1/* 2 * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10#include <stdio.h> 11#include "internal/cryptlib.h" 12#include <openssl/asn1.h> 13#include <openssl/objects.h> 14 15static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; 16static void st_free(ASN1_STRING_TABLE *tbl); 17static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, 18 const ASN1_STRING_TABLE *const *b); 19 20/* 21 * This is the global mask for the mbstring functions: this is use to mask 22 * out certain types (such as BMPString and UTF8String) because certain 23 * software (e.g. Netscape) has problems with them. 24 */ 25 26static unsigned long global_mask = B_ASN1_UTF8STRING; 27 28void ASN1_STRING_set_default_mask(unsigned long mask) 29{ 30 global_mask = mask; 31} 32 33unsigned long ASN1_STRING_get_default_mask(void) 34{ 35 return global_mask; 36} 37 38/*- 39 * This function sets the default to various "flavours" of configuration. 40 * based on an ASCII string. Currently this is: 41 * MASK:XXXX : a numerical mask value. 42 * nobmp : Don't use BMPStrings (just Printable, T61). 43 * pkix : PKIX recommendation in RFC2459. 44 * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). 45 * default: the default value, Printable, T61, BMP. 46 */ 47 48int ASN1_STRING_set_default_mask_asc(const char *p) 49{ 50 unsigned long mask; 51 char *end; 52 53 if (strncmp(p, "MASK:", 5) == 0) { 54 if (!p[5]) 55 return 0; 56 mask = strtoul(p + 5, &end, 0); 57 if (*end) 58 return 0; 59 } else if (strcmp(p, "nombstr") == 0) 60 mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING)); 61 else if (strcmp(p, "pkix") == 0) 62 mask = ~((unsigned long)B_ASN1_T61STRING); 63 else if (strcmp(p, "utf8only") == 0) 64 mask = B_ASN1_UTF8STRING; 65 else if (strcmp(p, "default") == 0) 66 mask = 0xFFFFFFFFL; 67 else 68 return 0; 69 ASN1_STRING_set_default_mask(mask); 70 return 1; 71} 72 73/* 74 * The following function generates an ASN1_STRING based on limits in a 75 * table. Frequently the types and length of an ASN1_STRING are restricted by 76 * a corresponding OID. For example certificates and certificate requests. 77 */ 78 79ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 80 const unsigned char *in, int inlen, 81 int inform, int nid) 82{ 83 ASN1_STRING_TABLE *tbl; 84 ASN1_STRING *str = NULL; 85 unsigned long mask; 86 int ret; 87 88 if (out == NULL) 89 out = &str; 90 tbl = ASN1_STRING_TABLE_get(nid); 91 if (tbl != NULL) { 92 mask = tbl->mask; 93 if (!(tbl->flags & STABLE_NO_MASK)) 94 mask &= global_mask; 95 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, 96 tbl->minsize, tbl->maxsize); 97 } else { 98 ret = ASN1_mbstring_copy(out, in, inlen, inform, 99 DIRSTRING_TYPE & global_mask); 100 } 101 if (ret <= 0) 102 return NULL; 103 return *out; 104} 105 106/* 107 * Now the tables and helper functions for the string table: 108 */ 109 110#include "tbl_standard.h" 111 112static int sk_table_cmp(const ASN1_STRING_TABLE *const *a, 113 const ASN1_STRING_TABLE *const *b) 114{ 115 return (*a)->nid - (*b)->nid; 116} 117 118DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); 119 120static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) 121{ 122 return a->nid - b->nid; 123} 124 125IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table); 126 127ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) 128{ 129 int idx; 130 ASN1_STRING_TABLE fnd; 131 132 fnd.nid = nid; 133 if (stable) { 134 idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); 135 if (idx >= 0) 136 return sk_ASN1_STRING_TABLE_value(stable, idx); 137 } 138 return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard)); 139} 140 141/* 142 * Return a string table pointer which can be modified: either directly from 143 * table or a copy of an internal value added to the table. 144 */ 145 146static ASN1_STRING_TABLE *stable_get(int nid) 147{ 148 ASN1_STRING_TABLE *tmp, *rv; 149 150 /* Always need a string table so allocate one if NULL */ 151 if (stable == NULL) { 152 stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); 153 if (stable == NULL) 154 return NULL; 155 } 156 tmp = ASN1_STRING_TABLE_get(nid); 157 if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC) 158 return tmp; 159 if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) { 160 ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE); 161 return NULL; 162 } 163 if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { 164 OPENSSL_free(rv); 165 return NULL; 166 } 167 if (tmp != NULL) { 168 rv->nid = tmp->nid; 169 rv->minsize = tmp->minsize; 170 rv->maxsize = tmp->maxsize; 171 rv->mask = tmp->mask; 172 rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; 173 } else { 174 rv->nid = nid; 175 rv->minsize = -1; 176 rv->maxsize = -1; 177 rv->flags = STABLE_FLAGS_MALLOC; 178 } 179 return rv; 180} 181 182int ASN1_STRING_TABLE_add(int nid, 183 long minsize, long maxsize, unsigned long mask, 184 unsigned long flags) 185{ 186 ASN1_STRING_TABLE *tmp; 187 188 tmp = stable_get(nid); 189 if (tmp == NULL) { 190 ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); 191 return 0; 192 } 193 if (minsize >= 0) 194 tmp->minsize = minsize; 195 if (maxsize >= 0) 196 tmp->maxsize = maxsize; 197 if (mask) 198 tmp->mask = mask; 199 if (flags) 200 tmp->flags = STABLE_FLAGS_MALLOC | flags; 201 return 1; 202} 203 204void ASN1_STRING_TABLE_cleanup(void) 205{ 206 STACK_OF(ASN1_STRING_TABLE) *tmp; 207 208 tmp = stable; 209 if (tmp == NULL) 210 return; 211 stable = NULL; 212 sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); 213} 214 215static void st_free(ASN1_STRING_TABLE *tbl) 216{ 217 if (tbl->flags & STABLE_FLAGS_MALLOC) 218 OPENSSL_free(tbl); 219} 220