1 /* 2 * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include "internal/cryptlib.h" 11 #include <openssl/asn1.h> 12 #include <openssl/x509v3.h> 13 14 #define ASN1_GEN_FLAG 0x10000 15 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1) 16 #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2) 17 #define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3) 18 #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4) 19 #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5) 20 #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6) 21 #define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7) 22 #define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8) 23 24 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val} 25 26 #define ASN1_FLAG_EXP_MAX 20 27 /* Maximum number of nested sequences */ 28 #define ASN1_GEN_SEQ_MAX_DEPTH 50 29 30 /* Input formats */ 31 32 /* ASCII: default */ 33 #define ASN1_GEN_FORMAT_ASCII 1 34 /* UTF8 */ 35 #define ASN1_GEN_FORMAT_UTF8 2 36 /* Hex */ 37 #define ASN1_GEN_FORMAT_HEX 3 38 /* List of bits */ 39 #define ASN1_GEN_FORMAT_BITLIST 4 40 41 struct tag_name_st { 42 const char *strnam; 43 int len; 44 int tag; 45 }; 46 47 typedef struct { 48 int exp_tag; 49 int exp_class; 50 int exp_constructed; 51 int exp_pad; 52 long exp_len; 53 } tag_exp_type; 54 55 typedef struct { 56 int imp_tag; 57 int imp_class; 58 int utype; 59 int format; 60 const char *str; 61 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX]; 62 int exp_count; 63 } tag_exp_arg; 64 65 static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, 66 int *perr); 67 static int bitstr_cb(const char *elem, int len, void *bitstr); 68 static int asn1_cb(const char *elem, int len, void *bitstr); 69 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 70 int exp_constructed, int exp_pad, int imp_ok); 71 static int parse_tagging(const char *vstart, int vlen, int *ptag, 72 int *pclass); 73 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 74 int depth, int *perr); 75 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype); 76 static int asn1_str2tag(const char *tagstr, int len); 77 78 ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf) 79 { 80 X509V3_CTX cnf; 81 82 if (!nconf) 83 return ASN1_generate_v3(str, NULL); 84 85 X509V3_set_nconf(&cnf, nconf); 86 return ASN1_generate_v3(str, &cnf); 87 } 88 89 ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) 90 { 91 int err = 0; 92 ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); 93 if (err) 94 ERR_raise(ERR_LIB_ASN1, err); 95 return ret; 96 } 97 98 static ASN1_TYPE *generate_v3(const char *str, X509V3_CTX *cnf, int depth, 99 int *perr) 100 { 101 ASN1_TYPE *ret; 102 tag_exp_arg asn1_tags; 103 tag_exp_type *etmp; 104 105 int i, len; 106 107 unsigned char *orig_der = NULL, *new_der = NULL; 108 const unsigned char *cpy_start; 109 unsigned char *p; 110 const unsigned char *cp; 111 int cpy_len; 112 long hdr_len = 0; 113 int hdr_constructed = 0, hdr_tag, hdr_class; 114 int r; 115 116 asn1_tags.imp_tag = -1; 117 asn1_tags.imp_class = -1; 118 asn1_tags.format = ASN1_GEN_FORMAT_ASCII; 119 asn1_tags.exp_count = 0; 120 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) { 121 *perr = ASN1_R_UNKNOWN_TAG; 122 return NULL; 123 } 124 125 if ((asn1_tags.utype == V_ASN1_SEQUENCE) 126 || (asn1_tags.utype == V_ASN1_SET)) { 127 if (!cnf) { 128 *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG; 129 return NULL; 130 } 131 if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) { 132 *perr = ASN1_R_ILLEGAL_NESTED_TAGGING; 133 return NULL; 134 } 135 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr); 136 } else 137 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype); 138 139 if (!ret) 140 return NULL; 141 142 /* If no tagging return base type */ 143 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0)) 144 return ret; 145 146 /* Generate the encoding */ 147 cpy_len = i2d_ASN1_TYPE(ret, &orig_der); 148 ASN1_TYPE_free(ret); 149 ret = NULL; 150 /* Set point to start copying for modified encoding */ 151 cpy_start = orig_der; 152 153 /* Do we need IMPLICIT tagging? */ 154 if (asn1_tags.imp_tag != -1) { 155 /* If IMPLICIT we will replace the underlying tag */ 156 /* Skip existing tag+len */ 157 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, 158 cpy_len); 159 if (r & 0x80) 160 goto err; 161 /* Update copy length */ 162 cpy_len -= cpy_start - orig_der; 163 /* 164 * For IMPLICIT tagging the length should match the original length 165 * and constructed flag should be consistent. 166 */ 167 if (r & 0x1) { 168 /* Indefinite length constructed */ 169 hdr_constructed = 2; 170 hdr_len = 0; 171 } else 172 /* Just retain constructed flag */ 173 hdr_constructed = r & V_ASN1_CONSTRUCTED; 174 /* 175 * Work out new length with IMPLICIT tag: ignore constructed because 176 * it will mess up if indefinite length 177 */ 178 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag); 179 } else 180 len = cpy_len; 181 182 /* Work out length in any EXPLICIT, starting from end */ 183 184 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; 185 i < asn1_tags.exp_count; i++, etmp--) { 186 /* Content length: number of content octets + any padding */ 187 len += etmp->exp_pad; 188 etmp->exp_len = len; 189 /* Total object length: length including new header */ 190 len = ASN1_object_size(0, len, etmp->exp_tag); 191 } 192 193 /* Allocate buffer for new encoding */ 194 195 new_der = OPENSSL_malloc(len); 196 if (new_der == NULL) 197 goto err; 198 199 /* Generate tagged encoding */ 200 201 p = new_der; 202 203 /* Output explicit tags first */ 204 205 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; 206 i++, etmp++) { 207 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len, 208 etmp->exp_tag, etmp->exp_class); 209 if (etmp->exp_pad) 210 *p++ = 0; 211 } 212 213 /* If IMPLICIT, output tag */ 214 215 if (asn1_tags.imp_tag != -1) { 216 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL 217 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE 218 || asn1_tags.imp_tag == V_ASN1_SET)) 219 hdr_constructed = V_ASN1_CONSTRUCTED; 220 ASN1_put_object(&p, hdr_constructed, hdr_len, 221 asn1_tags.imp_tag, asn1_tags.imp_class); 222 } 223 224 /* Copy across original encoding */ 225 memcpy(p, cpy_start, cpy_len); 226 227 cp = new_der; 228 229 /* Obtain new ASN1_TYPE structure */ 230 ret = d2i_ASN1_TYPE(NULL, &cp, len); 231 232 err: 233 OPENSSL_free(orig_der); 234 OPENSSL_free(new_der); 235 236 return ret; 237 238 } 239 240 static int asn1_cb(const char *elem, int len, void *bitstr) 241 { 242 tag_exp_arg *arg = bitstr; 243 int i; 244 int utype; 245 int vlen = 0; 246 const char *p, *vstart = NULL; 247 248 int tmp_tag, tmp_class; 249 250 if (elem == NULL) 251 return -1; 252 253 for (i = 0, p = elem; i < len; p++, i++) { 254 /* Look for the ':' in name value pairs */ 255 if (*p == ':') { 256 vstart = p + 1; 257 vlen = len - (vstart - elem); 258 len = p - elem; 259 break; 260 } 261 } 262 263 utype = asn1_str2tag(elem, len); 264 265 if (utype == -1) { 266 ERR_raise_data(ERR_LIB_ASN1, ASN1_R_UNKNOWN_TAG, "tag=%s", elem); 267 return -1; 268 } 269 270 /* If this is not a modifier mark end of string and exit */ 271 if (!(utype & ASN1_GEN_FLAG)) { 272 arg->utype = utype; 273 arg->str = vstart; 274 /* If no value and not end of string, error */ 275 if (!vstart && elem[len]) { 276 ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_VALUE); 277 return -1; 278 } 279 return 0; 280 } 281 282 switch (utype) { 283 284 case ASN1_GEN_FLAG_IMP: 285 /* Check for illegal multiple IMPLICIT tagging */ 286 if (arg->imp_tag != -1) { 287 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); 288 return -1; 289 } 290 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) 291 return -1; 292 break; 293 294 case ASN1_GEN_FLAG_EXP: 295 296 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class)) 297 return -1; 298 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0)) 299 return -1; 300 break; 301 302 case ASN1_GEN_FLAG_SEQWRAP: 303 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1)) 304 return -1; 305 break; 306 307 case ASN1_GEN_FLAG_SETWRAP: 308 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1)) 309 return -1; 310 break; 311 312 case ASN1_GEN_FLAG_BITWRAP: 313 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1)) 314 return -1; 315 break; 316 317 case ASN1_GEN_FLAG_OCTWRAP: 318 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1)) 319 return -1; 320 break; 321 322 case ASN1_GEN_FLAG_FORMAT: 323 if (!vstart) { 324 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); 325 return -1; 326 } 327 if (strncmp(vstart, "ASCII", 5) == 0) 328 arg->format = ASN1_GEN_FORMAT_ASCII; 329 else if (strncmp(vstart, "UTF8", 4) == 0) 330 arg->format = ASN1_GEN_FORMAT_UTF8; 331 else if (strncmp(vstart, "HEX", 3) == 0) 332 arg->format = ASN1_GEN_FORMAT_HEX; 333 else if (strncmp(vstart, "BITLIST", 7) == 0) 334 arg->format = ASN1_GEN_FORMAT_BITLIST; 335 else { 336 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); 337 return -1; 338 } 339 break; 340 341 } 342 343 return 1; 344 345 } 346 347 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) 348 { 349 long tag_num; 350 char *eptr; 351 if (!vstart) 352 return 0; 353 tag_num = strtoul(vstart, &eptr, 10); 354 /* Check we haven't gone past max length: should be impossible */ 355 if (eptr && *eptr && (eptr > vstart + vlen)) 356 return 0; 357 if (tag_num < 0) { 358 ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER); 359 return 0; 360 } 361 *ptag = tag_num; 362 /* If we have non numeric characters, parse them */ 363 if (eptr) 364 vlen -= eptr - vstart; 365 else 366 vlen = 0; 367 if (vlen) { 368 switch (*eptr) { 369 370 case 'U': 371 *pclass = V_ASN1_UNIVERSAL; 372 break; 373 374 case 'A': 375 *pclass = V_ASN1_APPLICATION; 376 break; 377 378 case 'P': 379 *pclass = V_ASN1_PRIVATE; 380 break; 381 382 case 'C': 383 *pclass = V_ASN1_CONTEXT_SPECIFIC; 384 break; 385 386 default: 387 ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MODIFIER, 388 "Char=%c", *eptr); 389 return 0; 390 391 } 392 } else 393 *pclass = V_ASN1_CONTEXT_SPECIFIC; 394 395 return 1; 396 397 } 398 399 /* Handle multiple types: SET and SEQUENCE */ 400 401 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf, 402 int depth, int *perr) 403 { 404 ASN1_TYPE *ret = NULL; 405 STACK_OF(ASN1_TYPE) *sk = NULL; 406 STACK_OF(CONF_VALUE) *sect = NULL; 407 unsigned char *der = NULL; 408 int derlen; 409 int i; 410 sk = sk_ASN1_TYPE_new_null(); 411 if (!sk) 412 goto bad; 413 if (section) { 414 if (!cnf) 415 goto bad; 416 sect = X509V3_get_section(cnf, (char *)section); 417 if (!sect) 418 goto bad; 419 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) { 420 ASN1_TYPE *typ = 421 generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf, 422 depth + 1, perr); 423 if (!typ) 424 goto bad; 425 if (!sk_ASN1_TYPE_push(sk, typ)) 426 goto bad; 427 } 428 } 429 430 /* 431 * Now we has a STACK of the components, convert to the correct form 432 */ 433 434 if (utype == V_ASN1_SET) 435 derlen = i2d_ASN1_SET_ANY(sk, &der); 436 else 437 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der); 438 439 if (derlen < 0) 440 goto bad; 441 if ((ret = ASN1_TYPE_new()) == NULL) 442 goto bad; 443 if ((ret->value.asn1_string = ASN1_STRING_type_new(utype)) == NULL) 444 goto bad; 445 446 ret->type = utype; 447 ret->value.asn1_string->data = der; 448 ret->value.asn1_string->length = derlen; 449 450 der = NULL; 451 452 bad: 453 454 OPENSSL_free(der); 455 456 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free); 457 X509V3_section_free(cnf, sect); 458 459 return ret; 460 } 461 462 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, 463 int exp_constructed, int exp_pad, int imp_ok) 464 { 465 tag_exp_type *exp_tmp; 466 /* Can only have IMPLICIT if permitted */ 467 if ((arg->imp_tag != -1) && !imp_ok) { 468 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); 469 return 0; 470 } 471 472 if (arg->exp_count == ASN1_FLAG_EXP_MAX) { 473 ERR_raise(ERR_LIB_ASN1, ASN1_R_DEPTH_EXCEEDED); 474 return 0; 475 } 476 477 exp_tmp = &arg->exp_list[arg->exp_count++]; 478 479 /* 480 * If IMPLICIT set tag to implicit value then reset implicit tag since it 481 * has been used. 482 */ 483 if (arg->imp_tag != -1) { 484 exp_tmp->exp_tag = arg->imp_tag; 485 exp_tmp->exp_class = arg->imp_class; 486 arg->imp_tag = -1; 487 arg->imp_class = -1; 488 } else { 489 exp_tmp->exp_tag = exp_tag; 490 exp_tmp->exp_class = exp_class; 491 } 492 exp_tmp->exp_constructed = exp_constructed; 493 exp_tmp->exp_pad = exp_pad; 494 495 return 1; 496 } 497 498 static int asn1_str2tag(const char *tagstr, int len) 499 { 500 unsigned int i; 501 static const struct tag_name_st *tntmp, tnst[] = { 502 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN), 503 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN), 504 ASN1_GEN_STR("NULL", V_ASN1_NULL), 505 ASN1_GEN_STR("INT", V_ASN1_INTEGER), 506 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER), 507 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED), 508 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED), 509 ASN1_GEN_STR("OID", V_ASN1_OBJECT), 510 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT), 511 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME), 512 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME), 513 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME), 514 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME), 515 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING), 516 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING), 517 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING), 518 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING), 519 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING), 520 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING), 521 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING), 522 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING), 523 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING), 524 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING), 525 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING), 526 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING), 527 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING), 528 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING), 529 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING), 530 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING), 531 ASN1_GEN_STR("T61", V_ASN1_T61STRING), 532 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING), 533 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING), 534 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING), 535 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING), 536 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING), 537 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING), 538 539 /* Special cases */ 540 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE), 541 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE), 542 ASN1_GEN_STR("SET", V_ASN1_SET), 543 /* type modifiers */ 544 /* Explicit tag */ 545 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP), 546 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP), 547 /* Implicit tag */ 548 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP), 549 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP), 550 /* OCTET STRING wrapper */ 551 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP), 552 /* SEQUENCE wrapper */ 553 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP), 554 /* SET wrapper */ 555 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP), 556 /* BIT STRING wrapper */ 557 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP), 558 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT), 559 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT), 560 }; 561 562 if (len == -1) 563 len = strlen(tagstr); 564 565 tntmp = tnst; 566 for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { 567 if ((len == tntmp->len) 568 && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) 569 return tntmp->tag; 570 } 571 572 return -1; 573 } 574 575 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) 576 { 577 ASN1_TYPE *atmp = NULL; 578 CONF_VALUE vtmp; 579 unsigned char *rdata; 580 long rdlen; 581 int no_unused = 1; 582 583 if ((atmp = ASN1_TYPE_new()) == NULL) { 584 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 585 return NULL; 586 } 587 588 if (!str) 589 str = ""; 590 591 switch (utype) { 592 593 case V_ASN1_NULL: 594 if (str && *str) { 595 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL_VALUE); 596 goto bad_form; 597 } 598 break; 599 600 case V_ASN1_BOOLEAN: 601 if (format != ASN1_GEN_FORMAT_ASCII) { 602 ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ASCII_FORMAT); 603 goto bad_form; 604 } 605 vtmp.name = NULL; 606 vtmp.section = NULL; 607 vtmp.value = (char *)str; 608 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { 609 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_BOOLEAN); 610 goto bad_str; 611 } 612 break; 613 614 case V_ASN1_INTEGER: 615 case V_ASN1_ENUMERATED: 616 if (format != ASN1_GEN_FORMAT_ASCII) { 617 ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); 618 goto bad_form; 619 } 620 if ((atmp->value.integer 621 = s2i_ASN1_INTEGER(NULL, str)) == NULL) { 622 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_INTEGER); 623 goto bad_str; 624 } 625 break; 626 627 case V_ASN1_OBJECT: 628 if (format != ASN1_GEN_FORMAT_ASCII) { 629 ERR_raise(ERR_LIB_ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); 630 goto bad_form; 631 } 632 if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { 633 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_OBJECT); 634 goto bad_str; 635 } 636 break; 637 638 case V_ASN1_UTCTIME: 639 case V_ASN1_GENERALIZEDTIME: 640 if (format != ASN1_GEN_FORMAT_ASCII) { 641 ERR_raise(ERR_LIB_ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); 642 goto bad_form; 643 } 644 if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { 645 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 646 goto bad_str; 647 } 648 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { 649 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 650 goto bad_str; 651 } 652 atmp->value.asn1_string->type = utype; 653 if (!ASN1_TIME_check(atmp->value.asn1_string)) { 654 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_TIME_VALUE); 655 goto bad_str; 656 } 657 658 break; 659 660 case V_ASN1_BMPSTRING: 661 case V_ASN1_PRINTABLESTRING: 662 case V_ASN1_IA5STRING: 663 case V_ASN1_T61STRING: 664 case V_ASN1_UTF8STRING: 665 case V_ASN1_VISIBLESTRING: 666 case V_ASN1_UNIVERSALSTRING: 667 case V_ASN1_GENERALSTRING: 668 case V_ASN1_NUMERICSTRING: 669 if (format == ASN1_GEN_FORMAT_ASCII) 670 format = MBSTRING_ASC; 671 else if (format == ASN1_GEN_FORMAT_UTF8) 672 format = MBSTRING_UTF8; 673 else { 674 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_FORMAT); 675 goto bad_form; 676 } 677 678 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, 679 -1, format, ASN1_tag2bit(utype)) <= 0) { 680 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 681 goto bad_str; 682 } 683 684 break; 685 686 case V_ASN1_BIT_STRING: 687 case V_ASN1_OCTET_STRING: 688 if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { 689 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 690 goto bad_form; 691 } 692 693 if (format == ASN1_GEN_FORMAT_HEX) { 694 if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) { 695 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_HEX); 696 goto bad_str; 697 } 698 atmp->value.asn1_string->data = rdata; 699 atmp->value.asn1_string->length = rdlen; 700 atmp->value.asn1_string->type = utype; 701 } else if (format == ASN1_GEN_FORMAT_ASCII) 702 ASN1_STRING_set(atmp->value.asn1_string, str, -1); 703 else if ((format == ASN1_GEN_FORMAT_BITLIST) 704 && (utype == V_ASN1_BIT_STRING)) { 705 if (!CONF_parse_list 706 (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { 707 ERR_raise(ERR_LIB_ASN1, ASN1_R_LIST_ERROR); 708 goto bad_str; 709 } 710 no_unused = 0; 711 712 } else { 713 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); 714 goto bad_form; 715 } 716 717 if ((utype == V_ASN1_BIT_STRING) && no_unused) { 718 atmp->value.asn1_string->flags 719 &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); 720 atmp->value.asn1_string->flags |= ASN1_STRING_FLAG_BITS_LEFT; 721 } 722 723 break; 724 725 default: 726 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); 727 goto bad_str; 728 } 729 730 atmp->type = utype; 731 return atmp; 732 733 bad_str: 734 ERR_add_error_data(2, "string=", str); 735 bad_form: 736 737 ASN1_TYPE_free(atmp); 738 return NULL; 739 740 } 741 742 static int bitstr_cb(const char *elem, int len, void *bitstr) 743 { 744 long bitnum; 745 char *eptr; 746 if (!elem) 747 return 0; 748 bitnum = strtoul(elem, &eptr, 10); 749 if (eptr && *eptr && (eptr != elem + len)) 750 return 0; 751 if (bitnum < 0) { 752 ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER); 753 return 0; 754 } 755 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { 756 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 757 return 0; 758 } 759 return 1; 760 } 761 762 static int mask_cb(const char *elem, int len, void *arg) 763 { 764 unsigned long *pmask = arg, tmpmask; 765 int tag; 766 if (elem == NULL) 767 return 0; 768 if ((len == 3) && (strncmp(elem, "DIR", 3) == 0)) { 769 *pmask |= B_ASN1_DIRECTORYSTRING; 770 return 1; 771 } 772 tag = asn1_str2tag(elem, len); 773 if (!tag || (tag & ASN1_GEN_FLAG)) 774 return 0; 775 tmpmask = ASN1_tag2bit(tag); 776 if (!tmpmask) 777 return 0; 778 *pmask |= tmpmask; 779 return 1; 780 } 781 782 int ASN1_str2mask(const char *str, unsigned long *pmask) 783 { 784 *pmask = 0; 785 return CONF_parse_list(str, '|', 1, mask_cb, pmask); 786 } 787