1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58
59 #include <string.h>
60
61 #include <openssl/asn1t.h>
62 #include <openssl/buf.h>
63 #include <openssl/err.h>
64 #include <openssl/mem.h>
65
66 #include "../internal.h"
67
68
69 static int asn1_check_eoc(const unsigned char **in, long len);
70 static int asn1_find_end(const unsigned char **in, long len, char inf);
71
72 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
73 char inf, int tag, int aclass, int depth);
74
75 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
76
77 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
78 char *inf, char *cst,
79 const unsigned char **in, long len,
80 int exptag, int expclass, char opt,
81 ASN1_TLC *ctx);
82
83 static int asn1_template_ex_d2i(ASN1_VALUE **pval,
84 const unsigned char **in, long len,
85 const ASN1_TEMPLATE *tt, char opt,
86 ASN1_TLC *ctx);
87 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
88 const unsigned char **in, long len,
89 const ASN1_TEMPLATE *tt, char opt,
90 ASN1_TLC *ctx);
91 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
92 const unsigned char **in, long len,
93 const ASN1_ITEM *it,
94 int tag, int aclass, char opt, ASN1_TLC *ctx);
95
96 /* Table to convert tags to bit values, used for MSTRING type */
97 static const unsigned long tag2bit[32] = {
98 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
99 B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
100 B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
101 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
102 B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
103 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
104 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
105 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
106 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
107 };
108
ASN1_tag2bit(int tag)109 unsigned long ASN1_tag2bit(int tag)
110 {
111 if ((tag < 0) || (tag > 30)) return 0;
112 return tag2bit[tag];
113 }
114
115 /* Macro to initialize and invalidate the cache */
116
117 #define asn1_tlc_clear(c) if (c) (c)->valid = 0
118 /* Version to avoid compiler warning about 'c' always non-NULL */
119 #define asn1_tlc_clear_nc(c) (c)->valid = 0
120
121 /* Decode an ASN1 item, this currently behaves just
122 * like a standard 'd2i' function. 'in' points to
123 * a buffer to read the data from, in future we will
124 * have more advanced versions that can input data
125 * a piece at a time and this will simply be a special
126 * case.
127 */
128
ASN1_item_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long len,const ASN1_ITEM * it)129 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
130 const unsigned char **in, long len, const ASN1_ITEM *it)
131 {
132 ASN1_TLC c;
133 ASN1_VALUE *ptmpval = NULL;
134 if (!pval)
135 pval = &ptmpval;
136 asn1_tlc_clear_nc(&c);
137 if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
138 return *pval;
139 return NULL;
140 }
141
ASN1_template_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long len,const ASN1_TEMPLATE * tt)142 int ASN1_template_d2i(ASN1_VALUE **pval,
143 const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
144 {
145 ASN1_TLC c;
146 asn1_tlc_clear_nc(&c);
147 return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
148 }
149
150
151 /* Decode an item, taking care of IMPLICIT tagging, if any.
152 * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
153 */
154
ASN1_item_ex_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long len,const ASN1_ITEM * it,int tag,int aclass,char opt,ASN1_TLC * ctx)155 int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
156 const ASN1_ITEM *it,
157 int tag, int aclass, char opt, ASN1_TLC *ctx)
158 {
159 const ASN1_TEMPLATE *tt, *errtt = NULL;
160 const ASN1_COMPAT_FUNCS *cf;
161 const ASN1_EXTERN_FUNCS *ef;
162 const ASN1_AUX *aux = it->funcs;
163 ASN1_aux_cb *asn1_cb;
164 const unsigned char *p = NULL, *q;
165 unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
166 unsigned char imphack = 0, oclass;
167 char seq_eoc, seq_nolen, cst, isopt;
168 long tmplen;
169 int i;
170 int otag;
171 int ret = 0;
172 ASN1_VALUE **pchptr, *ptmpval;
173 if (!pval)
174 return 0;
175 if (aux && aux->asn1_cb)
176 asn1_cb = aux->asn1_cb;
177 else asn1_cb = 0;
178
179 switch(it->itype)
180 {
181 case ASN1_ITYPE_PRIMITIVE:
182 if (it->templates)
183 {
184 /* tagging or OPTIONAL is currently illegal on an item
185 * template because the flags can't get passed down.
186 * In practice this isn't a problem: we include the
187 * relevant flags from the item template in the
188 * template itself.
189 */
190 if ((tag != -1) || opt)
191 {
192 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
193 goto err;
194 }
195 return asn1_template_ex_d2i(pval, in, len,
196 it->templates, opt, ctx);
197 }
198 return asn1_d2i_ex_primitive(pval, in, len, it,
199 tag, aclass, opt, ctx);
200 break;
201
202 case ASN1_ITYPE_MSTRING:
203 p = *in;
204 /* Just read in tag and class */
205 ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
206 &p, len, -1, 0, 1, ctx);
207 if (!ret)
208 {
209 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
210 goto err;
211 }
212
213 /* Must be UNIVERSAL class */
214 if (oclass != V_ASN1_UNIVERSAL)
215 {
216 /* If OPTIONAL, assume this is OK */
217 if (opt) return -1;
218 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_MSTRING_NOT_UNIVERSAL);
219 goto err;
220 }
221 /* Check tag matches bit map */
222 if (!(ASN1_tag2bit(otag) & it->utype))
223 {
224 /* If OPTIONAL, assume this is OK */
225 if (opt)
226 return -1;
227 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_MSTRING_WRONG_TAG);
228 goto err;
229 }
230 return asn1_d2i_ex_primitive(pval, in, len,
231 it, otag, 0, 0, ctx);
232
233 case ASN1_ITYPE_EXTERN:
234 /* Use new style d2i */
235 ef = it->funcs;
236 return ef->asn1_ex_d2i(pval, in, len,
237 it, tag, aclass, opt, ctx);
238
239 case ASN1_ITYPE_COMPAT:
240 /* we must resort to old style evil hackery */
241 cf = it->funcs;
242
243 /* If OPTIONAL see if it is there */
244 if (opt)
245 {
246 int exptag;
247 p = *in;
248 if (tag == -1)
249 exptag = it->utype;
250 else exptag = tag;
251 /* Don't care about anything other than presence
252 * of expected tag */
253
254 ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
255 &p, len, exptag, aclass, 1, ctx);
256 if (!ret)
257 {
258 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
259 goto err;
260 }
261 if (ret == -1)
262 return -1;
263 }
264
265 /* This is the old style evil hack IMPLICIT handling:
266 * since the underlying code is expecting a tag and
267 * class other than the one present we change the
268 * buffer temporarily then change it back afterwards.
269 * This doesn't and never did work for tags > 30.
270 *
271 * Yes this is *horrible* but it is only needed for
272 * old style d2i which will hopefully not be around
273 * for much longer.
274 * FIXME: should copy the buffer then modify it so
275 * the input buffer can be const: we should *always*
276 * copy because the old style d2i might modify the
277 * buffer.
278 */
279
280 if (tag != -1)
281 {
282 wp = *(unsigned char **)in;
283 imphack = *wp;
284 if (p == NULL)
285 {
286 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
287 goto err;
288 }
289 *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
290 | it->utype);
291 }
292
293 ptmpval = cf->asn1_d2i(pval, in, len);
294
295 if (tag != -1)
296 *wp = imphack;
297
298 if (ptmpval)
299 return 1;
300
301 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
302 goto err;
303
304
305 case ASN1_ITYPE_CHOICE:
306 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
307 goto auxerr;
308
309 if (*pval)
310 {
311 /* Free up and zero CHOICE value if initialised */
312 i = asn1_get_choice_selector(pval, it);
313 if ((i >= 0) && (i < it->tcount))
314 {
315 tt = it->templates + i;
316 pchptr = asn1_get_field_ptr(pval, tt);
317 ASN1_template_free(pchptr, tt);
318 asn1_set_choice_selector(pval, -1, it);
319 }
320 }
321 else if (!ASN1_item_ex_new(pval, it))
322 {
323 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
324 goto err;
325 }
326 /* CHOICE type, try each possibility in turn */
327 p = *in;
328 for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
329 {
330 pchptr = asn1_get_field_ptr(pval, tt);
331 /* We mark field as OPTIONAL so its absence
332 * can be recognised.
333 */
334 ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
335 /* If field not present, try the next one */
336 if (ret == -1)
337 continue;
338 /* If positive return, read OK, break loop */
339 if (ret > 0)
340 break;
341 /* Otherwise must be an ASN1 parsing error */
342 errtt = tt;
343 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
344 goto err;
345 }
346
347 /* Did we fall off the end without reading anything? */
348 if (i == it->tcount)
349 {
350 /* If OPTIONAL, this is OK */
351 if (opt)
352 {
353 /* Free and zero it */
354 ASN1_item_ex_free(pval, it);
355 return -1;
356 }
357 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NO_MATCHING_CHOICE_TYPE);
358 goto err;
359 }
360
361 asn1_set_choice_selector(pval, i, it);
362 *in = p;
363 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
364 goto auxerr;
365 return 1;
366
367 case ASN1_ITYPE_NDEF_SEQUENCE:
368 case ASN1_ITYPE_SEQUENCE:
369 p = *in;
370 tmplen = len;
371
372 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
373 if (tag == -1)
374 {
375 tag = V_ASN1_SEQUENCE;
376 aclass = V_ASN1_UNIVERSAL;
377 }
378 /* Get SEQUENCE length and update len, p */
379 ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
380 &p, len, tag, aclass, opt, ctx);
381 if (!ret)
382 {
383 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
384 goto err;
385 }
386 else if (ret == -1)
387 return -1;
388 if (aux && (aux->flags & ASN1_AFLG_BROKEN))
389 {
390 len = tmplen - (p - *in);
391 seq_nolen = 1;
392 }
393 /* If indefinite we don't do a length check */
394 else seq_nolen = seq_eoc;
395 if (!cst)
396 {
397 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
398 goto err;
399 }
400
401 if (!*pval && !ASN1_item_ex_new(pval, it))
402 {
403 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
404 goto err;
405 }
406
407 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
408 goto auxerr;
409
410 /* Free up and zero any ADB found */
411 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
412 {
413 if (tt->flags & ASN1_TFLG_ADB_MASK)
414 {
415 const ASN1_TEMPLATE *seqtt;
416 ASN1_VALUE **pseqval;
417 seqtt = asn1_do_adb(pval, tt, 1);
418 pseqval = asn1_get_field_ptr(pval, seqtt);
419 ASN1_template_free(pseqval, seqtt);
420 }
421 }
422
423 /* Get each field entry */
424 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
425 {
426 const ASN1_TEMPLATE *seqtt;
427 ASN1_VALUE **pseqval;
428 seqtt = asn1_do_adb(pval, tt, 1);
429 if (!seqtt)
430 goto err;
431 pseqval = asn1_get_field_ptr(pval, seqtt);
432 /* Have we ran out of data? */
433 if (!len)
434 break;
435 q = p;
436 if (asn1_check_eoc(&p, len))
437 {
438 if (!seq_eoc)
439 {
440 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_UNEXPECTED_EOC);
441 goto err;
442 }
443 len -= p - q;
444 seq_eoc = 0;
445 q = p;
446 break;
447 }
448 /* This determines the OPTIONAL flag value. The field
449 * cannot be omitted if it is the last of a SEQUENCE
450 * and there is still data to be read. This isn't
451 * strictly necessary but it increases efficiency in
452 * some cases.
453 */
454 if (i == (it->tcount - 1))
455 isopt = 0;
456 else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
457 /* attempt to read in field, allowing each to be
458 * OPTIONAL */
459
460 ret = asn1_template_ex_d2i(pseqval, &p, len,
461 seqtt, isopt, ctx);
462 if (!ret)
463 {
464 errtt = seqtt;
465 goto err;
466 }
467 else if (ret == -1)
468 {
469 /* OPTIONAL component absent.
470 * Free and zero the field.
471 */
472 ASN1_template_free(pseqval, seqtt);
473 continue;
474 }
475 /* Update length */
476 len -= p - q;
477 }
478
479 /* Check for EOC if expecting one */
480 if (seq_eoc && !asn1_check_eoc(&p, len))
481 {
482 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_MISSING_EOC);
483 goto err;
484 }
485 /* Check all data read */
486 if (!seq_nolen && len)
487 {
488 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
489 goto err;
490 }
491
492 /* If we get here we've got no more data in the SEQUENCE,
493 * however we may not have read all fields so check all
494 * remaining are OPTIONAL and clear any that are.
495 */
496 for (; i < it->tcount; tt++, i++)
497 {
498 const ASN1_TEMPLATE *seqtt;
499 seqtt = asn1_do_adb(pval, tt, 1);
500 if (!seqtt)
501 goto err;
502 if (seqtt->flags & ASN1_TFLG_OPTIONAL)
503 {
504 ASN1_VALUE **pseqval;
505 pseqval = asn1_get_field_ptr(pval, seqtt);
506 ASN1_template_free(pseqval, seqtt);
507 }
508 else
509 {
510 errtt = seqtt;
511 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_FIELD_MISSING);
512 goto err;
513 }
514 }
515 /* Save encoding */
516 if (!asn1_enc_save(pval, *in, p - *in, it))
517 goto auxerr;
518 *in = p;
519 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
520 goto auxerr;
521 return 1;
522
523 default:
524 return 0;
525 }
526 auxerr:
527 OPENSSL_PUT_ERROR(ASN1, ASN1_item_ex_d2i, ASN1_R_AUX_ERROR);
528 err:
529 ASN1_item_ex_free(pval, it);
530 if (errtt)
531 ERR_add_error_data(4, "Field=", errtt->field_name,
532 ", Type=", it->sname);
533 else
534 ERR_add_error_data(2, "Type=", it->sname);
535 return 0;
536 }
537
538 /* Templates are handled with two separate functions.
539 * One handles any EXPLICIT tag and the other handles the rest.
540 */
541
asn1_template_ex_d2i(ASN1_VALUE ** val,const unsigned char ** in,long inlen,const ASN1_TEMPLATE * tt,char opt,ASN1_TLC * ctx)542 static int asn1_template_ex_d2i(ASN1_VALUE **val,
543 const unsigned char **in, long inlen,
544 const ASN1_TEMPLATE *tt, char opt,
545 ASN1_TLC *ctx)
546 {
547 int flags, aclass;
548 int ret;
549 long len;
550 const unsigned char *p, *q;
551 char exp_eoc;
552 if (!val)
553 return 0;
554 flags = tt->flags;
555 aclass = flags & ASN1_TFLG_TAG_CLASS;
556
557 p = *in;
558
559 /* Check if EXPLICIT tag expected */
560 if (flags & ASN1_TFLG_EXPTAG)
561 {
562 char cst;
563 /* Need to work out amount of data available to the inner
564 * content and where it starts: so read in EXPLICIT header to
565 * get the info.
566 */
567 ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
568 &p, inlen, tt->tag, aclass, opt, ctx);
569 q = p;
570 if (!ret)
571 {
572 OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
573 return 0;
574 }
575 else if (ret == -1)
576 return -1;
577 if (!cst)
578 {
579 OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
580 return 0;
581 }
582 /* We've found the field so it can't be OPTIONAL now */
583 ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
584 if (!ret)
585 {
586 OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_NESTED_ASN1_ERROR);
587 return 0;
588 }
589 /* We read the field in OK so update length */
590 len -= p - q;
591 if (exp_eoc)
592 {
593 /* If NDEF we must have an EOC here */
594 if (!asn1_check_eoc(&p, len))
595 {
596 OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_MISSING_EOC);
597 goto err;
598 }
599 }
600 else
601 {
602 /* Otherwise we must hit the EXPLICIT tag end or its
603 * an error */
604 if (len)
605 {
606 OPENSSL_PUT_ERROR(ASN1, asn1_template_ex_d2i, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
607 goto err;
608 }
609 }
610 }
611 else
612 return asn1_template_noexp_d2i(val, in, inlen,
613 tt, opt, ctx);
614
615 *in = p;
616 return 1;
617
618 err:
619 ASN1_template_free(val, tt);
620 return 0;
621 }
622
asn1_template_noexp_d2i(ASN1_VALUE ** val,const unsigned char ** in,long len,const ASN1_TEMPLATE * tt,char opt,ASN1_TLC * ctx)623 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
624 const unsigned char **in, long len,
625 const ASN1_TEMPLATE *tt, char opt,
626 ASN1_TLC *ctx)
627 {
628 int flags, aclass;
629 int ret;
630 const unsigned char *p;
631 if (!val)
632 return 0;
633 flags = tt->flags;
634 aclass = flags & ASN1_TFLG_TAG_CLASS;
635
636 p = *in;
637
638 if (flags & ASN1_TFLG_SK_MASK)
639 {
640 /* SET OF, SEQUENCE OF */
641 int sktag, skaclass;
642 char sk_eoc;
643 /* First work out expected inner tag value */
644 if (flags & ASN1_TFLG_IMPTAG)
645 {
646 sktag = tt->tag;
647 skaclass = aclass;
648 }
649 else
650 {
651 skaclass = V_ASN1_UNIVERSAL;
652 if (flags & ASN1_TFLG_SET_OF)
653 sktag = V_ASN1_SET;
654 else
655 sktag = V_ASN1_SEQUENCE;
656 }
657 /* Get the tag */
658 ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
659 &p, len, sktag, skaclass, opt, ctx);
660 if (!ret)
661 {
662 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR);
663 return 0;
664 }
665 else if (ret == -1)
666 return -1;
667 if (!*val)
668 *val = (ASN1_VALUE *)sk_new_null();
669 else
670 {
671 /* We've got a valid STACK: free up any items present */
672 STACK_OF(ASN1_VALUE) *sktmp
673 = (STACK_OF(ASN1_VALUE) *)*val;
674 ASN1_VALUE *vtmp;
675 while(sk_ASN1_VALUE_num(sktmp) > 0)
676 {
677 vtmp = sk_ASN1_VALUE_pop(sktmp);
678 ASN1_item_ex_free(&vtmp,
679 ASN1_ITEM_ptr(tt->item));
680 }
681 }
682
683 if (!*val)
684 {
685 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ERR_R_MALLOC_FAILURE);
686 goto err;
687 }
688
689 /* Read as many items as we can */
690 while(len > 0)
691 {
692 ASN1_VALUE *skfield;
693 const unsigned char *q = p;
694 /* See if EOC found */
695 if (asn1_check_eoc(&p, len))
696 {
697 if (!sk_eoc)
698 {
699 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_UNEXPECTED_EOC);
700 goto err;
701 }
702 len -= p - q;
703 sk_eoc = 0;
704 break;
705 }
706 skfield = NULL;
707 if (!ASN1_item_ex_d2i(&skfield, &p, len,
708 ASN1_ITEM_ptr(tt->item),
709 -1, 0, 0, ctx))
710 {
711 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR);
712 goto err;
713 }
714 len -= p - q;
715 if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
716 skfield))
717 {
718 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ERR_R_MALLOC_FAILURE);
719 goto err;
720 }
721 }
722 if (sk_eoc)
723 {
724 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_MISSING_EOC);
725 goto err;
726 }
727 }
728 else if (flags & ASN1_TFLG_IMPTAG)
729 {
730 /* IMPLICIT tagging */
731 ret = ASN1_item_ex_d2i(val, &p, len,
732 ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
733 if (!ret)
734 {
735 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR);
736 goto err;
737 }
738 else if (ret == -1)
739 return -1;
740 }
741 else
742 {
743 /* Nothing special */
744 ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
745 -1, 0, opt, ctx);
746 if (!ret)
747 {
748 OPENSSL_PUT_ERROR(ASN1, asn1_template_noexp_d2i, ASN1_R_NESTED_ASN1_ERROR);
749 goto err;
750 }
751 else if (ret == -1)
752 return -1;
753 }
754
755 *in = p;
756 return 1;
757
758 err:
759 ASN1_template_free(val, tt);
760 return 0;
761 }
762
asn1_d2i_ex_primitive(ASN1_VALUE ** pval,const unsigned char ** in,long inlen,const ASN1_ITEM * it,int tag,int aclass,char opt,ASN1_TLC * ctx)763 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
764 const unsigned char **in, long inlen,
765 const ASN1_ITEM *it,
766 int tag, int aclass, char opt, ASN1_TLC *ctx)
767 OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS
768 {
769 int ret = 0, utype;
770 long plen;
771 char cst, inf, free_cont = 0;
772 const unsigned char *p;
773 BUF_MEM buf;
774 const unsigned char *cont = NULL;
775 long len;
776 if (!pval)
777 {
778 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_ILLEGAL_NULL);
779 return 0; /* Should never happen */
780 }
781
782 if (it->itype == ASN1_ITYPE_MSTRING)
783 {
784 utype = tag;
785 tag = -1;
786 }
787 else
788 utype = it->utype;
789
790 if (utype == V_ASN1_ANY)
791 {
792 /* If type is ANY need to figure out type from tag */
793 unsigned char oclass;
794 if (tag >= 0)
795 {
796 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_ILLEGAL_TAGGED_ANY);
797 return 0;
798 }
799 if (opt)
800 {
801 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_ILLEGAL_OPTIONAL_ANY);
802 return 0;
803 }
804 p = *in;
805 ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
806 &p, inlen, -1, 0, 0, ctx);
807 if (!ret)
808 {
809 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_NESTED_ASN1_ERROR);
810 return 0;
811 }
812 if (oclass != V_ASN1_UNIVERSAL)
813 utype = V_ASN1_OTHER;
814 }
815 if (tag == -1)
816 {
817 tag = utype;
818 aclass = V_ASN1_UNIVERSAL;
819 }
820 p = *in;
821 /* Check header */
822 ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
823 &p, inlen, tag, aclass, opt, ctx);
824 if (!ret)
825 {
826 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_NESTED_ASN1_ERROR);
827 return 0;
828 }
829 else if (ret == -1)
830 return -1;
831 ret = 0;
832 /* SEQUENCE, SET and "OTHER" are left in encoded form */
833 if ((utype == V_ASN1_SEQUENCE)
834 || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
835 {
836 /* Clear context cache for type OTHER because the auto clear
837 * when we have a exact match wont work
838 */
839 if (utype == V_ASN1_OTHER)
840 {
841 asn1_tlc_clear(ctx);
842 }
843 /* SEQUENCE and SET must be constructed */
844 else if (!cst)
845 {
846 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ASN1_R_TYPE_NOT_CONSTRUCTED);
847 return 0;
848 }
849
850 cont = *in;
851 /* If indefinite length constructed find the real end */
852 if (inf)
853 {
854 if (!asn1_find_end(&p, plen, inf))
855 goto err;
856 len = p - cont;
857 }
858 else
859 {
860 len = p - cont + plen;
861 p += plen;
862 buf.data = NULL;
863 }
864 }
865 else if (cst)
866 {
867 if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
868 || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
869 || utype == V_ASN1_ENUMERATED)
870 {
871 /* These types only have primitive encodings. */
872 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive,
873 ASN1_R_TYPE_NOT_PRIMITIVE);
874 return 0;
875 }
876
877 buf.length = 0;
878 buf.max = 0;
879 buf.data = NULL;
880 /* Should really check the internal tags are correct but
881 * some things may get this wrong. The relevant specs
882 * say that constructed string types should be OCTET STRINGs
883 * internally irrespective of the type. So instead just check
884 * for UNIVERSAL class and ignore the tag.
885 */
886 if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
887 {
888 free_cont = 1;
889 goto err;
890 }
891 len = buf.length;
892 /* Append a final null to string */
893 if (!BUF_MEM_grow_clean(&buf, len + 1))
894 {
895 OPENSSL_PUT_ERROR(ASN1, asn1_d2i_ex_primitive, ERR_R_MALLOC_FAILURE);
896 return 0;
897 }
898 buf.data[len] = 0;
899 cont = (const unsigned char *)buf.data;
900 free_cont = 1;
901 }
902 else
903 {
904 cont = p;
905 len = plen;
906 p += plen;
907 }
908
909 /* We now have content length and type: translate into a structure */
910 if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
911 goto err;
912
913 *in = p;
914 ret = 1;
915 err:
916 if (free_cont && buf.data) OPENSSL_free(buf.data);
917 return ret;
918 }
919
920 /* Translate ASN1 content octets into a structure */
921
asn1_ex_c2i(ASN1_VALUE ** pval,const unsigned char * cont,int len,int utype,char * free_cont,const ASN1_ITEM * it)922 int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
923 int utype, char *free_cont, const ASN1_ITEM *it)
924 {
925 ASN1_VALUE **opval = NULL;
926 ASN1_STRING *stmp;
927 ASN1_TYPE *typ = NULL;
928 int ret = 0;
929 const ASN1_PRIMITIVE_FUNCS *pf;
930 ASN1_INTEGER **tint;
931 pf = it->funcs;
932
933 if (pf && pf->prim_c2i)
934 return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
935 /* If ANY type clear type and set pointer to internal value */
936 if (it->utype == V_ASN1_ANY)
937 {
938 if (!*pval)
939 {
940 typ = ASN1_TYPE_new();
941 if (typ == NULL)
942 goto err;
943 *pval = (ASN1_VALUE *)typ;
944 }
945 else
946 typ = (ASN1_TYPE *)*pval;
947
948 if (utype != typ->type)
949 ASN1_TYPE_set(typ, utype, NULL);
950 opval = pval;
951 pval = &typ->value.asn1_value;
952 }
953 switch(utype)
954 {
955 case V_ASN1_OBJECT:
956 if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
957 goto err;
958 break;
959
960 case V_ASN1_NULL:
961 if (len)
962 {
963 OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_NULL_IS_WRONG_LENGTH);
964 goto err;
965 }
966 *pval = (ASN1_VALUE *)1;
967 break;
968
969 case V_ASN1_BOOLEAN:
970 if (len != 1)
971 {
972 OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
973 goto err;
974 }
975 else
976 {
977 ASN1_BOOLEAN *tbool;
978 tbool = (ASN1_BOOLEAN *)pval;
979 *tbool = *cont;
980 }
981 break;
982
983 case V_ASN1_BIT_STRING:
984 if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
985 goto err;
986 break;
987
988 case V_ASN1_INTEGER:
989 case V_ASN1_NEG_INTEGER:
990 case V_ASN1_ENUMERATED:
991 case V_ASN1_NEG_ENUMERATED:
992 tint = (ASN1_INTEGER **)pval;
993 if (!c2i_ASN1_INTEGER(tint, &cont, len))
994 goto err;
995 /* Fixup type to match the expected form */
996 (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
997 break;
998
999 case V_ASN1_OCTET_STRING:
1000 case V_ASN1_NUMERICSTRING:
1001 case V_ASN1_PRINTABLESTRING:
1002 case V_ASN1_T61STRING:
1003 case V_ASN1_VIDEOTEXSTRING:
1004 case V_ASN1_IA5STRING:
1005 case V_ASN1_UTCTIME:
1006 case V_ASN1_GENERALIZEDTIME:
1007 case V_ASN1_GRAPHICSTRING:
1008 case V_ASN1_VISIBLESTRING:
1009 case V_ASN1_GENERALSTRING:
1010 case V_ASN1_UNIVERSALSTRING:
1011 case V_ASN1_BMPSTRING:
1012 case V_ASN1_UTF8STRING:
1013 case V_ASN1_OTHER:
1014 case V_ASN1_SET:
1015 case V_ASN1_SEQUENCE:
1016 default:
1017 if (utype == V_ASN1_BMPSTRING && (len & 1))
1018 {
1019 OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
1020 goto err;
1021 }
1022 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
1023 {
1024 OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
1025 goto err;
1026 }
1027 /* All based on ASN1_STRING and handled the same */
1028 if (!*pval)
1029 {
1030 stmp = ASN1_STRING_type_new(utype);
1031 if (!stmp)
1032 {
1033 OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ERR_R_MALLOC_FAILURE);
1034 goto err;
1035 }
1036 *pval = (ASN1_VALUE *)stmp;
1037 }
1038 else
1039 {
1040 stmp = (ASN1_STRING *)*pval;
1041 stmp->type = utype;
1042 }
1043 /* If we've already allocated a buffer use it */
1044 if (*free_cont)
1045 {
1046 if (stmp->data)
1047 OPENSSL_free(stmp->data);
1048 stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
1049 stmp->length = len;
1050 *free_cont = 0;
1051 }
1052 else
1053 {
1054 if (!ASN1_STRING_set(stmp, cont, len))
1055 {
1056 OPENSSL_PUT_ERROR(ASN1, asn1_ex_c2i, ERR_R_MALLOC_FAILURE);
1057 ASN1_STRING_free(stmp);
1058 *pval = NULL;
1059 goto err;
1060 }
1061 }
1062 break;
1063 }
1064 /* If ASN1_ANY and NULL type fix up value */
1065 if (typ && (utype == V_ASN1_NULL))
1066 typ->value.ptr = NULL;
1067
1068 ret = 1;
1069 err:
1070 if (!ret)
1071 {
1072 ASN1_TYPE_free(typ);
1073 if (opval)
1074 *opval = NULL;
1075 }
1076 return ret;
1077 }
1078
1079
1080 /* This function finds the end of an ASN1 structure when passed its maximum
1081 * length, whether it is indefinite length and a pointer to the content.
1082 * This is more efficient than calling asn1_collect because it does not
1083 * recurse on each indefinite length header.
1084 */
1085
asn1_find_end(const unsigned char ** in,long len,char inf)1086 static int asn1_find_end(const unsigned char **in, long len, char inf)
1087 {
1088 int expected_eoc;
1089 long plen;
1090 const unsigned char *p = *in, *q;
1091 /* If not indefinite length constructed just add length */
1092 if (inf == 0)
1093 {
1094 *in += len;
1095 return 1;
1096 }
1097 expected_eoc = 1;
1098 /* Indefinite length constructed form. Find the end when enough EOCs
1099 * are found. If more indefinite length constructed headers
1100 * are encountered increment the expected eoc count otherwise just
1101 * skip to the end of the data.
1102 */
1103 while (len > 0)
1104 {
1105 if(asn1_check_eoc(&p, len))
1106 {
1107 expected_eoc--;
1108 if (expected_eoc == 0)
1109 break;
1110 len -= 2;
1111 continue;
1112 }
1113 q = p;
1114 /* Just read in a header: only care about the length */
1115 if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
1116 -1, 0, 0, NULL))
1117 {
1118 OPENSSL_PUT_ERROR(ASN1, asn1_find_end, ASN1_R_NESTED_ASN1_ERROR);
1119 return 0;
1120 }
1121 if (inf)
1122 expected_eoc++;
1123 else
1124 p += plen;
1125 len -= p - q;
1126 }
1127 if (expected_eoc)
1128 {
1129 OPENSSL_PUT_ERROR(ASN1, asn1_find_end, ASN1_R_MISSING_EOC);
1130 return 0;
1131 }
1132 *in = p;
1133 return 1;
1134 }
1135 /* This function collects the asn1 data from a constructred string
1136 * type into a buffer. The values of 'in' and 'len' should refer
1137 * to the contents of the constructed type and 'inf' should be set
1138 * if it is indefinite length.
1139 */
1140
1141 #ifndef ASN1_MAX_STRING_NEST
1142 /* This determines how many levels of recursion are permitted in ASN1
1143 * string types. If it is not limited stack overflows can occur. If set
1144 * to zero no recursion is allowed at all. Although zero should be adequate
1145 * examples exist that require a value of 1. So 5 should be more than enough.
1146 */
1147 #define ASN1_MAX_STRING_NEST 5
1148 #endif
1149
1150
asn1_collect(BUF_MEM * buf,const unsigned char ** in,long len,char inf,int tag,int aclass,int depth)1151 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
1152 char inf, int tag, int aclass, int depth)
1153 {
1154 const unsigned char *p, *q;
1155 long plen;
1156 char cst, ininf;
1157 p = *in;
1158 inf &= 1;
1159 /* If no buffer and not indefinite length constructed just pass over
1160 * the encoded data */
1161 if (!buf && !inf)
1162 {
1163 *in += len;
1164 return 1;
1165 }
1166 while(len > 0)
1167 {
1168 q = p;
1169 /* Check for EOC */
1170 if (asn1_check_eoc(&p, len))
1171 {
1172 /* EOC is illegal outside indefinite length
1173 * constructed form */
1174 if (!inf)
1175 {
1176 OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_UNEXPECTED_EOC);
1177 return 0;
1178 }
1179 inf = 0;
1180 break;
1181 }
1182
1183 if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
1184 len, tag, aclass, 0, NULL))
1185 {
1186 OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_NESTED_ASN1_ERROR);
1187 return 0;
1188 }
1189
1190 /* If indefinite length constructed update max length */
1191 if (cst)
1192 {
1193 if (depth >= ASN1_MAX_STRING_NEST)
1194 {
1195 OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_NESTED_ASN1_STRING);
1196 return 0;
1197 }
1198 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
1199 depth + 1))
1200 return 0;
1201 }
1202 else if (plen && !collect_data(buf, &p, plen))
1203 return 0;
1204 len -= p - q;
1205 }
1206 if (inf)
1207 {
1208 OPENSSL_PUT_ERROR(ASN1, asn1_collect, ASN1_R_MISSING_EOC);
1209 return 0;
1210 }
1211 *in = p;
1212 return 1;
1213 }
1214
collect_data(BUF_MEM * buf,const unsigned char ** p,long plen)1215 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
1216 {
1217 int len;
1218 if (buf)
1219 {
1220 len = buf->length;
1221 if (!BUF_MEM_grow_clean(buf, len + plen))
1222 {
1223 OPENSSL_PUT_ERROR(ASN1, collect_data, ERR_R_MALLOC_FAILURE);
1224 return 0;
1225 }
1226 memcpy(buf->data + len, *p, plen);
1227 }
1228 *p += plen;
1229 return 1;
1230 }
1231
1232 /* Check for ASN1 EOC and swallow it if found */
1233
asn1_check_eoc(const unsigned char ** in,long len)1234 static int asn1_check_eoc(const unsigned char **in, long len)
1235 {
1236 const unsigned char *p;
1237 if (len < 2) return 0;
1238 p = *in;
1239 if (!p[0] && !p[1])
1240 {
1241 *in += 2;
1242 return 1;
1243 }
1244 return 0;
1245 }
1246
1247 /* Check an ASN1 tag and length: a bit like ASN1_get_object
1248 * but it sets the length for indefinite length constructed
1249 * form, we don't know the exact length but we can set an
1250 * upper bound to the amount of data available minus the
1251 * header length just read.
1252 */
1253
asn1_check_tlen(long * olen,int * otag,unsigned char * oclass,char * inf,char * cst,const unsigned char ** in,long len,int exptag,int expclass,char opt,ASN1_TLC * ctx)1254 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
1255 char *inf, char *cst,
1256 const unsigned char **in, long len,
1257 int exptag, int expclass, char opt,
1258 ASN1_TLC *ctx)
1259 {
1260 int i;
1261 int ptag, pclass;
1262 long plen;
1263 const unsigned char *p, *q;
1264 p = *in;
1265 q = p;
1266
1267 if (ctx && ctx->valid)
1268 {
1269 i = ctx->ret;
1270 plen = ctx->plen;
1271 pclass = ctx->pclass;
1272 ptag = ctx->ptag;
1273 p += ctx->hdrlen;
1274 }
1275 else
1276 {
1277 i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
1278 if (ctx)
1279 {
1280 ctx->ret = i;
1281 ctx->plen = plen;
1282 ctx->pclass = pclass;
1283 ctx->ptag = ptag;
1284 ctx->hdrlen = p - q;
1285 ctx->valid = 1;
1286 /* If definite length, and no error, length +
1287 * header can't exceed total amount of data available.
1288 */
1289 if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
1290 {
1291 OPENSSL_PUT_ERROR(ASN1, asn1_check_tlen, ASN1_R_TOO_LONG);
1292 asn1_tlc_clear(ctx);
1293 return 0;
1294 }
1295 }
1296 }
1297
1298 if (i & 0x80)
1299 {
1300 OPENSSL_PUT_ERROR(ASN1, asn1_check_tlen, ASN1_R_BAD_OBJECT_HEADER);
1301 asn1_tlc_clear(ctx);
1302 return 0;
1303 }
1304 if (exptag >= 0)
1305 {
1306 if ((exptag != ptag) || (expclass != pclass))
1307 {
1308 /* If type is OPTIONAL, not an error:
1309 * indicate missing type.
1310 */
1311 if (opt) return -1;
1312 asn1_tlc_clear(ctx);
1313 OPENSSL_PUT_ERROR(ASN1, asn1_check_tlen, ASN1_R_WRONG_TAG);
1314 return 0;
1315 }
1316 /* We have a tag and class match:
1317 * assume we are going to do something with it */
1318 asn1_tlc_clear(ctx);
1319 }
1320
1321 if (i & 1)
1322 plen = len - (p - q);
1323
1324 if (inf)
1325 *inf = i & 1;
1326
1327 if (cst)
1328 *cst = i & V_ASN1_CONSTRUCTED;
1329
1330 if (olen)
1331 *olen = plen;
1332
1333 if (oclass)
1334 *oclass = pclass;
1335
1336 if (otag)
1337 *otag = ptag;
1338
1339 *in = p;
1340 return 1;
1341 }
1342