xref: /openbsd/usr.bin/openssl/asn1pars.c (revision 666d181c) 
1 /* $OpenBSD: asn1pars.c,v 1.17 2025/01/02 12:31:44 tb Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 /* A nice addition from Dr Stephen Henson <steve@openssl.org> to
60  * add the -strparse option which parses nested binary structures
61  */
62 
63 #include <stdio.h>
64 #include <stdlib.h>
65 #include <limits.h>
66 #include <string.h>
67 
68 #include "apps.h"
69 
70 #include <openssl/err.h>
71 #include <openssl/evp.h>
72 #include <openssl/pem.h>
73 #include <openssl/x509.h>
74 
75 static struct {
76 	char *derfile;
77 	int dump;
78 	char *genconf;
79 	char *genstr;
80 	int indent;
81 	char *infile;
82 	int informat;
83 	unsigned int length;
84 	int noout;
85 	int offset;
86 	char *oidfile;
87 	STACK_OF(OPENSSL_STRING) *osk;
88 } cfg;
89 
90 static int
91 asn1pars_opt_dlimit(char *arg)
92 {
93 	const char *errstr;
94 
95 	cfg.dump = strtonum(arg, 1, INT_MAX, &errstr);
96 	if (errstr) {
97 		fprintf(stderr, "-dlimit must be from 1 to INT_MAX: %s\n",
98 		    errstr);
99 		return (-1);
100 	}
101 	return (0);
102 }
103 
104 static int
105 asn1pars_opt_length(char *arg)
106 {
107 	const char *errstr;
108 
109 	cfg.length = strtonum(arg, 1, UINT_MAX, &errstr);
110 	if (errstr) {
111 		fprintf(stderr, "-length must be from 1 to UINT_MAX: %s\n",
112 		    errstr);
113 		return (-1);
114 	}
115 	return (0);
116 }
117 
118 static int
119 asn1pars_opt_strparse(char *arg)
120 {
121 	if (sk_OPENSSL_STRING_push(cfg.osk, arg) == 0) {
122 		fprintf(stderr, "-strparse cannot add argument\n");
123 		return (-1);
124 	}
125 	return (0);
126 }
127 
128 static const struct option asn1pars_options[] = {
129 	{
130 		.name = "dump",
131 		.desc = "Dump unknown data in hex form",
132 		.type = OPTION_VALUE,
133 		.value = -1,
134 		.opt.value = &cfg.dump,
135 	},
136 	{
137 		.name = "dlimit",
138 		.argname = "num",
139 		.desc = "Dump the first num bytes of unknown data in hex form",
140 		.type = OPTION_ARG_FUNC,
141 		.opt.argfunc = asn1pars_opt_dlimit,
142 	},
143 	{
144 		.name = "genconf",
145 		.argname = "file",
146 		.desc = "File to generate ASN.1 structure from",
147 		.type = OPTION_ARG,
148 		.opt.arg = &cfg.genconf,
149 	},
150 	{
151 		.name = "genstr",
152 		.argname = "string",
153 		.desc = "String to generate ASN.1 structure from",
154 		.type = OPTION_ARG,
155 		.opt.arg = &cfg.genstr,
156 	},
157 	{
158 		.name = "i",
159 		.desc = "Indent output according to depth of structures",
160 		.type = OPTION_FLAG,
161 		.opt.flag = &cfg.indent,
162 	},
163 	{
164 		.name = "in",
165 		.argname = "file",
166 		.desc = "The input file (default stdin)",
167 		.type = OPTION_ARG,
168 		.opt.arg = &cfg.infile,
169 	},
170 	{
171 		.name = "inform",
172 		.argname = "fmt",
173 		.desc = "Input format (DER, TXT or PEM (default))",
174 		.type = OPTION_ARG_FORMAT,
175 		.opt.value = &cfg.informat,
176 	},
177 	{
178 		.name = "length",
179 		.argname = "num",
180 		.desc = "Number of bytes to parse (default until EOF)",
181 		.type = OPTION_ARG_FUNC,
182 		.opt.argfunc = asn1pars_opt_length,
183 	},
184 	{
185 		.name = "noout",
186 		.desc = "Do not produce any output",
187 		.type = OPTION_FLAG,
188 		.opt.flag = &cfg.noout,
189 	},
190 	{
191 		.name = "offset",
192 		.argname = "num",
193 		.desc = "Offset to begin parsing",
194 		.type = OPTION_ARG_INT,
195 		.opt.value = &cfg.offset,
196 	},
197 	{
198 		.name = "oid",
199 		.argname = "file",
200 		.desc = "File containing additional object identifiers (OIDs)",
201 		.type = OPTION_ARG,
202 		.opt.arg = &cfg.oidfile,
203 	},
204 	{
205 		.name = "out",
206 		.argname = "file",
207 		.desc = "Output file in DER format",
208 		.type = OPTION_ARG,
209 		.opt.arg = &cfg.derfile,
210 	},
211 	{
212 		.name = "strparse",
213 		.argname = "offset",
214 		.desc = "Parse the content octets of ASN.1 object starting at"
215 		" offset",
216 		.type = OPTION_ARG_FUNC,
217 		.opt.argfunc = asn1pars_opt_strparse,
218 	},
219 	{ NULL },
220 };
221 
222 static void
223 asn1pars_usage(void)
224 {
225 	fprintf(stderr,
226 	    "usage: asn1parse [-i] [-dlimit num] [-dump] [-genconf file] "
227 	    "[-genstr string]\n"
228 	    "    [-in file] [-inform fmt] [-length num] [-noout] [-offset num] "
229 	    "[-oid file]\n"
230 	    "    [-out file] [-strparse offset]\n\n");
231 	options_usage(asn1pars_options);
232 }
233 
234 static int do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf);
235 
236 int
237 asn1parse_main(int argc, char **argv)
238 {
239 	int i, j, ret = 1;
240 	long num, tmplen;
241 	BIO *in = NULL, *out = NULL, *b64 = NULL, *derout = NULL;
242 	char *str = NULL;
243 	const char *errstr = NULL;
244 	unsigned char *tmpbuf;
245 	const unsigned char *ctmpbuf;
246 	BUF_MEM *buf = NULL;
247 	ASN1_TYPE *at = NULL;
248 
249 	if (pledge("stdio cpath wpath rpath", NULL) == -1) {
250 		perror("pledge");
251 		exit(1);
252 	}
253 
254 	memset(&cfg, 0, sizeof(cfg));
255 
256 	cfg.informat = FORMAT_PEM;
257 	if ((cfg.osk = sk_OPENSSL_STRING_new_null()) == NULL) {
258 		BIO_printf(bio_err, "Memory allocation failure\n");
259 		goto end;
260 	}
261 
262 	if (options_parse(argc, argv, asn1pars_options, NULL, NULL) != 0) {
263 		asn1pars_usage();
264 		return (1);
265 	}
266 
267 	in = BIO_new(BIO_s_file());
268 	out = BIO_new(BIO_s_file());
269 	if (in == NULL || out == NULL) {
270 		ERR_print_errors(bio_err);
271 		goto end;
272 	}
273 	BIO_set_fp(out, stdout, BIO_NOCLOSE | BIO_FP_TEXT);
274 
275 	if (cfg.oidfile != NULL) {
276 		if (BIO_read_filename(in, cfg.oidfile) <= 0) {
277 			BIO_printf(bio_err, "problems opening %s\n",
278 			    cfg.oidfile);
279 			ERR_print_errors(bio_err);
280 			goto end;
281 		}
282 		OBJ_create_objects(in);
283 	}
284 	if (cfg.infile == NULL)
285 		BIO_set_fp(in, stdin, BIO_NOCLOSE);
286 	else {
287 		if (BIO_read_filename(in, cfg.infile) <= 0) {
288 			perror(cfg.infile);
289 			goto end;
290 		}
291 	}
292 
293 	if (cfg.derfile != NULL) {
294 		if ((derout = BIO_new_file(cfg.derfile, "wb")) == NULL) {
295 			BIO_printf(bio_err, "problems opening %s\n",
296 			    cfg.derfile);
297 			ERR_print_errors(bio_err);
298 			goto end;
299 		}
300 	}
301 	if ((buf = BUF_MEM_new()) == NULL)
302 		goto end;
303 	if (!BUF_MEM_grow(buf, BUFSIZ * 8))
304 		goto end;
305 
306 	if (cfg.genstr != NULL || cfg.genconf) {
307 		num = do_generate(bio_err, cfg.genstr, cfg.genconf, buf);
308 		if (num < 0) {
309 			ERR_print_errors(bio_err);
310 			goto end;
311 		}
312 	} else {
313 		if (cfg.informat == FORMAT_PEM) {
314 			BIO *tmp;
315 
316 			if ((b64 = BIO_new(BIO_f_base64())) == NULL)
317 				goto end;
318 			BIO_push(b64, in);
319 			tmp = in;
320 			in = b64;
321 			b64 = tmp;
322 		}
323 		num = 0;
324 		for (;;) {
325 			if (!BUF_MEM_grow(buf, (int) num + BUFSIZ))
326 				goto end;
327 			i = BIO_read(in, &(buf->data[num]), BUFSIZ);
328 			if (i <= 0)
329 				break;
330 			num += i;
331 		}
332 	}
333 	str = buf->data;
334 
335 	/* If any structs to parse go through in sequence */
336 
337 	if (sk_OPENSSL_STRING_num(cfg.osk) > 0) {
338 		tmpbuf = (unsigned char *) str;
339 		tmplen = num;
340 		for (i = 0; i < sk_OPENSSL_STRING_num(cfg.osk); i++) {
341 			ASN1_TYPE *atmp;
342 			int typ;
343 			j = strtonum(sk_OPENSSL_STRING_value(cfg.osk, i),
344 			    1, INT_MAX, &errstr);
345 			if (errstr) {
346 				BIO_printf(bio_err,
347 				    "'%s' is an invalid number: %s\n",
348 				    sk_OPENSSL_STRING_value(cfg.osk, i), errstr);
349 				continue;
350 			}
351 			tmpbuf += j;
352 			tmplen -= j;
353 			atmp = at;
354 			ctmpbuf = tmpbuf;
355 			at = d2i_ASN1_TYPE(NULL, &ctmpbuf, tmplen);
356 			ASN1_TYPE_free(atmp);
357 			if (!at) {
358 				BIO_printf(bio_err, "Error parsing structure\n");
359 				ERR_print_errors(bio_err);
360 				goto end;
361 			}
362 			typ = ASN1_TYPE_get(at);
363 			if (typ == V_ASN1_BOOLEAN || typ == V_ASN1_NULL ||
364 			    typ == V_ASN1_OBJECT) {
365 				BIO_printf(bio_err, "Can't parse %s type\n",
366 				    ASN1_tag2str(typ));
367 				ERR_print_errors(bio_err);
368 				goto end;
369 			}
370 			/* hmm... this is a little evil but it works */
371 			tmpbuf = at->value.asn1_string->data;
372 			tmplen = at->value.asn1_string->length;
373 		}
374 		str = (char *) tmpbuf;
375 		num = tmplen;
376 	}
377 	if (cfg.offset >= num) {
378 		BIO_printf(bio_err, "Error: offset too large\n");
379 		goto end;
380 	}
381 	num -= cfg.offset;
382 
383 	if (cfg.length == 0 || (long)cfg.length > num)
384 		cfg.length = (unsigned int) num;
385 	if (derout != NULL) {
386 		if (BIO_write(derout, str + cfg.offset,
387 		    cfg.length) != (int)cfg.length) {
388 			BIO_printf(bio_err, "Error writing output\n");
389 			ERR_print_errors(bio_err);
390 			goto end;
391 		}
392 	}
393 	if (!cfg.noout && !ASN1_parse_dump(out,
394 	    (unsigned char *)&str[cfg.offset], cfg.length, cfg.indent, cfg.dump)) {
395 		ERR_print_errors(bio_err);
396 		goto end;
397 	}
398 	ret = 0;
399  end:
400 	BIO_free(derout);
401 	BIO_free(in);
402 	BIO_free_all(out);
403 	BIO_free(b64);
404 	if (ret != 0)
405 		ERR_print_errors(bio_err);
406 	BUF_MEM_free(buf);
407 	ASN1_TYPE_free(at);
408 	sk_OPENSSL_STRING_free(cfg.osk);
409 	OBJ_cleanup();
410 
411 	return (ret);
412 }
413 
414 static int
415 do_generate(BIO *bio, char *genstr, char *genconf, BUF_MEM *buf)
416 {
417 	CONF *cnf = NULL;
418 	int len;
419 	long errline;
420 	unsigned char *p;
421 	ASN1_TYPE *atyp = NULL;
422 
423 	if (genconf) {
424 		cnf = NCONF_new(NULL);
425 		if (!NCONF_load(cnf, genconf, &errline))
426 			goto conferr;
427 		if (!genstr)
428 			genstr = NCONF_get_string(cnf, "default", "asn1");
429 		if (!genstr) {
430 			BIO_printf(bio, "Can't find 'asn1' in '%s'\n", genconf);
431 			goto err;
432 		}
433 	}
434 	atyp = ASN1_generate_nconf(genstr, cnf);
435 	NCONF_free(cnf);
436 	cnf = NULL;
437 
438 	if (!atyp)
439 		return -1;
440 
441 	len = i2d_ASN1_TYPE(atyp, NULL);
442 	if (len <= 0)
443 		goto err;
444 
445 	if (!BUF_MEM_grow(buf, len))
446 		goto err;
447 
448 	p = (unsigned char *) buf->data;
449 
450 	i2d_ASN1_TYPE(atyp, &p);
451 
452 	ASN1_TYPE_free(atyp);
453 	return len;
454 
455  conferr:
456 
457 	if (errline > 0)
458 		BIO_printf(bio, "Error on line %ld of config file '%s'\n",
459 		    errline, genconf);
460 	else
461 		BIO_printf(bio, "Error loading config file '%s'\n", genconf);
462 
463  err:
464 	NCONF_free(cnf);
465 	ASN1_TYPE_free(atyp);
466 
467 	return -1;
468 
469 }
470