kris
/
boringssl
1
0
Fork 0
Code Issues 0 Pull-Requests 0 Releases 0 Wiki Aktivität
Du kannst nicht mehr als 25 Themen auswählen Themen müssen entweder mit einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.
1437 Commits
12 Branches
38 MiB
 
 
 
 
 
 
Struktur: bd15a8e748
Branches Tags
${ item.name }
Erstelle Branch ${ searchTerm }
von „bd15a8e748“
${ noResults }
boringssl/crypto/x509/asn1_gen.c

874 Zeilen
22 KiB
Originalformat Blame Verlauf 

  1. /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

  2.  * All rights reserved.

  3.  *

  4.  * This package is an SSL implementation written

  5.  * by Eric Young (eay@cryptsoft.com).

  6.  * The implementation was written so as to conform with Netscapes SSL.

  7.  *

  8.  * This library is free for commercial and non-commercial use as long as

  9.  * the following conditions are aheared to.  The following conditions

  10.  * apply to all code found in this distribution, be it the RC4, RSA,

  11.  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

  12.  * included with this distribution is covered by the same copyright terms

  13.  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

  14.  *

  15.  * Copyright remains Eric Young's, and as such any Copyright notices in

  16.  * the code are not to be removed.

  17.  * If this package is used in a product, Eric Young should be given attribution

  18.  * as the author of the parts of the library used.

  19.  * This can be in the form of a textual message at program startup or

  20.  * in documentation (online or textual) provided with the package.

  21.  *

  22.  * Redistribution and use in source and binary forms, with or without

  23.  * modification, are permitted provided that the following conditions

  24.  * are met:

  25.  * 1. Redistributions of source code must retain the copyright

  26.  *    notice, this list of conditions and the following disclaimer.

  27.  * 2. Redistributions in binary form must reproduce the above copyright

  28.  *    notice, this list of conditions and the following disclaimer in the

  29.  *    documentation and/or other materials provided with the distribution.

  30.  * 3. All advertising materials mentioning features or use of this software

  31.  *    must display the following acknowledgement:

  32.  *    "This product includes cryptographic software written by

  33.  *     Eric Young (eay@cryptsoft.com)"

  34.  *    The word 'cryptographic' can be left out if the rouines from the library

  35.  *    being used are not cryptographic related :-).

  36.  * 4. If you include any Windows specific code (or a derivative thereof) from

  37.  *    the apps directory (application code) you must include an acknowledgement:

  38.  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

  39.  *

  40.  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

  41.  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

  42.  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

  43.  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

  44.  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

  45.  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

  46.  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

  47.  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

  48.  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

  49.  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

  50.  * SUCH DAMAGE.

  51.  *

  52.  * The licence and distribution terms for any publically available version or

  53.  * derivative of this code cannot be changed.  i.e. this code cannot simply be

  54.  * copied and put under another distribution licence

  55.  * [including the GNU Public Licence.] */

  56. 

  57. #include <openssl/x509.h>

  58. 

  59. #include <string.h>

  60. 

  61. #include <openssl/asn1.h>

  62. #include <openssl/err.h>

  63. #include <openssl/mem.h>

  64. #include <openssl/obj.h>

  65. #include <openssl/x509v3.h>

  66. 

  67. #include "../internal.h"

  68. 

  69. 

  70. /* Although this file is in crypto/x509 for layering purposes, it emits errors

  71.  * from the ASN.1 module for OpenSSL compatibility. */

  72. 

  73. #define ASN1_GEN_FLAG		0x10000

  74. #define ASN1_GEN_FLAG_IMP	(ASN1_GEN_FLAG|1)

  75. #define ASN1_GEN_FLAG_EXP	(ASN1_GEN_FLAG|2)

  76. #define ASN1_GEN_FLAG_TAG	(ASN1_GEN_FLAG|3)

  77. #define ASN1_GEN_FLAG_BITWRAP	(ASN1_GEN_FLAG|4)

  78. #define ASN1_GEN_FLAG_OCTWRAP	(ASN1_GEN_FLAG|5)

  79. #define ASN1_GEN_FLAG_SEQWRAP	(ASN1_GEN_FLAG|6)

  80. #define ASN1_GEN_FLAG_SETWRAP	(ASN1_GEN_FLAG|7)

  81. #define ASN1_GEN_FLAG_FORMAT	(ASN1_GEN_FLAG|8)

  82. 

  83. #define ASN1_GEN_STR(str,val)	{str, sizeof(str) - 1, val}

  84. 

  85. #define ASN1_FLAG_EXP_MAX	20

  86. 

  87. /* Input formats */

  88. 

  89. /* ASCII: default */

  90. #define ASN1_GEN_FORMAT_ASCII	1

  91. /* UTF8 */

  92. #define ASN1_GEN_FORMAT_UTF8	2

  93. /* Hex */

  94. #define ASN1_GEN_FORMAT_HEX	3

  95. /* List of bits */

  96. #define ASN1_GEN_FORMAT_BITLIST	4

  97. 

  98. 

  99. struct tag_name_st

  100. 	{

  101. 	const char *strnam;

  102. 	int len;

  103. 	int tag;

  104. 	};

  105. 

  106. typedef struct

  107. 	{

  108. 	int exp_tag;

  109. 	int exp_class;

  110. 	int exp_constructed;

  111. 	int exp_pad;

  112. 	long exp_len;

  113. 	} tag_exp_type;

  114. 

  115. typedef struct

  116. 	{

  117. 	int imp_tag;

  118. 	int imp_class;

  119. 	int utype;

  120. 	int format;

  121. 	const char *str;

  122. 	tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];

  123. 	int exp_count;

  124. 	} tag_exp_arg;

  125. 

  126. static int bitstr_cb(const char *elem, int len, void *bitstr);

  127. static int asn1_cb(const char *elem, int len, void *bitstr);

  128. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);

  129. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);

  130. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);

  131. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);

  132. static int asn1_str2tag(const char *tagstr, int len);

  133. 

  134. ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)

  135. 	{

  136. 	X509V3_CTX cnf;

  137. 

  138. 	if (!nconf)

  139. 		return ASN1_generate_v3(str, NULL);

  140. 

  141. 	X509V3_set_nconf(&cnf, nconf);

  142. 	return ASN1_generate_v3(str, &cnf);

  143. 	}

  144. 

  145. ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)

  146.                             OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS

  147. 	{

  148. 	ASN1_TYPE *ret;

  149. 	tag_exp_arg asn1_tags;

  150. 	tag_exp_type *etmp;

  151. 

  152. 	int i, len;

  153. 

  154. 	unsigned char *orig_der = NULL, *new_der = NULL;

  155. 	const unsigned char *cpy_start;

  156. 	unsigned char *p;

  157. 	const unsigned char *cp;

  158. 	int cpy_len;

  159. 	long hdr_len;

  160. 	int hdr_constructed = 0, hdr_tag, hdr_class;

  161. 	int r;

  162. 

  163. 	asn1_tags.imp_tag = -1;

  164. 	asn1_tags.imp_class = -1;

  165. 	asn1_tags.format = ASN1_GEN_FORMAT_ASCII;

  166. 	asn1_tags.exp_count = 0;

  167. 	if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)

  168. 		return NULL;

  169. 

  170. 	if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))

  171. 		{

  172. 		if (!cnf)

  173. 			{

  174. 			OPENSSL_PUT_ERROR(ASN1, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);

  175. 			return NULL;

  176. 			}

  177. 		ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);

  178. 		}

  179. 	else

  180. 		ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);

  181. 

  182. 	if (!ret)

  183. 		return NULL;

  184. 

  185. 	/* If no tagging return base type */

  186. 	if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))

  187. 		return ret;

  188. 

  189. 	/* Generate the encoding */

  190. 	cpy_len = i2d_ASN1_TYPE(ret, &orig_der);

  191. 	ASN1_TYPE_free(ret);

  192. 	ret = NULL;

  193. 	/* Set point to start copying for modified encoding */

  194. 	cpy_start = orig_der;

  195. 

  196. 	/* Do we need IMPLICIT tagging? */

  197. 	if (asn1_tags.imp_tag != -1)

  198. 		{

  199. 		/* If IMPLICIT we will replace the underlying tag */

  200. 		/* Skip existing tag+len */

  201. 		r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);

  202. 		if (r & 0x80)

  203. 			goto err;

  204. 		/* Update copy length */

  205. 		cpy_len -= cpy_start - orig_der;

  206. 		/* For IMPLICIT tagging the length should match the

  207. 		 * original length and constructed flag should be

  208. 		 * consistent.

  209. 		 */

  210. 		if (r & 0x1)

  211. 			{

  212. 			/* Indefinite length constructed */

  213. 			hdr_constructed = 2;

  214. 			hdr_len = 0;

  215. 			}

  216. 		else

  217. 			/* Just retain constructed flag */

  218. 			hdr_constructed = r & V_ASN1_CONSTRUCTED;

  219. 		/* Work out new length with IMPLICIT tag: ignore constructed

  220. 		 * because it will mess up if indefinite length

  221. 		 */

  222. 		len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);

  223. 		}

  224. 	else

  225. 		len = cpy_len;

  226. 

  227. 	/* Work out length in any EXPLICIT, starting from end */

  228. 

  229. 	for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)

  230. 		{

  231. 		/* Content length: number of content octets + any padding */

  232. 		len += etmp->exp_pad;

  233. 		etmp->exp_len = len;

  234. 		/* Total object length: length including new header */

  235. 		len = ASN1_object_size(0, len, etmp->exp_tag);

  236. 		}

  237. 

  238. 	/* Allocate buffer for new encoding */

  239. 

  240. 	new_der = OPENSSL_malloc(len);

  241. 	if (!new_der)

  242. 		goto err;

  243. 

  244. 	/* Generate tagged encoding */

  245. 

  246. 	p = new_der;

  247. 

  248. 	/* Output explicit tags first */

  249. 

  250. 	for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)

  251. 		{

  252. 		ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,

  253. 					etmp->exp_tag, etmp->exp_class);

  254. 		if (etmp->exp_pad)

  255. 			*p++ = 0;

  256. 		}

  257. 

  258. 	/* If IMPLICIT, output tag */

  259. 

  260. 	if (asn1_tags.imp_tag != -1)

  261. 		{

  262. 		if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 

  263. 		    && (asn1_tags.imp_tag == V_ASN1_SEQUENCE

  264. 		     || asn1_tags.imp_tag == V_ASN1_SET) )

  265. 			hdr_constructed = V_ASN1_CONSTRUCTED;

  266. 		ASN1_put_object(&p, hdr_constructed, hdr_len,

  267. 					asn1_tags.imp_tag, asn1_tags.imp_class);

  268. 		}

  269. 

  270. 	/* Copy across original encoding */

  271. 	memcpy(p, cpy_start, cpy_len);

  272. 

  273. 	cp = new_der;

  274. 

  275. 	/* Obtain new ASN1_TYPE structure */

  276. 	ret = d2i_ASN1_TYPE(NULL, &cp, len);

  277. 

  278. 	err:

  279. 	if (orig_der)

  280. 		OPENSSL_free(orig_der);

  281. 	if (new_der)

  282. 		OPENSSL_free(new_der);

  283. 

  284. 	return ret;

  285. 

  286. 	}

  287. 

  288. static int asn1_cb(const char *elem, int len, void *bitstr)

  289. 	{

  290. 	tag_exp_arg *arg = bitstr;

  291. 	int i;

  292. 	int utype;

  293. 	int vlen = 0;

  294. 	const char *p, *vstart = NULL;

  295. 

  296. 	int tmp_tag, tmp_class;

  297. 

  298. 	if (elem == NULL)

  299. 		return 0;

  300. 

  301. 	for(i = 0, p = elem; i < len; p++, i++)

  302. 		{

  303. 		/* Look for the ':' in name value pairs */

  304. 		if (*p == ':')

  305. 			{

  306. 			vstart = p + 1;

  307. 			vlen = len - (vstart - elem);

  308. 			len = p - elem;

  309. 			break;

  310. 			}

  311. 		}

  312. 

  313. 	utype = asn1_str2tag(elem, len);

  314. 

  315. 	if (utype == -1)

  316. 		{

  317. 		OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_TAG);

  318. 		ERR_add_error_data(2, "tag=", elem);

  319. 		return -1;

  320. 		}

  321. 

  322. 	/* If this is not a modifier mark end of string and exit */

  323. 	if (!(utype & ASN1_GEN_FLAG))

  324. 		{

  325. 		arg->utype = utype;

  326. 		arg->str = vstart;

  327. 		/* If no value and not end of string, error */

  328. 		if (!vstart && elem[len])

  329. 			{

  330. 			OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_MISSING_VALUE);

  331. 			return -1;

  332. 			}

  333. 		return 0;

  334. 		}

  335. 

  336. 	switch(utype)

  337. 		{

  338. 

  339. 		case ASN1_GEN_FLAG_IMP:

  340. 		/* Check for illegal multiple IMPLICIT tagging */

  341. 		if (arg->imp_tag != -1)

  342. 			{

  343. 			OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING);

  344. 			return -1;

  345. 			}

  346. 		if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))

  347. 			return -1;

  348. 		break;

  349. 

  350. 		case ASN1_GEN_FLAG_EXP:

  351. 

  352. 		if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))

  353. 			return -1;

  354. 		if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))

  355. 			return -1;

  356. 		break;

  357. 

  358. 		case ASN1_GEN_FLAG_SEQWRAP:

  359. 		if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))

  360. 			return -1;

  361. 		break;

  362. 

  363. 		case ASN1_GEN_FLAG_SETWRAP:

  364. 		if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))

  365. 			return -1;

  366. 		break;

  367. 

  368. 		case ASN1_GEN_FLAG_BITWRAP:

  369. 		if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))

  370. 			return -1;

  371. 		break;

  372. 

  373. 		case ASN1_GEN_FLAG_OCTWRAP:

  374. 		if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))

  375. 			return -1;

  376. 		break;

  377. 

  378. 		case ASN1_GEN_FLAG_FORMAT:

  379. 		if (!vstart)

  380. 			{

  381. 			OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT);

  382. 			return -1;

  383. 			}

  384. 		if (!strncmp(vstart, "ASCII", 5))

  385. 			arg->format = ASN1_GEN_FORMAT_ASCII;

  386. 		else if (!strncmp(vstart, "UTF8", 4))

  387. 			arg->format = ASN1_GEN_FORMAT_UTF8;

  388. 		else if (!strncmp(vstart, "HEX", 3))

  389. 			arg->format = ASN1_GEN_FORMAT_HEX;

  390. 		else if (!strncmp(vstart, "BITLIST", 7))

  391. 			arg->format = ASN1_GEN_FORMAT_BITLIST;

  392. 		else

  393. 			{

  394. 			OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT);

  395. 			return -1;

  396. 			}

  397. 		break;

  398. 

  399. 		}

  400. 

  401. 	return 1;

  402. 

  403. 	}

  404. 

  405. static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)

  406. 	{

  407. 	char erch[2];

  408. 	long tag_num;

  409. 	char *eptr;

  410. 	if (!vstart)

  411. 		return 0;

  412. 	tag_num = strtoul(vstart, &eptr, 10);

  413. 	/* Check we haven't gone past max length: should be impossible */

  414. 	if (eptr && *eptr && (eptr > vstart + vlen))

  415. 		return 0;

  416. 	if (tag_num < 0)

  417. 		{

  418. 		OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_NUMBER);

  419. 		return 0;

  420. 		}

  421. 	*ptag = tag_num;

  422. 	/* If we have non numeric characters, parse them */

  423. 	if (eptr)

  424. 		vlen -= eptr - vstart;

  425. 	else 

  426. 		vlen = 0;

  427. 	if (vlen)

  428. 		{

  429. 		switch (*eptr)

  430. 			{

  431. 

  432. 			case 'U':

  433. 			*pclass = V_ASN1_UNIVERSAL;

  434. 			break;

  435. 

  436. 			case 'A':

  437. 			*pclass = V_ASN1_APPLICATION;

  438. 			break;

  439. 

  440. 			case 'P':

  441. 			*pclass = V_ASN1_PRIVATE;

  442. 			break;

  443. 

  444. 			case 'C':

  445. 			*pclass = V_ASN1_CONTEXT_SPECIFIC;

  446. 			break;

  447. 

  448. 			default:

  449. 			erch[0] = *eptr;

  450. 			erch[1] = 0;

  451. 			OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_MODIFIER);

  452. 			ERR_add_error_data(2, "Char=", erch);

  453. 			return 0;

  454. 			break;

  455. 

  456. 			}

  457. 		}

  458. 	else

  459. 		*pclass = V_ASN1_CONTEXT_SPECIFIC;

  460. 

  461. 	return 1;

  462. 

  463. 	}

  464. 

  465. /* Handle multiple types: SET and SEQUENCE */

  466. 

  467. static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)

  468. 	{

  469. 	ASN1_TYPE *ret = NULL;

  470. 	STACK_OF(ASN1_TYPE) *sk = NULL;

  471. 	STACK_OF(CONF_VALUE) *sect = NULL;

  472. 	unsigned char *der = NULL;

  473. 	int derlen;

  474. 	size_t i;

  475. 	sk = sk_ASN1_TYPE_new_null();

  476. 	if (!sk)

  477. 		goto bad;

  478. 	if (section)

  479. 		{

  480. 		if (!cnf)

  481. 			goto bad;

  482. 		sect = X509V3_get_section(cnf, (char *)section);

  483. 		if (!sect)

  484. 			goto bad;

  485. 		for (i = 0; i < sk_CONF_VALUE_num(sect); i++)

  486. 			{

  487. 			ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);

  488. 			if (!typ)

  489. 				goto bad;

  490. 			if (!sk_ASN1_TYPE_push(sk, typ))

  491. 				goto bad;

  492. 			}

  493. 		}

  494. 

  495. 	/* Now we has a STACK of the components, convert to the correct form */

  496. 

  497. 	if (utype == V_ASN1_SET)

  498. 		derlen = i2d_ASN1_SET_ANY(sk, &der);

  499. 	else

  500. 		derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);

  501. 

  502. 	if (derlen < 0)

  503. 		goto bad;

  504. 

  505. 	if (!(ret = ASN1_TYPE_new()))

  506. 		goto bad;

  507. 

  508. 	if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))

  509. 		goto bad;

  510. 

  511. 	ret->type = utype;

  512. 

  513. 	ret->value.asn1_string->data = der;

  514. 	ret->value.asn1_string->length = derlen;

  515. 

  516. 	der = NULL;

  517. 

  518. 	bad:

  519. 

  520. 	if (der)

  521. 		OPENSSL_free(der);

  522. 

  523. 	if (sk)

  524. 		sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);

  525. 	if (sect)

  526. 		X509V3_section_free(cnf, sect);

  527. 

  528. 	return ret;

  529. 	}

  530. 

  531. static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)

  532. 	{

  533. 	tag_exp_type *exp_tmp;

  534. 	/* Can only have IMPLICIT if permitted */

  535. 	if ((arg->imp_tag != -1) && !imp_ok)

  536. 		{

  537. 		OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG);

  538. 		return 0;

  539. 		}

  540. 

  541. 	if (arg->exp_count == ASN1_FLAG_EXP_MAX)

  542. 		{

  543. 		OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_DEPTH_EXCEEDED);

  544. 		return 0;

  545. 		}

  546. 

  547. 	exp_tmp = &arg->exp_list[arg->exp_count++];

  548. 

  549. 	/* If IMPLICIT set tag to implicit value then

  550. 	 * reset implicit tag since it has been used.

  551. 	 */

  552. 	if (arg->imp_tag != -1)

  553. 		{

  554. 		exp_tmp->exp_tag = arg->imp_tag;

  555. 		exp_tmp->exp_class = arg->imp_class;

  556. 		arg->imp_tag = -1;

  557. 		arg->imp_class = -1;

  558. 		}

  559. 	else

  560. 		{

  561. 		exp_tmp->exp_tag = exp_tag;

  562. 		exp_tmp->exp_class = exp_class;

  563. 		}

  564. 	exp_tmp->exp_constructed = exp_constructed;

  565. 	exp_tmp->exp_pad = exp_pad;

  566. 

  567. 	return 1;

  568. 	}

  569. 

  570. 

  571. static int asn1_str2tag(const char *tagstr, int len)

  572. 	{

  573. 	unsigned int i;

  574. 	static const struct tag_name_st *tntmp, tnst [] = {

  575. 		ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),

  576. 		ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),

  577. 		ASN1_GEN_STR("NULL", V_ASN1_NULL),

  578. 		ASN1_GEN_STR("INT", V_ASN1_INTEGER),

  579. 		ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),

  580. 		ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),

  581. 		ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),

  582. 		ASN1_GEN_STR("OID", V_ASN1_OBJECT),

  583. 		ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),

  584. 		ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),

  585. 		ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),

  586. 		ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),

  587. 		ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),

  588. 		ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),

  589. 		ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),

  590. 		ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),

  591. 		ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),

  592. 		ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),

  593. 		ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),

  594. 		ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),

  595. 		ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),

  596. 		ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),

  597. 		ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),

  598. 		ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),

  599. 		ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),

  600. 		ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),

  601. 		ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),

  602. 		ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),

  603. 		ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),

  604. 		ASN1_GEN_STR("T61", V_ASN1_T61STRING),

  605. 		ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),

  606. 		ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),

  607. 		ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),

  608. 		ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),

  609. 		ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),

  610. 		ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),

  611. 

  612. 		/* Special cases */

  613. 		ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),

  614. 		ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),

  615. 		ASN1_GEN_STR("SET", V_ASN1_SET),

  616. 		/* type modifiers */

  617. 		/* Explicit tag */

  618. 		ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),

  619. 		ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),

  620. 		/* Implicit tag */

  621. 		ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),

  622. 		ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),

  623. 		/* OCTET STRING wrapper */

  624. 		ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),

  625. 		/* SEQUENCE wrapper */

  626. 		ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),

  627. 		/* SET wrapper */

  628. 		ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),

  629. 		/* BIT STRING wrapper */

  630. 		ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),

  631. 		ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),

  632. 		ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),

  633. 	};

  634. 

  635. 	if (len == -1)

  636. 		len = strlen(tagstr);

  637. 	

  638. 	tntmp = tnst;	

  639. 	for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)

  640. 		{

  641. 		if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))

  642. 			return tntmp->tag;

  643. 		}

  644. 	

  645. 	return -1;

  646. 	}

  647. 

  648. static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)

  649. 	{

  650. 	ASN1_TYPE *atmp = NULL;

  651. 

  652. 	CONF_VALUE vtmp;

  653. 

  654. 	unsigned char *rdata;

  655. 	long rdlen;

  656. 

  657. 	int no_unused = 1;

  658. 

  659. 	if (!(atmp = ASN1_TYPE_new()))

  660. 		{

  661. 		OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);

  662. 		return NULL;

  663. 		}

  664. 

  665. 	if (!str)

  666. 		str = "";

  667. 

  668. 	switch(utype)

  669. 		{

  670. 

  671. 		case V_ASN1_NULL:

  672. 		if (str && *str)

  673. 			{

  674. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE);

  675. 			goto bad_form;

  676. 			}

  677. 		break;

  678. 		

  679. 		case V_ASN1_BOOLEAN:

  680. 		if (format != ASN1_GEN_FORMAT_ASCII)

  681. 			{

  682. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT);

  683. 			goto bad_form;

  684. 			}

  685. 		vtmp.name = NULL;

  686. 		vtmp.section = NULL;

  687. 		vtmp.value = (char *)str;

  688. 		if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))

  689. 			{

  690. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN);

  691. 			goto bad_str;

  692. 			}

  693. 		break;

  694. 

  695. 		case V_ASN1_INTEGER:

  696. 		case V_ASN1_ENUMERATED:

  697. 		if (format != ASN1_GEN_FORMAT_ASCII)

  698. 			{

  699. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT);

  700. 			goto bad_form;

  701. 			}

  702. 		if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))

  703. 			{

  704. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_INTEGER);

  705. 			goto bad_str;

  706. 			}

  707. 		break;

  708. 

  709. 		case V_ASN1_OBJECT:

  710. 		if (format != ASN1_GEN_FORMAT_ASCII)

  711. 			{

  712. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT);

  713. 			goto bad_form;

  714. 			}

  715. 		if (!(atmp->value.object = OBJ_txt2obj(str, 0)))

  716. 			{

  717. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_OBJECT);

  718. 			goto bad_str;

  719. 			}

  720. 		break;

  721. 

  722. 		case V_ASN1_UTCTIME:

  723. 		case V_ASN1_GENERALIZEDTIME:

  724. 		if (format != ASN1_GEN_FORMAT_ASCII)

  725. 			{

  726. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT);

  727. 			goto bad_form;

  728. 			}

  729. 		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

  730. 			{

  731. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);

  732. 			goto bad_str;

  733. 			}

  734. 		if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))

  735. 			{

  736. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);

  737. 			goto bad_str;

  738. 			}

  739. 		atmp->value.asn1_string->type = utype;

  740. 		if (!ASN1_TIME_check(atmp->value.asn1_string))

  741. 			{

  742. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE);

  743. 			goto bad_str;

  744. 			}

  745. 

  746. 		break;

  747. 

  748. 		case V_ASN1_BMPSTRING:

  749. 		case V_ASN1_PRINTABLESTRING:

  750. 		case V_ASN1_IA5STRING:

  751. 		case V_ASN1_T61STRING:

  752. 		case V_ASN1_UTF8STRING:

  753. 		case V_ASN1_VISIBLESTRING:

  754. 		case V_ASN1_UNIVERSALSTRING:

  755. 		case V_ASN1_GENERALSTRING:

  756. 		case V_ASN1_NUMERICSTRING:

  757. 

  758. 		if (format == ASN1_GEN_FORMAT_ASCII)

  759. 			format = MBSTRING_ASC;

  760. 		else if (format == ASN1_GEN_FORMAT_UTF8)

  761. 			format = MBSTRING_UTF8;

  762. 		else

  763. 			{

  764. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_FORMAT);

  765. 			goto bad_form;

  766. 			}

  767. 

  768. 

  769. 		if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,

  770. 						-1, format, ASN1_tag2bit(utype)) <= 0)

  771. 			{

  772. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);

  773. 			goto bad_str;

  774. 			}

  775. 		

  776. 

  777. 		break;

  778. 

  779. 		case V_ASN1_BIT_STRING:

  780. 

  781. 		case V_ASN1_OCTET_STRING:

  782. 

  783. 		if (!(atmp->value.asn1_string = ASN1_STRING_new()))

  784. 			{

  785. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);

  786. 			goto bad_form;

  787. 			}

  788. 

  789. 		if (format == ASN1_GEN_FORMAT_HEX)

  790. 			{

  791. 

  792. 			if (!(rdata = string_to_hex((char *)str, &rdlen)))

  793. 				{

  794. 				OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_HEX);

  795. 				goto bad_str;

  796. 				}

  797. 

  798. 			atmp->value.asn1_string->data = rdata;

  799. 			atmp->value.asn1_string->length = rdlen;

  800. 			atmp->value.asn1_string->type = utype;

  801. 

  802. 			}

  803. 		else if (format == ASN1_GEN_FORMAT_ASCII)

  804. 			ASN1_STRING_set(atmp->value.asn1_string, str, -1);

  805. 		else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))

  806. 			{

  807. 			if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))

  808. 				{

  809. 				OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_LIST_ERROR);

  810. 				goto bad_str;

  811. 				}

  812. 			no_unused = 0;

  813. 			

  814. 			}

  815. 		else 

  816. 			{

  817. 			OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT);

  818. 			goto bad_form;

  819. 			}

  820. 

  821. 		if ((utype == V_ASN1_BIT_STRING) && no_unused)

  822. 			{

  823. 			atmp->value.asn1_string->flags

  824. 				&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);

  825.         		atmp->value.asn1_string->flags

  826. 				|= ASN1_STRING_FLAG_BITS_LEFT;

  827. 			}

  828. 

  829. 

  830. 		break;

  831. 

  832. 		default:

  833. 		OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE);

  834. 		goto bad_str;

  835. 		break;

  836. 		}

  837. 

  838. 

  839. 	atmp->type = utype;

  840. 	return atmp;

  841. 

  842. 

  843. 	bad_str:

  844. 	ERR_add_error_data(2, "string=", str);

  845. 	bad_form:

  846. 

  847. 	ASN1_TYPE_free(atmp);

  848. 	return NULL;

  849. 

  850. 	}

  851. 

  852. static int bitstr_cb(const char *elem, int len, void *bitstr)

  853. 	{

  854. 	long bitnum;

  855. 	char *eptr;

  856. 	if (!elem)

  857. 		return 0;

  858. 	bitnum = strtoul(elem, &eptr, 10);

  859. 	if (eptr && *eptr && (eptr != elem + len))

  860. 		return 0;

  861. 	if (bitnum < 0)

  862. 		{

  863. 		OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ASN1_R_INVALID_NUMBER);

  864. 		return 0;

  865. 		}

  866. 	if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))

  867. 		{

  868. 		OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ERR_R_MALLOC_FAILURE);

  869. 		return 0;

  870. 		}

  871. 	return 1;

  872. 	}