1 /*
2 * Written by Dr Stephen N Henson ([email protected]) for the OpenSSL
3 * project.
4 */
5 /* ====================================================================
6 * Copyright (c) 1999-2003 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * [email protected].
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * ([email protected]). This product includes software written by Tim
55 * Hudson ([email protected]). */
56
57 #include <stdio.h>
58 #include <string.h>
59
60 #include <openssl/conf.h>
61 #include <openssl/err.h>
62 #include <openssl/mem.h>
63 #include <openssl/obj.h>
64 #include <openssl/x509.h>
65
66 #include "internal.h"
67
68
69 static void *v2i_subject_alt(const X509V3_EXT_METHOD *method,
70 const X509V3_CTX *ctx,
71 const STACK_OF(CONF_VALUE) *nval);
72 static void *v2i_issuer_alt(const X509V3_EXT_METHOD *method,
73 const X509V3_CTX *ctx,
74 const STACK_OF(CONF_VALUE) *nval);
75 static int copy_email(const X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p);
76 static int copy_issuer(const X509V3_CTX *ctx, GENERAL_NAMES *gens);
77 static int do_othername(GENERAL_NAME *gen, const char *value,
78 const X509V3_CTX *ctx);
79 static int do_dirname(GENERAL_NAME *gen, const char *value,
80 const X509V3_CTX *ctx);
81
STACK_OF(CONF_VALUE)82 static STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES_cb(
83 const X509V3_EXT_METHOD *method, void *ext, STACK_OF(CONF_VALUE) *ret) {
84 return i2v_GENERAL_NAMES(method, ext, ret);
85 }
86
87 const X509V3_EXT_METHOD v3_alt[] = {
88 {NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0,
89 i2v_GENERAL_NAMES_cb, v2i_subject_alt, NULL, NULL, NULL},
90
91 {NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0,
92 i2v_GENERAL_NAMES_cb, v2i_issuer_alt, NULL, NULL, NULL},
93
94 {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), 0, 0, 0, 0, 0, 0,
95 i2v_GENERAL_NAMES_cb, NULL, NULL, NULL, NULL},
96 };
97
STACK_OF(CONF_VALUE)98 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
99 const GENERAL_NAMES *gens,
100 STACK_OF(CONF_VALUE) *ret) {
101 int ret_was_null = ret == NULL;
102 for (size_t i = 0; i < sk_GENERAL_NAME_num(gens); i++) {
103 const GENERAL_NAME *gen = sk_GENERAL_NAME_value(gens, i);
104 STACK_OF(CONF_VALUE) *tmp = i2v_GENERAL_NAME(method, gen, ret);
105 if (tmp == NULL) {
106 if (ret_was_null) {
107 sk_CONF_VALUE_pop_free(ret, X509V3_conf_free);
108 }
109 return NULL;
110 }
111 ret = tmp;
112 }
113 if (!ret) {
114 return sk_CONF_VALUE_new_null();
115 }
116 return ret;
117 }
118
STACK_OF(CONF_VALUE)119 STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(const X509V3_EXT_METHOD *method,
120 const GENERAL_NAME *gen,
121 STACK_OF(CONF_VALUE) *ret) {
122 // Note the error-handling for this function relies on there being at most
123 // one |X509V3_add_value| call. If there were two and the second failed, we
124 // would need to sometimes free the first call's result.
125 unsigned char *p;
126 char oline[256], htmp[5];
127 int i;
128 switch (gen->type) {
129 case GEN_OTHERNAME:
130 if (!X509V3_add_value("othername", "<unsupported>", &ret)) {
131 return NULL;
132 }
133 break;
134
135 case GEN_X400:
136 if (!X509V3_add_value("X400Name", "<unsupported>", &ret)) {
137 return NULL;
138 }
139 break;
140
141 case GEN_EDIPARTY:
142 if (!X509V3_add_value("EdiPartyName", "<unsupported>", &ret)) {
143 return NULL;
144 }
145 break;
146
147 case GEN_EMAIL:
148 if (!x509V3_add_value_asn1_string("email", gen->d.ia5, &ret)) {
149 return NULL;
150 }
151 break;
152
153 case GEN_DNS:
154 if (!x509V3_add_value_asn1_string("DNS", gen->d.ia5, &ret)) {
155 return NULL;
156 }
157 break;
158
159 case GEN_URI:
160 if (!x509V3_add_value_asn1_string("URI", gen->d.ia5, &ret)) {
161 return NULL;
162 }
163 break;
164
165 case GEN_DIRNAME:
166 if (X509_NAME_oneline(gen->d.dirn, oline, 256) == NULL ||
167 !X509V3_add_value("DirName", oline, &ret)) {
168 return NULL;
169 }
170 break;
171
172 case GEN_IPADD:
173 p = gen->d.ip->data;
174 if (gen->d.ip->length == 4) {
175 snprintf(oline, sizeof(oline), "%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
176 } else if (gen->d.ip->length == 16) {
177 oline[0] = 0;
178 for (i = 0; i < 8; i++) {
179 uint16_t v = ((uint16_t)p[0] << 8) | p[1];
180 snprintf(htmp, sizeof(htmp), "%X", v);
181 p += 2;
182 OPENSSL_strlcat(oline, htmp, sizeof(oline));
183 if (i != 7) {
184 OPENSSL_strlcat(oline, ":", sizeof(oline));
185 }
186 }
187 } else {
188 if (!X509V3_add_value("IP Address", "<invalid>", &ret)) {
189 return NULL;
190 }
191 break;
192 }
193 if (!X509V3_add_value("IP Address", oline, &ret)) {
194 return NULL;
195 }
196 break;
197
198 case GEN_RID:
199 i2t_ASN1_OBJECT(oline, 256, gen->d.rid);
200 if (!X509V3_add_value("Registered ID", oline, &ret)) {
201 return NULL;
202 }
203 break;
204 }
205 return ret;
206 }
207
GENERAL_NAME_print(BIO * out,const GENERAL_NAME * gen)208 int GENERAL_NAME_print(BIO *out, const GENERAL_NAME *gen) {
209 switch (gen->type) {
210 case GEN_OTHERNAME:
211 BIO_printf(out, "othername:<unsupported>");
212 break;
213
214 case GEN_X400:
215 BIO_printf(out, "X400Name:<unsupported>");
216 break;
217
218 case GEN_EDIPARTY:
219 // Maybe fix this: it is supported now
220 BIO_printf(out, "EdiPartyName:<unsupported>");
221 break;
222
223 case GEN_EMAIL:
224 BIO_printf(out, "email:");
225 ASN1_STRING_print(out, gen->d.ia5);
226 break;
227
228 case GEN_DNS:
229 BIO_printf(out, "DNS:");
230 ASN1_STRING_print(out, gen->d.ia5);
231 break;
232
233 case GEN_URI:
234 BIO_printf(out, "URI:");
235 ASN1_STRING_print(out, gen->d.ia5);
236 break;
237
238 case GEN_DIRNAME:
239 BIO_printf(out, "DirName: ");
240 X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE);
241 break;
242
243 case GEN_IPADD: {
244 const unsigned char *p = gen->d.ip->data;
245 if (gen->d.ip->length == 4) {
246 BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]);
247 } else if (gen->d.ip->length == 16) {
248 BIO_printf(out, "IP Address");
249 for (int i = 0; i < 8; i++) {
250 uint16_t v = ((uint16_t)p[0] << 8) | p[1];
251 BIO_printf(out, ":%X", v);
252 p += 2;
253 }
254 BIO_puts(out, "\n");
255 } else {
256 BIO_printf(out, "IP Address:<invalid>");
257 break;
258 }
259 break;
260 }
261
262 case GEN_RID:
263 BIO_printf(out, "Registered ID");
264 i2a_ASN1_OBJECT(out, gen->d.rid);
265 break;
266 }
267 return 1;
268 }
269
v2i_issuer_alt(const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,const STACK_OF (CONF_VALUE)* nval)270 static void *v2i_issuer_alt(const X509V3_EXT_METHOD *method,
271 const X509V3_CTX *ctx,
272 const STACK_OF(CONF_VALUE) *nval) {
273 GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null();
274 if (gens == NULL) {
275 return NULL;
276 }
277 for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
278 const CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
279 if (x509v3_conf_name_matches(cnf->name, "issuer") && cnf->value &&
280 !strcmp(cnf->value, "copy")) {
281 if (!copy_issuer(ctx, gens)) {
282 goto err;
283 }
284 } else {
285 GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
286 if (gen == NULL || !sk_GENERAL_NAME_push(gens, gen)) {
287 GENERAL_NAME_free(gen);
288 goto err;
289 }
290 }
291 }
292 return gens;
293 err:
294 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
295 return NULL;
296 }
297
298 // Append subject altname of issuer to issuer alt name of subject
299
copy_issuer(const X509V3_CTX * ctx,GENERAL_NAMES * gens)300 static int copy_issuer(const X509V3_CTX *ctx, GENERAL_NAMES *gens) {
301 if (ctx && (ctx->flags == X509V3_CTX_TEST)) {
302 return 1;
303 }
304 if (!ctx || !ctx->issuer_cert) {
305 OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_ISSUER_DETAILS);
306 return 0;
307 }
308 int i = X509_get_ext_by_NID(ctx->issuer_cert, NID_subject_alt_name, -1);
309 if (i < 0) {
310 return 1;
311 }
312
313 int ret = 0;
314 GENERAL_NAMES *ialt = NULL;
315 X509_EXTENSION *ext;
316 if (!(ext = X509_get_ext(ctx->issuer_cert, i)) ||
317 !(ialt = X509V3_EXT_d2i(ext))) {
318 OPENSSL_PUT_ERROR(X509V3, X509V3_R_ISSUER_DECODE_ERROR);
319 goto err;
320 }
321
322 for (size_t j = 0; j < sk_GENERAL_NAME_num(ialt); j++) {
323 GENERAL_NAME *gen = sk_GENERAL_NAME_value(ialt, j);
324 if (!sk_GENERAL_NAME_push(gens, gen)) {
325 goto err;
326 }
327 // Ownership of |gen| has moved from |ialt| to |gens|.
328 sk_GENERAL_NAME_set(ialt, j, NULL);
329 }
330
331 ret = 1;
332
333 err:
334 GENERAL_NAMES_free(ialt);
335 return ret;
336 }
337
v2i_subject_alt(const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,const STACK_OF (CONF_VALUE)* nval)338 static void *v2i_subject_alt(const X509V3_EXT_METHOD *method,
339 const X509V3_CTX *ctx,
340 const STACK_OF(CONF_VALUE) *nval) {
341 GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null();
342 if (gens == NULL) {
343 return NULL;
344 }
345 for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
346 const CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
347 if (x509v3_conf_name_matches(cnf->name, "email") && cnf->value &&
348 !strcmp(cnf->value, "copy")) {
349 if (!copy_email(ctx, gens, 0)) {
350 goto err;
351 }
352 } else if (x509v3_conf_name_matches(cnf->name, "email") && cnf->value &&
353 !strcmp(cnf->value, "move")) {
354 if (!copy_email(ctx, gens, 1)) {
355 goto err;
356 }
357 } else {
358 GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
359 if (gen == NULL || !sk_GENERAL_NAME_push(gens, gen)) {
360 GENERAL_NAME_free(gen);
361 goto err;
362 }
363 }
364 }
365 return gens;
366 err:
367 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
368 return NULL;
369 }
370
371 // Copy any email addresses in a certificate or request to GENERAL_NAMES
372
copy_email(const X509V3_CTX * ctx,GENERAL_NAMES * gens,int move_p)373 static int copy_email(const X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) {
374 X509_NAME *nm;
375 ASN1_IA5STRING *email = NULL;
376 X509_NAME_ENTRY *ne;
377 GENERAL_NAME *gen = NULL;
378 int i;
379 if (ctx != NULL && ctx->flags == X509V3_CTX_TEST) {
380 return 1;
381 }
382 if (!ctx || (!ctx->subject_cert && !ctx->subject_req)) {
383 OPENSSL_PUT_ERROR(X509V3, X509V3_R_NO_SUBJECT_DETAILS);
384 goto err;
385 }
386 // Find the subject name
387 if (ctx->subject_cert) {
388 nm = X509_get_subject_name(ctx->subject_cert);
389 } else {
390 nm = X509_REQ_get_subject_name(ctx->subject_req);
391 }
392
393 // Now add any email address(es) to STACK
394 i = -1;
395 while ((i = X509_NAME_get_index_by_NID(nm, NID_pkcs9_emailAddress, i)) >= 0) {
396 ne = X509_NAME_get_entry(nm, i);
397 email = ASN1_STRING_dup(X509_NAME_ENTRY_get_data(ne));
398 if (move_p) {
399 X509_NAME_delete_entry(nm, i);
400 X509_NAME_ENTRY_free(ne);
401 i--;
402 }
403 if (!email || !(gen = GENERAL_NAME_new())) {
404 goto err;
405 }
406 gen->d.ia5 = email;
407 email = NULL;
408 gen->type = GEN_EMAIL;
409 if (!sk_GENERAL_NAME_push(gens, gen)) {
410 goto err;
411 }
412 gen = NULL;
413 }
414
415 return 1;
416
417 err:
418 GENERAL_NAME_free(gen);
419 ASN1_IA5STRING_free(email);
420 return 0;
421 }
422
v2i_GENERAL_NAMES(const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,const STACK_OF (CONF_VALUE)* nval)423 GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method,
424 const X509V3_CTX *ctx,
425 const STACK_OF(CONF_VALUE) *nval) {
426 GENERAL_NAMES *gens = sk_GENERAL_NAME_new_null();
427 if (gens == NULL) {
428 return NULL;
429 }
430 for (size_t i = 0; i < sk_CONF_VALUE_num(nval); i++) {
431 const CONF_VALUE *cnf = sk_CONF_VALUE_value(nval, i);
432 GENERAL_NAME *gen = v2i_GENERAL_NAME(method, ctx, cnf);
433 if (gen == NULL || !sk_GENERAL_NAME_push(gens, gen)) {
434 GENERAL_NAME_free(gen);
435 goto err;
436 }
437 }
438 return gens;
439 err:
440 sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free);
441 return NULL;
442 }
443
v2i_GENERAL_NAME(const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,const CONF_VALUE * cnf)444 GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method,
445 const X509V3_CTX *ctx, const CONF_VALUE *cnf) {
446 return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0);
447 }
448
a2i_GENERAL_NAME(GENERAL_NAME * out,const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,int gen_type,const char * value,int is_nc)449 static GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out,
450 const X509V3_EXT_METHOD *method,
451 const X509V3_CTX *ctx, int gen_type,
452 const char *value, int is_nc) {
453 if (!value) {
454 OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE);
455 return NULL;
456 }
457
458 GENERAL_NAME *gen = NULL;
459 if (out) {
460 gen = out;
461 } else {
462 gen = GENERAL_NAME_new();
463 if (gen == NULL) {
464 return NULL;
465 }
466 }
467
468 switch (gen_type) {
469 case GEN_URI:
470 case GEN_EMAIL:
471 case GEN_DNS: {
472 ASN1_IA5STRING *str = ASN1_IA5STRING_new();
473 if (str == NULL || !ASN1_STRING_set(str, value, strlen(value))) {
474 ASN1_STRING_free(str);
475 goto err;
476 }
477 gen->type = gen_type;
478 gen->d.ia5 = str;
479 break;
480 }
481
482 case GEN_RID: {
483 ASN1_OBJECT *obj;
484 if (!(obj = OBJ_txt2obj(value, 0))) {
485 OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_OBJECT);
486 ERR_add_error_data(2, "value=", value);
487 goto err;
488 }
489 gen->type = GEN_RID;
490 gen->d.rid = obj;
491 break;
492 }
493
494 case GEN_IPADD:
495 gen->type = GEN_IPADD;
496 if (is_nc) {
497 gen->d.ip = a2i_IPADDRESS_NC(value);
498 } else {
499 gen->d.ip = a2i_IPADDRESS(value);
500 }
501 if (gen->d.ip == NULL) {
502 OPENSSL_PUT_ERROR(X509V3, X509V3_R_BAD_IP_ADDRESS);
503 ERR_add_error_data(2, "value=", value);
504 goto err;
505 }
506 break;
507
508 case GEN_DIRNAME:
509 if (!do_dirname(gen, value, ctx)) {
510 OPENSSL_PUT_ERROR(X509V3, X509V3_R_DIRNAME_ERROR);
511 goto err;
512 }
513 break;
514
515 case GEN_OTHERNAME:
516 if (!do_othername(gen, value, ctx)) {
517 OPENSSL_PUT_ERROR(X509V3, X509V3_R_OTHERNAME_ERROR);
518 goto err;
519 }
520 break;
521 default:
522 OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_TYPE);
523 goto err;
524 }
525
526 return gen;
527
528 err:
529 if (!out) {
530 GENERAL_NAME_free(gen);
531 }
532 return NULL;
533 }
534
v2i_GENERAL_NAME_ex(GENERAL_NAME * out,const X509V3_EXT_METHOD * method,const X509V3_CTX * ctx,const CONF_VALUE * cnf,int is_nc)535 GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out,
536 const X509V3_EXT_METHOD *method,
537 const X509V3_CTX *ctx, const CONF_VALUE *cnf,
538 int is_nc) {
539 const char *name = cnf->name;
540 const char *value = cnf->value;
541 if (!value) {
542 OPENSSL_PUT_ERROR(X509V3, X509V3_R_MISSING_VALUE);
543 return NULL;
544 }
545
546 int type;
547 if (x509v3_conf_name_matches(name, "email")) {
548 type = GEN_EMAIL;
549 } else if (x509v3_conf_name_matches(name, "URI")) {
550 type = GEN_URI;
551 } else if (x509v3_conf_name_matches(name, "DNS")) {
552 type = GEN_DNS;
553 } else if (x509v3_conf_name_matches(name, "RID")) {
554 type = GEN_RID;
555 } else if (x509v3_conf_name_matches(name, "IP")) {
556 type = GEN_IPADD;
557 } else if (x509v3_conf_name_matches(name, "dirName")) {
558 type = GEN_DIRNAME;
559 } else if (x509v3_conf_name_matches(name, "otherName")) {
560 type = GEN_OTHERNAME;
561 } else {
562 OPENSSL_PUT_ERROR(X509V3, X509V3_R_UNSUPPORTED_OPTION);
563 ERR_add_error_data(2, "name=", name);
564 return NULL;
565 }
566
567 return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
568 }
569
do_othername(GENERAL_NAME * gen,const char * value,const X509V3_CTX * ctx)570 static int do_othername(GENERAL_NAME *gen, const char *value,
571 const X509V3_CTX *ctx) {
572 const char *semicolon = strchr(value, ';');
573 if (semicolon == NULL) {
574 return 0;
575 }
576
577 OTHERNAME *name = OTHERNAME_new();
578 if (name == NULL) {
579 return 0;
580 }
581
582 char *objtmp = OPENSSL_strndup(value, semicolon - value);
583 if (objtmp == NULL) {
584 goto err;
585 }
586 ASN1_OBJECT_free(name->type_id);
587 name->type_id = OBJ_txt2obj(objtmp, /*dont_search_names=*/0);
588 OPENSSL_free(objtmp);
589 if (name->type_id == NULL) {
590 goto err;
591 }
592
593 ASN1_TYPE_free(name->value);
594 name->value = ASN1_generate_v3(semicolon + 1, ctx);
595 if (name->value == NULL) {
596 goto err;
597 }
598
599 gen->type = GEN_OTHERNAME;
600 gen->d.otherName = name;
601 return 1;
602
603 err:
604 OTHERNAME_free(name);
605 return 0;
606 }
607
do_dirname(GENERAL_NAME * gen,const char * value,const X509V3_CTX * ctx)608 static int do_dirname(GENERAL_NAME *gen, const char *value,
609 const X509V3_CTX *ctx) {
610 int ret = 0;
611 X509_NAME *nm = X509_NAME_new();
612 if (nm == NULL) {
613 goto err;
614 }
615 const STACK_OF(CONF_VALUE) *sk = X509V3_get_section(ctx, value);
616 if (sk == NULL) {
617 OPENSSL_PUT_ERROR(X509V3, X509V3_R_SECTION_NOT_FOUND);
618 ERR_add_error_data(2, "section=", value);
619 goto err;
620 }
621 // FIXME: should allow other character types...
622 if (!X509V3_NAME_from_section(nm, sk, MBSTRING_ASC)) {
623 goto err;
624 }
625 gen->type = GEN_DIRNAME;
626 gen->d.dirn = nm;
627 ret = 1;
628
629 err:
630 if (!ret) {
631 X509_NAME_free(nm);
632 }
633 return ret;
634 }
635