summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/x509v3/v3_alt.c
diff options
context:
space:
mode:
authorjsing <>2014-04-21 13:04:02 +0000
committerjsing <>2014-04-21 13:04:02 +0000
commit3a880eb2ba098077540eaaad8bae436dc2f546bb (patch)
tree07783cfbbde55bf969ec5774593a54462ebe763a /src/lib/libcrypto/x509v3/v3_alt.c
parenta13698710d1bf0bac4832733da5c86886601b5d4 (diff)
downloadopenbsd-3a880eb2ba098077540eaaad8bae436dc2f546bb.tar.gz
openbsd-3a880eb2ba098077540eaaad8bae436dc2f546bb.tar.bz2
openbsd-3a880eb2ba098077540eaaad8bae436dc2f546bb.zip
KNF.
Diffstat (limited to 'src/lib/libcrypto/x509v3/v3_alt.c')
-rw-r--r--src/lib/libcrypto/x509v3/v3_alt.c517
1 files changed, 268 insertions, 249 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index 636677df94..e61ed673c0 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -10,7 +10,7 @@
10 * are met: 10 * are met:
11 * 11 *
12 * 1. Redistributions of source code must retain the above copyright 12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer. 13 * notice, this list of conditions and the following disclaimer.
14 * 14 *
15 * 2. Redistributions in binary form must reproduce the above copyright 15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in 16 * notice, this list of conditions and the following disclaimer in
@@ -61,178 +61,181 @@
61#include <openssl/conf.h> 61#include <openssl/conf.h>
62#include <openssl/x509v3.h> 62#include <openssl/x509v3.h>
63 63
64static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 64static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
65static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); 65 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
67 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
66static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); 68static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
67static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); 69static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
68static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); 70static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
69static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx); 71static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
70 72
71const X509V3_EXT_METHOD v3_alt[] = { 73const X509V3_EXT_METHOD v3_alt[] = {
72{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 74 {
730,0,0,0, 75 NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
740,0, 76 0, 0, 0, 0,
75(X509V3_EXT_I2V)i2v_GENERAL_NAMES, 77 0, 0,
76(X509V3_EXT_V2I)v2i_subject_alt, 78 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
77NULL, NULL, NULL}, 79 (X509V3_EXT_V2I)v2i_subject_alt,
78 80 NULL, NULL, NULL
79{ NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 81 },
800,0,0,0, 82 {
810,0, 83 NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
82(X509V3_EXT_I2V)i2v_GENERAL_NAMES, 84 0, 0, 0, 0,
83(X509V3_EXT_V2I)v2i_issuer_alt, 85 0, 0,
84NULL, NULL, NULL}, 86 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
85 87 (X509V3_EXT_V2I)v2i_issuer_alt,
86{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), 88 NULL, NULL, NULL
870,0,0,0, 89 },
880,0, 90 {
89(X509V3_EXT_I2V)i2v_GENERAL_NAMES, 91 NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
90NULL, NULL, NULL, NULL}, 92 0, 0, 0, 0,
93 0, 0,
94 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
95 NULL, NULL, NULL, NULL
96 },
91}; 97};
92 98
93STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, 99STACK_OF(CONF_VALUE) *
94 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) 100i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, GENERAL_NAMES *gens,
101 STACK_OF(CONF_VALUE) *ret)
95{ 102{
96 int i; 103 int i;
97 GENERAL_NAME *gen; 104 GENERAL_NAME *gen;
98 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { 105
106 for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
99 gen = sk_GENERAL_NAME_value(gens, i); 107 gen = sk_GENERAL_NAME_value(gens, i);
100 ret = i2v_GENERAL_NAME(method, gen, ret); 108 ret = i2v_GENERAL_NAME(method, gen, ret);
101 } 109 }
102 if(!ret) return sk_CONF_VALUE_new_null(); 110 if (!ret)
111 return sk_CONF_VALUE_new_null();
103 return ret; 112 return ret;
104} 113}
105 114
106STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, 115STACK_OF(CONF_VALUE) *
107 GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) 116i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen,
117 STACK_OF(CONF_VALUE) *ret)
108{ 118{
109 unsigned char *p; 119 unsigned char *p;
110 char oline[256], htmp[5]; 120 char oline[256], htmp[5];
111 int i; 121 int i;
112 switch (gen->type) 122
113 { 123 switch (gen->type) {
114 case GEN_OTHERNAME: 124 case GEN_OTHERNAME:
115 X509V3_add_value("othername","<unsupported>", &ret); 125 X509V3_add_value("othername", "<unsupported>", &ret);
116 break; 126 break;
117 127
118 case GEN_X400: 128 case GEN_X400:
119 X509V3_add_value("X400Name","<unsupported>", &ret); 129 X509V3_add_value("X400Name", "<unsupported>", &ret);
120 break; 130 break;
121 131
122 case GEN_EDIPARTY: 132 case GEN_EDIPARTY:
123 X509V3_add_value("EdiPartyName","<unsupported>", &ret); 133 X509V3_add_value("EdiPartyName", "<unsupported>", &ret);
124 break; 134 break;
125 135
126 case GEN_EMAIL: 136 case GEN_EMAIL:
127 X509V3_add_value_uchar("email",gen->d.ia5->data, &ret); 137 X509V3_add_value_uchar("email", gen->d.ia5->data, &ret);
128 break; 138 break;
129 139
130 case GEN_DNS: 140 case GEN_DNS:
131 X509V3_add_value_uchar("DNS",gen->d.ia5->data, &ret); 141 X509V3_add_value_uchar("DNS", gen->d.ia5->data, &ret);
132 break; 142 break;
133 143
134 case GEN_URI: 144 case GEN_URI:
135 X509V3_add_value_uchar("URI",gen->d.ia5->data, &ret); 145 X509V3_add_value_uchar("URI", gen->d.ia5->data, &ret);
136 break; 146 break;
137 147
138 case GEN_DIRNAME: 148 case GEN_DIRNAME:
139 X509_NAME_oneline(gen->d.dirn, oline, 256); 149 X509_NAME_oneline(gen->d.dirn, oline, 256);
140 X509V3_add_value("DirName",oline, &ret); 150 X509V3_add_value("DirName", oline, &ret);
141 break; 151 break;
142 152
143 case GEN_IPADD: 153 case GEN_IPADD:
144 p = gen->d.ip->data; 154 p = gen->d.ip->data;
145 if(gen->d.ip->length == 4) 155 if (gen->d.ip->length == 4)
146 (void) snprintf(oline, sizeof oline, 156 (void) snprintf(oline, sizeof oline,
147 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]); 157 "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
148 else if(gen->d.ip->length == 16) 158 else if (gen->d.ip->length == 16) {
149 {
150 oline[0] = 0; 159 oline[0] = 0;
151 for (i = 0; i < 8; i++) 160 for (i = 0; i < 8; i++) {
152 {
153 (void) snprintf(htmp, sizeof htmp, 161 (void) snprintf(htmp, sizeof htmp,
154 "%X", p[0] << 8 | p[1]); 162 "%X", p[0] << 8 | p[1]);
155 p += 2; 163 p += 2;
156 strlcat(oline, htmp, sizeof(oline)); 164 strlcat(oline, htmp, sizeof(oline));
157 if (i != 7) 165 if (i != 7)
158 strlcat(oline, ":", sizeof(oline)); 166 strlcat(oline, ":", sizeof(oline));
159 }
160 } 167 }
161 else 168 } else {
162 { 169 X509V3_add_value("IP Address", "<invalid>", &ret);
163 X509V3_add_value("IP Address","<invalid>", &ret);
164 break; 170 break;
165 } 171 }
166 X509V3_add_value("IP Address",oline, &ret); 172 X509V3_add_value("IP Address", oline, &ret);
167 break; 173 break;
168 174
169 case GEN_RID: 175 case GEN_RID:
170 i2t_ASN1_OBJECT(oline, 256, gen->d.rid); 176 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
171 X509V3_add_value("Registered ID",oline, &ret); 177 X509V3_add_value("Registered ID", oline, &ret);
172 break; 178 break;
173 } 179 }
174 return ret; 180 return ret;
175} 181}
176 182
177int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) 183int
184GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
178{ 185{
179 unsigned char *p; 186 unsigned char *p;
180 int i; 187 int i;
181 switch (gen->type) 188
182 { 189 switch (gen->type) {
183 case GEN_OTHERNAME: 190 case GEN_OTHERNAME:
184 BIO_printf(out, "othername:<unsupported>"); 191 BIO_printf(out, "othername:<unsupported>");
185 break; 192 break;
186 193
187 case GEN_X400: 194 case GEN_X400:
188 BIO_printf(out, "X400Name:<unsupported>"); 195 BIO_printf(out, "X400Name:<unsupported>");
189 break; 196 break;
190 197
191 case GEN_EDIPARTY: 198 case GEN_EDIPARTY:
192 /* Maybe fix this: it is supported now */ 199 /* Maybe fix this: it is supported now */
193 BIO_printf(out, "EdiPartyName:<unsupported>"); 200 BIO_printf(out, "EdiPartyName:<unsupported>");
194 break; 201 break;
195 202
196 case GEN_EMAIL: 203 case GEN_EMAIL:
197 BIO_printf(out, "email:%s",gen->d.ia5->data); 204 BIO_printf(out, "email:%s", gen->d.ia5->data);
198 break; 205 break;
199 206
200 case GEN_DNS: 207 case GEN_DNS:
201 BIO_printf(out, "DNS:%s",gen->d.ia5->data); 208 BIO_printf(out, "DNS:%s", gen->d.ia5->data);
202 break; 209 break;
203 210
204 case GEN_URI: 211 case GEN_URI:
205 BIO_printf(out, "URI:%s",gen->d.ia5->data); 212 BIO_printf(out, "URI:%s", gen->d.ia5->data);
206 break; 213 break;
207 214
208 case GEN_DIRNAME: 215 case GEN_DIRNAME:
209 BIO_printf(out, "DirName: "); 216 BIO_printf(out, "DirName: ");
210 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); 217 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
211 break; 218 break;
212 219
213 case GEN_IPADD: 220 case GEN_IPADD:
214 p = gen->d.ip->data; 221 p = gen->d.ip->data;
215 if(gen->d.ip->length == 4) 222 if (gen->d.ip->length == 4)
216 BIO_printf(out, "IP Address:%d.%d.%d.%d", 223 BIO_printf(out, "IP Address:%d.%d.%d.%d",
217 p[0], p[1], p[2], p[3]); 224 p[0], p[1], p[2], p[3]);
218 else if(gen->d.ip->length == 16) 225 else if (gen->d.ip->length == 16) {
219 {
220 BIO_printf(out, "IP Address"); 226 BIO_printf(out, "IP Address");
221 for (i = 0; i < 8; i++) 227 for (i = 0; i < 8; i++) {
222 {
223 BIO_printf(out, ":%X", p[0] << 8 | p[1]); 228 BIO_printf(out, ":%X", p[0] << 8 | p[1]);
224 p += 2; 229 p += 2;
225 }
226 BIO_puts(out, "\n");
227 } 230 }
228 else 231 BIO_puts(out, "\n");
229 { 232 } else {
230 BIO_printf(out,"IP Address:<invalid>"); 233 BIO_printf(out, "IP Address:<invalid>");
231 break; 234 break;
232 } 235 }
233 break; 236 break;
234 237
235 case GEN_RID: 238 case GEN_RID:
236 BIO_printf(out, "Registered ID"); 239 BIO_printf(out, "Registered ID");
237 i2a_ASN1_OBJECT(out, gen->d.rid); 240 i2a_ASN1_OBJECT(out, gen->d.rid);
238 break; 241 break;
@@ -240,333 +243,348 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
240 return 1; 243 return 1;
241} 244}
242 245
243static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, 246static GENERAL_NAMES *
244 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 247v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
248 STACK_OF(CONF_VALUE) *nval)
245{ 249{
246 GENERAL_NAMES *gens = NULL; 250 GENERAL_NAMES *gens = NULL;
247 CONF_VALUE *cnf; 251 CONF_VALUE *cnf;
248 int i; 252 int i;
249 if(!(gens = sk_GENERAL_NAME_new_null())) { 253
250 X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE); 254 if (!(gens = sk_GENERAL_NAME_new_null())) {
255 X509V3err(X509V3_F_V2I_ISSUER_ALT, ERR_R_MALLOC_FAILURE);
251 return NULL; 256 return NULL;
252 } 257 }
253 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 258 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
254 cnf = sk_CONF_VALUE_value(nval, i); 259 cnf = sk_CONF_VALUE_value(nval, i);
255 if(!name_cmp(cnf->name, "issuer") && cnf->value && 260 if (!name_cmp(cnf->name, "issuer") && cnf->value &&
256 !strcmp(cnf->value, "copy")) { 261 !strcmp(cnf->value, "copy")) {
257 if(!copy_issuer(ctx, gens)) goto err; 262 if (!copy_issuer(ctx, gens))
263 goto err;
258 } else { 264 } else {
259 GENERAL_NAME *gen; 265 GENERAL_NAME *gen;
260 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) 266 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
261 goto err; 267 goto err;
262 sk_GENERAL_NAME_push(gens, gen); 268 sk_GENERAL_NAME_push(gens, gen);
263 } 269 }
264 } 270 }
265 return gens; 271 return gens;
266 err: 272
273err:
267 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); 274 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
268 return NULL; 275 return NULL;
269} 276}
270 277
271/* Append subject altname of issuer to issuer alt name of subject */ 278/* Append subject altname of issuer to issuer alt name of subject */
272 279
273static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) 280static int
281copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
274{ 282{
275 GENERAL_NAMES *ialt; 283 GENERAL_NAMES *ialt;
276 GENERAL_NAME *gen; 284 GENERAL_NAME *gen;
277 X509_EXTENSION *ext; 285 X509_EXTENSION *ext;
278 int i; 286 int i;
279 if(ctx && (ctx->flags == CTX_TEST)) return 1; 287
280 if(!ctx || !ctx->issuer_cert) { 288 if (ctx && (ctx->flags == CTX_TEST))
281 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_NO_ISSUER_DETAILS); 289 return 1;
290 if (!ctx || !ctx->issuer_cert) {
291 X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_NO_ISSUER_DETAILS);
282 goto err; 292 goto err;
283 } 293 }
284 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1); 294 i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
285 if(i < 0) return 1; 295 if (i < 0)
286 if(!(ext = X509_get_ext(ctx->issuer_cert, i)) || 296 return 1;
287 !(ialt = X509V3_EXT_d2i(ext)) ) { 297 if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
288 X509V3err(X509V3_F_COPY_ISSUER,X509V3_R_ISSUER_DECODE_ERROR); 298 !(ialt = X509V3_EXT_d2i(ext))) {
299 X509V3err(X509V3_F_COPY_ISSUER, X509V3_R_ISSUER_DECODE_ERROR);
289 goto err; 300 goto err;
290 } 301 }
291 302
292 for(i = 0; i < sk_GENERAL_NAME_num(ialt); i++) { 303 for (i = 0; i < sk_GENERAL_NAME_num(ialt); i++) {
293 gen = sk_GENERAL_NAME_value(ialt, i); 304 gen = sk_GENERAL_NAME_value(ialt, i);
294 if(!sk_GENERAL_NAME_push(gens, gen)) { 305 if (!sk_GENERAL_NAME_push(gens, gen)) {
295 X509V3err(X509V3_F_COPY_ISSUER,ERR_R_MALLOC_FAILURE); 306 X509V3err(X509V3_F_COPY_ISSUER, ERR_R_MALLOC_FAILURE);
296 goto err; 307 goto err;
297 } 308 }
298 } 309 }
299 sk_GENERAL_NAME_free(ialt); 310 sk_GENERAL_NAME_free(ialt);
300 311
301 return 1; 312 return 1;
302 313
303 err: 314err:
304 return 0; 315 return 0;
305 316
306} 317}
307 318
308static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, 319static GENERAL_NAMES *
309 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 320v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
321 STACK_OF(CONF_VALUE) *nval)
310{ 322{
311 GENERAL_NAMES *gens = NULL; 323 GENERAL_NAMES *gens = NULL;
312 CONF_VALUE *cnf; 324 CONF_VALUE *cnf;
313 int i; 325 int i;
314 if(!(gens = sk_GENERAL_NAME_new_null())) { 326
315 X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE); 327 if (!(gens = sk_GENERAL_NAME_new_null())) {
328 X509V3err(X509V3_F_V2I_SUBJECT_ALT, ERR_R_MALLOC_FAILURE);
316 return NULL; 329 return NULL;
317 } 330 }
318 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 331 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
319 cnf = sk_CONF_VALUE_value(nval, i); 332 cnf = sk_CONF_VALUE_value(nval, i);
320 if(!name_cmp(cnf->name, "email") && cnf->value && 333 if (!name_cmp(cnf->name, "email") && cnf->value &&
321 !strcmp(cnf->value, "copy")) { 334 !strcmp(cnf->value, "copy")) {
322 if(!copy_email(ctx, gens, 0)) goto err; 335 if (!copy_email(ctx, gens, 0))
323 } else if(!name_cmp(cnf->name, "email") && cnf->value && 336 goto err;
324 !strcmp(cnf->value, "move")) { 337 } else if (!name_cmp(cnf->name, "email") && cnf->value &&
325 if(!copy_email(ctx, gens, 1)) goto err; 338 !strcmp(cnf->value, "move")) {
339 if (!copy_email(ctx, gens, 1))
340 goto err;
326 } else { 341 } else {
327 GENERAL_NAME *gen; 342 GENERAL_NAME *gen;
328 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) 343 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
329 goto err; 344 goto err;
330 sk_GENERAL_NAME_push(gens, gen); 345 sk_GENERAL_NAME_push(gens, gen);
331 } 346 }
332 } 347 }
333 return gens; 348 return gens;
334 err: 349
350err:
335 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); 351 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
336 return NULL; 352 return NULL;
337} 353}
338 354
339/* Copy any email addresses in a certificate or request to 355/* Copy any email addresses in a certificate or request to
340 * GENERAL_NAMES 356 * GENERAL_NAMES
341 */ 357 */
342 358
343static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) 359static int
360copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
344{ 361{
345 X509_NAME *nm; 362 X509_NAME *nm;
346 ASN1_IA5STRING *email = NULL; 363 ASN1_IA5STRING *email = NULL;
347 X509_NAME_ENTRY *ne; 364 X509_NAME_ENTRY *ne;
348 GENERAL_NAME *gen = NULL; 365 GENERAL_NAME *gen = NULL;
349 int i; 366 int i;
350 if(ctx != NULL && ctx->flags == CTX_TEST) 367
368 if (ctx != NULL && ctx->flags == CTX_TEST)
351 return 1; 369 return 1;
352 if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) { 370 if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
353 X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS); 371 X509V3err(X509V3_F_COPY_EMAIL, X509V3_R_NO_SUBJECT_DETAILS);
354 goto err; 372 goto err;
355 } 373 }
356 /* Find the subject name */ 374 /* Find the subject name */
357 if(ctx->subject_cert) nm = X509_get_subject_name(ctx->subject_cert); 375 if (ctx->subject_cert)
358 else nm = X509_REQ_get_subject_name(ctx->subject_req); 376 nm = X509_get_subject_name(ctx->subject_cert);
377 else
378 nm = X509_REQ_get_subject_name(ctx->subject_req);
359 379
360 /* Now add any email address(es) to STACK */ 380 /* Now add any email address(es) to STACK */
361 i = -1; 381 i = -1;
362 while((i = X509_NAME_get_index_by_NID(nm, 382 while ((i = X509_NAME_get_index_by_NID(nm,
363 NID_pkcs9_emailAddress, i)) >= 0) { 383 NID_pkcs9_emailAddress, i)) >= 0) {
364 ne = X509_NAME_get_entry(nm, i); 384 ne = X509_NAME_get_entry(nm, i);
365 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); 385 email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne));
366 if (move_p) 386 if (move_p) {
367 { 387 X509_NAME_delete_entry(nm, i);
368 X509_NAME_delete_entry(nm, i);
369 X509_NAME_ENTRY_free(ne); 388 X509_NAME_ENTRY_free(ne);
370 i--; 389 i--;
371 } 390 }
372 if(!email || !(gen = GENERAL_NAME_new())) { 391 if (!email || !(gen = GENERAL_NAME_new())) {
373 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); 392 X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
374 goto err; 393 goto err;
375 } 394 }
376 gen->d.ia5 = email; 395 gen->d.ia5 = email;
377 email = NULL; 396 email = NULL;
378 gen->type = GEN_EMAIL; 397 gen->type = GEN_EMAIL;
379 if(!sk_GENERAL_NAME_push(gens, gen)) { 398 if (!sk_GENERAL_NAME_push(gens, gen)) {
380 X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); 399 X509V3err(X509V3_F_COPY_EMAIL, ERR_R_MALLOC_FAILURE);
381 goto err; 400 goto err;
382 } 401 }
383 gen = NULL; 402 gen = NULL;
384 } 403 }
385 404
386
387 return 1; 405 return 1;
388 406
389 err: 407err:
390 GENERAL_NAME_free(gen); 408 GENERAL_NAME_free(gen);
391 M_ASN1_IA5STRING_free(email); 409 M_ASN1_IA5STRING_free(email);
392 return 0; 410 return 0;
393
394} 411}
395 412
396GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, 413GENERAL_NAMES *
397 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) 414v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
415 STACK_OF(CONF_VALUE) *nval)
398{ 416{
399 GENERAL_NAME *gen; 417 GENERAL_NAME *gen;
400 GENERAL_NAMES *gens = NULL; 418 GENERAL_NAMES *gens = NULL;
401 CONF_VALUE *cnf; 419 CONF_VALUE *cnf;
402 int i; 420 int i;
403 if(!(gens = sk_GENERAL_NAME_new_null())) { 421
404 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); 422 if (!(gens = sk_GENERAL_NAME_new_null())) {
423 X509V3err(X509V3_F_V2I_GENERAL_NAMES, ERR_R_MALLOC_FAILURE);
405 return NULL; 424 return NULL;
406 } 425 }
407 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { 426 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
408 cnf = sk_CONF_VALUE_value(nval, i); 427 cnf = sk_CONF_VALUE_value(nval, i);
409 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; 428 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf)))
429 goto err;
410 sk_GENERAL_NAME_push(gens, gen); 430 sk_GENERAL_NAME_push(gens, gen);
411 } 431 }
412 return gens; 432 return gens;
413 err: 433
434err:
414 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); 435 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
415 return NULL; 436 return NULL;
416} 437}
417 438
418GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 439GENERAL_NAME *
419 CONF_VALUE *cnf) 440v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
420 { 441 CONF_VALUE *cnf)
442{
421 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); 443 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
422 } 444}
423 445
424GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, 446GENERAL_NAME *
425 const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, 447a2i_GENERAL_NAME(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
426 int gen_type, char *value, int is_nc) 448 X509V3_CTX *ctx, int gen_type, char *value, int is_nc)
427 { 449{
428 char is_string = 0; 450 char is_string = 0;
429 GENERAL_NAME *gen = NULL; 451 GENERAL_NAME *gen = NULL;
430 452
431 if(!value) 453 if (!value) {
432 { 454 X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE);
433 X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
434 return NULL; 455 return NULL;
435 } 456 }
436 457
437 if (out) 458 if (out)
438 gen = out; 459 gen = out;
439 else 460 else {
440 {
441 gen = GENERAL_NAME_new(); 461 gen = GENERAL_NAME_new();
442 if(gen == NULL) 462 if (gen == NULL) {
443 { 463 X509V3err(X509V3_F_A2I_GENERAL_NAME,
444 X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); 464 ERR_R_MALLOC_FAILURE);
445 return NULL; 465 return NULL;
446 }
447 } 466 }
467 }
448 468
449 switch (gen_type) 469 switch (gen_type) {
450 { 470 case GEN_URI:
451 case GEN_URI: 471 case GEN_EMAIL:
452 case GEN_EMAIL: 472 case GEN_DNS:
453 case GEN_DNS:
454 is_string = 1; 473 is_string = 1;
455 break; 474 break;
456 475
457 case GEN_RID: 476 case GEN_RID:
458 { 477 {
459 ASN1_OBJECT *obj; 478 ASN1_OBJECT *obj;
460 if(!(obj = OBJ_txt2obj(value,0))) 479 if (!(obj = OBJ_txt2obj(value, 0))) {
461 { 480 X509V3err(X509V3_F_A2I_GENERAL_NAME,
462 X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT); 481 X509V3_R_BAD_OBJECT);
463 ERR_add_error_data(2, "value=", value); 482 ERR_add_error_data(2, "value=", value);
464 goto err; 483 goto err;
465 } 484 }
466 gen->d.rid = obj; 485 gen->d.rid = obj;
467 } 486 }
468 break; 487 break;
469 488
470 case GEN_IPADD: 489 case GEN_IPADD:
471 if (is_nc) 490 if (is_nc)
472 gen->d.ip = a2i_IPADDRESS_NC(value); 491 gen->d.ip = a2i_IPADDRESS_NC(value);
473 else 492 else
474 gen->d.ip = a2i_IPADDRESS(value); 493 gen->d.ip = a2i_IPADDRESS(value);
475 if(gen->d.ip == NULL) 494 if (gen->d.ip == NULL) {
476 { 495 X509V3err(X509V3_F_A2I_GENERAL_NAME,
477 X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS); 496 X509V3_R_BAD_IP_ADDRESS);
478 ERR_add_error_data(2, "value=", value); 497 ERR_add_error_data(2, "value=", value);
479 goto err; 498 goto err;
480 } 499 }
481 break; 500 break;
482 501
483 case GEN_DIRNAME: 502 case GEN_DIRNAME:
484 if (!do_dirname(gen, value, ctx)) 503 if (!do_dirname(gen, value, ctx)) {
485 { 504 X509V3err(X509V3_F_A2I_GENERAL_NAME,
486 X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR); 505 X509V3_R_DIRNAME_ERROR);
487 goto err; 506 goto err;
488 } 507 }
489 break; 508 break;
490 509
491 case GEN_OTHERNAME: 510 case GEN_OTHERNAME:
492 if (!do_othername(gen, value, ctx)) 511 if (!do_othername(gen, value, ctx)) {
493 { 512 X509V3err(X509V3_F_A2I_GENERAL_NAME,
494 X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR); 513 X509V3_R_OTHERNAME_ERROR);
495 goto err; 514 goto err;
496 } 515 }
497 break; 516 break;
498 default: 517
499 X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE); 518 default:
519 X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE);
500 goto err; 520 goto err;
501 } 521 }
502 522
503 if(is_string) 523 if (is_string) {
504 { 524 if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
505 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || 525 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
506 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, 526 strlen(value))) {
507 strlen(value))) 527 X509V3err(X509V3_F_A2I_GENERAL_NAME,
508 { 528 ERR_R_MALLOC_FAILURE);
509 X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
510 goto err; 529 goto err;
511 }
512 } 530 }
531 }
513 532
514 gen->type = gen_type; 533 gen->type = gen_type;
515 534
516 return gen; 535 return gen;
517 536
518 err: 537err:
519 if (!out) 538 if (!out)
520 GENERAL_NAME_free(gen); 539 GENERAL_NAME_free(gen);
521 return NULL; 540 return NULL;
522 } 541}
523 542
524GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, 543GENERAL_NAME *
525 const X509V3_EXT_METHOD *method, 544v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
526 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) 545 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
527 { 546{
528 int type; 547 int type;
529
530 char *name, *value; 548 char *name, *value;
531 549
532 name = cnf->name; 550 name = cnf->name;
533 value = cnf->value; 551 value = cnf->value;
534 552
535 if(!value) 553 if (!value) {
536 { 554 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE);
537 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
538 return NULL; 555 return NULL;
539 } 556 }
540 557
541 if(!name_cmp(name, "email")) 558 if (!name_cmp(name, "email"))
542 type = GEN_EMAIL; 559 type = GEN_EMAIL;
543 else if(!name_cmp(name, "URI")) 560 else if (!name_cmp(name, "URI"))
544 type = GEN_URI; 561 type = GEN_URI;
545 else if(!name_cmp(name, "DNS")) 562 else if (!name_cmp(name, "DNS"))
546 type = GEN_DNS; 563 type = GEN_DNS;
547 else if(!name_cmp(name, "RID")) 564 else if (!name_cmp(name, "RID"))
548 type = GEN_RID; 565 type = GEN_RID;
549 else if(!name_cmp(name, "IP")) 566 else if (!name_cmp(name, "IP"))
550 type = GEN_IPADD; 567 type = GEN_IPADD;
551 else if(!name_cmp(name, "dirName")) 568 else if (!name_cmp(name, "dirName"))
552 type = GEN_DIRNAME; 569 type = GEN_DIRNAME;
553 else if(!name_cmp(name, "otherName")) 570 else if (!name_cmp(name, "otherName"))
554 type = GEN_OTHERNAME; 571 type = GEN_OTHERNAME;
555 else 572 else {
556 { 573 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,
557 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION); 574 X509V3_R_UNSUPPORTED_OPTION);
558 ERR_add_error_data(2, "name=", name); 575 ERR_add_error_data(2, "name=", name);
559 return NULL; 576 return NULL;
560 } 577 }
561 578
562 return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); 579 return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
580}
563 581
564 } 582static int
565 583do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
566static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) 584{
567 {
568 char *objtmp = NULL, *p; 585 char *objtmp = NULL, *p;
569 int objlen; 586 int objlen;
587
570 if (!(p = strchr(value, ';'))) 588 if (!(p = strchr(value, ';')))
571 return 0; 589 return 0;
572 if (!(gen->d.otherName = OTHERNAME_new())) 590 if (!(gen->d.otherName = OTHERNAME_new()))
@@ -588,29 +606,30 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
588 if (!gen->d.otherName->type_id) 606 if (!gen->d.otherName->type_id)
589 return 0; 607 return 0;
590 return 1; 608 return 1;
591 } 609}
592 610
593static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) 611static int
594 { 612do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
613{
595 int ret; 614 int ret;
596 STACK_OF(CONF_VALUE) *sk; 615 STACK_OF(CONF_VALUE) *sk;
597 X509_NAME *nm; 616 X509_NAME *nm;
617
598 if (!(nm = X509_NAME_new())) 618 if (!(nm = X509_NAME_new()))
599 return 0; 619 return 0;
600 sk = X509V3_get_section(ctx, value); 620 sk = X509V3_get_section(ctx, value);
601 if (!sk) 621 if (!sk) {
602 { 622 X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND);
603 X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
604 ERR_add_error_data(2, "section=", value); 623 ERR_add_error_data(2, "section=", value);
605 X509_NAME_free(nm); 624 X509_NAME_free(nm);
606 return 0; 625 return 0;
607 } 626 }
608 /* FIXME: should allow other character types... */ 627 /* FIXME: should allow other character types... */
609 ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); 628 ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
610 if (!ret) 629 if (!ret)
611 X509_NAME_free(nm); 630 X509_NAME_free(nm);
612 gen->d.dirn = nm; 631 gen->d.dirn = nm;
613 X509V3_section_free(ctx, sk); 632 X509V3_section_free(ctx, sk);
614 633
615 return ret; 634 return ret;
616 } 635}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-28 18:21:47 +0000