Google Git
Sign in
boringssl / boringssl.git / 96396b3aaac304912ea1e4dd59d228cf3e42830e / . / crypto / x509 / asn1_gen.c
blob: 9ffd937b7c8eb8654e9077e536382655a1c1e9bf [file] [log] [blame]
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57#include <openssl/x509.h>
58
Adam Langley2b2d66d2015-01-30 17:08:37 -0800[diff] [blame]59#include <string.h>
60
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]61#include <openssl/asn1.h>
62#include <openssl/err.h>
63#include <openssl/mem.h>
64#include <openssl/obj.h>
65#include <openssl/x509v3.h>
66
67
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]68/* Although this file is in crypto/x509 for layering purposes, it emits errors
69 * from the ASN.1 module for OpenSSL compatibility. */
70
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]71#define ASN1_GEN_FLAG 0x10000
72#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
73#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
74#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
75#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
76#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
77#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
78#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
79#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
80
81#define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
82
83#define ASN1_FLAG_EXP_MAX 20
84
85/* Input formats */
86
87/* ASCII: default */
88#define ASN1_GEN_FORMAT_ASCII 1
89/* UTF8 */
90#define ASN1_GEN_FORMAT_UTF8 2
91/* Hex */
92#define ASN1_GEN_FORMAT_HEX 3
93/* List of bits */
94#define ASN1_GEN_FORMAT_BITLIST 4
95
96
97struct tag_name_st
98 {
99 const char *strnam;
100 int len;
101 int tag;
102 };
103
104typedef struct
105 {
106 int exp_tag;
107 int exp_class;
108 int exp_constructed;
109 int exp_pad;
110 long exp_len;
111 } tag_exp_type;
112
113typedef struct
114 {
115 int imp_tag;
116 int imp_class;
117 int utype;
118 int format;
119 const char *str;
120 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
121 int exp_count;
122 } tag_exp_arg;
123
124static int bitstr_cb(const char *elem, int len, void *bitstr);
125static int asn1_cb(const char *elem, int len, void *bitstr);
126static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
127static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
128static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
129static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
130static int asn1_str2tag(const char *tagstr, int len);
131
132ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
133 {
134 X509V3_CTX cnf;
135
136 if (!nconf)
137 return ASN1_generate_v3(str, NULL);
138
139 X509V3_set_nconf(&cnf, nconf);
140 return ASN1_generate_v3(str, &cnf);
141 }
142
143ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
144 {
145 ASN1_TYPE *ret;
146 tag_exp_arg asn1_tags;
147 tag_exp_type *etmp;
148
149 int i, len;
150
151 unsigned char *orig_der = NULL, *new_der = NULL;
152 const unsigned char *cpy_start;
153 unsigned char *p;
154 const unsigned char *cp;
155 int cpy_len;
156 long hdr_len;
157 int hdr_constructed = 0, hdr_tag, hdr_class;
158 int r;
159
160 asn1_tags.imp_tag = -1;
161 asn1_tags.imp_class = -1;
162 asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
163 asn1_tags.exp_count = 0;
164 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
165 return NULL;
166
167 if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
168 {
169 if (!cnf)
170 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]171 OPENSSL_PUT_ERROR(ASN1, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]172 return NULL;
173 }
174 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
175 }
176 else
177 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
178
179 if (!ret)
180 return NULL;
181
182 /* If no tagging return base type */
183 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
184 return ret;
185
186 /* Generate the encoding */
187 cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
188 ASN1_TYPE_free(ret);
189 ret = NULL;
190 /* Set point to start copying for modified encoding */
191 cpy_start = orig_der;
192
193 /* Do we need IMPLICIT tagging? */
194 if (asn1_tags.imp_tag != -1)
195 {
196 /* If IMPLICIT we will replace the underlying tag */
197 /* Skip existing tag+len */
198 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
199 if (r & 0x80)
200 goto err;
201 /* Update copy length */
202 cpy_len -= cpy_start - orig_der;
203 /* For IMPLICIT tagging the length should match the
204 * original length and constructed flag should be
205 * consistent.
206 */
207 if (r & 0x1)
208 {
209 /* Indefinite length constructed */
210 hdr_constructed = 2;
211 hdr_len = 0;
212 }
213 else
214 /* Just retain constructed flag */
215 hdr_constructed = r & V_ASN1_CONSTRUCTED;
216 /* Work out new length with IMPLICIT tag: ignore constructed
217 * because it will mess up if indefinite length
218 */
219 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
220 }
221 else
222 len = cpy_len;
223
224 /* Work out length in any EXPLICIT, starting from end */
225
226 for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
227 {
228 /* Content length: number of content octets + any padding */
229 len += etmp->exp_pad;
230 etmp->exp_len = len;
231 /* Total object length: length including new header */
232 len = ASN1_object_size(0, len, etmp->exp_tag);
233 }
234
235 /* Allocate buffer for new encoding */
236
237 new_der = OPENSSL_malloc(len);
238 if (!new_der)
239 goto err;
240
241 /* Generate tagged encoding */
242
243 p = new_der;
244
245 /* Output explicit tags first */
246
247 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
248 {
249 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
250 etmp->exp_tag, etmp->exp_class);
251 if (etmp->exp_pad)
252 *p++ = 0;
253 }
254
255 /* If IMPLICIT, output tag */
256
257 if (asn1_tags.imp_tag != -1)
258 {
259 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
260 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
261 || asn1_tags.imp_tag == V_ASN1_SET) )
262 hdr_constructed = V_ASN1_CONSTRUCTED;
263 ASN1_put_object(&p, hdr_constructed, hdr_len,
264 asn1_tags.imp_tag, asn1_tags.imp_class);
265 }
266
267 /* Copy across original encoding */
268 memcpy(p, cpy_start, cpy_len);
269
270 cp = new_der;
271
272 /* Obtain new ASN1_TYPE structure */
273 ret = d2i_ASN1_TYPE(NULL, &cp, len);
274
275 err:
276 if (orig_der)
277 OPENSSL_free(orig_der);
278 if (new_der)
279 OPENSSL_free(new_der);
280
281 return ret;
282
283 }
284
285static int asn1_cb(const char *elem, int len, void *bitstr)
286 {
287 tag_exp_arg *arg = bitstr;
288 int i;
289 int utype;
290 int vlen = 0;
291 const char *p, *vstart = NULL;
292
293 int tmp_tag, tmp_class;
294
David Benjamin2a0e72f2015-01-25 19:04:47 -0500[diff] [blame]295 if (elem == NULL)
296 return 0;
297
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]298 for(i = 0, p = elem; i < len; p++, i++)
299 {
300 /* Look for the ':' in name value pairs */
301 if (*p == ':')
302 {
303 vstart = p + 1;
304 vlen = len - (vstart - elem);
305 len = p - elem;
306 break;
307 }
308 }
309
310 utype = asn1_str2tag(elem, len);
311
312 if (utype == -1)
313 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]314 OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_TAG);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]315 ERR_add_error_data(2, "tag=", elem);
316 return -1;
317 }
318
319 /* If this is not a modifier mark end of string and exit */
320 if (!(utype & ASN1_GEN_FLAG))
321 {
322 arg->utype = utype;
323 arg->str = vstart;
324 /* If no value and not end of string, error */
325 if (!vstart && elem[len])
326 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]327 OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_MISSING_VALUE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]328 return -1;
329 }
330 return 0;
331 }
332
333 switch(utype)
334 {
335
336 case ASN1_GEN_FLAG_IMP:
337 /* Check for illegal multiple IMPLICIT tagging */
338 if (arg->imp_tag != -1)
339 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]340 OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]341 return -1;
342 }
343 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
344 return -1;
345 break;
346
347 case ASN1_GEN_FLAG_EXP:
348
349 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
350 return -1;
351 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
352 return -1;
353 break;
354
355 case ASN1_GEN_FLAG_SEQWRAP:
356 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
357 return -1;
358 break;
359
360 case ASN1_GEN_FLAG_SETWRAP:
361 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
362 return -1;
363 break;
364
365 case ASN1_GEN_FLAG_BITWRAP:
366 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
367 return -1;
368 break;
369
370 case ASN1_GEN_FLAG_OCTWRAP:
371 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
372 return -1;
373 break;
374
375 case ASN1_GEN_FLAG_FORMAT:
376 if (!strncmp(vstart, "ASCII", 5))
377 arg->format = ASN1_GEN_FORMAT_ASCII;
378 else if (!strncmp(vstart, "UTF8", 4))
379 arg->format = ASN1_GEN_FORMAT_UTF8;
380 else if (!strncmp(vstart, "HEX", 3))
381 arg->format = ASN1_GEN_FORMAT_HEX;
382 else if (!strncmp(vstart, "BITLIST", 3))
383 arg->format = ASN1_GEN_FORMAT_BITLIST;
384 else
385 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]386 OPENSSL_PUT_ERROR(ASN1, asn1_cb, ASN1_R_UNKNOWN_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]387 return -1;
388 }
389 break;
390
391 }
392
393 return 1;
394
395 }
396
397static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
398 {
399 char erch[2];
400 long tag_num;
401 char *eptr;
402 if (!vstart)
403 return 0;
404 tag_num = strtoul(vstart, &eptr, 10);
405 /* Check we haven't gone past max length: should be impossible */
406 if (eptr && *eptr && (eptr > vstart + vlen))
407 return 0;
408 if (tag_num < 0)
409 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]410 OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_NUMBER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]411 return 0;
412 }
413 *ptag = tag_num;
414 /* If we have non numeric characters, parse them */
415 if (eptr)
416 vlen -= eptr - vstart;
417 else
418 vlen = 0;
419 if (vlen)
420 {
421 switch (*eptr)
422 {
423
424 case 'U':
425 *pclass = V_ASN1_UNIVERSAL;
426 break;
427
428 case 'A':
429 *pclass = V_ASN1_APPLICATION;
430 break;
431
432 case 'P':
433 *pclass = V_ASN1_PRIVATE;
434 break;
435
436 case 'C':
437 *pclass = V_ASN1_CONTEXT_SPECIFIC;
438 break;
439
440 default:
441 erch[0] = *eptr;
442 erch[1] = 0;
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]443 OPENSSL_PUT_ERROR(ASN1, parse_tagging, ASN1_R_INVALID_MODIFIER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]444 ERR_add_error_data(2, "Char=", erch);
445 return 0;
446 break;
447
448 }
449 }
450 else
451 *pclass = V_ASN1_CONTEXT_SPECIFIC;
452
453 return 1;
454
455 }
456
457/* Handle multiple types: SET and SEQUENCE */
458
459static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
460 {
461 ASN1_TYPE *ret = NULL;
462 STACK_OF(ASN1_TYPE) *sk = NULL;
463 STACK_OF(CONF_VALUE) *sect = NULL;
464 unsigned char *der = NULL;
465 int derlen;
466 size_t i;
467 sk = sk_ASN1_TYPE_new_null();
468 if (!sk)
469 goto bad;
470 if (section)
471 {
472 if (!cnf)
473 goto bad;
474 sect = X509V3_get_section(cnf, (char *)section);
475 if (!sect)
476 goto bad;
477 for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
478 {
479 ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
480 if (!typ)
481 goto bad;
482 if (!sk_ASN1_TYPE_push(sk, typ))
483 goto bad;
484 }
485 }
486
487 /* Now we has a STACK of the components, convert to the correct form */
488
489 if (utype == V_ASN1_SET)
490 derlen = i2d_ASN1_SET_ANY(sk, &der);
491 else
492 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
493
494 if (derlen < 0)
495 goto bad;
496
497 if (!(ret = ASN1_TYPE_new()))
498 goto bad;
499
500 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
501 goto bad;
502
503 ret->type = utype;
504
505 ret->value.asn1_string->data = der;
506 ret->value.asn1_string->length = derlen;
507
508 der = NULL;
509
510 bad:
511
512 if (der)
513 OPENSSL_free(der);
514
515 if (sk)
516 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
517 if (sect)
518 X509V3_section_free(cnf, sect);
519
520 return ret;
521 }
522
523static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
524 {
525 tag_exp_type *exp_tmp;
526 /* Can only have IMPLICIT if permitted */
527 if ((arg->imp_tag != -1) && !imp_ok)
528 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]529 OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]530 return 0;
531 }
532
533 if (arg->exp_count == ASN1_FLAG_EXP_MAX)
534 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]535 OPENSSL_PUT_ERROR(ASN1, append_exp, ASN1_R_DEPTH_EXCEEDED);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]536 return 0;
537 }
538
539 exp_tmp = &arg->exp_list[arg->exp_count++];
540
541 /* If IMPLICIT set tag to implicit value then
542 * reset implicit tag since it has been used.
543 */
544 if (arg->imp_tag != -1)
545 {
546 exp_tmp->exp_tag = arg->imp_tag;
547 exp_tmp->exp_class = arg->imp_class;
548 arg->imp_tag = -1;
549 arg->imp_class = -1;
550 }
551 else
552 {
553 exp_tmp->exp_tag = exp_tag;
554 exp_tmp->exp_class = exp_class;
555 }
556 exp_tmp->exp_constructed = exp_constructed;
557 exp_tmp->exp_pad = exp_pad;
558
559 return 1;
560 }
561
562
563static int asn1_str2tag(const char *tagstr, int len)
564 {
565 unsigned int i;
566 static const struct tag_name_st *tntmp, tnst [] = {
567 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
568 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
569 ASN1_GEN_STR("NULL", V_ASN1_NULL),
570 ASN1_GEN_STR("INT", V_ASN1_INTEGER),
571 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
572 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
573 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
574 ASN1_GEN_STR("OID", V_ASN1_OBJECT),
575 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
576 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
577 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
578 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
579 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
580 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
581 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
582 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
583 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
584 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
585 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
586 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
587 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
588 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
589 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
590 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
591 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
592 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
593 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
594 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
595 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
596 ASN1_GEN_STR("T61", V_ASN1_T61STRING),
597 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
598 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
599 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
600 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
601 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
602 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
603
604 /* Special cases */
605 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
606 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
607 ASN1_GEN_STR("SET", V_ASN1_SET),
608 /* type modifiers */
609 /* Explicit tag */
610 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
611 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
612 /* Implicit tag */
613 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
614 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
615 /* OCTET STRING wrapper */
616 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
617 /* SEQUENCE wrapper */
618 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
619 /* SET wrapper */
620 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
621 /* BIT STRING wrapper */
622 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
623 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
624 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
625 };
626
627 if (len == -1)
628 len = strlen(tagstr);
629
630 tntmp = tnst;
631 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
632 {
633 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
634 return tntmp->tag;
635 }
636
637 return -1;
638 }
639
640static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
641 {
642 ASN1_TYPE *atmp = NULL;
643
644 CONF_VALUE vtmp;
645
646 unsigned char *rdata;
647 long rdlen;
648
649 int no_unused = 1;
650
651 if (!(atmp = ASN1_TYPE_new()))
652 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]653 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]654 return NULL;
655 }
656
657 if (!str)
658 str = "";
659
660 switch(utype)
661 {
662
663 case V_ASN1_NULL:
664 if (str && *str)
665 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]666 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]667 goto bad_form;
668 }
669 break;
670
671 case V_ASN1_BOOLEAN:
672 if (format != ASN1_GEN_FORMAT_ASCII)
673 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]674 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]675 goto bad_form;
676 }
677 vtmp.name = NULL;
678 vtmp.section = NULL;
679 vtmp.value = (char *)str;
680 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
681 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]682 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]683 goto bad_str;
684 }
685 break;
686
687 case V_ASN1_INTEGER:
688 case V_ASN1_ENUMERATED:
689 if (format != ASN1_GEN_FORMAT_ASCII)
690 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]691 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]692 goto bad_form;
693 }
694 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
695 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]696 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_INTEGER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]697 goto bad_str;
698 }
699 break;
700
701 case V_ASN1_OBJECT:
702 if (format != ASN1_GEN_FORMAT_ASCII)
703 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]704 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]705 goto bad_form;
706 }
707 if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
708 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]709 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_OBJECT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]710 goto bad_str;
711 }
712 break;
713
714 case V_ASN1_UTCTIME:
715 case V_ASN1_GENERALIZEDTIME:
716 if (format != ASN1_GEN_FORMAT_ASCII)
717 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]718 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]719 goto bad_form;
720 }
721 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
722 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]723 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]724 goto bad_str;
725 }
726 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
727 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]728 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]729 goto bad_str;
730 }
731 atmp->value.asn1_string->type = utype;
732 if (!ASN1_TIME_check(atmp->value.asn1_string))
733 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]734 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]735 goto bad_str;
736 }
737
738 break;
739
740 case V_ASN1_BMPSTRING:
741 case V_ASN1_PRINTABLESTRING:
742 case V_ASN1_IA5STRING:
743 case V_ASN1_T61STRING:
744 case V_ASN1_UTF8STRING:
745 case V_ASN1_VISIBLESTRING:
746 case V_ASN1_UNIVERSALSTRING:
747 case V_ASN1_GENERALSTRING:
748 case V_ASN1_NUMERICSTRING:
749
750 if (format == ASN1_GEN_FORMAT_ASCII)
751 format = MBSTRING_ASC;
752 else if (format == ASN1_GEN_FORMAT_UTF8)
753 format = MBSTRING_UTF8;
754 else
755 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]756 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]757 goto bad_form;
758 }
759
760
761 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
762 -1, format, ASN1_tag2bit(utype)) <= 0)
763 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]764 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]765 goto bad_str;
766 }
767
768
769 break;
770
771 case V_ASN1_BIT_STRING:
772
773 case V_ASN1_OCTET_STRING:
774
775 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
776 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]777 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]778 goto bad_form;
779 }
780
781 if (format == ASN1_GEN_FORMAT_HEX)
782 {
783
784 if (!(rdata = string_to_hex((char *)str, &rdlen)))
785 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]786 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_HEX);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]787 goto bad_str;
788 }
789
790 atmp->value.asn1_string->data = rdata;
791 atmp->value.asn1_string->length = rdlen;
792 atmp->value.asn1_string->type = utype;
793
794 }
795 else if (format == ASN1_GEN_FORMAT_ASCII)
796 ASN1_STRING_set(atmp->value.asn1_string, str, -1);
797 else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
798 {
799 if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
800 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]801 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_LIST_ERROR);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]802 goto bad_str;
803 }
804 no_unused = 0;
805
806 }
807 else
808 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]809 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]810 goto bad_form;
811 }
812
813 if ((utype == V_ASN1_BIT_STRING) && no_unused)
814 {
815 atmp->value.asn1_string->flags
816 &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
817 atmp->value.asn1_string->flags
818 |= ASN1_STRING_FLAG_BITS_LEFT;
819 }
820
821
822 break;
823
824 default:
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]825 OPENSSL_PUT_ERROR(ASN1, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]826 goto bad_str;
827 break;
828 }
829
830
831 atmp->type = utype;
832 return atmp;
833
834
835 bad_str:
836 ERR_add_error_data(2, "string=", str);
837 bad_form:
838
839 ASN1_TYPE_free(atmp);
840 return NULL;
841
842 }
843
844static int bitstr_cb(const char *elem, int len, void *bitstr)
845 {
846 long bitnum;
847 char *eptr;
848 if (!elem)
849 return 0;
850 bitnum = strtoul(elem, &eptr, 10);
851 if (eptr && *eptr && (eptr != elem + len))
852 return 0;
853 if (bitnum < 0)
854 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]855 OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ASN1_R_INVALID_NUMBER);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]856 return 0;
857 }
858 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
859 {
David Benjamin96396b32015-02-11 15:53:03 -0500[diff] [blame^]860 OPENSSL_PUT_ERROR(ASN1, bitstr_cb, ERR_R_MALLOC_FAILURE);
Adam Langley95c29f32014-06-20 12:00:00 -0700[diff] [blame]861 return 0;
862 }
863 return 1;
864 }
865