OLD | NEW |
1 /* v3_alt.c */ | 1 /* v3_alt.c */ |
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL |
3 * project. | 3 * project. |
4 */ | 4 */ |
5 /* ==================================================================== | 5 /* ==================================================================== |
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. | 6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved. |
7 * | 7 * |
8 * Redistribution and use in source and binary forms, with or without | 8 * Redistribution and use in source and binary forms, with or without |
9 * modification, are permitted provided that the following conditions | 9 * modification, are permitted provided that the following conditions |
10 * are met: | 10 * are met: |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
75 (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | 75 (X509V3_EXT_I2V)i2v_GENERAL_NAMES, |
76 (X509V3_EXT_V2I)v2i_subject_alt, | 76 (X509V3_EXT_V2I)v2i_subject_alt, |
77 NULL, NULL, NULL}, | 77 NULL, NULL, NULL}, |
78 | 78 |
79 { NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), | 79 { NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), |
80 0,0,0,0, | 80 0,0,0,0, |
81 0,0, | 81 0,0, |
82 (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | 82 (X509V3_EXT_I2V)i2v_GENERAL_NAMES, |
83 (X509V3_EXT_V2I)v2i_issuer_alt, | 83 (X509V3_EXT_V2I)v2i_issuer_alt, |
84 NULL, NULL, NULL}, | 84 NULL, NULL, NULL}, |
| 85 |
| 86 { NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), |
| 87 0,0,0,0, |
| 88 0,0, |
| 89 (X509V3_EXT_I2V)i2v_GENERAL_NAMES, |
| 90 NULL, NULL, NULL, NULL}, |
85 }; | 91 }; |
86 | 92 |
87 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | 93 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
88 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) | 94 GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) |
89 { | 95 { |
90 int i; | 96 int i; |
91 GENERAL_NAME *gen; | 97 GENERAL_NAME *gen; |
92 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { | 98 for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { |
93 gen = sk_GENERAL_NAME_value(gens, i); | 99 gen = sk_GENERAL_NAME_value(gens, i); |
94 ret = i2v_GENERAL_NAME(method, gen, ret); | 100 ret = i2v_GENERAL_NAME(method, gen, ret); |
(...skipping 285 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
380 | 386 |
381 return 1; | 387 return 1; |
382 | 388 |
383 err: | 389 err: |
384 GENERAL_NAME_free(gen); | 390 GENERAL_NAME_free(gen); |
385 M_ASN1_IA5STRING_free(email); | 391 M_ASN1_IA5STRING_free(email); |
386 return 0; | 392 return 0; |
387 | 393 |
388 } | 394 } |
389 | 395 |
390 GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | 396 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, |
391 » » » » X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 397 » » » » X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
392 { | 398 { |
393 GENERAL_NAME *gen; | 399 GENERAL_NAME *gen; |
394 GENERAL_NAMES *gens = NULL; | 400 GENERAL_NAMES *gens = NULL; |
395 CONF_VALUE *cnf; | 401 CONF_VALUE *cnf; |
396 int i; | 402 int i; |
397 if(!(gens = sk_GENERAL_NAME_new_null())) { | 403 if(!(gens = sk_GENERAL_NAME_new_null())) { |
398 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | 404 X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); |
399 return NULL; | 405 return NULL; |
400 } | 406 } |
401 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 407 for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
402 cnf = sk_CONF_VALUE_value(nval, i); | 408 cnf = sk_CONF_VALUE_value(nval, i); |
403 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; | 409 if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) goto err; |
404 sk_GENERAL_NAME_push(gens, gen); | 410 sk_GENERAL_NAME_push(gens, gen); |
405 } | 411 } |
406 return gens; | 412 return gens; |
407 err: | 413 err: |
408 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | 414 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); |
409 return NULL; | 415 return NULL; |
410 } | 416 } |
411 | 417 |
412 GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | 418 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
413 » » » » » » » CONF_VALUE *cnf) | 419 » » » CONF_VALUE *cnf) |
414 { | 420 { |
415 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); | 421 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); |
416 } | 422 } |
417 | 423 |
418 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, | 424 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, |
419 » » » » X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | 425 » » » const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, |
420 » » » » » » CONF_VALUE *cnf, int is_nc) | 426 » » » int gen_type, char *value, int is_nc) |
421 { | 427 { |
422 char is_string = 0; | 428 char is_string = 0; |
423 int type; | |
424 GENERAL_NAME *gen = NULL; | 429 GENERAL_NAME *gen = NULL; |
425 | 430 |
426 char *name, *value; | |
427 | |
428 name = cnf->name; | |
429 value = cnf->value; | |
430 | |
431 if(!value) | 431 if(!value) |
432 { | 432 { |
433 » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); | 433 » » X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_MISSING_VALUE); |
434 return NULL; | 434 return NULL; |
435 } | 435 } |
436 | 436 |
437 if (out) | 437 if (out) |
438 gen = out; | 438 gen = out; |
439 else | 439 else |
440 { | 440 { |
441 gen = GENERAL_NAME_new(); | 441 gen = GENERAL_NAME_new(); |
442 if(gen == NULL) | 442 if(gen == NULL) |
443 { | 443 { |
444 » » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAIL
URE); | 444 » » » X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE
); |
445 return NULL; | 445 return NULL; |
446 } | 446 } |
447 } | 447 } |
448 | 448 |
449 » if(!name_cmp(name, "email")) | 449 » switch (gen_type) |
450 { | 450 { |
| 451 case GEN_URI: |
| 452 case GEN_EMAIL: |
| 453 case GEN_DNS: |
451 is_string = 1; | 454 is_string = 1; |
452 » » type = GEN_EMAIL; | 455 » » break; |
453 » » } | 456 » » |
454 » else if(!name_cmp(name, "URI")) | 457 » » case GEN_RID: |
455 » » { | |
456 » » is_string = 1; | |
457 » » type = GEN_URI; | |
458 » » } | |
459 » else if(!name_cmp(name, "DNS")) | |
460 » » { | |
461 » » is_string = 1; | |
462 » » type = GEN_DNS; | |
463 » » } | |
464 » else if(!name_cmp(name, "RID")) | |
465 { | 458 { |
466 ASN1_OBJECT *obj; | 459 ASN1_OBJECT *obj; |
467 if(!(obj = OBJ_txt2obj(value,0))) | 460 if(!(obj = OBJ_txt2obj(value,0))) |
468 { | 461 { |
469 » » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_OBJE
CT); | 462 » » » X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_OBJECT)
; |
470 ERR_add_error_data(2, "value=", value); | 463 ERR_add_error_data(2, "value=", value); |
471 goto err; | 464 goto err; |
472 } | 465 } |
473 gen->d.rid = obj; | 466 gen->d.rid = obj; |
474 type = GEN_RID; | |
475 } | 467 } |
476 » else if(!name_cmp(name, "IP")) | 468 » » break; |
477 » » { | 469 |
| 470 » » case GEN_IPADD: |
478 if (is_nc) | 471 if (is_nc) |
479 gen->d.ip = a2i_IPADDRESS_NC(value); | 472 gen->d.ip = a2i_IPADDRESS_NC(value); |
480 else | 473 else |
481 gen->d.ip = a2i_IPADDRESS(value); | 474 gen->d.ip = a2i_IPADDRESS(value); |
482 if(gen->d.ip == NULL) | 475 if(gen->d.ip == NULL) |
483 { | 476 { |
484 » » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_BAD_IP_A
DDRESS); | 477 » » » X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_BAD_IP_ADDR
ESS); |
485 ERR_add_error_data(2, "value=", value); | 478 ERR_add_error_data(2, "value=", value); |
486 goto err; | 479 goto err; |
487 } | 480 } |
488 » » type = GEN_IPADD; | 481 » » break; |
489 » » } | 482 |
490 » else if(!name_cmp(name, "dirName")) | 483 » » case GEN_DIRNAME: |
491 » » { | |
492 » » type = GEN_DIRNAME; | |
493 if (!do_dirname(gen, value, ctx)) | 484 if (!do_dirname(gen, value, ctx)) |
494 { | 485 { |
495 » » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_DIRNAME_
ERROR); | 486 » » » X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_DIRNAME_ERR
OR); |
496 goto err; | 487 goto err; |
497 } | 488 } |
498 » » } | 489 » » break; |
499 » else if(!name_cmp(name, "otherName")) | 490 |
500 » » { | 491 » » case GEN_OTHERNAME: |
501 if (!do_othername(gen, value, ctx)) | 492 if (!do_othername(gen, value, ctx)) |
502 { | 493 { |
503 » » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_OTHERNAM
E_ERROR); | 494 » » » X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_OTHERNAME_E
RROR); |
504 goto err; | 495 goto err; |
505 } | 496 } |
506 » » type = GEN_OTHERNAME; | 497 » » break; |
507 » » } | 498 » » default: |
508 » else | 499 » » X509V3err(X509V3_F_A2I_GENERAL_NAME,X509V3_R_UNSUPPORTED_TYPE); |
509 » » { | |
510 » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTI
ON); | |
511 » » ERR_add_error_data(2, "name=", name); | |
512 goto err; | 500 goto err; |
513 } | 501 } |
514 | 502 |
515 if(is_string) | 503 if(is_string) |
516 { | 504 { |
517 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || | 505 if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || |
518 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value
, | 506 !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value
, |
519 strlen(value))) | 507 strlen(value))) |
520 { | 508 { |
521 » » » X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,ERR_R_MALLOC_FAIL
URE); | 509 » » » X509V3err(X509V3_F_A2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE
); |
522 goto err; | 510 goto err; |
523 } | 511 } |
524 } | 512 } |
525 | 513 |
526 » gen->type = type; | 514 » gen->type = gen_type; |
527 | 515 |
528 return gen; | 516 return gen; |
529 | 517 |
530 err: | 518 err: |
531 if (!out) | 519 if (!out) |
532 GENERAL_NAME_free(gen); | 520 GENERAL_NAME_free(gen); |
533 return NULL; | 521 return NULL; |
534 } | 522 } |
535 | 523 |
| 524 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, |
| 525 const X509V3_EXT_METHOD *method, |
| 526 X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) |
| 527 { |
| 528 int type; |
| 529 |
| 530 char *name, *value; |
| 531 |
| 532 name = cnf->name; |
| 533 value = cnf->value; |
| 534 |
| 535 if(!value) |
| 536 { |
| 537 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_MISSING_VALUE); |
| 538 return NULL; |
| 539 } |
| 540 |
| 541 if(!name_cmp(name, "email")) |
| 542 type = GEN_EMAIL; |
| 543 else if(!name_cmp(name, "URI")) |
| 544 type = GEN_URI; |
| 545 else if(!name_cmp(name, "DNS")) |
| 546 type = GEN_DNS; |
| 547 else if(!name_cmp(name, "RID")) |
| 548 type = GEN_RID; |
| 549 else if(!name_cmp(name, "IP")) |
| 550 type = GEN_IPADD; |
| 551 else if(!name_cmp(name, "dirName")) |
| 552 type = GEN_DIRNAME; |
| 553 else if(!name_cmp(name, "otherName")) |
| 554 type = GEN_OTHERNAME; |
| 555 else |
| 556 { |
| 557 X509V3err(X509V3_F_V2I_GENERAL_NAME_EX,X509V3_R_UNSUPPORTED_OPTI
ON); |
| 558 ERR_add_error_data(2, "name=", name); |
| 559 return NULL; |
| 560 } |
| 561 |
| 562 return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); |
| 563 |
| 564 } |
| 565 |
536 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) | 566 static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) |
537 { | 567 { |
538 char *objtmp = NULL, *p; | 568 char *objtmp = NULL, *p; |
539 int objlen; | 569 int objlen; |
540 if (!(p = strchr(value, ';'))) | 570 if (!(p = strchr(value, ';'))) |
541 return 0; | 571 return 0; |
542 if (!(gen->d.otherName = OTHERNAME_new())) | 572 if (!(gen->d.otherName = OTHERNAME_new())) |
543 return 0; | 573 return 0; |
544 /* Free this up because we will overwrite it. | 574 /* Free this up because we will overwrite it. |
545 * no need to free type_id because it is static | 575 * no need to free type_id because it is static |
(...skipping 25 matching lines...) Expand all Loading... |
571 X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); | 601 X509V3err(X509V3_F_DO_DIRNAME,X509V3_R_SECTION_NOT_FOUND); |
572 ERR_add_error_data(2, "section=", value); | 602 ERR_add_error_data(2, "section=", value); |
573 X509_NAME_free(nm); | 603 X509_NAME_free(nm); |
574 return 0; | 604 return 0; |
575 } | 605 } |
576 /* FIXME: should allow other character types... */ | 606 /* FIXME: should allow other character types... */ |
577 ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); | 607 ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); |
578 if (!ret) | 608 if (!ret) |
579 X509_NAME_free(nm); | 609 X509_NAME_free(nm); |
580 gen->d.dirn = nm; | 610 gen->d.dirn = nm; |
581 | |
582 X509V3_section_free(ctx, sk); | 611 X509V3_section_free(ctx, sk); |
583 | 612 |
584 return ret; | 613 return ret; |
585 } | 614 } |
OLD | NEW |