kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
3598 Коміти
12 Гілки
38 MiB
 
 
 
 
 
 
Дерево: 97db926cf7
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з '97db926cf7'
${ noResults }
boringssl/crypto/x509/asn1_gen.c

819 рядки
24 KiB
Неформатований Звинувачення Історія 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/asn1.h>

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. 

  69. /*

  70.  * Although this file is in crypto/x509 for layering purposes, it emits

  71.  * errors from the ASN.1 module for OpenSSL compatibility.

  72.  */

  73. 

  74. #define ASN1_GEN_FLAG           0x10000

  75. #define ASN1_GEN_FLAG_IMP       (ASN1_GEN_FLAG|1)

  76. #define ASN1_GEN_FLAG_EXP       (ASN1_GEN_FLAG|2)

  77. #define ASN1_GEN_FLAG_TAG       (ASN1_GEN_FLAG|3)

  78. #define ASN1_GEN_FLAG_BITWRAP   (ASN1_GEN_FLAG|4)

  79. #define ASN1_GEN_FLAG_OCTWRAP   (ASN1_GEN_FLAG|5)

  80. #define ASN1_GEN_FLAG_SEQWRAP   (ASN1_GEN_FLAG|6)

  81. #define ASN1_GEN_FLAG_SETWRAP   (ASN1_GEN_FLAG|7)

  82. #define ASN1_GEN_FLAG_FORMAT    (ASN1_GEN_FLAG|8)

  83. 

  84. #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}

  85. 

  86. #define ASN1_FLAG_EXP_MAX       20

  87. 

  88. /* Input formats */

  89. 

  90. /* ASCII: default */

  91. #define ASN1_GEN_FORMAT_ASCII   1

  92. /* UTF8 */

  93. #define ASN1_GEN_FORMAT_UTF8    2

  94. /* Hex */

  95. #define ASN1_GEN_FORMAT_HEX     3

  96. /* List of bits */

  97. #define ASN1_GEN_FORMAT_BITLIST 4

  98. 

  99. struct tag_name_st {

  100.     const char *strnam;

  101.     int len;

  102.     int tag;

  103. };

  104. 

  105. typedef struct {

  106.     int exp_tag;

  107.     int exp_class;

  108.     int exp_constructed;

  109.     int exp_pad;

  110.     long exp_len;

  111. } tag_exp_type;

  112. 

  113. typedef struct {

  114.     int imp_tag;

  115.     int imp_class;

  116.     int utype;

  117.     int format;

  118.     const char *str;

  119.     tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

  120.     int exp_count;

  121. } tag_exp_arg;

  122. 

  123. static int bitstr_cb(const char *elem, int len, void *bitstr);

  124. static int asn1_cb(const char *elem, int len, void *bitstr);

  125. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,

  126.                       int exp_constructed, int exp_pad, int imp_ok);

  127. static int parse_tagging(const char *vstart, int vlen, int *ptag,

  128.                          int *pclass);

  129. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);

  130. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

  131. static int asn1_str2tag(const char *tagstr, int len);

  132. 

  133. ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

  134. {

  135.     X509V3_CTX cnf;

  136. 

  137.     if (!nconf)

  138.         return ASN1_generate_v3(str, NULL);

  139. 

  140.     X509V3_set_nconf(&cnf, nconf);

  141.     return ASN1_generate_v3(str, &cnf);

  142. }

  143. 

  144. ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

  145. {

  146.     ASN1_TYPE *ret;

  147.     tag_exp_arg asn1_tags;

  148.     tag_exp_type *etmp;

  149. 

  150.     int i, len;

  151. 

  152.     unsigned char *orig_der = NULL, *new_der = NULL;

  153.     const unsigned char *cpy_start;

  154.     unsigned char *p;

  155.     const unsigned char *cp;

  156.     int cpy_len;

  157.     long hdr_len = 0;

  158.     int hdr_constructed = 0, hdr_tag, hdr_class;

  159.     int r;

  160. 

  161.     asn1_tags.imp_tag = -1;

  162.     asn1_tags.imp_class = -1;

  163.     asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

  164.     asn1_tags.exp_count = 0;

  165.     if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)

  166.         return NULL;

  167. 

  168.     if ((asn1_tags.utype == V_ASN1_SEQUENCE)

  169.         || (asn1_tags.utype == V_ASN1_SET)) {

  170.         if (!cnf) {

  171.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);

  172.             return NULL;

  173.         }

  174.         ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);

  175.     } else

  176.         ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

  177. 

  178.     if (!ret)

  179.         return NULL;

  180. 

  181.     /* If no tagging return base type */

  182.     if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

  183.         return ret;

  184. 

  185.     /* Generate the encoding */

  186.     cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

  187.     ASN1_TYPE_free(ret);

  188.     ret = NULL;

  189.     /* Set point to start copying for modified encoding */

  190.     cpy_start = orig_der;

  191. 

  192.     /* Do we need IMPLICIT tagging? */

  193.     if (asn1_tags.imp_tag != -1) {

  194.         /* If IMPLICIT we will replace the underlying tag */

  195.         /* Skip existing tag+len */

  196.         r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class,

  197.                             cpy_len);

  198.         if (r & 0x80)

  199.             goto err;

  200.         /* Update copy length */

  201.         cpy_len -= cpy_start - orig_der;

  202.         /*

  203.          * For IMPLICIT tagging the length should match the original length

  204.          * and constructed flag should be consistent.

  205.          */

  206.         if (r & 0x1) {

  207.             /* Indefinite length constructed */

  208.             hdr_constructed = 2;

  209.             hdr_len = 0;

  210.         } else

  211.             /* Just retain constructed flag */

  212.             hdr_constructed = r & V_ASN1_CONSTRUCTED;

  213.         /*

  214.          * Work out new length with IMPLICIT tag: ignore constructed because

  215.          * it will mess up if indefinite length

  216.          */

  217.         len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

  218.     } else

  219.         len = cpy_len;

  220. 

  221.     /* Work out length in any EXPLICIT, starting from end */

  222. 

  223.     for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;

  224.          i < asn1_tags.exp_count; i++, etmp--) {

  225.         /* Content length: number of content octets + any padding */

  226.         len += etmp->exp_pad;

  227.         etmp->exp_len = len;

  228.         /* Total object length: length including new header */

  229.         len = ASN1_object_size(0, len, etmp->exp_tag);

  230.     }

  231. 

  232.     /* Allocate buffer for new encoding */

  233. 

  234.     new_der = OPENSSL_malloc(len);

  235.     if (!new_der)

  236.         goto err;

  237. 

  238.     /* Generate tagged encoding */

  239. 

  240.     p = new_der;

  241. 

  242.     /* Output explicit tags first */

  243. 

  244.     for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;

  245.          i++, etmp++) {

  246.         ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

  247.                         etmp->exp_tag, etmp->exp_class);

  248.         if (etmp->exp_pad)

  249.             *p++ = 0;

  250.     }

  251. 

  252.     /* If IMPLICIT, output tag */

  253. 

  254.     if (asn1_tags.imp_tag != -1) {

  255.         if (asn1_tags.imp_class == V_ASN1_UNIVERSAL

  256.             && (asn1_tags.imp_tag == V_ASN1_SEQUENCE

  257.                 || asn1_tags.imp_tag == V_ASN1_SET))

  258.             hdr_constructed = V_ASN1_CONSTRUCTED;

  259.         ASN1_put_object(&p, hdr_constructed, hdr_len,

  260.                         asn1_tags.imp_tag, asn1_tags.imp_class);

  261.     }

  262. 

  263.     /* Copy across original encoding */

  264.     memcpy(p, cpy_start, cpy_len);

  265. 

  266.     cp = new_der;

  267. 

  268.     /* Obtain new ASN1_TYPE structure */

  269.     ret = d2i_ASN1_TYPE(NULL, &cp, len);

  270. 

  271.  err:

  272.     if (orig_der)

  273.         OPENSSL_free(orig_der);

  274.     if (new_der)

  275.         OPENSSL_free(new_der);

  276. 

  277.     return ret;

  278. 

  279. }

  280. 

  281. static int asn1_cb(const char *elem, int len, void *bitstr)

  282. {

  283.     tag_exp_arg *arg = bitstr;

  284.     int i;

  285.     int utype;

  286.     int vlen = 0;

  287.     const char *p, *vstart = NULL;

  288. 

  289.     int tmp_tag, tmp_class;

  290. 

  291.     if (elem == NULL)

  292.         return 0;

  293. 

  294.     for (i = 0, p = elem; i < len; p++, i++) {

  295.         /* Look for the ':' in name value pairs */

  296.         if (*p == ':') {

  297.             vstart = p + 1;

  298.             vlen = len - (vstart - elem);

  299.             len = p - elem;

  300.             break;

  301.         }

  302.     }

  303. 

  304.     utype = asn1_str2tag(elem, len);

  305. 

  306.     if (utype == -1) {

  307.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_TAG);

  308.         ERR_add_error_data(2, "tag=", elem);

  309.         return -1;

  310.     }

  311. 

  312.     /* If this is not a modifier mark end of string and exit */

  313.     if (!(utype & ASN1_GEN_FLAG)) {

  314.         arg->utype = utype;

  315.         arg->str = vstart;

  316.         /* If no value and not end of string, error */

  317.         if (!vstart && elem[len]) {

  318.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_VALUE);

  319.             return -1;

  320.         }

  321.         return 0;

  322.     }

  323. 

  324.     switch (utype) {

  325. 

  326.     case ASN1_GEN_FLAG_IMP:

  327.         /* Check for illegal multiple IMPLICIT tagging */

  328.         if (arg->imp_tag != -1) {

  329.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING);

  330.             return -1;

  331.         }

  332.         if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

  333.             return -1;

  334.         break;

  335. 

  336.     case ASN1_GEN_FLAG_EXP:

  337. 

  338.         if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

  339.             return -1;

  340.         if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

  341.             return -1;

  342.         break;

  343. 

  344.     case ASN1_GEN_FLAG_SEQWRAP:

  345.         if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

  346.             return -1;

  347.         break;

  348. 

  349.     case ASN1_GEN_FLAG_SETWRAP:

  350.         if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

  351.             return -1;

  352.         break;

  353. 

  354.     case ASN1_GEN_FLAG_BITWRAP:

  355.         if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

  356.             return -1;

  357.         break;

  358. 

  359.     case ASN1_GEN_FLAG_OCTWRAP:

  360.         if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

  361.             return -1;

  362.         break;

  363. 

  364.     case ASN1_GEN_FLAG_FORMAT:

  365.         if (!vstart) {

  366.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);

  367.             return -1;

  368.         }

  369.         if (!strncmp(vstart, "ASCII", 5))

  370.             arg->format = ASN1_GEN_FORMAT_ASCII;

  371.         else if (!strncmp(vstart, "UTF8", 4))

  372.             arg->format = ASN1_GEN_FORMAT_UTF8;

  373.         else if (!strncmp(vstart, "HEX", 3))

  374.             arg->format = ASN1_GEN_FORMAT_HEX;

  375.         else if (!strncmp(vstart, "BITLIST", 7))

  376.             arg->format = ASN1_GEN_FORMAT_BITLIST;

  377.         else {

  378.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNKNOWN_FORMAT);

  379.             return -1;

  380.         }

  381.         break;

  382. 

  383.     }

  384. 

  385.     return 1;

  386. 

  387. }

  388. 

  389. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

  390. {

  391.     char erch[2];

  392.     long tag_num;

  393.     char *eptr;

  394.     if (!vstart)

  395.         return 0;

  396.     tag_num = strtoul(vstart, &eptr, 10);

  397.     /* Check we haven't gone past max length: should be impossible */

  398.     if (eptr && *eptr && (eptr > vstart + vlen))

  399.         return 0;

  400.     if (tag_num < 0) {

  401.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);

  402.         return 0;

  403.     }

  404.     *ptag = tag_num;

  405.     /* If we have non numeric characters, parse them */

  406.     if (eptr)

  407.         vlen -= eptr - vstart;

  408.     else

  409.         vlen = 0;

  410.     if (vlen) {

  411.         switch (*eptr) {

  412. 

  413.         case 'U':

  414.             *pclass = V_ASN1_UNIVERSAL;

  415.             break;

  416. 

  417.         case 'A':

  418.             *pclass = V_ASN1_APPLICATION;

  419.             break;

  420. 

  421.         case 'P':

  422.             *pclass = V_ASN1_PRIVATE;

  423.             break;

  424. 

  425.         case 'C':

  426.             *pclass = V_ASN1_CONTEXT_SPECIFIC;

  427.             break;

  428. 

  429.         default:

  430.             erch[0] = *eptr;

  431.             erch[1] = 0;

  432.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_MODIFIER);

  433.             ERR_add_error_data(2, "Char=", erch);

  434.             return 0;

  435.             break;

  436. 

  437.         }

  438.     } else

  439.         *pclass = V_ASN1_CONTEXT_SPECIFIC;

  440. 

  441.     return 1;

  442. 

  443. }

  444. 

  445. /* Handle multiple types: SET and SEQUENCE */

  446. 

  447. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)

  448. {

  449.     ASN1_TYPE *ret = NULL;

  450.     STACK_OF(ASN1_TYPE) *sk = NULL;

  451.     STACK_OF(CONF_VALUE) *sect = NULL;

  452.     unsigned char *der = NULL;

  453.     int derlen;

  454.     size_t i;

  455.     sk = sk_ASN1_TYPE_new_null();

  456.     if (!sk)

  457.         goto bad;

  458.     if (section) {

  459.         if (!cnf)

  460.             goto bad;

  461.         sect = X509V3_get_section(cnf, (char *)section);

  462.         if (!sect)

  463.             goto bad;

  464.         for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {

  465.             ASN1_TYPE *typ =

  466.                 ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);

  467.             if (!typ)

  468.                 goto bad;

  469.             if (!sk_ASN1_TYPE_push(sk, typ))

  470.                 goto bad;

  471.         }

  472.     }

  473. 

  474.     /*

  475.      * Now we has a STACK of the components, convert to the correct form

  476.      */

  477. 

  478.     if (utype == V_ASN1_SET)

  479.         derlen = i2d_ASN1_SET_ANY(sk, &der);

  480.     else

  481.         derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);

  482. 

  483.     if (derlen < 0)

  484.         goto bad;

  485. 

  486.     if (!(ret = ASN1_TYPE_new()))

  487.         goto bad;

  488. 

  489.     if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

  490.         goto bad;

  491. 

  492.     ret->type = utype;

  493. 

  494.     ret->value.asn1_string->data = der;

  495.     ret->value.asn1_string->length = derlen;

  496. 

  497.     der = NULL;

  498. 

  499.  bad:

  500. 

  501.     if (der)

  502.         OPENSSL_free(der);

  503. 

  504.     if (sk)

  505.         sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

  506.     if (sect)

  507.         X509V3_section_free(cnf, sect);

  508. 

  509.     return ret;

  510. }

  511. 

  512. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,

  513.                       int exp_constructed, int exp_pad, int imp_ok)

  514. {

  515.     tag_exp_type *exp_tmp;

  516.     /* Can only have IMPLICIT if permitted */

  517.     if ((arg->imp_tag != -1) && !imp_ok) {

  518.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG);

  519.         return 0;

  520.     }

  521. 

  522.     if (arg->exp_count == ASN1_FLAG_EXP_MAX) {

  523.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_DEPTH_EXCEEDED);

  524.         return 0;

  525.     }

  526. 

  527.     exp_tmp = &arg->exp_list[arg->exp_count++];

  528. 

  529.     /*

  530.      * If IMPLICIT set tag to implicit value then reset implicit tag since it

  531.      * has been used.

  532.      */

  533.     if (arg->imp_tag != -1) {

  534.         exp_tmp->exp_tag = arg->imp_tag;

  535.         exp_tmp->exp_class = arg->imp_class;

  536.         arg->imp_tag = -1;

  537.         arg->imp_class = -1;

  538.     } else {

  539.         exp_tmp->exp_tag = exp_tag;

  540.         exp_tmp->exp_class = exp_class;

  541.     }

  542.     exp_tmp->exp_constructed = exp_constructed;

  543.     exp_tmp->exp_pad = exp_pad;

  544. 

  545.     return 1;

  546. }

  547. 

  548. static int asn1_str2tag(const char *tagstr, int len)

  549. {

  550.     unsigned int i;

  551.     static const struct tag_name_st *tntmp, tnst[] = {

  552.         ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

  553.         ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

  554.         ASN1_GEN_STR("NULL", V_ASN1_NULL),

  555.         ASN1_GEN_STR("INT", V_ASN1_INTEGER),

  556.         ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

  557.         ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

  558.         ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

  559.         ASN1_GEN_STR("OID", V_ASN1_OBJECT),

  560.         ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

  561.         ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

  562.         ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

  563.         ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

  564.         ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

  565.         ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

  566.         ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

  567.         ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

  568.         ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

  569.         ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

  570.         ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

  571.         ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

  572.         ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

  573.         ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

  574.         ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

  575.         ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

  576.         ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

  577.         ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

  578.         ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

  579.         ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

  580.         ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

  581.         ASN1_GEN_STR("T61", V_ASN1_T61STRING),

  582.         ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

  583.         ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

  584.         ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

  585.         ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

  586.         ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),

  587.         ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),

  588. 

  589.         /* Special cases */

  590.         ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

  591.         ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

  592.         ASN1_GEN_STR("SET", V_ASN1_SET),

  593.         /* type modifiers */

  594.         /* Explicit tag */

  595.         ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

  596.         ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

  597.         /* Implicit tag */

  598.         ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

  599.         ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

  600.         /* OCTET STRING wrapper */

  601.         ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

  602.         /* SEQUENCE wrapper */

  603.         ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

  604.         /* SET wrapper */

  605.         ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

  606.         /* BIT STRING wrapper */

  607.         ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

  608.         ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

  609.         ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

  610.     };

  611. 

  612.     if (len == -1)

  613.         len = strlen(tagstr);

  614. 

  615.     tntmp = tnst;

  616.     for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) {

  617.         if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

  618.             return tntmp->tag;

  619.     }

  620. 

  621.     return -1;

  622. }

  623. 

  624. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

  625. {

  626.     ASN1_TYPE *atmp = NULL;

  627. 

  628.     CONF_VALUE vtmp;

  629. 

  630.     unsigned char *rdata;

  631.     long rdlen;

  632. 

  633.     int no_unused = 1;

  634. 

  635.     if (!(atmp = ASN1_TYPE_new())) {

  636.         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  637.         return NULL;

  638.     }

  639. 

  640.     if (!str)

  641.         str = "";

  642. 

  643.     switch (utype) {

  644. 

  645.     case V_ASN1_NULL:

  646.         if (str && *str) {

  647.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL_VALUE);

  648.             goto bad_form;

  649.         }

  650.         break;

  651. 

  652.     case V_ASN1_BOOLEAN:

  653.         if (format != ASN1_GEN_FORMAT_ASCII) {

  654.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ASCII_FORMAT);

  655.             goto bad_form;

  656.         }

  657.         vtmp.name = NULL;

  658.         vtmp.section = NULL;

  659.         vtmp.value = (char *)str;

  660.         if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {

  661.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BOOLEAN);

  662.             goto bad_str;

  663.         }

  664.         break;

  665. 

  666.     case V_ASN1_INTEGER:

  667.     case V_ASN1_ENUMERATED:

  668.         if (format != ASN1_GEN_FORMAT_ASCII) {

  669.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

  670.             goto bad_form;

  671.         }

  672.         if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) {

  673.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_INTEGER);

  674.             goto bad_str;

  675.         }

  676.         break;

  677. 

  678.     case V_ASN1_OBJECT:

  679.         if (format != ASN1_GEN_FORMAT_ASCII) {

  680.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

  681.             goto bad_form;

  682.         }

  683.         if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {

  684.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);

  685.             goto bad_str;

  686.         }

  687.         break;

  688. 

  689.     case V_ASN1_UTCTIME:

  690.     case V_ASN1_GENERALIZEDTIME:

  691.         if (format != ASN1_GEN_FORMAT_ASCII) {

  692.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT);

  693.             goto bad_form;

  694.         }

  695.         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {

  696.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  697.             goto bad_str;

  698.         }

  699.         if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {

  700.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  701.             goto bad_str;

  702.         }

  703.         atmp->value.asn1_string->type = utype;

  704.         if (!ASN1_TIME_check(atmp->value.asn1_string)) {

  705.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TIME_VALUE);

  706.             goto bad_str;

  707.         }

  708. 

  709.         break;

  710. 

  711.     case V_ASN1_BMPSTRING:

  712.     case V_ASN1_PRINTABLESTRING:

  713.     case V_ASN1_IA5STRING:

  714.     case V_ASN1_T61STRING:

  715.     case V_ASN1_UTF8STRING:

  716.     case V_ASN1_VISIBLESTRING:

  717.     case V_ASN1_UNIVERSALSTRING:

  718.     case V_ASN1_GENERALSTRING:

  719.     case V_ASN1_NUMERICSTRING:

  720. 

  721.         if (format == ASN1_GEN_FORMAT_ASCII)

  722.             format = MBSTRING_ASC;

  723.         else if (format == ASN1_GEN_FORMAT_UTF8)

  724.             format = MBSTRING_UTF8;

  725.         else {

  726.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_FORMAT);

  727.             goto bad_form;

  728.         }

  729. 

  730.         if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

  731.                                -1, format, ASN1_tag2bit(utype)) <= 0) {

  732.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  733.             goto bad_str;

  734.         }

  735. 

  736.         break;

  737. 

  738.     case V_ASN1_BIT_STRING:

  739. 

  740.     case V_ASN1_OCTET_STRING:

  741. 

  742.         if (!(atmp->value.asn1_string = ASN1_STRING_new())) {

  743.             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  744.             goto bad_form;

  745.         }

  746. 

  747.         if (format == ASN1_GEN_FORMAT_HEX) {

  748. 

  749.             if (!(rdata = string_to_hex((char *)str, &rdlen))) {

  750.                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_HEX);

  751.                 goto bad_str;

  752.             }

  753. 

  754.             atmp->value.asn1_string->data = rdata;

  755.             atmp->value.asn1_string->length = rdlen;

  756.             atmp->value.asn1_string->type = utype;

  757. 

  758.         } else if (format == ASN1_GEN_FORMAT_ASCII)

  759.             ASN1_STRING_set(atmp->value.asn1_string, str, -1);

  760.         else if ((format == ASN1_GEN_FORMAT_BITLIST)

  761.                  && (utype == V_ASN1_BIT_STRING)) {

  762.             if (!CONF_parse_list

  763.                 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) {

  764.                 OPENSSL_PUT_ERROR(ASN1, ASN1_R_LIST_ERROR);

  765.                 goto bad_str;

  766.             }

  767.             no_unused = 0;

  768. 

  769.         } else {

  770.             OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

  771.             goto bad_form;

  772.         }

  773. 

  774.         if ((utype == V_ASN1_BIT_STRING) && no_unused) {

  775.             atmp->value.asn1_string->flags

  776.                 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);

  777.             atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT;

  778.         }

  779. 

  780.         break;

  781. 

  782.     default:

  783.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_TYPE);

  784.         goto bad_str;

  785.         break;

  786.     }

  787. 

  788.     atmp->type = utype;

  789.     return atmp;

  790. 

  791.  bad_str:

  792.     ERR_add_error_data(2, "string=", str);

  793.  bad_form:

  794. 

  795.     ASN1_TYPE_free(atmp);

  796.     return NULL;

  797. 

  798. }

  799. 

  800. static int bitstr_cb(const char *elem, int len, void *bitstr)

  801. {

  802.     long bitnum;

  803.     char *eptr;

  804.     if (!elem)

  805.         return 0;

  806.     bitnum = strtoul(elem, &eptr, 10);

  807.     if (eptr && *eptr && (eptr != elem + len))

  808.         return 0;

  809.     if (bitnum < 0) {

  810.         OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_NUMBER);

  811.         return 0;

  812.     }

  813.     if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {

  814.         OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);

  815.         return 0;

  816.     }

  817.     return 1;

  818. }