a_strnid.c revision 1.25
1/* $OpenBSD: a_strnid.c,v 1.25 2021/12/13 17:55:53 schwarze Exp $ */ 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 1999. 4 */ 5/* ==================================================================== 6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59#include <errno.h> 60#include <limits.h> 61#include <stdlib.h> 62#include <string.h> 63 64#include <openssl/asn1.h> 65#include <openssl/err.h> 66#include <openssl/objects.h> 67 68static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; 69 70static ASN1_STRING_TABLE *stable_get(int nid); 71static void st_free(ASN1_STRING_TABLE *tbl); 72static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, 73 const ASN1_STRING_TABLE * const *b); 74 75 76/* 77 * This is the global mask for the mbstring functions: this is used to 78 * mask out certain types (such as BMPString and UTF8String) because 79 * certain software (e.g. Netscape) has problems with them. 80 */ 81 82static unsigned long global_mask = B_ASN1_UTF8STRING; 83 84void 85ASN1_STRING_set_default_mask(unsigned long mask) 86{ 87 global_mask = mask; 88} 89 90unsigned long 91ASN1_STRING_get_default_mask(void) 92{ 93 return global_mask; 94} 95 96/* 97 * This function sets the default to various "flavours" of configuration 98 * based on an ASCII string. Currently this is: 99 * MASK:XXXX : a numerical mask value. 100 * nobmp : Don't use BMPStrings (just Printable, T61). 101 * pkix : PKIX recommendation in RFC2459. 102 * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004). 103 * default: the default value, Printable, T61, BMP. 104 */ 105 106int 107ASN1_STRING_set_default_mask_asc(const char *p) 108{ 109 unsigned long mask; 110 char *end; 111 int save_errno; 112 113 if (strncmp(p, "MASK:", 5) == 0) { 114 if (p[5] == '\0') 115 return 0; 116 save_errno = errno; 117 errno = 0; 118 mask = strtoul(p + 5, &end, 0); 119 if (errno == ERANGE && mask == ULONG_MAX) 120 return 0; 121 errno = save_errno; 122 if (*end != '\0') 123 return 0; 124 } else if (strcmp(p, "nombstr") == 0) 125 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); 126 else if (strcmp(p, "pkix") == 0) 127 mask = ~((unsigned long)B_ASN1_T61STRING); 128 else if (strcmp(p, "utf8only") == 0) 129 mask = B_ASN1_UTF8STRING; 130 else if (strcmp(p, "default") == 0) 131 mask = 0xFFFFFFFFL; 132 else 133 return 0; 134 ASN1_STRING_set_default_mask(mask); 135 return 1; 136} 137 138/* 139 * The following function generates an ASN1_STRING based on limits in a table. 140 * Frequently the types and length of an ASN1_STRING are restricted by a 141 * corresponding OID. For example certificates and certificate requests. 142 */ 143 144ASN1_STRING * 145ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen, 146 int inform, int nid) 147{ 148 ASN1_STRING_TABLE *tbl; 149 ASN1_STRING *str = NULL; 150 unsigned long mask; 151 int ret; 152 153 if (out == NULL) 154 out = &str; 155 tbl = ASN1_STRING_TABLE_get(nid); 156 if (tbl != NULL) { 157 mask = tbl->mask; 158 if ((tbl->flags & STABLE_NO_MASK) == 0) 159 mask &= global_mask; 160 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, 161 tbl->minsize, tbl->maxsize); 162 } else 163 ret = ASN1_mbstring_copy(out, in, inlen, inform, 164 DIRSTRING_TYPE & global_mask); 165 if (ret <= 0) 166 return NULL; 167 return *out; 168} 169 170/* 171 * Now the tables and helper functions for the string table: 172 */ 173 174/* size limits: this stuff is taken straight from RFC3280 */ 175 176#define ub_name 32768 177#define ub_common_name 64 178#define ub_locality_name 128 179#define ub_state_name 128 180#define ub_organization_name 64 181#define ub_organization_unit_name 64 182#define ub_title 64 183#define ub_email_address 128 184#define ub_serial_number 64 185 186 187/* This table must be kept in NID order */ 188 189static const ASN1_STRING_TABLE tbl_standard[] = { 190 {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0}, 191 {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 192 {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0}, 193 {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0}, 194 {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0}, 195 {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE, 0}, 196 {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING, STABLE_NO_MASK}, 197 {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0}, 198 {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0}, 199 {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0}, 200 {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, 201 {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, 202 {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, 203 {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 204 {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, 205 {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, 206 {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, 207 {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK}, 208 {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} 209}; 210 211static int 212sk_table_cmp(const ASN1_STRING_TABLE * const *a, 213 const ASN1_STRING_TABLE * const *b) 214{ 215 return (*a)->nid - (*b)->nid; 216} 217 218static int table_cmp_BSEARCH_CMP_FN(const void *, const void *); 219static int table_cmp(ASN1_STRING_TABLE const *, ASN1_STRING_TABLE const *); 220static ASN1_STRING_TABLE *OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num); 221 222static int 223table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) 224{ 225 return a->nid - b->nid; 226} 227 228 229static int 230table_cmp_BSEARCH_CMP_FN(const void *a_, const void *b_) 231{ 232 ASN1_STRING_TABLE const *a = a_; 233 ASN1_STRING_TABLE const *b = b_; 234 return table_cmp(a, b); 235} 236 237static ASN1_STRING_TABLE * 238OBJ_bsearch_table(ASN1_STRING_TABLE *key, ASN1_STRING_TABLE const *base, int num) 239{ 240 return (ASN1_STRING_TABLE *)OBJ_bsearch_(key, base, num, sizeof(ASN1_STRING_TABLE), 241 table_cmp_BSEARCH_CMP_FN); 242} 243 244ASN1_STRING_TABLE * 245ASN1_STRING_TABLE_get(int nid) 246{ 247 int idx; 248 ASN1_STRING_TABLE fnd; 249 250 fnd.nid = nid; 251 if (stable != NULL) { 252 idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); 253 if (idx >= 0) 254 return sk_ASN1_STRING_TABLE_value(stable, idx); 255 } 256 return OBJ_bsearch_table(&fnd, tbl_standard, 257 sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE)); 258} 259 260/* 261 * Return a string table pointer which can be modified: either directly 262 * from table or a copy of an internal value added to the table. 263 */ 264 265static ASN1_STRING_TABLE * 266stable_get(int nid) 267{ 268 ASN1_STRING_TABLE *tmp, *rv; 269 270 /* Always need a string table so allocate one if NULL */ 271 if (stable == NULL) { 272 stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp); 273 if (stable == NULL) 274 return NULL; 275 } 276 tmp = ASN1_STRING_TABLE_get(nid); 277 if (tmp != NULL && (tmp->flags & STABLE_FLAGS_MALLOC) != 0) 278 return tmp; 279 280 if ((rv = calloc(1, sizeof(*rv))) == NULL) { 281 ASN1error(ERR_R_MALLOC_FAILURE); 282 return NULL; 283 } 284 if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { 285 free(rv); 286 return NULL; 287 } 288 if (tmp != NULL) { 289 rv->nid = tmp->nid; 290 rv->minsize = tmp->minsize; 291 rv->maxsize = tmp->maxsize; 292 rv->mask = tmp->mask; 293 rv->flags = tmp->flags | STABLE_FLAGS_MALLOC; 294 } else { 295 rv->nid = nid; 296 rv->minsize = -1; 297 rv->maxsize = -1; 298 rv->flags = STABLE_FLAGS_MALLOC; 299 } 300 return rv; 301} 302 303int 304ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, unsigned long mask, 305 unsigned long flags) 306{ 307 ASN1_STRING_TABLE *tmp; 308 309 if ((tmp = stable_get(nid)) == NULL) { 310 ASN1error(ERR_R_MALLOC_FAILURE); 311 return 0; 312 } 313 if (minsize >= 0) 314 tmp->minsize = minsize; 315 if (maxsize >= 0) 316 tmp->maxsize = maxsize; 317 if (mask != 0) 318 tmp->mask = mask; 319 if (flags != 0) 320 tmp->flags = flags | STABLE_FLAGS_MALLOC; 321 322 return 1; 323} 324 325void 326ASN1_STRING_TABLE_cleanup(void) 327{ 328 STACK_OF(ASN1_STRING_TABLE) *tmp; 329 330 tmp = stable; 331 if (tmp == NULL) 332 return; 333 stable = NULL; 334 sk_ASN1_STRING_TABLE_pop_free(tmp, st_free); 335} 336 337static void 338st_free(ASN1_STRING_TABLE *tbl) 339{ 340 if (tbl->flags & STABLE_FLAGS_MALLOC) 341 free(tbl); 342} 343