xref: /freebsd/crypto/openssl/crypto/x509/v3_san.c (revision e0c4386e7e71d93b0edc0c8fa156263fc4a8b0b6)
1 /*
2  * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include "crypto/x509.h"
13 #include <openssl/conf.h>
14 #include <openssl/x509v3.h>
15 #include <openssl/bio.h>
16 #include "ext_dat.h"
17 
18 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
19                                       X509V3_CTX *ctx,
20                                       STACK_OF(CONF_VALUE) *nval);
21 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
22                                      X509V3_CTX *ctx,
23                                      STACK_OF(CONF_VALUE) *nval);
24 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
25 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens);
26 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
27 static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx);
28 
29 const X509V3_EXT_METHOD ossl_v3_alt[3] = {
30     {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
31      0, 0, 0, 0,
32      0, 0,
33      (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
34      (X509V3_EXT_V2I)v2i_subject_alt,
35      NULL, NULL, NULL},
36 
37     {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES),
38      0, 0, 0, 0,
39      0, 0,
40      (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
41      (X509V3_EXT_V2I)v2i_issuer_alt,
42      NULL, NULL, NULL},
43 
44     {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES),
45      0, 0, 0, 0,
46      0, 0,
47      (X509V3_EXT_I2V) i2v_GENERAL_NAMES,
48      NULL, NULL, NULL, NULL},
49 };
50 
STACK_OF(CONF_VALUE)51 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method,
52                                         GENERAL_NAMES *gens,
53                                         STACK_OF(CONF_VALUE) *ret)
54 {
55     int i;
56     GENERAL_NAME *gen;
57     STACK_OF(CONF_VALUE) *tmpret = NULL, *origret = ret;
58 
59     for (i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
60         gen = sk_GENERAL_NAME_value(gens, i);
61         /*
62          * i2v_GENERAL_NAME allocates ret if it is NULL. If something goes
63          * wrong we need to free the stack - but only if it was empty when we
64          * originally entered this function.
65          */
66         tmpret = i2v_GENERAL_NAME(method, gen, ret);
67         if (tmpret == NULL) {
68             if (origret == NULL)
69                 sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
70             return NULL;
71         }
72         ret = tmpret;
73     }
74     if (ret == NULL)
75         return sk_CONF_VALUE_new_null();
76     return ret;
77 }
78 
STACK_OF(CONF_VALUE)79 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method,
80                                        GENERAL_NAME *gen,
81                                        STACK_OF(CONF_VALUE) *ret)
82 {
83     char othername[300];
84     char oline[256], *tmp;
85 
86     switch (gen->type) {
87     case GEN_OTHERNAME:
88         switch (OBJ_obj2nid(gen->d.otherName->type_id)) {
89         case NID_id_on_SmtpUTF8Mailbox:
90             if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
91                     || !x509v3_add_len_value_uchar("othername: SmtpUTF8Mailbox:",
92                             gen->d.otherName->value->value.utf8string->data,
93                             gen->d.otherName->value->value.utf8string->length,
94                             &ret))
95                 return NULL;
96             break;
97         case NID_XmppAddr:
98             if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
99                     || !x509v3_add_len_value_uchar("othername: XmppAddr:",
100                             gen->d.otherName->value->value.utf8string->data,
101                             gen->d.otherName->value->value.utf8string->length,
102                             &ret))
103                 return NULL;
104             break;
105         case NID_SRVName:
106             if (gen->d.otherName->value->type != V_ASN1_IA5STRING
107                     || !x509v3_add_len_value_uchar("othername: SRVName:",
108                             gen->d.otherName->value->value.ia5string->data,
109                             gen->d.otherName->value->value.ia5string->length,
110                             &ret))
111                 return NULL;
112             break;
113         case NID_ms_upn:
114             if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
115                     || !x509v3_add_len_value_uchar("othername: UPN:",
116                             gen->d.otherName->value->value.utf8string->data,
117                             gen->d.otherName->value->value.utf8string->length,
118                             &ret))
119                 return NULL;
120             break;
121         case NID_NAIRealm:
122             if (gen->d.otherName->value->type != V_ASN1_UTF8STRING
123                     || !x509v3_add_len_value_uchar("othername: NAIRealm:",
124                             gen->d.otherName->value->value.utf8string->data,
125                             gen->d.otherName->value->value.utf8string->length,
126                             &ret))
127                 return NULL;
128             break;
129         default:
130             if (OBJ_obj2txt(oline, sizeof(oline), gen->d.otherName->type_id, 0) > 0)
131                 BIO_snprintf(othername, sizeof(othername), "othername: %s:",
132                              oline);
133             else
134                 OPENSSL_strlcpy(othername, "othername:", sizeof(othername));
135 
136             /* check if the value is something printable */
137             if (gen->d.otherName->value->type == V_ASN1_IA5STRING) {
138                 if (x509v3_add_len_value_uchar(othername,
139                              gen->d.otherName->value->value.ia5string->data,
140                              gen->d.otherName->value->value.ia5string->length,
141                              &ret))
142                     return ret;
143             }
144             if (gen->d.otherName->value->type == V_ASN1_UTF8STRING) {
145                 if (x509v3_add_len_value_uchar(othername,
146                              gen->d.otherName->value->value.utf8string->data,
147                              gen->d.otherName->value->value.utf8string->length,
148                              &ret))
149                     return ret;
150             }
151             if (!X509V3_add_value(othername, "<unsupported>", &ret))
152                 return NULL;
153             break;
154         }
155         break;
156 
157     case GEN_X400:
158         if (!X509V3_add_value("X400Name", "<unsupported>", &ret))
159             return NULL;
160         break;
161 
162     case GEN_EDIPARTY:
163         if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret))
164             return NULL;
165         break;
166 
167     case GEN_EMAIL:
168         if (!x509v3_add_len_value_uchar("email", gen->d.ia5->data,
169                                         gen->d.ia5->length, &ret))
170             return NULL;
171         break;
172 
173     case GEN_DNS:
174         if (!x509v3_add_len_value_uchar("DNS", gen->d.ia5->data,
175                                         gen->d.ia5->length, &ret))
176             return NULL;
177         break;
178 
179     case GEN_URI:
180         if (!x509v3_add_len_value_uchar("URI", gen->d.ia5->data,
181                                         gen->d.ia5->length, &ret))
182             return NULL;
183         break;
184 
185     case GEN_DIRNAME:
186         if (X509_NAME_oneline(gen->d.dirn, oline, sizeof(oline)) == NULL
187                 || !X509V3_add_value("DirName", oline, &ret))
188             return NULL;
189         break;
190 
191     case GEN_IPADD:
192         tmp = ossl_ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length);
193         if (tmp == NULL || !X509V3_add_value("IP Address", tmp, &ret))
194             ret = NULL;
195         OPENSSL_free(tmp);
196         break;
197 
198     case GEN_RID:
199         i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
200         if (!X509V3_add_value("Registered ID", oline, &ret))
201             return NULL;
202         break;
203     }
204     return ret;
205 }
206 
GENERAL_NAME_print(BIO * out,GENERAL_NAME * gen)207 int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen)
208 {
209     char *tmp;
210     int nid;
211 
212     switch (gen->type) {
213     case GEN_OTHERNAME:
214         nid = OBJ_obj2nid(gen->d.otherName->type_id);
215         /* Validate the types are as we expect before we use them */
216         if ((nid == NID_SRVName
217              && gen->d.otherName->value->type != V_ASN1_IA5STRING)
218                 || (nid != NID_SRVName
219                     && gen->d.otherName->value->type != V_ASN1_UTF8STRING)) {
220             BIO_printf(out, "othername:<unsupported>");
221             break;
222         }
223 
224         switch (nid) {
225         case NID_id_on_SmtpUTF8Mailbox:
226             BIO_printf(out, "othername:SmtpUTF8Mailbox:%.*s",
227                        gen->d.otherName->value->value.utf8string->length,
228                        gen->d.otherName->value->value.utf8string->data);
229             break;
230         case NID_XmppAddr:
231             BIO_printf(out, "othername:XmppAddr:%.*s",
232                        gen->d.otherName->value->value.utf8string->length,
233                        gen->d.otherName->value->value.utf8string->data);
234             break;
235         case NID_SRVName:
236             BIO_printf(out, "othername:SRVName:%.*s",
237                        gen->d.otherName->value->value.ia5string->length,
238                        gen->d.otherName->value->value.ia5string->data);
239             break;
240         case NID_ms_upn:
241             BIO_printf(out, "othername:UPN:%.*s",
242                        gen->d.otherName->value->value.utf8string->length,
243                        gen->d.otherName->value->value.utf8string->data);
244             break;
245         case NID_NAIRealm:
246             BIO_printf(out, "othername:NAIRealm:%.*s",
247                        gen->d.otherName->value->value.utf8string->length,
248                        gen->d.otherName->value->value.utf8string->data);
249             break;
250         default:
251             BIO_printf(out, "othername:<unsupported>");
252             break;
253         }
254         break;
255 
256     case GEN_X400:
257         BIO_printf(out, "X400Name:<unsupported>");
258         break;
259 
260     case GEN_EDIPARTY:
261         /* Maybe fix this: it is supported now */
262         BIO_printf(out, "EdiPartyName:<unsupported>");
263         break;
264 
265     case GEN_EMAIL:
266         BIO_printf(out, "email:");
267         ASN1_STRING_print(out, gen->d.ia5);
268         break;
269 
270     case GEN_DNS:
271         BIO_printf(out, "DNS:");
272         ASN1_STRING_print(out, gen->d.ia5);
273         break;
274 
275     case GEN_URI:
276         BIO_printf(out, "URI:");
277         ASN1_STRING_print(out, gen->d.ia5);
278         break;
279 
280     case GEN_DIRNAME:
281         BIO_printf(out, "DirName:");
282         X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
283         break;
284 
285     case GEN_IPADD:
286         tmp = ossl_ipaddr_to_asc(gen->d.ip->data, gen->d.ip->length);
287         if (tmp == NULL)
288             return 0;
289         BIO_printf(out, "IP Address:%s", tmp);
290         OPENSSL_free(tmp);
291         break;
292 
293     case GEN_RID:
294         BIO_printf(out, "Registered ID:");
295         i2a_ASN1_OBJECT(out, gen->d.rid);
296         break;
297     }
298     return 1;
299 }
300 
v2i_issuer_alt(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)301 static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
302                                      X509V3_CTX *ctx,
303                                      STACK_OF(CONF_VALUE) *nval)
304 {
305     const int num = sk_CONF_VALUE_num(nval);
306     GENERAL_NAMES *gens = sk_GENERAL_NAME_new_reserve(NULL, num);
307     int i;
308 
309     if (gens == NULL) {
310         ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
311         sk_GENERAL_NAME_free(gens);
312         return NULL;
313     }
314     for (i = 0; i < num; i++) {
315         CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
316 
317         if (!ossl_v3_name_cmp(cnf->name, "issuer")
318             && cnf->value && strcmp(cnf->value, "copy") == 0) {
319             if (!copy_issuer(ctx, gens))
320                 goto err;
321         } else {
322             GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
323 
324             if (gen == NULL)
325                 goto err;
326             sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
327         }
328     }
329     return gens;
330  err:
331     sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
332     return NULL;
333 }
334 
335 /* Append subject altname of issuer to issuer alt name of subject */
336 
copy_issuer(X509V3_CTX * ctx,GENERAL_NAMES * gens)337 static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens)
338 {
339     GENERAL_NAMES *ialt;
340     GENERAL_NAME *gen;
341     X509_EXTENSION *ext;
342     int i, num;
343 
344     if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
345         return 1;
346     if (!ctx || !ctx->issuer_cert) {
347         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_ISSUER_DETAILS);
348         goto err;
349     }
350     i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
351     if (i < 0)
352         return 1;
353     if ((ext = X509_get_ext(ctx->issuer_cert, i)) == NULL
354         || (ialt = X509V3_EXT_d2i(ext)) == NULL) {
355         ERR_raise(ERR_LIB_X509V3, X509V3_R_ISSUER_DECODE_ERROR);
356         goto err;
357     }
358 
359     num = sk_GENERAL_NAME_num(ialt);
360     if (!sk_GENERAL_NAME_reserve(gens, num)) {
361         ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
362         goto err;
363     }
364 
365     for (i = 0; i < num; i++) {
366         gen = sk_GENERAL_NAME_value(ialt, i);
367         sk_GENERAL_NAME_push(gens, gen);     /* no failure as it was reserved */
368     }
369     sk_GENERAL_NAME_free(ialt);
370 
371     return 1;
372 
373  err:
374     return 0;
375 
376 }
377 
v2i_subject_alt(X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)378 static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
379                                       X509V3_CTX *ctx,
380                                       STACK_OF(CONF_VALUE) *nval)
381 {
382     GENERAL_NAMES *gens;
383     CONF_VALUE *cnf;
384     const int num = sk_CONF_VALUE_num(nval);
385     int i;
386 
387     gens = sk_GENERAL_NAME_new_reserve(NULL, num);
388     if (gens == NULL) {
389         ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
390         sk_GENERAL_NAME_free(gens);
391         return NULL;
392     }
393 
394     for (i = 0; i < num; i++) {
395         cnf = sk_CONF_VALUE_value(nval, i);
396         if (ossl_v3_name_cmp(cnf->name, "email") == 0
397             && cnf->value && strcmp(cnf->value, "copy") == 0) {
398             if (!copy_email(ctx, gens, 0))
399                 goto err;
400         } else if (ossl_v3_name_cmp(cnf->name, "email") == 0
401                    && cnf->value && strcmp(cnf->value, "move") == 0) {
402             if (!copy_email(ctx, gens, 1))
403                 goto err;
404         } else {
405             GENERAL_NAME *gen;
406             if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
407                 goto err;
408             sk_GENERAL_NAME_push(gens, gen); /* no failure as it was reserved */
409         }
410     }
411     return gens;
412  err:
413     sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
414     return NULL;
415 }
416 
417 /*
418  * Copy any email addresses in a certificate or request to GENERAL_NAMES
419  */
420 
copy_email(X509V3_CTX * ctx,GENERAL_NAMES * gens,int move_p)421 static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p)
422 {
423     X509_NAME *nm;
424     ASN1_IA5STRING *email = NULL;
425     X509_NAME_ENTRY *ne;
426     GENERAL_NAME *gen = NULL;
427     int i = -1;
428 
429     if (ctx != NULL && (ctx->flags & X509V3_CTX_TEST) != 0)
430         return 1;
431     if (ctx == NULL
432         || (ctx->subject_cert == NULL && ctx->subject_req == NULL)) {
433         ERR_raise(ERR_LIB_X509V3, X509V3_R_NO_SUBJECT_DETAILS);
434         return 0;
435     }
436     /* Find the subject name */
437     nm = ctx->subject_cert != NULL ?
438         X509_get_subject_name(ctx->subject_cert) :
439         X509_REQ_get_subject_name(ctx->subject_req);
440 
441     /* Now add any email address(es) to STACK */
442     while ((i = X509_NAME_get_index_by_NID(nm,
443                                            NID_pkcs9_emailAddress, i)) >= 0) {
444         ne = X509_NAME_get_entry(nm, i);
445         email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
446         if (move_p) {
447             X509_NAME_delete_entry(nm, i);
448             X509_NAME_ENTRY_free(ne);
449             i--;
450         }
451         if (email == NULL || (gen = GENERAL_NAME_new()) == NULL) {
452             ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
453             goto err;
454         }
455         gen->d.ia5 = email;
456         email = NULL;
457         gen->type = GEN_EMAIL;
458         if (!sk_GENERAL_NAME_push(gens, gen)) {
459             ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
460             goto err;
461         }
462         gen = NULL;
463     }
464 
465     return 1;
466 
467  err:
468     GENERAL_NAME_free(gen);
469     ASN1_IA5STRING_free(email);
470     return 0;
471 
472 }
473 
v2i_GENERAL_NAMES(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,STACK_OF (CONF_VALUE)* nval)474 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
475                                  X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval)
476 {
477     GENERAL_NAME *gen;
478     GENERAL_NAMES *gens;
479     CONF_VALUE *cnf;
480     const int num = sk_CONF_VALUE_num(nval);
481     int i;
482 
483     gens = sk_GENERAL_NAME_new_reserve(NULL, num);
484     if (gens == NULL) {
485         ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
486         sk_GENERAL_NAME_free(gens);
487         return NULL;
488     }
489 
490     for (i = 0; i < num; i++) {
491         cnf = sk_CONF_VALUE_value(nval, i);
492         if ((gen = v2i_GENERAL_NAME(method, ctx, cnf)) == NULL)
493             goto err;
494         sk_GENERAL_NAME_push(gens, gen);    /* no failure as it was reserved */
495     }
496     return gens;
497  err:
498     sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
499     return NULL;
500 }
501 
v2i_GENERAL_NAME(const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,CONF_VALUE * cnf)502 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
503                                X509V3_CTX *ctx, CONF_VALUE *cnf)
504 {
505     return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
506 }
507 
a2i_GENERAL_NAME(GENERAL_NAME * out,const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,int gen_type,const char * value,int is_nc)508 GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
509                                const X509V3_EXT_METHOD *method,
510                                X509V3_CTX *ctx, int gen_type, const char *value,
511                                int is_nc)
512 {
513     char is_string = 0;
514     GENERAL_NAME *gen = NULL;
515 
516     if (!value) {
517         ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE);
518         return NULL;
519     }
520 
521     if (out)
522         gen = out;
523     else {
524         gen = GENERAL_NAME_new();
525         if (gen == NULL) {
526             ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
527             return NULL;
528         }
529     }
530 
531     switch (gen_type) {
532     case GEN_URI:
533     case GEN_EMAIL:
534     case GEN_DNS:
535         is_string = 1;
536         break;
537 
538     case GEN_RID:
539         {
540             ASN1_OBJECT *obj;
541             if ((obj = OBJ_txt2obj(value, 0)) == NULL) {
542                 ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_OBJECT,
543                                "value=%s", value);
544                 goto err;
545             }
546             gen->d.rid = obj;
547         }
548         break;
549 
550     case GEN_IPADD:
551         if (is_nc)
552             gen->d.ip = a2i_IPADDRESS_NC(value);
553         else
554             gen->d.ip = a2i_IPADDRESS(value);
555         if (gen->d.ip == NULL) {
556             ERR_raise_data(ERR_LIB_X509V3, X509V3_R_BAD_IP_ADDRESS,
557                            "value=%s", value);
558             goto err;
559         }
560         break;
561 
562     case GEN_DIRNAME:
563         if (!do_dirname(gen, value, ctx)) {
564             ERR_raise(ERR_LIB_X509V3, X509V3_R_DIRNAME_ERROR);
565             goto err;
566         }
567         break;
568 
569     case GEN_OTHERNAME:
570         if (!do_othername(gen, value, ctx)) {
571             ERR_raise(ERR_LIB_X509V3, X509V3_R_OTHERNAME_ERROR);
572             goto err;
573         }
574         break;
575     default:
576         ERR_raise(ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_TYPE);
577         goto err;
578     }
579 
580     if (is_string) {
581         if ((gen->d.ia5 = ASN1_IA5STRING_new()) == NULL ||
582             !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value,
583                              strlen(value))) {
584             ASN1_IA5STRING_free(gen->d.ia5);
585             gen->d.ia5 = NULL;
586             ERR_raise(ERR_LIB_X509V3, ERR_R_MALLOC_FAILURE);
587             goto err;
588         }
589     }
590 
591     gen->type = gen_type;
592 
593     return gen;
594 
595  err:
596     if (!out)
597         GENERAL_NAME_free(gen);
598     return NULL;
599 }
600 
v2i_GENERAL_NAME_ex(GENERAL_NAME * out,const X509V3_EXT_METHOD * method,X509V3_CTX * ctx,CONF_VALUE * cnf,int is_nc)601 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
602                                   const X509V3_EXT_METHOD *method,
603                                   X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
604 {
605     int type;
606 
607     char *name, *value;
608 
609     name = cnf->name;
610     value = cnf->value;
611 
612     if (!value) {
613         ERR_raise(ERR_LIB_X509V3, X509V3_R_MISSING_VALUE);
614         return NULL;
615     }
616 
617     if (!ossl_v3_name_cmp(name, "email"))
618         type = GEN_EMAIL;
619     else if (!ossl_v3_name_cmp(name, "URI"))
620         type = GEN_URI;
621     else if (!ossl_v3_name_cmp(name, "DNS"))
622         type = GEN_DNS;
623     else if (!ossl_v3_name_cmp(name, "RID"))
624         type = GEN_RID;
625     else if (!ossl_v3_name_cmp(name, "IP"))
626         type = GEN_IPADD;
627     else if (!ossl_v3_name_cmp(name, "dirName"))
628         type = GEN_DIRNAME;
629     else if (!ossl_v3_name_cmp(name, "otherName"))
630         type = GEN_OTHERNAME;
631     else {
632         ERR_raise_data(ERR_LIB_X509V3, X509V3_R_UNSUPPORTED_OPTION,
633                        "name=%s", name);
634         return NULL;
635     }
636 
637     return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
638 
639 }
640 
do_othername(GENERAL_NAME * gen,const char * value,X509V3_CTX * ctx)641 static int do_othername(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
642 {
643     char *objtmp = NULL, *p;
644     int objlen;
645 
646     if ((p = strchr(value, ';')) == NULL)
647         return 0;
648     if ((gen->d.otherName = OTHERNAME_new()) == NULL)
649         return 0;
650     /*
651      * Free this up because we will overwrite it. no need to free type_id
652      * because it is static
653      */
654     ASN1_TYPE_free(gen->d.otherName->value);
655     if ((gen->d.otherName->value = ASN1_generate_v3(p + 1, ctx)) == NULL)
656         goto err;
657     objlen = p - value;
658     objtmp = OPENSSL_strndup(value, objlen);
659     if (objtmp == NULL)
660         goto err;
661     gen->d.otherName->type_id = OBJ_txt2obj(objtmp, 0);
662     OPENSSL_free(objtmp);
663     if (!gen->d.otherName->type_id)
664         goto err;
665     return 1;
666 
667  err:
668     OTHERNAME_free(gen->d.otherName);
669     gen->d.otherName = NULL;
670     return 0;
671 }
672 
do_dirname(GENERAL_NAME * gen,const char * value,X509V3_CTX * ctx)673 static int do_dirname(GENERAL_NAME *gen, const char *value, X509V3_CTX *ctx)
674 {
675     int ret = 0;
676     STACK_OF(CONF_VALUE) *sk = NULL;
677     X509_NAME *nm;
678 
679     if ((nm = X509_NAME_new()) == NULL)
680         goto err;
681     sk = X509V3_get_section(ctx, value);
682     if (!sk) {
683         ERR_raise_data(ERR_LIB_X509V3, X509V3_R_SECTION_NOT_FOUND,
684                        "section=%s", value);
685         goto err;
686     }
687     /* FIXME: should allow other character types... */
688     ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC);
689     if (!ret)
690         goto err;
691     gen->d.dirn = nm;
692 
693 err:
694     if (ret == 0)
695         X509_NAME_free(nm);
696     X509V3_section_free(ctx, sk);
697     return ret;
698 }
699