From: Jonathan M. Wilbur Date: Fri, 28 Jun 2024 09:57:25 +0000 (+0000) Subject: feat: support userNotice X.509v3 extension X-Git-Tag: openssl-3.4.0-alpha1~410 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2ef6fa1cdda8dc79ee520d129a87bd3525a37a1f;p=thirdparty%2Fopenssl.git feat: support userNotice X.509v3 extension Reviewed-by: Neil Horman Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/24761) --- diff --git a/crypto/x509/build.info b/crypto/x509/build.info index ff648e99976..0404d7c94fa 100644 --- a/crypto/x509/build.info +++ b/crypto/x509/build.info @@ -16,7 +16,8 @@ SOURCE[../../libcrypto]=\ pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \ v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c \ - x509_acert.c x509aset.c t_acert.c x_ietfatt.c v3_ac_tgt.c v3_sda.c + x509_acert.c x509aset.c t_acert.c x_ietfatt.c v3_ac_tgt.c v3_sda.c \ + v3_usernotice.c IF[{- !$disabled{'deprecated-3.0'} -}] SOURCE[../../libcrypto]=x509type.c diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h index 3c59f32baab..43a29448249 100644 --- a/crypto/x509/ext_dat.h +++ b/crypto/x509/ext_dat.h @@ -38,3 +38,4 @@ extern const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs; extern const X509V3_EXT_METHOD ossl_v3_associated_info; extern const X509V3_EXT_METHOD ossl_v3_acc_cert_policies; extern const X509V3_EXT_METHOD ossl_v3_acc_priv_policies; +extern const X509V3_EXT_METHOD ossl_v3_user_notice; diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h index 879226eabeb..9e2ca47bad9 100644 --- a/crypto/x509/standard_exts.h +++ b/crypto/x509/standard_exts.h @@ -76,6 +76,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &ossl_v3_tls_feature, &ossl_v3_ext_admission, &ossl_v3_delegated_name_constraints, + &ossl_v3_user_notice, &ossl_v3_soa_identifier, &ossl_v3_acc_cert_policies, &ossl_v3_acc_priv_policies, diff --git a/crypto/x509/v3_sda.c b/crypto/x509/v3_sda.c index 35602fc6811..a27c31711ad 100644 --- a/crypto/x509/v3_sda.c +++ b/crypto/x509/v3_sda.c @@ -12,14 +12,14 @@ #include #include "ext_dat.h" -ASN1_ITEM_TEMPLATE(ATTRIBUTES_SYNTAX) = +ASN1_ITEM_TEMPLATE(OSSL_ATTRIBUTES_SYNTAX) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Attributes, X509_ATTRIBUTE) -ASN1_ITEM_TEMPLATE_END(ATTRIBUTES_SYNTAX) +ASN1_ITEM_TEMPLATE_END(OSSL_ATTRIBUTES_SYNTAX) -IMPLEMENT_ASN1_FUNCTIONS(ATTRIBUTES_SYNTAX) +IMPLEMENT_ASN1_FUNCTIONS(OSSL_ATTRIBUTES_SYNTAX) static int i2r_ATTRIBUTES_SYNTAX(X509V3_EXT_METHOD *method, - ATTRIBUTES_SYNTAX *attrlst, + OSSL_ATTRIBUTES_SYNTAX *attrlst, BIO *out, int indent) { X509_ATTRIBUTE *attr; @@ -71,7 +71,7 @@ static int i2r_ATTRIBUTES_SYNTAX(X509V3_EXT_METHOD *method, const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs = { NID_subject_directory_attributes, X509V3_EXT_MULTILINE, - ASN1_ITEM_ref(ATTRIBUTES_SYNTAX), + ASN1_ITEM_ref(OSSL_ATTRIBUTES_SYNTAX), 0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_ATTRIBUTES_SYNTAX, @@ -81,7 +81,7 @@ const X509V3_EXT_METHOD ossl_v3_subj_dir_attrs = { const X509V3_EXT_METHOD ossl_v3_associated_info = { NID_associated_information, X509V3_EXT_MULTILINE, - ASN1_ITEM_ref(ATTRIBUTES_SYNTAX), + ASN1_ITEM_ref(OSSL_ATTRIBUTES_SYNTAX), 0, 0, 0, 0, 0, 0, 0, 0, (X509V3_EXT_I2R)i2r_ATTRIBUTES_SYNTAX, diff --git a/crypto/x509/v3_usernotice.c b/crypto/x509/v3_usernotice.c new file mode 100644 index 00000000000..cc991325250 --- /dev/null +++ b/crypto/x509/v3_usernotice.c @@ -0,0 +1,94 @@ +/* + * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include +#include +#include "ext_dat.h" + +ASN1_ITEM_TEMPLATE(OSSL_USER_NOTICE_SYNTAX) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_USER_NOTICE_SYNTAX, USERNOTICE) +ASN1_ITEM_TEMPLATE_END(OSSL_USER_NOTICE_SYNTAX) + +IMPLEMENT_ASN1_FUNCTIONS(OSSL_USER_NOTICE_SYNTAX) + +static int print_notice(BIO *out, USERNOTICE *notice, int indent) +{ + int i; + ASN1_INTEGER *num; + char *tmp; + + if (notice->noticeref) { + NOTICEREF *ref; + ref = notice->noticeref; + if (BIO_printf(out, "%*sOrganization: %.*s\n", indent, "", + ref->organization->length, + ref->organization->data) <= 0) + return 0; + if (BIO_printf(out, "%*sNumber%s: ", indent, "", + sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : "") <= 0) + return 0; + for (i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { + num = sk_ASN1_INTEGER_value(ref->noticenos, i); + if (i && BIO_puts(out, ", ") <= 0) + return 0; + if (num == NULL && BIO_puts(out, "(null)") <= 0) + return 0; + else { + tmp = i2s_ASN1_INTEGER(NULL, num); + if (tmp == NULL) + return 0; + if (BIO_puts(out, tmp) <= 0) { + OPENSSL_free(tmp); + return 0; + } + OPENSSL_free(tmp); + } + } + if (notice->exptext && BIO_puts(out, "\n") <= 0) + return 0; + } + if (notice->exptext == NULL) + return 1; + + return BIO_printf(out, "%*sExplicit Text: %.*s", indent, "", + notice->exptext->length, + notice->exptext->data) >= 0; +} + +static int i2r_USER_NOTICE_SYNTAX(X509V3_EXT_METHOD *method, + OSSL_USER_NOTICE_SYNTAX *uns, + BIO *out, int indent) +{ + int i; + USERNOTICE *unotice; + + if (BIO_printf(out, "%*sUser Notices:\n", indent, "") <= 0) + return 0; + + for (i = 0; i < sk_USERNOTICE_num(uns); i++) { + unotice = sk_USERNOTICE_value(uns, i); + if (!print_notice(out, unotice, indent + 4)) + return 0; + if (BIO_puts(out, "\n\n") <= 0) + return 0; + } + return 1; +} + +const X509V3_EXT_METHOD ossl_v3_user_notice = { + NID_user_notice, 0, + ASN1_ITEM_ref(OSSL_USER_NOTICE_SYNTAX), + 0, 0, 0, 0, + 0, + 0, + 0, 0, + (X509V3_EXT_I2R)i2r_USER_NOTICE_SYNTAX, + 0, + NULL +}; diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod index 6ffcca79db1..f766e68069d 100644 --- a/doc/man3/X509_dup.pod +++ b/doc/man3/X509_dup.pod @@ -19,9 +19,6 @@ ASIdentifiers_free, ASIdentifiers_new, ASRange_free, ASRange_new, -ATTRIBUTES_SYNTAX_free, -ATTRIBUTES_SYNTAX_it, -ATTRIBUTES_SYNTAX_new, AUTHORITY_INFO_ACCESS_free, AUTHORITY_INFO_ACCESS_new, AUTHORITY_KEYID_free, @@ -139,6 +136,9 @@ OCSP_SIGNATURE_free, OCSP_SIGNATURE_new, OCSP_SINGLERESP_free, OCSP_SINGLERESP_new, +OSSL_ATTRIBUTES_SYNTAX_free, +OSSL_ATTRIBUTES_SYNTAX_it, +OSSL_ATTRIBUTES_SYNTAX_new, OSSL_CMP_ATAVS_new, OSSL_CMP_ATAVS_free, OSSL_CMP_ATAVS_it, @@ -204,6 +204,9 @@ OSSL_ISSUER_SERIAL_free, OSSL_ISSUER_SERIAL_new, OSSL_OBJECT_DIGEST_INFO_free, OSSL_OBJECT_DIGEST_INFO_new, +OSSL_USER_NOTICE_SYNTAX_free, +OSSL_USER_NOTICE_SYNTAX_new, +OSSL_USER_NOTICE_SYNTAX_it, OTHERNAME_free, OTHERNAME_new, PBE2PARAM_free, diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod index 86a653ad148..1f0a4dae7aa 100644 --- a/doc/man3/d2i_X509.pod +++ b/doc/man3/d2i_X509.pod @@ -38,7 +38,6 @@ d2i_ASN1_UTCTIME, d2i_ASN1_UTF8STRING, d2i_ASN1_VISIBLESTRING, d2i_ASRange, -d2i_ATTRIBUTES_SYNTAX, d2i_AUTHORITY_INFO_ACCESS, d2i_AUTHORITY_KEYID, d2i_BASIC_CONSTRAINTS, @@ -90,6 +89,7 @@ d2i_OCSP_REVOKEDINFO, d2i_OCSP_SERVICELOC, d2i_OCSP_SIGNATURE, d2i_OCSP_SINGLERESP, +d2i_OSSL_ATTRIBUTES_SYNTAX, d2i_OSSL_CMP_ATAVS, d2i_OSSL_CMP_MSG, d2i_OSSL_CMP_PKIHEADER, @@ -109,6 +109,7 @@ d2i_OSSL_TARGET_CERT, d2i_OSSL_TARGET, d2i_OSSL_TARGETING_INFORMATION, d2i_OSSL_TARGETS, +d2i_OSSL_USER_NOTICE_SYNTAX, d2i_OTHERNAME, d2i_PBE2PARAM, d2i_PBEPARAM, @@ -221,7 +222,6 @@ i2d_ASN1_UTF8STRING, i2d_ASN1_VISIBLESTRING, i2d_ASN1_bio_stream, i2d_ASRange, -i2d_ATTRIBUTES_SYNTAX, i2d_AUTHORITY_INFO_ACCESS, i2d_AUTHORITY_KEYID, i2d_BASIC_CONSTRAINTS, @@ -273,6 +273,7 @@ i2d_OCSP_REVOKEDINFO, i2d_OCSP_SERVICELOC, i2d_OCSP_SIGNATURE, i2d_OCSP_SINGLERESP, +i2d_OSSL_ATTRIBUTES_SYNTAX, i2d_OSSL_CMP_ATAVS, i2d_OSSL_CMP_MSG, i2d_OSSL_CMP_PKIHEADER, @@ -292,6 +293,7 @@ i2d_OSSL_TARGET_CERT, i2d_OSSL_TARGET, i2d_OSSL_TARGETING_INFORMATION, i2d_OSSL_TARGETS, +i2d_OSSL_USER_NOTICE_SYNTAX, i2d_OTHERNAME, i2d_PBE2PARAM, i2d_PBEPARAM, diff --git a/include/openssl/x509v3.h.in b/include/openssl/x509v3.h.in index 10fc663e6dc..2f859e0f130 100644 --- a/include/openssl/x509v3.h.in +++ b/include/openssl/x509v3.h.in @@ -1021,8 +1021,15 @@ void PROFESSION_INFO_set0_registrationNumber( int OSSL_GENERAL_NAMES_print(BIO *out, GENERAL_NAMES *gens, int indent); -typedef STACK_OF(X509_ATTRIBUTE) ATTRIBUTES_SYNTAX; -DECLARE_ASN1_FUNCTIONS(ATTRIBUTES_SYNTAX) +typedef STACK_OF(X509_ATTRIBUTE) OSSL_ATTRIBUTES_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_ATTRIBUTES_SYNTAX) + +typedef STACK_OF(USERNOTICE) OSSL_USER_NOTICE_SYNTAX; +DECLARE_ASN1_FUNCTIONS(OSSL_USER_NOTICE_SYNTAX) + +{- + generate_stack_macros("USERNOTICE"); +-} # ifdef __cplusplus } diff --git a/util/libcrypto.num b/util/libcrypto.num index 8dc578670b0..9e73024f3aa 100644 --- a/util/libcrypto.num +++ b/util/libcrypto.num @@ -5683,10 +5683,15 @@ OSSL_TARGETING_INFORMATION_free ? 3_4_0 EXIST::FUNCTION: OSSL_TARGETING_INFORMATION_new ? 3_4_0 EXIST::FUNCTION: OSSL_TARGETING_INFORMATION_it ? 3_4_0 EXIST::FUNCTION: OSSL_GENERAL_NAMES_print ? 3_4_0 EXIST::FUNCTION: -d2i_ATTRIBUTES_SYNTAX ? 3_4_0 EXIST::FUNCTION: -i2d_ATTRIBUTES_SYNTAX ? 3_4_0 EXIST::FUNCTION: -ATTRIBUTES_SYNTAX_free ? 3_4_0 EXIST::FUNCTION: -ATTRIBUTES_SYNTAX_new ? 3_4_0 EXIST::FUNCTION: -ATTRIBUTES_SYNTAX_it ? 3_4_0 EXIST::FUNCTION: CRYPTO_atomic_add64 ? 3_4_0 EXIST::FUNCTION: CRYPTO_atomic_and ? 3_4_0 EXIST::FUNCTION: +d2i_OSSL_ATTRIBUTES_SYNTAX ? 3_4_0 EXIST::FUNCTION: +i2d_OSSL_ATTRIBUTES_SYNTAX ? 3_4_0 EXIST::FUNCTION: +OSSL_ATTRIBUTES_SYNTAX_free ? 3_4_0 EXIST::FUNCTION: +OSSL_ATTRIBUTES_SYNTAX_new ? 3_4_0 EXIST::FUNCTION: +OSSL_ATTRIBUTES_SYNTAX_it ? 3_4_0 EXIST::FUNCTION: +d2i_OSSL_USER_NOTICE_SYNTAX ? 3_4_0 EXIST::FUNCTION: +i2d_OSSL_USER_NOTICE_SYNTAX ? 3_4_0 EXIST::FUNCTION: +OSSL_USER_NOTICE_SYNTAX_free ? 3_4_0 EXIST::FUNCTION: +OSSL_USER_NOTICE_SYNTAX_new ? 3_4_0 EXIST::FUNCTION: +OSSL_USER_NOTICE_SYNTAX_it ? 3_4_0 EXIST::FUNCTION: