a_strex.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626
  1. /*
  2. * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include "internal/cryptlib.h"
  12. #include "crypto/asn1.h"
  13. #include <openssl/crypto.h>
  14. #include <openssl/x509.h>
  15. #include <openssl/asn1.h>
  16. #include "charmap.h"
  17. /*
  18. * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
  19. * printing routines handling multibyte characters, RFC2253 and a host of
  20. * other options.
  21. */
  22. #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
  23. #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
  24. ASN1_STRFLGS_ESC_2254 | \
  25. ASN1_STRFLGS_ESC_QUOTE | \
  26. ASN1_STRFLGS_ESC_CTRL | \
  27. ASN1_STRFLGS_ESC_MSB)
  28. /*
  29. * Three IO functions for sending data to memory, a BIO and and a FILE
  30. * pointer.
  31. */
  32. static int send_bio_chars(void *arg, const void *buf, int len)
  33. {
  34. if (!arg)
  35. return 1;
  36. if (BIO_write(arg, buf, len) != len)
  37. return 0;
  38. return 1;
  39. }
  40. #ifndef OPENSSL_NO_STDIO
  41. static int send_fp_chars(void *arg, const void *buf, int len)
  42. {
  43. if (!arg)
  44. return 1;
  45. if (fwrite(buf, 1, len, arg) != (unsigned int)len)
  46. return 0;
  47. return 1;
  48. }
  49. #endif
  50. typedef int char_io (void *arg, const void *buf, int len);
  51. /*
  52. * This function handles display of strings, one character at a time. It is
  53. * passed an unsigned long for each character because it could come from 2 or
  54. * even 4 byte forms.
  55. */
  56. static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
  57. char_io *io_ch, void *arg)
  58. {
  59. unsigned short chflgs;
  60. unsigned char chtmp;
  61. char tmphex[HEX_SIZE(long) + 3];
  62. if (c > 0xffffffffL)
  63. return -1;
  64. if (c > 0xffff) {
  65. BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
  66. if (!io_ch(arg, tmphex, 10))
  67. return -1;
  68. return 10;
  69. }
  70. if (c > 0xff) {
  71. BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
  72. if (!io_ch(arg, tmphex, 6))
  73. return -1;
  74. return 6;
  75. }
  76. chtmp = (unsigned char)c;
  77. if (chtmp > 0x7f)
  78. chflgs = flags & ASN1_STRFLGS_ESC_MSB;
  79. else
  80. chflgs = char_type[chtmp] & flags;
  81. if (chflgs & CHARTYPE_BS_ESC) {
  82. /* If we don't escape with quotes, signal we need quotes */
  83. if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
  84. if (do_quotes)
  85. *do_quotes = 1;
  86. if (!io_ch(arg, &chtmp, 1))
  87. return -1;
  88. return 1;
  89. }
  90. if (!io_ch(arg, "\\", 1))
  91. return -1;
  92. if (!io_ch(arg, &chtmp, 1))
  93. return -1;
  94. return 2;
  95. }
  96. if (chflgs & (ASN1_STRFLGS_ESC_CTRL
  97. | ASN1_STRFLGS_ESC_MSB
  98. | ASN1_STRFLGS_ESC_2254)) {
  99. BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
  100. if (!io_ch(arg, tmphex, 3))
  101. return -1;
  102. return 3;
  103. }
  104. /*
  105. * If we get this far and do any escaping at all must escape the escape
  106. * character itself: backslash.
  107. */
  108. if (chtmp == '\\' && (flags & ESC_FLAGS)) {
  109. if (!io_ch(arg, "\\\\", 2))
  110. return -1;
  111. return 2;
  112. }
  113. if (!io_ch(arg, &chtmp, 1))
  114. return -1;
  115. return 1;
  116. }
  117. #define BUF_TYPE_WIDTH_MASK 0x7
  118. #define BUF_TYPE_CONVUTF8 0x8
  119. /*
  120. * This function sends each character in a buffer to do_esc_char(). It
  121. * interprets the content formats and converts to or from UTF8 as
  122. * appropriate.
  123. */
  124. static int do_buf(unsigned char *buf, int buflen,
  125. int type, unsigned short flags, char *quotes, char_io *io_ch,
  126. void *arg)
  127. {
  128. int i, outlen, len, charwidth;
  129. unsigned short orflags;
  130. unsigned char *p, *q;
  131. unsigned long c;
  132. p = buf;
  133. q = buf + buflen;
  134. outlen = 0;
  135. charwidth = type & BUF_TYPE_WIDTH_MASK;
  136. switch (charwidth) {
  137. case 4:
  138. if (buflen & 3) {
  139. ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
  140. return -1;
  141. }
  142. break;
  143. case 2:
  144. if (buflen & 1) {
  145. ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH);
  146. return -1;
  147. }
  148. break;
  149. default:
  150. break;
  151. }
  152. while (p != q) {
  153. if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
  154. orflags = CHARTYPE_FIRST_ESC_2253;
  155. else
  156. orflags = 0;
  157. switch (charwidth) {
  158. case 4:
  159. c = ((unsigned long)*p++) << 24;
  160. c |= ((unsigned long)*p++) << 16;
  161. c |= ((unsigned long)*p++) << 8;
  162. c |= *p++;
  163. break;
  164. case 2:
  165. c = ((unsigned long)*p++) << 8;
  166. c |= *p++;
  167. break;
  168. case 1:
  169. c = *p++;
  170. break;
  171. case 0:
  172. i = UTF8_getc(p, buflen, &c);
  173. if (i < 0)
  174. return -1; /* Invalid UTF8String */
  175. buflen -= i;
  176. p += i;
  177. break;
  178. default:
  179. return -1; /* invalid width */
  180. }
  181. if (p == q && flags & ASN1_STRFLGS_ESC_2253)
  182. orflags = CHARTYPE_LAST_ESC_2253;
  183. if (type & BUF_TYPE_CONVUTF8) {
  184. unsigned char utfbuf[6];
  185. int utflen;
  186. utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
  187. for (i = 0; i < utflen; i++) {
  188. /*
  189. * We don't need to worry about setting orflags correctly
  190. * because if utflen==1 its value will be correct anyway
  191. * otherwise each character will be > 0x7f and so the
  192. * character will never be escaped on first and last.
  193. */
  194. len = do_esc_char(utfbuf[i], flags | orflags, quotes,
  195. io_ch, arg);
  196. if (len < 0)
  197. return -1;
  198. outlen += len;
  199. }
  200. } else {
  201. len = do_esc_char(c, flags | orflags, quotes,
  202. io_ch, arg);
  203. if (len < 0)
  204. return -1;
  205. outlen += len;
  206. }
  207. }
  208. return outlen;
  209. }
  210. /* This function hex dumps a buffer of characters */
  211. static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
  212. int buflen)
  213. {
  214. static const char hexdig[] = "0123456789ABCDEF";
  215. unsigned char *p, *q;
  216. char hextmp[2];
  217. if (arg) {
  218. p = buf;
  219. q = buf + buflen;
  220. while (p != q) {
  221. hextmp[0] = hexdig[*p >> 4];
  222. hextmp[1] = hexdig[*p & 0xf];
  223. if (!io_ch(arg, hextmp, 2))
  224. return -1;
  225. p++;
  226. }
  227. }
  228. return buflen << 1;
  229. }
  230. /*
  231. * "dump" a string. This is done when the type is unknown, or the flags
  232. * request it. We can either dump the content octets or the entire DER
  233. * encoding. This uses the RFC2253 #01234 format.
  234. */
  235. static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
  236. const ASN1_STRING *str)
  237. {
  238. /*
  239. * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
  240. * readily obtained
  241. */
  242. ASN1_TYPE t;
  243. unsigned char *der_buf, *p;
  244. int outlen, der_len;
  245. if (!io_ch(arg, "#", 1))
  246. return -1;
  247. /* If we don't dump DER encoding just dump content octets */
  248. if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
  249. outlen = do_hex_dump(io_ch, arg, str->data, str->length);
  250. if (outlen < 0)
  251. return -1;
  252. return outlen + 1;
  253. }
  254. t.type = str->type;
  255. t.value.ptr = (char *)str;
  256. der_len = i2d_ASN1_TYPE(&t, NULL);
  257. if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
  258. ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE);
  259. return -1;
  260. }
  261. p = der_buf;
  262. i2d_ASN1_TYPE(&t, &p);
  263. outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
  264. OPENSSL_free(der_buf);
  265. if (outlen < 0)
  266. return -1;
  267. return outlen + 1;
  268. }
  269. /*
  270. * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
  271. * used for non string types otherwise it is the number of bytes per
  272. * character
  273. */
  274. static const signed char tag2nbyte[] = {
  275. -1, -1, -1, -1, -1, /* 0-4 */
  276. -1, -1, -1, -1, -1, /* 5-9 */
  277. -1, -1, /* 10-11 */
  278. 0, /* 12 V_ASN1_UTF8STRING */
  279. -1, -1, -1, -1, -1, /* 13-17 */
  280. 1, /* 18 V_ASN1_NUMERICSTRING */
  281. 1, /* 19 V_ASN1_PRINTABLESTRING */
  282. 1, /* 20 V_ASN1_T61STRING */
  283. -1, /* 21 */
  284. 1, /* 22 V_ASN1_IA5STRING */
  285. 1, /* 23 V_ASN1_UTCTIME */
  286. 1, /* 24 V_ASN1_GENERALIZEDTIME */
  287. -1, /* 25 */
  288. 1, /* 26 V_ASN1_ISO64STRING */
  289. -1, /* 27 */
  290. 4, /* 28 V_ASN1_UNIVERSALSTRING */
  291. -1, /* 29 */
  292. 2 /* 30 V_ASN1_BMPSTRING */
  293. };
  294. /*
  295. * This is the main function, print out an ASN1_STRING taking note of various
  296. * escape and display options. Returns number of characters written or -1 if
  297. * an error occurred.
  298. */
  299. static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
  300. const ASN1_STRING *str)
  301. {
  302. int outlen, len;
  303. int type;
  304. char quotes;
  305. unsigned short flags;
  306. quotes = 0;
  307. /* Keep a copy of escape flags */
  308. flags = (unsigned short)(lflags & ESC_FLAGS);
  309. type = str->type;
  310. outlen = 0;
  311. if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
  312. const char *tagname;
  313. tagname = ASN1_tag2str(type);
  314. outlen += strlen(tagname);
  315. if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
  316. return -1;
  317. outlen++;
  318. }
  319. /* Decide what to do with type, either dump content or display it */
  320. /* Dump everything */
  321. if (lflags & ASN1_STRFLGS_DUMP_ALL)
  322. type = -1;
  323. /* Ignore the string type */
  324. else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
  325. type = 1;
  326. else {
  327. /* Else determine width based on type */
  328. if ((type > 0) && (type < 31))
  329. type = tag2nbyte[type];
  330. else
  331. type = -1;
  332. if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
  333. type = 1;
  334. }
  335. if (type == -1) {
  336. len = do_dump(lflags, io_ch, arg, str);
  337. if (len < 0)
  338. return -1;
  339. outlen += len;
  340. return outlen;
  341. }
  342. if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
  343. /*
  344. * Note: if string is UTF8 and we want to convert to UTF8 then we
  345. * just interpret it as 1 byte per character to avoid converting
  346. * twice.
  347. */
  348. if (!type)
  349. type = 1;
  350. else
  351. type |= BUF_TYPE_CONVUTF8;
  352. }
  353. len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
  354. if (len < 0)
  355. return -1;
  356. outlen += len;
  357. if (quotes)
  358. outlen += 2;
  359. if (!arg)
  360. return outlen;
  361. if (quotes && !io_ch(arg, "\"", 1))
  362. return -1;
  363. if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
  364. return -1;
  365. if (quotes && !io_ch(arg, "\"", 1))
  366. return -1;
  367. return outlen;
  368. }
  369. /* Used for line indenting: print 'indent' spaces */
  370. static int do_indent(char_io *io_ch, void *arg, int indent)
  371. {
  372. int i;
  373. for (i = 0; i < indent; i++)
  374. if (!io_ch(arg, " ", 1))
  375. return 0;
  376. return 1;
  377. }
  378. #define FN_WIDTH_LN 25
  379. #define FN_WIDTH_SN 10
  380. static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
  381. int indent, unsigned long flags)
  382. {
  383. int i, prev = -1, orflags, cnt;
  384. int fn_opt, fn_nid;
  385. ASN1_OBJECT *fn;
  386. const ASN1_STRING *val;
  387. const X509_NAME_ENTRY *ent;
  388. char objtmp[80];
  389. const char *objbuf;
  390. int outlen, len;
  391. char *sep_dn, *sep_mv, *sep_eq;
  392. int sep_dn_len, sep_mv_len, sep_eq_len;
  393. if (indent < 0)
  394. indent = 0;
  395. outlen = indent;
  396. if (!do_indent(io_ch, arg, indent))
  397. return -1;
  398. switch (flags & XN_FLAG_SEP_MASK) {
  399. case XN_FLAG_SEP_MULTILINE:
  400. sep_dn = "\n";
  401. sep_dn_len = 1;
  402. sep_mv = " + ";
  403. sep_mv_len = 3;
  404. break;
  405. case XN_FLAG_SEP_COMMA_PLUS:
  406. sep_dn = ",";
  407. sep_dn_len = 1;
  408. sep_mv = "+";
  409. sep_mv_len = 1;
  410. indent = 0;
  411. break;
  412. case XN_FLAG_SEP_CPLUS_SPC:
  413. sep_dn = ", ";
  414. sep_dn_len = 2;
  415. sep_mv = " + ";
  416. sep_mv_len = 3;
  417. indent = 0;
  418. break;
  419. case XN_FLAG_SEP_SPLUS_SPC:
  420. sep_dn = "; ";
  421. sep_dn_len = 2;
  422. sep_mv = " + ";
  423. sep_mv_len = 3;
  424. indent = 0;
  425. break;
  426. default:
  427. return -1;
  428. }
  429. if (flags & XN_FLAG_SPC_EQ) {
  430. sep_eq = " = ";
  431. sep_eq_len = 3;
  432. } else {
  433. sep_eq = "=";
  434. sep_eq_len = 1;
  435. }
  436. fn_opt = flags & XN_FLAG_FN_MASK;
  437. cnt = X509_NAME_entry_count(n);
  438. for (i = 0; i < cnt; i++) {
  439. if (flags & XN_FLAG_DN_REV)
  440. ent = X509_NAME_get_entry(n, cnt - i - 1);
  441. else
  442. ent = X509_NAME_get_entry(n, i);
  443. if (prev != -1) {
  444. if (prev == X509_NAME_ENTRY_set(ent)) {
  445. if (!io_ch(arg, sep_mv, sep_mv_len))
  446. return -1;
  447. outlen += sep_mv_len;
  448. } else {
  449. if (!io_ch(arg, sep_dn, sep_dn_len))
  450. return -1;
  451. outlen += sep_dn_len;
  452. if (!do_indent(io_ch, arg, indent))
  453. return -1;
  454. outlen += indent;
  455. }
  456. }
  457. prev = X509_NAME_ENTRY_set(ent);
  458. fn = X509_NAME_ENTRY_get_object(ent);
  459. val = X509_NAME_ENTRY_get_data(ent);
  460. fn_nid = OBJ_obj2nid(fn);
  461. if (fn_opt != XN_FLAG_FN_NONE) {
  462. int objlen, fld_len;
  463. if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
  464. OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
  465. fld_len = 0; /* XXX: what should this be? */
  466. objbuf = objtmp;
  467. } else {
  468. if (fn_opt == XN_FLAG_FN_SN) {
  469. fld_len = FN_WIDTH_SN;
  470. objbuf = OBJ_nid2sn(fn_nid);
  471. } else if (fn_opt == XN_FLAG_FN_LN) {
  472. fld_len = FN_WIDTH_LN;
  473. objbuf = OBJ_nid2ln(fn_nid);
  474. } else {
  475. fld_len = 0; /* XXX: what should this be? */
  476. objbuf = "";
  477. }
  478. }
  479. objlen = strlen(objbuf);
  480. if (!io_ch(arg, objbuf, objlen))
  481. return -1;
  482. if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
  483. if (!do_indent(io_ch, arg, fld_len - objlen))
  484. return -1;
  485. outlen += fld_len - objlen;
  486. }
  487. if (!io_ch(arg, sep_eq, sep_eq_len))
  488. return -1;
  489. outlen += objlen + sep_eq_len;
  490. }
  491. /*
  492. * If the field name is unknown then fix up the DER dump flag. We
  493. * might want to limit this further so it will DER dump on anything
  494. * other than a few 'standard' fields.
  495. */
  496. if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
  497. orflags = ASN1_STRFLGS_DUMP_ALL;
  498. else
  499. orflags = 0;
  500. len = do_print_ex(io_ch, arg, flags | orflags, val);
  501. if (len < 0)
  502. return -1;
  503. outlen += len;
  504. }
  505. return outlen;
  506. }
  507. /* Wrappers round the main functions */
  508. int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
  509. unsigned long flags)
  510. {
  511. if (flags == XN_FLAG_COMPAT)
  512. return X509_NAME_print(out, nm, indent);
  513. return do_name_ex(send_bio_chars, out, nm, indent, flags);
  514. }
  515. #ifndef OPENSSL_NO_STDIO
  516. int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
  517. unsigned long flags)
  518. {
  519. if (flags == XN_FLAG_COMPAT) {
  520. BIO *btmp;
  521. int ret;
  522. btmp = BIO_new_fp(fp, BIO_NOCLOSE);
  523. if (!btmp)
  524. return -1;
  525. ret = X509_NAME_print(btmp, nm, indent);
  526. BIO_free(btmp);
  527. return ret;
  528. }
  529. return do_name_ex(send_fp_chars, fp, nm, indent, flags);
  530. }
  531. #endif
  532. int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
  533. {
  534. return do_print_ex(send_bio_chars, out, flags, str);
  535. }
  536. #ifndef OPENSSL_NO_STDIO
  537. int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
  538. {
  539. return do_print_ex(send_fp_chars, fp, flags, str);
  540. }
  541. #endif
  542. /*
  543. * Utility function: convert any string type to UTF8, returns number of bytes
  544. * in output string or a negative error code
  545. */
  546. int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
  547. {
  548. ASN1_STRING stmp, *str = &stmp;
  549. int mbflag, type, ret;
  550. if (!in)
  551. return -1;
  552. type = in->type;
  553. if ((type < 0) || (type > 30))
  554. return -1;
  555. mbflag = tag2nbyte[type];
  556. if (mbflag == -1)
  557. return -1;
  558. mbflag |= MBSTRING_FLAG;
  559. stmp.data = NULL;
  560. stmp.length = 0;
  561. stmp.flags = 0;
  562. ret =
  563. ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
  564. B_ASN1_UTF8STRING);
  565. if (ret < 0)
  566. return ret;
  567. *out = stmp.data;
  568. return stmp.length;
  569. }