x509v3 subjectSignTool extention support

Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
This extention is required to obtain the status of a qualified certificate at Russian Federation.
RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11093)

4 files changed, 73 insertions, 3 deletions

diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index ca7bb2a03f..c836ef1c2e 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -8,7 +8,7 @@ SOURCE[../../libcrypto]=\
         x509_trs.c by_file.c by_dir.c by_store.c x509_vpm.c \
         x_crl.c t_crl.c x_req.c t_req.c x_x509.c t_x509.c \
         x_pubkey.c x_x509a.c x_attrib.c x_exten.c x_name.c \
-        v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c \
+        v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_utf8.c v3_lib.c \
         v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c \
         v3_pku.c v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c \
         v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \
diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h
index f48fa1d3f1..4329c44065 100644
--- a/crypto/x509/ext_dat.h
+++ b/crypto/x509/ext_dat.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -23,3 +23,4 @@ extern const X509V3_EXT_METHOD v3_addr, v3_asid;
 extern const X509V3_EXT_METHOD v3_ct_scts[3];
 extern const X509V3_EXT_METHOD v3_tls_feature;
 extern const X509V3_EXT_METHOD v3_ext_admission;
+extern const X509V3_EXT_METHOD v3_utf8_list[1];
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index bc63696799..d66b6554f1 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -1,5 +1,5 @@
 /*
- * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -68,6 +68,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &v3_ct_scts[1],
     &v3_ct_scts[2],
 #endif
+    &v3_utf8_list[0],
     &v3_tls_feature,
     &v3_ext_admission
 };
diff --git a/crypto/x509/v3_utf8.c b/crypto/x509/v3_utf8.c
new file mode 100644
index 0000000000..df1000def1
--- /dev/null
+++ b/crypto/x509/v3_utf8.c
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/conf.h>
+#include <openssl/x509v3.h>
+#include <crypto/x509v3.h>
+#include "ext_dat.h"
+
+/*
+ * Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
+ * This extention is required to obtain the status of a qualified certificate at Russian Federation.
+ * RFC-style description is available here: https://tools.ietf.org/html/draft-deremin-rfc4491-bis-04#section-5
+ * Russian Federal Law 63 "Digital Sign" is available here:  http://www.consultant.ru/document/cons_doc_LAW_112701/
+ */
+
+
+const X509V3_EXT_METHOD v3_utf8_list[1] = {
+    EXT_UTF8STRING(NID_subjectSignTool),
+};
+
+char *i2s_ASN1_UTF8STRING(X509V3_EXT_METHOD *method,
+                          ASN1_UTF8STRING *utf8)
+{
+    char *tmp;
+
+    if (utf8 == NULL || utf8->length == 0) {
+        X509V3err(X509V3_F_I2S_ASN1_UTF8STRING, ERR_R_PASSED_NULL_PARAMETER);
+        return NULL;
+    }
+    if ((tmp = OPENSSL_zalloc(utf8->length + 1)) == NULL) {
+        X509V3err(X509V3_F_I2S_ASN1_UTF8STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    memcpy(tmp, utf8->data, utf8->length);
+    return tmp;
+}
+
+ASN1_UTF8STRING *s2i_ASN1_UTF8STRING(X509V3_EXT_METHOD *method,
+                                     X509V3_CTX *ctx, const char *str)
+{
+    ASN1_UTF8STRING *utf8;
+    if (str == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_UTF8STRING, X509V3_R_INVALID_NULL_ARGUMENT);
+        return NULL;
+    }
+    if ((utf8 = ASN1_UTF8STRING_new()) == NULL) {
+        X509V3err(X509V3_F_S2I_ASN1_UTF8STRING, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
+    if (!ASN1_STRING_set((ASN1_STRING *)utf8, str, strlen(str))) {
+        X509V3err(X509V3_F_S2I_ASN1_UTF8STRING, ERR_R_MALLOC_FAILURE);
+        ASN1_UTF8STRING_free(utf8);
+        return NULL;
+    }
+#ifdef CHARSET_EBCDIC
+    ebcdic2ascii(utf8->data, utf8->data, utf8->length);
+#endif                          /* CHARSET_EBCDIC */
+    return utf8;
+}