1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58
59 #include <assert.h>
60 #include <stdlib.h>
61 #include <string.h>
62
63 #include <openssl/err.h>
64 #include <openssl/mem.h>
65 #include <openssl/obj.h>
66
67 #include "../internal.h"
68 #include "../lhash/internal.h"
69 #include "internal.h"
70
71
72 DEFINE_LHASH_OF(ASN1_STRING_TABLE)
73
74 static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL;
75 static struct CRYPTO_STATIC_MUTEX string_tables_lock = CRYPTO_STATIC_MUTEX_INIT;
76
ASN1_STRING_set_default_mask(unsigned long mask)77 void ASN1_STRING_set_default_mask(unsigned long mask)
78 {
79 }
80
ASN1_STRING_get_default_mask(void)81 unsigned long ASN1_STRING_get_default_mask(void)
82 {
83 return B_ASN1_UTF8STRING;
84 }
85
ASN1_STRING_set_default_mask_asc(const char * p)86 int ASN1_STRING_set_default_mask_asc(const char *p)
87 {
88 return 1;
89 }
90
91 static const ASN1_STRING_TABLE *asn1_string_table_get(int nid);
92
93 /*
94 * The following function generates an ASN1_STRING based on limits in a
95 * table. Frequently the types and length of an ASN1_STRING are restricted by
96 * a corresponding OID. For example certificates and certificate requests.
97 */
98
ASN1_STRING_set_by_NID(ASN1_STRING ** out,const unsigned char * in,int len,int inform,int nid)99 ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
100 int len, int inform, int nid)
101 {
102 ASN1_STRING *str = NULL;
103 int ret;
104 if (!out) {
105 out = &str;
106 }
107 const ASN1_STRING_TABLE *tbl = asn1_string_table_get(nid);
108 if (tbl != NULL) {
109 unsigned long mask = tbl->mask;
110 if (!(tbl->flags & STABLE_NO_MASK)) {
111 mask &= B_ASN1_UTF8STRING;
112 }
113 ret = ASN1_mbstring_ncopy(out, in, len, inform, mask, tbl->minsize,
114 tbl->maxsize);
115 } else {
116 ret = ASN1_mbstring_copy(out, in, len, inform, B_ASN1_UTF8STRING);
117 }
118 if (ret <= 0) {
119 return NULL;
120 }
121 return *out;
122 }
123
124 /*
125 * Now the tables and helper functions for the string table:
126 */
127
128 /* See RFC 5280. */
129 #define ub_name 32768
130 #define ub_common_name 64
131 #define ub_locality_name 128
132 #define ub_state_name 128
133 #define ub_organization_name 64
134 #define ub_organization_unit_name 64
135 #define ub_email_address 128
136 #define ub_serial_number 64
137
138 /* This table must be kept in NID order */
139
140 static const ASN1_STRING_TABLE tbl_standard[] = {
141 {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
142 {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
143 {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
144 {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
145 {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
146 {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
147 0},
148 {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
149 STABLE_NO_MASK},
150 {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
151 {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
152 {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
153 {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
154 {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
155 {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
156 {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
157 STABLE_NO_MASK},
158 {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
159 {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
160 {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
161 {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
162 {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}
163 };
164
table_cmp(const ASN1_STRING_TABLE * a,const ASN1_STRING_TABLE * b)165 static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
166 {
167 if (a->nid < b->nid) {
168 return -1;
169 }
170 if (a->nid > b->nid) {
171 return 1;
172 }
173 return 0;
174 }
175
table_cmp_void(const void * a,const void * b)176 static int table_cmp_void(const void *a, const void *b)
177 {
178 return table_cmp(a, b);
179 }
180
table_hash(const ASN1_STRING_TABLE * tbl)181 static uint32_t table_hash(const ASN1_STRING_TABLE *tbl)
182 {
183 return OPENSSL_hash32(&tbl->nid, sizeof(tbl->nid));
184 }
185
asn1_string_table_get(int nid)186 static const ASN1_STRING_TABLE *asn1_string_table_get(int nid)
187 {
188 ASN1_STRING_TABLE key;
189 key.nid = nid;
190 const ASN1_STRING_TABLE *tbl =
191 bsearch(&key, tbl_standard, OPENSSL_ARRAY_SIZE(tbl_standard),
192 sizeof(ASN1_STRING_TABLE), table_cmp_void);
193 if (tbl != NULL) {
194 return tbl;
195 }
196
197 CRYPTO_STATIC_MUTEX_lock_read(&string_tables_lock);
198 if (string_tables != NULL) {
199 tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key);
200 }
201 CRYPTO_STATIC_MUTEX_unlock_read(&string_tables_lock);
202 /* Note returning |tbl| without the lock is only safe because
203 * |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we
204 * wish to support that, this function must copy the result under a lock. */
205 return tbl;
206 }
207
ASN1_STRING_TABLE_add(int nid,long minsize,long maxsize,unsigned long mask,unsigned long flags)208 int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
209 unsigned long mask, unsigned long flags)
210 {
211 /* Existing entries cannot be overwritten. */
212 if (asn1_string_table_get(nid) != NULL) {
213 OPENSSL_PUT_ERROR(ASN1, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
214 return 0;
215 }
216
217 int ret = 0;
218 CRYPTO_STATIC_MUTEX_lock_write(&string_tables_lock);
219
220 if (string_tables == NULL) {
221 string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
222 if (string_tables == NULL) {
223 goto err;
224 }
225 } else {
226 /* Check again for an existing entry. One may have been added while
227 * unlocked. */
228 ASN1_STRING_TABLE key;
229 key.nid = nid;
230 if (lh_ASN1_STRING_TABLE_retrieve(string_tables, &key) != NULL) {
231 OPENSSL_PUT_ERROR(ASN1, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
232 goto err;
233 }
234 }
235
236 ASN1_STRING_TABLE *tbl = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
237 if (tbl == NULL) {
238 goto err;
239 }
240 tbl->nid = nid;
241 tbl->flags = flags;
242 tbl->minsize = minsize;
243 tbl->maxsize = maxsize;
244 tbl->mask = mask;
245 ASN1_STRING_TABLE *old_tbl;
246 if (!lh_ASN1_STRING_TABLE_insert(string_tables, &old_tbl, tbl)) {
247 OPENSSL_free(tbl);
248 goto err;
249 }
250 assert(old_tbl == NULL);
251 ret = 1;
252
253 err:
254 CRYPTO_STATIC_MUTEX_unlock_write(&string_tables_lock);
255 return ret;
256 }
257
ASN1_STRING_TABLE_cleanup(void)258 void ASN1_STRING_TABLE_cleanup(void)
259 {
260 }
261
asn1_get_string_table_for_testing(const ASN1_STRING_TABLE ** out_ptr,size_t * out_len)262 void asn1_get_string_table_for_testing(const ASN1_STRING_TABLE **out_ptr,
263 size_t *out_len) {
264 *out_ptr = tbl_standard;
265 *out_len = OPENSSL_ARRAY_SIZE(tbl_standard);
266 }
267