1 /* 2 * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "crypto/ctype.h" 12 #include "internal/cryptlib.h" 13 #include <openssl/asn1.h> 14 15 static int traverse_string(const unsigned char *p, int len, int inform, 16 int (*rfunc) (unsigned long value, void *in), 17 void *arg); 18 static int in_utf8(unsigned long value, void *arg); 19 static int out_utf8(unsigned long value, void *arg); 20 static int type_str(unsigned long value, void *arg); 21 static int cpy_asc(unsigned long value, void *arg); 22 static int cpy_bmp(unsigned long value, void *arg); 23 static int cpy_univ(unsigned long value, void *arg); 24 static int cpy_utf8(unsigned long value, void *arg); 25 26 /* 27 * These functions take a string in UTF8, ASCII or multibyte form and a mask 28 * of permissible ASN1 string types. It then works out the minimal type 29 * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8) 30 * and creates a string of the correct type with the supplied data. Yes this is 31 * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum 32 * size limits too. 33 */ 34 35 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, 36 int inform, unsigned long mask) 37 { 38 return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); 39 } 40 41 int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, 42 int inform, unsigned long mask, 43 long minsize, long maxsize) 44 { 45 int str_type; 46 int ret; 47 char free_out; 48 int outform, outlen = 0; 49 ASN1_STRING *dest; 50 unsigned char *p; 51 int nchar; 52 char strbuf[32]; 53 int (*cpyfunc) (unsigned long, void *) = NULL; 54 if (len == -1) 55 len = strlen((const char *)in); 56 if (!mask) 57 mask = DIRSTRING_TYPE; 58 59 /* First do a string check and work out the number of characters */ 60 switch (inform) { 61 62 case MBSTRING_BMP: 63 if (len & 1) { 64 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, 65 ASN1_R_INVALID_BMPSTRING_LENGTH); 66 return -1; 67 } 68 nchar = len >> 1; 69 break; 70 71 case MBSTRING_UNIV: 72 if (len & 3) { 73 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, 74 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); 75 return -1; 76 } 77 nchar = len >> 2; 78 break; 79 80 case MBSTRING_UTF8: 81 nchar = 0; 82 /* This counts the characters and does utf8 syntax checking */ 83 ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); 84 if (ret < 0) { 85 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); 86 return -1; 87 } 88 break; 89 90 case MBSTRING_ASC: 91 nchar = len; 92 break; 93 94 default: 95 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); 96 return -1; 97 } 98 99 if ((minsize > 0) && (nchar < minsize)) { 100 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); 101 BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); 102 ERR_add_error_data(2, "minsize=", strbuf); 103 return -1; 104 } 105 106 if ((maxsize > 0) && (nchar > maxsize)) { 107 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); 108 BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); 109 ERR_add_error_data(2, "maxsize=", strbuf); 110 return -1; 111 } 112 113 /* Now work out minimal type (if any) */ 114 if (traverse_string(in, len, inform, type_str, &mask) < 0) { 115 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); 116 return -1; 117 } 118 119 /* Now work out output format and string type */ 120 outform = MBSTRING_ASC; 121 if (mask & B_ASN1_NUMERICSTRING) 122 str_type = V_ASN1_NUMERICSTRING; 123 else if (mask & B_ASN1_PRINTABLESTRING) 124 str_type = V_ASN1_PRINTABLESTRING; 125 else if (mask & B_ASN1_IA5STRING) 126 str_type = V_ASN1_IA5STRING; 127 else if (mask & B_ASN1_T61STRING) 128 str_type = V_ASN1_T61STRING; 129 else if (mask & B_ASN1_BMPSTRING) { 130 str_type = V_ASN1_BMPSTRING; 131 outform = MBSTRING_BMP; 132 } else if (mask & B_ASN1_UNIVERSALSTRING) { 133 str_type = V_ASN1_UNIVERSALSTRING; 134 outform = MBSTRING_UNIV; 135 } else { 136 str_type = V_ASN1_UTF8STRING; 137 outform = MBSTRING_UTF8; 138 } 139 if (!out) 140 return str_type; 141 if (*out) { 142 free_out = 0; 143 dest = *out; 144 OPENSSL_free(dest->data); 145 dest->data = NULL; 146 dest->length = 0; 147 dest->type = str_type; 148 } else { 149 free_out = 1; 150 dest = ASN1_STRING_type_new(str_type); 151 if (dest == NULL) { 152 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); 153 return -1; 154 } 155 *out = dest; 156 } 157 /* If both the same type just copy across */ 158 if (inform == outform) { 159 if (!ASN1_STRING_set(dest, in, len)) { 160 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); 161 return -1; 162 } 163 return str_type; 164 } 165 166 /* Work out how much space the destination will need */ 167 switch (outform) { 168 case MBSTRING_ASC: 169 outlen = nchar; 170 cpyfunc = cpy_asc; 171 break; 172 173 case MBSTRING_BMP: 174 outlen = nchar << 1; 175 cpyfunc = cpy_bmp; 176 break; 177 178 case MBSTRING_UNIV: 179 outlen = nchar << 2; 180 cpyfunc = cpy_univ; 181 break; 182 183 case MBSTRING_UTF8: 184 outlen = 0; 185 traverse_string(in, len, inform, out_utf8, &outlen); 186 cpyfunc = cpy_utf8; 187 break; 188 } 189 if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { 190 if (free_out) 191 ASN1_STRING_free(dest); 192 ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); 193 return -1; 194 } 195 dest->length = outlen; 196 dest->data = p; 197 p[outlen] = 0; 198 traverse_string(in, len, inform, cpyfunc, &p); 199 return str_type; 200 } 201 202 /* 203 * This function traverses a string and passes the value of each character to 204 * an optional function along with a void * argument. 205 */ 206 207 static int traverse_string(const unsigned char *p, int len, int inform, 208 int (*rfunc) (unsigned long value, void *in), 209 void *arg) 210 { 211 unsigned long value; 212 int ret; 213 while (len) { 214 if (inform == MBSTRING_ASC) { 215 value = *p++; 216 len--; 217 } else if (inform == MBSTRING_BMP) { 218 value = *p++ << 8; 219 value |= *p++; 220 len -= 2; 221 } else if (inform == MBSTRING_UNIV) { 222 value = ((unsigned long)*p++) << 24; 223 value |= ((unsigned long)*p++) << 16; 224 value |= *p++ << 8; 225 value |= *p++; 226 len -= 4; 227 } else { 228 ret = UTF8_getc(p, len, &value); 229 if (ret < 0) 230 return -1; 231 len -= ret; 232 p += ret; 233 } 234 if (rfunc) { 235 ret = rfunc(value, arg); 236 if (ret <= 0) 237 return ret; 238 } 239 } 240 return 1; 241 } 242 243 /* Various utility functions for traverse_string */ 244 245 /* Just count number of characters */ 246 247 static int in_utf8(unsigned long value, void *arg) 248 { 249 int *nchar; 250 nchar = arg; 251 (*nchar)++; 252 return 1; 253 } 254 255 /* Determine size of output as a UTF8 String */ 256 257 static int out_utf8(unsigned long value, void *arg) 258 { 259 int *outlen; 260 outlen = arg; 261 *outlen += UTF8_putc(NULL, -1, value); 262 return 1; 263 } 264 265 /* 266 * Determine the "type" of a string: check each character against a supplied 267 * "mask". 268 */ 269 270 static int type_str(unsigned long value, void *arg) 271 { 272 unsigned long types = *((unsigned long *)arg); 273 const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); 274 275 if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) 276 || native == ' ')) 277 types &= ~B_ASN1_NUMERICSTRING; 278 if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native)) 279 types &= ~B_ASN1_PRINTABLESTRING; 280 if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native)) 281 types &= ~B_ASN1_IA5STRING; 282 if ((types & B_ASN1_T61STRING) && (value > 0xff)) 283 types &= ~B_ASN1_T61STRING; 284 if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) 285 types &= ~B_ASN1_BMPSTRING; 286 if (!types) 287 return -1; 288 *((unsigned long *)arg) = types; 289 return 1; 290 } 291 292 /* Copy one byte per character ASCII like strings */ 293 294 static int cpy_asc(unsigned long value, void *arg) 295 { 296 unsigned char **p, *q; 297 p = arg; 298 q = *p; 299 *q = (unsigned char)value; 300 (*p)++; 301 return 1; 302 } 303 304 /* Copy two byte per character BMPStrings */ 305 306 static int cpy_bmp(unsigned long value, void *arg) 307 { 308 unsigned char **p, *q; 309 p = arg; 310 q = *p; 311 *q++ = (unsigned char)((value >> 8) & 0xff); 312 *q = (unsigned char)(value & 0xff); 313 *p += 2; 314 return 1; 315 } 316 317 /* Copy four byte per character UniversalStrings */ 318 319 static int cpy_univ(unsigned long value, void *arg) 320 { 321 unsigned char **p, *q; 322 p = arg; 323 q = *p; 324 *q++ = (unsigned char)((value >> 24) & 0xff); 325 *q++ = (unsigned char)((value >> 16) & 0xff); 326 *q++ = (unsigned char)((value >> 8) & 0xff); 327 *q = (unsigned char)(value & 0xff); 328 *p += 4; 329 return 1; 330 } 331 332 /* Copy to a UTF8String */ 333 334 static int cpy_utf8(unsigned long value, void *arg) 335 { 336 unsigned char **p; 337 int ret; 338 p = arg; 339 /* We already know there is enough room so pass 0xff as the length */ 340 ret = UTF8_putc(*p, 0xff, value); 341 *p += ret; 342 return 1; 343 } 344