1 files changed, 83 insertions, 206 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index bb2f5bc54e..58b935a3b6 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,9 +1,9 @@
 /* v3_alt.c */
 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
- * project.
+ * project 1999.
 */
 /* ====================================================================
- * Copyright (c) 1999-2003 The OpenSSL Project.  All rights reserved.
+ * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -65,10 +65,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx
 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
+X509V3_EXT_METHOD v3_alt[] = {
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx);
-const X509V3_EXT_METHOD v3_alt[] = {
 { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
 0,0,0,0,
 0,0,
@@ -101,8 +98,7 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret)
 {
        unsigned char *p;
-        char oline[256], htmp[5];
+        char oline[256];
-        int i;
        switch (gen->type)
        {
                case GEN_OTHERNAME:
@@ -136,27 +132,13 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                case GEN_IPADD:
                p = gen->d.ip->data;
-                if(gen->d.ip->length == 4)
+                /* BUG: doesn't support IPV6 */
-                        BIO_snprintf(oline, sizeof oline,
+                if(gen->d.ip->length != 4) {
-                                     "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
-                else if(gen->d.ip->length == 16)
-                        {
-                        oline[0] = 0;
-                        for (i = 0; i < 8; i++)
-                                {
-                                BIO_snprintf(htmp, sizeof htmp,
-                                             "%X", p[0] << 8 | p[1]);
-                                p += 2;
-                                strcat(oline, htmp);
-                                if (i != 7)
-                                        strcat(oline, ":");
-                                }
-                        }
-                else
-                        {
                        X509V3_add_value("IP Address","<invalid>", &ret);
                        break;
-                        }
+                }
+                BIO_snprintf(oline, sizeof oline,
+                             "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
                X509V3_add_value("IP Address",oline, &ret);
                break;
@@ -171,7 +153,6 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
 {
        unsigned char *p;
-        int i;
        switch (gen->type)
        {
                case GEN_OTHERNAME:
@@ -206,24 +187,12 @@ int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
                case GEN_IPADD:
                p = gen->d.ip->data;
-                if(gen->d.ip->length == 4)
+                /* BUG: doesn't support IPV6 */
-                        BIO_printf(out, "IP Address:%d.%d.%d.%d",
+                if(gen->d.ip->length != 4) {
-                                                p[0], p[1], p[2], p[3]);
-                else if(gen->d.ip->length == 16)
-                        {
-                        BIO_printf(out, "IP Address");
-                        for (i = 0; i < 8; i++)
-                                {
-                                BIO_printf(out, ":%X", p[0] << 8 | p[1]);
-                                p += 2;
-                                }
-                        BIO_puts(out, "\n");
-                        }
-                else
-                        {
                        BIO_printf(out,"IP Address:<invalid>");
                        break;
-                        }
+                }
+                BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
                break;
                case GEN_RID:
@@ -241,7 +210,7 @@ static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -306,7 +275,7 @@ static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
        CONF_VALUE *cnf;
        int i;
        if(!(gens = sk_GENERAL_NAME_new_null())) {
-                X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);
+                X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
                return NULL;
        }
        for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -341,8 +310,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        X509_NAME_ENTRY *ne;
        GENERAL_NAME *gen = NULL;
        int i;
-        if(ctx != NULL && ctx->flags == CTX_TEST)
+        if(ctx->flags == CTX_TEST) return 1;
-                return 1;
        if(!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
                X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
                goto err;
@@ -410,172 +378,81 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
                                                         CONF_VALUE *cnf)
-        {
+{
-        return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
+char is_string = 0;
-        }
+int type;
+GENERAL_NAME *gen = NULL;
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                                X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                                                 CONF_VALUE *cnf, int is_nc)
-        {
-        char is_string = 0;
-        int type;
-        GENERAL_NAME *gen = NULL;
-        char *name, *value;
+char *name, *value;
-        name = cnf->name;
+name = cnf->name;
-        value = cnf->value;
+value = cnf->value;
-        if(!value)
+if(!value) {
-                {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
+        return NULL;
-                return NULL;
+}
-                }
-        if (out)
+if(!(gen = GENERAL_NAME_new())) {
-                gen = out;
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-        else
+        return NULL;
-                {
+}
-                gen = GENERAL_NAME_new();
-                if(gen == NULL)
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
-                        return NULL;
-                        }
-                }
-        if(!name_cmp(name, "email"))
+if(!name_cmp(name, "email")) {
-                {
+        is_string = 1;
-                is_string = 1;
+        type = GEN_EMAIL;
-                type = GEN_EMAIL;
+} else if(!name_cmp(name, "URI")) {
-                }
+        is_string = 1;
-        else if(!name_cmp(name, "URI"))
+        type = GEN_URI;
-                {
+} else if(!name_cmp(name, "DNS")) {
-                is_string = 1;
+        is_string = 1;
-                type = GEN_URI;
+        type = GEN_DNS;
-                }
+} else if(!name_cmp(name, "RID")) {
-        else if(!name_cmp(name, "DNS"))
+        ASN1_OBJECT *obj;
-                {
+        if(!(obj = OBJ_txt2obj(value,0))) {
-                is_string = 1;
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
-                type = GEN_DNS;
+                ERR_add_error_data(2, "value=", value);
-                }
-        else if(!name_cmp(name, "RID"))
-                {
-                ASN1_OBJECT *obj;
-                if(!(obj = OBJ_txt2obj(value,0)))
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
-                        ERR_add_error_data(2, "value=", value);
-                        goto err;
-                        }
-                gen->d.rid = obj;
-                type = GEN_RID;
-                }
-        else if(!name_cmp(name, "IP"))
-                {
-                if (is_nc)
-                        gen->d.ip = a2i_IPADDRESS_NC(value);
-                else
-                        gen->d.ip = a2i_IPADDRESS(value);
-                if(gen->d.ip == NULL)
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
-                        ERR_add_error_data(2, "value=", value);
-                        goto err;
-                        }
-                type = GEN_IPADD;
-                }
-        else if(!name_cmp(name, "dirName"))
-                {
-                type = GEN_DIRNAME;
-                if (!do_dirname(gen, value, ctx))
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
-                        goto err;
-                        }
-                }
-        else if(!name_cmp(name, "otherName"))
-                {
-                if (!do_othername(gen, value, ctx))
-                        {
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
-                        goto err;
-                        }
-                type = GEN_OTHERNAME;
-                }
-        else
-                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-                ERR_add_error_data(2, "name=", name);
                goto err;
-                }
+        }
+        gen->d.rid = obj;
-        if(is_string)
+        type = GEN_RID;
-                {
+} else if(!name_cmp(name, "IP")) {
-                if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
+        int i1,i2,i3,i4;
-                              !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
+        unsigned char ip[4];
-                                               strlen(value)))
+        if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) ||
-                        {
+            (i1 < 0) || (i1 > 255) || (i2 < 0) || (i2 > 255) ||
-                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
+            (i3 < 0) || (i3 > 255) || (i4 < 0) || (i4 > 255) ) {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+                ERR_add_error_data(2, "value=", value);
+                goto err;
+        }
+        ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
+        if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) ||
+                !ASN1_STRING_set(gen->d.ip, ip, 4)) {
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
                        goto err;
-                        }
-                }
-        gen->type = type;
-        return gen;
-        err:
-        GENERAL_NAME_free(gen);
-        return NULL;
        }
+        type = GEN_IPADD;
+} else {
+        X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
+        ERR_add_error_data(2, "name=", name);
+        goto err;
+}
-static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+if(is_string) {
-        {
+        if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) ||
-        char *objtmp = NULL, *p;
+                      !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
-        int objlen;
+                                       strlen(value))) {
-        if (!(p = strchr(value, ';')))
+                X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
-                return 0;
+                goto err;
-        if (!(gen->d.otherName = OTHERNAME_new()))
-                return 0;
-        /* Free this up because we will overwrite it.
-         * no need to free type_id because it is static
-         */
-        ASN1_TYPE_free(gen->d.otherName->value);
-        if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
-                return 0;
-        objlen = p - value;
-        objtmp = OPENSSL_malloc(objlen + 1);
-        strncpy(objtmp, value, objlen);
-        objtmp[objlen] = 0;
-        gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
-        OPENSSL_free(objtmp);   
-        if (!gen->d.otherName->type_id)
-                return 0;
-        return 1;
        }
+}
-static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
+gen->type = type;
-        {
-        int ret;
+return gen;
-        STACK_OF(CONF_VALUE) *sk;
-        X509_NAME *nm;
+err:
-        if (!(nm = X509_NAME_new()))
+GENERAL_NAME_free(gen);
-                return 0;
+return NULL;
-        sk = X509V3_get_section(ctx, value);
+}
-        if (!sk)
-                {
-                X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
-                ERR_add_error_data(2, "section=", value);
-                X509_NAME_free(nm);
-                return 0;
-                }
-        /* FIXME: should allow other character types... */
-        ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
-        if (!ret)
-                X509_NAME_free(nm);
-        gen->d.dirn = nm;
-                
-        return ret;
-        }

diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index bb2f5bc54e..58b935a3b6 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -1,9 +1,9 @@
1	/* v3_alt.c */	1	/* v3_alt.c */
2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL	2	/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3	* project.	3	* project 1999.
4	*/	4	*/
5	/* ====================================================================	5	/* ====================================================================
6	* Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.	6	* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7	*	7	*
8	* Redistribution and use in source and binary forms, with or without	8	* Redistribution and use in source and binary forms, with or without
9	* modification, are permitted provided that the following conditions	9	* modification, are permitted provided that the following conditions
@@ -65,10 +65,7 @@ static GENERAL_NAMES v2i_subject_alt(X509V3_EXT_METHOD method, X509V3_CTX *ctx
65	static GENERAL_NAMES v2i_issuer_alt(X509V3_EXT_METHOD method, X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval);	65	static GENERAL_NAMES v2i_issuer_alt(X509V3_EXT_METHOD method, X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval);
66	static int copy_email(X509V3_CTX ctx, GENERAL_NAMES gens, int move_p);	66	static int copy_email(X509V3_CTX ctx, GENERAL_NAMES gens, int move_p);
67	static int copy_issuer(X509V3_CTX ctx, GENERAL_NAMES gens);	67	static int copy_issuer(X509V3_CTX ctx, GENERAL_NAMES gens);
68	static int do_othername(GENERAL_NAME gen, char value, X509V3_CTX *ctx);	68	X509V3_EXT_METHOD v3_alt[] = {
69	static int do_dirname(GENERAL_NAME gen, char value, X509V3_CTX *ctx);
70
71	const X509V3_EXT_METHOD v3_alt[] = {
72	{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),	69	{ NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
73	0,0,0,0,	70	0,0,0,0,
74	0,0,	71	0,0,
@@ -101,8 +98,7 @@ STACK_OF(CONF_VALUE) i2v_GENERAL_NAME(X509V3_EXT_METHOD method,
101	GENERAL_NAME gen, STACK_OF(CONF_VALUE) ret)	98	GENERAL_NAME gen, STACK_OF(CONF_VALUE) ret)
102	{	99	{
103	unsigned char *p;	100	unsigned char *p;
104	char oline[256], htmp[5];	101	char oline[256];
105	int i;
106	switch (gen->type)	102	switch (gen->type)
107	{	103	{
108	case GEN_OTHERNAME:	104	case GEN_OTHERNAME:
@@ -136,27 +132,13 @@ STACK_OF(CONF_VALUE) i2v_GENERAL_NAME(X509V3_EXT_METHOD method,
136		132
137	case GEN_IPADD:	133	case GEN_IPADD:
138	p = gen->d.ip->data;	134	p = gen->d.ip->data;
139	if(gen->d.ip->length == 4)	135	/* BUG: doesn't support IPV6 */
140	BIO_snprintf(oline, sizeof oline,	136	if(gen->d.ip->length != 4) {
141	"%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
142	else if(gen->d.ip->length == 16)
143	{
144	oline[0] = 0;
145	for (i = 0; i < 8; i++)
146	{
147	BIO_snprintf(htmp, sizeof htmp,
148	"%X", p[0] << 8 \| p[1]);
149	p += 2;
150	strcat(oline, htmp);
151	if (i != 7)
152	strcat(oline, ":");
153	}
154	}
155	else
156	{
157	X509V3_add_value("IP Address","<invalid>", &ret);	137	X509V3_add_value("IP Address","<invalid>", &ret);
158	break;	138	break;
159	}	139	}
		140	BIO_snprintf(oline, sizeof oline,
		141	"%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
160	X509V3_add_value("IP Address",oline, &ret);	142	X509V3_add_value("IP Address",oline, &ret);
161	break;	143	break;
162		144
@@ -171,7 +153,6 @@ STACK_OF(CONF_VALUE) i2v_GENERAL_NAME(X509V3_EXT_METHOD method,
171	int GENERAL_NAME_print(BIO out, GENERAL_NAME gen)	153	int GENERAL_NAME_print(BIO out, GENERAL_NAME gen)
172	{	154	{
173	unsigned char *p;	155	unsigned char *p;
174	int i;
175	switch (gen->type)	156	switch (gen->type)
176	{	157	{
177	case GEN_OTHERNAME:	158	case GEN_OTHERNAME:
@@ -206,24 +187,12 @@ int GENERAL_NAME_print(BIO out, GENERAL_NAME gen)
206		187
207	case GEN_IPADD:	188	case GEN_IPADD:
208	p = gen->d.ip->data;	189	p = gen->d.ip->data;
209	if(gen->d.ip->length == 4)	190	/* BUG: doesn't support IPV6 */
210	BIO_printf(out, "IP Address:%d.%d.%d.%d",	191	if(gen->d.ip->length != 4) {
211	p[0], p[1], p[2], p[3]);
212	else if(gen->d.ip->length == 16)
213	{
214	BIO_printf(out, "IP Address");
215	for (i = 0; i < 8; i++)
216	{
217	BIO_printf(out, ":%X", p[0] << 8 \| p[1]);
218	p += 2;
219	}
220	BIO_puts(out, "\n");
221	}
222	else
223	{
224	BIO_printf(out,"IP Address:<invalid>");	192	BIO_printf(out,"IP Address:<invalid>");
225	break;	193	break;
226	}	194	}
		195	BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
227	break;	196	break;
228		197
229	case GEN_RID:	198	case GEN_RID:
@@ -241,7 +210,7 @@ static GENERAL_NAMES v2i_issuer_alt(X509V3_EXT_METHOD method,
241	CONF_VALUE *cnf;	210	CONF_VALUE *cnf;
242	int i;	211	int i;
243	if(!(gens = sk_GENERAL_NAME_new_null())) {	212	if(!(gens = sk_GENERAL_NAME_new_null())) {
244	X509V3err(X509V3_F_V2I_ISSUER_ALT,ERR_R_MALLOC_FAILURE);	213	X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
245	return NULL;	214	return NULL;
246	}	215	}
247	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {	216	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -306,7 +275,7 @@ static GENERAL_NAMES v2i_subject_alt(X509V3_EXT_METHOD method,
306	CONF_VALUE *cnf;	275	CONF_VALUE *cnf;
307	int i;	276	int i;
308	if(!(gens = sk_GENERAL_NAME_new_null())) {	277	if(!(gens = sk_GENERAL_NAME_new_null())) {
309	X509V3err(X509V3_F_V2I_SUBJECT_ALT,ERR_R_MALLOC_FAILURE);	278	X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE);
310	return NULL;	279	return NULL;
311	}	280	}
312	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {	281	for(i = 0; i < sk_CONF_VALUE_num(nval); i++) {
@@ -341,8 +310,7 @@ static int copy_email(X509V3_CTX ctx, GENERAL_NAMES gens, int move_p)
341	X509_NAME_ENTRY *ne;	310	X509_NAME_ENTRY *ne;
342	GENERAL_NAME *gen = NULL;	311	GENERAL_NAME *gen = NULL;
343	int i;	312	int i;
344	if(ctx != NULL && ctx->flags == CTX_TEST)	313	if(ctx->flags == CTX_TEST) return 1;
345	return 1;
346	if(!ctx \|\| (!ctx->subject_cert && !ctx->subject_req)) {	314	if(!ctx \|\| (!ctx->subject_cert && !ctx->subject_req)) {
347	X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);	315	X509V3err(X509V3_F_COPY_EMAIL,X509V3_R_NO_SUBJECT_DETAILS);
348	goto err;	316	goto err;
@@ -410,172 +378,81 @@ GENERAL_NAMES v2i_GENERAL_NAMES(X509V3_EXT_METHOD method,
410		378
411	GENERAL_NAME v2i_GENERAL_NAME(X509V3_EXT_METHOD method, X509V3_CTX *ctx,	379	GENERAL_NAME v2i_GENERAL_NAME(X509V3_EXT_METHOD method, X509V3_CTX *ctx,
412	CONF_VALUE *cnf)	380	CONF_VALUE *cnf)
413	{	381	{
414	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);	382	char is_string = 0;
415	}	383	int type;
416		384	GENERAL_NAME *gen = NULL;
417	GENERAL_NAME v2i_GENERAL_NAME_ex(GENERAL_NAME out,
418	X509V3_EXT_METHOD method, X509V3_CTX ctx,
419	CONF_VALUE *cnf, int is_nc)
420	{
421	char is_string = 0;
422	int type;
423	GENERAL_NAME *gen = NULL;
424		385
425	char name, value;	386	char name, value;
426		387
427	name = cnf->name;	388	name = cnf->name;
428	value = cnf->value;	389	value = cnf->value;
429		390
430	if(!value)	391	if(!value) {
431	{	392	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
432	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);	393	return NULL;
433	return NULL;	394	}
434	}
435		395
436	if (out)	396	if(!(gen = GENERAL_NAME_new())) {
437	gen = out;	397	X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
438	else	398	return NULL;
439	{	399	}
440	gen = GENERAL_NAME_new();
441	if(gen == NULL)
442	{
443	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
444	return NULL;
445	}
446	}
447		400
448	if(!name_cmp(name, "email"))	401	if(!name_cmp(name, "email")) {
449	{	402	is_string = 1;
450	is_string = 1;	403	type = GEN_EMAIL;
451	type = GEN_EMAIL;	404	} else if(!name_cmp(name, "URI")) {
452	}	405	is_string = 1;
453	else if(!name_cmp(name, "URI"))	406	type = GEN_URI;
454	{	407	} else if(!name_cmp(name, "DNS")) {
455	is_string = 1;	408	is_string = 1;
456	type = GEN_URI;	409	type = GEN_DNS;
457	}	410	} else if(!name_cmp(name, "RID")) {
458	else if(!name_cmp(name, "DNS"))	411	ASN1_OBJECT *obj;
459	{	412	if(!(obj = OBJ_txt2obj(value,0))) {
460	is_string = 1;	413	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
461	type = GEN_DNS;	414	ERR_add_error_data(2, "value=", value);
462	}
463	else if(!name_cmp(name, "RID"))
464	{
465	ASN1_OBJECT *obj;
466	if(!(obj = OBJ_txt2obj(value,0)))
467	{
468	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
469	ERR_add_error_data(2, "value=", value);
470	goto err;
471	}
472	gen->d.rid = obj;
473	type = GEN_RID;
474	}
475	else if(!name_cmp(name, "IP"))
476	{
477	if (is_nc)
478	gen->d.ip = a2i_IPADDRESS_NC(value);
479	else
480	gen->d.ip = a2i_IPADDRESS(value);
481	if(gen->d.ip == NULL)
482	{
483	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
484	ERR_add_error_data(2, "value=", value);
485	goto err;
486	}
487	type = GEN_IPADD;
488	}
489	else if(!name_cmp(name, "dirName"))
490	{
491	type = GEN_DIRNAME;
492	if (!do_dirname(gen, value, ctx))
493	{
494	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
495	goto err;
496	}
497	}
498	else if(!name_cmp(name, "otherName"))
499	{
500	if (!do_othername(gen, value, ctx))
501	{
502	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
503	goto err;
504	}
505	type = GEN_OTHERNAME;
506	}
507	else
508	{
509	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
510	ERR_add_error_data(2, "name=", name);
511	goto err;	415	goto err;
512	}	416	}
513		417	gen->d.rid = obj;
514	if(is_string)	418	type = GEN_RID;
515	{	419	} else if(!name_cmp(name, "IP")) {
516	if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) \|\|	420	int i1,i2,i3,i4;
517	!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,	421	unsigned char ip[4];
518	strlen(value)))	422	if((sscanf(value, "%d.%d.%d.%d",&i1,&i2,&i3,&i4) != 4) \|\|
519	{	423	(i1 < 0) \|\| (i1 > 255) \|\| (i2 < 0) \|\| (i2 > 255) \|\|
520	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);	424	(i3 < 0) \|\| (i3 > 255) \|\| (i4 < 0) \|\| (i4 > 255) ) {
		425	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
		426	ERR_add_error_data(2, "value=", value);
		427	goto err;
		428	}
		429	ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4;
		430	if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) \|\|
		431	!ASN1_STRING_set(gen->d.ip, ip, 4)) {
		432	X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
521	goto err;	433	goto err;
522	}
523	}
524
525	gen->type = type;
526
527	return gen;
528
529	err:
530	GENERAL_NAME_free(gen);
531	return NULL;
532	}	434	}
		435	type = GEN_IPADD;
		436	} else {
		437	X509V3err(X509V3_F_V2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_OPTION);
		438	ERR_add_error_data(2, "name=", name);
		439	goto err;
		440	}
533		441
534	static int do_othername(GENERAL_NAME gen, char value, X509V3_CTX *ctx)	442	if(is_string) {
535	{	443	if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) \|\|
536	char objtmp = NULL, p;	444	!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
537	int objlen;	445	strlen(value))) {
538	if (!(p = strchr(value, ';')))	446	X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
539	return 0;	447	goto err;
540	if (!(gen->d.otherName = OTHERNAME_new()))
541	return 0;
542	/* Free this up because we will overwrite it.
543	* no need to free type_id because it is static
544	*/
545	ASN1_TYPE_free(gen->d.otherName->value);
546	if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)))
547	return 0;
548	objlen = p - value;
549	objtmp = OPENSSL_malloc(objlen + 1);
550	strncpy(objtmp, value, objlen);
551	objtmp[objlen] = 0;
552	gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
553	OPENSSL_free(objtmp);
554	if (!gen->d.otherName->type_id)
555	return 0;
556	return 1;
557	}	448	}
		449	}
558		450
559	static int do_dirname(GENERAL_NAME gen, char value, X509V3_CTX *ctx)	451	gen->type = type;
560	{	452
561	int ret;	453	return gen;
562	STACK_OF(CONF_VALUE) *sk;	454
563	X509_NAME *nm;	455	err:
564	if (!(nm = X509_NAME_new()))	456	GENERAL_NAME_free(gen);
565	return 0;	457	return NULL;
566	sk = X509V3_get_section(ctx, value);	458	}
567	if (!sk)
568	{
569	X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND);
570	ERR_add_error_data(2, "section=", value);
571	X509_NAME_free(nm);
572	return 0;
573	}
574	/* FIXME: should allow other character types... */
575	ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
576	if (!ret)
577	X509_NAME_free(nm);
578	gen->d.dirn = nm;
579
580	return ret;
581	}