2 * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
12 #include <openssl/asn1.h>
13 #include <openssl/asn1t.h>
14 #include <openssl/objects.h>
15 #include <openssl/buffer.h>
16 #include <openssl/err.h>
17 #include "asn1_locl.h"
19 static int asn1_item_embed_d2i(ASN1_VALUE
**pval
, const unsigned char **in
,
20 long len
, const ASN1_ITEM
*it
,
21 int tag
, int aclass
, char opt
, ASN1_TLC
*ctx
);
23 static int asn1_check_eoc(const unsigned char **in
, long len
);
24 static int asn1_find_end(const unsigned char **in
, long len
, char inf
);
26 static int asn1_collect(BUF_MEM
*buf
, const unsigned char **in
, long len
,
27 char inf
, int tag
, int aclass
, int depth
);
29 static int collect_data(BUF_MEM
*buf
, const unsigned char **p
, long plen
);
31 static int asn1_check_tlen(long *olen
, int *otag
, unsigned char *oclass
,
33 const unsigned char **in
, long len
,
34 int exptag
, int expclass
, char opt
, ASN1_TLC
*ctx
);
36 static int asn1_template_ex_d2i(ASN1_VALUE
**pval
,
37 const unsigned char **in
, long len
,
38 const ASN1_TEMPLATE
*tt
, char opt
,
40 static int asn1_template_noexp_d2i(ASN1_VALUE
**val
,
41 const unsigned char **in
, long len
,
42 const ASN1_TEMPLATE
*tt
, char opt
,
44 static int asn1_d2i_ex_primitive(ASN1_VALUE
**pval
,
45 const unsigned char **in
, long len
,
47 int tag
, int aclass
, char opt
,
49 static int asn1_ex_c2i(ASN1_VALUE
**pval
, const unsigned char *cont
, int len
,
50 int utype
, char *free_cont
, const ASN1_ITEM
*it
);
52 /* Table to convert tags to bit values, used for MSTRING type */
53 static const unsigned long tag2bit
[32] = {
55 0, 0, 0, B_ASN1_BIT_STRING
,
57 B_ASN1_OCTET_STRING
, 0, 0, B_ASN1_UNKNOWN
,
59 B_ASN1_UNKNOWN
, B_ASN1_UNKNOWN
, B_ASN1_UNKNOWN
, B_ASN1_UNKNOWN
,
61 B_ASN1_UTF8STRING
, B_ASN1_UNKNOWN
, B_ASN1_UNKNOWN
, B_ASN1_UNKNOWN
,
63 B_ASN1_SEQUENCE
, 0, B_ASN1_NUMERICSTRING
, B_ASN1_PRINTABLESTRING
,
65 B_ASN1_T61STRING
, B_ASN1_VIDEOTEXSTRING
, B_ASN1_IA5STRING
,
67 B_ASN1_UTCTIME
, B_ASN1_GENERALIZEDTIME
,
69 B_ASN1_GRAPHICSTRING
, B_ASN1_ISO64STRING
, B_ASN1_GENERALSTRING
,
71 B_ASN1_UNIVERSALSTRING
, B_ASN1_UNKNOWN
, B_ASN1_BMPSTRING
, B_ASN1_UNKNOWN
,
74 unsigned long ASN1_tag2bit(int tag
)
76 if ((tag
< 0) || (tag
> 30))
81 /* Macro to initialize and invalidate the cache */
83 #define asn1_tlc_clear(c) if (c) (c)->valid = 0
84 /* Version to avoid compiler warning about 'c' always non-NULL */
85 #define asn1_tlc_clear_nc(c) (c)->valid = 0
88 * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
89 * function. 'in' points to a buffer to read the data from, in future we
90 * will have more advanced versions that can input data a piece at a time and
91 * this will simply be a special case.
94 ASN1_VALUE
*ASN1_item_d2i(ASN1_VALUE
**pval
,
95 const unsigned char **in
, long len
,
99 ASN1_VALUE
*ptmpval
= NULL
;
102 asn1_tlc_clear_nc(&c
);
103 if (ASN1_item_ex_d2i(pval
, in
, len
, it
, -1, 0, 0, &c
) > 0)
108 int ASN1_item_ex_d2i(ASN1_VALUE
**pval
, const unsigned char **in
, long len
,
110 int tag
, int aclass
, char opt
, ASN1_TLC
*ctx
)
113 rv
= asn1_item_embed_d2i(pval
, in
, len
, it
, tag
, aclass
, opt
, ctx
);
115 ASN1_item_ex_free(pval
, it
);
120 * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
121 * tag mismatch return -1 to handle OPTIONAL
124 static int asn1_item_embed_d2i(ASN1_VALUE
**pval
, const unsigned char **in
,
125 long len
, const ASN1_ITEM
*it
,
126 int tag
, int aclass
, char opt
, ASN1_TLC
*ctx
)
128 const ASN1_TEMPLATE
*tt
, *errtt
= NULL
;
129 const ASN1_EXTERN_FUNCS
*ef
;
130 const ASN1_AUX
*aux
= it
->funcs
;
131 ASN1_aux_cb
*asn1_cb
;
132 const unsigned char *p
= NULL
, *q
;
133 unsigned char oclass
;
134 char seq_eoc
, seq_nolen
, cst
, isopt
;
142 if (aux
&& aux
->asn1_cb
)
143 asn1_cb
= aux
->asn1_cb
;
148 case ASN1_ITYPE_PRIMITIVE
:
151 * tagging or OPTIONAL is currently illegal on an item template
152 * because the flags can't get passed down. In practice this
153 * isn't a problem: we include the relevant flags from the item
154 * template in the template itself.
156 if ((tag
!= -1) || opt
) {
157 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
,
158 ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE
);
161 return asn1_template_ex_d2i(pval
, in
, len
,
162 it
->templates
, opt
, ctx
);
164 return asn1_d2i_ex_primitive(pval
, in
, len
, it
,
165 tag
, aclass
, opt
, ctx
);
167 case ASN1_ITYPE_MSTRING
:
169 /* Just read in tag and class */
170 ret
= asn1_check_tlen(NULL
, &otag
, &oclass
, NULL
, NULL
,
171 &p
, len
, -1, 0, 1, ctx
);
173 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ERR_R_NESTED_ASN1_ERROR
);
177 /* Must be UNIVERSAL class */
178 if (oclass
!= V_ASN1_UNIVERSAL
) {
179 /* If OPTIONAL, assume this is OK */
182 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_MSTRING_NOT_UNIVERSAL
);
185 /* Check tag matches bit map */
186 if (!(ASN1_tag2bit(otag
) & it
->utype
)) {
187 /* If OPTIONAL, assume this is OK */
190 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_MSTRING_WRONG_TAG
);
193 return asn1_d2i_ex_primitive(pval
, in
, len
, it
, otag
, 0, 0, ctx
);
195 case ASN1_ITYPE_EXTERN
:
196 /* Use new style d2i */
198 return ef
->asn1_ex_d2i(pval
, in
, len
, it
, tag
, aclass
, opt
, ctx
);
200 case ASN1_ITYPE_CHOICE
:
201 if (asn1_cb
&& !asn1_cb(ASN1_OP_D2I_PRE
, pval
, it
, NULL
))
204 /* Free up and zero CHOICE value if initialised */
205 i
= asn1_get_choice_selector(pval
, it
);
206 if ((i
>= 0) && (i
< it
->tcount
)) {
207 tt
= it
->templates
+ i
;
208 pchptr
= asn1_get_field_ptr(pval
, tt
);
209 asn1_template_free(pchptr
, tt
);
210 asn1_set_choice_selector(pval
, -1, it
);
212 } else if (!ASN1_item_ex_new(pval
, it
)) {
213 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ERR_R_NESTED_ASN1_ERROR
);
216 /* CHOICE type, try each possibility in turn */
218 for (i
= 0, tt
= it
->templates
; i
< it
->tcount
; i
++, tt
++) {
219 pchptr
= asn1_get_field_ptr(pval
, tt
);
221 * We mark field as OPTIONAL so its absence can be recognised.
223 ret
= asn1_template_ex_d2i(pchptr
, &p
, len
, tt
, 1, ctx
);
224 /* If field not present, try the next one */
228 * Set the choice selector here to ensure that the value is
229 * correctly freed upon error. It may be partially initialized
230 * even if parsing failed.
232 asn1_set_choice_selector(pval
, i
, it
);
233 /* If positive return, read OK, break loop */
236 /* Otherwise must be an ASN1 parsing error */
238 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ERR_R_NESTED_ASN1_ERROR
);
242 /* Did we fall off the end without reading anything? */
243 if (i
== it
->tcount
) {
244 /* If OPTIONAL, this is OK */
246 /* Free and zero it */
247 ASN1_item_ex_free(pval
, it
);
250 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_NO_MATCHING_CHOICE_TYPE
);
254 if (asn1_cb
&& !asn1_cb(ASN1_OP_D2I_POST
, pval
, it
, NULL
))
259 case ASN1_ITYPE_NDEF_SEQUENCE
:
260 case ASN1_ITYPE_SEQUENCE
:
264 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
266 tag
= V_ASN1_SEQUENCE
;
267 aclass
= V_ASN1_UNIVERSAL
;
269 /* Get SEQUENCE length and update len, p */
270 ret
= asn1_check_tlen(&len
, NULL
, NULL
, &seq_eoc
, &cst
,
271 &p
, len
, tag
, aclass
, opt
, ctx
);
273 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ERR_R_NESTED_ASN1_ERROR
);
275 } else if (ret
== -1)
277 if (aux
&& (aux
->flags
& ASN1_AFLG_BROKEN
)) {
278 len
= tmplen
- (p
- *in
);
281 /* If indefinite we don't do a length check */
285 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_SEQUENCE_NOT_CONSTRUCTED
);
289 if (!*pval
&& !ASN1_item_ex_new(pval
, it
)) {
290 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ERR_R_NESTED_ASN1_ERROR
);
294 if (asn1_cb
&& !asn1_cb(ASN1_OP_D2I_PRE
, pval
, it
, NULL
))
297 /* Free up and zero any ADB found */
298 for (i
= 0, tt
= it
->templates
; i
< it
->tcount
; i
++, tt
++) {
299 if (tt
->flags
& ASN1_TFLG_ADB_MASK
) {
300 const ASN1_TEMPLATE
*seqtt
;
301 ASN1_VALUE
**pseqval
;
302 seqtt
= asn1_do_adb(pval
, tt
, 1);
303 pseqval
= asn1_get_field_ptr(pval
, seqtt
);
304 asn1_template_free(pseqval
, seqtt
);
308 /* Get each field entry */
309 for (i
= 0, tt
= it
->templates
; i
< it
->tcount
; i
++, tt
++) {
310 const ASN1_TEMPLATE
*seqtt
;
311 ASN1_VALUE
**pseqval
;
312 seqtt
= asn1_do_adb(pval
, tt
, 1);
315 pseqval
= asn1_get_field_ptr(pval
, seqtt
);
316 /* Have we ran out of data? */
320 if (asn1_check_eoc(&p
, len
)) {
322 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_UNEXPECTED_EOC
);
331 * This determines the OPTIONAL flag value. The field cannot be
332 * omitted if it is the last of a SEQUENCE and there is still
333 * data to be read. This isn't strictly necessary but it
334 * increases efficiency in some cases.
336 if (i
== (it
->tcount
- 1))
339 isopt
= (char)(seqtt
->flags
& ASN1_TFLG_OPTIONAL
);
341 * attempt to read in field, allowing each to be OPTIONAL
344 ret
= asn1_template_ex_d2i(pseqval
, &p
, len
, seqtt
, isopt
, ctx
);
348 } else if (ret
== -1) {
350 * OPTIONAL component absent. Free and zero the field.
352 asn1_template_free(pseqval
, seqtt
);
359 /* Check for EOC if expecting one */
360 if (seq_eoc
&& !asn1_check_eoc(&p
, len
)) {
361 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_MISSING_EOC
);
364 /* Check all data read */
365 if (!seq_nolen
&& len
) {
366 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_SEQUENCE_LENGTH_MISMATCH
);
371 * If we get here we've got no more data in the SEQUENCE, however we
372 * may not have read all fields so check all remaining are OPTIONAL
373 * and clear any that are.
375 for (; i
< it
->tcount
; tt
++, i
++) {
376 const ASN1_TEMPLATE
*seqtt
;
377 seqtt
= asn1_do_adb(pval
, tt
, 1);
380 if (seqtt
->flags
& ASN1_TFLG_OPTIONAL
) {
381 ASN1_VALUE
**pseqval
;
382 pseqval
= asn1_get_field_ptr(pval
, seqtt
);
383 asn1_template_free(pseqval
, seqtt
);
386 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_FIELD_MISSING
);
391 if (!asn1_enc_save(pval
, *in
, p
- *in
, it
))
393 if (asn1_cb
&& !asn1_cb(ASN1_OP_D2I_POST
, pval
, it
, NULL
))
402 ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I
, ASN1_R_AUX_ERROR
);
405 ERR_add_error_data(4, "Field=", errtt
->field_name
,
406 ", Type=", it
->sname
);
408 ERR_add_error_data(2, "Type=", it
->sname
);
413 * Templates are handled with two separate functions. One handles any
414 * EXPLICIT tag and the other handles the rest.
417 static int asn1_template_ex_d2i(ASN1_VALUE
**val
,
418 const unsigned char **in
, long inlen
,
419 const ASN1_TEMPLATE
*tt
, char opt
,
425 const unsigned char *p
, *q
;
430 aclass
= flags
& ASN1_TFLG_TAG_CLASS
;
434 /* Check if EXPLICIT tag expected */
435 if (flags
& ASN1_TFLG_EXPTAG
) {
438 * Need to work out amount of data available to the inner content and
439 * where it starts: so read in EXPLICIT header to get the info.
441 ret
= asn1_check_tlen(&len
, NULL
, NULL
, &exp_eoc
, &cst
,
442 &p
, inlen
, tt
->tag
, aclass
, opt
, ctx
);
445 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I
, ERR_R_NESTED_ASN1_ERROR
);
447 } else if (ret
== -1)
450 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I
,
451 ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED
);
454 /* We've found the field so it can't be OPTIONAL now */
455 ret
= asn1_template_noexp_d2i(val
, &p
, len
, tt
, 0, ctx
);
457 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I
, ERR_R_NESTED_ASN1_ERROR
);
460 /* We read the field in OK so update length */
463 /* If NDEF we must have an EOC here */
464 if (!asn1_check_eoc(&p
, len
)) {
465 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I
, ASN1_R_MISSING_EOC
);
470 * Otherwise we must hit the EXPLICIT tag end or its an error
473 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I
,
474 ASN1_R_EXPLICIT_LENGTH_MISMATCH
);
479 return asn1_template_noexp_d2i(val
, in
, inlen
, tt
, opt
, ctx
);
488 static int asn1_template_noexp_d2i(ASN1_VALUE
**val
,
489 const unsigned char **in
, long len
,
490 const ASN1_TEMPLATE
*tt
, char opt
,
496 const unsigned char *p
, *q
;
500 aclass
= flags
& ASN1_TFLG_TAG_CLASS
;
506 * If field is embedded then val needs fixing so it is a pointer to
507 * a pointer to a field.
509 if (tt
->flags
& ASN1_TFLG_EMBED
) {
510 tval
= (ASN1_VALUE
*)val
;
514 if (flags
& ASN1_TFLG_SK_MASK
) {
515 /* SET OF, SEQUENCE OF */
518 /* First work out expected inner tag value */
519 if (flags
& ASN1_TFLG_IMPTAG
) {
523 skaclass
= V_ASN1_UNIVERSAL
;
524 if (flags
& ASN1_TFLG_SET_OF
)
527 sktag
= V_ASN1_SEQUENCE
;
530 ret
= asn1_check_tlen(&len
, NULL
, NULL
, &sk_eoc
, NULL
,
531 &p
, len
, sktag
, skaclass
, opt
, ctx
);
533 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
, ERR_R_NESTED_ASN1_ERROR
);
535 } else if (ret
== -1)
538 *val
= (ASN1_VALUE
*)OPENSSL_sk_new_null();
541 * We've got a valid STACK: free up any items present
543 STACK_OF(ASN1_VALUE
) *sktmp
= (STACK_OF(ASN1_VALUE
) *)*val
;
545 while (sk_ASN1_VALUE_num(sktmp
) > 0) {
546 vtmp
= sk_ASN1_VALUE_pop(sktmp
);
547 ASN1_item_ex_free(&vtmp
, ASN1_ITEM_ptr(tt
->item
));
552 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
, ERR_R_MALLOC_FAILURE
);
556 /* Read as many items as we can */
560 /* See if EOC found */
561 if (asn1_check_eoc(&p
, len
)) {
563 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
,
564 ASN1_R_UNEXPECTED_EOC
);
572 if (!asn1_item_embed_d2i(&skfield
, &p
, len
,
573 ASN1_ITEM_ptr(tt
->item
), -1, 0, 0, ctx
)) {
574 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
,
575 ERR_R_NESTED_ASN1_ERROR
);
576 /* |skfield| may be partially allocated despite failure. */
577 ASN1_item_free(skfield
, ASN1_ITEM_ptr(tt
->item
));
581 if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE
) *)*val
, skfield
)) {
582 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
, ERR_R_MALLOC_FAILURE
);
583 ASN1_item_free(skfield
, ASN1_ITEM_ptr(tt
->item
));
588 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
, ASN1_R_MISSING_EOC
);
591 } else if (flags
& ASN1_TFLG_IMPTAG
) {
592 /* IMPLICIT tagging */
593 ret
= asn1_item_embed_d2i(val
, &p
, len
,
594 ASN1_ITEM_ptr(tt
->item
), tt
->tag
, aclass
, opt
,
597 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
, ERR_R_NESTED_ASN1_ERROR
);
599 } else if (ret
== -1)
602 /* Nothing special */
603 ret
= asn1_item_embed_d2i(val
, &p
, len
, ASN1_ITEM_ptr(tt
->item
),
606 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I
, ERR_R_NESTED_ASN1_ERROR
);
608 } else if (ret
== -1)
619 static int asn1_d2i_ex_primitive(ASN1_VALUE
**pval
,
620 const unsigned char **in
, long inlen
,
622 int tag
, int aclass
, char opt
, ASN1_TLC
*ctx
)
626 char cst
, inf
, free_cont
= 0;
627 const unsigned char *p
;
628 BUF_MEM buf
= { 0, NULL
, 0, 0 };
629 const unsigned char *cont
= NULL
;
632 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
, ASN1_R_ILLEGAL_NULL
);
633 return 0; /* Should never happen */
636 if (it
->itype
== ASN1_ITYPE_MSTRING
) {
642 if (utype
== V_ASN1_ANY
) {
643 /* If type is ANY need to figure out type from tag */
644 unsigned char oclass
;
646 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
, ASN1_R_ILLEGAL_TAGGED_ANY
);
650 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
,
651 ASN1_R_ILLEGAL_OPTIONAL_ANY
);
655 ret
= asn1_check_tlen(NULL
, &utype
, &oclass
, NULL
, NULL
,
656 &p
, inlen
, -1, 0, 0, ctx
);
658 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
, ERR_R_NESTED_ASN1_ERROR
);
661 if (oclass
!= V_ASN1_UNIVERSAL
)
662 utype
= V_ASN1_OTHER
;
666 aclass
= V_ASN1_UNIVERSAL
;
670 ret
= asn1_check_tlen(&plen
, NULL
, NULL
, &inf
, &cst
,
671 &p
, inlen
, tag
, aclass
, opt
, ctx
);
673 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
, ERR_R_NESTED_ASN1_ERROR
);
675 } else if (ret
== -1)
678 /* SEQUENCE, SET and "OTHER" are left in encoded form */
679 if ((utype
== V_ASN1_SEQUENCE
)
680 || (utype
== V_ASN1_SET
) || (utype
== V_ASN1_OTHER
)) {
682 * Clear context cache for type OTHER because the auto clear when we
683 * have a exact match wont work
685 if (utype
== V_ASN1_OTHER
) {
688 /* SEQUENCE and SET must be constructed */
690 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
,
691 ASN1_R_TYPE_NOT_CONSTRUCTED
);
696 /* If indefinite length constructed find the real end */
698 if (!asn1_find_end(&p
, plen
, inf
))
702 len
= p
- cont
+ plen
;
706 if (utype
== V_ASN1_NULL
|| utype
== V_ASN1_BOOLEAN
707 || utype
== V_ASN1_OBJECT
|| utype
== V_ASN1_INTEGER
708 || utype
== V_ASN1_ENUMERATED
) {
709 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
, ASN1_R_TYPE_NOT_PRIMITIVE
);
713 /* Free any returned 'buf' content */
716 * Should really check the internal tags are correct but some things
717 * may get this wrong. The relevant specs say that constructed string
718 * types should be OCTET STRINGs internally irrespective of the type.
719 * So instead just check for UNIVERSAL class and ignore the tag.
721 if (!asn1_collect(&buf
, &p
, plen
, inf
, -1, V_ASN1_UNIVERSAL
, 0)) {
725 /* Append a final null to string */
726 if (!BUF_MEM_grow_clean(&buf
, len
+ 1)) {
727 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE
, ERR_R_MALLOC_FAILURE
);
731 cont
= (const unsigned char *)buf
.data
;
738 /* We now have content length and type: translate into a structure */
739 /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
740 if (!asn1_ex_c2i(pval
, cont
, len
, utype
, &free_cont
, it
))
747 OPENSSL_free(buf
.data
);
751 /* Translate ASN1 content octets into a structure */
753 static int asn1_ex_c2i(ASN1_VALUE
**pval
, const unsigned char *cont
, int len
,
754 int utype
, char *free_cont
, const ASN1_ITEM
*it
)
756 ASN1_VALUE
**opval
= NULL
;
758 ASN1_TYPE
*typ
= NULL
;
760 const ASN1_PRIMITIVE_FUNCS
*pf
;
764 if (pf
&& pf
->prim_c2i
)
765 return pf
->prim_c2i(pval
, cont
, len
, utype
, free_cont
, it
);
766 /* If ANY type clear type and set pointer to internal value */
767 if (it
->utype
== V_ASN1_ANY
) {
769 typ
= ASN1_TYPE_new();
772 *pval
= (ASN1_VALUE
*)typ
;
774 typ
= (ASN1_TYPE
*)*pval
;
776 if (utype
!= typ
->type
)
777 ASN1_TYPE_set(typ
, utype
, NULL
);
779 pval
= &typ
->value
.asn1_value
;
783 if (!c2i_ASN1_OBJECT((ASN1_OBJECT
**)pval
, &cont
, len
))
789 ASN1err(ASN1_F_ASN1_EX_C2I
, ASN1_R_NULL_IS_WRONG_LENGTH
);
792 *pval
= (ASN1_VALUE
*)1;
797 ASN1err(ASN1_F_ASN1_EX_C2I
, ASN1_R_BOOLEAN_IS_WRONG_LENGTH
);
801 tbool
= (ASN1_BOOLEAN
*)pval
;
806 case V_ASN1_BIT_STRING
:
807 if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING
**)pval
, &cont
, len
))
812 case V_ASN1_ENUMERATED
:
813 tint
= (ASN1_INTEGER
**)pval
;
814 if (!c2i_ASN1_INTEGER(tint
, &cont
, len
))
816 /* Fixup type to match the expected form */
817 (*tint
)->type
= utype
| ((*tint
)->type
& V_ASN1_NEG
);
820 case V_ASN1_OCTET_STRING
:
821 case V_ASN1_NUMERICSTRING
:
822 case V_ASN1_PRINTABLESTRING
:
823 case V_ASN1_T61STRING
:
824 case V_ASN1_VIDEOTEXSTRING
:
825 case V_ASN1_IA5STRING
:
827 case V_ASN1_GENERALIZEDTIME
:
828 case V_ASN1_GRAPHICSTRING
:
829 case V_ASN1_VISIBLESTRING
:
830 case V_ASN1_GENERALSTRING
:
831 case V_ASN1_UNIVERSALSTRING
:
832 case V_ASN1_BMPSTRING
:
833 case V_ASN1_UTF8STRING
:
836 case V_ASN1_SEQUENCE
:
838 if (utype
== V_ASN1_BMPSTRING
&& (len
& 1)) {
839 ASN1err(ASN1_F_ASN1_EX_C2I
, ASN1_R_BMPSTRING_IS_WRONG_LENGTH
);
842 if (utype
== V_ASN1_UNIVERSALSTRING
&& (len
& 3)) {
843 ASN1err(ASN1_F_ASN1_EX_C2I
,
844 ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH
);
847 /* All based on ASN1_STRING and handled the same */
849 stmp
= ASN1_STRING_type_new(utype
);
851 ASN1err(ASN1_F_ASN1_EX_C2I
, ERR_R_MALLOC_FAILURE
);
854 *pval
= (ASN1_VALUE
*)stmp
;
856 stmp
= (ASN1_STRING
*)*pval
;
859 /* If we've already allocated a buffer use it */
861 OPENSSL_free(stmp
->data
);
862 stmp
->data
= (unsigned char *)cont
; /* UGLY CAST! RL */
866 if (!ASN1_STRING_set(stmp
, cont
, len
)) {
867 ASN1err(ASN1_F_ASN1_EX_C2I
, ERR_R_MALLOC_FAILURE
);
868 ASN1_STRING_free(stmp
);
875 /* If ASN1_ANY and NULL type fix up value */
876 if (typ
&& (utype
== V_ASN1_NULL
))
877 typ
->value
.ptr
= NULL
;
890 * This function finds the end of an ASN1 structure when passed its maximum
891 * length, whether it is indefinite length and a pointer to the content. This
892 * is more efficient than calling asn1_collect because it does not recurse on
893 * each indefinite length header.
896 static int asn1_find_end(const unsigned char **in
, long len
, char inf
)
900 const unsigned char *p
= *in
, *q
;
901 /* If not indefinite length constructed just add length */
908 * Indefinite length constructed form. Find the end when enough EOCs are
909 * found. If more indefinite length constructed headers are encountered
910 * increment the expected eoc count otherwise just skip to the end of the
914 if (asn1_check_eoc(&p
, len
)) {
916 if (expected_eoc
== 0)
922 /* Just read in a header: only care about the length */
923 if (!asn1_check_tlen(&plen
, NULL
, NULL
, &inf
, NULL
, &p
, len
,
925 ASN1err(ASN1_F_ASN1_FIND_END
, ERR_R_NESTED_ASN1_ERROR
);
935 ASN1err(ASN1_F_ASN1_FIND_END
, ASN1_R_MISSING_EOC
);
943 * This function collects the asn1 data from a constructed string type into
944 * a buffer. The values of 'in' and 'len' should refer to the contents of the
945 * constructed type and 'inf' should be set if it is indefinite length.
948 #ifndef ASN1_MAX_STRING_NEST
950 * This determines how many levels of recursion are permitted in ASN1 string
951 * types. If it is not limited stack overflows can occur. If set to zero no
952 * recursion is allowed at all. Although zero should be adequate examples
953 * exist that require a value of 1. So 5 should be more than enough.
955 # define ASN1_MAX_STRING_NEST 5
958 static int asn1_collect(BUF_MEM
*buf
, const unsigned char **in
, long len
,
959 char inf
, int tag
, int aclass
, int depth
)
961 const unsigned char *p
, *q
;
967 * If no buffer and not indefinite length constructed just pass over the
977 if (asn1_check_eoc(&p
, len
)) {
979 * EOC is illegal outside indefinite length constructed form
982 ASN1err(ASN1_F_ASN1_COLLECT
, ASN1_R_UNEXPECTED_EOC
);
989 if (!asn1_check_tlen(&plen
, NULL
, NULL
, &ininf
, &cst
, &p
,
990 len
, tag
, aclass
, 0, NULL
)) {
991 ASN1err(ASN1_F_ASN1_COLLECT
, ERR_R_NESTED_ASN1_ERROR
);
995 /* If indefinite length constructed update max length */
997 if (depth
>= ASN1_MAX_STRING_NEST
) {
998 ASN1err(ASN1_F_ASN1_COLLECT
, ASN1_R_NESTED_ASN1_STRING
);
1001 if (!asn1_collect(buf
, &p
, plen
, ininf
, tag
, aclass
, depth
+ 1))
1003 } else if (plen
&& !collect_data(buf
, &p
, plen
))
1008 ASN1err(ASN1_F_ASN1_COLLECT
, ASN1_R_MISSING_EOC
);
1015 static int collect_data(BUF_MEM
*buf
, const unsigned char **p
, long plen
)
1020 if (!BUF_MEM_grow_clean(buf
, len
+ plen
)) {
1021 ASN1err(ASN1_F_COLLECT_DATA
, ERR_R_MALLOC_FAILURE
);
1024 memcpy(buf
->data
+ len
, *p
, plen
);
1030 /* Check for ASN1 EOC and swallow it if found */
1032 static int asn1_check_eoc(const unsigned char **in
, long len
)
1034 const unsigned char *p
;
1038 if (!p
[0] && !p
[1]) {
1046 * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
1047 * length for indefinite length constructed form, we don't know the exact
1048 * length but we can set an upper bound to the amount of data available minus
1049 * the header length just read.
1052 static int asn1_check_tlen(long *olen
, int *otag
, unsigned char *oclass
,
1053 char *inf
, char *cst
,
1054 const unsigned char **in
, long len
,
1055 int exptag
, int expclass
, char opt
, ASN1_TLC
*ctx
)
1060 const unsigned char *p
, *q
;
1064 if (ctx
&& ctx
->valid
) {
1067 pclass
= ctx
->pclass
;
1071 i
= ASN1_get_object(&p
, &plen
, &ptag
, &pclass
, len
);
1075 ctx
->pclass
= pclass
;
1077 ctx
->hdrlen
= p
- q
;
1080 * If definite length, and no error, length + header can't exceed
1081 * total amount of data available.
1083 if (!(i
& 0x81) && ((plen
+ ctx
->hdrlen
) > len
)) {
1084 ASN1err(ASN1_F_ASN1_CHECK_TLEN
, ASN1_R_TOO_LONG
);
1085 asn1_tlc_clear(ctx
);
1092 ASN1err(ASN1_F_ASN1_CHECK_TLEN
, ASN1_R_BAD_OBJECT_HEADER
);
1093 asn1_tlc_clear(ctx
);
1097 if ((exptag
!= ptag
) || (expclass
!= pclass
)) {
1099 * If type is OPTIONAL, not an error: indicate missing type.
1103 asn1_tlc_clear(ctx
);
1104 ASN1err(ASN1_F_ASN1_CHECK_TLEN
, ASN1_R_WRONG_TAG
);
1108 * We have a tag and class match: assume we are going to do something
1111 asn1_tlc_clear(ctx
);
1115 plen
= len
- (p
- q
);
1121 *cst
= i
& V_ASN1_CONSTRUCTED
;