-/* $OpenBSD: x509_alt.c,v 1.4 2021/10/27 10:22:08 beck Exp $ */
+/* $OpenBSD: x509_alt.c,v 1.5 2021/10/28 10:58:23 tb Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project.
*/
#include <openssl/err.h>
#include <openssl/x509v3.h>
+#include "x509_internal.h"
+
static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval);
static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method,
v2i_GENERAL_NAME_ex(GENERAL_NAME *out, const X509V3_EXT_METHOD *method,
X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc)
{
- int type;
+ uint8_t *bytes = NULL;
char *name, *value;
+ GENERAL_NAME *ret;
+ size_t len = 0;
+ int type;
name = cnf->name;
value = cnf->value;
return NULL;
}
- return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+ ret = a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc);
+
+ /* Validate what we have for sanity */
+ type = x509_constraints_general_to_bytes(ret, &bytes, &len);
+ switch(type) {
+ case GEN_DNS:
+ if (!x509_constraints_valid_sandns(bytes, len)) {
+ X509V3error(X509V3_R_BAD_OBJECT);
+ ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+ goto err;
+ }
+ break;
+ case GEN_URI:
+ if (!x509_constraints_uri_host(bytes, len, NULL)) {
+ X509V3error(X509V3_R_BAD_OBJECT);
+ ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+ goto err;
+ }
+ break;
+ case GEN_EMAIL:
+ if (!x509_constraints_parse_mailbox(bytes, len, NULL)) {
+ X509V3error(X509V3_R_BAD_OBJECT);
+ ERR_asprintf_error_data("name=%s value='%s'", name, bytes);
+ goto err;
+ }
+ break;
+ case GEN_IPADD:
+ if (len != 4 && len != 16) {
+ X509V3error(X509V3_R_BAD_IP_ADDRESS);
+ ERR_asprintf_error_data("name=%s len=%zu", name, len);
+ goto err;
+ }
+ break;
+ default:
+ break;
+ }
+ return ret;
+ err:
+ GENERAL_NAME_free(ret);
+ return NULL;
}
static int
projects / openbsd / commitdiff