kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5611 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 17d553d299
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '17d553d299'
${ noResults }
boringssl/crypto/x509/asn1_gen.c

843 lines
25 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/asn1.h>

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. #include "../x509v3/internal.h"

  69. 

  70. /*

  71.  * Although this file is in crypto/x509 for layering purposes, it emits

  72.  * errors from the ASN.1 module for OpenSSL compatibility.

  73.  */

  74. 

  75. #define ASN1_GEN_FLAG           0x10000

  76. #define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)

  77. #define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)

  78. #define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)

  79. #define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)

  80. #define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)

  81. #define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)

  82. #define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)

  83. #define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)

  84. 

  85. #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}

  86. 

  87. #define ASN1_FLAG_EXP_MAX       20

  88. /* Maximum number of nested sequences */

  89. #define ASN1_GEN_SEQ_MAX_DEPTH  50

  90. 

  91. /* Input formats */

  92. 

  93. /* ASCII: default */

  94. #define ASN1_GEN_FORMAT_ASCII   1

  95. /* UTF8 */

  96. #define ASN1_GEN_FORMAT_UTF8    2

  97. /* Hex */

  98. #define ASN1_GEN_FORMAT_HEX     3

  99. /* List of bits */

  100. #define ASN1_GEN_FORMAT_BITLIST 4

  101. 

  102. struct tag_name_st {

  103.     const char *strnam;

  104.     int len;

  105.     int tag;

  106. };

  107. 

  108. typedef struct {

  109.     int exp_tag;

  110.     int exp_class;

  111.     int exp_constructed;

  112.     int exp_pad;

  113.     long exp_len;

  114. } tag_exp_type;

  115. 

  116. typedef struct {

  117.     int imp_tag;

  118.     int imp_class;

  119.     int utype;

  120.     int format;

  121.     const char *str;

  122.     tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

  123.     int exp_count;

  124. } tag_exp_arg;

  125. 

  126. static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,

  127.                               int *perr);

  128. static int bitstr_cb(const char *elem, int len, void *bitstr);

  129. static int asn1_cb(const char *elem, int len, void *bitstr);

  130. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,

  131.                       int exp_constructed, int exp_pad, int imp_ok);

  132. static int parse_tagging(const char *vstart, int vlen, int *ptag,

  133.                          int *pclass);

  134. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,

  135.                              int depth, int *perr);

  136. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

  137. static int asn1_str2tag(const char *tagstr, int len);

  138. 

  139. ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

  140. {

  141.     X509V3_CTX cnf;

  142. 

  143.     if (!nconf)

  144.         return ASN1_generate_v3(str, NULL);

  145. 

  146.     X509V3_set_nconf(&cnf, nconf);

  147.     return ASN1_generate_v3(str, &cnf);

  148. }

  149. 

  150. ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

  151. {

  152.     int err = 0;

  153.     ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);

  154.     if (err)

  155.         OPENSSL_PUT_ERROR(ASN1, err);

  156.     return ret;

  157. }

  158. 

  159. static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,

  160.                               int *perr)

  161. {

  162.     ASN1_TYPE *ret;

  163.     tag_exp_arg asn1_tags;

  164.     tag_exp_type *etmp;

  165. 

  166.     int i, len;

  167. 

  168.     unsigned char *orig_der = NULL, *new_der = NULL;

  169.     const unsigned char *cpy_start;

  170.     unsigned char *p;

  171.     const unsigned char *cp;

  172.     int cpy_len;

  173.     long hdr_len = 0;

  174.     int hdr_constructed = 0, hdr_tag, hdr_class;

  175.     int r;

  176. 

  177.     asn1_tags.imp_tag = -1;

  178.     asn1_tags.imp_class = -1;

  179.     asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

  180.     asn1_tags.exp_count = 0;

  181.     if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {

  182.         *perr = ASN1_R_UNKNOWN_TAG;

  183.         return NULL;

  184.     }

  185. 

  186.     if ((asn1_tags.utype == V_ASN1_SEQUENCE)

  187.         || (asn1_tags.utype == V_ASN1_SET)) {

  188.         if (!cnf) {

  189.             *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;

  190.             return NULL;

  191.         }

  192.         if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {

  193.             *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;

  194.             return NULL;

  195.         }

  196.         ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);

  197.     } else

  198.         ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

  199. 

  200.     if (!ret)

  201.         return NULL;

  202. 

  203.     /* If no tagging return base type */

  204.     if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

  205.         return ret;

  206. 

  207.     /* Generate the encoding */

  208.     cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

  209.     ASN1_TYPE_free(ret);

  210.     ret = NULL;

  211.     /* Set point to start copying for modified encoding */

  212.     cpy_start = orig_der;

  213. 

  214.     /* Do we need IMPLICIT tagging? */

  215.     if (asn1_tags.imp_tag != -1) {

  216.         /* If IMPLICIT we will replace the underlying tag */

  217.         /* Skip existing tag+len */

  218.         r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,

  219.                             cpy_len);

  220.         if (r & 0x80)

  221.             goto err;

  222.         /* Update copy length */

  223.         cpy_len -= cpy_start - orig_der;

  224.         /*

  225.          * For IMPLICIT tagging the length should match the original length

  226.          * and constructed flag should be consistent.

  227.          */

  228.         if (r & 0x1) {

  229.             /* Indefinite length constructed */

  230.             hdr_constructed = 2;

  231.             hdr_len = 0;

  232.         } else

  233.             /* Just retain constructed flag */

  234.             hdr_constructed = r & V_ASN1_CONSTRUCTED;

  235.         /*

  236.          * Work out new length with IMPLICIT tag: ignore constructed because

  237.          * it will mess up if indefinite length

  238.          */

  239.         len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

  240.     } else

  241.         len = cpy_len;

  242. 

  243.     /* Work out length in any EXPLICIT, starting from end */

  244. 

  245.     for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;

  246.          i < asn1_tags.exp_count; i++, etmp--) {

  247.         /* Content length: number of content octets + any padding */

  248.         len += etmp->exp_pad;

  249.         etmp->exp_len = len;

  250.         /* Total object length: length including new header */

  251.         len = ASN1_object_size(0, len, etmp->exp_tag);

  252.     }

  253. 

  254.     /* Allocate buffer for new encoding */

  255. 

  256.     new_der = OPENSSL_malloc(len);

  257.     if (!new_der)

  258.         goto err;

  259. 

  260.     /* Generate tagged encoding */

  261. 

  262.     p = new_der;

  263. 

  264.     /* Output explicit tags first */

  265. 

  266.     for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;

  267.          i++, etmp++) {

  268.         ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

  269.                         etmp->exp_tag, etmp->exp_class);

  270.         if (etmp->exp_pad)

  271.             *p++ = 0;

  272.     }

  273. 

  274.     /* If IMPLICIT, output tag */

  275. 

  276.     if (asn1_tags.imp_tag != -1) {

  277.         if (asn1_tags.imp_class == V_ASN1_UNIVERSAL

  278.             && (asn1_tags.imp_tag == V_ASN1_SEQUENCE

  279.                 || asn1_tags.imp_tag == V_ASN1_SET))

  280.             hdr_constructed = V_ASN1_CONSTRUCTED;

  281.         ASN1_put_object(&p, hdr_constructed, hdr_len,

  282.                         asn1_tags.imp_tag, asn1_tags.imp_class);

  283.     }

  284. 

  285.     /* Copy across original encoding */

  286.     OPENSSL_memcpy(p, cpy_start, cpy_len);

  287. 

  288.     cp = new_der;

  289. 

  290.     /* Obtain new ASN1_TYPE structure */

  291.     ret = d2i_ASN1_TYPE(NULL, &cp, len);

  292. 

  293.  err:

  294.     if (orig_der)

  295.         OPENSSL_free(orig_der);

  296.     if (new_der)

  297.         OPENSSL_free(new_der);

  298. 

  299.     return ret;

  300. 

  301. }

  302. 

  303. static int asn1_cb(const char *elem, int len, void *bitstr)

  304. {

  305.     tag_exp_arg *arg = bitstr;

  306.     int i;

  307.     int utype;

  308.     int vlen = 0;

  309.     const char *p, *vstart = NULL;

  310. 

  311.     int tmp_tag, tmp_class;

  312. 

  313.     if (elem == NULL)

  314.         return -1;

  315. 

  316.     for (i = 0, p = elem; i < len; p++, i++) {

  317.         /* Look for the ':' in name value pairs */

  318.         if (*p == ':') {

  319.             vstart = p + 1;

  320.             vlen = len - (vstart - elem);

  321.             len = p - elem;

  322.             break;

  323.         }

  324.     }

  325. 

  326.     utype = asn1_str2tag(elem, len);

  327. 

  328.     if (utype == -1) {

  329.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);

  330.         ERR_add_error_data(2, "tag=", elem);

  331.         return -1;

  332.     }

  333. 

  334.     /* If this is not a modifier mark end of string and exit */

  335.     if (!(utype & ASN1_GEN_FLAG)) {

  336.         arg->utype = utype;

  337.         arg->str = vstart;

  338.         /* If no value and not end of string, error */

  339.         if (!vstart && elem[len]) {

  340.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);

  341.             return -1;

  342.         }

  343.         return 0;

  344.     }

  345. 

  346.     switch (utype) {

  347. 

  348.     case ASN1_GEN_FLAG_IMP:

  349.         /* Check for illegal multiple IMPLICIT tagging */

  350.         if (arg->imp_tag != -1) {

  351.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);

  352.             return -1;

  353.         }

  354.         if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

  355.             return -1;

  356.         break;

  357. 

  358.     case ASN1_GEN_FLAG_EXP:

  359. 

  360.         if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

  361.             return -1;

  362.         if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

  363.             return -1;

  364.         break;

  365. 

  366.     case ASN1_GEN_FLAG_SEQWRAP:

  367.         if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

  368.             return -1;

  369.         break;

  370. 

  371.     case ASN1_GEN_FLAG_SETWRAP:

  372.         if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

  373.             return -1;

  374.         break;

  375. 

  376.     case ASN1_GEN_FLAG_BITWRAP:

  377.         if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

  378.             return -1;

  379.         break;

  380. 

  381.     case ASN1_GEN_FLAG_OCTWRAP:

  382.         if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

  383.             return -1;

  384.         break;

  385. 

  386.     case ASN1_GEN_FLAG_FORMAT:

  387.         if (!vstart) {

  388.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);

  389.             return -1;

  390.         }

  391.         if (!strncmp(vstart, "ASCII", 5))

  392.             arg->format = ASN1_GEN_FORMAT_ASCII;

  393.         else if (!strncmp(vstart, "UTF8", 4))

  394.             arg->format = ASN1_GEN_FORMAT_UTF8;

  395.         else if (!strncmp(vstart, "HEX", 3))

  396.             arg->format = ASN1_GEN_FORMAT_HEX;

  397.         else if (!strncmp(vstart, "BITLIST", 7))

  398.             arg->format = ASN1_GEN_FORMAT_BITLIST;

  399.         else {

  400.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);

  401.             return -1;

  402.         }

  403.         break;

  404. 

  405.     }

  406. 

  407.     return 1;

  408. 

  409. }

  410. 

  411. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

  412. {

  413.     char erch[2];

  414.     long tag_num;

  415.     char *eptr;

  416.     if (!vstart)

  417.         return 0;

  418.     tag_num = strtoul(vstart, &eptr, 10);

  419.     /* Check we haven't gone past max length: should be impossible */

  420.     if (eptr && *eptr && (eptr > vstart + vlen))

  421.         return 0;

  422.     if (tag_num < 0) {

  423.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);

  424.         return 0;

  425.     }

  426.     *ptag = tag_num;

  427.     /* If we have non numeric characters, parse them */

  428.     if (eptr)

  429.         vlen -= eptr - vstart;

  430.     else

  431.         vlen = 0;

  432.     if (vlen) {

  433.         switch (*eptr) {

  434. 

  435.         case 'U':

  436.             *pclass = V_ASN1_UNIVERSAL;

  437.             break;

  438. 

  439.         case 'A':

  440.             *pclass = V_ASN1_APPLICATION;

  441.             break;

  442. 

  443.         case 'P':

  444.             *pclass = V_ASN1_PRIVATE;

  445.             break;

  446. 

  447.         case 'C':

  448.             *pclass = V_ASN1_CONTEXT_SPECIFIC;

  449.             break;

  450. 

  451.         default:

  452.             erch[0] = *eptr;

  453.             erch[1] = 0;

  454.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER);

  455.             ERR_add_error_data(2, "Char=", erch);

  456.             return 0;

  457.             break;

  458. 

  459.         }

  460.     } else

  461.         *pclass = V_ASN1_CONTEXT_SPECIFIC;

  462. 

  463.     return 1;

  464. 

  465. }

  466. 

  467. /* Handle multiple types: SET and SEQUENCE */

  468. 

  469. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,

  470.                              int depth, int *perr)

  471. {

  472.     ASN1_TYPE *ret = NULL;

  473.     STACK_OF(ASN1_TYPE) *sk = NULL;

  474.     STACK_OF(CONF_VALUE) *sect = NULL;

  475.     unsigned char *der = NULL;

  476.     int derlen;

  477.     size_t i;

  478.     sk = sk_ASN1_TYPE_new_null();

  479.     if (!sk)

  480.         goto bad;

  481.     if (section) {

  482.         if (!cnf)

  483.             goto bad;

  484.         sect = X509V3_get_section(cnf, (char *)section);

  485.         if (!sect)

  486.             goto bad;

  487.         for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {

  488.             ASN1_TYPE *typ =

  489.                 generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,

  490.                             depth + 1, perr);

  491.             if (!typ)

  492.                 goto bad;

  493.             if (!sk_ASN1_TYPE_push(sk, typ))

  494.                 goto bad;

  495.         }

  496.     }

  497. 

  498.     /*

  499.      * Now we has a STACK of the components, convert to the correct form

  500.      */

  501. 

  502.     if (utype == V_ASN1_SET)

  503.         derlen = i2d_ASN1_SET_ANY(sk, &der);

  504.     else

  505.         derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);

  506. 

  507.     if (derlen < 0)

  508.         goto bad;

  509. 

  510.     if (!(ret = ASN1_TYPE_new()))

  511.         goto bad;

  512. 

  513.     if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

  514.         goto bad;

  515. 

  516.     ret->type = utype;

  517. 

  518.     ret->value.asn1_string->data = der;

  519.     ret->value.asn1_string->length = derlen;

  520. 

  521.     der = NULL;

  522. 

  523.  bad:

  524. 

  525.     if (der)

  526.         OPENSSL_free(der);

  527. 

  528.     if (sk)

  529.         sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

  530.     if (sect)

  531.         X509V3_section_free(cnf, sect);

  532. 

  533.     return ret;

  534. }

  535. 

  536. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,

  537.                       int exp_constructed, int exp_pad, int imp_ok)

  538. {

  539.     tag_exp_type *exp_tmp;

  540.     /* Can only have IMPLICIT if permitted */

  541.     if ((arg->imp_tag != -1) && !imp_ok) {

  542.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG);

  543.         return 0;

  544.     }

  545. 

  546.     if (arg->exp_count == ASN1_FLAG_EXP_MAX) {

  547.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED);

  548.         return 0;

  549.     }

  550. 

  551.     exp_tmp = &arg->exp_list[arg->exp_count++];

  552. 

  553.     /*

  554.      * If IMPLICIT set tag to implicit value then reset implicit tag since it

  555.      * has been used.

  556.      */

  557.     if (arg->imp_tag != -1) {

  558.         exp_tmp->exp_tag = arg->imp_tag;

  559.         exp_tmp->exp_class = arg->imp_class;

  560.         arg->imp_tag = -1;

  561.         arg->imp_class = -1;

  562.     } else {

  563.         exp_tmp->exp_tag = exp_tag;

  564.         exp_tmp->exp_class = exp_class;

  565.     }

  566.     exp_tmp->exp_constructed = exp_constructed;

  567.     exp_tmp->exp_pad = exp_pad;

  568. 

  569.     return 1;

  570. }

  571. 

  572. static int asn1_str2tag(const char *tagstr, int len)

  573. {

  574.     unsigned int i;

  575.     static const struct tag_name_st *tntmp, tnst[] = {

  576.         ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

  577.         ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

  578.         ASN1_GEN_STR("NULL", V_ASN1_NULL),

  579.         ASN1_GEN_STR("INT", V_ASN1_INTEGER),

  580.         ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

  581.         ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

  582.         ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

  583.         ASN1_GEN_STR("OID", V_ASN1_OBJECT),

  584.         ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

  585.         ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

  586.         ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

  587.         ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

  588.         ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

  589.         ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

  590.         ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

  591.         ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

  592.         ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

  593.         ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

  594.         ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

  595.         ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

  596.         ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

  597.         ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

  598.         ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

  599.         ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

  600.         ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

  601.         ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

  602.         ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

  603.         ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

  604.         ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

  605.         ASN1_GEN_STR("T61", V_ASN1_T61STRING),

  606.         ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

  607.         ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

  608.         ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

  609.         ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

  610.         ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),

  611.         ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),

  612. 

  613.         /* Special cases */

  614.         ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

  615.         ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

  616.         ASN1_GEN_STR("SET", V_ASN1_SET),

  617.         /* type modifiers */

  618.         /* Explicit tag */

  619.         ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

  620.         ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

  621.         /* Implicit tag */

  622.         ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

  623.         ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

  624.         /* OCTET STRING wrapper */

  625.         ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

  626.         /* SEQUENCE wrapper */

  627.         ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

  628.         /* SET wrapper */

  629.         ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

  630.         /* BIT STRING wrapper */

  631.         ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

  632.         ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

  633.         ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

  634.     };

  635. 

  636.     if (len == -1)

  637.         len = strlen(tagstr);

  638. 

  639.     tntmp = tnst;

  640.     for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {

  641.         if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

  642.             return tntmp->tag;

  643.     }

  644. 

  645.     return -1;

  646. }

  647. 

  648. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

  649. {

  650.     ASN1_TYPE *atmp = NULL;

  651. 

  652.     CONF_VALUE vtmp;

  653. 

  654.     unsigned char *rdata;

  655.     long rdlen;

  656. 

  657.     int no_unused = 1;

  658. 

  659.     if (!(atmp = ASN1_TYPE_new())) {

  660.         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  661.         return NULL;

  662.     }

  663. 

  664.     if (!str)

  665.         str = "";

  666. 

  667.     switch (utype) {

  668. 

  669.     case V_ASN1_NULL:

  670.         if (str && *str) {

  671.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE);

  672.             goto bad_form;

  673.         }

  674.         break;

  675. 

  676.     case V_ASN1_BOOLEAN:

  677.         if (format != ASN1_GEN_FORMAT_ASCII) {

  678.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT);

  679.             goto bad_form;

  680.         }

  681.         vtmp.name = NULL;

  682.         vtmp.section = NULL;

  683.         vtmp.value = (char *)str;

  684.         if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {

  685.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN);

  686.             goto bad_str;

  687.         }

  688.         break;

  689. 

  690.     case V_ASN1_INTEGER:

  691.     case V_ASN1_ENUMERATED:

  692.         if (format != ASN1_GEN_FORMAT_ASCII) {

  693.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

  694.             goto bad_form;

  695.         }

  696.         if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {

  697.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER);

  698.             goto bad_str;

  699.         }

  700.         break;

  701. 

  702.     case V_ASN1_OBJECT:

  703.         if (format != ASN1_GEN_FORMAT_ASCII) {

  704.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

  705.             goto bad_form;

  706.         }

  707.         if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {

  708.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);

  709.             goto bad_str;

  710.         }

  711.         break;

  712. 

  713.     case V_ASN1_UTCTIME:

  714.     case V_ASN1_GENERALIZEDTIME:

  715.         if (format != ASN1_GEN_FORMAT_ASCII) {

  716.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT);

  717.             goto bad_form;

  718.         }

  719.         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {

  720.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  721.             goto bad_str;

  722.         }

  723.         if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {

  724.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  725.             goto bad_str;

  726.         }

  727.         atmp->value.asn1_string->type = utype;

  728.         if (!ASN1_TIME_check(atmp->value.asn1_string)) {

  729.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);

  730.             goto bad_str;

  731.         }

  732. 

  733.         break;

  734. 

  735.     case V_ASN1_BMPSTRING:

  736.     case V_ASN1_PRINTABLESTRING:

  737.     case V_ASN1_IA5STRING:

  738.     case V_ASN1_T61STRING:

  739.     case V_ASN1_UTF8STRING:

  740.     case V_ASN1_VISIBLESTRING:

  741.     case V_ASN1_UNIVERSALSTRING:

  742.     case V_ASN1_GENERALSTRING:

  743.     case V_ASN1_NUMERICSTRING:

  744. 

  745.         if (format == ASN1_GEN_FORMAT_ASCII)

  746.             format = MBSTRING_ASC;

  747.         else if (format == ASN1_GEN_FORMAT_UTF8)

  748.             format = MBSTRING_UTF8;

  749.         else {

  750.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);

  751.             goto bad_form;

  752.         }

  753. 

  754.         if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

  755.                                -1, format, ASN1_tag2bit(utype)) <= 0) {

  756.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  757.             goto bad_str;

  758.         }

  759. 

  760.         break;

  761. 

  762.     case V_ASN1_BIT_STRING:

  763. 

  764.     case V_ASN1_OCTET_STRING:

  765. 

  766.         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {

  767.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  768.             goto bad_form;

  769.         }

  770. 

  771.         if (format == ASN1_GEN_FORMAT_HEX) {

  772. 

  773.             if (!(rdata = x509v3_hex_to_bytes((char *)str, &rdlen))) {

  774.                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);

  775.                 goto bad_str;

  776.             }

  777. 

  778.             atmp->value.asn1_string->data = rdata;

  779.             atmp->value.asn1_string->length = rdlen;

  780.             atmp->value.asn1_string->type = utype;

  781. 

  782.         } else if (format == ASN1_GEN_FORMAT_ASCII)

  783.             ASN1_STRING_set(atmp->value.asn1_string, str, -1);

  784.         else if ((format == ASN1_GEN_FORMAT_BITLIST)

  785.                  && (utype == V_ASN1_BIT_STRING)) {

  786.             if (!CONF_parse_list

  787.                 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {

  788.                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);

  789.                 goto bad_str;

  790.             }

  791.             no_unused = 0;

  792. 

  793.         } else {

  794.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

  795.             goto bad_form;

  796.         }

  797. 

  798.         if ((utype == V_ASN1_BIT_STRING) && no_unused) {

  799.             atmp->value.asn1_string->flags

  800.                 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);

  801.             atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;

  802.         }

  803. 

  804.         break;

  805. 

  806.     default:

  807.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE);

  808.         goto bad_str;

  809.         break;

  810.     }

  811. 

  812.     atmp->type = utype;

  813.     return atmp;

  814. 

  815.  bad_str:

  816.     ERR_add_error_data(2, "string=", str);

  817.  bad_form:

  818. 

  819.     ASN1_TYPE_free(atmp);

  820.     return NULL;

  821. 

  822. }

  823. 

  824. static int bitstr_cb(const char *elem, int len, void *bitstr)

  825. {

  826.     long bitnum;

  827.     char *eptr;

  828.     if (!elem)

  829.         return 0;

  830.     bitnum = strtoul(elem, &eptr, 10);

  831.     if (eptr && *eptr && (eptr != elem + len))

  832.         return 0;

  833.     if (bitnum < 0) {

  834.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);

  835.         return 0;

  836.     }

  837.     if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {

  838.         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  839.         return 0;

  840.     }

  841.     return 1;

  842. }