struct ContentInfo *cinfo;
int error;
- error = asn1_decode_fc(fc, &asn_DEF_ContentInfo, (void **) &cinfo);
+ error = asn1_decode_fc(fc, &asn_DEF_ContentInfo, (void **) &cinfo,
+ true);
if (error)
return error;
#include "log.h"
static int
-validate(asn_TYPE_descriptor_t const *descriptor, void *result)
+validate(asn_TYPE_descriptor_t const *descriptor, void *result, bool log)
{
char error_msg[256];
size_t error_msg_size;
error = asn_check_constraints(descriptor, result, error_msg,
&error_msg_size);
if (error == -1)
- return pr_err("Error validating ASN.1 object: %s", error_msg);
+ return log ?
+ pr_err("Error validating ASN.1 object: %s", error_msg) :
+ -EINVAL;
return 0;
}
int
asn1_decode(const void *buffer, size_t buffer_size,
- asn_TYPE_descriptor_t const *descriptor, void **result)
+ asn_TYPE_descriptor_t const *descriptor, void **result, bool log)
{
asn_dec_rval_t rval;
int error;
/* Must free partial object according to API contracts. */
ASN_STRUCT_FREE(*descriptor, *result);
/* We expect the data to be complete; RC_WMORE is an error. */
- return pr_err("Error '%u' decoding ASN.1 object around byte %zu",
- rval.code, rval.consumed);
+ return log ?
+ pr_err("Error '%u' decoding ASN.1 object around byte %zu",
+ rval.code, rval.consumed) :
+ -EINVAL;
}
- error = validate(descriptor, *result);
+ error = validate(descriptor, *result, log);
if (error) {
ASN_STRUCT_FREE(*descriptor, *result);
return error;
int
asn1_decode_any(ANY_t *any, asn_TYPE_descriptor_t const *descriptor,
- void **result)
+ void **result, bool log)
{
- return asn1_decode(any->buf, any->size, descriptor, result);
+ return asn1_decode(any->buf, any->size, descriptor, result, log);
}
int
asn1_decode_octet_string(OCTET_STRING_t *string,
- asn_TYPE_descriptor_t const *descriptor, void **result)
+ asn_TYPE_descriptor_t const *descriptor, void **result, bool log)
{
- return asn1_decode(string->buf, string->size, descriptor, result);
+ return asn1_decode(string->buf, string->size, descriptor, result, log);
}
/*
*/
int
asn1_decode_fc(struct file_contents *fc,
- asn_TYPE_descriptor_t const *descriptor, void **result)
+ asn_TYPE_descriptor_t const *descriptor, void **result, bool log)
{
- return asn1_decode(fc->buffer, fc->buffer_size, descriptor, result);
+ return asn1_decode(fc->buffer, fc->buffer_size, descriptor, result,
+ log);
}
#include <libcmscodec/ANY.h>
#include <libcmscodec/constr_TYPE.h>
+#include <stdbool.h>
#include "file.h"
-int asn1_decode(const void *, size_t, asn_TYPE_descriptor_t const *, void **);
-int asn1_decode_any(ANY_t *, asn_TYPE_descriptor_t const *, void **);
+int asn1_decode(const void *, size_t, asn_TYPE_descriptor_t const *, void **,
+ bool);
+int asn1_decode_any(ANY_t *, asn_TYPE_descriptor_t const *, void **, bool);
int asn1_decode_octet_string(OCTET_STRING_t *, asn_TYPE_descriptor_t const *,
- void **);
+ void **, bool);
int asn1_decode_fc(struct file_contents *, asn_TYPE_descriptor_t const *,
- void **);
+ void **, bool);
#endif /* SRC_ASN1_DECODE_H_ */
int error;
error = asn1_decode_any(value, &asn_DEF_OBJECT_IDENTIFIER,
- (void **) &attrValues);
+ (void **) &attrValues, true);
if (error)
return error;
eContentType = &eci->eContentType;
return pr_err("There's no content being signed.");
error = asn1_decode_any(value, &asn_DEF_MessageDigest,
- (void **) &digest);
+ (void **) &digest, true);
if (error)
return error;
int error;
error = asn1_decode_any(coded, &asn_DEF_SignedDataPKCS7,
- (void **) &sdata_pkcs7);
+ (void **) &sdata_pkcs7, true);
if (error)
return error;
/* Parse content as OCTET STRING */
error = asn1_decode_any(sdata_pkcs7->encapContentInfo.eContent,
&asn_DEF_ContentTypePKCS7,
- (void **) &sdata->encapContentInfo.eContent);
+ (void **) &sdata->encapContentInfo.eContent, true);
if (error)
goto release_sdata;
/* rfc6488#section-3.1.l */
/* TODO (next iteration) this is BER, not guaranteed to be DER. */
- error = asn1_decode_any(coded, &asn_DEF_SignedData, (void **) &sdata);
+ error = asn1_decode_any(coded, &asn_DEF_SignedData, (void **) &sdata,
+ false);
if (error) {
/* Try to decode as PKCS content (RFC 5652 section 5.2.1) */
error = signed_data_decode_pkcs7(coded, &sdata);
return -EINVAL;
return asn1_decode_any(attr->attrValues.list.array[0],
&asn_DEF_OBJECT_IDENTIFIER,
- (void **) result);
+ (void **) result, true);
}
}
string = X509_EXTENSION_get_data(ext);
error = asn1_decode(string->data, string->length, &asn_DEF_IPAddrBlocks,
- (void **) &blocks);
+ (void **) &blocks, true);
if (error)
return error;
string = X509_EXTENSION_get_data(ext);
error = asn1_decode(string->data, string->length,
- &asn_DEF_ASIdentifiers, (void **) &ids);
+ &asn_DEF_ASIdentifiers, (void **) &ids, true);
if (error)
return error;
static int
manifest_decode(OCTET_STRING_t *string, void *arg)
{
- return asn1_decode_octet_string(string, &asn_DEF_Manifest, arg);
+ return asn1_decode_octet_string(string, &asn_DEF_Manifest, arg, true);
}
static int
roa_decode(OCTET_STRING_t *string, void *arg)
{
return asn1_decode_octet_string(string, &asn_DEF_RouteOriginAttestation,
- arg);
+ arg, true);
}
static int
projects / thirdparty / FORT-validator.git / commitdiff
