Remove references to o_time.h

[openssl.git] / crypto / asn1 / tasn_dec.c
diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c

index 0604c51eca38bde9f912d7217d79b447cdb80253..87d7dfdf5c374dfed46b64f3d9b2c27dfcf72265 100644 (file)
--- a/crypto/asn1/tasn_dec.c
+++ b/crypto/asn1/tasn_dec.c
@@ -1,5 +1,5 @@
  /* tasn_dec.c */
  /* tasn_dec.c */
-/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
   * project 2000.
   */
  /* ====================================================================
   * project 2000.
   */
  /* ====================================================================
@@ -69,7 +69,7 @@ static int asn1_check_eoc(const unsigned char **in, long len);
  static int asn1_find_end(const unsigned char **in, long len, char inf);
  
  static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
  static int asn1_find_end(const unsigned char **in, long len, char inf);
  
  static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-                               char inf, int tag, int aclass);
+                       char inf, int tag, int aclass, int depth);
  
  static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
  
  
  static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
  
@@ -126,8 +126,7 @@ unsigned long ASN1_tag2bit(int tag)
   */
  
  ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
   */
  
  ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
-                         const unsigned char **in, size_t len,
-                         const ASN1_ITEM *it)
+               const unsigned char **in, long len, const ASN1_ITEM *it)
         {
         ASN1_TLC c;
         ASN1_VALUE *ptmpval = NULL;
         {
         ASN1_TLC c;
         ASN1_VALUE *ptmpval = NULL;
@@ -169,7 +168,7 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
         int i;
         int otag;
         int ret = 0;
         int i;
         int otag;
         int ret = 0;
-       ASN1_VALUE *pchval, **pchptr, *ptmpval;
+       ASN1_VALUE **pchptr, *ptmpval;
         if (!pval)
                 return 0;
         if (aux && aux->asn1_cb)
         if (!pval)
                 return 0;
         if (aux && aux->asn1_cb)
@@ -320,7 +319,6 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
                         goto err;
                         }
                 /* CHOICE type, try each possibility in turn */
                         goto err;
                         }
                 /* CHOICE type, try each possibility in turn */
-               pchval = NULL;
                 p = *in;
                 for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
                         {
                 p = *in;
                 for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
                         {
@@ -614,7 +612,6 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val,
  
         err:
         ASN1_template_free(val, tt);
  
         err:
         ASN1_template_free(val, tt);
-       *val = NULL;
         return 0;
         }
  
         return 0;
         }
  
@@ -763,7 +760,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val,
  
         err:
         ASN1_template_free(val, tt);
  
         err:
         ASN1_template_free(val, tt);
-       *val = NULL;
         return 0;
         }
  
         return 0;
         }
  
@@ -883,7 +879,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
                  * internally irrespective of the type. So instead just check
                  * for UNIVERSAL class and ignore the tag.
                  */
                  * internally irrespective of the type. So instead just check
                  * for UNIVERSAL class and ignore the tag.
                  */
-               if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL))
+               if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
                         {
                         free_cont = 1;
                         goto err;
                         {
                         free_cont = 1;
                         goto err;
@@ -1017,6 +1013,18 @@ int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                 case V_ASN1_SET:
                 case V_ASN1_SEQUENCE:
                 default:
                 case V_ASN1_SET:
                 case V_ASN1_SEQUENCE:
                 default:
+               if (utype == V_ASN1_BMPSTRING && (len & 1))
+                       {
+                       ASN1err(ASN1_F_ASN1_EX_C2I,
+                                       ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
+                       goto err;
+                       }
+               if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
+                       {
+                       ASN1err(ASN1_F_ASN1_EX_C2I,
+                                       ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
+                       goto err;
+                       }
                 /* All based on ASN1_STRING and handled the same */
                 if (!*pval)
                         {
                 /* All based on ASN1_STRING and handled the same */
                 if (!*pval)
                         {
@@ -1133,8 +1141,18 @@ static int asn1_find_end(const unsigned char **in, long len, char inf)
   * if it is indefinite length.
   */
  
   * if it is indefinite length.
   */
  
+#ifndef ASN1_MAX_STRING_NEST
+/* This determines how many levels of recursion are permitted in ASN1
+ * string types. If it is not limited stack overflows can occur. If set
+ * to zero no recursion is allowed at all. Although zero should be adequate
+ * examples exist that require a value of 1. So 5 should be more than enough.
+ */
+#define ASN1_MAX_STRING_NEST 5
+#endif
+
+
  static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
  static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
-                               char inf, int tag, int aclass)
+                       char inf, int tag, int aclass, int depth)
         {
         const unsigned char *p, *q;
         long plen;
         {
         const unsigned char *p, *q;
         long plen;
@@ -1176,13 +1194,15 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
                 /* If indefinite length constructed update max length */
                 if (cst)
                         {
                 /* If indefinite length constructed update max length */
                 if (cst)
                         {
-#ifdef OPENSSL_ALLOW_NESTED_ASN1_STRINGS
-                       if (!asn1_collect(buf, &p, plen, ininf, tag, aclass))
+                       if (depth >= ASN1_MAX_STRING_NEST)
+                               {
+                               ASN1err(ASN1_F_ASN1_COLLECT,
+                                       ASN1_R_NESTED_ASN1_STRING);
+                               return 0;
+                               }
+                       if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
+                                               depth + 1))
                                 return 0;
                                 return 0;
-#else
-                       ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING);
-                       return 0;
-#endif
                         }
                 else if (plen && !collect_data(buf, &p, plen))
                         return 0;
                         }
                 else if (plen && !collect_data(buf, &p, plen))
                         return 0;
@@ -1244,7 +1264,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
         {
         int i;
         int ptag, pclass;
         {
         int i;
         int ptag, pclass;
-       size_t plen;
+       long plen;
         const unsigned char *p, *q;
         p = *in;
         q = p;
         const unsigned char *p, *q;
         p = *in;
         q = p;