1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57#include <openssl/x509.h> 58 59#include <string.h> 60 61#include <openssl/asn1.h> 62#include <openssl/err.h> 63#include <openssl/mem.h> 64#include <openssl/obj.h> 65#include <openssl/x509v3.h> 66 67#include "../internal.h" 68 69 70/* Although this file is in crypto/x509 for layering purposes, it emits errors 71 * from the ASN.1 module for OpenSSL compatibility. */ 72 73#define ASN1_GEN_FLAG 0x10000 74#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) 75#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) 76#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) 77#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) 78#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) 79#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) 80#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) 81#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) 82 83#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} 84 85#define ASN1_FLAG_EXP_MAX 20 86 87/* Input formats */ 88 89/* ASCII: default */ 90#define ASN1_GEN_FORMAT_ASCII 1 91/* UTF8 */ 92#define ASN1_GEN_FORMAT_UTF8 2 93/* Hex */ 94#define ASN1_GEN_FORMAT_HEX 3 95/* List of bits */ 96#define ASN1_GEN_FORMAT_BITLIST 4 97 98 99struct tag_name_st 100 { 101 const char *strnam; 102 int len; 103 int tag; 104 }; 105 106typedef struct 107 { 108 int exp_tag; 109 int exp_class; 110 int exp_constructed; 111 int exp_pad; 112 long exp_len; 113 } tag_exp_type; 114 115typedef struct 116 { 117 int imp_tag; 118 int imp_class; 119 int utype; 120 int format; 121 const char *str; 122 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; 123 int exp_count; 124 } tag_exp_arg; 125 126static int bitstr_cb(const char *elem, int len, void *bitstr); 127static int asn1_cb(const char *elem, int len, void *bitstr); 128static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok); 129static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass); 130static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); 131static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); 132static int asn1_str2tag(const char *tagstr, int len); 133 134ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) 135 { 136 X509V3_CTX cnf; 137 138 if (!nconf) 139 return ASN1_generate_v3(str, NULL); 140 141 X509V3_set_nconf(&cnf, nconf); 142 return ASN1_generate_v3(str, &cnf); 143 } 144 145ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) 146 OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS 147 { 148 ASN1_TYPE *ret; 149 tag_exp_arg asn1_tags; 150 tag_exp_type *etmp; 151 152 int i, len; 153 154 unsigned char *orig_der = NULL, *new_der = NULL; 155 const unsigned char *cpy_start; 156 unsigned char *p; 157 const unsigned char *cp; 158 int cpy_len; 159 long hdr_len; 160 int hdr_constructed = 0, hdr_tag, hdr_class; 161 int r; 162 163 asn1_tags.imp_tag = -1; 164 asn1_tags.imp_class = -1; 165 asn1_tags.format = ASN1_GEN_FORMAT_ASCII; 166 asn1_tags.exp_count = 0; 167 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) 168 return NULL; 169 170 if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET)) 171 { 172 if (!cnf) 173 { 174 OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); 175 return NULL; 176 } 177 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); 178 } 179 else 180 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); 181 182 if (!ret) 183 return NULL; 184 185 /* If no tagging return base type */ 186 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) 187 return ret; 188 189 /* Generate the encoding */ 190 cpy_len = i2d_ASN1_TYPE(ret, &orig_der); 191 ASN1_TYPE_free(ret); 192 ret = NULL; 193 /* Set point to start copying for modified encoding */ 194 cpy_start = orig_der; 195 196 /* Do we need IMPLICIT tagging? */ 197 if (asn1_tags.imp_tag != -1) 198 { 199 /* If IMPLICIT we will replace the underlying tag */ 200 /* Skip existing tag+len */ 201 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len); 202 if (r & 0x80) 203 goto err; 204 /* Update copy length */ 205 cpy_len -= cpy_start - orig_der; 206 /* For IMPLICIT tagging the length should match the 207 * original length and constructed flag should be 208 * consistent. 209 */ 210 if (r & 0x1) 211 { 212 /* Indefinite length constructed */ 213 hdr_constructed = 2; 214 hdr_len = 0; 215 } 216 else 217 /* Just retain constructed flag */ 218 hdr_constructed = r & V_ASN1_CONSTRUCTED; 219 /* Work out new length with IMPLICIT tag: ignore constructed 220 * because it will mess up if indefinite length 221 */ 222 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); 223 } 224 else 225 len = cpy_len; 226 227 /* Work out length in any EXPLICIT, starting from end */ 228 229 for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--) 230 { 231 /* Content length: number of content octets + any padding */ 232 len += etmp->exp_pad; 233 etmp->exp_len = len; 234 /* Total object length: length including new header */ 235 len = ASN1_object_size(0, len, etmp->exp_tag); 236 } 237 238 /* Allocate buffer for new encoding */ 239 240 new_der = OPENSSL_malloc(len); 241 if (!new_der) 242 goto err; 243 244 /* Generate tagged encoding */ 245 246 p = new_der; 247 248 /* Output explicit tags first */ 249 250 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++) 251 { 252 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, 253 etmp->exp_tag, etmp->exp_class); 254 if (etmp->exp_pad) 255 *p++ = 0; 256 } 257 258 /* If IMPLICIT, output tag */ 259 260 if (asn1_tags.imp_tag != -1) 261 { 262 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 263 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE 264 || asn1_tags.imp_tag == V_ASN1_SET) ) 265 hdr_constructed = V_ASN1_CONSTRUCTED; 266 ASN1_put_object(&p, hdr_constructed, hdr_len, 267 asn1_tags.imp_tag, asn1_tags.imp_class); 268 } 269 270 /* Copy across original encoding */ 271 memcpy(p, cpy_start, cpy_len); 272 273 cp = new_der; 274 275 /* Obtain new ASN1_TYPE structure */ 276 ret = d2i_ASN1_TYPE(NULL, &cp, len); 277 278 err: 279 if (orig_der) 280 OPENSSL_free(orig_der); 281 if (new_der) 282 OPENSSL_free(new_der); 283 284 return ret; 285 286 } 287 288static int asn1_cb(const char *elem, int len, void *bitstr) 289 { 290 tag_exp_arg *arg = bitstr; 291 int i; 292 int utype; 293 int vlen = 0; 294 const char *p, *vstart = NULL; 295 296 int tmp_tag, tmp_class; 297 298 if (elem == NULL) 299 return 0; 300 301 for(i = 0, p = elem; i < len; p++, i++) 302 { 303 /* Look for the ':' in name value pairs */ 304 if (*p == ':') 305 { 306 vstart = p + 1; 307 vlen = len - (vstart - elem); 308 len = p - elem; 309 break; 310 } 311 } 312 313 utype = asn1_str2tag(elem, len); 314 315 if (utype == -1) 316 { 317 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG); 318 ERR_add_error_data(2, "tag=", elem); 319 return -1; 320 } 321 322 /* If this is not a modifier mark end of string and exit */ 323 if (!(utype & ASN1_GEN_FLAG)) 324 { 325 arg->utype = utype; 326 arg->str = vstart; 327 /* If no value and not end of string, error */ 328 if (!vstart && elem[len]) 329 { 330 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE); 331 return -1; 332 } 333 return 0; 334 } 335 336 switch(utype) 337 { 338 339 case ASN1_GEN_FLAG_IMP: 340 /* Check for illegal multiple IMPLICIT tagging */ 341 if (arg->imp_tag != -1) 342 { 343 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); 344 return -1; 345 } 346 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) 347 return -1; 348 break; 349 350 case ASN1_GEN_FLAG_EXP: 351 352 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) 353 return -1; 354 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) 355 return -1; 356 break; 357 358 case ASN1_GEN_FLAG_SEQWRAP: 359 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) 360 return -1; 361 break; 362 363 case ASN1_GEN_FLAG_SETWRAP: 364 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) 365 return -1; 366 break; 367 368 case ASN1_GEN_FLAG_BITWRAP: 369 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) 370 return -1; 371 break; 372 373 case ASN1_GEN_FLAG_OCTWRAP: 374 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) 375 return -1; 376 break; 377 378 case ASN1_GEN_FLAG_FORMAT: 379 if (!vstart) 380 { 381 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); 382 return -1; 383 } 384 if (!strncmp(vstart, "ASCII", 5)) 385 arg->format = ASN1_GEN_FORMAT_ASCII; 386 else if (!strncmp(vstart, "UTF8", 4)) 387 arg->format = ASN1_GEN_FORMAT_UTF8; 388 else if (!strncmp(vstart, "HEX", 3)) 389 arg->format = ASN1_GEN_FORMAT_HEX; 390 else if (!strncmp(vstart, "BITLIST", 7)) 391 arg->format = ASN1_GEN_FORMAT_BITLIST; 392 else 393 { 394 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); 395 return -1; 396 } 397 break; 398 399 } 400 401 return 1; 402 403 } 404 405static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) 406 { 407 char erch[2]; 408 long tag_num; 409 char *eptr; 410 if (!vstart) 411 return 0; 412 tag_num = strtoul(vstart, &eptr, 10); 413 /* Check we haven't gone past max length: should be impossible */ 414 if (eptr && *eptr && (eptr > vstart + vlen)) 415 return 0; 416 if (tag_num < 0) 417 { 418 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); 419 return 0; 420 } 421 *ptag = tag_num; 422 /* If we have non numeric characters, parse them */ 423 if (eptr) 424 vlen -= eptr - vstart; 425 else 426 vlen = 0; 427 if (vlen) 428 { 429 switch (*eptr) 430 { 431 432 case 'U': 433 *pclass = V_ASN1_UNIVERSAL; 434 break; 435 436 case 'A': 437 *pclass = V_ASN1_APPLICATION; 438 break; 439 440 case 'P': 441 *pclass = V_ASN1_PRIVATE; 442 break; 443 444 case 'C': 445 *pclass = V_ASN1_CONTEXT_SPECIFIC; 446 break; 447 448 default: 449 erch[0] = *eptr; 450 erch[1] = 0; 451 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER); 452 ERR_add_error_data(2, "Char=", erch); 453 return 0; 454 break; 455 456 } 457 } 458 else 459 *pclass = V_ASN1_CONTEXT_SPECIFIC; 460 461 return 1; 462 463 } 464 465/* Handle multiple types: SET and SEQUENCE */ 466 467static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) 468 { 469 ASN1_TYPE *ret = NULL; 470 STACK_OF(ASN1_TYPE) *sk = NULL; 471 STACK_OF(CONF_VALUE) *sect = NULL; 472 unsigned char *der = NULL; 473 int derlen; 474 size_t i; 475 sk = sk_ASN1_TYPE_new_null(); 476 if (!sk) 477 goto bad; 478 if (section) 479 { 480 if (!cnf) 481 goto bad; 482 sect = X509V3_get_section(cnf, (char *)section); 483 if (!sect) 484 goto bad; 485 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) 486 { 487 ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); 488 if (!typ) 489 goto bad; 490 if (!sk_ASN1_TYPE_push(sk, typ)) 491 goto bad; 492 } 493 } 494 495 /* Now we has a STACK of the components, convert to the correct form */ 496 497 if (utype == V_ASN1_SET) 498 derlen = i2d_ASN1_SET_ANY(sk, &der); 499 else 500 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); 501 502 if (derlen < 0) 503 goto bad; 504 505 if (!(ret = ASN1_TYPE_new())) 506 goto bad; 507 508 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) 509 goto bad; 510 511 ret->type = utype; 512 513 ret->value.asn1_string->data = der; 514 ret->value.asn1_string->length = derlen; 515 516 der = NULL; 517 518 bad: 519 520 if (der) 521 OPENSSL_free(der); 522 523 if (sk) 524 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); 525 if (sect) 526 X509V3_section_free(cnf, sect); 527 528 return ret; 529 } 530 531static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok) 532 { 533 tag_exp_type *exp_tmp; 534 /* Can only have IMPLICIT if permitted */ 535 if ((arg->imp_tag != -1) && !imp_ok) 536 { 537 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); 538 return 0; 539 } 540 541 if (arg->exp_count == ASN1_FLAG_EXP_MAX) 542 { 543 OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED); 544 return 0; 545 } 546 547 exp_tmp = &arg->exp_list[arg->exp_count++]; 548 549 /* If IMPLICIT set tag to implicit value then 550 * reset implicit tag since it has been used. 551 */ 552 if (arg->imp_tag != -1) 553 { 554 exp_tmp->exp_tag = arg->imp_tag; 555 exp_tmp->exp_class = arg->imp_class; 556 arg->imp_tag = -1; 557 arg->imp_class = -1; 558 } 559 else 560 { 561 exp_tmp->exp_tag = exp_tag; 562 exp_tmp->exp_class = exp_class; 563 } 564 exp_tmp->exp_constructed = exp_constructed; 565 exp_tmp->exp_pad = exp_pad; 566 567 return 1; 568 } 569 570 571static int asn1_str2tag(const char *tagstr, int len) 572 { 573 unsigned int i; 574 static const struct tag_name_st *tntmp, tnst [] = { 575 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), 576 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), 577 ASN1_GEN_STR("NULL", V_ASN1_NULL), 578 ASN1_GEN_STR("INT", V_ASN1_INTEGER), 579 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), 580 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), 581 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), 582 ASN1_GEN_STR("OID", V_ASN1_OBJECT), 583 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), 584 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), 585 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), 586 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), 587 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), 588 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), 589 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), 590 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), 591 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), 592 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), 593 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), 594 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), 595 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), 596 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), 597 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), 598 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), 599 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), 600 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), 601 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), 602 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), 603 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), 604 ASN1_GEN_STR("T61", V_ASN1_T61STRING), 605 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), 606 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), 607 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), 608 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), 609 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), 610 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), 611 612 /* Special cases */ 613 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), 614 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), 615 ASN1_GEN_STR("SET", V_ASN1_SET), 616 /* type modifiers */ 617 /* Explicit tag */ 618 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), 619 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), 620 /* Implicit tag */ 621 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), 622 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), 623 /* OCTET STRING wrapper */ 624 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), 625 /* SEQUENCE wrapper */ 626 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), 627 /* SET wrapper */ 628 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), 629 /* BIT STRING wrapper */ 630 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), 631 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), 632 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), 633 }; 634 635 if (len == -1) 636 len = strlen(tagstr); 637 638 tntmp = tnst; 639 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) 640 { 641 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) 642 return tntmp->tag; 643 } 644 645 return -1; 646 } 647 648static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) 649 { 650 ASN1_TYPE *atmp = NULL; 651 652 CONF_VALUE vtmp; 653 654 unsigned char *rdata; 655 long rdlen; 656 657 int no_unused = 1; 658 659 if (!(atmp = ASN1_TYPE_new())) 660 { 661 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 662 return NULL; 663 } 664 665 if (!str) 666 str = ""; 667 668 switch(utype) 669 { 670 671 case V_ASN1_NULL: 672 if (str && *str) 673 { 674 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE); 675 goto bad_form; 676 } 677 break; 678 679 case V_ASN1_BOOLEAN: 680 if (format != ASN1_GEN_FORMAT_ASCII) 681 { 682 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT); 683 goto bad_form; 684 } 685 vtmp.name = NULL; 686 vtmp.section = NULL; 687 vtmp.value = (char *)str; 688 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) 689 { 690 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN); 691 goto bad_str; 692 } 693 break; 694 695 case V_ASN1_INTEGER: 696 case V_ASN1_ENUMERATED: 697 if (format != ASN1_GEN_FORMAT_ASCII) 698 { 699 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); 700 goto bad_form; 701 } 702 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) 703 { 704 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER); 705 goto bad_str; 706 } 707 break; 708 709 case V_ASN1_OBJECT: 710 if (format != ASN1_GEN_FORMAT_ASCII) 711 { 712 OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); 713 goto bad_form; 714 } 715 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) 716 { 717 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT); 718 goto bad_str; 719 } 720 break; 721 722 case V_ASN1_UTCTIME: 723 case V_ASN1_GENERALIZEDTIME: 724 if (format != ASN1_GEN_FORMAT_ASCII) 725 { 726 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); 727 goto bad_form; 728 } 729 if (!(atmp->value.asn1_string = ASN1_STRING_new())) 730 { 731 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 732 goto bad_str; 733 } 734 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) 735 { 736 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 737 goto bad_str; 738 } 739 atmp->value.asn1_string->type = utype; 740 if (!ASN1_TIME_check(atmp->value.asn1_string)) 741 { 742 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE); 743 goto bad_str; 744 } 745 746 break; 747 748 case V_ASN1_BMPSTRING: 749 case V_ASN1_PRINTABLESTRING: 750 case V_ASN1_IA5STRING: 751 case V_ASN1_T61STRING: 752 case V_ASN1_UTF8STRING: 753 case V_ASN1_VISIBLESTRING: 754 case V_ASN1_UNIVERSALSTRING: 755 case V_ASN1_GENERALSTRING: 756 case V_ASN1_NUMERICSTRING: 757 758 if (format == ASN1_GEN_FORMAT_ASCII) 759 format = MBSTRING_ASC; 760 else if (format == ASN1_GEN_FORMAT_UTF8) 761 format = MBSTRING_UTF8; 762 else 763 { 764 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT); 765 goto bad_form; 766 } 767 768 769 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, 770 -1, format, ASN1_tag2bit(utype)) <= 0) 771 { 772 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 773 goto bad_str; 774 } 775 776 777 break; 778 779 case V_ASN1_BIT_STRING: 780 781 case V_ASN1_OCTET_STRING: 782 783 if (!(atmp->value.asn1_string = ASN1_STRING_new())) 784 { 785 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 786 goto bad_form; 787 } 788 789 if (format == ASN1_GEN_FORMAT_HEX) 790 { 791 792 if (!(rdata = string_to_hex((char *)str, &rdlen))) 793 { 794 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); 795 goto bad_str; 796 } 797 798 atmp->value.asn1_string->data = rdata; 799 atmp->value.asn1_string->length = rdlen; 800 atmp->value.asn1_string->type = utype; 801 802 } 803 else if (format == ASN1_GEN_FORMAT_ASCII) 804 ASN1_STRING_set(atmp->value.asn1_string, str, -1); 805 else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING)) 806 { 807 if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string)) 808 { 809 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR); 810 goto bad_str; 811 } 812 no_unused = 0; 813 814 } 815 else 816 { 817 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); 818 goto bad_form; 819 } 820 821 if ((utype == V_ASN1_BIT_STRING) && no_unused) 822 { 823 atmp->value.asn1_string->flags 824 &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); 825 atmp->value.asn1_string->flags 826 |= ASN1_STRING_FLAG_BITS_LEFT; 827 } 828 829 830 break; 831 832 default: 833 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE); 834 goto bad_str; 835 break; 836 } 837 838 839 atmp->type = utype; 840 return atmp; 841 842 843 bad_str: 844 ERR_add_error_data(2, "string=", str); 845 bad_form: 846 847 ASN1_TYPE_free(atmp); 848 return NULL; 849 850 } 851 852static int bitstr_cb(const char *elem, int len, void *bitstr) 853 { 854 long bitnum; 855 char *eptr; 856 if (!elem) 857 return 0; 858 bitnum = strtoul(elem, &eptr, 10); 859 if (eptr && *eptr && (eptr != elem + len)) 860 return 0; 861 if (bitnum < 0) 862 { 863 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); 864 return 0; 865 } 866 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) 867 { 868 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 869 return 0; 870 } 871 return 1; 872 } 873 874