1/*
2 * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include <openssl/asn1.h>
13#include <openssl/objects.h>
14
15static STACK_OF(ASN1_STRING_TABLE) *stable = NULL;
16static void st_free(ASN1_STRING_TABLE *tbl);
17static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
18 const ASN1_STRING_TABLE *const *b);
19
20/*
21 * This is the global mask for the mbstring functions: this is use to mask
22 * out certain types (such as BMPString and UTF8String) because certain
23 * software (e.g. Netscape) has problems with them.
24 */
25
26static unsigned long global_mask = B_ASN1_UTF8STRING;
27
28void ASN1_STRING_set_default_mask(unsigned long mask)
29{
30 global_mask = mask;
31}
32
33unsigned long ASN1_STRING_get_default_mask(void)
34{
35 return global_mask;
36}
37
38/*-
39 * This function sets the default to various "flavours" of configuration.
40 * based on an ASCII string. Currently this is:
41 * MASK:XXXX : a numerical mask value.
42 * nobmp : Don't use BMPStrings (just Printable, T61).
43 * pkix : PKIX recommendation in RFC2459.
44 * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
45 * default: the default value, Printable, T61, BMP.
46 */
47
48int ASN1_STRING_set_default_mask_asc(const char *p)
49{
50 unsigned long mask;
51 char *end;
52
53 if (strncmp(p, "MASK:", 5) == 0) {
54 if (p[5] == '\0')
55 return 0;
56 mask = strtoul(p + 5, &end, 0);
57 if (*end)
58 return 0;
59 } else if (strcmp(p, "nombstr") == 0)
60 mask = ~((unsigned long)(B_ASN1_BMPSTRING | B_ASN1_UTF8STRING));
61 else if (strcmp(p, "pkix") == 0)
62 mask = ~((unsigned long)B_ASN1_T61STRING);
63 else if (strcmp(p, "utf8only") == 0)
64 mask = B_ASN1_UTF8STRING;
65 else if (strcmp(p, "default") == 0)
66 mask = 0xFFFFFFFFL;
67 else
68 return 0;
69 ASN1_STRING_set_default_mask(mask);
70 return 1;
71}
72
73/*
74 * The following function generates an ASN1_STRING based on limits in a
75 * table. Frequently the types and length of an ASN1_STRING are restricted by
76 * a corresponding OID. For example certificates and certificate requests.
77 */
78
79ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
80 const unsigned char *in, int inlen,
81 int inform, int nid)
82{
83 ASN1_STRING_TABLE *tbl;
84 ASN1_STRING *str = NULL;
85 unsigned long mask;
86 int ret;
87
88 if (out == NULL)
89 out = &str;
90 tbl = ASN1_STRING_TABLE_get(nid);
91 if (tbl != NULL) {
92 mask = tbl->mask;
93 if (!(tbl->flags & STABLE_NO_MASK))
94 mask &= global_mask;
95 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
96 tbl->minsize, tbl->maxsize);
97 } else {
98 ret = ASN1_mbstring_copy(out, in, inlen, inform,
99 DIRSTRING_TYPE & global_mask);
100 }
101 if (ret <= 0)
102 return NULL;
103 return *out;
104}
105
106/*
107 * Now the tables and helper functions for the string table:
108 */
109
110#include "tbl_standard.h"
111
112static int sk_table_cmp(const ASN1_STRING_TABLE *const *a,
113 const ASN1_STRING_TABLE *const *b)
114{
115 return (*a)->nid - (*b)->nid;
116}
117
118DECLARE_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
119
120static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b)
121{
122 return a->nid - b->nid;
123}
124
125IMPLEMENT_OBJ_BSEARCH_CMP_FN(ASN1_STRING_TABLE, ASN1_STRING_TABLE, table);
126
127ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid)
128{
129 int idx;
130 ASN1_STRING_TABLE fnd;
131
132 /* "stable" can be impacted by config, so load the config file first */
133 OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL);
134
135 fnd.nid = nid;
136 if (stable) {
137 idx = sk_ASN1_STRING_TABLE_find(stable, &fnd);
138 if (idx >= 0)
139 return sk_ASN1_STRING_TABLE_value(stable, idx);
140 }
141 return OBJ_bsearch_table(&fnd, tbl_standard, OSSL_NELEM(tbl_standard));
142}
143
144/*
145 * Return a string table pointer which can be modified: either directly from
146 * table or a copy of an internal value added to the table.
147 */
148
149static ASN1_STRING_TABLE *stable_get(int nid)
150{
151 ASN1_STRING_TABLE *tmp, *rv;
152
153 /* Always need a string table so allocate one if NULL */
154 if (stable == NULL) {
155 stable = sk_ASN1_STRING_TABLE_new(sk_table_cmp);
156 if (stable == NULL)
157 return NULL;
158 }
159 tmp = ASN1_STRING_TABLE_get(nid);
160 if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC)
161 return tmp;
162 if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) {
163 ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE);
164 return NULL;
165 }
166 if (!sk_ASN1_STRING_TABLE_push(stable, rv)) {
167 OPENSSL_free(rv);
168 return NULL;
169 }
170 if (tmp != NULL) {
171 rv->nid = tmp->nid;
172 rv->minsize = tmp->minsize;
173 rv->maxsize = tmp->maxsize;
174 rv->mask = tmp->mask;
175 rv->flags = tmp->flags | STABLE_FLAGS_MALLOC;
176 } else {
177 rv->nid = nid;
178 rv->minsize = -1;
179 rv->maxsize = -1;
180 rv->flags = STABLE_FLAGS_MALLOC;
181 }
182 return rv;
183}
184
185int ASN1_STRING_TABLE_add(int nid,
186 long minsize, long maxsize, unsigned long mask,
187 unsigned long flags)
188{
189 ASN1_STRING_TABLE *tmp;
190
191 tmp = stable_get(nid);
192 if (tmp == NULL) {
193 ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE);
194 return 0;
195 }
196 if (minsize >= 0)
197 tmp->minsize = minsize;
198 if (maxsize >= 0)
199 tmp->maxsize = maxsize;
200 if (mask)
201 tmp->mask = mask;
202 if (flags)
203 tmp->flags = STABLE_FLAGS_MALLOC | flags;
204 return 1;
205}
206
207void ASN1_STRING_TABLE_cleanup(void)
208{
209 STACK_OF(ASN1_STRING_TABLE) *tmp;
210
211 tmp = stable;
212 if (tmp == NULL)
213 return;
214 stable = NULL;
215 sk_ASN1_STRING_TABLE_pop_free(tmp, st_free);
216}
217
218static void st_free(ASN1_STRING_TABLE *tbl)
219{
220 if (tbl->flags & STABLE_FLAGS_MALLOC)
221 OPENSSL_free(tbl);
222}
223