1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/x509.h>
58
59 #include <string.h>
60
61 #include <openssl/asn1.h>
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64 #include <openssl/obj.h>
65 #include <openssl/x509v3.h>
66
67 #include "../internal.h"
68
69 /*
70 * Although this file is in crypto/x509 for layering purposes, it emits
71 * errors from the ASN.1 module for OpenSSL compatibility.
72 */
73
74 #define ASN1_GEN_FLAG 0x10000
75 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
76 #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
77 #define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
78 #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
79 #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
80 #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
81 #define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
82 #define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
83
84 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
85
86 #define ASN1_FLAG_EXP_MAX 20
87
88 /* Input formats */
89
90 /* ASCII: default */
91 #define ASN1_GEN_FORMAT_ASCII 1
92 /* UTF8 */
93 #define ASN1_GEN_FORMAT_UTF8 2
94 /* Hex */
95 #define ASN1_GEN_FORMAT_HEX 3
96 /* List of bits */
97 #define ASN1_GEN_FORMAT_BITLIST 4
98
99 struct tag_name_st {
100 const char *strnam;
101 int len;
102 int tag;
103 };
104
105 typedef struct {
106 int exp_tag;
107 int exp_class;
108 int exp_constructed;
109 int exp_pad;
110 long exp_len;
111 } tag_exp_type;
112
113 typedef struct {
114 int imp_tag;
115 int imp_class;
116 int utype;
117 int format;
118 const char *str;
119 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
120 int exp_count;
121 } tag_exp_arg;
122
123 static int bitstr_cb(const char *elem, int len, void *bitstr);
124 static int asn1_cb(const char *elem, int len, void *bitstr);
125 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
126 int exp_constructed, int exp_pad, int imp_ok);
127 static int parse_tagging(const char *vstart, int vlen, int *ptag,
128 int *pclass);
129 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
130 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
131 static int asn1_str2tag(const char *tagstr, int len);
132
ASN1_generate_nconf(char * str,CONF * nconf)133 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
134 {
135 X509V3_CTX cnf;
136
137 if (!nconf)
138 return ASN1_generate_v3(str, NULL);
139
140 X509V3_set_nconf(&cnf, nconf);
141 return ASN1_generate_v3(str, &cnf);
142 }
143
ASN1_generate_v3(char * str,X509V3_CTX * cnf)144 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
145 {
146 ASN1_TYPE *ret;
147 tag_exp_arg asn1_tags;
148 tag_exp_type *etmp;
149
150 int i, len;
151
152 unsigned char *orig_der = NULL, *new_der = NULL;
153 const unsigned char *cpy_start;
154 unsigned char *p;
155 const unsigned char *cp;
156 int cpy_len;
157 long hdr_len = 0;
158 int hdr_constructed = 0, hdr_tag, hdr_class;
159 int r;
160
161 asn1_tags.imp_tag = -1;
162 asn1_tags.imp_class = -1;
163 asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
164 asn1_tags.exp_count = 0;
165 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
166 return NULL;
167
168 if ((asn1_tags.utype == V_ASN1_SEQUENCE)
169 || (asn1_tags.utype == V_ASN1_SET)) {
170 if (!cnf) {
171 OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
172 return NULL;
173 }
174 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
175 } else
176 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
177
178 if (!ret)
179 return NULL;
180
181 /* If no tagging return base type */
182 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
183 return ret;
184
185 /* Generate the encoding */
186 cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
187 ASN1_TYPE_free(ret);
188 ret = NULL;
189 /* Set point to start copying for modified encoding */
190 cpy_start = orig_der;
191
192 /* Do we need IMPLICIT tagging? */
193 if (asn1_tags.imp_tag != -1) {
194 /* If IMPLICIT we will replace the underlying tag */
195 /* Skip existing tag+len */
196 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
197 cpy_len);
198 if (r & 0x80)
199 goto err;
200 /* Update copy length */
201 cpy_len -= cpy_start - orig_der;
202 /*
203 * For IMPLICIT tagging the length should match the original length
204 * and constructed flag should be consistent.
205 */
206 if (r & 0x1) {
207 /* Indefinite length constructed */
208 hdr_constructed = 2;
209 hdr_len = 0;
210 } else
211 /* Just retain constructed flag */
212 hdr_constructed = r & V_ASN1_CONSTRUCTED;
213 /*
214 * Work out new length with IMPLICIT tag: ignore constructed because
215 * it will mess up if indefinite length
216 */
217 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
218 } else
219 len = cpy_len;
220
221 /* Work out length in any EXPLICIT, starting from end */
222
223 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
224 i < asn1_tags.exp_count; i++, etmp--) {
225 /* Content length: number of content octets + any padding */
226 len += etmp->exp_pad;
227 etmp->exp_len = len;
228 /* Total object length: length including new header */
229 len = ASN1_object_size(0, len, etmp->exp_tag);
230 }
231
232 /* Allocate buffer for new encoding */
233
234 new_der = OPENSSL_malloc(len);
235 if (!new_der)
236 goto err;
237
238 /* Generate tagged encoding */
239
240 p = new_der;
241
242 /* Output explicit tags first */
243
244 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
245 i++, etmp++) {
246 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
247 etmp->exp_tag, etmp->exp_class);
248 if (etmp->exp_pad)
249 *p++ = 0;
250 }
251
252 /* If IMPLICIT, output tag */
253
254 if (asn1_tags.imp_tag != -1) {
255 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
256 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
257 || asn1_tags.imp_tag == V_ASN1_SET))
258 hdr_constructed = V_ASN1_CONSTRUCTED;
259 ASN1_put_object(&p, hdr_constructed, hdr_len,
260 asn1_tags.imp_tag, asn1_tags.imp_class);
261 }
262
263 /* Copy across original encoding */
264 OPENSSL_memcpy(p, cpy_start, cpy_len);
265
266 cp = new_der;
267
268 /* Obtain new ASN1_TYPE structure */
269 ret = d2i_ASN1_TYPE(NULL, &cp, len);
270
271 err:
272 if (orig_der)
273 OPENSSL_free(orig_der);
274 if (new_der)
275 OPENSSL_free(new_der);
276
277 return ret;
278
279 }
280
asn1_cb(const char * elem,int len,void * bitstr)281 static int asn1_cb(const char *elem, int len, void *bitstr)
282 {
283 tag_exp_arg *arg = bitstr;
284 int i;
285 int utype;
286 int vlen = 0;
287 const char *p, *vstart = NULL;
288
289 int tmp_tag, tmp_class;
290
291 if (elem == NULL)
292 return 0;
293
294 for (i = 0, p = elem; i < len; p++, i++) {
295 /* Look for the ':' in name value pairs */
296 if (*p == ':') {
297 vstart = p + 1;
298 vlen = len - (vstart - elem);
299 len = p - elem;
300 break;
301 }
302 }
303
304 utype = asn1_str2tag(elem, len);
305
306 if (utype == -1) {
307 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);
308 ERR_add_error_data(2, "tag=", elem);
309 return -1;
310 }
311
312 /* If this is not a modifier mark end of string and exit */
313 if (!(utype & ASN1_GEN_FLAG)) {
314 arg->utype = utype;
315 arg->str = vstart;
316 /* If no value and not end of string, error */
317 if (!vstart && elem[len]) {
318 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
319 return -1;
320 }
321 return 0;
322 }
323
324 switch (utype) {
325
326 case ASN1_GEN_FLAG_IMP:
327 /* Check for illegal multiple IMPLICIT tagging */
328 if (arg->imp_tag != -1) {
329 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);
330 return -1;
331 }
332 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
333 return -1;
334 break;
335
336 case ASN1_GEN_FLAG_EXP:
337
338 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
339 return -1;
340 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
341 return -1;
342 break;
343
344 case ASN1_GEN_FLAG_SEQWRAP:
345 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
346 return -1;
347 break;
348
349 case ASN1_GEN_FLAG_SETWRAP:
350 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
351 return -1;
352 break;
353
354 case ASN1_GEN_FLAG_BITWRAP:
355 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
356 return -1;
357 break;
358
359 case ASN1_GEN_FLAG_OCTWRAP:
360 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
361 return -1;
362 break;
363
364 case ASN1_GEN_FLAG_FORMAT:
365 if (!vstart) {
366 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
367 return -1;
368 }
369 if (!strncmp(vstart, "ASCII", 5))
370 arg->format = ASN1_GEN_FORMAT_ASCII;
371 else if (!strncmp(vstart, "UTF8", 4))
372 arg->format = ASN1_GEN_FORMAT_UTF8;
373 else if (!strncmp(vstart, "HEX", 3))
374 arg->format = ASN1_GEN_FORMAT_HEX;
375 else if (!strncmp(vstart, "BITLIST", 7))
376 arg->format = ASN1_GEN_FORMAT_BITLIST;
377 else {
378 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
379 return -1;
380 }
381 break;
382
383 }
384
385 return 1;
386
387 }
388
parse_tagging(const char * vstart,int vlen,int * ptag,int * pclass)389 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
390 {
391 char erch[2];
392 long tag_num;
393 char *eptr;
394 if (!vstart)
395 return 0;
396 tag_num = strtoul(vstart, &eptr, 10);
397 /* Check we haven't gone past max length: should be impossible */
398 if (eptr && *eptr && (eptr > vstart + vlen))
399 return 0;
400 if (tag_num < 0) {
401 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
402 return 0;
403 }
404 *ptag = tag_num;
405 /* If we have non numeric characters, parse them */
406 if (eptr)
407 vlen -= eptr - vstart;
408 else
409 vlen = 0;
410 if (vlen) {
411 switch (*eptr) {
412
413 case 'U':
414 *pclass = V_ASN1_UNIVERSAL;
415 break;
416
417 case 'A':
418 *pclass = V_ASN1_APPLICATION;
419 break;
420
421 case 'P':
422 *pclass = V_ASN1_PRIVATE;
423 break;
424
425 case 'C':
426 *pclass = V_ASN1_CONTEXT_SPECIFIC;
427 break;
428
429 default:
430 erch[0] = *eptr;
431 erch[1] = 0;
432 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER);
433 ERR_add_error_data(2, "Char=", erch);
434 return 0;
435 break;
436
437 }
438 } else
439 *pclass = V_ASN1_CONTEXT_SPECIFIC;
440
441 return 1;
442
443 }
444
445 /* Handle multiple types: SET and SEQUENCE */
446
asn1_multi(int utype,const char * section,X509V3_CTX * cnf)447 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
448 {
449 ASN1_TYPE *ret = NULL;
450 STACK_OF(ASN1_TYPE) *sk = NULL;
451 STACK_OF(CONF_VALUE) *sect = NULL;
452 unsigned char *der = NULL;
453 int derlen;
454 size_t i;
455 sk = sk_ASN1_TYPE_new_null();
456 if (!sk)
457 goto bad;
458 if (section) {
459 if (!cnf)
460 goto bad;
461 sect = X509V3_get_section(cnf, (char *)section);
462 if (!sect)
463 goto bad;
464 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
465 ASN1_TYPE *typ =
466 ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
467 if (!typ)
468 goto bad;
469 if (!sk_ASN1_TYPE_push(sk, typ))
470 goto bad;
471 }
472 }
473
474 /*
475 * Now we has a STACK of the components, convert to the correct form
476 */
477
478 if (utype == V_ASN1_SET)
479 derlen = i2d_ASN1_SET_ANY(sk, &der);
480 else
481 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
482
483 if (derlen < 0)
484 goto bad;
485
486 if (!(ret = ASN1_TYPE_new()))
487 goto bad;
488
489 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
490 goto bad;
491
492 ret->type = utype;
493
494 ret->value.asn1_string->data = der;
495 ret->value.asn1_string->length = derlen;
496
497 der = NULL;
498
499 bad:
500
501 if (der)
502 OPENSSL_free(der);
503
504 if (sk)
505 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
506 if (sect)
507 X509V3_section_free(cnf, sect);
508
509 return ret;
510 }
511
append_exp(tag_exp_arg * arg,int exp_tag,int exp_class,int exp_constructed,int exp_pad,int imp_ok)512 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
513 int exp_constructed, int exp_pad, int imp_ok)
514 {
515 tag_exp_type *exp_tmp;
516 /* Can only have IMPLICIT if permitted */
517 if ((arg->imp_tag != -1) && !imp_ok) {
518 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG);
519 return 0;
520 }
521
522 if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
523 OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED);
524 return 0;
525 }
526
527 exp_tmp = &arg->exp_list[arg->exp_count++];
528
529 /*
530 * If IMPLICIT set tag to implicit value then reset implicit tag since it
531 * has been used.
532 */
533 if (arg->imp_tag != -1) {
534 exp_tmp->exp_tag = arg->imp_tag;
535 exp_tmp->exp_class = arg->imp_class;
536 arg->imp_tag = -1;
537 arg->imp_class = -1;
538 } else {
539 exp_tmp->exp_tag = exp_tag;
540 exp_tmp->exp_class = exp_class;
541 }
542 exp_tmp->exp_constructed = exp_constructed;
543 exp_tmp->exp_pad = exp_pad;
544
545 return 1;
546 }
547
asn1_str2tag(const char * tagstr,int len)548 static int asn1_str2tag(const char *tagstr, int len)
549 {
550 unsigned int i;
551 static const struct tag_name_st *tntmp, tnst[] = {
552 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
553 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
554 ASN1_GEN_STR("NULL", V_ASN1_NULL),
555 ASN1_GEN_STR("INT", V_ASN1_INTEGER),
556 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
557 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
558 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
559 ASN1_GEN_STR("OID", V_ASN1_OBJECT),
560 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
561 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
562 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
563 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
564 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
565 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
566 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
567 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
568 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
569 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
570 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
571 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
572 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
573 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
574 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
575 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
576 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
577 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
578 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
579 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
580 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
581 ASN1_GEN_STR("T61", V_ASN1_T61STRING),
582 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
583 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
584 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
585 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
586 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
587 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
588
589 /* Special cases */
590 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
591 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
592 ASN1_GEN_STR("SET", V_ASN1_SET),
593 /* type modifiers */
594 /* Explicit tag */
595 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
596 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
597 /* Implicit tag */
598 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
599 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
600 /* OCTET STRING wrapper */
601 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
602 /* SEQUENCE wrapper */
603 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
604 /* SET wrapper */
605 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
606 /* BIT STRING wrapper */
607 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
608 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
609 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
610 };
611
612 if (len == -1)
613 len = strlen(tagstr);
614
615 tntmp = tnst;
616 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
617 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
618 return tntmp->tag;
619 }
620
621 return -1;
622 }
623
asn1_str2type(const char * str,int format,int utype)624 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
625 {
626 ASN1_TYPE *atmp = NULL;
627
628 CONF_VALUE vtmp;
629
630 unsigned char *rdata;
631 long rdlen;
632
633 int no_unused = 1;
634
635 if (!(atmp = ASN1_TYPE_new())) {
636 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
637 return NULL;
638 }
639
640 if (!str)
641 str = "";
642
643 switch (utype) {
644
645 case V_ASN1_NULL:
646 if (str && *str) {
647 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE);
648 goto bad_form;
649 }
650 break;
651
652 case V_ASN1_BOOLEAN:
653 if (format != ASN1_GEN_FORMAT_ASCII) {
654 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT);
655 goto bad_form;
656 }
657 vtmp.name = NULL;
658 vtmp.section = NULL;
659 vtmp.value = (char *)str;
660 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
661 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN);
662 goto bad_str;
663 }
664 break;
665
666 case V_ASN1_INTEGER:
667 case V_ASN1_ENUMERATED:
668 if (format != ASN1_GEN_FORMAT_ASCII) {
669 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
670 goto bad_form;
671 }
672 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {
673 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER);
674 goto bad_str;
675 }
676 break;
677
678 case V_ASN1_OBJECT:
679 if (format != ASN1_GEN_FORMAT_ASCII) {
680 OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
681 goto bad_form;
682 }
683 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
684 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);
685 goto bad_str;
686 }
687 break;
688
689 case V_ASN1_UTCTIME:
690 case V_ASN1_GENERALIZEDTIME:
691 if (format != ASN1_GEN_FORMAT_ASCII) {
692 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT);
693 goto bad_form;
694 }
695 if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
696 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
697 goto bad_str;
698 }
699 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
700 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
701 goto bad_str;
702 }
703 atmp->value.asn1_string->type = utype;
704 if (!ASN1_TIME_check(atmp->value.asn1_string)) {
705 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);
706 goto bad_str;
707 }
708
709 break;
710
711 case V_ASN1_BMPSTRING:
712 case V_ASN1_PRINTABLESTRING:
713 case V_ASN1_IA5STRING:
714 case V_ASN1_T61STRING:
715 case V_ASN1_UTF8STRING:
716 case V_ASN1_VISIBLESTRING:
717 case V_ASN1_UNIVERSALSTRING:
718 case V_ASN1_GENERALSTRING:
719 case V_ASN1_NUMERICSTRING:
720
721 if (format == ASN1_GEN_FORMAT_ASCII)
722 format = MBSTRING_ASC;
723 else if (format == ASN1_GEN_FORMAT_UTF8)
724 format = MBSTRING_UTF8;
725 else {
726 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);
727 goto bad_form;
728 }
729
730 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
731 -1, format, ASN1_tag2bit(utype)) <= 0) {
732 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
733 goto bad_str;
734 }
735
736 break;
737
738 case V_ASN1_BIT_STRING:
739
740 case V_ASN1_OCTET_STRING:
741
742 if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
743 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
744 goto bad_form;
745 }
746
747 if (format == ASN1_GEN_FORMAT_HEX) {
748
749 if (!(rdata = string_to_hex((char *)str, &rdlen))) {
750 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);
751 goto bad_str;
752 }
753
754 atmp->value.asn1_string->data = rdata;
755 atmp->value.asn1_string->length = rdlen;
756 atmp->value.asn1_string->type = utype;
757
758 } else if (format == ASN1_GEN_FORMAT_ASCII)
759 ASN1_STRING_set(atmp->value.asn1_string, str, -1);
760 else if ((format == ASN1_GEN_FORMAT_BITLIST)
761 && (utype == V_ASN1_BIT_STRING)) {
762 if (!CONF_parse_list
763 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
764 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);
765 goto bad_str;
766 }
767 no_unused = 0;
768
769 } else {
770 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
771 goto bad_form;
772 }
773
774 if ((utype == V_ASN1_BIT_STRING) && no_unused) {
775 atmp->value.asn1_string->flags
776 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
777 atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
778 }
779
780 break;
781
782 default:
783 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE);
784 goto bad_str;
785 break;
786 }
787
788 atmp->type = utype;
789 return atmp;
790
791 bad_str:
792 ERR_add_error_data(2, "string=", str);
793 bad_form:
794
795 ASN1_TYPE_free(atmp);
796 return NULL;
797
798 }
799
bitstr_cb(const char * elem,int len,void * bitstr)800 static int bitstr_cb(const char *elem, int len, void *bitstr)
801 {
802 long bitnum;
803 char *eptr;
804 if (!elem)
805 return 0;
806 bitnum = strtoul(elem, &eptr, 10);
807 if (eptr && *eptr && (eptr != elem + len))
808 return 0;
809 if (bitnum < 0) {
810 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
811 return 0;
812 }
813 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
814 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
815 return 0;
816 }
817 return 1;
818 }
819