1 /* 2 * Copyright 1999-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 #include <stdio.h> 11 #include "crypto/ctype.h" 12 #include "internal/cryptlib.h" 13 #include "internal/unicode.h" 14 #include <openssl/asn1.h> 15 16 static int traverse_string(const unsigned char *p, int len, int inform, 17 int (*rfunc) (unsigned long value, void *in), 18 void *arg); 19 static int in_utf8(unsigned long value, void *arg); 20 static int out_utf8(unsigned long value, void *arg); 21 static int type_str(unsigned long value, void *arg); 22 static int cpy_asc(unsigned long value, void *arg); 23 static int cpy_bmp(unsigned long value, void *arg); 24 static int cpy_univ(unsigned long value, void *arg); 25 static int cpy_utf8(unsigned long value, void *arg); 26 27 /* 28 * These functions take a string in UTF8, ASCII or multibyte form and a mask 29 * of permissible ASN1 string types. It then works out the minimal type 30 * (using the order Numeric < Printable < IA5 < T61 < BMP < Universal < UTF8) 31 * and creates a string of the correct type with the supplied data. Yes this is 32 * horrible: it has to be :-( The 'ncopy' form checks minimum and maximum 33 * size limits too. 34 */ 35 36 int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, 37 int inform, unsigned long mask) 38 { 39 return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0); 40 } 41 42 int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, 43 int inform, unsigned long mask, 44 long minsize, long maxsize) 45 { 46 int str_type; 47 int ret; 48 char free_out; 49 int outform, outlen = 0; 50 ASN1_STRING *dest; 51 unsigned char *p; 52 int nchar; 53 int (*cpyfunc) (unsigned long, void *) = NULL; 54 if (len == -1) 55 len = strlen((const char *)in); 56 if (!mask) 57 mask = DIRSTRING_TYPE; 58 if (len < 0) 59 return -1; 60 61 /* First do a string check and work out the number of characters */ 62 switch (inform) { 63 64 case MBSTRING_BMP: 65 if (len & 1) { 66 ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH); 67 return -1; 68 } 69 nchar = len >> 1; 70 break; 71 72 case MBSTRING_UNIV: 73 if (len & 3) { 74 ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); 75 return -1; 76 } 77 nchar = len >> 2; 78 break; 79 80 case MBSTRING_UTF8: 81 nchar = 0; 82 /* This counts the characters and does utf8 syntax checking */ 83 ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); 84 if (ret < 0) { 85 ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING); 86 return -1; 87 } 88 break; 89 90 case MBSTRING_ASC: 91 nchar = len; 92 break; 93 94 default: 95 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); 96 return -1; 97 } 98 99 if ((minsize > 0) && (nchar < minsize)) { 100 ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_SHORT, 101 "minsize=%ld", minsize); 102 return -1; 103 } 104 105 if ((maxsize > 0) && (nchar > maxsize)) { 106 ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG, 107 "maxsize=%ld", maxsize); 108 return -1; 109 } 110 111 /* Now work out minimal type (if any) */ 112 if (traverse_string(in, len, inform, type_str, &mask) < 0) { 113 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_CHARACTERS); 114 return -1; 115 } 116 117 /* Now work out output format and string type */ 118 outform = MBSTRING_ASC; 119 if (mask & B_ASN1_NUMERICSTRING) 120 str_type = V_ASN1_NUMERICSTRING; 121 else if (mask & B_ASN1_PRINTABLESTRING) 122 str_type = V_ASN1_PRINTABLESTRING; 123 else if (mask & B_ASN1_IA5STRING) 124 str_type = V_ASN1_IA5STRING; 125 else if (mask & B_ASN1_T61STRING) 126 str_type = V_ASN1_T61STRING; 127 else if (mask & B_ASN1_BMPSTRING) { 128 str_type = V_ASN1_BMPSTRING; 129 outform = MBSTRING_BMP; 130 } else if (mask & B_ASN1_UNIVERSALSTRING) { 131 str_type = V_ASN1_UNIVERSALSTRING; 132 outform = MBSTRING_UNIV; 133 } else { 134 str_type = V_ASN1_UTF8STRING; 135 outform = MBSTRING_UTF8; 136 } 137 if (!out) 138 return str_type; 139 if (*out) { 140 free_out = 0; 141 dest = *out; 142 ASN1_STRING_set0(dest, NULL, 0); 143 dest->type = str_type; 144 } else { 145 free_out = 1; 146 dest = ASN1_STRING_type_new(str_type); 147 if (dest == NULL) { 148 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 149 return -1; 150 } 151 *out = dest; 152 } 153 /* If both the same type just copy across */ 154 if (inform == outform) { 155 if (!ASN1_STRING_set(dest, in, len)) { 156 if (free_out) { 157 ASN1_STRING_free(dest); 158 *out = NULL; 159 } 160 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 161 return -1; 162 } 163 return str_type; 164 } 165 166 /* Work out how much space the destination will need */ 167 switch (outform) { 168 case MBSTRING_ASC: 169 outlen = nchar; 170 cpyfunc = cpy_asc; 171 break; 172 173 case MBSTRING_BMP: 174 outlen = nchar << 1; 175 cpyfunc = cpy_bmp; 176 break; 177 178 case MBSTRING_UNIV: 179 outlen = nchar << 2; 180 cpyfunc = cpy_univ; 181 break; 182 183 case MBSTRING_UTF8: 184 outlen = 0; 185 traverse_string(in, len, inform, out_utf8, &outlen); 186 cpyfunc = cpy_utf8; 187 break; 188 } 189 if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { 190 if (free_out) { 191 ASN1_STRING_free(dest); 192 *out = NULL; 193 } 194 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); 195 return -1; 196 } 197 dest->length = outlen; 198 dest->data = p; 199 p[outlen] = 0; 200 traverse_string(in, len, inform, cpyfunc, &p); 201 return str_type; 202 } 203 204 /* 205 * This function traverses a string and passes the value of each character to 206 * an optional function along with a void * argument. 207 */ 208 209 static int traverse_string(const unsigned char *p, int len, int inform, 210 int (*rfunc) (unsigned long value, void *in), 211 void *arg) 212 { 213 unsigned long value; 214 int ret; 215 while (len) { 216 if (inform == MBSTRING_ASC) { 217 value = *p++; 218 len--; 219 } else if (inform == MBSTRING_BMP) { 220 value = *p++ << 8; 221 value |= *p++; 222 len -= 2; 223 } else if (inform == MBSTRING_UNIV) { 224 value = ((unsigned long)*p++) << 24; 225 value |= ((unsigned long)*p++) << 16; 226 value |= *p++ << 8; 227 value |= *p++; 228 len -= 4; 229 } else { 230 ret = UTF8_getc(p, len, &value); 231 if (ret < 0) 232 return -1; 233 len -= ret; 234 p += ret; 235 } 236 if (rfunc) { 237 ret = rfunc(value, arg); 238 if (ret <= 0) 239 return ret; 240 } 241 } 242 return 1; 243 } 244 245 /* Various utility functions for traverse_string */ 246 247 /* Just count number of characters */ 248 249 static int in_utf8(unsigned long value, void *arg) 250 { 251 int *nchar; 252 253 if (!is_unicode_valid(value)) 254 return -2; 255 nchar = arg; 256 (*nchar)++; 257 return 1; 258 } 259 260 /* Determine size of output as a UTF8 String */ 261 262 static int out_utf8(unsigned long value, void *arg) 263 { 264 int *outlen, len; 265 266 len = UTF8_putc(NULL, -1, value); 267 if (len <= 0) 268 return len; 269 outlen = arg; 270 *outlen += len; 271 return 1; 272 } 273 274 /* 275 * Determine the "type" of a string: check each character against a supplied 276 * "mask". 277 */ 278 279 static int type_str(unsigned long value, void *arg) 280 { 281 unsigned long types = *((unsigned long *)arg); 282 const int native = value > INT_MAX ? INT_MAX : ossl_fromascii(value); 283 284 if ((types & B_ASN1_NUMERICSTRING) && !(ossl_isdigit(native) 285 || native == ' ')) 286 types &= ~B_ASN1_NUMERICSTRING; 287 if ((types & B_ASN1_PRINTABLESTRING) && !ossl_isasn1print(native)) 288 types &= ~B_ASN1_PRINTABLESTRING; 289 if ((types & B_ASN1_IA5STRING) && !ossl_isascii(native)) 290 types &= ~B_ASN1_IA5STRING; 291 if ((types & B_ASN1_T61STRING) && (value > 0xff)) 292 types &= ~B_ASN1_T61STRING; 293 if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) 294 types &= ~B_ASN1_BMPSTRING; 295 if ((types & B_ASN1_UTF8STRING) && !is_unicode_valid(value)) 296 types &= ~B_ASN1_UTF8STRING; 297 if (!types) 298 return -1; 299 *((unsigned long *)arg) = types; 300 return 1; 301 } 302 303 /* Copy one byte per character ASCII like strings */ 304 305 static int cpy_asc(unsigned long value, void *arg) 306 { 307 unsigned char **p, *q; 308 p = arg; 309 q = *p; 310 *q = (unsigned char)value; 311 (*p)++; 312 return 1; 313 } 314 315 /* Copy two byte per character BMPStrings */ 316 317 static int cpy_bmp(unsigned long value, void *arg) 318 { 319 unsigned char **p, *q; 320 p = arg; 321 q = *p; 322 *q++ = (unsigned char)((value >> 8) & 0xff); 323 *q = (unsigned char)(value & 0xff); 324 *p += 2; 325 return 1; 326 } 327 328 /* Copy four byte per character UniversalStrings */ 329 330 static int cpy_univ(unsigned long value, void *arg) 331 { 332 unsigned char **p, *q; 333 p = arg; 334 q = *p; 335 *q++ = (unsigned char)((value >> 24) & 0xff); 336 *q++ = (unsigned char)((value >> 16) & 0xff); 337 *q++ = (unsigned char)((value >> 8) & 0xff); 338 *q = (unsigned char)(value & 0xff); 339 *p += 4; 340 return 1; 341 } 342 343 /* Copy to a UTF8String */ 344 345 static int cpy_utf8(unsigned long value, void *arg) 346 { 347 unsigned char **p; 348 int ret; 349 p = arg; 350 /* We already know there is enough room so pass 0xff as the length */ 351 ret = UTF8_putc(*p, 0xff, value); 352 *p += ret; 353 return 1; 354 } 355