Google Git
Sign in
boringssl / boringssl.git / de5bb39125a7758a71274e81bfb1ce68f0bd2148 / . / crypto / x509v3 / v3_alt.c
blob: 6123ac3e436cfd4aadad65f69080b68538785a89 [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* v3_alt.c */
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]2/*
3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]4 * project.
5 */
6/* ====================================================================
7 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
8 *
9 * Redistribution and use in source and binary forms, with or without
10 * modification, are permitted provided that the following conditions
11 * are met:
12 *
13 * 1. Redistributions of source code must retain the above copyright
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]14 * notice, this list of conditions and the following disclaimer.
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]15 *
16 * 2. Redistributions in binary form must reproduce the above copyright
17 * notice, this list of conditions and the following disclaimer in
18 * the documentation and/or other materials provided with the
19 * distribution.
20 *
21 * 3. All advertising materials mentioning features or use of this
22 * software must display the following acknowledgment:
23 * "This product includes software developed by the OpenSSL Project
24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 *
26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
27 * endorse or promote products derived from this software without
28 * prior written permission. For written permission, please contact
29 * licensing@OpenSSL.org.
30 *
31 * 5. Products derived from this software may not be called "OpenSSL"
32 * nor may "OpenSSL" appear in their names without prior written
33 * permission of the OpenSSL Project.
34 *
35 * 6. Redistributions of any form whatsoever must retain the following
36 * acknowledgment:
37 * "This product includes software developed by the OpenSSL Project
38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
51 * OF THE POSSIBILITY OF SUCH DAMAGE.
52 * ====================================================================
53 *
54 * This product includes cryptographic software written by Eric Young
55 * (eay@cryptsoft.com). This product includes software written by Tim
56 * Hudson (tjh@cryptsoft.com). */
57
58#include <stdio.h>
Adam Langley2b2d66d2015-01-30 17:08:37 -0800[diff] [blame]59#include <string.h>
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]60
61#include <openssl/conf.h>
62#include <openssl/err.h>
63#include <openssl/mem.h>
64#include <openssl/obj.h>
65#include <openssl/x509v3.h>
66
David Benjamin2cbc39a2021-10-21 13:18:33 -0400[diff] [blame]67#include "../x509/internal.h"
David Benjamin045ee412018-11-26 16:46:54 -0600[diff] [blame]68#include "internal.h"
69
70
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]71static void *v2i_subject_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
72 STACK_OF(CONF_VALUE) *nval);
73static void *v2i_issuer_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
74 STACK_OF(CONF_VALUE) *nval);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]75static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
76static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
David Benjamina93545c2020-11-05 12:52:28 -0500[diff] [blame]77static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
78static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]79
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]80static STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES_cb(
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]81 const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) {
82 return i2v_GENERAL_NAMES(method, ext, ret);
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]83}
84
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]85const X509V3_EXT_METHOD v3_alt[] = {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]86 {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0,
87 i2v_GENERAL_NAMES_cb, v2i_subject_alt, NULL, NULL, NULL},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]88
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]89 {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0,
90 i2v_GENERAL_NAMES_cb, v2i_issuer_alt, NULL, NULL, NULL},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]91
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]92 {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0,
93 i2v_GENERAL_NAMES_cb, NULL, NULL, NULL, NULL},
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]94};
95
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]96STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]97 GENERAL_NAMES *gens,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]98 STACK_OF(CONF_VALUE) *ret) {
99 int ret_was_null = ret == NULL;
100 for (size_t i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
101 GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
102 STACK_OF(CONF_VALUE) *tmp = i2v_GENERAL_NAME(method, gen, ret);
103 if (tmp == NULL) {
104 if (ret_was_null) {
105 sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
106 }
107 return NULL;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]108 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]109 ret = tmp;
110 }
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]111 if (!ret) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]112 return sk_CONF_VALUE_new_null();
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]113 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]114 return ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]115}
116
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]117STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(const X509V3_EXT_METHOD *method,
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]118 GENERAL_NAME *gen,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]119 STACK_OF(CONF_VALUE) *ret) {
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]120 // Note the error-handling for this function relies on there being at most
121 // one |X509V3_add_value| call. If there were two and the second failed, we
122 // would need to sometimes free the first call's result.
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]123 unsigned char *p;
124 char oline[256], htmp[5];
125 int i;
126 switch (gen->type) {
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]127 case GEN_OTHERNAME:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]128 if (!X509V3_add_value("othername", "<unsupported>", &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]129 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]130 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]131 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]132
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]133 case GEN_X400:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]134 if (!X509V3_add_value("X400Name", "<unsupported>", &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]135 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]136 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]137 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]138
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]139 case GEN_EDIPARTY:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]140 if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]141 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]142 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]143 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]144
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]145 case GEN_EMAIL:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]146 if (!x509V3_add_value_asn1_string("email", gen->d.ia5, &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]147 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]148 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]149 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]150
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]151 case GEN_DNS:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]152 if (!x509V3_add_value_asn1_string("DNS", gen->d.ia5, &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]153 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]154 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]155 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]156
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]157 case GEN_URI:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]158 if (!x509V3_add_value_asn1_string("URI", gen->d.ia5, &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]159 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]160 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]161 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]162
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]163 case GEN_DIRNAME:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]164 if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL ||
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]165 !X509V3_add_value("DirName", oline, &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]166 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]167 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]168 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]169
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]170 case GEN_IPADD:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]171 p = gen->d.ip->data;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]172 if (gen->d.ip->length == 4) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]173 BIO_snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2],
174 p[3]);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]175 } else if (gen->d.ip->length == 16) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]176 oline[0] = 0;
177 for (i = 0; i < 8; i++) {
178 uint16_t v = ((uint16_t)p[0] << 8) | p[1];
179 BIO_snprintf(htmp, sizeof(htmp), "%X", v);
180 p += 2;
181 OPENSSL_strlcat(oline, htmp, sizeof(oline));
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]182 if (i != 7) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]183 OPENSSL_strlcat(oline, ":", sizeof(oline));
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]184 }
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]185 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]186 } else {
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]187 if (!X509V3_add_value("IP Address", "<invalid>", &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]188 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]189 }
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]190 break;
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]191 }
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]192 if (!X509V3_add_value("IP Address", oline, &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]193 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]194 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]195 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]196
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]197 case GEN_RID:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]198 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]199 if (!X509V3_add_value("Registered ID", oline, &ret)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]200 return NULL;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]201 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]202 break;
203 }
204 return ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]205}
206
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]207int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) {
208 unsigned char *p;
209 int i;
210 switch (gen->type) {
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]211 case GEN_OTHERNAME:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]212 BIO_printf(out, "othername:<unsupported>");
213 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]214
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]215 case GEN_X400:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]216 BIO_printf(out, "X400Name:<unsupported>");
217 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]218
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]219 case GEN_EDIPARTY:
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]220 // Maybe fix this: it is supported now
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]221 BIO_printf(out, "EdiPartyName:<unsupported>");
222 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]223
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]224 case GEN_EMAIL:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]225 BIO_printf(out, "email:");
226 ASN1_STRING_print(out, gen->d.ia5);
227 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]228
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]229 case GEN_DNS:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]230 BIO_printf(out, "DNS:");
231 ASN1_STRING_print(out, gen->d.ia5);
232 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]233
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]234 case GEN_URI:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]235 BIO_printf(out, "URI:");
236 ASN1_STRING_print(out, gen->d.ia5);
237 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]238
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]239 case GEN_DIRNAME:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]240 BIO_printf(out, "DirName: ");
241 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
242 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]243
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]244 case GEN_IPADD:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]245 p = gen->d.ip->data;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]246 if (gen->d.ip->length == 4) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]247 BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]248 } else if (gen->d.ip->length == 16) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]249 BIO_printf(out, "IP Address");
250 for (i = 0; i < 8; i++) {
251 uint16_t v = ((uint16_t)p[0] << 8) | p[1];
252 BIO_printf(out, ":%X", v);
253 p += 2;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]254 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]255 BIO_puts(out, "\n");
256 } else {
257 BIO_printf(out, "IP Address:<invalid>");
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]258 break;
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]259 }
260 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]261
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]262 case GEN_RID:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]263 BIO_printf(out, "Registered ID");
264 i2a_ASN1_OBJECT(out, gen->d.rid);
265 break;
266 }
267 return 1;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]268}
269
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]270static void *v2i_issuer_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]271 STACK_OF(CONF_VALUE) *nval) {
272 GENERAL_NAMES *gens = NULL;
273 CONF_VALUE *cnf;
274 size_t i;
275 if (!(gens = sk_GENERAL_NAME_new_null())) {
276 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]277 return NULL;
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]278 }
279 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
280 cnf = sk_CONF_VALUE_value(nval, i);
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]281 if (x509v3_conf_name_matches(cnf->name, "issuer") && cnf->value &&
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]282 !strcmp(cnf->value, "copy")) {
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]283 if (!copy_issuer(ctx, gens)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]284 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]285 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]286 } else {
287 GENERAL_NAME *gen;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]288 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]289 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]290 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]291 sk_GENERAL_NAME_push(gens, gen);
292 }
293 }
294 return gens;
295err:
296 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
297 return NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]298}
299
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]300// Append subject altname of issuer to issuer alt name of subject
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]301
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]302static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) {
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]303 if (ctx && (ctx->flags == CTX_TEST)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]304 return 1;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]305 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]306 if (!ctx || !ctx->issuer_cert) {
307 OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_DETAILS);
308 return 0;
309 }
310 int i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]311 if (i < 0) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]312 return 1;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]313 }
David Benjamin723faad2020-10-02 16:11:10 -0400[diff] [blame]314
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]315 int ret = 0;
316 GENERAL_NAMES *ialt = NULL;
317 X509_EXTENSION *ext;
318 if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
319 !(ialt = X509V3_EXT_d2i(ext))) {
320 OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR);
321 goto err;
322 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]323
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]324 for (size_t j = 0; j < sk_GENERAL_NAME_num(ialt); j++) {
325 GENERAL_NAME *gen = sk_GENERAL_NAME_value(ialt, j);
326 if (!sk_GENERAL_NAME_push(gens, gen)) {
327 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
328 goto err;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]329 }
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]330 // Ownership of |gen| has moved from |ialt| to |gens|.
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]331 sk_GENERAL_NAME_set(ialt, j, NULL);
332 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]333
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]334 ret = 1;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]335
David Benjamin723faad2020-10-02 16:11:10 -0400[diff] [blame]336err:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]337 GENERAL_NAMES_free(ialt);
338 return ret;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]339}
340
David Benjamin2d4f1b82022-05-23 14:56:15 -0400[diff] [blame]341static void *v2i_subject_alt(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]342 STACK_OF(CONF_VALUE) *nval) {
343 GENERAL_NAMES *gens = NULL;
344 CONF_VALUE *cnf;
345 size_t i;
346 if (!(gens = sk_GENERAL_NAME_new_null())) {
347 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]348 return NULL;
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]349 }
350 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
351 cnf = sk_CONF_VALUE_value(nval, i);
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]352 if (x509v3_conf_name_matches(cnf->name, "email") && cnf->value &&
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]353 !strcmp(cnf->value, "copy")) {
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]354 if (!copy_email(ctx, gens, 0)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]355 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]356 }
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]357 } else if (x509v3_conf_name_matches(cnf->name, "email") && cnf->value &&
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]358 !strcmp(cnf->value, "move")) {
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]359 if (!copy_email(ctx, gens, 1)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]360 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]361 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]362 } else {
363 GENERAL_NAME *gen;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]364 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]365 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]366 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]367 sk_GENERAL_NAME_push(gens, gen);
368 }
369 }
370 return gens;
371err:
372 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
373 return NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]374}
375
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]376// Copy any email addresses in a certificate or request to GENERAL_NAMES
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]377
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]378static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) {
379 X509_NAME *nm;
380 ASN1_IA5STRING *email = NULL;
381 X509_NAME_ENTRY *ne;
382 GENERAL_NAME *gen = NULL;
383 int i;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]384 if (ctx != NULL && ctx->flags == CTX_TEST) {
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]385 return 1;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]386 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]387 if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
388 OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_SUBJECT_DETAILS);
389 goto err;
390 }
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]391 // Find the subject name
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]392 if (ctx->subject_cert) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]393 nm = X509_get_subject_name(ctx->subject_cert);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]394 } else {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]395 nm = X509_REQ_get_subject_name(ctx->subject_req);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]396 }
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]397
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]398 // Now add any email address(es) to STACK
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]399 i = -1;
400 while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) {
401 ne = X509_NAME_get_entry(nm, i);
402 email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
403 if (move_p) {
404 X509_NAME_delete_entry(nm, i);
405 X509_NAME_ENTRY_free(ne);
406 i--;
407 }
408 if (!email || !(gen = GENERAL_NAME_new())) {
409 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
410 goto err;
411 }
412 gen->d.ia5 = email;
413 email = NULL;
414 gen->type = GEN_EMAIL;
415 if (!sk_GENERAL_NAME_push(gens, gen)) {
416 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
417 goto err;
418 }
419 gen = NULL;
420 }
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]421
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]422 return 1;
423
424err:
425 GENERAL_NAME_free(gen);
426 ASN1_IA5STRING_free(email);
427 return 0;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]428}
429
430GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]431 X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) {
432 GENERAL_NAME *gen;
433 GENERAL_NAMES *gens = NULL;
434 CONF_VALUE *cnf;
435 size_t i;
436 if (!(gens = sk_GENERAL_NAME_new_null())) {
437 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]438 return NULL;
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]439 }
440 for (i = 0; i < sk_CONF_VALUE_num(nval); i++) {
441 cnf = sk_CONF_VALUE_value(nval, i);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]442 if (!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]443 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]444 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]445 sk_GENERAL_NAME_push(gens, gen);
446 }
447 return gens;
448err:
449 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
450 return NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]451}
452
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]453GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
454 CONF_VALUE *cnf) {
455 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]456}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]457
458GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]459 const X509V3_EXT_METHOD *method, X509V3_CTX *ctx,
460 int gen_type, const char *value, int is_nc) {
461 char is_string = 0;
462 GENERAL_NAME *gen = NULL;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]463
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]464 if (!value) {
465 OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE);
466 return NULL;
467 }
468
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]469 if (out) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]470 gen = out;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]471 } else {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]472 gen = GENERAL_NAME_new();
473 if (gen == NULL) {
474 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
475 return NULL;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]476 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]477 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]478
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]479 switch (gen_type) {
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]480 case GEN_URI:
481 case GEN_EMAIL:
482 case GEN_DNS:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]483 is_string = 1;
484 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]485
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]486 case GEN_RID: {
487 ASN1_OBJECT *obj;
488 if (!(obj = OBJ_txt2obj(value, 0))) {
489 OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT);
490 ERR_add_error_data(2, "value=", value);
491 goto err;
492 }
493 gen->d.rid = obj;
494 } break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]495
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]496 case GEN_IPADD:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]497 if (is_nc) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]498 gen->d.ip = a2i_IPADDRESS_NC(value);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]499 } else {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]500 gen->d.ip = a2i_IPADDRESS(value);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]501 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]502 if (gen->d.ip == NULL) {
503 OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_IP_ADDRESS);
504 ERR_add_error_data(2, "value=", value);
505 goto err;
506 }
507 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]508
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]509 case GEN_DIRNAME:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]510 if (!do_dirname(gen, value, ctx)) {
511 OPENSSL_PUT_ERROR(X509V3, X509V3_R_DIRNAME_ERROR);
512 goto err;
513 }
514 break;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]515
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]516 case GEN_OTHERNAME:
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]517 if (!do_othername(gen, value, ctx)) {
518 OPENSSL_PUT_ERROR(X509V3, X509V3_R_OTHERNAME_ERROR);
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]519 goto err;
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]520 }
521 break;
522 default:
523 OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_TYPE);
524 goto err;
525 }
526
527 if (is_string) {
528 if (!(gen->d.ia5 = ASN1_IA5STRING_new()) ||
529 !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) {
530 OPENSSL_PUT_ERROR(X509V3, ERR_R_MALLOC_FAILURE);
531 goto err;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]532 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]533 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]534
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]535 gen->type = gen_type;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]536
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]537 return gen;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]538
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]539err:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]540 if (!out) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]541 GENERAL_NAME_free(gen);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]542 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]543 return NULL;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]544}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]545
546GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]547 const X509V3_EXT_METHOD *method,
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]548 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) {
549 int type;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]550
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]551 char *name, *value;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]552
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]553 name = cnf->name;
554 value = cnf->value;
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]555
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]556 if (!value) {
557 OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE);
558 return NULL;
559 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]560
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]561 if (x509v3_conf_name_matches(name, "email")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]562 type = GEN_EMAIL;
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]563 } else if (x509v3_conf_name_matches(name, "URI")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]564 type = GEN_URI;
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]565 } else if (x509v3_conf_name_matches(name, "DNS")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]566 type = GEN_DNS;
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]567 } else if (x509v3_conf_name_matches(name, "RID")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]568 type = GEN_RID;
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]569 } else if (x509v3_conf_name_matches(name, "IP")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]570 type = GEN_IPADD;
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]571 } else if (x509v3_conf_name_matches(name, "dirName")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]572 type = GEN_DIRNAME;
David Benjaminde5bb392022-11-23 16:32:07 -0500[diff] [blame^]573 } else if (x509v3_conf_name_matches(name, "otherName")) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]574 type = GEN_OTHERNAME;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]575 } else {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]576 OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);
577 ERR_add_error_data(2, "name=", name);
578 return NULL;
579 }
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]580
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]581 return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]582}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]583
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]584static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) {
585 char *objtmp = NULL;
586 const char *p;
587 int objlen;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]588 if (!(p = strchr(value, ';'))) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]589 return 0;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]590 }
591 if (!(gen->d.otherName = OTHERNAME_new())) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]592 return 0;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]593 }
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]594 // Free this up because we will overwrite it. no need to free type_id
595 // because it is static
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]596 ASN1_TYPE_free(gen->d.otherName->value);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]597 if (!(gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx))) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]598 return 0;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]599 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]600 objlen = p - value;
601 objtmp = OPENSSL_malloc(objlen + 1);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]602 if (objtmp == NULL) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]603 return 0;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]604 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]605 OPENSSL_strlcpy(objtmp, value, objlen + 1);
606 gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
607 OPENSSL_free(objtmp);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]608 if (!gen->d.otherName->type_id) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]609 return 0;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]610 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]611 return 1;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]612}
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]613
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]614static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx) {
615 int ret = 0;
616 STACK_OF(CONF_VALUE) *sk = NULL;
617 X509_NAME *nm = X509_NAME_new();
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]618 if (nm == NULL) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]619 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]620 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]621 sk = X509V3_get_section(ctx, value);
622 if (sk == NULL) {
623 OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
624 ERR_add_error_data(2, "section=", value);
625 goto err;
626 }
David Benjamin46350482022-06-16 14:03:12 -0400[diff] [blame]627 // FIXME: should allow other character types...
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]628 if (!X509V3_NAME_from_section(nm, sk, MBSTRING_ASC)) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]629 goto err;
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]630 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]631 gen->d.dirn = nm;
632 ret = 1;
David Benjamin17dd9042015-10-23 19:04:02 -0400[diff] [blame]633
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]634err:
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]635 if (!ret) {
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]636 X509_NAME_free(nm);
David Benjaminc0b87a02022-06-16 14:02:15 -0400[diff] [blame]637 }
David Benjamin260a10c2022-06-16 13:58:28 -0400[diff] [blame]638 X509V3_section_free(ctx, sk);
639 return ret;
Adam Langley57707c72016-01-14 11:25:12 -0800[diff] [blame]640}