• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/x509.h>
58 
59 #include <string.h>
60 
61 #include <openssl/asn1.h>
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64 #include <openssl/obj.h>
65 #include <openssl/x509v3.h>
66 
67 #include "../internal.h"
68 
69 /*
70  * Although this file is in crypto/x509 for layering purposes, it emits
71  * errors from the ASN.1 module for OpenSSL compatibility.
72  */
73 
74 #define ASN1_GEN_FLAG           0x10000
75 #define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)
76 #define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)
77 #define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)
78 #define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)
79 #define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)
80 #define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)
81 #define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)
82 #define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)
83 
84 #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
85 
86 #define ASN1_FLAG_EXP_MAX       20
87 /* Maximum number of nested sequences */
88 #define ASN1_GEN_SEQ_MAX_DEPTH  50
89 
90 /* Input formats */
91 
92 /* ASCII: default */
93 #define ASN1_GEN_FORMAT_ASCII   1
94 /* UTF8 */
95 #define ASN1_GEN_FORMAT_UTF8    2
96 /* Hex */
97 #define ASN1_GEN_FORMAT_HEX     3
98 /* List of bits */
99 #define ASN1_GEN_FORMAT_BITLIST 4
100 
101 struct tag_name_st {
102     const char *strnam;
103     int len;
104     int tag;
105 };
106 
107 typedef struct {
108     int exp_tag;
109     int exp_class;
110     int exp_constructed;
111     int exp_pad;
112     long exp_len;
113 } tag_exp_type;
114 
115 typedef struct {
116     int imp_tag;
117     int imp_class;
118     int utype;
119     int format;
120     const char *str;
121     tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
122     int exp_count;
123 } tag_exp_arg;
124 
125 static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
126                               int *perr);
127 static int bitstr_cb(const char *elem, int len, void *bitstr);
128 static int asn1_cb(const char *elem, int len, void *bitstr);
129 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
130                       int exp_constructed, int exp_pad, int imp_ok);
131 static int parse_tagging(const char *vstart, int vlen, int *ptag,
132                          int *pclass);
133 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
134                              int depth, int *perr);
135 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
136 static int asn1_str2tag(const char *tagstr, int len);
137 
ASN1_generate_nconf(char * str,CONF * nconf)138 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
139 {
140     X509V3_CTX cnf;
141 
142     if (!nconf)
143         return ASN1_generate_v3(str, NULL);
144 
145     X509V3_set_nconf(&cnf, nconf);
146     return ASN1_generate_v3(str, &cnf);
147 }
148 
ASN1_generate_v3(char * str,X509V3_CTX * cnf)149 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
150 {
151     int err = 0;
152     ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
153     if (err)
154         OPENSSL_PUT_ERROR(ASN1, err);
155     return ret;
156 }
157 
generate_v3(char * str,X509V3_CTX * cnf,int depth,int * perr)158 static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
159                               int *perr)
160 {
161     ASN1_TYPE *ret;
162     tag_exp_arg asn1_tags;
163     tag_exp_type *etmp;
164 
165     int i, len;
166 
167     unsigned char *orig_der = NULL, *new_der = NULL;
168     const unsigned char *cpy_start;
169     unsigned char *p;
170     const unsigned char *cp;
171     int cpy_len;
172     long hdr_len = 0;
173     int hdr_constructed = 0, hdr_tag, hdr_class;
174     int r;
175 
176     asn1_tags.imp_tag = -1;
177     asn1_tags.imp_class = -1;
178     asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
179     asn1_tags.exp_count = 0;
180     if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
181         *perr = ASN1_R_UNKNOWN_TAG;
182         return NULL;
183     }
184 
185     if ((asn1_tags.utype == V_ASN1_SEQUENCE)
186         || (asn1_tags.utype == V_ASN1_SET)) {
187         if (!cnf) {
188             *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
189             return NULL;
190         }
191         if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
192             *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
193             return NULL;
194         }
195         ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
196     } else
197         ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
198 
199     if (!ret)
200         return NULL;
201 
202     /* If no tagging return base type */
203     if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
204         return ret;
205 
206     /* Generate the encoding */
207     cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
208     ASN1_TYPE_free(ret);
209     ret = NULL;
210     /* Set point to start copying for modified encoding */
211     cpy_start = orig_der;
212 
213     /* Do we need IMPLICIT tagging? */
214     if (asn1_tags.imp_tag != -1) {
215         /* If IMPLICIT we will replace the underlying tag */
216         /* Skip existing tag+len */
217         r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,
218                             cpy_len);
219         if (r & 0x80)
220             goto err;
221         /* Update copy length */
222         cpy_len -= cpy_start - orig_der;
223         /*
224          * For IMPLICIT tagging the length should match the original length
225          * and constructed flag should be consistent.
226          */
227         if (r & 0x1) {
228             /* Indefinite length constructed */
229             hdr_constructed = 2;
230             hdr_len = 0;
231         } else
232             /* Just retain constructed flag */
233             hdr_constructed = r & V_ASN1_CONSTRUCTED;
234         /*
235          * Work out new length with IMPLICIT tag: ignore constructed because
236          * it will mess up if indefinite length
237          */
238         len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
239     } else
240         len = cpy_len;
241 
242     /* Work out length in any EXPLICIT, starting from end */
243 
244     for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
245          i < asn1_tags.exp_count; i++, etmp--) {
246         /* Content length: number of content octets + any padding */
247         len += etmp->exp_pad;
248         etmp->exp_len = len;
249         /* Total object length: length including new header */
250         len = ASN1_object_size(0, len, etmp->exp_tag);
251     }
252 
253     /* Allocate buffer for new encoding */
254 
255     new_der = OPENSSL_malloc(len);
256     if (!new_der)
257         goto err;
258 
259     /* Generate tagged encoding */
260 
261     p = new_der;
262 
263     /* Output explicit tags first */
264 
265     for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
266          i++, etmp++) {
267         ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
268                         etmp->exp_tag, etmp->exp_class);
269         if (etmp->exp_pad)
270             *p++ = 0;
271     }
272 
273     /* If IMPLICIT, output tag */
274 
275     if (asn1_tags.imp_tag != -1) {
276         if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
277             && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
278                 || asn1_tags.imp_tag == V_ASN1_SET))
279             hdr_constructed = V_ASN1_CONSTRUCTED;
280         ASN1_put_object(&p, hdr_constructed, hdr_len,
281                         asn1_tags.imp_tag, asn1_tags.imp_class);
282     }
283 
284     /* Copy across original encoding */
285     OPENSSL_memcpy(p, cpy_start, cpy_len);
286 
287     cp = new_der;
288 
289     /* Obtain new ASN1_TYPE structure */
290     ret = d2i_ASN1_TYPE(NULL, &cp, len);
291 
292  err:
293     if (orig_der)
294         OPENSSL_free(orig_der);
295     if (new_der)
296         OPENSSL_free(new_der);
297 
298     return ret;
299 
300 }
301 
asn1_cb(const char * elem,int len,void * bitstr)302 static int asn1_cb(const char *elem, int len, void *bitstr)
303 {
304     tag_exp_arg *arg = bitstr;
305     int i;
306     int utype;
307     int vlen = 0;
308     const char *p, *vstart = NULL;
309 
310     int tmp_tag, tmp_class;
311 
312     if (elem == NULL)
313         return -1;
314 
315     for (i = 0, p = elem; i < len; p++, i++) {
316         /* Look for the ':' in name value pairs */
317         if (*p == ':') {
318             vstart = p + 1;
319             vlen = len - (vstart - elem);
320             len = p - elem;
321             break;
322         }
323     }
324 
325     utype = asn1_str2tag(elem, len);
326 
327     if (utype == -1) {
328         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);
329         ERR_add_error_data(2, "tag=", elem);
330         return -1;
331     }
332 
333     /* If this is not a modifier mark end of string and exit */
334     if (!(utype & ASN1_GEN_FLAG)) {
335         arg->utype = utype;
336         arg->str = vstart;
337         /* If no value and not end of string, error */
338         if (!vstart && elem[len]) {
339             OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);
340             return -1;
341         }
342         return 0;
343     }
344 
345     switch (utype) {
346 
347     case ASN1_GEN_FLAG_IMP:
348         /* Check for illegal multiple IMPLICIT tagging */
349         if (arg->imp_tag != -1) {
350             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);
351             return -1;
352         }
353         if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
354             return -1;
355         break;
356 
357     case ASN1_GEN_FLAG_EXP:
358 
359         if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
360             return -1;
361         if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
362             return -1;
363         break;
364 
365     case ASN1_GEN_FLAG_SEQWRAP:
366         if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
367             return -1;
368         break;
369 
370     case ASN1_GEN_FLAG_SETWRAP:
371         if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
372             return -1;
373         break;
374 
375     case ASN1_GEN_FLAG_BITWRAP:
376         if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
377             return -1;
378         break;
379 
380     case ASN1_GEN_FLAG_OCTWRAP:
381         if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
382             return -1;
383         break;
384 
385     case ASN1_GEN_FLAG_FORMAT:
386         if (!vstart) {
387             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
388             return -1;
389         }
390         if (!strncmp(vstart, "ASCII", 5))
391             arg->format = ASN1_GEN_FORMAT_ASCII;
392         else if (!strncmp(vstart, "UTF8", 4))
393             arg->format = ASN1_GEN_FORMAT_UTF8;
394         else if (!strncmp(vstart, "HEX", 3))
395             arg->format = ASN1_GEN_FORMAT_HEX;
396         else if (!strncmp(vstart, "BITLIST", 7))
397             arg->format = ASN1_GEN_FORMAT_BITLIST;
398         else {
399             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);
400             return -1;
401         }
402         break;
403 
404     }
405 
406     return 1;
407 
408 }
409 
parse_tagging(const char * vstart,int vlen,int * ptag,int * pclass)410 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
411 {
412     char erch[2];
413     long tag_num;
414     char *eptr;
415     if (!vstart)
416         return 0;
417     tag_num = strtoul(vstart, &eptr, 10);
418     /* Check we haven't gone past max length: should be impossible */
419     if (eptr && *eptr && (eptr > vstart + vlen))
420         return 0;
421     if (tag_num < 0) {
422         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
423         return 0;
424     }
425     *ptag = tag_num;
426     /* If we have non numeric characters, parse them */
427     if (eptr)
428         vlen -= eptr - vstart;
429     else
430         vlen = 0;
431     if (vlen) {
432         switch (*eptr) {
433 
434         case 'U':
435             *pclass = V_ASN1_UNIVERSAL;
436             break;
437 
438         case 'A':
439             *pclass = V_ASN1_APPLICATION;
440             break;
441 
442         case 'P':
443             *pclass = V_ASN1_PRIVATE;
444             break;
445 
446         case 'C':
447             *pclass = V_ASN1_CONTEXT_SPECIFIC;
448             break;
449 
450         default:
451             erch[0] = *eptr;
452             erch[1] = 0;
453             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER);
454             ERR_add_error_data(2, "Char=", erch);
455             return 0;
456             break;
457 
458         }
459     } else
460         *pclass = V_ASN1_CONTEXT_SPECIFIC;
461 
462     return 1;
463 
464 }
465 
466 /* Handle multiple types: SET and SEQUENCE */
467 
asn1_multi(int utype,const char * section,X509V3_CTX * cnf,int depth,int * perr)468 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
469                              int depth, int *perr)
470 {
471     ASN1_TYPE *ret = NULL;
472     STACK_OF(ASN1_TYPE) *sk = NULL;
473     STACK_OF(CONF_VALUE) *sect = NULL;
474     unsigned char *der = NULL;
475     int derlen;
476     size_t i;
477     sk = sk_ASN1_TYPE_new_null();
478     if (!sk)
479         goto bad;
480     if (section) {
481         if (!cnf)
482             goto bad;
483         sect = X509V3_get_section(cnf, (char *)section);
484         if (!sect)
485             goto bad;
486         for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
487             ASN1_TYPE *typ =
488                 generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
489                             depth + 1, perr);
490             if (!typ)
491                 goto bad;
492             if (!sk_ASN1_TYPE_push(sk, typ))
493                 goto bad;
494         }
495     }
496 
497     /*
498      * Now we has a STACK of the components, convert to the correct form
499      */
500 
501     if (utype == V_ASN1_SET)
502         derlen = i2d_ASN1_SET_ANY(sk, &der);
503     else
504         derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
505 
506     if (derlen < 0)
507         goto bad;
508 
509     if (!(ret = ASN1_TYPE_new()))
510         goto bad;
511 
512     if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
513         goto bad;
514 
515     ret->type = utype;
516 
517     ret->value.asn1_string->data = der;
518     ret->value.asn1_string->length = derlen;
519 
520     der = NULL;
521 
522  bad:
523 
524     if (der)
525         OPENSSL_free(der);
526 
527     if (sk)
528         sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
529     if (sect)
530         X509V3_section_free(cnf, sect);
531 
532     return ret;
533 }
534 
append_exp(tag_exp_arg * arg,int exp_tag,int exp_class,int exp_constructed,int exp_pad,int imp_ok)535 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
536                       int exp_constructed, int exp_pad, int imp_ok)
537 {
538     tag_exp_type *exp_tmp;
539     /* Can only have IMPLICIT if permitted */
540     if ((arg->imp_tag != -1) && !imp_ok) {
541         OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG);
542         return 0;
543     }
544 
545     if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
546         OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED);
547         return 0;
548     }
549 
550     exp_tmp = &arg->exp_list[arg->exp_count++];
551 
552     /*
553      * If IMPLICIT set tag to implicit value then reset implicit tag since it
554      * has been used.
555      */
556     if (arg->imp_tag != -1) {
557         exp_tmp->exp_tag = arg->imp_tag;
558         exp_tmp->exp_class = arg->imp_class;
559         arg->imp_tag = -1;
560         arg->imp_class = -1;
561     } else {
562         exp_tmp->exp_tag = exp_tag;
563         exp_tmp->exp_class = exp_class;
564     }
565     exp_tmp->exp_constructed = exp_constructed;
566     exp_tmp->exp_pad = exp_pad;
567 
568     return 1;
569 }
570 
asn1_str2tag(const char * tagstr,int len)571 static int asn1_str2tag(const char *tagstr, int len)
572 {
573     unsigned int i;
574     static const struct tag_name_st *tntmp, tnst[] = {
575         ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
576         ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
577         ASN1_GEN_STR("NULL", V_ASN1_NULL),
578         ASN1_GEN_STR("INT", V_ASN1_INTEGER),
579         ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
580         ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
581         ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
582         ASN1_GEN_STR("OID", V_ASN1_OBJECT),
583         ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
584         ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
585         ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
586         ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
587         ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
588         ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
589         ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
590         ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
591         ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
592         ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
593         ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
594         ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
595         ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
596         ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
597         ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
598         ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
599         ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
600         ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
601         ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
602         ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
603         ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
604         ASN1_GEN_STR("T61", V_ASN1_T61STRING),
605         ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
606         ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
607         ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
608         ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
609         ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
610         ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
611 
612         /* Special cases */
613         ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
614         ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
615         ASN1_GEN_STR("SET", V_ASN1_SET),
616         /* type modifiers */
617         /* Explicit tag */
618         ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
619         ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
620         /* Implicit tag */
621         ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
622         ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
623         /* OCTET STRING wrapper */
624         ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
625         /* SEQUENCE wrapper */
626         ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
627         /* SET wrapper */
628         ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
629         /* BIT STRING wrapper */
630         ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
631         ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
632         ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
633     };
634 
635     if (len == -1)
636         len = strlen(tagstr);
637 
638     tntmp = tnst;
639     for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {
640         if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
641             return tntmp->tag;
642     }
643 
644     return -1;
645 }
646 
asn1_str2type(const char * str,int format,int utype)647 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
648 {
649     ASN1_TYPE *atmp = NULL;
650 
651     CONF_VALUE vtmp;
652 
653     unsigned char *rdata;
654     long rdlen;
655 
656     int no_unused = 1;
657 
658     if (!(atmp = ASN1_TYPE_new())) {
659         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
660         return NULL;
661     }
662 
663     if (!str)
664         str = "";
665 
666     switch (utype) {
667 
668     case V_ASN1_NULL:
669         if (str && *str) {
670             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE);
671             goto bad_form;
672         }
673         break;
674 
675     case V_ASN1_BOOLEAN:
676         if (format != ASN1_GEN_FORMAT_ASCII) {
677             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT);
678             goto bad_form;
679         }
680         vtmp.name = NULL;
681         vtmp.section = NULL;
682         vtmp.value = (char *)str;
683         if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
684             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN);
685             goto bad_str;
686         }
687         break;
688 
689     case V_ASN1_INTEGER:
690     case V_ASN1_ENUMERATED:
691         if (format != ASN1_GEN_FORMAT_ASCII) {
692             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
693             goto bad_form;
694         }
695         if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {
696             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER);
697             goto bad_str;
698         }
699         break;
700 
701     case V_ASN1_OBJECT:
702         if (format != ASN1_GEN_FORMAT_ASCII) {
703             OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
704             goto bad_form;
705         }
706         if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
707             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);
708             goto bad_str;
709         }
710         break;
711 
712     case V_ASN1_UTCTIME:
713     case V_ASN1_GENERALIZEDTIME:
714         if (format != ASN1_GEN_FORMAT_ASCII) {
715             OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT);
716             goto bad_form;
717         }
718         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
719             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
720             goto bad_str;
721         }
722         if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
723             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
724             goto bad_str;
725         }
726         atmp->value.asn1_string->type = utype;
727         if (!ASN1_TIME_check(atmp->value.asn1_string)) {
728             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);
729             goto bad_str;
730         }
731 
732         break;
733 
734     case V_ASN1_BMPSTRING:
735     case V_ASN1_PRINTABLESTRING:
736     case V_ASN1_IA5STRING:
737     case V_ASN1_T61STRING:
738     case V_ASN1_UTF8STRING:
739     case V_ASN1_VISIBLESTRING:
740     case V_ASN1_UNIVERSALSTRING:
741     case V_ASN1_GENERALSTRING:
742     case V_ASN1_NUMERICSTRING:
743 
744         if (format == ASN1_GEN_FORMAT_ASCII)
745             format = MBSTRING_ASC;
746         else if (format == ASN1_GEN_FORMAT_UTF8)
747             format = MBSTRING_UTF8;
748         else {
749             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);
750             goto bad_form;
751         }
752 
753         if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
754                                -1, format, ASN1_tag2bit(utype)) <= 0) {
755             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
756             goto bad_str;
757         }
758 
759         break;
760 
761     case V_ASN1_BIT_STRING:
762 
763     case V_ASN1_OCTET_STRING:
764 
765         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
766             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
767             goto bad_form;
768         }
769 
770         if (format == ASN1_GEN_FORMAT_HEX) {
771 
772             if (!(rdata = string_to_hex((char *)str, &rdlen))) {
773                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);
774                 goto bad_str;
775             }
776 
777             atmp->value.asn1_string->data = rdata;
778             atmp->value.asn1_string->length = rdlen;
779             atmp->value.asn1_string->type = utype;
780 
781         } else if (format == ASN1_GEN_FORMAT_ASCII)
782             ASN1_STRING_set(atmp->value.asn1_string, str, -1);
783         else if ((format == ASN1_GEN_FORMAT_BITLIST)
784                  && (utype == V_ASN1_BIT_STRING)) {
785             if (!CONF_parse_list
786                 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {
787                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);
788                 goto bad_str;
789             }
790             no_unused = 0;
791 
792         } else {
793             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
794             goto bad_form;
795         }
796 
797         if ((utype == V_ASN1_BIT_STRING) && no_unused) {
798             atmp->value.asn1_string->flags
799                 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
800             atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;
801         }
802 
803         break;
804 
805     default:
806         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE);
807         goto bad_str;
808         break;
809     }
810 
811     atmp->type = utype;
812     return atmp;
813 
814  bad_str:
815     ERR_add_error_data(2, "string=", str);
816  bad_form:
817 
818     ASN1_TYPE_free(atmp);
819     return NULL;
820 
821 }
822 
bitstr_cb(const char * elem,int len,void * bitstr)823 static int bitstr_cb(const char *elem, int len, void *bitstr)
824 {
825     long bitnum;
826     char *eptr;
827     if (!elem)
828         return 0;
829     bitnum = strtoul(elem, &eptr, 10);
830     if (eptr && *eptr && (eptr != elem + len))
831         return 0;
832     if (bitnum < 0) {
833         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);
834         return 0;
835     }
836     if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
837         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
838         return 0;
839     }
840     return 1;
841 }
842