1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/x509.h>
58
59 #include <string.h>
60
61 #include <openssl/asn1.h>
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64 #include <openssl/obj.h>
65 #include <openssl/x509v3.h>
66
67 #include "../internal.h"
68
69
70 /* Although this file is in crypto/x509 for layering purposes, it emits errors
71 * from the ASN.1 module for OpenSSL compatibility. */
72
73 #define ASN1_GEN_FLAG 0x10000
74 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
75 #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
76 #define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
77 #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
78 #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
79 #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
80 #define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
81 #define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
82
83 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
84
85 #define ASN1_FLAG_EXP_MAX 20
86
87 /* Input formats */
88
89 /* ASCII: default */
90 #define ASN1_GEN_FORMAT_ASCII 1
91 /* UTF8 */
92 #define ASN1_GEN_FORMAT_UTF8 2
93 /* Hex */
94 #define ASN1_GEN_FORMAT_HEX 3
95 /* List of bits */
96 #define ASN1_GEN_FORMAT_BITLIST 4
97
98
99 struct tag_name_st
100 {
101 const char *strnam;
102 int len;
103 int tag;
104 };
105
106 typedef struct
107 {
108 int exp_tag;
109 int exp_class;
110 int exp_constructed;
111 int exp_pad;
112 long exp_len;
113 } tag_exp_type;
114
115 typedef struct
116 {
117 int imp_tag;
118 int imp_class;
119 int utype;
120 int format;
121 const char *str;
122 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
123 int exp_count;
124 } tag_exp_arg;
125
126 static int bitstr_cb(const char *elem, int len, void *bitstr);
127 static int asn1_cb(const char *elem, int len, void *bitstr);
128 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
129 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
130 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
131 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
132 static int asn1_str2tag(const char *tagstr, int len);
133
ASN1_generate_nconf(char * str,CONF * nconf)134 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
135 {
136 X509V3_CTX cnf;
137
138 if (!nconf)
139 return ASN1_generate_v3(str, NULL);
140
141 X509V3_set_nconf(&cnf, nconf);
142 return ASN1_generate_v3(str, &cnf);
143 }
144
ASN1_generate_v3(char * str,X509V3_CTX * cnf)145 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
146 OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS
147 {
148 ASN1_TYPE *ret;
149 tag_exp_arg asn1_tags;
150 tag_exp_type *etmp;
151
152 int i, len;
153
154 unsigned char *orig_der = NULL, *new_der = NULL;
155 const unsigned char *cpy_start;
156 unsigned char *p;
157 const unsigned char *cp;
158 int cpy_len;
159 long hdr_len;
160 int hdr_constructed = 0, hdr_tag, hdr_class;
161 int r;
162
163 asn1_tags.imp_tag = -1;
164 asn1_tags.imp_class = -1;
165 asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
166 asn1_tags.exp_count = 0;
167 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
168 return NULL;
169
170 if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
171 {
172 if (!cnf)
173 {
174 OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
175 return NULL;
176 }
177 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
178 }
179 else
180 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
181
182 if (!ret)
183 return NULL;
184
185 /* If no tagging return base type */
186 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
187 return ret;
188
189 /* Generate the encoding */
190 cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
191 ASN1_TYPE_free(ret);
192 ret = NULL;
193 /* Set point to start copying for modified encoding */
194 cpy_start = orig_der;
195
196 /* Do we need IMPLICIT tagging? */
197 if (asn1_tags.imp_tag != -1)
198 {
199 /* If IMPLICIT we will replace the underlying tag */
200 /* Skip existing tag+len */
201 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
202 if (r & 0x80)
203 goto err;
204 /* Update copy length */
205 cpy_len -= cpy_start - orig_der;
206 /* For IMPLICIT tagging the length should match the
207 * original length and constructed flag should be
208 * consistent.
209 */
210 if (r & 0x1)
211 {
212 /* Indefinite length constructed */
213 hdr_constructed = 2;
214 hdr_len = 0;
215 }
216 else
217 /* Just retain constructed flag */
218 hdr_constructed = r & V_ASN1_CONSTRUCTED;
219 /* Work out new length with IMPLICIT tag: ignore constructed
220 * because it will mess up if indefinite length
221 */
222 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
223 }
224 else
225 len = cpy_len;
226
227 /* Work out length in any EXPLICIT, starting from end */
228
229 for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
230 {
231 /* Content length: number of content octets + any padding */
232 len += etmp->exp_pad;
233 etmp->exp_len = len;
234 /* Total object length: length including new header */
235 len = ASN1_object_size(0, len, etmp->exp_tag);
236 }
237
238 /* Allocate buffer for new encoding */
239
240 new_der = OPENSSL_malloc(len);
241 if (!new_der)
242 goto err;
243
244 /* Generate tagged encoding */
245
246 p = new_der;
247
248 /* Output explicit tags first */
249
250 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
251 {
252 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
253 etmp->exp_tag, etmp->exp_class);
254 if (etmp->exp_pad)
255 *p++ = 0;
256 }
257
258 /* If IMPLICIT, output tag */
259
260 if (asn1_tags.imp_tag != -1)
261 {
262 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
263 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
264 || asn1_tags.imp_tag == V_ASN1_SET) )
265 hdr_constructed = V_ASN1_CONSTRUCTED;
266 ASN1_put_object(&p, hdr_constructed, hdr_len,
267 asn1_tags.imp_tag, asn1_tags.imp_class);
268 }
269
270 /* Copy across original encoding */
271 memcpy(p, cpy_start, cpy_len);
272
273 cp = new_der;
274
275 /* Obtain new ASN1_TYPE structure */
276 ret = d2i_ASN1_TYPE(NULL, &cp, len);
277
278 err:
279 if (orig_der)
280 OPENSSL_free(orig_der);
281 if (new_der)
282 OPENSSL_free(new_der);
283
284 return ret;
285
286 }
287
asn1_cb(const char * elem,int len,void * bitstr)288 static int asn1_cb(const char *elem, int len, void *bitstr)
289 {
290 tag_exp_arg *arg = bitstr;
291 int i;
292 int utype;
293 int vlen = 0;
294 const char *p, *vstart = NULL;
295
296 int tmp_tag, tmp_class;
297
298 if (elem == NULL)
299 return 0;
300
301 for(i = 0, p = elem; i < len; p++, i++)
302 {
303 /* Look for the ':' in name value pairs */
304 if (*p == ':')
305 {
306 vstart = p + 1;
307 vlen = len - (vstart - elem);
308 len = p - elem;
309 break;
310 }
311 }
312
313 utype = asn1_str2tag(elem, len);
314
315 if (utype == -1)
316 {
317 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);
318 ERR_add_error_data(2, "tag=", elem);
319 return -1;
320 }
321
322 /* If this is not a modifier mark end of string and exit */
323 if (!(utype & ASN1_GEN_FLAG))
324 {
325 arg->utype = utype;
326 arg->str = vstart;
327 /* If no value and not end of string, error */
328 if (!vstart && elem[len])
329 {
330 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
331 return -1;
332 }
333 return 0;
334 }
335
336 switch(utype)
337 {
338
339 case ASN1_GEN_FLAG_IMP:
340 /* Check for illegal multiple IMPLICIT tagging */
341 if (arg->imp_tag != -1)
342 {
343 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);
344 return -1;
345 }
346 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
347 return -1;
348 break;
349
350 case ASN1_GEN_FLAG_EXP:
351
352 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
353 return -1;
354 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
355 return -1;
356 break;
357
358 case ASN1_GEN_FLAG_SEQWRAP:
359 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
360 return -1;
361 break;
362
363 case ASN1_GEN_FLAG_SETWRAP:
364 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
365 return -1;
366 break;
367
368 case ASN1_GEN_FLAG_BITWRAP:
369 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
370 return -1;
371 break;
372
373 case ASN1_GEN_FLAG_OCTWRAP:
374 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
375 return -1;
376 break;
377
378 case ASN1_GEN_FLAG_FORMAT:
379 if (!vstart)
380 {
381 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
382 return -1;
383 }
384 if (!strncmp(vstart, "ASCII", 5))
385 arg->format = ASN1_GEN_FORMAT_ASCII;
386 else if (!strncmp(vstart, "UTF8", 4))
387 arg->format = ASN1_GEN_FORMAT_UTF8;
388 else if (!strncmp(vstart, "HEX", 3))
389 arg->format = ASN1_GEN_FORMAT_HEX;
390 else if (!strncmp(vstart, "BITLIST", 7))
391 arg->format = ASN1_GEN_FORMAT_BITLIST;
392 else
393 {
394 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
395 return -1;
396 }
397 break;
398
399 }
400
401 return 1;
402
403 }
404
parse_tagging(const char * vstart,int vlen,int * ptag,int * pclass)405 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
406 {
407 char erch[2];
408 long tag_num;
409 char *eptr;
410 if (!vstart)
411 return 0;
412 tag_num = strtoul(vstart, &eptr, 10);
413 /* Check we haven't gone past max length: should be impossible */
414 if (eptr && *eptr && (eptr > vstart + vlen))
415 return 0;
416 if (tag_num < 0)
417 {
418 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
419 return 0;
420 }
421 *ptag = tag_num;
422 /* If we have non numeric characters, parse them */
423 if (eptr)
424 vlen -= eptr - vstart;
425 else
426 vlen = 0;
427 if (vlen)
428 {
429 switch (*eptr)
430 {
431
432 case 'U':
433 *pclass = V_ASN1_UNIVERSAL;
434 break;
435
436 case 'A':
437 *pclass = V_ASN1_APPLICATION;
438 break;
439
440 case 'P':
441 *pclass = V_ASN1_PRIVATE;
442 break;
443
444 case 'C':
445 *pclass = V_ASN1_CONTEXT_SPECIFIC;
446 break;
447
448 default:
449 erch[0] = *eptr;
450 erch[1] = 0;
451 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER);
452 ERR_add_error_data(2, "Char=", erch);
453 return 0;
454 break;
455
456 }
457 }
458 else
459 *pclass = V_ASN1_CONTEXT_SPECIFIC;
460
461 return 1;
462
463 }
464
465 /* Handle multiple types: SET and SEQUENCE */
466
asn1_multi(int utype,const char * section,X509V3_CTX * cnf)467 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
468 {
469 ASN1_TYPE *ret = NULL;
470 STACK_OF(ASN1_TYPE) *sk = NULL;
471 STACK_OF(CONF_VALUE) *sect = NULL;
472 unsigned char *der = NULL;
473 int derlen;
474 size_t i;
475 sk = sk_ASN1_TYPE_new_null();
476 if (!sk)
477 goto bad;
478 if (section)
479 {
480 if (!cnf)
481 goto bad;
482 sect = X509V3_get_section(cnf, (char *)section);
483 if (!sect)
484 goto bad;
485 for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
486 {
487 ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
488 if (!typ)
489 goto bad;
490 if (!sk_ASN1_TYPE_push(sk, typ))
491 goto bad;
492 }
493 }
494
495 /* Now we has a STACK of the components, convert to the correct form */
496
497 if (utype == V_ASN1_SET)
498 derlen = i2d_ASN1_SET_ANY(sk, &der);
499 else
500 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
501
502 if (derlen < 0)
503 goto bad;
504
505 if (!(ret = ASN1_TYPE_new()))
506 goto bad;
507
508 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
509 goto bad;
510
511 ret->type = utype;
512
513 ret->value.asn1_string->data = der;
514 ret->value.asn1_string->length = derlen;
515
516 der = NULL;
517
518 bad:
519
520 if (der)
521 OPENSSL_free(der);
522
523 if (sk)
524 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
525 if (sect)
526 X509V3_section_free(cnf, sect);
527
528 return ret;
529 }
530
append_exp(tag_exp_arg * arg,int exp_tag,int exp_class,int exp_constructed,int exp_pad,int imp_ok)531 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
532 {
533 tag_exp_type *exp_tmp;
534 /* Can only have IMPLICIT if permitted */
535 if ((arg->imp_tag != -1) && !imp_ok)
536 {
537 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG);
538 return 0;
539 }
540
541 if (arg->exp_count == ASN1_FLAG_EXP_MAX)
542 {
543 OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED);
544 return 0;
545 }
546
547 exp_tmp = &arg->exp_list[arg->exp_count++];
548
549 /* If IMPLICIT set tag to implicit value then
550 * reset implicit tag since it has been used.
551 */
552 if (arg->imp_tag != -1)
553 {
554 exp_tmp->exp_tag = arg->imp_tag;
555 exp_tmp->exp_class = arg->imp_class;
556 arg->imp_tag = -1;
557 arg->imp_class = -1;
558 }
559 else
560 {
561 exp_tmp->exp_tag = exp_tag;
562 exp_tmp->exp_class = exp_class;
563 }
564 exp_tmp->exp_constructed = exp_constructed;
565 exp_tmp->exp_pad = exp_pad;
566
567 return 1;
568 }
569
570
asn1_str2tag(const char * tagstr,int len)571 static int asn1_str2tag(const char *tagstr, int len)
572 {
573 unsigned int i;
574 static const struct tag_name_st *tntmp, tnst [] = {
575 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
576 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
577 ASN1_GEN_STR("NULL", V_ASN1_NULL),
578 ASN1_GEN_STR("INT", V_ASN1_INTEGER),
579 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
580 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
581 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
582 ASN1_GEN_STR("OID", V_ASN1_OBJECT),
583 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
584 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
585 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
586 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
587 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
588 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
589 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
590 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
591 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
592 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
593 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
594 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
595 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
596 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
597 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
598 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
599 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
600 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
601 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
602 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
603 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
604 ASN1_GEN_STR("T61", V_ASN1_T61STRING),
605 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
606 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
607 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
608 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
609 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
610 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
611
612 /* Special cases */
613 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
614 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
615 ASN1_GEN_STR("SET", V_ASN1_SET),
616 /* type modifiers */
617 /* Explicit tag */
618 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
619 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
620 /* Implicit tag */
621 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
622 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
623 /* OCTET STRING wrapper */
624 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
625 /* SEQUENCE wrapper */
626 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
627 /* SET wrapper */
628 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
629 /* BIT STRING wrapper */
630 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
631 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
632 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
633 };
634
635 if (len == -1)
636 len = strlen(tagstr);
637
638 tntmp = tnst;
639 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
640 {
641 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
642 return tntmp->tag;
643 }
644
645 return -1;
646 }
647
asn1_str2type(const char * str,int format,int utype)648 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
649 {
650 ASN1_TYPE *atmp = NULL;
651
652 CONF_VALUE vtmp;
653
654 unsigned char *rdata;
655 long rdlen;
656
657 int no_unused = 1;
658
659 if (!(atmp = ASN1_TYPE_new()))
660 {
661 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
662 return NULL;
663 }
664
665 if (!str)
666 str = "";
667
668 switch(utype)
669 {
670
671 case V_ASN1_NULL:
672 if (str && *str)
673 {
674 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE);
675 goto bad_form;
676 }
677 break;
678
679 case V_ASN1_BOOLEAN:
680 if (format != ASN1_GEN_FORMAT_ASCII)
681 {
682 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT);
683 goto bad_form;
684 }
685 vtmp.name = NULL;
686 vtmp.section = NULL;
687 vtmp.value = (char *)str;
688 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
689 {
690 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN);
691 goto bad_str;
692 }
693 break;
694
695 case V_ASN1_INTEGER:
696 case V_ASN1_ENUMERATED:
697 if (format != ASN1_GEN_FORMAT_ASCII)
698 {
699 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
700 goto bad_form;
701 }
702 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
703 {
704 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER);
705 goto bad_str;
706 }
707 break;
708
709 case V_ASN1_OBJECT:
710 if (format != ASN1_GEN_FORMAT_ASCII)
711 {
712 OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
713 goto bad_form;
714 }
715 if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
716 {
717 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);
718 goto bad_str;
719 }
720 break;
721
722 case V_ASN1_UTCTIME:
723 case V_ASN1_GENERALIZEDTIME:
724 if (format != ASN1_GEN_FORMAT_ASCII)
725 {
726 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT);
727 goto bad_form;
728 }
729 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
730 {
731 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
732 goto bad_str;
733 }
734 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
735 {
736 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
737 goto bad_str;
738 }
739 atmp->value.asn1_string->type = utype;
740 if (!ASN1_TIME_check(atmp->value.asn1_string))
741 {
742 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);
743 goto bad_str;
744 }
745
746 break;
747
748 case V_ASN1_BMPSTRING:
749 case V_ASN1_PRINTABLESTRING:
750 case V_ASN1_IA5STRING:
751 case V_ASN1_T61STRING:
752 case V_ASN1_UTF8STRING:
753 case V_ASN1_VISIBLESTRING:
754 case V_ASN1_UNIVERSALSTRING:
755 case V_ASN1_GENERALSTRING:
756 case V_ASN1_NUMERICSTRING:
757
758 if (format == ASN1_GEN_FORMAT_ASCII)
759 format = MBSTRING_ASC;
760 else if (format == ASN1_GEN_FORMAT_UTF8)
761 format = MBSTRING_UTF8;
762 else
763 {
764 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);
765 goto bad_form;
766 }
767
768
769 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
770 -1, format, ASN1_tag2bit(utype)) <= 0)
771 {
772 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
773 goto bad_str;
774 }
775
776
777 break;
778
779 case V_ASN1_BIT_STRING:
780
781 case V_ASN1_OCTET_STRING:
782
783 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
784 {
785 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
786 goto bad_form;
787 }
788
789 if (format == ASN1_GEN_FORMAT_HEX)
790 {
791
792 if (!(rdata = string_to_hex((char *)str, &rdlen)))
793 {
794 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);
795 goto bad_str;
796 }
797
798 atmp->value.asn1_string->data = rdata;
799 atmp->value.asn1_string->length = rdlen;
800 atmp->value.asn1_string->type = utype;
801
802 }
803 else if (format == ASN1_GEN_FORMAT_ASCII)
804 ASN1_STRING_set(atmp->value.asn1_string, str, -1);
805 else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
806 {
807 if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
808 {
809 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);
810 goto bad_str;
811 }
812 no_unused = 0;
813
814 }
815 else
816 {
817 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
818 goto bad_form;
819 }
820
821 if ((utype == V_ASN1_BIT_STRING) && no_unused)
822 {
823 atmp->value.asn1_string->flags
824 &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
825 atmp->value.asn1_string->flags
826 |= ASN1_STRING_FLAG_BITS_LEFT;
827 }
828
829
830 break;
831
832 default:
833 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE);
834 goto bad_str;
835 break;
836 }
837
838
839 atmp->type = utype;
840 return atmp;
841
842
843 bad_str:
844 ERR_add_error_data(2, "string=", str);
845 bad_form:
846
847 ASN1_TYPE_free(atmp);
848 return NULL;
849
850 }
851
bitstr_cb(const char * elem,int len,void * bitstr)852 static int bitstr_cb(const char *elem, int len, void *bitstr)
853 {
854 long bitnum;
855 char *eptr;
856 if (!elem)
857 return 0;
858 bitnum = strtoul(elem, &eptr, 10);
859 if (eptr && *eptr && (eptr != elem + len))
860 return 0;
861 if (bitnum < 0)
862 {
863 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
864 return 0;
865 }
866 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
867 {
868 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
869 return 0;
870 }
871 return 1;
872 }
873
874