Support all NULL-syntax X.509v3 extensions

Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21342)
author: Jonathan M. Wilbur <jonathan@wilbur.space> 2023-07-01 15:56:40 +0000
committer: Todd Short <todd.short@me.com> 2023-09-25 15:12:04 -0400
commit: 91bc783a93a2a695fe6a2f8da93cf5b5e086ba42 (patch)
tree: 4dbcab0f7858a8821ae572625a125740521d6c09 /crypto
parent: 30224a248495ad604a06b8977fa3aa1cc75b9d0d (diff)
9 files changed, 333 insertions, 2 deletions
diff --git a/crypto/x509/build.info b/crypto/x509/build.info
index 8820f983bb..3f70f3ff36 100644
--- a/crypto/x509/build.info
+++ b/crypto/x509/build.info
@@ -14,7 +14,8 @@ SOURCE[../../libcrypto]=\
         v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \
         v3_pcia.c v3_pci.c v3_ist.c \
         pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \
-        v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c
+        v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \
+        v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c
 
 IF[{- !$disabled{'deprecated-3.0'} -}]
   SOURCE[../../libcrypto]=x509type.c
diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h
index a0a7f88ccd..8325aacfa5 100644
--- a/crypto/x509/ext_dat.h
+++ b/crypto/x509/ext_dat.h
@@ -25,3 +25,9 @@ extern const X509V3_EXT_METHOD ossl_v3_tls_feature;
 extern const X509V3_EXT_METHOD ossl_v3_ext_admission;
 extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1];
 extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool;
+extern const X509V3_EXT_METHOD ossl_v3_group_ac;
+extern const X509V3_EXT_METHOD ossl_v3_soa_identifier;
+extern const X509V3_EXT_METHOD ossl_v3_no_assertion;
+extern const X509V3_EXT_METHOD ossl_v3_no_rev_avail;
+extern const X509V3_EXT_METHOD ossl_v3_single_use;
+extern const X509V3_EXT_METHOD ossl_v3_indirect_issuer;
diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h
index 27a99a4b13..e5c9e3f9e0 100644
--- a/crypto/x509/standard_exts.h
+++ b/crypto/x509/standard_exts.h
@@ -53,6 +53,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
 #endif
     &ossl_v3_sinfo,
     &ossl_v3_policy_constraints,
+    &ossl_v3_no_rev_avail,
 #ifndef OPENSSL_NO_OCSP
     &ossl_v3_crl_hold,
 #endif
@@ -71,7 +72,12 @@ static const X509V3_EXT_METHOD *standard_exts[] = {
     &ossl_v3_utf8_list[0],
     &ossl_v3_issuer_sign_tool,
     &ossl_v3_tls_feature,
-    &ossl_v3_ext_admission
+    &ossl_v3_ext_admission,
+    &ossl_v3_soa_identifier,
+    &ossl_v3_indirect_issuer,
+    &ossl_v3_no_assertion,
+    &ossl_v3_single_use,
+    &ossl_v3_group_ac
 };
 
 /* Number of standard extensions */
diff --git a/crypto/x509/v3_group_ac.c b/crypto/x509/v3_group_ac.c
new file mode 100644
index 0000000000..9a2b69dece
--- /dev/null
+++ b/crypto/x509/v3_group_ac.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_GROUP_AC(X509V3_EXT_METHOD *method,
+                        void *su, BIO *out,
+                        int indent)
+{
+    return 1;
+}
+
+static void *r2i_GROUP_AC(X509V3_EXT_METHOD *method,
+                          X509V3_CTX *ctx, const char *value)
+{
+    return ASN1_NULL_new();
+}
+
+static char *i2s_GROUP_AC(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_GROUP_AC(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+/*
+ * The groupAC X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.1.2.6. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_group_ac = {
+    NID_group_ac, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_GROUP_AC,
+    (X509V3_EXT_S2I)s2i_GROUP_AC,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_GROUP_AC,
+    (X509V3_EXT_R2I)r2i_GROUP_AC,
+    NULL
+};
diff --git a/crypto/x509/v3_ind_iss.c b/crypto/x509/v3_ind_iss.c
new file mode 100644
index 0000000000..ff41ba7bed
--- /dev/null
+++ b/crypto/x509/v3_ind_iss.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_INDIRECT_ISSUER(X509V3_EXT_METHOD *method,
+                        void *su, BIO *out,
+                        int indent)
+{
+    return 1;
+}
+
+static void *r2i_INDIRECT_ISSUER(X509V3_EXT_METHOD *method,
+                          X509V3_CTX *ctx, const char *value)
+{
+    return ASN1_NULL_new();
+}
+
+static char *i2s_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+/*
+ * The indirectIssuer X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.5.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_indirect_issuer = {
+    NID_indirect_issuer, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_INDIRECT_ISSUER,
+    (X509V3_EXT_S2I)s2i_INDIRECT_ISSUER,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_INDIRECT_ISSUER,
+    (X509V3_EXT_R2I)r2i_INDIRECT_ISSUER,
+    NULL
+};
diff --git a/crypto/x509/v3_no_ass.c b/crypto/x509/v3_no_ass.c
new file mode 100644
index 0000000000..873e20a751
--- /dev/null
+++ b/crypto/x509/v3_no_ass.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_NO_ASSERTION(X509V3_EXT_METHOD *method,
+                            void *su, BIO *out,
+                            int indent)
+{
+    return 1;
+}
+
+static void *r2i_NO_ASSERTION(X509V3_EXT_METHOD *method,
+                              X509V3_CTX *ctx, const char *value)
+{
+    return ASN1_NULL_new();
+}
+
+static char *i2s_NO_ASSERTION(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_NO_ASSERTION(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+/*
+ * The noAssertion X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.5.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_no_assertion = {
+    NID_no_assertion, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_NO_ASSERTION,
+    (X509V3_EXT_S2I)s2i_NO_ASSERTION,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_NO_ASSERTION,
+    (X509V3_EXT_R2I)r2i_NO_ASSERTION,
+    NULL
+};
diff --git a/crypto/x509/v3_no_rev_avail.c b/crypto/x509/v3_no_rev_avail.c
new file mode 100644
index 0000000000..849feda5ec
--- /dev/null
+++ b/crypto/x509/v3_no_rev_avail.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_NO_REV_AVAIL(X509V3_EXT_METHOD *method,
+                            void *su, BIO *out,
+                            int indent)
+{
+    return 1;
+}
+
+static void *r2i_NO_REV_AVAIL(X509V3_EXT_METHOD *method,
+                            X509V3_CTX *ctx, const char *value)
+{
+    return ASN1_NULL_new();
+}
+
+static char *i2s_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+/*
+ * The noRevAvail X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.2.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_no_rev_avail = {
+    NID_no_rev_avail, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_NO_REV_AVAIL,
+    (X509V3_EXT_S2I)s2i_NO_REV_AVAIL,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_NO_REV_AVAIL,
+    (X509V3_EXT_R2I)r2i_NO_REV_AVAIL,
+    NULL
+};
diff --git a/crypto/x509/v3_single_use.c b/crypto/x509/v3_single_use.c
new file mode 100644
index 0000000000..50da6e1770
--- /dev/null
+++ b/crypto/x509/v3_single_use.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_SINGLE_USE(X509V3_EXT_METHOD *method,
+                        void *su, BIO *out,
+                        int indent)
+{
+    return 1;
+}
+
+static void *r2i_SINGLE_USE(X509V3_EXT_METHOD *method,
+                          X509V3_CTX *ctx, const char *value)
+{
+    return ASN1_NULL_new();
+}
+
+static char *i2s_SINGLE_USE(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_SINGLE_USE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+/*
+ * The singleUse X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.1.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_single_use = {
+    NID_single_use, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_SINGLE_USE,
+    (X509V3_EXT_S2I)s2i_SINGLE_USE,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_SINGLE_USE,
+    (X509V3_EXT_R2I)r2i_SINGLE_USE,
+    NULL
+};
diff --git a/crypto/x509/v3_soa_id.c b/crypto/x509/v3_soa_id.c
new file mode 100644
index 0000000000..8be5bd8aa5
--- /dev/null
+++ b/crypto/x509/v3_soa_id.c
@@ -0,0 +1,53 @@
+/*
+ * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include "internal/cryptlib.h"
+#include <openssl/asn1.h>
+#include <openssl/asn1t.h>
+#include <openssl/x509v3.h>
+#include "ext_dat.h"
+
+static int i2r_SOA_IDENTIFIER(X509V3_EXT_METHOD *method,
+                              void *su, BIO *out,
+                              int indent)
+{
+    return 1;
+}
+
+static void *r2i_SOA_IDENTIFIER(X509V3_EXT_METHOD *method,
+                                X509V3_CTX *ctx, const char *value)
+{
+    return ASN1_NULL_new();
+}
+
+static char *i2s_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, void *val)
+{
+    return OPENSSL_strdup("NULL");
+}
+
+static void *s2i_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str)
+{
+    return ASN1_NULL_new();
+}
+
+/*
+ * The sOAIdentifier X.509v3 extension is defined in ITU Recommendation X.509
+ * (2019), Section 17.3.2.1.1. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en.
+ */
+const X509V3_EXT_METHOD ossl_v3_soa_identifier = {
+    NID_soa_identifier, 0, ASN1_ITEM_ref(ASN1_NULL),
+    0, 0, 0, 0,
+    (X509V3_EXT_I2S)i2s_SOA_IDENTIFIER,
+    (X509V3_EXT_S2I)s2i_SOA_IDENTIFIER,
+    0, 0,
+    (X509V3_EXT_I2R)i2r_SOA_IDENTIFIER,
+    (X509V3_EXT_R2I)r2i_SOA_IDENTIFIER,
+    NULL
+};
author	Jonathan M. Wilbur <jonathan@wilbur.space>	2023-07-01 15:56:40 +0000
committer	Todd Short <todd.short@me.com>	2023-09-25 15:12:04 -0400
commit	91bc783a93a2a695fe6a2f8da93cf5b5e086ba42 (patch)
tree	4dbcab0f7858a8821ae572625a125740521d6c09 /crypto
parent	30224a248495ad604a06b8977fa3aa1cc75b9d0d (diff)