a_strex.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628
  1. /*
  2. * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include <string.h>
  11. #include "internal/cryptlib.h"
  12. #include "crypto/asn1.h"
  13. #include <openssl/crypto.h>
  14. #include <openssl/x509.h>
  15. #include <openssl/asn1.h>
  16. #include "charmap.h"
  17. /*
  18. * ASN1_STRING_print_ex() and X509_NAME_print_ex(). Enhanced string and name
  19. * printing routines handling multibyte characters, RFC2253 and a host of
  20. * other options.
  21. */
  22. #define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
  23. #define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
  24. ASN1_STRFLGS_ESC_2254 | \
  25. ASN1_STRFLGS_ESC_QUOTE | \
  26. ASN1_STRFLGS_ESC_CTRL | \
  27. ASN1_STRFLGS_ESC_MSB)
  28. /*
  29. * Three IO functions for sending data to memory, a BIO and a FILE
  30. * pointer.
  31. */
  32. static int send_bio_chars(void *arg, const void *buf, int len)
  33. {
  34. if (!arg)
  35. return 1;
  36. if (BIO_write(arg, buf, len) != len)
  37. return 0;
  38. return 1;
  39. }
  40. #ifndef OPENSSL_NO_STDIO
  41. static int send_fp_chars(void *arg, const void *buf, int len)
  42. {
  43. if (!arg)
  44. return 1;
  45. if (fwrite(buf, 1, len, arg) != (unsigned int)len)
  46. return 0;
  47. return 1;
  48. }
  49. #endif
  50. typedef int char_io (void *arg, const void *buf, int len);
  51. /*
  52. * This function handles display of strings, one character at a time. It is
  53. * passed an unsigned long for each character because it could come from 2 or
  54. * even 4 byte forms.
  55. */
  56. static int do_esc_char(unsigned long c, unsigned short flags, char *do_quotes,
  57. char_io *io_ch, void *arg)
  58. {
  59. unsigned short chflgs;
  60. unsigned char chtmp;
  61. char tmphex[HEX_SIZE(long) + 3];
  62. if (c > 0xffffffffL)
  63. return -1;
  64. if (c > 0xffff) {
  65. BIO_snprintf(tmphex, sizeof(tmphex), "\\W%08lX", c);
  66. if (!io_ch(arg, tmphex, 10))
  67. return -1;
  68. return 10;
  69. }
  70. if (c > 0xff) {
  71. BIO_snprintf(tmphex, sizeof(tmphex), "\\U%04lX", c);
  72. if (!io_ch(arg, tmphex, 6))
  73. return -1;
  74. return 6;
  75. }
  76. chtmp = (unsigned char)c;
  77. if (chtmp > 0x7f)
  78. chflgs = flags & ASN1_STRFLGS_ESC_MSB;
  79. else
  80. chflgs = char_type[chtmp] & flags;
  81. if (chflgs & CHARTYPE_BS_ESC) {
  82. /* If we don't escape with quotes, signal we need quotes */
  83. if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
  84. if (do_quotes)
  85. *do_quotes = 1;
  86. if (!io_ch(arg, &chtmp, 1))
  87. return -1;
  88. return 1;
  89. }
  90. if (!io_ch(arg, "\\", 1))
  91. return -1;
  92. if (!io_ch(arg, &chtmp, 1))
  93. return -1;
  94. return 2;
  95. }
  96. if (chflgs & (ASN1_STRFLGS_ESC_CTRL
  97. | ASN1_STRFLGS_ESC_MSB
  98. | ASN1_STRFLGS_ESC_2254)) {
  99. BIO_snprintf(tmphex, 11, "\\%02X", chtmp);
  100. if (!io_ch(arg, tmphex, 3))
  101. return -1;
  102. return 3;
  103. }
  104. /*
  105. * If we get this far and do any escaping at all must escape the escape
  106. * character itself: backslash.
  107. */
  108. if (chtmp == '\\' && (flags & ESC_FLAGS)) {
  109. if (!io_ch(arg, "\\\\", 2))
  110. return -1;
  111. return 2;
  112. }
  113. if (!io_ch(arg, &chtmp, 1))
  114. return -1;
  115. return 1;
  116. }
  117. #define BUF_TYPE_WIDTH_MASK 0x7
  118. #define BUF_TYPE_CONVUTF8 0x8
  119. /*
  120. * This function sends each character in a buffer to do_esc_char(). It
  121. * interprets the content formats and converts to or from UTF8 as
  122. * appropriate.
  123. */
  124. static int do_buf(unsigned char *buf, int buflen,
  125. int type, unsigned short flags, char *quotes, char_io *io_ch,
  126. void *arg)
  127. {
  128. int i, outlen, len, charwidth;
  129. unsigned short orflags;
  130. unsigned char *p, *q;
  131. unsigned long c;
  132. p = buf;
  133. q = buf + buflen;
  134. outlen = 0;
  135. charwidth = type & BUF_TYPE_WIDTH_MASK;
  136. switch (charwidth) {
  137. case 4:
  138. if (buflen & 3) {
  139. ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
  140. return -1;
  141. }
  142. break;
  143. case 2:
  144. if (buflen & 1) {
  145. ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH);
  146. return -1;
  147. }
  148. break;
  149. default:
  150. break;
  151. }
  152. while (p != q) {
  153. if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
  154. orflags = CHARTYPE_FIRST_ESC_2253;
  155. else
  156. orflags = 0;
  157. switch (charwidth) {
  158. case 4:
  159. c = ((unsigned long)*p++) << 24;
  160. c |= ((unsigned long)*p++) << 16;
  161. c |= ((unsigned long)*p++) << 8;
  162. c |= *p++;
  163. break;
  164. case 2:
  165. c = ((unsigned long)*p++) << 8;
  166. c |= *p++;
  167. break;
  168. case 1:
  169. c = *p++;
  170. break;
  171. case 0:
  172. i = UTF8_getc(p, buflen, &c);
  173. if (i < 0)
  174. return -1; /* Invalid UTF8String */
  175. buflen -= i;
  176. p += i;
  177. break;
  178. default:
  179. return -1; /* invalid width */
  180. }
  181. if (p == q && flags & ASN1_STRFLGS_ESC_2253)
  182. orflags = CHARTYPE_LAST_ESC_2253;
  183. if (type & BUF_TYPE_CONVUTF8) {
  184. unsigned char utfbuf[6];
  185. int utflen;
  186. utflen = UTF8_putc(utfbuf, sizeof(utfbuf), c);
  187. for (i = 0; i < utflen; i++) {
  188. /*
  189. * We don't need to worry about setting orflags correctly
  190. * because if utflen==1 its value will be correct anyway
  191. * otherwise each character will be > 0x7f and so the
  192. * character will never be escaped on first and last.
  193. */
  194. len = do_esc_char(utfbuf[i], flags | orflags, quotes,
  195. io_ch, arg);
  196. if (len < 0)
  197. return -1;
  198. outlen += len;
  199. }
  200. } else {
  201. len = do_esc_char(c, flags | orflags, quotes,
  202. io_ch, arg);
  203. if (len < 0)
  204. return -1;
  205. outlen += len;
  206. }
  207. }
  208. return outlen;
  209. }
  210. /* This function hex dumps a buffer of characters */
  211. static int do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf,
  212. int buflen)
  213. {
  214. static const char hexdig[] = "0123456789ABCDEF";
  215. unsigned char *p, *q;
  216. char hextmp[2];
  217. if (arg) {
  218. p = buf;
  219. q = buf + buflen;
  220. while (p != q) {
  221. hextmp[0] = hexdig[*p >> 4];
  222. hextmp[1] = hexdig[*p & 0xf];
  223. if (!io_ch(arg, hextmp, 2))
  224. return -1;
  225. p++;
  226. }
  227. }
  228. return buflen << 1;
  229. }
  230. /*
  231. * "dump" a string. This is done when the type is unknown, or the flags
  232. * request it. We can either dump the content octets or the entire DER
  233. * encoding. This uses the RFC2253 #01234 format.
  234. */
  235. static int do_dump(unsigned long lflags, char_io *io_ch, void *arg,
  236. const ASN1_STRING *str)
  237. {
  238. /*
  239. * Placing the ASN1_STRING in a temp ASN1_TYPE allows the DER encoding to
  240. * readily obtained
  241. */
  242. ASN1_TYPE t;
  243. unsigned char *der_buf, *p;
  244. int outlen, der_len;
  245. if (!io_ch(arg, "#", 1))
  246. return -1;
  247. /* If we don't dump DER encoding just dump content octets */
  248. if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
  249. outlen = do_hex_dump(io_ch, arg, str->data, str->length);
  250. if (outlen < 0)
  251. return -1;
  252. return outlen + 1;
  253. }
  254. t.type = str->type;
  255. t.value.ptr = (char *)str;
  256. der_len = i2d_ASN1_TYPE(&t, NULL);
  257. if (der_len <= 0)
  258. return -1;
  259. if ((der_buf = OPENSSL_malloc(der_len)) == NULL) {
  260. ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
  261. return -1;
  262. }
  263. p = der_buf;
  264. i2d_ASN1_TYPE(&t, &p);
  265. outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
  266. OPENSSL_free(der_buf);
  267. if (outlen < 0)
  268. return -1;
  269. return outlen + 1;
  270. }
  271. /*
  272. * Lookup table to convert tags to character widths, 0 = UTF8 encoded, -1 is
  273. * used for non string types otherwise it is the number of bytes per
  274. * character
  275. */
  276. static const signed char tag2nbyte[] = {
  277. -1, -1, -1, -1, -1, /* 0-4 */
  278. -1, -1, -1, -1, -1, /* 5-9 */
  279. -1, -1, /* 10-11 */
  280. 0, /* 12 V_ASN1_UTF8STRING */
  281. -1, -1, -1, -1, -1, /* 13-17 */
  282. 1, /* 18 V_ASN1_NUMERICSTRING */
  283. 1, /* 19 V_ASN1_PRINTABLESTRING */
  284. 1, /* 20 V_ASN1_T61STRING */
  285. -1, /* 21 */
  286. 1, /* 22 V_ASN1_IA5STRING */
  287. 1, /* 23 V_ASN1_UTCTIME */
  288. 1, /* 24 V_ASN1_GENERALIZEDTIME */
  289. -1, /* 25 */
  290. 1, /* 26 V_ASN1_ISO64STRING */
  291. -1, /* 27 */
  292. 4, /* 28 V_ASN1_UNIVERSALSTRING */
  293. -1, /* 29 */
  294. 2 /* 30 V_ASN1_BMPSTRING */
  295. };
  296. /*
  297. * This is the main function, print out an ASN1_STRING taking note of various
  298. * escape and display options. Returns number of characters written or -1 if
  299. * an error occurred.
  300. */
  301. static int do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
  302. const ASN1_STRING *str)
  303. {
  304. int outlen, len;
  305. int type;
  306. char quotes;
  307. unsigned short flags;
  308. quotes = 0;
  309. /* Keep a copy of escape flags */
  310. flags = (unsigned short)(lflags & ESC_FLAGS);
  311. type = str->type;
  312. outlen = 0;
  313. if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
  314. const char *tagname;
  315. tagname = ASN1_tag2str(type);
  316. outlen += strlen(tagname);
  317. if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
  318. return -1;
  319. outlen++;
  320. }
  321. /* Decide what to do with type, either dump content or display it */
  322. /* Dump everything */
  323. if (lflags & ASN1_STRFLGS_DUMP_ALL)
  324. type = -1;
  325. /* Ignore the string type */
  326. else if (lflags & ASN1_STRFLGS_IGNORE_TYPE)
  327. type = 1;
  328. else {
  329. /* Else determine width based on type */
  330. if ((type > 0) && (type < 31))
  331. type = tag2nbyte[type];
  332. else
  333. type = -1;
  334. if ((type == -1) && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
  335. type = 1;
  336. }
  337. if (type == -1) {
  338. len = do_dump(lflags, io_ch, arg, str);
  339. if (len < 0)
  340. return -1;
  341. outlen += len;
  342. return outlen;
  343. }
  344. if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
  345. /*
  346. * Note: if string is UTF8 and we want to convert to UTF8 then we
  347. * just interpret it as 1 byte per character to avoid converting
  348. * twice.
  349. */
  350. if (!type)
  351. type = 1;
  352. else
  353. type |= BUF_TYPE_CONVUTF8;
  354. }
  355. len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
  356. if (len < 0)
  357. return -1;
  358. outlen += len;
  359. if (quotes)
  360. outlen += 2;
  361. if (!arg)
  362. return outlen;
  363. if (quotes && !io_ch(arg, "\"", 1))
  364. return -1;
  365. if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
  366. return -1;
  367. if (quotes && !io_ch(arg, "\"", 1))
  368. return -1;
  369. return outlen;
  370. }
  371. /* Used for line indenting: print 'indent' spaces */
  372. static int do_indent(char_io *io_ch, void *arg, int indent)
  373. {
  374. int i;
  375. for (i = 0; i < indent; i++)
  376. if (!io_ch(arg, " ", 1))
  377. return 0;
  378. return 1;
  379. }
  380. #define FN_WIDTH_LN 25
  381. #define FN_WIDTH_SN 10
  382. static int do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n,
  383. int indent, unsigned long flags)
  384. {
  385. int i, prev = -1, orflags, cnt;
  386. int fn_opt, fn_nid;
  387. ASN1_OBJECT *fn;
  388. const ASN1_STRING *val;
  389. const X509_NAME_ENTRY *ent;
  390. char objtmp[80];
  391. const char *objbuf;
  392. int outlen, len;
  393. char *sep_dn, *sep_mv, *sep_eq;
  394. int sep_dn_len, sep_mv_len, sep_eq_len;
  395. if (indent < 0)
  396. indent = 0;
  397. outlen = indent;
  398. if (!do_indent(io_ch, arg, indent))
  399. return -1;
  400. switch (flags & XN_FLAG_SEP_MASK) {
  401. case XN_FLAG_SEP_MULTILINE:
  402. sep_dn = "\n";
  403. sep_dn_len = 1;
  404. sep_mv = " + ";
  405. sep_mv_len = 3;
  406. break;
  407. case XN_FLAG_SEP_COMMA_PLUS:
  408. sep_dn = ",";
  409. sep_dn_len = 1;
  410. sep_mv = "+";
  411. sep_mv_len = 1;
  412. indent = 0;
  413. break;
  414. case XN_FLAG_SEP_CPLUS_SPC:
  415. sep_dn = ", ";
  416. sep_dn_len = 2;
  417. sep_mv = " + ";
  418. sep_mv_len = 3;
  419. indent = 0;
  420. break;
  421. case XN_FLAG_SEP_SPLUS_SPC:
  422. sep_dn = "; ";
  423. sep_dn_len = 2;
  424. sep_mv = " + ";
  425. sep_mv_len = 3;
  426. indent = 0;
  427. break;
  428. default:
  429. return -1;
  430. }
  431. if (flags & XN_FLAG_SPC_EQ) {
  432. sep_eq = " = ";
  433. sep_eq_len = 3;
  434. } else {
  435. sep_eq = "=";
  436. sep_eq_len = 1;
  437. }
  438. fn_opt = flags & XN_FLAG_FN_MASK;
  439. cnt = X509_NAME_entry_count(n);
  440. for (i = 0; i < cnt; i++) {
  441. if (flags & XN_FLAG_DN_REV)
  442. ent = X509_NAME_get_entry(n, cnt - i - 1);
  443. else
  444. ent = X509_NAME_get_entry(n, i);
  445. if (prev != -1) {
  446. if (prev == X509_NAME_ENTRY_set(ent)) {
  447. if (!io_ch(arg, sep_mv, sep_mv_len))
  448. return -1;
  449. outlen += sep_mv_len;
  450. } else {
  451. if (!io_ch(arg, sep_dn, sep_dn_len))
  452. return -1;
  453. outlen += sep_dn_len;
  454. if (!do_indent(io_ch, arg, indent))
  455. return -1;
  456. outlen += indent;
  457. }
  458. }
  459. prev = X509_NAME_ENTRY_set(ent);
  460. fn = X509_NAME_ENTRY_get_object(ent);
  461. val = X509_NAME_ENTRY_get_data(ent);
  462. fn_nid = OBJ_obj2nid(fn);
  463. if (fn_opt != XN_FLAG_FN_NONE) {
  464. int objlen, fld_len;
  465. if ((fn_opt == XN_FLAG_FN_OID) || (fn_nid == NID_undef)) {
  466. OBJ_obj2txt(objtmp, sizeof(objtmp), fn, 1);
  467. fld_len = 0; /* XXX: what should this be? */
  468. objbuf = objtmp;
  469. } else {
  470. if (fn_opt == XN_FLAG_FN_SN) {
  471. fld_len = FN_WIDTH_SN;
  472. objbuf = OBJ_nid2sn(fn_nid);
  473. } else if (fn_opt == XN_FLAG_FN_LN) {
  474. fld_len = FN_WIDTH_LN;
  475. objbuf = OBJ_nid2ln(fn_nid);
  476. } else {
  477. fld_len = 0; /* XXX: what should this be? */
  478. objbuf = "";
  479. }
  480. }
  481. objlen = strlen(objbuf);
  482. if (!io_ch(arg, objbuf, objlen))
  483. return -1;
  484. if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
  485. if (!do_indent(io_ch, arg, fld_len - objlen))
  486. return -1;
  487. outlen += fld_len - objlen;
  488. }
  489. if (!io_ch(arg, sep_eq, sep_eq_len))
  490. return -1;
  491. outlen += objlen + sep_eq_len;
  492. }
  493. /*
  494. * If the field name is unknown then fix up the DER dump flag. We
  495. * might want to limit this further so it will DER dump on anything
  496. * other than a few 'standard' fields.
  497. */
  498. if ((fn_nid == NID_undef) && (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
  499. orflags = ASN1_STRFLGS_DUMP_ALL;
  500. else
  501. orflags = 0;
  502. len = do_print_ex(io_ch, arg, flags | orflags, val);
  503. if (len < 0)
  504. return -1;
  505. outlen += len;
  506. }
  507. return outlen;
  508. }
  509. /* Wrappers round the main functions */
  510. int X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
  511. unsigned long flags)
  512. {
  513. if (flags == XN_FLAG_COMPAT)
  514. return X509_NAME_print(out, nm, indent);
  515. return do_name_ex(send_bio_chars, out, nm, indent, flags);
  516. }
  517. #ifndef OPENSSL_NO_STDIO
  518. int X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
  519. unsigned long flags)
  520. {
  521. if (flags == XN_FLAG_COMPAT) {
  522. BIO *btmp;
  523. int ret;
  524. btmp = BIO_new_fp(fp, BIO_NOCLOSE);
  525. if (!btmp)
  526. return -1;
  527. ret = X509_NAME_print(btmp, nm, indent);
  528. BIO_free(btmp);
  529. return ret;
  530. }
  531. return do_name_ex(send_fp_chars, fp, nm, indent, flags);
  532. }
  533. #endif
  534. int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
  535. {
  536. return do_print_ex(send_bio_chars, out, flags, str);
  537. }
  538. #ifndef OPENSSL_NO_STDIO
  539. int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
  540. {
  541. return do_print_ex(send_fp_chars, fp, flags, str);
  542. }
  543. #endif
  544. /*
  545. * Utility function: convert any string type to UTF8, returns number of bytes
  546. * in output string or a negative error code
  547. */
  548. int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
  549. {
  550. ASN1_STRING stmp, *str = &stmp;
  551. int mbflag, type, ret;
  552. if (!in)
  553. return -1;
  554. type = in->type;
  555. if ((type < 0) || (type > 30))
  556. return -1;
  557. mbflag = tag2nbyte[type];
  558. if (mbflag == -1)
  559. return -1;
  560. mbflag |= MBSTRING_FLAG;
  561. stmp.data = NULL;
  562. stmp.length = 0;
  563. stmp.flags = 0;
  564. ret =
  565. ASN1_mbstring_copy(&str, in->data, in->length, mbflag,
  566. B_ASN1_UTF8STRING);
  567. if (ret < 0)
  568. return ret;
  569. *out = stmp.data;
  570. return stmp.length;
  571. }