Merge pull request #6900 from AndrzejKurek/san-dirname

Add support for directoryName subjectAltName
2025-08-01 10:06:53 +03:00 · 2023-03-30 18:37:26 +01:00
parent 54118a1720 303704ef4a
commit 03d557db35
12 changed files with 147 additions and 13 deletions
--- a/library/x509.c
+++ b/library/x509.c
@ -1283,6 +1283,7 @@ int mbedtls_x509_get_subject_alt_name(unsigned char **p,
            return ret;
        }

+        mbedtls_x509_free_subject_alt_name(&dummy_san_buf);
        /* Allocate and assign next pointer */
        if (cur->buf.p != NULL) {
            if (cur->next != NULL) {
@ -1433,6 +1434,29 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
        }
        break;

+        /*
+         * directoryName
+         */
+        case (MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DIRECTORY_NAME):
+        {
+            size_t name_len;
+            unsigned char *p = san_buf->p;
+            memset(san, 0, sizeof(mbedtls_x509_subject_alternative_name));
+            san->type = MBEDTLS_X509_SAN_DIRECTORY_NAME;
+
+            ret = mbedtls_asn1_get_tag(&p, p + san_buf->len, &name_len,
+                                       MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE);
+
+            if (ret != 0) {
+                return ret;
+            }
+
+            if ((ret = mbedtls_x509_get_name(&p, p + name_len,
+                                             &san->san.directory_name)) != 0) {
+                return ret;
+            }
+        }
+        break;
        /*
         * Type not supported
         */
@ -1442,6 +1466,13 @@ int mbedtls_x509_parse_subject_alt_name(const mbedtls_x509_buf *san_buf,
    return 0;
 }

+void mbedtls_x509_free_subject_alt_name(mbedtls_x509_subject_alternative_name *san)
+{
+    if (san->type == MBEDTLS_X509_SAN_DIRECTORY_NAME) {
+        mbedtls_asn1_free_named_data_list_shallow(san->san.directory_name.next);
+    }
+}
+
 #if !defined(MBEDTLS_X509_REMOVE_INFO)
 int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
                                       const mbedtls_x509_sequence
@ -1553,6 +1584,28 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
            }
            break;

+            /*
+             * directoryName
+             */
+            case MBEDTLS_X509_SAN_DIRECTORY_NAME:
+            {
+                ret = mbedtls_snprintf(p, n, "\n%s    directoryName : ", prefix);
+                if (ret < 0 || (size_t) ret >= n) {
+                    mbedtls_x509_free_subject_alt_name(&san);
+                }
+
+                MBEDTLS_X509_SAFE_SNPRINTF;
+                ret = mbedtls_x509_dn_gets(p, n, &san.san.directory_name);
+
+                if (ret < 0) {
+                    mbedtls_x509_free_subject_alt_name(&san);
+                    return ret;
+                }
+
+                p += ret;
+                n -= ret;
+            }
+            break;
            /*
             * Type not supported, skip item.
             */
@ -1562,6 +1615,9 @@ int mbedtls_x509_info_subject_alt_name(char **buf, size_t *size,
                break;
        }

+        /* So far memory is freed only in the case of directoryName
+         * parsing succeeding, as mbedtls_x509_get_name allocates memory. */
+        mbedtls_x509_free_subject_alt_name(&san);
        cur = cur->next;
    }