asn1_gen.c revision 296341
1/* asn1_gen.c */ 2/* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2002. 5 */ 6/* ==================================================================== 7 * Copyright (c) 2002 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60#include "cryptlib.h" 61#include <openssl/asn1.h> 62#include <openssl/x509v3.h> 63 64#define ASN1_GEN_FLAG 0x10000 65#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) 66#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) 67#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) 68#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) 69#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) 70#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) 71#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) 72#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) 73 74#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} 75 76#define ASN1_FLAG_EXP_MAX 20 77/* Maximum number of nested sequences */ 78#define ASN1_GEN_SEQ_MAX_DEPTH 50 79 80/* Input formats */ 81 82/* ASCII: default */ 83#define ASN1_GEN_FORMAT_ASCII 1 84/* UTF8 */ 85#define ASN1_GEN_FORMAT_UTF8 2 86/* Hex */ 87#define ASN1_GEN_FORMAT_HEX 3 88/* List of bits */ 89#define ASN1_GEN_FORMAT_BITLIST 4 90 91struct tag_name_st { 92 const char *strnam; 93 int len; 94 int tag; 95}; 96 97typedef struct { 98 int exp_tag; 99 int exp_class; 100 int exp_constructed; 101 int exp_pad; 102 long exp_len; 103} tag_exp_type; 104 105typedef struct { 106 int imp_tag; 107 int imp_class; 108 int utype; 109 int format; 110 const char *str; 111 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; 112 int exp_count; 113} tag_exp_arg; 114 115static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, 116 int *perr); 117static int bitstr_cb(const char *elem, int len, void *bitstr); 118static int asn1_cb(const char *elem, int len, void *bitstr); 119static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 120 int exp_constructed, int exp_pad, int imp_ok); 121static int parse_tagging(const char *vstart, int vlen, int *ptag, 122 int *pclass); 123static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 124 int depth, int *perr); 125static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); 126static int asn1_str2tag(const char *tagstr, int len); 127 128ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf) 129{ 130 X509V3_CTX cnf; 131 132 if (!nconf) 133 return ASN1_generate_v3(str, NULL); 134 135 X509V3_set_nconf(&cnf, nconf); 136 return ASN1_generate_v3(str, &cnf); 137} 138 139ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf) 140{ 141 int err = 0; 142 ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); 143 if (err) 144 ASN1err(ASN1_F_ASN1_GENERATE_V3, err); 145 return ret; 146} 147 148static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth, 149 int *perr) 150{ 151 ASN1_TYPE *ret; 152 tag_exp_arg asn1_tags; 153 tag_exp_type *etmp; 154 155 int i, len; 156 157 unsigned char *orig_der = NULL, *new_der = NULL; 158 const unsigned char *cpy_start; 159 unsigned char *p; 160 const unsigned char *cp; 161 int cpy_len; 162 long hdr_len; 163 int hdr_constructed = 0, hdr_tag, hdr_class; 164 int r; 165 166 asn1_tags.imp_tag = -1; 167 asn1_tags.imp_class = -1; 168 asn1_tags.format = ASN1_GEN_FORMAT_ASCII; 169 asn1_tags.exp_count = 0; 170 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { 171 *perr = ASN1_R_UNKNOWN_TAG; 172 return NULL; 173 } 174 175 if ((asn1_tags.utype == V_ASN1_SEQUENCE) 176 || (asn1_tags.utype == V_ASN1_SET)) { 177 if (!cnf) { 178 *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; 179 return NULL; 180 } 181 if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { 182 *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; 183 return NULL; 184 } 185 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); 186 } else 187 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); 188 189 if (!ret) 190 return NULL; 191 192 /* If no tagging return base type */ 193 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) 194 return ret; 195 196 /* Generate the encoding */ 197 cpy_len = i2d_ASN1_TYPE(ret, &orig_der); 198 ASN1_TYPE_free(ret); 199 ret = NULL; 200 /* Set point to start copying for modified encoding */ 201 cpy_start = orig_der; 202 203 /* Do we need IMPLICIT tagging? */ 204 if (asn1_tags.imp_tag != -1) { 205 /* If IMPLICIT we will replace the underlying tag */ 206 /* Skip existing tag+len */ 207 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, 208 cpy_len); 209 if (r & 0x80) 210 goto err; 211 /* Update copy length */ 212 cpy_len -= cpy_start - orig_der; 213 /* 214 * For IMPLICIT tagging the length should match the original length 215 * and constructed flag should be consistent. 216 */ 217 if (r & 0x1) { 218 /* Indefinite length constructed */ 219 hdr_constructed = 2; 220 hdr_len = 0; 221 } else 222 /* Just retain constructed flag */ 223 hdr_constructed = r & V_ASN1_CONSTRUCTED; 224 /* 225 * Work out new length with IMPLICIT tag: ignore constructed because 226 * it will mess up if indefinite length 227 */ 228 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); 229 } else 230 len = cpy_len; 231 232 /* Work out length in any EXPLICIT, starting from end */ 233 234 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; 235 i < asn1_tags.exp_count; i++, etmp--) { 236 /* Content length: number of content octets + any padding */ 237 len += etmp->exp_pad; 238 etmp->exp_len = len; 239 /* Total object length: length including new header */ 240 len = ASN1_object_size(0, len, etmp->exp_tag); 241 } 242 243 /* Allocate buffer for new encoding */ 244 245 new_der = OPENSSL_malloc(len); 246 if (!new_der) 247 goto err; 248 249 /* Generate tagged encoding */ 250 251 p = new_der; 252 253 /* Output explicit tags first */ 254 255 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; 256 i++, etmp++) { 257 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, 258 etmp->exp_tag, etmp->exp_class); 259 if (etmp->exp_pad) 260 *p++ = 0; 261 } 262 263 /* If IMPLICIT, output tag */ 264 265 if (asn1_tags.imp_tag != -1) { 266 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 267 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE 268 || asn1_tags.imp_tag == V_ASN1_SET)) 269 hdr_constructed = V_ASN1_CONSTRUCTED; 270 ASN1_put_object(&p, hdr_constructed, hdr_len, 271 asn1_tags.imp_tag, asn1_tags.imp_class); 272 } 273 274 /* Copy across original encoding */ 275 memcpy(p, cpy_start, cpy_len); 276 277 cp = new_der; 278 279 /* Obtain new ASN1_TYPE structure */ 280 ret = d2i_ASN1_TYPE(NULL, &cp, len); 281 282 err: 283 if (orig_der) 284 OPENSSL_free(orig_der); 285 if (new_der) 286 OPENSSL_free(new_der); 287 288 return ret; 289 290} 291 292static int asn1_cb(const char *elem, int len, void *bitstr) 293{ 294 tag_exp_arg *arg = bitstr; 295 int i; 296 int utype; 297 int vlen = 0; 298 const char *p, *vstart = NULL; 299 300 int tmp_tag, tmp_class; 301 302 if (elem == NULL) 303 return -1; 304 305 for (i = 0, p = elem; i < len; p++, i++) { 306 /* Look for the ':' in name value pairs */ 307 if (*p == ':') { 308 vstart = p + 1; 309 vlen = len - (vstart - elem); 310 len = p - elem; 311 break; 312 } 313 } 314 315 utype = asn1_str2tag(elem, len); 316 317 if (utype == -1) { 318 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); 319 ERR_add_error_data(2, "tag=", elem); 320 return -1; 321 } 322 323 /* If this is not a modifier mark end of string and exit */ 324 if (!(utype & ASN1_GEN_FLAG)) { 325 arg->utype = utype; 326 arg->str = vstart; 327 /* If no value and not end of string, error */ 328 if (!vstart && elem[len]) { 329 ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); 330 return -1; 331 } 332 return 0; 333 } 334 335 switch (utype) { 336 337 case ASN1_GEN_FLAG_IMP: 338 /* Check for illegal multiple IMPLICIT tagging */ 339 if (arg->imp_tag != -1) { 340 ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); 341 return -1; 342 } 343 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) 344 return -1; 345 break; 346 347 case ASN1_GEN_FLAG_EXP: 348 349 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) 350 return -1; 351 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) 352 return -1; 353 break; 354 355 case ASN1_GEN_FLAG_SEQWRAP: 356 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) 357 return -1; 358 break; 359 360 case ASN1_GEN_FLAG_SETWRAP: 361 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) 362 return -1; 363 break; 364 365 case ASN1_GEN_FLAG_BITWRAP: 366 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) 367 return -1; 368 break; 369 370 case ASN1_GEN_FLAG_OCTWRAP: 371 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) 372 return -1; 373 break; 374 375 case ASN1_GEN_FLAG_FORMAT: 376 if (!vstart) { 377 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); 378 return -1; 379 } 380 if (!strncmp(vstart, "ASCII", 5)) 381 arg->format = ASN1_GEN_FORMAT_ASCII; 382 else if (!strncmp(vstart, "UTF8", 4)) 383 arg->format = ASN1_GEN_FORMAT_UTF8; 384 else if (!strncmp(vstart, "HEX", 3)) 385 arg->format = ASN1_GEN_FORMAT_HEX; 386 else if (!strncmp(vstart, "BITLIST", 7)) 387 arg->format = ASN1_GEN_FORMAT_BITLIST; 388 else { 389 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT); 390 return -1; 391 } 392 break; 393 394 } 395 396 return 1; 397 398} 399 400static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) 401{ 402 char erch[2]; 403 long tag_num; 404 char *eptr; 405 if (!vstart) 406 return 0; 407 tag_num = strtoul(vstart, &eptr, 10); 408 /* Check we haven't gone past max length: should be impossible */ 409 if (eptr && *eptr && (eptr > vstart + vlen)) 410 return 0; 411 if (tag_num < 0) { 412 ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); 413 return 0; 414 } 415 *ptag = tag_num; 416 /* If we have non numeric characters, parse them */ 417 if (eptr) 418 vlen -= eptr - vstart; 419 else 420 vlen = 0; 421 if (vlen) { 422 switch (*eptr) { 423 424 case 'U': 425 *pclass = V_ASN1_UNIVERSAL; 426 break; 427 428 case 'A': 429 *pclass = V_ASN1_APPLICATION; 430 break; 431 432 case 'P': 433 *pclass = V_ASN1_PRIVATE; 434 break; 435 436 case 'C': 437 *pclass = V_ASN1_CONTEXT_SPECIFIC; 438 break; 439 440 default: 441 erch[0] = *eptr; 442 erch[1] = 0; 443 ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); 444 ERR_add_error_data(2, "Char=", erch); 445 return 0; 446 break; 447 448 } 449 } else 450 *pclass = V_ASN1_CONTEXT_SPECIFIC; 451 452 return 1; 453 454} 455 456/* Handle multiple types: SET and SEQUENCE */ 457 458static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 459 int depth, int *perr) 460{ 461 ASN1_TYPE *ret = NULL; 462 STACK_OF(ASN1_TYPE) *sk = NULL; 463 STACK_OF(CONF_VALUE) *sect = NULL; 464 unsigned char *der = NULL; 465 int derlen; 466 int i; 467 sk = sk_ASN1_TYPE_new_null(); 468 if (!sk) 469 goto bad; 470 if (section) { 471 if (!cnf) 472 goto bad; 473 sect = X509V3_get_section(cnf, (char *)section); 474 if (!sect) 475 goto bad; 476 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 477 ASN1_TYPE *typ = 478 generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, 479 depth + 1, perr); 480 if (!typ) 481 goto bad; 482 if (!sk_ASN1_TYPE_push(sk, typ)) 483 goto bad; 484 } 485 } 486 487 /* 488 * Now we has a STACK of the components, convert to the correct form 489 */ 490 491 if (utype == V_ASN1_SET) 492 derlen = i2d_ASN1_SET_ANY(sk, &der); 493 else 494 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); 495 496 if (derlen < 0) 497 goto bad; 498 499 if (!(ret = ASN1_TYPE_new())) 500 goto bad; 501 502 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype))) 503 goto bad; 504 505 ret->type = utype; 506 507 ret->value.asn1_string->data = der; 508 ret->value.asn1_string->length = derlen; 509 510 der = NULL; 511 512 bad: 513 514 if (der) 515 OPENSSL_free(der); 516 517 if (sk) 518 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); 519 if (sect) 520 X509V3_section_free(cnf, sect); 521 522 return ret; 523} 524 525static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 526 int exp_constructed, int exp_pad, int imp_ok) 527{ 528 tag_exp_type *exp_tmp; 529 /* Can only have IMPLICIT if permitted */ 530 if ((arg->imp_tag != -1) && !imp_ok) { 531 ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); 532 return 0; 533 } 534 535 if (arg->exp_count == ASN1_FLAG_EXP_MAX) { 536 ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); 537 return 0; 538 } 539 540 exp_tmp = &arg->exp_list[arg->exp_count++]; 541 542 /* 543 * If IMPLICIT set tag to implicit value then reset implicit tag since it 544 * has been used. 545 */ 546 if (arg->imp_tag != -1) { 547 exp_tmp->exp_tag = arg->imp_tag; 548 exp_tmp->exp_class = arg->imp_class; 549 arg->imp_tag = -1; 550 arg->imp_class = -1; 551 } else { 552 exp_tmp->exp_tag = exp_tag; 553 exp_tmp->exp_class = exp_class; 554 } 555 exp_tmp->exp_constructed = exp_constructed; 556 exp_tmp->exp_pad = exp_pad; 557 558 return 1; 559} 560 561static int asn1_str2tag(const char *tagstr, int len) 562{ 563 unsigned int i; 564 static const struct tag_name_st *tntmp, tnst[] = { 565 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), 566 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), 567 ASN1_GEN_STR("NULL", V_ASN1_NULL), 568 ASN1_GEN_STR("INT", V_ASN1_INTEGER), 569 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), 570 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), 571 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), 572 ASN1_GEN_STR("OID", V_ASN1_OBJECT), 573 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), 574 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), 575 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), 576 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), 577 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), 578 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), 579 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), 580 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), 581 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), 582 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), 583 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), 584 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), 585 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), 586 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), 587 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), 588 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), 589 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), 590 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), 591 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), 592 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), 593 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), 594 ASN1_GEN_STR("T61", V_ASN1_T61STRING), 595 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), 596 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), 597 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), 598 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), 599 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), 600 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), 601 602 /* Special cases */ 603 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), 604 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), 605 ASN1_GEN_STR("SET", V_ASN1_SET), 606 /* type modifiers */ 607 /* Explicit tag */ 608 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), 609 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), 610 /* Implicit tag */ 611 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), 612 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), 613 /* OCTET STRING wrapper */ 614 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), 615 /* SEQUENCE wrapper */ 616 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), 617 /* SET wrapper */ 618 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), 619 /* BIT STRING wrapper */ 620 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), 621 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), 622 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), 623 }; 624 625 if (len == -1) 626 len = strlen(tagstr); 627 628 tntmp = tnst; 629 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++) { 630 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len)) 631 return tntmp->tag; 632 } 633 634 return -1; 635} 636 637static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) 638{ 639 ASN1_TYPE *atmp = NULL; 640 641 CONF_VALUE vtmp; 642 643 unsigned char *rdata; 644 long rdlen; 645 646 int no_unused = 1; 647 648 if (!(atmp = ASN1_TYPE_new())) { 649 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 650 return NULL; 651 } 652 653 if (!str) 654 str = ""; 655 656 switch (utype) { 657 658 case V_ASN1_NULL: 659 if (str && *str) { 660 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); 661 goto bad_form; 662 } 663 break; 664 665 case V_ASN1_BOOLEAN: 666 if (format != ASN1_GEN_FORMAT_ASCII) { 667 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); 668 goto bad_form; 669 } 670 vtmp.name = NULL; 671 vtmp.section = NULL; 672 vtmp.value = (char *)str; 673 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { 674 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); 675 goto bad_str; 676 } 677 break; 678 679 case V_ASN1_INTEGER: 680 case V_ASN1_ENUMERATED: 681 if (format != ASN1_GEN_FORMAT_ASCII) { 682 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); 683 goto bad_form; 684 } 685 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str))) { 686 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); 687 goto bad_str; 688 } 689 break; 690 691 case V_ASN1_OBJECT: 692 if (format != ASN1_GEN_FORMAT_ASCII) { 693 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); 694 goto bad_form; 695 } 696 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) { 697 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); 698 goto bad_str; 699 } 700 break; 701 702 case V_ASN1_UTCTIME: 703 case V_ASN1_GENERALIZEDTIME: 704 if (format != ASN1_GEN_FORMAT_ASCII) { 705 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); 706 goto bad_form; 707 } 708 if (!(atmp->value.asn1_string = ASN1_STRING_new())) { 709 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 710 goto bad_str; 711 } 712 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { 713 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 714 goto bad_str; 715 } 716 atmp->value.asn1_string->type = utype; 717 if (!ASN1_TIME_check(atmp->value.asn1_string)) { 718 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); 719 goto bad_str; 720 } 721 722 break; 723 724 case V_ASN1_BMPSTRING: 725 case V_ASN1_PRINTABLESTRING: 726 case V_ASN1_IA5STRING: 727 case V_ASN1_T61STRING: 728 case V_ASN1_UTF8STRING: 729 case V_ASN1_VISIBLESTRING: 730 case V_ASN1_UNIVERSALSTRING: 731 case V_ASN1_GENERALSTRING: 732 case V_ASN1_NUMERICSTRING: 733 734 if (format == ASN1_GEN_FORMAT_ASCII) 735 format = MBSTRING_ASC; 736 else if (format == ASN1_GEN_FORMAT_UTF8) 737 format = MBSTRING_UTF8; 738 else { 739 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); 740 goto bad_form; 741 } 742 743 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, 744 -1, format, ASN1_tag2bit(utype)) <= 0) { 745 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 746 goto bad_str; 747 } 748 749 break; 750 751 case V_ASN1_BIT_STRING: 752 753 case V_ASN1_OCTET_STRING: 754 755 if (!(atmp->value.asn1_string = ASN1_STRING_new())) { 756 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 757 goto bad_form; 758 } 759 760 if (format == ASN1_GEN_FORMAT_HEX) { 761 762 if (!(rdata = string_to_hex((char *)str, &rdlen))) { 763 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); 764 goto bad_str; 765 } 766 767 atmp->value.asn1_string->data = rdata; 768 atmp->value.asn1_string->length = rdlen; 769 atmp->value.asn1_string->type = utype; 770 771 } else if (format == ASN1_GEN_FORMAT_ASCII) 772 ASN1_STRING_set(atmp->value.asn1_string, str, -1); 773 else if ((format == ASN1_GEN_FORMAT_BITLIST) 774 && (utype == V_ASN1_BIT_STRING)) { 775 if (!CONF_parse_list 776 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { 777 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); 778 goto bad_str; 779 } 780 no_unused = 0; 781 782 } else { 783 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); 784 goto bad_form; 785 } 786 787 if ((utype == V_ASN1_BIT_STRING) && no_unused) { 788 atmp->value.asn1_string->flags 789 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 790 atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; 791 } 792 793 break; 794 795 default: 796 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); 797 goto bad_str; 798 break; 799 } 800 801 atmp->type = utype; 802 return atmp; 803 804 bad_str: 805 ERR_add_error_data(2, "string=", str); 806 bad_form: 807 808 ASN1_TYPE_free(atmp); 809 return NULL; 810 811} 812 813static int bitstr_cb(const char *elem, int len, void *bitstr) 814{ 815 long bitnum; 816 char *eptr; 817 if (!elem) 818 return 0; 819 bitnum = strtoul(elem, &eptr, 10); 820 if (eptr && *eptr && (eptr != elem + len)) 821 return 0; 822 if (bitnum < 0) { 823 ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); 824 return 0; 825 } 826 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { 827 ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); 828 return 0; 829 } 830 return 1; 831} 832