1 files changed, 54 insertions, 86 deletions
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c
index d29d94338e..75fda7f268 100644
--- a/src/lib/libcrypto/x509v3/v3_alt.c
+++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -82,12 +82,6 @@ NULL, NULL, NULL},
 (X509V3_EXT_I2V)i2v_GENERAL_NAMES,
 (X509V3_EXT_V2I)v2i_issuer_alt,
 NULL, NULL, NULL},
-{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
-0,0,0,0,
-0,0,
-(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
-NULL, NULL, NULL, NULL},
 };
 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
@@ -153,9 +147,9 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
                                BIO_snprintf(htmp, sizeof htmp,
                                             "%X", p[0] << 8 | p[1]);
                                p += 2;
-                                strcat(oline, htmp);
+                                strlcat(oline, htmp, sizeof oline);
                                if (i != 7)
-                                        strcat(oline, ":");
+                                        strlcat(oline, ":", sizeof oline);
                                }
                        }
                else
@@ -366,7 +360,6 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
                if (move_p)
                        {
                        X509_NAME_delete_entry(nm, i);
-                        X509_NAME_ENTRY_free(ne);
                        i--;
                        }
                if(!email || !(gen = GENERAL_NAME_new())) {
@@ -393,8 +386,8 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
        
 }
-GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
+GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method,
-                                 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
+                                X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
 {
        GENERAL_NAME *gen;
        GENERAL_NAMES *gens = NULL;
@@ -415,22 +408,28 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
        return NULL;
 }
-GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               CONF_VALUE *cnf)
+                                                         CONF_VALUE *cnf)
        {
        return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
        }
-GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
+GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                               const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
+                                X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
-                               int gen_type, char *value, int is_nc)
+                                                 CONF_VALUE *cnf, int is_nc)
        {
        char is_string = 0;
+        int type;
        GENERAL_NAME *gen = NULL;
+        char *name, *value;
+        name = cnf->name;
+        value = cnf->value;
        if(!value)
                {
-                X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);
+                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
                return NULL;
                }
@@ -441,62 +440,74 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                gen = GENERAL_NAME_new();
                if(gen == NULL)
                        {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
                        return NULL;
                        }
                }
-        switch (gen_type)
+        if(!name_cmp(name, "email"))
                {
-                case GEN_URI:
-                case GEN_EMAIL:
-                case GEN_DNS:
                is_string = 1;
-                break;
+                type = GEN_EMAIL;
-                
+                }
-                case GEN_RID:
+        else if(!name_cmp(name, "URI"))
+                {
+                is_string = 1;
+                type = GEN_URI;
+                }
+        else if(!name_cmp(name, "DNS"))
+                {
+                is_string = 1;
+                type = GEN_DNS;
+                }
+        else if(!name_cmp(name, "RID"))
                {
                ASN1_OBJECT *obj;
                if(!(obj = OBJ_txt2obj(value,0)))
                        {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
                        ERR_add_error_data(2, "value=", value);
                        goto err;
                        }
                gen->d.rid = obj;
+                type = GEN_RID;
                }
-                break;
+        else if(!name_cmp(name, "IP"))
+                {
-                case GEN_IPADD:
                if (is_nc)
                        gen->d.ip = a2i_IPADDRESS_NC(value);
                else
                        gen->d.ip = a2i_IPADDRESS(value);
                if(gen->d.ip == NULL)
                        {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
                        ERR_add_error_data(2, "value=", value);
                        goto err;
                        }
-                break;
+                type = GEN_IPADD;
+                }
-                case GEN_DIRNAME:
+        else if(!name_cmp(name, "dirName"))
+                {
+                type = GEN_DIRNAME;
                if (!do_dirname(gen, value, ctx))
                        {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
                        goto err;
                        }
-                break;
+                }
+        else if(!name_cmp(name, "otherName"))
-                case GEN_OTHERNAME:
+                {
                if (!do_othername(gen, value, ctx))
                        {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
                        goto err;
                        }
-                break;
+                type = GEN_OTHERNAME;
-                default:
+                }
-                X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE);
+        else
+                {
+                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
+                ERR_add_error_data(2, "name=", name);
                goto err;
                }
@@ -506,12 +517,12 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
                              !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
                                               strlen(value)))
                        {
-                        X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);
+                        X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
                        goto err;
                        }
                }
-        gen->type = gen_type;
+        gen->type = type;
        return gen;
@@ -521,48 +532,6 @@ GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
        return NULL;
        }
-GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
-                                  const X509V3_EXT_METHOD *method,
-                                  X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
-        {
-        int type;
-        char *name, *value;
-        name = cnf->name;
-        value = cnf->value;
-        if(!value)
-                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
-                return NULL;
-                }
-        if(!name_cmp(name, "email"))
-                type = GEN_EMAIL;
-        else if(!name_cmp(name, "URI"))
-                type = GEN_URI;
-        else if(!name_cmp(name, "DNS"))
-                type = GEN_DNS;
-        else if(!name_cmp(name, "RID"))
-                type = GEN_RID;
-        else if(!name_cmp(name, "IP"))
-                type = GEN_IPADD;
-        else if(!name_cmp(name, "dirName"))
-                type = GEN_DIRNAME;
-        else if(!name_cmp(name, "otherName"))
-                type = GEN_OTHERNAME;
-        else
-                {
-                X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
-                ERR_add_error_data(2, "name=", name);
-                return NULL;
-                }
-        return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
-        }
 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
        {
        char *objtmp = NULL, *p;
@@ -608,7 +577,6 @@ static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx)
        if (!ret)
                X509_NAME_free(nm);
        gen->d.dirn = nm;
-        X509V3_section_free(ctx, sk);
                
        return ret;
        }

diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index d29d94338e..75fda7f268 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c
@@ -82,12 +82,6 @@ NULL, NULL, NULL},
82	(X509V3_EXT_I2V)i2v_GENERAL_NAMES,	82	(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
83	(X509V3_EXT_V2I)v2i_issuer_alt,	83	(X509V3_EXT_V2I)v2i_issuer_alt,
84	NULL, NULL, NULL},	84	NULL, NULL, NULL},
85
86	{ NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
87	0,0,0,0,
88	0,0,
89	(X509V3_EXT_I2V)i2v_GENERAL_NAMES,
90	NULL, NULL, NULL, NULL},
91	};	85	};
92		86
93	STACK_OF(CONF_VALUE) i2v_GENERAL_NAMES(X509V3_EXT_METHOD method,	87	STACK_OF(CONF_VALUE) i2v_GENERAL_NAMES(X509V3_EXT_METHOD method,
@@ -153,9 +147,9 @@ STACK_OF(CONF_VALUE) i2v_GENERAL_NAME(X509V3_EXT_METHOD method,
153	BIO_snprintf(htmp, sizeof htmp,	147	BIO_snprintf(htmp, sizeof htmp,
154	"%X", p[0] << 8 \| p[1]);	148	"%X", p[0] << 8 \| p[1]);
155	p += 2;	149	p += 2;
156	strcat(oline, htmp);	150	strlcat(oline, htmp, sizeof oline);
157	if (i != 7)	151	if (i != 7)
158	strcat(oline, ":");	152	strlcat(oline, ":", sizeof oline);
159	}	153	}
160	}	154	}
161	else	155	else
@@ -366,7 +360,6 @@ static int copy_email(X509V3_CTX ctx, GENERAL_NAMES gens, int move_p)
366	if (move_p)	360	if (move_p)
367	{	361	{
368	X509_NAME_delete_entry(nm, i);	362	X509_NAME_delete_entry(nm, i);
369	X509_NAME_ENTRY_free(ne);
370	i--;	363	i--;
371	}	364	}
372	if(!email \|\| !(gen = GENERAL_NAME_new())) {	365	if(!email \|\| !(gen = GENERAL_NAME_new())) {
@@ -393,8 +386,8 @@ static int copy_email(X509V3_CTX ctx, GENERAL_NAMES gens, int move_p)
393		386
394	}	387	}
395		388
396	GENERAL_NAMES v2i_GENERAL_NAMES(const X509V3_EXT_METHOD method,	389	GENERAL_NAMES v2i_GENERAL_NAMES(X509V3_EXT_METHOD method,
397	X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval)	390	X509V3_CTX ctx, STACK_OF(CONF_VALUE) nval)
398	{	391	{
399	GENERAL_NAME *gen;	392	GENERAL_NAME *gen;
400	GENERAL_NAMES *gens = NULL;	393	GENERAL_NAMES *gens = NULL;
@@ -415,22 +408,28 @@ GENERAL_NAMES v2i_GENERAL_NAMES(const X509V3_EXT_METHOD method,
415	return NULL;	408	return NULL;
416	}	409	}
417		410
418	GENERAL_NAME v2i_GENERAL_NAME(const X509V3_EXT_METHOD method, X509V3_CTX *ctx,	411	GENERAL_NAME v2i_GENERAL_NAME(X509V3_EXT_METHOD method, X509V3_CTX *ctx,
419	CONF_VALUE *cnf)	412	CONF_VALUE *cnf)
420	{	413	{
421	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);	414	return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
422	}	415	}
423		416
424	GENERAL_NAME a2i_GENERAL_NAME(GENERAL_NAME out,	417	GENERAL_NAME v2i_GENERAL_NAME_ex(GENERAL_NAME out,
425	const X509V3_EXT_METHOD method, X509V3_CTX ctx,	418	X509V3_EXT_METHOD method, X509V3_CTX ctx,
426	int gen_type, char *value, int is_nc)	419	CONF_VALUE *cnf, int is_nc)
427	{	420	{
428	char is_string = 0;	421	char is_string = 0;
		422	int type;
429	GENERAL_NAME *gen = NULL;	423	GENERAL_NAME *gen = NULL;
430		424
		425	char name, value;
		426
		427	name = cnf->name;
		428	value = cnf->value;
		429
431	if(!value)	430	if(!value)
432	{	431	{
433	X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE);	432	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
434	return NULL;	433	return NULL;
435	}	434	}
436		435
@@ -441,62 +440,74 @@ GENERAL_NAME a2i_GENERAL_NAME(GENERAL_NAME out,
441	gen = GENERAL_NAME_new();	440	gen = GENERAL_NAME_new();
442	if(gen == NULL)	441	if(gen == NULL)
443	{	442	{
444	X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);	443	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
445	return NULL;	444	return NULL;
446	}	445	}
447	}	446	}
448		447
449	switch (gen_type)	448	if(!name_cmp(name, "email"))
450	{	449	{
451	case GEN_URI:
452	case GEN_EMAIL:
453	case GEN_DNS:
454	is_string = 1;	450	is_string = 1;
455	break;	451	type = GEN_EMAIL;
456		452	}
457	case GEN_RID:	453	else if(!name_cmp(name, "URI"))
		454	{
		455	is_string = 1;
		456	type = GEN_URI;
		457	}
		458	else if(!name_cmp(name, "DNS"))
		459	{
		460	is_string = 1;
		461	type = GEN_DNS;
		462	}
		463	else if(!name_cmp(name, "RID"))
458	{	464	{
459	ASN1_OBJECT *obj;	465	ASN1_OBJECT *obj;
460	if(!(obj = OBJ_txt2obj(value,0)))	466	if(!(obj = OBJ_txt2obj(value,0)))
461	{	467	{
462	X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT);	468	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJECT);
463	ERR_add_error_data(2, "value=", value);	469	ERR_add_error_data(2, "value=", value);
464	goto err;	470	goto err;
465	}	471	}
466	gen->d.rid = obj;	472	gen->d.rid = obj;
		473	type = GEN_RID;
467	}	474	}
468	break;	475	else if(!name_cmp(name, "IP"))
469		476	{
470	case GEN_IPADD:
471	if (is_nc)	477	if (is_nc)
472	gen->d.ip = a2i_IPADDRESS_NC(value);	478	gen->d.ip = a2i_IPADDRESS_NC(value);
473	else	479	else
474	gen->d.ip = a2i_IPADDRESS(value);	480	gen->d.ip = a2i_IPADDRESS(value);
475	if(gen->d.ip == NULL)	481	if(gen->d.ip == NULL)
476	{	482	{
477	X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDRESS);	483	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_ADDRESS);
478	ERR_add_error_data(2, "value=", value);	484	ERR_add_error_data(2, "value=", value);
479	goto err;	485	goto err;
480	}	486	}
481	break;	487	type = GEN_IPADD;
482		488	}
483	case GEN_DIRNAME:	489	else if(!name_cmp(name, "dirName"))
		490	{
		491	type = GEN_DIRNAME;
484	if (!do_dirname(gen, value, ctx))	492	if (!do_dirname(gen, value, ctx))
485	{	493	{
486	X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERROR);	494	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_ERROR);
487	goto err;	495	goto err;
488	}	496	}
489	break;	497	}
490		498	else if(!name_cmp(name, "otherName"))
491	case GEN_OTHERNAME:	499	{
492	if (!do_othername(gen, value, ctx))	500	if (!do_othername(gen, value, ctx))
493	{	501	{
494	X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_ERROR);	502	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAME_ERROR);
495	goto err;	503	goto err;
496	}	504	}
497	break;	505	type = GEN_OTHERNAME;
498	default:	506	}
499	X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE);	507	else
		508	{
		509	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
		510	ERR_add_error_data(2, "name=", name);
500	goto err;	511	goto err;
501	}	512	}
502		513
@@ -506,12 +517,12 @@ GENERAL_NAME a2i_GENERAL_NAME(GENERAL_NAME out,
506	!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,	517	!ASN1_STRING_set(gen->d.ia5, (unsigned char*)value,
507	strlen(value)))	518	strlen(value)))
508	{	519	{
509	X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE);	520	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAILURE);
510	goto err;	521	goto err;
511	}	522	}
512	}	523	}
513		524
514	gen->type = gen_type;	525	gen->type = type;
515		526
516	return gen;	527	return gen;
517		528
@@ -521,48 +532,6 @@ GENERAL_NAME a2i_GENERAL_NAME(GENERAL_NAME out,
521	return NULL;	532	return NULL;
522	}	533	}
523		534
524	GENERAL_NAME v2i_GENERAL_NAME_ex(GENERAL_NAME out,
525	const X509V3_EXT_METHOD *method,
526	X509V3_CTX ctx, CONF_VALUE cnf, int is_nc)
527	{
528	int type;
529
530	char name, value;
531
532	name = cnf->name;
533	value = cnf->value;
534
535	if(!value)
536	{
537	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE);
538	return NULL;
539	}
540
541	if(!name_cmp(name, "email"))
542	type = GEN_EMAIL;
543	else if(!name_cmp(name, "URI"))
544	type = GEN_URI;
545	else if(!name_cmp(name, "DNS"))
546	type = GEN_DNS;
547	else if(!name_cmp(name, "RID"))
548	type = GEN_RID;
549	else if(!name_cmp(name, "IP"))
550	type = GEN_IPADD;
551	else if(!name_cmp(name, "dirName"))
552	type = GEN_DIRNAME;
553	else if(!name_cmp(name, "otherName"))
554	type = GEN_OTHERNAME;
555	else
556	{
557	X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTION);
558	ERR_add_error_data(2, "name=", name);
559	return NULL;
560	}
561
562	return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
563
564	}
565
566	static int do_othername(GENERAL_NAME gen, char value, X509V3_CTX *ctx)	535	static int do_othername(GENERAL_NAME gen, char value, X509V3_CTX *ctx)
567	{	536	{
568	char objtmp = NULL, p;	537	char objtmp = NULL, p;
@@ -608,7 +577,6 @@ static int do_dirname(GENERAL_NAME gen, char value, X509V3_CTX *ctx)
608	if (!ret)	577	if (!ret)
609	X509_NAME_free(nm);	578	X509_NAME_free(nm);
610	gen->d.dirn = nm;	579	gen->d.dirn = nm;
611	X509V3_section_free(ctx, sk);
612		580
613	return ret;	581	return ret;
614	}	582	}