1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57#include <openssl/x509.h>
58
59#include <inttypes.h>
60#include <string.h>
61
62#include <openssl/asn1.h>
63#include <openssl/mem.h>
64#include <openssl/obj.h>
65
66#include "charmap.h"
67#include "../asn1/asn1_locl.h"
68
69/*
70 * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
71 * printing routines handling multibyte characters, RFC2253 and a host of
72 * other options.
73 */
74
75#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
76
77#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
78 ASN1_STRFLGS_ESC_QUOTE | \
79 ASN1_STRFLGS_ESC_CTRL | \
80 ASN1_STRFLGS_ESC_MSB)
81
82static int send_bio_chars(void *arg, const void *buf, int len)
83{
84 if (!arg)
85 return 1;
86 if (BIO_write(arg, buf, len) != len)
87 return 0;
88 return 1;
89}
90
91static int send_fp_chars(void *arg, const void *buf, int len)
92{
93 if (!arg)
94 return 1;
95 if (fwrite(buf, 1, len, arg) != (unsigned int)len)
96 return 0;
97 return 1;
98}
99
100typedef int char_io (void *arg, const void *buf, int len);
101
102/*
103 * This function handles display of strings, one character at a time. It is
104 * passed an unsigned long for each character because it could come from 2 or
105 * even 4 byte forms.
106 */
107
108#define HEX_SIZE(type) (sizeof(type)*2)
109
110static int do_esc_char(uint32_t c, unsigned char flags, char *do_quotes,
111 char_io *io_ch, void *arg)
112{
113 unsigned char chflgs, chtmp;
114 char tmphex[HEX_SIZE(uint32_t) + 3];
115
116 if (c > 0xffff) {
117 BIO_snprintf(tmphex, sizeof tmphex, "\\W%08" PRIX32, c);
118 if (!io_ch(arg, tmphex, 10))
119 return -1;
120 return 10;
121 }
122 if (c > 0xff) {
123 BIO_snprintf(tmphex, sizeof tmphex, "\\U%04" PRIX32, c);
124 if (!io_ch(arg, tmphex, 6))
125 return -1;
126 return 6;
127 }
128 chtmp = (unsigned char)c;
129 if (chtmp > 0x7f)
130 chflgs = flags & ASN1_STRFLGS_ESC_MSB;
131 else
132 chflgs = char_type[chtmp] & flags;
133 if (chflgs & CHARTYPE_BS_ESC) {
134 /* If we don't escape with quotes, signal we need quotes */
135 if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
136 if (do_quotes)
137 *do_quotes = 1;
138 if (!io_ch(arg, &chtmp, 1))
139 return -1;
140 return 1;
141 }
142 if (!io_ch(arg, "\\", 1))
143 return -1;
144 if (!io_ch(arg, &chtmp, 1))
145 return -1;
146 return 2;
147 }
148 if (chflgs & (ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB)) {
149 BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
150 if (!io_ch(arg, tmphex, 3))
151 return -1;
152 return 3;
153 }
154 /*
155 * If we get this far and do any escaping at all must escape the escape
156 * character itself: backslash.
157 */
158 if (chtmp == '\\' && flags & ESC_FLAGS) {
159 if (!io_ch(arg, "\\\\", 2))
160 return -1;
161 return 2;
162 }
163 if (!io_ch(arg, &chtmp, 1))
164 return -1;
165 return 1;
166}
167
168#define BUF_TYPE_WIDTH_MASK 0x7
169#define BUF_TYPE_CONVUTF8 0x8
170
171/*
172 * This function sends each character in a buffer to do_esc_char(). It
173 * interprets the content formats and converts to or from UTF8 as
174 * appropriate.
175 */
176
177static int do_buf(unsigned char *buf, int buflen,
178 int type, unsigned char flags, char *quotes, char_io *io_ch,
179 void *arg)
180{
181 int i, outlen, len, charwidth;
182 unsigned char orflags, *p, *q;
183 uint32_t c;
184 p = buf;
185 q = buf + buflen;
186 outlen = 0;
187 charwidth = type & BUF_TYPE_WIDTH_MASK;
188
189 switch (charwidth) {
190 case 4:
191 if (buflen & 3) {
192 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_UNIVERSALSTRING);
193 return -1;
194 }
195 break;
196 case 2:
197 if (buflen & 1) {
198 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BMPSTRING);
199 return -1;
200 }
201 break;
202 default:
203 break;
204 }
205
206 while (p != q) {
207 if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
208 orflags = CHARTYPE_FIRST_ESC_2253;
209 else
210 orflags = 0;
211 switch (charwidth) {
212 case 4:
213 c = ((uint32_t)*p++) << 24;
214 c |= ((uint32_t)*p++) << 16;
215 c |= ((uint32_t)*p++) << 8;
216 c |= *p++;
217 break;
218
219 case 2:
220 c = ((uint32_t)*p++) << 8;
221 c |= *p++;
222 break;
223
224 case 1:
225 c = *p++;
226 break;
227
228 case 0:
229 i = UTF8_getc(p, buflen, &c);
230 if (i < 0)
231 return -1; /* Invalid UTF8String */
232 buflen -= i;
233 p += i;
234 break;
235 default:
236 return -1; /* invalid width */
237 }
238 if (p == q && flags & ASN1_STRFLGS_ESC_2253)
239 orflags = CHARTYPE_LAST_ESC_2253;
240 if (type & BUF_TYPE_CONVUTF8) {
241 unsigned char utfbuf[6];
242 int utflen;
243 utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
244 for (i = 0; i < utflen; i++) {
245 /*
246 * We don't need to worry about setting orflags correctly
247 * because if utflen==1 its value will be correct anyway
248 * otherwise each character will be > 0x7f and so the
249 * character will never be escaped on first and last.
250 */
251 len =
252 do_esc_char(utfbuf[i], (unsigned char)(flags | orflags),
253 quotes, io_ch, arg);
254 if (len < 0)
255 return -1;
256 outlen += len;
257 }
258 } else {
259 len =
260 do_esc_char(c, (unsigned char)(flags | orflags), quotes,
261 io_ch, arg);
262 if (len < 0)
263 return -1;
264 outlen += len;
265 }
266 }
267 return outlen;
268}
269
270/* This function hex dumps a buffer of characters */
271
272static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
273 int buflen)
274{
275 static const char hexdig[] = "0123456789ABCDEF";
276 unsigned char *p, *q;
277 char hextmp[2];
278 if (arg) {
279 p = buf;
280 q = buf + buflen;
281 while (p != q) {
282 hextmp[0] = hexdig[*p >> 4];
283 hextmp[1] = hexdig[*p & 0xf];
284 if (!io_ch(arg, hextmp, 2))
285 return -1;
286 p++;
287 }
288 }
289 return buflen << 1;
290}
291
292/*
293 * "dump" a string. This is done when the type is unknown, or the flags
294 * request it. We can either dump the content octets or the entire DER
295 * encoding. This uses the RFC2253 #01234 format.
296 */
297
298static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
299 ASN1_STRING *str)
300{
301 /*
302 * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
303 * readily obtained
304 */
305 ASN1_TYPE t;
306 unsigned char *der_buf, *p;
307 int outlen, der_len;
308
309 if (!io_ch(arg, "#", 1))
310 return -1;
311 /* If we don't dump DER encoding just dump content octets */
312 if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
313 outlen = do_hex_dump(io_ch, arg, str->data, str->length);
314 if (outlen < 0)
315 return -1;
316 return outlen + 1;
317 }
318 t.type = str->type;
319 t.value.ptr = (char *)str;
320 der_len = i2d_ASN1_TYPE(&t, NULL);
321 der_buf = OPENSSL_malloc(der_len);
322 if (!der_buf)
323 return -1;
324 p = der_buf;
325 i2d_ASN1_TYPE(&t, &p);
326 outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
327 OPENSSL_free(der_buf);
328 if (outlen < 0)
329 return -1;
330 return outlen + 1;
331}
332
333/*
334 * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
335 * used for non string types otherwise it is the number of bytes per
336 * character
337 */
338
339static const signed char tag2nbyte[] = {
340 -1, -1, -1, -1, -1, /* 0-4 */
341 -1, -1, -1, -1, -1, /* 5-9 */
342 -1, -1, 0, -1, /* 10-13 */
343 -1, -1, -1, -1, /* 15-17 */
344 1, 1, 1, /* 18-20 */
345 -1, 1, 1, 1, /* 21-24 */
346 -1, 1, -1, /* 25-27 */
347 4, -1, 2 /* 28-30 */
348};
349
350/*
351 * This is the main function, print out an ASN1_STRING taking note of various
352 * escape and display options. Returns number of characters written or -1 if
353 * an error occurred.
354 */
355
356static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
357 ASN1_STRING *str)
358{
359 int outlen, len;
360 int type;
361 char quotes;
362 unsigned char flags;
363 quotes = 0;
364 /* Keep a copy of escape flags */
365 flags = (unsigned char)(lflags & ESC_FLAGS);
366
367 type = str->type;
368
369 outlen = 0;
370
371 if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
372 const char *tagname;
373 tagname = ASN1_tag2str(type);
374 outlen += strlen(tagname);
375 if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
376 return -1;
377 outlen++;
378 }
379
380 /* Decide what to do with type, either dump content or display it */
381
382 /* Dump everything */
383 if (lflags & ASN1_STRFLGS_DUMP_ALL)
384 type = -1;
385 /* Ignore the string type */
386 else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
387 type = 1;
388 else {
389 /* Else determine width based on type */
390 if ((type > 0) && (type < 31))
391 type = tag2nbyte[type];
392 else
393 type = -1;
394 if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
395 type = 1;
396 }
397
398 if (type == -1) {
399 len = do_dump(lflags, io_ch, arg, str);
400 if (len < 0)
401 return -1;
402 outlen += len;
403 return outlen;
404 }
405
406 if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
407 /*
408 * Note: if string is UTF8 and we want to convert to UTF8 then we
409 * just interpret it as 1 byte per character to avoid converting
410 * twice.
411 */
412 if (!type)
413 type = 1;
414 else
415 type |= BUF_TYPE_CONVUTF8;
416 }
417
418 len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
419 if (len < 0)
420 return -1;
421 outlen += len;
422 if (quotes)
423 outlen += 2;
424 if (!arg)
425 return outlen;
426 if (quotes && !io_ch(arg, "\"", 1))
427 return -1;
428 if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
429 return -1;
430 if (quotes && !io_ch(arg, "\"", 1))
431 return -1;
432 return outlen;
433}
434
435/* Used for line indenting: print 'indent' spaces */
436
437static int do_indent(char_io *io_ch, void *arg, int indent)
438{
439 int i;
440 for (i = 0; i < indent; i++)
441 if (!io_ch(arg, " ", 1))
442 return 0;
443 return 1;
444}
445
446#define FN_WIDTH_LN 25
447#define FN_WIDTH_SN 10
448
449static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n,
450 int indent, unsigned long flags)
451{
452 int i, prev = -1, orflags, cnt;
453 int fn_opt, fn_nid;
454 ASN1_OBJECT *fn;
455 ASN1_STRING *val;
456 X509_NAME_ENTRY *ent;
457 char objtmp[80];
458 const char *objbuf;
459 int outlen, len;
460 const char *sep_dn, *sep_mv, *sep_eq;
461 int sep_dn_len, sep_mv_len, sep_eq_len;
462 if (indent < 0)
463 indent = 0;
464 outlen = indent;
465 if (!do_indent(io_ch, arg, indent))
466 return -1;
467 switch (flags & XN_FLAG_SEP_MASK) {
468 case XN_FLAG_SEP_MULTILINE:
469 sep_dn = "\n";
470 sep_dn_len = 1;
471 sep_mv = " + ";
472 sep_mv_len = 3;
473 break;
474
475 case XN_FLAG_SEP_COMMA_PLUS:
476 sep_dn = ",";
477 sep_dn_len = 1;
478 sep_mv = "+";
479 sep_mv_len = 1;
480 indent = 0;
481 break;
482
483 case XN_FLAG_SEP_CPLUS_SPC:
484 sep_dn = ", ";
485 sep_dn_len = 2;
486 sep_mv = " + ";
487 sep_mv_len = 3;
488 indent = 0;
489 break;
490
491 case XN_FLAG_SEP_SPLUS_SPC:
492 sep_dn = "; ";
493 sep_dn_len = 2;
494 sep_mv = " + ";
495 sep_mv_len = 3;
496 indent = 0;
497 break;
498
499 default:
500 return -1;
501 }
502
503 if (flags & XN_FLAG_SPC_EQ) {
504 sep_eq = " = ";
505 sep_eq_len = 3;
506 } else {
507 sep_eq = "=";
508 sep_eq_len = 1;
509 }
510
511 fn_opt = flags & XN_FLAG_FN_MASK;
512
513 cnt = X509_NAME_entry_count(n);
514 for (i = 0; i < cnt; i++) {
515 if (flags & XN_FLAG_DN_REV)
516 ent = X509_NAME_get_entry(n, cnt - i - 1);
517 else
518 ent = X509_NAME_get_entry(n, i);
519 if (prev != -1) {
520 if (prev == ent->set) {
521 if (!io_ch(arg, sep_mv, sep_mv_len))
522 return -1;
523 outlen += sep_mv_len;
524 } else {
525 if (!io_ch(arg, sep_dn, sep_dn_len))
526 return -1;
527 outlen += sep_dn_len;
528 if (!do_indent(io_ch, arg, indent))
529 return -1;
530 outlen += indent;
531 }
532 }
533 prev = ent->set;
534 fn = X509_NAME_ENTRY_get_object(ent);
535 val = X509_NAME_ENTRY_get_data(ent);
536 fn_nid = OBJ_obj2nid(fn);
537 if (fn_opt != XN_FLAG_FN_NONE) {
538 int objlen, fld_len;
539 if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
540 OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
541 fld_len = 0; /* XXX: what should this be? */
542 objbuf = objtmp;
543 } else {
544 if (fn_opt == XN_FLAG_FN_SN) {
545 fld_len = FN_WIDTH_SN;
546 objbuf = OBJ_nid2sn(fn_nid);
547 } else if (fn_opt == XN_FLAG_FN_LN) {
548 fld_len = FN_WIDTH_LN;
549 objbuf = OBJ_nid2ln(fn_nid);
550 } else {
551 fld_len = 0; /* XXX: what should this be? */
552 objbuf = "";
553 }
554 }
555 objlen = strlen(objbuf);
556 if (!io_ch(arg, objbuf, objlen))
557 return -1;
558 if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
559 if (!do_indent(io_ch, arg, fld_len - objlen))
560 return -1;
561 outlen += fld_len - objlen;
562 }
563 if (!io_ch(arg, sep_eq, sep_eq_len))
564 return -1;
565 outlen += objlen + sep_eq_len;
566 }
567 /*
568 * If the field name is unknown then fix up the DER dump flag. We
569 * might want to limit this further so it will DER dump on anything
570 * other than a few 'standard' fields.
571 */
572 if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
573 orflags = ASN1_STRFLGS_DUMP_ALL;
574 else
575 orflags = 0;
576
577 len = do_print_ex(io_ch, arg, flags | orflags, val);
578 if (len < 0)
579 return -1;
580 outlen += len;
581 }
582 return outlen;
583}
584
585/* Wrappers round the main functions */
586
587int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent,
588 unsigned long flags)
589{
590 if (flags == XN_FLAG_COMPAT)
591 return X509_NAME_print(out, nm, indent);
592 return do_name_ex(send_bio_chars, out, nm, indent, flags);
593}
594
595#ifndef OPENSSL_NO_FP_API
596int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent,
597 unsigned long flags)
598{
599 if (flags == XN_FLAG_COMPAT) {
600 BIO *btmp;
601 int ret;
602 btmp = BIO_new_fp(fp, BIO_NOCLOSE);
603 if (!btmp)
604 return -1;
605 ret = X509_NAME_print(btmp, nm, indent);
606 BIO_free(btmp);
607 return ret;
608 }
609 return do_name_ex(send_fp_chars, fp, nm, indent, flags);
610}
611#endif
612
613int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags)
614{
615 return do_print_ex(send_bio_chars, out, flags, str);
616}
617
618#ifndef OPENSSL_NO_FP_API
619int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags)
620{
621 return do_print_ex(send_fp_chars, fp, flags, str);
622}
623#endif
624
625/*
626 * Utility function: convert any string type to UTF8, returns number of bytes
627 * in output string or a negative error code
628 */
629
630int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in)
631{
632 ASN1_STRING stmp, *str = &stmp;
633 int mbflag, type, ret;
634 if (!in)
635 return -1;
636 type = in->type;
637 if ((type < 0) || (type > 30))
638 return -1;
639 mbflag = tag2nbyte[type];
640 if (mbflag == -1)
641 return -1;
642 mbflag |= MBSTRING_FLAG;
643 stmp.data = NULL;
644 stmp.length = 0;
645 stmp.flags = 0;
646 ret =
647 ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
648 B_ASN1_UTF8STRING);
649 if (ret < 0)
650 return ret;
651 *out = stmp.data;
652 return stmp.length;
653}
654