[thirdparty/openssl.git] / crypto / x509 / x_name.c

/*
 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <ctype.h>
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include "internal/x509_int.h"
#include "internal/asn1_int.h"
#include "x509_lcl.h"

/*
 * Maximum length of X509_NAME: much larger than anything we should
 * ever see in practice.
 */

#define X509_NAME_MAX (1024 * 1024)

static int x509_name_ex_d2i(ASN1_VALUE **val,
                            const unsigned char **in, long len,
                            const ASN1_ITEM *it,
                            int tag, int aclass, char opt, ASN1_TLC *ctx);

static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
                            const ASN1_ITEM *it, int tag, int aclass);
static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);

static int x509_name_encode(X509_NAME *a);
static int x509_name_canon(X509_NAME *a);
static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in);
static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
                          unsigned char **in);

static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
                              int indent,
                              const char *fname, const ASN1_PCTX *pctx);

ASN1_SEQUENCE(X509_NAME_ENTRY) = {
        ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
        ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
} ASN1_SEQUENCE_END(X509_NAME_ENTRY)

IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)

/*
 * For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
 * declare two template wrappers for this
 */

ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)

ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
        ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)

/*
 * Normally that's where it would end: we'd have two nested STACK structures
 * representing the ASN1. Unfortunately X509_NAME uses a completely different
 * form and caches encodings so we have to process the internal form and
 * convert to the external form.
 */

static const ASN1_EXTERN_FUNCS x509_name_ff = {
    NULL,
    x509_name_ex_new,
    x509_name_ex_free,
    0,                          /* Default clear behaviour is OK */
    x509_name_ex_d2i,
    x509_name_ex_i2d,
    x509_name_ex_print
};

IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)

IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)

IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)

static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
{
    X509_NAME *ret = OPENSSL_zalloc(sizeof(*ret));

    if (ret == NULL)
        goto memerr;
    if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
        goto memerr;
    if ((ret->bytes = BUF_MEM_new()) == NULL)
        goto memerr;
    ret->modified = 1;
    *val = (ASN1_VALUE *)ret;
    return 1;

 memerr:
    ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
    if (ret) {
        sk_X509_NAME_ENTRY_free(ret->entries);
        OPENSSL_free(ret);
    }
    return 0;
}

static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    X509_NAME *a;

    if (!pval || !*pval)
        return;
    a = (X509_NAME *)*pval;

    BUF_MEM_free(a->bytes);
    sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
    OPENSSL_free(a->canon_enc);
    OPENSSL_free(a);
    *pval = NULL;
}

static void name_entry_stack_free(STACK_OF(X509_NAME_ENTRY) *ents)
{
    sk_X509_NAME_ENTRY_pop_free(ents, X509_NAME_ENTRY_free);
}

static int x509_name_ex_d2i(ASN1_VALUE **val,
                            const unsigned char **in, long len,
                            const ASN1_ITEM *it, int tag, int aclass,
                            char opt, ASN1_TLC *ctx)
{
    const unsigned char *p = *in, *q;
    union {
        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
        ASN1_VALUE *a;
    } intname = {
        NULL
    };
    union {
        X509_NAME *x;
        ASN1_VALUE *a;
    } nm = {
        NULL
    };
    int i, j, ret;
    STACK_OF(X509_NAME_ENTRY) *entries;
    X509_NAME_ENTRY *entry;
    if (len > X509_NAME_MAX)
        len = X509_NAME_MAX;
    q = p;

    /* Get internal representation of Name */
    ret = ASN1_item_ex_d2i(&intname.a,
                           &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
                           tag, aclass, opt, ctx);

    if (ret <= 0)
        return ret;

    if (*val)
        x509_name_ex_free(val, NULL);
    if (!x509_name_ex_new(&nm.a, NULL))
        goto err;
    /* We've decoded it: now cache encoding */
    if (!BUF_MEM_grow(nm.x->bytes, p - q))
        goto err;
    memcpy(nm.x->bytes->data, q, p - q);

    /* Convert internal representation to X509_NAME structure */
    for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
        entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
        for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
            entry = sk_X509_NAME_ENTRY_value(entries, j);
            entry->set = i;
            if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
                goto err;
        }
    }
    /*
     * All entries have now been pushed to nm->x.entries
     * free up the stacks in intname.s but not the entries
     * themselves.
     */
    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, sk_X509_NAME_ENTRY_free);
    intname.s = NULL;
    ret = x509_name_canon(nm.x);
    if (!ret)
        goto err;
    nm.x->modified = 0;
    *val = nm.a;
    *in = p;
    return ret;

 err:
    /* If intname.s is not NULL only some entries exist in nm->x.entries:
     * zero references in nm->x.entries list. Since all entries exist
     * in intname.s we can free them all there
     */
    if (intname.s != NULL) {
        sk_X509_NAME_ENTRY_zero(nm.x->entries);
        sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, name_entry_stack_free);
    }
    X509_NAME_free(nm.x);
    ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
    return 0;
}

static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
                            const ASN1_ITEM *it, int tag, int aclass)
{
    int ret;
    X509_NAME *a = (X509_NAME *)*val;
    if (a->modified) {
        ret = x509_name_encode(a);
        if (ret < 0)
            return ret;
        ret = x509_name_canon(a);
        if (ret < 0)
            return ret;
    }
    ret = a->bytes->length;
    if (out != NULL) {
        memcpy(*out, a->bytes->data, ret);
        *out += ret;
    }
    return ret;
}

static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
    sk_X509_NAME_ENTRY_free(ne);
}

static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
{
    sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
}

static int x509_name_encode(X509_NAME *a)
{
    union {
        STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
        ASN1_VALUE *a;
    } intname = {
        NULL
    };
    int len;
    unsigned char *p;
    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
    X509_NAME_ENTRY *entry;
    int i, set = -1;
    intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
    if (!intname.s)
        goto memerr;
    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
        if (entry->set != set) {
            entries = sk_X509_NAME_ENTRY_new_null();
            if (!entries)
                goto memerr;
            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries))
                goto memerr;
            set = entry->set;
        }
        if (!sk_X509_NAME_ENTRY_push(entries, entry))
            goto memerr;
    }
    len = ASN1_item_ex_i2d(&intname.a, NULL,
                           ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
    if (!BUF_MEM_grow(a->bytes, len))
        goto memerr;
    p = (unsigned char *)a->bytes->data;
    ASN1_item_ex_i2d(&intname.a,
                     &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
                                         local_sk_X509_NAME_ENTRY_free);
    a->modified = 0;
    return len;
 memerr:
    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
                                         local_sk_X509_NAME_ENTRY_free);
    ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
    return -1;
}

static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval,
                              int indent,
                              const char *fname, const ASN1_PCTX *pctx)
{
    if (X509_NAME_print_ex(out, (const X509_NAME *)*pval,
                           indent, pctx->nm_flags) <= 0)
        return 0;
    return 2;
}

/*
 * This function generates the canonical encoding of the Name structure. In
 * it all strings are converted to UTF8, leading, trailing and multiple
 * spaces collapsed, converted to lower case and the leading SEQUENCE header
 * removed. In future we could also normalize the UTF8 too. By doing this
 * comparison of Name structures can be rapidly performed by just using
 * memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
 * constraints of type dirName can also be checked with a simple memcmp().
 */

static int x509_name_canon(X509_NAME *a)
{
    unsigned char *p;
    STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
    STACK_OF(X509_NAME_ENTRY) *entries = NULL;
    X509_NAME_ENTRY *entry, *tmpentry = NULL;
    int i, set = -1, ret = 0, len;

    OPENSSL_free(a->canon_enc);
    a->canon_enc = NULL;
    /* Special case: empty X509_NAME => null encoding */
    if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
        a->canon_enclen = 0;
        return 1;
    }
    intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
    if (!intname)
        goto err;
    for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
        entry = sk_X509_NAME_ENTRY_value(a->entries, i);
        if (entry->set != set) {
            entries = sk_X509_NAME_ENTRY_new_null();
            if (!entries)
                goto err;
            if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
                goto err;
            set = entry->set;
        }
        tmpentry = X509_NAME_ENTRY_new();
        if (tmpentry == NULL)
            goto err;
        tmpentry->object = OBJ_dup(entry->object);
        if (tmpentry->object == NULL)
            goto err;
        if (!asn1_string_canon(tmpentry->value, entry->value))
            goto err;
        if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
            goto err;
        tmpentry = NULL;
    }

    /* Finally generate encoding */

    len = i2d_name_canon(intname, NULL);
    if (len < 0)
        goto err;
    a->canon_enclen = len;

    p = OPENSSL_malloc(a->canon_enclen);

    if (p == NULL)
        goto err;

    a->canon_enc = p;

    i2d_name_canon(intname, &p);

    ret = 1;

 err:

    X509_NAME_ENTRY_free(tmpentry);
    sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
                                         local_sk_X509_NAME_ENTRY_pop_free);
    return ret;
}

/* Bitmap of all the types of string that will be canonicalized. */

#define ASN1_MASK_CANON \
        (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
        | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
        | B_ASN1_VISIBLESTRING)

static int asn1_string_canon(ASN1_STRING *out, const ASN1_STRING *in)
{
    unsigned char *to, *from;
    int len, i;

    /* If type not in bitmask just copy string across */
    if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
        if (!ASN1_STRING_copy(out, in))
            return 0;
        return 1;
    }

    out->type = V_ASN1_UTF8STRING;
    out->length = ASN1_STRING_to_UTF8(&out->data, in);
    if (out->length == -1)
        return 0;

    to = out->data;
    from = to;

    len = out->length;

    /*
     * Convert string in place to canonical form. Ultimately we may need to
     * handle a wider range of characters but for now ignore anything with
     * MSB set and rely on the isspace() and tolower() functions.
     */

    /* Ignore leading spaces */
    while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
        from++;
        len--;
    }

    to = from + len;

    /* Ignore trailing spaces */
    while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) {
        to--;
        len--;
    }

    to = out->data;

    i = 0;
    while (i < len) {
        /* If MSB set just copy across */
        if (*from & 0x80) {
            *to++ = *from++;
            i++;
        }
        /* Collapse multiple spaces */
        else if (isspace(*from)) {
            /* Copy one space across */
            *to++ = ' ';
            /*
             * Ignore subsequent spaces. Note: don't need to check len here
             * because we know the last character is a non-space so we can't
             * overflow.
             */
            do {
                from++;
                i++;
            }
            while (!(*from & 0x80) && isspace(*from));
        } else {
            *to++ = tolower(*from);
            from++;
            i++;
        }
    }

    out->length = to - out->data;

    return 1;

}

static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
                          unsigned char **in)
{
    int i, len, ltmp;
    ASN1_VALUE *v;
    STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;

    len = 0;
    for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
        v = sk_ASN1_VALUE_value(intname, i);
        ltmp = ASN1_item_ex_i2d(&v, in,
                                ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
        if (ltmp < 0)
            return ltmp;
        len += ltmp;
    }
    return len;
}

int X509_NAME_set(X509_NAME **xn, X509_NAME *name)
{
    X509_NAME *in;

    if (!xn || !name)
        return (0);

    if (*xn != name) {
        in = X509_NAME_dup(name);
        if (in != NULL) {
            X509_NAME_free(*xn);
            *xn = in;
        }
    }
    return (*xn != NULL);
}

int X509_NAME_print(BIO *bp, const X509_NAME *name, int obase)
{
    char *s, *c, *b;
    int l, i;

    l = 80 - 2 - obase;

    b = X509_NAME_oneline(name, NULL, 0);
    if (!b)
        return 0;
    if (!*b) {
        OPENSSL_free(b);
        return 1;
    }
    s = b + 1;                  /* skip the first slash */

    c = s;
    for (;;) {
#ifndef CHARSET_EBCDIC
        if (((*s == '/') &&
             ((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') ||
                                                 ((s[2] >= 'A')
                                                  && (s[2] <= 'Z')
                                                  && (s[3] == '='))
              ))) || (*s == '\0'))
#else
        if (((*s == '/') &&
             (isupper(s[1]) && ((s[2] == '=') ||
                                (isupper(s[2]) && (s[3] == '='))
              ))) || (*s == '\0'))
#endif
        {
            i = s - c;
            if (BIO_write(bp, c, i) != i)
                goto err;
            c = s + 1;          /* skip following slash */
            if (*s != '\0') {
                if (BIO_write(bp, ", ", 2) != 2)
                    goto err;
            }
            l--;
        }
        if (*s == '\0')
            break;
        s++;
        l--;
    }

    OPENSSL_free(b);
    return 1;
 err:
    X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
    OPENSSL_free(b);
    return 0;
}

int X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder,
                       size_t *pderlen)
{
    /* Make sure encoding is valid */
    if (i2d_X509_NAME(nm, NULL) <= 0)
        return 0;
    if (pder != NULL)
        *pder = (unsigned char *)nm->bytes->data;
    if (pderlen != NULL)
        *pderlen = nm->bytes->length;
    return 1;
}
Commit	Line	Data
b1322259 RS	1	/*
b1322259 RS	2	* Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
0f113f3e	3	*
b1322259 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
	9
	10	#include <stdio.h>
450ea834	11	#include <ctype.h>
b39fc560	12	#include "internal/cryptlib.h"
9d6b1ce6	13	#include <openssl/asn1t.h>
f0e8ae72	14	#include <openssl/x509.h>
2743e38c DSH	15	#include "internal/x509_int.h"
2743e38c DSH	16	#include "internal/asn1_int.h"
4a1f3f27	17	#include "x509_lcl.h"
5ce278a7	18
295f3a24 DSH	19	/*
	20	* Maximum length of X509_NAME: much larger than anything we should
	21	* ever see in practice.
	22	*/
	23
	24	#define X509_NAME_MAX (1024 * 1024)
	25
450ea834	26	static int x509_name_ex_d2i(ASN1_VALUE **val,
0f113f3e MC	27	const unsigned char **in, long len,
	28	const ASN1_ITEM *it,
	29	int tag, int aclass, char opt, ASN1_TLC *ctx);
d02b48c6	30
450ea834	31	static int x509_name_ex_i2d(ASN1_VALUE val, unsigned char out,
0f113f3e	32	const ASN1_ITEM *it, int tag, int aclass);
9d6b1ce6 DSH	33	static int x509_name_ex_new(ASN1_VALUE *val, const ASN1_ITEM it);
9d6b1ce6 DSH	34	static void x509_name_ex_free(ASN1_VALUE *val, const ASN1_ITEM it);
d02b48c6	35
9d6b1ce6	36	static int x509_name_encode(X509_NAME *a);
450ea834	37	static int x509_name_canon(X509_NAME *a);
08275a29	38	static int asn1_string_canon(ASN1_STRING out, const ASN1_STRING in);
0f113f3e MC	39	static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * intname,
0f113f3e MC	40	unsigned char **in);
1ef7acfe DSH	41
1ef7acfe DSH	42	static int x509_name_ex_print(BIO out, ASN1_VALUE *pval,
0f113f3e MC	43	int indent,
0f113f3e MC	44	const char fname, const ASN1_PCTX pctx);
1ef7acfe	45
9d6b1ce6	46	ASN1_SEQUENCE(X509_NAME_ENTRY) = {
0f113f3e MC	47	ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT),
0f113f3e MC	48	ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE)
d339187b	49	} ASN1_SEQUENCE_END(X509_NAME_ENTRY)
d02b48c6	50
9d6b1ce6	51	IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY)
1241126a	52	IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY)
d02b48c6	53
0f113f3e MC	54	/*
	55	* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } so
	56	* declare two template wrappers for this
9d6b1ce6	57	*/
d02b48c6	58
9d6b1ce6	59	ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) =
0f113f3e	60	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY)
df2ee0e2	61	static_ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES)
d02b48c6	62
9d6b1ce6	63	ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) =
0f113f3e	64	ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES)
df2ee0e2	65	static_ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL)
d02b48c6	66
0f113f3e MC	67	/*
0f113f3e MC	68	* Normally that's where it would end: we'd have two nested STACK structures
9d6b1ce6	69	* representing the ASN1. Unfortunately X509_NAME uses a completely different
0f113f3e MC	70	* form and caches encodings so we have to process the internal form and
0f113f3e MC	71	* convert to the external form.
9d6b1ce6	72	*/
d02b48c6	73
df2ee0e2	74	static const ASN1_EXTERN_FUNCS x509_name_ff = {
0f113f3e MC	75	NULL,
	76	x509_name_ex_new,
	77	x509_name_ex_free,
	78	0, /* Default clear behaviour is OK */
	79	x509_name_ex_d2i,
	80	x509_name_ex_i2d,
	81	x509_name_ex_print
9d6b1ce6	82	};
d02b48c6	83
0f113f3e	84	IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff)
d02b48c6	85
9d6b1ce6	86	IMPLEMENT_ASN1_FUNCTIONS(X509_NAME)
0f113f3e	87
1241126a	88	IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME)
d02b48c6	89
9d6b1ce6 DSH	90	static int x509_name_ex_new(ASN1_VALUE *val, const ASN1_ITEM it)
9d6b1ce6 DSH	91	{
64b25758	92	X509_NAME ret = OPENSSL_zalloc(sizeof(ret));
b4faea50	93
90945fa3	94	if (ret == NULL)
0f113f3e MC	95	goto memerr;
	96	if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
	97	goto memerr;
	98	if ((ret->bytes = BUF_MEM_new()) == NULL)
	99	goto memerr;
0f113f3e MC	100	ret->modified = 1;
	101	val = (ASN1_VALUE )ret;
	102	return 1;
bad40585 BM	103
bad40585 BM	104	memerr:
0f113f3e MC	105	ASN1err(ASN1_F_X509_NAME_EX_NEW, ERR_R_MALLOC_FAILURE);
0f113f3e MC	106	if (ret) {
222561fe	107	sk_X509_NAME_ENTRY_free(ret->entries);
0f113f3e MC	108	OPENSSL_free(ret);
	109	}
	110	return 0;
9d6b1ce6 DSH	111	}
	112
	113	static void x509_name_ex_free(ASN1_VALUE *pval, const ASN1_ITEM it)
	114	{
0f113f3e	115	X509_NAME *a;
222561fe	116
0f113f3e MC	117	if (!pval \|\| !*pval)
	118	return;
	119	a = (X509_NAME )pval;
	120
	121	BUF_MEM_free(a->bytes);
	122	sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
b548a1f1	123	OPENSSL_free(a->canon_enc);
0f113f3e MC	124	OPENSSL_free(a);
0f113f3e MC	125	*pval = NULL;
9d6b1ce6 DSH	126	}
9d6b1ce6 DSH	127
6dcba070 DSH	128	static void name_entry_stack_free(STACK_OF(X509_NAME_ENTRY) *ents)
	129	{
	130	sk_X509_NAME_ENTRY_pop_free(ents, X509_NAME_ENTRY_free);
	131	}
	132
450ea834	133	static int x509_name_ex_d2i(ASN1_VALUE **val,
0f113f3e MC	134	const unsigned char **in, long len,
	135	const ASN1_ITEM *it, int tag, int aclass,
	136	char opt, ASN1_TLC *ctx)
9d6b1ce6	137	{
0f113f3e MC	138	const unsigned char p = in, *q;
	139	union {
	140	STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
	141	ASN1_VALUE *a;
	142	} intname = {
	143	NULL
	144	};
	145	union {
	146	X509_NAME *x;
	147	ASN1_VALUE *a;
	148	} nm = {
	149	NULL
	150	};
	151	int i, j, ret;
	152	STACK_OF(X509_NAME_ENTRY) *entries;
	153	X509_NAME_ENTRY *entry;
4e0d184a DSH	154	if (len > X509_NAME_MAX)
4e0d184a DSH	155	len = X509_NAME_MAX;
0f113f3e MC	156	q = p;
	157
	158	/* Get internal representation of Name */
	159	ret = ASN1_item_ex_d2i(&intname.a,
	160	&p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL),
	161	tag, aclass, opt, ctx);
	162
	163	if (ret <= 0)
	164	return ret;
	165
	166	if (*val)
	167	x509_name_ex_free(val, NULL);
	168	if (!x509_name_ex_new(&nm.a, NULL))
	169	goto err;
	170	/* We've decoded it: now cache encoding */
	171	if (!BUF_MEM_grow(nm.x->bytes, p - q))
	172	goto err;
	173	memcpy(nm.x->bytes->data, q, p - q);
	174
	175	/* Convert internal representation to X509_NAME structure */
	176	for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
	177	entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
	178	for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
	179	entry = sk_X509_NAME_ENTRY_value(entries, j);
	180	entry->set = i;
6dcba070	181	if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
0f113f3e MC	182	goto err;
0f113f3e MC	183	}
0f113f3e	184	}
6dcba070 DSH	185	/*
	186	* All entries have now been pushed to nm->x.entries
	187	* free up the stacks in intname.s but not the entries
	188	* themselves.
	189	*/
	190	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, sk_X509_NAME_ENTRY_free);
02f730b3	191	intname.s = NULL;
0f113f3e MC	192	ret = x509_name_canon(nm.x);
	193	if (!ret)
	194	goto err;
	195	nm.x->modified = 0;
	196	*val = nm.a;
	197	*in = p;
	198	return ret;
02f730b3	199
0f113f3e	200	err:
6dcba070 DSH	201	/* If intname.s is not NULL only some entries exist in nm->x.entries:
	202	* zero references in nm->x.entries list. Since all entries exist
	203	* in intname.s we can free them all there
	204	*/
	205	if (intname.s != NULL) {
	206	sk_X509_NAME_ENTRY_zero(nm.x->entries);
	207	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s, name_entry_stack_free);
	208	}
222561fe	209	X509_NAME_free(nm.x);
0f113f3e MC	210	ASN1err(ASN1_F_X509_NAME_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
0f113f3e MC	211	return 0;
9d6b1ce6 DSH	212	}
9d6b1ce6 DSH	213
0f113f3e MC	214	static int x509_name_ex_i2d(ASN1_VALUE val, unsigned char out,
0f113f3e MC	215	const ASN1_ITEM *it, int tag, int aclass)
9d6b1ce6	216	{
0f113f3e MC	217	int ret;
	218	X509_NAME a = (X509_NAME )*val;
	219	if (a->modified) {
	220	ret = x509_name_encode(a);
	221	if (ret < 0)
	222	return ret;
	223	ret = x509_name_canon(a);
	224	if (ret < 0)
	225	return ret;
	226	}
	227	ret = a->bytes->length;
	228	if (out != NULL) {
	229	memcpy(*out, a->bytes->data, ret);
	230	*out += ret;
	231	}
	232	return ret;
9d6b1ce6	233	}
d02b48c6	234
5ce278a7	235	static void local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
0f113f3e MC	236	{
	237	sk_X509_NAME_ENTRY_free(ne);
	238	}
5ce278a7	239
6cb9fca7	240	static void local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
0f113f3e MC	241	{
	242	sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
	243	}
6cb9fca7	244
9d6b1ce6 DSH	245	static int x509_name_encode(X509_NAME *a)
9d6b1ce6 DSH	246	{
0f113f3e MC	247	union {
	248	STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
	249	ASN1_VALUE *a;
	250	} intname = {
	251	NULL
	252	};
	253	int len;
	254	unsigned char *p;
	255	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
	256	X509_NAME_ENTRY *entry;
	257	int i, set = -1;
	258	intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
	259	if (!intname.s)
	260	goto memerr;
	261	for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
	262	entry = sk_X509_NAME_ENTRY_value(a->entries, i);
	263	if (entry->set != set) {
	264	entries = sk_X509_NAME_ENTRY_new_null();
	265	if (!entries)
	266	goto memerr;
	267	if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s, entries))
	268	goto memerr;
	269	set = entry->set;
	270	}
	271	if (!sk_X509_NAME_ENTRY_push(entries, entry))
	272	goto memerr;
	273	}
	274	len = ASN1_item_ex_i2d(&intname.a, NULL,
	275	ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
	276	if (!BUF_MEM_grow(a->bytes, len))
	277	goto memerr;
	278	p = (unsigned char *)a->bytes->data;
	279	ASN1_item_ex_i2d(&intname.a,
	280	&p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1);
	281	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
	282	local_sk_X509_NAME_ENTRY_free);
	283	a->modified = 0;
	284	return len;
	285	memerr:
	286	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
	287	local_sk_X509_NAME_ENTRY_free);
	288	ASN1err(ASN1_F_X509_NAME_ENCODE, ERR_R_MALLOC_FAILURE);
	289	return -1;
9d6b1ce6 DSH	290	}
9d6b1ce6 DSH	291
1ef7acfe	292	static int x509_name_ex_print(BIO out, ASN1_VALUE *pval,
0f113f3e MC	293	int indent,
	294	const char fname, const ASN1_PCTX pctx)
	295	{
9f5466b9	296	if (X509_NAME_print_ex(out, (const X509_NAME )pval,
0f113f3e MC	297	indent, pctx->nm_flags) <= 0)
	298	return 0;
	299	return 2;
	300	}
	301
	302	/*
	303	* This function generates the canonical encoding of the Name structure. In
	304	* it all strings are converted to UTF8, leading, trailing and multiple
	305	* spaces collapsed, converted to lower case and the leading SEQUENCE header
	306	* removed. In future we could also normalize the UTF8 too. By doing this
0d4fb843	307	* comparison of Name structures can be rapidly performed by just using
0f113f3e MC	308	* memcmp() of the canonical encoding. By omitting the leading SEQUENCE name
0f113f3e MC	309	* constraints of type dirName can also be checked with a simple memcmp().
450ea834 DSH	310	*/
	311
	312	static int x509_name_canon(X509_NAME *a)
0f113f3e MC	313	{
	314	unsigned char *p;
	315	STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
	316	STACK_OF(X509_NAME_ENTRY) *entries = NULL;
	317	X509_NAME_ENTRY entry, tmpentry = NULL;
ed3eb5e0	318	int i, set = -1, ret = 0, len;
0f113f3e	319
b548a1f1 RS	320	OPENSSL_free(a->canon_enc);
b548a1f1 RS	321	a->canon_enc = NULL;
0f113f3e MC	322	/* Special case: empty X509_NAME => null encoding */
	323	if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
	324	a->canon_enclen = 0;
	325	return 1;
	326	}
	327	intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
	328	if (!intname)
	329	goto err;
	330	for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
	331	entry = sk_X509_NAME_ENTRY_value(a->entries, i);
	332	if (entry->set != set) {
	333	entries = sk_X509_NAME_ENTRY_new_null();
	334	if (!entries)
	335	goto err;
	336	if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname, entries))
	337	goto err;
	338	set = entry->set;
	339	}
	340	tmpentry = X509_NAME_ENTRY_new();
90945fa3	341	if (tmpentry == NULL)
0f113f3e MC	342	goto err;
0f113f3e MC	343	tmpentry->object = OBJ_dup(entry->object);
5ab0b7e6 F	344	if (tmpentry->object == NULL)
5ab0b7e6 F	345	goto err;
0f113f3e MC	346	if (!asn1_string_canon(tmpentry->value, entry->value))
	347	goto err;
	348	if (!sk_X509_NAME_ENTRY_push(entries, tmpentry))
	349	goto err;
	350	tmpentry = NULL;
	351	}
	352
	353	/* Finally generate encoding */
	354
ed3eb5e0 MC	355	len = i2d_name_canon(intname, NULL);
	356	if (len < 0)
	357	goto err;
	358	a->canon_enclen = len;
0f113f3e MC	359
	360	p = OPENSSL_malloc(a->canon_enclen);
	361
90945fa3	362	if (p == NULL)
0f113f3e MC	363	goto err;
	364
	365	a->canon_enc = p;
	366
	367	i2d_name_canon(intname, &p);
	368
	369	ret = 1;
	370
	371	err:
	372
222561fe RS	373	X509_NAME_ENTRY_free(tmpentry);
	374	sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
	375	local_sk_X509_NAME_ENTRY_pop_free);
0f113f3e MC	376	return ret;
0f113f3e MC	377	}
450ea834 DSH	378
	379	/* Bitmap of all the types of string that will be canonicalized. */
	380
0f113f3e MC	381	#define ASN1_MASK_CANON \
	382	(B_ASN1_UTF8STRING \| B_ASN1_BMPSTRING \| B_ASN1_UNIVERSALSTRING \
	383	\| B_ASN1_PRINTABLESTRING \| B_ASN1_T61STRING \| B_ASN1_IA5STRING \
	384	\| B_ASN1_VISIBLESTRING)
450ea834	385
08275a29	386	static int asn1_string_canon(ASN1_STRING out, const ASN1_STRING in)
0f113f3e MC	387	{
	388	unsigned char to, from;
	389	int len, i;
	390
	391	/* If type not in bitmask just copy string across */
	392	if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
	393	if (!ASN1_STRING_copy(out, in))
	394	return 0;
	395	return 1;
	396	}
	397
	398	out->type = V_ASN1_UTF8STRING;
	399	out->length = ASN1_STRING_to_UTF8(&out->data, in);
	400	if (out->length == -1)
	401	return 0;
	402
	403	to = out->data;
	404	from = to;
	405
	406	len = out->length;
	407
	408	/*
	409	* Convert string in place to canonical form. Ultimately we may need to
	410	* handle a wider range of characters but for now ignore anything with
	411	* MSB set and rely on the isspace() and tolower() functions.
	412	*/
	413
	414	/* Ignore leading spaces */
	415	while ((len > 0) && !(from & 0x80) && isspace(from)) {
	416	from++;
	417	len--;
	418	}
	419
3892b957	420	to = from + len;
0f113f3e MC	421
0f113f3e MC	422	/* Ignore trailing spaces */
3892b957	423	while ((len > 0) && !(to[-1] & 0x80) && isspace(to[-1])) {
0f113f3e MC	424	to--;
	425	len--;
	426	}
	427
	428	to = out->data;
	429
	430	i = 0;
	431	while (i < len) {
	432	/* If MSB set just copy across */
	433	if (*from & 0x80) {
	434	to++ = from++;
	435	i++;
	436	}
	437	/* Collapse multiple spaces */
	438	else if (isspace(*from)) {
	439	/* Copy one space across */
	440	*to++ = ' ';
	441	/*
	442	* Ignore subsequent spaces. Note: don't need to check len here
	443	* because we know the last character is a non-space so we can't
	444	* overflow.
	445	*/
	446	do {
	447	from++;
	448	i++;
	449	}
	450	while (!(from & 0x80) && isspace(from));
	451	} else {
	452	to++ = tolower(from);
	453	from++;
	454	i++;
	455	}
	456	}
	457
	458	out->length = to - out->data;
	459
	460	return 1;
	461
	462	}
	463
	464	static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) * _intname,
	465	unsigned char **in)
	466	{
	467	int i, len, ltmp;
	468	ASN1_VALUE *v;
	469	STACK_OF(ASN1_VALUE) intname = (STACK_OF(ASN1_VALUE) )_intname;
	470
	471	len = 0;
	472	for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
	473	v = sk_ASN1_VALUE_value(intname, i);
	474	ltmp = ASN1_item_ex_i2d(&v, in,
	475	ASN1_ITEM_rptr(X509_NAME_ENTRIES), -1, -1);
	476	if (ltmp < 0)
	477	return ltmp;
	478	len += ltmp;
	479	}
	480	return len;
	481	}
d02b48c6	482
6b691a5c	483	int X509_NAME_set(X509_NAME *xn, X509_NAME name)
0f113f3e MC	484	{
	485	X509_NAME *in;
	486
	487	if (!xn \|\| !name)
	488	return (0);
	489
	490	if (*xn != name) {
	491	in = X509_NAME_dup(name);
	492	if (in != NULL) {
	493	X509_NAME_free(*xn);
	494	*xn = in;
	495	}
	496	}
	497	return (*xn != NULL);
	498	}
0d0099ea	499
9f5466b9	500	int X509_NAME_print(BIO bp, const X509_NAME name, int obase)
0d0099ea DSH	501	{
	502	char s, c, *b;
	503	int l, i;
	504
	505	l = 80 - 2 - obase;
	506
	507	b = X509_NAME_oneline(name, NULL, 0);
	508	if (!b)
	509	return 0;
	510	if (!*b) {
	511	OPENSSL_free(b);
	512	return 1;
	513	}
	514	s = b + 1; /* skip the first slash */
	515
	516	c = s;
	517	for (;;) {
	518	#ifndef CHARSET_EBCDIC
	519	if (((*s == '/') &&
	520	((s[1] >= 'A') && (s[1] <= 'Z') && ((s[2] == '=') \|\|
	521	((s[2] >= 'A')
	522	&& (s[2] <= 'Z')
	523	&& (s[3] == '='))
	524	))) \|\| (*s == '\0'))
	525	#else
	526	if (((*s == '/') &&
	527	(isupper(s[1]) && ((s[2] == '=') \|\|
	528	(isupper(s[2]) && (s[3] == '='))
	529	))) \|\| (*s == '\0'))
	530	#endif
	531	{
	532	i = s - c;
	533	if (BIO_write(bp, c, i) != i)
	534	goto err;
	535	c = s + 1; /* skip following slash */
	536	if (*s != '\0') {
	537	if (BIO_write(bp, ", ", 2) != 2)
	538	goto err;
	539	}
	540	l--;
	541	}
	542	if (*s == '\0')
	543	break;
	544	s++;
	545	l--;
	546	}
	547
	548	OPENSSL_free(b);
	549	return 1;
	550	err:
	551	X509err(X509_F_X509_NAME_PRINT, ERR_R_BUF_LIB);
	552	OPENSSL_free(b);
	553	return 0;
	554	}
7ab50749	555
6eabcc83 MC	556	int X509_NAME_get0_der(X509_NAME nm, const unsigned char *pder,
6eabcc83 MC	557	size_t *pderlen)
7ab50749 DSH	558	{
	559	/* Make sure encoding is valid */
	560	if (i2d_X509_NAME(nm, NULL) <= 0)
	561	return 0;
	562	if (pder != NULL)
	563	pder = (unsigned char )nm->bytes->data;
	564	if (pderlen != NULL)
	565	*pderlen = nm->bytes->length;
	566	return 1;
	567	}