]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/asn1/tasn_enc.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Reorganize local header files
[thirdparty/openssl.git] / crypto / asn1 / tasn_enc.c
1 /*
2 * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stddef.h>
11 #include <string.h>
12 #include "internal/cryptlib.h"
13 #include <openssl/asn1.h>
14 #include <openssl/asn1t.h>
15 #include <openssl/objects.h>
16 #include "crypto/asn1.h"
17 #include "asn1_local.h"
18
19 static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out,
20 const ASN1_ITEM *it, int tag, int aclass);
21 static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk,
22 unsigned char **out,
23 int skcontlen, const ASN1_ITEM *item,
24 int do_sort, int iclass);
25 static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
26 const ASN1_TEMPLATE *tt, int tag, int aclass);
27 static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out,
28 const ASN1_ITEM *it, int flags);
29 static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype,
30 const ASN1_ITEM *it);
31
32 /*
33 * Top level i2d equivalents: the 'ndef' variant instructs the encoder to use
34 * indefinite length constructed encoding, where appropriate
35 */
36
37 int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out,
38 const ASN1_ITEM *it)
39 {
40 return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
41 }
42
43 int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
44 {
45 return asn1_item_flags_i2d(val, out, it, 0);
46 }
47
48 /*
49 * Encode an ASN1 item, this is use by the standard 'i2d' function. 'out'
50 * points to a buffer to output the data to. The new i2d has one additional
51 * feature. If the output buffer is NULL (i.e. *out == NULL) then a buffer is
52 * allocated and populated with the encoding.
53 */
54
55 static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out,
56 const ASN1_ITEM *it, int flags)
57 {
58 if (out && !*out) {
59 unsigned char *p, *buf;
60 int len;
61
62 len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags);
63 if (len <= 0)
64 return len;
65 if ((buf = OPENSSL_malloc(len)) == NULL) {
66 ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE);
67 return -1;
68 }
69 p = buf;
70 ASN1_item_ex_i2d(&val, &p, it, -1, flags);
71 *out = buf;
72 return len;
73 }
74
75 return ASN1_item_ex_i2d(&val, out, it, -1, flags);
76 }
77
78 /*
79 * Encode an item, taking care of IMPLICIT tagging (if any). This function
80 * performs the normal item handling: it can be used in external types.
81 */
82
83 int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
84 const ASN1_ITEM *it, int tag, int aclass)
85 {
86 const ASN1_TEMPLATE *tt = NULL;
87 int i, seqcontlen, seqlen, ndef = 1;
88 const ASN1_EXTERN_FUNCS *ef;
89 const ASN1_AUX *aux = it->funcs;
90 ASN1_aux_const_cb *asn1_cb = NULL;
91
92 if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
93 return 0;
94
95 if (aux != NULL) {
96 asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb
97 : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */
98 }
99
100 switch (it->itype) {
101
102 case ASN1_ITYPE_PRIMITIVE:
103 if (it->templates)
104 return asn1_template_ex_i2d(pval, out, it->templates,
105 tag, aclass);
106 return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
107
108 case ASN1_ITYPE_MSTRING:
109 return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
110
111 case ASN1_ITYPE_CHOICE:
112 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
113 return 0;
114 i = asn1_get_choice_selector_const(pval, it);
115 if ((i >= 0) && (i < it->tcount)) {
116 const ASN1_VALUE **pchval;
117 const ASN1_TEMPLATE *chtt;
118 chtt = it->templates + i;
119 pchval = asn1_get_const_field_ptr(pval, chtt);
120 return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass);
121 }
122 /* Fixme: error condition if selector out of range */
123 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
124 return 0;
125 break;
126
127 case ASN1_ITYPE_EXTERN:
128 /* If new style i2d it does all the work */
129 ef = it->funcs;
130 return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
131
132 case ASN1_ITYPE_NDEF_SEQUENCE:
133 /* Use indefinite length constructed if requested */
134 if (aclass & ASN1_TFLG_NDEF)
135 ndef = 2;
136 /* fall through */
137
138 case ASN1_ITYPE_SEQUENCE:
139 i = asn1_enc_restore(&seqcontlen, out, pval, it);
140 /* An error occurred */
141 if (i < 0)
142 return 0;
143 /* We have a valid cached encoding... */
144 if (i > 0)
145 return seqcontlen;
146 /* Otherwise carry on */
147 seqcontlen = 0;
148 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
149 if (tag == -1) {
150 tag = V_ASN1_SEQUENCE;
151 /* Retain any other flags in aclass */
152 aclass = (aclass & ~ASN1_TFLG_TAG_CLASS)
153 | V_ASN1_UNIVERSAL;
154 }
155 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
156 return 0;
157 /* First work out sequence content length */
158 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
159 const ASN1_TEMPLATE *seqtt;
160 const ASN1_VALUE **pseqval;
161 int tmplen;
162 seqtt = asn1_do_adb(*pval, tt, 1);
163 if (!seqtt)
164 return 0;
165 pseqval = asn1_get_const_field_ptr(pval, seqtt);
166 tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass);
167 if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen))
168 return -1;
169 seqcontlen += tmplen;
170 }
171
172 seqlen = ASN1_object_size(ndef, seqcontlen, tag);
173 if (!out || seqlen == -1)
174 return seqlen;
175 /* Output SEQUENCE header */
176 ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
177 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
178 const ASN1_TEMPLATE *seqtt;
179 const ASN1_VALUE **pseqval;
180 seqtt = asn1_do_adb(*pval, tt, 1);
181 if (!seqtt)
182 return 0;
183 pseqval = asn1_get_const_field_ptr(pval, seqtt);
184 /* FIXME: check for errors in enhanced version */
185 asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
186 }
187 if (ndef == 2)
188 ASN1_put_eoc(out);
189 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
190 return 0;
191 return seqlen;
192
193 default:
194 return 0;
195
196 }
197 return 0;
198 }
199
200 static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out,
201 const ASN1_TEMPLATE *tt, int tag, int iclass)
202 {
203 int i, ret, flags, ttag, tclass, ndef;
204 const ASN1_VALUE *tval;
205 flags = tt->flags;
206
207 /*
208 * If field is embedded then val needs fixing so it is a pointer to
209 * a pointer to a field.
210 */
211 if (flags & ASN1_TFLG_EMBED) {
212 tval = (ASN1_VALUE *)pval;
213 pval = &tval;
214 }
215 /*
216 * Work out tag and class to use: tagging may come either from the
217 * template or the arguments, not both because this would create
218 * ambiguity. Additionally the iclass argument may contain some
219 * additional flags which should be noted and passed down to other
220 * levels.
221 */
222 if (flags & ASN1_TFLG_TAG_MASK) {
223 /* Error if argument and template tagging */
224 if (tag != -1)
225 /* FIXME: error code here */
226 return -1;
227 /* Get tagging from template */
228 ttag = tt->tag;
229 tclass = flags & ASN1_TFLG_TAG_CLASS;
230 } else if (tag != -1) {
231 /* No template tagging, get from arguments */
232 ttag = tag;
233 tclass = iclass & ASN1_TFLG_TAG_CLASS;
234 } else {
235 ttag = -1;
236 tclass = 0;
237 }
238 /*
239 * Remove any class mask from iflag.
240 */
241 iclass &= ~ASN1_TFLG_TAG_CLASS;
242
243 /*
244 * At this point 'ttag' contains the outer tag to use, 'tclass' is the
245 * class and iclass is any flags passed to this function.
246 */
247
248 /* if template and arguments require ndef, use it */
249 if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
250 ndef = 2;
251 else
252 ndef = 1;
253
254 if (flags & ASN1_TFLG_SK_MASK) {
255 /* SET OF, SEQUENCE OF */
256 STACK_OF(const_ASN1_VALUE) *sk = (STACK_OF(const_ASN1_VALUE) *)*pval;
257 int isset, sktag, skaclass;
258 int skcontlen, sklen;
259 const ASN1_VALUE *skitem;
260
261 if (!*pval)
262 return 0;
263
264 if (flags & ASN1_TFLG_SET_OF) {
265 isset = 1;
266 /* 2 means we reorder */
267 if (flags & ASN1_TFLG_SEQUENCE_OF)
268 isset = 2;
269 } else
270 isset = 0;
271
272 /*
273 * Work out inner tag value: if EXPLICIT or no tagging use underlying
274 * type.
275 */
276 if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
277 sktag = ttag;
278 skaclass = tclass;
279 } else {
280 skaclass = V_ASN1_UNIVERSAL;
281 if (isset)
282 sktag = V_ASN1_SET;
283 else
284 sktag = V_ASN1_SEQUENCE;
285 }
286
287 /* Determine total length of items */
288 skcontlen = 0;
289 for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) {
290 int tmplen;
291 skitem = sk_const_ASN1_VALUE_value(sk, i);
292 tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item),
293 -1, iclass);
294 if (tmplen == -1 || (skcontlen > INT_MAX - tmplen))
295 return -1;
296 skcontlen += tmplen;
297 }
298 sklen = ASN1_object_size(ndef, skcontlen, sktag);
299 if (sklen == -1)
300 return -1;
301 /* If EXPLICIT need length of surrounding tag */
302 if (flags & ASN1_TFLG_EXPTAG)
303 ret = ASN1_object_size(ndef, sklen, ttag);
304 else
305 ret = sklen;
306
307 if (!out || ret == -1)
308 return ret;
309
310 /* Now encode this lot... */
311 /* EXPLICIT tag */
312 if (flags & ASN1_TFLG_EXPTAG)
313 ASN1_put_object(out, ndef, sklen, ttag, tclass);
314 /* SET or SEQUENCE and IMPLICIT tag */
315 ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
316 /* And the stuff itself */
317 asn1_set_seq_out(sk, out, skcontlen, ASN1_ITEM_ptr(tt->item),
318 isset, iclass);
319 if (ndef == 2) {
320 ASN1_put_eoc(out);
321 if (flags & ASN1_TFLG_EXPTAG)
322 ASN1_put_eoc(out);
323 }
324
325 return ret;
326 }
327
328 if (flags & ASN1_TFLG_EXPTAG) {
329 /* EXPLICIT tagging */
330 /* Find length of tagged item */
331 i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass);
332 if (!i)
333 return 0;
334 /* Find length of EXPLICIT tag */
335 ret = ASN1_object_size(ndef, i, ttag);
336 if (out && ret != -1) {
337 /* Output tag and item */
338 ASN1_put_object(out, ndef, i, ttag, tclass);
339 ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), -1, iclass);
340 if (ndef == 2)
341 ASN1_put_eoc(out);
342 }
343 return ret;
344 }
345
346 /* Either normal or IMPLICIT tagging: combine class and flags */
347 return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item),
348 ttag, tclass | iclass);
349
350 }
351
352 /* Temporary structure used to hold DER encoding of items for SET OF */
353
354 typedef struct {
355 unsigned char *data;
356 int length;
357 const ASN1_VALUE *field;
358 } DER_ENC;
359
360 static int der_cmp(const void *a, const void *b)
361 {
362 const DER_ENC *d1 = a, *d2 = b;
363 int cmplen, i;
364 cmplen = (d1->length < d2->length) ? d1->length : d2->length;
365 i = memcmp(d1->data, d2->data, cmplen);
366 if (i)
367 return i;
368 return d1->length - d2->length;
369 }
370
371 /* Output the content octets of SET OF or SEQUENCE OF */
372
373 static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk,
374 unsigned char **out,
375 int skcontlen, const ASN1_ITEM *item,
376 int do_sort, int iclass)
377 {
378 int i;
379 const ASN1_VALUE *skitem;
380 unsigned char *tmpdat = NULL, *p = NULL;
381 DER_ENC *derlst = NULL, *tder;
382 if (do_sort) {
383 /* Don't need to sort less than 2 items */
384 if (sk_const_ASN1_VALUE_num(sk) < 2)
385 do_sort = 0;
386 else {
387 derlst = OPENSSL_malloc(sk_const_ASN1_VALUE_num(sk)
388 * sizeof(*derlst));
389 if (derlst == NULL)
390 return 0;
391 tmpdat = OPENSSL_malloc(skcontlen);
392 if (tmpdat == NULL) {
393 OPENSSL_free(derlst);
394 return 0;
395 }
396 }
397 }
398 /* If not sorting just output each item */
399 if (!do_sort) {
400 for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) {
401 skitem = sk_const_ASN1_VALUE_value(sk, i);
402 ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
403 }
404 return 1;
405 }
406 p = tmpdat;
407
408 /* Doing sort: build up a list of each member's DER encoding */
409 for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) {
410 skitem = sk_const_ASN1_VALUE_value(sk, i);
411 tder->data = p;
412 tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
413 tder->field = skitem;
414 }
415
416 /* Now sort them */
417 qsort(derlst, sk_const_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
418 /* Output sorted DER encoding */
419 p = *out;
420 for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) {
421 memcpy(p, tder->data, tder->length);
422 p += tder->length;
423 }
424 *out = p;
425 /* If do_sort is 2 then reorder the STACK */
426 if (do_sort == 2) {
427 for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++)
428 (void)sk_const_ASN1_VALUE_set(sk, i, tder->field);
429 }
430 OPENSSL_free(derlst);
431 OPENSSL_free(tmpdat);
432 return 1;
433 }
434
435 static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out,
436 const ASN1_ITEM *it, int tag, int aclass)
437 {
438 int len;
439 int utype;
440 int usetag;
441 int ndef = 0;
442
443 utype = it->utype;
444
445 /*
446 * Get length of content octets and maybe find out the underlying type.
447 */
448
449 len = asn1_ex_i2c(pval, NULL, &utype, it);
450
451 /*
452 * If SEQUENCE, SET or OTHER then header is included in pseudo content
453 * octets so don't include tag+length. We need to check here because the
454 * call to asn1_ex_i2c() could change utype.
455 */
456 if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
457 (utype == V_ASN1_OTHER))
458 usetag = 0;
459 else
460 usetag = 1;
461
462 /* -1 means omit type */
463
464 if (len == -1)
465 return 0;
466
467 /* -2 return is special meaning use ndef */
468 if (len == -2) {
469 ndef = 2;
470 len = 0;
471 }
472
473 /* If not implicitly tagged get tag from underlying type */
474 if (tag == -1)
475 tag = utype;
476
477 /* Output tag+length followed by content octets */
478 if (out) {
479 if (usetag)
480 ASN1_put_object(out, ndef, len, tag, aclass);
481 asn1_ex_i2c(pval, *out, &utype, it);
482 if (ndef)
483 ASN1_put_eoc(out);
484 else
485 *out += len;
486 }
487
488 if (usetag)
489 return ASN1_object_size(ndef, len, tag);
490 return len;
491 }
492
493 /* Produce content octets from a structure */
494
495 static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype,
496 const ASN1_ITEM *it)
497 {
498 ASN1_BOOLEAN *tbool = NULL;
499 ASN1_STRING *strtmp;
500 ASN1_OBJECT *otmp;
501 int utype;
502 const unsigned char *cont;
503 unsigned char c;
504 int len;
505 const ASN1_PRIMITIVE_FUNCS *pf;
506 pf = it->funcs;
507 if (pf && pf->prim_i2c)
508 return pf->prim_i2c(pval, cout, putype, it);
509
510 /* Should type be omitted? */
511 if ((it->itype != ASN1_ITYPE_PRIMITIVE)
512 || (it->utype != V_ASN1_BOOLEAN)) {
513 if (!*pval)
514 return -1;
515 }
516
517 if (it->itype == ASN1_ITYPE_MSTRING) {
518 /* If MSTRING type set the underlying type */
519 strtmp = (ASN1_STRING *)*pval;
520 utype = strtmp->type;
521 *putype = utype;
522 } else if (it->utype == V_ASN1_ANY) {
523 /* If ANY set type and pointer to value */
524 ASN1_TYPE *typ;
525 typ = (ASN1_TYPE *)*pval;
526 utype = typ->type;
527 *putype = utype;
528 pval = (const ASN1_VALUE **)&typ->value.asn1_value; /* actually is const */
529 } else
530 utype = *putype;
531
532 switch (utype) {
533 case V_ASN1_OBJECT:
534 otmp = (ASN1_OBJECT *)*pval;
535 cont = otmp->data;
536 len = otmp->length;
537 if (cont == NULL || len == 0)
538 return -1;
539 break;
540
541 case V_ASN1_NULL:
542 cont = NULL;
543 len = 0;
544 break;
545
546 case V_ASN1_BOOLEAN:
547 tbool = (ASN1_BOOLEAN *)pval;
548 if (*tbool == -1)
549 return -1;
550 if (it->utype != V_ASN1_ANY) {
551 /*
552 * Default handling if value == size field then omit
553 */
554 if (*tbool && (it->size > 0))
555 return -1;
556 if (!*tbool && !it->size)
557 return -1;
558 }
559 c = (unsigned char)*tbool;
560 cont = &c;
561 len = 1;
562 break;
563
564 case V_ASN1_BIT_STRING:
565 return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
566 cout ? &cout : NULL);
567
568 case V_ASN1_INTEGER:
569 case V_ASN1_ENUMERATED:
570 /*
571 * These are all have the same content format as ASN1_INTEGER
572 */
573 return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL);
574
575 case V_ASN1_OCTET_STRING:
576 case V_ASN1_NUMERICSTRING:
577 case V_ASN1_PRINTABLESTRING:
578 case V_ASN1_T61STRING:
579 case V_ASN1_VIDEOTEXSTRING:
580 case V_ASN1_IA5STRING:
581 case V_ASN1_UTCTIME:
582 case V_ASN1_GENERALIZEDTIME:
583 case V_ASN1_GRAPHICSTRING:
584 case V_ASN1_VISIBLESTRING:
585 case V_ASN1_GENERALSTRING:
586 case V_ASN1_UNIVERSALSTRING:
587 case V_ASN1_BMPSTRING:
588 case V_ASN1_UTF8STRING:
589 case V_ASN1_SEQUENCE:
590 case V_ASN1_SET:
591 default:
592 /* All based on ASN1_STRING and handled the same */
593 strtmp = (ASN1_STRING *)*pval;
594 /* Special handling for NDEF */
595 if ((it->size == ASN1_TFLG_NDEF)
596 && (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
597 if (cout) {
598 strtmp->data = cout;
599 strtmp->length = 0;
600 }
601 /* Special return code */
602 return -2;
603 }
604 cont = strtmp->data;
605 len = strtmp->length;
606
607 break;
608
609 }
610 if (cout && len)
611 memcpy(cout, cont, len);
612 return len;
613 }
A mirror of the official openssl repository