1 /*
2 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "crypto/ctype.h"
12 #include "internal/cryptlib.h"
13 #include <openssl/asn1.h>
14
15 static int traverse_string(const unsigned char *p, int len, int inform,
16 int (*rfunc) (unsigned long value, void *in),
17 void *arg);
18 static int in_utf8(unsigned long value, void *arg);
19 static int out_utf8(unsigned long value, void *arg);
20 static int type_str(unsigned long value, void *arg);
21 static int cpy_asc(unsigned long value, void *arg);
22 static int cpy_bmp(unsigned long value, void *arg);
23 static int cpy_univ(unsigned long value, void *arg);
24 static int cpy_utf8(unsigned long value, void *arg);
25
26 /*
27 * These functions take a string in UTF8, ASCII or multibyte form and a mask
28 * of permissible ASN1 string types. It then works out the minimal type
29 * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8)
30 * and creates a string of the correct type with the supplied data. Yes this is
31 * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
32 * size limits too.
33 */
34
ASN1_mbstring_copy(ASN1_STRING ** out,const unsigned char * in,int len,int inform,unsigned long mask)35 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
36 int inform, unsigned long mask)
37 {
38 return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
39 }
40
ASN1_mbstring_ncopy(ASN1_STRING ** out,const unsigned char * in,int len,int inform,unsigned long mask,long minsize,long maxsize)41 int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
42 int inform, unsigned long mask,
43 long minsize, long maxsize)
44 {
45 int str_type;
46 int ret;
47 char free_out;
48 int outform, outlen = 0;
49 ASN1_STRING *dest;
50 unsigned char *p;
51 int nchar;
52 char strbuf[32];
53 int (*cpyfunc) (unsigned long, void *) = NULL;
54 if (len == -1)
55 len = strlen((const char *)in);
56 if (!mask)
57 mask = DIRSTRING_TYPE;
58
59 /* First do a string check and work out the number of characters */
60 switch (inform) {
61
62 case MBSTRING_BMP:
63 if (len & 1) {
64 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
65 ASN1_R_INVALID_BMPSTRING_LENGTH);
66 return -1;
67 }
68 nchar = len >> 1;
69 break;
70
71 case MBSTRING_UNIV:
72 if (len & 3) {
73 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
74 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
75 return -1;
76 }
77 nchar = len >> 2;
78 break;
79
80 case MBSTRING_UTF8:
81 nchar = 0;
82 /* This counts the characters and does utf8 syntax checking */
83 ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
84 if (ret < 0) {
85 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
86 return -1;
87 }
88 break;
89
90 case MBSTRING_ASC:
91 nchar = len;
92 break;
93
94 default:
95 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
96 return -1;
97 }
98
99 if ((minsize > 0) && (nchar < minsize)) {
100 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
101 BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize);
102 ERR_add_error_data(2, "minsize=", strbuf);
103 return -1;
104 }
105
106 if ((maxsize > 0) && (nchar > maxsize)) {
107 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
108 BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize);
109 ERR_add_error_data(2, "maxsize=", strbuf);
110 return -1;
111 }
112
113 /* Now work out minimal type (if any) */
114 if (traverse_string(in, len, inform, type_str, &mask) < 0) {
115 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
116 return -1;
117 }
118
119 /* Now work out output format and string type */
120 outform = MBSTRING_ASC;
121 if (mask & B_ASN1_NUMERICSTRING)
122 str_type = V_ASN1_NUMERICSTRING;
123 else if (mask & B_ASN1_PRINTABLESTRING)
124 str_type = V_ASN1_PRINTABLESTRING;
125 else if (mask & B_ASN1_IA5STRING)
126 str_type = V_ASN1_IA5STRING;
127 else if (mask & B_ASN1_T61STRING)
128 str_type = V_ASN1_T61STRING;
129 else if (mask & B_ASN1_BMPSTRING) {
130 str_type = V_ASN1_BMPSTRING;
131 outform = MBSTRING_BMP;
132 } else if (mask & B_ASN1_UNIVERSALSTRING) {
133 str_type = V_ASN1_UNIVERSALSTRING;
134 outform = MBSTRING_UNIV;
135 } else {
136 str_type = V_ASN1_UTF8STRING;
137 outform = MBSTRING_UTF8;
138 }
139 if (!out)
140 return str_type;
141 if (*out) {
142 free_out = 0;
143 dest = *out;
144 OPENSSL_free(dest->data);
145 dest->data = NULL;
146 dest->length = 0;
147 dest->type = str_type;
148 } else {
149 free_out = 1;
150 dest = ASN1_STRING_type_new(str_type);
151 if (dest == NULL) {
152 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
153 return -1;
154 }
155 *out = dest;
156 }
157 /* If both the same type just copy across */
158 if (inform == outform) {
159 if (!ASN1_STRING_set(dest, in, len)) {
160 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
161 return -1;
162 }
163 return str_type;
164 }
165
166 /* Work out how much space the destination will need */
167 switch (outform) {
168 case MBSTRING_ASC:
169 outlen = nchar;
170 cpyfunc = cpy_asc;
171 break;
172
173 case MBSTRING_BMP:
174 outlen = nchar << 1;
175 cpyfunc = cpy_bmp;
176 break;
177
178 case MBSTRING_UNIV:
179 outlen = nchar << 2;
180 cpyfunc = cpy_univ;
181 break;
182
183 case MBSTRING_UTF8:
184 outlen = 0;
185 traverse_string(in, len, inform, out_utf8, &outlen);
186 cpyfunc = cpy_utf8;
187 break;
188 }
189 if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
190 if (free_out)
191 ASN1_STRING_free(dest);
192 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
193 return -1;
194 }
195 dest->length = outlen;
196 dest->data = p;
197 p[outlen] = 0;
198 traverse_string(in, len, inform, cpyfunc, &p);
199 return str_type;
200 }
201
202 /*
203 * This function traverses a string and passes the value of each character to
204 * an optional function along with a void * argument.
205 */
206
traverse_string(const unsigned char * p,int len,int inform,int (* rfunc)(unsigned long value,void * in),void * arg)207 static int traverse_string(const unsigned char *p, int len, int inform,
208 int (*rfunc) (unsigned long value, void *in),
209 void *arg)
210 {
211 unsigned long value;
212 int ret;
213 while (len) {
214 if (inform == MBSTRING_ASC) {
215 value = *p++;
216 len--;
217 } else if (inform == MBSTRING_BMP) {
218 value = *p++ << 8;
219 value |= *p++;
220 len -= 2;
221 } else if (inform == MBSTRING_UNIV) {
222 value = ((unsigned long)*p++) << 24;
223 value |= ((unsigned long)*p++) << 16;
224 value |= *p++ << 8;
225 value |= *p++;
226 len -= 4;
227 } else {
228 ret = UTF8_getc(p, len, &value);
229 if (ret < 0)
230 return -1;
231 len -= ret;
232 p += ret;
233 }
234 if (rfunc) {
235 ret = rfunc(value, arg);
236 if (ret <= 0)
237 return ret;
238 }
239 }
240 return 1;
241 }
242
243 /* Various utility functions for traverse_string */
244
245 /* Just count number of characters */
246
in_utf8(unsigned long value,void * arg)247 static int in_utf8(unsigned long value, void *arg)
248 {
249 int *nchar;
250 nchar = arg;
251 (*nchar)++;
252 return 1;
253 }
254
255 /* Determine size of output as a UTF8 String */
256
out_utf8(unsigned long value,void * arg)257 static int out_utf8(unsigned long value, void *arg)
258 {
259 int *outlen;
260 outlen = arg;
261 *outlen += UTF8_putc(NULL, -1, value);
262 return 1;
263 }
264
265 /*
266 * Determine the "type" of a string: check each character against a supplied
267 * "mask".
268 */
269
type_str(unsigned long value,void * arg)270 static int type_str(unsigned long value, void *arg)
271 {
272 unsigned long types = *((unsigned long *)arg);
273 const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value);
274
275 if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native)
276 || native == ' '))
277 types &= ~B_ASN1_NUMERICSTRING;
278 if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native))
279 types &= ~B_ASN1_PRINTABLESTRING;
280 if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native))
281 types &= ~B_ASN1_IA5STRING;
282 if ((types & B_ASN1_T61STRING) && (value > 0xff))
283 types &= ~B_ASN1_T61STRING;
284 if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
285 types &= ~B_ASN1_BMPSTRING;
286 if (!types)
287 return -1;
288 *((unsigned long *)arg) = types;
289 return 1;
290 }
291
292 /* Copy one byte per character ASCII like strings */
293
cpy_asc(unsigned long value,void * arg)294 static int cpy_asc(unsigned long value, void *arg)
295 {
296 unsigned char **p, *q;
297 p = arg;
298 q = *p;
299 *q = (unsigned char)value;
300 (*p)++;
301 return 1;
302 }
303
304 /* Copy two byte per character BMPStrings */
305
cpy_bmp(unsigned long value,void * arg)306 static int cpy_bmp(unsigned long value, void *arg)
307 {
308 unsigned char **p, *q;
309 p = arg;
310 q = *p;
311 *q++ = (unsigned char)((value >> 8) & 0xff);
312 *q = (unsigned char)(value & 0xff);
313 *p += 2;
314 return 1;
315 }
316
317 /* Copy four byte per character UniversalStrings */
318
cpy_univ(unsigned long value,void * arg)319 static int cpy_univ(unsigned long value, void *arg)
320 {
321 unsigned char **p, *q;
322 p = arg;
323 q = *p;
324 *q++ = (unsigned char)((value >> 24) & 0xff);
325 *q++ = (unsigned char)((value >> 16) & 0xff);
326 *q++ = (unsigned char)((value >> 8) & 0xff);
327 *q = (unsigned char)(value & 0xff);
328 *p += 4;
329 return 1;
330 }
331
332 /* Copy to a UTF8String */
333
cpy_utf8(unsigned long value,void * arg)334 static int cpy_utf8(unsigned long value, void *arg)
335 {
336 unsigned char **p;
337 int ret;
338 p = arg;
339 /* We already know there is enough room so pass 0xff as the length */
340 ret = UTF8_putc(*p, 0xff, value);
341 *p += ret;
342 return 1;
343 }
344