1 /* Copyright (C) 1995-1998 Eric Young ([email protected])
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young ([email protected]).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson ([email protected]).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young ([email protected])"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson ([email protected])"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58
59 #include <assert.h>
60 #include <stdlib.h>
61 #include <string.h>
62
63 #include <openssl/err.h>
64 #include <openssl/mem.h>
65 #include <openssl/obj.h>
66
67 #include "../internal.h"
68 #include "../lhash/internal.h"
69 #include "internal.h"
70
71
72 DEFINE_LHASH_OF(ASN1_STRING_TABLE)
73
74 static LHASH_OF(ASN1_STRING_TABLE) *string_tables = NULL;
75 static CRYPTO_MUTEX string_tables_lock = CRYPTO_MUTEX_INIT;
76
ASN1_STRING_set_default_mask(unsigned long mask)77 void ASN1_STRING_set_default_mask(unsigned long mask) {}
78
ASN1_STRING_get_default_mask(void)79 unsigned long ASN1_STRING_get_default_mask(void) { return B_ASN1_UTF8STRING; }
80
ASN1_STRING_set_default_mask_asc(const char * p)81 int ASN1_STRING_set_default_mask_asc(const char *p) { return 1; }
82
83 static const ASN1_STRING_TABLE *asn1_string_table_get(int nid);
84
85 // The following function generates an ASN1_STRING based on limits in a
86 // table. Frequently the types and length of an ASN1_STRING are restricted by
87 // a corresponding OID. For example certificates and certificate requests.
88
ASN1_STRING_set_by_NID(ASN1_STRING ** out,const unsigned char * in,ossl_ssize_t len,int inform,int nid)89 ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in,
90 ossl_ssize_t len, int inform, int nid) {
91 ASN1_STRING *str = NULL;
92 int ret;
93 if (!out) {
94 out = &str;
95 }
96 const ASN1_STRING_TABLE *tbl = asn1_string_table_get(nid);
97 if (tbl != NULL) {
98 unsigned long mask = tbl->mask;
99 if (!(tbl->flags & STABLE_NO_MASK)) {
100 mask &= B_ASN1_UTF8STRING;
101 }
102 ret = ASN1_mbstring_ncopy(out, in, len, inform, mask, tbl->minsize,
103 tbl->maxsize);
104 } else {
105 ret = ASN1_mbstring_copy(out, in, len, inform, B_ASN1_UTF8STRING);
106 }
107 if (ret <= 0) {
108 return NULL;
109 }
110 return *out;
111 }
112
113 // Now the tables and helper functions for the string table:
114
115 // See RFC 5280.
116 #define ub_name 32768
117 #define ub_common_name 64
118 #define ub_locality_name 128
119 #define ub_state_name 128
120 #define ub_organization_name 64
121 #define ub_organization_unit_name 64
122 #define ub_email_address 128
123 #define ub_serial_number 64
124
125 // This table must be kept in NID order
126
127 static const ASN1_STRING_TABLE tbl_standard[] = {
128 {NID_commonName, 1, ub_common_name, DIRSTRING_TYPE, 0},
129 {NID_countryName, 2, 2, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
130 {NID_localityName, 1, ub_locality_name, DIRSTRING_TYPE, 0},
131 {NID_stateOrProvinceName, 1, ub_state_name, DIRSTRING_TYPE, 0},
132 {NID_organizationName, 1, ub_organization_name, DIRSTRING_TYPE, 0},
133 {NID_organizationalUnitName, 1, ub_organization_unit_name, DIRSTRING_TYPE,
134 0},
135 {NID_pkcs9_emailAddress, 1, ub_email_address, B_ASN1_IA5STRING,
136 STABLE_NO_MASK},
137 {NID_pkcs9_unstructuredName, 1, -1, PKCS9STRING_TYPE, 0},
138 {NID_pkcs9_challengePassword, 1, -1, PKCS9STRING_TYPE, 0},
139 {NID_pkcs9_unstructuredAddress, 1, -1, DIRSTRING_TYPE, 0},
140 {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0},
141 {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0},
142 {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0},
143 {NID_serialNumber, 1, ub_serial_number, B_ASN1_PRINTABLESTRING,
144 STABLE_NO_MASK},
145 {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK},
146 {NID_name, 1, ub_name, DIRSTRING_TYPE, 0},
147 {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK},
148 {NID_domainComponent, 1, -1, B_ASN1_IA5STRING, STABLE_NO_MASK},
149 {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}};
150
table_cmp(const ASN1_STRING_TABLE * a,const ASN1_STRING_TABLE * b)151 static int table_cmp(const ASN1_STRING_TABLE *a, const ASN1_STRING_TABLE *b) {
152 if (a->nid < b->nid) {
153 return -1;
154 }
155 if (a->nid > b->nid) {
156 return 1;
157 }
158 return 0;
159 }
160
table_cmp_void(const void * a,const void * b)161 static int table_cmp_void(const void *a, const void *b) {
162 return table_cmp(a, b);
163 }
164
table_hash(const ASN1_STRING_TABLE * tbl)165 static uint32_t table_hash(const ASN1_STRING_TABLE *tbl) {
166 return OPENSSL_hash32(&tbl->nid, sizeof(tbl->nid));
167 }
168
asn1_string_table_get(int nid)169 static const ASN1_STRING_TABLE *asn1_string_table_get(int nid) {
170 ASN1_STRING_TABLE key;
171 key.nid = nid;
172 const ASN1_STRING_TABLE *tbl =
173 bsearch(&key, tbl_standard, OPENSSL_ARRAY_SIZE(tbl_standard),
174 sizeof(ASN1_STRING_TABLE), table_cmp_void);
175 if (tbl != NULL) {
176 return tbl;
177 }
178
179 CRYPTO_MUTEX_lock_read(&string_tables_lock);
180 if (string_tables != NULL) {
181 tbl = lh_ASN1_STRING_TABLE_retrieve(string_tables, &key);
182 }
183 CRYPTO_MUTEX_unlock_read(&string_tables_lock);
184 // Note returning |tbl| without the lock is only safe because
185 // |ASN1_STRING_TABLE_add| cannot modify or delete existing entries. If we
186 // wish to support that, this function must copy the result under a lock.
187 return tbl;
188 }
189
ASN1_STRING_TABLE_add(int nid,long minsize,long maxsize,unsigned long mask,unsigned long flags)190 int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize,
191 unsigned long mask, unsigned long flags) {
192 // Existing entries cannot be overwritten.
193 if (asn1_string_table_get(nid) != NULL) {
194 OPENSSL_PUT_ERROR(ASN1, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
195 return 0;
196 }
197
198 int ret = 0;
199 CRYPTO_MUTEX_lock_write(&string_tables_lock);
200
201 if (string_tables == NULL) {
202 string_tables = lh_ASN1_STRING_TABLE_new(table_hash, table_cmp);
203 if (string_tables == NULL) {
204 goto err;
205 }
206 } else {
207 // Check again for an existing entry. One may have been added while
208 // unlocked.
209 ASN1_STRING_TABLE key;
210 key.nid = nid;
211 if (lh_ASN1_STRING_TABLE_retrieve(string_tables, &key) != NULL) {
212 OPENSSL_PUT_ERROR(ASN1, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
213 goto err;
214 }
215 }
216
217 ASN1_STRING_TABLE *tbl = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE));
218 if (tbl == NULL) {
219 goto err;
220 }
221 tbl->nid = nid;
222 tbl->flags = flags;
223 tbl->minsize = minsize;
224 tbl->maxsize = maxsize;
225 tbl->mask = mask;
226 ASN1_STRING_TABLE *old_tbl;
227 if (!lh_ASN1_STRING_TABLE_insert(string_tables, &old_tbl, tbl)) {
228 OPENSSL_free(tbl);
229 goto err;
230 }
231 assert(old_tbl == NULL);
232 ret = 1;
233
234 err:
235 CRYPTO_MUTEX_unlock_write(&string_tables_lock);
236 return ret;
237 }
238
ASN1_STRING_TABLE_cleanup(void)239 void ASN1_STRING_TABLE_cleanup(void) {}
240
asn1_get_string_table_for_testing(const ASN1_STRING_TABLE ** out_ptr,size_t * out_len)241 void asn1_get_string_table_for_testing(const ASN1_STRING_TABLE **out_ptr,
242 size_t *out_len) {
243 *out_ptr = tbl_standard;
244 *out_len = OPENSSL_ARRAY_SIZE(tbl_standard);
245 }
246