/*
- * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2000-2024 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx,
- int depth);
+ int depth, OSSL_LIB_CTX *libctx,
+ const char *propq);
static int asn1_check_eoc(const unsigned char **in, long len);
static int asn1_find_end(const unsigned char **in, long len, char inf);
static int asn1_template_ex_d2i(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx, int depth);
+ ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx,
+ const char *propq);
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx, int depth);
+ ASN1_TLC *ctx, int depth,
+ OSSL_LIB_CTX *libctx, const char *propq);
static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
const unsigned char **in, long len,
const ASN1_ITEM *it,
/* Macro to initialize and invalidate the cache */
-#define asn1_tlc_clear(c) if (c) (c)->valid = 0
+#define asn1_tlc_clear(c) do { if ((c) != NULL) (c)->valid = 0; } while (0)
/* Version to avoid compiler warning about 'c' always non-NULL */
-#define asn1_tlc_clear_nc(c) (c)->valid = 0
+#define asn1_tlc_clear_nc(c) do {(c)->valid = 0; } while (0)
/*
* Decode an ASN1 item, this currently behaves just like a standard 'd2i'
* this will simply be a special case.
*/
-ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
- const unsigned char **in, long len,
- const ASN1_ITEM *it)
+static int asn1_item_ex_d2i_intern(ASN1_VALUE **pval, const unsigned char **in,
+ long len, const ASN1_ITEM *it, int tag,
+ int aclass, char opt, ASN1_TLC *ctx,
+ OSSL_LIB_CTX *libctx, const char *propq)
+{
+ int rv;
+
+ if (pval == NULL || it == NULL) {
+ ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
+ return 0;
+ }
+ rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0,
+ libctx, propq);
+ if (rv <= 0)
+ ASN1_item_ex_free(pval, it);
+ return rv;
+}
+
+int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
+ const ASN1_ITEM *it,
+ int tag, int aclass, char opt, ASN1_TLC *ctx)
+{
+ return asn1_item_ex_d2i_intern(pval, in, len, it, tag, aclass, opt, ctx,
+ NULL, NULL);
+}
+
+ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_ITEM *it, OSSL_LIB_CTX *libctx,
+ const char *propq)
{
ASN1_TLC c;
ASN1_VALUE *ptmpval = NULL;
if (pval == NULL)
pval = &ptmpval;
asn1_tlc_clear_nc(&c);
- if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
+ if (asn1_item_ex_d2i_intern(pval, in, len, it, -1, 0, 0, &c, libctx,
+ propq) > 0)
return *pval;
return NULL;
}
-int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
- const ASN1_ITEM *it,
- int tag, int aclass, char opt, ASN1_TLC *ctx)
+ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
+ const unsigned char **in, long len,
+ const ASN1_ITEM *it)
{
- int rv;
- rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0);
- if (rv <= 0)
- ASN1_item_ex_free(pval, it);
- return rv;
+ return ASN1_item_d2i_ex(pval, in, len, it, NULL, NULL);
}
/*
static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
long len, const ASN1_ITEM *it,
int tag, int aclass, char opt, ASN1_TLC *ctx,
- int depth)
+ int depth, OSSL_LIB_CTX *libctx,
+ const char *propq)
{
const ASN1_TEMPLATE *tt, *errtt = NULL;
const ASN1_EXTERN_FUNCS *ef;
- const ASN1_AUX *aux = it->funcs;
+ const ASN1_AUX *aux;
ASN1_aux_cb *asn1_cb;
const unsigned char *p = NULL, *q;
unsigned char oclass;
int ret = 0;
ASN1_VALUE **pchptr;
- if (pval == NULL)
+ if (pval == NULL || it == NULL) {
+ ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
return 0;
+ }
+ if (len <= 0) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
+ return 0;
+ }
+ aux = it->funcs;
if (aux && aux->asn1_cb)
asn1_cb = aux->asn1_cb;
else
ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
goto err;
}
- return asn1_template_ex_d2i(pval, in, len,
- it->templates, opt, ctx, depth);
+ return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx,
+ depth, libctx, propq);
}
return asn1_d2i_ex_primitive(pval, in, len, it,
tag, aclass, opt, ctx);
case ASN1_ITYPE_EXTERN:
/* Use new style d2i */
ef = it->funcs;
+ if (ef->asn1_ex_d2i_ex != NULL)
+ return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx,
+ libctx, propq);
return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
case ASN1_ITYPE_CHOICE:
ossl_asn1_template_free(pchptr, tt);
ossl_asn1_set_choice_selector(pval, -1, it);
}
- } else if (!ASN1_item_ex_new(pval, it)) {
+ } else if (!ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) {
ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
goto err;
}
/*
* We mark field as OPTIONAL so its absence can be recognised.
*/
- ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth);
+ ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth,
+ libctx, propq);
/* If field not present, try the next one */
if (ret == -1)
continue;
goto err;
}
- if (*pval == NULL && !ASN1_item_ex_new(pval, it)) {
+ if (*pval == NULL
+ && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) {
ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
goto err;
}
*/
ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
- depth);
+ depth, libctx, propq);
if (!ret) {
errtt = seqtt;
goto err;
static int asn1_template_ex_d2i(ASN1_VALUE **val,
const unsigned char **in, long inlen,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx, int depth)
+ ASN1_TLC *ctx, int depth,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
int flags, aclass;
int ret;
return 0;
}
/* We've found the field so it can't be OPTIONAL now */
- ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth);
+ ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth, libctx,
+ propq);
if (!ret) {
ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
return 0;
}
}
} else
- return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth);
+ return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth,
+ libctx, propq);
*in = p;
return 1;
static int asn1_template_noexp_d2i(ASN1_VALUE **val,
const unsigned char **in, long len,
const ASN1_TEMPLATE *tt, char opt,
- ASN1_TLC *ctx, int depth)
+ ASN1_TLC *ctx, int depth,
+ OSSL_LIB_CTX *libctx, const char *propq)
{
int flags, aclass;
int ret;
}
if (*val == NULL) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_ASN1, ERR_R_CRYPTO_LIB);
goto err;
}
break;
}
skfield = NULL;
- if (!asn1_item_embed_d2i(&skfield, &p, len,
+ if (asn1_item_embed_d2i(&skfield, &p, len,
ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx,
- depth)) {
+ depth, libctx, propq) <= 0) {
ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
/* |skfield| may be partially allocated despite failure. */
ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
}
len -= p - q;
if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_ASN1, ERR_R_CRYPTO_LIB);
ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item));
goto err;
}
/* IMPLICIT tagging */
ret = asn1_item_embed_d2i(val, &p, len,
ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt,
- ctx, depth);
+ ctx, depth, libctx, propq);
if (!ret) {
ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
goto err;
} else {
/* Nothing special */
ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
- -1, 0, opt, ctx, depth);
+ -1, 0, opt, ctx, depth, libctx, propq);
if (!ret) {
ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
goto err;
len = buf.length;
/* Append a final null to string */
if (!BUF_MEM_grow_clean(&buf, len + 1)) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
goto err;
}
buf.data[len] = 0;
ERR_raise(ERR_LIB_ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
goto err;
}
+ if (utype == V_ASN1_GENERALIZEDTIME && (len < 15)) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_GENERALIZEDTIME_IS_TOO_SHORT);
+ goto err;
+ }
+ if (utype == V_ASN1_UTCTIME && (len < 13)) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_UTCTIME_IS_TOO_SHORT);
+ goto err;
+ }
/* All based on ASN1_STRING and handled the same */
if (*pval == NULL) {
stmp = ASN1_STRING_type_new(utype);
if (stmp == NULL) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
goto err;
}
*pval = (ASN1_VALUE *)stmp;
}
/* If we've already allocated a buffer use it */
if (*free_cont) {
- OPENSSL_free(stmp->data);
- stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
- stmp->length = len;
+ ASN1_STRING_set0(stmp, (unsigned char *)cont /* UGLY CAST! */, len);
*free_cont = 0;
} else {
if (!ASN1_STRING_set(stmp, cont, len)) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
ASN1_STRING_free(stmp);
*pval = NULL;
goto err;
if (buf) {
len = buf->length;
if (!BUF_MEM_grow_clean(buf, len + plen)) {
- ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
+ ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
return 0;
}
memcpy(buf->data + len, *p, plen);
p = *in;
q = p;
- if (ctx && ctx->valid) {
+ if (len <= 0) {
+ ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
+ goto err;
+ }
+ if (ctx != NULL && ctx->valid) {
i = ctx->ret;
plen = ctx->plen;
pclass = ctx->pclass;
p += ctx->hdrlen;
} else {
i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
- if (ctx) {
+ if (ctx != NULL) {
ctx->ret = i;
ctx->plen = plen;
ctx->pclass = pclass;
* If definite length, and no error, length + header can't exceed
* total amount of data available.
*/
- if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) {
+ if ((i & 0x81) == 0 && (plen + ctx->hdrlen) > len) {
ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
- asn1_tlc_clear(ctx);
- return 0;
+ goto err;
}
}
}
- if (i & 0x80) {
+ if ((i & 0x80) != 0) {
ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_OBJECT_HEADER);
- asn1_tlc_clear(ctx);
- return 0;
+ goto err;
}
if (exptag >= 0) {
- if ((exptag != ptag) || (expclass != pclass)) {
+ if (exptag != ptag || expclass != pclass) {
/*
* If type is OPTIONAL, not an error: indicate missing type.
*/
- if (opt)
+ if (opt != 0)
return -1;
- asn1_tlc_clear(ctx);
ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_TAG);
- return 0;
+ goto err;
}
/*
* We have a tag and class match: assume we are going to do something
asn1_tlc_clear(ctx);
}
- if (i & 1)
+ if ((i & 1) != 0)
plen = len - (p - q);
- if (inf)
+ if (inf != NULL)
*inf = i & 1;
- if (cst)
+ if (cst != NULL)
*cst = i & V_ASN1_CONSTRUCTED;
- if (olen)
+ if (olen != NULL)
*olen = plen;
- if (oclass)
+ if (oclass != NULL)
*oclass = pclass;
- if (otag)
+ if (otag != NULL)
*otag = ptag;
*in = p;
return 1;
+
+ err:
+ asn1_tlc_clear(ctx);
+ return 0;
}
projects / openssl.git / blobdiff