kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2203 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: 232127d245
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '232127d245'
${ noResults }
boringssl/crypto/x509/asn1_gen.c

820 lines
24 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/asn1.h>

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. 

  69. /*

  70.  * Although this file is in crypto/x509 for layering purposes, it emits

  71.  * errors from the ASN.1 module for OpenSSL compatibility.

  72.  */

  73. 

  74. #define ASN1_GEN_FLAG           0x10000

  75. #define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)

  76. #define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)

  77. #define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)

  78. #define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)

  79. #define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)

  80. #define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)

  81. #define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)

  82. #define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)

  83. 

  84. #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}

  85. 

  86. #define ASN1_FLAG_EXP_MAX       20

  87. 

  88. /* Input formats */

  89. 

  90. /* ASCII: default */

  91. #define ASN1_GEN_FORMAT_ASCII   1

  92. /* UTF8 */

  93. #define ASN1_GEN_FORMAT_UTF8    2

  94. /* Hex */

  95. #define ASN1_GEN_FORMAT_HEX     3

  96. /* List of bits */

  97. #define ASN1_GEN_FORMAT_BITLIST 4

  98. 

  99. struct tag_name_st {

  100.     const char *strnam;

  101.     int len;

  102.     int tag;

  103. };

  104. 

  105. typedef struct {

  106.     int exp_tag;

  107.     int exp_class;

  108.     int exp_constructed;

  109.     int exp_pad;

  110.     long exp_len;

  111. } tag_exp_type;

  112. 

  113. typedef struct {

  114.     int imp_tag;

  115.     int imp_class;

  116.     int utype;

  117.     int format;

  118.     const char *str;

  119.     tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

  120.     int exp_count;

  121. } tag_exp_arg;

  122. 

  123. static int bitstr_cb(const char *elem, int len, void *bitstr);

  124. static int asn1_cb(const char *elem, int len, void *bitstr);

  125. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,

  126.                       int exp_constructed, int exp_pad, int imp_ok);

  127. static int parse_tagging(const char *vstart, int vlen, int *ptag,

  128.                          int *pclass);

  129. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);

  130. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

  131. static int asn1_str2tag(const char *tagstr, int len);

  132. 

  133. ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

  134. {

  135.     X509V3_CTX cnf;

  136. 

  137.     if (!nconf)

  138.         return ASN1_generate_v3(str, NULL);

  139. 

  140.     X509V3_set_nconf(&cnf, nconf);

  141.     return ASN1_generate_v3(str, &cnf);

  142. }

  143. 

  144. ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

  145.     OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS

  146. {

  147.     ASN1_TYPE *ret;

  148.     tag_exp_arg asn1_tags;

  149.     tag_exp_type *etmp;

  150. 

  151.     int i, len;

  152. 

  153.     unsigned char *orig_der = NULL, *new_der = NULL;

  154.     const unsigned char *cpy_start;

  155.     unsigned char *p;

  156.     const unsigned char *cp;

  157.     int cpy_len;

  158.     long hdr_len;

  159.     int hdr_constructed = 0, hdr_tag, hdr_class;

  160.     int r;

  161. 

  162.     asn1_tags.imp_tag = -1;

  163.     asn1_tags.imp_class = -1;

  164.     asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

  165.     asn1_tags.exp_count = 0;

  166.     if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)

  167.         return NULL;

  168. 

  169.     if ((asn1_tags.utype == V_ASN1_SEQUENCE)

  170.         || (asn1_tags.utype == V_ASN1_SET)) {

  171.         if (!cnf) {

  172.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);

  173.             return NULL;

  174.         }

  175.         ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);

  176.     } else

  177.         ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

  178. 

  179.     if (!ret)

  180.         return NULL;

  181. 

  182.     /* If no tagging return base type */

  183.     if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

  184.         return ret;

  185. 

  186.     /* Generate the encoding */

  187.     cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

  188.     ASN1_TYPE_free(ret);

  189.     ret = NULL;

  190.     /* Set point to start copying for modified encoding */

  191.     cpy_start = orig_der;

  192. 

  193.     /* Do we need IMPLICIT tagging? */

  194.     if (asn1_tags.imp_tag != -1) {

  195.         /* If IMPLICIT we will replace the underlying tag */

  196.         /* Skip existing tag+len */

  197.         r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,

  198.                             cpy_len);

  199.         if (r & 0x80)

  200.             goto err;

  201.         /* Update copy length */

  202.         cpy_len -= cpy_start - orig_der;

  203.         /*

  204.          * For IMPLICIT tagging the length should match the original length

  205.          * and constructed flag should be consistent.

  206.          */

  207.         if (r & 0x1) {

  208.             /* Indefinite length constructed */

  209.             hdr_constructed = 2;

  210.             hdr_len = 0;

  211.         } else

  212.             /* Just retain constructed flag */

  213.             hdr_constructed = r & V_ASN1_CONSTRUCTED;

  214.         /*

  215.          * Work out new length with IMPLICIT tag: ignore constructed because

  216.          * it will mess up if indefinite length

  217.          */

  218.         len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

  219.     } else

  220.         len = cpy_len;

  221. 

  222.     /* Work out length in any EXPLICIT, starting from end */

  223. 

  224.     for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;

  225.          i < asn1_tags.exp_count; i++, etmp--) {

  226.         /* Content length: number of content octets + any padding */

  227.         len += etmp->exp_pad;

  228.         etmp->exp_len = len;

  229.         /* Total object length: length including new header */

  230.         len = ASN1_object_size(0, len, etmp->exp_tag);

  231.     }

  232. 

  233.     /* Allocate buffer for new encoding */

  234. 

  235.     new_der = OPENSSL_malloc(len);

  236.     if (!new_der)

  237.         goto err;

  238. 

  239.     /* Generate tagged encoding */

  240. 

  241.     p = new_der;

  242. 

  243.     /* Output explicit tags first */

  244. 

  245.     for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;

  246.          i++, etmp++) {

  247.         ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

  248.                         etmp->exp_tag, etmp->exp_class);

  249.         if (etmp->exp_pad)

  250.             *p++ = 0;

  251.     }

  252. 

  253.     /* If IMPLICIT, output tag */

  254. 

  255.     if (asn1_tags.imp_tag != -1) {

  256.         if (asn1_tags.imp_class == V_ASN1_UNIVERSAL

  257.             && (asn1_tags.imp_tag == V_ASN1_SEQUENCE

  258.                 || asn1_tags.imp_tag == V_ASN1_SET))

  259.             hdr_constructed = V_ASN1_CONSTRUCTED;

  260.         ASN1_put_object(&p, hdr_constructed, hdr_len,

  261.                         asn1_tags.imp_tag, asn1_tags.imp_class);

  262.     }

  263. 

  264.     /* Copy across original encoding */

  265.     memcpy(p, cpy_start, cpy_len);

  266. 

  267.     cp = new_der;

  268. 

  269.     /* Obtain new ASN1_TYPE structure */

  270.     ret = d2i_ASN1_TYPE(NULL, &cp, len);

  271. 

  272.  err:

  273.     if (orig_der)

  274.         OPENSSL_free(orig_der);

  275.     if (new_der)

  276.         OPENSSL_free(new_der);

  277. 

  278.     return ret;

  279. 

  280. }

  281. 

  282. static int asn1_cb(const char *elem, int len, void *bitstr)

  283. {

  284.     tag_exp_arg *arg = bitstr;

  285.     int i;

  286.     int utype;

  287.     int vlen = 0;

  288.     const char *p, *vstart = NULL;

  289. 

  290.     int tmp_tag, tmp_class;

  291. 

  292.     if (elem == NULL)

  293.         return 0;

  294. 

  295.     for (i = 0, p = elem; i < len; p++, i++) {

  296.         /* Look for the ':' in name value pairs */

  297.         if (*p == ':') {

  298.             vstart = p + 1;

  299.             vlen = len - (vstart - elem);

  300.             len = p - elem;

  301.             break;

  302.         }

  303.     }

  304. 

  305.     utype = asn1_str2tag(elem, len);

  306. 

  307.     if (utype == -1) {

  308.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);

  309.         ERR_add_error_data(2, "tag=", elem);

  310.         return -1;

  311.     }

  312. 

  313.     /* If this is not a modifier mark end of string and exit */

  314.     if (!(utype & ASN1_GEN_FLAG)) {

  315.         arg->utype = utype;

  316.         arg->str = vstart;

  317.         /* If no value and not end of string, error */

  318.         if (!vstart && elem[len]) {

  319.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);

  320.             return -1;

  321.         }

  322.         return 0;

  323.     }

  324. 

  325.     switch (utype) {

  326. 

  327.     case ASN1_GEN_FLAG_IMP:

  328.         /* Check for illegal multiple IMPLICIT tagging */

  329.         if (arg->imp_tag != -1) {

  330.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);

  331.             return -1;

  332.         }

  333.         if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

  334.             return -1;

  335.         break;

  336. 

  337.     case ASN1_GEN_FLAG_EXP:

  338. 

  339.         if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

  340.             return -1;

  341.         if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

  342.             return -1;

  343.         break;

  344. 

  345.     case ASN1_GEN_FLAG_SEQWRAP:

  346.         if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

  347.             return -1;

  348.         break;

  349. 

  350.     case ASN1_GEN_FLAG_SETWRAP:

  351.         if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

  352.             return -1;

  353.         break;

  354. 

  355.     case ASN1_GEN_FLAG_BITWRAP:

  356.         if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

  357.             return -1;

  358.         break;

  359. 

  360.     case ASN1_GEN_FLAG_OCTWRAP:

  361.         if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

  362.             return -1;

  363.         break;

  364. 

  365.     case ASN1_GEN_FLAG_FORMAT:

  366.         if (!vstart) {

  367.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);

  368.             return -1;

  369.         }

  370.         if (!strncmp(vstart, "ASCII", 5))

  371.             arg->format = ASN1_GEN_FORMAT_ASCII;

  372.         else if (!strncmp(vstart, "UTF8", 4))

  373.             arg->format = ASN1_GEN_FORMAT_UTF8;

  374.         else if (!strncmp(vstart, "HEX", 3))

  375.             arg->format = ASN1_GEN_FORMAT_HEX;

  376.         else if (!strncmp(vstart, "BITLIST", 7))

  377.             arg->format = ASN1_GEN_FORMAT_BITLIST;

  378.         else {

  379.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);

  380.             return -1;

  381.         }

  382.         break;

  383. 

  384.     }

  385. 

  386.     return 1;

  387. 

  388. }

  389. 

  390. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

  391. {

  392.     char erch[2];

  393.     long tag_num;

  394.     char *eptr;

  395.     if (!vstart)

  396.         return 0;

  397.     tag_num = strtoul(vstart, &eptr, 10);

  398.     /* Check we haven't gone past max length: should be impossible */

  399.     if (eptr && *eptr && (eptr > vstart + vlen))

  400.         return 0;

  401.     if (tag_num < 0) {

  402.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);

  403.         return 0;

  404.     }

  405.     *ptag = tag_num;

  406.     /* If we have non numeric characters, parse them */

  407.     if (eptr)

  408.         vlen -= eptr - vstart;

  409.     else

  410.         vlen = 0;

  411.     if (vlen) {

  412.         switch (*eptr) {

  413. 

  414.         case 'U':

  415.             *pclass = V_ASN1_UNIVERSAL;

  416.             break;

  417. 

  418.         case 'A':

  419.             *pclass = V_ASN1_APPLICATION;

  420.             break;

  421. 

  422.         case 'P':

  423.             *pclass = V_ASN1_PRIVATE;

  424.             break;

  425. 

  426.         case 'C':

  427.             *pclass = V_ASN1_CONTEXT_SPECIFIC;

  428.             break;

  429. 

  430.         default:

  431.             erch[0] = *eptr;

  432.             erch[1] = 0;

  433.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER);

  434.             ERR_add_error_data(2, "Char=", erch);

  435.             return 0;

  436.             break;

  437. 

  438.         }

  439.     } else

  440.         *pclass = V_ASN1_CONTEXT_SPECIFIC;

  441. 

  442.     return 1;

  443. 

  444. }

  445. 

  446. /* Handle multiple types: SET and SEQUENCE */

  447. 

  448. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)

  449. {

  450.     ASN1_TYPE *ret = NULL;

  451.     STACK_OF(ASN1_TYPE) *sk = NULL;

  452.     STACK_OF(CONF_VALUE) *sect = NULL;

  453.     unsigned char *der = NULL;

  454.     int derlen;

  455.     size_t i;

  456.     sk = sk_ASN1_TYPE_new_null();

  457.     if (!sk)

  458.         goto bad;

  459.     if (section) {

  460.         if (!cnf)

  461.             goto bad;

  462.         sect = X509V3_get_section(cnf, (char *)section);

  463.         if (!sect)

  464.             goto bad;

  465.         for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {

  466.             ASN1_TYPE *typ =

  467.                 ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);

  468.             if (!typ)

  469.                 goto bad;

  470.             if (!sk_ASN1_TYPE_push(sk, typ))

  471.                 goto bad;

  472.         }

  473.     }

  474. 

  475.     /*

  476.      * Now we has a STACK of the components, convert to the correct form

  477.      */

  478. 

  479.     if (utype == V_ASN1_SET)

  480.         derlen = i2d_ASN1_SET_ANY(sk, &der);

  481.     else

  482.         derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);

  483. 

  484.     if (derlen < 0)

  485.         goto bad;

  486. 

  487.     if (!(ret = ASN1_TYPE_new()))

  488.         goto bad;

  489. 

  490.     if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

  491.         goto bad;

  492. 

  493.     ret->type = utype;

  494. 

  495.     ret->value.asn1_string->data = der;

  496.     ret->value.asn1_string->length = derlen;

  497. 

  498.     der = NULL;

  499. 

  500.  bad:

  501. 

  502.     if (der)

  503.         OPENSSL_free(der);

  504. 

  505.     if (sk)

  506.         sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

  507.     if (sect)

  508.         X509V3_section_free(cnf, sect);

  509. 

  510.     return ret;

  511. }

  512. 

  513. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,

  514.                       int exp_constructed, int exp_pad, int imp_ok)

  515. {

  516.     tag_exp_type *exp_tmp;

  517.     /* Can only have IMPLICIT if permitted */

  518.     if ((arg->imp_tag != -1) && !imp_ok) {

  519.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG);

  520.         return 0;

  521.     }

  522. 

  523.     if (arg->exp_count == ASN1_FLAG_EXP_MAX) {

  524.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED);

  525.         return 0;

  526.     }

  527. 

  528.     exp_tmp = &arg->exp_list[arg->exp_count++];

  529. 

  530.     /*

  531.      * If IMPLICIT set tag to implicit value then reset implicit tag since it

  532.      * has been used.

  533.      */

  534.     if (arg->imp_tag != -1) {

  535.         exp_tmp->exp_tag = arg->imp_tag;

  536.         exp_tmp->exp_class = arg->imp_class;

  537.         arg->imp_tag = -1;

  538.         arg->imp_class = -1;

  539.     } else {

  540.         exp_tmp->exp_tag = exp_tag;

  541.         exp_tmp->exp_class = exp_class;

  542.     }

  543.     exp_tmp->exp_constructed = exp_constructed;

  544.     exp_tmp->exp_pad = exp_pad;

  545. 

  546.     return 1;

  547. }

  548. 

  549. static int asn1_str2tag(const char *tagstr, int len)

  550. {

  551.     unsigned int i;

  552.     static const struct tag_name_st *tntmp, tnst[] = {

  553.         ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

  554.         ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

  555.         ASN1_GEN_STR("NULL", V_ASN1_NULL),

  556.         ASN1_GEN_STR("INT", V_ASN1_INTEGER),

  557.         ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

  558.         ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

  559.         ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

  560.         ASN1_GEN_STR("OID", V_ASN1_OBJECT),

  561.         ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

  562.         ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

  563.         ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

  564.         ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

  565.         ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

  566.         ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

  567.         ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

  568.         ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

  569.         ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

  570.         ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

  571.         ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

  572.         ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

  573.         ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

  574.         ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

  575.         ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

  576.         ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

  577.         ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

  578.         ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

  579.         ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

  580.         ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

  581.         ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

  582.         ASN1_GEN_STR("T61", V_ASN1_T61STRING),

  583.         ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

  584.         ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

  585.         ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

  586.         ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

  587.         ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),

  588.         ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),

  589. 

  590.         /* Special cases */

  591.         ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

  592.         ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

  593.         ASN1_GEN_STR("SET", V_ASN1_SET),

  594.         /* type modifiers */

  595.         /* Explicit tag */

  596.         ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

  597.         ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

  598.         /* Implicit tag */

  599.         ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

  600.         ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

  601.         /* OCTET STRING wrapper */

  602.         ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

  603.         /* SEQUENCE wrapper */

  604.         ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

  605.         /* SET wrapper */

  606.         ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

  607.         /* BIT STRING wrapper */

  608.         ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

  609.         ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

  610.         ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

  611.     };

  612. 

  613.     if (len == -1)

  614.         len = strlen(tagstr);

  615. 

  616.     tntmp = tnst;

  617.     for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {

  618.         if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

  619.             return tntmp->tag;

  620.     }

  621. 

  622.     return -1;

  623. }

  624. 

  625. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

  626. {

  627.     ASN1_TYPE *atmp = NULL;

  628. 

  629.     CONF_VALUE vtmp;

  630. 

  631.     unsigned char *rdata;

  632.     long rdlen;

  633. 

  634.     int no_unused = 1;

  635. 

  636.     if (!(atmp = ASN1_TYPE_new())) {

  637.         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  638.         return NULL;

  639.     }

  640. 

  641.     if (!str)

  642.         str = "";

  643. 

  644.     switch (utype) {

  645. 

  646.     case V_ASN1_NULL:

  647.         if (str && *str) {

  648.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE);

  649.             goto bad_form;

  650.         }

  651.         break;

  652. 

  653.     case V_ASN1_BOOLEAN:

  654.         if (format != ASN1_GEN_FORMAT_ASCII) {

  655.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT);

  656.             goto bad_form;

  657.         }

  658.         vtmp.name = NULL;

  659.         vtmp.section = NULL;

  660.         vtmp.value = (char *)str;

  661.         if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {

  662.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN);

  663.             goto bad_str;

  664.         }

  665.         break;

  666. 

  667.     case V_ASN1_INTEGER:

  668.     case V_ASN1_ENUMERATED:

  669.         if (format != ASN1_GEN_FORMAT_ASCII) {

  670.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

  671.             goto bad_form;

  672.         }

  673.         if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {

  674.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER);

  675.             goto bad_str;

  676.         }

  677.         break;

  678. 

  679.     case V_ASN1_OBJECT:

  680.         if (format != ASN1_GEN_FORMAT_ASCII) {

  681.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

  682.             goto bad_form;

  683.         }

  684.         if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {

  685.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);

  686.             goto bad_str;

  687.         }

  688.         break;

  689. 

  690.     case V_ASN1_UTCTIME:

  691.     case V_ASN1_GENERALIZEDTIME:

  692.         if (format != ASN1_GEN_FORMAT_ASCII) {

  693.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT);

  694.             goto bad_form;

  695.         }

  696.         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {

  697.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  698.             goto bad_str;

  699.         }

  700.         if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {

  701.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  702.             goto bad_str;

  703.         }

  704.         atmp->value.asn1_string->type = utype;

  705.         if (!ASN1_TIME_check(atmp->value.asn1_string)) {

  706.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);

  707.             goto bad_str;

  708.         }

  709. 

  710.         break;

  711. 

  712.     case V_ASN1_BMPSTRING:

  713.     case V_ASN1_PRINTABLESTRING:

  714.     case V_ASN1_IA5STRING:

  715.     case V_ASN1_T61STRING:

  716.     case V_ASN1_UTF8STRING:

  717.     case V_ASN1_VISIBLESTRING:

  718.     case V_ASN1_UNIVERSALSTRING:

  719.     case V_ASN1_GENERALSTRING:

  720.     case V_ASN1_NUMERICSTRING:

  721. 

  722.         if (format == ASN1_GEN_FORMAT_ASCII)

  723.             format = MBSTRING_ASC;

  724.         else if (format == ASN1_GEN_FORMAT_UTF8)

  725.             format = MBSTRING_UTF8;

  726.         else {

  727.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);

  728.             goto bad_form;

  729.         }

  730. 

  731.         if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

  732.                                -1, format, ASN1_tag2bit(utype)) <= 0) {

  733.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  734.             goto bad_str;

  735.         }

  736. 

  737.         break;

  738. 

  739.     case V_ASN1_BIT_STRING:

  740. 

  741.     case V_ASN1_OCTET_STRING:

  742. 

  743.         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {

  744.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  745.             goto bad_form;

  746.         }

  747. 

  748.         if (format == ASN1_GEN_FORMAT_HEX) {

  749. 

  750.             if (!(rdata = string_to_hex((char *)str, &rdlen))) {

  751.                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);

  752.                 goto bad_str;

  753.             }

  754. 

  755.             atmp->value.asn1_string->data = rdata;

  756.             atmp->value.asn1_string->length = rdlen;

  757.             atmp->value.asn1_string->type = utype;

  758. 

  759.         } else if (format == ASN1_GEN_FORMAT_ASCII)

  760.             ASN1_STRING_set(atmp->value.asn1_string, str, -1);

  761.         else if ((format == ASN1_GEN_FORMAT_BITLIST)

  762.                  && (utype == V_ASN1_BIT_STRING)) {

  763.             if (!CONF_parse_list

  764.                 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {

  765.                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);

  766.                 goto bad_str;

  767.             }

  768.             no_unused = 0;

  769. 

  770.         } else {

  771.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

  772.             goto bad_form;

  773.         }

  774. 

  775.         if ((utype == V_ASN1_BIT_STRING) && no_unused) {

  776.             atmp->value.asn1_string->flags

  777.                 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);

  778.             atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;

  779.         }

  780. 

  781.         break;

  782. 

  783.     default:

  784.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE);

  785.         goto bad_str;

  786.         break;

  787.     }

  788. 

  789.     atmp->type = utype;

  790.     return atmp;

  791. 

  792.  bad_str:

  793.     ERR_add_error_data(2, "string=", str);

  794.  bad_form:

  795. 

  796.     ASN1_TYPE_free(atmp);

  797.     return NULL;

  798. 

  799. }

  800. 

  801. static int bitstr_cb(const char *elem, int len, void *bitstr)

  802. {

  803.     long bitnum;

  804.     char *eptr;

  805.     if (!elem)

  806.         return 0;

  807.     bitnum = strtoul(elem, &eptr, 10);

  808.     if (eptr && *eptr && (eptr != elem + len))

  809.         return 0;

  810.     if (bitnum < 0) {

  811.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);

  812.         return 0;

  813.     }

  814.     if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {

  815.         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  816.         return 0;

  817.     }

  818.     return 1;

  819. }