ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
const unsigned char *in, int inlen,
int inform, int nid)
{
ASN1_STRING_TABLE *tbl;
ASN1_STRING *str = NULL;
unsigned long mask;
int ret;
if (!out)
out = &str;
tbl = ASN1_STRING_TABLE_get(nid);
if (tbl) {
mask = tbl->mask;
if (!(tbl->flags & STABLE_NO_MASK))
mask &= global_mask;
ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
tbl->minsize, tbl->maxsize);
} else
ret =
ASN1_mbstring_copy(out, in, inlen, inform,
DIRSTRING_TYPE & global_mask);
if (ret <= 0)
return NULL;
return *out;
}
int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
int inform, unsigned long mask)
{
return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
}
static int
tls_parse_asn1string(struct tls *ctx, ASN1_STRING *a1str, const char **dst_p, int minchars, int maxchars, const char *desc)
{
int format, len, ret = -1;
unsigned char *data;
ASN1_STRING *a1utf = NULL;
int ascii_only = 0;
char *cstr = NULL;
int mbres, mbconvert = -1;
*dst_p = NULL;
format = ASN1_STRING_type(a1str);
data = ASN1_STRING_data(a1str);
len = ASN1_STRING_length(a1str);
if (len < minchars) {
tls_set_errorx(ctx, "invalid %s: string too short", desc);
goto failed;
}
switch (format) {
case V_ASN1_NUMERICSTRING:
case V_ASN1_VISIBLESTRING:
case V_ASN1_PRINTABLESTRING:
case V_ASN1_IA5STRING:
/* Ascii */
if (len > maxchars) {
tls_set_errorx(ctx, "invalid %s: string too long", desc);
goto failed;
}
ascii_only = 1;
break;
case V_ASN1_T61STRING:
/* Latin1 */
mbconvert = MBSTRING_ASC;
break;
case V_ASN1_BMPSTRING:
/* UCS-2 big-endian */
mbconvert = MBSTRING_BMP;
break;
case V_ASN1_UNIVERSALSTRING:
/* UCS-4 big-endian */
mbconvert = MBSTRING_UNIV;
break;
case V_ASN1_UTF8STRING:
/*
* UTF-8 - could be used directly if OpenSSL has already
* validated the data. ATM be safe and validate here.
*/
mbconvert = MBSTRING_UTF8;
break;
default:
tls_set_errorx(ctx, "invalid %s: unexpected string type", desc);
goto failed;
}
/* Convert to UTF-8 */
if (mbconvert != -1) {
mbres = ASN1_mbstring_ncopy(&a1utf, data, len, mbconvert, B_ASN1_UTF8STRING, minchars, maxchars);
if (mbres < 0) {
tls_set_error_libssl(ctx, "invalid %s", desc);
goto failed;
}
if (mbres != V_ASN1_UTF8STRING) {
tls_set_errorx(ctx, "multibyte conversion failed: expected UTF8 result");
goto failed;
}
data = ASN1_STRING_data(a1utf);
len = ASN1_STRING_length(a1utf);
}
/* must not allow \0 */
if (memchr(data, 0, len) != NULL) {
tls_set_errorx(ctx, "invalid %s: contains NUL", desc);
goto failed;
}
/* no escape codes please */
if (check_invalid_bytes(ctx, data, len, ascii_only, desc) < 0)
goto failed;
/* copy to new string */
cstr = malloc(len + 1);
if (!cstr) {
tls_set_error(ctx, "malloc");
goto failed;
}
memcpy(cstr, data, len);
cstr[len] = 0;
*dst_p = cstr;
ret = len;
failed:
ASN1_STRING_free(a1utf);
return ret;
}