diff options
| author | Gary Ching-Pang Lin <glin@suse.com> | 2015-07-13 11:58:44 +0800 |
|---|---|---|
| committer | Peter Jones <pjones@redhat.com> | 2015-07-28 11:46:38 -0400 |
| commit | 4ac84f8673eb7f3e5b98226aabe21f3e3111c7db (patch) | |
| tree | 2fb3d9dd667c772fae5f87fa61e1501cf12da0ce /Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | |
| parent | db142ce288a63db2e8f7858ba7564158cc7a64e5 (diff) | |
| download | efi-boot-shim-4ac84f8673eb7f3e5b98226aabe21f3e3111c7db.tar.gz efi-boot-shim-4ac84f8673eb7f3e5b98226aabe21f3e3111c7db.zip | |
Update openssl to 1.0.2d
Also update Cryptlib to edk2 r17731
Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c')
| -rw-r--r-- | Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c | 148 |
1 files changed, 96 insertions, 52 deletions
diff --git a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c index ea0e6bea..22ec2028 100644 --- a/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c +++ b/Cryptlib/OpenSSL/crypto/x509v3/v3_alt.c @@ -87,6 +87,12 @@ const X509V3_EXT_METHOD v3_alt[] = { (X509V3_EXT_I2V) i2v_GENERAL_NAMES, (X509V3_EXT_V2I)v2i_issuer_alt, NULL, NULL, NULL}, + + {NID_certificate_issuer, 0, ASN1_ITEM_ref(GENERAL_NAMES), + 0, 0, 0, 0, + 0, 0, + (X509V3_EXT_I2V) i2v_GENERAL_NAMES, + NULL, NULL, NULL, NULL}, }; STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, @@ -390,7 +396,7 @@ static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) } -GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, +GENERAL_NAMES *v2i_GENERAL_NAMES(const X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) { GENERAL_NAME *gen; @@ -413,27 +419,22 @@ GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, return NULL; } -GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf) +GENERAL_NAME *v2i_GENERAL_NAME(const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf) { return v2i_GENERAL_NAME_ex(NULL, method, ctx, cnf, 0); } -GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, - X509V3_EXT_METHOD *method, X509V3_CTX *ctx, - CONF_VALUE *cnf, int is_nc) +GENERAL_NAME *a2i_GENERAL_NAME(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, int gen_type, char *value, + int is_nc) { char is_string = 0; - int type; GENERAL_NAME *gen = NULL; - char *name, *value; - - name = cnf->name; - value = cnf->value; - if (!value) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE); + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_MISSING_VALUE); return NULL; } @@ -442,55 +443,57 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, else { gen = GENERAL_NAME_new(); if (gen == NULL) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); return NULL; } } - if (!name_cmp(name, "email")) { - is_string = 1; - type = GEN_EMAIL; - } else if (!name_cmp(name, "URI")) { - is_string = 1; - type = GEN_URI; - } else if (!name_cmp(name, "DNS")) { + switch (gen_type) { + case GEN_URI: + case GEN_EMAIL: + case GEN_DNS: is_string = 1; - type = GEN_DNS; - } else if (!name_cmp(name, "RID")) { - ASN1_OBJECT *obj; - if (!(obj = OBJ_txt2obj(value, 0))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_OBJECT); - ERR_add_error_data(2, "value=", value); - goto err; + break; + + case GEN_RID: + { + ASN1_OBJECT *obj; + if (!(obj = OBJ_txt2obj(value, 0))) { + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_OBJECT); + ERR_add_error_data(2, "value=", value); + goto err; + } + gen->d.rid = obj; } - gen->d.rid = obj; - type = GEN_RID; - } else if (!name_cmp(name, "IP")) { + break; + + case GEN_IPADD: if (is_nc) gen->d.ip = a2i_IPADDRESS_NC(value); else gen->d.ip = a2i_IPADDRESS(value); if (gen->d.ip == NULL) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_BAD_IP_ADDRESS); + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_BAD_IP_ADDRESS); ERR_add_error_data(2, "value=", value); goto err; } - type = GEN_IPADD; - } else if (!name_cmp(name, "dirName")) { - type = GEN_DIRNAME; + break; + + case GEN_DIRNAME: if (!do_dirname(gen, value, ctx)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_DIRNAME_ERROR); + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_DIRNAME_ERROR); goto err; } - } else if (!name_cmp(name, "otherName")) { + break; + + case GEN_OTHERNAME: if (!do_othername(gen, value, ctx)) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_OTHERNAME_ERROR); + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_OTHERNAME_ERROR); goto err; } - type = GEN_OTHERNAME; - } else { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION); - ERR_add_error_data(2, "name=", name); + break; + default: + X509V3err(X509V3_F_A2I_GENERAL_NAME, X509V3_R_UNSUPPORTED_TYPE); goto err; } @@ -498,12 +501,12 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, if (!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || !ASN1_STRING_set(gen->d.ia5, (unsigned char *)value, strlen(value))) { - X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, ERR_R_MALLOC_FAILURE); + X509V3err(X509V3_F_A2I_GENERAL_NAME, ERR_R_MALLOC_FAILURE); goto err; } } - gen->type = type; + gen->type = gen_type; return gen; @@ -513,6 +516,46 @@ GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, return NULL; } +GENERAL_NAME *v2i_GENERAL_NAME_ex(GENERAL_NAME *out, + const X509V3_EXT_METHOD *method, + X509V3_CTX *ctx, CONF_VALUE *cnf, int is_nc) +{ + int type; + + char *name, *value; + + name = cnf->name; + value = cnf->value; + + if (!value) { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_MISSING_VALUE); + return NULL; + } + + if (!name_cmp(name, "email")) + type = GEN_EMAIL; + else if (!name_cmp(name, "URI")) + type = GEN_URI; + else if (!name_cmp(name, "DNS")) + type = GEN_DNS; + else if (!name_cmp(name, "RID")) + type = GEN_RID; + else if (!name_cmp(name, "IP")) + type = GEN_IPADD; + else if (!name_cmp(name, "dirName")) + type = GEN_DIRNAME; + else if (!name_cmp(name, "otherName")) + type = GEN_OTHERNAME; + else { + X509V3err(X509V3_F_V2I_GENERAL_NAME_EX, X509V3_R_UNSUPPORTED_OPTION); + ERR_add_error_data(2, "name=", name); + return NULL; + } + + return a2i_GENERAL_NAME(out, method, ctx, type, value, is_nc); + +} + static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { char *objtmp = NULL, *p; @@ -541,25 +584,26 @@ static int do_othername(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) static int do_dirname(GENERAL_NAME *gen, char *value, X509V3_CTX *ctx) { - int ret; - STACK_OF(CONF_VALUE) *sk; - X509_NAME *nm; + int ret = 0; + STACK_OF(CONF_VALUE) *sk = NULL; + X509_NAME *nm = NULL; if (!(nm = X509_NAME_new())) - return 0; + goto err; sk = X509V3_get_section(ctx, value); if (!sk) { X509V3err(X509V3_F_DO_DIRNAME, X509V3_R_SECTION_NOT_FOUND); ERR_add_error_data(2, "section=", value); - X509_NAME_free(nm); - return 0; + goto err; } /* FIXME: should allow other character types... */ ret = X509V3_NAME_from_section(nm, sk, MBSTRING_ASC); if (!ret) - X509_NAME_free(nm); + goto err; gen->d.dirn = nm; +err: + if (ret == 0) + X509_NAME_free(nm); X509V3_section_free(ctx, sk); - return ret; } |