1 /* $OpenBSD: a_strex.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2000. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include <string.h> 61 62 #include <openssl/asn1.h> 63 #include <openssl/crypto.h> 64 #include <openssl/x509.h> 65 66 #include "asn1_locl.h" 67 68 #include "charmap.h" 69 70 /* ASN1_STRING_print_ex() and X509_NAME_print_ex(). 71 * Enhanced string and name printing routines handling 72 * multibyte characters, RFC2253 and a host of other 73 * options. 74 */ 75 76 #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253) 77 78 #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \ 79 ASN1_STRFLGS_ESC_QUOTE | \ 80 ASN1_STRFLGS_ESC_CTRL | \ 81 ASN1_STRFLGS_ESC_MSB) 82 83 84 /* Three IO functions for sending data to memory, a BIO and 85 * and a FILE pointer. 86 */ 87 #if 0 /* never used */ 88 static int 89 send_mem_chars(void *arg, const void *buf, int len) 90 { 91 unsigned char **out = arg; 92 93 if (!out) 94 return 1; 95 memcpy(*out, buf, len); 96 *out += len; 97 return 1; 98 } 99 #endif 100 101 static int 102 send_bio_chars(void *arg, const void *buf, int len) 103 { 104 if (!arg) 105 return 1; 106 if (BIO_write(arg, buf, len) != len) 107 return 0; 108 return 1; 109 } 110 111 static int 112 send_fp_chars(void *arg, const void *buf, int len) 113 { 114 if (!arg) 115 return 1; 116 if (fwrite(buf, 1, (size_t)len, arg) != (size_t)len) 117 return 0; 118 return 1; 119 } 120 121 typedef int char_io(void *arg, const void *buf, int len); 122 123 /* This function handles display of 124 * strings, one character at a time. 125 * It is passed an unsigned long for each 126 * character because it could come from 2 or even 127 * 4 byte forms. 128 */ 129 130 static int 131 do_esc_char(unsigned long c, unsigned char flags, char *do_quotes, 132 char_io *io_ch, void *arg) 133 { 134 unsigned char chflgs, chtmp; 135 char tmphex[sizeof(long) * 2 + 3]; 136 137 if (c > 0xffffffffL) 138 return -1; 139 if (c > 0xffff) { 140 snprintf(tmphex, sizeof tmphex, "\\W%08lX", c); 141 if (!io_ch(arg, tmphex, 10)) 142 return -1; 143 return 10; 144 } 145 if (c > 0xff) { 146 snprintf(tmphex, sizeof tmphex, "\\U%04lX", c); 147 if (!io_ch(arg, tmphex, 6)) 148 return -1; 149 return 6; 150 } 151 chtmp = (unsigned char)c; 152 if (chtmp > 0x7f) 153 chflgs = flags & ASN1_STRFLGS_ESC_MSB; 154 else 155 chflgs = char_type[chtmp] & flags; 156 if (chflgs & CHARTYPE_BS_ESC) { 157 /* If we don't escape with quotes, signal we need quotes */ 158 if (chflgs & ASN1_STRFLGS_ESC_QUOTE) { 159 if (do_quotes) 160 *do_quotes = 1; 161 if (!io_ch(arg, &chtmp, 1)) 162 return -1; 163 return 1; 164 } 165 if (!io_ch(arg, "\\", 1)) 166 return -1; 167 if (!io_ch(arg, &chtmp, 1)) 168 return -1; 169 return 2; 170 } 171 if (chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) { 172 snprintf(tmphex, sizeof tmphex, "\\%02X", chtmp); 173 if (!io_ch(arg, tmphex, 3)) 174 return -1; 175 return 3; 176 } 177 /* If we get this far and do any escaping at all must escape 178 * the escape character itself: backslash. 179 */ 180 if (chtmp == '\\' && flags & ESC_FLAGS) { 181 if (!io_ch(arg, "\\\\", 2)) 182 return -1; 183 return 2; 184 } 185 if (!io_ch(arg, &chtmp, 1)) 186 return -1; 187 return 1; 188 } 189 190 #define BUF_TYPE_WIDTH_MASK 0x7 191 #define BUF_TYPE_CONVUTF8 0x8 192 193 /* This function sends each character in a buffer to 194 * do_esc_char(). It interprets the content formats 195 * and converts to or from UTF8 as appropriate. 196 */ 197 198 static int 199 do_buf(unsigned char *buf, int buflen, int type, unsigned char flags, 200 char *quotes, char_io *io_ch, void *arg) 201 { 202 int i, outlen, len; 203 unsigned char orflags, *p, *q; 204 unsigned long c; 205 206 p = buf; 207 q = buf + buflen; 208 outlen = 0; 209 while (p != q) { 210 if (p == buf && flags & ASN1_STRFLGS_ESC_2253) 211 orflags = CHARTYPE_FIRST_ESC_2253; 212 else 213 orflags = 0; 214 switch (type & BUF_TYPE_WIDTH_MASK) { 215 case 4: 216 c = ((unsigned long)*p++) << 24; 217 c |= ((unsigned long)*p++) << 16; 218 c |= ((unsigned long)*p++) << 8; 219 c |= *p++; 220 if (c > UNICODE_MAX || UNICODE_IS_SURROGATE(c)) 221 return -1; 222 break; 223 224 case 2: 225 c = ((unsigned long)*p++) << 8; 226 c |= *p++; 227 if (UNICODE_IS_SURROGATE(c)) 228 return -1; 229 break; 230 231 case 1: 232 c = *p++; 233 break; 234 235 case 0: 236 i = UTF8_getc(p, q - p, &c); 237 if (i < 0) 238 return -1; /* Invalid UTF8String */ 239 p += i; 240 break; 241 default: 242 return -1; /* invalid width */ 243 } 244 if (p == q && flags & ASN1_STRFLGS_ESC_2253) 245 orflags = CHARTYPE_LAST_ESC_2253; 246 if (type & BUF_TYPE_CONVUTF8) { 247 unsigned char utfbuf[6]; 248 int utflen; 249 250 utflen = UTF8_putc(utfbuf, sizeof utfbuf, c); 251 if (utflen < 0) 252 return -1; 253 for (i = 0; i < utflen; i++) { 254 /* We don't need to worry about setting orflags correctly 255 * because if utflen==1 its value will be correct anyway 256 * otherwise each character will be > 0x7f and so the 257 * character will never be escaped on first and last. 258 */ 259 len = do_esc_char(utfbuf[i], 260 (unsigned char)(flags | orflags), quotes, 261 io_ch, arg); 262 if (len < 0) 263 return -1; 264 outlen += len; 265 } 266 } else { 267 len = do_esc_char(c, (unsigned char)(flags | orflags), 268 quotes, io_ch, arg); 269 if (len < 0) 270 return -1; 271 outlen += len; 272 } 273 } 274 return outlen; 275 } 276 277 /* This function hex dumps a buffer of characters */ 278 279 static int 280 do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen) 281 { 282 static const char hexdig[] = "0123456789ABCDEF"; 283 unsigned char *p, *q; 284 char hextmp[2]; 285 if (arg) { 286 p = buf; 287 q = buf + buflen; 288 while (p != q) { 289 hextmp[0] = hexdig[*p >> 4]; 290 hextmp[1] = hexdig[*p & 0xf]; 291 if (!io_ch(arg, hextmp, 2)) 292 return -1; 293 p++; 294 } 295 } 296 return buflen << 1; 297 } 298 299 /* "dump" a string. This is done when the type is unknown, 300 * or the flags request it. We can either dump the content 301 * octets or the entire DER encoding. This uses the RFC2253 302 * #01234 format. 303 */ 304 305 static int 306 do_dump(unsigned long lflags, char_io *io_ch, void *arg, ASN1_STRING *str) 307 { 308 /* Placing the ASN1_STRING in a temp ASN1_TYPE allows 309 * the DER encoding to readily obtained 310 */ 311 ASN1_TYPE t; 312 unsigned char *der_buf, *p; 313 int outlen, der_len; 314 315 if (!io_ch(arg, "#", 1)) 316 return -1; 317 /* If we don't dump DER encoding just dump content octets */ 318 if (!(lflags & ASN1_STRFLGS_DUMP_DER)) { 319 outlen = do_hex_dump(io_ch, arg, str->data, str->length); 320 if (outlen < 0) 321 return -1; 322 return outlen + 1; 323 } 324 t.type = str->type; 325 t.value.ptr = (char *)str; 326 der_len = i2d_ASN1_TYPE(&t, NULL); 327 der_buf = malloc(der_len); 328 if (!der_buf) 329 return -1; 330 p = der_buf; 331 i2d_ASN1_TYPE(&t, &p); 332 outlen = do_hex_dump(io_ch, arg, der_buf, der_len); 333 free(der_buf); 334 if (outlen < 0) 335 return -1; 336 return outlen + 1; 337 } 338 339 /* Lookup table to convert tags to character widths, 340 * 0 = UTF8 encoded, -1 is used for non string types 341 * otherwise it is the number of bytes per character 342 */ 343 344 static const signed char tag2nbyte[] = { 345 -1, -1, -1, -1, -1, /* 0-4 */ 346 -1, -1, -1, -1, -1, /* 5-9 */ 347 -1, -1, 0, -1, /* 10-13 */ 348 -1, -1, -1, -1, /* 15-17 */ 349 -1, 1, 1, /* 18-20 */ 350 -1, 1, 1, 1, /* 21-24 */ 351 -1, 1, -1, /* 25-27 */ 352 4, -1, 2 /* 28-30 */ 353 }; 354 355 /* This is the main function, print out an 356 * ASN1_STRING taking note of various escape 357 * and display options. Returns number of 358 * characters written or -1 if an error 359 * occurred. 360 */ 361 362 static int 363 do_print_ex(char_io *io_ch, void *arg, unsigned long lflags, ASN1_STRING *str) 364 { 365 int outlen, len; 366 int type; 367 char quotes; 368 unsigned char flags; 369 370 quotes = 0; 371 /* Keep a copy of escape flags */ 372 flags = (unsigned char)(lflags & ESC_FLAGS); 373 type = str->type; 374 outlen = 0; 375 376 if (lflags & ASN1_STRFLGS_SHOW_TYPE) { 377 const char *tagname; 378 tagname = ASN1_tag2str(type); 379 outlen += strlen(tagname); 380 if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1)) 381 return -1; 382 outlen++; 383 } 384 385 /* Decide what to do with type, either dump content or display it */ 386 387 /* Dump everything */ 388 if (lflags & ASN1_STRFLGS_DUMP_ALL) 389 type = -1; 390 /* Ignore the string type */ 391 else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) 392 type = 1; 393 else { 394 /* Else determine width based on type */ 395 if ((type > 0) && (type < 31)) 396 type = tag2nbyte[type]; 397 else 398 type = -1; 399 if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN)) 400 type = 1; 401 } 402 403 if (type == -1) { 404 len = do_dump(lflags, io_ch, arg, str); 405 if (len < 0) 406 return -1; 407 outlen += len; 408 return outlen; 409 } 410 411 if (lflags & ASN1_STRFLGS_UTF8_CONVERT) { 412 /* Note: if string is UTF8 and we want 413 * to convert to UTF8 then we just interpret 414 * it as 1 byte per character to avoid converting 415 * twice. 416 */ 417 if (!type) 418 type = 1; 419 else 420 type |= BUF_TYPE_CONVUTF8; 421 } 422 423 len = do_buf(str->data, str->length, type, flags, "es, io_ch, NULL); 424 if (len < 0) 425 return -1; 426 outlen += len; 427 if (quotes) 428 outlen += 2; 429 if (!arg) 430 return outlen; 431 if (quotes && !io_ch(arg, "\"", 1)) 432 return -1; 433 if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0) 434 return -1; 435 if (quotes && !io_ch(arg, "\"", 1)) 436 return -1; 437 return outlen; 438 } 439 440 /* Used for line indenting: print 'indent' spaces */ 441 442 static int 443 do_indent(char_io *io_ch, void *arg, int indent) 444 { 445 int i; 446 for (i = 0; i < indent; i++) 447 if (!io_ch(arg, " ", 1)) 448 return 0; 449 return 1; 450 } 451 452 #define FN_WIDTH_LN 25 453 #define FN_WIDTH_SN 10 454 455 static int 456 do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, int indent, 457 unsigned long flags) 458 { 459 int i, prev = -1, orflags, cnt; 460 int fn_opt, fn_nid; 461 ASN1_OBJECT *fn; 462 ASN1_STRING *val; 463 X509_NAME_ENTRY *ent; 464 char objtmp[80]; 465 const char *objbuf; 466 int outlen, len; 467 char *sep_dn, *sep_mv, *sep_eq; 468 int sep_dn_len, sep_mv_len, sep_eq_len; 469 470 if (indent < 0) 471 indent = 0; 472 outlen = indent; 473 if (!do_indent(io_ch, arg, indent)) 474 return -1; 475 476 switch (flags & XN_FLAG_SEP_MASK) { 477 case XN_FLAG_SEP_MULTILINE: 478 sep_dn = "\n"; 479 sep_dn_len = 1; 480 sep_mv = " + "; 481 sep_mv_len = 3; 482 break; 483 484 case XN_FLAG_SEP_COMMA_PLUS: 485 sep_dn = ","; 486 sep_dn_len = 1; 487 sep_mv = "+"; 488 sep_mv_len = 1; 489 indent = 0; 490 break; 491 492 case XN_FLAG_SEP_CPLUS_SPC: 493 sep_dn = ", "; 494 sep_dn_len = 2; 495 sep_mv = " + "; 496 sep_mv_len = 3; 497 indent = 0; 498 break; 499 500 case XN_FLAG_SEP_SPLUS_SPC: 501 sep_dn = "; "; 502 sep_dn_len = 2; 503 sep_mv = " + "; 504 sep_mv_len = 3; 505 indent = 0; 506 break; 507 508 default: 509 return -1; 510 } 511 512 if (flags & XN_FLAG_SPC_EQ) { 513 sep_eq = " = "; 514 sep_eq_len = 3; 515 } else { 516 sep_eq = "="; 517 sep_eq_len = 1; 518 } 519 520 fn_opt = flags & XN_FLAG_FN_MASK; 521 522 cnt = X509_NAME_entry_count(n); 523 for (i = 0; i < cnt; i++) { 524 if (flags & XN_FLAG_DN_REV) 525 ent = X509_NAME_get_entry(n, cnt - i - 1); 526 else 527 ent = X509_NAME_get_entry(n, i); 528 if (prev != -1) { 529 if (prev == ent->set) { 530 if (!io_ch(arg, sep_mv, sep_mv_len)) 531 return -1; 532 outlen += sep_mv_len; 533 } else { 534 if (!io_ch(arg, sep_dn, sep_dn_len)) 535 return -1; 536 outlen += sep_dn_len; 537 if (!do_indent(io_ch, arg, indent)) 538 return -1; 539 outlen += indent; 540 } 541 } 542 prev = ent->set; 543 fn = X509_NAME_ENTRY_get_object(ent); 544 val = X509_NAME_ENTRY_get_data(ent); 545 fn_nid = OBJ_obj2nid(fn); 546 if (fn_opt != XN_FLAG_FN_NONE) { 547 int objlen, fld_len; 548 if ((fn_opt == XN_FLAG_FN_OID) || 549 (fn_nid == NID_undef)) { 550 OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1); 551 fld_len = 0; /* XXX: what should this be? */ 552 objbuf = objtmp; 553 } else { 554 if (fn_opt == XN_FLAG_FN_SN) { 555 fld_len = FN_WIDTH_SN; 556 objbuf = OBJ_nid2sn(fn_nid); 557 } else if (fn_opt == XN_FLAG_FN_LN) { 558 fld_len = FN_WIDTH_LN; 559 objbuf = OBJ_nid2ln(fn_nid); 560 } else { 561 fld_len = 0; /* XXX: what should this be? */ 562 objbuf = ""; 563 } 564 } 565 objlen = strlen(objbuf); 566 if (!io_ch(arg, objbuf, objlen)) 567 return -1; 568 if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { 569 if (!do_indent(io_ch, arg, fld_len - objlen)) 570 return -1; 571 outlen += fld_len - objlen; 572 } 573 if (!io_ch(arg, sep_eq, sep_eq_len)) 574 return -1; 575 outlen += objlen + sep_eq_len; 576 } 577 /* If the field name is unknown then fix up the DER dump 578 * flag. We might want to limit this further so it will 579 * DER dump on anything other than a few 'standard' fields. 580 */ 581 if ((fn_nid == NID_undef) && 582 (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS)) 583 orflags = ASN1_STRFLGS_DUMP_ALL; 584 else 585 orflags = 0; 586 587 len = do_print_ex(io_ch, arg, flags | orflags, val); 588 if (len < 0) 589 return -1; 590 outlen += len; 591 } 592 return outlen; 593 } 594 595 /* Wrappers round the main functions */ 596 597 int 598 X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) 599 { 600 if (flags == XN_FLAG_COMPAT) 601 return X509_NAME_print(out, nm, indent); 602 return do_name_ex(send_bio_chars, out, nm, indent, flags); 603 } 604 605 int 606 X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) 607 { 608 if (flags == XN_FLAG_COMPAT) { 609 BIO *btmp; 610 int ret; 611 btmp = BIO_new_fp(fp, BIO_NOCLOSE); 612 if (!btmp) 613 return -1; 614 ret = X509_NAME_print(btmp, nm, indent); 615 BIO_free(btmp); 616 return ret; 617 } 618 return do_name_ex(send_fp_chars, fp, nm, indent, flags); 619 } 620 621 int 622 ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags) 623 { 624 return do_print_ex(send_bio_chars, out, flags, str); 625 } 626 627 int 628 ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags) 629 { 630 return do_print_ex(send_fp_chars, fp, flags, str); 631 } 632 633 /* Utility function: convert any string type to UTF8, returns number of bytes 634 * in output string or a negative error code 635 */ 636 637 int 638 ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in) 639 { 640 ASN1_STRING stmp, *str = &stmp; 641 int mbflag, type, ret; 642 643 if (!in) 644 return -1; 645 type = in->type; 646 if ((type < 0) || (type > 30)) 647 return -1; 648 mbflag = tag2nbyte[type]; 649 if (mbflag == -1) 650 return -1; 651 mbflag |= MBSTRING_FLAG; 652 stmp.data = NULL; 653 stmp.length = 0; 654 ret = ASN1_mbstring_copy(&str, in->data, in->length, mbflag, 655 B_ASN1_UTF8STRING); 656 if (ret < 0) 657 return ret; 658 *out = stmp.data; 659 return stmp.length; 660 } 661