2 /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
5 /* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
34 * 6. Redistributions of any form whatsoever must retain the following
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
59 © Portions copyright (c) 2006 Nokia Corporation. All rights reserved.
65 #include <openssl/asn1.h>
66 #include <openssl/asn1t.h>
67 #include <openssl/objects.h>
68 #include <openssl/buffer.h>
69 #include <openssl/err.h>
70 #if (defined(SYMBIAN) && (defined(__WINSCW__) || defined(__WINS__)))
71 #include "libcrypto_wsd_macros.h"
72 #include "libcrypto_wsd.h"
77 static int asn1_check_eoc(const unsigned char **in, long len);
78 static int asn1_find_end(const unsigned char **in, long len, char inf);
80 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
81 char inf, int tag, int aclass);
83 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
85 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
87 const unsigned char **in, long len,
88 int exptag, int expclass, char opt,
91 static int asn1_template_ex_d2i(ASN1_VALUE **pval,
92 const unsigned char **in, long len,
93 const ASN1_TEMPLATE *tt, char opt,
95 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
96 const unsigned char **in, long len,
97 const ASN1_TEMPLATE *tt, char opt,
99 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
100 const unsigned char **in, long len,
102 int tag, int aclass, char opt, ASN1_TLC *ctx);
104 /* Table to convert tags to bit values, used for MSTRING type */
106 static unsigned long tag2bit[32] = {
107 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
108 B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
109 B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
110 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
111 B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
112 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
113 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
114 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
115 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
118 static const unsigned long tag2bit[32] = {
119 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
120 B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
121 B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
122 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
123 B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
124 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
125 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
126 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
127 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
130 EXPORT_C unsigned long ASN1_tag2bit(int tag)
132 if ((tag < 0) || (tag > 30)) return 0;
136 /* Macro to initialize and invalidate the cache */
138 #define asn1_tlc_clear(c) if (c) (c)->valid = 0
140 /* Decode an ASN1 item, this currently behaves just
141 * like a standard 'd2i' function. 'in' points to
142 * a buffer to read the data from, in future we will
143 * have more advanced versions that can input data
144 * a piece at a time and this will simply be a special
148 EXPORT_C ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
149 const unsigned char **in, long len, const ASN1_ITEM *it)
152 ASN1_VALUE *ptmpval = NULL;
156 if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
161 EXPORT_C int ASN1_template_d2i(ASN1_VALUE **pval,
162 const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
166 return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
170 /* Decode an item, taking care of IMPLICIT tagging, if any.
171 * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
174 EXPORT_C int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
176 int tag, int aclass, char opt, ASN1_TLC *ctx)
178 const ASN1_TEMPLATE *tt, *errtt = NULL;
179 const ASN1_COMPAT_FUNCS *cf;
180 const ASN1_EXTERN_FUNCS *ef;
181 const ASN1_AUX *aux = it->funcs;
182 ASN1_aux_cb *asn1_cb;
183 const unsigned char *p=NULL, *q;
184 unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
185 unsigned char imphack = 0, oclass;
186 char seq_eoc, seq_nolen, cst, isopt;
191 ASN1_VALUE *pchval, **pchptr, *ptmpval;
194 if (aux && aux->asn1_cb)
195 asn1_cb = aux->asn1_cb;
200 case ASN1_ITYPE_PRIMITIVE:
203 /* tagging or OPTIONAL is currently illegal on an item
204 * template because the flags can't get passed down.
205 * In practice this isn't a problem: we include the
206 * relevant flags from the item template in the
209 if ((tag != -1) || opt)
211 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
212 ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
215 return asn1_template_ex_d2i(pval, in, len,
216 it->templates, opt, ctx);
218 return asn1_d2i_ex_primitive(pval, in, len, it,
219 tag, aclass, opt, ctx);
222 case ASN1_ITYPE_MSTRING:
224 /* Just read in tag and class */
225 ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
226 &p, len, -1, 0, 1, ctx);
229 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
230 ERR_R_NESTED_ASN1_ERROR);
234 /* Must be UNIVERSAL class */
235 if (oclass != V_ASN1_UNIVERSAL)
237 /* If OPTIONAL, assume this is OK */
239 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
240 ASN1_R_MSTRING_NOT_UNIVERSAL);
243 /* Check tag matches bit map */
244 if (!(ASN1_tag2bit(otag) & it->utype))
246 /* If OPTIONAL, assume this is OK */
249 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
250 ASN1_R_MSTRING_WRONG_TAG);
253 return asn1_d2i_ex_primitive(pval, in, len,
254 it, otag, 0, 0, ctx);
256 case ASN1_ITYPE_EXTERN:
257 /* Use new style d2i */
259 return ef->asn1_ex_d2i(pval, in, len,
260 it, tag, aclass, opt, ctx);
262 case ASN1_ITYPE_COMPAT:
263 /* we must resort to old style evil hackery */
266 /* If OPTIONAL see if it is there */
274 /* Don't care about anything other than presence
277 ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
278 &p, len, exptag, aclass, 1, ctx);
281 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
282 ERR_R_NESTED_ASN1_ERROR);
289 /* This is the old style evil hack IMPLICIT handling:
290 * since the underlying code is expecting a tag and
291 * class other than the one present we change the
292 * buffer temporarily then change it back afterwards.
293 * This doesn't and never did work for tags > 30.
295 * Yes this is *horrible* but it is only needed for
296 * old style d2i which will hopefully not be around
298 * FIXME: should copy the buffer then modify it so
299 * the input buffer can be const: we should *always*
300 * copy because the old style d2i might modify the
306 wp = *(unsigned char **)in;
310 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
311 ERR_R_NESTED_ASN1_ERROR);
315 *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
319 ptmpval = cf->asn1_d2i(pval, in, len);
327 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ERR_R_NESTED_ASN1_ERROR);
331 case ASN1_ITYPE_CHOICE:
332 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
335 /* Allocate structure */
336 if (!*pval && !ASN1_item_ex_new(pval, it))
338 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
339 ERR_R_NESTED_ASN1_ERROR);
342 /* CHOICE type, try each possibility in turn */
345 for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
347 pchptr = asn1_get_field_ptr(pval, tt);
348 /* We mark field as OPTIONAL so its absence
351 ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
352 /* If field not present, try the next one */
355 /* If positive return, read OK, break loop */
358 /* Otherwise must be an ASN1 parsing error */
360 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
361 ERR_R_NESTED_ASN1_ERROR);
365 /* Did we fall off the end without reading anything? */
368 /* If OPTIONAL, this is OK */
371 /* Free and zero it */
372 ASN1_item_ex_free(pval, it);
375 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
376 ASN1_R_NO_MATCHING_CHOICE_TYPE);
380 asn1_set_choice_selector(pval, i, it);
382 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
386 case ASN1_ITYPE_NDEF_SEQUENCE:
387 case ASN1_ITYPE_SEQUENCE:
391 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
394 tag = V_ASN1_SEQUENCE;
395 aclass = V_ASN1_UNIVERSAL;
397 /* Get SEQUENCE length and update len, p */
398 ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
399 &p, len, tag, aclass, opt, ctx);
402 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
403 ERR_R_NESTED_ASN1_ERROR);
408 if (aux && (aux->flags & ASN1_AFLG_BROKEN))
410 len = tmplen - (p - *in);
413 /* If indefinite we don't do a length check */
414 else seq_nolen = seq_eoc;
417 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
418 ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
422 if (!*pval && !ASN1_item_ex_new(pval, it))
424 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
425 ERR_R_NESTED_ASN1_ERROR);
429 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it))
432 /* Get each field entry */
433 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
435 const ASN1_TEMPLATE *seqtt;
436 ASN1_VALUE **pseqval;
437 seqtt = asn1_do_adb(pval, tt, 1);
440 pseqval = asn1_get_field_ptr(pval, seqtt);
441 /* Have we ran out of data? */
445 if (asn1_check_eoc(&p, len))
449 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
450 ASN1_R_UNEXPECTED_EOC);
458 /* This determines the OPTIONAL flag value. The field
459 * cannot be omitted if it is the last of a SEQUENCE
460 * and there is still data to be read. This isn't
461 * strictly necessary but it increases efficiency in
464 if (i == (it->tcount - 1))
466 else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
467 /* attempt to read in field, allowing each to be
470 ret = asn1_template_ex_d2i(pseqval, &p, len,
479 /* OPTIONAL component absent.
480 * Free and zero the field.
482 ASN1_template_free(pseqval, seqtt);
489 /* Check for EOC if expecting one */
490 if (seq_eoc && !asn1_check_eoc(&p, len))
492 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_MISSING_EOC);
495 /* Check all data read */
496 if (!seq_nolen && len)
498 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
499 ASN1_R_SEQUENCE_LENGTH_MISMATCH);
503 /* If we get here we've got no more data in the SEQUENCE,
504 * however we may not have read all fields so check all
505 * remaining are OPTIONAL and clear any that are.
507 for (; i < it->tcount; tt++, i++)
509 const ASN1_TEMPLATE *seqtt;
510 seqtt = asn1_do_adb(pval, tt, 1);
513 if (seqtt->flags & ASN1_TFLG_OPTIONAL)
515 ASN1_VALUE **pseqval;
516 pseqval = asn1_get_field_ptr(pval, seqtt);
517 ASN1_template_free(pseqval, seqtt);
522 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I,
523 ASN1_R_FIELD_MISSING);
528 if (!asn1_enc_save(pval, *in, p - *in, it))
531 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it))
539 ASN1err(ASN1_F_ASN1_ITEM_EX_D2I, ASN1_R_AUX_ERROR);
541 ASN1_item_ex_free(pval, it);
543 ERR_add_error_data(4, "Field=", errtt->field_name,
544 ", Type=", it->sname);
546 ERR_add_error_data(2, "Type=", it->sname);
550 /* Templates are handled with two separate functions.
551 * One handles any EXPLICIT tag and the other handles the rest.
554 static int asn1_template_ex_d2i(ASN1_VALUE **val,
555 const unsigned char **in, long inlen,
556 const ASN1_TEMPLATE *tt, char opt,
562 const unsigned char *p, *q;
567 aclass = flags & ASN1_TFLG_TAG_CLASS;
571 /* Check if EXPLICIT tag expected */
572 if (flags & ASN1_TFLG_EXPTAG)
575 /* Need to work out amount of data available to the inner
576 * content and where it starts: so read in EXPLICIT header to
579 ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
580 &p, inlen, tt->tag, aclass, opt, ctx);
584 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
585 ERR_R_NESTED_ASN1_ERROR);
592 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
593 ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
596 /* We've found the field so it can't be OPTIONAL now */
597 ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
600 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
601 ERR_R_NESTED_ASN1_ERROR);
604 /* We read the field in OK so update length */
608 /* If NDEF we must have an EOC here */
609 if (!asn1_check_eoc(&p, len))
611 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
618 /* Otherwise we must hit the EXPLICIT tag end or its
622 ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I,
623 ASN1_R_EXPLICIT_LENGTH_MISMATCH);
629 return asn1_template_noexp_d2i(val, in, inlen,
636 ASN1_template_free(val, tt);
641 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
642 const unsigned char **in, long len,
643 const ASN1_TEMPLATE *tt, char opt,
648 const unsigned char *p, *q;
652 aclass = flags & ASN1_TFLG_TAG_CLASS;
657 if (flags & ASN1_TFLG_SK_MASK)
659 /* SET OF, SEQUENCE OF */
662 /* First work out expected inner tag value */
663 if (flags & ASN1_TFLG_IMPTAG)
670 skaclass = V_ASN1_UNIVERSAL;
671 if (flags & ASN1_TFLG_SET_OF)
674 sktag = V_ASN1_SEQUENCE;
677 ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
678 &p, len, sktag, skaclass, opt, ctx);
681 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
682 ERR_R_NESTED_ASN1_ERROR);
688 *val = (ASN1_VALUE *)sk_new_null();
691 /* We've got a valid STACK: free up any items present */
692 STACK *sktmp = (STACK *)*val;
694 while(sk_num(sktmp) > 0)
696 vtmp = (ASN1_VALUE *)sk_pop(sktmp);
697 ASN1_item_ex_free(&vtmp,
698 ASN1_ITEM_ptr(tt->item));
704 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
705 ERR_R_MALLOC_FAILURE);
709 /* Read as many items as we can */
714 /* See if EOC found */
715 if (asn1_check_eoc(&p, len))
719 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
720 ASN1_R_UNEXPECTED_EOC);
728 if (!ASN1_item_ex_d2i(&skfield, &p, len,
729 ASN1_ITEM_ptr(tt->item),
732 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
733 ERR_R_NESTED_ASN1_ERROR);
737 if (!sk_push((STACK *)*val, (char *)skfield))
739 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
740 ERR_R_MALLOC_FAILURE);
746 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC);
750 else if (flags & ASN1_TFLG_IMPTAG)
752 /* IMPLICIT tagging */
753 ret = ASN1_item_ex_d2i(val, &p, len,
754 ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
757 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
758 ERR_R_NESTED_ASN1_ERROR);
766 /* Nothing special */
767 ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
771 ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I,
772 ERR_R_NESTED_ASN1_ERROR);
783 ASN1_template_free(val, tt);
788 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
789 const unsigned char **in, long inlen,
791 int tag, int aclass, char opt, ASN1_TLC *ctx)
795 char cst, inf, free_cont = 0;
796 const unsigned char *p;
798 const unsigned char *cont = NULL;
802 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL);
803 return 0; /* Should never happen */
806 if (it->itype == ASN1_ITYPE_MSTRING)
814 if (utype == V_ASN1_ANY)
816 /* If type is ANY need to figure out type from tag */
817 unsigned char oclass;
820 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
821 ASN1_R_ILLEGAL_TAGGED_ANY);
826 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
827 ASN1_R_ILLEGAL_OPTIONAL_ANY);
831 ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
832 &p, inlen, -1, 0, 0, ctx);
835 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
836 ERR_R_NESTED_ASN1_ERROR);
839 if (oclass != V_ASN1_UNIVERSAL)
840 utype = V_ASN1_OTHER;
845 aclass = V_ASN1_UNIVERSAL;
849 ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
850 &p, inlen, tag, aclass, opt, ctx);
853 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR);
859 /* SEQUENCE, SET and "OTHER" are left in encoded form */
860 if ((utype == V_ASN1_SEQUENCE)
861 || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
863 /* Clear context cache for type OTHER because the auto clear
864 * when we have a exact match wont work
866 if (utype == V_ASN1_OTHER)
870 /* SEQUENCE and SET must be constructed */
873 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
874 ASN1_R_TYPE_NOT_CONSTRUCTED);
879 /* If indefinite length constructed find the real end */
882 if (!asn1_find_end(&p, plen, inf))
888 len = p - cont + plen;
898 /* Should really check the internal tags are correct but
899 * some things may get this wrong. The relevant specs
900 * say that constructed string types should be OCTET STRINGs
901 * internally irrespective of the type. So instead just check
902 * for UNIVERSAL class and ignore the tag.
904 if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
911 /* Append a final null to string */
912 if (!BUF_MEM_grow_clean(&buf, len + 1))
914 ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE,
915 ERR_R_MALLOC_FAILURE);
919 cont = (const unsigned char *)buf.data;
929 /* We now have content length and type: translate into a structure */
930 if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
936 if (free_cont && buf.data) OPENSSL_free(buf.data);
940 /* Translate ASN1 content octets into a structure */
942 EXPORT_C int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
943 int utype, char *free_cont, const ASN1_ITEM *it)
945 ASN1_VALUE **opval = NULL;
947 ASN1_TYPE *typ = NULL;
949 const ASN1_PRIMITIVE_FUNCS *pf;
953 if (pf && pf->prim_c2i)
954 return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
955 /* If ANY type clear type and set pointer to internal value */
956 if (it->utype == V_ASN1_ANY)
960 typ = ASN1_TYPE_new();
963 *pval = (ASN1_VALUE *)typ;
966 typ = (ASN1_TYPE *)*pval;
968 if (utype != typ->type)
969 ASN1_TYPE_set(typ, utype, NULL);
971 pval = (ASN1_VALUE **)&typ->value.ptr;
976 if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
983 ASN1err(ASN1_F_ASN1_EX_C2I,
984 ASN1_R_NULL_IS_WRONG_LENGTH);
987 *pval = (ASN1_VALUE *)1;
993 ASN1err(ASN1_F_ASN1_EX_C2I,
994 ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
1000 tbool = (ASN1_BOOLEAN *)pval;
1005 case V_ASN1_BIT_STRING:
1006 if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
1010 case V_ASN1_INTEGER:
1011 case V_ASN1_NEG_INTEGER:
1012 case V_ASN1_ENUMERATED:
1013 case V_ASN1_NEG_ENUMERATED:
1014 tint = (ASN1_INTEGER **)pval;
1015 if (!c2i_ASN1_INTEGER(tint, &cont, len))
1017 /* Fixup type to match the expected form */
1018 (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
1021 case V_ASN1_OCTET_STRING:
1022 case V_ASN1_NUMERICSTRING:
1023 case V_ASN1_PRINTABLESTRING:
1024 case V_ASN1_T61STRING:
1025 case V_ASN1_VIDEOTEXSTRING:
1026 case V_ASN1_IA5STRING:
1027 case V_ASN1_UTCTIME:
1028 case V_ASN1_GENERALIZEDTIME:
1029 case V_ASN1_GRAPHICSTRING:
1030 case V_ASN1_VISIBLESTRING:
1031 case V_ASN1_GENERALSTRING:
1032 case V_ASN1_UNIVERSALSTRING:
1033 case V_ASN1_BMPSTRING:
1034 case V_ASN1_UTF8STRING:
1037 case V_ASN1_SEQUENCE:
1039 /* All based on ASN1_STRING and handled the same */
1042 stmp = ASN1_STRING_type_new(utype);
1045 ASN1err(ASN1_F_ASN1_EX_C2I,
1046 ERR_R_MALLOC_FAILURE);
1049 *pval = (ASN1_VALUE *)stmp;
1053 stmp = (ASN1_STRING *)*pval;
1056 /* If we've already allocated a buffer use it */
1060 OPENSSL_free(stmp->data);
1061 stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
1067 if (!ASN1_STRING_set(stmp, cont, len))
1069 ASN1err(ASN1_F_ASN1_EX_C2I,
1070 ERR_R_MALLOC_FAILURE);
1071 ASN1_STRING_free(stmp);
1078 /* If ASN1_ANY and NULL type fix up value */
1079 if (typ && (utype == V_ASN1_NULL))
1080 typ->value.ptr = NULL;
1086 ASN1_TYPE_free(typ);
1094 /* This function finds the end of an ASN1 structure when passed its maximum
1095 * length, whether it is indefinite length and a pointer to the content.
1096 * This is more efficient than calling asn1_collect because it does not
1097 * recurse on each indefinite length header.
1100 static int asn1_find_end(const unsigned char **in, long len, char inf)
1104 const unsigned char *p = *in, *q;
1105 /* If not indefinite length constructed just add length */
1112 /* Indefinite length constructed form. Find the end when enough EOCs
1113 * are found. If more indefinite length constructed headers
1114 * are encountered increment the expected eoc count otherwise just
1115 * skip to the end of the data.
1119 if(asn1_check_eoc(&p, len))
1122 if (expected_eoc == 0)
1128 /* Just read in a header: only care about the length */
1129 if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
1132 ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR);
1143 ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC);
1149 /* This function collects the asn1 data from a constructred string
1150 * type into a buffer. The values of 'in' and 'len' should refer
1151 * to the contents of the constructed type and 'inf' should be set
1152 * if it is indefinite length.
1155 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
1156 char inf, int tag, int aclass)
1158 const unsigned char *p, *q;
1163 /* If no buffer and not indefinite length constructed just pass over
1164 * the encoded data */
1174 if (asn1_check_eoc(&p, len))
1176 /* EOC is illegal outside indefinite length
1177 * constructed form */
1180 ASN1err(ASN1_F_ASN1_COLLECT,
1181 ASN1_R_UNEXPECTED_EOC);
1188 if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
1189 len, tag, aclass, 0, NULL))
1191 ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR);
1195 /* If indefinite length constructed update max length */
1198 #ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
1199 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
1202 ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
1206 else if (plen && !collect_data(buf, &p, plen))
1212 ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC);
1219 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
1225 if (!BUF_MEM_grow_clean(buf, len + plen))
1227 ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE);
1230 memcpy(buf->data + len, *p, plen);
1236 /* Check for ASN1 EOC and swallow it if found */
1238 static int asn1_check_eoc(const unsigned char **in, long len)
1240 const unsigned char *p;
1241 if (len < 2) return 0;
1251 /* Check an ASN1 tag and length: a bit like ASN1_get_object
1252 * but it sets the length for indefinite length constructed
1253 * form, we don't know the exact length but we can set an
1254 * upper bound to the amount of data available minus the
1255 * header length just read.
1258 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
1259 char *inf, char *cst,
1260 const unsigned char **in, long len,
1261 int exptag, int expclass, char opt,
1267 const unsigned char *p, *q;
1271 if (ctx && ctx->valid)
1275 pclass = ctx->pclass;
1281 i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
1286 ctx->pclass = pclass;
1288 ctx->hdrlen = p - q;
1290 /* If definite length, and no error, length +
1291 * header can't exceed total amount of data available.
1293 if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
1295 ASN1err(ASN1_F_ASN1_CHECK_TLEN,
1297 asn1_tlc_clear(ctx);
1305 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER);
1306 asn1_tlc_clear(ctx);
1311 if ((exptag != ptag) || (expclass != pclass))
1313 /* If type is OPTIONAL, not an error:
1314 * indicate missing type.
1317 asn1_tlc_clear(ctx);
1318 ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG);
1321 /* We have a tag and class match:
1322 * assume we are going to do something with it */
1323 asn1_tlc_clear(ctx);
1327 plen = len - (p - q);
1333 *cst = i & V_ASN1_CONSTRUCTED;