1 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay (at) cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh (at) cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay (at) cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57 #include <openssl/x509.h> 58 59 #include <string.h> 60 61 #include <openssl/asn1.h> 62 #include <openssl/err.h> 63 #include <openssl/mem.h> 64 #include <openssl/obj.h> 65 #include <openssl/x509v3.h> 66 67 #include "../internal.h" 68 #include "../x509v3/internal.h" 69 70 /* 71 * Although this file is in crypto/x509 for layering purposes, it emits 72 * errors from the ASN.1 module for OpenSSL compatibility. 73 */ 74 75 #define ASN1_GEN_FLAG 0x10000 76 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) 77 #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) 78 #define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) 79 #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) 80 #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) 81 #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) 82 #define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) 83 #define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) 84 85 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} 86 87 #define ASN1_FLAG_EXP_MAX 20 88 /* Maximum number of nested sequences */ 89 #define ASN1_GEN_SEQ_MAX_DEPTH 50 90 91 /* Input formats */ 92 93 /* ASCII: default */ 94 #define ASN1_GEN_FORMAT_ASCII 1 95 /* UTF8 */ 96 #define ASN1_GEN_FORMAT_UTF8 2 97 /* Hex */ 98 #define ASN1_GEN_FORMAT_HEX 3 99 /* List of bits */ 100 #define ASN1_GEN_FORMAT_BITLIST 4 101 102 struct tag_name_st { 103 const char *strnam; 104 int len; 105 int tag; 106 }; 107 108 typedef struct { 109 int exp_tag; 110 int exp_class; 111 int exp_constructed; 112 int exp_pad; 113 long exp_len; 114 } tag_exp_type; 115 116 typedef struct { 117 int imp_tag; 118 int imp_class; 119 int utype; 120 int format; 121 const char *str; 122 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; 123 int exp_count; 124 } tag_exp_arg; 125 126 static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, 127 int *perr); 128 static int bitstr_cb(const char *elem, int len, void *bitstr); 129 static int asn1_cb(const char *elem, int len, void *bitstr); 130 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 131 int exp_constructed, int exp_pad, int imp_ok); 132 static int parse_tagging(const char *vstart, int vlen, int *ptag, 133 int *pclass); 134 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 135 int depth, int *perr); 136 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); 137 static int asn1_str2tag(const char *tagstr, int len); 138 139 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) 140 { 141 X509V3_CTX cnf; 142 143 if (!nconf) 144 return ASN1_generate_v3(str, NULL); 145 146 X509V3_set_nconf(&cnf, nconf); 147 return ASN1_generate_v3(str, &cnf); 148 } 149 150 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) 151 { 152 int err = 0; 153 ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); 154 if (err) 155 OPENSSL_PUT_ERROR(ASN1, err); 156 return ret; 157 } 158 159 static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, 160 int *perr) 161 { 162 ASN1_TYPE *ret; 163 tag_exp_arg asn1_tags; 164 tag_exp_type *etmp; 165 166 int i, len; 167 168 unsigned char *orig_der = NULL, *new_der = NULL; 169 const unsigned char *cpy_start; 170 unsigned char *p; 171 const unsigned char *cp; 172 int cpy_len; 173 long hdr_len = 0; 174 int hdr_constructed = 0, hdr_tag, hdr_class; 175 int r; 176 177 asn1_tags.imp_tag = -1; 178 asn1_tags.imp_class = -1; 179 asn1_tags.format = ASN1_GEN_FORMAT_ASCII; 180 asn1_tags.exp_count = 0; 181 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { 182 *perr = ASN1_R_UNKNOWN_TAG; 183 return NULL; 184 } 185 186 if ((asn1_tags.utype == V_ASN1_SEQUENCE) 187 || (asn1_tags.utype == V_ASN1_SET)) { 188 if (!cnf) { 189 *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; 190 return NULL; 191 } 192 if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { 193 *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; 194 return NULL; 195 } 196 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); 197 } else 198 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); 199 200 if (!ret) 201 return NULL; 202 203 /* If no tagging return base type */ 204 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) 205 return ret; 206 207 /* Generate the encoding */ 208 cpy_len = i2d_ASN1_TYPE(ret, &orig_der); 209 ASN1_TYPE_free(ret); 210 ret = NULL; 211 /* Set point to start copying for modified encoding */ 212 cpy_start = orig_der; 213 214 /* Do we need IMPLICIT tagging? */ 215 if (asn1_tags.imp_tag != -1) { 216 /* If IMPLICIT we will replace the underlying tag */ 217 /* Skip existing tag+len */ 218 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, 219 cpy_len); 220 if (r & 0x80) 221 goto err; 222 /* Update copy length */ 223 cpy_len -= cpy_start - orig_der; 224 /* 225 * For IMPLICIT tagging the length should match the original length 226 * and constructed flag should be consistent. 227 */ 228 if (r & 0x1) { 229 /* Indefinite length constructed */ 230 hdr_constructed = 2; 231 hdr_len = 0; 232 } else 233 /* Just retain constructed flag */ 234 hdr_constructed = r & V_ASN1_CONSTRUCTED; 235 /* 236 * Work out new length with IMPLICIT tag: ignore constructed because 237 * it will mess up if indefinite length 238 */ 239 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); 240 } else 241 len = cpy_len; 242 243 /* Work out length in any EXPLICIT, starting from end */ 244 245 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; 246 i < asn1_tags.exp_count; i++, etmp--) { 247 /* Content length: number of content octets + any padding */ 248 len += etmp->exp_pad; 249 etmp->exp_len = len; 250 /* Total object length: length including new header */ 251 len = ASN1_object_size(0, len, etmp->exp_tag); 252 } 253 254 /* Allocate buffer for new encoding */ 255 256 new_der = OPENSSL_malloc(len); 257 if (!new_der) 258 goto err; 259 260 /* Generate tagged encoding */ 261 262 p = new_der; 263 264 /* Output explicit tags first */ 265 266 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; 267 i++, etmp++) { 268 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, 269 etmp->exp_tag, etmp->exp_class); 270 if (etmp->exp_pad) 271 *p++ = 0; 272 } 273 274 /* If IMPLICIT, output tag */ 275 276 if (asn1_tags.imp_tag != -1) { 277 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 278 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE 279 || asn1_tags.imp_tag == V_ASN1_SET)) 280 hdr_constructed = V_ASN1_CONSTRUCTED; 281 ASN1_put_object(&p, hdr_constructed, hdr_len, 282 asn1_tags.imp_tag, asn1_tags.imp_class); 283 } 284 285 /* Copy across original encoding */ 286 OPENSSL_memcpy(p, cpy_start, cpy_len); 287 288 cp = new_der; 289 290 /* Obtain new ASN1_TYPE structure */ 291 ret = d2i_ASN1_TYPE(NULL, &cp, len); 292 293 err: 294 if (orig_der) 295 OPENSSL_free(orig_der); 296 if (new_der) 297 OPENSSL_free(new_der); 298 299 return ret; 300 301 } 302 303 static int asn1_cb(const char *elem, int len, void *bitstr) 304 { 305 tag_exp_arg *arg = bitstr; 306 int i; 307 int utype; 308 int vlen = 0; 309 const char *p, *vstart = NULL; 310 311 int tmp_tag, tmp_class; 312 313 if (elem == NULL) 314 return -1; 315 316 for (i = 0, p = elem; i < len; p++, i++) { 317 /* Look for the ':' in name value pairs */ 318 if (*p == ':') { 319 vstart = p + 1; 320 vlen = len - (vstart - elem); 321 len = p - elem; 322 break; 323 } 324 } 325 326 utype = asn1_str2tag(elem, len); 327 328 if (utype == -1) { 329 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG); 330 ERR_add_error_data(2, "tag=", elem); 331 return -1; 332 } 333 334 /* If this is not a modifier mark end of string and exit */ 335 if (!(utype & ASN1_GEN_FLAG)) { 336 arg->utype = utype; 337 arg->str = vstart; 338 /* If no value and not end of string, error */ 339 if (!vstart && elem[len]) { 340 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE); 341 return -1; 342 } 343 return 0; 344 } 345 346 switch (utype) { 347 348 case ASN1_GEN_FLAG_IMP: 349 /* Check for illegal multiple IMPLICIT tagging */ 350 if (arg->imp_tag != -1) { 351 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); 352 return -1; 353 } 354 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) 355 return -1; 356 break; 357 358 case ASN1_GEN_FLAG_EXP: 359 360 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) 361 return -1; 362 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) 363 return -1; 364 break; 365 366 case ASN1_GEN_FLAG_SEQWRAP: 367 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) 368 return -1; 369 break; 370 371 case ASN1_GEN_FLAG_SETWRAP: 372 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) 373 return -1; 374 break; 375 376 case ASN1_GEN_FLAG_BITWRAP: 377 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) 378 return -1; 379 break; 380 381 case ASN1_GEN_FLAG_OCTWRAP: 382 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) 383 return -1; 384 break; 385 386 case ASN1_GEN_FLAG_FORMAT: 387 if (!vstart) { 388 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); 389 return -1; 390 } 391 if (!strncmp(vstart, "ASCII", 5)) 392 arg->format = ASN1_GEN_FORMAT_ASCII; 393 else if (!strncmp(vstart, "UTF8", 4)) 394 arg->format = ASN1_GEN_FORMAT_UTF8; 395 else if (!strncmp(vstart, "HEX", 3)) 396 arg->format = ASN1_GEN_FORMAT_HEX; 397 else if (!strncmp(vstart, "BITLIST", 7)) 398 arg->format = ASN1_GEN_FORMAT_BITLIST; 399 else { 400 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); 401 return -1; 402 } 403 break; 404 405 } 406 407 return 1; 408 409 } 410 411 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) 412 { 413 char erch[2]; 414 long tag_num; 415 char *eptr; 416 if (!vstart) 417 return 0; 418 tag_num = strtoul(vstart, &eptr, 10); 419 /* Check we haven't gone past max length: should be impossible */ 420 if (eptr && *eptr && (eptr > vstart + vlen)) 421 return 0; 422 if (tag_num < 0) { 423 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); 424 return 0; 425 } 426 *ptag = tag_num; 427 /* If we have non numeric characters, parse them */ 428 if (eptr) 429 vlen -= eptr - vstart; 430 else 431 vlen = 0; 432 if (vlen) { 433 switch (*eptr) { 434 435 case 'U': 436 *pclass = V_ASN1_UNIVERSAL; 437 break; 438 439 case 'A': 440 *pclass = V_ASN1_APPLICATION; 441 break; 442 443 case 'P': 444 *pclass = V_ASN1_PRIVATE; 445 break; 446 447 case 'C': 448 *pclass = V_ASN1_CONTEXT_SPECIFIC; 449 break; 450 451 default: 452 erch[0] = *eptr; 453 erch[1] = 0; 454 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER); 455 ERR_add_error_data(2, "Char=", erch); 456 return 0; 457 break; 458 459 } 460 } else 461 *pclass = V_ASN1_CONTEXT_SPECIFIC; 462 463 return 1; 464 465 } 466 467 /* Handle multiple types: SET and SEQUENCE */ 468 469 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 470 int depth, int *perr) 471 { 472 ASN1_TYPE *ret = NULL; 473 STACK_OF(ASN1_TYPE) *sk = NULL; 474 STACK_OF(CONF_VALUE) *sect = NULL; 475 unsigned char *der = NULL; 476 int derlen; 477 size_t i; 478 sk = sk_ASN1_TYPE_new_null(); 479 if (!sk) 480 goto bad; 481 if (section) { 482 if (!cnf) 483 goto bad; 484 sect = X509V3_get_section(cnf, (char *)section); 485 if (!sect) 486 goto bad; 487 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 488 ASN1_TYPE *typ = 489 generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, 490 depth + 1, perr); 491 if (!typ) 492 goto bad; 493 if (!sk_ASN1_TYPE_push(sk, typ)) 494 goto bad; 495 } 496 } 497 498 /* 499 * Now we has a STACK of the components, convert to the correct form 500 */ 501 502 if (utype == V_ASN1_SET) 503 derlen = i2d_ASN1_SET_ANY(sk, &der); 504 else 505 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); 506 507 if (derlen < 0) 508 goto bad; 509 510 if (!(ret = ASN1_TYPE_new())) 511 goto bad; 512 513 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) 514 goto bad; 515 516 ret->type = utype; 517 518 ret->value.asn1_string->data = der; 519 ret->value.asn1_string->length = derlen; 520 521 der = NULL; 522 523 bad: 524 525 if (der) 526 OPENSSL_free(der); 527 528 if (sk) 529 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); 530 if (sect) 531 X509V3_section_free(cnf, sect); 532 533 return ret; 534 } 535 536 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 537 int exp_constructed, int exp_pad, int imp_ok) 538 { 539 tag_exp_type *exp_tmp; 540 /* Can only have IMPLICIT if permitted */ 541 if ((arg->imp_tag != -1) && !imp_ok) { 542 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); 543 return 0; 544 } 545 546 if (arg->exp_count == ASN1_FLAG_EXP_MAX) { 547 OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED); 548 return 0; 549 } 550 551 exp_tmp = &arg->exp_list[arg->exp_count++]; 552 553 /* 554 * If IMPLICIT set tag to implicit value then reset implicit tag since it 555 * has been used. 556 */ 557 if (arg->imp_tag != -1) { 558 exp_tmp->exp_tag = arg->imp_tag; 559 exp_tmp->exp_class = arg->imp_class; 560 arg->imp_tag = -1; 561 arg->imp_class = -1; 562 } else { 563 exp_tmp->exp_tag = exp_tag; 564 exp_tmp->exp_class = exp_class; 565 } 566 exp_tmp->exp_constructed = exp_constructed; 567 exp_tmp->exp_pad = exp_pad; 568 569 return 1; 570 } 571 572 static int asn1_str2tag(const char *tagstr, int len) 573 { 574 unsigned int i; 575 static const struct tag_name_st *tntmp, tnst[] = { 576 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), 577 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), 578 ASN1_GEN_STR("NULL", V_ASN1_NULL), 579 ASN1_GEN_STR("INT", V_ASN1_INTEGER), 580 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), 581 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), 582 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), 583 ASN1_GEN_STR("OID", V_ASN1_OBJECT), 584 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), 585 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), 586 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), 587 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), 588 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), 589 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), 590 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), 591 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), 592 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), 593 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), 594 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), 595 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), 596 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), 597 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), 598 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), 599 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), 600 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), 601 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), 602 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), 603 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), 604 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), 605 ASN1_GEN_STR("T61", V_ASN1_T61STRING), 606 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), 607 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), 608 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), 609 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), 610 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), 611 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), 612 613 /* Special cases */ 614 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), 615 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), 616 ASN1_GEN_STR("SET", V_ASN1_SET), 617 /* type modifiers */ 618 /* Explicit tag */ 619 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), 620 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), 621 /* Implicit tag */ 622 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), 623 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), 624 /* OCTET STRING wrapper */ 625 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), 626 /* SEQUENCE wrapper */ 627 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), 628 /* SET wrapper */ 629 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), 630 /* BIT STRING wrapper */ 631 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), 632 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), 633 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), 634 }; 635 636 if (len == -1) 637 len = strlen(tagstr); 638 639 tntmp = tnst; 640 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { 641 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) 642 return tntmp->tag; 643 } 644 645 return -1; 646 } 647 648 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) 649 { 650 ASN1_TYPE *atmp = NULL; 651 652 CONF_VALUE vtmp; 653 654 unsigned char *rdata; 655 long rdlen; 656 657 int no_unused = 1; 658 659 if (!(atmp = ASN1_TYPE_new())) { 660 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 661 return NULL; 662 } 663 664 if (!str) 665 str = ""; 666 667 switch (utype) { 668 669 case V_ASN1_NULL: 670 if (str && *str) { 671 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE); 672 goto bad_form; 673 } 674 break; 675 676 case V_ASN1_BOOLEAN: 677 if (format != ASN1_GEN_FORMAT_ASCII) { 678 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT); 679 goto bad_form; 680 } 681 vtmp.name = NULL; 682 vtmp.section = NULL; 683 vtmp.value = (char *)str; 684 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { 685 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN); 686 goto bad_str; 687 } 688 break; 689 690 case V_ASN1_INTEGER: 691 case V_ASN1_ENUMERATED: 692 if (format != ASN1_GEN_FORMAT_ASCII) { 693 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); 694 goto bad_form; 695 } 696 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { 697 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER); 698 goto bad_str; 699 } 700 break; 701 702 case V_ASN1_OBJECT: 703 if (format != ASN1_GEN_FORMAT_ASCII) { 704 OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); 705 goto bad_form; 706 } 707 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { 708 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT); 709 goto bad_str; 710 } 711 break; 712 713 case V_ASN1_UTCTIME: 714 case V_ASN1_GENERALIZEDTIME: 715 if (format != ASN1_GEN_FORMAT_ASCII) { 716 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); 717 goto bad_form; 718 } 719 if (!(atmp->value.asn1_string = ASN1_STRING_new())) { 720 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 721 goto bad_str; 722 } 723 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { 724 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 725 goto bad_str; 726 } 727 atmp->value.asn1_string->type = utype; 728 if (!ASN1_TIME_check(atmp->value.asn1_string)) { 729 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE); 730 goto bad_str; 731 } 732 733 break; 734 735 case V_ASN1_BMPSTRING: 736 case V_ASN1_PRINTABLESTRING: 737 case V_ASN1_IA5STRING: 738 case V_ASN1_T61STRING: 739 case V_ASN1_UTF8STRING: 740 case V_ASN1_VISIBLESTRING: 741 case V_ASN1_UNIVERSALSTRING: 742 case V_ASN1_GENERALSTRING: 743 case V_ASN1_NUMERICSTRING: 744 745 if (format == ASN1_GEN_FORMAT_ASCII) 746 format = MBSTRING_ASC; 747 else if (format == ASN1_GEN_FORMAT_UTF8) 748 format = MBSTRING_UTF8; 749 else { 750 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT); 751 goto bad_form; 752 } 753 754 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, 755 -1, format, ASN1_tag2bit(utype)) <= 0) { 756 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 757 goto bad_str; 758 } 759 760 break; 761 762 case V_ASN1_BIT_STRING: 763 764 case V_ASN1_OCTET_STRING: 765 766 if (!(atmp->value.asn1_string = ASN1_STRING_new())) { 767 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 768 goto bad_form; 769 } 770 771 if (format == ASN1_GEN_FORMAT_HEX) { 772 773 if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) { 774 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); 775 goto bad_str; 776 } 777 778 atmp->value.asn1_string->data = rdata; 779 atmp->value.asn1_string->length = rdlen; 780 atmp->value.asn1_string->type = utype; 781 782 } else if (format == ASN1_GEN_FORMAT_ASCII) 783 ASN1_STRING_set(atmp->value.asn1_string, str, -1); 784 else if ((format == ASN1_GEN_FORMAT_BITLIST) 785 && (utype == V_ASN1_BIT_STRING)) { 786 if (!CONF_parse_list 787 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { 788 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR); 789 goto bad_str; 790 } 791 no_unused = 0; 792 793 } else { 794 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); 795 goto bad_form; 796 } 797 798 if ((utype == V_ASN1_BIT_STRING) && no_unused) { 799 atmp->value.asn1_string->flags 800 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 801 atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; 802 } 803 804 break; 805 806 default: 807 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE); 808 goto bad_str; 809 break; 810 } 811 812 atmp->type = utype; 813 return atmp; 814 815 bad_str: 816 ERR_add_error_data(2, "string=", str); 817 bad_form: 818 819 ASN1_TYPE_free(atmp); 820 return NULL; 821 822 } 823 824 static int bitstr_cb(const char *elem, int len, void *bitstr) 825 { 826 long bitnum; 827 char *eptr; 828 if (!elem) 829 return 0; 830 bitnum = strtoul(elem, &eptr, 10); 831 if (eptr && *eptr && (eptr != elem + len)) 832 return 0; 833 if (bitnum < 0) { 834 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); 835 return 0; 836 } 837 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { 838 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 839 return 0; 840 } 841 return 1; 842 } 843
