1 /* $OpenBSD: asn1pars.c,v 1.16 2023/07/23 11:39:29 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 /* A nice addition from Dr Stephen Henson <steve@openssl.org> to
60 * add the -strparse option which parses nested binary structures
61 */
62
63 #include <stdio.h>
64 #include <stdlib.h>
65 #include <limits.h>
66 #include <string.h>
67
68 #include "apps.h"
69 #include "progs.h"
70
71 #include <openssl/err.h>
72 #include <openssl/evp.h>
73 #include <openssl/pem.h>
74 #include <openssl/x509.h>
75
76 static struct {
77 char *derfile;
78 int dump;
79 char *genconf;
80 char *genstr;
81 int indent;
82 char *infile;
83 int informat;
84 unsigned int length;
85 int noout;
86 int offset;
87 char *oidfile;
88 STACK_OF(OPENSSL_STRING) *osk;
89 } cfg;
90
91 static int
asn1pars_opt_dlimit(char * arg)92 asn1pars_opt_dlimit(char *arg)
93 {
94 const char *errstr;
95
96 cfg.dump = strtonum(arg, 1, INT_MAX, &errstr);
97 if (errstr) {
98 fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n",
99 errstr);
100 return (-1);
101 }
102 return (0);
103 }
104
105 static int
asn1pars_opt_length(char * arg)106 asn1pars_opt_length(char *arg)
107 {
108 const char *errstr;
109
110 cfg.length = strtonum(arg, 1, UINT_MAX, &errstr);
111 if (errstr) {
112 fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n",
113 errstr);
114 return (-1);
115 }
116 return (0);
117 }
118
119 static int
asn1pars_opt_strparse(char * arg)120 asn1pars_opt_strparse(char *arg)
121 {
122 if (sk_OPENSSL_STRING_push(cfg.osk, arg) == 0) {
123 fprintf(stderr, "-strparse cannot add argument\n");
124 return (-1);
125 }
126 return (0);
127 }
128
129 static const struct option asn1pars_options[] = {
130 {
131 .name = "dump",
132 .desc = "Dump unknown data in hex form",
133 .type = OPTION_VALUE,
134 .value = -1,
135 .opt.value = &cfg.dump,
136 },
137 {
138 .name = "dlimit",
139 .argname = "num",
140 .desc = "Dump the first num bytes of unknown data in hex form",
141 .type = OPTION_ARG_FUNC,
142 .opt.argfunc = asn1pars_opt_dlimit,
143 },
144 {
145 .name = "genconf",
146 .argname = "file",
147 .desc = "File to generate ASN.1 structure from",
148 .type = OPTION_ARG,
149 .opt.arg = &cfg.genconf,
150 },
151 {
152 .name = "genstr",
153 .argname = "string",
154 .desc = "String to generate ASN.1 structure from",
155 .type = OPTION_ARG,
156 .opt.arg = &cfg.genstr,
157 },
158 {
159 .name = "i",
160 .desc = "Indent output according to depth of structures",
161 .type = OPTION_FLAG,
162 .opt.flag = &cfg.indent,
163 },
164 {
165 .name = "in",
166 .argname = "file",
167 .desc = "The input file (default stdin)",
168 .type = OPTION_ARG,
169 .opt.arg = &cfg.infile,
170 },
171 {
172 .name = "inform",
173 .argname = "fmt",
174 .desc = "Input format (DER, TXT or PEM (default))",
175 .type = OPTION_ARG_FORMAT,
176 .opt.value = &cfg.informat,
177 },
178 {
179 .name = "length",
180 .argname = "num",
181 .desc = "Number of bytes to parse (default until EOF)",
182 .type = OPTION_ARG_FUNC,
183 .opt.argfunc = asn1pars_opt_length,
184 },
185 {
186 .name = "noout",
187 .desc = "Do not produce any output",
188 .type = OPTION_FLAG,
189 .opt.flag = &cfg.noout,
190 },
191 {
192 .name = "offset",
193 .argname = "num",
194 .desc = "Offset to begin parsing",
195 .type = OPTION_ARG_INT,
196 .opt.value = &cfg.offset,
197 },
198 {
199 .name = "oid",
200 .argname = "file",
201 .desc = "File containing additional object identifiers (OIDs)",
202 .type = OPTION_ARG,
203 .opt.arg = &cfg.oidfile,
204 },
205 {
206 .name = "out",
207 .argname = "file",
208 .desc = "Output file in DER format",
209 .type = OPTION_ARG,
210 .opt.arg = &cfg.derfile,
211 },
212 {
213 .name = "strparse",
214 .argname = "offset",
215 .desc = "Parse the content octets of ASN.1 object starting at"
216 " offset",
217 .type = OPTION_ARG_FUNC,
218 .opt.argfunc = asn1pars_opt_strparse,
219 },
220 { NULL },
221 };
222
223 static void
asn1pars_usage(void)224 asn1pars_usage(void)
225 {
226 fprintf(stderr,
227 "usage: asn1parse [-i] [-dlimit num] [-dump] [-genconf file] "
228 "[-genstr string]\n"
229 " [-in file] [-inform fmt] [-length num] [-noout] [-offset num] "
230 "[-oid file]\n"
231 " [-out file] [-strparse offset]\n\n");
232 options_usage(asn1pars_options);
233 }
234
235 static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
236
237 int
asn1parse_main(int argc,char ** argv)238 asn1parse_main(int argc, char **argv)
239 {
240 int i, j, ret = 1;
241 long num, tmplen;
242 BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
243 char *str = NULL;
244 const char *errstr = NULL;
245 unsigned char *tmpbuf;
246 const unsigned char *ctmpbuf;
247 BUF_MEM *buf = NULL;
248 ASN1_TYPE *at = NULL;
249
250 if (pledge("stdio cpath wpath rpath", NULL) == -1) {
251 perror("pledge");
252 exit(1);
253 }
254
255 memset(&cfg, 0, sizeof(cfg));
256
257 cfg.informat = FORMAT_PEM;
258 if ((cfg.osk = sk_OPENSSL_STRING_new_null()) == NULL) {
259 BIO_printf(bio_err, "Memory allocation failure\n");
260 goto end;
261 }
262
263 if (options_parse(argc, argv, asn1pars_options, NULL, NULL) != 0) {
264 asn1pars_usage();
265 return (1);
266 }
267
268 in = BIO_new(BIO_s_file());
269 out = BIO_new(BIO_s_file());
270 if (in == NULL || out == NULL) {
271 ERR_print_errors(bio_err);
272 goto end;
273 }
274 BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
275
276 if (cfg.oidfile != NULL) {
277 if (BIO_read_filename(in, cfg.oidfile) <= 0) {
278 BIO_printf(bio_err, "problems opening %s\n",
279 cfg.oidfile);
280 ERR_print_errors(bio_err);
281 goto end;
282 }
283 OBJ_create_objects(in);
284 }
285 if (cfg.infile == NULL)
286 BIO_set_fp(in, stdin, BIO_NOCLOSE);
287 else {
288 if (BIO_read_filename(in, cfg.infile) <= 0) {
289 perror(cfg.infile);
290 goto end;
291 }
292 }
293
294 if (cfg.derfile != NULL) {
295 if ((derout = BIO_new_file(cfg.derfile, "wb")) == NULL) {
296 BIO_printf(bio_err, "problems opening %s\n",
297 cfg.derfile);
298 ERR_print_errors(bio_err);
299 goto end;
300 }
301 }
302 if ((buf = BUF_MEM_new()) == NULL)
303 goto end;
304 if (!BUF_MEM_grow(buf, BUFSIZ * 8))
305 goto end;
306
307 if (cfg.genstr != NULL || cfg.genconf) {
308 num = do_generate(bio_err, cfg.genstr, cfg.genconf, buf);
309 if (num < 0) {
310 ERR_print_errors(bio_err);
311 goto end;
312 }
313 } else {
314 if (cfg.informat == FORMAT_PEM) {
315 BIO *tmp;
316
317 if ((b64 = BIO_new(BIO_f_base64())) == NULL)
318 goto end;
319 BIO_push(b64, in);
320 tmp = in;
321 in = b64;
322 b64 = tmp;
323 }
324 num = 0;
325 for (;;) {
326 if (!BUF_MEM_grow(buf, (int) num + BUFSIZ))
327 goto end;
328 i = BIO_read(in, &(buf->data[num]), BUFSIZ);
329 if (i <= 0)
330 break;
331 num += i;
332 }
333 }
334 str = buf->data;
335
336 /* If any structs to parse go through in sequence */
337
338 if (sk_OPENSSL_STRING_num(cfg.osk) > 0) {
339 tmpbuf = (unsigned char *) str;
340 tmplen = num;
341 for (i = 0; i < sk_OPENSSL_STRING_num(cfg.osk); i++) {
342 ASN1_TYPE *atmp;
343 int typ;
344 j = strtonum(sk_OPENSSL_STRING_value(cfg.osk, i),
345 1, INT_MAX, &errstr);
346 if (errstr) {
347 BIO_printf(bio_err,
348 "'%s' is an invalid number: %s\n",
349 sk_OPENSSL_STRING_value(cfg.osk, i), errstr);
350 continue;
351 }
352 tmpbuf += j;
353 tmplen -= j;
354 atmp = at;
355 ctmpbuf = tmpbuf;
356 at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
357 ASN1_TYPE_free(atmp);
358 if (!at) {
359 BIO_printf(bio_err, "Error parsing structure\n");
360 ERR_print_errors(bio_err);
361 goto end;
362 }
363 typ = ASN1_TYPE_get(at);
364 if (typ == V_ASN1_BOOLEAN || typ == V_ASN1_NULL ||
365 typ == V_ASN1_OBJECT) {
366 BIO_printf(bio_err, "Can't parse %s type\n",
367 ASN1_tag2str(typ));
368 ERR_print_errors(bio_err);
369 goto end;
370 }
371 /* hmm... this is a little evil but it works */
372 tmpbuf = at->value.asn1_string->data;
373 tmplen = at->value.asn1_string->length;
374 }
375 str = (char *) tmpbuf;
376 num = tmplen;
377 }
378 if (cfg.offset >= num) {
379 BIO_printf(bio_err, "Error: offset too large\n");
380 goto end;
381 }
382 num -= cfg.offset;
383
384 if (cfg.length == 0 || (long)cfg.length > num)
385 cfg.length = (unsigned int) num;
386 if (derout != NULL) {
387 if (BIO_write(derout, str + cfg.offset,
388 cfg.length) != (int)cfg.length) {
389 BIO_printf(bio_err, "Error writing output\n");
390 ERR_print_errors(bio_err);
391 goto end;
392 }
393 }
394 if (!cfg.noout && !ASN1_parse_dump(out,
395 (unsigned char *)&str[cfg.offset], cfg.length, cfg.indent, cfg.dump)) {
396 ERR_print_errors(bio_err);
397 goto end;
398 }
399 ret = 0;
400 end:
401 BIO_free(derout);
402 BIO_free(in);
403 BIO_free_all(out);
404 BIO_free(b64);
405 if (ret != 0)
406 ERR_print_errors(bio_err);
407 BUF_MEM_free(buf);
408 ASN1_TYPE_free(at);
409 sk_OPENSSL_STRING_free(cfg.osk);
410 OBJ_cleanup();
411
412 return (ret);
413 }
414
415 static int
do_generate(BIO * bio,char * genstr,char * genconf,BUF_MEM * buf)416 do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
417 {
418 CONF *cnf = NULL;
419 int len;
420 long errline;
421 unsigned char *p;
422 ASN1_TYPE *atyp = NULL;
423
424 if (genconf) {
425 cnf = NCONF_new(NULL);
426 if (!NCONF_load(cnf, genconf, &errline))
427 goto conferr;
428 if (!genstr)
429 genstr = NCONF_get_string(cnf, "default", "asn1");
430 if (!genstr) {
431 BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
432 goto err;
433 }
434 }
435 atyp = ASN1_generate_nconf(genstr, cnf);
436 NCONF_free(cnf);
437 cnf = NULL;
438
439 if (!atyp)
440 return -1;
441
442 len = i2d_ASN1_TYPE(atyp, NULL);
443 if (len <= 0)
444 goto err;
445
446 if (!BUF_MEM_grow(buf, len))
447 goto err;
448
449 p = (unsigned char *) buf->data;
450
451 i2d_ASN1_TYPE(atyp, &p);
452
453 ASN1_TYPE_free(atyp);
454 return len;
455
456 conferr:
457
458 if (errline > 0)
459 BIO_printf(bio, "Error on line %ld of config file '%s'\n",
460 errline, genconf);
461 else
462 BIO_printf(bio, "Error loading config file '%s'\n", genconf);
463
464 err:
465 NCONF_free(cnf);
466 ASN1_TYPE_free(atyp);
467
468 return -1;
469
470 }
471