apps/asn1parse: improve RFC7462 compliance

The asn1parse command now supports three different input formats:

     openssl asn1parse -inform PEM|DER|B64

       PEM: base64 encoded data enclosed by PEM markers (RFC7462)
       DER: der encoded binary data
       B64: raw base64 encoded data

The PEM input format is the default format. It is equivalent
to the former `-strictpem` option which is now marked obsolete
and kept for backward compatibility only.

The B64 is equivalent to the former default input format of the
asn1parse command (without `-strictpem`)

Fixes #7317

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7320)

diff --git a/apps/asn1parse.c b/apps/asn1parse.c
index b456f13d94ea9e580307f8506321038ab23163a8..6c436d2f766f434ad0a7491a81b9ca3c39af74d1 100644 (file)
--- a/apps/asn1parse.c
+++ b/apps/asn1parse.c
@@ -32,7 +32,7 @@ const OPTIONS asn1parse_options[] = {
     {"oid", OPT_OID, '<', "file of extra oid definitions"},
 
     OPT_SECTION("I/O"),
-    {"inform", OPT_INFORM, 'F', "input format - one of DER PEM"},
+    {"inform", OPT_INFORM, 'A', "input format - one of DER PEM B64"},
     {"in", OPT_IN, '<', "input file"},
     {"out", OPT_OUT, '>', "output file (output format is always DER)"},
     {"noout", OPT_NOOUT, 0, "do not produce any output"},
@@ -44,7 +44,7 @@ const OPTIONS asn1parse_options[] = {
     {OPT_MORE_STR, 0, 0, "into multiple ASN1 blob wrappings"},
     {"genconf", OPT_GENCONF, 's', "file to generate ASN1 structure from"},
     {"strictpem", OPT_STRICTPEM, 0,
-     "do not attempt base64 decode outside PEM markers"},
+     "equivalent to '-inform pem' (obsolete)"},
     {"item", OPT_ITEM, 's', "item to parse and print"},
     {OPT_MORE_STR, 0, 0, "(-inform  will be ignored)"},
 
@@ -69,7 +69,7 @@ int asn1parse_main(int argc, char **argv)
     unsigned char *str = NULL;
     char *name = NULL, *header = NULL, *prog;
     const unsigned char *ctmpbuf;
-    int indent = 0, noout = 0, dump = 0, strictpem = 0, informat = FORMAT_PEM;
+    int indent = 0, noout = 0, dump = 0, informat = FORMAT_PEM;
     int offset = 0, ret = 1, i, j;
     long num, tmplen;
     unsigned char *tmpbuf;
@@ -96,7 +96,7 @@ int asn1parse_main(int argc, char **argv)
             ret = 0;
             goto end;
         case OPT_INFORM:
-            if (!opt_format(opt_arg(), OPT_FMT_PEMDER, &informat))
+            if (!opt_format(opt_arg(), OPT_FMT_ASN1, &informat))
                 goto opthelp;
             break;
         case OPT_IN:
@@ -136,7 +136,7 @@ int asn1parse_main(int argc, char **argv)
             genconf = opt_arg();
             break;
         case OPT_STRICTPEM:
-            strictpem = 1;
+            /* accepted for backward compatibility */
             informat = FORMAT_PEM;
             break;
         case OPT_ITEM:
@@ -178,7 +178,7 @@ int asn1parse_main(int argc, char **argv)
 
     if ((buf = BUF_MEM_new()) == NULL)
         goto end;
-    if (strictpem) {
+    if (informat == FORMAT_PEM) {
         if (PEM_read_bio(in, &name, &header, &str, &num) != 1) {
             BIO_printf(bio_err, "Error reading PEM file\n");
             ERR_print_errors(bio_err);
@@ -198,7 +198,7 @@ int asn1parse_main(int argc, char **argv)
             }
         } else {
 
-            if (informat == FORMAT_PEM) {
+            if (informat == FORMAT_BASE64) {
                 BIO *tmp;
 
                 if ((b64 = BIO_new(BIO_f_base64())) == NULL)

diff --git a/apps/include/opt.h b/apps/include/opt.h
index 396215735b726173b09fef0257b51e84706f3473..26d40eb436777c9a15b4b48964127e9743aa4266 100644 (file)
--- a/apps/include/opt.h
+++ b/apps/include/opt.h
@@ -319,11 +319,28 @@ extern const char OPT_PARAM_STR[];
 typedef struct options_st {
     const char *name;
     int retval;
-    /*
-     * value type: - no value (also the value zero), n number, p positive
-     * number, u unsigned, l long, s string, < input file, > output file,
-     * f any format, F der/pem format, E der/pem/engine format identifier.
-     * l, n and u include zero; p does not.
+    /*-
+     * value type:
+     *
+     *   '-' no value (also the value zero)
+     *   'n' number (type 'int')
+     *   'p' positive number (type 'int')
+     *   'u' unsigned number (type 'unsigned long')
+     *   'l' number (type 'unsigned long')
+     *   'M' number (type 'intmax_t')
+     *   'U' unsigned number (type 'uintmax_t')
+     *   's' string
+     *   '<' input file
+     *   '>' output file
+     *   '/' directory
+     *   'f' any format                    [OPT_FMT_ANY]
+     *   'F' der/pem format                [OPT_FMT_PEMDER]
+     *   'A' any ASN1, der/pem/b64 format  [OPT_FMT_ASN1]
+     *   'E' der/pem/engine format         [OPT_FMT_PDE]
+     *   'c' pem/der/smime format          [OPT_FMT_PDS]
+     *
+     * The 'l', 'n' and 'u' value types include the values zero,
+     * the 'p' value type does not.
      */
     int valtype;
     const char *helpstr;

diff --git a/doc/man1/openssl-asn1parse.pod.in b/doc/man1/openssl-asn1parse.pod.in
index f098c89c33822fec94c9fddcaac9fefb7c9e08d4..892fc47e7de7d7c43d7e3b6c5bf5a2971ee84ce8 100644 (file)
--- a/doc/man1/openssl-asn1parse.pod.in
+++ b/doc/man1/openssl-asn1parse.pod.in
@@ -9,7 +9,7 @@ openssl-asn1parse - ASN.1 parsing command
 
 B<openssl> B<asn1parse>
 [B<-help>]
-[B<-inform> B<DER>|B<PEM>]
+[B<-inform> B<DER>|B<PEM>|B<B64>]
 [B<-in> I<filename>]
 [B<-out> I<filename>]
 [B<-noout>]
@@ -38,7 +38,7 @@ It can also be used to extract data from ASN.1 formatted data.
 
 Print out a usage message.
 
-=item B<-inform> B<DER>|B<PEM>
+=item B<-inform> B<DER>|B<PEM>|B<B64>
 
 The input format; the default is B<PEM>.
 See L<openssl-format-options(1)> for details.