1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] */ 56 57#include <openssl/x509.h> 58 59#include <string.h> 60 61#include <openssl/asn1.h> 62#include <openssl/err.h> 63#include <openssl/mem.h> 64#include <openssl/obj.h> 65#include <openssl/x509v3.h> 66 67#include "../internal.h" 68 69/* 70 * Although this file is in crypto/x509 for layering purposes, it emits 71 * errors from the ASN.1 module for OpenSSL compatibility. 72 */ 73 74#define ASN1_GEN_FLAG 0x10000 75#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) 76#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) 77#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) 78#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) 79#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) 80#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) 81#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) 82#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) 83 84#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} 85 86#define ASN1_FLAG_EXP_MAX 20 87 88/* Input formats */ 89 90/* ASCII: default */ 91#define ASN1_GEN_FORMAT_ASCII 1 92/* UTF8 */ 93#define ASN1_GEN_FORMAT_UTF8 2 94/* Hex */ 95#define ASN1_GEN_FORMAT_HEX 3 96/* List of bits */ 97#define ASN1_GEN_FORMAT_BITLIST 4 98 99struct tag_name_st { 100 const char *strnam; 101 int len; 102 int tag; 103}; 104 105typedef struct { 106 int exp_tag; 107 int exp_class; 108 int exp_constructed; 109 int exp_pad; 110 long exp_len; 111} tag_exp_type; 112 113typedef struct { 114 int imp_tag; 115 int imp_class; 116 int utype; 117 int format; 118 const char *str; 119 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; 120 int exp_count; 121} tag_exp_arg; 122 123static int bitstr_cb(const char *elem, int len, void *bitstr); 124static int asn1_cb(const char *elem, int len, void *bitstr); 125static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 126 int exp_constructed, int exp_pad, int imp_ok); 127static int parse_tagging(const char *vstart, int vlen, int *ptag, 128 int *pclass); 129static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf); 130static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); 131static int asn1_str2tag(const char *tagstr, int len); 132 133ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) 134{ 135 X509V3_CTX cnf; 136 137 if (!nconf) 138 return ASN1_generate_v3(str, NULL); 139 140 X509V3_set_nconf(&cnf, nconf); 141 return ASN1_generate_v3(str, &cnf); 142} 143 144ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) 145{ 146 ASN1_TYPE *ret; 147 tag_exp_arg asn1_tags; 148 tag_exp_type *etmp; 149 150 int i, len; 151 152 unsigned char *orig_der = NULL, *new_der = NULL; 153 const unsigned char *cpy_start; 154 unsigned char *p; 155 const unsigned char *cp; 156 int cpy_len; 157 long hdr_len = 0; 158 int hdr_constructed = 0, hdr_tag, hdr_class; 159 int r; 160 161 asn1_tags.imp_tag = -1; 162 asn1_tags.imp_class = -1; 163 asn1_tags.format = ASN1_GEN_FORMAT_ASCII; 164 asn1_tags.exp_count = 0; 165 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) 166 return NULL; 167 168 if ((asn1_tags.utype == V_ASN1_SEQUENCE) 169 || (asn1_tags.utype == V_ASN1_SET)) { 170 if (!cnf) { 171 OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG); 172 return NULL; 173 } 174 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf); 175 } else 176 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); 177 178 if (!ret) 179 return NULL; 180 181 /* If no tagging return base type */ 182 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) 183 return ret; 184 185 /* Generate the encoding */ 186 cpy_len = i2d_ASN1_TYPE(ret, &orig_der); 187 ASN1_TYPE_free(ret); 188 ret = NULL; 189 /* Set point to start copying for modified encoding */ 190 cpy_start = orig_der; 191 192 /* Do we need IMPLICIT tagging? */ 193 if (asn1_tags.imp_tag != -1) { 194 /* If IMPLICIT we will replace the underlying tag */ 195 /* Skip existing tag+len */ 196 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, 197 cpy_len); 198 if (r & 0x80) 199 goto err; 200 /* Update copy length */ 201 cpy_len -= cpy_start - orig_der; 202 /* 203 * For IMPLICIT tagging the length should match the original length 204 * and constructed flag should be consistent. 205 */ 206 if (r & 0x1) { 207 /* Indefinite length constructed */ 208 hdr_constructed = 2; 209 hdr_len = 0; 210 } else 211 /* Just retain constructed flag */ 212 hdr_constructed = r & V_ASN1_CONSTRUCTED; 213 /* 214 * Work out new length with IMPLICIT tag: ignore constructed because 215 * it will mess up if indefinite length 216 */ 217 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); 218 } else 219 len = cpy_len; 220 221 /* Work out length in any EXPLICIT, starting from end */ 222 223 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; 224 i < asn1_tags.exp_count; i++, etmp--) { 225 /* Content length: number of content octets + any padding */ 226 len += etmp->exp_pad; 227 etmp->exp_len = len; 228 /* Total object length: length including new header */ 229 len = ASN1_object_size(0, len, etmp->exp_tag); 230 } 231 232 /* Allocate buffer for new encoding */ 233 234 new_der = OPENSSL_malloc(len); 235 if (!new_der) 236 goto err; 237 238 /* Generate tagged encoding */ 239 240 p = new_der; 241 242 /* Output explicit tags first */ 243 244 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; 245 i++, etmp++) { 246 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, 247 etmp->exp_tag, etmp->exp_class); 248 if (etmp->exp_pad) 249 *p++ = 0; 250 } 251 252 /* If IMPLICIT, output tag */ 253 254 if (asn1_tags.imp_tag != -1) { 255 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 256 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE 257 || asn1_tags.imp_tag == V_ASN1_SET)) 258 hdr_constructed = V_ASN1_CONSTRUCTED; 259 ASN1_put_object(&p, hdr_constructed, hdr_len, 260 asn1_tags.imp_tag, asn1_tags.imp_class); 261 } 262 263 /* Copy across original encoding */ 264 OPENSSL_memcpy(p, cpy_start, cpy_len); 265 266 cp = new_der; 267 268 /* Obtain new ASN1_TYPE structure */ 269 ret = d2i_ASN1_TYPE(NULL, &cp, len); 270 271 err: 272 if (orig_der) 273 OPENSSL_free(orig_der); 274 if (new_der) 275 OPENSSL_free(new_der); 276 277 return ret; 278 279} 280 281static int asn1_cb(const char *elem, int len, void *bitstr) 282{ 283 tag_exp_arg *arg = bitstr; 284 int i; 285 int utype; 286 int vlen = 0; 287 const char *p, *vstart = NULL; 288 289 int tmp_tag, tmp_class; 290 291 if (elem == NULL) 292 return 0; 293 294 for (i = 0, p = elem; i < len; p++, i++) { 295 /* Look for the ':' in name value pairs */ 296 if (*p == ':') { 297 vstart = p + 1; 298 vlen = len - (vstart - elem); 299 len = p - elem; 300 break; 301 } 302 } 303 304 utype = asn1_str2tag(elem, len); 305 306 if (utype == -1) { 307 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG); 308 ERR_add_error_data(2, "tag=", elem); 309 return -1; 310 } 311 312 /* If this is not a modifier mark end of string and exit */ 313 if (!(utype & ASN1_GEN_FLAG)) { 314 arg->utype = utype; 315 arg->str = vstart; 316 /* If no value and not end of string, error */ 317 if (!vstart && elem[len]) { 318 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE); 319 return -1; 320 } 321 return 0; 322 } 323 324 switch (utype) { 325 326 case ASN1_GEN_FLAG_IMP: 327 /* Check for illegal multiple IMPLICIT tagging */ 328 if (arg->imp_tag != -1) { 329 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); 330 return -1; 331 } 332 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) 333 return -1; 334 break; 335 336 case ASN1_GEN_FLAG_EXP: 337 338 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) 339 return -1; 340 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) 341 return -1; 342 break; 343 344 case ASN1_GEN_FLAG_SEQWRAP: 345 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) 346 return -1; 347 break; 348 349 case ASN1_GEN_FLAG_SETWRAP: 350 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) 351 return -1; 352 break; 353 354 case ASN1_GEN_FLAG_BITWRAP: 355 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) 356 return -1; 357 break; 358 359 case ASN1_GEN_FLAG_OCTWRAP: 360 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) 361 return -1; 362 break; 363 364 case ASN1_GEN_FLAG_FORMAT: 365 if (!vstart) { 366 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); 367 return -1; 368 } 369 if (!strncmp(vstart, "ASCII", 5)) 370 arg->format = ASN1_GEN_FORMAT_ASCII; 371 else if (!strncmp(vstart, "UTF8", 4)) 372 arg->format = ASN1_GEN_FORMAT_UTF8; 373 else if (!strncmp(vstart, "HEX", 3)) 374 arg->format = ASN1_GEN_FORMAT_HEX; 375 else if (!strncmp(vstart, "BITLIST", 7)) 376 arg->format = ASN1_GEN_FORMAT_BITLIST; 377 else { 378 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT); 379 return -1; 380 } 381 break; 382 383 } 384 385 return 1; 386 387} 388 389static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) 390{ 391 char erch[2]; 392 long tag_num; 393 char *eptr; 394 if (!vstart) 395 return 0; 396 tag_num = strtoul(vstart, &eptr, 10); 397 /* Check we haven't gone past max length: should be impossible */ 398 if (eptr && *eptr && (eptr > vstart + vlen)) 399 return 0; 400 if (tag_num < 0) { 401 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); 402 return 0; 403 } 404 *ptag = tag_num; 405 /* If we have non numeric characters, parse them */ 406 if (eptr) 407 vlen -= eptr - vstart; 408 else 409 vlen = 0; 410 if (vlen) { 411 switch (*eptr) { 412 413 case 'U': 414 *pclass = V_ASN1_UNIVERSAL; 415 break; 416 417 case 'A': 418 *pclass = V_ASN1_APPLICATION; 419 break; 420 421 case 'P': 422 *pclass = V_ASN1_PRIVATE; 423 break; 424 425 case 'C': 426 *pclass = V_ASN1_CONTEXT_SPECIFIC; 427 break; 428 429 default: 430 erch[0] = *eptr; 431 erch[1] = 0; 432 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER); 433 ERR_add_error_data(2, "Char=", erch); 434 return 0; 435 break; 436 437 } 438 } else 439 *pclass = V_ASN1_CONTEXT_SPECIFIC; 440 441 return 1; 442 443} 444 445/* Handle multiple types: SET and SEQUENCE */ 446 447static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf) 448{ 449 ASN1_TYPE *ret = NULL; 450 STACK_OF(ASN1_TYPE) *sk = NULL; 451 STACK_OF(CONF_VALUE) *sect = NULL; 452 unsigned char *der = NULL; 453 int derlen; 454 size_t i; 455 sk = sk_ASN1_TYPE_new_null(); 456 if (!sk) 457 goto bad; 458 if (section) { 459 if (!cnf) 460 goto bad; 461 sect = X509V3_get_section(cnf, (char *)section); 462 if (!sect) 463 goto bad; 464 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 465 ASN1_TYPE *typ = 466 ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf); 467 if (!typ) 468 goto bad; 469 if (!sk_ASN1_TYPE_push(sk, typ)) 470 goto bad; 471 } 472 } 473 474 /* 475 * Now we has a STACK of the components, convert to the correct form 476 */ 477 478 if (utype == V_ASN1_SET) 479 derlen = i2d_ASN1_SET_ANY(sk, &der); 480 else 481 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); 482 483 if (derlen < 0) 484 goto bad; 485 486 if (!(ret = ASN1_TYPE_new())) 487 goto bad; 488 489 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) 490 goto bad; 491 492 ret->type = utype; 493 494 ret->value.asn1_string->data = der; 495 ret->value.asn1_string->length = derlen; 496 497 der = NULL; 498 499 bad: 500 501 if (der) 502 OPENSSL_free(der); 503 504 if (sk) 505 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); 506 if (sect) 507 X509V3_section_free(cnf, sect); 508 509 return ret; 510} 511 512static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 513 int exp_constructed, int exp_pad, int imp_ok) 514{ 515 tag_exp_type *exp_tmp; 516 /* Can only have IMPLICIT if permitted */ 517 if ((arg->imp_tag != -1) && !imp_ok) { 518 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); 519 return 0; 520 } 521 522 if (arg->exp_count == ASN1_FLAG_EXP_MAX) { 523 OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED); 524 return 0; 525 } 526 527 exp_tmp = &arg->exp_list[arg->exp_count++]; 528 529 /* 530 * If IMPLICIT set tag to implicit value then reset implicit tag since it 531 * has been used. 532 */ 533 if (arg->imp_tag != -1) { 534 exp_tmp->exp_tag = arg->imp_tag; 535 exp_tmp->exp_class = arg->imp_class; 536 arg->imp_tag = -1; 537 arg->imp_class = -1; 538 } else { 539 exp_tmp->exp_tag = exp_tag; 540 exp_tmp->exp_class = exp_class; 541 } 542 exp_tmp->exp_constructed = exp_constructed; 543 exp_tmp->exp_pad = exp_pad; 544 545 return 1; 546} 547 548static int asn1_str2tag(const char *tagstr, int len) 549{ 550 unsigned int i; 551 static const struct tag_name_st *tntmp, tnst[] = { 552 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), 553 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), 554 ASN1_GEN_STR("NULL", V_ASN1_NULL), 555 ASN1_GEN_STR("INT", V_ASN1_INTEGER), 556 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), 557 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), 558 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), 559 ASN1_GEN_STR("OID", V_ASN1_OBJECT), 560 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), 561 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), 562 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), 563 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), 564 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), 565 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), 566 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), 567 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), 568 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), 569 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), 570 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), 571 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), 572 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), 573 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), 574 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), 575 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), 576 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), 577 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), 578 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), 579 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), 580 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), 581 ASN1_GEN_STR("T61", V_ASN1_T61STRING), 582 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), 583 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), 584 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), 585 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), 586 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), 587 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), 588 589 /* Special cases */ 590 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), 591 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), 592 ASN1_GEN_STR("SET", V_ASN1_SET), 593 /* type modifiers */ 594 /* Explicit tag */ 595 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), 596 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), 597 /* Implicit tag */ 598 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), 599 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), 600 /* OCTET STRING wrapper */ 601 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), 602 /* SEQUENCE wrapper */ 603 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), 604 /* SET wrapper */ 605 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), 606 /* BIT STRING wrapper */ 607 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), 608 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), 609 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), 610 }; 611 612 if (len == -1) 613 len = strlen(tagstr); 614 615 tntmp = tnst; 616 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { 617 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) 618 return tntmp->tag; 619 } 620 621 return -1; 622} 623 624static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) 625{ 626 ASN1_TYPE *atmp = NULL; 627 628 CONF_VALUE vtmp; 629 630 unsigned char *rdata; 631 long rdlen; 632 633 int no_unused = 1; 634 635 if (!(atmp = ASN1_TYPE_new())) { 636 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 637 return NULL; 638 } 639 640 if (!str) 641 str = ""; 642 643 switch (utype) { 644 645 case V_ASN1_NULL: 646 if (str && *str) { 647 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE); 648 goto bad_form; 649 } 650 break; 651 652 case V_ASN1_BOOLEAN: 653 if (format != ASN1_GEN_FORMAT_ASCII) { 654 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT); 655 goto bad_form; 656 } 657 vtmp.name = NULL; 658 vtmp.section = NULL; 659 vtmp.value = (char *)str; 660 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { 661 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN); 662 goto bad_str; 663 } 664 break; 665 666 case V_ASN1_INTEGER: 667 case V_ASN1_ENUMERATED: 668 if (format != ASN1_GEN_FORMAT_ASCII) { 669 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); 670 goto bad_form; 671 } 672 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { 673 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER); 674 goto bad_str; 675 } 676 break; 677 678 case V_ASN1_OBJECT: 679 if (format != ASN1_GEN_FORMAT_ASCII) { 680 OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); 681 goto bad_form; 682 } 683 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { 684 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT); 685 goto bad_str; 686 } 687 break; 688 689 case V_ASN1_UTCTIME: 690 case V_ASN1_GENERALIZEDTIME: 691 if (format != ASN1_GEN_FORMAT_ASCII) { 692 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); 693 goto bad_form; 694 } 695 if (!(atmp->value.asn1_string = ASN1_STRING_new())) { 696 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 697 goto bad_str; 698 } 699 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { 700 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 701 goto bad_str; 702 } 703 atmp->value.asn1_string->type = utype; 704 if (!ASN1_TIME_check(atmp->value.asn1_string)) { 705 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE); 706 goto bad_str; 707 } 708 709 break; 710 711 case V_ASN1_BMPSTRING: 712 case V_ASN1_PRINTABLESTRING: 713 case V_ASN1_IA5STRING: 714 case V_ASN1_T61STRING: 715 case V_ASN1_UTF8STRING: 716 case V_ASN1_VISIBLESTRING: 717 case V_ASN1_UNIVERSALSTRING: 718 case V_ASN1_GENERALSTRING: 719 case V_ASN1_NUMERICSTRING: 720 721 if (format == ASN1_GEN_FORMAT_ASCII) 722 format = MBSTRING_ASC; 723 else if (format == ASN1_GEN_FORMAT_UTF8) 724 format = MBSTRING_UTF8; 725 else { 726 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT); 727 goto bad_form; 728 } 729 730 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, 731 -1, format, ASN1_tag2bit(utype)) <= 0) { 732 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 733 goto bad_str; 734 } 735 736 break; 737 738 case V_ASN1_BIT_STRING: 739 740 case V_ASN1_OCTET_STRING: 741 742 if (!(atmp->value.asn1_string = ASN1_STRING_new())) { 743 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 744 goto bad_form; 745 } 746 747 if (format == ASN1_GEN_FORMAT_HEX) { 748 749 if (!(rdata = string_to_hex((char *)str, &rdlen))) { 750 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX); 751 goto bad_str; 752 } 753 754 atmp->value.asn1_string->data = rdata; 755 atmp->value.asn1_string->length = rdlen; 756 atmp->value.asn1_string->type = utype; 757 758 } else if (format == ASN1_GEN_FORMAT_ASCII) 759 ASN1_STRING_set(atmp->value.asn1_string, str, -1); 760 else if ((format == ASN1_GEN_FORMAT_BITLIST) 761 && (utype == V_ASN1_BIT_STRING)) { 762 if (!CONF_parse_list 763 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { 764 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR); 765 goto bad_str; 766 } 767 no_unused = 0; 768 769 } else { 770 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); 771 goto bad_form; 772 } 773 774 if ((utype == V_ASN1_BIT_STRING) && no_unused) { 775 atmp->value.asn1_string->flags 776 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 777 atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; 778 } 779 780 break; 781 782 default: 783 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE); 784 goto bad_str; 785 break; 786 } 787 788 atmp->type = utype; 789 return atmp; 790 791 bad_str: 792 ERR_add_error_data(2, "string=", str); 793 bad_form: 794 795 ASN1_TYPE_free(atmp); 796 return NULL; 797 798} 799 800static int bitstr_cb(const char *elem, int len, void *bitstr) 801{ 802 long bitnum; 803 char *eptr; 804 if (!elem) 805 return 0; 806 bitnum = strtoul(elem, &eptr, 10); 807 if (eptr && *eptr && (eptr != elem + len)) 808 return 0; 809 if (bitnum < 0) { 810 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER); 811 return 0; 812 } 813 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { 814 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE); 815 return 0; 816 } 817 return 1; 818} 819