), - Ids = lists:sort([I || {_, I} <- AIds]), - F = fun(X) -> io_lib:fwrite(" ~w", [X]) end, - ATxt = "all_atoms() ->\n" ++ join(",\n", lists:map(F, Atoms)), - io:fwrite(Fd, "~s.\n\n", [ATxt]), - ITxt = "all_ids() ->\n" ++ join(",\n", lists:map(F, Ids)), - io:fwrite(Fd, "~s.\n\n", [ITxt]). - -join(Sep, [H1, H2| T]) -> - [H1, Sep| join(Sep, [H2| T])]; -join(_Sep, [H1]) -> - H1; -join(_, []) -> - []. diff --git a/lib/ssl/pkix/prebuild.skip b/lib/ssl/pkix/prebuild.skip deleted file mode 100644 index ffe82be68b..0000000000 --- a/lib/ssl/pkix/prebuild.skip +++ /dev/null @@ -1,5 +0,0 @@ -PKIX1Algorithms88.asn1db -PKIXAttributeCertificate.asn1db -PKIX1Explicit88.asn1db -SSL-PKIX.asn1db -PKIX1Implicit88.asn1db -- cgit v1.2.3