1 /* 2 * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the OpenSSL license (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/asn1.h> 12 #include <openssl/x509v3.h> 13 14 #define ASN1_GEN_FLAG 0x10000 15 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) 16 #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) 17 #define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) 18 #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) 19 #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) 20 #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) 21 #define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) 22 #define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) 23 24 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} 25 26 #define ASN1_FLAG_EXP_MAX 20 27 /* Maximum number of nested sequences */ 28 #define ASN1_GEN_SEQ_MAX_DEPTH 50 29 30 /* Input formats */ 31 32 /* ASCII: default */ 33 #define ASN1_GEN_FORMAT_ASCII 1 34 /* UTF8 */ 35 #define ASN1_GEN_FORMAT_UTF8 2 36 /* Hex */ 37 #define ASN1_GEN_FORMAT_HEX 3 38 /* List of bits */ 39 #define ASN1_GEN_FORMAT_BITLIST 4 40 41 struct tag_name_st { 42 const char *strnam; 43 int len; 44 int tag; 45 }; 46 47 typedef struct { 48 int exp_tag; 49 int exp_class; 50 int exp_constructed; 51 int exp_pad; 52 long exp_len; 53 } tag_exp_type; 54 55 typedef struct { 56 int imp_tag; 57 int imp_class; 58 int utype; 59 int format; 60 const char *str; 61 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; 62 int exp_count; 63 } tag_exp_arg; 64 65 static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, 66 int *perr); 67 static int bitstr_cb(const char *elem, int len, void *bitstr); 68 static int asn1_cb(const char *elem, int len, void *bitstr); 69 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 70 int exp_constructed, int exp_pad, int imp_ok); 71 static int parse_tagging(const char *vstart, int vlen, int *ptag, 72 int *pclass); 73 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 74 int depth, int *perr); 75 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); 76 static int asn1_str2tag(const char *tagstr, int len); 77 78 ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) 79 { 80 X509V3_CTX cnf; 81 82 if (!nconf) 83 return ASN1_generate_v3(str, NULL); 84 85 X509V3_set_nconf(&cnf, nconf); 86 return ASN1_generate_v3(str, &cnf); 87 } 88 89 ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) 90 { 91 int err = 0; 92 ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); 93 if (err) 94 ASN1err(ASN1_F_ASN1_GENERATE_V3, err); 95 return ret; 96 } 97 98 static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, 99 int *perr) 100 { 101 ASN1_TYPE *ret; 102 tag_exp_arg asn1_tags; 103 tag_exp_type *etmp; 104 105 int i, len; 106 107 unsigned char *orig_der = NULL, *new_der = NULL; 108 const unsigned char *cpy_start; 109 unsigned char *p; 110 const unsigned char *cp; 111 int cpy_len; 112 long hdr_len = 0; 113 int hdr_constructed = 0, hdr_tag, hdr_class; 114 int r; 115 116 asn1_tags.imp_tag = -1; 117 asn1_tags.imp_class = -1; 118 asn1_tags.format = ASN1_GEN_FORMAT_ASCII; 119 asn1_tags.exp_count = 0; 120 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { 121 *perr = ASN1_R_UNKNOWN_TAG; 122 return NULL; 123 } 124 125 if ((asn1_tags.utype == V_ASN1_SEQUENCE) 126 || (asn1_tags.utype == V_ASN1_SET)) { 127 if (!cnf) { 128 *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; 129 return NULL; 130 } 131 if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { 132 *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; 133 return NULL; 134 } 135 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); 136 } else 137 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); 138 139 if (!ret) 140 return NULL; 141 142 /* If no tagging return base type */ 143 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) 144 return ret; 145 146 /* Generate the encoding */ 147 cpy_len = i2d_ASN1_TYPE(ret, &orig_der); 148 ASN1_TYPE_free(ret); 149 ret = NULL; 150 /* Set point to start copying for modified encoding */ 151 cpy_start = orig_der; 152 153 /* Do we need IMPLICIT tagging? */ 154 if (asn1_tags.imp_tag != -1) { 155 /* If IMPLICIT we will replace the underlying tag */ 156 /* Skip existing tag+len */ 157 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, 158 cpy_len); 159 if (r & 0x80) 160 goto err; 161 /* Update copy length */ 162 cpy_len -= cpy_start - orig_der; 163 /* 164 * For IMPLICIT tagging the length should match the original length 165 * and constructed flag should be consistent. 166 */ 167 if (r & 0x1) { 168 /* Indefinite length constructed */ 169 hdr_constructed = 2; 170 hdr_len = 0; 171 } else 172 /* Just retain constructed flag */ 173 hdr_constructed = r & V_ASN1_CONSTRUCTED; 174 /* 175 * Work out new length with IMPLICIT tag: ignore constructed because 176 * it will mess up if indefinite length 177 */ 178 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); 179 } else 180 len = cpy_len; 181 182 /* Work out length in any EXPLICIT, starting from end */ 183 184 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; 185 i < asn1_tags.exp_count; i++, etmp--) { 186 /* Content length: number of content octets + any padding */ 187 len += etmp->exp_pad; 188 etmp->exp_len = len; 189 /* Total object length: length including new header */ 190 len = ASN1_object_size(0, len, etmp->exp_tag); 191 } 192 193 /* Allocate buffer for new encoding */ 194 195 new_der = OPENSSL_malloc(len); 196 if (new_der == NULL) 197 goto err; 198 199 /* Generate tagged encoding */ 200 201 p = new_der; 202 203 /* Output explicit tags first */ 204 205 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; 206 i++, etmp++) { 207 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, 208 etmp->exp_tag, etmp->exp_class); 209 if (etmp->exp_pad) 210 *p++ = 0; 211 } 212 213 /* If IMPLICIT, output tag */ 214 215 if (asn1_tags.imp_tag != -1) { 216 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 217 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE 218 || asn1_tags.imp_tag == V_ASN1_SET)) 219 hdr_constructed = V_ASN1_CONSTRUCTED; 220 ASN1_put_object(&p, hdr_constructed, hdr_len, 221 asn1_tags.imp_tag, asn1_tags.imp_class); 222 } 223 224 /* Copy across original encoding */ 225 memcpy(p, cpy_start, cpy_len); 226 227 cp = new_der; 228 229 /* Obtain new ASN1_TYPE structure */ 230 ret = d2i_ASN1_TYPE(NULL, &cp, len); 231 232 err: 233 OPENSSL_free(orig_der); 234 OPENSSL_free(new_der); 235 236 return ret; 237 238 } 239 240 static int asn1_cb(const char *elem, int len, void *bitstr) 241 { 242 tag_exp_arg *arg = bitstr; 243 int i; 244 int utype; 245 int vlen = 0; 246 const char *p, *vstart = NULL; 247 248 int tmp_tag, tmp_class; 249 250 if (elem == NULL) 251 return -1; 252 253 for (i = 0, p = elem; i < len; p++, i++) { 254 /* Look for the ':' in name value pairs */ 255 if (*p == ':') { 256 vstart = p + 1; 257 vlen = len - (vstart - elem); 258 len = p - elem; 259 break; 260 } 261 } 262 263 utype = asn1_str2tag(elem, len); 264 265 if (utype == -1) { 266 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); 267 ERR_add_error_data(2, "tag=", elem); 268 return -1; 269 } 270 271 /* If this is not a modifier mark end of string and exit */ 272 if (!(utype & ASN1_GEN_FLAG)) { 273 arg->utype = utype; 274 arg->str = vstart; 275 /* If no value and not end of string, error */ 276 if (!vstart && elem[len]) { 277 ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); 278 return -1; 279 } 280 return 0; 281 } 282 283 switch (utype) { 284 285 case ASN1_GEN_FLAG_IMP: 286 /* Check for illegal multiple IMPLICIT tagging */ 287 if (arg->imp_tag != -1) { 288 ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); 289 return -1; 290 } 291 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) 292 return -1; 293 break; 294 295 case ASN1_GEN_FLAG_EXP: 296 297 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) 298 return -1; 299 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) 300 return -1; 301 break; 302 303 case ASN1_GEN_FLAG_SEQWRAP: 304 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) 305 return -1; 306 break; 307 308 case ASN1_GEN_FLAG_SETWRAP: 309 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) 310 return -1; 311 break; 312 313 case ASN1_GEN_FLAG_BITWRAP: 314 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) 315 return -1; 316 break; 317 318 case ASN1_GEN_FLAG_OCTWRAP: 319 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) 320 return -1; 321 break; 322 323 case ASN1_GEN_FLAG_FORMAT: 324 if (!vstart) { 325 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); 326 return -1; 327 } 328 if (strncmp(vstart, "ASCII", 5) == 0) 329 arg->format = ASN1_GEN_FORMAT_ASCII; 330 else if (strncmp(vstart, "UTF8", 4) == 0) 331 arg->format = ASN1_GEN_FORMAT_UTF8; 332 else if (strncmp(vstart, "HEX", 3) == 0) 333 arg->format = ASN1_GEN_FORMAT_HEX; 334 else if (strncmp(vstart, "BITLIST", 7) == 0) 335 arg->format = ASN1_GEN_FORMAT_BITLIST; 336 else { 337 ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); 338 return -1; 339 } 340 break; 341 342 } 343 344 return 1; 345 346 } 347 348 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) 349 { 350 char erch[2]; 351 long tag_num; 352 char *eptr; 353 if (!vstart) 354 return 0; 355 tag_num = strtoul(vstart, &eptr, 10); 356 /* Check we haven't gone past max length: should be impossible */ 357 if (eptr && *eptr && (eptr > vstart + vlen)) 358 return 0; 359 if (tag_num < 0) { 360 ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); 361 return 0; 362 } 363 *ptag = tag_num; 364 /* If we have non numeric characters, parse them */ 365 if (eptr) 366 vlen -= eptr - vstart; 367 else 368 vlen = 0; 369 if (vlen) { 370 switch (*eptr) { 371 372 case 'U': 373 *pclass = V_ASN1_UNIVERSAL; 374 break; 375 376 case 'A': 377 *pclass = V_ASN1_APPLICATION; 378 break; 379 380 case 'P': 381 *pclass = V_ASN1_PRIVATE; 382 break; 383 384 case 'C': 385 *pclass = V_ASN1_CONTEXT_SPECIFIC; 386 break; 387 388 default: 389 erch[0] = *eptr; 390 erch[1] = 0; 391 ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); 392 ERR_add_error_data(2, "Char=", erch); 393 return 0; 394 395 } 396 } else 397 *pclass = V_ASN1_CONTEXT_SPECIFIC; 398 399 return 1; 400 401 } 402 403 /* Handle multiple types: SET and SEQUENCE */ 404 405 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 406 int depth, int *perr) 407 { 408 ASN1_TYPE *ret = NULL; 409 STACK_OF(ASN1_TYPE) *sk = NULL; 410 STACK_OF(CONF_VALUE) *sect = NULL; 411 unsigned char *der = NULL; 412 int derlen; 413 int i; 414 sk = sk_ASN1_TYPE_new_null(); 415 if (!sk) 416 goto bad; 417 if (section) { 418 if (!cnf) 419 goto bad; 420 sect = X509V3_get_section(cnf, (char *)section); 421 if (!sect) 422 goto bad; 423 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 424 ASN1_TYPE *typ = 425 generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, 426 depth + 1, perr); 427 if (!typ) 428 goto bad; 429 if (!sk_ASN1_TYPE_push(sk, typ)) 430 goto bad; 431 } 432 } 433 434 /* 435 * Now we has a STACK of the components, convert to the correct form 436 */ 437 438 if (utype == V_ASN1_SET) 439 derlen = i2d_ASN1_SET_ANY(sk, &der); 440 else 441 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); 442 443 if (derlen < 0) 444 goto bad; 445 if ((ret = ASN1_TYPE_new()) == NULL) 446 goto bad; 447 if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL) 448 goto bad; 449 450 ret->type = utype; 451 ret->value.asn1_string->data = der; 452 ret->value.asn1_string->length = derlen; 453 454 der = NULL; 455 456 bad: 457 458 OPENSSL_free(der); 459 460 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); 461 X509V3_section_free(cnf, sect); 462 463 return ret; 464 } 465 466 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 467 int exp_constructed, int exp_pad, int imp_ok) 468 { 469 tag_exp_type *exp_tmp; 470 /* Can only have IMPLICIT if permitted */ 471 if ((arg->imp_tag != -1) && !imp_ok) { 472 ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); 473 return 0; 474 } 475 476 if (arg->exp_count == ASN1_FLAG_EXP_MAX) { 477 ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); 478 return 0; 479 } 480 481 exp_tmp = &arg->exp_list[arg->exp_count++]; 482 483 /* 484 * If IMPLICIT set tag to implicit value then reset implicit tag since it 485 * has been used. 486 */ 487 if (arg->imp_tag != -1) { 488 exp_tmp->exp_tag = arg->imp_tag; 489 exp_tmp->exp_class = arg->imp_class; 490 arg->imp_tag = -1; 491 arg->imp_class = -1; 492 } else { 493 exp_tmp->exp_tag = exp_tag; 494 exp_tmp->exp_class = exp_class; 495 } 496 exp_tmp->exp_constructed = exp_constructed; 497 exp_tmp->exp_pad = exp_pad; 498 499 return 1; 500 } 501 502 static int asn1_str2tag(const char *tagstr, int len) 503 { 504 unsigned int i; 505 static const struct tag_name_st *tntmp, tnst[] = { 506 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), 507 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), 508 ASN1_GEN_STR("NULL", V_ASN1_NULL), 509 ASN1_GEN_STR("INT", V_ASN1_INTEGER), 510 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), 511 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), 512 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), 513 ASN1_GEN_STR("OID", V_ASN1_OBJECT), 514 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), 515 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), 516 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), 517 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), 518 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), 519 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), 520 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), 521 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), 522 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), 523 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), 524 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), 525 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), 526 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), 527 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), 528 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), 529 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), 530 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), 531 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), 532 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), 533 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), 534 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), 535 ASN1_GEN_STR("T61", V_ASN1_T61STRING), 536 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), 537 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), 538 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), 539 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), 540 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), 541 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), 542 543 /* Special cases */ 544 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), 545 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), 546 ASN1_GEN_STR("SET", V_ASN1_SET), 547 /* type modifiers */ 548 /* Explicit tag */ 549 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), 550 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), 551 /* Implicit tag */ 552 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), 553 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), 554 /* OCTET STRING wrapper */ 555 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), 556 /* SEQUENCE wrapper */ 557 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), 558 /* SET wrapper */ 559 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), 560 /* BIT STRING wrapper */ 561 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), 562 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), 563 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), 564 }; 565 566 if (len == -1) 567 len = strlen(tagstr); 568 569 tntmp = tnst; 570 for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { 571 if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0)) 572 return tntmp->tag; 573 } 574 575 return -1; 576 } 577 578 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) 579 { 580 ASN1_TYPE *atmp = NULL; 581 CONF_VALUE vtmp; 582 unsigned char *rdata; 583 long rdlen; 584 int no_unused = 1; 585 586 if ((atmp = ASN1_TYPE_new()) == NULL) { 587 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 588 return NULL; 589 } 590 591 if (!str) 592 str = ""; 593 594 switch (utype) { 595 596 case V_ASN1_NULL: 597 if (str && *str) { 598 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); 599 goto bad_form; 600 } 601 break; 602 603 case V_ASN1_BOOLEAN: 604 if (format != ASN1_GEN_FORMAT_ASCII) { 605 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); 606 goto bad_form; 607 } 608 vtmp.name = NULL; 609 vtmp.section = NULL; 610 vtmp.value = (char *)str; 611 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { 612 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); 613 goto bad_str; 614 } 615 break; 616 617 case V_ASN1_INTEGER: 618 case V_ASN1_ENUMERATED: 619 if (format != ASN1_GEN_FORMAT_ASCII) { 620 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); 621 goto bad_form; 622 } 623 if ((atmp->value.integer 624 = s2i_ASN1_INTEGER(NULL, str)) == NULL) { 625 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); 626 goto bad_str; 627 } 628 break; 629 630 case V_ASN1_OBJECT: 631 if (format != ASN1_GEN_FORMAT_ASCII) { 632 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); 633 goto bad_form; 634 } 635 if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { 636 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); 637 goto bad_str; 638 } 639 break; 640 641 case V_ASN1_UTCTIME: 642 case V_ASN1_GENERALIZEDTIME: 643 if (format != ASN1_GEN_FORMAT_ASCII) { 644 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); 645 goto bad_form; 646 } 647 if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { 648 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 649 goto bad_str; 650 } 651 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { 652 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 653 goto bad_str; 654 } 655 atmp->value.asn1_string->type = utype; 656 if (!ASN1_TIME_check(atmp->value.asn1_string)) { 657 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); 658 goto bad_str; 659 } 660 661 break; 662 663 case V_ASN1_BMPSTRING: 664 case V_ASN1_PRINTABLESTRING: 665 case V_ASN1_IA5STRING: 666 case V_ASN1_T61STRING: 667 case V_ASN1_UTF8STRING: 668 case V_ASN1_VISIBLESTRING: 669 case V_ASN1_UNIVERSALSTRING: 670 case V_ASN1_GENERALSTRING: 671 case V_ASN1_NUMERICSTRING: 672 if (format == ASN1_GEN_FORMAT_ASCII) 673 format = MBSTRING_ASC; 674 else if (format == ASN1_GEN_FORMAT_UTF8) 675 format = MBSTRING_UTF8; 676 else { 677 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); 678 goto bad_form; 679 } 680 681 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, 682 -1, format, ASN1_tag2bit(utype)) <= 0) { 683 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 684 goto bad_str; 685 } 686 687 break; 688 689 case V_ASN1_BIT_STRING: 690 case V_ASN1_OCTET_STRING: 691 if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { 692 ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); 693 goto bad_form; 694 } 695 696 if (format == ASN1_GEN_FORMAT_HEX) { 697 if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) { 698 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); 699 goto bad_str; 700 } 701 atmp->value.asn1_string->data = rdata; 702 atmp->value.asn1_string->length = rdlen; 703 atmp->value.asn1_string->type = utype; 704 } else if (format == ASN1_GEN_FORMAT_ASCII) 705 ASN1_STRING_set(atmp->value.asn1_string, str, -1); 706 else if ((format == ASN1_GEN_FORMAT_BITLIST) 707 && (utype == V_ASN1_BIT_STRING)) { 708 if (!CONF_parse_list 709 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { 710 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); 711 goto bad_str; 712 } 713 no_unused = 0; 714 715 } else { 716 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); 717 goto bad_form; 718 } 719 720 if ((utype == V_ASN1_BIT_STRING) && no_unused) { 721 atmp->value.asn1_string->flags 722 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 723 atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; 724 } 725 726 break; 727 728 default: 729 ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); 730 goto bad_str; 731 } 732 733 atmp->type = utype; 734 return atmp; 735 736 bad_str: 737 ERR_add_error_data(2, "string=", str); 738 bad_form: 739 740 ASN1_TYPE_free(atmp); 741 return NULL; 742 743 } 744 745 static int bitstr_cb(const char *elem, int len, void *bitstr) 746 { 747 long bitnum; 748 char *eptr; 749 if (!elem) 750 return 0; 751 bitnum = strtoul(elem, &eptr, 10); 752 if (eptr && *eptr && (eptr != elem + len)) 753 return 0; 754 if (bitnum < 0) { 755 ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); 756 return 0; 757 } 758 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { 759 ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); 760 return 0; 761 } 762 return 1; 763 } 764 765 static int mask_cb(const char *elem, int len, void *arg) 766 { 767 unsigned long *pmask = arg, tmpmask; 768 int tag; 769 if (elem == NULL) 770 return 0; 771 if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { 772 *pmask |= B_ASN1_DIRECTORYSTRING; 773 return 1; 774 } 775 tag = asn1_str2tag(elem, len); 776 if (!tag || (tag & ASN1_GEN_FLAG)) 777 return 0; 778 tmpmask = ASN1_tag2bit(tag); 779 if (!tmpmask) 780 return 0; 781 *pmask |= tmpmask; 782 return 1; 783 } 784 785 int ASN1_str2mask(const char *str, unsigned long *pmask) 786 { 787 *pmask = 0; 788 return CONF_parse_list(str, '|', 1, mask_cb, pmask); 789 } 790