2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
62 #include <openssl/asn1.h>
64 static int traverse_string(const unsigned char *p, int len, int inform,
65 int (*rfunc)(unsigned long value, void *in), void *arg);
66 static int in_utf8(unsigned long value, void *arg);
67 static int out_utf8(unsigned long value, void *arg);
68 static int type_str(unsigned long value, void *arg);
69 static int cpy_asc(unsigned long value, void *arg);
70 static int cpy_bmp(unsigned long value, void *arg);
71 static int cpy_univ(unsigned long value, void *arg);
72 static int cpy_utf8(unsigned long value, void *arg);
73 static int is_printable(unsigned long value);
75 /* This is the default mask for the mbstring functions: it is designed
76 * to be a "safe" DirectoryString. Netscape messenger crashes when it
77 * receives a certificate containing a BMPString so by default we don't
78 * use them unless we have to.
81 static long dirstring_mask = B_ASN1_PRINTABLESTRING
82 | B_ASN1_T61STRING | B_ASN1_BMPSTRING;
84 void ASN1_STRING_set_default_mask(unsigned long mask)
86 dirstring_mask = mask;
89 unsigned long ASN1_STRING_get_default_mask(void)
91 return dirstring_mask;
94 /* This function sets the default to various "flavours" of configuration.
95 * based on an ASCII string. Currently this is:
96 * MASK:XXXX : a numerical mask value.
97 * nobmp : Don't use BMPStrings (just Printable, T61).
98 * pkix : PKIX recommendation in RFC2459.
99 * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
100 * default: the default value, Printable, T61, BMP.
103 int ASN1_STRING_set_default_mask_asc(char *p)
107 if(!strncmp(p, "MASK:", 5)) {
109 mask = strtoul(p + 5, &end, 0);
111 } else if(!strcmp(p, "nobmp"))
112 mask = B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING;
113 else if(!strcmp(p, "pkix"))
114 mask = B_ASN1_PRINTABLESTRING | B_ASN1_BMPSTRING;
115 else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING;
116 else if(!strcmp(p, "default"))
117 mask = B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING;
119 ASN1_STRING_set_default_mask(mask);
123 /* These functions take a string in UTF8, ASCII or multibyte form and
124 * a mask of permissible ASN1 string types. It then works out the minimal
125 * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
126 * and creates a string of the correct type with the supplied data.
127 * Yes this is horrible: it has to be :-(
128 * The 'ncopy' form checks minimum and maximum size limits too.
131 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
132 int inform, unsigned long mask)
134 return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
137 int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
138 int inform, unsigned long mask,
139 long minsize, long maxsize)
148 int (*cpyfunc)(unsigned long,void *) = NULL;
149 if(len == -1) len = strlen((const char *)in);
150 if(!mask) mask = dirstring_mask;
152 /* First do a string check and work out the number of characters */
157 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
158 ASN1_R_INVALID_BMPSTRING_LENGTH);
166 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
167 ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
175 /* This counts the characters and does utf8 syntax checking */
176 ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
178 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
179 ASN1_R_INVALID_UTF8STRING);
189 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_UNKNOWN_FORMAT);
193 if(minsize && (nchar < minsize)) {
194 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_SHORT);
195 sprintf(strbuf, "%ld", minsize);
196 ERR_add_error_data(2, "minsize=", strbuf);
200 if(maxsize && (nchar > maxsize)) {
201 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_STRING_TOO_LONG);
202 sprintf(strbuf, "%ld", maxsize);
203 ERR_add_error_data(2, "maxsize=", strbuf);
207 /* Now work out minimal type (if any) */
208 if(traverse_string(in, len, inform, type_str, &mask) < 0) {
209 ASN1err(ASN1_F_ASN1_MBSTRING_COPY, ASN1_R_ILLEGAL_CHARACTERS);
214 /* Now work out output format and string type */
215 outform = MBSTRING_ASC;
216 if(mask & B_ASN1_PRINTABLESTRING) str_type = V_ASN1_PRINTABLESTRING;
217 else if(mask & B_ASN1_IA5STRING) str_type = V_ASN1_IA5STRING;
218 else if(mask & B_ASN1_T61STRING) str_type = V_ASN1_T61STRING;
219 else if(mask & B_ASN1_BMPSTRING) {
220 str_type = V_ASN1_BMPSTRING;
221 outform = MBSTRING_BMP;
222 } else if(mask & B_ASN1_UNIVERSALSTRING) {
223 str_type = V_ASN1_UNIVERSALSTRING;
224 outform = MBSTRING_UNIV;
226 str_type = V_ASN1_UTF8STRING;
227 outform = MBSTRING_UTF8;
229 if(!out) return str_type;
237 dest->type = str_type;
239 dest = ASN1_STRING_type_new(str_type);
241 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,
242 ERR_R_MALLOC_FAILURE);
247 /* If both the same type just copy across */
248 if(inform == outform) {
249 if(!ASN1_STRING_set(dest, in, len)) {
250 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
256 /* Work out how much space the destination will need */
275 traverse_string(in, len, inform, out_utf8, &outlen);
279 if(!(p = Malloc(outlen + 1))) {
280 ASN1_STRING_free(dest);
281 ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE);
284 dest->length = outlen;
287 traverse_string(in, len, inform, cpyfunc, &p);
291 /* This function traverses a string and passes the value of each character
292 * to an optional function along with a void * argument.
295 static int traverse_string(const unsigned char *p, int len, int inform,
296 int (*rfunc)(unsigned long value, void *in), void *arg)
301 if(inform == MBSTRING_ASC) {
304 } else if(inform == MBSTRING_BMP) {
308 } else if(inform == MBSTRING_UNIV) {
315 ret = UTF8_getc(p, len, &value);
316 if(ret < 0) return -1;
321 ret = rfunc(value, arg);
322 if(ret <= 0) return ret;
328 /* Various utility functions for traverse_string */
330 /* Just count number of characters */
332 static int in_utf8(unsigned long value, void *arg)
340 /* Determine size of output as a UTF8 String */
342 static int out_utf8(unsigned long value, void *arg)
346 *outlen += UTF8_putc(NULL, -1, value);
350 /* Determine the "type" of a string: check each character against a
354 static int type_str(unsigned long value, void *arg)
357 types = *((unsigned long *)arg);
358 if((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
359 types &= ~B_ASN1_PRINTABLESTRING;
360 if((types & B_ASN1_IA5STRING) && (value > 127))
361 types &= ~B_ASN1_IA5STRING;
362 if((types & B_ASN1_T61STRING) && (value > 0xff))
363 types &= ~B_ASN1_T61STRING;
364 if((types & B_ASN1_BMPSTRING) && (value > 0xffff))
365 types &= ~B_ASN1_BMPSTRING;
366 if(!types) return -1;
367 *((unsigned long *)arg) = types;
371 /* Copy one byte per character ASCII like strings */
373 static int cpy_asc(unsigned long value, void *arg)
375 unsigned char **p, *q;
378 *q = (unsigned char) value;
383 /* Copy two byte per character BMPStrings */
385 static int cpy_bmp(unsigned long value, void *arg)
387 unsigned char **p, *q;
390 *q++ = (unsigned char) ((value >> 8) & 0xff);
391 *q = (unsigned char) (value & 0xff);
396 /* Copy four byte per character UniversalStrings */
398 static int cpy_univ(unsigned long value, void *arg)
400 unsigned char **p, *q;
403 *q++ = (unsigned char) ((value >> 24) & 0xff);
404 *q++ = (unsigned char) ((value >> 16) & 0xff);
405 *q++ = (unsigned char) ((value >> 8) & 0xff);
406 *q = (unsigned char) (value & 0xff);
411 /* Copy to a UTF8String */
413 static int cpy_utf8(unsigned long value, void *arg)
418 /* We already know there is enough room so pass 0xff as the length */
419 ret = UTF8_putc(*p, 0xff, value);
424 /* Return 1 if the character is permitted in a PrintableString */
425 static int is_printable(unsigned long value)
428 if(value > 0x7f) return 0;
430 /* Note: we can't use 'isalnum' because certain accented
431 * characters may count as alphanumeric in some environments.
433 if((ch >= 'a') && (ch <= 'z')) return 1;
434 if((ch >= 'A') && (ch <= 'Z')) return 1;
435 if((ch >= '0') && (ch <= '9')) return 1;
436 if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1;