1 /* $OpenBSD: tasn_dec.c,v 1.88 2023/07/28 10:00:10 tb Exp $ */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5 /* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <limits.h>
60 #include <stddef.h>
61 #include <string.h>
62
63 #include <openssl/asn1.h>
64 #include <openssl/asn1t.h>
65 #include <openssl/buffer.h>
66 #include <openssl/err.h>
67 #include <openssl/objects.h>
68
69 #include "asn1_local.h"
70 #include "bytestring.h"
71
72 /*
73 * Constructed types with a recursive definition (such as can be found in PKCS7)
74 * could eventually exceed the stack given malicious input with excessive
75 * recursion. Therefore we limit the stack depth.
76 */
77 #define ASN1_MAX_CONSTRUCTED_NEST 30
78
79 #ifndef ASN1_MAX_STRING_NEST
80 /*
81 * This determines how many levels of recursion are permitted in ASN.1 string
82 * types. If it is not limited stack overflows can occur. If set to zero no
83 * recursion is allowed at all.
84 */
85 #define ASN1_MAX_STRING_NEST 5
86 #endif
87
88 static int asn1_template_d2i(ASN1_VALUE **pval, CBS *cbs,
89 const ASN1_TEMPLATE *at, int optional, int depth);
90
91 static int
asn1_check_eoc(CBS * cbs)92 asn1_check_eoc(CBS *cbs)
93 {
94 uint16_t eoc;
95
96 if (!CBS_peek_u16(cbs, &eoc))
97 return 0;
98 if (eoc != 0)
99 return 0;
100
101 return CBS_skip(cbs, 2);
102 }
103
104 static int
asn1_check_tag(CBS * cbs,size_t * out_len,int * out_tag,uint8_t * out_class,int * out_indefinite,int * out_constructed,int expected_tag,int expected_class,int optional)105 asn1_check_tag(CBS *cbs, size_t *out_len, int *out_tag, uint8_t *out_class,
106 int *out_indefinite, int *out_constructed, int expected_tag,
107 int expected_class, int optional)
108 {
109 int constructed, indefinite;
110 uint32_t tag_number;
111 uint8_t tag_class;
112 size_t length;
113
114 if (out_len != NULL)
115 *out_len = 0;
116 if (out_tag != NULL)
117 *out_tag = 0;
118 if (out_class != NULL)
119 *out_class = 0;
120 if (out_indefinite != NULL)
121 *out_indefinite = 0;
122 if (out_constructed != NULL)
123 *out_constructed = 0;
124
125 if (!asn1_get_identifier_cbs(cbs, 0, &tag_class, &constructed,
126 &tag_number)) {
127 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
128 return 0;
129 }
130 if (expected_tag >= 0) {
131 if (expected_tag != tag_number ||
132 expected_class != tag_class << 6) {
133 /* Indicate missing type if this is OPTIONAL. */
134 if (optional)
135 return -1;
136
137 ASN1error(ASN1_R_WRONG_TAG);
138 return 0;
139 }
140 }
141 if (!asn1_get_length_cbs(cbs, 0, &indefinite, &length)) {
142 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
143 return 0;
144 }
145
146 /* Indefinite length can only be used with constructed encoding. */
147 if (indefinite && !constructed) {
148 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
149 return 0;
150 }
151
152 if (!indefinite && CBS_len(cbs) < length) {
153 ASN1error(ASN1_R_TOO_LONG);
154 return 0;
155 }
156
157 if (tag_number > INT_MAX) {
158 ASN1error(ASN1_R_TOO_LONG);
159 return 0;
160 }
161
162 if (indefinite)
163 length = CBS_len(cbs);
164
165 if (out_len != NULL)
166 *out_len = length;
167 if (out_tag != NULL)
168 *out_tag = tag_number;
169 if (out_class != NULL)
170 *out_class = tag_class << 6;
171 if (out_indefinite != NULL)
172 *out_indefinite = indefinite;
173 if (out_constructed != NULL)
174 *out_constructed = constructed;
175
176 return 1;
177 }
178
179 /* Collect the contents from a constructed ASN.1 object. */
180 static int
asn1_collect(CBB * cbb,CBS * cbs,int indefinite,int expected_tag,int expected_class,int depth)181 asn1_collect(CBB *cbb, CBS *cbs, int indefinite, int expected_tag,
182 int expected_class, int depth)
183 {
184 int constructed;
185 size_t length;
186 CBS content;
187 int need_eoc;
188
189 if (depth > ASN1_MAX_STRING_NEST) {
190 ASN1error(ASN1_R_NESTED_ASN1_STRING);
191 return 0;
192 }
193
194 need_eoc = indefinite;
195
196 while (CBS_len(cbs) > 0) {
197 if (asn1_check_eoc(cbs)) {
198 if (!need_eoc) {
199 ASN1error(ASN1_R_UNEXPECTED_EOC);
200 return 0;
201 }
202 return 1;
203 }
204 if (!asn1_check_tag(cbs, &length, NULL, NULL, &indefinite,
205 &constructed, expected_tag, expected_class, 0)) {
206 ASN1error(ERR_R_NESTED_ASN1_ERROR);
207 return 0;
208 }
209
210 if (constructed) {
211 if (!asn1_collect(cbb, cbs, indefinite, expected_tag,
212 expected_class, depth + 1))
213 return 0;
214 continue;
215 }
216
217 if (!CBS_get_bytes(cbs, &content, length)) {
218 ASN1error(ERR_R_NESTED_ASN1_ERROR);
219 return 0;
220 }
221 if (!CBB_add_bytes(cbb, CBS_data(&content), CBS_len(&content)))
222 return 0;
223 }
224
225 if (need_eoc) {
226 ASN1error(ASN1_R_MISSING_EOC);
227 return 0;
228 }
229
230 return 1;
231 }
232
233 /* Find the end of an ASN.1 object. */
234 static int
asn1_find_end(CBS * cbs,size_t length,int indefinite)235 asn1_find_end(CBS *cbs, size_t length, int indefinite)
236 {
237 size_t eoc_count;
238
239 if (!indefinite) {
240 if (!CBS_skip(cbs, length)) {
241 ASN1error(ERR_R_NESTED_ASN1_ERROR);
242 return 0;
243 }
244 return 1;
245 }
246
247 eoc_count = 1;
248
249 while (CBS_len(cbs) > 0) {
250 if (asn1_check_eoc(cbs)) {
251 if (--eoc_count == 0)
252 break;
253 continue;
254 }
255 if (!asn1_check_tag(cbs, &length, NULL, NULL,
256 &indefinite, NULL, -1, 0, 0)) {
257 ASN1error(ERR_R_NESTED_ASN1_ERROR);
258 return 0;
259 }
260 if (indefinite) {
261 eoc_count++;
262 continue;
263 }
264 if (!CBS_skip(cbs, length))
265 return 0;
266 }
267
268 if (eoc_count > 0) {
269 ASN1error(ASN1_R_MISSING_EOC);
270 return 0;
271 }
272
273 return 1;
274 }
275
276 static int
asn1_c2i_primitive(ASN1_VALUE ** pval,CBS * content,int utype,const ASN1_ITEM * it)277 asn1_c2i_primitive(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
278 {
279 ASN1_BOOLEAN *abool;
280 ASN1_STRING *astr;
281 uint8_t val;
282 int ret = 0;
283
284 if (it->funcs != NULL)
285 goto err;
286
287 if (CBS_len(content) > INT_MAX)
288 goto err;
289
290 switch (utype) {
291 case V_ASN1_OBJECT:
292 if (!c2i_ASN1_OBJECT_cbs((ASN1_OBJECT **)pval, content))
293 goto err;
294 break;
295
296 case V_ASN1_NULL:
297 if (CBS_len(content) != 0) {
298 ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH);
299 goto err;
300 }
301 *pval = (ASN1_VALUE *)1;
302 break;
303
304 case V_ASN1_BOOLEAN:
305 abool = (ASN1_BOOLEAN *)pval;
306 if (CBS_len(content) != 1) {
307 ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
308 goto err;
309 }
310 if (!CBS_get_u8(content, &val))
311 goto err;
312 *abool = val;
313 break;
314
315 case V_ASN1_BIT_STRING:
316 if (!c2i_ASN1_BIT_STRING_cbs((ASN1_BIT_STRING **)pval, content))
317 goto err;
318 break;
319
320 case V_ASN1_ENUMERATED:
321 if (!c2i_ASN1_ENUMERATED_cbs((ASN1_ENUMERATED **)pval, content))
322 goto err;
323 break;
324
325 case V_ASN1_INTEGER:
326 if (!c2i_ASN1_INTEGER_cbs((ASN1_INTEGER **)pval, content))
327 goto err;
328 break;
329
330 case V_ASN1_OCTET_STRING:
331 case V_ASN1_NUMERICSTRING:
332 case V_ASN1_PRINTABLESTRING:
333 case V_ASN1_T61STRING:
334 case V_ASN1_VIDEOTEXSTRING:
335 case V_ASN1_IA5STRING:
336 case V_ASN1_UTCTIME:
337 case V_ASN1_GENERALIZEDTIME:
338 case V_ASN1_GRAPHICSTRING:
339 case V_ASN1_VISIBLESTRING:
340 case V_ASN1_GENERALSTRING:
341 case V_ASN1_UNIVERSALSTRING:
342 case V_ASN1_BMPSTRING:
343 case V_ASN1_UTF8STRING:
344 case V_ASN1_OTHER:
345 case V_ASN1_SET:
346 case V_ASN1_SEQUENCE:
347 default:
348 if (utype == V_ASN1_BMPSTRING && (CBS_len(content) & 1)) {
349 ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
350 goto err;
351 }
352 if (utype == V_ASN1_UNIVERSALSTRING && (CBS_len(content) & 3)) {
353 ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
354 goto err;
355 }
356 if (utype == V_ASN1_UTCTIME || utype == V_ASN1_GENERALIZEDTIME) {
357 if (!asn1_time_parse_cbs(content,
358 utype == V_ASN1_GENERALIZEDTIME, NULL)) {
359 ASN1error(ASN1_R_INVALID_TIME_FORMAT);
360 goto err;
361 }
362 }
363 /* All based on ASN1_STRING and handled the same way. */
364 if (*pval != NULL) {
365 ASN1_STRING_free((ASN1_STRING *)*pval);
366 *pval = NULL;
367 }
368 if ((astr = ASN1_STRING_type_new(utype)) == NULL) {
369 ASN1error(ERR_R_MALLOC_FAILURE);
370 goto err;
371 }
372 if (!ASN1_STRING_set(astr, CBS_data(content), CBS_len(content))) {
373 ASN1_STRING_free(astr);
374 goto err;
375 }
376 *pval = (ASN1_VALUE *)astr;
377 break;
378 }
379
380 ret = 1;
381
382 err:
383 return ret;
384 }
385
386 static int
asn1_c2i_any(ASN1_VALUE ** pval,CBS * content,int utype,const ASN1_ITEM * it)387 asn1_c2i_any(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
388 {
389 ASN1_TYPE *atype;
390
391 if (it->utype != V_ASN1_ANY || it->funcs != NULL)
392 return 0;
393
394 if (*pval != NULL) {
395 ASN1_TYPE_free((ASN1_TYPE *)*pval);
396 *pval = NULL;
397 }
398
399 if ((atype = ASN1_TYPE_new()) == NULL)
400 return 0;
401
402 if (!asn1_c2i_primitive(&atype->value.asn1_value, content, utype, it)) {
403 ASN1_TYPE_free(atype);
404 return 0;
405 }
406 atype->type = utype;
407
408 /* Fix up value for ASN.1 NULL. */
409 if (atype->type == V_ASN1_NULL)
410 atype->value.ptr = NULL;
411
412 *pval = (ASN1_VALUE *)atype;
413
414 return 1;
415 }
416
417 static int
asn1_c2i(ASN1_VALUE ** pval,CBS * content,int utype,const ASN1_ITEM * it)418 asn1_c2i(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
419 {
420 if (CBS_len(content) > INT_MAX)
421 return 0;
422
423 if (it->funcs != NULL) {
424 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
425 char free_content = 0;
426
427 if (pf->prim_c2i == NULL)
428 return 0;
429
430 return pf->prim_c2i(pval, CBS_data(content), CBS_len(content),
431 utype, &free_content, it);
432 }
433
434 if (it->utype == V_ASN1_ANY)
435 return asn1_c2i_any(pval, content, utype, it);
436
437 return asn1_c2i_primitive(pval, content, utype, it);
438 }
439
440 /*
441 * Decode ASN.1 content into a primitive type. There are three possible forms -
442 * a SEQUENCE/SET/OTHER that is stored verbatim (including the ASN.1 tag and
443 * length octets), constructed objects and non-constructed objects. In the
444 * first two cases indefinite length is permitted, which we may need to handle.
445 * When this function is called the *cbs should reference the start of the
446 * ASN.1 object (i.e. the tag/length header), while *cbs_object should
447 * reference the start of the object contents (i.e. after the tag/length
448 * header. Additionally, the *cbs_object offset should be relative to the
449 * ASN.1 object being parsed. On success the *cbs will point at the octet
450 * after the object.
451 */
452 static int
asn1_d2i_primitive_content(ASN1_VALUE ** pval,CBS * cbs,CBS * cbs_object,int utype,int constructed,int indefinite,size_t length,const ASN1_ITEM * it)453 asn1_d2i_primitive_content(ASN1_VALUE **pval, CBS *cbs, CBS *cbs_object,
454 int utype, int constructed, int indefinite, size_t length,
455 const ASN1_ITEM *it)
456 {
457 CBS cbs_content, cbs_initial;
458 uint8_t *data = NULL;
459 size_t data_len = 0;
460 CBB cbb;
461 int ret = 0;
462
463 memset(&cbb, 0, sizeof(cbb));
464
465 CBS_dup(cbs, &cbs_initial);
466 CBS_init(&cbs_content, NULL, 0);
467
468 if (asn1_must_be_constructed(utype) && !constructed) {
469 ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED);
470 goto err;
471 }
472 if (asn1_must_be_primitive(utype) && constructed) {
473 ASN1error(ASN1_R_TYPE_NOT_PRIMITIVE);
474 goto err;
475 }
476
477 /* SEQUENCE, SET and "OTHER" are left in encoded form. */
478 if (utype == V_ASN1_SEQUENCE || utype == V_ASN1_SET ||
479 utype == V_ASN1_OTHER) {
480 if (!asn1_find_end(cbs_object, length, indefinite))
481 goto err;
482 if (!CBS_get_bytes(&cbs_initial, &cbs_content,
483 CBS_offset(cbs_object)))
484 goto err;
485 } else if (constructed) {
486 /*
487 * Should really check the internal tags are correct but
488 * some things may get this wrong. The relevant specs
489 * say that constructed string types should be OCTET STRINGs
490 * internally irrespective of the type. So instead just check
491 * for UNIVERSAL class and ignore the tag.
492 */
493 if (!CBB_init(&cbb, 0))
494 goto err;
495 if (!asn1_collect(&cbb, cbs_object, indefinite, -1,
496 V_ASN1_UNIVERSAL, 0))
497 goto err;
498 if (!CBB_finish(&cbb, &data, &data_len))
499 goto err;
500
501 CBS_init(&cbs_content, data, data_len);
502 } else {
503 if (!CBS_get_bytes(cbs_object, &cbs_content, length))
504 goto err;
505 }
506
507 if (!asn1_c2i(pval, &cbs_content, utype, it))
508 goto err;
509
510 if (!CBS_skip(cbs, CBS_offset(cbs_object)))
511 goto err;
512
513 ret = 1;
514
515 err:
516 CBB_cleanup(&cbb);
517 freezero(data, data_len);
518
519 return ret;
520 }
521
522 static int
asn1_d2i_any(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional)523 asn1_d2i_any(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
524 int tag_number, int tag_class, int optional)
525 {
526 int constructed, indefinite;
527 uint8_t object_class;
528 int object_type;
529 CBS cbs_object;
530 size_t length;
531
532 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
533
534 if (it->utype != V_ASN1_ANY)
535 return 0;
536
537 if (tag_number >= 0) {
538 ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY);
539 return 0;
540 }
541 if (optional) {
542 ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY);
543 return 0;
544 }
545
546 /* Determine type from ASN.1 tag. */
547 if (asn1_check_tag(&cbs_object, &length, &object_type, &object_class,
548 &indefinite, &constructed, -1, 0, 0) != 1) {
549 ASN1error(ERR_R_NESTED_ASN1_ERROR);
550 return 0;
551 }
552 if (object_class != V_ASN1_UNIVERSAL)
553 object_type = V_ASN1_OTHER;
554
555 return asn1_d2i_primitive_content(pval, cbs, &cbs_object, object_type,
556 constructed, indefinite, length, it);
557 }
558
559 static int
asn1_d2i_mstring(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional)560 asn1_d2i_mstring(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
561 int tag_number, int tag_class, int optional)
562 {
563 int constructed, indefinite;
564 uint8_t object_class;
565 int object_tag;
566 CBS cbs_object;
567 size_t length;
568
569 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
570
571 /*
572 * It never makes sense for multi-strings to have implicit tagging, so
573 * if tag_number != -1, then this looks like an error in the template.
574 */
575 if (tag_number != -1) {
576 ASN1error(ASN1_R_BAD_TEMPLATE);
577 return 0;
578 }
579
580 if (asn1_check_tag(&cbs_object, &length, &object_tag, &object_class,
581 &indefinite, &constructed, -1, 0, 1) != 1) {
582 ASN1error(ERR_R_NESTED_ASN1_ERROR);
583 return 0;
584 }
585
586 /* Class must be UNIVERSAL. */
587 if (object_class != V_ASN1_UNIVERSAL) {
588 if (optional)
589 return -1;
590 ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL);
591 return 0;
592 }
593 /* Check tag matches bit map. */
594 if ((ASN1_tag2bit(object_tag) & it->utype) == 0) {
595 if (optional)
596 return -1;
597 ASN1error(ASN1_R_MSTRING_WRONG_TAG);
598 return 0;
599 }
600
601 return asn1_d2i_primitive_content(pval, cbs, &cbs_object,
602 object_tag, constructed, indefinite, length, it);
603 }
604
605 static int
asn1_d2i_primitive(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional)606 asn1_d2i_primitive(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
607 int tag_number, int tag_class, int optional)
608 {
609 CBS cbs_object;
610 int constructed, indefinite;
611 int utype = it->utype;
612 size_t length;
613 int ret;
614
615 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
616
617 if (it->itype == ASN1_ITYPE_MSTRING)
618 return 0;
619
620 if (it->utype == V_ASN1_ANY)
621 return asn1_d2i_any(pval, cbs, it, tag_number, tag_class, optional);
622
623 if (tag_number == -1) {
624 tag_number = it->utype;
625 tag_class = V_ASN1_UNIVERSAL;
626 }
627
628 ret = asn1_check_tag(&cbs_object, &length, NULL, NULL, &indefinite,
629 &constructed, tag_number, tag_class, optional);
630 if (ret == -1)
631 return -1;
632 if (ret != 1) {
633 ASN1error(ERR_R_NESTED_ASN1_ERROR);
634 return 0;
635 }
636
637 return asn1_d2i_primitive_content(pval, cbs, &cbs_object, utype,
638 constructed, indefinite, length, it);
639 }
640
641 static int
asn1_item_d2i_choice(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional,int depth)642 asn1_item_d2i_choice(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
643 int tag_number, int tag_class, int optional, int depth)
644 {
645 const ASN1_TEMPLATE *at, *errat = NULL;
646 const ASN1_AUX *aux;
647 ASN1_aux_cb *asn1_cb = NULL;
648 ASN1_VALUE *achoice = NULL;
649 ASN1_VALUE **pchptr;
650 int i, ret;
651
652 if ((aux = it->funcs) != NULL)
653 asn1_cb = aux->asn1_cb;
654
655 if (it->itype != ASN1_ITYPE_CHOICE)
656 goto err;
657
658 /*
659 * It never makes sense for CHOICE types to have implicit tagging, so
660 * if tag_number != -1, then this looks like an error in the template.
661 */
662 if (tag_number != -1) {
663 ASN1error(ASN1_R_BAD_TEMPLATE);
664 goto err;
665 }
666
667 if (*pval != NULL) {
668 ASN1_item_ex_free(pval, it);
669 *pval = NULL;
670 }
671
672 if (!ASN1_item_ex_new(&achoice, it)) {
673 ASN1error(ERR_R_NESTED_ASN1_ERROR);
674 goto err;
675 }
676
677 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &achoice, it, NULL)) {
678 ASN1error(ASN1_R_AUX_ERROR);
679 goto err;
680 }
681
682 /* Try each possible CHOICE in turn. */
683 for (i = 0; i < it->tcount; i++) {
684 at = &it->templates[i];
685
686 pchptr = asn1_get_field_ptr(&achoice, at);
687
688 /* Mark field as OPTIONAL so its absence can be identified. */
689 ret = asn1_template_d2i(pchptr, cbs, at, 1, depth);
690 if (ret == -1)
691 continue;
692 if (ret != 1) {
693 ASN1error(ERR_R_NESTED_ASN1_ERROR);
694 errat = at;
695 goto err;
696 }
697
698 /* We've successfully decoded an ASN.1 object. */
699 asn1_set_choice_selector(&achoice, i, it);
700 break;
701 }
702
703 /* Did we fall off the end without reading anything? */
704 if (i == it->tcount) {
705 if (optional) {
706 ASN1_item_ex_free(&achoice, it);
707 return -1;
708 }
709 ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE);
710 goto err;
711 }
712
713 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &achoice, it, NULL)) {
714 ASN1error(ASN1_R_AUX_ERROR);
715 goto err;
716 }
717
718 *pval = achoice;
719 achoice = NULL;
720
721 return 1;
722
723 err:
724 ASN1_item_ex_free(&achoice, it);
725
726 if (errat != NULL)
727 ERR_asprintf_error_data("Field=%s, Type=%s", errat->field_name,
728 it->sname);
729 else
730 ERR_asprintf_error_data("Type=%s", it->sname);
731
732 return 0;
733 }
734
735 static int
asn1_item_d2i_sequence(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional,int depth)736 asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
737 int tag_number, int tag_class, int optional, int depth)
738 {
739 CBS cbs_seq, cbs_seq_content, cbs_object;
740 int constructed, indefinite, optional_field;
741 const ASN1_TEMPLATE *errat = NULL;
742 const ASN1_TEMPLATE *seqat, *at;
743 ASN1_aux_cb *asn1_cb = NULL;
744 const ASN1_AUX *aux;
745 ASN1_VALUE *aseq = NULL;
746 ASN1_VALUE **pseqval;
747 int eoc_needed, i;
748 size_t length;
749 int ret = 0;
750
751 CBS_init(&cbs_seq, CBS_data(cbs), CBS_len(cbs));
752
753 if ((aux = it->funcs) != NULL)
754 asn1_cb = aux->asn1_cb;
755
756 if (it->itype != ASN1_ITYPE_NDEF_SEQUENCE &&
757 it->itype != ASN1_ITYPE_SEQUENCE)
758 goto err;
759
760 if (*pval != NULL) {
761 ASN1_item_ex_free(pval, it);
762 *pval = NULL;
763 }
764
765 /* If no IMPLICIT tagging use UNIVERSAL/SEQUENCE. */
766 if (tag_number == -1) {
767 tag_class = V_ASN1_UNIVERSAL;
768 tag_number = V_ASN1_SEQUENCE;
769 }
770
771 /* Read ASN.1 SEQUENCE header. */
772 ret = asn1_check_tag(&cbs_seq, &length, NULL, NULL, &indefinite,
773 &constructed, tag_number, tag_class, optional);
774 if (ret == -1)
775 return -1;
776 if (ret != 1) {
777 ASN1error(ERR_R_NESTED_ASN1_ERROR);
778 goto err;
779 }
780
781 if (!constructed) {
782 ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
783 goto err;
784 }
785
786 if (indefinite) {
787 eoc_needed = 1;
788 CBS_init(&cbs_seq_content, CBS_data(&cbs_seq), CBS_len(&cbs_seq));
789 } else {
790 eoc_needed = 0;
791 if (!CBS_get_bytes(&cbs_seq, &cbs_seq_content, length))
792 goto err;
793 }
794
795 if (!ASN1_item_ex_new(&aseq, it)) {
796 ASN1error(ERR_R_NESTED_ASN1_ERROR);
797 goto err;
798 }
799
800 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &aseq, it, NULL)) {
801 ASN1error(ASN1_R_AUX_ERROR);
802 goto err;
803 }
804
805 for (i = 0; i < it->tcount; i++) {
806 at = &it->templates[i];
807
808 if (asn1_check_eoc(&cbs_seq_content)) {
809 if (!indefinite) {
810 ASN1error(ASN1_R_UNEXPECTED_EOC);
811 goto err;
812 }
813 eoc_needed = 0;
814 break;
815 }
816 if (CBS_len(&cbs_seq_content) == 0)
817 break;
818
819 if ((seqat = asn1_do_adb(&aseq, at, 1)) == NULL)
820 goto err;
821
822 pseqval = asn1_get_field_ptr(&aseq, seqat);
823
824 /*
825 * This was originally implemented to "increase efficiency",
826 * however it currently needs to remain since it papers over
827 * the use of ASN.1 ANY with OPTIONAL in SEQUENCEs (which
828 * asn1_d2i_primitive() currently rejects).
829 */
830 optional_field = (seqat->flags & ASN1_TFLG_OPTIONAL) != 0;
831 if (i == it->tcount - 1)
832 optional_field = 0;
833
834 ret = asn1_template_d2i(pseqval, &cbs_seq_content,
835 seqat, optional_field, depth);
836 if (ret == -1) {
837 /* Absent OPTIONAL component. */
838 ASN1_template_free(pseqval, seqat);
839 continue;
840 }
841 if (ret != 1) {
842 errat = seqat;
843 goto err;
844 }
845 }
846
847 if (eoc_needed && !asn1_check_eoc(&cbs_seq_content)) {
848 ASN1error(ASN1_R_MISSING_EOC);
849 goto err;
850 }
851
852 if (indefinite) {
853 if (!CBS_skip(&cbs_seq, CBS_offset(&cbs_seq_content)))
854 goto err;
855 } else if (CBS_len(&cbs_seq_content) != 0) {
856 ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH);
857 goto err;
858 }
859
860 /*
861 * There is no more data in the ASN.1 SEQUENCE, however we may not have
862 * populated all fields - check that any remaining are OPTIONAL.
863 */
864 for (; i < it->tcount; i++) {
865 at = &it->templates[i];
866
867 if ((seqat = asn1_do_adb(&aseq, at, 1)) == NULL)
868 goto err;
869
870 if ((seqat->flags & ASN1_TFLG_OPTIONAL) == 0) {
871 ASN1error(ASN1_R_FIELD_MISSING);
872 errat = seqat;
873 goto err;
874 }
875
876 /* XXX - this is probably unnecessary with earlier free. */
877 pseqval = asn1_get_field_ptr(&aseq, seqat);
878 ASN1_template_free(pseqval, seqat);
879 }
880
881 if (!CBS_get_bytes(cbs, &cbs_object, CBS_offset(&cbs_seq)))
882 goto err;
883
884 if (!asn1_enc_save(&aseq, &cbs_object, it)) {
885 ASN1error(ERR_R_MALLOC_FAILURE);
886 goto err;
887 }
888
889 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &aseq, it, NULL)) {
890 ASN1error(ASN1_R_AUX_ERROR);
891 goto err;
892 }
893
894 *pval = aseq;
895 aseq = NULL;
896
897 return 1;
898
899 err:
900 ASN1_item_ex_free(&aseq, it);
901
902 if (errat != NULL)
903 ERR_asprintf_error_data("Field=%s, Type=%s", errat->field_name,
904 it->sname);
905 else
906 ERR_asprintf_error_data("Type=%s", it->sname);
907
908 return 0;
909 }
910
911 static int
asn1_item_d2i_extern(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional)912 asn1_item_d2i_extern(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
913 int tag_number, int tag_class, int optional)
914 {
915 const ASN1_EXTERN_FUNCS *ef = it->funcs;
916 const unsigned char *p = NULL;
917 ASN1_TLC ctx = { 0 };
918 int ret = 0;
919
920 if (CBS_len(cbs) > LONG_MAX)
921 return 0;
922
923 p = CBS_data(cbs);
924
925 if ((ret = ef->asn1_ex_d2i(pval, &p, (long)CBS_len(cbs), it,
926 tag_number, tag_class, optional, &ctx)) == 1) {
927 if (!CBS_skip(cbs, p - CBS_data(cbs)))
928 goto err;
929 }
930 return ret;
931
932 err:
933 ASN1_item_ex_free(pval, it);
934
935 ERR_asprintf_error_data("Type=%s", it->sname);
936
937 return 0;
938 }
939
940 static int
asn1_item_d2i(ASN1_VALUE ** pval,CBS * cbs,const ASN1_ITEM * it,int tag_number,int tag_class,int optional,int depth)941 asn1_item_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
942 int tag_number, int tag_class, int optional, int depth)
943 {
944 if (pval == NULL)
945 return 0;
946
947 if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
948 ASN1error(ASN1_R_NESTED_TOO_DEEP);
949 goto err;
950 }
951
952 switch (it->itype) {
953 case ASN1_ITYPE_PRIMITIVE:
954 if (it->templates != NULL) {
955 /*
956 * Tagging or OPTIONAL is currently illegal on an item
957 * template because the flags can't get passed down.
958 * In practice this isn't a problem: we include the
959 * relevant flags from the item template in the
960 * template itself.
961 */
962 if (tag_number != -1 || optional) {
963 ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
964 goto err;
965 }
966 return asn1_template_d2i(pval, cbs, it->templates,
967 optional, depth);
968 }
969 return asn1_d2i_primitive(pval, cbs, it, tag_number, tag_class,
970 optional);
971
972 case ASN1_ITYPE_MSTRING:
973 return asn1_d2i_mstring(pval, cbs, it, tag_number, tag_class,
974 optional);
975
976 case ASN1_ITYPE_EXTERN:
977 return asn1_item_d2i_extern(pval, cbs, it, tag_number,
978 tag_class, optional);
979
980 case ASN1_ITYPE_CHOICE:
981 return asn1_item_d2i_choice(pval, cbs, it, tag_number,
982 tag_class, optional, depth);
983
984 case ASN1_ITYPE_NDEF_SEQUENCE:
985 case ASN1_ITYPE_SEQUENCE:
986 return asn1_item_d2i_sequence(pval, cbs, it, tag_number,
987 tag_class, optional, depth);
988
989 default:
990 return 0;
991 }
992
993 err:
994 ASN1_item_ex_free(pval, it);
995
996 ERR_asprintf_error_data("Type=%s", it->sname);
997
998 return 0;
999 }
1000
1001 static void
asn1_template_stack_of_free(STACK_OF (ASN1_VALUE)* avals,const ASN1_TEMPLATE * at)1002 asn1_template_stack_of_free(STACK_OF(ASN1_VALUE) *avals,
1003 const ASN1_TEMPLATE *at)
1004 {
1005 ASN1_VALUE *aval;
1006
1007 if (avals == NULL)
1008 return;
1009
1010 while (sk_ASN1_VALUE_num(avals) > 0) {
1011 aval = sk_ASN1_VALUE_pop(avals);
1012 ASN1_item_ex_free(&aval, at->item);
1013 }
1014 sk_ASN1_VALUE_free(avals);
1015 }
1016
1017 static int
asn1_template_stack_of_d2i(ASN1_VALUE ** pval,CBS * cbs,const ASN1_TEMPLATE * at,int optional,int depth)1018 asn1_template_stack_of_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at,
1019 int optional, int depth)
1020 {
1021 CBS cbs_object, cbs_object_content;
1022 STACK_OF(ASN1_VALUE) *avals = NULL;
1023 ASN1_VALUE *aval = NULL;
1024 int tag_number, tag_class;
1025 int eoc_needed;
1026 int indefinite;
1027 size_t length;
1028 int ret;
1029
1030 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
1031
1032 if (pval == NULL)
1033 return 0;
1034
1035 asn1_template_stack_of_free((STACK_OF(ASN1_VALUE) *)*pval, at);
1036 *pval = NULL;
1037
1038 tag_number = at->tag;
1039 tag_class = at->flags & ASN1_TFLG_TAG_CLASS;
1040
1041 /* Determine the inner tag value for SET OF or SEQUENCE OF. */
1042 if ((at->flags & ASN1_TFLG_IMPTAG) == 0) {
1043 tag_number = V_ASN1_SEQUENCE;
1044 tag_class = V_ASN1_UNIVERSAL;
1045 if ((at->flags & ASN1_TFLG_SET_OF) != 0)
1046 tag_number = V_ASN1_SET;
1047 }
1048
1049 ret = asn1_check_tag(&cbs_object, &length, NULL, NULL, &indefinite,
1050 NULL, tag_number, tag_class, optional);
1051 if (ret == -1)
1052 return -1;
1053 if (ret != 1) {
1054 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1055 return 0;
1056 }
1057
1058 if (indefinite) {
1059 eoc_needed = 1;
1060 CBS_init(&cbs_object_content, CBS_data(&cbs_object),
1061 CBS_len(&cbs_object));
1062 } else {
1063 eoc_needed = 0;
1064 if (!CBS_get_bytes(&cbs_object, &cbs_object_content,
1065 length))
1066 goto err;
1067 }
1068
1069 if ((avals = sk_ASN1_VALUE_new_null()) == NULL) {
1070 ASN1error(ERR_R_MALLOC_FAILURE);
1071 goto err;
1072 }
1073
1074 /* Read as many items as possible. */
1075 while (CBS_len(&cbs_object_content) > 0) {
1076 if (asn1_check_eoc(&cbs_object_content)) {
1077 if (!eoc_needed) {
1078 ASN1error(ASN1_R_UNEXPECTED_EOC);
1079 goto err;
1080 }
1081 eoc_needed = 0;
1082 break;
1083 }
1084 if (!asn1_item_d2i(&aval, &cbs_object_content, at->item, -1, 0,
1085 0, depth)) {
1086 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1087 goto err;
1088 }
1089 if (!sk_ASN1_VALUE_push(avals, aval)) {
1090 ASN1error(ERR_R_MALLOC_FAILURE);
1091 goto err;
1092 }
1093 aval = NULL;
1094 }
1095 if (eoc_needed) {
1096 ASN1error(ASN1_R_MISSING_EOC);
1097 goto err;
1098 }
1099
1100 if (indefinite) {
1101 if (!CBS_skip(&cbs_object, CBS_offset(&cbs_object_content)))
1102 goto err;
1103 }
1104
1105 if (!CBS_skip(cbs, CBS_offset(&cbs_object)))
1106 goto err;
1107
1108 *pval = (ASN1_VALUE *)avals;
1109 avals = NULL;
1110
1111 return 1;
1112
1113 err:
1114 asn1_template_stack_of_free(avals, at);
1115 ASN1_item_ex_free(&aval, at->item);
1116
1117 return 0;
1118 }
1119
1120 static int
asn1_template_noexp_d2i(ASN1_VALUE ** pval,CBS * cbs,const ASN1_TEMPLATE * at,int optional,int depth)1121 asn1_template_noexp_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at,
1122 int optional, int depth)
1123 {
1124 int tag_number, tag_class;
1125 int ret;
1126
1127 if (pval == NULL)
1128 return 0;
1129
1130 if ((at->flags & ASN1_TFLG_SK_MASK) != 0)
1131 return asn1_template_stack_of_d2i(pval, cbs, at, optional, depth);
1132
1133 tag_number = -1;
1134 tag_class = V_ASN1_UNIVERSAL;
1135
1136 /* See if we need to use IMPLICIT tagging. */
1137 if ((at->flags & ASN1_TFLG_IMPTAG) != 0) {
1138 tag_number = at->tag;
1139 tag_class = at->flags & ASN1_TFLG_TAG_CLASS;
1140 }
1141
1142 ret = asn1_item_d2i(pval, cbs, at->item, tag_number, tag_class,
1143 optional, depth);
1144 if (ret == -1)
1145 return -1;
1146 if (ret != 1) {
1147 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1148 goto err;
1149 }
1150
1151 return 1;
1152
1153 err:
1154 /* XXX - The called function should have freed already. */
1155 ASN1_template_free(pval, at);
1156 return 0;
1157 }
1158
1159 static int
asn1_template_d2i(ASN1_VALUE ** pval,CBS * cbs,const ASN1_TEMPLATE * at,int optional,int depth)1160 asn1_template_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at,
1161 int optional, int depth)
1162 {
1163 CBS cbs_exp, cbs_exp_content;
1164 int constructed, indefinite;
1165 size_t length;
1166 int ret;
1167
1168 if (pval == NULL)
1169 return 0;
1170
1171 /* Check if EXPLICIT tag is expected. */
1172 if ((at->flags & ASN1_TFLG_EXPTAG) == 0)
1173 return asn1_template_noexp_d2i(pval, cbs, at, optional, depth);
1174
1175 CBS_init(&cbs_exp, CBS_data(cbs), CBS_len(cbs));
1176
1177 /* Read ASN.1 header for EXPLICIT tagged object. */
1178 ret = asn1_check_tag(&cbs_exp, &length, NULL, NULL, &indefinite,
1179 &constructed, at->tag, at->flags & ASN1_TFLG_TAG_CLASS, optional);
1180 if (ret == -1)
1181 return -1;
1182 if (ret != 1) {
1183 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1184 return 0;
1185 }
1186
1187 if (!constructed) {
1188 ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
1189 return 0;
1190 }
1191
1192 if (indefinite) {
1193 CBS_init(&cbs_exp_content, CBS_data(&cbs_exp), CBS_len(&cbs_exp));
1194 } else {
1195 if (!CBS_get_bytes(&cbs_exp, &cbs_exp_content, length))
1196 goto err;
1197 }
1198
1199 if ((ret = asn1_template_noexp_d2i(pval, &cbs_exp_content, at, 0,
1200 depth)) != 1) {
1201 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1202 return 0;
1203 }
1204
1205 if (indefinite) {
1206 if (!asn1_check_eoc(&cbs_exp_content)) {
1207 ASN1error(ASN1_R_MISSING_EOC);
1208 goto err;
1209 }
1210 if (!CBS_skip(&cbs_exp, CBS_offset(&cbs_exp_content)))
1211 goto err;
1212 } else if (CBS_len(&cbs_exp_content) != 0) {
1213 ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH);
1214 goto err;
1215 }
1216
1217 if (!CBS_skip(cbs, CBS_offset(&cbs_exp)))
1218 goto err;
1219
1220 return 1;
1221
1222 err:
1223 ASN1_template_free(pval, at);
1224 return 0;
1225 }
1226
1227 ASN1_VALUE *
ASN1_item_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long inlen,const ASN1_ITEM * it)1228 ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
1229 const ASN1_ITEM *it)
1230 {
1231 ASN1_VALUE *ptmpval = NULL;
1232
1233 if (pval == NULL)
1234 pval = &ptmpval;
1235 if (ASN1_item_ex_d2i(pval, in, inlen, it, -1, 0, 0, NULL) <= 0)
1236 return NULL;
1237
1238 return *pval;
1239 }
1240 LCRYPTO_ALIAS(ASN1_item_d2i);
1241
1242 int
ASN1_item_ex_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long inlen,const ASN1_ITEM * it,int tag_number,int tag_class,char optional,ASN1_TLC * ctx)1243 ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
1244 const ASN1_ITEM *it, int tag_number, int tag_class, char optional,
1245 ASN1_TLC *ctx)
1246 {
1247 CBS cbs;
1248 int ret;
1249
1250 if (inlen < 0)
1251 return 0;
1252
1253 CBS_init(&cbs, *in, inlen);
1254 if ((ret = asn1_item_d2i(pval, &cbs, it, tag_number, tag_class,
1255 (int)optional, 0)) == 1)
1256 *in = CBS_data(&cbs);
1257
1258 return ret;
1259 }
1260 LCRYPTO_ALIAS(ASN1_item_ex_d2i);
1261