1 | /* |
2 | * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. |
3 | * |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | * this file except in compliance with the License. You can obtain a copy |
6 | * in the file LICENSE in the source distribution or at |
7 | * https://www.openssl.org/source/license.html |
8 | */ |
9 | |
10 | #include <stdio.h> |
11 | #include <string.h> |
12 | #include "internal/cryptlib.h" |
13 | #include "crypto/asn1.h" |
14 | #include <openssl/crypto.h> |
15 | #include <openssl/x509.h> |
16 | #include <openssl/asn1.h> |
17 | |
18 | #include "charmap.h" |
19 | |
20 | /* |
21 | * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name |
22 | * printing routines handling multibyte characters, RFC2253 and a host of |
23 | * other options. |
24 | */ |
25 | |
26 | #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) |
27 | |
28 | #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ |
29 | ASN1_STRFLGS_ESC_2254 | \ |
30 | ASN1_STRFLGS_ESC_QUOTE | \ |
31 | ASN1_STRFLGS_ESC_CTRL | \ |
32 | ASN1_STRFLGS_ESC_MSB) |
33 | |
34 | /* |
35 | * Three IO functions for sending data to memory, a BIO and and a FILE |
36 | * pointer. |
37 | */ |
38 | static int send_bio_chars(void *arg, const void *buf, int len) |
39 | { |
40 | if (!arg) |
41 | return 1; |
42 | if (BIO_write(arg, buf, len) != len) |
43 | return 0; |
44 | return 1; |
45 | } |
46 | |
47 | #ifndef OPENSSL_NO_STDIO |
48 | static int send_fp_chars(void *arg, const void *buf, int len) |
49 | { |
50 | if (!arg) |
51 | return 1; |
52 | if (fwrite(buf, 1, len, arg) != (unsigned int)len) |
53 | return 0; |
54 | return 1; |
55 | } |
56 | #endif |
57 | |
58 | typedef int char_io (void *arg, const void *buf, int len); |
59 | |
60 | /* |
61 | * This function handles display of strings, one character at a time. It is |
62 | * passed an unsigned long for each character because it could come from 2 or |
63 | * even 4 byte forms. |
64 | */ |
65 | |
66 | static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes, |
67 | char_io *io_ch, void *arg) |
68 | { |
69 | unsigned short chflgs; |
70 | unsigned char chtmp; |
71 | char tmphex[HEX_SIZE(long) + 3]; |
72 | |
73 | if (c > 0xffffffffL) |
74 | return -1; |
75 | if (c > 0xffff) { |
76 | BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX" , c); |
77 | if (!io_ch(arg, tmphex, 10)) |
78 | return -1; |
79 | return 10; |
80 | } |
81 | if (c > 0xff) { |
82 | BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX" , c); |
83 | if (!io_ch(arg, tmphex, 6)) |
84 | return -1; |
85 | return 6; |
86 | } |
87 | chtmp = (unsigned char)c; |
88 | if (chtmp > 0x7f) |
89 | chflgs = flags & ASN1_STRFLGS_ESC_MSB; |
90 | else |
91 | chflgs = char_type[chtmp] & flags; |
92 | if (chflgs & CHARTYPE_BS_ESC) { |
93 | /* If we don't escape with quotes, signal we need quotes */ |
94 | if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { |
95 | if (do_quotes) |
96 | *do_quotes = 1; |
97 | if (!io_ch(arg, &chtmp, 1)) |
98 | return -1; |
99 | return 1; |
100 | } |
101 | if (!io_ch(arg, "\\" , 1)) |
102 | return -1; |
103 | if (!io_ch(arg, &chtmp, 1)) |
104 | return -1; |
105 | return 2; |
106 | } |
107 | if (chflgs & (ASN1_STRFLGS_ESC_CTRL |
108 | | ASN1_STRFLGS_ESC_MSB |
109 | | ASN1_STRFLGS_ESC_2254)) { |
110 | BIO_snprintf(tmphex, 11, "\\%02X" , chtmp); |
111 | if (!io_ch(arg, tmphex, 3)) |
112 | return -1; |
113 | return 3; |
114 | } |
115 | /* |
116 | * If we get this far and do any escaping at all must escape the escape |
117 | * character itself: backslash. |
118 | */ |
119 | if (chtmp == '\\' && (flags & ESC_FLAGS)) { |
120 | if (!io_ch(arg, "\\\\" , 2)) |
121 | return -1; |
122 | return 2; |
123 | } |
124 | if (!io_ch(arg, &chtmp, 1)) |
125 | return -1; |
126 | return 1; |
127 | } |
128 | |
129 | #define BUF_TYPE_WIDTH_MASK 0x7 |
130 | #define BUF_TYPE_CONVUTF8 0x8 |
131 | |
132 | /* |
133 | * This function sends each character in a buffer to do_esc_char(). It |
134 | * interprets the content formats and converts to or from UTF8 as |
135 | * appropriate. |
136 | */ |
137 | |
138 | static int do_buf(unsigned char *buf, int buflen, |
139 | int type, unsigned short flags, char *quotes, char_io *io_ch, |
140 | void *arg) |
141 | { |
142 | int i, outlen, len, charwidth; |
143 | unsigned short orflags; |
144 | unsigned char *p, *q; |
145 | unsigned long c; |
146 | |
147 | p = buf; |
148 | q = buf + buflen; |
149 | outlen = 0; |
150 | charwidth = type & BUF_TYPE_WIDTH_MASK; |
151 | |
152 | switch (charwidth) { |
153 | case 4: |
154 | if (buflen & 3) { |
155 | ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); |
156 | return -1; |
157 | } |
158 | break; |
159 | case 2: |
160 | if (buflen & 1) { |
161 | ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); |
162 | return -1; |
163 | } |
164 | break; |
165 | default: |
166 | break; |
167 | } |
168 | |
169 | while (p != q) { |
170 | if (p == buf && flags & ASN1_STRFLGS_ESC_2253) |
171 | orflags = CHARTYPE_FIRST_ESC_2253; |
172 | else |
173 | orflags = 0; |
174 | |
175 | switch (charwidth) { |
176 | case 4: |
177 | c = ((unsigned long)*p++) << 24; |
178 | c |= ((unsigned long)*p++) << 16; |
179 | c |= ((unsigned long)*p++) << 8; |
180 | c |= *p++; |
181 | break; |
182 | |
183 | case 2: |
184 | c = ((unsigned long)*p++) << 8; |
185 | c |= *p++; |
186 | break; |
187 | |
188 | case 1: |
189 | c = *p++; |
190 | break; |
191 | |
192 | case 0: |
193 | i = UTF8_getc(p, buflen, &c); |
194 | if (i < 0) |
195 | return -1; /* Invalid UTF8String */ |
196 | buflen -= i; |
197 | p += i; |
198 | break; |
199 | default: |
200 | return -1; /* invalid width */ |
201 | } |
202 | if (p == q && flags & ASN1_STRFLGS_ESC_2253) |
203 | orflags = CHARTYPE_LAST_ESC_2253; |
204 | if (type & BUF_TYPE_CONVUTF8) { |
205 | unsigned char utfbuf[6]; |
206 | int utflen; |
207 | utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c); |
208 | for (i = 0; i < utflen; i++) { |
209 | /* |
210 | * We don't need to worry about setting orflags correctly |
211 | * because if utflen==1 its value will be correct anyway |
212 | * otherwise each character will be > 0x7f and so the |
213 | * character will never be escaped on first and last. |
214 | */ |
215 | len = do_esc_char(utfbuf[i], flags | orflags, quotes, |
216 | io_ch, arg); |
217 | if (len < 0) |
218 | return -1; |
219 | outlen += len; |
220 | } |
221 | } else { |
222 | len = do_esc_char(c, flags | orflags, quotes, |
223 | io_ch, arg); |
224 | if (len < 0) |
225 | return -1; |
226 | outlen += len; |
227 | } |
228 | } |
229 | return outlen; |
230 | } |
231 | |
232 | /* This function hex dumps a buffer of characters */ |
233 | |
234 | static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, |
235 | int buflen) |
236 | { |
237 | static const char hexdig[] = "0123456789ABCDEF" ; |
238 | unsigned char *p, *q; |
239 | char hextmp[2]; |
240 | if (arg) { |
241 | p = buf; |
242 | q = buf + buflen; |
243 | while (p != q) { |
244 | hextmp[0] = hexdig[*p >> 4]; |
245 | hextmp[1] = hexdig[*p & 0xf]; |
246 | if (!io_ch(arg, hextmp, 2)) |
247 | return -1; |
248 | p++; |
249 | } |
250 | } |
251 | return buflen << 1; |
252 | } |
253 | |
254 | /* |
255 | * "dump" a string. This is done when the type is unknown, or the flags |
256 | * request it. We can either dump the content octets or the entire DER |
257 | * encoding. This uses the RFC2253 #01234 format. |
258 | */ |
259 | |
260 | static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, |
261 | const ASN1_STRING *str) |
262 | { |
263 | /* |
264 | * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to |
265 | * readily obtained |
266 | */ |
267 | ASN1_TYPE t; |
268 | unsigned char *der_buf, *p; |
269 | int outlen, der_len; |
270 | |
271 | if (!io_ch(arg, "#" , 1)) |
272 | return -1; |
273 | /* If we don't dump DER encoding just dump content octets */ |
274 | if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { |
275 | outlen = do_hex_dump(io_ch, arg, str->data, str->length); |
276 | if (outlen < 0) |
277 | return -1; |
278 | return outlen + 1; |
279 | } |
280 | t.type = str->type; |
281 | t.value.ptr = (char *)str; |
282 | der_len = i2d_ASN1_TYPE(&t, NULL); |
283 | if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { |
284 | ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE); |
285 | return -1; |
286 | } |
287 | p = der_buf; |
288 | i2d_ASN1_TYPE(&t, &p); |
289 | outlen = do_hex_dump(io_ch, arg, der_buf, der_len); |
290 | OPENSSL_free(der_buf); |
291 | if (outlen < 0) |
292 | return -1; |
293 | return outlen + 1; |
294 | } |
295 | |
296 | /* |
297 | * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is |
298 | * used for non string types otherwise it is the number of bytes per |
299 | * character |
300 | */ |
301 | |
302 | static const signed char tag2nbyte[] = { |
303 | -1, -1, -1, -1, -1, /* 0-4 */ |
304 | -1, -1, -1, -1, -1, /* 5-9 */ |
305 | -1, -1, /* 10-11 */ |
306 | 0, /* 12 V_ASN1_UTF8STRING */ |
307 | -1, -1, -1, -1, -1, /* 13-17 */ |
308 | 1, /* 18 V_ASN1_NUMERICSTRING */ |
309 | 1, /* 19 V_ASN1_PRINTABLESTRING */ |
310 | 1, /* 20 V_ASN1_T61STRING */ |
311 | -1, /* 21 */ |
312 | 1, /* 22 V_ASN1_IA5STRING */ |
313 | 1, /* 23 V_ASN1_UTCTIME */ |
314 | 1, /* 24 V_ASN1_GENERALIZEDTIME */ |
315 | -1, /* 25 */ |
316 | 1, /* 26 V_ASN1_ISO64STRING */ |
317 | -1, /* 27 */ |
318 | 4, /* 28 V_ASN1_UNIVERSALSTRING */ |
319 | -1, /* 29 */ |
320 | 2 /* 30 V_ASN1_BMPSTRING */ |
321 | }; |
322 | |
323 | /* |
324 | * This is the main function, print out an ASN1_STRING taking note of various |
325 | * escape and display options. Returns number of characters written or -1 if |
326 | * an error occurred. |
327 | */ |
328 | |
329 | static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, |
330 | const ASN1_STRING *str) |
331 | { |
332 | int outlen, len; |
333 | int type; |
334 | char quotes; |
335 | unsigned short flags; |
336 | quotes = 0; |
337 | /* Keep a copy of escape flags */ |
338 | flags = (unsigned short)(lflags & ESC_FLAGS); |
339 | |
340 | type = str->type; |
341 | |
342 | outlen = 0; |
343 | |
344 | if (lflags & ASN1_STRFLGS_SHOW_TYPE) { |
345 | const char *tagname; |
346 | tagname = ASN1_tag2str(type); |
347 | outlen += strlen(tagname); |
348 | if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":" , 1)) |
349 | return -1; |
350 | outlen++; |
351 | } |
352 | |
353 | /* Decide what to do with type, either dump content or display it */ |
354 | |
355 | /* Dump everything */ |
356 | if (lflags & ASN1_STRFLGS_DUMP_ALL) |
357 | type = -1; |
358 | /* Ignore the string type */ |
359 | else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) |
360 | type = 1; |
361 | else { |
362 | /* Else determine width based on type */ |
363 | if ((type > 0) && (type < 31)) |
364 | type = tag2nbyte[type]; |
365 | else |
366 | type = -1; |
367 | if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) |
368 | type = 1; |
369 | } |
370 | |
371 | if (type == -1) { |
372 | len = do_dump(lflags, io_ch, arg, str); |
373 | if (len < 0) |
374 | return -1; |
375 | outlen += len; |
376 | return outlen; |
377 | } |
378 | |
379 | if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { |
380 | /* |
381 | * Note: if string is UTF8 and we want to convert to UTF8 then we |
382 | * just interpret it as 1 byte per character to avoid converting |
383 | * twice. |
384 | */ |
385 | if (!type) |
386 | type = 1; |
387 | else |
388 | type |= BUF_TYPE_CONVUTF8; |
389 | } |
390 | |
391 | len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); |
392 | if (len < 0) |
393 | return -1; |
394 | outlen += len; |
395 | if (quotes) |
396 | outlen += 2; |
397 | if (!arg) |
398 | return outlen; |
399 | if (quotes && !io_ch(arg, "\"" , 1)) |
400 | return -1; |
401 | if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) |
402 | return -1; |
403 | if (quotes && !io_ch(arg, "\"" , 1)) |
404 | return -1; |
405 | return outlen; |
406 | } |
407 | |
408 | /* Used for line indenting: print 'indent' spaces */ |
409 | |
410 | static int do_indent(char_io *io_ch, void *arg, int indent) |
411 | { |
412 | int i; |
413 | for (i = 0; i < indent; i++) |
414 | if (!io_ch(arg, " " , 1)) |
415 | return 0; |
416 | return 1; |
417 | } |
418 | |
419 | #define FN_WIDTH_LN 25 |
420 | #define FN_WIDTH_SN 10 |
421 | |
422 | static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, |
423 | int indent, unsigned long flags) |
424 | { |
425 | int i, prev = -1, orflags, cnt; |
426 | int fn_opt, fn_nid; |
427 | ASN1_OBJECT *fn; |
428 | const ASN1_STRING *val; |
429 | const X509_NAME_ENTRY *ent; |
430 | char objtmp[80]; |
431 | const char *objbuf; |
432 | int outlen, len; |
433 | char *sep_dn, *sep_mv, *sep_eq; |
434 | int sep_dn_len, sep_mv_len, sep_eq_len; |
435 | if (indent < 0) |
436 | indent = 0; |
437 | outlen = indent; |
438 | if (!do_indent(io_ch, arg, indent)) |
439 | return -1; |
440 | switch (flags & XN_FLAG_SEP_MASK) { |
441 | case XN_FLAG_SEP_MULTILINE: |
442 | sep_dn = "\n" ; |
443 | sep_dn_len = 1; |
444 | sep_mv = " + " ; |
445 | sep_mv_len = 3; |
446 | break; |
447 | |
448 | case XN_FLAG_SEP_COMMA_PLUS: |
449 | sep_dn = "," ; |
450 | sep_dn_len = 1; |
451 | sep_mv = "+" ; |
452 | sep_mv_len = 1; |
453 | indent = 0; |
454 | break; |
455 | |
456 | case XN_FLAG_SEP_CPLUS_SPC: |
457 | sep_dn = ", " ; |
458 | sep_dn_len = 2; |
459 | sep_mv = " + " ; |
460 | sep_mv_len = 3; |
461 | indent = 0; |
462 | break; |
463 | |
464 | case XN_FLAG_SEP_SPLUS_SPC: |
465 | sep_dn = "; " ; |
466 | sep_dn_len = 2; |
467 | sep_mv = " + " ; |
468 | sep_mv_len = 3; |
469 | indent = 0; |
470 | break; |
471 | |
472 | default: |
473 | return -1; |
474 | } |
475 | |
476 | if (flags & XN_FLAG_SPC_EQ) { |
477 | sep_eq = " = " ; |
478 | sep_eq_len = 3; |
479 | } else { |
480 | sep_eq = "=" ; |
481 | sep_eq_len = 1; |
482 | } |
483 | |
484 | fn_opt = flags & XN_FLAG_FN_MASK; |
485 | |
486 | cnt = X509_NAME_entry_count(n); |
487 | for (i = 0; i < cnt; i++) { |
488 | if (flags & XN_FLAG_DN_REV) |
489 | ent = X509_NAME_get_entry(n, cnt - i - 1); |
490 | else |
491 | ent = X509_NAME_get_entry(n, i); |
492 | if (prev != -1) { |
493 | if (prev == X509_NAME_ENTRY_set(ent)) { |
494 | if (!io_ch(arg, sep_mv, sep_mv_len)) |
495 | return -1; |
496 | outlen += sep_mv_len; |
497 | } else { |
498 | if (!io_ch(arg, sep_dn, sep_dn_len)) |
499 | return -1; |
500 | outlen += sep_dn_len; |
501 | if (!do_indent(io_ch, arg, indent)) |
502 | return -1; |
503 | outlen += indent; |
504 | } |
505 | } |
506 | prev = X509_NAME_ENTRY_set(ent); |
507 | fn = X509_NAME_ENTRY_get_object(ent); |
508 | val = X509_NAME_ENTRY_get_data(ent); |
509 | fn_nid = OBJ_obj2nid(fn); |
510 | if (fn_opt != XN_FLAG_FN_NONE) { |
511 | int objlen, fld_len; |
512 | if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) { |
513 | OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1); |
514 | fld_len = 0; /* XXX: what should this be? */ |
515 | objbuf = objtmp; |
516 | } else { |
517 | if (fn_opt == XN_FLAG_FN_SN) { |
518 | fld_len = FN_WIDTH_SN; |
519 | objbuf = OBJ_nid2sn(fn_nid); |
520 | } else if (fn_opt == XN_FLAG_FN_LN) { |
521 | fld_len = FN_WIDTH_LN; |
522 | objbuf = OBJ_nid2ln(fn_nid); |
523 | } else { |
524 | fld_len = 0; /* XXX: what should this be? */ |
525 | objbuf = "" ; |
526 | } |
527 | } |
528 | objlen = strlen(objbuf); |
529 | if (!io_ch(arg, objbuf, objlen)) |
530 | return -1; |
531 | if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { |
532 | if (!do_indent(io_ch, arg, fld_len - objlen)) |
533 | return -1; |
534 | outlen += fld_len - objlen; |
535 | } |
536 | if (!io_ch(arg, sep_eq, sep_eq_len)) |
537 | return -1; |
538 | outlen += objlen + sep_eq_len; |
539 | } |
540 | /* |
541 | * If the field name is unknown then fix up the DER dump flag. We |
542 | * might want to limit this further so it will DER dump on anything |
543 | * other than a few 'standard' fields. |
544 | */ |
545 | if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) |
546 | orflags = ASN1_STRFLGS_DUMP_ALL; |
547 | else |
548 | orflags = 0; |
549 | |
550 | len = do_print_ex(io_ch, arg, flags | orflags, val); |
551 | if (len < 0) |
552 | return -1; |
553 | outlen += len; |
554 | } |
555 | return outlen; |
556 | } |
557 | |
558 | /* Wrappers round the main functions */ |
559 | |
560 | int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent, |
561 | unsigned long flags) |
562 | { |
563 | if (flags == XN_FLAG_COMPAT) |
564 | return X509_NAME_print(out, nm, indent); |
565 | return do_name_ex(send_bio_chars, out, nm, indent, flags); |
566 | } |
567 | |
568 | #ifndef OPENSSL_NO_STDIO |
569 | int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent, |
570 | unsigned long flags) |
571 | { |
572 | if (flags == XN_FLAG_COMPAT) { |
573 | BIO *btmp; |
574 | int ret; |
575 | btmp = BIO_new_fp(fp, BIO_NOCLOSE); |
576 | if (!btmp) |
577 | return -1; |
578 | ret = X509_NAME_print(btmp, nm, indent); |
579 | BIO_free(btmp); |
580 | return ret; |
581 | } |
582 | return do_name_ex(send_fp_chars, fp, nm, indent, flags); |
583 | } |
584 | #endif |
585 | |
586 | int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags) |
587 | { |
588 | return do_print_ex(send_bio_chars, out, flags, str); |
589 | } |
590 | |
591 | #ifndef OPENSSL_NO_STDIO |
592 | int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags) |
593 | { |
594 | return do_print_ex(send_fp_chars, fp, flags, str); |
595 | } |
596 | #endif |
597 | |
598 | /* |
599 | * Utility function: convert any string type to UTF8, returns number of bytes |
600 | * in output string or a negative error code |
601 | */ |
602 | |
603 | int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in) |
604 | { |
605 | ASN1_STRING stmp, *str = &stmp; |
606 | int mbflag, type, ret; |
607 | if (!in) |
608 | return -1; |
609 | type = in->type; |
610 | if ((type < 0) || (type > 30)) |
611 | return -1; |
612 | mbflag = tag2nbyte[type]; |
613 | if (mbflag == -1) |
614 | return -1; |
615 | mbflag |= MBSTRING_FLAG; |
616 | stmp.data = NULL; |
617 | stmp.length = 0; |
618 | stmp.flags = 0; |
619 | ret = |
620 | ASN1_mbstring_copy(&str, in->data, in->length, mbflag, |
621 | B_ASN1_UTF8STRING); |
622 | if (ret < 0) |
623 | return ret; |
624 | *out = stmp.data; |
625 | return stmp.length; |
626 | } |
627 | |