kris
/
boringssl
1
0
Форк 0
Код Проблеми 0 Запити на злиття 0 Релізи 0 Вікі Активність
Ви не можете вибрати більше 25 тем Теми мають розпочинатися з літери або цифри, можуть містити дефіси (-) і не повинні перевищувати 35 символів.
778 Коміти
12 Гілки
38 MiB
 
 
 
 
 
 
Дерево: bbd8444d92
Гілки Теги
${ item.name }
Створити гілку ${ searchTerm }
з 'bbd8444d92'
${ noResults }
boringssl/crypto/x509/asn1_gen.c

858 рядки
21 KiB
Неформатований Звинувачення Історія 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <openssl/asn1.h>

  60. #include <openssl/err.h>

  61. #include <openssl/mem.h>

  62. #include <openssl/obj.h>

  63. #include <openssl/x509v3.h>

  64. 

  65. 

  66. #define ASN1_GEN_FLAG		0x10000

  67. #define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)

  68. #define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)

  69. #define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)

  70. #define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)

  71. #define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)

  72. #define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)

  73. #define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)

  74. #define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)

  75. 

  76. #define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}

  77. 

  78. #define ASN1_FLAG_EXP_MAX	20

  79. 

  80. /* Input formats */

  81. 

  82. /* ASCII: default */

  83. #define ASN1_GEN_FORMAT_ASCII	1

  84. /* UTF8 */

  85. #define ASN1_GEN_FORMAT_UTF8	2

  86. /* Hex */

  87. #define ASN1_GEN_FORMAT_HEX	3

  88. /* List of bits */

  89. #define ASN1_GEN_FORMAT_BITLIST	4

  90. 

  91. 

  92. struct tag_name_st

  93. 	{

  94. 	const char *strnam;

  95. 	int len;

  96. 	int tag;

  97. 	};

  98. 

  99. typedef struct

  100. 	{

  101. 	int exp_tag;

  102. 	int exp_class;

  103. 	int exp_constructed;

  104. 	int exp_pad;

  105. 	long exp_len;

  106. 	} tag_exp_type;

  107. 

  108. typedef struct

  109. 	{

  110. 	int imp_tag;

  111. 	int imp_class;

  112. 	int utype;

  113. 	int format;

  114. 	const char *str;

  115. 	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

  116. 	int exp_count;

  117. 	} tag_exp_arg;

  118. 

  119. static int bitstr_cb(const char *elem, int len, void *bitstr);

  120. static int asn1_cb(const char *elem, int len, void *bitstr);

  121. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);

  122. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);

  123. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);

  124. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

  125. static int asn1_str2tag(const char *tagstr, int len);

  126. 

  127. ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

  128. 	{

  129. 	X509V3_CTX cnf;

  130. 

  131. 	if (!nconf)

  132. 		return ASN1_generate_v3(str, NULL);

  133. 

  134. 	X509V3_set_nconf(&cnf, nconf);

  135. 	return ASN1_generate_v3(str, &cnf);

  136. 	}

  137. 

  138. ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

  139. 	{

  140. 	ASN1_TYPE *ret;

  141. 	tag_exp_arg asn1_tags;

  142. 	tag_exp_type *etmp;

  143. 

  144. 	int i, len;

  145. 

  146. 	unsigned char *orig_der = NULL, *new_der = NULL;

  147. 	const unsigned char *cpy_start;

  148. 	unsigned char *p;

  149. 	const unsigned char *cp;

  150. 	int cpy_len;

  151. 	long hdr_len;

  152. 	int hdr_constructed = 0, hdr_tag, hdr_class;

  153. 	int r;

  154. 

  155. 	asn1_tags.imp_tag = -1;

  156. 	asn1_tags.imp_class = -1;

  157. 	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

  158. 	asn1_tags.exp_count = 0;

  159. 	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)

  160. 		return NULL;

  161. 

  162. 	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))

  163. 		{

  164. 		if (!cnf)

  165. 			{

  166. 			OPENSSL_PUT_ERROR(X509, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);

  167. 			return NULL;

  168. 			}

  169. 		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);

  170. 		}

  171. 	else

  172. 		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

  173. 

  174. 	if (!ret)

  175. 		return NULL;

  176. 

  177. 	/* If no tagging return base type */

  178. 	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

  179. 		return ret;

  180. 

  181. 	/* Generate the encoding */

  182. 	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

  183. 	ASN1_TYPE_free(ret);

  184. 	ret = NULL;

  185. 	/* Set point to start copying for modified encoding */

  186. 	cpy_start = orig_der;

  187. 

  188. 	/* Do we need IMPLICIT tagging? */

  189. 	if (asn1_tags.imp_tag != -1)

  190. 		{

  191. 		/* If IMPLICIT we will replace the underlying tag */

  192. 		/* Skip existing tag+len */

  193. 		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);

  194. 		if (r & 0x80)

  195. 			goto err;

  196. 		/* Update copy length */

  197. 		cpy_len -= cpy_start - orig_der;

  198. 		/* For IMPLICIT tagging the length should match the

  199. 		 * original length and constructed flag should be

  200. 		 * consistent.

  201. 		 */

  202. 		if (r & 0x1)

  203. 			{

  204. 			/* Indefinite length constructed */

  205. 			hdr_constructed = 2;

  206. 			hdr_len = 0;

  207. 			}

  208. 		else

  209. 			/* Just retain constructed flag */

  210. 			hdr_constructed = r & V_ASN1_CONSTRUCTED;

  211. 		/* Work out new length with IMPLICIT tag: ignore constructed

  212. 		 * because it will mess up if indefinite length

  213. 		 */

  214. 		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

  215. 		}

  216. 	else

  217. 		len = cpy_len;

  218. 

  219. 	/* Work out length in any EXPLICIT, starting from end */

  220. 

  221. 	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)

  222. 		{

  223. 		/* Content length: number of content octets + any padding */

  224. 		len += etmp->exp_pad;

  225. 		etmp->exp_len = len;

  226. 		/* Total object length: length including new header */

  227. 		len = ASN1_object_size(0, len, etmp->exp_tag);

  228. 		}

  229. 

  230. 	/* Allocate buffer for new encoding */

  231. 

  232. 	new_der = OPENSSL_malloc(len);

  233. 	if (!new_der)

  234. 		goto err;

  235. 

  236. 	/* Generate tagged encoding */

  237. 

  238. 	p = new_der;

  239. 

  240. 	/* Output explicit tags first */

  241. 

  242. 	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)

  243. 		{

  244. 		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

  245. 					etmp->exp_tag, etmp->exp_class);

  246. 		if (etmp->exp_pad)

  247. 			*p++ = 0;

  248. 		}

  249. 

  250. 	/* If IMPLICIT, output tag */

  251. 

  252. 	if (asn1_tags.imp_tag != -1)

  253. 		{

  254. 		if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 

  255. 		    && (asn1_tags.imp_tag == V_ASN1_SEQUENCE

  256. 		     || asn1_tags.imp_tag == V_ASN1_SET) )

  257. 			hdr_constructed = V_ASN1_CONSTRUCTED;

  258. 		ASN1_put_object(&p, hdr_constructed, hdr_len,

  259. 					asn1_tags.imp_tag, asn1_tags.imp_class);

  260. 		}

  261. 

  262. 	/* Copy across original encoding */

  263. 	memcpy(p, cpy_start, cpy_len);

  264. 

  265. 	cp = new_der;

  266. 

  267. 	/* Obtain new ASN1_TYPE structure */

  268. 	ret = d2i_ASN1_TYPE(NULL, &cp, len);

  269. 

  270. 	err:

  271. 	if (orig_der)

  272. 		OPENSSL_free(orig_der);

  273. 	if (new_der)

  274. 		OPENSSL_free(new_der);

  275. 

  276. 	return ret;

  277. 

  278. 	}

  279. 

  280. static int asn1_cb(const char *elem, int len, void *bitstr)

  281. 	{

  282. 	tag_exp_arg *arg = bitstr;

  283. 	int i;

  284. 	int utype;

  285. 	int vlen = 0;

  286. 	const char *p, *vstart = NULL;

  287. 

  288. 	int tmp_tag, tmp_class;

  289. 

  290. 	for(i = 0, p = elem; i < len; p++, i++)

  291. 		{

  292. 		/* Look for the ':' in name value pairs */

  293. 		if (*p == ':')

  294. 			{

  295. 			vstart = p + 1;

  296. 			vlen = len - (vstart - elem);

  297. 			len = p - elem;

  298. 			break;

  299. 			}

  300. 		}

  301. 

  302. 	utype = asn1_str2tag(elem, len);

  303. 

  304. 	if (utype == -1)

  305. 		{

  306. 		OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_TAG);

  307. 		ERR_add_error_data(2, "tag=", elem);

  308. 		return -1;

  309. 		}

  310. 

  311. 	/* If this is not a modifier mark end of string and exit */

  312. 	if (!(utype & ASN1_GEN_FLAG))

  313. 		{

  314. 		arg->utype = utype;

  315. 		arg->str = vstart;

  316. 		/* If no value and not end of string, error */

  317. 		if (!vstart && elem[len])

  318. 			{

  319. 			OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_MISSING_VALUE);

  320. 			return -1;

  321. 			}

  322. 		return 0;

  323. 		}

  324. 

  325. 	switch(utype)

  326. 		{

  327. 

  328. 		case ASN1_GEN_FLAG_IMP:

  329. 		/* Check for illegal multiple IMPLICIT tagging */

  330. 		if (arg->imp_tag != -1)

  331. 			{

  332. 			OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING);

  333. 			return -1;

  334. 			}

  335. 		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

  336. 			return -1;

  337. 		break;

  338. 

  339. 		case ASN1_GEN_FLAG_EXP:

  340. 

  341. 		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

  342. 			return -1;

  343. 		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

  344. 			return -1;

  345. 		break;

  346. 

  347. 		case ASN1_GEN_FLAG_SEQWRAP:

  348. 		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

  349. 			return -1;

  350. 		break;

  351. 

  352. 		case ASN1_GEN_FLAG_SETWRAP:

  353. 		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

  354. 			return -1;

  355. 		break;

  356. 

  357. 		case ASN1_GEN_FLAG_BITWRAP:

  358. 		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

  359. 			return -1;

  360. 		break;

  361. 

  362. 		case ASN1_GEN_FLAG_OCTWRAP:

  363. 		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

  364. 			return -1;

  365. 		break;

  366. 

  367. 		case ASN1_GEN_FLAG_FORMAT:

  368. 		if (!strncmp(vstart, "ASCII", 5))

  369. 			arg->format = ASN1_GEN_FORMAT_ASCII;

  370. 		else if (!strncmp(vstart, "UTF8", 4))

  371. 			arg->format = ASN1_GEN_FORMAT_UTF8;

  372. 		else if (!strncmp(vstart, "HEX", 3))

  373. 			arg->format = ASN1_GEN_FORMAT_HEX;

  374. 		else if (!strncmp(vstart, "BITLIST", 3))

  375. 			arg->format = ASN1_GEN_FORMAT_BITLIST;

  376. 		else

  377. 			{

  378. 			OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_FORMAT);

  379. 			return -1;

  380. 			}

  381. 		break;

  382. 

  383. 		}

  384. 

  385. 	return 1;

  386. 

  387. 	}

  388. 

  389. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

  390. 	{

  391. 	char erch[2];

  392. 	long tag_num;

  393. 	char *eptr;

  394. 	if (!vstart)

  395. 		return 0;

  396. 	tag_num = strtoul(vstart, &eptr, 10);

  397. 	/* Check we haven't gone past max length: should be impossible */

  398. 	if (eptr && *eptr && (eptr > vstart + vlen))

  399. 		return 0;

  400. 	if (tag_num < 0)

  401. 		{

  402. 		OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_NUMBER);

  403. 		return 0;

  404. 		}

  405. 	*ptag = tag_num;

  406. 	/* If we have non numeric characters, parse them */

  407. 	if (eptr)

  408. 		vlen -= eptr - vstart;

  409. 	else 

  410. 		vlen = 0;

  411. 	if (vlen)

  412. 		{

  413. 		switch (*eptr)

  414. 			{

  415. 

  416. 			case 'U':

  417. 			*pclass = V_ASN1_UNIVERSAL;

  418. 			break;

  419. 

  420. 			case 'A':

  421. 			*pclass = V_ASN1_APPLICATION;

  422. 			break;

  423. 

  424. 			case 'P':

  425. 			*pclass = V_ASN1_PRIVATE;

  426. 			break;

  427. 

  428. 			case 'C':

  429. 			*pclass = V_ASN1_CONTEXT_SPECIFIC;

  430. 			break;

  431. 

  432. 			default:

  433. 			erch[0] = *eptr;

  434. 			erch[1] = 0;

  435. 			OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_MODIFIER);

  436. 			ERR_add_error_data(2, "Char=", erch);

  437. 			return 0;

  438. 			break;

  439. 

  440. 			}

  441. 		}

  442. 	else

  443. 		*pclass = V_ASN1_CONTEXT_SPECIFIC;

  444. 

  445. 	return 1;

  446. 

  447. 	}

  448. 

  449. /* Handle multiple types: SET and SEQUENCE */

  450. 

  451. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)

  452. 	{

  453. 	ASN1_TYPE *ret = NULL;

  454. 	STACK_OF(ASN1_TYPE) *sk = NULL;

  455. 	STACK_OF(CONF_VALUE) *sect = NULL;

  456. 	unsigned char *der = NULL;

  457. 	int derlen;

  458. 	size_t i;

  459. 	sk = sk_ASN1_TYPE_new_null();

  460. 	if (!sk)

  461. 		goto bad;

  462. 	if (section)

  463. 		{

  464. 		if (!cnf)

  465. 			goto bad;

  466. 		sect = X509V3_get_section(cnf, (char *)section);

  467. 		if (!sect)

  468. 			goto bad;

  469. 		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)

  470. 			{

  471. 			ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);

  472. 			if (!typ)

  473. 				goto bad;

  474. 			if (!sk_ASN1_TYPE_push(sk, typ))

  475. 				goto bad;

  476. 			}

  477. 		}

  478. 

  479. 	/* Now we has a STACK of the components, convert to the correct form */

  480. 

  481. 	if (utype == V_ASN1_SET)

  482. 		derlen = i2d_ASN1_SET_ANY(sk, &der);

  483. 	else

  484. 		derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);

  485. 

  486. 	if (derlen < 0)

  487. 		goto bad;

  488. 

  489. 	if (!(ret = ASN1_TYPE_new()))

  490. 		goto bad;

  491. 

  492. 	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

  493. 		goto bad;

  494. 

  495. 	ret->type = utype;

  496. 

  497. 	ret->value.asn1_string->data = der;

  498. 	ret->value.asn1_string->length = derlen;

  499. 

  500. 	der = NULL;

  501. 

  502. 	bad:

  503. 

  504. 	if (der)

  505. 		OPENSSL_free(der);

  506. 

  507. 	if (sk)

  508. 		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

  509. 	if (sect)

  510. 		X509V3_section_free(cnf, sect);

  511. 

  512. 	return ret;

  513. 	}

  514. 

  515. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)

  516. 	{

  517. 	tag_exp_type *exp_tmp;

  518. 	/* Can only have IMPLICIT if permitted */

  519. 	if ((arg->imp_tag != -1) && !imp_ok)

  520. 		{

  521. 		OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG);

  522. 		return 0;

  523. 		}

  524. 

  525. 	if (arg->exp_count == ASN1_FLAG_EXP_MAX)

  526. 		{

  527. 		OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_DEPTH_EXCEEDED);

  528. 		return 0;

  529. 		}

  530. 

  531. 	exp_tmp = &arg->exp_list[arg->exp_count++];

  532. 

  533. 	/* If IMPLICIT set tag to implicit value then

  534. 	 * reset implicit tag since it has been used.

  535. 	 */

  536. 	if (arg->imp_tag != -1)

  537. 		{

  538. 		exp_tmp->exp_tag = arg->imp_tag;

  539. 		exp_tmp->exp_class = arg->imp_class;

  540. 		arg->imp_tag = -1;

  541. 		arg->imp_class = -1;

  542. 		}

  543. 	else

  544. 		{

  545. 		exp_tmp->exp_tag = exp_tag;

  546. 		exp_tmp->exp_class = exp_class;

  547. 		}

  548. 	exp_tmp->exp_constructed = exp_constructed;

  549. 	exp_tmp->exp_pad = exp_pad;

  550. 

  551. 	return 1;

  552. 	}

  553. 

  554. 

  555. static int asn1_str2tag(const char *tagstr, int len)

  556. 	{

  557. 	unsigned int i;

  558. 	static const struct tag_name_st *tntmp, tnst [] = {

  559. 		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

  560. 		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

  561. 		ASN1_GEN_STR("NULL", V_ASN1_NULL),

  562. 		ASN1_GEN_STR("INT", V_ASN1_INTEGER),

  563. 		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

  564. 		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

  565. 		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

  566. 		ASN1_GEN_STR("OID", V_ASN1_OBJECT),

  567. 		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

  568. 		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

  569. 		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

  570. 		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

  571. 		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

  572. 		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

  573. 		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

  574. 		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

  575. 		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

  576. 		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

  577. 		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

  578. 		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

  579. 		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

  580. 		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

  581. 		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

  582. 		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

  583. 		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

  584. 		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

  585. 		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

  586. 		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

  587. 		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

  588. 		ASN1_GEN_STR("T61", V_ASN1_T61STRING),

  589. 		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

  590. 		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

  591. 		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

  592. 		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

  593. 		ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),

  594. 		ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),

  595. 

  596. 		/* Special cases */

  597. 		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

  598. 		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

  599. 		ASN1_GEN_STR("SET", V_ASN1_SET),

  600. 		/* type modifiers */

  601. 		/* Explicit tag */

  602. 		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

  603. 		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

  604. 		/* Implicit tag */

  605. 		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

  606. 		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

  607. 		/* OCTET STRING wrapper */

  608. 		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

  609. 		/* SEQUENCE wrapper */

  610. 		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

  611. 		/* SET wrapper */

  612. 		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

  613. 		/* BIT STRING wrapper */

  614. 		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

  615. 		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

  616. 		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

  617. 	};

  618. 

  619. 	if (len == -1)

  620. 		len = strlen(tagstr);

  621. 	

  622. 	tntmp = tnst;	

  623. 	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)

  624. 		{

  625. 		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

  626. 			return tntmp->tag;

  627. 		}

  628. 	

  629. 	return -1;

  630. 	}

  631. 

  632. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

  633. 	{

  634. 	ASN1_TYPE *atmp = NULL;

  635. 

  636. 	CONF_VALUE vtmp;

  637. 

  638. 	unsigned char *rdata;

  639. 	long rdlen;

  640. 

  641. 	int no_unused = 1;

  642. 

  643. 	if (!(atmp = ASN1_TYPE_new()))

  644. 		{

  645. 		OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  646. 		return NULL;

  647. 		}

  648. 

  649. 	if (!str)

  650. 		str = "";

  651. 

  652. 	switch(utype)

  653. 		{

  654. 

  655. 		case V_ASN1_NULL:

  656. 		if (str && *str)

  657. 			{

  658. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE);

  659. 			goto bad_form;

  660. 			}

  661. 		break;

  662. 		

  663. 		case V_ASN1_BOOLEAN:

  664. 		if (format != ASN1_GEN_FORMAT_ASCII)

  665. 			{

  666. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT);

  667. 			goto bad_form;

  668. 			}

  669. 		vtmp.name = NULL;

  670. 		vtmp.section = NULL;

  671. 		vtmp.value = (char *)str;

  672. 		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))

  673. 			{

  674. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN);

  675. 			goto bad_str;

  676. 			}

  677. 		break;

  678. 

  679. 		case V_ASN1_INTEGER:

  680. 		case V_ASN1_ENUMERATED:

  681. 		if (format != ASN1_GEN_FORMAT_ASCII)

  682. 			{

  683. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

  684. 			goto bad_form;

  685. 			}

  686. 		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))

  687. 			{

  688. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_INTEGER);

  689. 			goto bad_str;

  690. 			}

  691. 		break;

  692. 

  693. 		case V_ASN1_OBJECT:

  694. 		if (format != ASN1_GEN_FORMAT_ASCII)

  695. 			{

  696. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

  697. 			goto bad_form;

  698. 			}

  699. 		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))

  700. 			{

  701. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_OBJECT);

  702. 			goto bad_str;

  703. 			}

  704. 		break;

  705. 

  706. 		case V_ASN1_UTCTIME:

  707. 		case V_ASN1_GENERALIZEDTIME:

  708. 		if (format != ASN1_GEN_FORMAT_ASCII)

  709. 			{

  710. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT);

  711. 			goto bad_form;

  712. 			}

  713. 		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

  714. 			{

  715. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  716. 			goto bad_str;

  717. 			}

  718. 		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))

  719. 			{

  720. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  721. 			goto bad_str;

  722. 			}

  723. 		atmp->value.asn1_string->type = utype;

  724. 		if (!ASN1_TIME_check(atmp->value.asn1_string))

  725. 			{

  726. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE);

  727. 			goto bad_str;

  728. 			}

  729. 

  730. 		break;

  731. 

  732. 		case V_ASN1_BMPSTRING:

  733. 		case V_ASN1_PRINTABLESTRING:

  734. 		case V_ASN1_IA5STRING:

  735. 		case V_ASN1_T61STRING:

  736. 		case V_ASN1_UTF8STRING:

  737. 		case V_ASN1_VISIBLESTRING:

  738. 		case V_ASN1_UNIVERSALSTRING:

  739. 		case V_ASN1_GENERALSTRING:

  740. 		case V_ASN1_NUMERICSTRING:

  741. 

  742. 		if (format == ASN1_GEN_FORMAT_ASCII)

  743. 			format = MBSTRING_ASC;

  744. 		else if (format == ASN1_GEN_FORMAT_UTF8)

  745. 			format = MBSTRING_UTF8;

  746. 		else

  747. 			{

  748. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_FORMAT);

  749. 			goto bad_form;

  750. 			}

  751. 

  752. 

  753. 		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

  754. 						-1, format, ASN1_tag2bit(utype)) <= 0)

  755. 			{

  756. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  757. 			goto bad_str;

  758. 			}

  759. 		

  760. 

  761. 		break;

  762. 

  763. 		case V_ASN1_BIT_STRING:

  764. 

  765. 		case V_ASN1_OCTET_STRING:

  766. 

  767. 		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

  768. 			{

  769. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);

  770. 			goto bad_form;

  771. 			}

  772. 

  773. 		if (format == ASN1_GEN_FORMAT_HEX)

  774. 			{

  775. 

  776. 			if (!(rdata = string_to_hex((char *)str, &rdlen)))

  777. 				{

  778. 				OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_HEX);

  779. 				goto bad_str;

  780. 				}

  781. 

  782. 			atmp->value.asn1_string->data = rdata;

  783. 			atmp->value.asn1_string->length = rdlen;

  784. 			atmp->value.asn1_string->type = utype;

  785. 

  786. 			}

  787. 		else if (format == ASN1_GEN_FORMAT_ASCII)

  788. 			ASN1_STRING_set(atmp->value.asn1_string, str, -1);

  789. 		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))

  790. 			{

  791. 			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))

  792. 				{

  793. 				OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_LIST_ERROR);

  794. 				goto bad_str;

  795. 				}

  796. 			no_unused = 0;

  797. 			

  798. 			}

  799. 		else 

  800. 			{

  801. 			OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

  802. 			goto bad_form;

  803. 			}

  804. 

  805. 		if ((utype == V_ASN1_BIT_STRING) && no_unused)

  806. 			{

  807. 			atmp->value.asn1_string->flags

  808. 				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

  809.         		atmp->value.asn1_string->flags

  810. 				|= ASN1_STRING_FLAG_BITS_LEFT;

  811. 			}

  812. 

  813. 

  814. 		break;

  815. 

  816. 		default:

  817. 		OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE);

  818. 		goto bad_str;

  819. 		break;

  820. 		}

  821. 

  822. 

  823. 	atmp->type = utype;

  824. 	return atmp;

  825. 

  826. 

  827. 	bad_str:

  828. 	ERR_add_error_data(2, "string=", str);

  829. 	bad_form:

  830. 

  831. 	ASN1_TYPE_free(atmp);

  832. 	return NULL;

  833. 

  834. 	}

  835. 

  836. static int bitstr_cb(const char *elem, int len, void *bitstr)

  837. 	{

  838. 	long bitnum;

  839. 	char *eptr;

  840. 	if (!elem)

  841. 		return 0;

  842. 	bitnum = strtoul(elem, &eptr, 10);

  843. 	if (eptr && *eptr && (eptr != elem + len))

  844. 		return 0;

  845. 	if (bitnum < 0)

  846. 		{

  847. 		OPENSSL_PUT_ERROR(X509, bitstr_cb, ASN1_R_INVALID_NUMBER);

  848. 		return 0;

  849. 		}

  850. 	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))

  851. 		{

  852. 		OPENSSL_PUT_ERROR(X509, bitstr_cb, ERR_R_MALLOC_FAILURE);

  853. 		return 0;

  854. 		}

  855. 	return 1;

  856. 	}