From 0444c52a5ff3c2c09f8d7f0f5b464e10231de032 Mon Sep 17 00:00:00 2001 From: Marek Klein Date: Thu, 21 Jan 2016 18:43:57 +0000 Subject: [PATCH] explicitText encoding Reviewed-by: Richard Levitte Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/576) --- crypto/x509v3/v3_cpols.c | 49 ++++++++++++++++++++++++++++++++++---- doc/man5/x509v3_config.pod | 6 +++++ 2 files changed, 51 insertions(+), 4 deletions(-) diff --git a/crypto/x509v3/v3_cpols.c b/crypto/x509v3/v3_cpols.c index 22c56ba380..ea65e0720b 100644 --- a/crypto/x509v3/v3_cpols.c +++ b/crypto/x509v3/v3_cpols.c @@ -31,6 +31,8 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org); static int nref_nos(STACK_OF(ASN1_INTEGER) *nnums, STACK_OF(CONF_VALUE) *nos); +static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len); +static int displaytext_get_tag_len(const char *tagstr); const X509V3_EXT_METHOD v3_cpols = { NID_certificate_policies, 0, ASN1_ITEM_ref(CERTIFICATEPOLICIES), @@ -242,13 +244,48 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, } +static int displaytext_get_tag_len(const char *tagstr) +{ + char *colon = strchr(tagstr, ':'); + + return (colon == NULL) ? -1 : colon - tagstr; +} + +static int displaytext_str2tag(const char *tagstr, unsigned int *tag_len) +{ + int len; + + *tag_len = 0; + len = displaytext_get_tag_len(tagstr); + + if (len == -1) + return V_ASN1_VISIBLESTRING; + *tag_len = len; + if (len == sizeof("UTF8") - 1 && strncmp(tagstr, "UTF8", len) == 0) + return V_ASN1_UTF8STRING; + if (len == sizeof("UTF8String") - 1 && strncmp(tagstr, "UTF8String", len) == 0) + return V_ASN1_UTF8STRING; + if (len == sizeof("BMP") - 1 && strncmp(tagstr, "BMP", len) == 0) + return V_ASN1_BMPSTRING; + if (len == sizeof("BMPSTRING") - 1 && strncmp(tagstr, "BMPSTRING", len) == 0) + return V_ASN1_BMPSTRING; + if (len == sizeof("VISIBLE") - 1 && strncmp(tagstr, "VISIBLE", len) == 0) + return V_ASN1_VISIBLESTRING; + if (len == sizeof("VISIBLESTRING") - 1 && strncmp(tagstr, "VISIBLESTRING", len) == 0) + return V_ASN1_VISIBLESTRING; + *tag_len = 0; + return V_ASN1_VISIBLESTRING; +} + static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *unot, int ia5org) { - int i, ret; + int i, ret, len, tag; + unsigned int tag_len; CONF_VALUE *cnf; USERNOTICE *not; POLICYQUALINFO *qual; + char *value = NULL; if ((qual = POLICYQUALINFO_new()) == NULL) goto merr; @@ -261,11 +298,15 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, qual->d.usernotice = not; for (i = 0; i < sk_CONF_VALUE_num(unot); i++) { cnf = sk_CONF_VALUE_value(unot, i); + value = cnf->value; if (strcmp(cnf->name, "explicitText") == 0) { - if ((not->exptext = ASN1_VISIBLESTRING_new()) == NULL) + tag = displaytext_str2tag(value, &tag_len); + if ((not->exptext = ASN1_STRING_type_new(tag)) == NULL) goto merr; - if (!ASN1_STRING_set(not->exptext, cnf->value, - strlen(cnf->value))) + if (tag_len != 0) + value += tag_len + 1; + len = strlen(value); + if (!ASN1_STRING_set(not->exptext, value, len)) goto merr; } else if (strcmp(cnf->name, "organization") == 0) { NOTICEREF *nref; diff --git a/doc/man5/x509v3_config.pod b/doc/man5/x509v3_config.pod index 17800ea87b..0662326b2b 100644 --- a/doc/man5/x509v3_config.pod +++ b/doc/man5/x509v3_config.pod @@ -353,6 +353,12 @@ The B option changes the type of the I field. In RFC2459 it can only be of type DisplayText. In RFC3280 IA5Strring is also permissible. Some software (for example some versions of MSIE) may require ia5org. +ASN1 type of explicitText can be specified by prepending B, +B or B prefix followed by colon. For example: + + [notice] + explicitText="UTF8:Explicit Text Here" + =head2 Policy Constraints This is a multi-valued extension which consisting of the names