1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
57 #include <openssl/x509.h>
59 #include <openssl/asn1.h>
60 #include <openssl/err.h>
61 #include <openssl/mem.h>
62 #include <openssl/obj.h>
63 #include <openssl/x509v3.h>
66 #define ASN1_GEN_FLAG 0x10000
67 #define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
68 #define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
69 #define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
70 #define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
71 #define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
72 #define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
73 #define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
74 #define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
76 #define ASN1_GEN_STR(str,val) {str, sizeof(str) - 1, val}
78 #define ASN1_FLAG_EXP_MAX 20
83 #define ASN1_GEN_FORMAT_ASCII 1
85 #define ASN1_GEN_FORMAT_UTF8 2
87 #define ASN1_GEN_FORMAT_HEX 3
89 #define ASN1_GEN_FORMAT_BITLIST 4
115 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
119 static int bitstr_cb(const char *elem, int len, void *bitstr);
120 static int asn1_cb(const char *elem, int len, void *bitstr);
121 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok);
122 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
123 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
124 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
125 static int asn1_str2tag(const char *tagstr, int len);
127 ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
132 return ASN1_generate_v3(str, NULL);
134 X509V3_set_nconf(&cnf, nconf);
135 return ASN1_generate_v3(str, &cnf);
138 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
141 tag_exp_arg asn1_tags;
146 unsigned char *orig_der = NULL, *new_der = NULL;
147 const unsigned char *cpy_start;
149 const unsigned char *cp;
152 int hdr_constructed = 0, hdr_tag, hdr_class;
155 asn1_tags.imp_tag = -1;
156 asn1_tags.imp_class = -1;
157 asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
158 asn1_tags.exp_count = 0;
159 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
162 if ((asn1_tags.utype == V_ASN1_SEQUENCE) || (asn1_tags.utype == V_ASN1_SET))
166 OPENSSL_PUT_ERROR(X509, ASN1_generate_v3, ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
169 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
172 ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
177 /* If no tagging return base type */
178 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
181 /* Generate the encoding */
182 cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
185 /* Set point to start copying for modified encoding */
186 cpy_start = orig_der;
188 /* Do we need IMPLICIT tagging? */
189 if (asn1_tags.imp_tag != -1)
191 /* If IMPLICIT we will replace the underlying tag */
192 /* Skip existing tag+len */
193 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag, &hdr_class, cpy_len);
196 /* Update copy length */
197 cpy_len -= cpy_start - orig_der;
198 /* For IMPLICIT tagging the length should match the
199 * original length and constructed flag should be
204 /* Indefinite length constructed */
209 /* Just retain constructed flag */
210 hdr_constructed = r & V_ASN1_CONSTRUCTED;
211 /* Work out new length with IMPLICIT tag: ignore constructed
212 * because it will mess up if indefinite length
214 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
219 /* Work out length in any EXPLICIT, starting from end */
221 for(i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1; i < asn1_tags.exp_count; i++, etmp--)
223 /* Content length: number of content octets + any padding */
224 len += etmp->exp_pad;
226 /* Total object length: length including new header */
227 len = ASN1_object_size(0, len, etmp->exp_tag);
230 /* Allocate buffer for new encoding */
232 new_der = OPENSSL_malloc(len);
236 /* Generate tagged encoding */
240 /* Output explicit tags first */
242 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count; i++, etmp++)
244 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
245 etmp->exp_tag, etmp->exp_class);
250 /* If IMPLICIT, output tag */
252 if (asn1_tags.imp_tag != -1)
254 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
255 && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
256 || asn1_tags.imp_tag == V_ASN1_SET) )
257 hdr_constructed = V_ASN1_CONSTRUCTED;
258 ASN1_put_object(&p, hdr_constructed, hdr_len,
259 asn1_tags.imp_tag, asn1_tags.imp_class);
262 /* Copy across original encoding */
263 memcpy(p, cpy_start, cpy_len);
267 /* Obtain new ASN1_TYPE structure */
268 ret = d2i_ASN1_TYPE(NULL, &cp, len);
272 OPENSSL_free(orig_der);
274 OPENSSL_free(new_der);
280 static int asn1_cb(const char *elem, int len, void *bitstr)
282 tag_exp_arg *arg = bitstr;
286 const char *p, *vstart = NULL;
288 int tmp_tag, tmp_class;
290 for(i = 0, p = elem; i < len; p++, i++)
292 /* Look for the ':' in name value pairs */
296 vlen = len - (vstart - elem);
302 utype = asn1_str2tag(elem, len);
306 OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_TAG);
307 ERR_add_error_data(2, "tag=", elem);
311 /* If this is not a modifier mark end of string and exit */
312 if (!(utype & ASN1_GEN_FLAG))
316 /* If no value and not end of string, error */
317 if (!vstart && elem[len])
319 OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_MISSING_VALUE);
328 case ASN1_GEN_FLAG_IMP:
329 /* Check for illegal multiple IMPLICIT tagging */
330 if (arg->imp_tag != -1)
332 OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_ILLEGAL_NESTED_TAGGING);
335 if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class))
339 case ASN1_GEN_FLAG_EXP:
341 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
343 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
347 case ASN1_GEN_FLAG_SEQWRAP:
348 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
352 case ASN1_GEN_FLAG_SETWRAP:
353 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
357 case ASN1_GEN_FLAG_BITWRAP:
358 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
362 case ASN1_GEN_FLAG_OCTWRAP:
363 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
367 case ASN1_GEN_FLAG_FORMAT:
368 if (!strncmp(vstart, "ASCII", 5))
369 arg->format = ASN1_GEN_FORMAT_ASCII;
370 else if (!strncmp(vstart, "UTF8", 4))
371 arg->format = ASN1_GEN_FORMAT_UTF8;
372 else if (!strncmp(vstart, "HEX", 3))
373 arg->format = ASN1_GEN_FORMAT_HEX;
374 else if (!strncmp(vstart, "BITLIST", 3))
375 arg->format = ASN1_GEN_FORMAT_BITLIST;
378 OPENSSL_PUT_ERROR(X509, asn1_cb, ASN1_R_UNKNOWN_FORMAT);
389 static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
396 tag_num = strtoul(vstart, &eptr, 10);
397 /* Check we haven't gone past max length: should be impossible */
398 if (eptr && *eptr && (eptr > vstart + vlen))
402 OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_NUMBER);
406 /* If we have non numeric characters, parse them */
408 vlen -= eptr - vstart;
417 *pclass = V_ASN1_UNIVERSAL;
421 *pclass = V_ASN1_APPLICATION;
425 *pclass = V_ASN1_PRIVATE;
429 *pclass = V_ASN1_CONTEXT_SPECIFIC;
435 OPENSSL_PUT_ERROR(X509, parse_tagging, ASN1_R_INVALID_MODIFIER);
436 ERR_add_error_data(2, "Char=", erch);
443 *pclass = V_ASN1_CONTEXT_SPECIFIC;
449 /* Handle multiple types: SET and SEQUENCE */
451 static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
453 ASN1_TYPE *ret = NULL;
454 STACK_OF(ASN1_TYPE) *sk = NULL;
455 STACK_OF(CONF_VALUE) *sect = NULL;
456 unsigned char *der = NULL;
459 sk = sk_ASN1_TYPE_new_null();
466 sect = X509V3_get_section(cnf, (char *)section);
469 for (i = 0; i < sk_CONF_VALUE_num(sect); i++)
471 ASN1_TYPE *typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
474 if (!sk_ASN1_TYPE_push(sk, typ))
479 /* Now we has a STACK of the components, convert to the correct form */
481 if (utype == V_ASN1_SET)
482 derlen = i2d_ASN1_SET_ANY(sk, &der);
484 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
489 if (!(ret = ASN1_TYPE_new()))
492 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
497 ret->value.asn1_string->data = der;
498 ret->value.asn1_string->length = derlen;
508 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
510 X509V3_section_free(cnf, sect);
515 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed, int exp_pad, int imp_ok)
517 tag_exp_type *exp_tmp;
518 /* Can only have IMPLICIT if permitted */
519 if ((arg->imp_tag != -1) && !imp_ok)
521 OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_ILLEGAL_IMPLICIT_TAG);
525 if (arg->exp_count == ASN1_FLAG_EXP_MAX)
527 OPENSSL_PUT_ERROR(X509, append_exp, ASN1_R_DEPTH_EXCEEDED);
531 exp_tmp = &arg->exp_list[arg->exp_count++];
533 /* If IMPLICIT set tag to implicit value then
534 * reset implicit tag since it has been used.
536 if (arg->imp_tag != -1)
538 exp_tmp->exp_tag = arg->imp_tag;
539 exp_tmp->exp_class = arg->imp_class;
545 exp_tmp->exp_tag = exp_tag;
546 exp_tmp->exp_class = exp_class;
548 exp_tmp->exp_constructed = exp_constructed;
549 exp_tmp->exp_pad = exp_pad;
555 static int asn1_str2tag(const char *tagstr, int len)
558 static const struct tag_name_st *tntmp, tnst [] = {
559 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
560 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
561 ASN1_GEN_STR("NULL", V_ASN1_NULL),
562 ASN1_GEN_STR("INT", V_ASN1_INTEGER),
563 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
564 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
565 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
566 ASN1_GEN_STR("OID", V_ASN1_OBJECT),
567 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
568 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
569 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
570 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
571 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
572 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
573 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
574 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
575 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
576 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
577 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
578 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
579 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
580 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
581 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
582 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
583 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
584 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
585 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
586 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
587 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
588 ASN1_GEN_STR("T61", V_ASN1_T61STRING),
589 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
590 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
591 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
592 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
593 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
594 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
597 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
598 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
599 ASN1_GEN_STR("SET", V_ASN1_SET),
602 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
603 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
605 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
606 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
607 /* OCTET STRING wrapper */
608 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
609 /* SEQUENCE wrapper */
610 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
612 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
613 /* BIT STRING wrapper */
614 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
615 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
616 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
620 len = strlen(tagstr);
623 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st); i++, tntmp++)
625 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
632 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
634 ASN1_TYPE *atmp = NULL;
638 unsigned char *rdata;
643 if (!(atmp = ASN1_TYPE_new()))
645 OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);
658 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_NULL_VALUE);
664 if (format != ASN1_GEN_FORMAT_ASCII)
666 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_NOT_ASCII_FORMAT);
671 vtmp.value = (char *)str;
672 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean))
674 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BOOLEAN);
680 case V_ASN1_ENUMERATED:
681 if (format != ASN1_GEN_FORMAT_ASCII)
683 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_INTEGER_NOT_ASCII_FORMAT);
686 if (!(atmp->value.integer = s2i_ASN1_INTEGER(NULL, (char *)str)))
688 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_INTEGER);
694 if (format != ASN1_GEN_FORMAT_ASCII)
696 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_OBJECT_NOT_ASCII_FORMAT);
699 if (!(atmp->value.object = OBJ_txt2obj(str, 0)))
701 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_OBJECT);
707 case V_ASN1_GENERALIZEDTIME:
708 if (format != ASN1_GEN_FORMAT_ASCII)
710 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_TIME_NOT_ASCII_FORMAT);
713 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
715 OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);
718 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1))
720 OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);
723 atmp->value.asn1_string->type = utype;
724 if (!ASN1_TIME_check(atmp->value.asn1_string))
726 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_TIME_VALUE);
732 case V_ASN1_BMPSTRING:
733 case V_ASN1_PRINTABLESTRING:
734 case V_ASN1_IA5STRING:
735 case V_ASN1_T61STRING:
736 case V_ASN1_UTF8STRING:
737 case V_ASN1_VISIBLESTRING:
738 case V_ASN1_UNIVERSALSTRING:
739 case V_ASN1_GENERALSTRING:
740 case V_ASN1_NUMERICSTRING:
742 if (format == ASN1_GEN_FORMAT_ASCII)
743 format = MBSTRING_ASC;
744 else if (format == ASN1_GEN_FORMAT_UTF8)
745 format = MBSTRING_UTF8;
748 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_FORMAT);
753 if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str,
754 -1, format, ASN1_tag2bit(utype)) <= 0)
756 OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);
763 case V_ASN1_BIT_STRING:
765 case V_ASN1_OCTET_STRING:
767 if (!(atmp->value.asn1_string = ASN1_STRING_new()))
769 OPENSSL_PUT_ERROR(X509, asn1_str2type, ERR_R_MALLOC_FAILURE);
773 if (format == ASN1_GEN_FORMAT_HEX)
776 if (!(rdata = string_to_hex((char *)str, &rdlen)))
778 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_HEX);
782 atmp->value.asn1_string->data = rdata;
783 atmp->value.asn1_string->length = rdlen;
784 atmp->value.asn1_string->type = utype;
787 else if (format == ASN1_GEN_FORMAT_ASCII)
788 ASN1_STRING_set(atmp->value.asn1_string, str, -1);
789 else if ((format == ASN1_GEN_FORMAT_BITLIST) && (utype == V_ASN1_BIT_STRING))
791 if (!CONF_parse_list(str, ',', 1, bitstr_cb, atmp->value.bit_string))
793 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_LIST_ERROR);
801 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_ILLEGAL_BITSTRING_FORMAT);
805 if ((utype == V_ASN1_BIT_STRING) && no_unused)
807 atmp->value.asn1_string->flags
808 &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
809 atmp->value.asn1_string->flags
810 |= ASN1_STRING_FLAG_BITS_LEFT;
817 OPENSSL_PUT_ERROR(X509, asn1_str2type, ASN1_R_UNSUPPORTED_TYPE);
828 ERR_add_error_data(2, "string=", str);
831 ASN1_TYPE_free(atmp);
836 static int bitstr_cb(const char *elem, int len, void *bitstr)
842 bitnum = strtoul(elem, &eptr, 10);
843 if (eptr && *eptr && (eptr != elem + len))
847 OPENSSL_PUT_ERROR(X509, bitstr_cb, ASN1_R_INVALID_NUMBER);
850 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1))
852 OPENSSL_PUT_ERROR(X509, bitstr_cb, ERR_R_MALLOC_FAILURE);