[331] | 1 | /*
|
---|
| 2 | * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
|
---|
| 3 | *
|
---|
| 4 | * Licensed under the OpenSSL license (the "License"). You may not use
|
---|
| 5 | * this file except in compliance with the License. You can obtain a copy
|
---|
| 6 | * in the file LICENSE in the source distribution or at
|
---|
| 7 | * https://www.openssl.org/source/license.html
|
---|
| 8 | */
|
---|
| 9 |
|
---|
| 10 | #include <stdio.h>
|
---|
| 11 | #include <ctype.h>
|
---|
| 12 | #include "internal/cryptlib.h"
|
---|
| 13 | #include <openssl/asn1.h>
|
---|
| 14 |
|
---|
| 15 | static int traverse_string(const unsigned char *p, int len, int inform,
|
---|
| 16 | int (*rfunc) (unsigned long value, void *in),
|
---|
| 17 | void *arg);
|
---|
| 18 | static int in_utf8(unsigned long value, void *arg);
|
---|
| 19 | static int out_utf8(unsigned long value, void *arg);
|
---|
| 20 | static int type_str(unsigned long value, void *arg);
|
---|
| 21 | static int cpy_asc(unsigned long value, void *arg);
|
---|
| 22 | static int cpy_bmp(unsigned long value, void *arg);
|
---|
| 23 | static int cpy_univ(unsigned long value, void *arg);
|
---|
| 24 | static int cpy_utf8(unsigned long value, void *arg);
|
---|
| 25 | static int is_numeric(unsigned long value);
|
---|
| 26 | static int is_printable(unsigned long value);
|
---|
| 27 |
|
---|
| 28 | /*
|
---|
| 29 | * These functions take a string in UTF8, ASCII or multibyte form and a mask
|
---|
| 30 | * of permissible ASN1 string types. It then works out the minimal type
|
---|
| 31 | * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8)
|
---|
| 32 | * and creates a string of the correct type with the supplied data. Yes this is
|
---|
| 33 | * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum
|
---|
| 34 | * size limits too.
|
---|
| 35 | */
|
---|
| 36 |
|
---|
| 37 | int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
|
---|
| 38 | int inform, unsigned long mask)
|
---|
| 39 | {
|
---|
| 40 | return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
|
---|
| 41 | }
|
---|
| 42 |
|
---|
| 43 | int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
|
---|
| 44 | int inform, unsigned long mask,
|
---|
| 45 | long minsize, long maxsize)
|
---|
| 46 | {
|
---|
| 47 | int str_type;
|
---|
| 48 | int ret;
|
---|
| 49 | char free_out;
|
---|
| 50 | int outform, outlen = 0;
|
---|
| 51 | ASN1_STRING *dest;
|
---|
| 52 | unsigned char *p;
|
---|
| 53 | int nchar;
|
---|
| 54 | char strbuf[32];
|
---|
| 55 | int (*cpyfunc) (unsigned long, void *) = NULL;
|
---|
| 56 | if (len == -1)
|
---|
| 57 | len = strlen((const char *)in);
|
---|
| 58 | if (!mask)
|
---|
| 59 | mask = DIRSTRING_TYPE;
|
---|
| 60 |
|
---|
| 61 | /* First do a string check and work out the number of characters */
|
---|
| 62 | switch (inform) {
|
---|
| 63 |
|
---|
| 64 | case MBSTRING_BMP:
|
---|
| 65 | if (len & 1) {
|
---|
| 66 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
|
---|
| 67 | ASN1_R_INVALID_BMPSTRING_LENGTH);
|
---|
| 68 | return -1;
|
---|
| 69 | }
|
---|
| 70 | nchar = len >> 1;
|
---|
| 71 | break;
|
---|
| 72 |
|
---|
| 73 | case MBSTRING_UNIV:
|
---|
| 74 | if (len & 3) {
|
---|
| 75 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY,
|
---|
| 76 | ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
|
---|
| 77 | return -1;
|
---|
| 78 | }
|
---|
| 79 | nchar = len >> 2;
|
---|
| 80 | break;
|
---|
| 81 |
|
---|
| 82 | case MBSTRING_UTF8:
|
---|
| 83 | nchar = 0;
|
---|
| 84 | /* This counts the characters and does utf8 syntax checking */
|
---|
| 85 | ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
|
---|
| 86 | if (ret < 0) {
|
---|
| 87 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING);
|
---|
| 88 | return -1;
|
---|
| 89 | }
|
---|
| 90 | break;
|
---|
| 91 |
|
---|
| 92 | case MBSTRING_ASC:
|
---|
| 93 | nchar = len;
|
---|
| 94 | break;
|
---|
| 95 |
|
---|
| 96 | default:
|
---|
| 97 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT);
|
---|
| 98 | return -1;
|
---|
| 99 | }
|
---|
| 100 |
|
---|
| 101 | if ((minsize > 0) && (nchar < minsize)) {
|
---|
| 102 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT);
|
---|
| 103 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", minsize);
|
---|
| 104 | ERR_add_error_data(2, "minsize=", strbuf);
|
---|
| 105 | return -1;
|
---|
| 106 | }
|
---|
| 107 |
|
---|
| 108 | if ((maxsize > 0) && (nchar > maxsize)) {
|
---|
| 109 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG);
|
---|
| 110 | BIO_snprintf(strbuf, sizeof strbuf, "%ld", maxsize);
|
---|
| 111 | ERR_add_error_data(2, "maxsize=", strbuf);
|
---|
| 112 | return -1;
|
---|
| 113 | }
|
---|
| 114 |
|
---|
| 115 | /* Now work out minimal type (if any) */
|
---|
| 116 | if (traverse_string(in, len, inform, type_str, &mask) < 0) {
|
---|
| 117 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS);
|
---|
| 118 | return -1;
|
---|
| 119 | }
|
---|
| 120 |
|
---|
| 121 | /* Now work out output format and string type */
|
---|
| 122 | outform = MBSTRING_ASC;
|
---|
| 123 | if (mask & B_ASN1_NUMERICSTRING)
|
---|
| 124 | str_type = V_ASN1_NUMERICSTRING;
|
---|
| 125 | else if (mask & B_ASN1_PRINTABLESTRING)
|
---|
| 126 | str_type = V_ASN1_PRINTABLESTRING;
|
---|
| 127 | else if (mask & B_ASN1_IA5STRING)
|
---|
| 128 | str_type = V_ASN1_IA5STRING;
|
---|
| 129 | else if (mask & B_ASN1_T61STRING)
|
---|
| 130 | str_type = V_ASN1_T61STRING;
|
---|
| 131 | else if (mask & B_ASN1_BMPSTRING) {
|
---|
| 132 | str_type = V_ASN1_BMPSTRING;
|
---|
| 133 | outform = MBSTRING_BMP;
|
---|
| 134 | } else if (mask & B_ASN1_UNIVERSALSTRING) {
|
---|
| 135 | str_type = V_ASN1_UNIVERSALSTRING;
|
---|
| 136 | outform = MBSTRING_UNIV;
|
---|
| 137 | } else {
|
---|
| 138 | str_type = V_ASN1_UTF8STRING;
|
---|
| 139 | outform = MBSTRING_UTF8;
|
---|
| 140 | }
|
---|
| 141 | if (!out)
|
---|
| 142 | return str_type;
|
---|
| 143 | if (*out) {
|
---|
| 144 | free_out = 0;
|
---|
| 145 | dest = *out;
|
---|
| 146 | OPENSSL_free(dest->data);
|
---|
| 147 | dest->data = NULL;
|
---|
| 148 | dest->length = 0;
|
---|
| 149 | dest->type = str_type;
|
---|
| 150 | } else {
|
---|
| 151 | free_out = 1;
|
---|
| 152 | dest = ASN1_STRING_type_new(str_type);
|
---|
| 153 | if (dest == NULL) {
|
---|
| 154 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
|
---|
| 155 | return -1;
|
---|
| 156 | }
|
---|
| 157 | *out = dest;
|
---|
| 158 | }
|
---|
| 159 | /* If both the same type just copy across */
|
---|
| 160 | if (inform == outform) {
|
---|
| 161 | if (!ASN1_STRING_set(dest, in, len)) {
|
---|
| 162 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
|
---|
| 163 | return -1;
|
---|
| 164 | }
|
---|
| 165 | return str_type;
|
---|
| 166 | }
|
---|
| 167 |
|
---|
| 168 | /* Work out how much space the destination will need */
|
---|
| 169 | switch (outform) {
|
---|
| 170 | case MBSTRING_ASC:
|
---|
| 171 | outlen = nchar;
|
---|
| 172 | cpyfunc = cpy_asc;
|
---|
| 173 | break;
|
---|
| 174 |
|
---|
| 175 | case MBSTRING_BMP:
|
---|
| 176 | outlen = nchar << 1;
|
---|
| 177 | cpyfunc = cpy_bmp;
|
---|
| 178 | break;
|
---|
| 179 |
|
---|
| 180 | case MBSTRING_UNIV:
|
---|
| 181 | outlen = nchar << 2;
|
---|
| 182 | cpyfunc = cpy_univ;
|
---|
| 183 | break;
|
---|
| 184 |
|
---|
| 185 | case MBSTRING_UTF8:
|
---|
| 186 | outlen = 0;
|
---|
| 187 | traverse_string(in, len, inform, out_utf8, &outlen);
|
---|
| 188 | cpyfunc = cpy_utf8;
|
---|
| 189 | break;
|
---|
| 190 | }
|
---|
| 191 | if ((p = OPENSSL_malloc(outlen + 1)) == NULL) {
|
---|
| 192 | if (free_out)
|
---|
| 193 | ASN1_STRING_free(dest);
|
---|
| 194 | ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE);
|
---|
| 195 | return -1;
|
---|
| 196 | }
|
---|
| 197 | dest->length = outlen;
|
---|
| 198 | dest->data = p;
|
---|
| 199 | p[outlen] = 0;
|
---|
| 200 | traverse_string(in, len, inform, cpyfunc, &p);
|
---|
| 201 | return str_type;
|
---|
| 202 | }
|
---|
| 203 |
|
---|
| 204 | /*
|
---|
| 205 | * This function traverses a string and passes the value of each character to
|
---|
| 206 | * an optional function along with a void * argument.
|
---|
| 207 | */
|
---|
| 208 |
|
---|
| 209 | static int traverse_string(const unsigned char *p, int len, int inform,
|
---|
| 210 | int (*rfunc) (unsigned long value, void *in),
|
---|
| 211 | void *arg)
|
---|
| 212 | {
|
---|
| 213 | unsigned long value;
|
---|
| 214 | int ret;
|
---|
| 215 | while (len) {
|
---|
| 216 | if (inform == MBSTRING_ASC) {
|
---|
| 217 | value = *p++;
|
---|
| 218 | len--;
|
---|
| 219 | } else if (inform == MBSTRING_BMP) {
|
---|
| 220 | value = *p++ << 8;
|
---|
| 221 | value |= *p++;
|
---|
| 222 | len -= 2;
|
---|
| 223 | } else if (inform == MBSTRING_UNIV) {
|
---|
| 224 | value = ((unsigned long)*p++) << 24;
|
---|
| 225 | value |= ((unsigned long)*p++) << 16;
|
---|
| 226 | value |= *p++ << 8;
|
---|
| 227 | value |= *p++;
|
---|
| 228 | len -= 4;
|
---|
| 229 | } else {
|
---|
| 230 | ret = UTF8_getc(p, len, &value);
|
---|
| 231 | if (ret < 0)
|
---|
| 232 | return -1;
|
---|
| 233 | len -= ret;
|
---|
| 234 | p += ret;
|
---|
| 235 | }
|
---|
| 236 | if (rfunc) {
|
---|
| 237 | ret = rfunc(value, arg);
|
---|
| 238 | if (ret <= 0)
|
---|
| 239 | return ret;
|
---|
| 240 | }
|
---|
| 241 | }
|
---|
| 242 | return 1;
|
---|
| 243 | }
|
---|
| 244 |
|
---|
| 245 | /* Various utility functions for traverse_string */
|
---|
| 246 |
|
---|
| 247 | /* Just count number of characters */
|
---|
| 248 |
|
---|
| 249 | static int in_utf8(unsigned long value, void *arg)
|
---|
| 250 | {
|
---|
| 251 | int *nchar;
|
---|
| 252 | nchar = arg;
|
---|
| 253 | (*nchar)++;
|
---|
| 254 | return 1;
|
---|
| 255 | }
|
---|
| 256 |
|
---|
| 257 | /* Determine size of output as a UTF8 String */
|
---|
| 258 |
|
---|
| 259 | static int out_utf8(unsigned long value, void *arg)
|
---|
| 260 | {
|
---|
| 261 | int *outlen;
|
---|
| 262 | outlen = arg;
|
---|
| 263 | *outlen += UTF8_putc(NULL, -1, value);
|
---|
| 264 | return 1;
|
---|
| 265 | }
|
---|
| 266 |
|
---|
| 267 | /*
|
---|
| 268 | * Determine the "type" of a string: check each character against a supplied
|
---|
| 269 | * "mask".
|
---|
| 270 | */
|
---|
| 271 |
|
---|
| 272 | static int type_str(unsigned long value, void *arg)
|
---|
| 273 | {
|
---|
| 274 | unsigned long types;
|
---|
| 275 | types = *((unsigned long *)arg);
|
---|
| 276 | if ((types & B_ASN1_NUMERICSTRING) && !is_numeric(value))
|
---|
| 277 | types &= ~B_ASN1_NUMERICSTRING;
|
---|
| 278 | if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
|
---|
| 279 | types &= ~B_ASN1_PRINTABLESTRING;
|
---|
| 280 | if ((types & B_ASN1_IA5STRING) && (value > 127))
|
---|
| 281 | types &= ~B_ASN1_IA5STRING;
|
---|
| 282 | if ((types & B_ASN1_T61STRING) && (value > 0xff))
|
---|
| 283 | types &= ~B_ASN1_T61STRING;
|
---|
| 284 | if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
|
---|
| 285 | types &= ~B_ASN1_BMPSTRING;
|
---|
| 286 | if (!types)
|
---|
| 287 | return -1;
|
---|
| 288 | *((unsigned long *)arg) = types;
|
---|
| 289 | return 1;
|
---|
| 290 | }
|
---|
| 291 |
|
---|
| 292 | /* Copy one byte per character ASCII like strings */
|
---|
| 293 |
|
---|
| 294 | static int cpy_asc(unsigned long value, void *arg)
|
---|
| 295 | {
|
---|
| 296 | unsigned char **p, *q;
|
---|
| 297 | p = arg;
|
---|
| 298 | q = *p;
|
---|
| 299 | *q = (unsigned char)value;
|
---|
| 300 | (*p)++;
|
---|
| 301 | return 1;
|
---|
| 302 | }
|
---|
| 303 |
|
---|
| 304 | /* Copy two byte per character BMPStrings */
|
---|
| 305 |
|
---|
| 306 | static int cpy_bmp(unsigned long value, void *arg)
|
---|
| 307 | {
|
---|
| 308 | unsigned char **p, *q;
|
---|
| 309 | p = arg;
|
---|
| 310 | q = *p;
|
---|
| 311 | *q++ = (unsigned char)((value >> 8) & 0xff);
|
---|
| 312 | *q = (unsigned char)(value & 0xff);
|
---|
| 313 | *p += 2;
|
---|
| 314 | return 1;
|
---|
| 315 | }
|
---|
| 316 |
|
---|
| 317 | /* Copy four byte per character UniversalStrings */
|
---|
| 318 |
|
---|
| 319 | static int cpy_univ(unsigned long value, void *arg)
|
---|
| 320 | {
|
---|
| 321 | unsigned char **p, *q;
|
---|
| 322 | p = arg;
|
---|
| 323 | q = *p;
|
---|
| 324 | *q++ = (unsigned char)((value >> 24) & 0xff);
|
---|
| 325 | *q++ = (unsigned char)((value >> 16) & 0xff);
|
---|
| 326 | *q++ = (unsigned char)((value >> 8) & 0xff);
|
---|
| 327 | *q = (unsigned char)(value & 0xff);
|
---|
| 328 | *p += 4;
|
---|
| 329 | return 1;
|
---|
| 330 | }
|
---|
| 331 |
|
---|
| 332 | /* Copy to a UTF8String */
|
---|
| 333 |
|
---|
| 334 | static int cpy_utf8(unsigned long value, void *arg)
|
---|
| 335 | {
|
---|
| 336 | unsigned char **p;
|
---|
| 337 | int ret;
|
---|
| 338 | p = arg;
|
---|
| 339 | /* We already know there is enough room so pass 0xff as the length */
|
---|
| 340 | ret = UTF8_putc(*p, 0xff, value);
|
---|
| 341 | *p += ret;
|
---|
| 342 | return 1;
|
---|
| 343 | }
|
---|
| 344 |
|
---|
| 345 | /* Return 1 if the character is permitted in a PrintableString */
|
---|
| 346 | static int is_printable(unsigned long value)
|
---|
| 347 | {
|
---|
| 348 | int ch;
|
---|
| 349 | if (value > 0x7f)
|
---|
| 350 | return 0;
|
---|
| 351 | ch = (int)value;
|
---|
| 352 | /*
|
---|
| 353 | * Note: we can't use 'isalnum' because certain accented characters may
|
---|
| 354 | * count as alphanumeric in some environments.
|
---|
| 355 | */
|
---|
| 356 | #ifndef CHARSET_EBCDIC
|
---|
| 357 | if ((ch >= 'a') && (ch <= 'z'))
|
---|
| 358 | return 1;
|
---|
| 359 | if ((ch >= 'A') && (ch <= 'Z'))
|
---|
| 360 | return 1;
|
---|
| 361 | if ((ch >= '0') && (ch <= '9'))
|
---|
| 362 | return 1;
|
---|
| 363 | if ((ch == ' ') || strchr("'()+,-./:=?", ch))
|
---|
| 364 | return 1;
|
---|
| 365 | #else /* CHARSET_EBCDIC */
|
---|
| 366 | if ((ch >= os_toascii['a']) && (ch <= os_toascii['z']))
|
---|
| 367 | return 1;
|
---|
| 368 | if ((ch >= os_toascii['A']) && (ch <= os_toascii['Z']))
|
---|
| 369 | return 1;
|
---|
| 370 | if ((ch >= os_toascii['0']) && (ch <= os_toascii['9']))
|
---|
| 371 | return 1;
|
---|
| 372 | if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch]))
|
---|
| 373 | return 1;
|
---|
| 374 | #endif /* CHARSET_EBCDIC */
|
---|
| 375 | return 0;
|
---|
| 376 | }
|
---|
| 377 |
|
---|
| 378 | /* Return 1 if the character is a digit or space */
|
---|
| 379 | static int is_numeric(unsigned long value)
|
---|
| 380 | {
|
---|
| 381 | int ch;
|
---|
| 382 | if (value > 0x7f)
|
---|
| 383 | return 0;
|
---|
| 384 | ch = (int)value;
|
---|
| 385 | #ifndef CHARSET_EBCDIC
|
---|
| 386 | if (!isdigit(ch) && ch != ' ')
|
---|
| 387 | return 0;
|
---|
| 388 | #else
|
---|
| 389 | if (ch > os_toascii['9'])
|
---|
| 390 | return 0;
|
---|
| 391 | if (ch < os_toascii['0'] && ch != os_toascii[' '])
|
---|
| 392 | return 0;
|
---|
| 393 | #endif
|
---|
| 394 | return 1;
|
---|
| 395 | }
|
---|