*kovan*
+ * ASN1_STRING has been made opaque.
+
+ Access to values from ASN1_STRING and related types should be done with the
+ appropriate accessor functions. The various ASN1_STRING_FLAG values have
+ been made private.
+
+ *Bob Beck*
+
* Added CSHAKE as per [SP 800-185]
*Shane Lontis*
int indent = 0, noout = 0, dump = 0, informat = FORMAT_PEM;
int offset = 0, ret = 1, i, j;
long num, tmplen;
- unsigned char *tmpbuf;
+ const unsigned char *tmpbuf;
unsigned int length = 0;
OPTION_CHOICE o;
const ASN1_ITEM *it = NULL;
goto end;
}
/* hmm... this is a little evil but it works */
- tmpbuf = at->value.asn1_string->data;
- tmplen = at->value.asn1_string->length;
+ tmpbuf = ASN1_STRING_get0_data(at->value.asn1_string);
+ tmplen = ASN1_STRING_length(at->value.asn1_string);
}
- str = tmpbuf;
+ /* XXX casts away const */
+ str = (unsigned char *)tmpbuf;
num = tmplen;
}
#include <openssl/ocsp.h>
#include <openssl/pem.h>
+#include <crypto/asn1.h>
+
#ifndef W_OK
#ifdef OPENSSL_SYS_VMS
#include <unistd.h>
continue;
/* check some things */
- if (nid == NID_pkcs9_emailAddress && str->type != V_ASN1_IA5STRING) {
+ if (nid == NID_pkcs9_emailAddress && ASN1_STRING_type(str) != V_ASN1_IA5STRING) {
BIO_puts(bio_err,
"\nemailAddress type needs to be of type IA5STRING\n");
goto end;
}
- if (str->type != V_ASN1_BMPSTRING && str->type != V_ASN1_UTF8STRING) {
- j = ASN1_PRINTABLE_type(str->data, str->length);
- if ((j == V_ASN1_T61STRING && str->type != V_ASN1_T61STRING) || (j == V_ASN1_IA5STRING && str->type == V_ASN1_PRINTABLESTRING)) {
+ if (ASN1_STRING_type(str) != V_ASN1_BMPSTRING && ASN1_STRING_type(str) != V_ASN1_UTF8STRING) {
+ j = ASN1_PRINTABLE_type(ASN1_STRING_get0_data(str), ASN1_STRING_length(str));
+ if ((j == V_ASN1_T61STRING && ASN1_STRING_type(str) != V_ASN1_T61STRING) || (j == V_ASN1_IA5STRING && ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING)) {
BIO_puts(bio_err,
"\nThe string contains characters that are illegal for the ASN.1 type\n");
goto end;
"The %s field is different between\n"
"CA certificate (%s) and the request (%s)\n",
cv->name,
- ((str2 == NULL) ? "NULL" : (char *)str2->data),
- ((str == NULL) ? "NULL" : (char *)str->data));
+ ((str2 == NULL) ? "NULL" : (char *)ASN1_STRING_get0_data(str2)),
+ ((str == NULL) ? "NULL" : (char *)ASN1_STRING_get0_data(str)));
goto end;
}
} else {
/* We now just add it to the database as DB_TYPE_VAL('V') */
row[DB_type] = OPENSSL_strdup("V");
tm = X509_get0_notAfter(ret);
- row[DB_exp_date] = app_malloc(tm->length + 1, "row expdate");
- memcpy(row[DB_exp_date], tm->data, tm->length);
- row[DB_exp_date][tm->length] = '\0';
+ row[DB_exp_date] = app_malloc(ASN1_STRING_length(tm) + 1, "row expdate");
+ memcpy(row[DB_exp_date], ASN1_STRING_get0_data(tm), ASN1_STRING_length(tm));
+ row[DB_exp_date][ASN1_STRING_length(tm)] = '\0';
row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown");
if ((row[DB_type] == NULL) || (row[DB_file] == NULL)
/* We now just add it to the database as DB_TYPE_REV('V') */
row[DB_type] = OPENSSL_strdup("V");
tm = X509_get0_notAfter(x509);
- row[DB_exp_date] = app_malloc(tm->length + 1, "row exp_data");
- memcpy(row[DB_exp_date], tm->data, tm->length);
- row[DB_exp_date][tm->length] = '\0';
+ row[DB_exp_date] = app_malloc(ASN1_STRING_length(tm) + 1, "row exp_data");
+ memcpy(row[DB_exp_date], ASN1_STRING_get0_data(tm), ASN1_STRING_length(tm));
+ row[DB_exp_date][ASN1_STRING_length(tm)] = '\0';
row[DB_rev_date] = NULL;
row[DB_file] = OPENSSL_strdup("unknown");
if (!revtm)
return NULL;
- i = revtm->length + 1;
+ i = ASN1_STRING_length(revtm) + 1;
if (reason)
i += (int)(strlen(reason) + 1);
i += (int)(strlen(other) + 1);
str = app_malloc(i, "revocation reason");
- OPENSSL_strlcpy(str, (char *)revtm->data, i);
+ OPENSSL_strlcpy(str, (const char *)ASN1_STRING_get0_data(revtm), i);
if (reason) {
OPENSSL_strlcat(str, ",", i);
OPENSSL_strlcat(str, reason, i);
*(pbuf++) = '\0';
BIO_puts(bio_err, buf);
- if (str->type == V_ASN1_PRINTABLESTRING)
+ if (ASN1_STRING_type(str) == V_ASN1_PRINTABLESTRING)
BIO_puts(bio_err, "PRINTABLE:'");
- else if (str->type == V_ASN1_T61STRING)
+ else if (ASN1_STRING_type(str) == V_ASN1_T61STRING)
BIO_puts(bio_err, "T61STRING:'");
- else if (str->type == V_ASN1_IA5STRING)
+ else if (ASN1_STRING_type(str) == V_ASN1_IA5STRING)
BIO_puts(bio_err, "IA5STRING:'");
- else if (str->type == V_ASN1_UNIVERSALSTRING)
+ else if (ASN1_STRING_type(str) == V_ASN1_UNIVERSALSTRING)
BIO_puts(bio_err, "UNIVERSALSTRING:'");
else
- BIO_printf(bio_err, "ASN.1 %2d:'", str->type);
+ BIO_printf(bio_err, "ASN.1 %2d:'", ASN1_STRING_type(str));
- p = (const char *)str->data;
- for (j = str->length; j > 0; j--) {
+ p = (const char *)ASN1_STRING_get0_data(str);
+ for (j = ASN1_STRING_length(str); j > 0; j--) {
if ((*p >= ' ') && (*p <= '~'))
BIO_printf(bio_err, "%c", *p);
else if (*p & 0x80)
const ASN1_BIT_STRING *sig;
X509_CRL_get0_signature(x, &sig, NULL);
- corrupt_signature(sig);
+ /* XXX Casts away const, because it mutates the value! */
+ if (!corrupt_signature((ASN1_BIT_STRING *)sig)) {
+ BIO_puts(bio_err, "Error corrupting signature\n");
+ goto end;
+ }
}
if (num) {
int has_stdin_waiting(void);
#endif
-void corrupt_signature(const ASN1_STRING *signature);
+int corrupt_signature(ASN1_STRING *signature);
/* Helpers for setting X509v3 certificate fields notBefore and notAfter */
int check_cert_time_string(const char *time, const char *desc);
}
#endif
-/* Corrupt a signature by modifying final byte */
-void corrupt_signature(const ASN1_STRING *signature)
+/*
+ * Corrupt a signature by modifying final byte
+ * (mutates signature)
+ */
+int corrupt_signature(ASN1_STRING *signature)
{
- unsigned char *s = signature->data;
+ const unsigned char *valid = ASN1_STRING_get0_data(signature);
+ int length = ASN1_STRING_length(signature);
+ unsigned char *s = OPENSSL_memdup(valid, length);
+
+ if (s == NULL)
+ return 0;
+
+ s[length - 1] ^= 0x1;
- s[signature->length - 1] ^= 0x1;
+ ASN1_STRING_set0(signature, s, length);
+ return 1;
}
int check_cert_time_string(const char *time, const char *desc)
if (badsig) {
const ASN1_OCTET_STRING *sig = OCSP_resp_get0_signature(bs);
- corrupt_signature(sig);
+ /* XXX Casts away const, because it mutates the value! */
+ if (!corrupt_signature((ASN1_STRING *)sig))
+ goto end;
}
*resp = OCSP_response_create(OCSP_RESPONSE_STATUS_SUCCESSFUL, bs);
void print_attribute(BIO *out, const ASN1_TYPE *av);
int print_attribs(BIO *out, const STACK_OF(X509_ATTRIBUTE) *attrlst,
const char *name);
-static void hex_print(BIO *out, unsigned char *buf, int len);
+static void hex_print(BIO *out, const unsigned char *buf, int len);
static int alg_print(const X509_ALGOR *alg);
int cert_load(BIO *in, STACK_OF(X509) *sk);
static int set_pbe(int *ppbe, const char *str);
switch (av->type) {
case V_ASN1_BMPSTRING:
- value = OPENSSL_uni2asc(av->value.bmpstring->data,
- av->value.bmpstring->length);
+ value = OPENSSL_uni2asc(ASN1_STRING_get0_data(av->value.bmpstring),
+ ASN1_STRING_length(av->value.bmpstring));
BIO_printf(out, "%s\n", value);
OPENSSL_free(value);
break;
case V_ASN1_UTF8STRING:
- BIO_printf(out, "%.*s\n", av->value.utf8string->length,
- av->value.utf8string->data);
+ BIO_printf(out, "%.*s\n", ASN1_STRING_length(av->value.utf8string),
+ ASN1_STRING_get0_data(av->value.utf8string));
break;
case V_ASN1_OCTET_STRING:
- hex_print(out, av->value.octet_string->data,
- av->value.octet_string->length);
+ hex_print(out, ASN1_STRING_get0_data(av->value.octet_string),
+ ASN1_STRING_length(av->value.octet_string));
BIO_puts(out, "\n");
break;
case V_ASN1_BIT_STRING:
- hex_print(out, av->value.bit_string->data,
- av->value.bit_string->length);
+ hex_print(out, ASN1_STRING_get0_data(av->value.bit_string),
+ ASN1_STRING_length(av->value.bit_string));
BIO_puts(out, "\n");
break;
return 1;
}
-static void hex_print(BIO *out, unsigned char *buf, int len)
+static void hex_print(BIO *out, const unsigned char *buf, int len)
{
int i;
for (i = 0; i < len; i++)
NCONF_free(cnf);
/* Send SSLRequest packet */
- BIO_write(sbio, atyp->value.sequence->data,
- atyp->value.sequence->length);
+ BIO_write(sbio, ASN1_STRING_get0_data(atyp->value.sequence),
+ ASN1_STRING_length(atyp->value.sequence));
(void)BIO_flush(sbio);
ASN1_TYPE_free(atyp);
static ASN1_INTEGER *create_nonce(int bits)
{
unsigned char buf[20];
+ ASN1_INTEGER *ret = NULL;
ASN1_INTEGER *nonce = NULL;
int len = (bits - 1) / 8 + 1;
- int i;
if (len > (int)sizeof(buf))
goto err;
- if (RAND_bytes(buf, len) <= 0)
- goto err;
- /* Find the first non-zero byte and creating ASN1_INTEGER object. */
- for (i = 0; i < len && !buf[i]; ++i)
- continue;
+ /* Make a random nonce with a non-zero first byte */
+ do {
+ if (RAND_bytes(buf, len) <= 0)
+ goto err;
+ } while (!buf[0]);
+
if ((nonce = ASN1_INTEGER_new()) == NULL)
goto err;
- OPENSSL_free(nonce->data);
- nonce->length = len - i;
- nonce->data = app_malloc(nonce->length + 1, "nonce buffer");
- memcpy(nonce->data, buf + i, nonce->length);
- return nonce;
+
+ if (!ASN1_STRING_set(nonce, buf, len))
+ goto err;
+
+ ret = nonce;
+ nonce = NULL;
err:
- BIO_puts(bio_err, "could not create nonce\n");
+ if (ret == NULL)
+ BIO_puts(bio_err, "could not create nonce\n");
ASN1_INTEGER_free(nonce);
- return NULL;
+ return ret;
}
/*
const ASN1_BIT_STRING *signature;
X509_get0_signature(&signature, NULL, x);
- corrupt_signature(signature);
+ /* XXX Casts away const, because it mutates the value! */
+ if (!corrupt_signature(((ASN1_STRING *)signature)))
+ goto err;
}
/* Process print options in the given order, as indicated by index i */
#include "internal/unicode.h"
#include <openssl/asn1.h>
+#include <crypto/asn1.h>
+
static int traverse_string(const unsigned char *p, int len, int inform,
int (*rfunc)(unsigned long value, void *in),
void *arg);
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
+#include <crypto/asn1.h>
+
int ASN1_PRINTABLE_type(const unsigned char *s, int len)
{
int c;
#define ASN1_PARSE_MAXDEPTH 128
#endif
+#include <crypto/asn1.h>
+
static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
int offset, int depth, int indent, int dump);
static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len,
#include "internal/cryptlib.h"
#include <openssl/asn1.h>
+#include <crypto/asn1.h>
+
/* ASN1 packing and unpacking functions */
ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
#include <openssl/buffer.h>
#include <openssl/asn1.h>
+#include <crypto/asn1.h>
+
int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
{
int i, n = 0;
#include <openssl/buffer.h>
#include <openssl/asn1.h>
+#include <crypto/asn1.h>
+
int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type)
{
int i, n = 0;
#include <openssl/rand.h>
#include "crypto/evp.h"
+#include <crypto/asn1.h>
+
#ifndef OPENSSL_NO_SCRYPT
/* PKCS#5 scrypt password based encryption structures */
#include <openssl/dsa.h>
#include <openssl/bn.h>
+#include <crypto/asn1.h>
+
/* Print out an SPKI */
int NETSCAPE_SPKI_print(BIO *out, const NETSCAPE_SPKI *spki)
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
+#include <crypto/asn1.h>
+
/* Declarations for string types */
#define IMPLEMENT_ASN1_STRING_FUNCTIONS(sname) \
#include <openssl/cms.h>
#include "cms_local.h"
+#include <crypto/asn1.h>
+
ASN1_SEQUENCE(CMS_IssuerAndSerialNumber) = {
ASN1_SIMPLE(CMS_IssuerAndSerialNumber, issuer, X509_NAME),
ASN1_SIMPLE(CMS_IssuerAndSerialNumber, serialNumber, ASN1_INTEGER)
#include <openssl/cms.h>
#include "cms_local.h"
+#include <crypto/asn1.h>
+
/* CMS DigestedData Utilities */
CMS_ContentInfo *ossl_cms_DigestedData_create(const EVP_MD *md,
#include <openssl/cms.h>
#include "cms_local.h"
+#include <crypto/asn1.h>
+
/* unfortunately cannot constify BIO_new_NDEF() due to this and PKCS7_stream() */
int CMS_stream(unsigned char ***boundary, CMS_ContentInfo *cms)
{
#include "crypto/evp.h"
#include "internal/sizes.h"
+#include <crypto/asn1.h>
+
/* KEM Recipient Info (KEMRI) routines */
int ossl_cms_RecipientInfo_kemri_get0_alg(CMS_RecipientInfo *ri,
#include "internal/sizes.h" /* for OSSL_MAX_NAME_SIZE */
#include <openssl/err.h>
+#include <crypto/asn1.h>
+
/*-
* creates and initializes OSSL_CRMF_PBMPARAMETER (section 4.4)
* |slen| SHOULD be at least 8 (16 is common)
#include "ct_local.h"
+#include <crypto/asn1.h>
+
int o2i_SCT_signature(SCT *sct, const unsigned char **in, size_t len)
{
size_t siglen;
#include <openssl/asn1t.h>
#include "crypto/dh.h"
+#include <crypto/asn1.h>
+
/* Override the default free and new methods */
static int dh_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
void *exarg)
#include "crypto/dh.h"
#include "dh_local.h"
+#include <crypto/asn1.h>
+
/*
* The intention with the "backend" source file is to offer backend functions
* for legacy backends (EVP_PKEY_ASN1_METHOD) and provider implementations
#include "crypto/dsa.h"
#include "dsa_local.h"
+#include <crypto/asn1.h>
+
/*
* The intention with the "backend" source file is to offer backend functions
* for legacy backends (EVP_PKEY_ASN1_METHOD) and provider implementations
#include "internal/nelem.h"
#include "internal/param_build_set.h"
+#include <crypto/asn1.h>
+
/* Mapping between a flag and a name */
static const OSSL_ITEM encoding_nameid_map[] = {
{ OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
#include "crypto/evp.h"
#include "evp_local.h"
+#include <crypto/asn1.h>
+
void evp_md_ctx_clear_digest(EVP_MD_CTX *ctx, int force, int keep_fetched)
{
if (ctx->algctx != NULL) {
#include <openssl/core_names.h>
#include <openssl/kdf.h>
+#include <crypto/asn1.h>
+
/*
* Doesn't do anything now: Builtin PBE algorithms in static table.
*/
#include "crypto/evp.h"
#include "evp_local.h"
+#include <crypto/asn1.h>
+
int ossl_pkcs5_pbkdf2_hmac_ex(const char *pass, int passlen,
const unsigned char *salt, int saltlen, int iter,
const EVP_MD *digest, int keylen, unsigned char *out,
#include <openssl/pkcs12.h>
#include "p12_local.h"
+#include <crypto/asn1.h>
+
/* Add a local keyid to a safebag */
int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, const unsigned char *name,
#include "crypto/evp.h"
#include <openssl/pkcs12.h>
+#include <crypto/asn1.h>
+
/* PKCS#12 PBE algorithms now in static table */
void PKCS12_PBE_add(void)
#include <openssl/pkcs12.h>
#include <openssl/trace.h>
+#include <crypto/asn1.h>
+
/*
* Encrypt/Decrypt a buffer based on password and algor, result in a
* OPENSSL_malloc'ed buffer
#include <openssl/pkcs12.h>
#include "p12_local.h"
+#include <crypto/asn1.h>
+
static int pkcs12_pbmac1_pbkdf2_key_gen(const char *pass, int passlen,
unsigned char *salt, int saltlen,
int id, int iter, int keylen,
#include <openssl/pkcs12.h>
#include "p12_local.h"
+#include <crypto/asn1.h>
+
/* PKCS#12 password change routine */
static int newpass_p12(PKCS12 *p12, const char *oldpass, const char *newpass);
#include <openssl/x509.h>
#include <openssl/err.h>
+#include <crypto/asn1.h>
+
int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si,
STACK_OF(X509_ALGOR) *cap)
{
#include "crypto/evp.h"
#include "pk7_local.h"
+#include <crypto/asn1.h>
+
static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype,
void *value);
static const ASN1_TYPE *get_attribute(const STACK_OF(X509_ATTRIBUTE) *sk, int nid);
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include <crypto/asn1.h>
int RSA_sign_ASN1_OCTET_STRING(int type,
const unsigned char *m, unsigned int m_len,
#include <openssl/asn1t.h>
#include <string.h>
+#include <crypto/asn1.h>
+
typedef struct SM2_Ciphertext_st SM2_Ciphertext;
DECLARE_ASN1_FUNCTIONS(SM2_Ciphertext)
#include <openssl/asn1t.h>
#include "ts_local.h"
+#include <crypto/asn1.h>
+
ASN1_SEQUENCE(TS_MSG_IMPRINT) = {
ASN1_SIMPLE(TS_MSG_IMPRINT, hash_algo, X509_ALGOR),
ASN1_SIMPLE(TS_MSG_IMPRINT, hashed_msg, ASN1_OCTET_STRING)
#include "crypto/ess.h"
#include "ts_local.h"
+#include <crypto/asn1.h>
+
DEFINE_STACK_OF_CONST(EVP_MD)
static ASN1_INTEGER *def_serial_cb(struct TS_resp_ctx *, void *);
#include "crypto/ess.h"
#include "ts_local.h"
+#include <crypto/asn1.h>
+
static int ts_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted,
X509 *signer, STACK_OF(X509) **chain);
static int ts_check_signing_certs(const PKCS7_SIGNER_INFO *si,
#include <openssl/pem.h>
#include "x509_local.h"
+#include <crypto/asn1.h>
+
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc,
long argl, char **ret);
static int by_file_ctrl_ex(X509_LOOKUP *ctx, int cmd, const char *argc,
#include <openssl/objects.h>
#include <openssl/x509_acert.h>
+#include <crypto/asn1.h>
+
static int print_attribute(BIO *bp, X509_ATTRIBUTE *a)
{
const ASN1_OBJECT *aobj;
#include <openssl/rsa.h>
#include <openssl/dsa.h>
+#include <crypto/asn1.h>
+
#ifndef OPENSSL_NO_STDIO
int X509_REQ_print_fp(FILE *fp, const X509_REQ *x)
{
#include "crypto/asn1.h"
#include "crypto/evp.h"
+#include <crypto/asn1.h>
+
static int i2r_ISSUER_SERIAL(X509V3_EXT_METHOD *method,
OSSL_ISSUER_SERIAL *iss,
BIO *out, int indent);
#include "crypto/asn1.h"
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
DECLARE_ASN1_ITEM(OSSL_ISSUER_SERIAL)
ASN1_ITEM_TEMPLATE(OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_AUTHORITY_ATTRIBUTE_ID_SYNTAX, OSSL_ISSUER_SERIAL)
#include "x509_local.h"
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
static STACK_OF(CONF_VALUE) *i2v_OSSL_BASIC_ATTR_CONSTRAINTS(
X509V3_EXT_METHOD *method,
OSSL_BASIC_ATTR_CONSTRAINTS *battcons,
#include "ext_dat.h"
#include "x509_local.h"
+#include <crypto/asn1.h>
+
static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method,
BASIC_CONSTRAINTS *bcons,
STACK_OF(CONF_VALUE)
#include "pcy_local.h"
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
/* Certificate policies extension support: this one is a bit complex... */
static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol,
#include <openssl/x509v3.h>
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
const X509V3_EXT_METHOD ossl_v3_ns_ia5_list[8] = {
EXT_IA5STRING(NID_netscape_base_url),
EXT_IA5STRING(NID_netscape_revocation_url),
#include <openssl/x509v3.h>
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
/*
* Issuer Sign Tool (1.2.643.100.112) The name of the tool used to signs the subject (ASN1_SEQUENCE)
* This extension is required to obtain the status of a qualified certificate at Russian Federation.
#include <openssl/x509v3.h>
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
static int i2r_pci(X509V3_EXT_METHOD *method, PROXY_CERT_INFO_EXTENSION *ext,
BIO *out, int indent);
static PROXY_CERT_INFO_EXTENSION *r2i_pci(X509V3_EXT_METHOD *method,
#include <openssl/x509v3.h>
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
ASN1_ITEM_TEMPLATE(OSSL_USER_NOTICE_SYNTAX) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, OSSL_USER_NOTICE_SYNTAX, USERNOTICE)
ASN1_ITEM_TEMPLATE_END(OSSL_USER_NOTICE_SYNTAX)
#include <openssl/x509v3.h>
#include "ext_dat.h"
+#include <crypto/asn1.h>
+
/*
* Subject Sign Tool (1.2.643.100.111) The name of the tool used to signs the subject (UTF8String)
* This extension is required to obtain the status of a qualified certificate at Russian Federation.
#include "internal/refcount.h"
#include "internal/hashtable.h"
+#include <crypto/asn1.h>
+
#define X509V3_conf_add_error_name_value(val) \
ERR_add_error_data(4, "name=", (val)->name, ", value=", (val)->value)
#include <openssl/types.h>
#include "x509_local.h"
+#include <crypto/asn1.h>
+
X509_LOOKUP_METHOD *X509_LOOKUP_meth_new(const char *name)
{
X509_LOOKUP_METHOD *method = OPENSSL_zalloc(sizeof(X509_LOOKUP_METHOD));
#include <openssl/x509v3.h>
#include "x509_local.h"
+#include <crypto/asn1.h>
+
int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x)
{
int ret;
#include <openssl/x509v3.h>
#include "x509_acert.h"
+#include <crypto/asn1.h>
+
static int replace_gentime(ASN1_STRING **dest, const ASN1_GENERALIZEDTIME *src)
{
ASN1_STRING *s;
#include "x509_local.h"
#include <crypto/x509.h>
+#include <crypto/asn1.h>
+
/*-
* X509_ATTRIBUTE: this has the following form:
*
#include <openssl/asn1t.h>
#include "x509_local.h"
+#include <crypto/asn1.h>
+
ASN1_SEQUENCE(X509_EXTENSION) = {
ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT),
ASN1_OPT(X509_EXTENSION, critical, ASN1_FBOOLEAN),
Some functions have been removed that were deprecated in previous
versions of OpenSSL. See L<ossl-removed-api(7)>.
+The ASN1_STRING type has been made opaque. Accessors for the needed
+values from this type have been present since OpenSSL 1.1, Code
+which directly attempts to access internals of ASN1_STRING should be
+converted to use the accessors. The ASN1_FLAGS have also been made
+private, most of which were purely internal. ASN1_STRING_FLAG_BITS_LEFT,
+which used to be exposed to allow manipulating the internal representation
+of a bit string should be replaced by using the appropriate setter for
+an ASN1_BIT_STRING type, instead of direct flag and structure manipulation.
+
=head2 Upgrading from OpenSSL 3.x
=head3 Removal of atexit() usage
#include <openssl/core.h>
+#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
+/*
+ * This indicates that the ASN1_STRING is not a real value but just a place
+ * holder for the location where indefinite length constructed data should be
+ * inserted in the memory buffer
+ */
+#define ASN1_STRING_FLAG_NDEF 0x010
+
+/*
+ * This flag is used by the CMS code to indicate that a string is not
+ * complete and is a place holder for content when it had all been accessed.
+ * The flag will be reset when content has been written to it.
+ */
+
+#define ASN1_STRING_FLAG_CONT 0x020
+/*
+ * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
+ * type.
+ */
+#define ASN1_STRING_FLAG_MSTRING 0x040
+/* String is embedded and only content should be freed */
+#define ASN1_STRING_FLAG_EMBED 0x080
+
+/* This is the base type that holds just about everything :-) */
+struct asn1_string_st {
+ int length;
+ int type;
+ unsigned char *data;
+ /*
+ * The value of the following field depends on the type being held. It
+ * is mostly being used for BIT_STRING so if the input data has a
+ * non-zero 'unused bits' value, it will be handled correctly
+ */
+ long flags;
+};
+
struct evp_pkey_asn1_method_st {
int pkey_id;
int pkey_base_id;
#include <openssl/conf.h>
#include "crypto/types.h"
+#include <crypto/asn1.h>
+
/* Internal X509 structures and functions: not for application use */
/* Note: unless otherwise stated a field pointer is mandatory and should
#include <openssl/x509_acert.h>
+#include <crypto/asn1.h>
+
#define OSSL_ODI_TYPE_PUBLIC_KEY 0
#define OSSL_ODI_TYPE_PUBLIC_KEY_CERT 1
#define OSSL_ODI_TYPE_OTHER 2
-}
/* clang-format on */
-#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
-/*
- * This indicates that the ASN1_STRING is not a real value but just a place
- * holder for the location where indefinite length constructed data should be
- * inserted in the memory buffer
- */
-#define ASN1_STRING_FLAG_NDEF 0x010
-
-/*
- * This flag is used by the CMS code to indicate that a string is not
- * complete and is a place holder for content when it had all been accessed.
- * The flag will be reset when content has been written to it.
- */
-
-#define ASN1_STRING_FLAG_CONT 0x020
-/*
- * This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
- * type.
- */
-#define ASN1_STRING_FLAG_MSTRING 0x040
-/* String is embedded and only content should be freed */
-#define ASN1_STRING_FLAG_EMBED 0x080
/* This is the base type that holds just about everything :-) */
-struct asn1_string_st {
- int length;
- int type;
- unsigned char *data;
- /*
- * The value of the following field depends on the type being held. It
- * is mostly being used for BIT_STRING so if the input data has a
- * non-zero 'unused bits' value, it will be handled correctly
- */
- long flags;
-};
+struct asn1_string_st;
/*
* ASN1_ENCODING structure: this is used to save the received encoding of an
#include "prov/endecoder_local.h"
#include "providers/implementations/encode_decode/decode_epki2pki.inc"
+#include <crypto/asn1.h>
+
static OSSL_FUNC_decoder_newctx_fn epki2pki_newctx;
static OSSL_FUNC_decoder_freectx_fn epki2pki_freectx;
static OSSL_FUNC_decoder_decode_fn epki2pki_decode;
#include "prov/ml_kem_codecs.h"
#include "providers/implementations/encode_decode/encode_key2any.inc"
+#include <crypto/asn1.h>
+
#if defined(OPENSSL_NO_DH) && defined(OPENSSL_NO_DSA) && defined(OPENSSL_NO_EC)
#define OPENSSL_NO_KEYPARAMS
#endif
#include <openssl/encoder.h>
#include <openssl/x509.h>
+#include <crypto/asn1.h>
+
typedef struct {
uint32_t version;
int32_t ssl_version;
goto err;
}
- inlen = pKX->kxBlob->value.sequence->length;
- start = pKX->kxBlob->value.sequence->data;
+ inlen = ASN1_STRING_length(pKX->kxBlob->value.sequence);
+ start = ASN1_STRING_get0_data(pKX->kxBlob->value.sequence);
if (EVP_PKEY_decrypt(pkey_ctx, premaster_secret, &outlen, start,
inlen)
switch (av->type) {
case V_ASN1_BMPSTRING:
- value = OPENSSL_uni2asc(av->value.bmpstring->data,
- av->value.bmpstring->length);
+ value = OPENSSL_uni2asc(ASN1_STRING_get0_data(av->value.bmpstring),
+ ASN1_STRING_length(av->value.bmpstring));
if (!TEST_str_eq(txt, (char *)value))
goto err;
break;
case V_ASN1_UTF8STRING:
- if (!TEST_mem_eq(txt, strlen(txt), (char *)av->value.utf8string->data,
- av->value.utf8string->length))
+ if (!TEST_mem_eq(txt, strlen(txt), ASN1_STRING_get0_data(av->value.utf8string),
+ ASN1_STRING_length(av->value.utf8string)))
goto err;
break;
case V_ASN1_OCTET_STRING:
if (!TEST_mem_eq(txt, strlen(txt),
- (char *)av->value.octet_string->data,
- av->value.octet_string->length))
+ (char *)ASN1_STRING_get0_data(av->value.octet_string),
+ ASN1_STRING_length(av->value.octet_string)))
goto err;
break;
#include "testutil.h"
#include "internal/nelem.h"
+#include <crypto/asn1.h>
+
typedef struct {
const char *data;
int time_result;
#include "internal/nelem.h"
#include "internal/refcount.h"
+#include <crypto/asn1.h>
+
/* error codes */
/* xorprovider error codes */
#include "testutil.h"
+#include <crypto/asn1.h>
+
static const char *infile;
static int test_pathlen(void)
#include "testutil.h"
#include "internal/nelem.h"
+#include <crypto/asn1.h>
+
typedef struct {
const char *data;
int type;
projects / thirdparty / openssl.git / commitdiff
