1 files changed, 595 insertions, 0 deletions
diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c
new file mode 100644
index 0000000000..8db1713b29
--- /dev/null
+++ b/src/lib/libcrypto/asn1/asn1_item.c
@@ -0,0 +1,595 @@
+/* $OpenBSD: asn1_item.c,v 1.1 2021/12/25 12:00:22 jsing Exp $ */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2003 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+#include <limits.h>
+#include <openssl/buffer.h>
+#include <openssl/err.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include "asn1_locl.h"
+#include "evp_locl.h"
+/*
+ * ASN1_ITEM version of dup: this follows the model above except we don't need
+ * to allocate the buffer. At some point this could be rewritten to directly dup
+ * the underlying structure instead of doing and encode and decode.
+ */
+int
+ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
+    unsigned char *md, unsigned int *len)
+{
+        int i;
+        unsigned char *str = NULL;
+        i = ASN1_item_i2d(asn, &str, it);
+        if (!str)
+                return (0);
+        if (!EVP_Digest(str, i, md, len, type, NULL)) {
+                free(str);
+                return (0);
+        }
+        free(str);
+        return (1);
+}
+void *
+ASN1_item_dup(const ASN1_ITEM *it, void *x)
+{
+        unsigned char *b = NULL;
+        const unsigned char *p;
+        long i;
+        void *ret;
+        if (x == NULL)
+                return (NULL);
+        i = ASN1_item_i2d(x, &b, it);
+        if (b == NULL) {
+                ASN1error(ERR_R_MALLOC_FAILURE);
+                return (NULL);
+        }
+        p = b;
+        ret = ASN1_item_d2i(NULL, &p, i, it);
+        free(b);
+        return (ret);
+}
+int
+ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+    ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type)
+{
+        EVP_MD_CTX ctx;
+        EVP_MD_CTX_init(&ctx);
+        if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
+                EVP_MD_CTX_cleanup(&ctx);
+                return 0;
+        }
+        return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
+}
+int
+ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
+    ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
+{
+        const EVP_MD *type;
+        EVP_PKEY *pkey;
+        unsigned char *buf_in = NULL, *buf_out = NULL;
+        size_t inl = 0, outl = 0, outll = 0;
+        int signid, paramtype;
+        int rv;
+        type = EVP_MD_CTX_md(ctx);
+        pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
+        if (!type || !pkey) {
+                ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
+                return 0;
+        }
+        if (pkey->ameth->item_sign) {
+                rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
+                    signature);
+                if (rv == 1)
+                        outl = signature->length;
+                /* Return value meanings:
+                 * <=0: error.
+                 *   1: method does everything.
+                 *   2: carry on as normal.
+                 *   3: ASN1 method sets algorithm identifiers: just sign.
+                 */
+                if (rv <= 0)
+                        ASN1error(ERR_R_EVP_LIB);
+                if (rv <= 1)
+                        goto err;
+        } else
+                rv = 2;
+        if (rv == 2) {
+                if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
+                        if (!pkey->ameth ||
+                            !OBJ_find_sigid_by_algs(&signid,
+                                EVP_MD_nid(type), pkey->ameth->pkey_id)) {
+                                ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
+                                return 0;
+                        }
+                } else
+                        signid = type->pkey_type;
+                if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
+                        paramtype = V_ASN1_NULL;
+                else
+                        paramtype = V_ASN1_UNDEF;
+                if (algor1)
+                        X509_ALGOR_set0(algor1,
+                            OBJ_nid2obj(signid), paramtype, NULL);
+                if (algor2)
+                        X509_ALGOR_set0(algor2,
+                            OBJ_nid2obj(signid), paramtype, NULL);
+        }
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        outll = outl = EVP_PKEY_size(pkey);
+        buf_out = malloc(outl);
+        if ((buf_in == NULL) || (buf_out == NULL)) {
+                outl = 0;
+                ASN1error(ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!EVP_DigestSignUpdate(ctx, buf_in, inl) ||
+            !EVP_DigestSignFinal(ctx, buf_out, &outl)) {
+                outl = 0;
+                ASN1error(ERR_R_EVP_LIB);
+                goto err;
+        }
+        free(signature->data);
+        signature->data = buf_out;
+        buf_out = NULL;
+        signature->length = outl;
+        /* In the interests of compatibility, I'll make sure that
+         * the bit string has a 'not-used bits' value of 0
+         */
+        signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07);
+        signature->flags |= ASN1_STRING_FLAG_BITS_LEFT;
+err:
+        EVP_MD_CTX_cleanup(ctx);
+        freezero((char *)buf_in, inl);
+        freezero((char *)buf_out, outll);
+        return (outl);
+}
+int
+ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
+    ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
+{
+        EVP_MD_CTX ctx;
+        unsigned char *buf_in = NULL;
+        int ret = -1, inl;
+        int mdnid, pknid;
+        if (!pkey) {
+                ASN1error(ERR_R_PASSED_NULL_PARAMETER);
+                return -1;
+        }
+        if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
+        {
+                ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
+                return -1;
+        }
+        EVP_MD_CTX_init(&ctx);
+        /* Convert signature OID into digest and public key OIDs */
+        if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
+                ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                goto err;
+        }
+        if (mdnid == NID_undef) {
+                if (!pkey->ameth || !pkey->ameth->item_verify) {
+                        ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
+                        goto err;
+                }
+                ret = pkey->ameth->item_verify(&ctx, it, asn, a,
+                    signature, pkey);
+                /* Return value of 2 means carry on, anything else means we
+                 * exit straight away: either a fatal error of the underlying
+                 * verification routine handles all verification.
+                 */
+                if (ret != 2)
+                        goto err;
+                ret = -1;
+        } else {
+                const EVP_MD *type;
+                type = EVP_get_digestbynid(mdnid);
+                if (type == NULL) {
+                        ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+                        goto err;
+                }
+                /* Check public key OID matches public key type */
+                if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
+                        ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE);
+                        goto err;
+                }
+                if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
+                        ASN1error(ERR_R_EVP_LIB);
+                        ret = 0;
+                        goto err;
+                }
+        }
+        inl = ASN1_item_i2d(asn, &buf_in, it);
+        if (buf_in == NULL) {
+                ASN1error(ERR_R_MALLOC_FAILURE);
+                goto err;
+        }
+        if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
+                ASN1error(ERR_R_EVP_LIB);
+                ret = 0;
+                goto err;
+        }
+        freezero(buf_in, (unsigned int)inl);
+        if (EVP_DigestVerifyFinal(&ctx, signature->data,
+            (size_t)signature->length) <= 0) {
+                ASN1error(ERR_R_EVP_LIB);
+                ret = 0;
+                goto err;
+        }
+        /* we don't need to zero the 'ctx' because we just checked
+         * public information */
+        /* memset(&ctx,0,sizeof(ctx)); */
+        ret = 1;
+err:
+        EVP_MD_CTX_cleanup(&ctx);
+        return (ret);
+}
+#define HEADER_SIZE   8
+#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
+int
+asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
+{
+        BUF_MEM *b;
+        unsigned char *p;
+        const unsigned char *q;
+        long slen;
+        int i, inf, tag, xclass;
+        size_t want = HEADER_SIZE;
+        int eos = 0;
+        size_t off = 0;
+        size_t len = 0;
+        b = BUF_MEM_new();
+        if (b == NULL) {
+                ASN1error(ERR_R_MALLOC_FAILURE);
+                return -1;
+        }
+        ERR_clear_error();
+        for (;;) {
+                if (want >= (len - off)) {
+                        want -= (len - off);
+                        if (len + want < len ||
+                            !BUF_MEM_grow_clean(b, len + want)) {
+                                ASN1error(ERR_R_MALLOC_FAILURE);
+                                goto err;
+                        }
+                        i = BIO_read(in, &(b->data[len]), want);
+                        if ((i < 0) && ((len - off) == 0)) {
+                                ASN1error(ASN1_R_NOT_ENOUGH_DATA);
+                                goto err;
+                        }
+                        if (i > 0) {
+                                if (len + i < len) {
+                                        ASN1error(ASN1_R_TOO_LONG);
+                                        goto err;
+                                }
+                                len += i;
+                        }
+                }
+                /* else data already loaded */
+                p = (unsigned char *) & (b->data[off]);
+                q = p;
+                inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
+                if (inf & 0x80) {
+                        unsigned long e;
+                        e = ERR_GET_REASON(ERR_peek_error());
+                        if (e != ASN1_R_TOO_LONG)
+                                goto err;
+                        else
+                                ERR_clear_error(); /* clear error */
+                }
+                i = q - p;      /* header length */
+                off += i;       /* end of data */
+                if (inf & 1) {
+                        /* no data body so go round again */
+                        eos++;
+                        if (eos < 0) {
+                                ASN1error(ASN1_R_HEADER_TOO_LONG);
+                                goto err;
+                        }
+                        want = HEADER_SIZE;
+                } else if (eos && slen == 0 && tag == V_ASN1_EOC) {
+                        /* eos value, so go back and read another header */
+                        eos--;
+                        if (eos <= 0)
+                                break;
+                        else
+                                want = HEADER_SIZE;
+                } else {
+                        /* suck in slen bytes of data */
+                        want = slen;
+                        if (want > (len - off)) {
+                                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
+                                want -= (len - off);
+                                if (want > INT_MAX /* BIO_read takes an int length */ ||
+                                    len+want < len) {
+                                        ASN1error(ASN1_R_TOO_LONG);
+                                        goto err;
+                                }
+                                while (want > 0) {
+                                        /*
+                                         * Read content in chunks of increasing size
+                                         * so we can return an error for EOF without
+                                         * having to allocate the entire content length
+                                         * in one go.
+                                         */
+                                        size_t chunk = want > chunk_max ? chunk_max : want;
+                                        if (!BUF_MEM_grow_clean(b, len + chunk)) {
+                                                ASN1error(ERR_R_MALLOC_FAILURE);
+                                                goto err;
+                                        }
+                                        want -= chunk;
+                                        while (chunk > 0) {
+                                                i = BIO_read(in, &(b->data[len]), chunk);
+                                                if (i <= 0) {
+                                                        ASN1error(ASN1_R_NOT_ENOUGH_DATA);
+                                                        goto err;
+                                                }
+                                                /*
+                                                 * This can't overflow because |len+want|
+                                                 * didn't overflow.
+                                                 */
+                                                len += i;
+                                                chunk -= i;
+                                        }
+                                        if (chunk_max < INT_MAX/2)
+                                                chunk_max *= 2;
+                                }
+                        }
+                        if (off + slen < off) {
+                                ASN1error(ASN1_R_TOO_LONG);
+                                goto err;
+                        }
+                        off += slen;
+                        if (eos <= 0) {
+                                break;
+                        } else
+                                want = HEADER_SIZE;
+                }
+        }
+        if (off > INT_MAX) {
+                ASN1error(ASN1_R_TOO_LONG);
+                goto err;
+        }
+        *pb = b;
+        return off;
+err:
+        if (b != NULL)
+                BUF_MEM_free(b);
+        return -1;
+}
+void *
+ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
+{
+        BUF_MEM *b = NULL;
+        const unsigned char *p;
+        void *ret = NULL;
+        int len;
+        len = asn1_d2i_read_bio(in, &b);
+        if (len < 0)
+                goto err;
+        p = (const unsigned char *)b->data;
+        ret = ASN1_item_d2i(x, &p, len, it);
+err:
+        if (b != NULL)
+                BUF_MEM_free(b);
+        return (ret);
+}
+void *
+ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
+{
+        BIO *b;
+        char *ret;
+        if ((b = BIO_new(BIO_s_file())) == NULL) {
+                ASN1error(ERR_R_BUF_LIB);
+                return (NULL);
+        }
+        BIO_set_fp(b, in, BIO_NOCLOSE);
+        ret = ASN1_item_d2i_bio(it, b, x);
+        BIO_free(b);
+        return (ret);
+}
+int
+ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
+{
+        unsigned char *b = NULL;
+        int i, j = 0, n, ret = 1;
+        n = ASN1_item_i2d(x, &b, it);
+        if (b == NULL) {
+                ASN1error(ERR_R_MALLOC_FAILURE);
+                return (0);
+        }
+        for (;;) {
+                i = BIO_write(out, &(b[j]), n);
+                if (i == n)
+                        break;
+                if (i <= 0) {
+                        ret = 0;
+                        break;
+                }
+                j += i;
+                n -= i;
+        }
+        free(b);
+        return (ret);
+}
+int
+ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
+{
+        BIO *b;
+        int ret;
+        if ((b = BIO_new(BIO_s_file())) == NULL) {
+                ASN1error(ERR_R_BUF_LIB);
+                return (0);
+        }
+        BIO_set_fp(b, out, BIO_NOCLOSE);
+        ret = ASN1_item_i2d_bio(it, b, x);
+        BIO_free(b);
+        return (ret);
+}

diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c new file mode 100644 index 0000000000..8db1713b29 --- /dev/null +++ b/src/lib/libcrypto/asn1/asn1_item.c
@@ -0,0 +1,595 @@
	1	/* $OpenBSD: asn1_item.c,v 1.1 2021/12/25 12:00:22 jsing Exp $ */
	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
	3	* All rights reserved.
	4	*
	5	* This package is an SSL implementation written
	6	* by Eric Young (eay@cryptsoft.com).
	7	* The implementation was written so as to conform with Netscapes SSL.
	8	*
	9	* This library is free for commercial and non-commercial use as long as
	10	* the following conditions are aheared to. The following conditions
	11	* apply to all code found in this distribution, be it the RC4, RSA,
	12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
	13	* included with this distribution is covered by the same copyright terms
	14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
	15	*
	16	* Copyright remains Eric Young's, and as such any Copyright notices in
	17	* the code are not to be removed.
	18	* If this package is used in a product, Eric Young should be given attribution
	19	* as the author of the parts of the library used.
	20	* This can be in the form of a textual message at program startup or
	21	* in documentation (online or textual) provided with the package.
	22	*
	23	* Redistribution and use in source and binary forms, with or without
	24	* modification, are permitted provided that the following conditions
	25	* are met:
	26	* 1. Redistributions of source code must retain the copyright
	27	* notice, this list of conditions and the following disclaimer.
	28	* 2. Redistributions in binary form must reproduce the above copyright
	29	* notice, this list of conditions and the following disclaimer in the
	30	* documentation and/or other materials provided with the distribution.
	31	* 3. All advertising materials mentioning features or use of this software
	32	* must display the following acknowledgement:
	33	* "This product includes cryptographic software written by
	34	* Eric Young (eay@cryptsoft.com)"
	35	* The word 'cryptographic' can be left out if the rouines from the library
	36	* being used are not cryptographic related :-).
	37	* 4. If you include any Windows specific code (or a derivative thereof) from
	38	* the apps directory (application code) you must include an acknowledgement:
	39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
	40	*
	41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
	42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
	44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
	45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
	46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
	47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
	49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
	50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
	51	* SUCH DAMAGE.
	52	*
	53	* The licence and distribution terms for any publically available version or
	54	* derivative of this code cannot be changed. i.e. this code cannot simply be
	55	* copied and put under another distribution licence
	56	* [including the GNU Public Licence.]
	57	*/
	58	/* ====================================================================
	59	* Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
	60	*
	61	* Redistribution and use in source and binary forms, with or without
	62	* modification, are permitted provided that the following conditions
	63	* are met:
	64	*
	65	* 1. Redistributions of source code must retain the above copyright
	66	* notice, this list of conditions and the following disclaimer.
	67	*
	68	* 2. Redistributions in binary form must reproduce the above copyright
	69	* notice, this list of conditions and the following disclaimer in
	70	* the documentation and/or other materials provided with the
	71	* distribution.
	72	*
	73	* 3. All advertising materials mentioning features or use of this
	74	* software must display the following acknowledgment:
	75	* "This product includes software developed by the OpenSSL Project
	76	* for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
	77	*
	78	* 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
	79	* endorse or promote products derived from this software without
	80	* prior written permission. For written permission, please contact
	81	* openssl-core@openssl.org.
	82	*
	83	* 5. Products derived from this software may not be called "OpenSSL"
	84	* nor may "OpenSSL" appear in their names without prior written
	85	* permission of the OpenSSL Project.
	86	*
	87	* 6. Redistributions of any form whatsoever must retain the following
	88	* acknowledgment:
	89	* "This product includes software developed by the OpenSSL Project
	90	* for use in the OpenSSL Toolkit (http://www.openssl.org/)"
	91	*
	92	* THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
	93	* EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
	94	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	95	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
	96	* ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	97	* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	98	* NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
	99	* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
	100	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
	101	* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
	102	* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
	103	* OF THE POSSIBILITY OF SUCH DAMAGE.
	104	* ====================================================================
	105	*
	106	* This product includes cryptographic software written by Eric Young
	107	* (eay@cryptsoft.com). This product includes software written by Tim
	108	* Hudson (tjh@cryptsoft.com).
	109	*
	110	*/
	111
	112	#include <limits.h>
	113
	114	#include <openssl/buffer.h>
	115	#include <openssl/err.h>
	116	#include <openssl/evp.h>
	117	#include <openssl/x509.h>
	118
	119	#include "asn1_locl.h"
	120	#include "evp_locl.h"
	121
	122	/*
	123	* ASN1_ITEM version of dup: this follows the model above except we don't need
	124	* to allocate the buffer. At some point this could be rewritten to directly dup
	125	* the underlying structure instead of doing and encode and decode.
	126	*/
	127
	128	int
	129	ASN1_item_digest(const ASN1_ITEM it, const EVP_MD type, void *asn,
	130	unsigned char md, unsigned int len)
	131	{
	132	int i;
	133	unsigned char *str = NULL;
	134
	135	i = ASN1_item_i2d(asn, &str, it);
	136	if (!str)
	137	return (0);
	138
	139	if (!EVP_Digest(str, i, md, len, type, NULL)) {
	140	free(str);
	141	return (0);
	142	}
	143
	144	free(str);
	145	return (1);
	146	}
	147
	148	void *
	149	ASN1_item_dup(const ASN1_ITEM it, void x)
	150	{
	151	unsigned char *b = NULL;
	152	const unsigned char *p;
	153	long i;
	154	void *ret;
	155
	156	if (x == NULL)
	157	return (NULL);
	158
	159	i = ASN1_item_i2d(x, &b, it);
	160	if (b == NULL) {
	161	ASN1error(ERR_R_MALLOC_FAILURE);
	162	return (NULL);
	163	}
	164	p = b;
	165	ret = ASN1_item_d2i(NULL, &p, i, it);
	166	free(b);
	167	return (ret);
	168	}
	169
	170	int
	171	ASN1_item_sign(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
	172	ASN1_BIT_STRING signature, void asn, EVP_PKEY pkey, const EVP_MD type)
	173	{
	174	EVP_MD_CTX ctx;
	175	EVP_MD_CTX_init(&ctx);
	176	if (!EVP_DigestSignInit(&ctx, NULL, type, NULL, pkey)) {
	177	EVP_MD_CTX_cleanup(&ctx);
	178	return 0;
	179	}
	180	return ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, &ctx);
	181	}
	182
	183	int
	184	ASN1_item_sign_ctx(const ASN1_ITEM it, X509_ALGOR algor1, X509_ALGOR *algor2,
	185	ASN1_BIT_STRING signature, void asn, EVP_MD_CTX *ctx)
	186	{
	187	const EVP_MD *type;
	188	EVP_PKEY *pkey;
	189	unsigned char buf_in = NULL, buf_out = NULL;
	190	size_t inl = 0, outl = 0, outll = 0;
	191	int signid, paramtype;
	192	int rv;
	193
	194	type = EVP_MD_CTX_md(ctx);
	195	pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
	196
	197	if (!type \|\| !pkey) {
	198	ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
	199	return 0;
	200	}
	201
	202	if (pkey->ameth->item_sign) {
	203	rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
	204	signature);
	205	if (rv == 1)
	206	outl = signature->length;
	207	/* Return value meanings:
	208	* <=0: error.
	209	* 1: method does everything.
	210	* 2: carry on as normal.
	211	* 3: ASN1 method sets algorithm identifiers: just sign.
	212	*/
	213	if (rv <= 0)
	214	ASN1error(ERR_R_EVP_LIB);
	215	if (rv <= 1)
	216	goto err;
	217	} else
	218	rv = 2;
	219
	220	if (rv == 2) {
	221	if (type->flags & EVP_MD_FLAG_PKEY_METHOD_SIGNATURE) {
	222	if (!pkey->ameth \|\|
	223	!OBJ_find_sigid_by_algs(&signid,
	224	EVP_MD_nid(type), pkey->ameth->pkey_id)) {
	225	ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
	226	return 0;
	227	}
	228	} else
	229	signid = type->pkey_type;
	230
	231	if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
	232	paramtype = V_ASN1_NULL;
	233	else
	234	paramtype = V_ASN1_UNDEF;
	235
	236	if (algor1)
	237	X509_ALGOR_set0(algor1,
	238	OBJ_nid2obj(signid), paramtype, NULL);
	239	if (algor2)
	240	X509_ALGOR_set0(algor2,
	241	OBJ_nid2obj(signid), paramtype, NULL);
	242
	243	}
	244
	245	inl = ASN1_item_i2d(asn, &buf_in, it);
	246	outll = outl = EVP_PKEY_size(pkey);
	247	buf_out = malloc(outl);
	248	if ((buf_in == NULL) \|\| (buf_out == NULL)) {
	249	outl = 0;
	250	ASN1error(ERR_R_MALLOC_FAILURE);
	251	goto err;
	252	}
	253
	254	if (!EVP_DigestSignUpdate(ctx, buf_in, inl) \|\|
	255	!EVP_DigestSignFinal(ctx, buf_out, &outl)) {
	256	outl = 0;
	257	ASN1error(ERR_R_EVP_LIB);
	258	goto err;
	259	}
	260	free(signature->data);
	261	signature->data = buf_out;
	262	buf_out = NULL;
	263	signature->length = outl;
	264	/* In the interests of compatibility, I'll make sure that
	265	* the bit string has a 'not-used bits' value of 0
	266	*/
	267	signature->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT\|0x07);
	268	signature->flags \|= ASN1_STRING_FLAG_BITS_LEFT;
	269
	270	err:
	271	EVP_MD_CTX_cleanup(ctx);
	272	freezero((char *)buf_in, inl);
	273	freezero((char *)buf_out, outll);
	274	return (outl);
	275	}
	276
	277	int
	278	ASN1_item_verify(const ASN1_ITEM it, X509_ALGOR a,
	279	ASN1_BIT_STRING signature, void asn, EVP_PKEY *pkey)
	280	{
	281	EVP_MD_CTX ctx;
	282	unsigned char *buf_in = NULL;
	283	int ret = -1, inl;
	284
	285	int mdnid, pknid;
	286
	287	if (!pkey) {
	288	ASN1error(ERR_R_PASSED_NULL_PARAMETER);
	289	return -1;
	290	}
	291
	292	if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7)
	293	{
	294	ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
	295	return -1;
	296	}
	297
	298	EVP_MD_CTX_init(&ctx);
	299
	300	/* Convert signature OID into digest and public key OIDs */
	301	if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
	302	ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
	303	goto err;
	304	}
	305	if (mdnid == NID_undef) {
	306	if (!pkey->ameth \|\| !pkey->ameth->item_verify) {
	307	ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
	308	goto err;
	309	}
	310	ret = pkey->ameth->item_verify(&ctx, it, asn, a,
	311	signature, pkey);
	312	/* Return value of 2 means carry on, anything else means we
	313	* exit straight away: either a fatal error of the underlying
	314	* verification routine handles all verification.
	315	*/
	316	if (ret != 2)
	317	goto err;
	318	ret = -1;
	319	} else {
	320	const EVP_MD *type;
	321	type = EVP_get_digestbynid(mdnid);
	322	if (type == NULL) {
	323	ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
	324	goto err;
	325	}
	326
	327	/* Check public key OID matches public key type */
	328	if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
	329	ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE);
	330	goto err;
	331	}
	332
	333	if (!EVP_DigestVerifyInit(&ctx, NULL, type, NULL, pkey)) {
	334	ASN1error(ERR_R_EVP_LIB);
	335	ret = 0;
	336	goto err;
	337	}
	338
	339	}
	340
	341	inl = ASN1_item_i2d(asn, &buf_in, it);
	342
	343	if (buf_in == NULL) {
	344	ASN1error(ERR_R_MALLOC_FAILURE);
	345	goto err;
	346	}
	347
	348	if (!EVP_DigestVerifyUpdate(&ctx, buf_in, inl)) {
	349	ASN1error(ERR_R_EVP_LIB);
	350	ret = 0;
	351	goto err;
	352	}
	353
	354	freezero(buf_in, (unsigned int)inl);
	355
	356	if (EVP_DigestVerifyFinal(&ctx, signature->data,
	357	(size_t)signature->length) <= 0) {
	358	ASN1error(ERR_R_EVP_LIB);
	359	ret = 0;
	360	goto err;
	361	}
	362	/* we don't need to zero the 'ctx' because we just checked
	363	* public information */
	364	/* memset(&ctx,0,sizeof(ctx)); */
	365	ret = 1;
	366
	367	err:
	368	EVP_MD_CTX_cleanup(&ctx);
	369	return (ret);
	370	}
	371
	372	#define HEADER_SIZE 8
	373	#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
	374	int
	375	asn1_d2i_read_bio(BIO in, BUF_MEM *pb)
	376	{
	377	BUF_MEM *b;
	378	unsigned char *p;
	379	const unsigned char *q;
	380	long slen;
	381	int i, inf, tag, xclass;
	382	size_t want = HEADER_SIZE;
	383	int eos = 0;
	384	size_t off = 0;
	385	size_t len = 0;
	386
	387	b = BUF_MEM_new();
	388	if (b == NULL) {
	389	ASN1error(ERR_R_MALLOC_FAILURE);
	390	return -1;
	391	}
	392
	393	ERR_clear_error();
	394	for (;;) {
	395	if (want >= (len - off)) {
	396	want -= (len - off);
	397
	398	if (len + want < len \|\|
	399	!BUF_MEM_grow_clean(b, len + want)) {
	400	ASN1error(ERR_R_MALLOC_FAILURE);
	401	goto err;
	402	}
	403	i = BIO_read(in, &(b->data[len]), want);
	404	if ((i < 0) && ((len - off) == 0)) {
	405	ASN1error(ASN1_R_NOT_ENOUGH_DATA);
	406	goto err;
	407	}
	408	if (i > 0) {
	409	if (len + i < len) {
	410	ASN1error(ASN1_R_TOO_LONG);
	411	goto err;
	412	}
	413	len += i;
	414	}
	415	}
	416	/* else data already loaded */
	417
	418	p = (unsigned char *) & (b->data[off]);
	419	q = p;
	420	inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
	421	if (inf & 0x80) {
	422	unsigned long e;
	423
	424	e = ERR_GET_REASON(ERR_peek_error());
	425	if (e != ASN1_R_TOO_LONG)
	426	goto err;
	427	else
	428	ERR_clear_error(); /* clear error */
	429	}
	430	i = q - p; /* header length */
	431	off += i; /* end of data */
	432
	433	if (inf & 1) {
	434	/* no data body so go round again */
	435	eos++;
	436	if (eos < 0) {
	437	ASN1error(ASN1_R_HEADER_TOO_LONG);
	438	goto err;
	439	}
	440	want = HEADER_SIZE;
	441	} else if (eos && slen == 0 && tag == V_ASN1_EOC) {
	442	/* eos value, so go back and read another header */
	443	eos--;
	444	if (eos <= 0)
	445	break;
	446	else
	447	want = HEADER_SIZE;
	448	} else {
	449	/* suck in slen bytes of data */
	450	want = slen;
	451	if (want > (len - off)) {
	452	size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
	453
	454	want -= (len - off);
	455	if (want > INT_MAX /* BIO_read takes an int length */ \|\|
	456	len+want < len) {
	457	ASN1error(ASN1_R_TOO_LONG);
	458	goto err;
	459	}
	460	while (want > 0) {
	461	/*
	462	* Read content in chunks of increasing size
	463	* so we can return an error for EOF without
	464	* having to allocate the entire content length
	465	* in one go.
	466	*/
	467	size_t chunk = want > chunk_max ? chunk_max : want;
	468
	469	if (!BUF_MEM_grow_clean(b, len + chunk)) {
	470	ASN1error(ERR_R_MALLOC_FAILURE);
	471	goto err;
	472	}
	473	want -= chunk;
	474	while (chunk > 0) {
	475	i = BIO_read(in, &(b->data[len]), chunk);
	476	if (i <= 0) {
	477	ASN1error(ASN1_R_NOT_ENOUGH_DATA);
	478	goto err;
	479	}
	480	/*
	481	* This can't overflow because \|len+want\|
	482	* didn't overflow.
	483	*/
	484	len += i;
	485	chunk -= i;
	486	}
	487	if (chunk_max < INT_MAX/2)
	488	chunk_max *= 2;
	489	}
	490	}
	491	if (off + slen < off) {
	492	ASN1error(ASN1_R_TOO_LONG);
	493	goto err;
	494	}
	495	off += slen;
	496	if (eos <= 0) {
	497	break;
	498	} else
	499	want = HEADER_SIZE;
	500	}
	501	}
	502
	503	if (off > INT_MAX) {
	504	ASN1error(ASN1_R_TOO_LONG);
	505	goto err;
	506	}
	507
	508	*pb = b;
	509	return off;
	510
	511	err:
	512	if (b != NULL)
	513	BUF_MEM_free(b);
	514	return -1;
	515	}
	516
	517	void *
	518	ASN1_item_d2i_bio(const ASN1_ITEM it, BIO in, void *x)
	519	{
	520	BUF_MEM *b = NULL;
	521	const unsigned char *p;
	522	void *ret = NULL;
	523	int len;
	524
	525	len = asn1_d2i_read_bio(in, &b);
	526	if (len < 0)
	527	goto err;
	528
	529	p = (const unsigned char *)b->data;
	530	ret = ASN1_item_d2i(x, &p, len, it);
	531
	532	err:
	533	if (b != NULL)
	534	BUF_MEM_free(b);
	535	return (ret);
	536	}
	537
	538	void *
	539	ASN1_item_d2i_fp(const ASN1_ITEM it, FILE in, void *x)
	540	{
	541	BIO *b;
	542	char *ret;
	543
	544	if ((b = BIO_new(BIO_s_file())) == NULL) {
	545	ASN1error(ERR_R_BUF_LIB);
	546	return (NULL);
	547	}
	548	BIO_set_fp(b, in, BIO_NOCLOSE);
	549	ret = ASN1_item_d2i_bio(it, b, x);
	550	BIO_free(b);
	551	return (ret);
	552	}
	553
	554	int
	555	ASN1_item_i2d_bio(const ASN1_ITEM it, BIO out, void *x)
	556	{
	557	unsigned char *b = NULL;
	558	int i, j = 0, n, ret = 1;
	559
	560	n = ASN1_item_i2d(x, &b, it);
	561	if (b == NULL) {
	562	ASN1error(ERR_R_MALLOC_FAILURE);
	563	return (0);
	564	}
	565
	566	for (;;) {
	567	i = BIO_write(out, &(b[j]), n);
	568	if (i == n)
	569	break;
	570	if (i <= 0) {
	571	ret = 0;
	572	break;
	573	}
	574	j += i;
	575	n -= i;
	576	}
	577	free(b);
	578	return (ret);
	579	}
	580
	581	int
	582	ASN1_item_i2d_fp(const ASN1_ITEM it, FILE out, void *x)
	583	{
	584	BIO *b;
	585	int ret;
	586
	587	if ((b = BIO_new(BIO_s_file())) == NULL) {
	588	ASN1error(ERR_R_BUF_LIB);
	589	return (0);
	590	}
	591	BIO_set_fp(b, out, BIO_NOCLOSE);
	592	ret = ASN1_item_i2d_bio(it, b, x);
	593	BIO_free(b);
	594	return (ret);
	595	}