kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
893 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Tree: ac6900b0d3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'ac6900b0d3'
${ noResults }
boringssl/crypto/x509/asn1_gen.c

863 lines
21 KiB
Raw Blame History 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/asn1.h>

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. 

  68. #define ASN1_GEN_FLAG		0x10000

  69. #define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)

  70. #define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)

  71. #define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)

  72. #define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)

  73. #define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)

  74. #define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)

  75. #define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)

  76. #define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)

  77. 

  78. #define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}

  79. 

  80. #define ASN1_FLAG_EXP_MAX	20

  81. 

  82. /* Input formats */

  83. 

  84. /* ASCII: default */

  85. #define ASN1_GEN_FORMAT_ASCII	1

  86. /* UTF8 */

  87. #define ASN1_GEN_FORMAT_UTF8	2

  88. /* Hex */

  89. #define ASN1_GEN_FORMAT_HEX	3

  90. /* List of bits */

  91. #define ASN1_GEN_FORMAT_BITLIST	4

  92. 

  93. 

  94. struct tag_name_st

  95. 	{

  96. 	const char *strnam;

  97. 	int len;

  98. 	int tag;

  99. 	};

  100. 

  101. typedef struct

  102. 	{

  103. 	int exp_tag;

  104. 	int exp_class;

  105. 	int exp_constructed;

  106. 	int exp_pad;

  107. 	long exp_len;

  108. 	} tag_exp_type;

  109. 

  110. typedef struct

  111. 	{

  112. 	int imp_tag;

  113. 	int imp_class;

  114. 	int utype;

  115. 	int format;

  116. 	const char *str;

  117. 	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

  118. 	int exp_count;

  119. 	} tag_exp_arg;

  120. 

  121. static int bitstr_cb(const char *elem, int len, void *bitstr);

  122. static int asn1_cb(const char *elem, int len, void *bitstr);

  123. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);

  124. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);

  125. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);

  126. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

  127. static int asn1_str2tag(const char *tagstr, int len);

  128. 

  129. ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

  130. 	{

  131. 	X509V3_CTX cnf;

  132. 

  133. 	if (!nconf)

  134. 		return ASN1_generate_v3(str, NULL);

  135. 

  136. 	X509V3_set_nconf(&cnf, nconf);

  137. 	return ASN1_generate_v3(str, &cnf);

  138. 	}

  139. 

  140. ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

  141. 	{

  142. 	ASN1_TYPE *ret;

  143. 	tag_exp_arg asn1_tags;

  144. 	tag_exp_type *etmp;

  145. 

  146. 	int i, len;

  147. 

  148. 	unsigned char *orig_der = NULL, *new_der = NULL;

  149. 	const unsigned char *cpy_start;

  150. 	unsigned char *p;

  151. 	const unsigned char *cp;

  152. 	int cpy_len;

  153. 	long hdr_len;

  154. 	int hdr_constructed = 0, hdr_tag, hdr_class;

  155. 	int r;

  156. 

  157. 	asn1_tags.imp_tag = -1;

  158. 	asn1_tags.imp_class = -1;

  159. 	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

  160. 	asn1_tags.exp_count = 0;

  161. 	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)

  162. 		return NULL;

  163. 

  164. 	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))

  165. 		{

  166. 		if (!cnf)

  167. 			{

  168. 			OPENSSL_PUT_ERROR(X509, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);

  169. 			return NULL;

  170. 			}

  171. 		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);

  172. 		}

  173. 	else

  174. 		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

  175. 

  176. 	if (!ret)

  177. 		return NULL;

  178. 

  179. 	/* If no tagging return base type */

  180. 	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

  181. 		return ret;

  182. 

  183. 	/* Generate the encoding */

  184. 	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

  185. 	ASN1_TYPE_free(ret);

  186. 	ret = NULL;

  187. 	/* Set point to start copying for modified encoding */

  188. 	cpy_start = orig_der;

  189. 

  190. 	/* Do we need IMPLICIT tagging? */

  191. 	if (asn1_tags.imp_tag != -1)

  192. 		{

  193. 		/* If IMPLICIT we will replace the underlying tag */

  194. 		/* Skip existing tag+len */

  195. 		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);

  196. 		if (r & 0x80)

  197. 			goto err;

  198. 		/* Update copy length */

  199. 		cpy_len -= cpy_start - orig_der;

  200. 		/* For IMPLICIT tagging the length should match the

  201. 		 * original length and constructed flag should be

  202. 		 * consistent.

  203. 		 */

  204. 		if (r & 0x1)

  205. 			{

  206. 			/* Indefinite length constructed */

  207. 			hdr_constructed = 2;

  208. 			hdr_len = 0;

  209. 			}

  210. 		else

  211. 			/* Just retain constructed flag */

  212. 			hdr_constructed = r & V_ASN1_CONSTRUCTED;

  213. 		/* Work out new length with IMPLICIT tag: ignore constructed

  214. 		 * because it will mess up if indefinite length

  215. 		 */

  216. 		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

  217. 		}

  218. 	else

  219. 		len = cpy_len;

  220. 

  221. 	/* Work out length in any EXPLICIT, starting from end */

  222. 

  223. 	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)

  224. 		{

  225. 		/* Content length: number of content octets + any padding */

  226. 		len += etmp->exp_pad;

  227. 		etmp->exp_len = len;

  228. 		/* Total object length: length including new header */

  229. 		len = ASN1_object_size(0, len, etmp->exp_tag);

  230. 		}

  231. 

  232. 	/* Allocate buffer for new encoding */

  233. 

  234. 	new_der = OPENSSL_malloc(len);

  235. 	if (!new_der)

  236. 		goto err;

  237. 

  238. 	/* Generate tagged encoding */

  239. 

  240. 	p = new_der;

  241. 

  242. 	/* Output explicit tags first */

  243. 

  244. 	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)

  245. 		{

  246. 		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

  247. 					etmp->exp_tag, etmp->exp_class);

  248. 		if (etmp->exp_pad)

  249. 			*p++ = 0;

  250. 		}

  251. 

  252. 	/* If IMPLICIT, output tag */

  253. 

  254. 	if (asn1_tags.imp_tag != -1)

  255. 		{

  256. 		if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 

  257. 		    && (asn1_tags.imp_tag == V_ASN1_SEQUENCE

  258. 		     || asn1_tags.imp_tag == V_ASN1_SET) )

  259. 			hdr_constructed = V_ASN1_CONSTRUCTED;

  260. 		ASN1_put_object(&p, hdr_constructed, hdr_len,

  261. 					asn1_tags.imp_tag, asn1_tags.imp_class);

  262. 		}

  263. 

  264. 	/* Copy across original encoding */

  265. 	memcpy(p, cpy_start, cpy_len);

  266. 

  267. 	cp = new_der;

  268. 

  269. 	/* Obtain new ASN1_TYPE structure */

  270. 	ret = d2i_ASN1_TYPE(NULL, &cp, len);

  271. 

  272. 	err:

  273. 	if (orig_der)

  274. 		OPENSSL_free(orig_der);

  275. 	if (new_der)

  276. 		OPENSSL_free(new_der);

  277. 

  278. 	return ret;

  279. 

  280. 	}

  281. 

  282. static int asn1_cb(const char *elem, int len, void *bitstr)

  283. 	{

  284. 	tag_exp_arg *arg = bitstr;

  285. 	int i;

  286. 	int utype;

  287. 	int vlen = 0;

  288. 	const char *p, *vstart = NULL;

  289. 

  290. 	int tmp_tag, tmp_class;

  291. 

  292. 	if (elem == NULL)

  293. 		return 0;

  294. 

  295. 	for(i = 0, p = elem; i < len; p++, i++)

  296. 		{

  297. 		/* Look for the ':' in name value pairs */

  298. 		if (*p == ':')

  299. 			{

  300. 			vstart = p + 1;

  301. 			vlen = len - (vstart - elem);

  302. 			len = p - elem;

  303. 			break;

  304. 			}

  305. 		}

  306. 

  307. 	utype = asn1_str2tag(elem, len);

  308. 

  309. 	if (utype == -1)

  310. 		{

  311. 		OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_TAG);

  312. 		ERR_add_error_data(2, "tag=", elem);

  313. 		return -1;

  314. 		}

  315. 

  316. 	/* If this is not a modifier mark end of string and exit */

  317. 	if (!(utype & ASN1_GEN_FLAG))

  318. 		{

  319. 		arg->utype = utype;

  320. 		arg->str = vstart;

  321. 		/* If no value and not end of string, error */

  322. 		if (!vstart && elem[len])

  323. 			{

  324. 			OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_MISSING_VALUE);

  325. 			return -1;

  326. 			}

  327. 		return 0;

  328. 		}

  329. 

  330. 	switch(utype)

  331. 		{

  332. 

  333. 		case ASN1_GEN_FLAG_IMP:

  334. 		/* Check for illegal multiple IMPLICIT tagging */

  335. 		if (arg->imp_tag != -1)

  336. 			{

  337. 			OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING);

  338. 			return -1;

  339. 			}

  340. 		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

  341. 			return -1;

  342. 		break;

  343. 

  344. 		case ASN1_GEN_FLAG_EXP:

  345. 

  346. 		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

  347. 			return -1;

  348. 		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

  349. 			return -1;

  350. 		break;

  351. 

  352. 		case ASN1_GEN_FLAG_SEQWRAP:

  353. 		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

  354. 			return -1;

  355. 		break;

  356. 

  357. 		case ASN1_GEN_FLAG_SETWRAP:

  358. 		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

  359. 			return -1;

  360. 		break;

  361. 

  362. 		case ASN1_GEN_FLAG_BITWRAP:

  363. 		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

  364. 			return -1;

  365. 		break;

  366. 

  367. 		case ASN1_GEN_FLAG_OCTWRAP:

  368. 		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

  369. 			return -1;

  370. 		break;

  371. 

  372. 		case ASN1_GEN_FLAG_FORMAT:

  373. 		if (!strncmp(vstart, "ASCII", 5))

  374. 			arg->format = ASN1_GEN_FORMAT_ASCII;

  375. 		else if (!strncmp(vstart, "UTF8", 4))

  376. 			arg->format = ASN1_GEN_FORMAT_UTF8;

  377. 		else if (!strncmp(vstart, "HEX", 3))

  378. 			arg->format = ASN1_GEN_FORMAT_HEX;

  379. 		else if (!strncmp(vstart, "BITLIST", 3))

  380. 			arg->format = ASN1_GEN_FORMAT_BITLIST;

  381. 		else

  382. 			{

  383. 			OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_FORMAT);

  384. 			return -1;

  385. 			}

  386. 		break;

  387. 

  388. 		}

  389. 

  390. 	return 1;

  391. 

  392. 	}

  393. 

  394. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

  395. 	{

  396. 	char erch[2];

  397. 	long tag_num;

  398. 	char *eptr;

  399. 	if (!vstart)

  400. 		return 0;

  401. 	tag_num = strtoul(vstart, &eptr, 10);

  402. 	/* Check we haven't gone past max length: should be impossible */

  403. 	if (eptr && *eptr && (eptr > vstart + vlen))

  404. 		return 0;

  405. 	if (tag_num < 0)

  406. 		{

  407. 		OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_NUMBER);

  408. 		return 0;

  409. 		}

  410. 	*ptag = tag_num;

  411. 	/* If we have non numeric characters, parse them */

  412. 	if (eptr)

  413. 		vlen -= eptr - vstart;

  414. 	else 

  415. 		vlen = 0;

  416. 	if (vlen)

  417. 		{

  418. 		switch (*eptr)

  419. 			{

  420. 

  421. 			case 'U':

  422. 			*pclass = V_ASN1_UNIVERSAL;

  423. 			break;

  424. 

  425. 			case 'A':

  426. 			*pclass = V_ASN1_APPLICATION;

  427. 			break;

  428. 

  429. 			case 'P':

  430. 			*pclass = V_ASN1_PRIVATE;

  431. 			break;

  432. 

  433. 			case 'C':

  434. 			*pclass = V_ASN1_CONTEXT_SPECIFIC;

  435. 			break;

  436. 

  437. 			default:

  438. 			erch[0] = *eptr;

  439. 			erch[1] = 0;

  440. 			OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_MODIFIER);

  441. 			ERR_add_error_data(2, "Char=", erch);

  442. 			return 0;

  443. 			break;

  444. 

  445. 			}

  446. 		}

  447. 	else

  448. 		*pclass = V_ASN1_CONTEXT_SPECIFIC;

  449. 

  450. 	return 1;

  451. 

  452. 	}

  453. 

  454. /* Handle multiple types: SET and SEQUENCE */

  455. 

  456. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)

  457. 	{

  458. 	ASN1_TYPE *ret = NULL;

  459. 	STACK_OF(ASN1_TYPE) *sk = NULL;

  460. 	STACK_OF(CONF_VALUE) *sect = NULL;

  461. 	unsigned char *der = NULL;

  462. 	int derlen;

  463. 	size_t i;

  464. 	sk = sk_ASN1_TYPE_new_null();

  465. 	if (!sk)

  466. 		goto bad;

  467. 	if (section)

  468. 		{

  469. 		if (!cnf)

  470. 			goto bad;

  471. 		sect = X509V3_get_section(cnf, (char *)section);

  472. 		if (!sect)

  473. 			goto bad;

  474. 		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)

  475. 			{

  476. 			ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);

  477. 			if (!typ)

  478. 				goto bad;

  479. 			if (!sk_ASN1_TYPE_push(sk, typ))

  480. 				goto bad;

  481. 			}

  482. 		}

  483. 

  484. 	/* Now we has a STACK of the components, convert to the correct form */

  485. 

  486. 	if (utype == V_ASN1_SET)

  487. 		derlen = i2d_ASN1_SET_ANY(sk, &der);

  488. 	else

  489. 		derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);

  490. 

  491. 	if (derlen < 0)

  492. 		goto bad;

  493. 

  494. 	if (!(ret = ASN1_TYPE_new()))

  495. 		goto bad;

  496. 

  497. 	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

  498. 		goto bad;

  499. 

  500. 	ret->type = utype;

  501. 

  502. 	ret->value.asn1_string->data = der;

  503. 	ret->value.asn1_string->length = derlen;

  504. 

  505. 	der = NULL;

  506. 

  507. 	bad:

  508. 

  509. 	if (der)

  510. 		OPENSSL_free(der);

  511. 

  512. 	if (sk)

  513. 		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

  514. 	if (sect)

  515. 		X509V3_section_free(cnf, sect);

  516. 

  517. 	return ret;

  518. 	}

  519. 

  520. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)

  521. 	{

  522. 	tag_exp_type *exp_tmp;

  523. 	/* Can only have IMPLICIT if permitted */

  524. 	if ((arg->imp_tag != -1) && !imp_ok)

  525. 		{

  526. 		OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG);

  527. 		return 0;

  528. 		}

  529. 

  530. 	if (arg->exp_count == ASN1_FLAG_EXP_MAX)

  531. 		{

  532. 		OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_DEPTH_EXCEEDED);

  533. 		return 0;

  534. 		}

  535. 

  536. 	exp_tmp = &arg->exp_list[arg->exp_count++];

  537. 

  538. 	/* If IMPLICIT set tag to implicit value then

  539. 	 * reset implicit tag since it has been used.

  540. 	 */

  541. 	if (arg->imp_tag != -1)

  542. 		{

  543. 		exp_tmp->exp_tag = arg->imp_tag;

  544. 		exp_tmp->exp_class = arg->imp_class;

  545. 		arg->imp_tag = -1;

  546. 		arg->imp_class = -1;

  547. 		}

  548. 	else

  549. 		{

  550. 		exp_tmp->exp_tag = exp_tag;

  551. 		exp_tmp->exp_class = exp_class;

  552. 		}

  553. 	exp_tmp->exp_constructed = exp_constructed;

  554. 	exp_tmp->exp_pad = exp_pad;

  555. 

  556. 	return 1;

  557. 	}

  558. 

  559. 

  560. static int asn1_str2tag(const char *tagstr, int len)

  561. 	{

  562. 	unsigned int i;

  563. 	static const struct tag_name_st *tntmp, tnst [] = {

  564. 		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

  565. 		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

  566. 		ASN1_GEN_STR("NULL", V_ASN1_NULL),

  567. 		ASN1_GEN_STR("INT", V_ASN1_INTEGER),

  568. 		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

  569. 		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

  570. 		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

  571. 		ASN1_GEN_STR("OID", V_ASN1_OBJECT),

  572. 		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

  573. 		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

  574. 		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

  575. 		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

  576. 		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

  577. 		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

  578. 		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

  579. 		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

  580. 		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

  581. 		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

  582. 		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

  583. 		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

  584. 		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

  585. 		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

  586. 		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

  587. 		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

  588. 		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

  589. 		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

  590. 		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

  591. 		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

  592. 		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

  593. 		ASN1_GEN_STR("T61", V_ASN1_T61STRING),

  594. 		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

  595. 		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

  596. 		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

  597. 		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

  598. 		ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),

  599. 		ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),

  600. 

  601. 		/* Special cases */

  602. 		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

  603. 		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

  604. 		ASN1_GEN_STR("SET", V_ASN1_SET),

  605. 		/* type modifiers */

  606. 		/* Explicit tag */

  607. 		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

  608. 		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

  609. 		/* Implicit tag */

  610. 		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

  611. 		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

  612. 		/* OCTET STRING wrapper */

  613. 		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

  614. 		/* SEQUENCE wrapper */

  615. 		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

  616. 		/* SET wrapper */

  617. 		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

  618. 		/* BIT STRING wrapper */

  619. 		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

  620. 		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

  621. 		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

  622. 	};

  623. 

  624. 	if (len == -1)

  625. 		len = strlen(tagstr);

  626. 	

  627. 	tntmp = tnst;	

  628. 	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)

  629. 		{

  630. 		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

  631. 			return tntmp->tag;

  632. 		}

  633. 	

  634. 	return -1;

  635. 	}

  636. 

  637. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

  638. 	{

  639. 	ASN1_TYPE *atmp = NULL;

  640. 

  641. 	CONF_VALUE vtmp;

  642. 

  643. 	unsigned char *rdata;

  644. 	long rdlen;

  645. 

  646. 	int no_unused = 1;

  647. 

  648. 	if (!(atmp = ASN1_TYPE_new()))

  649. 		{

  650. 		OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  651. 		return NULL;

  652. 		}

  653. 

  654. 	if (!str)

  655. 		str = "";

  656. 

  657. 	switch(utype)

  658. 		{

  659. 

  660. 		case V_ASN1_NULL:

  661. 		if (str && *str)

  662. 			{

  663. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE);

  664. 			goto bad_form;

  665. 			}

  666. 		break;

  667. 		

  668. 		case V_ASN1_BOOLEAN:

  669. 		if (format != ASN1_GEN_FORMAT_ASCII)

  670. 			{

  671. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT);

  672. 			goto bad_form;

  673. 			}

  674. 		vtmp.name = NULL;

  675. 		vtmp.section = NULL;

  676. 		vtmp.value = (char *)str;

  677. 		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))

  678. 			{

  679. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN);

  680. 			goto bad_str;

  681. 			}

  682. 		break;

  683. 

  684. 		case V_ASN1_INTEGER:

  685. 		case V_ASN1_ENUMERATED:

  686. 		if (format != ASN1_GEN_FORMAT_ASCII)

  687. 			{

  688. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

  689. 			goto bad_form;

  690. 			}

  691. 		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))

  692. 			{

  693. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_INTEGER);

  694. 			goto bad_str;

  695. 			}

  696. 		break;

  697. 

  698. 		case V_ASN1_OBJECT:

  699. 		if (format != ASN1_GEN_FORMAT_ASCII)

  700. 			{

  701. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

  702. 			goto bad_form;

  703. 			}

  704. 		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))

  705. 			{

  706. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_OBJECT);

  707. 			goto bad_str;

  708. 			}

  709. 		break;

  710. 

  711. 		case V_ASN1_UTCTIME:

  712. 		case V_ASN1_GENERALIZEDTIME:

  713. 		if (format != ASN1_GEN_FORMAT_ASCII)

  714. 			{

  715. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT);

  716. 			goto bad_form;

  717. 			}

  718. 		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

  719. 			{

  720. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  721. 			goto bad_str;

  722. 			}

  723. 		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))

  724. 			{

  725. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  726. 			goto bad_str;

  727. 			}

  728. 		atmp->value.asn1_string->type = utype;

  729. 		if (!ASN1_TIME_check(atmp->value.asn1_string))

  730. 			{

  731. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE);

  732. 			goto bad_str;

  733. 			}

  734. 

  735. 		break;

  736. 

  737. 		case V_ASN1_BMPSTRING:

  738. 		case V_ASN1_PRINTABLESTRING:

  739. 		case V_ASN1_IA5STRING:

  740. 		case V_ASN1_T61STRING:

  741. 		case V_ASN1_UTF8STRING:

  742. 		case V_ASN1_VISIBLESTRING:

  743. 		case V_ASN1_UNIVERSALSTRING:

  744. 		case V_ASN1_GENERALSTRING:

  745. 		case V_ASN1_NUMERICSTRING:

  746. 

  747. 		if (format == ASN1_GEN_FORMAT_ASCII)

  748. 			format = MBSTRING_ASC;

  749. 		else if (format == ASN1_GEN_FORMAT_UTF8)

  750. 			format = MBSTRING_UTF8;

  751. 		else

  752. 			{

  753. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_FORMAT);

  754. 			goto bad_form;

  755. 			}

  756. 

  757. 

  758. 		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

  759. 						-1, format, ASN1_tag2bit(utype)) <= 0)

  760. 			{

  761. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  762. 			goto bad_str;

  763. 			}

  764. 		

  765. 

  766. 		break;

  767. 

  768. 		case V_ASN1_BIT_STRING:

  769. 

  770. 		case V_ASN1_OCTET_STRING:

  771. 

  772. 		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

  773. 			{

  774. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  775. 			goto bad_form;

  776. 			}

  777. 

  778. 		if (format == ASN1_GEN_FORMAT_HEX)

  779. 			{

  780. 

  781. 			if (!(rdata = string_to_hex((char *)str, &rdlen)))

  782. 				{

  783. 				OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_HEX);

  784. 				goto bad_str;

  785. 				}

  786. 

  787. 			atmp->value.asn1_string->data = rdata;

  788. 			atmp->value.asn1_string->length = rdlen;

  789. 			atmp->value.asn1_string->type = utype;

  790. 

  791. 			}

  792. 		else if (format == ASN1_GEN_FORMAT_ASCII)

  793. 			ASN1_STRING_set(atmp->value.asn1_string, str, -1);

  794. 		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))

  795. 			{

  796. 			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))

  797. 				{

  798. 				OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_LIST_ERROR);

  799. 				goto bad_str;

  800. 				}

  801. 			no_unused = 0;

  802. 			

  803. 			}

  804. 		else 

  805. 			{

  806. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

  807. 			goto bad_form;

  808. 			}

  809. 

  810. 		if ((utype == V_ASN1_BIT_STRING) && no_unused)

  811. 			{

  812. 			atmp->value.asn1_string->flags

  813. 				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

  814.         		atmp->value.asn1_string->flags

  815. 				|= ASN1_STRING_FLAG_BITS_LEFT;

  816. 			}

  817. 

  818. 

  819. 		break;

  820. 

  821. 		default:

  822. 		OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE);

  823. 		goto bad_str;

  824. 		break;

  825. 		}

  826. 

  827. 

  828. 	atmp->type = utype;

  829. 	return atmp;

  830. 

  831. 

  832. 	bad_str:

  833. 	ERR_add_error_data(2, "string=", str);

  834. 	bad_form:

  835. 

  836. 	ASN1_TYPE_free(atmp);

  837. 	return NULL;

  838. 

  839. 	}

  840. 

  841. static int bitstr_cb(const char *elem, int len, void *bitstr)

  842. 	{

  843. 	long bitnum;

  844. 	char *eptr;

  845. 	if (!elem)

  846. 		return 0;

  847. 	bitnum = strtoul(elem, &eptr, 10);

  848. 	if (eptr && *eptr && (eptr != elem + len))

  849. 		return 0;

  850. 	if (bitnum < 0)

  851. 		{

  852. 		OPENSSL_PUT_ERROR(X509, bitstr_cb, ASN1_R_INVALID_NUMBER);

  853. 		return 0;

  854. 		}

  855. 	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))

  856. 		{

  857. 		OPENSSL_PUT_ERROR(X509, bitstr_cb, ERR_R_MALLOC_FAILURE);

  858. 		return 0;

  859. 		}

  860. 	return 1;

  861. 	}