diff options
author | Jonathan M. Wilbur <jonathan@wilbur.space> | 2023-07-01 15:56:40 +0000 |
---|---|---|
committer | Todd Short <todd.short@me.com> | 2023-09-25 15:12:04 -0400 |
commit | 91bc783a93a2a695fe6a2f8da93cf5b5e086ba42 (patch) | |
tree | 4dbcab0f7858a8821ae572625a125740521d6c09 /crypto | |
parent | 30224a248495ad604a06b8977fa3aa1cc75b9d0d (diff) |
Support all NULL-syntax X.509v3 extensions
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21342)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/x509/build.info | 3 | ||||
-rw-r--r-- | crypto/x509/ext_dat.h | 6 | ||||
-rw-r--r-- | crypto/x509/standard_exts.h | 8 | ||||
-rw-r--r-- | crypto/x509/v3_group_ac.c | 53 | ||||
-rw-r--r-- | crypto/x509/v3_ind_iss.c | 53 | ||||
-rw-r--r-- | crypto/x509/v3_no_ass.c | 53 | ||||
-rw-r--r-- | crypto/x509/v3_no_rev_avail.c | 53 | ||||
-rw-r--r-- | crypto/x509/v3_single_use.c | 53 | ||||
-rw-r--r-- | crypto/x509/v3_soa_id.c | 53 |
9 files changed, 333 insertions, 2 deletions
diff --git a/crypto/x509/build.info b/crypto/x509/build.info index 8820f983bb..3f70f3ff36 100644 --- a/crypto/x509/build.info +++ b/crypto/x509/build.info @@ -14,7 +14,8 @@ SOURCE[../../libcrypto]=\ v3_info.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c \ v3_pcia.c v3_pci.c v3_ist.c \ pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c \ - v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c + v3_asid.c v3_addr.c v3_tlsf.c v3_admis.c v3_no_rev_avail.c \ + v3_soa_id.c v3_no_ass.c v3_group_ac.c v3_single_use.c v3_ind_iss.c IF[{- !$disabled{'deprecated-3.0'} -}] SOURCE[../../libcrypto]=x509type.c diff --git a/crypto/x509/ext_dat.h b/crypto/x509/ext_dat.h index a0a7f88ccd..8325aacfa5 100644 --- a/crypto/x509/ext_dat.h +++ b/crypto/x509/ext_dat.h @@ -25,3 +25,9 @@ extern const X509V3_EXT_METHOD ossl_v3_tls_feature; extern const X509V3_EXT_METHOD ossl_v3_ext_admission; extern const X509V3_EXT_METHOD ossl_v3_utf8_list[1]; extern const X509V3_EXT_METHOD ossl_v3_issuer_sign_tool; +extern const X509V3_EXT_METHOD ossl_v3_group_ac; +extern const X509V3_EXT_METHOD ossl_v3_soa_identifier; +extern const X509V3_EXT_METHOD ossl_v3_no_assertion; +extern const X509V3_EXT_METHOD ossl_v3_no_rev_avail; +extern const X509V3_EXT_METHOD ossl_v3_single_use; +extern const X509V3_EXT_METHOD ossl_v3_indirect_issuer; diff --git a/crypto/x509/standard_exts.h b/crypto/x509/standard_exts.h index 27a99a4b13..e5c9e3f9e0 100644 --- a/crypto/x509/standard_exts.h +++ b/crypto/x509/standard_exts.h @@ -53,6 +53,7 @@ static const X509V3_EXT_METHOD *standard_exts[] = { #endif &ossl_v3_sinfo, &ossl_v3_policy_constraints, + &ossl_v3_no_rev_avail, #ifndef OPENSSL_NO_OCSP &ossl_v3_crl_hold, #endif @@ -71,7 +72,12 @@ static const X509V3_EXT_METHOD *standard_exts[] = { &ossl_v3_utf8_list[0], &ossl_v3_issuer_sign_tool, &ossl_v3_tls_feature, - &ossl_v3_ext_admission + &ossl_v3_ext_admission, + &ossl_v3_soa_identifier, + &ossl_v3_indirect_issuer, + &ossl_v3_no_assertion, + &ossl_v3_single_use, + &ossl_v3_group_ac }; /* Number of standard extensions */ diff --git a/crypto/x509/v3_group_ac.c b/crypto/x509/v3_group_ac.c new file mode 100644 index 0000000000..9a2b69dece --- /dev/null +++ b/crypto/x509/v3_group_ac.c @@ -0,0 +1,53 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static int i2r_GROUP_AC(X509V3_EXT_METHOD *method, + void *su, BIO *out, + int indent) +{ + return 1; +} + +static void *r2i_GROUP_AC(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *value) +{ + return ASN1_NULL_new(); +} + +static char *i2s_GROUP_AC(const X509V3_EXT_METHOD *method, void *val) +{ + return OPENSSL_strdup("NULL"); +} + +static void *s2i_GROUP_AC(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +/* + * The groupAC X.509v3 extension is defined in ITU Recommendation X.509 + * (2019), Section 17.1.2.6. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en. + */ +const X509V3_EXT_METHOD ossl_v3_group_ac = { + NID_group_ac, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_GROUP_AC, + (X509V3_EXT_S2I)s2i_GROUP_AC, + 0, 0, + (X509V3_EXT_I2R)i2r_GROUP_AC, + (X509V3_EXT_R2I)r2i_GROUP_AC, + NULL +}; diff --git a/crypto/x509/v3_ind_iss.c b/crypto/x509/v3_ind_iss.c new file mode 100644 index 0000000000..ff41ba7bed --- /dev/null +++ b/crypto/x509/v3_ind_iss.c @@ -0,0 +1,53 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static int i2r_INDIRECT_ISSUER(X509V3_EXT_METHOD *method, + void *su, BIO *out, + int indent) +{ + return 1; +} + +static void *r2i_INDIRECT_ISSUER(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *value) +{ + return ASN1_NULL_new(); +} + +static char *i2s_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, void *val) +{ + return OPENSSL_strdup("NULL"); +} + +static void *s2i_INDIRECT_ISSUER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +/* + * The indirectIssuer X.509v3 extension is defined in ITU Recommendation X.509 + * (2019), Section 17.5.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en. + */ +const X509V3_EXT_METHOD ossl_v3_indirect_issuer = { + NID_indirect_issuer, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_INDIRECT_ISSUER, + (X509V3_EXT_S2I)s2i_INDIRECT_ISSUER, + 0, 0, + (X509V3_EXT_I2R)i2r_INDIRECT_ISSUER, + (X509V3_EXT_R2I)r2i_INDIRECT_ISSUER, + NULL +}; diff --git a/crypto/x509/v3_no_ass.c b/crypto/x509/v3_no_ass.c new file mode 100644 index 0000000000..873e20a751 --- /dev/null +++ b/crypto/x509/v3_no_ass.c @@ -0,0 +1,53 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static int i2r_NO_ASSERTION(X509V3_EXT_METHOD *method, + void *su, BIO *out, + int indent) +{ + return 1; +} + +static void *r2i_NO_ASSERTION(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *value) +{ + return ASN1_NULL_new(); +} + +static char *i2s_NO_ASSERTION(const X509V3_EXT_METHOD *method, void *val) +{ + return OPENSSL_strdup("NULL"); +} + +static void *s2i_NO_ASSERTION(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +/* + * The noAssertion X.509v3 extension is defined in ITU Recommendation X.509 + * (2019), Section 17.5.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en. + */ +const X509V3_EXT_METHOD ossl_v3_no_assertion = { + NID_no_assertion, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_NO_ASSERTION, + (X509V3_EXT_S2I)s2i_NO_ASSERTION, + 0, 0, + (X509V3_EXT_I2R)i2r_NO_ASSERTION, + (X509V3_EXT_R2I)r2i_NO_ASSERTION, + NULL +}; diff --git a/crypto/x509/v3_no_rev_avail.c b/crypto/x509/v3_no_rev_avail.c new file mode 100644 index 0000000000..849feda5ec --- /dev/null +++ b/crypto/x509/v3_no_rev_avail.c @@ -0,0 +1,53 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static int i2r_NO_REV_AVAIL(X509V3_EXT_METHOD *method, + void *su, BIO *out, + int indent) +{ + return 1; +} + +static void *r2i_NO_REV_AVAIL(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *value) +{ + return ASN1_NULL_new(); +} + +static char *i2s_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, void *val) +{ + return OPENSSL_strdup("NULL"); +} + +static void *s2i_NO_REV_AVAIL(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +/* + * The noRevAvail X.509v3 extension is defined in ITU Recommendation X.509 + * (2019), Section 17.2.2.7. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en. + */ +const X509V3_EXT_METHOD ossl_v3_no_rev_avail = { + NID_no_rev_avail, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_NO_REV_AVAIL, + (X509V3_EXT_S2I)s2i_NO_REV_AVAIL, + 0, 0, + (X509V3_EXT_I2R)i2r_NO_REV_AVAIL, + (X509V3_EXT_R2I)r2i_NO_REV_AVAIL, + NULL +}; diff --git a/crypto/x509/v3_single_use.c b/crypto/x509/v3_single_use.c new file mode 100644 index 0000000000..50da6e1770 --- /dev/null +++ b/crypto/x509/v3_single_use.c @@ -0,0 +1,53 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static int i2r_SINGLE_USE(X509V3_EXT_METHOD *method, + void *su, BIO *out, + int indent) +{ + return 1; +} + +static void *r2i_SINGLE_USE(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *value) +{ + return ASN1_NULL_new(); +} + +static char *i2s_SINGLE_USE(const X509V3_EXT_METHOD *method, void *val) +{ + return OPENSSL_strdup("NULL"); +} + +static void *s2i_SINGLE_USE(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +/* + * The singleUse X.509v3 extension is defined in ITU Recommendation X.509 + * (2019), Section 17.1.2.5. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en. + */ +const X509V3_EXT_METHOD ossl_v3_single_use = { + NID_single_use, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_SINGLE_USE, + (X509V3_EXT_S2I)s2i_SINGLE_USE, + 0, 0, + (X509V3_EXT_I2R)i2r_SINGLE_USE, + (X509V3_EXT_R2I)r2i_SINGLE_USE, + NULL +}; diff --git a/crypto/x509/v3_soa_id.c b/crypto/x509/v3_soa_id.c new file mode 100644 index 0000000000..8be5bd8aa5 --- /dev/null +++ b/crypto/x509/v3_soa_id.c @@ -0,0 +1,53 @@ +/* + * Copyright 2023 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/asn1.h> +#include <openssl/asn1t.h> +#include <openssl/x509v3.h> +#include "ext_dat.h" + +static int i2r_SOA_IDENTIFIER(X509V3_EXT_METHOD *method, + void *su, BIO *out, + int indent) +{ + return 1; +} + +static void *r2i_SOA_IDENTIFIER(X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, const char *value) +{ + return ASN1_NULL_new(); +} + +static char *i2s_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, void *val) +{ + return OPENSSL_strdup("NULL"); +} + +static void *s2i_SOA_IDENTIFIER(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, const char *str) +{ + return ASN1_NULL_new(); +} + +/* + * The sOAIdentifier X.509v3 extension is defined in ITU Recommendation X.509 + * (2019), Section 17.3.2.1.1. See: https://www.itu.int/rec/T-REC-X.509-201910-I/en. + */ +const X509V3_EXT_METHOD ossl_v3_soa_identifier = { + NID_soa_identifier, 0, ASN1_ITEM_ref(ASN1_NULL), + 0, 0, 0, 0, + (X509V3_EXT_I2S)i2s_SOA_IDENTIFIER, + (X509V3_EXT_S2I)s2i_SOA_IDENTIFIER, + 0, 0, + (X509V3_EXT_I2R)i2r_SOA_IDENTIFIER, + (X509V3_EXT_R2I)r2i_SOA_IDENTIFIER, + NULL +}; |