1/* 2 * Copyright 1999-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include <stdio.h> 11#include "internal/cryptlib.h" 12#include <openssl/asn1.h> 13#include <openssl/objects.h> 14 15static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; 16static void st_free(ASN1_STRING_TABLE *tbl); 17static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, 18 const ASN1_STRING_TABLE *const *b); 19 20/* 21 * This is the global mask for the mbstring functions: this is use to mask 22 * out certain types (such as BMPString and UTF8String) because certain 23 * software (e.g. Netscape) has problems with them. 24 */ 25 26static unsigned long global_mask = B_ASN1_UTF8STRING; 27 28void ASN1_STRING_set_default_mask(unsigned long mask) 29{ 30 global_mask = mask; 31} 32 33unsigned long ASN1_STRING_get_default_mask(void) 34{ 35 return global_mask; 36} 37 38/*- 39 * This function sets the default to various "flavours" of configuration. 40 * based on an ASCII string. Currently this is: 41 * MASK:XXXX : a numerical mask value. 42 * nobmp : Don't use BMPStrings (just Printable, T61). 43 * pkix : PKIX recommendation in RFC2459. 44 * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). 45 * default: the default value, Printable, T61, BMP. 46 */ 47 48int ASN1_STRING_set_default_mask_asc(const char *p) 49{ 50 unsigned long mask; 51 char *end; 52 53 if (strncmp(p, "MASK:", 5) == 0) { 54 if (p[5] == '\0') 55 return 0; 56 mask = strtoul(p + 5, &end, 0); 57 if (*end) 58 return 0; 59 } else if (strcmp(p, "nombstr") == 0) 60 mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); 61 else if (strcmp(p, "pkix") == 0) 62 mask = ~((unsigned long)B_ASN1_T61STRING); 63 else if (strcmp(p, "utf8only") == 0) 64 mask = B_ASN1_UTF8STRING; 65 else if (strcmp(p, "default") == 0) 66 mask = 0xFFFFFFFFL; 67 else 68 return 0; 69 ASN1_STRING_set_default_mask(mask); 70 return 1; 71} 72 73/* 74 * The following function generates an ASN1_STRING based on limits in a 75 * table. Frequently the types and length of an ASN1_STRING are restricted by 76 * a corresponding OID. For example certificates and certificate requests. 77 */ 78 79ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 80 const unsigned char *in, int inlen, 81 int inform, int nid) 82{ 83 ASN1_STRING_TABLE *tbl; 84 ASN1_STRING *str = NULL; 85 unsigned long mask; 86 int ret; 87 88 if (out == NULL) 89 out = &str; 90 tbl = ASN1_STRING_TABLE_get(nid); 91 if (tbl != NULL) { 92 mask = tbl->mask; 93 if (!(tbl->flags & STABLE_NO_MASK)) 94 mask &= global_mask; 95 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, 96 tbl->minsize, tbl->maxsize); 97 } else { 98 ret = ASN1_mbstring_copy(out, in, inlen, inform, 99 DIRSTRING_TYPE & global_mask); 100 } 101 if (ret <= 0) 102 return NULL; 103 return *out; 104} 105 106/* 107 * Now the tables and helper functions for the string table: 108 */ 109 110#include "tbl_standard.h" 111 112static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, 113 const ASN1_STRING_TABLE *const *b) 114{ 115 return (*a)->nid - (*b)->nid; 116} 117 118DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); 119 120static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) 121{ 122 return a->nid - b->nid; 123} 124 125IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); 126 127ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) 128{ 129 int idx; 130 ASN1_STRING_TABLE fnd; 131 132#ifndef OPENSSL_NO_AUTOLOAD_CONFIG 133 /* "stable" can be impacted by config, so load the config file first */ 134 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); 135#endif 136 137 fnd.nid = nid; 138 if (stable) { 139 idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); 140 if (idx >= 0) 141 return sk_ASN1_STRING_TABLE_value(stable, idx); 142 } 143 return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard)); 144} 145 146/* 147 * Return a string table pointer which can be modified: either directly from 148 * table or a copy of an internal value added to the table. 149 */ 150 151static ASN1_STRING_TABLE *stable_get(int nid) 152{ 153 ASN1_STRING_TABLE *tmp, *rv; 154 155 /* Always need a string table so allocate one if NULL */ 156 if (stable == NULL) { 157 stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); 158 if (stable == NULL) 159 return NULL; 160 } 161 tmp = ASN1_STRING_TABLE_get(nid); 162 if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC) 163 return tmp; 164 if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) { 165 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 166 return NULL; 167 } 168 if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { 169 OPENSSL_free(rv); 170 return NULL; 171 } 172 if (tmp != NULL) { 173 rv->nid = tmp->nid; 174 rv->minsize = tmp->minsize; 175 rv->maxsize = tmp->maxsize; 176 rv->mask = tmp->mask; 177 rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; 178 } else { 179 rv->nid = nid; 180 rv->minsize = -1; 181 rv->maxsize = -1; 182 rv->flags = STABLE_FLAGS_MALLOC; 183 } 184 return rv; 185} 186 187int ASN1_STRING_TABLE_add(int nid, 188 long minsize, long maxsize, unsigned long mask, 189 unsigned long flags) 190{ 191 ASN1_STRING_TABLE *tmp; 192 193 tmp = stable_get(nid); 194 if (tmp == NULL) { 195 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 196 return 0; 197 } 198 if (minsize >= 0) 199 tmp->minsize = minsize; 200 if (maxsize >= 0) 201 tmp->maxsize = maxsize; 202 if (mask) 203 tmp->mask = mask; 204 if (flags) 205 tmp->flags = STABLE_FLAGS_MALLOC | flags; 206 return 1; 207} 208 209void ASN1_STRING_TABLE_cleanup(void) 210{ 211 STACK_OF(ASN1_STRING_TABLE) *tmp; 212 213 tmp = stable; 214 if (tmp == NULL) 215 return; 216 stable = NULL; 217 sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); 218} 219 220static void st_free(ASN1_STRING_TABLE *tbl) 221{ 222 if (tbl->flags & STABLE_FLAGS_MALLOC) 223 OPENSSL_free(tbl); 224} 225