Add IETFAttrSyntax type support

The IETFAtrrSyntax type is used for the values of several attributes
defined in RFC 5755 for use with attribute certificates.
Specifically this type is used with the "Charging Identity" and
"Group" attributes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15857)

5 files changed, 158 insertions, 0 deletions

diff --git a/doc/build.info b/doc/build.info
index cc8bdef61d..373f61476e 100644
--- a/doc/build.info
+++ b/doc/build.info
@@ -1719,6 +1719,14 @@ DEPEND[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod
 GENERATE[html/man3/OSSL_HTTP_transfer.html]=man3/OSSL_HTTP_transfer.pod
 DEPEND[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod
 GENERATE[man/man3/OSSL_HTTP_transfer.3]=man3/OSSL_HTTP_transfer.pod
+DEPEND[html/man3/OSSL_IETF_ATTR_SYNTAX.html]=man3/OSSL_IETF_ATTR_SYNTAX.pod
+GENERATE[html/man3/OSSL_IETF_ATTR_SYNTAX.html]=man3/OSSL_IETF_ATTR_SYNTAX.pod
+DEPEND[man/man3/OSSL_IETF_ATTR_SYNTAX.3]=man3/OSSL_IETF_ATTR_SYNTAX.pod
+GENERATE[man/man3/OSSL_IETF_ATTR_SYNTAX.3]=man3/OSSL_IETF_ATTR_SYNTAX.pod
+DEPEND[html/man3/OSSL_IETF_ATTR_SYNTAX_print.html]=man3/OSSL_IETF_ATTR_SYNTAX_print.pod
+GENERATE[html/man3/OSSL_IETF_ATTR_SYNTAX_print.html]=man3/OSSL_IETF_ATTR_SYNTAX_print.pod
+DEPEND[man/man3/OSSL_IETF_ATTR_SYNTAX_print.3]=man3/OSSL_IETF_ATTR_SYNTAX_print.pod
+GENERATE[man/man3/OSSL_IETF_ATTR_SYNTAX_print.3]=man3/OSSL_IETF_ATTR_SYNTAX_print.pod
 DEPEND[html/man3/OSSL_ITEM.html]=man3/OSSL_ITEM.pod
 GENERATE[html/man3/OSSL_ITEM.html]=man3/OSSL_ITEM.pod
 DEPEND[man/man3/OSSL_ITEM.3]=man3/OSSL_ITEM.pod
@@ -3377,6 +3385,8 @@ html/man3/OSSL_HPKE_CTX_new.html \
 html/man3/OSSL_HTTP_REQ_CTX.html \
 html/man3/OSSL_HTTP_parse_url.html \
 html/man3/OSSL_HTTP_transfer.html \
+html/man3/OSSL_IETF_ATTR_SYNTAX.html \
+html/man3/OSSL_IETF_ATTR_SYNTAX_print.html \
 html/man3/OSSL_ITEM.html \
 html/man3/OSSL_LIB_CTX.html \
 html/man3/OSSL_PARAM.html \
@@ -4026,6 +4036,8 @@ man/man3/OSSL_HPKE_CTX_new.3 \
 man/man3/OSSL_HTTP_REQ_CTX.3 \
 man/man3/OSSL_HTTP_parse_url.3 \
 man/man3/OSSL_HTTP_transfer.3 \
+man/man3/OSSL_IETF_ATTR_SYNTAX.3 \
+man/man3/OSSL_IETF_ATTR_SYNTAX_print.3 \
 man/man3/OSSL_ITEM.3 \
 man/man3/OSSL_LIB_CTX.3 \
 man/man3/OSSL_PARAM.3 \
diff --git a/doc/man3/OSSL_IETF_ATTR_SYNTAX.pod b/doc/man3/OSSL_IETF_ATTR_SYNTAX.pod
new file mode 100644
index 0000000000..816ad799b0
--- /dev/null
+++ b/doc/man3/OSSL_IETF_ATTR_SYNTAX.pod
@@ -0,0 +1,97 @@
+=pod
+
+=head1 NAME
+
+OSSL_IETF_ATTR_SYNTAX,
+OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority,
+OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority,
+OSSL_IETF_ATTR_SYNTAX_get_value_num,
+OSSL_IETF_ATTR_SYNTAX_get0_value,
+OSSL_IETF_ATTR_SYNTAX_add1_value
+- Accessors and setters for OSSL_IETF_ATTR_SYNTAX
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_acert.h>
+
+ typedef struct OSSL_IETF_ATTR_SYNTAX_st OSSL_IETF_ATTR_SYNTAX;
+
+ const GENERAL_NAMES *
+ OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority(const OSSL_IETF_ATTR_SYNTAX *a);
+ void OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority(OSSL_IETF_ATTR_SYNTAX *a,
+                                                 GENERAL_NAMES *names);
+
+ int OSSL_IETF_ATTR_SYNTAX_get_value_num(const OSSL_IETF_ATTR_SYNTAX *a);
+ void *OSSL_IETF_ATTR_SYNTAX_get0_value(const OSSL_IETF_ATTR_SYNTAX *a,
+                                        int ind, int *type);
+ int OSSL_IETF_ATTR_SYNTAX_add1_value(OSSL_IETF_ATTR_SYNTAX *a, int type,
+                                      void *data);
+
+=head1 DESCRIPTION
+
+B<OSSL_IETF_ATTR_SYNTAX> is an opaque structure that represents the
+IetfAttrSyntax type defined in RFC 5755 (Section 4.4) for use
+as an AttributeValue.
+
+OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority() and OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority()
+get and set the policyAuthority field of the structure. Both routines act on
+internal pointers of the structure and must not be freed by the application.
+
+An B<OSSL_IETF_ATTR_SYNTAX> object also holds a sequence of values.
+OSSL_IETF_ATTR_SYNTAX_get_value_num() returns the number of values in the
+sequence.  OSSL_IETF_ATTR_SYNTAX_add1_value(), adds a copy of I<data> of a specified
+I<type> to the sequence.  The caller should free the I<data> after use.
+
+OSSL_IETF_ATTR_SYNTAX_get0_value() will return the value and a specific index I<ind>
+in the sequence or NULL on error.  If I<type> is not NULL, the type of the
+value will be written to this location.
+
+The I<type> of the values stored in the B<OSSL_IETF_ATTR_SYNTAX> value sequence is
+one of the following:
+
+=over 4
+
+=item OSSL_IETFAS_OCTETS
+
+A pointer to an ASN1_OCTET_STRING
+
+=item OSSL_IETFAS_OID
+
+A pointer to an ASN1_OBJECT
+
+=item OSSL_IETFAS_STRING
+
+A pointer to an ASN1_UTF8STRING
+
+=back
+
+=head1 RETURN VALUES
+
+OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority() returns an pointer to a
+B<GENERAL_NAMES> structure or B<NULL> if the policy authority has not been
+set.
+
+OSSL_IETF_ATTR_SYNTAX_get_value_num() returns the number of entries in the value
+sequence or -1 on error.
+
+OSSL_IETF_ATTR_SYNTAX_get0_value() returns a pointer to the value at the given index
+or NULL if the index is out of range.
+
+OSSL_IETF_ATTR_SYNTAX_add1_value() returns 1 on success and 0 on failure.
+
+=head1 HISTORY
+
+OSSL_IETF_ATTR_SYNTAX_get0_policyAuthority(), OSSL_IETF_ATTR_SYNTAX_set0_policyAuthority(),
+OSSL_IETF_ATTR_SYNTAX_get_value_num(), OSSL_IETF_ATTR_SYNTAX_get0_value(), and
+OSSL_IETF_ATTR_SYNTAX_add1_value() were added in OpenSSL 3.4.
+
+=head1 COPYRIGHT
+
+Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/OSSL_IETF_ATTR_SYNTAX_print.pod b/doc/man3/OSSL_IETF_ATTR_SYNTAX_print.pod
new file mode 100644
index 0000000000..6fa0ddae5e
--- /dev/null
+++ b/doc/man3/OSSL_IETF_ATTR_SYNTAX_print.pod
@@ -0,0 +1,41 @@
+=pod
+
+=head1 NAME
+
+OSSL_IETF_ATTR_SYNTAX_print - OSSL_IETF_ATTR_SYNTAX printing
+
+=head1 SYNOPSIS
+
+ #include <openssl/x509_acert.h>
+
+ int OSSL_IETF_ATTR_SYNTAX_print(BIO *bp, OSSL_IETF_ATTR_SYNTAX *a,
+                                 int indent);
+
+=head1 DESCRIPTION
+
+OSSL_IETF_ATTR_SYNTAX_print() prints a human readable version of I<a> to
+BIO I<bp>.
+Each line of the output is indented by I<indent> spaces.
+
+=head1 RETURN VALUES
+
+OSSL_IETF_ATTR_SYNTAX_print() return 1 on success or 0 on failure.
+
+=head1 SEE ALSO
+
+L<ASN1_STRING_print_ex(3)>
+
+=head1 HISTORY
+
+OSSL_IETF_ATTR_SYNTAX_print() was added in OpenSSL 3.4.
+
+=head1 COPYRIGHT
+
+Copyright 2021-2022 The OpenSSL Project Authors. All Rights Reserved.
+
+Licensed under the Apache License 2.0 (the "License").  You may not use
+this file except in compliance with the License.  You can obtain a copy
+in the file LICENSE in the source distribution or at
+L<https://www.openssl.org/source/license.html>.
+
+=cut
diff --git a/doc/man3/X509_dup.pod b/doc/man3/X509_dup.pod
index 621427e3fb..4ecd5c0830 100644
--- a/doc/man3/X509_dup.pod
+++ b/doc/man3/X509_dup.pod
@@ -79,6 +79,9 @@ GENERAL_NAME_free,
 GENERAL_NAME_new,
 GENERAL_SUBTREE_free,
 GENERAL_SUBTREE_new,
+OSSL_IETF_ATTR_SYNTAX_free,
+OSSL_IETF_ATTR_SYNTAX_it,
+OSSL_IETF_ATTR_SYNTAX_new,
 IPAddressChoice_free,
 IPAddressChoice_new,
 IPAddressFamily_free,
@@ -171,6 +174,9 @@ OSSL_CRMF_PKIPUBLICATIONINFO_new,
 OSSL_CRMF_SINGLEPUBINFO_free,
 OSSL_CRMF_SINGLEPUBINFO_it,
 OSSL_CRMF_SINGLEPUBINFO_new,
+OSSL_IETF_ATTR_SYNTAX_VALUE_free,
+OSSL_IETF_ATTR_SYNTAX_VALUE_it,
+OSSL_IETF_ATTR_SYNTAX_VALUE_new,
 OSSL_ISSUER_SERIAL_free,
 OSSL_ISSUER_SERIAL_new,
 OSSL_OBJECT_DIGEST_INFO_free,
diff --git a/doc/man3/d2i_X509.pod b/doc/man3/d2i_X509.pod
index 6c4464deb4..06f764ef8b 100644
--- a/doc/man3/d2i_X509.pod
+++ b/doc/man3/d2i_X509.pod
@@ -100,6 +100,7 @@ d2i_OSSL_CRMF_MSGS,
 d2i_OSSL_CRMF_PBMPARAMETER,
 d2i_OSSL_CRMF_PKIPUBLICATIONINFO,
 d2i_OSSL_CRMF_SINGLEPUBINFO,
+d2i_OSSL_IETF_ATTR_SYNTAX,
 d2i_OTHERNAME,
 d2i_PBE2PARAM,
 d2i_PBEPARAM,
@@ -274,6 +275,7 @@ i2d_OSSL_CRMF_MSGS,
 i2d_OSSL_CRMF_PBMPARAMETER,
 i2d_OSSL_CRMF_PKIPUBLICATIONINFO,
 i2d_OSSL_CRMF_SINGLEPUBINFO,
+i2d_OSSL_IETF_ATTR_SYNTAX,
 i2d_OTHERNAME,
 i2d_PBE2PARAM,
 i2d_PBEPARAM,