openbsd/src
1
0
Fork 0
mirror of https://github.com/openbsd/src.git synced 2026-04-25 14:45:52 +00:00
Code Issues Projects Releases Wiki Activity

openssl ca: mechanical change to stop reaching into ASN1_STRING

Browse Source 
ok kenjiro
This commit is contained in:
tb
2025-11-27 08:24:30 +00:00
parent 3fc06daa4a
commit b764a8d5e0
1 changed files with 26 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
usr.bin/openssl/ca.c
View File

@@ -1,4 +1,4 @@
/* $OpenBSD: ca.c,v 1.62 2025/04/14 08:39:27 tb Exp $ */
/* $OpenBSD: ca.c,v 1.63 2025/11/27 08:24:30 tb Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -69,6 +69,7 @@
#include "apps.h"
#include <openssl/asn1.h>
#include <openssl/bio.h>
#include <openssl/bn.h>
#include <openssl/conf.h>
@@ -1717,18 +1718,19 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
/* check some things */
if ((OBJ_obj2nid(obj) == NID_pkcs9_emailAddress) &&
(str->type != V_ASN1_IA5STRING)) {
(ASN1_STRING_type(str) != V_ASN1_IA5STRING)) {
BIO_printf(bio_err,
"\nemailAddress type needs to be of type IA5STRING\n");
goto err;
}
if ((str->type != V_ASN1_BMPSTRING) &&
(str->type != V_ASN1_UTF8STRING)) {
j = ASN1_PRINTABLE_type(str->data, str->length);
if ((ASN1_STRING_type(str) != V_ASN1_BMPSTRING) &&
(ASN1_STRING_type(str) != V_ASN1_UTF8STRING)) {
j = ASN1_PRINTABLE_type(ASN1_STRING_get0_data(str),
ASN1_STRING_length(str));
if (((j == V_ASN1_T61STRING) &&
(str->type != V_ASN1_T61STRING)) ||
(ASN1_STRING_type(str) != V_ASN1_T61STRING)) ||
((j == V_ASN1_IA5STRING) &&
(str->type == V_ASN1_PRINTABLESTRING))) {
(ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING))) {
BIO_printf(bio_err,
"\nThe string contains characters that are illegal for the ASN.1 type\n");
goto err;
@@ -1830,9 +1832,9 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
BIO_printf(bio_err,
"The %s field needed to be the same in the\nCA certificate (%s) and the request (%s)\n",
cv->name, ((str2 == NULL) ?
"NULL" : (char *) str2->data),
"NULL" : (const char *) ASN1_STRING_get0_data(str2)),
((str == NULL) ?
"NULL" : (char *) str->data));
"NULL" : (const char *) ASN1_STRING_get0_data(str)));
goto err;
}
} else {
@@ -2153,7 +2155,8 @@ do_body(X509 **xret, EVP_PKEY *pkey, X509 *x509, const EVP_MD *dgst,
if ((tm = X509_get_notAfter(ret)) == NULL)
goto err;
row[DB_exp_date] = strndup(tm->data, tm->length);
row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm),
ASN1_STRING_length(tm));
if (row[DB_type] == NULL || row[DB_exp_date] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
@@ -2280,7 +2283,8 @@ do_revoke(X509 *x509, CA_DB *db, int type, char *value)
if ((tm = X509_get_notAfter(x509)) == NULL)
goto err;
row[DB_exp_date] = strndup(tm->data, tm->length);
row[DB_exp_date] = strndup(ASN1_STRING_get0_data(tm),
ASN1_STRING_length(tm));
if (row[DB_type] == NULL || row[DB_exp_date] == NULL) {
BIO_printf(bio_err, "Memory allocation failure\n");
goto err;
@@ -2443,7 +2447,7 @@ do_updatedb(CA_DB *db)
cnt = -1;
goto err;
}
a_tm_s = strndup(a_tm->data, a_tm->length);
a_tm_s = strndup(ASN1_STRING_get0_data(a_tm), ASN1_STRING_length(a_tm));
if (a_tm_s == NULL) {
cnt = -1;
goto err;
@@ -2579,7 +2583,7 @@ make_revocation_str(int rev_type, char *rev_arg)
if (revtm == NULL)
return NULL;
if (asprintf(&str, "%s%s%s%s%s", revtm->data,
if (asprintf(&str, "%s%s%s%s%s", ASN1_STRING_get0_data(revtm),
reason ? "," : "", reason ? reason : "",
other ? "," : "", other ? other : "") == -1)
str = NULL;
@@ -2652,7 +2656,8 @@ make_revoked(X509_REVOKED *rev, const char *str)
int
old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
{
char buf[25], *pbuf, *p;
const char *p;
char buf[25], *pbuf;
int j;
j = i2a_ASN1_OBJECT(bp, obj);
@@ -2663,19 +2668,19 @@ old_entry_print(BIO *bp, ASN1_OBJECT *obj, ASN1_STRING *str)
*(pbuf++) = '\0';
BIO_puts(bp, buf);
if (str->type == V_ASN1_PRINTABLESTRING)
if (ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING)
BIO_printf(bp, "PRINTABLE:'");
else if (str->type == V_ASN1_T61STRING)
else if (ASN1_STRING_type(str) == V_ASN1_T61STRING)
BIO_printf(bp, "T61STRING:'");
else if (str->type == V_ASN1_IA5STRING)
else if (ASN1_STRING_type(str) == V_ASN1_IA5STRING)
BIO_printf(bp, "IA5STRING:'");
else if (str->type == V_ASN1_UNIVERSALSTRING)
else if (ASN1_STRING_type(str) == V_ASN1_UNIVERSALSTRING)
BIO_printf(bp, "UNIVERSALSTRING:'");
else
BIO_printf(bp, "ASN.1 %2d:'", str->type);
BIO_printf(bp, "ASN.1 %2d:'", ASN1_STRING_type(str));
p = (char *) str->data;
for (j = str->length; j > 0; j--) {
p = (const char *) ASN1_STRING_get0_data(str);
for (j = ASN1_STRING_length(str); j > 0; j--) {
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bp, "%c", *p);
else if (*p & 0x80)