/src/openssl/crypto/asn1/tasn_dec.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* tasn_dec.c */ |
2 | | /* |
3 | | * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project |
4 | | * 2000. |
5 | | */ |
6 | | /* ==================================================================== |
7 | | * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved. |
8 | | * |
9 | | * Redistribution and use in source and binary forms, with or without |
10 | | * modification, are permitted provided that the following conditions |
11 | | * are met: |
12 | | * |
13 | | * 1. Redistributions of source code must retain the above copyright |
14 | | * notice, this list of conditions and the following disclaimer. |
15 | | * |
16 | | * 2. Redistributions in binary form must reproduce the above copyright |
17 | | * notice, this list of conditions and the following disclaimer in |
18 | | * the documentation and/or other materials provided with the |
19 | | * distribution. |
20 | | * |
21 | | * 3. All advertising materials mentioning features or use of this |
22 | | * software must display the following acknowledgment: |
23 | | * "This product includes software developed by the OpenSSL Project |
24 | | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
25 | | * |
26 | | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
27 | | * endorse or promote products derived from this software without |
28 | | * prior written permission. For written permission, please contact |
29 | | * licensing@OpenSSL.org. |
30 | | * |
31 | | * 5. Products derived from this software may not be called "OpenSSL" |
32 | | * nor may "OpenSSL" appear in their names without prior written |
33 | | * permission of the OpenSSL Project. |
34 | | * |
35 | | * 6. Redistributions of any form whatsoever must retain the following |
36 | | * acknowledgment: |
37 | | * "This product includes software developed by the OpenSSL Project |
38 | | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
39 | | * |
40 | | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
41 | | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
42 | | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
43 | | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
44 | | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
45 | | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
46 | | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; |
47 | | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
48 | | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
49 | | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
50 | | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
51 | | * OF THE POSSIBILITY OF SUCH DAMAGE. |
52 | | * ==================================================================== |
53 | | * |
54 | | * This product includes cryptographic software written by Eric Young |
55 | | * (eay@cryptsoft.com). This product includes software written by Tim |
56 | | * Hudson (tjh@cryptsoft.com). |
57 | | * |
58 | | */ |
59 | | |
60 | | #include <stddef.h> |
61 | | #include <string.h> |
62 | | #include <openssl/asn1.h> |
63 | | #include <openssl/asn1t.h> |
64 | | #include <openssl/objects.h> |
65 | | #include <openssl/buffer.h> |
66 | | #include <openssl/err.h> |
67 | | |
68 | | static int asn1_check_eoc(const unsigned char **in, long len); |
69 | | static int asn1_find_end(const unsigned char **in, long len, char inf); |
70 | | |
71 | | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
72 | | char inf, int tag, int aclass, int depth); |
73 | | |
74 | | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen); |
75 | | |
76 | | static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, |
77 | | char *inf, char *cst, |
78 | | const unsigned char **in, long len, |
79 | | int exptag, int expclass, char opt, ASN1_TLC *ctx); |
80 | | |
81 | | static int asn1_template_ex_d2i(ASN1_VALUE **pval, |
82 | | const unsigned char **in, long len, |
83 | | const ASN1_TEMPLATE *tt, char opt, |
84 | | ASN1_TLC *ctx); |
85 | | static int asn1_template_noexp_d2i(ASN1_VALUE **val, |
86 | | const unsigned char **in, long len, |
87 | | const ASN1_TEMPLATE *tt, char opt, |
88 | | ASN1_TLC *ctx); |
89 | | static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, |
90 | | const unsigned char **in, long len, |
91 | | const ASN1_ITEM *it, |
92 | | int tag, int aclass, char opt, |
93 | | ASN1_TLC *ctx); |
94 | | |
95 | | /* Table to convert tags to bit values, used for MSTRING type */ |
96 | | static const unsigned long tag2bit[32] = { |
97 | | /* tags 0 - 3 */ |
98 | | 0, 0, 0, B_ASN1_BIT_STRING, |
99 | | /* tags 4- 7 */ |
100 | | B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN, |
101 | | /* tags 8-11 */ |
102 | | B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, |
103 | | /* tags 12-15 */ |
104 | | B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, |
105 | | /* tags 16-19 */ |
106 | | B_ASN1_SEQUENCE, 0, B_ASN1_NUMERICSTRING, B_ASN1_PRINTABLESTRING, |
107 | | /* tags 20-22 */ |
108 | | B_ASN1_T61STRING, B_ASN1_VIDEOTEXSTRING, B_ASN1_IA5STRING, |
109 | | /* tags 23-24 */ |
110 | | B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, |
111 | | /* tags 25-27 */ |
112 | | B_ASN1_GRAPHICSTRING, B_ASN1_ISO64STRING, B_ASN1_GENERALSTRING, |
113 | | /* tags 28-31 */ |
114 | | B_ASN1_UNIVERSALSTRING, B_ASN1_UNKNOWN, B_ASN1_BMPSTRING, B_ASN1_UNKNOWN, |
115 | | }; |
116 | | |
117 | | unsigned long ASN1_tag2bit(int tag) |
118 | 2.69M | { |
119 | 2.69M | if ((tag < 0) || (tag > 30)) |
120 | 0 | return 0; |
121 | 2.69M | return tag2bit[tag]; |
122 | 2.69M | } |
123 | | |
124 | | /* Macro to initialize and invalidate the cache */ |
125 | | |
126 | 10.4M | #define asn1_tlc_clear(c) if (c) (c)->valid = 0 |
127 | | /* Version to avoid compiler warning about 'c' always non-NULL */ |
128 | 157k | #define asn1_tlc_clear_nc(c) (c)->valid = 0 |
129 | | |
130 | | /* |
131 | | * Decode an ASN1 item, this currently behaves just like a standard 'd2i' |
132 | | * function. 'in' points to a buffer to read the data from, in future we |
133 | | * will have more advanced versions that can input data a piece at a time and |
134 | | * this will simply be a special case. |
135 | | */ |
136 | | |
137 | | ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, |
138 | | const unsigned char **in, long len, |
139 | | const ASN1_ITEM *it) |
140 | 157k | { |
141 | 157k | ASN1_TLC c; |
142 | 157k | ASN1_VALUE *ptmpval = NULL; |
143 | 157k | if (!pval) |
144 | 0 | pval = &ptmpval; |
145 | 157k | asn1_tlc_clear_nc(&c); |
146 | 157k | if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) |
147 | 157k | return *pval; |
148 | 0 | return NULL; |
149 | 157k | } |
150 | | |
151 | | int ASN1_template_d2i(ASN1_VALUE **pval, |
152 | | const unsigned char **in, long len, |
153 | | const ASN1_TEMPLATE *tt) |
154 | 0 | { |
155 | 0 | ASN1_TLC c; |
156 | 0 | asn1_tlc_clear_nc(&c); |
157 | 0 | return asn1_template_ex_d2i(pval, in, len, tt, 0, &c); |
158 | 0 | } |
159 | | |
160 | | /* |
161 | | * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and |
162 | | * tag mismatch return -1 to handle OPTIONAL |
163 | | */ |
164 | | |
165 | | int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, |
166 | | const ASN1_ITEM *it, |
167 | | int tag, int aclass, char opt, ASN1_TLC *ctx) |
168 | 10.8M | { |
169 | 10.8M | const ASN1_TEMPLATE *tt, *errtt = NULL; |
170 | 10.8M | const ASN1_COMPAT_FUNCS *cf; |
171 | 10.8M | const ASN1_EXTERN_FUNCS *ef; |
172 | 10.8M | const ASN1_AUX *aux = it->funcs; |
173 | 10.8M | ASN1_aux_cb *asn1_cb; |
174 | 10.8M | const unsigned char *p = NULL, *q; |
175 | 10.8M | unsigned char *wp = NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */ |
176 | 10.8M | unsigned char imphack = 0, oclass; |
177 | 10.8M | char seq_eoc, seq_nolen, cst, isopt; |
178 | 10.8M | long tmplen; |
179 | 10.8M | int i; |
180 | 10.8M | int otag; |
181 | 10.8M | int ret = 0; |
182 | 10.8M | ASN1_VALUE **pchptr, *ptmpval; |
183 | 10.8M | int combine = aclass & ASN1_TFLG_COMBINE; |
184 | 10.8M | aclass &= ~ASN1_TFLG_COMBINE; |
185 | 10.8M | if (!pval) |
186 | 0 | return 0; |
187 | 10.8M | if (aux && aux->asn1_cb) |
188 | 315k | asn1_cb = aux->asn1_cb; |
189 | 10.5M | else |
190 | 10.5M | asn1_cb = 0; |
191 | | |
192 | 10.8M | switch (it->itype) { |
193 | 6.19M | case ASN1_ITYPE_PRIMITIVE: |
194 | 6.19M | if (it->templates) { |
195 | | /* |
196 | | * tagging or OPTIONAL is currently illegal on an item template |
197 | | * because the flags can't get passed down. In practice this |
198 | | * isn't a problem: we include the relevant flags from the item |
199 | | * template in the template itself. |
200 | | */ |
201 | 1.50M | if ((tag != -1) || opt) { |
202 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, |
203 | 0 | ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); |
204 | 0 | goto err; |
205 | 0 | } |
206 | 1.50M | return asn1_template_ex_d2i(pval, in, len, |
207 | 1.50M | it->templates, opt, ctx); |
208 | 1.50M | } |
209 | 4.69M | return asn1_d2i_ex_primitive(pval, in, len, it, |
210 | 4.69M | tag, aclass, opt, ctx); |
211 | 0 | break; |
212 | | |
213 | 1.50M | case ASN1_ITYPE_MSTRING: |
214 | 1.50M | p = *in; |
215 | | /* Just read in tag and class */ |
216 | 1.50M | ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, |
217 | 1.50M | &p, len, -1, 0, 1, ctx); |
218 | 1.50M | if (!ret) { |
219 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
220 | 0 | goto err; |
221 | 0 | } |
222 | | |
223 | | /* Must be UNIVERSAL class */ |
224 | 1.50M | if (oclass != V_ASN1_UNIVERSAL) { |
225 | | /* If OPTIONAL, assume this is OK */ |
226 | 0 | if (opt) |
227 | 0 | return -1; |
228 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); |
229 | 0 | goto err; |
230 | 0 | } |
231 | | /* Check tag matches bit map */ |
232 | 1.50M | if (!(ASN1_tag2bit(otag) & it->utype)) { |
233 | | /* If OPTIONAL, assume this is OK */ |
234 | 0 | if (opt) |
235 | 0 | return -1; |
236 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MSTRING_WRONG_TAG); |
237 | 0 | goto err; |
238 | 0 | } |
239 | 1.50M | return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); |
240 | | |
241 | 315k | case ASN1_ITYPE_EXTERN: |
242 | | /* Use new style d2i */ |
243 | 315k | ef = it->funcs; |
244 | 315k | return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); |
245 | | |
246 | 0 | case ASN1_ITYPE_COMPAT: |
247 | | /* we must resort to old style evil hackery */ |
248 | 0 | cf = it->funcs; |
249 | | |
250 | | /* If OPTIONAL see if it is there */ |
251 | 0 | if (opt) { |
252 | 0 | int exptag; |
253 | 0 | p = *in; |
254 | 0 | if (tag == -1) |
255 | 0 | exptag = it->utype; |
256 | 0 | else |
257 | 0 | exptag = tag; |
258 | | /* |
259 | | * Don't care about anything other than presence of expected tag |
260 | | */ |
261 | |
|
262 | 0 | ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL, |
263 | 0 | &p, len, exptag, aclass, 1, ctx); |
264 | 0 | if (!ret) { |
265 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
266 | 0 | goto err; |
267 | 0 | } |
268 | 0 | if (ret == -1) |
269 | 0 | return -1; |
270 | 0 | } |
271 | | |
272 | | /* |
273 | | * This is the old style evil hack IMPLICIT handling: since the |
274 | | * underlying code is expecting a tag and class other than the one |
275 | | * present we change the buffer temporarily then change it back |
276 | | * afterwards. This doesn't and never did work for tags > 30. Yes |
277 | | * this is *horrible* but it is only needed for old style d2i which |
278 | | * will hopefully not be around for much longer. FIXME: should copy |
279 | | * the buffer then modify it so the input buffer can be const: we |
280 | | * should *always* copy because the old style d2i might modify the |
281 | | * buffer. |
282 | | */ |
283 | | |
284 | 0 | if (tag != -1) { |
285 | 0 | wp = *(unsigned char **)in; |
286 | 0 | imphack = *wp; |
287 | 0 | if (p == NULL) { |
288 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
289 | 0 | goto err; |
290 | 0 | } |
291 | 0 | *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED) |
292 | 0 | | it->utype); |
293 | 0 | } |
294 | | |
295 | 0 | ptmpval = cf->asn1_d2i(pval, in, len); |
296 | |
|
297 | 0 | if (tag != -1) |
298 | 0 | *wp = imphack; |
299 | |
|
300 | 0 | if (ptmpval) |
301 | 0 | return 1; |
302 | | |
303 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
304 | 0 | goto err; |
305 | | |
306 | 0 | case ASN1_ITYPE_CHOICE: |
307 | 0 | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) |
308 | 0 | goto auxerr; |
309 | 0 | if (*pval) { |
310 | | /* Free up and zero CHOICE value if initialised */ |
311 | 0 | i = asn1_get_choice_selector(pval, it); |
312 | 0 | if ((i >= 0) && (i < it->tcount)) { |
313 | 0 | tt = it->templates + i; |
314 | 0 | pchptr = asn1_get_field_ptr(pval, tt); |
315 | 0 | ASN1_template_free(pchptr, tt); |
316 | 0 | asn1_set_choice_selector(pval, -1, it); |
317 | 0 | } |
318 | 0 | } else if (!ASN1_item_ex_new(pval, it)) { |
319 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
320 | 0 | goto err; |
321 | 0 | } |
322 | | /* CHOICE type, try each possibility in turn */ |
323 | 0 | p = *in; |
324 | 0 | for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { |
325 | 0 | pchptr = asn1_get_field_ptr(pval, tt); |
326 | | /* |
327 | | * We mark field as OPTIONAL so its absence can be recognised. |
328 | | */ |
329 | 0 | ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx); |
330 | | /* If field not present, try the next one */ |
331 | 0 | if (ret == -1) |
332 | 0 | continue; |
333 | | /* If positive return, read OK, break loop */ |
334 | 0 | if (ret > 0) |
335 | 0 | break; |
336 | | /* Otherwise must be an ASN1 parsing error */ |
337 | 0 | errtt = tt; |
338 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
339 | 0 | goto err; |
340 | 0 | } |
341 | | |
342 | | /* Did we fall off the end without reading anything? */ |
343 | 0 | if (i == it->tcount) { |
344 | | /* If OPTIONAL, this is OK */ |
345 | 0 | if (opt) { |
346 | | /* Free and zero it */ |
347 | 0 | ASN1_item_ex_free(pval, it); |
348 | 0 | return -1; |
349 | 0 | } |
350 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); |
351 | 0 | goto err; |
352 | 0 | } |
353 | | |
354 | 0 | asn1_set_choice_selector(pval, i, it); |
355 | 0 | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) |
356 | 0 | goto auxerr; |
357 | 0 | *in = p; |
358 | 0 | return 1; |
359 | | |
360 | 0 | case ASN1_ITYPE_NDEF_SEQUENCE: |
361 | 2.85M | case ASN1_ITYPE_SEQUENCE: |
362 | 2.85M | p = *in; |
363 | 2.85M | tmplen = len; |
364 | | |
365 | | /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */ |
366 | 2.85M | if (tag == -1) { |
367 | 2.85M | tag = V_ASN1_SEQUENCE; |
368 | 2.85M | aclass = V_ASN1_UNIVERSAL; |
369 | 2.85M | } |
370 | | /* Get SEQUENCE length and update len, p */ |
371 | 2.85M | ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, |
372 | 2.85M | &p, len, tag, aclass, opt, ctx); |
373 | 2.85M | if (!ret) { |
374 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
375 | 0 | goto err; |
376 | 2.85M | } else if (ret == -1) |
377 | 0 | return -1; |
378 | 2.85M | if (aux && (aux->flags & ASN1_AFLG_BROKEN)) { |
379 | 0 | len = tmplen - (p - *in); |
380 | 0 | seq_nolen = 1; |
381 | 0 | } |
382 | | /* If indefinite we don't do a length check */ |
383 | 2.85M | else |
384 | 2.85M | seq_nolen = seq_eoc; |
385 | 2.85M | if (!cst) { |
386 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); |
387 | 0 | goto err; |
388 | 0 | } |
389 | | |
390 | 2.85M | if (!*pval && !ASN1_item_ex_new(pval, it)) { |
391 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
392 | 0 | goto err; |
393 | 0 | } |
394 | | |
395 | 2.85M | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL)) |
396 | 0 | goto auxerr; |
397 | | |
398 | | /* Free up and zero any ADB found */ |
399 | 10.5M | for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { |
400 | 7.68M | if (tt->flags & ASN1_TFLG_ADB_MASK) { |
401 | 0 | const ASN1_TEMPLATE *seqtt; |
402 | 0 | ASN1_VALUE **pseqval; |
403 | 0 | seqtt = asn1_do_adb(pval, tt, 0); |
404 | 0 | if (seqtt == NULL) |
405 | 0 | continue; |
406 | 0 | pseqval = asn1_get_field_ptr(pval, seqtt); |
407 | 0 | ASN1_template_free(pseqval, seqtt); |
408 | 0 | } |
409 | 7.68M | } |
410 | | |
411 | | /* Get each field entry */ |
412 | 10.4M | for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { |
413 | 7.68M | const ASN1_TEMPLATE *seqtt; |
414 | 7.68M | ASN1_VALUE **pseqval; |
415 | 7.68M | seqtt = asn1_do_adb(pval, tt, 1); |
416 | 7.68M | if (seqtt == NULL) |
417 | 0 | goto err; |
418 | 7.68M | pseqval = asn1_get_field_ptr(pval, seqtt); |
419 | | /* Have we ran out of data? */ |
420 | 7.68M | if (!len) |
421 | 62.1k | break; |
422 | 7.61M | q = p; |
423 | 7.61M | if (asn1_check_eoc(&p, len)) { |
424 | 0 | if (!seq_eoc) { |
425 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_UNEXPECTED_EOC); |
426 | 0 | goto err; |
427 | 0 | } |
428 | 0 | len -= p - q; |
429 | 0 | seq_eoc = 0; |
430 | 0 | q = p; |
431 | 0 | break; |
432 | 0 | } |
433 | | /* |
434 | | * This determines the OPTIONAL flag value. The field cannot be |
435 | | * omitted if it is the last of a SEQUENCE and there is still |
436 | | * data to be read. This isn't strictly necessary but it |
437 | | * increases efficiency in some cases. |
438 | | */ |
439 | 7.61M | if (i == (it->tcount - 1)) |
440 | 2.78M | isopt = 0; |
441 | 4.83M | else |
442 | 4.83M | isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL); |
443 | | /* |
444 | | * attempt to read in field, allowing each to be OPTIONAL |
445 | | */ |
446 | | |
447 | 7.61M | ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx); |
448 | 7.61M | if (!ret) { |
449 | 0 | errtt = seqtt; |
450 | 0 | goto err; |
451 | 7.61M | } else if (ret == -1) { |
452 | | /* |
453 | | * OPTIONAL component absent. Free and zero the field. |
454 | | */ |
455 | 576k | ASN1_template_free(pseqval, seqtt); |
456 | 576k | continue; |
457 | 576k | } |
458 | | /* Update length */ |
459 | 7.04M | len -= p - q; |
460 | 7.04M | } |
461 | | |
462 | | /* Check for EOC if expecting one */ |
463 | 2.85M | if (seq_eoc && !asn1_check_eoc(&p, len)) { |
464 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC); |
465 | 0 | goto err; |
466 | 0 | } |
467 | | /* Check all data read */ |
468 | 2.85M | if (!seq_nolen && len) { |
469 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); |
470 | 0 | goto err; |
471 | 0 | } |
472 | | |
473 | | /* |
474 | | * If we get here we've got no more data in the SEQUENCE, however we |
475 | | * may not have read all fields so check all remaining are OPTIONAL |
476 | | * and clear any that are. |
477 | | */ |
478 | 2.91M | for (; i < it->tcount; tt++, i++) { |
479 | 62.1k | const ASN1_TEMPLATE *seqtt; |
480 | 62.1k | seqtt = asn1_do_adb(pval, tt, 1); |
481 | 62.1k | if (seqtt == NULL) |
482 | 0 | goto err; |
483 | 62.1k | if (seqtt->flags & ASN1_TFLG_OPTIONAL) { |
484 | 62.1k | ASN1_VALUE **pseqval; |
485 | 62.1k | pseqval = asn1_get_field_ptr(pval, seqtt); |
486 | 62.1k | ASN1_template_free(pseqval, seqtt); |
487 | 62.1k | } else { |
488 | 0 | errtt = seqtt; |
489 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_FIELD_MISSING); |
490 | 0 | goto err; |
491 | 0 | } |
492 | 62.1k | } |
493 | | /* Save encoding */ |
494 | 2.85M | if (!asn1_enc_save(pval, *in, p - *in, it)) |
495 | 0 | goto auxerr; |
496 | 2.85M | if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) |
497 | 0 | goto auxerr; |
498 | 2.85M | *in = p; |
499 | 2.85M | return 1; |
500 | | |
501 | 0 | default: |
502 | 0 | return 0; |
503 | 10.8M | } |
504 | 0 | auxerr: |
505 | 0 | ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR); |
506 | 0 | err: |
507 | 0 | if (combine == 0) |
508 | 0 | ASN1_item_ex_free(pval, it); |
509 | 0 | if (errtt) |
510 | 0 | ERR_add_error_data(4, "Field=", errtt->field_name, |
511 | 0 | ", Type=", it->sname); |
512 | 0 | else |
513 | 0 | ERR_add_error_data(2, "Type=", it->sname); |
514 | 0 | return 0; |
515 | 0 | } |
516 | | |
517 | | /* |
518 | | * Templates are handled with two separate functions. One handles any |
519 | | * EXPLICIT tag and the other handles the rest. |
520 | | */ |
521 | | |
522 | | static int asn1_template_ex_d2i(ASN1_VALUE **val, |
523 | | const unsigned char **in, long inlen, |
524 | | const ASN1_TEMPLATE *tt, char opt, |
525 | | ASN1_TLC *ctx) |
526 | 9.12M | { |
527 | 9.12M | int flags, aclass; |
528 | 9.12M | int ret; |
529 | 9.12M | long len; |
530 | 9.12M | const unsigned char *p, *q; |
531 | 9.12M | char exp_eoc; |
532 | 9.12M | if (!val) |
533 | 0 | return 0; |
534 | 9.12M | flags = tt->flags; |
535 | 9.12M | aclass = flags & ASN1_TFLG_TAG_CLASS; |
536 | | |
537 | 9.12M | p = *in; |
538 | | |
539 | | /* Check if EXPLICIT tag expected */ |
540 | 9.12M | if (flags & ASN1_TFLG_EXPTAG) { |
541 | 315k | char cst; |
542 | | /* |
543 | | * Need to work out amount of data available to the inner content and |
544 | | * where it starts: so read in EXPLICIT header to get the info. |
545 | | */ |
546 | 315k | ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst, |
547 | 315k | &p, inlen, tt->tag, aclass, opt, ctx); |
548 | 315k | q = p; |
549 | 315k | if (!ret) { |
550 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
551 | 0 | return 0; |
552 | 315k | } else if (ret == -1) |
553 | 0 | return -1; |
554 | 315k | if (!cst) { |
555 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, |
556 | 0 | ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); |
557 | 0 | return 0; |
558 | 0 | } |
559 | | /* We've found the field so it can't be OPTIONAL now */ |
560 | 315k | ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx); |
561 | 315k | if (!ret) { |
562 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); |
563 | 0 | return 0; |
564 | 0 | } |
565 | | /* We read the field in OK so update length */ |
566 | 315k | len -= p - q; |
567 | 315k | if (exp_eoc) { |
568 | | /* If NDEF we must have an EOC here */ |
569 | 0 | if (!asn1_check_eoc(&p, len)) { |
570 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC); |
571 | 0 | goto err; |
572 | 0 | } |
573 | 315k | } else { |
574 | | /* |
575 | | * Otherwise we must hit the EXPLICIT tag end or its an error |
576 | | */ |
577 | 315k | if (len) { |
578 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, |
579 | 0 | ASN1_R_EXPLICIT_LENGTH_MISMATCH); |
580 | 0 | goto err; |
581 | 0 | } |
582 | 315k | } |
583 | 315k | } else |
584 | 8.80M | return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx); |
585 | | |
586 | 315k | *in = p; |
587 | 315k | return 1; |
588 | | |
589 | 0 | err: |
590 | 0 | ASN1_template_free(val, tt); |
591 | 0 | return 0; |
592 | 9.12M | } |
593 | | |
594 | | static int asn1_template_noexp_d2i(ASN1_VALUE **val, |
595 | | const unsigned char **in, long len, |
596 | | const ASN1_TEMPLATE *tt, char opt, |
597 | | ASN1_TLC *ctx) |
598 | 9.12M | { |
599 | 9.12M | int flags, aclass; |
600 | 9.12M | int ret; |
601 | 9.12M | const unsigned char *p, *q; |
602 | 9.12M | if (!val) |
603 | 0 | return 0; |
604 | 9.12M | flags = tt->flags; |
605 | 9.12M | aclass = flags & ASN1_TFLG_TAG_CLASS; |
606 | | |
607 | 9.12M | p = *in; |
608 | 9.12M | q = p; |
609 | | |
610 | 9.12M | if (flags & ASN1_TFLG_SK_MASK) { |
611 | | /* SET OF, SEQUENCE OF */ |
612 | 1.66M | int sktag, skaclass; |
613 | 1.66M | char sk_eoc; |
614 | | /* First work out expected inner tag value */ |
615 | 1.66M | if (flags & ASN1_TFLG_IMPTAG) { |
616 | 0 | sktag = tt->tag; |
617 | 0 | skaclass = aclass; |
618 | 1.66M | } else { |
619 | 1.66M | skaclass = V_ASN1_UNIVERSAL; |
620 | 1.66M | if (flags & ASN1_TFLG_SET_OF) |
621 | 1.18M | sktag = V_ASN1_SET; |
622 | 473k | else |
623 | 473k | sktag = V_ASN1_SEQUENCE; |
624 | 1.66M | } |
625 | | /* Get the tag */ |
626 | 1.66M | ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, |
627 | 1.66M | &p, len, sktag, skaclass, opt, ctx); |
628 | 1.66M | if (!ret) { |
629 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); |
630 | 0 | return 0; |
631 | 1.66M | } else if (ret == -1) |
632 | 0 | return -1; |
633 | 1.66M | if (!*val) |
634 | 1.66M | *val = (ASN1_VALUE *)sk_new_null(); |
635 | 0 | else { |
636 | | /* |
637 | | * We've got a valid STACK: free up any items present |
638 | | */ |
639 | 0 | STACK_OF(ASN1_VALUE) *sktmp = (STACK_OF(ASN1_VALUE) *)*val; |
640 | 0 | ASN1_VALUE *vtmp; |
641 | 0 | while (sk_ASN1_VALUE_num(sktmp) > 0) { |
642 | 0 | vtmp = sk_ASN1_VALUE_pop(sktmp); |
643 | 0 | ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)); |
644 | 0 | } |
645 | 0 | } |
646 | | |
647 | 1.66M | if (!*val) { |
648 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); |
649 | 0 | goto err; |
650 | 0 | } |
651 | | |
652 | | /* Read as many items as we can */ |
653 | 4.59M | while (len > 0) { |
654 | 2.93M | ASN1_VALUE *skfield; |
655 | 2.93M | q = p; |
656 | | /* See if EOC found */ |
657 | 2.93M | if (asn1_check_eoc(&p, len)) { |
658 | 0 | if (!sk_eoc) { |
659 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, |
660 | 0 | ASN1_R_UNEXPECTED_EOC); |
661 | 0 | goto err; |
662 | 0 | } |
663 | 0 | len -= p - q; |
664 | 0 | sk_eoc = 0; |
665 | 0 | break; |
666 | 0 | } |
667 | 2.93M | skfield = NULL; |
668 | 2.93M | if (!ASN1_item_ex_d2i(&skfield, &p, len, |
669 | 2.93M | ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx)) { |
670 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, |
671 | 0 | ERR_R_NESTED_ASN1_ERROR); |
672 | 0 | goto err; |
673 | 0 | } |
674 | 2.93M | len -= p - q; |
675 | 2.93M | if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { |
676 | 0 | ASN1_item_ex_free(&skfield, ASN1_ITEM_ptr(tt->item)); |
677 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); |
678 | 0 | goto err; |
679 | 0 | } |
680 | 2.93M | } |
681 | 1.66M | if (sk_eoc) { |
682 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); |
683 | 0 | goto err; |
684 | 0 | } |
685 | 7.46M | } else if (flags & ASN1_TFLG_IMPTAG) { |
686 | | /* IMPLICIT tagging */ |
687 | 315k | ret = ASN1_item_ex_d2i(val, &p, len, |
688 | 315k | ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, |
689 | 315k | ctx); |
690 | 315k | if (!ret) { |
691 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); |
692 | 0 | goto err; |
693 | 315k | } else if (ret == -1) |
694 | 315k | return -1; |
695 | 7.14M | } else { |
696 | | /* Nothing special */ |
697 | 7.14M | ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), |
698 | 7.14M | -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx); |
699 | 7.14M | if (!ret) { |
700 | 0 | ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); |
701 | 0 | goto err; |
702 | 7.14M | } else if (ret == -1) |
703 | 261k | return -1; |
704 | 7.14M | } |
705 | | |
706 | 8.54M | *in = p; |
707 | 8.54M | return 1; |
708 | | |
709 | 0 | err: |
710 | 0 | ASN1_template_free(val, tt); |
711 | 0 | return 0; |
712 | 9.12M | } |
713 | | |
714 | | static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, |
715 | | const unsigned char **in, long inlen, |
716 | | const ASN1_ITEM *it, |
717 | | int tag, int aclass, char opt, ASN1_TLC *ctx) |
718 | 6.19M | { |
719 | 6.19M | int ret = 0, utype; |
720 | 6.19M | long plen; |
721 | 6.19M | char cst, inf, free_cont = 0; |
722 | 6.19M | const unsigned char *p; |
723 | 6.19M | BUF_MEM buf = { 0, NULL, 0 }; |
724 | 6.19M | const unsigned char *cont = NULL; |
725 | 6.19M | long len; |
726 | 6.19M | if (!pval) { |
727 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); |
728 | 0 | return 0; /* Should never happen */ |
729 | 0 | } |
730 | | |
731 | 6.19M | if (it->itype == ASN1_ITYPE_MSTRING) { |
732 | 1.50M | utype = tag; |
733 | 1.50M | tag = -1; |
734 | 1.50M | } else |
735 | 4.69M | utype = it->utype; |
736 | | |
737 | 6.19M | if (utype == V_ASN1_ANY) { |
738 | | /* If type is ANY need to figure out type from tag */ |
739 | 411k | unsigned char oclass; |
740 | 411k | if (tag >= 0) { |
741 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); |
742 | 0 | return 0; |
743 | 0 | } |
744 | 411k | if (opt) { |
745 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, |
746 | 0 | ASN1_R_ILLEGAL_OPTIONAL_ANY); |
747 | 0 | return 0; |
748 | 0 | } |
749 | 411k | p = *in; |
750 | 411k | ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, |
751 | 411k | &p, inlen, -1, 0, 0, ctx); |
752 | 411k | if (!ret) { |
753 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); |
754 | 0 | return 0; |
755 | 0 | } |
756 | 411k | if (oclass != V_ASN1_UNIVERSAL) |
757 | 0 | utype = V_ASN1_OTHER; |
758 | 411k | } |
759 | 6.19M | if (tag == -1) { |
760 | 5.88M | tag = utype; |
761 | 5.88M | aclass = V_ASN1_UNIVERSAL; |
762 | 5.88M | } |
763 | 6.19M | p = *in; |
764 | | /* Check header */ |
765 | 6.19M | ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, |
766 | 6.19M | &p, inlen, tag, aclass, opt, ctx); |
767 | 6.19M | if (!ret) { |
768 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); |
769 | 0 | return 0; |
770 | 6.19M | } else if (ret == -1) |
771 | 576k | return -1; |
772 | 5.62M | ret = 0; |
773 | | /* SEQUENCE, SET and "OTHER" are left in encoded form */ |
774 | 5.62M | if ((utype == V_ASN1_SEQUENCE) |
775 | 5.62M | || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER)) { |
776 | | /* |
777 | | * Clear context cache for type OTHER because the auto clear when we |
778 | | * have a exact match wont work |
779 | | */ |
780 | 0 | if (utype == V_ASN1_OTHER) { |
781 | 0 | asn1_tlc_clear(ctx); |
782 | 0 | } |
783 | | /* SEQUENCE and SET must be constructed */ |
784 | 0 | else if (!cst) { |
785 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, |
786 | 0 | ASN1_R_TYPE_NOT_CONSTRUCTED); |
787 | 0 | return 0; |
788 | 0 | } |
789 | | |
790 | 0 | cont = *in; |
791 | | /* If indefinite length constructed find the real end */ |
792 | 0 | if (inf) { |
793 | 0 | if (!asn1_find_end(&p, plen, inf)) |
794 | 0 | goto err; |
795 | 0 | len = p - cont; |
796 | 0 | } else { |
797 | 0 | len = p - cont + plen; |
798 | 0 | p += plen; |
799 | 0 | } |
800 | 5.62M | } else if (cst) { |
801 | 0 | if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN |
802 | 0 | || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER |
803 | 0 | || utype == V_ASN1_ENUMERATED) { |
804 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); |
805 | 0 | return 0; |
806 | 0 | } |
807 | | |
808 | | /* Free any returned 'buf' content */ |
809 | 0 | free_cont = 1; |
810 | | /* |
811 | | * Should really check the internal tags are correct but some things |
812 | | * may get this wrong. The relevant specs say that constructed string |
813 | | * types should be OCTET STRINGs internally irrespective of the type. |
814 | | * So instead just check for UNIVERSAL class and ignore the tag. |
815 | | */ |
816 | 0 | if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0)) { |
817 | 0 | goto err; |
818 | 0 | } |
819 | 0 | len = buf.length; |
820 | | /* Append a final null to string */ |
821 | 0 | if (!BUF_MEM_grow_clean(&buf, len + 1)) { |
822 | 0 | ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); |
823 | 0 | goto err; |
824 | 0 | } |
825 | 0 | buf.data[len] = 0; |
826 | 0 | cont = (const unsigned char *)buf.data; |
827 | 5.62M | } else { |
828 | 5.62M | cont = p; |
829 | 5.62M | len = plen; |
830 | 5.62M | p += plen; |
831 | 5.62M | } |
832 | | |
833 | | /* We now have content length and type: translate into a structure */ |
834 | | /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */ |
835 | 5.62M | if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it)) |
836 | 0 | goto err; |
837 | | |
838 | 5.62M | *in = p; |
839 | 5.62M | ret = 1; |
840 | 5.62M | err: |
841 | 5.62M | if (free_cont && buf.data) |
842 | 0 | OPENSSL_free(buf.data); |
843 | 5.62M | return ret; |
844 | 5.62M | } |
845 | | |
846 | | /* Translate ASN1 content octets into a structure */ |
847 | | |
848 | | int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, |
849 | | int utype, char *free_cont, const ASN1_ITEM *it) |
850 | 5.62M | { |
851 | 5.62M | ASN1_VALUE **opval = NULL; |
852 | 5.62M | ASN1_STRING *stmp; |
853 | 5.62M | ASN1_TYPE *typ = NULL; |
854 | 5.62M | int ret = 0; |
855 | 5.62M | const ASN1_PRIMITIVE_FUNCS *pf; |
856 | 5.62M | ASN1_INTEGER **tint; |
857 | 5.62M | pf = it->funcs; |
858 | | |
859 | 5.62M | if (pf && pf->prim_c2i) |
860 | 0 | return pf->prim_c2i(pval, cont, len, utype, free_cont, it); |
861 | | /* If ANY type clear type and set pointer to internal value */ |
862 | 5.62M | if (it->utype == V_ASN1_ANY) { |
863 | 411k | if (!*pval) { |
864 | 411k | typ = ASN1_TYPE_new(); |
865 | 411k | if (typ == NULL) |
866 | 0 | goto err; |
867 | 411k | *pval = (ASN1_VALUE *)typ; |
868 | 411k | } else |
869 | 0 | typ = (ASN1_TYPE *)*pval; |
870 | | |
871 | 411k | if (utype != typ->type) |
872 | 411k | ASN1_TYPE_set(typ, utype, NULL); |
873 | 411k | opval = pval; |
874 | 411k | pval = &typ->value.asn1_value; |
875 | 411k | } |
876 | 5.62M | switch (utype) { |
877 | 2.25M | case V_ASN1_OBJECT: |
878 | 2.25M | if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) |
879 | 0 | goto err; |
880 | 2.25M | break; |
881 | | |
882 | 2.25M | case V_ASN1_NULL: |
883 | 380k | if (len) { |
884 | 0 | ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH); |
885 | 0 | goto err; |
886 | 0 | } |
887 | 380k | *pval = (ASN1_VALUE *)1; |
888 | 380k | break; |
889 | | |
890 | 297k | case V_ASN1_BOOLEAN: |
891 | 297k | if (len != 1) { |
892 | 0 | ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); |
893 | 0 | goto err; |
894 | 297k | } else { |
895 | 297k | ASN1_BOOLEAN *tbool; |
896 | 297k | tbool = (ASN1_BOOLEAN *)pval; |
897 | 297k | *tbool = *cont; |
898 | 297k | } |
899 | 297k | break; |
900 | | |
901 | 315k | case V_ASN1_BIT_STRING: |
902 | 315k | if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) |
903 | 0 | goto err; |
904 | 315k | break; |
905 | | |
906 | 315k | case V_ASN1_INTEGER: |
907 | 315k | case V_ASN1_ENUMERATED: |
908 | 315k | tint = (ASN1_INTEGER **)pval; |
909 | 315k | if (!c2i_ASN1_INTEGER(tint, &cont, len)) |
910 | 0 | goto err; |
911 | | /* Fixup type to match the expected form */ |
912 | 315k | (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); |
913 | 315k | break; |
914 | | |
915 | 558k | case V_ASN1_OCTET_STRING: |
916 | 558k | case V_ASN1_NUMERICSTRING: |
917 | 1.44M | case V_ASN1_PRINTABLESTRING: |
918 | 1.44M | case V_ASN1_T61STRING: |
919 | 1.44M | case V_ASN1_VIDEOTEXSTRING: |
920 | 1.45M | case V_ASN1_IA5STRING: |
921 | 1.76M | case V_ASN1_UTCTIME: |
922 | 1.76M | case V_ASN1_GENERALIZEDTIME: |
923 | 1.76M | case V_ASN1_GRAPHICSTRING: |
924 | 1.76M | case V_ASN1_VISIBLESTRING: |
925 | 1.76M | case V_ASN1_GENERALSTRING: |
926 | 1.76M | case V_ASN1_UNIVERSALSTRING: |
927 | 1.76M | case V_ASN1_BMPSTRING: |
928 | 2.06M | case V_ASN1_UTF8STRING: |
929 | 2.06M | case V_ASN1_OTHER: |
930 | 2.06M | case V_ASN1_SET: |
931 | 2.06M | case V_ASN1_SEQUENCE: |
932 | 2.06M | default: |
933 | 2.06M | if (utype == V_ASN1_BMPSTRING && (len & 1)) { |
934 | 0 | ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); |
935 | 0 | goto err; |
936 | 0 | } |
937 | 2.06M | if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { |
938 | 0 | ASN1err(ASN1_F_ASN1_EX_C2I, |
939 | 0 | ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); |
940 | 0 | goto err; |
941 | 0 | } |
942 | | /* All based on ASN1_STRING and handled the same */ |
943 | 2.06M | if (!*pval) { |
944 | 0 | stmp = ASN1_STRING_type_new(utype); |
945 | 0 | if (!stmp) { |
946 | 0 | ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); |
947 | 0 | goto err; |
948 | 0 | } |
949 | 0 | *pval = (ASN1_VALUE *)stmp; |
950 | 2.06M | } else { |
951 | 2.06M | stmp = (ASN1_STRING *)*pval; |
952 | 2.06M | stmp->type = utype; |
953 | 2.06M | } |
954 | | /* If we've already allocated a buffer use it */ |
955 | 2.06M | if (*free_cont) { |
956 | 0 | if (stmp->data) |
957 | 0 | OPENSSL_free(stmp->data); |
958 | 0 | stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */ |
959 | 0 | stmp->length = len; |
960 | 0 | *free_cont = 0; |
961 | 2.06M | } else { |
962 | 2.06M | if (!ASN1_STRING_set(stmp, cont, len)) { |
963 | 0 | ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); |
964 | 0 | ASN1_STRING_free(stmp); |
965 | 0 | *pval = NULL; |
966 | 0 | goto err; |
967 | 0 | } |
968 | 2.06M | } |
969 | 2.06M | break; |
970 | 5.62M | } |
971 | | /* If ASN1_ANY and NULL type fix up value */ |
972 | 5.62M | if (typ && (utype == V_ASN1_NULL)) |
973 | 380k | typ->value.ptr = NULL; |
974 | | |
975 | 5.62M | ret = 1; |
976 | 5.62M | err: |
977 | 5.62M | if (!ret) { |
978 | 0 | ASN1_TYPE_free(typ); |
979 | 0 | if (opval) |
980 | 0 | *opval = NULL; |
981 | 0 | } |
982 | 5.62M | return ret; |
983 | 5.62M | } |
984 | | |
985 | | /* |
986 | | * This function finds the end of an ASN1 structure when passed its maximum |
987 | | * length, whether it is indefinite length and a pointer to the content. This |
988 | | * is more efficient than calling asn1_collect because it does not recurse on |
989 | | * each indefinite length header. |
990 | | */ |
991 | | |
992 | | static int asn1_find_end(const unsigned char **in, long len, char inf) |
993 | 0 | { |
994 | 0 | int expected_eoc; |
995 | 0 | long plen; |
996 | 0 | const unsigned char *p = *in, *q; |
997 | | /* If not indefinite length constructed just add length */ |
998 | 0 | if (inf == 0) { |
999 | 0 | *in += len; |
1000 | 0 | return 1; |
1001 | 0 | } |
1002 | 0 | expected_eoc = 1; |
1003 | | /* |
1004 | | * Indefinite length constructed form. Find the end when enough EOCs are |
1005 | | * found. If more indefinite length constructed headers are encountered |
1006 | | * increment the expected eoc count otherwise just skip to the end of the |
1007 | | * data. |
1008 | | */ |
1009 | 0 | while (len > 0) { |
1010 | 0 | if (asn1_check_eoc(&p, len)) { |
1011 | 0 | expected_eoc--; |
1012 | 0 | if (expected_eoc == 0) |
1013 | 0 | break; |
1014 | 0 | len -= 2; |
1015 | 0 | continue; |
1016 | 0 | } |
1017 | 0 | q = p; |
1018 | | /* Just read in a header: only care about the length */ |
1019 | 0 | if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, |
1020 | 0 | -1, 0, 0, NULL)) { |
1021 | 0 | ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); |
1022 | 0 | return 0; |
1023 | 0 | } |
1024 | 0 | if (inf) |
1025 | 0 | expected_eoc++; |
1026 | 0 | else |
1027 | 0 | p += plen; |
1028 | 0 | len -= p - q; |
1029 | 0 | } |
1030 | 0 | if (expected_eoc) { |
1031 | 0 | ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); |
1032 | 0 | return 0; |
1033 | 0 | } |
1034 | 0 | *in = p; |
1035 | 0 | return 1; |
1036 | 0 | } |
1037 | | |
1038 | | /* |
1039 | | * This function collects the asn1 data from a constructred string type into |
1040 | | * a buffer. The values of 'in' and 'len' should refer to the contents of the |
1041 | | * constructed type and 'inf' should be set if it is indefinite length. |
1042 | | */ |
1043 | | |
1044 | | #ifndef ASN1_MAX_STRING_NEST |
1045 | | /* |
1046 | | * This determines how many levels of recursion are permitted in ASN1 string |
1047 | | * types. If it is not limited stack overflows can occur. If set to zero no |
1048 | | * recursion is allowed at all. Although zero should be adequate examples |
1049 | | * exist that require a value of 1. So 5 should be more than enough. |
1050 | | */ |
1051 | 0 | # define ASN1_MAX_STRING_NEST 5 |
1052 | | #endif |
1053 | | |
1054 | | static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, |
1055 | | char inf, int tag, int aclass, int depth) |
1056 | 0 | { |
1057 | 0 | const unsigned char *p, *q; |
1058 | 0 | long plen; |
1059 | 0 | char cst, ininf; |
1060 | 0 | p = *in; |
1061 | 0 | inf &= 1; |
1062 | | /* |
1063 | | * If no buffer and not indefinite length constructed just pass over the |
1064 | | * encoded data |
1065 | | */ |
1066 | 0 | if (!buf && !inf) { |
1067 | 0 | *in += len; |
1068 | 0 | return 1; |
1069 | 0 | } |
1070 | 0 | while (len > 0) { |
1071 | 0 | q = p; |
1072 | | /* Check for EOC */ |
1073 | 0 | if (asn1_check_eoc(&p, len)) { |
1074 | | /* |
1075 | | * EOC is illegal outside indefinite length constructed form |
1076 | | */ |
1077 | 0 | if (!inf) { |
1078 | 0 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); |
1079 | 0 | return 0; |
1080 | 0 | } |
1081 | 0 | inf = 0; |
1082 | 0 | break; |
1083 | 0 | } |
1084 | | |
1085 | 0 | if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, |
1086 | 0 | len, tag, aclass, 0, NULL)) { |
1087 | 0 | ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); |
1088 | 0 | return 0; |
1089 | 0 | } |
1090 | | |
1091 | | /* If indefinite length constructed update max length */ |
1092 | 0 | if (cst) { |
1093 | 0 | if (depth >= ASN1_MAX_STRING_NEST) { |
1094 | 0 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); |
1095 | 0 | return 0; |
1096 | 0 | } |
1097 | 0 | if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1)) |
1098 | 0 | return 0; |
1099 | 0 | } else if (plen && !collect_data(buf, &p, plen)) |
1100 | 0 | return 0; |
1101 | 0 | len -= p - q; |
1102 | 0 | } |
1103 | 0 | if (inf) { |
1104 | 0 | ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); |
1105 | 0 | return 0; |
1106 | 0 | } |
1107 | 0 | *in = p; |
1108 | 0 | return 1; |
1109 | 0 | } |
1110 | | |
1111 | | static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) |
1112 | 0 | { |
1113 | 0 | int len; |
1114 | 0 | if (buf) { |
1115 | 0 | len = buf->length; |
1116 | 0 | if (!BUF_MEM_grow_clean(buf, len + plen)) { |
1117 | 0 | ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); |
1118 | 0 | return 0; |
1119 | 0 | } |
1120 | 0 | memcpy(buf->data + len, *p, plen); |
1121 | 0 | } |
1122 | 0 | *p += plen; |
1123 | 0 | return 1; |
1124 | 0 | } |
1125 | | |
1126 | | /* Check for ASN1 EOC and swallow it if found */ |
1127 | | |
1128 | | static int asn1_check_eoc(const unsigned char **in, long len) |
1129 | 10.5M | { |
1130 | 10.5M | const unsigned char *p; |
1131 | 10.5M | if (len < 2) |
1132 | 0 | return 0; |
1133 | 10.5M | p = *in; |
1134 | 10.5M | if (!p[0] && !p[1]) { |
1135 | 0 | *in += 2; |
1136 | 0 | return 1; |
1137 | 0 | } |
1138 | 10.5M | return 0; |
1139 | 10.5M | } |
1140 | | |
1141 | | /* |
1142 | | * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the |
1143 | | * length for indefinite length constructed form, we don't know the exact |
1144 | | * length but we can set an upper bound to the amount of data available minus |
1145 | | * the header length just read. |
1146 | | */ |
1147 | | |
1148 | | static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, |
1149 | | char *inf, char *cst, |
1150 | | const unsigned char **in, long len, |
1151 | | int exptag, int expclass, char opt, ASN1_TLC *ctx) |
1152 | 12.9M | { |
1153 | 12.9M | int i; |
1154 | 12.9M | int ptag, pclass; |
1155 | 12.9M | long plen; |
1156 | 12.9M | const unsigned char *p, *q; |
1157 | 12.9M | p = *in; |
1158 | 12.9M | q = p; |
1159 | | |
1160 | 12.9M | if (ctx && ctx->valid) { |
1161 | 2.49M | i = ctx->ret; |
1162 | 2.49M | plen = ctx->plen; |
1163 | 2.49M | pclass = ctx->pclass; |
1164 | 2.49M | ptag = ctx->ptag; |
1165 | 2.49M | p += ctx->hdrlen; |
1166 | 10.4M | } else { |
1167 | 10.4M | i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); |
1168 | 10.4M | if (ctx) { |
1169 | 10.4M | ctx->ret = i; |
1170 | 10.4M | ctx->plen = plen; |
1171 | 10.4M | ctx->pclass = pclass; |
1172 | 10.4M | ctx->ptag = ptag; |
1173 | 10.4M | ctx->hdrlen = p - q; |
1174 | 10.4M | ctx->valid = 1; |
1175 | | /* |
1176 | | * If definite length, and no error, length + header can't exceed |
1177 | | * total amount of data available. |
1178 | | */ |
1179 | 10.4M | if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { |
1180 | 0 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); |
1181 | 0 | asn1_tlc_clear(ctx); |
1182 | 0 | return 0; |
1183 | 0 | } |
1184 | 10.4M | } |
1185 | 10.4M | } |
1186 | | |
1187 | 12.9M | if (i & 0x80) { |
1188 | 0 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); |
1189 | 0 | asn1_tlc_clear(ctx); |
1190 | 0 | return 0; |
1191 | 0 | } |
1192 | 12.9M | if (exptag >= 0) { |
1193 | 11.0M | if ((exptag != ptag) || (expclass != pclass)) { |
1194 | | /* |
1195 | | * If type is OPTIONAL, not an error: indicate missing type. |
1196 | | */ |
1197 | 576k | if (opt) |
1198 | 576k | return -1; |
1199 | 0 | asn1_tlc_clear(ctx); |
1200 | 0 | ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); |
1201 | 0 | return 0; |
1202 | 576k | } |
1203 | | /* |
1204 | | * We have a tag and class match: assume we are going to do something |
1205 | | * with it |
1206 | | */ |
1207 | 10.4M | asn1_tlc_clear(ctx); |
1208 | 10.4M | } |
1209 | | |
1210 | 12.3M | if (i & 1) |
1211 | 0 | plen = len - (p - q); |
1212 | | |
1213 | 12.3M | if (inf) |
1214 | 10.4M | *inf = i & 1; |
1215 | | |
1216 | 12.3M | if (cst) |
1217 | 8.78M | *cst = i & V_ASN1_CONSTRUCTED; |
1218 | | |
1219 | 12.3M | if (olen) |
1220 | 10.4M | *olen = plen; |
1221 | | |
1222 | 12.3M | if (oclass) |
1223 | 1.91M | *oclass = pclass; |
1224 | | |
1225 | 12.3M | if (otag) |
1226 | 1.91M | *otag = ptag; |
1227 | | |
1228 | 12.3M | *in = p; |
1229 | 12.3M | return 1; |
1230 | 12.9M | } |