summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/asn1
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/asn1')
-rw-r--r--src/lib/libcrypto/asn1/a_bitstr.c342
-rw-r--r--src/lib/libcrypto/asn1/a_enum.c394
-rw-r--r--src/lib/libcrypto/asn1/a_int.c858
-rw-r--r--src/lib/libcrypto/asn1/a_mbstr.c449
-rw-r--r--src/lib/libcrypto/asn1/a_object.c688
-rw-r--r--src/lib/libcrypto/asn1/a_octet.c120
-rw-r--r--src/lib/libcrypto/asn1/a_pkey.c181
-rw-r--r--src/lib/libcrypto/asn1/a_print.c127
-rw-r--r--src/lib/libcrypto/asn1/a_pubkey.c162
-rw-r--r--src/lib/libcrypto/asn1/a_strex.c658
-rw-r--r--src/lib/libcrypto/asn1/a_string.c450
-rw-r--r--src/lib/libcrypto/asn1/a_strnid.c329
-rw-r--r--src/lib/libcrypto/asn1/a_time.c139
-rw-r--r--src/lib/libcrypto/asn1/a_time_posix.c296
-rw-r--r--src/lib/libcrypto/asn1/a_time_tm.c607
-rw-r--r--src/lib/libcrypto/asn1/a_type.c360
-rw-r--r--src/lib/libcrypto/asn1/a_utf8.c199
-rw-r--r--src/lib/libcrypto/asn1/asn1.h1124
-rw-r--r--src/lib/libcrypto/asn1/asn1_err.c216
-rw-r--r--src/lib/libcrypto/asn1/asn1_gen.c804
-rw-r--r--src/lib/libcrypto/asn1/asn1_item.c697
-rw-r--r--src/lib/libcrypto/asn1/asn1_lib.c204
-rw-r--r--src/lib/libcrypto/asn1/asn1_local.h193
-rw-r--r--src/lib/libcrypto/asn1/asn1_old.c185
-rw-r--r--src/lib/libcrypto/asn1/asn1_old_lib.c216
-rw-r--r--src/lib/libcrypto/asn1/asn1_par.c386
-rw-r--r--src/lib/libcrypto/asn1/asn1_types.c305
-rw-r--r--src/lib/libcrypto/asn1/asn1t.h904
-rw-r--r--src/lib/libcrypto/asn1/asn_mime.c1011
-rw-r--r--src/lib/libcrypto/asn1/asn_moid.c161
-rw-r--r--src/lib/libcrypto/asn1/bio_asn1.c453
-rw-r--r--src/lib/libcrypto/asn1/bio_ndef.c270
-rw-r--r--src/lib/libcrypto/asn1/charmap.h19
-rw-r--r--src/lib/libcrypto/asn1/charmap.pl80
-rw-r--r--src/lib/libcrypto/asn1/p5_pbe.c188
-rw-r--r--src/lib/libcrypto/asn1/p5_pbev2.c356
-rw-r--r--src/lib/libcrypto/asn1/p8_pkey.c196
-rw-r--r--src/lib/libcrypto/asn1/posix_time.h54
-rw-r--r--src/lib/libcrypto/asn1/t_crl.c152
-rw-r--r--src/lib/libcrypto/asn1/t_req.c263
-rw-r--r--src/lib/libcrypto/asn1/t_spki.c116
-rw-r--r--src/lib/libcrypto/asn1/t_x509.c485
-rw-r--r--src/lib/libcrypto/asn1/t_x509a.c119
-rw-r--r--src/lib/libcrypto/asn1/tasn_dec.c1260
-rw-r--r--src/lib/libcrypto/asn1/tasn_enc.c682
-rw-r--r--src/lib/libcrypto/asn1/tasn_fre.c242
-rw-r--r--src/lib/libcrypto/asn1/tasn_new.c344
-rw-r--r--src/lib/libcrypto/asn1/tasn_prn.c513
-rw-r--r--src/lib/libcrypto/asn1/tasn_typ.c739
-rw-r--r--src/lib/libcrypto/asn1/tasn_utl.c299
-rw-r--r--src/lib/libcrypto/asn1/x_algor.c295
-rw-r--r--src/lib/libcrypto/asn1/x_attrib.c159
-rw-r--r--src/lib/libcrypto/asn1/x_bignum.c207
-rw-r--r--src/lib/libcrypto/asn1/x_crl.c702
-rw-r--r--src/lib/libcrypto/asn1/x_exten.c164
-rw-r--r--src/lib/libcrypto/asn1/x_info.c96
-rw-r--r--src/lib/libcrypto/asn1/x_long.c241
-rw-r--r--src/lib/libcrypto/asn1/x_name.c666
-rw-r--r--src/lib/libcrypto/asn1/x_pkey.c123
-rw-r--r--src/lib/libcrypto/asn1/x_pubkey.c775
-rw-r--r--src/lib/libcrypto/asn1/x_req.c258
-rw-r--r--src/lib/libcrypto/asn1/x_sig.c138
-rw-r--r--src/lib/libcrypto/asn1/x_spki.c184
-rw-r--r--src/lib/libcrypto/asn1/x_val.c117
-rw-r--r--src/lib/libcrypto/asn1/x_x509.c387
-rw-r--r--src/lib/libcrypto/asn1/x_x509a.c282
66 files changed, 0 insertions, 24389 deletions
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c
deleted file mode 100644
index d5d00c4d44..0000000000
--- a/src/lib/libcrypto/asn1/a_bitstr.c
+++ /dev/null
@@ -1,342 +0,0 @@
1/* $OpenBSD: a_bitstr.c,v 1.43 2024/07/08 14:52:31 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/conf.h>
66#include <openssl/err.h>
67#include <openssl/x509v3.h>
68
69#include "bytestring.h"
70
71const ASN1_ITEM ASN1_BIT_STRING_it = {
72 .itype = ASN1_ITYPE_PRIMITIVE,
73 .utype = V_ASN1_BIT_STRING,
74 .sname = "ASN1_BIT_STRING",
75};
76LCRYPTO_ALIAS(ASN1_BIT_STRING_it);
77
78ASN1_BIT_STRING *
79ASN1_BIT_STRING_new(void)
80{
81 return (ASN1_BIT_STRING *)ASN1_item_new(&ASN1_BIT_STRING_it);
82}
83LCRYPTO_ALIAS(ASN1_BIT_STRING_new);
84
85void
86ASN1_BIT_STRING_free(ASN1_BIT_STRING *a)
87{
88 ASN1_item_free((ASN1_VALUE *)a, &ASN1_BIT_STRING_it);
89}
90LCRYPTO_ALIAS(ASN1_BIT_STRING_free);
91
92static void
93asn1_abs_clear_unused_bits(ASN1_BIT_STRING *abs)
94{
95 abs->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07);
96}
97
98int
99asn1_abs_set_unused_bits(ASN1_BIT_STRING *abs, uint8_t unused_bits)
100{
101 if (unused_bits > 7)
102 return 0;
103
104 asn1_abs_clear_unused_bits(abs);
105
106 abs->flags |= ASN1_STRING_FLAG_BITS_LEFT | unused_bits;
107
108 return 1;
109}
110
111int
112ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len)
113{
114 return ASN1_STRING_set(x, d, len);
115}
116LCRYPTO_ALIAS(ASN1_BIT_STRING_set);
117
118int
119ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
120{
121 int w, v, iv;
122 unsigned char *c;
123
124 if (a == NULL)
125 return 0;
126 if (n < 0)
127 return 0;
128
129 w = n / 8;
130 v = 1 << (7 - (n & 0x07));
131 iv = ~v;
132
133 if (value == 0)
134 v = 0;
135
136 asn1_abs_clear_unused_bits(a);
137
138 if (a->length < w + 1 || a->data == NULL) {
139 /* Don't expand if there's no bit to set. */
140 if (value == 0)
141 return 1;
142 if ((c = recallocarray(a->data, a->length, w + 1, 1)) == NULL) {
143 ASN1error(ERR_R_MALLOC_FAILURE);
144 return 0;
145 }
146 a->data = c;
147 a->length = w + 1;
148 }
149
150 a->data[w] = ((a->data[w]) & iv) | v;
151 while (a->length > 0 && a->data[a->length - 1] == 0)
152 a->length--;
153
154 return 1;
155}
156LCRYPTO_ALIAS(ASN1_BIT_STRING_set_bit);
157
158int
159ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
160{
161 int w, v;
162
163 if (a == NULL)
164 return 0;
165 if (n < 0)
166 return 0;
167
168 w = n / 8;
169 v = 1 << (7 - (n & 0x07));
170
171 if (a->length < w + 1 || a->data == NULL)
172 return 0;
173
174 return (a->data[w] & v) != 0;
175}
176LCRYPTO_ALIAS(ASN1_BIT_STRING_get_bit);
177
178int
179i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp)
180{
181 int ret, j, bits, len;
182 unsigned char *p, *d;
183
184 if (a == NULL)
185 return (0);
186
187 if (a->length == INT_MAX)
188 return (0);
189
190 ret = a->length + 1;
191
192 if (pp == NULL)
193 return (ret);
194
195 len = a->length;
196
197 if (len > 0) {
198 if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) {
199 bits = (int)a->flags & 0x07;
200 } else {
201 j = 0;
202 for (; len > 0; len--) {
203 if (a->data[len - 1])
204 break;
205 }
206 if (len > 0)
207 j = a->data[len - 1];
208 if (j & 0x01)
209 bits = 0;
210 else if (j & 0x02)
211 bits = 1;
212 else if (j & 0x04)
213 bits = 2;
214 else if (j & 0x08)
215 bits = 3;
216 else if (j & 0x10)
217 bits = 4;
218 else if (j & 0x20)
219 bits = 5;
220 else if (j & 0x40)
221 bits = 6;
222 else if (j & 0x80)
223 bits = 7;
224 else
225 bits = 0; /* should not happen */
226 }
227 } else
228 bits = 0;
229
230 p= *pp;
231
232 *(p++) = (unsigned char)bits;
233 d = a->data;
234 if (len > 0) {
235 memcpy(p, d, len);
236 p += len;
237 p[-1] &= 0xff << bits;
238 }
239 *pp = p;
240 return (ret);
241}
242
243int
244c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs)
245{
246 ASN1_BIT_STRING *abs = NULL;
247 uint8_t *data = NULL;
248 size_t data_len = 0;
249 uint8_t unused_bits;
250 int ret = 0;
251
252 if (out_abs == NULL)
253 goto err;
254
255 if (*out_abs != NULL) {
256 ASN1_BIT_STRING_free(*out_abs);
257 *out_abs = NULL;
258 }
259
260 if (!CBS_get_u8(cbs, &unused_bits)) {
261 ASN1error(ASN1_R_STRING_TOO_SHORT);
262 goto err;
263 }
264
265 if (!CBS_stow(cbs, &data, &data_len))
266 goto err;
267 if (data_len > INT_MAX)
268 goto err;
269
270 if ((abs = ASN1_BIT_STRING_new()) == NULL)
271 goto err;
272
273 abs->data = data;
274 abs->length = (int)data_len;
275 data = NULL;
276
277 /*
278 * We do this to preserve the settings. If we modify the settings,
279 * via the _set_bit function, we will recalculate on output.
280 */
281 if (!asn1_abs_set_unused_bits(abs, unused_bits)) {
282 ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
283 goto err;
284 }
285 if (abs->length > 0)
286 abs->data[abs->length - 1] &= 0xff << unused_bits;
287
288 *out_abs = abs;
289 abs = NULL;
290
291 ret = 1;
292
293 err:
294 ASN1_BIT_STRING_free(abs);
295 freezero(data, data_len);
296
297 return ret;
298}
299
300ASN1_BIT_STRING *
301c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out_abs, const unsigned char **pp, long len)
302{
303 ASN1_BIT_STRING *abs = NULL;
304 CBS content;
305
306 if (out_abs != NULL) {
307 ASN1_BIT_STRING_free(*out_abs);
308 *out_abs = NULL;
309 }
310
311 if (len < 0) {
312 ASN1error(ASN1_R_LENGTH_ERROR);
313 return NULL;
314 }
315
316 CBS_init(&content, *pp, len);
317
318 if (!c2i_ASN1_BIT_STRING_cbs(&abs, &content))
319 return NULL;
320
321 *pp = CBS_data(&content);
322
323 if (out_abs != NULL)
324 *out_abs = abs;
325
326 return abs;
327}
328
329int
330i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out)
331{
332 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BIT_STRING_it);
333}
334LCRYPTO_ALIAS(i2d_ASN1_BIT_STRING);
335
336ASN1_BIT_STRING *
337d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len)
338{
339 return (ASN1_BIT_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
340 &ASN1_BIT_STRING_it);
341}
342LCRYPTO_ALIAS(d2i_ASN1_BIT_STRING);
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c
deleted file mode 100644
index 5d3a3dd0c7..0000000000
--- a/src/lib/libcrypto/asn1/a_enum.c
+++ /dev/null
@@ -1,394 +0,0 @@
1/* $OpenBSD: a_enum.c,v 1.30 2024/07/08 14:52:31 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <string.h>
61
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/bn.h>
65#include <openssl/buffer.h>
66#include <openssl/err.h>
67
68#include "asn1_local.h"
69#include "bytestring.h"
70
71/*
72 * Code for ENUMERATED type: identical to INTEGER apart from a different tag.
73 * for comments on encoding see a_int.c
74 */
75
76const ASN1_ITEM ASN1_ENUMERATED_it = {
77 .itype = ASN1_ITYPE_PRIMITIVE,
78 .utype = V_ASN1_ENUMERATED,
79 .sname = "ASN1_ENUMERATED",
80};
81LCRYPTO_ALIAS(ASN1_ENUMERATED_it);
82
83ASN1_ENUMERATED *
84ASN1_ENUMERATED_new(void)
85{
86 return (ASN1_ENUMERATED *)ASN1_item_new(&ASN1_ENUMERATED_it);
87}
88LCRYPTO_ALIAS(ASN1_ENUMERATED_new);
89
90static void
91asn1_aenum_clear(ASN1_ENUMERATED *aenum)
92{
93 freezero(aenum->data, aenum->length);
94
95 memset(aenum, 0, sizeof(*aenum));
96
97 aenum->type = V_ASN1_ENUMERATED;
98}
99
100void
101ASN1_ENUMERATED_free(ASN1_ENUMERATED *a)
102{
103 ASN1_item_free((ASN1_VALUE *)a, &ASN1_ENUMERATED_it);
104}
105LCRYPTO_ALIAS(ASN1_ENUMERATED_free);
106
107int
108ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum)
109{
110 CBS cbs;
111
112 *out_val = 0;
113
114 if (aenum == NULL || aenum->length < 0)
115 return 0;
116
117 if (aenum->type != V_ASN1_ENUMERATED &&
118 aenum->type != V_ASN1_NEG_ENUMERATED) {
119 ASN1error(ASN1_R_WRONG_INTEGER_TYPE);
120 return 0;
121 }
122
123 CBS_init(&cbs, aenum->data, aenum->length);
124
125 return asn1_aint_get_int64(&cbs, (aenum->type == V_ASN1_NEG_ENUMERATED),
126 out_val);
127}
128LCRYPTO_ALIAS(ASN1_ENUMERATED_get_int64);
129
130int
131ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val)
132{
133 uint64_t uval;
134
135 asn1_aenum_clear(aenum);
136
137 uval = (uint64_t)val;
138
139 if (val < 0) {
140 aenum->type = V_ASN1_NEG_ENUMERATED;
141 uval = -uval;
142 }
143
144 return asn1_aint_set_uint64(uval, &aenum->data, &aenum->length);
145}
146LCRYPTO_ALIAS(ASN1_ENUMERATED_set_int64);
147
148long
149ASN1_ENUMERATED_get(const ASN1_ENUMERATED *aenum)
150{
151 int64_t val;
152
153 if (aenum == NULL)
154 return 0;
155 if (!ASN1_ENUMERATED_get_int64(&val, aenum))
156 return -1;
157 if (val < LONG_MIN || val > LONG_MAX) {
158 /* hmm... a bit ugly, return all ones */
159 return -1;
160 }
161
162 return (long)val;
163}
164LCRYPTO_ALIAS(ASN1_ENUMERATED_get);
165
166int
167ASN1_ENUMERATED_set(ASN1_ENUMERATED *aenum, long val)
168{
169 return ASN1_ENUMERATED_set_int64(aenum, val);
170}
171LCRYPTO_ALIAS(ASN1_ENUMERATED_set);
172
173ASN1_ENUMERATED *
174BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
175{
176 ASN1_ENUMERATED *ret;
177 int len, j;
178
179 if (ai == NULL)
180 ret = ASN1_ENUMERATED_new();
181 else
182 ret = ai;
183 if (ret == NULL) {
184 ASN1error(ERR_R_NESTED_ASN1_ERROR);
185 goto err;
186 }
187 if (BN_is_negative(bn))
188 ret->type = V_ASN1_NEG_ENUMERATED;
189 else
190 ret->type = V_ASN1_ENUMERATED;
191 j = BN_num_bits(bn);
192 len = ((j == 0) ? 0 : ((j / 8) + 1));
193 if (ret->length < len + 4) {
194 unsigned char *new_data = realloc(ret->data, len + 4);
195 if (!new_data) {
196 ASN1error(ERR_R_MALLOC_FAILURE);
197 goto err;
198 }
199 ret->data = new_data;
200 }
201 ret->length = BN_bn2bin(bn, ret->data);
202
203 /* Correct zero case */
204 if (!ret->length) {
205 ret->data[0] = 0;
206 ret->length = 1;
207 }
208 return (ret);
209
210 err:
211 if (ret != ai)
212 ASN1_ENUMERATED_free(ret);
213 return (NULL);
214}
215LCRYPTO_ALIAS(BN_to_ASN1_ENUMERATED);
216
217BIGNUM *
218ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
219{
220 BIGNUM *ret;
221
222 if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
223 ASN1error(ASN1_R_BN_LIB);
224 else if (ai->type == V_ASN1_NEG_ENUMERATED)
225 BN_set_negative(ret, 1);
226 return (ret);
227}
228LCRYPTO_ALIAS(ASN1_ENUMERATED_to_BN);
229
230/* Based on a_int.c: equivalent ENUMERATED functions */
231
232int
233i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a)
234{
235 int i, n = 0;
236 static const char h[] = "0123456789ABCDEF";
237 char buf[2];
238
239 if (a == NULL)
240 return (0);
241
242 if (a->length == 0) {
243 if (BIO_write(bp, "00", 2) != 2)
244 goto err;
245 n = 2;
246 } else {
247 for (i = 0; i < a->length; i++) {
248 if ((i != 0) && (i % 35 == 0)) {
249 if (BIO_write(bp, "\\\n", 2) != 2)
250 goto err;
251 n += 2;
252 }
253 buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
254 buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
255 if (BIO_write(bp, buf, 2) != 2)
256 goto err;
257 n += 2;
258 }
259 }
260 return (n);
261
262 err:
263 return (-1);
264}
265LCRYPTO_ALIAS(i2a_ASN1_ENUMERATED);
266
267int
268a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size)
269{
270 int ret = 0;
271 int i, j,k, m,n, again, bufsize;
272 unsigned char *s = NULL, *sp;
273 unsigned char *bufp;
274 int first = 1;
275 size_t num = 0, slen = 0;
276
277 bs->type = V_ASN1_ENUMERATED;
278
279 bufsize = BIO_gets(bp, buf, size);
280 for (;;) {
281 if (bufsize < 1)
282 goto err_sl;
283 i = bufsize;
284 if (buf[i-1] == '\n')
285 buf[--i] = '\0';
286 if (i == 0)
287 goto err_sl;
288 if (buf[i-1] == '\r')
289 buf[--i] = '\0';
290 if (i == 0)
291 goto err_sl;
292 if (buf[i - 1] == '\\') {
293 i--;
294 again = 1;
295 } else
296 again = 0;
297 buf[i] = '\0';
298 if (i < 2)
299 goto err_sl;
300
301 bufp = (unsigned char *)buf;
302 if (first) {
303 first = 0;
304 if ((bufp[0] == '0') && (buf[1] == '0')) {
305 bufp += 2;
306 i -= 2;
307 }
308 }
309 k = 0;
310 if (i % 2 != 0) {
311 ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
312 goto err;
313 }
314 i /= 2;
315 if (num + i > slen) {
316 sp = realloc(s, num + i);
317 if (sp == NULL) {
318 ASN1error(ERR_R_MALLOC_FAILURE);
319 goto err;
320 }
321 s = sp;
322 slen = num + i;
323 }
324 for (j = 0; j < i; j++, k += 2) {
325 for (n = 0; n < 2; n++) {
326 m = bufp[k + n];
327 if ((m >= '0') && (m <= '9'))
328 m -= '0';
329 else if ((m >= 'a') && (m <= 'f'))
330 m = m - 'a' + 10;
331 else if ((m >= 'A') && (m <= 'F'))
332 m = m - 'A' + 10;
333 else {
334 ASN1error(ASN1_R_NON_HEX_CHARACTERS);
335 goto err;
336 }
337 s[num + j] <<= 4;
338 s[num + j] |= m;
339 }
340 }
341 num += i;
342 if (again)
343 bufsize = BIO_gets(bp, buf, size);
344 else
345 break;
346 }
347 bs->length = num;
348 bs->data = s;
349 return (1);
350
351 err_sl:
352 ASN1error(ASN1_R_SHORT_LINE);
353 err:
354 free(s);
355 return (ret);
356}
357LCRYPTO_ALIAS(a2i_ASN1_ENUMERATED);
358
359int
360c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs)
361{
362 ASN1_ENUMERATED *aenum = NULL;
363
364 if (out_aenum == NULL)
365 return 0;
366
367 if (*out_aenum != NULL) {
368 ASN1_INTEGER_free(*out_aenum);
369 *out_aenum = NULL;
370 }
371
372 if (!c2i_ASN1_INTEGER_cbs((ASN1_INTEGER **)&aenum, cbs))
373 return 0;
374
375 aenum->type = V_ASN1_ENUMERATED | (aenum->type & V_ASN1_NEG);
376 *out_aenum = aenum;
377
378 return 1;
379}
380
381int
382i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out)
383{
384 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ENUMERATED_it);
385}
386LCRYPTO_ALIAS(i2d_ASN1_ENUMERATED);
387
388ASN1_ENUMERATED *
389d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len)
390{
391 return (ASN1_ENUMERATED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
392 &ASN1_ENUMERATED_it);
393}
394LCRYPTO_ALIAS(d2i_ASN1_ENUMERATED);
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c
deleted file mode 100644
index 0d9b6577d7..0000000000
--- a/src/lib/libcrypto/asn1/a_int.c
+++ /dev/null
@@ -1,858 +0,0 @@
1/* $OpenBSD: a_int.c,v 1.48 2024/07/08 14:52:31 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/bn.h>
66#include <openssl/buffer.h>
67#include <openssl/err.h>
68
69#include "bytestring.h"
70
71const ASN1_ITEM ASN1_INTEGER_it = {
72 .itype = ASN1_ITYPE_PRIMITIVE,
73 .utype = V_ASN1_INTEGER,
74 .sname = "ASN1_INTEGER",
75};
76LCRYPTO_ALIAS(ASN1_INTEGER_it);
77
78ASN1_INTEGER *
79ASN1_INTEGER_new(void)
80{
81 return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it);
82}
83LCRYPTO_ALIAS(ASN1_INTEGER_new);
84
85static void
86asn1_aint_clear(ASN1_INTEGER *aint)
87{
88 freezero(aint->data, aint->length);
89
90 memset(aint, 0, sizeof(*aint));
91
92 aint->type = V_ASN1_INTEGER;
93}
94
95void
96ASN1_INTEGER_free(ASN1_INTEGER *a)
97{
98 ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it);
99}
100LCRYPTO_ALIAS(ASN1_INTEGER_free);
101
102static int
103ASN1_INTEGER_valid(const ASN1_INTEGER *a)
104{
105 return (a != NULL && a->length >= 0);
106}
107
108ASN1_INTEGER *
109ASN1_INTEGER_dup(const ASN1_INTEGER *x)
110{
111 if (!ASN1_INTEGER_valid(x))
112 return NULL;
113
114 return ASN1_STRING_dup(x);
115}
116LCRYPTO_ALIAS(ASN1_INTEGER_dup);
117
118int
119ASN1_INTEGER_cmp(const ASN1_INTEGER *a, const ASN1_INTEGER *b)
120{
121 int ret = 1;
122
123 /* Compare sign, then content. */
124 if ((a->type & V_ASN1_NEG) == (b->type & V_ASN1_NEG))
125 ret = ASN1_STRING_cmp(a, b);
126
127 if ((a->type & V_ASN1_NEG) != 0)
128 return -ret;
129
130 return ret;
131}
132LCRYPTO_ALIAS(ASN1_INTEGER_cmp);
133
134int
135asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val)
136{
137 uint64_t val = 0;
138 uint8_t u8;
139
140 *out_val = 0;
141
142 while (CBS_len(cbs) > 0) {
143 if (!CBS_get_u8(cbs, &u8))
144 return 0;
145 if (val > (UINT64_MAX >> 8)) {
146 ASN1error(ASN1_R_TOO_LARGE);
147 return 0;
148 }
149 val = val << 8 | u8;
150 }
151
152 *out_val = val;
153
154 return 1;
155}
156
157int
158asn1_aint_set_uint64(uint64_t val, uint8_t **out_data, int *out_len)
159{
160 uint8_t *data = NULL;
161 size_t data_len = 0;
162 int started = 0;
163 uint8_t u8;
164 CBB cbb;
165 int i;
166 int ret = 0;
167
168 if (!CBB_init(&cbb, sizeof(long)))
169 goto err;
170
171 if (out_data == NULL || out_len == NULL)
172 goto err;
173 if (*out_data != NULL || *out_len != 0)
174 goto err;
175
176 for (i = sizeof(uint64_t) - 1; i >= 0; i--) {
177 u8 = (val >> (i * 8)) & 0xff;
178 if (!started && i != 0 && u8 == 0)
179 continue;
180 if (!CBB_add_u8(&cbb, u8))
181 goto err;
182 started = 1;
183 }
184
185 if (!CBB_finish(&cbb, &data, &data_len))
186 goto err;
187 if (data_len > INT_MAX)
188 goto err;
189
190 *out_data = data;
191 *out_len = (int)data_len;
192 data = NULL;
193
194 ret = 1;
195 err:
196 CBB_cleanup(&cbb);
197 freezero(data, data_len);
198
199 return ret;
200}
201
202int
203asn1_aint_get_int64(CBS *cbs, int negative, int64_t *out_val)
204{
205 uint64_t val;
206
207 if (!asn1_aint_get_uint64(cbs, &val))
208 return 0;
209
210 if (negative) {
211 if (val > (uint64_t)INT64_MIN) {
212 ASN1error(ASN1_R_TOO_SMALL);
213 return 0;
214 }
215 *out_val = (int64_t)-val;
216 } else {
217 if (val > (uint64_t)INT64_MAX) {
218 ASN1error(ASN1_R_TOO_LARGE);
219 return 0;
220 }
221 *out_val = (int64_t)val;
222 }
223
224 return 1;
225}
226
227int
228ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint)
229{
230 uint64_t val;
231 CBS cbs;
232
233 *out_val = 0;
234
235 if (aint == NULL || aint->length < 0)
236 return 0;
237
238 if (aint->type == V_ASN1_NEG_INTEGER) {
239 ASN1error(ASN1_R_ILLEGAL_NEGATIVE_VALUE);
240 return 0;
241 }
242 if (aint->type != V_ASN1_INTEGER) {
243 ASN1error(ASN1_R_WRONG_INTEGER_TYPE);
244 return 0;
245 }
246
247 CBS_init(&cbs, aint->data, aint->length);
248
249 if (!asn1_aint_get_uint64(&cbs, &val))
250 return 0;
251
252 *out_val = val;
253
254 return 1;
255}
256LCRYPTO_ALIAS(ASN1_INTEGER_get_uint64);
257
258int
259ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val)
260{
261 asn1_aint_clear(aint);
262
263 return asn1_aint_set_uint64(val, &aint->data, &aint->length);
264}
265LCRYPTO_ALIAS(ASN1_INTEGER_set_uint64);
266
267int
268ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint)
269{
270 CBS cbs;
271
272 *out_val = 0;
273
274 if (aint == NULL || aint->length < 0)
275 return 0;
276
277 if (aint->type != V_ASN1_INTEGER &&
278 aint->type != V_ASN1_NEG_INTEGER) {
279 ASN1error(ASN1_R_WRONG_INTEGER_TYPE);
280 return 0;
281 }
282
283 CBS_init(&cbs, aint->data, aint->length);
284
285 return asn1_aint_get_int64(&cbs, (aint->type == V_ASN1_NEG_INTEGER),
286 out_val);
287}
288LCRYPTO_ALIAS(ASN1_INTEGER_get_int64);
289
290int
291ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val)
292{
293 uint64_t uval;
294
295 asn1_aint_clear(aint);
296
297 uval = (uint64_t)val;
298
299 if (val < 0) {
300 aint->type = V_ASN1_NEG_INTEGER;
301 uval = -uval;
302 }
303
304 return asn1_aint_set_uint64(uval, &aint->data, &aint->length);
305}
306LCRYPTO_ALIAS(ASN1_INTEGER_set_int64);
307
308long
309ASN1_INTEGER_get(const ASN1_INTEGER *aint)
310{
311 int64_t val;
312
313 if (aint == NULL)
314 return 0;
315 if (!ASN1_INTEGER_get_int64(&val, aint))
316 return -1;
317 if (val < LONG_MIN || val > LONG_MAX) {
318 /* hmm... a bit ugly, return all ones */
319 return -1;
320 }
321
322 return (long)val;
323}
324LCRYPTO_ALIAS(ASN1_INTEGER_get);
325
326int
327ASN1_INTEGER_set(ASN1_INTEGER *aint, long val)
328{
329 return ASN1_INTEGER_set_int64(aint, val);
330}
331LCRYPTO_ALIAS(ASN1_INTEGER_set);
332
333ASN1_INTEGER *
334BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
335{
336 ASN1_INTEGER *ret;
337 int len, j;
338
339 if (ai == NULL)
340 ret = ASN1_INTEGER_new();
341 else
342 ret = ai;
343 if (ret == NULL) {
344 ASN1error(ERR_R_NESTED_ASN1_ERROR);
345 goto err;
346 }
347
348 if (!ASN1_INTEGER_valid(ret))
349 goto err;
350
351 if (BN_is_negative(bn))
352 ret->type = V_ASN1_NEG_INTEGER;
353 else
354 ret->type = V_ASN1_INTEGER;
355 j = BN_num_bits(bn);
356 len = ((j == 0) ? 0 : ((j / 8) + 1));
357 if (ret->length < len + 4) {
358 unsigned char *new_data = realloc(ret->data, len + 4);
359 if (!new_data) {
360 ASN1error(ERR_R_MALLOC_FAILURE);
361 goto err;
362 }
363 ret->data = new_data;
364 }
365 ret->length = BN_bn2bin(bn, ret->data);
366
367 /* Correct zero case */
368 if (!ret->length) {
369 ret->data[0] = 0;
370 ret->length = 1;
371 }
372 return (ret);
373
374 err:
375 if (ret != ai)
376 ASN1_INTEGER_free(ret);
377 return (NULL);
378}
379LCRYPTO_ALIAS(BN_to_ASN1_INTEGER);
380
381BIGNUM *
382ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
383{
384 BIGNUM *ret;
385
386 if (!ASN1_INTEGER_valid(ai))
387 return (NULL);
388
389 if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
390 ASN1error(ASN1_R_BN_LIB);
391 else if (ai->type == V_ASN1_NEG_INTEGER)
392 BN_set_negative(ret, 1);
393 return (ret);
394}
395LCRYPTO_ALIAS(ASN1_INTEGER_to_BN);
396
397int
398i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a)
399{
400 int i, n = 0;
401 static const char h[] = "0123456789ABCDEF";
402 char buf[2];
403
404 if (a == NULL)
405 return (0);
406
407 if (a->type & V_ASN1_NEG) {
408 if (BIO_write(bp, "-", 1) != 1)
409 goto err;
410 n = 1;
411 }
412
413 if (a->length == 0) {
414 if (BIO_write(bp, "00", 2) != 2)
415 goto err;
416 n += 2;
417 } else {
418 for (i = 0; i < a->length; i++) {
419 if ((i != 0) && (i % 35 == 0)) {
420 if (BIO_write(bp, "\\\n", 2) != 2)
421 goto err;
422 n += 2;
423 }
424 buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f];
425 buf[1] = h[((unsigned char)a->data[i]) & 0x0f];
426 if (BIO_write(bp, buf, 2) != 2)
427 goto err;
428 n += 2;
429 }
430 }
431 return (n);
432
433 err:
434 return (-1);
435}
436LCRYPTO_ALIAS(i2a_ASN1_INTEGER);
437
438int
439a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size)
440{
441 int ret = 0;
442 int i, j,k, m,n, again, bufsize;
443 unsigned char *s = NULL, *sp;
444 unsigned char *bufp;
445 int num = 0, slen = 0, first = 1;
446
447 bs->type = V_ASN1_INTEGER;
448
449 bufsize = BIO_gets(bp, buf, size);
450 for (;;) {
451 if (bufsize < 1)
452 goto err_sl;
453 i = bufsize;
454 if (buf[i - 1] == '\n')
455 buf[--i] = '\0';
456 if (i == 0)
457 goto err_sl;
458 if (buf[i - 1] == '\r')
459 buf[--i] = '\0';
460 if (i == 0)
461 goto err_sl;
462 if (buf[i - 1] == '\\') {
463 i--;
464 again = 1;
465 } else
466 again = 0;
467 buf[i] = '\0';
468 if (i < 2)
469 goto err_sl;
470
471 bufp = (unsigned char *)buf;
472 if (first) {
473 first = 0;
474 if ((bufp[0] == '0') && (buf[1] == '0')) {
475 bufp += 2;
476 i -= 2;
477 }
478 }
479 k = 0;
480 if (i % 2 != 0) {
481 ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
482 goto err;
483 }
484 i /= 2;
485 if (num + i > slen) {
486 if ((sp = recallocarray(s, slen, num + i, 1)) == NULL) {
487 ASN1error(ERR_R_MALLOC_FAILURE);
488 goto err;
489 }
490 s = sp;
491 slen = num + i;
492 }
493 for (j = 0; j < i; j++, k += 2) {
494 for (n = 0; n < 2; n++) {
495 m = bufp[k + n];
496 if ((m >= '0') && (m <= '9'))
497 m -= '0';
498 else if ((m >= 'a') && (m <= 'f'))
499 m = m - 'a' + 10;
500 else if ((m >= 'A') && (m <= 'F'))
501 m = m - 'A' + 10;
502 else {
503 ASN1error(ASN1_R_NON_HEX_CHARACTERS);
504 goto err;
505 }
506 s[num + j] <<= 4;
507 s[num + j] |= m;
508 }
509 }
510 num += i;
511 if (again)
512 bufsize = BIO_gets(bp, buf, size);
513 else
514 break;
515 }
516 bs->length = num;
517 bs->data = s;
518 return (1);
519
520 err_sl:
521 ASN1error(ASN1_R_SHORT_LINE);
522 err:
523 free(s);
524 return (ret);
525}
526LCRYPTO_ALIAS(a2i_ASN1_INTEGER);
527
528static void
529asn1_aint_twos_complement(uint8_t *data, size_t data_len)
530{
531 uint8_t carry = 1;
532 ssize_t i;
533
534 for (i = data_len - 1; i >= 0; i--) {
535 data[i] = (data[i] ^ 0xff) + carry;
536 if (data[i] != 0)
537 carry = 0;
538 }
539}
540
541static int
542asn1_aint_keep_twos_padding(const uint8_t *data, size_t data_len)
543{
544 size_t i;
545
546 /*
547 * If a two's complement value has a padding byte (0xff) and the rest
548 * of the value is all zeros, the padding byte cannot be removed as when
549 * converted from two's complement this becomes 0x01 (in the place of
550 * the padding byte) followed by the same number of zero bytes.
551 */
552 if (data_len <= 1 || data[0] != 0xff)
553 return 0;
554 for (i = 1; i < data_len; i++) {
555 if (data[i] != 0)
556 return 0;
557 }
558 return 1;
559}
560
561static int
562i2c_ASN1_INTEGER_cbb(ASN1_INTEGER *aint, CBB *cbb)
563{
564 uint8_t *data = NULL;
565 size_t data_len = 0;
566 uint8_t padding, val;
567 uint8_t msb;
568 CBS cbs;
569 int ret = 0;
570
571 if (aint->length < 0)
572 goto err;
573 if (aint->data == NULL && aint->length != 0)
574 goto err;
575
576 if ((aint->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED &&
577 (aint->type & ~V_ASN1_NEG) != V_ASN1_INTEGER)
578 goto err;
579
580 CBS_init(&cbs, aint->data, aint->length);
581
582 /* Find the first non-zero byte. */
583 while (CBS_len(&cbs) > 0) {
584 if (!CBS_peek_u8(&cbs, &val))
585 goto err;
586 if (val != 0)
587 break;
588 if (!CBS_skip(&cbs, 1))
589 goto err;
590 }
591
592 /* A zero value is encoded as a single octet. */
593 if (CBS_len(&cbs) == 0) {
594 if (!CBB_add_u8(cbb, 0))
595 goto err;
596 goto done;
597 }
598
599 if (!CBS_stow(&cbs, &data, &data_len))
600 goto err;
601
602 if ((aint->type & V_ASN1_NEG) != 0)
603 asn1_aint_twos_complement(data, data_len);
604
605 /* Topmost bit indicates sign, padding is all zeros or all ones. */
606 msb = (data[0] >> 7);
607 padding = (msb - 1) & 0xff;
608
609 /* See if we need a padding octet to avoid incorrect sign. */
610 if (((aint->type & V_ASN1_NEG) == 0 && msb == 1) ||
611 ((aint->type & V_ASN1_NEG) != 0 && msb == 0)) {
612 if (!CBB_add_u8(cbb, padding))
613 goto err;
614 }
615 if (!CBB_add_bytes(cbb, data, data_len))
616 goto err;
617
618 done:
619 ret = 1;
620
621 err:
622 freezero(data, data_len);
623
624 return ret;
625}
626
627int
628i2c_ASN1_INTEGER(ASN1_INTEGER *aint, unsigned char **pp)
629{
630 uint8_t *data = NULL;
631 size_t data_len = 0;
632 CBB cbb;
633 int ret = -3;
634
635 if (!CBB_init(&cbb, 0))
636 goto err;
637 if (!i2c_ASN1_INTEGER_cbb(aint, &cbb))
638 goto err;
639 if (!CBB_finish(&cbb, &data, &data_len))
640 goto err;
641 if (data_len > INT_MAX)
642 goto err;
643
644 if (pp != NULL) {
645 if ((uintptr_t)*pp > UINTPTR_MAX - data_len)
646 goto err;
647 memcpy(*pp, data, data_len);
648 *pp += data_len;
649 }
650
651 ret = data_len;
652
653 err:
654 freezero(data, data_len);
655 CBB_cleanup(&cbb);
656
657 return ret;
658}
659
660int
661c2i_ASN1_INTEGER_cbs(ASN1_INTEGER **out_aint, CBS *cbs)
662{
663 ASN1_INTEGER *aint = NULL;
664 uint8_t *data = NULL;
665 size_t data_len = 0;
666 uint8_t padding, val;
667 uint8_t negative;
668 int ret = 0;
669
670 if (out_aint == NULL)
671 goto err;
672
673 if (*out_aint != NULL) {
674 ASN1_INTEGER_free(*out_aint);
675 *out_aint = NULL;
676 }
677
678 if (CBS_len(cbs) == 0) {
679 /* XXX INVALID ENCODING? */
680 ASN1error(ERR_R_ASN1_LENGTH_MISMATCH);
681 goto err;
682 }
683 if (!CBS_peek_u8(cbs, &val))
684 goto err;
685
686 /* Topmost bit indicates sign, padding is all zeros or all ones. */
687 negative = (val >> 7);
688 padding = ~(negative - 1) & 0xff;
689
690 /*
691 * Ensure that the first 9 bits are not all zero or all one, as per
692 * X.690 section 8.3.2. Remove the padding octet if possible.
693 */
694 if (CBS_len(cbs) > 1 && val == padding) {
695 if (!asn1_aint_keep_twos_padding(CBS_data(cbs), CBS_len(cbs))) {
696 if (!CBS_get_u8(cbs, &padding))
697 goto err;
698 if (!CBS_peek_u8(cbs, &val))
699 goto err;
700 if ((val >> 7) == (padding >> 7)) {
701 /* XXX INVALID ENCODING? */
702 ASN1error(ERR_R_ASN1_LENGTH_MISMATCH);
703 goto err;
704 }
705 }
706 }
707
708 if (!CBS_stow(cbs, &data, &data_len))
709 goto err;
710 if (data_len > INT_MAX)
711 goto err;
712
713 if ((aint = ASN1_INTEGER_new()) == NULL)
714 goto err;
715
716 /*
717 * Negative integers are handled as a separate type - convert from
718 * two's complement for internal representation.
719 */
720 if (negative) {
721 aint->type = V_ASN1_NEG_INTEGER;
722 asn1_aint_twos_complement(data, data_len);
723 }
724
725 aint->data = data;
726 aint->length = (int)data_len;
727 data = NULL;
728
729 *out_aint = aint;
730 aint = NULL;
731
732 ret = 1;
733
734 err:
735 ASN1_INTEGER_free(aint);
736 freezero(data, data_len);
737
738 return ret;
739}
740
741ASN1_INTEGER *
742c2i_ASN1_INTEGER(ASN1_INTEGER **out_aint, const unsigned char **pp, long len)
743{
744 ASN1_INTEGER *aint = NULL;
745 CBS content;
746
747 if (out_aint != NULL) {
748 ASN1_INTEGER_free(*out_aint);
749 *out_aint = NULL;
750 }
751
752 if (len < 0) {
753 ASN1error(ASN1_R_LENGTH_ERROR);
754 return NULL;
755 }
756
757 CBS_init(&content, *pp, len);
758
759 if (!c2i_ASN1_INTEGER_cbs(&aint, &content))
760 return NULL;
761
762 *pp = CBS_data(&content);
763
764 if (out_aint != NULL)
765 *out_aint = aint;
766
767 return aint;
768}
769
770int
771i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out)
772{
773 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it);
774}
775LCRYPTO_ALIAS(i2d_ASN1_INTEGER);
776
777ASN1_INTEGER *
778d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len)
779{
780 return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
781 &ASN1_INTEGER_it);
782}
783LCRYPTO_ALIAS(d2i_ASN1_INTEGER);
784
785/* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
786 * ASN1 integers: some broken software can encode a positive INTEGER
787 * with its MSB set as negative (it doesn't add a padding zero).
788 */
789
790ASN1_INTEGER *
791d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length)
792{
793 ASN1_INTEGER *ret = NULL;
794 const unsigned char *p;
795 unsigned char *s;
796 long len;
797 int inf, tag, xclass;
798 int i;
799
800 if ((a == NULL) || ((*a) == NULL)) {
801 if ((ret = ASN1_INTEGER_new()) == NULL)
802 return (NULL);
803 } else
804 ret = (*a);
805
806 if (!ASN1_INTEGER_valid(ret)) {
807 i = ERR_R_ASN1_LENGTH_MISMATCH;
808 goto err;
809 }
810
811 p = *pp;
812 inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
813 if (inf & 0x80) {
814 i = ASN1_R_BAD_OBJECT_HEADER;
815 goto err;
816 }
817
818 if (tag != V_ASN1_INTEGER) {
819 i = ASN1_R_EXPECTING_AN_INTEGER;
820 goto err;
821 }
822
823 /* We must malloc stuff, even for 0 bytes otherwise it
824 * signifies a missing NULL parameter. */
825 if (len < 0 || len > INT_MAX) {
826 i = ERR_R_ASN1_LENGTH_MISMATCH;
827 goto err;
828 }
829 s = malloc(len + 1);
830 if (s == NULL) {
831 i = ERR_R_MALLOC_FAILURE;
832 goto err;
833 }
834 ret->type = V_ASN1_INTEGER;
835 if (len) {
836 if ((*p == 0) && (len != 1)) {
837 p++;
838 len--;
839 }
840 memcpy(s, p, len);
841 p += len;
842 }
843
844 free(ret->data);
845 ret->data = s;
846 ret->length = (int)len;
847 if (a != NULL)
848 (*a) = ret;
849 *pp = p;
850 return (ret);
851
852 err:
853 ASN1error(i);
854 if (a == NULL || *a != ret)
855 ASN1_INTEGER_free(ret);
856 return (NULL);
857}
858LCRYPTO_ALIAS(d2i_ASN1_UINTEGER);
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c
deleted file mode 100644
index f050f97539..0000000000
--- a/src/lib/libcrypto/asn1/a_mbstr.c
+++ /dev/null
@@ -1,449 +0,0 @@
1/* $OpenBSD: a_mbstr.c,v 1.27 2023/07/05 21:23:36 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <ctype.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/err.h>
65
66#include "asn1_local.h"
67
68static int traverse_string(const unsigned char *p, int len, int inform,
69 int (*rfunc)(unsigned long value, void *in), void *arg);
70static int in_utf8(unsigned long value, void *arg);
71static int out_utf8(unsigned long value, void *arg);
72static int type_str(unsigned long value, void *arg);
73static int cpy_asc(unsigned long value, void *arg);
74static int cpy_bmp(unsigned long value, void *arg);
75static int cpy_univ(unsigned long value, void *arg);
76static int cpy_utf8(unsigned long value, void *arg);
77static int is_printable(unsigned long value);
78
79/* These functions take a string in UTF8, ASCII or multibyte form and
80 * a mask of permissible ASN1 string types. It then works out the minimal
81 * type (using the order Printable < IA5 < T61 < BMP < Universal < UTF8)
82 * and creates a string of the correct type with the supplied data.
83 * Yes this is horrible: it has to be :-(
84 * The 'ncopy' form checks minimum and maximum size limits too.
85 */
86
87int
88ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
89 int inform, unsigned long mask)
90{
91 return ASN1_mbstring_ncopy(out, in, len, inform, mask, 0, 0);
92}
93LCRYPTO_ALIAS(ASN1_mbstring_copy);
94
95int
96ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
97 int inform, unsigned long mask, long minsize, long maxsize)
98{
99 int str_type;
100 int ret;
101 char free_out;
102 int outform, outlen = 0;
103 ASN1_STRING *dest;
104 unsigned char *p;
105 int nchar;
106 int (*cpyfunc)(unsigned long, void *) = NULL;
107
108 if (len < 0)
109 len = strlen((const char *)in);
110 if (!mask)
111 mask = DIRSTRING_TYPE;
112
113 /* First do a string check and work out the number of characters */
114 switch (inform) {
115 case MBSTRING_BMP:
116 if (len & 1) {
117 ASN1error(ASN1_R_INVALID_BMPSTRING_LENGTH);
118 return -1;
119 }
120 nchar = len >> 1;
121 break;
122
123 case MBSTRING_UNIV:
124 if (len & 3) {
125 ASN1error(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH);
126 return -1;
127 }
128 nchar = len >> 2;
129 break;
130
131 case MBSTRING_UTF8:
132 nchar = 0;
133 /* This counts the characters and does utf8 syntax checking */
134 ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar);
135 if (ret < 0) {
136 ASN1error(ASN1_R_INVALID_UTF8STRING);
137 return -1;
138 }
139 break;
140
141 case MBSTRING_ASC:
142 nchar = len;
143 break;
144
145 default:
146 ASN1error(ASN1_R_UNKNOWN_FORMAT);
147 return -1;
148 }
149
150 if ((minsize > 0) && (nchar < minsize)) {
151 ASN1error(ASN1_R_STRING_TOO_SHORT);
152 ERR_asprintf_error_data("minsize=%ld", minsize);
153 return -1;
154 }
155
156 if ((maxsize > 0) && (nchar > maxsize)) {
157 ASN1error(ASN1_R_STRING_TOO_LONG);
158 ERR_asprintf_error_data("maxsize=%ld", maxsize);
159 return -1;
160 }
161
162 /* Now work out minimal type (if any) */
163 if (traverse_string(in, len, inform, type_str, &mask) < 0) {
164 ASN1error(ASN1_R_ILLEGAL_CHARACTERS);
165 return -1;
166 }
167
168
169 /* Now work out output format and string type */
170 outform = MBSTRING_ASC;
171 if (mask & B_ASN1_PRINTABLESTRING)
172 str_type = V_ASN1_PRINTABLESTRING;
173 else if (mask & B_ASN1_IA5STRING)
174 str_type = V_ASN1_IA5STRING;
175 else if (mask & B_ASN1_T61STRING)
176 str_type = V_ASN1_T61STRING;
177 else if (mask & B_ASN1_BMPSTRING) {
178 str_type = V_ASN1_BMPSTRING;
179 outform = MBSTRING_BMP;
180 } else if (mask & B_ASN1_UNIVERSALSTRING) {
181 str_type = V_ASN1_UNIVERSALSTRING;
182 outform = MBSTRING_UNIV;
183 } else {
184 str_type = V_ASN1_UTF8STRING;
185 outform = MBSTRING_UTF8;
186 }
187 if (!out)
188 return str_type;
189 if (*out) {
190 free_out = 0;
191 dest = *out;
192 if (dest->data) {
193 dest->length = 0;
194 free(dest->data);
195 dest->data = NULL;
196 }
197 dest->type = str_type;
198 } else {
199 free_out = 1;
200 dest = ASN1_STRING_type_new(str_type);
201 if (!dest) {
202 ASN1error(ERR_R_MALLOC_FAILURE);
203 return -1;
204 }
205 *out = dest;
206 }
207 /* If both the same type just copy across */
208 if (inform == outform) {
209 if (!ASN1_STRING_set(dest, in, len)) {
210 ASN1error(ERR_R_MALLOC_FAILURE);
211 goto err;
212 }
213 return str_type;
214 }
215
216 /* Work out how much space the destination will need */
217 switch (outform) {
218 case MBSTRING_ASC:
219 outlen = nchar;
220 cpyfunc = cpy_asc;
221 break;
222
223 case MBSTRING_BMP:
224 outlen = nchar << 1;
225 cpyfunc = cpy_bmp;
226 break;
227
228 case MBSTRING_UNIV:
229 outlen = nchar << 2;
230 cpyfunc = cpy_univ;
231 break;
232
233 case MBSTRING_UTF8:
234 outlen = 0;
235 if (traverse_string(in, len, inform, out_utf8, &outlen) < 0) {
236 ASN1error(ASN1_R_ILLEGAL_CHARACTERS);
237 goto err;
238 }
239 cpyfunc = cpy_utf8;
240 break;
241 }
242 if (!(p = malloc(outlen + 1))) {
243 ASN1error(ERR_R_MALLOC_FAILURE);
244 goto err;
245 }
246 dest->length = outlen;
247 dest->data = p;
248 p[outlen] = 0;
249 traverse_string(in, len, inform, cpyfunc, &p);
250 return str_type;
251
252 err:
253 if (free_out) {
254 ASN1_STRING_free(dest);
255 *out = NULL;
256 }
257 return -1;
258}
259LCRYPTO_ALIAS(ASN1_mbstring_ncopy);
260
261/* This function traverses a string and passes the value of each character
262 * to an optional function along with a void * argument.
263 */
264
265static int
266traverse_string(const unsigned char *p, int len, int inform,
267 int (*rfunc)(unsigned long value, void *in), void *arg)
268{
269 unsigned long value;
270 int ret;
271
272 while (len) {
273 switch (inform) {
274 case MBSTRING_ASC:
275 value = *p++;
276 len--;
277 break;
278 case MBSTRING_BMP:
279 value = *p++ << 8;
280 value |= *p++;
281 /* BMP is explicitly defined to not support surrogates */
282 if (UNICODE_IS_SURROGATE(value))
283 return -1;
284 len -= 2;
285 break;
286 case MBSTRING_UNIV:
287 value = (unsigned long)*p++ << 24;
288 value |= *p++ << 16;
289 value |= *p++ << 8;
290 value |= *p++;
291 if (value > UNICODE_MAX || UNICODE_IS_SURROGATE(value))
292 return -1;
293 len -= 4;
294 break;
295 default:
296 ret = UTF8_getc(p, len, &value);
297 if (ret < 0)
298 return -1;
299 len -= ret;
300 p += ret;
301 break;
302 }
303 if (rfunc) {
304 ret = rfunc(value, arg);
305 if (ret <= 0)
306 return ret;
307 }
308 }
309 return 1;
310}
311
312/* Various utility functions for traverse_string */
313
314/* Just count number of characters */
315
316static int
317in_utf8(unsigned long value, void *arg)
318{
319 int *nchar;
320
321 nchar = arg;
322 (*nchar)++;
323 return 1;
324}
325
326/* Determine size of output as a UTF8 String */
327
328static int
329out_utf8(unsigned long value, void *arg)
330{
331 int *outlen;
332 int ret;
333
334 outlen = arg;
335 ret = UTF8_putc(NULL, -1, value);
336 if (ret < 0)
337 return ret;
338 *outlen += ret;
339 return 1;
340}
341
342/* Determine the "type" of a string: check each character against a
343 * supplied "mask".
344 */
345
346static int
347type_str(unsigned long value, void *arg)
348{
349 unsigned long types;
350
351 types = *((unsigned long *)arg);
352 if ((types & B_ASN1_PRINTABLESTRING) && !is_printable(value))
353 types &= ~B_ASN1_PRINTABLESTRING;
354 if ((types & B_ASN1_IA5STRING) && (value > 127))
355 types &= ~B_ASN1_IA5STRING;
356 if ((types & B_ASN1_T61STRING) && (value > 0xff))
357 types &= ~B_ASN1_T61STRING;
358 if ((types & B_ASN1_BMPSTRING) && (value > 0xffff))
359 types &= ~B_ASN1_BMPSTRING;
360 if (!types)
361 return -1;
362 *((unsigned long *)arg) = types;
363 return 1;
364}
365
366/* Copy one byte per character ASCII like strings */
367
368static int
369cpy_asc(unsigned long value, void *arg)
370{
371 unsigned char **p, *q;
372
373 p = arg;
374 q = *p;
375 *q = value;
376 (*p)++;
377 return 1;
378}
379
380/* Copy two byte per character BMPStrings */
381
382static int
383cpy_bmp(unsigned long value, void *arg)
384{
385 unsigned char **p, *q;
386
387 p = arg;
388 q = *p;
389 *q++ = (value >> 8) & 0xff;
390 *q = value & 0xff;
391 *p += 2;
392 return 1;
393}
394
395/* Copy four byte per character UniversalStrings */
396
397static int
398cpy_univ(unsigned long value, void *arg)
399{
400 unsigned char **p, *q;
401
402 p = arg;
403 q = *p;
404 *q++ = (value >> 24) & 0xff;
405 *q++ = (value >> 16) & 0xff;
406 *q++ = (value >> 8) & 0xff;
407 *q = value & 0xff;
408 *p += 4;
409 return 1;
410}
411
412/* Copy to a UTF8String */
413
414static int
415cpy_utf8(unsigned long value, void *arg)
416{
417 unsigned char **p;
418
419 int ret;
420 p = arg;
421 /* We already know there is enough room so pass 0xff as the length */
422 ret = UTF8_putc(*p, 0xff, value);
423 *p += ret;
424 return 1;
425}
426
427/* Return 1 if the character is permitted in a PrintableString */
428static int
429is_printable(unsigned long value)
430{
431 int ch;
432
433 if (value > 0x7f)
434 return 0;
435 ch = (int)value;
436
437 /* Note: we can't use 'isalnum' because certain accented
438 * characters may count as alphanumeric in some environments.
439 */
440 if ((ch >= 'a') && (ch <= 'z'))
441 return 1;
442 if ((ch >= 'A') && (ch <= 'Z'))
443 return 1;
444 if ((ch >= '0') && (ch <= '9'))
445 return 1;
446 if ((ch == ' ') || strchr("'()+,-./:=?", ch))
447 return 1;
448 return 0;
449}
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c
deleted file mode 100644
index 2f3ca1398f..0000000000
--- a/src/lib/libcrypto/asn1/a_object.c
+++ /dev/null
@@ -1,688 +0,0 @@
1/* $OpenBSD: a_object.c,v 1.55 2024/07/08 14:52:31 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/err.h>
66#include <openssl/buffer.h>
67#include <openssl/objects.h>
68
69#include "asn1_local.h"
70
71const ASN1_ITEM ASN1_OBJECT_it = {
72 .itype = ASN1_ITYPE_PRIMITIVE,
73 .utype = V_ASN1_OBJECT,
74 .sname = "ASN1_OBJECT",
75};
76LCRYPTO_ALIAS(ASN1_OBJECT_it);
77
78ASN1_OBJECT *
79ASN1_OBJECT_new(void)
80{
81 ASN1_OBJECT *a;
82
83 if ((a = calloc(1, sizeof(ASN1_OBJECT))) == NULL) {
84 ASN1error(ERR_R_MALLOC_FAILURE);
85 return (NULL);
86 }
87 a->flags = ASN1_OBJECT_FLAG_DYNAMIC;
88
89 return a;
90}
91LCRYPTO_ALIAS(ASN1_OBJECT_new);
92
93void
94ASN1_OBJECT_free(ASN1_OBJECT *a)
95{
96 if (a == NULL)
97 return;
98 if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
99 free((void *)a->sn);
100 free((void *)a->ln);
101 a->sn = a->ln = NULL;
102 }
103 if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
104 freezero((void *)a->data, a->length);
105 a->data = NULL;
106 a->length = 0;
107 }
108 if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
109 free(a);
110}
111LCRYPTO_ALIAS(ASN1_OBJECT_free);
112
113ASN1_OBJECT *
114ASN1_OBJECT_create(int nid, unsigned char *data, int len,
115 const char *sn, const char *ln)
116{
117 ASN1_OBJECT o;
118
119 o.sn = sn;
120 o.ln = ln;
121 o.data = data;
122 o.nid = nid;
123 o.length = len;
124 o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
125 ASN1_OBJECT_FLAG_DYNAMIC_DATA;
126 return (OBJ_dup(&o));
127}
128LCRYPTO_ALIAS(ASN1_OBJECT_create);
129
130static int
131oid_add_arc(CBB *cbb, uint64_t arc)
132{
133 int started = 0;
134 uint8_t val;
135 int i;
136
137 for (i = (sizeof(arc) * 8) / 7; i >= 0; i--) {
138 val = (arc >> (i * 7)) & 0x7f;
139 if (!started && i != 0 && val == 0)
140 continue;
141 if (i > 0)
142 val |= 0x80;
143 if (!CBB_add_u8(cbb, val))
144 return 0;
145 started = 1;
146 }
147
148 return 1;
149}
150
151static int
152oid_parse_arc(CBS *cbs, uint64_t *out_arc)
153{
154 uint64_t arc = 0;
155 uint8_t val;
156
157 do {
158 if (!CBS_get_u8(cbs, &val))
159 return 0;
160 if (arc == 0 && val == 0x80)
161 return 0;
162 if (out_arc != NULL && arc > (UINT64_MAX >> 7))
163 return 0;
164 arc = (arc << 7) | (val & 0x7f);
165 } while (val & 0x80);
166
167 if (out_arc != NULL)
168 *out_arc = arc;
169
170 return 1;
171}
172
173static int
174oid_add_arc_txt(CBB *cbb, uint64_t arc, int first)
175{
176 const char *fmt = ".%llu";
177 char s[22]; /* Digits in decimal representation of 2^64-1, plus '.' and NUL. */
178 int n;
179
180 if (first)
181 fmt = "%llu";
182 n = snprintf(s, sizeof(s), fmt, (unsigned long long)arc);
183 if (n < 0 || (size_t)n >= sizeof(s))
184 return 0;
185 if (!CBB_add_bytes(cbb, s, n))
186 return 0;
187
188 return 1;
189}
190
191static int
192oid_parse_arc_txt(CBS *cbs, uint64_t *out_arc, char *separator, int first)
193{
194 uint64_t arc = 0;
195 int digits = 0;
196 uint8_t val;
197
198 if (!first) {
199 if (!CBS_get_u8(cbs, &val))
200 return 0;
201 if ((*separator == 0 && val != '.' && val != ' ') ||
202 (*separator != 0 && val != *separator)) {
203 ASN1error(ASN1_R_INVALID_SEPARATOR);
204 return 0;
205 }
206 *separator = val;
207 }
208
209 while (CBS_len(cbs) > 0) {
210 if (!CBS_peek_u8(cbs, &val))
211 return 0;
212 if (val == '.' || val == ' ')
213 break;
214
215 if (!CBS_get_u8(cbs, &val))
216 return 0;
217 if (val < '0' || val > '9') {
218 /* For the first arc we treat this as the separator. */
219 if (first) {
220 ASN1error(ASN1_R_INVALID_SEPARATOR);
221 return 0;
222 }
223 ASN1error(ASN1_R_INVALID_DIGIT);
224 return 0;
225 }
226 val -= '0';
227
228 if (digits > 0 && arc == 0 && val == 0) {
229 ASN1error(ASN1_R_INVALID_NUMBER);
230 return 0;
231 }
232 digits++;
233
234 if (arc > UINT64_MAX / 10) {
235 ASN1error(ASN1_R_TOO_LONG);
236 return 0;
237 }
238 arc = arc * 10 + val;
239 }
240
241 if (digits < 1) {
242 ASN1error(ASN1_R_INVALID_NUMBER);
243 return 0;
244 }
245
246 *out_arc = arc;
247
248 return 1;
249}
250
251static int
252a2c_ASN1_OBJECT_internal(CBB *cbb, CBS *cbs)
253{
254 uint64_t arc, si1, si2;
255 char separator = 0;
256
257 if (!oid_parse_arc_txt(cbs, &si1, &separator, 1))
258 return 0;
259
260 if (CBS_len(cbs) == 0) {
261 ASN1error(ASN1_R_MISSING_SECOND_NUMBER);
262 return 0;
263 }
264
265 if (!oid_parse_arc_txt(cbs, &si2, &separator, 0))
266 return 0;
267
268 /*
269 * X.690 section 8.19 - the first two subidentifiers are encoded as
270 * (x * 40) + y, with x being limited to [0,1,2]. The second
271 * subidentifier cannot exceed 39 for x < 2.
272 */
273 if (si1 > 2) {
274 ASN1error(ASN1_R_FIRST_NUM_TOO_LARGE);
275 return 0;
276 }
277 if ((si1 < 2 && si2 >= 40) || si2 > UINT64_MAX - si1 * 40) {
278 ASN1error(ASN1_R_SECOND_NUMBER_TOO_LARGE);
279 return 0;
280 }
281 arc = si1 * 40 + si2;
282
283 if (!oid_add_arc(cbb, arc))
284 return 0;
285
286 while (CBS_len(cbs) > 0) {
287 if (!oid_parse_arc_txt(cbs, &arc, &separator, 0))
288 return 0;
289 if (!oid_add_arc(cbb, arc))
290 return 0;
291 }
292
293 return 1;
294}
295
296static int
297c2a_ASN1_OBJECT(CBS *cbs, CBB *cbb)
298{
299 uint64_t arc, si1, si2;
300
301 /*
302 * X.690 section 8.19 - the first two subidentifiers are encoded as
303 * (x * 40) + y, with x being limited to [0,1,2].
304 */
305 if (!oid_parse_arc(cbs, &arc))
306 return 0;
307 if ((si1 = arc / 40) > 2)
308 si1 = 2;
309 si2 = arc - si1 * 40;
310
311 if (!oid_add_arc_txt(cbb, si1, 1))
312 return 0;
313 if (!oid_add_arc_txt(cbb, si2, 0))
314 return 0;
315
316 while (CBS_len(cbs) > 0) {
317 if (!oid_parse_arc(cbs, &arc))
318 return 0;
319 if (!oid_add_arc_txt(cbb, arc, 0))
320 return 0;
321 }
322
323 /* NUL terminate. */
324 if (!CBB_add_u8(cbb, 0))
325 return 0;
326
327 return 1;
328}
329
330int
331a2d_ASN1_OBJECT(unsigned char *out, int out_len, const char *in, int in_len)
332{
333 uint8_t *data = NULL;
334 size_t data_len;
335 CBS cbs;
336 CBB cbb;
337 int ret = 0;
338
339 memset(&cbb, 0, sizeof(cbb));
340
341 if (in_len == -1)
342 in_len = strlen(in);
343 if (in_len <= 0)
344 goto err;
345
346 CBS_init(&cbs, in, in_len);
347
348 if (!CBB_init(&cbb, 0))
349 goto err;
350 if (!a2c_ASN1_OBJECT_internal(&cbb, &cbs))
351 goto err;
352 if (!CBB_finish(&cbb, &data, &data_len))
353 goto err;
354
355 if (data_len > INT_MAX)
356 goto err;
357
358 if (out != NULL) {
359 if (out_len <= 0 || (size_t)out_len < data_len) {
360 ASN1error(ASN1_R_BUFFER_TOO_SMALL);
361 goto err;
362 }
363 memcpy(out, data, data_len);
364 }
365
366 ret = (int)data_len;
367
368 err:
369 CBB_cleanup(&cbb);
370 free(data);
371
372 return ret;
373}
374LCRYPTO_ALIAS(a2d_ASN1_OBJECT);
375
376static int
377i2t_ASN1_OBJECT_oid(const ASN1_OBJECT *aobj, CBB *cbb)
378{
379 CBS cbs;
380
381 CBS_init(&cbs, aobj->data, aobj->length);
382
383 return c2a_ASN1_OBJECT(&cbs, cbb);
384}
385
386static int
387i2t_ASN1_OBJECT_name(const ASN1_OBJECT *aobj, CBB *cbb, const char **out_name)
388{
389 const char *name;
390 int nid;
391
392 *out_name = NULL;
393
394 if ((nid = OBJ_obj2nid(aobj)) == NID_undef)
395 return 0;
396
397 if ((name = OBJ_nid2ln(nid)) == NULL)
398 name = OBJ_nid2sn(nid);
399 if (name == NULL)
400 return 0;
401
402 *out_name = name;
403
404 if (!CBB_add_bytes(cbb, name, strlen(name)))
405 return 0;
406
407 /* NUL terminate. */
408 if (!CBB_add_u8(cbb, 0))
409 return 0;
410
411 return 1;
412}
413
414static int
415i2t_ASN1_OBJECT_cbb(const ASN1_OBJECT *aobj, CBB *cbb, int no_name)
416{
417 const char *name;
418
419 if (!no_name) {
420 if (i2t_ASN1_OBJECT_name(aobj, cbb, &name))
421 return 1;
422 if (name != NULL)
423 return 0;
424 }
425 return i2t_ASN1_OBJECT_oid(aobj, cbb);
426}
427
428int
429i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len, int no_name)
430{
431 uint8_t *data = NULL;
432 size_t data_len;
433 CBB cbb;
434 int ret = 0;
435
436 if (buf_len < 0)
437 return 0;
438 if (buf_len > 0)
439 buf[0] = '\0';
440
441 if (aobj == NULL || aobj->data == NULL)
442 return 0;
443
444 if (!CBB_init(&cbb, 0))
445 goto err;
446 if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, no_name))
447 goto err;
448 if (!CBB_finish(&cbb, &data, &data_len))
449 goto err;
450
451 ret = strlcpy(buf, data, buf_len);
452 err:
453 CBB_cleanup(&cbb);
454 free(data);
455
456 return ret;
457}
458
459int
460i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *aobj)
461{
462 return i2t_ASN1_OBJECT_internal(aobj, buf, buf_len, 0);
463}
464LCRYPTO_ALIAS(i2t_ASN1_OBJECT);
465
466ASN1_OBJECT *
467t2i_ASN1_OBJECT_internal(const char *oid)
468{
469 ASN1_OBJECT *aobj = NULL;
470 uint8_t *data = NULL;
471 size_t data_len;
472 CBB cbb;
473 CBS cbs;
474
475 memset(&cbb, 0, sizeof(cbb));
476
477 CBS_init(&cbs, oid, strlen(oid));
478
479 if (!CBB_init(&cbb, 0))
480 goto err;
481 if (!a2c_ASN1_OBJECT_internal(&cbb, &cbs))
482 goto err;
483 if (!CBB_finish(&cbb, &data, &data_len))
484 goto err;
485
486 if (data_len > INT_MAX)
487 goto err;
488
489 if ((aobj = ASN1_OBJECT_new()) == NULL)
490 goto err;
491
492 aobj->data = data;
493 aobj->length = (int)data_len;
494 aobj->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
495 data = NULL;
496
497 err:
498 CBB_cleanup(&cbb);
499 free(data);
500
501 return aobj;
502}
503
504int
505i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *aobj)
506{
507 uint8_t *data = NULL;
508 size_t data_len;
509 CBB cbb;
510 int ret = -1;
511
512 if (aobj == NULL || aobj->data == NULL)
513 return BIO_write(bp, "NULL", 4);
514
515 if (!CBB_init(&cbb, 0))
516 goto err;
517 if (!i2t_ASN1_OBJECT_cbb(aobj, &cbb, 0)) {
518 ret = BIO_write(bp, "<INVALID>", 9);
519 goto err;
520 }
521 if (!CBB_finish(&cbb, &data, &data_len))
522 goto err;
523
524 ret = BIO_write(bp, data, strlen(data));
525
526 err:
527 CBB_cleanup(&cbb);
528 free(data);
529
530 return ret;
531}
532LCRYPTO_ALIAS(i2a_ASN1_OBJECT);
533
534int
535c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content)
536{
537 ASN1_OBJECT *aobj = NULL;
538 uint8_t *data = NULL;
539 size_t data_len;
540 CBS cbs;
541
542 if (out_aobj == NULL)
543 goto err;
544
545 if (*out_aobj != NULL) {
546 ASN1_OBJECT_free(*out_aobj);
547 *out_aobj = NULL;
548 }
549
550 /* Parse and validate OID encoding per X.690 8.19.2. */
551 CBS_dup(content, &cbs);
552 if (CBS_len(&cbs) == 0) {
553 ASN1error(ASN1_R_INVALID_OBJECT_ENCODING);
554 goto err;
555 }
556 while (CBS_len(&cbs) > 0) {
557 if (!oid_parse_arc(&cbs, NULL)) {
558 ASN1error(ASN1_R_INVALID_OBJECT_ENCODING);
559 goto err;
560 }
561 }
562
563 if (!CBS_stow(content, &data, &data_len))
564 goto err;
565
566 if (data_len > INT_MAX)
567 goto err;
568
569 if ((aobj = ASN1_OBJECT_new()) == NULL)
570 goto err;
571
572 aobj->data = data;
573 aobj->length = (int)data_len; /* XXX - change length to size_t. */
574 aobj->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
575
576 *out_aobj = aobj;
577
578 return 1;
579
580 err:
581 ASN1_OBJECT_free(aobj);
582 free(data);
583
584 return 0;
585}
586
587ASN1_OBJECT *
588c2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long len)
589{
590 ASN1_OBJECT *aobj = NULL;
591 CBS content;
592
593 if (out_aobj != NULL) {
594 ASN1_OBJECT_free(*out_aobj);
595 *out_aobj = NULL;
596 }
597
598 if (len < 0) {
599 ASN1error(ASN1_R_LENGTH_ERROR);
600 return NULL;
601 }
602
603 CBS_init(&content, *pp, len);
604
605 if (!c2i_ASN1_OBJECT_cbs(&aobj, &content))
606 return NULL;
607
608 *pp = CBS_data(&content);
609
610 if (out_aobj != NULL)
611 *out_aobj = aobj;
612
613 return aobj;
614}
615
616int
617i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
618{
619 unsigned char *buf, *p;
620 int objsize;
621
622 if (a == NULL || a->data == NULL)
623 return -1;
624
625 objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
626
627 if (pp == NULL)
628 return objsize;
629
630 if ((buf = *pp) == NULL)
631 buf = calloc(1, objsize);
632 if (buf == NULL)
633 return -1;
634
635 p = buf;
636 ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
637 memcpy(p, a->data, a->length);
638 p += a->length;
639
640 /* If buf was allocated, return it, otherwise return the advanced p. */
641 if (*pp == NULL)
642 p = buf;
643
644 *pp = p;
645
646 return objsize;
647}
648LCRYPTO_ALIAS(i2d_ASN1_OBJECT);
649
650ASN1_OBJECT *
651d2i_ASN1_OBJECT(ASN1_OBJECT **out_aobj, const unsigned char **pp, long length)
652{
653 ASN1_OBJECT *aobj = NULL;
654 uint32_t tag_number;
655 CBS cbs, content;
656
657 if (out_aobj != NULL) {
658 ASN1_OBJECT_free(*out_aobj);
659 *out_aobj = NULL;
660 }
661
662 if (length < 0) {
663 ASN1error(ASN1_R_LENGTH_ERROR);
664 return NULL;
665 }
666
667 CBS_init(&cbs, *pp, length);
668
669 if (!asn1_get_primitive(&cbs, 0, &tag_number, &content)) {
670 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
671 return NULL;
672 }
673 if (tag_number != V_ASN1_OBJECT) {
674 ASN1error(ASN1_R_EXPECTING_AN_OBJECT);
675 return NULL;
676 }
677
678 if (!c2i_ASN1_OBJECT_cbs(&aobj, &content))
679 return NULL;
680
681 *pp = CBS_data(&cbs);
682
683 if (out_aobj != NULL)
684 *out_aobj = aobj;
685
686 return aobj;
687}
688LCRYPTO_ALIAS(d2i_ASN1_OBJECT);
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c
deleted file mode 100644
index e82de62c5f..0000000000
--- a/src/lib/libcrypto/asn1/a_octet.c
+++ /dev/null
@@ -1,120 +0,0 @@
1/* $OpenBSD: a_octet.c,v 1.13 2024/07/08 14:52:31 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63
64const ASN1_ITEM ASN1_OCTET_STRING_it = {
65 .itype = ASN1_ITYPE_PRIMITIVE,
66 .utype = V_ASN1_OCTET_STRING,
67 .sname = "ASN1_OCTET_STRING",
68};
69LCRYPTO_ALIAS(ASN1_OCTET_STRING_it);
70
71ASN1_OCTET_STRING *
72ASN1_OCTET_STRING_new(void)
73{
74 return (ASN1_OCTET_STRING *)ASN1_item_new(&ASN1_OCTET_STRING_it);
75}
76LCRYPTO_ALIAS(ASN1_OCTET_STRING_new);
77
78void
79ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a)
80{
81 ASN1_item_free((ASN1_VALUE *)a, &ASN1_OCTET_STRING_it);
82}
83LCRYPTO_ALIAS(ASN1_OCTET_STRING_free);
84
85
86ASN1_OCTET_STRING *
87ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *x)
88{
89 return ASN1_STRING_dup(x);
90}
91LCRYPTO_ALIAS(ASN1_OCTET_STRING_dup);
92
93int
94ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, const ASN1_OCTET_STRING *b)
95{
96 return ASN1_STRING_cmp(a, b);
97}
98LCRYPTO_ALIAS(ASN1_OCTET_STRING_cmp);
99
100int
101ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, const unsigned char *d, int len)
102{
103 return ASN1_STRING_set(x, d, len);
104}
105LCRYPTO_ALIAS(ASN1_OCTET_STRING_set);
106
107int
108i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out)
109{
110 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_OCTET_STRING_it);
111}
112LCRYPTO_ALIAS(i2d_ASN1_OCTET_STRING);
113
114ASN1_OCTET_STRING *
115d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len)
116{
117 return (ASN1_OCTET_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
118 &ASN1_OCTET_STRING_it);
119}
120LCRYPTO_ALIAS(d2i_ASN1_OCTET_STRING);
diff --git a/src/lib/libcrypto/asn1/a_pkey.c b/src/lib/libcrypto/asn1/a_pkey.c
deleted file mode 100644
index a730728076..0000000000
--- a/src/lib/libcrypto/asn1/a_pkey.c
+++ /dev/null
@@ -1,181 +0,0 @@
1/* $OpenBSD: a_pkey.c,v 1.8 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1.h>
64#include <openssl/bn.h>
65#include <openssl/err.h>
66#include <openssl/evp.h>
67#include <openssl/objects.h>
68#include <openssl/x509.h>
69
70#include "asn1_local.h"
71#include "evp_local.h"
72
73EVP_PKEY *
74d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
75{
76 const unsigned char *p = *pp;
77 EVP_PKEY *ret;
78
79 if ((a == NULL) || (*a == NULL)) {
80 if ((ret = EVP_PKEY_new()) == NULL) {
81 ASN1error(ERR_R_EVP_LIB);
82 return (NULL);
83 }
84 } else {
85 ret = *a;
86 }
87
88 if (!EVP_PKEY_set_type(ret, type)) {
89 ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
90 goto err;
91 }
92
93 if (!ret->ameth->old_priv_decode ||
94 !ret->ameth->old_priv_decode(ret, pp, length)) {
95 if (ret->ameth->priv_decode) {
96 PKCS8_PRIV_KEY_INFO *p8 = NULL;
97 *pp = p; /* XXX */
98 p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, pp, length);
99 if (!p8)
100 goto err;
101 EVP_PKEY_free(ret);
102 ret = EVP_PKCS82PKEY(p8);
103 PKCS8_PRIV_KEY_INFO_free(p8);
104 } else {
105 ASN1error(ERR_R_ASN1_LIB);
106 goto err;
107 }
108 }
109 if (a != NULL)
110 (*a) = ret;
111 return (ret);
112
113 err:
114 if (a == NULL || *a != ret)
115 EVP_PKEY_free(ret);
116 return (NULL);
117}
118LCRYPTO_ALIAS(d2i_PrivateKey);
119
120int
121i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp)
122{
123 if (a->ameth && a->ameth->old_priv_encode) {
124 return a->ameth->old_priv_encode(a, pp);
125 }
126 if (a->ameth && a->ameth->priv_encode) {
127 PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a);
128 int ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp);
129 PKCS8_PRIV_KEY_INFO_free(p8);
130 return ret;
131 }
132 ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
133 return (-1);
134}
135LCRYPTO_ALIAS(i2d_PrivateKey);
136
137/* This works like d2i_PrivateKey() except it automatically works out the type */
138
139EVP_PKEY *
140d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, long length)
141{
142 STACK_OF(ASN1_TYPE) *inkey;
143 const unsigned char *p;
144 int keytype;
145
146 p = *pp;
147 /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE):
148 * by analyzing it we can determine the passed structure: this
149 * assumes the input is surrounded by an ASN1 SEQUENCE.
150 */
151 inkey = d2i_ASN1_SEQUENCE_ANY(NULL, &p, length);
152 /* Since we only need to discern "traditional format" RSA and DSA
153 * keys we can just count the elements.
154 */
155 if (sk_ASN1_TYPE_num(inkey) == 6)
156 keytype = EVP_PKEY_DSA;
157 else if (sk_ASN1_TYPE_num(inkey) == 4)
158 keytype = EVP_PKEY_EC;
159 else if (sk_ASN1_TYPE_num(inkey) == 3) {
160 /* This seems to be PKCS8, not traditional format */
161 PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(
162 NULL, pp, length);
163 EVP_PKEY *ret;
164
165 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
166 if (!p8) {
167 ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
168 return NULL;
169 }
170 ret = EVP_PKCS82PKEY(p8);
171 PKCS8_PRIV_KEY_INFO_free(p8);
172 if (a) {
173 *a = ret;
174 }
175 return ret;
176 } else
177 keytype = EVP_PKEY_RSA;
178 sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free);
179 return d2i_PrivateKey(keytype, a, pp, length);
180}
181LCRYPTO_ALIAS(d2i_AutoPrivateKey);
diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c
deleted file mode 100644
index 5c03087f15..0000000000
--- a/src/lib/libcrypto/asn1/a_print.c
+++ /dev/null
@@ -1,127 +0,0 @@
1/* $OpenBSD: a_print.c,v 1.13 2023/07/05 21:23:36 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62
63int
64ASN1_PRINTABLE_type(const unsigned char *s, int len)
65{
66 int c;
67 int ia5 = 0;
68 int t61 = 0;
69
70 if (len <= 0)
71 len = -1;
72 if (s == NULL)
73 return (V_ASN1_PRINTABLESTRING);
74
75 while (len-- > 0 && *s != '\0') {
76 c= *(s++);
77 if (!(((c >= 'a') && (c <= 'z')) ||
78 ((c >= 'A') && (c <= 'Z')) ||
79 (c == ' ') ||
80 ((c >= '0') && (c <= '9')) ||
81 (c == ' ') || (c == '\'') ||
82 (c == '(') || (c == ')') ||
83 (c == '+') || (c == ',') ||
84 (c == '-') || (c == '.') ||
85 (c == '/') || (c == ':') ||
86 (c == '=') || (c == '?')))
87 ia5 = 1;
88 if (c & 0x80)
89 t61 = 1;
90 }
91 if (t61)
92 return (V_ASN1_T61STRING);
93 if (ia5)
94 return (V_ASN1_IA5STRING);
95 return (V_ASN1_PRINTABLESTRING);
96}
97LCRYPTO_ALIAS(ASN1_PRINTABLE_type);
98
99int
100ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s)
101{
102 int i;
103 unsigned char *p;
104
105 if (s->type != V_ASN1_UNIVERSALSTRING)
106 return (0);
107 if ((s->length % 4) != 0)
108 return (0);
109 p = s->data;
110 for (i = 0; i < s->length; i += 4) {
111 if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
112 break;
113 else
114 p += 4;
115 }
116 if (i < s->length)
117 return (0);
118 p = s->data;
119 for (i = 3; i < s->length; i += 4) {
120 *(p++) = s->data[i];
121 }
122 *(p) = '\0';
123 s->length /= 4;
124 s->type = ASN1_PRINTABLE_type(s->data, s->length);
125 return (1);
126}
127LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_to_string);
diff --git a/src/lib/libcrypto/asn1/a_pubkey.c b/src/lib/libcrypto/asn1/a_pubkey.c
deleted file mode 100644
index 544f3d2cf0..0000000000
--- a/src/lib/libcrypto/asn1/a_pubkey.c
+++ /dev/null
@@ -1,162 +0,0 @@
1/* $OpenBSD: a_pubkey.c,v 1.7 2024/04/09 13:52:41 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1.h>
64#include <openssl/bn.h>
65#include <openssl/err.h>
66#include <openssl/evp.h>
67#include <openssl/objects.h>
68
69#ifndef OPENSSL_NO_DSA
70#include <openssl/dsa.h>
71#endif
72#ifndef OPENSSL_NO_EC
73#include <openssl/ec.h>
74#endif
75#ifndef OPENSSL_NO_RSA
76#include <openssl/rsa.h>
77#endif
78
79#include "evp_local.h"
80
81EVP_PKEY *
82d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length)
83{
84 EVP_PKEY *ret;
85
86 if ((a == NULL) || (*a == NULL)) {
87 if ((ret = EVP_PKEY_new()) == NULL) {
88 ASN1error(ERR_R_EVP_LIB);
89 return (NULL);
90 }
91 } else
92 ret = *a;
93
94 if (!EVP_PKEY_set_type(ret, type)) {
95 ASN1error(ERR_R_EVP_LIB);
96 goto err;
97 }
98
99 switch (EVP_PKEY_id(ret)) {
100#ifndef OPENSSL_NO_RSA
101 case EVP_PKEY_RSA:
102 if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) ==
103 NULL) {
104 ASN1error(ERR_R_ASN1_LIB);
105 goto err;
106 }
107 break;
108#endif
109#ifndef OPENSSL_NO_DSA
110 case EVP_PKEY_DSA:
111 if (!d2i_DSAPublicKey(&(ret->pkey.dsa), pp, length)) {
112 ASN1error(ERR_R_ASN1_LIB);
113 goto err;
114 }
115 break;
116#endif
117#ifndef OPENSSL_NO_EC
118 case EVP_PKEY_EC:
119 if (!o2i_ECPublicKey(&(ret->pkey.ec), pp, length)) {
120 ASN1error(ERR_R_ASN1_LIB);
121 goto err;
122 }
123 break;
124#endif
125 default:
126 ASN1error(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE);
127 goto err;
128 /* break; */
129 }
130 if (a != NULL)
131 (*a) = ret;
132 return (ret);
133
134 err:
135 if (a == NULL || *a != ret)
136 EVP_PKEY_free(ret);
137 return (NULL);
138}
139LCRYPTO_ALIAS(d2i_PublicKey);
140
141int
142i2d_PublicKey(EVP_PKEY *a, unsigned char **pp)
143{
144 switch (a->type) {
145#ifndef OPENSSL_NO_RSA
146 case EVP_PKEY_RSA:
147 return (i2d_RSAPublicKey(a->pkey.rsa, pp));
148#endif
149#ifndef OPENSSL_NO_DSA
150 case EVP_PKEY_DSA:
151 return (i2d_DSAPublicKey(a->pkey.dsa, pp));
152#endif
153#ifndef OPENSSL_NO_EC
154 case EVP_PKEY_EC:
155 return (i2o_ECPublicKey(a->pkey.ec, pp));
156#endif
157 default:
158 ASN1error(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE);
159 return (-1);
160 }
161}
162LCRYPTO_ALIAS(i2d_PublicKey);
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c
deleted file mode 100644
index 52e1b7db5d..0000000000
--- a/src/lib/libcrypto/asn1/a_strex.c
+++ /dev/null
@@ -1,658 +0,0 @@
1/* $OpenBSD: a_strex.c,v 1.38 2025/03/19 11:18:38 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdint.h>
60#include <stdio.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/asn1.h>
65#include <openssl/bio.h>
66#include <openssl/objects.h>
67#include <openssl/x509.h>
68
69#include "asn1_local.h"
70#include "bytestring.h"
71#include "x509_local.h"
72
73#include "charmap.h"
74
75/* ASN1_STRING_print_ex() and X509_NAME_print_ex().
76 * Enhanced string and name printing routines handling
77 * multibyte characters, RFC2253 and a host of other
78 * options.
79 */
80
81#define CHARTYPE_BS_ESC (ASN1_STRFLGS_ESC_2253 | CHARTYPE_FIRST_ESC_2253 | CHARTYPE_LAST_ESC_2253)
82
83#define ESC_FLAGS (ASN1_STRFLGS_ESC_2253 | \
84 ASN1_STRFLGS_ESC_QUOTE | \
85 ASN1_STRFLGS_ESC_CTRL | \
86 ASN1_STRFLGS_ESC_MSB)
87
88
89/* Three IO functions for sending data to memory, a BIO and
90 * and a FILE pointer.
91 */
92static int
93send_bio_chars(void *arg, const void *buf, int len)
94{
95 if (!arg)
96 return 1;
97 if (BIO_write(arg, buf, len) != len)
98 return 0;
99 return 1;
100}
101
102static int
103send_fp_chars(void *arg, const void *buf, int len)
104{
105 if (!arg)
106 return 1;
107 if (fwrite(buf, 1, (size_t)len, arg) != (size_t)len)
108 return 0;
109 return 1;
110}
111
112typedef int char_io(void *arg, const void *buf, int len);
113
114/* This function handles display of
115 * strings, one character at a time.
116 * It is passed an unsigned long for each
117 * character because it could come from 2 or even
118 * 4 byte forms.
119 */
120
121static int
122do_esc_char(unsigned long c, unsigned char flags, char *do_quotes,
123 char_io *io_ch, void *arg)
124{
125 unsigned char chflgs, chtmp;
126 char tmphex[sizeof(long) * 2 + 3];
127
128 if (c > 0xffffffffL)
129 return -1;
130 if (c > 0xffff) {
131 snprintf(tmphex, sizeof tmphex, "\\W%08lX", c);
132 if (!io_ch(arg, tmphex, 10))
133 return -1;
134 return 10;
135 }
136 if (c > 0xff) {
137 snprintf(tmphex, sizeof tmphex, "\\U%04lX", c);
138 if (!io_ch(arg, tmphex, 6))
139 return -1;
140 return 6;
141 }
142 chtmp = (unsigned char)c;
143 if (chtmp > 0x7f)
144 chflgs = flags & ASN1_STRFLGS_ESC_MSB;
145 else
146 chflgs = char_type[chtmp] & flags;
147 if (chflgs & CHARTYPE_BS_ESC) {
148 /* If we don't escape with quotes, signal we need quotes */
149 if (chflgs & ASN1_STRFLGS_ESC_QUOTE) {
150 if (do_quotes)
151 *do_quotes = 1;
152 if (!io_ch(arg, &chtmp, 1))
153 return -1;
154 return 1;
155 }
156 if (!io_ch(arg, "\\", 1))
157 return -1;
158 if (!io_ch(arg, &chtmp, 1))
159 return -1;
160 return 2;
161 }
162 if (chflgs & (ASN1_STRFLGS_ESC_CTRL|ASN1_STRFLGS_ESC_MSB)) {
163 snprintf(tmphex, sizeof tmphex, "\\%02X", chtmp);
164 if (!io_ch(arg, tmphex, 3))
165 return -1;
166 return 3;
167 }
168 /* If we get this far and do any escaping at all must escape
169 * the escape character itself: backslash.
170 */
171 if (chtmp == '\\' && flags & ESC_FLAGS) {
172 if (!io_ch(arg, "\\\\", 2))
173 return -1;
174 return 2;
175 }
176 if (!io_ch(arg, &chtmp, 1))
177 return -1;
178 return 1;
179}
180
181#define BUF_TYPE_WIDTH_MASK 0x7
182#define BUF_TYPE_CONVUTF8 0x8
183
184/* This function sends each character in a buffer to
185 * do_esc_char(). It interprets the content formats
186 * and converts to or from UTF8 as appropriate.
187 */
188
189static int
190do_buf(unsigned char *buf, int buflen, int type, unsigned char flags,
191 char *quotes, char_io *io_ch, void *arg)
192{
193 int i, outlen, len;
194 unsigned char orflags, *p, *q;
195 unsigned long c;
196
197 p = buf;
198 q = buf + buflen;
199 outlen = 0;
200 while (p != q) {
201 if (p == buf && flags & ASN1_STRFLGS_ESC_2253)
202 orflags = CHARTYPE_FIRST_ESC_2253;
203 else
204 orflags = 0;
205 switch (type & BUF_TYPE_WIDTH_MASK) {
206 case 4:
207 c = ((unsigned long)*p++) << 24;
208 c |= ((unsigned long)*p++) << 16;
209 c |= ((unsigned long)*p++) << 8;
210 c |= *p++;
211 if (c > UNICODE_MAX || UNICODE_IS_SURROGATE(c))
212 return -1;
213 break;
214
215 case 2:
216 c = ((unsigned long)*p++) << 8;
217 c |= *p++;
218 if (UNICODE_IS_SURROGATE(c))
219 return -1;
220 break;
221
222 case 1:
223 c = *p++;
224 break;
225
226 case 0:
227 i = UTF8_getc(p, q - p, &c);
228 if (i < 0)
229 return -1; /* Invalid UTF8String */
230 p += i;
231 break;
232 default:
233 return -1; /* invalid width */
234 }
235 if (p == q && flags & ASN1_STRFLGS_ESC_2253)
236 orflags = CHARTYPE_LAST_ESC_2253;
237 if (type & BUF_TYPE_CONVUTF8) {
238 unsigned char utfbuf[6];
239 int utflen;
240
241 utflen = UTF8_putc(utfbuf, sizeof utfbuf, c);
242 if (utflen < 0)
243 return -1;
244 for (i = 0; i < utflen; i++) {
245 /* We don't need to worry about setting orflags correctly
246 * because if utflen==1 its value will be correct anyway
247 * otherwise each character will be > 0x7f and so the
248 * character will never be escaped on first and last.
249 */
250 len = do_esc_char(utfbuf[i],
251 (unsigned char)(flags | orflags), quotes,
252 io_ch, arg);
253 if (len < 0)
254 return -1;
255 outlen += len;
256 }
257 } else {
258 len = do_esc_char(c, (unsigned char)(flags | orflags),
259 quotes, io_ch, arg);
260 if (len < 0)
261 return -1;
262 outlen += len;
263 }
264 }
265 return outlen;
266}
267
268/* This function hex dumps a buffer of characters */
269
270static int
271do_hex_dump(char_io *io_ch, void *arg, unsigned char *buf, int buflen)
272{
273 static const char hexdig[] = "0123456789ABCDEF";
274 unsigned char *p, *q;
275 char hextmp[2];
276 if (arg) {
277 p = buf;
278 q = buf + buflen;
279 while (p != q) {
280 hextmp[0] = hexdig[*p >> 4];
281 hextmp[1] = hexdig[*p & 0xf];
282 if (!io_ch(arg, hextmp, 2))
283 return -1;
284 p++;
285 }
286 }
287 return buflen << 1;
288}
289
290/* "dump" a string. This is done when the type is unknown,
291 * or the flags request it. We can either dump the content
292 * octets or the entire DER encoding. This uses the RFC2253
293 * #01234 format.
294 */
295
296static int
297do_dump(unsigned long lflags, char_io *io_ch, void *arg, const ASN1_STRING *str)
298{
299 /* Placing the ASN1_STRING in a temp ASN1_TYPE allows
300 * the DER encoding to readily obtained
301 */
302 ASN1_TYPE t;
303 unsigned char *der_buf, *p;
304 int outlen, der_len;
305
306 if (!io_ch(arg, "#", 1))
307 return -1;
308 /* If we don't dump DER encoding just dump content octets */
309 if (!(lflags & ASN1_STRFLGS_DUMP_DER)) {
310 outlen = do_hex_dump(io_ch, arg, str->data, str->length);
311 if (outlen < 0)
312 return -1;
313 return outlen + 1;
314 }
315 t.type = str->type;
316 t.value.ptr = (char *)str;
317 der_len = i2d_ASN1_TYPE(&t, NULL);
318 der_buf = malloc(der_len);
319 if (!der_buf)
320 return -1;
321 p = der_buf;
322 i2d_ASN1_TYPE(&t, &p);
323 outlen = do_hex_dump(io_ch, arg, der_buf, der_len);
324 free(der_buf);
325 if (outlen < 0)
326 return -1;
327 return outlen + 1;
328}
329
330/* This is the main function, print out an
331 * ASN1_STRING taking note of various escape
332 * and display options. Returns number of
333 * characters written or -1 if an error
334 * occurred.
335 */
336
337static int
338do_print_ex(char_io *io_ch, void *arg, unsigned long lflags,
339 const ASN1_STRING *str)
340{
341 int outlen, len;
342 int type;
343 char quotes;
344 unsigned char flags;
345
346 quotes = 0;
347 /* Keep a copy of escape flags */
348 flags = (unsigned char)(lflags & ESC_FLAGS);
349 type = str->type;
350 outlen = 0;
351
352 if (lflags & ASN1_STRFLGS_SHOW_TYPE) {
353 const char *tagname;
354 tagname = ASN1_tag2str(type);
355 outlen += strlen(tagname);
356 if (!io_ch(arg, tagname, outlen) || !io_ch(arg, ":", 1))
357 return -1;
358 outlen++;
359 }
360
361 /* Decide what to do with type, either dump content or display it */
362
363 if (lflags & ASN1_STRFLGS_DUMP_ALL) {
364 /* Dump everything. */
365 type = -1;
366 } else if (lflags & ASN1_STRFLGS_IGNORE_TYPE) {
367 /* Ignore the string type. */
368 type = 1;
369 } else {
370 /* Else determine width based on type. */
371 type = asn1_tag2charwidth(type);
372 if (type == -1 && !(lflags & ASN1_STRFLGS_DUMP_UNKNOWN))
373 type = 1;
374 }
375
376 if (type == -1) {
377 len = do_dump(lflags, io_ch, arg, str);
378 if (len < 0)
379 return -1;
380 outlen += len;
381 return outlen;
382 }
383
384 if (lflags & ASN1_STRFLGS_UTF8_CONVERT) {
385 /* Note: if string is UTF8 and we want
386 * to convert to UTF8 then we just interpret
387 * it as 1 byte per character to avoid converting
388 * twice.
389 */
390 if (!type)
391 type = 1;
392 else
393 type |= BUF_TYPE_CONVUTF8;
394 }
395
396 len = do_buf(str->data, str->length, type, flags, &quotes, io_ch, NULL);
397 if (len < 0)
398 return -1;
399 outlen += len;
400 if (quotes)
401 outlen += 2;
402 if (!arg)
403 return outlen;
404 if (quotes && !io_ch(arg, "\"", 1))
405 return -1;
406 if (do_buf(str->data, str->length, type, flags, NULL, io_ch, arg) < 0)
407 return -1;
408 if (quotes && !io_ch(arg, "\"", 1))
409 return -1;
410 return outlen;
411}
412
413/* Used for line indenting: print 'indent' spaces */
414
415static int
416do_indent(char_io *io_ch, void *arg, int indent)
417{
418 int i;
419 for (i = 0; i < indent; i++)
420 if (!io_ch(arg, " ", 1))
421 return 0;
422 return 1;
423}
424
425#define FN_WIDTH_LN 25
426#define FN_WIDTH_SN 10
427
428static int
429do_name_ex(char_io *io_ch, void *arg, const X509_NAME *n, int indent,
430 unsigned long flags)
431{
432 int i, prev = -1, orflags, cnt;
433 int fn_opt, fn_nid;
434 ASN1_OBJECT *fn;
435 ASN1_STRING *val;
436 X509_NAME_ENTRY *ent;
437 char objtmp[80];
438 const char *objbuf;
439 int outlen, len;
440 char *sep_dn, *sep_mv, *sep_eq;
441 int sep_dn_len, sep_mv_len, sep_eq_len;
442
443 if (indent < 0)
444 indent = 0;
445 outlen = indent;
446 if (!do_indent(io_ch, arg, indent))
447 return -1;
448
449 switch (flags & XN_FLAG_SEP_MASK) {
450 case XN_FLAG_SEP_MULTILINE:
451 sep_dn = "\n";
452 sep_dn_len = 1;
453 sep_mv = " + ";
454 sep_mv_len = 3;
455 break;
456
457 case XN_FLAG_SEP_COMMA_PLUS:
458 sep_dn = ",";
459 sep_dn_len = 1;
460 sep_mv = "+";
461 sep_mv_len = 1;
462 indent = 0;
463 break;
464
465 case XN_FLAG_SEP_CPLUS_SPC:
466 sep_dn = ", ";
467 sep_dn_len = 2;
468 sep_mv = " + ";
469 sep_mv_len = 3;
470 indent = 0;
471 break;
472
473 case XN_FLAG_SEP_SPLUS_SPC:
474 sep_dn = "; ";
475 sep_dn_len = 2;
476 sep_mv = " + ";
477 sep_mv_len = 3;
478 indent = 0;
479 break;
480
481 default:
482 return -1;
483 }
484
485 if (flags & XN_FLAG_SPC_EQ) {
486 sep_eq = " = ";
487 sep_eq_len = 3;
488 } else {
489 sep_eq = "=";
490 sep_eq_len = 1;
491 }
492
493 fn_opt = flags & XN_FLAG_FN_MASK;
494
495 cnt = X509_NAME_entry_count(n);
496 for (i = 0; i < cnt; i++) {
497 if (flags & XN_FLAG_DN_REV)
498 ent = X509_NAME_get_entry(n, cnt - i - 1);
499 else
500 ent = X509_NAME_get_entry(n, i);
501 if (prev != -1) {
502 if (prev == X509_NAME_ENTRY_set(ent)) {
503 if (!io_ch(arg, sep_mv, sep_mv_len))
504 return -1;
505 outlen += sep_mv_len;
506 } else {
507 if (!io_ch(arg, sep_dn, sep_dn_len))
508 return -1;
509 outlen += sep_dn_len;
510 if (!do_indent(io_ch, arg, indent))
511 return -1;
512 outlen += indent;
513 }
514 }
515 prev = X509_NAME_ENTRY_set(ent);
516 fn = X509_NAME_ENTRY_get_object(ent);
517 val = X509_NAME_ENTRY_get_data(ent);
518 fn_nid = OBJ_obj2nid(fn);
519 if (fn_opt != XN_FLAG_FN_NONE) {
520 int objlen, fld_len;
521 if ((fn_opt == XN_FLAG_FN_OID) ||
522 (fn_nid == NID_undef)) {
523 OBJ_obj2txt(objtmp, sizeof objtmp, fn, 1);
524 fld_len = 0; /* XXX: what should this be? */
525 objbuf = objtmp;
526 } else {
527 if (fn_opt == XN_FLAG_FN_SN) {
528 fld_len = FN_WIDTH_SN;
529 objbuf = OBJ_nid2sn(fn_nid);
530 } else if (fn_opt == XN_FLAG_FN_LN) {
531 fld_len = FN_WIDTH_LN;
532 objbuf = OBJ_nid2ln(fn_nid);
533 } else {
534 fld_len = 0; /* XXX: what should this be? */
535 objbuf = "";
536 }
537 }
538 objlen = strlen(objbuf);
539 if (!io_ch(arg, objbuf, objlen))
540 return -1;
541 if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) {
542 if (!do_indent(io_ch, arg, fld_len - objlen))
543 return -1;
544 outlen += fld_len - objlen;
545 }
546 if (!io_ch(arg, sep_eq, sep_eq_len))
547 return -1;
548 outlen += objlen + sep_eq_len;
549 }
550 /* If the field name is unknown then fix up the DER dump
551 * flag. We might want to limit this further so it will
552 * DER dump on anything other than a few 'standard' fields.
553 */
554 if ((fn_nid == NID_undef) &&
555 (flags & XN_FLAG_DUMP_UNKNOWN_FIELDS))
556 orflags = ASN1_STRFLGS_DUMP_ALL;
557 else
558 orflags = 0;
559
560 len = do_print_ex(io_ch, arg, flags | orflags, val);
561 if (len < 0)
562 return -1;
563 outlen += len;
564 }
565 return outlen;
566}
567
568static int
569X509_NAME_print(BIO *bio, const X509_NAME *name, int obase)
570{
571 CBB cbb;
572 uint8_t *buf = NULL;
573 size_t buf_len;
574 const X509_NAME_ENTRY *ne;
575 int i;
576 int started = 0;
577 int ret = 0;
578
579 if (!CBB_init(&cbb, 0))
580 goto err;
581
582 for (i = 0; i < sk_X509_NAME_ENTRY_num(name->entries); i++) {
583 ne = sk_X509_NAME_ENTRY_value(name->entries, i);
584
585 if (started) {
586 if (!CBB_add_u8(&cbb, ','))
587 goto err;
588 if (!CBB_add_u8(&cbb, ' '))
589 goto err;
590 }
591
592 if (!X509_NAME_ENTRY_add_cbb(&cbb, ne))
593 goto err;
594
595 started = 1;
596 }
597
598 if (!CBB_add_u8(&cbb, '\0'))
599 goto err;
600
601 if (!CBB_finish(&cbb, &buf, &buf_len))
602 goto err;
603
604 if (BIO_printf(bio, "%s", buf) < 0)
605 goto err;
606
607 ret = 1;
608
609 err:
610 CBB_cleanup(&cbb);
611 free(buf);
612
613 return ret;
614}
615
616/* Wrappers round the main functions */
617
618int
619X509_NAME_print_ex(BIO *out, const X509_NAME *nm, int indent,
620 unsigned long flags)
621{
622 if (flags == XN_FLAG_COMPAT)
623 return X509_NAME_print(out, nm, indent);
624 return do_name_ex(send_bio_chars, out, nm, indent, flags);
625}
626LCRYPTO_ALIAS(X509_NAME_print_ex);
627
628int
629X509_NAME_print_ex_fp(FILE *fp, const X509_NAME *nm, int indent,
630 unsigned long flags)
631{
632 if (flags == XN_FLAG_COMPAT) {
633 BIO *btmp;
634 int ret;
635 btmp = BIO_new_fp(fp, BIO_NOCLOSE);
636 if (!btmp)
637 return -1;
638 ret = X509_NAME_print(btmp, nm, indent);
639 BIO_free(btmp);
640 return ret;
641 }
642 return do_name_ex(send_fp_chars, fp, nm, indent, flags);
643}
644LCRYPTO_ALIAS(X509_NAME_print_ex_fp);
645
646int
647ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags)
648{
649 return do_print_ex(send_bio_chars, out, flags, str);
650}
651LCRYPTO_ALIAS(ASN1_STRING_print_ex);
652
653int
654ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, unsigned long flags)
655{
656 return do_print_ex(send_fp_chars, fp, flags, str);
657}
658LCRYPTO_ALIAS(ASN1_STRING_print_ex_fp);
diff --git a/src/lib/libcrypto/asn1/a_string.c b/src/lib/libcrypto/asn1/a_string.c
deleted file mode 100644
index ec492e71f0..0000000000
--- a/src/lib/libcrypto/asn1/a_string.c
+++ /dev/null
@@ -1,450 +0,0 @@
1/* $OpenBSD: a_string.c,v 1.17 2023/08/15 18:05:15 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/err.h>
65
66#include "asn1_local.h"
67
68ASN1_STRING *
69ASN1_STRING_new(void)
70{
71 return ASN1_STRING_type_new(V_ASN1_OCTET_STRING);
72}
73LCRYPTO_ALIAS(ASN1_STRING_new);
74
75ASN1_STRING *
76ASN1_STRING_type_new(int type)
77{
78 ASN1_STRING *astr;
79
80 if ((astr = calloc(1, sizeof(ASN1_STRING))) == NULL) {
81 ASN1error(ERR_R_MALLOC_FAILURE);
82 return NULL;
83 }
84 astr->type = type;
85
86 return astr;
87}
88LCRYPTO_ALIAS(ASN1_STRING_type_new);
89
90static void
91ASN1_STRING_clear(ASN1_STRING *astr)
92{
93 if (!(astr->flags & ASN1_STRING_FLAG_NDEF))
94 freezero(astr->data, astr->length);
95
96 astr->flags &= ~ASN1_STRING_FLAG_NDEF;
97 astr->data = NULL;
98 astr->length = 0;
99}
100
101void
102ASN1_STRING_free(ASN1_STRING *astr)
103{
104 if (astr == NULL)
105 return;
106
107 ASN1_STRING_clear(astr);
108
109 free(astr);
110}
111LCRYPTO_ALIAS(ASN1_STRING_free);
112
113int
114ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b)
115{
116 int cmp;
117
118 if (a == NULL || b == NULL)
119 return -1;
120 if ((cmp = (a->length - b->length)) != 0)
121 return cmp;
122 if (a->length != 0) {
123 if ((cmp = memcmp(a->data, b->data, a->length)) != 0)
124 return cmp;
125 }
126
127 return a->type - b->type;
128}
129LCRYPTO_ALIAS(ASN1_STRING_cmp);
130
131int
132ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *src)
133{
134 if (src == NULL)
135 return 0;
136
137 if (!ASN1_STRING_set(dst, src->data, src->length))
138 return 0;
139
140 dst->type = src->type;
141 dst->flags = src->flags & ~ASN1_STRING_FLAG_NDEF;
142
143 return 1;
144}
145LCRYPTO_ALIAS(ASN1_STRING_copy);
146
147ASN1_STRING *
148ASN1_STRING_dup(const ASN1_STRING *src)
149{
150 ASN1_STRING *astr;
151
152 if (src == NULL)
153 return NULL;
154
155 if ((astr = ASN1_STRING_new()) == NULL)
156 return NULL;
157 if (!ASN1_STRING_copy(astr, src)) {
158 ASN1_STRING_free(astr);
159 return NULL;
160 }
161 return astr;
162}
163LCRYPTO_ALIAS(ASN1_STRING_dup);
164
165int
166ASN1_STRING_set(ASN1_STRING *astr, const void *_data, int len)
167{
168 const char *data = _data;
169
170 if (len == -1) {
171 size_t slen;
172
173 if (data == NULL)
174 return 0;
175
176 if ((slen = strlen(data)) > INT_MAX)
177 return 0;
178
179 len = (int)slen;
180 }
181
182 ASN1_STRING_clear(astr);
183
184 if (len < 0 || len >= INT_MAX)
185 return 0;
186
187 if ((astr->data = calloc(1, len + 1)) == NULL) {
188 ASN1error(ERR_R_MALLOC_FAILURE);
189 return 0;
190 }
191 astr->length = len;
192
193 if (data != NULL) {
194 memcpy(astr->data, data, len);
195 astr->data[len] = '\0';
196 }
197
198 return 1;
199}
200LCRYPTO_ALIAS(ASN1_STRING_set);
201
202void
203ASN1_STRING_set0(ASN1_STRING *astr, void *data, int len)
204{
205 ASN1_STRING_clear(astr);
206
207 astr->data = data;
208 astr->length = len;
209}
210LCRYPTO_ALIAS(ASN1_STRING_set0);
211
212int
213ASN1_STRING_length(const ASN1_STRING *astr)
214{
215 return astr->length;
216}
217LCRYPTO_ALIAS(ASN1_STRING_length);
218
219void
220ASN1_STRING_length_set(ASN1_STRING *astr, int len)
221{
222 /* This is dangerous and unfixable. */
223 astr->length = len;
224}
225LCRYPTO_ALIAS(ASN1_STRING_length_set);
226
227int
228ASN1_STRING_type(const ASN1_STRING *astr)
229{
230 return astr->type;
231}
232LCRYPTO_ALIAS(ASN1_STRING_type);
233
234unsigned char *
235ASN1_STRING_data(ASN1_STRING *astr)
236{
237 return astr->data;
238}
239LCRYPTO_ALIAS(ASN1_STRING_data);
240
241const unsigned char *
242ASN1_STRING_get0_data(const ASN1_STRING *astr)
243{
244 return astr->data;
245}
246LCRYPTO_ALIAS(ASN1_STRING_get0_data);
247
248int
249ASN1_STRING_print(BIO *bp, const ASN1_STRING *astr)
250{
251 int i, n;
252 char buf[80];
253 const char *p;
254
255 if (astr == NULL)
256 return 0;
257
258 n = 0;
259 p = (const char *)astr->data;
260 for (i = 0; i < astr->length; i++) {
261 if ((p[i] > '~') || ((p[i] < ' ') &&
262 (p[i] != '\n') && (p[i] != '\r')))
263 buf[n] = '.';
264 else
265 buf[n] = p[i];
266 n++;
267 if (n >= 80) {
268 if (BIO_write(bp, buf, n) <= 0)
269 return 0;
270 n = 0;
271 }
272 }
273 if (n > 0) {
274 if (BIO_write(bp, buf, n) <= 0)
275 return 0;
276 }
277
278 return 1;
279}
280LCRYPTO_ALIAS(ASN1_STRING_print);
281
282/*
283 * Utility function: convert any string type to UTF8, returns number of bytes
284 * in output string or a negative error code
285 */
286int
287ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in)
288{
289 ASN1_STRING *astr = NULL;
290 int mbflag;
291 int ret = -1;
292
293 /*
294 * XXX We can't fail on *out != NULL here since things like haproxy and
295 * grpc pass in a pointer to an uninitialized pointer on the stack.
296 */
297 if (out == NULL)
298 goto err;
299
300 if (in == NULL)
301 goto err;
302
303 if ((mbflag = asn1_tag2charwidth(in->type)) == -1)
304 goto err;
305
306 mbflag |= MBSTRING_FLAG;
307
308 if ((ret = ASN1_mbstring_copy(&astr, in->data, in->length, mbflag,
309 B_ASN1_UTF8STRING)) < 0)
310 goto err;
311
312 *out = astr->data;
313 ret = astr->length;
314
315 astr->data = NULL;
316 astr->length = 0;
317
318 err:
319 ASN1_STRING_free(astr);
320
321 return ret;
322}
323LCRYPTO_ALIAS(ASN1_STRING_to_UTF8);
324
325int
326i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *astr, int type)
327{
328 int i, n = 0;
329 static const char h[] = "0123456789ABCDEF";
330 char buf[2];
331
332 if (astr == NULL)
333 return 0;
334
335 if (astr->length == 0) {
336 if (BIO_write(bp, "0", 1) != 1)
337 goto err;
338 n = 1;
339 } else {
340 for (i = 0; i < astr->length; i++) {
341 if ((i != 0) && (i % 35 == 0)) {
342 if (BIO_write(bp, "\\\n", 2) != 2)
343 goto err;
344 n += 2;
345 }
346 buf[0] = h[((unsigned char)astr->data[i] >> 4) & 0x0f];
347 buf[1] = h[((unsigned char)astr->data[i]) & 0x0f];
348 if (BIO_write(bp, buf, 2) != 2)
349 goto err;
350 n += 2;
351 }
352 }
353 return n;
354
355 err:
356 return -1;
357}
358LCRYPTO_ALIAS(i2a_ASN1_STRING);
359
360int
361a2i_ASN1_STRING(BIO *bp, ASN1_STRING *astr, char *buf, int size)
362{
363 int ret = 0;
364 int i, j, k, m, n, again, bufsize;
365 unsigned char *s = NULL, *sp;
366 unsigned char *bufp;
367 int first = 1;
368 size_t num = 0, slen = 0;
369
370 bufsize = BIO_gets(bp, buf, size);
371 for (;;) {
372 if (bufsize < 1) {
373 if (first)
374 break;
375 else
376 goto err_sl;
377 }
378 first = 0;
379
380 i = bufsize;
381 if (buf[i-1] == '\n')
382 buf[--i] = '\0';
383 if (i == 0)
384 goto err_sl;
385 if (buf[i-1] == '\r')
386 buf[--i] = '\0';
387 if (i == 0)
388 goto err_sl;
389 if (buf[i - 1] == '\\') {
390 i--;
391 again = 1;
392 } else
393 again = 0;
394 buf[i] = '\0';
395 if (i < 2)
396 goto err_sl;
397
398 bufp = (unsigned char *)buf;
399
400 k = 0;
401 if (i % 2 != 0) {
402 ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS);
403 goto err;
404 }
405 i /= 2;
406 if (num + i > slen) {
407 sp = realloc(s, num + i);
408 if (sp == NULL) {
409 ASN1error(ERR_R_MALLOC_FAILURE);
410 goto err;
411 }
412 s = sp;
413 slen = num + i;
414 }
415 for (j = 0; j < i; j++, k += 2) {
416 for (n = 0; n < 2; n++) {
417 m = bufp[k + n];
418 if ((m >= '0') && (m <= '9'))
419 m -= '0';
420 else if ((m >= 'a') && (m <= 'f'))
421 m = m - 'a' + 10;
422 else if ((m >= 'A') && (m <= 'F'))
423 m = m - 'A' + 10;
424 else {
425 ASN1error(ASN1_R_NON_HEX_CHARACTERS);
426 goto err;
427 }
428 s[num + j] <<= 4;
429 s[num + j] |= m;
430 }
431 }
432 num += i;
433 if (again)
434 bufsize = BIO_gets(bp, buf, size);
435 else
436 break;
437 }
438 astr->length = num;
439 astr->data = s;
440
441 return 1;
442
443 err_sl:
444 ASN1error(ASN1_R_SHORT_LINE);
445 err:
446 free(s);
447
448 return ret;
449}
450LCRYPTO_ALIAS(a2i_ASN1_STRING);
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c
deleted file mode 100644
index 5fa60b9ce7..0000000000
--- a/src/lib/libcrypto/asn1/a_strnid.c
+++ /dev/null
@@ -1,329 +0,0 @@
1/* $OpenBSD: a_strnid.c,v 1.31 2024/03/02 08:54:02 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <errno.h>
60#include <limits.h>
61#include <stdlib.h>
62#include <string.h>
63
64#include <openssl/asn1.h>
65#include <openssl/err.h>
66#include <openssl/objects.h>
67
68/*
69 * XXX - unprotected global state
70 *
71 * This is the global mask for the mbstring functions: this is used to
72 * mask out certain types (such as BMPString and UTF8String) because
73 * certain software (e.g. Netscape) has problems with them.
74 */
75static unsigned long global_mask = B_ASN1_UTF8STRING;
76
77void
78ASN1_STRING_set_default_mask(unsigned long mask)
79{
80 global_mask = mask;
81}
82LCRYPTO_ALIAS(ASN1_STRING_set_default_mask);
83
84unsigned long
85ASN1_STRING_get_default_mask(void)
86{
87 return global_mask;
88}
89LCRYPTO_ALIAS(ASN1_STRING_get_default_mask);
90
91/*
92 * This function sets the default to various "flavours" of configuration
93 * based on an ASCII string. Currently this is:
94 * MASK:XXXX : a numerical mask value.
95 * nobmp : Don't use BMPStrings (just Printable, T61).
96 * pkix : PKIX recommendation in RFC2459.
97 * utf8only : only use UTF8Strings (RFC2459 recommendation for 2004).
98 * default: the default value, Printable, T61, BMP.
99 */
100
101int
102ASN1_STRING_set_default_mask_asc(const char *p)
103{
104 unsigned long mask;
105 char *end;
106 int save_errno;
107
108 if (strncmp(p, "MASK:", 5) == 0) {
109 if (p[5] == '\0')
110 return 0;
111 save_errno = errno;
112 errno = 0;
113 mask = strtoul(p + 5, &end, 0);
114 if (errno == ERANGE && mask == ULONG_MAX)
115 return 0;
116 errno = save_errno;
117 if (*end != '\0')
118 return 0;
119 } else if (strcmp(p, "nombstr") == 0)
120 mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING));
121 else if (strcmp(p, "pkix") == 0)
122 mask = ~((unsigned long)B_ASN1_T61STRING);
123 else if (strcmp(p, "utf8only") == 0)
124 mask = B_ASN1_UTF8STRING;
125 else if (strcmp(p, "default") == 0)
126 mask = 0xFFFFFFFFL;
127 else
128 return 0;
129 ASN1_STRING_set_default_mask(mask);
130 return 1;
131}
132LCRYPTO_ALIAS(ASN1_STRING_set_default_mask_asc);
133
134/*
135 * The following function generates an ASN1_STRING based on limits in a table.
136 * Frequently the types and length of an ASN1_STRING are restricted by a
137 * corresponding OID. For example certificates and certificate requests.
138 */
139
140ASN1_STRING *
141ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, int inlen,
142 int inform, int nid)
143{
144 const ASN1_STRING_TABLE *tbl;
145 ASN1_STRING *str = NULL;
146 unsigned long mask;
147 int ret;
148
149 if (out == NULL)
150 out = &str;
151 tbl = ASN1_STRING_TABLE_get(nid);
152 if (tbl != NULL) {
153 mask = tbl->mask;
154 if ((tbl->flags & STABLE_NO_MASK) == 0)
155 mask &= global_mask;
156 ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask,
157 tbl->minsize, tbl->maxsize);
158 } else
159 ret = ASN1_mbstring_copy(out, in, inlen, inform,
160 DIRSTRING_TYPE & global_mask);
161 if (ret <= 0)
162 return NULL;
163 return *out;
164}
165LCRYPTO_ALIAS(ASN1_STRING_set_by_NID);
166
167/* From RFC 5280, Appendix A.1. */
168#define ub_name 32768
169#define ub_common_name 64
170#define ub_locality_name 128
171#define ub_state_name 128
172#define ub_organization_name 64
173#define ub_organization_unit_name 64
174#define ub_title 64
175#define ub_email_address 128 /* XXX - bumped to 255 in RFC 5280 */
176#define ub_serial_number 64
177
178static const ASN1_STRING_TABLE tbl_standard[] = {
179 {
180 .nid = NID_commonName,
181 .minsize = 1,
182 .maxsize = ub_common_name,
183 .mask = DIRSTRING_TYPE,
184 .flags = 0,
185 },
186 {
187 .nid = NID_countryName,
188 .minsize = 2,
189 .maxsize = 2,
190 .mask = B_ASN1_PRINTABLESTRING,
191 .flags = STABLE_NO_MASK,
192 },
193 {
194 .nid = NID_localityName,
195 .minsize = 1,
196 .maxsize = ub_locality_name,
197 .mask = DIRSTRING_TYPE,
198 .flags = 0,
199 },
200 {
201 .nid = NID_stateOrProvinceName,
202 .minsize = 1,
203 .maxsize = ub_state_name,
204 .mask = DIRSTRING_TYPE,
205 .flags = 0,
206 },
207 {
208 .nid = NID_organizationName,
209 .minsize = 1,
210 .maxsize = ub_organization_name,
211 .mask = DIRSTRING_TYPE,
212 .flags = 0,
213 },
214 {
215 .nid = NID_organizationalUnitName,
216 .minsize = 1,
217 .maxsize = ub_organization_unit_name,
218 .mask = DIRSTRING_TYPE,
219 .flags = 0,
220 },
221 {
222 .nid = NID_pkcs9_emailAddress,
223 .minsize = 1,
224 .maxsize = ub_email_address,
225 .mask = B_ASN1_IA5STRING,
226 .flags = STABLE_NO_MASK,
227 },
228 {
229 .nid = NID_pkcs9_unstructuredName,
230 .minsize = 1,
231 .maxsize = -1,
232 .mask = PKCS9STRING_TYPE,
233 .flags = 0,
234 },
235 {
236 .nid = NID_pkcs9_challengePassword,
237 .minsize = 1,
238 .maxsize = -1,
239 .mask = PKCS9STRING_TYPE,
240 .flags = 0,
241 },
242 {
243 .nid = NID_pkcs9_unstructuredAddress,
244 .minsize = 1,
245 .maxsize = -1,
246 .mask = DIRSTRING_TYPE,
247 .flags = 0,
248 },
249 {
250 .nid = NID_givenName,
251 .minsize = 1,
252 .maxsize = ub_name,
253 .mask = DIRSTRING_TYPE,
254 .flags = 0,
255 },
256 {
257 .nid = NID_surname,
258 .minsize = 1,
259 .maxsize = ub_name,
260 .mask = DIRSTRING_TYPE,
261 .flags = 0,
262 },
263 {
264 .nid = NID_initials,
265 .minsize = 1,
266 .maxsize = ub_name,
267 .mask = DIRSTRING_TYPE,
268 .flags = 0,
269 },
270 {
271 .nid = NID_serialNumber,
272 .minsize = 1,
273 .maxsize = ub_serial_number,
274 .mask = B_ASN1_PRINTABLESTRING,
275 .flags = STABLE_NO_MASK,
276 },
277 {
278 .nid = NID_friendlyName,
279 .minsize = -1,
280 .maxsize = -1,
281 .mask = B_ASN1_BMPSTRING,
282 .flags = STABLE_NO_MASK,
283 },
284 {
285 .nid = NID_name,
286 .minsize = 1,
287 .maxsize = ub_name,
288 .mask = DIRSTRING_TYPE,
289 .flags = 0,
290 },
291 {
292 .nid = NID_dnQualifier,
293 .minsize = -1,
294 .maxsize = -1,
295 .mask = B_ASN1_PRINTABLESTRING,
296 .flags = STABLE_NO_MASK,
297 },
298 {
299 .nid = NID_domainComponent,
300 .minsize = 1,
301 .maxsize = -1,
302 .mask = B_ASN1_IA5STRING,
303 .flags = STABLE_NO_MASK,
304 },
305 {
306 .nid = NID_ms_csp_name,
307 .minsize = -1,
308 .maxsize = -1,
309 .mask = B_ASN1_BMPSTRING,
310 .flags = STABLE_NO_MASK,
311 },
312};
313
314#define N_STRING_TABLE_ENTRIES (sizeof(tbl_standard) / sizeof(tbl_standard[0]))
315
316const ASN1_STRING_TABLE *
317ASN1_STRING_TABLE_get(int nid)
318{
319 size_t i;
320
321 for (i = 0; i < N_STRING_TABLE_ENTRIES; i++) {
322 const ASN1_STRING_TABLE *entry = &tbl_standard[i];
323 if (entry->nid == nid)
324 return entry;
325 }
326
327 return NULL;
328}
329LCRYPTO_ALIAS(ASN1_STRING_TABLE_get);
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c
deleted file mode 100644
index 15ac1af5c4..0000000000
--- a/src/lib/libcrypto/asn1/a_time.c
+++ /dev/null
@@ -1,139 +0,0 @@
1/* $OpenBSD: a_time.c,v 1.38 2024/07/08 14:52:31 beck Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * licensing@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56/* This is an implementation of the ASN1 Time structure which is:
57 * Time ::= CHOICE {
58 * utcTime UTCTime,
59 * generalTime GeneralizedTime }
60 * written by Steve Henson.
61 */
62
63#include <stdio.h>
64#include <string.h>
65#include <time.h>
66
67#include <openssl/asn1t.h>
68#include <openssl/err.h>
69
70#include "asn1_local.h"
71
72const ASN1_ITEM ASN1_TIME_it = {
73 .itype = ASN1_ITYPE_MSTRING,
74 .utype = B_ASN1_TIME,
75 .templates = NULL,
76 .tcount = 0,
77 .funcs = NULL,
78 .size = sizeof(ASN1_STRING),
79 .sname = "ASN1_TIME",
80};
81LCRYPTO_ALIAS(ASN1_TIME_it);
82
83ASN1_TIME *
84ASN1_TIME_new(void)
85{
86 return (ASN1_TIME *)ASN1_item_new(&ASN1_TIME_it);
87}
88LCRYPTO_ALIAS(ASN1_TIME_new);
89
90void
91ASN1_TIME_free(ASN1_TIME *a)
92{
93 ASN1_item_free((ASN1_VALUE *)a, &ASN1_TIME_it);
94}
95LCRYPTO_ALIAS(ASN1_TIME_free);
96
97int
98ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm)
99{
100 time_t now;
101
102 if (s != NULL)
103 return ASN1_time_parse(s->data, s->length, tm, 0) != -1;
104
105 time(&now);
106 memset(tm, 0, sizeof(*tm));
107
108 return asn1_time_time_t_to_tm(&now, tm);
109}
110LCRYPTO_ALIAS(ASN1_TIME_to_tm);
111
112int
113ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from, const ASN1_TIME *to)
114{
115 struct tm tm_from, tm_to;
116
117 if (!ASN1_TIME_to_tm(from, &tm_from))
118 return 0;
119 if (!ASN1_TIME_to_tm(to, &tm_to))
120 return 0;
121
122 return OPENSSL_gmtime_diff(pday, psec, &tm_from, &tm_to);
123}
124LCRYPTO_ALIAS(ASN1_TIME_diff);
125
126ASN1_TIME *
127d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len)
128{
129 return (ASN1_TIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
130 &ASN1_TIME_it);
131}
132LCRYPTO_ALIAS(d2i_ASN1_TIME);
133
134int
135i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out)
136{
137 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_TIME_it);
138}
139LCRYPTO_ALIAS(i2d_ASN1_TIME);
diff --git a/src/lib/libcrypto/asn1/a_time_posix.c b/src/lib/libcrypto/asn1/a_time_posix.c
deleted file mode 100644
index d4439b4701..0000000000
--- a/src/lib/libcrypto/asn1/a_time_posix.c
+++ /dev/null
@@ -1,296 +0,0 @@
1/* $OpenBSD: a_time_posix.c,v 1.5 2024/02/18 16:28:38 tb Exp $ */
2/*
3 * Copyright (c) 2022, Google Inc.
4 * Copyright (c) 2022, Bob Beck <beck@obtuse.com>
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
13 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
15 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
16 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17 */
18
19/*
20 * Time conversion to/from POSIX time_t and struct tm, with no support
21 * for time zones other than UTC
22 */
23
24#include <inttypes.h>
25#include <limits.h>
26#include <stdint.h>
27#include <string.h>
28#include <time.h>
29
30#include <openssl/asn1.h>
31#include <openssl/posix_time.h>
32
33#include "crypto_internal.h"
34
35#define SECS_PER_HOUR (int64_t)(60 * 60)
36#define SECS_PER_DAY (int64_t)(24 * SECS_PER_HOUR)
37
38/*
39 * Is a year/month/day combination valid, in the range from year 0000
40 * to 9999?
41 */
42static int
43is_valid_date(int64_t year, int64_t month, int64_t day)
44{
45 int days_in_month;
46 if (day < 1 || month < 1 || year < 0 || year > 9999)
47 return 0;
48 switch (month) {
49 case 1:
50 case 3:
51 case 5:
52 case 7:
53 case 8:
54 case 10:
55 case 12:
56 days_in_month = 31;
57 break;
58 case 4:
59 case 6:
60 case 9:
61 case 11:
62 days_in_month = 30;
63 break;
64 case 2:
65 if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
66 days_in_month = 29;
67 else
68 days_in_month = 28;
69 break;
70 default:
71 return 0;
72 }
73 return day <= days_in_month;
74}
75
76/*
77 * Is a time valid? Leap seconds of 60 are not considered valid, as
78 * the POSIX time in seconds does not include them.
79 */
80static int
81is_valid_time(int hours, int minutes, int seconds)
82{
83 return hours >= 0 && minutes >= 0 && seconds >= 0 && hours <= 23 &&
84 minutes <= 59 && seconds <= 59;
85}
86
87/* 0000-01-01 00:00:00 UTC */
88#define MIN_POSIX_TIME INT64_C(-62167219200)
89/* 9999-12-31 23:59:59 UTC */
90#define MAX_POSIX_TIME INT64_C(253402300799)
91
92/* Is a int64 time representing a time within our expected range? */
93static int
94is_valid_posix_time(int64_t time)
95{
96 return MIN_POSIX_TIME <= time && time <= MAX_POSIX_TIME;
97}
98
99/*
100 * Inspired by algorithms presented in
101 * https://howardhinnant.github.io/date_algorithms.html
102 * (Public Domain)
103 */
104static int
105posix_time_from_utc(int64_t year, int64_t month, int64_t day, int64_t hours,
106 int64_t minutes, int64_t seconds, int64_t *out_time)
107{
108 int64_t era, year_of_era, day_of_year, day_of_era, posix_days;
109
110 if (!is_valid_date(year, month, day) ||
111 !is_valid_time(hours, minutes, seconds))
112 return 0;
113 if (month <= 2)
114 year--; /* Start years on Mar 1, so leap days end a year. */
115
116 /* At this point year will be in the range -1 and 9999.*/
117 era = (year >= 0 ? year : year - 399) / 400;
118 year_of_era = year - era * 400;
119 day_of_year = (153 * (month > 2 ? month - 3 : month + 9) + 2) /
120 5 + day - 1;
121 day_of_era = year_of_era * 365 + year_of_era / 4 - year_of_era /
122 100 + day_of_year;
123 posix_days = era * 146097 + day_of_era - 719468;
124 *out_time = posix_days * SECS_PER_DAY + hours * SECS_PER_HOUR +
125 minutes * 60 + seconds;
126
127 return 1;
128}
129
130/*
131 * Inspired by algorithms presented in
132 * https://howardhinnant.github.io/date_algorithms.html
133 * (Public Domain)
134 */
135static int
136utc_from_posix_time(int64_t time, int *out_year, int *out_month, int *out_day,
137 int *out_hours, int *out_minutes, int *out_seconds)
138{
139 int64_t days, leftover_seconds, era, day_of_era, year_of_era,
140 day_of_year, month_of_year;
141
142 if (!is_valid_posix_time(time))
143 return 0;
144
145 days = time / SECS_PER_DAY;
146 leftover_seconds = time % SECS_PER_DAY;
147 if (leftover_seconds < 0) {
148 days--;
149 leftover_seconds += SECS_PER_DAY;
150 }
151 days += 719468; /* Shift to starting epoch of Mar 1 0000. */
152
153 /* At this point, days will be in the range -61 and 3652364. */
154 era = (days > 0 ? days : days - 146096) / 146097;
155 day_of_era = days - era * 146097;
156 year_of_era = (day_of_era - day_of_era / 1460 + day_of_era / 36524 -
157 day_of_era / 146096) /
158 365;
159 *out_year = year_of_era + era * 400; /* Year starts on Mar 1 */
160 day_of_year = day_of_era - (365 * year_of_era + year_of_era / 4 -
161 year_of_era / 100);
162 month_of_year = (5 * day_of_year + 2) / 153;
163 *out_month = (month_of_year < 10 ? month_of_year + 3 :
164 month_of_year - 9);
165 if (*out_month <= 2)
166 (*out_year)++; /* Adjust year back to Jan 1 start of year. */
167
168 *out_day = day_of_year - (153 * month_of_year + 2) / 5 + 1;
169 *out_hours = leftover_seconds / SECS_PER_HOUR;
170 leftover_seconds %= SECS_PER_HOUR;
171 *out_minutes = leftover_seconds / 60;
172 *out_seconds = leftover_seconds % 60;
173
174 return 1;
175}
176
177int
178OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out)
179{
180 return posix_time_from_utc(tm->tm_year + (int64_t)1900,
181 tm->tm_mon + (int64_t)1, tm->tm_mday, tm->tm_hour, tm->tm_min,
182 tm->tm_sec, out);
183}
184LCRYPTO_ALIAS(OPENSSL_tm_to_posix);
185
186int
187OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm)
188{
189 struct tm tmp_tm = {0};
190
191 memset(out_tm, 0, sizeof(*out_tm));
192
193 if (!utc_from_posix_time(time, &tmp_tm.tm_year, &tmp_tm.tm_mon,
194 &tmp_tm.tm_mday, &tmp_tm.tm_hour, &tmp_tm.tm_min, &tmp_tm.tm_sec))
195 return 0;
196
197 tmp_tm.tm_year -= 1900;
198 tmp_tm.tm_mon -= 1;
199
200 *out_tm = tmp_tm;
201
202 return 1;
203}
204LCRYPTO_ALIAS(OPENSSL_posix_to_tm);
205
206int
207asn1_time_tm_to_time_t(const struct tm *tm, time_t *out)
208{
209 int64_t posix_time;
210
211 if (!OPENSSL_tm_to_posix(tm, &posix_time))
212 return 0;
213
214#ifdef SMALL_TIME_T
215 /* For portable. */
216 if (sizeof(time_t) == sizeof(int32_t) &&
217 (posix_time > INT32_MAX || posix_time < INT32_MIN))
218 return 0;
219#endif
220
221 *out = posix_time;
222 return 1;
223}
224
225int
226asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm)
227{
228 int64_t posix_time = *time;
229
230 return OPENSSL_posix_to_tm(posix_time, out_tm);
231}
232
233int
234OPENSSL_timegm(const struct tm *tm, time_t *out) {
235 return asn1_time_tm_to_time_t(tm, out);
236}
237LCRYPTO_ALIAS(OPENSSL_timegm);
238
239struct tm *
240OPENSSL_gmtime(const time_t *time, struct tm *out_tm) {
241 if (!asn1_time_time_t_to_tm(time, out_tm))
242 return NULL;
243 return out_tm;
244}
245LCRYPTO_ALIAS(OPENSSL_gmtime);
246
247/* Public API in OpenSSL. BoringSSL uses int64_t instead of long. */
248int
249OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec)
250{
251 int64_t posix_time;
252
253 if (!OPENSSL_tm_to_posix(tm, &posix_time))
254 return 0;
255
256 CTASSERT(INT_MAX <= INT64_MAX / SECS_PER_DAY);
257 CTASSERT(MAX_POSIX_TIME <= INT64_MAX - INT_MAX * SECS_PER_DAY);
258 CTASSERT(MIN_POSIX_TIME >= INT64_MIN - INT_MIN * SECS_PER_DAY);
259
260 posix_time += offset_day * SECS_PER_DAY;
261
262 if (posix_time > 0 && offset_sec > INT64_MAX - posix_time)
263 return 0;
264 if (posix_time < 0 && offset_sec < INT64_MIN - posix_time)
265 return 0;
266 posix_time += offset_sec;
267
268 if (!OPENSSL_posix_to_tm(posix_time, tm))
269 return 0;
270
271 return 1;
272}
273
274int
275OPENSSL_gmtime_diff(int *out_days, int *out_secs, const struct tm *from,
276 const struct tm *to)
277{
278 int64_t time_to, time_from, timediff, daydiff;
279
280 if (!OPENSSL_tm_to_posix(to, &time_to) ||
281 !OPENSSL_tm_to_posix(from, &time_from))
282 return 0;
283
284 /* Times are in range, so these calculations cannot overflow. */
285 CTASSERT(SECS_PER_DAY <= INT_MAX);
286 CTASSERT((MAX_POSIX_TIME - MIN_POSIX_TIME) / SECS_PER_DAY <= INT_MAX);
287
288 timediff = time_to - time_from;
289 daydiff = timediff / SECS_PER_DAY;
290 timediff %= SECS_PER_DAY;
291
292 *out_secs = timediff;
293 *out_days = daydiff;
294
295 return 1;
296}
diff --git a/src/lib/libcrypto/asn1/a_time_tm.c b/src/lib/libcrypto/asn1/a_time_tm.c
deleted file mode 100644
index a1f329be96..0000000000
--- a/src/lib/libcrypto/asn1/a_time_tm.c
+++ /dev/null
@@ -1,607 +0,0 @@
1/* $OpenBSD: a_time_tm.c,v 1.42 2024/05/03 18:33:27 tb Exp $ */
2/*
3 * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <ctype.h>
19#include <limits.h>
20#include <stdio.h>
21#include <string.h>
22#include <time.h>
23
24#include <openssl/asn1t.h>
25#include <openssl/err.h>
26
27#include "bytestring.h"
28#include "asn1_local.h"
29
30#define RFC5280 0
31#define GENTIME_LENGTH 15
32#define UTCTIME_LENGTH 13
33
34int
35ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2)
36{
37 if (tm1->tm_year < tm2->tm_year)
38 return -1;
39 if (tm1->tm_year > tm2->tm_year)
40 return 1;
41 if (tm1->tm_mon < tm2->tm_mon)
42 return -1;
43 if (tm1->tm_mon > tm2->tm_mon)
44 return 1;
45 if (tm1->tm_mday < tm2->tm_mday)
46 return -1;
47 if (tm1->tm_mday > tm2->tm_mday)
48 return 1;
49 if (tm1->tm_hour < tm2->tm_hour)
50 return -1;
51 if (tm1->tm_hour > tm2->tm_hour)
52 return 1;
53 if (tm1->tm_min < tm2->tm_min)
54 return -1;
55 if (tm1->tm_min > tm2->tm_min)
56 return 1;
57 if (tm1->tm_sec < tm2->tm_sec)
58 return -1;
59 if (tm1->tm_sec > tm2->tm_sec)
60 return 1;
61 return 0;
62}
63
64int
65ASN1_time_tm_clamp_notafter(struct tm *tm)
66{
67#ifdef SMALL_TIME_T
68 struct tm broken_os_epoch_tm;
69 time_t broken_os_epoch_time = INT_MAX;
70
71 if (!asn1_time_time_t_to_tm(&broken_os_epoch_time, &broken_os_epoch_tm))
72 return 0;
73
74 if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
75 memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
76#endif
77 return 1;
78}
79
80/* Convert time to GeneralizedTime, X.690, 11.7. */
81static int
82tm_to_gentime(struct tm *tm, ASN1_TIME *atime)
83{
84 char *time_str = NULL;
85
86 if (tm->tm_year < -1900 || tm->tm_year > 9999 - 1900) {
87 ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
88 return 0;
89 }
90
91 if (asprintf(&time_str, "%04u%02u%02u%02u%02u%02uZ", tm->tm_year + 1900,
92 tm->tm_mon + 1, tm->tm_mday, tm->tm_hour, tm->tm_min,
93 tm->tm_sec) == -1) {
94 ASN1error(ERR_R_MALLOC_FAILURE);
95 return 0;
96 }
97
98 free(atime->data);
99 atime->data = time_str;
100 atime->length = GENTIME_LENGTH;
101 atime->type = V_ASN1_GENERALIZEDTIME;
102
103 return 1;
104}
105
106/* Convert time to UTCTime, X.690, 11.8. */
107static int
108tm_to_utctime(struct tm *tm, ASN1_TIME *atime)
109{
110 char *time_str = NULL;
111
112 if (tm->tm_year >= 150 || tm->tm_year < 50) {
113 ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
114 return 0;
115 }
116
117 if (asprintf(&time_str, "%02u%02u%02u%02u%02u%02uZ",
118 tm->tm_year % 100, tm->tm_mon + 1, tm->tm_mday,
119 tm->tm_hour, tm->tm_min, tm->tm_sec) == -1) {
120 ASN1error(ERR_R_MALLOC_FAILURE);
121 return 0;
122 }
123
124 free(atime->data);
125 atime->data = time_str;
126 atime->length = UTCTIME_LENGTH;
127 atime->type = V_ASN1_UTCTIME;
128
129 return 1;
130}
131
132static int
133tm_to_rfc5280_time(struct tm *tm, ASN1_TIME *atime)
134{
135 if (tm->tm_year >= 50 && tm->tm_year < 150)
136 return tm_to_utctime(tm, atime);
137
138 return tm_to_gentime(tm, atime);
139}
140
141
142static int
143cbs_get_two_digit_value(CBS *cbs, int *out)
144{
145 uint8_t first_digit, second_digit;
146
147 if (!CBS_get_u8(cbs, &first_digit))
148 return 0;
149 if (!isdigit(first_digit))
150 return 0;
151 if (!CBS_get_u8(cbs, &second_digit))
152 return 0;
153 if (!isdigit(second_digit))
154 return 0;
155
156 *out = (first_digit - '0') * 10 + (second_digit - '0');
157
158 return 1;
159}
160
161static int
162is_valid_day(int year, int month, int day)
163{
164 if (day < 1)
165 return 0;
166 switch (month) {
167 case 1:
168 case 3:
169 case 5:
170 case 7:
171 case 8:
172 case 10:
173 case 12:
174 return day <= 31;
175 case 4:
176 case 6:
177 case 9:
178 case 11:
179 return day <= 30;
180 case 2:
181 if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0)
182 return day <= 29;
183 else
184 return day <= 28;
185 default:
186 return 0;
187 }
188}
189
190/*
191 * asn1_time_parse_cbs returns one if |cbs| is a valid DER-encoded, ASN.1 Time
192 * body within the limitations imposed by RFC 5280, or zero otherwise. The time
193 * is expected to parse as a Generalized Time if is_gentime is true, and as a
194 * UTC Time otherwise. If |out_tm| is non-NULL, |*out_tm| will be zeroed, and
195 * then set to the corresponding time in UTC. This function does not compute
196 * |out_tm->tm_wday| or |out_tm->tm_yday|. |cbs| is not consumed.
197 */
198int
199asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm)
200{
201 int year, month, day, hour, min, sec, val;
202 CBS copy;
203 uint8_t tz;
204
205 CBS_dup(cbs, &copy);
206
207 if (is_gentime) {
208 if (!cbs_get_two_digit_value(&copy, &val))
209 return 0;
210 year = val * 100;
211 if (!cbs_get_two_digit_value(&copy, &val))
212 return 0;
213 year += val;
214 } else {
215 year = 1900;
216 if (!cbs_get_two_digit_value(&copy, &val))
217 return 0;
218 year += val;
219 if (year < 1950)
220 year += 100;
221 if (year >= 2050)
222 return 0; /* A Generalized time must be used. */
223 }
224
225 if (!cbs_get_two_digit_value(&copy, &month))
226 return 0;
227 if (month < 1 || month > 12)
228 return 0; /* Reject invalid months. */
229
230 if (!cbs_get_two_digit_value(&copy, &day))
231 return 0;
232 if (!is_valid_day(year, month, day))
233 return 0; /* Reject invalid days. */
234
235 if (!cbs_get_two_digit_value(&copy, &hour))
236 return 0;
237 if (hour > 23)
238 return 0; /* Reject invalid hours. */
239
240 if (!cbs_get_two_digit_value(&copy, &min))
241 return 0;
242 if (min > 59)
243 return 0; /* Reject invalid minutes. */
244
245 if (!cbs_get_two_digit_value(&copy, &sec))
246 return 0;
247 if (sec > 59)
248 return 0; /* Reject invalid seconds. Leap seconds are invalid. */
249
250 if (!CBS_get_u8(&copy, &tz))
251 return 0;
252 if (tz != 'Z')
253 return 0; /* Reject anything but Z on the end. */
254
255 if (CBS_len(&copy) != 0)
256 return 0; /* Reject invalid lengths. */
257
258 if (out_tm != NULL) {
259 memset(out_tm, 0, sizeof(*out_tm));
260 /* Fill in the tm fields corresponding to what we validated. */
261 out_tm->tm_year = year - 1900;
262 out_tm->tm_mon = month - 1;
263 out_tm->tm_mday = day;
264 out_tm->tm_hour = hour;
265 out_tm->tm_min = min;
266 out_tm->tm_sec = sec;
267 }
268
269 return 1;
270}
271
272/*
273 * Parse an RFC 5280 format ASN.1 time string.
274 *
275 * mode must be:
276 * 0 if we expect to parse a time as specified in RFC 5280 for an X509 object.
277 * V_ASN1_UTCTIME if we wish to parse an RFC5280 format UTC time.
278 * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time.
279 *
280 * Returns:
281 * -1 if the string was invalid.
282 * V_ASN1_UTCTIME if the string validated as a UTC time string.
283 * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string.
284 *
285 * Fills in *tm with the corresponding time if tm is non NULL.
286 */
287int
288ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
289{
290 int type = 0;
291 CBS cbs;
292
293 if (bytes == NULL)
294 return -1;
295
296 CBS_init(&cbs, bytes, len);
297
298 if (CBS_len(&cbs) == UTCTIME_LENGTH)
299 type = V_ASN1_UTCTIME;
300 if (CBS_len(&cbs) == GENTIME_LENGTH)
301 type = V_ASN1_GENERALIZEDTIME;
302 if (asn1_time_parse_cbs(&cbs, type == V_ASN1_GENERALIZEDTIME, tm)) {
303 if (mode != 0 && mode != type)
304 return -1;
305 return type;
306 }
307
308 return -1;
309}
310
311/*
312 * ASN1_TIME generic functions.
313 */
314
315static int
316ASN1_TIME_set_string_internal(ASN1_TIME *s, const char *str, int mode)
317{
318 struct tm tm;
319
320 if (ASN1_time_parse(str, strlen(str), &tm, mode) == -1)
321 return 0;
322
323 /* Only check str's format, as documented. */
324 if (s == NULL)
325 return 1;
326
327 switch (mode) {
328 case V_ASN1_UTCTIME:
329 return tm_to_utctime(&tm, s);
330 case V_ASN1_GENERALIZEDTIME:
331 return tm_to_gentime(&tm, s);
332 case RFC5280:
333 return tm_to_rfc5280_time(&tm, s);
334 default:
335 return 0;
336 }
337}
338
339static ASN1_TIME *
340ASN1_TIME_adj_internal(ASN1_TIME *s, time_t t, int offset_day, long offset_sec,
341 int mode)
342{
343 ASN1_TIME *atime = s;
344 struct tm tm;
345
346 if (!asn1_time_time_t_to_tm(&t, &tm))
347 goto err;
348
349 if (offset_day != 0 || offset_sec != 0) {
350 if (!OPENSSL_gmtime_adj(&tm, offset_day, offset_sec))
351 goto err;
352 }
353
354 if (atime == NULL)
355 atime = ASN1_TIME_new();
356 if (atime == NULL)
357 goto err;
358
359 switch (mode) {
360 case V_ASN1_UTCTIME:
361 if (!tm_to_utctime(&tm, atime))
362 goto err;
363 break;
364 case V_ASN1_GENERALIZEDTIME:
365 if (!tm_to_gentime(&tm, atime))
366 goto err;
367 break;
368 case RFC5280:
369 if (!tm_to_rfc5280_time(&tm, atime))
370 goto err;
371 break;
372 default:
373 goto err;
374 }
375
376 return atime;
377
378 err:
379 if (atime != s)
380 ASN1_TIME_free(atime);
381
382 return NULL;
383}
384
385ASN1_TIME *
386ASN1_TIME_set(ASN1_TIME *s, time_t t)
387{
388 return ASN1_TIME_adj(s, t, 0, 0);
389}
390LCRYPTO_ALIAS(ASN1_TIME_set);
391
392ASN1_TIME *
393ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, long offset_sec)
394{
395 return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec, RFC5280);
396}
397LCRYPTO_ALIAS(ASN1_TIME_adj);
398
399int
400ASN1_TIME_check(const ASN1_TIME *t)
401{
402 if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
403 return 0;
404 return t->type == ASN1_time_parse(t->data, t->length, NULL, t->type);
405}
406LCRYPTO_ALIAS(ASN1_TIME_check);
407
408ASN1_GENERALIZEDTIME *
409ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out)
410{
411 ASN1_GENERALIZEDTIME *agt = NULL;
412 struct tm tm;
413
414 if (t->type != V_ASN1_GENERALIZEDTIME && t->type != V_ASN1_UTCTIME)
415 goto err;
416
417 if (t->type != ASN1_time_parse(t->data, t->length, &tm, t->type))
418 goto err;
419
420 if (out == NULL || (agt = *out) == NULL)
421 agt = ASN1_TIME_new();
422 if (agt == NULL)
423 goto err;
424
425 if (!tm_to_gentime(&tm, agt))
426 goto err;
427
428 if (out != NULL)
429 *out = agt;
430
431 return agt;
432
433 err:
434 if (out == NULL || *out != agt)
435 ASN1_TIME_free(agt);
436
437 return NULL;
438}
439LCRYPTO_ALIAS(ASN1_TIME_to_generalizedtime);
440
441int
442ASN1_TIME_set_string(ASN1_TIME *s, const char *str)
443{
444 return ASN1_TIME_set_string_internal(s, str, RFC5280);
445}
446LCRYPTO_ALIAS(ASN1_TIME_set_string);
447
448static int
449ASN1_TIME_cmp_time_t_internal(const ASN1_TIME *s, time_t t2, int mode)
450{
451 struct tm tm1, tm2;
452
453 /*
454 * This function has never handled failure conditions properly
455 * The OpenSSL version used to simply follow NULL pointers on failure.
456 * BoringSSL and OpenSSL now make it return -2 on failure.
457 *
458 * The danger is that users of this function will not differentiate the
459 * -2 failure case from s < t2. Callers must be careful. Sadly this is
460 * one of those pervasive things from OpenSSL we must continue with.
461 */
462
463 if (ASN1_time_parse(s->data, s->length, &tm1, mode) == -1)
464 return -2;
465
466 if (!asn1_time_time_t_to_tm(&t2, &tm2))
467 return -2;
468
469 return ASN1_time_tm_cmp(&tm1, &tm2);
470}
471
472int
473ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2)
474{
475 struct tm tm1, tm2;
476
477 if (t1->type != V_ASN1_UTCTIME && t1->type != V_ASN1_GENERALIZEDTIME)
478 return -2;
479
480 if (t2->type != V_ASN1_UTCTIME && t2->type != V_ASN1_GENERALIZEDTIME)
481 return -2;
482
483 if (ASN1_time_parse(t1->data, t1->length, &tm1, t1->type) == -1)
484 return -2;
485
486 if (ASN1_time_parse(t2->data, t2->length, &tm2, t2->type) == -1)
487 return -2;
488
489 return ASN1_time_tm_cmp(&tm1, &tm2);
490}
491LCRYPTO_ALIAS(ASN1_TIME_compare);
492
493int
494ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t)
495{
496 if (s->type == V_ASN1_UTCTIME)
497 return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
498 if (s->type == V_ASN1_GENERALIZEDTIME)
499 return ASN1_TIME_cmp_time_t_internal(s, t,
500 V_ASN1_GENERALIZEDTIME);
501 return -2;
502}
503LCRYPTO_ALIAS(ASN1_TIME_cmp_time_t);
504
505/*
506 * ASN1_UTCTIME wrappers
507 */
508
509int
510ASN1_UTCTIME_check(const ASN1_UTCTIME *d)
511{
512 if (d->type != V_ASN1_UTCTIME)
513 return 0;
514 return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type);
515}
516LCRYPTO_ALIAS(ASN1_UTCTIME_check);
517
518int
519ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str)
520{
521 if (s != NULL && s->type != V_ASN1_UTCTIME)
522 return 0;
523 return ASN1_TIME_set_string_internal(s, str, V_ASN1_UTCTIME);
524}
525LCRYPTO_ALIAS(ASN1_UTCTIME_set_string);
526
527ASN1_UTCTIME *
528ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t)
529{
530 return ASN1_UTCTIME_adj(s, t, 0, 0);
531}
532LCRYPTO_ALIAS(ASN1_UTCTIME_set);
533
534ASN1_UTCTIME *
535ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, int offset_day, long offset_sec)
536{
537 return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
538 V_ASN1_UTCTIME);
539}
540LCRYPTO_ALIAS(ASN1_UTCTIME_adj);
541
542int
543ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t)
544{
545 if (s->type == V_ASN1_UTCTIME)
546 return ASN1_TIME_cmp_time_t_internal(s, t, V_ASN1_UTCTIME);
547 return -2;
548}
549LCRYPTO_ALIAS(ASN1_UTCTIME_cmp_time_t);
550
551/*
552 * ASN1_GENERALIZEDTIME wrappers
553 */
554
555int
556ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d)
557{
558 if (d->type != V_ASN1_GENERALIZEDTIME)
559 return 0;
560 return d->type == ASN1_time_parse(d->data, d->length, NULL, d->type);
561}
562LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_check);
563
564int
565ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str)
566{
567 if (s != NULL && s->type != V_ASN1_GENERALIZEDTIME)
568 return 0;
569 return ASN1_TIME_set_string_internal(s, str, V_ASN1_GENERALIZEDTIME);
570}
571LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set_string);
572
573ASN1_GENERALIZEDTIME *
574ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s, time_t t)
575{
576 return ASN1_GENERALIZEDTIME_adj(s, t, 0, 0);
577}
578LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_set);
579
580ASN1_GENERALIZEDTIME *
581ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, time_t t, int offset_day,
582 long offset_sec)
583{
584 return ASN1_TIME_adj_internal(s, t, offset_day, offset_sec,
585 V_ASN1_GENERALIZEDTIME);
586}
587LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_adj);
588
589int
590ASN1_TIME_normalize(ASN1_TIME *t)
591{
592 struct tm tm;
593
594 if (t == NULL)
595 return 0;
596 if (!ASN1_TIME_to_tm(t, &tm))
597 return 0;
598 return tm_to_rfc5280_time(&tm, t);
599}
600LCRYPTO_ALIAS(ASN1_TIME_normalize);
601
602int
603ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str)
604{
605 return ASN1_TIME_set_string_internal(s, str, RFC5280);
606}
607LCRYPTO_ALIAS(ASN1_TIME_set_string_X509);
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c
deleted file mode 100644
index ef0a76e810..0000000000
--- a/src/lib/libcrypto/asn1/a_type.c
+++ /dev/null
@@ -1,360 +0,0 @@
1/* $OpenBSD: a_type.c,v 1.27 2023/07/28 10:00:10 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <string.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/err.h>
63#include <openssl/objects.h>
64
65#include "asn1_local.h"
66
67typedef struct {
68 ASN1_INTEGER *num;
69 ASN1_OCTET_STRING *value;
70} ASN1_int_octetstring;
71
72static const ASN1_TEMPLATE ASN1_INT_OCTETSTRING_seq_tt[] = {
73 {
74 .offset = offsetof(ASN1_int_octetstring, num),
75 .field_name = "num",
76 .item = &ASN1_INTEGER_it,
77 },
78 {
79 .offset = offsetof(ASN1_int_octetstring, value),
80 .field_name = "value",
81 .item = &ASN1_OCTET_STRING_it,
82 },
83};
84
85const ASN1_ITEM ASN1_INT_OCTETSTRING_it = {
86 .itype = ASN1_ITYPE_SEQUENCE,
87 .utype = V_ASN1_SEQUENCE,
88 .templates = ASN1_INT_OCTETSTRING_seq_tt,
89 .tcount = sizeof(ASN1_INT_OCTETSTRING_seq_tt) / sizeof(ASN1_TEMPLATE),
90 .size = sizeof(ASN1_int_octetstring),
91 .sname = "ASN1_INT_OCTETSTRING",
92};
93
94ASN1_TYPE *
95ASN1_TYPE_new(void)
96{
97 return (ASN1_TYPE *)ASN1_item_new(&ASN1_ANY_it);
98}
99LCRYPTO_ALIAS(ASN1_TYPE_new);
100
101void
102ASN1_TYPE_free(ASN1_TYPE *a)
103{
104 ASN1_item_free((ASN1_VALUE *)a, &ASN1_ANY_it);
105}
106LCRYPTO_ALIAS(ASN1_TYPE_free);
107
108int
109ASN1_TYPE_get(const ASN1_TYPE *a)
110{
111 /* Special non-pointer types. */
112 if (a->type == V_ASN1_BOOLEAN || a->type == V_ASN1_NULL)
113 return a->type;
114
115 if (a->value.ptr != NULL)
116 return a->type;
117
118 return 0;
119}
120LCRYPTO_ALIAS(ASN1_TYPE_get);
121
122void
123ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value)
124{
125 if (a->value.ptr != NULL) {
126 ASN1_TYPE **tmp_a = &a;
127 ASN1_primitive_free((ASN1_VALUE **)tmp_a, NULL);
128 }
129 a->type = type;
130 if (type == V_ASN1_BOOLEAN)
131 a->value.boolean = value ? 0xff : 0;
132 else
133 a->value.ptr = value;
134}
135LCRYPTO_ALIAS(ASN1_TYPE_set);
136
137int
138ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value)
139{
140 if (!value || (type == V_ASN1_BOOLEAN)) {
141 void *p = (void *)value;
142 ASN1_TYPE_set(a, type, p);
143 } else if (type == V_ASN1_OBJECT) {
144 ASN1_OBJECT *odup;
145 odup = OBJ_dup(value);
146 if (!odup)
147 return 0;
148 ASN1_TYPE_set(a, type, odup);
149 } else {
150 ASN1_STRING *sdup;
151 sdup = ASN1_STRING_dup(value);
152 if (!sdup)
153 return 0;
154 ASN1_TYPE_set(a, type, sdup);
155 }
156 return 1;
157}
158LCRYPTO_ALIAS(ASN1_TYPE_set1);
159
160/* Returns 0 if they are equal, != 0 otherwise. */
161int
162ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b)
163{
164 int result = -1;
165
166 if (!a || !b || a->type != b->type)
167 return -1;
168
169 switch (a->type) {
170 case V_ASN1_OBJECT:
171 result = OBJ_cmp(a->value.object, b->value.object);
172 break;
173 case V_ASN1_BOOLEAN:
174 result = a->value.boolean - b->value.boolean;
175 break;
176 case V_ASN1_NULL:
177 result = 0; /* They do not have content. */
178 break;
179
180 case V_ASN1_INTEGER:
181 case V_ASN1_ENUMERATED:
182 case V_ASN1_BIT_STRING:
183 case V_ASN1_OCTET_STRING:
184 case V_ASN1_SEQUENCE:
185 case V_ASN1_SET:
186 case V_ASN1_NUMERICSTRING:
187 case V_ASN1_PRINTABLESTRING:
188 case V_ASN1_T61STRING:
189 case V_ASN1_VIDEOTEXSTRING:
190 case V_ASN1_IA5STRING:
191 case V_ASN1_UTCTIME:
192 case V_ASN1_GENERALIZEDTIME:
193 case V_ASN1_GRAPHICSTRING:
194 case V_ASN1_VISIBLESTRING:
195 case V_ASN1_GENERALSTRING:
196 case V_ASN1_UNIVERSALSTRING:
197 case V_ASN1_BMPSTRING:
198 case V_ASN1_UTF8STRING:
199 case V_ASN1_OTHER:
200 default:
201 result = ASN1_STRING_cmp((ASN1_STRING *)a->value.ptr,
202 (ASN1_STRING *)b->value.ptr);
203 break;
204 }
205
206 return result;
207}
208LCRYPTO_ALIAS(ASN1_TYPE_cmp);
209
210int
211ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len)
212{
213 ASN1_STRING *os;
214
215 if ((os = ASN1_OCTET_STRING_new()) == NULL)
216 return (0);
217 if (!ASN1_STRING_set(os, data, len)) {
218 ASN1_OCTET_STRING_free(os);
219 return (0);
220 }
221 ASN1_TYPE_set(a, V_ASN1_OCTET_STRING, os);
222 return (1);
223}
224LCRYPTO_ALIAS(ASN1_TYPE_set_octetstring);
225
226int
227ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len)
228{
229 int ret, num;
230 unsigned char *p;
231
232 if ((a->type != V_ASN1_OCTET_STRING) ||
233 (a->value.octet_string == NULL)) {
234 ASN1error(ASN1_R_DATA_IS_WRONG);
235 return (-1);
236 }
237 p = ASN1_STRING_data(a->value.octet_string);
238 ret = ASN1_STRING_length(a->value.octet_string);
239 if (ret < max_len)
240 num = ret;
241 else
242 num = max_len;
243 memcpy(data, p, num);
244 return (ret);
245}
246LCRYPTO_ALIAS(ASN1_TYPE_get_octetstring);
247
248int
249ASN1_TYPE_set_int_octetstring(ASN1_TYPE *at, long num, const unsigned char *data,
250 int len)
251{
252 ASN1_int_octetstring *ios;
253 ASN1_STRING *sp = NULL;
254 int ret = 0;
255
256 if ((ios = (ASN1_int_octetstring *)ASN1_item_new(
257 &ASN1_INT_OCTETSTRING_it)) == NULL)
258 goto err;
259 if (!ASN1_INTEGER_set(ios->num, num))
260 goto err;
261 if (!ASN1_OCTET_STRING_set(ios->value, data, len))
262 goto err;
263
264 if ((sp = ASN1_item_pack(ios, &ASN1_INT_OCTETSTRING_it, NULL)) == NULL)
265 goto err;
266
267 ASN1_TYPE_set(at, V_ASN1_SEQUENCE, sp);
268 sp = NULL;
269
270 ret = 1;
271
272 err:
273 ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it);
274 ASN1_STRING_free(sp);
275
276 return ret;
277}
278LCRYPTO_ALIAS(ASN1_TYPE_set_int_octetstring);
279
280int
281ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *at, long *num, unsigned char *data,
282 int max_len)
283{
284 ASN1_STRING *sp = at->value.sequence;
285 ASN1_int_octetstring *ios = NULL;
286 int ret = -1;
287 int len;
288
289 if (at->type != V_ASN1_SEQUENCE || sp == NULL)
290 goto err;
291
292 if ((ios = ASN1_item_unpack(sp, &ASN1_INT_OCTETSTRING_it)) == NULL)
293 goto err;
294
295 if (num != NULL)
296 *num = ASN1_INTEGER_get(ios->num);
297 if (data != NULL) {
298 len = ASN1_STRING_length(ios->value);
299 if (len > max_len)
300 len = max_len;
301 memcpy(data, ASN1_STRING_data(ios->value), len);
302 }
303
304 ret = ASN1_STRING_length(ios->value);
305
306 err:
307 ASN1_item_free((ASN1_VALUE *)ios, &ASN1_INT_OCTETSTRING_it);
308
309 if (ret == -1)
310 ASN1error(ASN1_R_DATA_IS_WRONG);
311
312 return ret;
313}
314LCRYPTO_ALIAS(ASN1_TYPE_get_int_octetstring);
315
316ASN1_TYPE *
317ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t)
318{
319 ASN1_OCTET_STRING *oct;
320 ASN1_TYPE *rt;
321
322 if ((oct = ASN1_item_pack(s, it, NULL)) == NULL)
323 return NULL;
324
325 if (t != NULL && *t != NULL) {
326 rt = *t;
327 } else {
328 if ((rt = ASN1_TYPE_new()) == NULL) {
329 ASN1_OCTET_STRING_free(oct);
330 return NULL;
331 }
332 if (t != NULL)
333 *t = rt;
334 }
335 ASN1_TYPE_set(rt, V_ASN1_SEQUENCE, oct);
336 return rt;
337}
338
339void *
340ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t)
341{
342 if (t == NULL || t->type != V_ASN1_SEQUENCE || t->value.sequence == NULL)
343 return NULL;
344 return ASN1_item_unpack(t->value.sequence, it);
345}
346
347int
348i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out)
349{
350 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_ANY_it);
351}
352LCRYPTO_ALIAS(i2d_ASN1_TYPE);
353
354ASN1_TYPE *
355d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len)
356{
357 return (ASN1_TYPE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
358 &ASN1_ANY_it);
359}
360LCRYPTO_ALIAS(d2i_ASN1_TYPE);
diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c
deleted file mode 100644
index 51ab1bdb28..0000000000
--- a/src/lib/libcrypto/asn1/a_utf8.c
+++ /dev/null
@@ -1,199 +0,0 @@
1/* $OpenBSD: a_utf8.c,v 1.9 2022/11/26 16:08:50 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62
63#include "asn1_local.h"
64
65/* UTF8 utilities */
66
67/*
68 * This parses a UTF8 string one character at a time. It is passed a pointer
69 * to the string and the length of the string. It sets 'value' to the value of
70 * the current character. It returns the number of characters read or a
71 * negative error code:
72 * -1 = string too short
73 * -2 = illegal character
74 * -3 = subsequent characters not of the form 10xxxxxx
75 * -4 = character encoded incorrectly (not minimal length).
76 */
77
78int
79UTF8_getc(const unsigned char *str, int len, unsigned long *val)
80{
81 const unsigned char *p;
82 unsigned long value;
83 int ret;
84 if (len <= 0)
85 return 0;
86 p = str;
87
88 /* Check syntax and work out the encoded value (if correct) */
89 if ((*p & 0x80) == 0) {
90 value = *p++ & 0x7f;
91 ret = 1;
92 } else if ((*p & 0xe0) == 0xc0) {
93 if (*p < 0xc2)
94 return -2;
95 if (len < 2)
96 return -1;
97 if ((p[1] & 0xc0) != 0x80)
98 return -3;
99 value = (*p++ & 0x1f) << 6;
100 value |= *p++ & 0x3f;
101 if (value < 0x80)
102 return -4;
103 ret = 2;
104 } else if ((*p & 0xf0) == 0xe0) {
105 if (len < 3)
106 return -1;
107 if (((p[1] & 0xc0) != 0x80) ||
108 ((p[2] & 0xc0) != 0x80))
109 return -3;
110 value = (*p++ & 0xf) << 12;
111 value |= (*p++ & 0x3f) << 6;
112 value |= *p++ & 0x3f;
113 if (value < 0x800)
114 return -4;
115 /* surrogate pair code points are not valid */
116 if (value >= 0xd800 && value < 0xe000)
117 return -2;
118 ret = 3;
119 } else if ((*p & 0xf8) == 0xf0 && (*p < 0xf5)) {
120 if (len < 4)
121 return -1;
122 if (((p[1] & 0xc0) != 0x80) ||
123 ((p[2] & 0xc0) != 0x80) ||
124 ((p[3] & 0xc0) != 0x80))
125 return -3;
126 value = ((unsigned long)(*p++ & 0x7)) << 18;
127 value |= (*p++ & 0x3f) << 12;
128 value |= (*p++ & 0x3f) << 6;
129 value |= *p++ & 0x3f;
130 if (value < 0x10000)
131 return -4;
132 if (value > UNICODE_MAX)
133 return -2;
134 ret = 4;
135 } else
136 return -2;
137 *val = value;
138 return ret;
139}
140
141/* This takes a Unicode code point 'value' and writes its UTF-8 encoded form
142 * in 'str' where 'str' is a buffer of at least length 'len'. If 'str'
143 * is NULL, then nothing is written and just the return code is determined.
144
145 * Returns less than zero on error:
146 * -1 if 'str' is not NULL and 'len' is too small
147 * -2 if 'value' is an invalid character (surrogate or out-of-range)
148 *
149 * Otherwise, returns the number of bytes in 'value's encoded form
150 * (i.e., the number of bytes written to 'str' when it's not NULL).
151 *
152 * It will need at most 4 characters.
153 */
154
155int
156UTF8_putc(unsigned char *str, int len, unsigned long value)
157{
158 if (value < 0x80) {
159 if (str != NULL) {
160 if (len < 1)
161 return -1;
162 str[0] = (unsigned char)value;
163 }
164 return 1;
165 }
166 if (value < 0x800) {
167 if (str != NULL) {
168 if (len < 2)
169 return -1;
170 str[0] = (unsigned char)(((value >> 6) & 0x1f) | 0xc0);
171 str[1] = (unsigned char)((value & 0x3f) | 0x80);
172 }
173 return 2;
174 }
175 if (value < 0x10000) {
176 if (UNICODE_IS_SURROGATE(value))
177 return -2;
178 if (str != NULL) {
179 if (len < 3)
180 return -1;
181 str[0] = (unsigned char)(((value >> 12) & 0xf) | 0xe0);
182 str[1] = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
183 str[2] = (unsigned char)((value & 0x3f) | 0x80);
184 }
185 return 3;
186 }
187 if (value <= UNICODE_MAX) {
188 if (str != NULL) {
189 if (len < 4)
190 return -1;
191 str[0] = (unsigned char)(((value >> 18) & 0x7) | 0xf0);
192 str[1] = (unsigned char)(((value >> 12) & 0x3f) | 0x80);
193 str[2] = (unsigned char)(((value >> 6) & 0x3f) | 0x80);
194 str[3] = (unsigned char)((value & 0x3f) | 0x80);
195 }
196 return 4;
197 }
198 return -2;
199}
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h
deleted file mode 100644
index aeabbc0a28..0000000000
--- a/src/lib/libcrypto/asn1/asn1.h
+++ /dev/null
@@ -1,1124 +0,0 @@
1/* $OpenBSD: asn1.h,v 1.92 2024/04/10 14:55:12 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#ifndef HEADER_ASN1_H
60#define HEADER_ASN1_H
61
62#include <time.h>
63
64#include <openssl/opensslconf.h>
65
66#ifndef OPENSSL_NO_BIO
67#include <openssl/bio.h>
68#endif
69#include <openssl/bn.h>
70#include <openssl/stack.h>
71#include <openssl/safestack.h>
72
73#include <openssl/ossl_typ.h>
74
75#ifdef __cplusplus
76extern "C" {
77#endif
78
79#define V_ASN1_UNIVERSAL 0x00
80#define V_ASN1_APPLICATION 0x40
81#define V_ASN1_CONTEXT_SPECIFIC 0x80
82#define V_ASN1_PRIVATE 0xc0
83
84#define V_ASN1_CONSTRUCTED 0x20
85#define V_ASN1_PRIMITIVE_TAG 0x1f
86#define V_ASN1_PRIMATIVE_TAG 0x1f
87
88#define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */
89#define V_ASN1_OTHER -3 /* used in ASN1_TYPE */
90#define V_ASN1_ANY -4 /* used in ASN1 template code */
91
92#define V_ASN1_NEG 0x100 /* negative flag */
93
94#define V_ASN1_UNDEF -1
95#define V_ASN1_EOC 0
96#define V_ASN1_BOOLEAN 1 /**/
97#define V_ASN1_INTEGER 2
98#define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG)
99#define V_ASN1_BIT_STRING 3
100#define V_ASN1_OCTET_STRING 4
101#define V_ASN1_NULL 5
102#define V_ASN1_OBJECT 6
103#define V_ASN1_OBJECT_DESCRIPTOR 7
104#define V_ASN1_EXTERNAL 8
105#define V_ASN1_REAL 9
106#define V_ASN1_ENUMERATED 10
107#define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG)
108#define V_ASN1_UTF8STRING 12
109#define V_ASN1_SEQUENCE 16
110#define V_ASN1_SET 17
111#define V_ASN1_NUMERICSTRING 18 /**/
112#define V_ASN1_PRINTABLESTRING 19
113#define V_ASN1_T61STRING 20
114#define V_ASN1_TELETEXSTRING 20 /* alias */
115#define V_ASN1_VIDEOTEXSTRING 21 /**/
116#define V_ASN1_IA5STRING 22
117#define V_ASN1_UTCTIME 23
118#define V_ASN1_GENERALIZEDTIME 24 /**/
119#define V_ASN1_GRAPHICSTRING 25 /**/
120#define V_ASN1_ISO64STRING 26 /**/
121#define V_ASN1_VISIBLESTRING 26 /* alias */
122#define V_ASN1_GENERALSTRING 27 /**/
123#define V_ASN1_UNIVERSALSTRING 28 /**/
124#define V_ASN1_BMPSTRING 30
125
126#define B_ASN1_NUMERICSTRING 0x0001
127#define B_ASN1_PRINTABLESTRING 0x0002
128#define B_ASN1_T61STRING 0x0004
129#define B_ASN1_TELETEXSTRING 0x0004
130#define B_ASN1_VIDEOTEXSTRING 0x0008
131#define B_ASN1_IA5STRING 0x0010
132#define B_ASN1_GRAPHICSTRING 0x0020
133#define B_ASN1_ISO64STRING 0x0040
134#define B_ASN1_VISIBLESTRING 0x0040
135#define B_ASN1_GENERALSTRING 0x0080
136#define B_ASN1_UNIVERSALSTRING 0x0100
137#define B_ASN1_OCTET_STRING 0x0200
138#define B_ASN1_BIT_STRING 0x0400
139#define B_ASN1_BMPSTRING 0x0800
140#define B_ASN1_UNKNOWN 0x1000
141#define B_ASN1_UTF8STRING 0x2000
142#define B_ASN1_UTCTIME 0x4000
143#define B_ASN1_GENERALIZEDTIME 0x8000
144#define B_ASN1_SEQUENCE 0x10000
145
146/* For use with ASN1_mbstring_copy() */
147#define MBSTRING_FLAG 0x1000
148#define MBSTRING_UTF8 (MBSTRING_FLAG)
149#define MBSTRING_ASC (MBSTRING_FLAG|1)
150#define MBSTRING_BMP (MBSTRING_FLAG|2)
151#define MBSTRING_UNIV (MBSTRING_FLAG|4)
152
153#define SMIME_OLDMIME 0x400
154#define SMIME_CRLFEOL 0x800
155#define SMIME_STREAM 0x1000
156
157struct X509_algor_st;
158DECLARE_STACK_OF(X509_ALGOR)
159
160#define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */
161#define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */
162
163#define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */
164/* This indicates that the ASN1_STRING is not a real value but just a place
165 * holder for the location where indefinite length constructed data should
166 * be inserted in the memory buffer
167 */
168#define ASN1_STRING_FLAG_NDEF 0x010
169
170/* This flag is used by the CMS code to indicate that a string is not
171 * complete and is a place holder for content when it had all been
172 * accessed. The flag will be reset when content has been written to it.
173 */
174
175#define ASN1_STRING_FLAG_CONT 0x020
176/* This flag is used by ASN1 code to indicate an ASN1_STRING is an MSTRING
177 * type.
178 */
179#define ASN1_STRING_FLAG_MSTRING 0x040
180/* This is the base type that holds just about everything :-) */
181struct asn1_string_st {
182 int length;
183 int type;
184 unsigned char *data;
185 /* The value of the following field depends on the type being
186 * held. It is mostly being used for BIT_STRING so if the
187 * input data has a non-zero 'unused bits' value, it will be
188 * handled correctly */
189 long flags;
190};
191
192/* ASN1_ENCODING structure: this is used to save the received
193 * encoding of an ASN1 type. This is useful to get round
194 * problems with invalid encodings which can break signatures.
195 */
196
197typedef struct ASN1_ENCODING_st {
198 unsigned char *enc; /* DER encoding */
199 long len; /* Length of encoding */
200 int modified; /* set to 1 if 'enc' is invalid */
201} ASN1_ENCODING;
202
203/* Used with ASN1 LONG type: if a long is set to this it is omitted */
204#define ASN1_LONG_UNDEF 0x7fffffffL
205
206#define STABLE_FLAGS_MALLOC 0x01
207#define STABLE_NO_MASK 0x02
208#define DIRSTRING_TYPE \
209 (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)
210#define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING)
211
212typedef struct asn1_string_table_st {
213 int nid;
214 long minsize;
215 long maxsize;
216 unsigned long mask;
217 unsigned long flags;
218} ASN1_STRING_TABLE;
219
220/* Declarations for template structures: for full definitions
221 * see asn1t.h
222 */
223typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE;
224typedef struct ASN1_TLC_st ASN1_TLC;
225/* This is just an opaque pointer */
226typedef struct ASN1_VALUE_st ASN1_VALUE;
227
228#ifndef LIBRESSL_INTERNAL
229
230/* Declare ASN1 functions: the implement macro in in asn1t.h */
231
232#define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type)
233
234#define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \
235 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type)
236
237#define DECLARE_ASN1_FUNCTIONS_name(type, name) \
238 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
239 DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name)
240
241#define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \
242 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
243 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name)
244
245#define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \
246 type *d2i_##name(type **a, const unsigned char **in, long len); \
247 int i2d_##name(type *a, unsigned char **out); \
248 DECLARE_ASN1_ITEM(itname)
249
250#define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \
251 type *d2i_##name(type **a, const unsigned char **in, long len); \
252 int i2d_##name(const type *a, unsigned char **out); \
253 DECLARE_ASN1_ITEM(name)
254
255#define DECLARE_ASN1_NDEF_FUNCTION(name) \
256 int i2d_##name##_NDEF(name *a, unsigned char **out);
257
258#define DECLARE_ASN1_FUNCTIONS_const(name) \
259 DECLARE_ASN1_ALLOC_FUNCTIONS(name) \
260 DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name)
261
262#define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \
263 type *name##_new(void); \
264 void name##_free(type *a);
265
266#define DECLARE_ASN1_PRINT_FUNCTION(stname) \
267 DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname)
268
269#define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \
270 int fname##_print_ctx(BIO *out, stname *x, int indent, \
271 const ASN1_PCTX *pctx);
272
273#endif /* !LIBRESSL_INTERNAL */
274
275#define D2I_OF(type) type *(*)(type **,const unsigned char **,long)
276#define I2D_OF(type) int (*)(type *,unsigned char **)
277#define I2D_OF_const(type) int (*)(const type *,unsigned char **)
278
279#define CHECKED_D2I_OF(type, d2i) \
280 ((d2i_of_void*) (1 ? d2i : ((D2I_OF(type))0)))
281#define CHECKED_I2D_OF(type, i2d) \
282 ((i2d_of_void*) (1 ? i2d : ((I2D_OF(type))0)))
283#define CHECKED_NEW_OF(type, xnew) \
284 ((void *(*)(void)) (1 ? xnew : ((type *(*)(void))0)))
285#define CHECKED_PTR_OF(type, p) \
286 ((void*) (1 ? p : (type*)0))
287#define CHECKED_PPTR_OF(type, p) \
288 ((void**) (1 ? p : (type**)0))
289
290#define TYPEDEF_D2I_OF(type) typedef type *d2i_of_##type(type **,const unsigned char **,long)
291#define TYPEDEF_I2D_OF(type) typedef int i2d_of_##type(type *,unsigned char **)
292#define TYPEDEF_D2I2D_OF(type) TYPEDEF_D2I_OF(type); TYPEDEF_I2D_OF(type)
293
294TYPEDEF_D2I2D_OF(void);
295
296/* The following macros and typedefs allow an ASN1_ITEM
297 * to be embedded in a structure and referenced. Since
298 * the ASN1_ITEM pointers need to be globally accessible
299 * (possibly from shared libraries) they may exist in
300 * different forms. On platforms that support it the
301 * ASN1_ITEM structure itself will be globally exported.
302 * Other platforms will export a function that returns
303 * an ASN1_ITEM pointer.
304 *
305 * To handle both cases transparently the macros below
306 * should be used instead of hard coding an ASN1_ITEM
307 * pointer in a structure.
308 *
309 * The structure will look like this:
310 *
311 * typedef struct SOMETHING_st {
312 * ...
313 * ASN1_ITEM_EXP *iptr;
314 * ...
315 * } SOMETHING;
316 *
317 * It would be initialised as e.g.:
318 *
319 * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...};
320 *
321 * and the actual pointer extracted with:
322 *
323 * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr);
324 *
325 * Finally an ASN1_ITEM pointer can be extracted from an
326 * appropriate reference with: ASN1_ITEM_rptr(X509). This
327 * would be used when a function takes an ASN1_ITEM * argument.
328 *
329 */
330
331/* ASN1_ITEM pointer exported type */
332typedef const ASN1_ITEM ASN1_ITEM_EXP;
333
334#ifndef LIBRESSL_INTERNAL
335
336/* Macro to obtain ASN1_ITEM pointer from exported type */
337#define ASN1_ITEM_ptr(iptr) (iptr)
338
339/* Macro to include ASN1_ITEM pointer from base type */
340#define ASN1_ITEM_ref(iptr) (&(iptr##_it))
341
342#define ASN1_ITEM_rptr(ref) (&(ref##_it))
343
344#define DECLARE_ASN1_ITEM(name) \
345 extern const ASN1_ITEM name##_it;
346
347#endif /* !LIBRESSL_INTERNAL */
348
349/* Parameters used by ASN1_STRING_print_ex() */
350
351/* These determine which characters to escape:
352 * RFC2253 special characters, control characters and
353 * MSB set characters
354 */
355
356#define ASN1_STRFLGS_ESC_2253 1
357#define ASN1_STRFLGS_ESC_CTRL 2
358#define ASN1_STRFLGS_ESC_MSB 4
359
360
361/* This flag determines how we do escaping: normally
362 * RC2253 backslash only, set this to use backslash and
363 * quote.
364 */
365
366#define ASN1_STRFLGS_ESC_QUOTE 8
367
368
369/* These three flags are internal use only. */
370
371/* Character is a valid PrintableString character */
372#define CHARTYPE_PRINTABLESTRING 0x10
373/* Character needs escaping if it is the first character */
374#define CHARTYPE_FIRST_ESC_2253 0x20
375/* Character needs escaping if it is the last character */
376#define CHARTYPE_LAST_ESC_2253 0x40
377
378/* NB the internal flags are safely reused below by flags
379 * handled at the top level.
380 */
381
382/* If this is set we convert all character strings
383 * to UTF8 first
384 */
385
386#define ASN1_STRFLGS_UTF8_CONVERT 0x10
387
388/* If this is set we don't attempt to interpret content:
389 * just assume all strings are 1 byte per character. This
390 * will produce some pretty odd looking output!
391 */
392
393#define ASN1_STRFLGS_IGNORE_TYPE 0x20
394
395/* If this is set we include the string type in the output */
396#define ASN1_STRFLGS_SHOW_TYPE 0x40
397
398/* This determines which strings to display and which to
399 * 'dump' (hex dump of content octets or DER encoding). We can
400 * only dump non character strings or everything. If we
401 * don't dump 'unknown' they are interpreted as character
402 * strings with 1 octet per character and are subject to
403 * the usual escaping options.
404 */
405
406#define ASN1_STRFLGS_DUMP_ALL 0x80
407#define ASN1_STRFLGS_DUMP_UNKNOWN 0x100
408
409/* These determine what 'dumping' does, we can dump the
410 * content octets or the DER encoding: both use the
411 * RFC2253 #NNNNN notation.
412 */
413
414#define ASN1_STRFLGS_DUMP_DER 0x200
415
416/* All the string flags consistent with RFC2253,
417 * escaping control characters isn't essential in
418 * RFC2253 but it is advisable anyway.
419 */
420
421#define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \
422 ASN1_STRFLGS_ESC_CTRL | \
423 ASN1_STRFLGS_ESC_MSB | \
424 ASN1_STRFLGS_UTF8_CONVERT | \
425 ASN1_STRFLGS_DUMP_UNKNOWN | \
426 ASN1_STRFLGS_DUMP_DER)
427
428DECLARE_STACK_OF(ASN1_INTEGER)
429
430DECLARE_STACK_OF(ASN1_GENERALSTRING)
431
432typedef struct asn1_type_st {
433 int type;
434 union {
435 char *ptr;
436 ASN1_BOOLEAN boolean;
437 ASN1_STRING * asn1_string;
438 ASN1_OBJECT * object;
439 ASN1_INTEGER * integer;
440 ASN1_ENUMERATED * enumerated;
441 ASN1_BIT_STRING * bit_string;
442 ASN1_OCTET_STRING * octet_string;
443 ASN1_PRINTABLESTRING * printablestring;
444 ASN1_T61STRING * t61string;
445 ASN1_IA5STRING * ia5string;
446 ASN1_GENERALSTRING * generalstring;
447 ASN1_BMPSTRING * bmpstring;
448 ASN1_UNIVERSALSTRING * universalstring;
449 ASN1_UTCTIME * utctime;
450 ASN1_GENERALIZEDTIME * generalizedtime;
451 ASN1_VISIBLESTRING * visiblestring;
452 ASN1_UTF8STRING * utf8string;
453 /* set and sequence are left complete and still
454 * contain the set or sequence bytes */
455 ASN1_STRING * set;
456 ASN1_STRING * sequence;
457 ASN1_VALUE * asn1_value;
458 } value;
459} ASN1_TYPE;
460
461DECLARE_STACK_OF(ASN1_TYPE)
462
463typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY;
464
465ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len);
466int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out);
467extern const ASN1_ITEM ASN1_SEQUENCE_ANY_it;
468ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len);
469int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out);
470extern const ASN1_ITEM ASN1_SET_ANY_it;
471
472/* This is used to contain a list of bit names */
473typedef struct BIT_STRING_BITNAME_st {
474 int bitnum;
475 const char *lname;
476 const char *sname;
477} BIT_STRING_BITNAME;
478
479#define B_ASN1_TIME \
480 B_ASN1_UTCTIME | \
481 B_ASN1_GENERALIZEDTIME
482
483#define B_ASN1_PRINTABLE \
484 B_ASN1_NUMERICSTRING| \
485 B_ASN1_PRINTABLESTRING| \
486 B_ASN1_T61STRING| \
487 B_ASN1_IA5STRING| \
488 B_ASN1_BIT_STRING| \
489 B_ASN1_UNIVERSALSTRING|\
490 B_ASN1_BMPSTRING|\
491 B_ASN1_UTF8STRING|\
492 B_ASN1_SEQUENCE|\
493 B_ASN1_UNKNOWN
494
495#define B_ASN1_DIRECTORYSTRING \
496 B_ASN1_PRINTABLESTRING| \
497 B_ASN1_TELETEXSTRING|\
498 B_ASN1_BMPSTRING|\
499 B_ASN1_UNIVERSALSTRING|\
500 B_ASN1_UTF8STRING
501
502#define B_ASN1_DISPLAYTEXT \
503 B_ASN1_IA5STRING| \
504 B_ASN1_VISIBLESTRING| \
505 B_ASN1_BMPSTRING|\
506 B_ASN1_UTF8STRING
507
508ASN1_TYPE *ASN1_TYPE_new(void);
509void ASN1_TYPE_free(ASN1_TYPE *a);
510ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **a, const unsigned char **in, long len);
511int i2d_ASN1_TYPE(ASN1_TYPE *a, unsigned char **out);
512extern const ASN1_ITEM ASN1_ANY_it;
513
514int ASN1_TYPE_get(const ASN1_TYPE *a);
515void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value);
516int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value);
517int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b);
518
519ASN1_OBJECT *ASN1_OBJECT_new(void);
520void ASN1_OBJECT_free(ASN1_OBJECT *a);
521int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp);
522ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
523 long length);
524
525extern const ASN1_ITEM ASN1_OBJECT_it;
526
527DECLARE_STACK_OF(ASN1_OBJECT)
528
529ASN1_STRING *ASN1_STRING_new(void);
530void ASN1_STRING_free(ASN1_STRING *a);
531int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str);
532ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *a);
533ASN1_STRING *ASN1_STRING_type_new(int type);
534int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b);
535 /* Since this is used to store all sorts of things, via macros, for now, make
536 its data void * */
537int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len);
538void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len);
539int ASN1_STRING_length(const ASN1_STRING *x);
540void ASN1_STRING_length_set(ASN1_STRING *x, int n);
541int ASN1_STRING_type(const ASN1_STRING *x);
542unsigned char *ASN1_STRING_data(ASN1_STRING *x);
543const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x);
544
545ASN1_BIT_STRING *ASN1_BIT_STRING_new(void);
546void ASN1_BIT_STRING_free(ASN1_BIT_STRING *a);
547ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, const unsigned char **in, long len);
548int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **out);
549extern const ASN1_ITEM ASN1_BIT_STRING_it;
550int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, int length);
551int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value);
552int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n);
553
554ASN1_INTEGER *ASN1_INTEGER_new(void);
555void ASN1_INTEGER_free(ASN1_INTEGER *a);
556ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len);
557int i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out);
558extern const ASN1_ITEM ASN1_INTEGER_it;
559ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
560 long length);
561ASN1_INTEGER * ASN1_INTEGER_dup(const ASN1_INTEGER *x);
562int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y);
563
564ASN1_ENUMERATED *ASN1_ENUMERATED_new(void);
565void ASN1_ENUMERATED_free(ASN1_ENUMERATED *a);
566ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, const unsigned char **in, long len);
567int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **out);
568extern const ASN1_ITEM ASN1_ENUMERATED_it;
569
570int ASN1_UTCTIME_check(const ASN1_UTCTIME *a);
571ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t);
572ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t,
573 int offset_day, long offset_sec);
574int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str);
575
576int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t);
577
578int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a);
579ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,
580 time_t t);
581ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s,
582 time_t t, int offset_day, long offset_sec);
583int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, const char *str);
584
585ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void);
586void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *a);
587ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, const unsigned char **in, long len);
588int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a, unsigned char **out);
589extern const ASN1_ITEM ASN1_OCTET_STRING_it;
590ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(const ASN1_OCTET_STRING *a);
591int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a,
592 const ASN1_OCTET_STRING *b);
593int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, const unsigned char *data,
594 int len);
595
596ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void);
597void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a);
598ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in, long len);
599int i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out);
600extern const ASN1_ITEM ASN1_VISIBLESTRING_it;
601ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void);
602void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a);
603ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in, long len);
604int i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out);
605extern const ASN1_ITEM ASN1_UNIVERSALSTRING_it;
606ASN1_UTF8STRING *ASN1_UTF8STRING_new(void);
607void ASN1_UTF8STRING_free(ASN1_UTF8STRING *a);
608ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len);
609int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out);
610extern const ASN1_ITEM ASN1_UTF8STRING_it;
611ASN1_NULL *ASN1_NULL_new(void);
612void ASN1_NULL_free(ASN1_NULL *a);
613ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len);
614int i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out);
615extern const ASN1_ITEM ASN1_NULL_it;
616ASN1_BMPSTRING *ASN1_BMPSTRING_new(void);
617void ASN1_BMPSTRING_free(ASN1_BMPSTRING *a);
618ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len);
619int i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out);
620extern const ASN1_ITEM ASN1_BMPSTRING_it;
621
622ASN1_STRING *ASN1_PRINTABLE_new(void);
623void ASN1_PRINTABLE_free(ASN1_STRING *a);
624ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len);
625int i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out);
626extern const ASN1_ITEM ASN1_PRINTABLE_it;
627
628ASN1_STRING *DIRECTORYSTRING_new(void);
629void DIRECTORYSTRING_free(ASN1_STRING *a);
630ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len);
631int i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out);
632extern const ASN1_ITEM DIRECTORYSTRING_it;
633ASN1_STRING *DISPLAYTEXT_new(void);
634void DISPLAYTEXT_free(ASN1_STRING *a);
635ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len);
636int i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out);
637extern const ASN1_ITEM DISPLAYTEXT_it;
638ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void);
639void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a);
640ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in, long len);
641int i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out);
642extern const ASN1_ITEM ASN1_PRINTABLESTRING_it;
643ASN1_T61STRING *ASN1_T61STRING_new(void);
644void ASN1_T61STRING_free(ASN1_T61STRING *a);
645ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len);
646int i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out);
647extern const ASN1_ITEM ASN1_T61STRING_it;
648ASN1_IA5STRING *ASN1_IA5STRING_new(void);
649void ASN1_IA5STRING_free(ASN1_IA5STRING *a);
650ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len);
651int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out);
652extern const ASN1_ITEM ASN1_IA5STRING_it;
653ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void);
654void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a);
655ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in, long len);
656int i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out);
657extern const ASN1_ITEM ASN1_GENERALSTRING_it;
658ASN1_UTCTIME *ASN1_UTCTIME_new(void);
659void ASN1_UTCTIME_free(ASN1_UTCTIME *a);
660ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len);
661int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out);
662extern const ASN1_ITEM ASN1_UTCTIME_it;
663ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void);
664void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a);
665ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in, long len);
666int i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out);
667extern const ASN1_ITEM ASN1_GENERALIZEDTIME_it;
668ASN1_TIME *ASN1_TIME_new(void);
669void ASN1_TIME_free(ASN1_TIME *a);
670ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, const unsigned char **in, long len);
671int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **out);
672extern const ASN1_ITEM ASN1_TIME_it;
673
674int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm);
675int ASN1_TIME_compare(const ASN1_TIME *t1, const ASN1_TIME *t2);
676int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t2);
677int ASN1_TIME_normalize(ASN1_TIME *t);
678int ASN1_TIME_set_string_X509(ASN1_TIME *time, const char *str);
679int ASN1_TIME_diff(int *pday, int *psec, const ASN1_TIME *from,
680 const ASN1_TIME *to);
681
682extern const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it;
683
684ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t);
685ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day,
686 long offset_sec);
687int ASN1_TIME_check(const ASN1_TIME *t);
688ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t,
689 ASN1_GENERALIZEDTIME **out);
690int ASN1_TIME_set_string(ASN1_TIME *s, const char *str);
691
692#ifndef OPENSSL_NO_BIO
693int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a);
694int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size);
695int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a);
696int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size);
697int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a);
698int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size);
699int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type);
700#endif
701int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a);
702
703int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num);
704ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
705 const char *sn, const char *ln);
706
707int ASN1_INTEGER_get_uint64(uint64_t *out_val, const ASN1_INTEGER *aint);
708int ASN1_INTEGER_set_uint64(ASN1_INTEGER *aint, uint64_t val);
709int ASN1_INTEGER_get_int64(int64_t *out_val, const ASN1_INTEGER *aint);
710int ASN1_INTEGER_set_int64(ASN1_INTEGER *aint, int64_t val);
711int ASN1_INTEGER_set(ASN1_INTEGER *a, long v);
712long ASN1_INTEGER_get(const ASN1_INTEGER *a);
713ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai);
714BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn);
715
716int ASN1_ENUMERATED_get_int64(int64_t *out_val, const ASN1_ENUMERATED *aenum);
717int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *aenum, int64_t val);
718int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v);
719long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a);
720ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai);
721BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn);
722
723/* General */
724/* given a string, return the correct type, max is the maximum length */
725int ASN1_PRINTABLE_type(const unsigned char *s, int max);
726
727/* SPECIALS */
728int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
729 int *pclass, long omax);
730void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
731 int xclass);
732int ASN1_put_eoc(unsigned char **pp);
733int ASN1_object_size(int constructed, int length, int tag);
734
735void *ASN1_item_dup(const ASN1_ITEM *it, void *x);
736
737void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x);
738
739void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x);
740
741#define ASN1_d2i_fp_of(type,xnew,d2i,in,x) \
742 ((type*)ASN1_d2i_fp(CHECKED_NEW_OF(type, xnew), \
743 CHECKED_D2I_OF(type, d2i), \
744 in, \
745 CHECKED_PPTR_OF(type, x)))
746
747void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x);
748int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x);
749
750#define ASN1_i2d_fp_of(type,i2d,out,x) \
751 (ASN1_i2d_fp(CHECKED_I2D_OF(type, i2d), \
752 out, \
753 CHECKED_PTR_OF(type, x)))
754
755#define ASN1_i2d_fp_of_const(type,i2d,out,x) \
756 (ASN1_i2d_fp(CHECKED_I2D_OF(const type, i2d), \
757 out, \
758 CHECKED_PTR_OF(const type, x)))
759
760int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x);
761int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str,
762 unsigned long flags);
763
764int ASN1_STRING_to_UTF8(unsigned char **out, const ASN1_STRING *in);
765
766#ifndef OPENSSL_NO_BIO
767void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x);
768
769#define ASN1_d2i_bio_of(type,xnew,d2i,in,x) \
770 ((type*)ASN1_d2i_bio( CHECKED_NEW_OF(type, xnew), \
771 CHECKED_D2I_OF(type, d2i), \
772 in, \
773 CHECKED_PPTR_OF(type, x)))
774
775void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x);
776int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x);
777
778#define ASN1_i2d_bio_of(type,i2d,out,x) \
779 (ASN1_i2d_bio(CHECKED_I2D_OF(type, i2d), \
780 out, \
781 CHECKED_PTR_OF(type, x)))
782
783#define ASN1_i2d_bio_of_const(type,i2d,out,x) \
784 (ASN1_i2d_bio(CHECKED_I2D_OF(const type, i2d), \
785 out, \
786 CHECKED_PTR_OF(const type, x)))
787
788int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x);
789int ASN1_UTCTIME_print(BIO *fp, const ASN1_UTCTIME *a);
790int ASN1_GENERALIZEDTIME_print(BIO *fp, const ASN1_GENERALIZEDTIME *a);
791int ASN1_TIME_print(BIO *fp, const ASN1_TIME *a);
792int ASN1_STRING_print(BIO *bp, const ASN1_STRING *v);
793int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, unsigned long flags);
794int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent);
795int ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump);
796#endif
797
798unsigned long ASN1_tag2bit(int tag);
799const char *ASN1_tag2str(int tag);
800
801int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s);
802
803int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, const unsigned char *data, int len);
804int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data,
805 int max_len);
806int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, const unsigned char *data,
807 int len);
808int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num,
809 unsigned char *data, int max_len);
810
811ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it,
812 ASN1_OCTET_STRING **oct);
813void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it);
814
815void ASN1_STRING_set_default_mask(unsigned long mask);
816int ASN1_STRING_set_default_mask_asc(const char *p);
817unsigned long ASN1_STRING_get_default_mask(void);
818int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len,
819 int inform, unsigned long mask);
820int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
821 int inform, unsigned long mask, long minsize, long maxsize);
822
823ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out,
824 const unsigned char *in, int inlen, int inform, int nid);
825const ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid);
826
827/* ASN1 template functions */
828
829/* Old API compatible functions */
830ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it);
831void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it);
832ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, const unsigned char **in,
833 long len, const ASN1_ITEM *it);
834int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
835
836ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf);
837ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf);
838
839/* ASN1 Print flags */
840
841/* Indicate missing OPTIONAL fields */
842#define ASN1_PCTX_FLAGS_SHOW_ABSENT 0x001
843/* Mark start and end of SEQUENCE */
844#define ASN1_PCTX_FLAGS_SHOW_SEQUENCE 0x002
845/* Mark start and end of SEQUENCE/SET OF */
846#define ASN1_PCTX_FLAGS_SHOW_SSOF 0x004
847/* Show the ASN1 type of primitives */
848#define ASN1_PCTX_FLAGS_SHOW_TYPE 0x008
849/* Don't show ASN1 type of ANY */
850#define ASN1_PCTX_FLAGS_NO_ANY_TYPE 0x010
851/* Don't show ASN1 type of MSTRINGs */
852#define ASN1_PCTX_FLAGS_NO_MSTRING_TYPE 0x020
853/* Don't show field names in SEQUENCE */
854#define ASN1_PCTX_FLAGS_NO_FIELD_NAME 0x040
855/* Show structure names of each SEQUENCE field */
856#define ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME 0x080
857/* Don't show structure name even at top level */
858#define ASN1_PCTX_FLAGS_NO_STRUCT_NAME 0x100
859
860int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent,
861 const ASN1_ITEM *it, const ASN1_PCTX *pctx);
862
863int SMIME_crlf_copy(BIO *in, BIO *out, int flags);
864int SMIME_text(BIO *in, BIO *out);
865
866void ERR_load_ASN1_strings(void);
867
868/* Error codes for the ASN1 functions. */
869
870/* Function codes. */
871#define ASN1_F_A2D_ASN1_OBJECT 100
872#define ASN1_F_A2I_ASN1_ENUMERATED 101
873#define ASN1_F_A2I_ASN1_INTEGER 102
874#define ASN1_F_A2I_ASN1_STRING 103
875#define ASN1_F_APPEND_EXP 176
876#define ASN1_F_ASN1_BIT_STRING_SET_BIT 183
877#define ASN1_F_ASN1_CB 177
878#define ASN1_F_ASN1_CHECK_TLEN 104
879#define ASN1_F_ASN1_COLLATE_PRIMITIVE 105
880#define ASN1_F_ASN1_COLLECT 106
881#define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108
882#define ASN1_F_ASN1_D2I_FP 109
883#define ASN1_F_ASN1_D2I_READ_BIO 107
884#define ASN1_F_ASN1_DIGEST 184
885#define ASN1_F_ASN1_DO_ADB 110
886#define ASN1_F_ASN1_DUP 111
887#define ASN1_F_ASN1_ENUMERATED_SET 112
888#define ASN1_F_ASN1_ENUMERATED_TO_BN 113
889#define ASN1_F_ASN1_EX_C2I 204
890#define ASN1_F_ASN1_FIND_END 190
891#define ASN1_F_ASN1_GENERALIZEDTIME_ADJ 216
892#define ASN1_F_ASN1_GENERALIZEDTIME_SET 185
893#define ASN1_F_ASN1_GENERATE_V3 178
894#define ASN1_F_ASN1_GET_OBJECT 114
895#define ASN1_F_ASN1_HEADER_NEW 115
896#define ASN1_F_ASN1_I2D_BIO 116
897#define ASN1_F_ASN1_I2D_FP 117
898#define ASN1_F_ASN1_INTEGER_SET 118
899#define ASN1_F_ASN1_INTEGER_TO_BN 119
900#define ASN1_F_ASN1_ITEM_D2I_FP 206
901#define ASN1_F_ASN1_ITEM_DUP 191
902#define ASN1_F_ASN1_ITEM_EX_COMBINE_NEW 121
903#define ASN1_F_ASN1_ITEM_EX_D2I 120
904#define ASN1_F_ASN1_ITEM_I2D_BIO 192
905#define ASN1_F_ASN1_ITEM_I2D_FP 193
906#define ASN1_F_ASN1_ITEM_PACK 198
907#define ASN1_F_ASN1_ITEM_SIGN 195
908#define ASN1_F_ASN1_ITEM_SIGN_CTX 220
909#define ASN1_F_ASN1_ITEM_UNPACK 199
910#define ASN1_F_ASN1_ITEM_VERIFY 197
911#define ASN1_F_ASN1_MBSTRING_NCOPY 122
912#define ASN1_F_ASN1_OBJECT_NEW 123
913#define ASN1_F_ASN1_OUTPUT_DATA 214
914#define ASN1_F_ASN1_PACK_STRING 124
915#define ASN1_F_ASN1_PCTX_NEW 205
916#define ASN1_F_ASN1_PKCS5_PBE_SET 125
917#define ASN1_F_ASN1_SEQ_PACK 126
918#define ASN1_F_ASN1_SEQ_UNPACK 127
919#define ASN1_F_ASN1_SIGN 128
920#define ASN1_F_ASN1_STR2TYPE 179
921#define ASN1_F_ASN1_STRING_SET 186
922#define ASN1_F_ASN1_STRING_TABLE_ADD 129
923#define ASN1_F_ASN1_STRING_TYPE_NEW 130
924#define ASN1_F_ASN1_TEMPLATE_EX_D2I 132
925#define ASN1_F_ASN1_TEMPLATE_NEW 133
926#define ASN1_F_ASN1_TEMPLATE_NOEXP_D2I 131
927#define ASN1_F_ASN1_TIME_ADJ 217
928#define ASN1_F_ASN1_TIME_SET 175
929#define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134
930#define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135
931#define ASN1_F_ASN1_UNPACK_STRING 136
932#define ASN1_F_ASN1_UTCTIME_ADJ 218
933#define ASN1_F_ASN1_UTCTIME_SET 187
934#define ASN1_F_ASN1_VERIFY 137
935#define ASN1_F_B64_READ_ASN1 209
936#define ASN1_F_B64_WRITE_ASN1 210
937#define ASN1_F_BIO_NEW_NDEF 208
938#define ASN1_F_BITSTR_CB 180
939#define ASN1_F_BN_TO_ASN1_ENUMERATED 138
940#define ASN1_F_BN_TO_ASN1_INTEGER 139
941#define ASN1_F_C2I_ASN1_BIT_STRING 189
942#define ASN1_F_C2I_ASN1_INTEGER 194
943#define ASN1_F_C2I_ASN1_OBJECT 196
944#define ASN1_F_COLLECT_DATA 140
945#define ASN1_F_D2I_ASN1_BIT_STRING 141
946#define ASN1_F_D2I_ASN1_BOOLEAN 142
947#define ASN1_F_D2I_ASN1_BYTES 143
948#define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144
949#define ASN1_F_D2I_ASN1_HEADER 145
950#define ASN1_F_D2I_ASN1_INTEGER 146
951#define ASN1_F_D2I_ASN1_OBJECT 147
952#define ASN1_F_D2I_ASN1_SET 148
953#define ASN1_F_D2I_ASN1_TYPE_BYTES 149
954#define ASN1_F_D2I_ASN1_UINTEGER 150
955#define ASN1_F_D2I_ASN1_UTCTIME 151
956#define ASN1_F_D2I_AUTOPRIVATEKEY 207
957#define ASN1_F_D2I_NETSCAPE_RSA 152
958#define ASN1_F_D2I_NETSCAPE_RSA_2 153
959#define ASN1_F_D2I_PRIVATEKEY 154
960#define ASN1_F_D2I_PUBLICKEY 155
961#define ASN1_F_D2I_RSA_NET 200
962#define ASN1_F_D2I_RSA_NET_2 201
963#define ASN1_F_D2I_X509 156
964#define ASN1_F_D2I_X509_CINF 157
965#define ASN1_F_D2I_X509_PKEY 159
966#define ASN1_F_I2D_ASN1_BIO_STREAM 211
967#define ASN1_F_I2D_ASN1_SET 188
968#define ASN1_F_I2D_ASN1_TIME 160
969#define ASN1_F_I2D_DSA_PUBKEY 161
970#define ASN1_F_I2D_EC_PUBKEY 181
971#define ASN1_F_I2D_PRIVATEKEY 163
972#define ASN1_F_I2D_PUBLICKEY 164
973#define ASN1_F_I2D_RSA_NET 162
974#define ASN1_F_I2D_RSA_PUBKEY 165
975#define ASN1_F_LONG_C2I 166
976#define ASN1_F_OID_MODULE_INIT 174
977#define ASN1_F_PARSE_TAGGING 182
978#define ASN1_F_PKCS5_PBE2_SET_IV 167
979#define ASN1_F_PKCS5_PBE_SET 202
980#define ASN1_F_PKCS5_PBE_SET0_ALGOR 215
981#define ASN1_F_PKCS5_PBKDF2_SET 219
982#define ASN1_F_SMIME_READ_ASN1 212
983#define ASN1_F_SMIME_TEXT 213
984#define ASN1_F_X509_CINF_NEW 168
985#define ASN1_F_X509_CRL_ADD0_REVOKED 169
986#define ASN1_F_X509_INFO_NEW 170
987#define ASN1_F_X509_NAME_ENCODE 203
988#define ASN1_F_X509_NAME_EX_D2I 158
989#define ASN1_F_X509_NAME_EX_NEW 171
990#define ASN1_F_X509_NEW 172
991#define ASN1_F_X509_PKEY_NEW 173
992
993/* Reason codes. */
994#define ASN1_R_ADDING_OBJECT 171
995#define ASN1_R_ASN1_PARSE_ERROR 203
996#define ASN1_R_ASN1_SIG_PARSE_ERROR 204
997#define ASN1_R_AUX_ERROR 100
998#define ASN1_R_BAD_CLASS 101
999#define ASN1_R_BAD_OBJECT_HEADER 102
1000#define ASN1_R_BAD_PASSWORD_READ 103
1001#define ASN1_R_BAD_TAG 104
1002#define ASN1_R_BAD_TEMPLATE 230
1003#define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 214
1004#define ASN1_R_BN_LIB 105
1005#define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106
1006#define ASN1_R_BUFFER_TOO_SMALL 107
1007#define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108
1008#define ASN1_R_CONTEXT_NOT_INITIALISED 217
1009#define ASN1_R_DATA_IS_WRONG 109
1010#define ASN1_R_DECODE_ERROR 110
1011#define ASN1_R_DECODING_ERROR 111
1012#define ASN1_R_DEPTH_EXCEEDED 174
1013#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 198
1014#define ASN1_R_ENCODE_ERROR 112
1015#define ASN1_R_ERROR_GETTING_TIME 173
1016#define ASN1_R_ERROR_LOADING_SECTION 172
1017#define ASN1_R_ERROR_PARSING_SET_ELEMENT 113
1018#define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114
1019#define ASN1_R_EXPECTING_AN_INTEGER 115
1020#define ASN1_R_EXPECTING_AN_OBJECT 116
1021#define ASN1_R_EXPECTING_A_BOOLEAN 117
1022#define ASN1_R_EXPECTING_A_TIME 118
1023#define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119
1024#define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120
1025#define ASN1_R_FIELD_MISSING 121
1026#define ASN1_R_FIRST_NUM_TOO_LARGE 122
1027#define ASN1_R_HEADER_TOO_LONG 123
1028#define ASN1_R_ILLEGAL_BITSTRING_FORMAT 175
1029#define ASN1_R_ILLEGAL_BOOLEAN 176
1030#define ASN1_R_ILLEGAL_CHARACTERS 124
1031#define ASN1_R_ILLEGAL_FORMAT 177
1032#define ASN1_R_ILLEGAL_HEX 178
1033#define ASN1_R_ILLEGAL_IMPLICIT_TAG 179
1034#define ASN1_R_ILLEGAL_INTEGER 180
1035#define ASN1_R_ILLEGAL_NEGATIVE_VALUE 226
1036#define ASN1_R_ILLEGAL_NESTED_TAGGING 181
1037#define ASN1_R_ILLEGAL_NULL 125
1038#define ASN1_R_ILLEGAL_NULL_VALUE 182
1039#define ASN1_R_ILLEGAL_OBJECT 183
1040#define ASN1_R_ILLEGAL_OPTIONAL_ANY 126
1041#define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170
1042#define ASN1_R_ILLEGAL_TAGGED_ANY 127
1043#define ASN1_R_ILLEGAL_TIME_VALUE 184
1044#define ASN1_R_INTEGER_NOT_ASCII_FORMAT 185
1045#define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128
1046#define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 220
1047#define ASN1_R_INVALID_BMPSTRING_LENGTH 129
1048#define ASN1_R_INVALID_DIGIT 130
1049#define ASN1_R_INVALID_MIME_TYPE 205
1050#define ASN1_R_INVALID_MODIFIER 186
1051#define ASN1_R_INVALID_NUMBER 187
1052#define ASN1_R_INVALID_OBJECT_ENCODING 216
1053#define ASN1_R_INVALID_SEPARATOR 131
1054#define ASN1_R_INVALID_TIME_FORMAT 132
1055#define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133
1056#define ASN1_R_INVALID_UTF8STRING 134
1057#define ASN1_R_IV_TOO_LARGE 135
1058#define ASN1_R_LENGTH_ERROR 136
1059#define ASN1_R_LIST_ERROR 188
1060#define ASN1_R_MIME_NO_CONTENT_TYPE 206
1061#define ASN1_R_MIME_PARSE_ERROR 207
1062#define ASN1_R_MIME_SIG_PARSE_ERROR 208
1063#define ASN1_R_MISSING_EOC 137
1064#define ASN1_R_MISSING_SECOND_NUMBER 138
1065#define ASN1_R_MISSING_VALUE 189
1066#define ASN1_R_MSTRING_NOT_UNIVERSAL 139
1067#define ASN1_R_MSTRING_WRONG_TAG 140
1068#define ASN1_R_NESTED_ASN1_STRING 197
1069#define ASN1_R_NESTED_TOO_DEEP 219
1070#define ASN1_R_NON_HEX_CHARACTERS 141
1071#define ASN1_R_NOT_ASCII_FORMAT 190
1072#define ASN1_R_NOT_ENOUGH_DATA 142
1073#define ASN1_R_NO_CONTENT_TYPE 209
1074#define ASN1_R_NO_DEFAULT_DIGEST 201
1075#define ASN1_R_NO_MATCHING_CHOICE_TYPE 143
1076#define ASN1_R_NO_MULTIPART_BODY_FAILURE 210
1077#define ASN1_R_NO_MULTIPART_BOUNDARY 211
1078#define ASN1_R_NO_SIG_CONTENT_TYPE 212
1079#define ASN1_R_NULL_IS_WRONG_LENGTH 144
1080#define ASN1_R_OBJECT_NOT_ASCII_FORMAT 191
1081#define ASN1_R_ODD_NUMBER_OF_CHARS 145
1082#define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146
1083#define ASN1_R_SECOND_NUMBER_TOO_LARGE 147
1084#define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148
1085#define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149
1086#define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 192
1087#define ASN1_R_SHORT_LINE 150
1088#define ASN1_R_SIG_INVALID_MIME_TYPE 213
1089#define ASN1_R_STREAMING_NOT_SUPPORTED 202
1090#define ASN1_R_STRING_TOO_LONG 151
1091#define ASN1_R_STRING_TOO_SHORT 152
1092#define ASN1_R_TAG_VALUE_TOO_HIGH 153
1093#define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154
1094#define ASN1_R_TIME_NOT_ASCII_FORMAT 193
1095#define ASN1_R_TOO_LARGE 223
1096#define ASN1_R_TOO_LONG 155
1097#define ASN1_R_TOO_SMALL 224
1098#define ASN1_R_TYPE_NOT_CONSTRUCTED 156
1099#define ASN1_R_TYPE_NOT_PRIMITIVE 231
1100#define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157
1101#define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158
1102#define ASN1_R_UNEXPECTED_EOC 159
1103#define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 215
1104#define ASN1_R_UNKNOWN_FORMAT 160
1105#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161
1106#define ASN1_R_UNKNOWN_OBJECT_TYPE 162
1107#define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163
1108#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 199
1109#define ASN1_R_UNKNOWN_TAG 194
1110#define ASN1_R_UNKOWN_FORMAT 195
1111#define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164
1112#define ASN1_R_UNSUPPORTED_CIPHER 165
1113#define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166
1114#define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167
1115#define ASN1_R_UNSUPPORTED_TYPE 196
1116#define ASN1_R_WRONG_INTEGER_TYPE 225
1117#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 200
1118#define ASN1_R_WRONG_TAG 168
1119#define ASN1_R_WRONG_TYPE 169
1120
1121#ifdef __cplusplus
1122}
1123#endif
1124#endif
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c
deleted file mode 100644
index 44809c76b1..0000000000
--- a/src/lib/libcrypto/asn1/asn1_err.c
+++ /dev/null
@@ -1,216 +0,0 @@
1/* $OpenBSD: asn1_err.c,v 1.27 2024/06/24 06:43:22 tb Exp $ */
2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
54 */
55
56#include <stdio.h>
57
58#include <openssl/opensslconf.h>
59
60#include <openssl/err.h>
61#include <openssl/asn1.h>
62
63#include "err_local.h"
64
65#ifndef OPENSSL_NO_ERR
66
67#define ERR_FUNC(func) ERR_PACK(ERR_LIB_ASN1,func,0)
68#define ERR_REASON(reason) ERR_PACK(ERR_LIB_ASN1,0,reason)
69
70static const ERR_STRING_DATA ASN1_str_functs[] = {
71 {ERR_FUNC(0xfff), "CRYPTO_internal"},
72 {0, NULL}
73};
74
75static const ERR_STRING_DATA ASN1_str_reasons[] = {
76 {ERR_REASON(ASN1_R_ADDING_OBJECT) , "adding object"},
77 {ERR_REASON(ASN1_R_ASN1_PARSE_ERROR) , "asn1 parse error"},
78 {ERR_REASON(ASN1_R_ASN1_SIG_PARSE_ERROR) , "asn1 sig parse error"},
79 {ERR_REASON(ASN1_R_AUX_ERROR) , "aux error"},
80 {ERR_REASON(ASN1_R_BAD_CLASS) , "bad class"},
81 {ERR_REASON(ASN1_R_BAD_OBJECT_HEADER) , "bad object header"},
82 {ERR_REASON(ASN1_R_BAD_PASSWORD_READ) , "bad password read"},
83 {ERR_REASON(ASN1_R_BAD_TAG) , "bad tag"},
84 {ERR_REASON(ASN1_R_BAD_TEMPLATE) , "bad template"},
85 {ERR_REASON(ASN1_R_BMPSTRING_IS_WRONG_LENGTH), "bmpstring is wrong length"},
86 {ERR_REASON(ASN1_R_BN_LIB) , "bn lib"},
87 {ERR_REASON(ASN1_R_BOOLEAN_IS_WRONG_LENGTH), "boolean is wrong length"},
88 {ERR_REASON(ASN1_R_BUFFER_TOO_SMALL) , "buffer too small"},
89 {ERR_REASON(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER), "cipher has no object identifier"},
90 {ERR_REASON(ASN1_R_CONTEXT_NOT_INITIALISED), "context not initialised"},
91 {ERR_REASON(ASN1_R_DATA_IS_WRONG) , "data is wrong"},
92 {ERR_REASON(ASN1_R_DECODE_ERROR) , "decode error"},
93 {ERR_REASON(ASN1_R_DECODING_ERROR) , "decoding error"},
94 {ERR_REASON(ASN1_R_DEPTH_EXCEEDED) , "depth exceeded"},
95 {ERR_REASON(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), "digest and key type not supported"},
96 {ERR_REASON(ASN1_R_ENCODE_ERROR) , "encode error"},
97 {ERR_REASON(ASN1_R_ERROR_GETTING_TIME) , "error getting time"},
98 {ERR_REASON(ASN1_R_ERROR_LOADING_SECTION), "error loading section"},
99 {ERR_REASON(ASN1_R_ERROR_PARSING_SET_ELEMENT), "error parsing set element"},
100 {ERR_REASON(ASN1_R_ERROR_SETTING_CIPHER_PARAMS), "error setting cipher params"},
101 {ERR_REASON(ASN1_R_EXPECTING_AN_INTEGER) , "expecting an integer"},
102 {ERR_REASON(ASN1_R_EXPECTING_AN_OBJECT) , "expecting an object"},
103 {ERR_REASON(ASN1_R_EXPECTING_A_BOOLEAN) , "expecting a boolean"},
104 {ERR_REASON(ASN1_R_EXPECTING_A_TIME) , "expecting a time"},
105 {ERR_REASON(ASN1_R_EXPLICIT_LENGTH_MISMATCH), "explicit length mismatch"},
106 {ERR_REASON(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED), "explicit tag not constructed"},
107 {ERR_REASON(ASN1_R_FIELD_MISSING) , "field missing"},
108 {ERR_REASON(ASN1_R_FIRST_NUM_TOO_LARGE) , "first num too large"},
109 {ERR_REASON(ASN1_R_HEADER_TOO_LONG) , "header too long"},
110 {ERR_REASON(ASN1_R_ILLEGAL_BITSTRING_FORMAT), "illegal bitstring format"},
111 {ERR_REASON(ASN1_R_ILLEGAL_BOOLEAN) , "illegal boolean"},
112 {ERR_REASON(ASN1_R_ILLEGAL_CHARACTERS) , "illegal characters"},
113 {ERR_REASON(ASN1_R_ILLEGAL_FORMAT) , "illegal format"},
114 {ERR_REASON(ASN1_R_ILLEGAL_HEX) , "illegal hex"},
115 {ERR_REASON(ASN1_R_ILLEGAL_IMPLICIT_TAG) , "illegal implicit tag"},
116 {ERR_REASON(ASN1_R_ILLEGAL_INTEGER) , "illegal integer"},
117 {ERR_REASON(ASN1_R_ILLEGAL_NEGATIVE_VALUE), "illegal negative value"},
118 {ERR_REASON(ASN1_R_ILLEGAL_NESTED_TAGGING), "illegal nested tagging"},
119 {ERR_REASON(ASN1_R_ILLEGAL_NULL) , "illegal null"},
120 {ERR_REASON(ASN1_R_ILLEGAL_NULL_VALUE) , "illegal null value"},
121 {ERR_REASON(ASN1_R_ILLEGAL_OBJECT) , "illegal object"},
122 {ERR_REASON(ASN1_R_ILLEGAL_OPTIONAL_ANY) , "illegal optional any"},
123 {ERR_REASON(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE), "illegal options on item template"},
124 {ERR_REASON(ASN1_R_ILLEGAL_TAGGED_ANY) , "illegal tagged any"},
125 {ERR_REASON(ASN1_R_ILLEGAL_TIME_VALUE) , "illegal time value"},
126 {ERR_REASON(ASN1_R_INTEGER_NOT_ASCII_FORMAT), "integer not ascii format"},
127 {ERR_REASON(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG), "integer too large for long"},
128 {ERR_REASON(ASN1_R_INVALID_BIT_STRING_BITS_LEFT), "invalid bit string bits left"},
129 {ERR_REASON(ASN1_R_INVALID_BMPSTRING_LENGTH), "invalid bmpstring length"},
130 {ERR_REASON(ASN1_R_INVALID_DIGIT) , "invalid digit"},
131 {ERR_REASON(ASN1_R_INVALID_MIME_TYPE) , "invalid mime type"},
132 {ERR_REASON(ASN1_R_INVALID_MODIFIER) , "invalid modifier"},
133 {ERR_REASON(ASN1_R_INVALID_NUMBER) , "invalid number"},
134 {ERR_REASON(ASN1_R_INVALID_OBJECT_ENCODING), "invalid object encoding"},
135 {ERR_REASON(ASN1_R_INVALID_SEPARATOR) , "invalid separator"},
136 {ERR_REASON(ASN1_R_INVALID_TIME_FORMAT) , "invalid time format"},
137 {ERR_REASON(ASN1_R_INVALID_UNIVERSALSTRING_LENGTH), "invalid universalstring length"},
138 {ERR_REASON(ASN1_R_INVALID_UTF8STRING) , "invalid utf8string"},
139 {ERR_REASON(ASN1_R_IV_TOO_LARGE) , "iv too large"},
140 {ERR_REASON(ASN1_R_LENGTH_ERROR) , "length error"},
141 {ERR_REASON(ASN1_R_LIST_ERROR) , "list error"},
142 {ERR_REASON(ASN1_R_MIME_NO_CONTENT_TYPE) , "mime no content type"},
143 {ERR_REASON(ASN1_R_MIME_PARSE_ERROR) , "mime parse error"},
144 {ERR_REASON(ASN1_R_MIME_SIG_PARSE_ERROR) , "mime sig parse error"},
145 {ERR_REASON(ASN1_R_MISSING_EOC) , "missing eoc"},
146 {ERR_REASON(ASN1_R_MISSING_SECOND_NUMBER), "missing second number"},
147 {ERR_REASON(ASN1_R_MISSING_VALUE) , "missing value"},
148 {ERR_REASON(ASN1_R_MSTRING_NOT_UNIVERSAL), "mstring not universal"},
149 {ERR_REASON(ASN1_R_MSTRING_WRONG_TAG) , "mstring wrong tag"},
150 {ERR_REASON(ASN1_R_NESTED_ASN1_STRING) , "nested asn1 string"},
151 {ERR_REASON(ASN1_R_NESTED_TOO_DEEP) , "nested too deep"},
152 {ERR_REASON(ASN1_R_NON_HEX_CHARACTERS) , "non hex characters"},
153 {ERR_REASON(ASN1_R_NOT_ASCII_FORMAT) , "not ascii format"},
154 {ERR_REASON(ASN1_R_NOT_ENOUGH_DATA) , "not enough data"},
155 {ERR_REASON(ASN1_R_NO_CONTENT_TYPE) , "no content type"},
156 {ERR_REASON(ASN1_R_NO_DEFAULT_DIGEST) , "no default digest"},
157 {ERR_REASON(ASN1_R_NO_MATCHING_CHOICE_TYPE), "no matching choice type"},
158 {ERR_REASON(ASN1_R_NO_MULTIPART_BODY_FAILURE), "no multipart body failure"},
159 {ERR_REASON(ASN1_R_NO_MULTIPART_BOUNDARY), "no multipart boundary"},
160 {ERR_REASON(ASN1_R_NO_SIG_CONTENT_TYPE) , "no sig content type"},
161 {ERR_REASON(ASN1_R_NULL_IS_WRONG_LENGTH) , "null is wrong length"},
162 {ERR_REASON(ASN1_R_OBJECT_NOT_ASCII_FORMAT), "object not ascii format"},
163 {ERR_REASON(ASN1_R_ODD_NUMBER_OF_CHARS) , "odd number of chars"},
164 {ERR_REASON(ASN1_R_PRIVATE_KEY_HEADER_MISSING), "private key header missing"},
165 {ERR_REASON(ASN1_R_SECOND_NUMBER_TOO_LARGE), "second number too large"},
166 {ERR_REASON(ASN1_R_SEQUENCE_LENGTH_MISMATCH), "sequence length mismatch"},
167 {ERR_REASON(ASN1_R_SEQUENCE_NOT_CONSTRUCTED), "sequence not constructed"},
168 {ERR_REASON(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG), "sequence or set needs config"},
169 {ERR_REASON(ASN1_R_SHORT_LINE) , "short line"},
170 {ERR_REASON(ASN1_R_SIG_INVALID_MIME_TYPE), "sig invalid mime type"},
171 {ERR_REASON(ASN1_R_STREAMING_NOT_SUPPORTED), "streaming not supported"},
172 {ERR_REASON(ASN1_R_STRING_TOO_LONG) , "string too long"},
173 {ERR_REASON(ASN1_R_STRING_TOO_SHORT) , "string too short"},
174 {ERR_REASON(ASN1_R_TAG_VALUE_TOO_HIGH) , "tag value too high"},
175 {ERR_REASON(ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD), "the asn1 object identifier is not known for this md"},
176 {ERR_REASON(ASN1_R_TIME_NOT_ASCII_FORMAT), "time not ascii format"},
177 {ERR_REASON(ASN1_R_TOO_LARGE) , "too large"},
178 {ERR_REASON(ASN1_R_TOO_LONG) , "too long"},
179 {ERR_REASON(ASN1_R_TOO_SMALL) , "too small"},
180 {ERR_REASON(ASN1_R_TYPE_NOT_CONSTRUCTED) , "type not constructed"},
181 {ERR_REASON(ASN1_R_TYPE_NOT_PRIMITIVE) , "type not primitive"},
182 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_KEY), "unable to decode rsa key"},
183 {ERR_REASON(ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY), "unable to decode rsa private key"},
184 {ERR_REASON(ASN1_R_UNEXPECTED_EOC) , "unexpected eoc"},
185 {ERR_REASON(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), "universalstring is wrong length"},
186 {ERR_REASON(ASN1_R_UNKNOWN_FORMAT) , "unknown format"},
187 {ERR_REASON(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), "unknown message digest algorithm"},
188 {ERR_REASON(ASN1_R_UNKNOWN_OBJECT_TYPE) , "unknown object type"},
189 {ERR_REASON(ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "unknown public key type"},
190 {ERR_REASON(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), "unknown signature algorithm"},
191 {ERR_REASON(ASN1_R_UNKNOWN_TAG) , "unknown tag"},
192 {ERR_REASON(ASN1_R_UNKOWN_FORMAT) , "unknown format"},
193 {ERR_REASON(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), "unsupported any defined by type"},
194 {ERR_REASON(ASN1_R_UNSUPPORTED_CIPHER) , "unsupported cipher"},
195 {ERR_REASON(ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), "unsupported encryption algorithm"},
196 {ERR_REASON(ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "unsupported public key type"},
197 {ERR_REASON(ASN1_R_UNSUPPORTED_TYPE) , "unsupported type"},
198 {ERR_REASON(ASN1_R_WRONG_INTEGER_TYPE) , "wrong integer type"},
199 {ERR_REASON(ASN1_R_WRONG_PUBLIC_KEY_TYPE), "wrong public key type"},
200 {ERR_REASON(ASN1_R_WRONG_TAG) , "wrong tag"},
201 {ERR_REASON(ASN1_R_WRONG_TYPE) , "wrong type"},
202 {0, NULL}
203};
204#endif
205
206void
207ERR_load_ASN1_strings(void)
208{
209#ifndef OPENSSL_NO_ERR
210 if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) {
211 ERR_load_const_strings(ASN1_str_functs);
212 ERR_load_const_strings(ASN1_str_reasons);
213 }
214#endif
215}
216LCRYPTO_ALIAS(ERR_load_ASN1_strings);
diff --git a/src/lib/libcrypto/asn1/asn1_gen.c b/src/lib/libcrypto/asn1/asn1_gen.c
deleted file mode 100644
index edd6743993..0000000000
--- a/src/lib/libcrypto/asn1/asn1_gen.c
+++ /dev/null
@@ -1,804 +0,0 @@
1/* $OpenBSD: asn1_gen.c,v 1.27 2025/03/06 07:25:01 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2002.
4 */
5/* ====================================================================
6 * Copyright (c) 2002 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <string.h>
60
61#include <openssl/asn1.h>
62#include <openssl/err.h>
63#include <openssl/x509v3.h>
64
65#include "asn1_local.h"
66#include "conf_local.h"
67#include "x509_local.h"
68
69#define ASN1_GEN_FLAG 0x10000
70#define ASN1_GEN_FLAG_IMP (ASN1_GEN_FLAG|1)
71#define ASN1_GEN_FLAG_EXP (ASN1_GEN_FLAG|2)
72#define ASN1_GEN_FLAG_TAG (ASN1_GEN_FLAG|3)
73#define ASN1_GEN_FLAG_BITWRAP (ASN1_GEN_FLAG|4)
74#define ASN1_GEN_FLAG_OCTWRAP (ASN1_GEN_FLAG|5)
75#define ASN1_GEN_FLAG_SEQWRAP (ASN1_GEN_FLAG|6)
76#define ASN1_GEN_FLAG_SETWRAP (ASN1_GEN_FLAG|7)
77#define ASN1_GEN_FLAG_FORMAT (ASN1_GEN_FLAG|8)
78
79#define ASN1_GEN_STR(str,val){str, sizeof(str) - 1, val}
80
81#define ASN1_FLAG_EXP_MAX 20
82
83/* Input formats */
84
85/* ASCII: default */
86#define ASN1_GEN_FORMAT_ASCII 1
87/* UTF8 */
88#define ASN1_GEN_FORMAT_UTF8 2
89/* Hex */
90#define ASN1_GEN_FORMAT_HEX 3
91/* List of bits */
92#define ASN1_GEN_FORMAT_BITLIST 4
93
94struct tag_name_st {
95 const char *strnam;
96 int len;
97 int tag;
98};
99
100typedef struct {
101 int exp_tag;
102 int exp_class;
103 int exp_constructed;
104 int exp_pad;
105 long exp_len;
106} tag_exp_type;
107
108typedef struct {
109 int imp_tag;
110 int imp_class;
111 int utype;
112 int format;
113 const char *str;
114 tag_exp_type exp_list[ASN1_FLAG_EXP_MAX];
115 int exp_count;
116} tag_exp_arg;
117
118static int bitstr_cb(const char *elem, int len, void *bitstr);
119static int asn1_cb(const char *elem, int len, void *bitstr);
120static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
121 int exp_constructed, int exp_pad, int imp_ok);
122static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass);
123static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
124static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
125static int asn1_str2tag(const char *tagstr, int len);
126
127ASN1_TYPE *
128ASN1_generate_nconf(const char *str, CONF *nconf)
129{
130 X509V3_CTX cnf;
131
132 if (!nconf)
133 return ASN1_generate_v3(str, NULL);
134
135 X509V3_set_nconf(&cnf, nconf);
136 return ASN1_generate_v3(str, &cnf);
137}
138LCRYPTO_ALIAS(ASN1_generate_nconf);
139
140ASN1_TYPE *
141ASN1_generate_v3(const char *str, X509V3_CTX *cnf)
142{
143 ASN1_TYPE *ret;
144 tag_exp_arg asn1_tags;
145 tag_exp_type *etmp;
146
147 int i, len;
148
149 unsigned char *orig_der = NULL, *new_der = NULL;
150 const unsigned char *cpy_start;
151 unsigned char *p;
152 const unsigned char *cp;
153 int cpy_len;
154 long hdr_len = 0;
155 int hdr_constructed = 0, hdr_tag, hdr_class;
156 int r;
157
158 asn1_tags.imp_tag = -1;
159 asn1_tags.imp_class = -1;
160 asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
161 asn1_tags.exp_count = 0;
162 if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
163 return NULL;
164
165 if ((asn1_tags.utype == V_ASN1_SEQUENCE) ||
166 (asn1_tags.utype == V_ASN1_SET)) {
167 if (!cnf) {
168 ASN1error(ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
169 return NULL;
170 }
171 ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
172 } else
173 ret = asn1_str2type(asn1_tags.str, asn1_tags.format,
174 asn1_tags.utype);
175
176 if (!ret)
177 return NULL;
178
179 /* If no tagging return base type */
180 if ((asn1_tags.imp_tag == -1) && (asn1_tags.exp_count == 0))
181 return ret;
182
183 /* Generate the encoding */
184 cpy_len = i2d_ASN1_TYPE(ret, &orig_der);
185 ASN1_TYPE_free(ret);
186 ret = NULL;
187 /* Set point to start copying for modified encoding */
188 cpy_start = orig_der;
189
190 /* Do we need IMPLICIT tagging? */
191 if (asn1_tags.imp_tag != -1) {
192 /* If IMPLICIT we will replace the underlying tag */
193 /* Skip existing tag+len */
194 r = ASN1_get_object(&cpy_start, &hdr_len, &hdr_tag,
195 &hdr_class, cpy_len);
196 if (r & 0x80)
197 goto err;
198 /* Update copy length */
199 cpy_len -= cpy_start - orig_der;
200 /* For IMPLICIT tagging the length should match the
201 * original length and constructed flag should be
202 * consistent.
203 */
204 if (r & 0x1) {
205 /* Indefinite length constructed */
206 hdr_constructed = 2;
207 hdr_len = 0;
208 } else
209 /* Just retain constructed flag */
210 hdr_constructed = r & V_ASN1_CONSTRUCTED;
211 /* Work out new length with IMPLICIT tag: ignore constructed
212 * because it will mess up if indefinite length
213 */
214 len = ASN1_object_size(0, hdr_len, asn1_tags.imp_tag);
215 } else
216 len = cpy_len;
217
218 /* Work out length in any EXPLICIT, starting from end */
219
220 for (i = 0, etmp = asn1_tags.exp_list + asn1_tags.exp_count - 1;
221 i < asn1_tags.exp_count; i++, etmp--) {
222 /* Content length: number of content octets + any padding */
223 len += etmp->exp_pad;
224 etmp->exp_len = len;
225 /* Total object length: length including new header */
226 len = ASN1_object_size(0, len, etmp->exp_tag);
227 }
228
229 /* Allocate buffer for new encoding */
230
231 new_der = malloc(len);
232 if (!new_der)
233 goto err;
234
235 /* Generate tagged encoding */
236 p = new_der;
237
238 /* Output explicit tags first */
239 for (i = 0, etmp = asn1_tags.exp_list; i < asn1_tags.exp_count;
240 i++, etmp++) {
241 ASN1_put_object(&p, etmp->exp_constructed, etmp->exp_len,
242 etmp->exp_tag, etmp->exp_class);
243 if (etmp->exp_pad)
244 *p++ = 0;
245 }
246
247 /* If IMPLICIT, output tag */
248
249 if (asn1_tags.imp_tag != -1) {
250 if (asn1_tags.imp_class == V_ASN1_UNIVERSAL &&
251 (asn1_tags.imp_tag == V_ASN1_SEQUENCE ||
252 asn1_tags.imp_tag == V_ASN1_SET))
253 hdr_constructed = V_ASN1_CONSTRUCTED;
254 ASN1_put_object(&p, hdr_constructed, hdr_len,
255 asn1_tags.imp_tag, asn1_tags.imp_class);
256 }
257
258 /* Copy across original encoding */
259 memcpy(p, cpy_start, cpy_len);
260
261 cp = new_der;
262
263 /* Obtain new ASN1_TYPE structure */
264 ret = d2i_ASN1_TYPE(NULL, &cp, len);
265
266 err:
267 free(orig_der);
268 free(new_der);
269
270 return ret;
271}
272LCRYPTO_ALIAS(ASN1_generate_v3);
273
274static int
275asn1_cb(const char *elem, int len, void *bitstr)
276{
277 tag_exp_arg *arg = bitstr;
278 int i;
279 int utype;
280 int vlen = 0;
281 const char *p, *vstart = NULL;
282
283 int tmp_tag, tmp_class;
284
285 for (i = 0, p = elem; i < len; p++, i++) {
286 /* Look for the ':' in name value pairs */
287 if (*p == ':') {
288 vstart = p + 1;
289 vlen = len - (vstart - elem);
290 len = p - elem;
291 break;
292 }
293 }
294
295 utype = asn1_str2tag(elem, len);
296
297 if (utype == -1) {
298 ASN1error(ASN1_R_UNKNOWN_TAG);
299 ERR_asprintf_error_data("tag=%s", elem);
300 return -1;
301 }
302
303 /* If this is not a modifier mark end of string and exit */
304 if (!(utype & ASN1_GEN_FLAG)) {
305 arg->utype = utype;
306 arg->str = vstart;
307 /* If no value and not end of string, error */
308 if (!vstart && elem[len]) {
309 ASN1error(ASN1_R_MISSING_VALUE);
310 return -1;
311 }
312 return 0;
313 }
314
315 switch (utype) {
316
317 case ASN1_GEN_FLAG_IMP:
318 /* Check for illegal multiple IMPLICIT tagging */
319 if (arg->imp_tag != -1) {
320 ASN1error(ASN1_R_ILLEGAL_NESTED_TAGGING);
321 return -1;
322 }
323 if (!parse_tagging(vstart, vlen, &arg->imp_tag,
324 &arg->imp_class))
325 return -1;
326 break;
327
328 case ASN1_GEN_FLAG_EXP:
329 if (!parse_tagging(vstart, vlen, &tmp_tag, &tmp_class))
330 return -1;
331 if (!append_exp(arg, tmp_tag, tmp_class, 1, 0, 0))
332 return -1;
333 break;
334
335 case ASN1_GEN_FLAG_SEQWRAP:
336 if (!append_exp(arg, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, 1, 0, 1))
337 return -1;
338 break;
339
340 case ASN1_GEN_FLAG_SETWRAP:
341 if (!append_exp(arg, V_ASN1_SET, V_ASN1_UNIVERSAL, 1, 0, 1))
342 return -1;
343 break;
344
345 case ASN1_GEN_FLAG_BITWRAP:
346 if (!append_exp(arg, V_ASN1_BIT_STRING, V_ASN1_UNIVERSAL, 0, 1, 1))
347 return -1;
348 break;
349
350 case ASN1_GEN_FLAG_OCTWRAP:
351 if (!append_exp(arg, V_ASN1_OCTET_STRING, V_ASN1_UNIVERSAL, 0, 0, 1))
352 return -1;
353 break;
354
355 case ASN1_GEN_FLAG_FORMAT:
356 if (vstart == NULL) {
357 ASN1error(ASN1_R_ILLEGAL_FORMAT);
358 return -1;
359 }
360 if (!strncmp(vstart, "ASCII", 5))
361 arg->format = ASN1_GEN_FORMAT_ASCII;
362 else if (!strncmp(vstart, "UTF8", 4))
363 arg->format = ASN1_GEN_FORMAT_UTF8;
364 else if (!strncmp(vstart, "HEX", 3))
365 arg->format = ASN1_GEN_FORMAT_HEX;
366 else if (!strncmp(vstart, "BITLIST", 7))
367 arg->format = ASN1_GEN_FORMAT_BITLIST;
368 else {
369 ASN1error(ASN1_R_UNKOWN_FORMAT);
370 return -1;
371 }
372 break;
373
374 }
375
376 return 1;
377}
378
379static int
380parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
381{
382 long tag_num;
383 char *eptr;
384
385 if (!vstart)
386 return 0;
387 tag_num = strtoul(vstart, &eptr, 10);
388 /* Check we haven't gone past max length: should be impossible */
389 if (eptr && *eptr && (eptr > vstart + vlen))
390 return 0;
391 if (tag_num < 0) {
392 ASN1error(ASN1_R_INVALID_NUMBER);
393 return 0;
394 }
395 *ptag = tag_num;
396 /* If we have non numeric characters, parse them */
397 if (eptr)
398 vlen -= eptr - vstart;
399 else
400 vlen = 0;
401 if (vlen) {
402 switch (*eptr) {
403
404 case 'U':
405 *pclass = V_ASN1_UNIVERSAL;
406 break;
407
408 case 'A':
409 *pclass = V_ASN1_APPLICATION;
410 break;
411
412 case 'P':
413 *pclass = V_ASN1_PRIVATE;
414 break;
415
416 case 'C':
417 *pclass = V_ASN1_CONTEXT_SPECIFIC;
418 break;
419
420 default:
421 ASN1error(ASN1_R_INVALID_MODIFIER);
422 ERR_asprintf_error_data("Char=%c", *eptr);
423 return 0;
424 break;
425
426 }
427 } else
428 *pclass = V_ASN1_CONTEXT_SPECIFIC;
429
430 return 1;
431
432}
433
434/* Handle multiple types: SET and SEQUENCE */
435
436static ASN1_TYPE *
437asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
438{
439 ASN1_TYPE *ret = NULL;
440 STACK_OF(ASN1_TYPE) *sk = NULL;
441 STACK_OF(CONF_VALUE) *sect = NULL;
442 unsigned char *der = NULL;
443 int derlen;
444 int i;
445 sk = sk_ASN1_TYPE_new_null();
446 if (!sk)
447 goto bad;
448 if (section) {
449 if (!cnf)
450 goto bad;
451 sect = X509V3_get0_section(cnf, section);
452 if (!sect)
453 goto bad;
454 for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
455 ASN1_TYPE *typ = ASN1_generate_v3(
456 sk_CONF_VALUE_value(sect, i)->value, cnf);
457 if (!typ)
458 goto bad;
459 if (!sk_ASN1_TYPE_push(sk, typ))
460 goto bad;
461 }
462 }
463
464 /* Now we has a STACK of the components, convert to the correct form */
465
466 if (utype == V_ASN1_SET)
467 derlen = i2d_ASN1_SET_ANY(sk, &der);
468 else
469 derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
470
471 if (derlen < 0)
472 goto bad;
473
474 if (!(ret = ASN1_TYPE_new()))
475 goto bad;
476
477 if (!(ret->value.asn1_string = ASN1_STRING_type_new(utype)))
478 goto bad;
479
480 ret->type = utype;
481
482 ret->value.asn1_string->data = der;
483 ret->value.asn1_string->length = derlen;
484
485 der = NULL;
486
487 bad:
488 free(der);
489 sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
490
491 return ret;
492}
493
494static int
495append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, int exp_constructed,
496 int exp_pad, int imp_ok)
497{
498 tag_exp_type *exp_tmp;
499
500 /* Can only have IMPLICIT if permitted */
501 if ((arg->imp_tag != -1) && !imp_ok) {
502 ASN1error(ASN1_R_ILLEGAL_IMPLICIT_TAG);
503 return 0;
504 }
505
506 if (arg->exp_count == ASN1_FLAG_EXP_MAX) {
507 ASN1error(ASN1_R_DEPTH_EXCEEDED);
508 return 0;
509 }
510
511 exp_tmp = &arg->exp_list[arg->exp_count++];
512
513 /* If IMPLICIT set tag to implicit value then
514 * reset implicit tag since it has been used.
515 */
516 if (arg->imp_tag != -1) {
517 exp_tmp->exp_tag = arg->imp_tag;
518 exp_tmp->exp_class = arg->imp_class;
519 arg->imp_tag = -1;
520 arg->imp_class = -1;
521 } else {
522 exp_tmp->exp_tag = exp_tag;
523 exp_tmp->exp_class = exp_class;
524 }
525 exp_tmp->exp_constructed = exp_constructed;
526 exp_tmp->exp_pad = exp_pad;
527
528 return 1;
529}
530
531static int
532asn1_str2tag(const char *tagstr, int len)
533{
534 unsigned int i;
535 const struct tag_name_st *tntmp;
536 static const struct tag_name_st tnst[] = {
537 ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
538 ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
539 ASN1_GEN_STR("NULL", V_ASN1_NULL),
540 ASN1_GEN_STR("INT", V_ASN1_INTEGER),
541 ASN1_GEN_STR("INTEGER", V_ASN1_INTEGER),
542 ASN1_GEN_STR("ENUM", V_ASN1_ENUMERATED),
543 ASN1_GEN_STR("ENUMERATED", V_ASN1_ENUMERATED),
544 ASN1_GEN_STR("OID", V_ASN1_OBJECT),
545 ASN1_GEN_STR("OBJECT", V_ASN1_OBJECT),
546 ASN1_GEN_STR("UTCTIME", V_ASN1_UTCTIME),
547 ASN1_GEN_STR("UTC", V_ASN1_UTCTIME),
548 ASN1_GEN_STR("GENERALIZEDTIME", V_ASN1_GENERALIZEDTIME),
549 ASN1_GEN_STR("GENTIME", V_ASN1_GENERALIZEDTIME),
550 ASN1_GEN_STR("OCT", V_ASN1_OCTET_STRING),
551 ASN1_GEN_STR("OCTETSTRING", V_ASN1_OCTET_STRING),
552 ASN1_GEN_STR("BITSTR", V_ASN1_BIT_STRING),
553 ASN1_GEN_STR("BITSTRING", V_ASN1_BIT_STRING),
554 ASN1_GEN_STR("UNIVERSALSTRING", V_ASN1_UNIVERSALSTRING),
555 ASN1_GEN_STR("UNIV", V_ASN1_UNIVERSALSTRING),
556 ASN1_GEN_STR("IA5", V_ASN1_IA5STRING),
557 ASN1_GEN_STR("IA5STRING", V_ASN1_IA5STRING),
558 ASN1_GEN_STR("UTF8", V_ASN1_UTF8STRING),
559 ASN1_GEN_STR("UTF8String", V_ASN1_UTF8STRING),
560 ASN1_GEN_STR("BMP", V_ASN1_BMPSTRING),
561 ASN1_GEN_STR("BMPSTRING", V_ASN1_BMPSTRING),
562 ASN1_GEN_STR("VISIBLESTRING", V_ASN1_VISIBLESTRING),
563 ASN1_GEN_STR("VISIBLE", V_ASN1_VISIBLESTRING),
564 ASN1_GEN_STR("PRINTABLESTRING", V_ASN1_PRINTABLESTRING),
565 ASN1_GEN_STR("PRINTABLE", V_ASN1_PRINTABLESTRING),
566 ASN1_GEN_STR("T61", V_ASN1_T61STRING),
567 ASN1_GEN_STR("T61STRING", V_ASN1_T61STRING),
568 ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
569 ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
570 ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
571 ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
572 ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
573
574 /* Special cases */
575 ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
576 ASN1_GEN_STR("SEQ", V_ASN1_SEQUENCE),
577 ASN1_GEN_STR("SET", V_ASN1_SET),
578 /* type modifiers */
579 /* Explicit tag */
580 ASN1_GEN_STR("EXP", ASN1_GEN_FLAG_EXP),
581 ASN1_GEN_STR("EXPLICIT", ASN1_GEN_FLAG_EXP),
582 /* Implicit tag */
583 ASN1_GEN_STR("IMP", ASN1_GEN_FLAG_IMP),
584 ASN1_GEN_STR("IMPLICIT", ASN1_GEN_FLAG_IMP),
585 /* OCTET STRING wrapper */
586 ASN1_GEN_STR("OCTWRAP", ASN1_GEN_FLAG_OCTWRAP),
587 /* SEQUENCE wrapper */
588 ASN1_GEN_STR("SEQWRAP", ASN1_GEN_FLAG_SEQWRAP),
589 /* SET wrapper */
590 ASN1_GEN_STR("SETWRAP", ASN1_GEN_FLAG_SETWRAP),
591 /* BIT STRING wrapper */
592 ASN1_GEN_STR("BITWRAP", ASN1_GEN_FLAG_BITWRAP),
593 ASN1_GEN_STR("FORM", ASN1_GEN_FLAG_FORMAT),
594 ASN1_GEN_STR("FORMAT", ASN1_GEN_FLAG_FORMAT),
595 };
596
597 if (len == -1)
598 len = strlen(tagstr);
599
600 tntmp = tnst;
601 for (i = 0; i < sizeof(tnst) / sizeof(struct tag_name_st);
602 i++, tntmp++) {
603 if ((len == tntmp->len) && !strncmp(tntmp->strnam, tagstr, len))
604 return tntmp->tag;
605 }
606
607 return -1;
608}
609
610static ASN1_TYPE *
611asn1_str2type(const char *str, int format, int utype)
612{
613 ASN1_TYPE *atmp = NULL;
614 CONF_VALUE vtmp;
615 unsigned char *rdata;
616 long rdlen;
617 int no_unused = 1;
618
619 if (!(atmp = ASN1_TYPE_new())) {
620 ASN1error(ERR_R_MALLOC_FAILURE);
621 return NULL;
622 }
623
624 if (!str)
625 str = "";
626
627 switch (utype) {
628
629 case V_ASN1_NULL:
630 if (str && *str) {
631 ASN1error(ASN1_R_ILLEGAL_NULL_VALUE);
632 goto bad_form;
633 }
634 break;
635
636 case V_ASN1_BOOLEAN:
637 if (format != ASN1_GEN_FORMAT_ASCII) {
638 ASN1error(ASN1_R_NOT_ASCII_FORMAT);
639 goto bad_form;
640 }
641 vtmp.name = NULL;
642 vtmp.section = NULL;
643 vtmp.value = (char *)str;
644 if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) {
645 ASN1error(ASN1_R_ILLEGAL_BOOLEAN);
646 goto bad_str;
647 }
648 break;
649
650 case V_ASN1_INTEGER:
651 case V_ASN1_ENUMERATED:
652 if (format != ASN1_GEN_FORMAT_ASCII) {
653 ASN1error(ASN1_R_INTEGER_NOT_ASCII_FORMAT);
654 goto bad_form;
655 }
656 if (!(atmp->value.integer =
657 s2i_ASN1_INTEGER(NULL, (char *)str))) {
658 ASN1error(ASN1_R_ILLEGAL_INTEGER);
659 goto bad_str;
660 }
661 break;
662
663 case V_ASN1_OBJECT:
664 if (format != ASN1_GEN_FORMAT_ASCII) {
665 ASN1error(ASN1_R_OBJECT_NOT_ASCII_FORMAT);
666 goto bad_form;
667 }
668 if (!(atmp->value.object = OBJ_txt2obj(str, 0))) {
669 ASN1error(ASN1_R_ILLEGAL_OBJECT);
670 goto bad_str;
671 }
672 break;
673
674 case V_ASN1_UTCTIME:
675 case V_ASN1_GENERALIZEDTIME:
676 if (format != ASN1_GEN_FORMAT_ASCII) {
677 ASN1error(ASN1_R_TIME_NOT_ASCII_FORMAT);
678 goto bad_form;
679 }
680 if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
681 ASN1error(ERR_R_MALLOC_FAILURE);
682 goto bad_str;
683 }
684 if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) {
685 ASN1error(ERR_R_MALLOC_FAILURE);
686 goto bad_str;
687 }
688 atmp->value.asn1_string->type = utype;
689 if (!ASN1_TIME_check(atmp->value.asn1_string)) {
690 ASN1error(ASN1_R_ILLEGAL_TIME_VALUE);
691 goto bad_str;
692 }
693 break;
694
695 case V_ASN1_BMPSTRING:
696 case V_ASN1_PRINTABLESTRING:
697 case V_ASN1_IA5STRING:
698 case V_ASN1_T61STRING:
699 case V_ASN1_UTF8STRING:
700 case V_ASN1_VISIBLESTRING:
701 case V_ASN1_UNIVERSALSTRING:
702 case V_ASN1_GENERALSTRING:
703 case V_ASN1_NUMERICSTRING:
704
705 if (format == ASN1_GEN_FORMAT_ASCII)
706 format = MBSTRING_ASC;
707 else if (format == ASN1_GEN_FORMAT_UTF8)
708 format = MBSTRING_UTF8;
709 else {
710 ASN1error(ASN1_R_ILLEGAL_FORMAT);
711 goto bad_form;
712 }
713
714 if (ASN1_mbstring_copy(&atmp->value.asn1_string,
715 (unsigned char *)str, -1, format,
716 ASN1_tag2bit(utype)) <= 0) {
717 ASN1error(ERR_R_MALLOC_FAILURE);
718 goto bad_str;
719 }
720 break;
721
722 case V_ASN1_BIT_STRING:
723 case V_ASN1_OCTET_STRING:
724 if (!(atmp->value.asn1_string = ASN1_STRING_new())) {
725 ASN1error(ERR_R_MALLOC_FAILURE);
726 goto bad_form;
727 }
728
729 if (format == ASN1_GEN_FORMAT_HEX) {
730
731 if (!(rdata = string_to_hex((char *)str, &rdlen))) {
732 ASN1error(ASN1_R_ILLEGAL_HEX);
733 goto bad_str;
734 }
735
736 atmp->value.asn1_string->data = rdata;
737 atmp->value.asn1_string->length = rdlen;
738 atmp->value.asn1_string->type = utype;
739
740 } else if (format == ASN1_GEN_FORMAT_ASCII) {
741 if (ASN1_STRING_set(atmp->value.asn1_string, str,
742 -1) == 0) {
743 ASN1error(ERR_R_MALLOC_FAILURE);
744 goto bad_str;
745 }
746 } else if ((format == ASN1_GEN_FORMAT_BITLIST) &&
747 (utype == V_ASN1_BIT_STRING)) {
748 if (!CONF_parse_list(str, ',', 1, bitstr_cb,
749 atmp->value.bit_string)) {
750 ASN1error(ASN1_R_LIST_ERROR);
751 goto bad_str;
752 }
753 no_unused = 0;
754
755 } else {
756 ASN1error(ASN1_R_ILLEGAL_BITSTRING_FORMAT);
757 goto bad_form;
758 }
759
760 if ((utype == V_ASN1_BIT_STRING) && no_unused) {
761 if (!asn1_abs_set_unused_bits(atmp->value.asn1_string,
762 0))
763 goto bad_str;
764 }
765
766 break;
767
768 default:
769 ASN1error(ASN1_R_UNSUPPORTED_TYPE);
770 goto bad_str;
771 break;
772 }
773
774 atmp->type = utype;
775 return atmp;
776
777 bad_str:
778 ERR_asprintf_error_data("string=%s", str);
779 bad_form:
780 ASN1_TYPE_free(atmp);
781 return NULL;
782}
783
784static int
785bitstr_cb(const char *elem, int len, void *bitstr)
786{
787 long bitnum;
788 char *eptr;
789
790 if (!elem)
791 return 0;
792 bitnum = strtoul(elem, &eptr, 10);
793 if (eptr && *eptr && (eptr != elem + len))
794 return 0;
795 if (bitnum < 0) {
796 ASN1error(ASN1_R_INVALID_NUMBER);
797 return 0;
798 }
799 if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) {
800 ASN1error(ERR_R_MALLOC_FAILURE);
801 return 0;
802 }
803 return 1;
804}
diff --git a/src/lib/libcrypto/asn1/asn1_item.c b/src/lib/libcrypto/asn1/asn1_item.c
deleted file mode 100644
index 86c800e3ad..0000000000
--- a/src/lib/libcrypto/asn1/asn1_item.c
+++ /dev/null
@@ -1,697 +0,0 @@
1/* $OpenBSD: asn1_item.c,v 1.21 2024/04/09 13:55:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58/* ====================================================================
59 * Copyright (c) 1998-2003 The OpenSSL Project. All rights reserved.
60 *
61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions
63 * are met:
64 *
65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer.
67 *
68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in
70 * the documentation and/or other materials provided with the
71 * distribution.
72 *
73 * 3. All advertising materials mentioning features or use of this
74 * software must display the following acknowledgment:
75 * "This product includes software developed by the OpenSSL Project
76 * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
77 *
78 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
79 * endorse or promote products derived from this software without
80 * prior written permission. For written permission, please contact
81 * openssl-core@openssl.org.
82 *
83 * 5. Products derived from this software may not be called "OpenSSL"
84 * nor may "OpenSSL" appear in their names without prior written
85 * permission of the OpenSSL Project.
86 *
87 * 6. Redistributions of any form whatsoever must retain the following
88 * acknowledgment:
89 * "This product includes software developed by the OpenSSL Project
90 * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
91 *
92 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
93 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
94 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
95 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
96 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
97 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
98 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
99 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
100 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
101 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
102 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
103 * OF THE POSSIBILITY OF SUCH DAMAGE.
104 * ====================================================================
105 *
106 * This product includes cryptographic software written by Eric Young
107 * (eay@cryptsoft.com). This product includes software written by Tim
108 * Hudson (tjh@cryptsoft.com).
109 *
110 */
111
112#include <limits.h>
113
114#include <openssl/buffer.h>
115#include <openssl/err.h>
116#include <openssl/evp.h>
117#include <openssl/x509.h>
118
119#include "asn1_local.h"
120#include "evp_local.h"
121#include "x509_local.h"
122
123int
124ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn,
125 unsigned char *md, unsigned int *len)
126{
127 int i;
128 unsigned char *str = NULL;
129
130 i = ASN1_item_i2d(asn, &str, it);
131 if (!str)
132 return (0);
133
134 if (!EVP_Digest(str, i, md, len, type, NULL)) {
135 free(str);
136 return (0);
137 }
138
139 free(str);
140 return (1);
141}
142LCRYPTO_ALIAS(ASN1_item_digest);
143
144/*
145 * ASN1_ITEM version of ASN1_dup(): follows the same model except there's no
146 * need to allocate the buffer. At some point this could be rewritten to dup
147 * the underlying structure directly instead of doing an encode and decode.
148 */
149
150void *
151ASN1_item_dup(const ASN1_ITEM *it, void *x)
152{
153 unsigned char *b = NULL;
154 const unsigned char *p;
155 long i;
156 void *ret;
157
158 if (x == NULL)
159 return (NULL);
160
161 i = ASN1_item_i2d(x, &b, it);
162 if (b == NULL) {
163 ASN1error(ERR_R_MALLOC_FAILURE);
164 return (NULL);
165 }
166 p = b;
167 ret = ASN1_item_d2i(NULL, &p, i, it);
168 free(b);
169 return (ret);
170}
171LCRYPTO_ALIAS(ASN1_item_dup);
172
173/* Pack an ASN1 object into an ASN1_STRING. */
174ASN1_STRING *
175ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct)
176{
177 ASN1_STRING *octmp;
178
179 if (!oct || !*oct) {
180 if (!(octmp = ASN1_STRING_new ())) {
181 ASN1error(ERR_R_MALLOC_FAILURE);
182 return NULL;
183 }
184 } else
185 octmp = *oct;
186
187 free(octmp->data);
188 octmp->data = NULL;
189
190 if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) {
191 ASN1error(ASN1_R_ENCODE_ERROR);
192 goto err;
193 }
194 if (!octmp->data) {
195 ASN1error(ERR_R_MALLOC_FAILURE);
196 goto err;
197 }
198 if (oct)
199 *oct = octmp;
200 return octmp;
201 err:
202 if (!oct || octmp != *oct)
203 ASN1_STRING_free(octmp);
204 return NULL;
205}
206LCRYPTO_ALIAS(ASN1_item_pack);
207
208/* Extract an ASN1 object from an ASN1_STRING. */
209void *
210ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it)
211{
212 const unsigned char *p;
213 void *ret;
214
215 p = oct->data;
216 if (!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
217 ASN1error(ASN1_R_DECODE_ERROR);
218 return ret;
219}
220LCRYPTO_ALIAS(ASN1_item_unpack);
221
222int
223ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
224 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, const EVP_MD *type)
225{
226 EVP_MD_CTX *md_ctx = NULL;
227 int ret = 0;
228
229 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
230 goto err;
231 if (!EVP_DigestSignInit(md_ctx, NULL, type, NULL, pkey))
232 goto err;
233
234 ret = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, md_ctx);
235
236 err:
237 EVP_MD_CTX_free(md_ctx);
238
239 return ret;
240}
241LCRYPTO_ALIAS(ASN1_item_sign);
242
243static int
244asn1_item_set_algorithm_identifiers(EVP_MD_CTX *ctx, X509_ALGOR *algor1,
245 X509_ALGOR *algor2)
246{
247 EVP_PKEY *pkey;
248 const EVP_MD *md;
249 int sign_id, sign_param;
250
251 if ((pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx)) == NULL) {
252 ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
253 return 0;
254 }
255
256 if ((md = EVP_MD_CTX_md(ctx)) == NULL) {
257 ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
258 return 0;
259 }
260
261 if (!OBJ_find_sigid_by_algs(&sign_id, EVP_MD_nid(md),
262 pkey->ameth->pkey_id)) {
263 ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
264 return 0;
265 }
266
267 sign_param = V_ASN1_UNDEF;
268 if (pkey->ameth->pkey_flags & ASN1_PKEY_SIGPARAM_NULL)
269 sign_param = V_ASN1_NULL;
270
271 if (algor1 != NULL) {
272 if (!X509_ALGOR_set0_by_nid(algor1, sign_id, sign_param, NULL))
273 return 0;
274 }
275 if (algor2 != NULL) {
276 if (!X509_ALGOR_set0_by_nid(algor2, sign_id, sign_param, NULL))
277 return 0;
278 }
279
280 return 1;
281}
282
283static int
284asn1_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
285 ASN1_BIT_STRING *signature)
286{
287 unsigned char *in = NULL, *out = NULL;
288 size_t out_len = 0;
289 int in_len = 0;
290 int ret = 0;
291
292 if ((in_len = ASN1_item_i2d(asn, &in, it)) <= 0) {
293 in_len = 0;
294 goto err;
295 }
296
297 if (!EVP_DigestSign(ctx, NULL, &out_len, in, in_len)) {
298 ASN1error(ERR_R_EVP_LIB);
299 goto err;
300 }
301 if ((out = calloc(1, out_len)) == NULL) {
302 ASN1error(ERR_R_MALLOC_FAILURE);
303 goto err;
304 }
305 if (!EVP_DigestSign(ctx, out, &out_len, in, in_len)) {
306 ASN1error(ERR_R_EVP_LIB);
307 goto err;
308 }
309
310 if (out_len > INT_MAX) {
311 ASN1error(ASN1_R_TOO_LONG);
312 goto err;
313 }
314
315 ASN1_STRING_set0(signature, out, out_len);
316 out = NULL;
317
318 if (!asn1_abs_set_unused_bits(signature, 0)) {
319 ASN1_STRING_set0(signature, NULL, 0);
320 ASN1error(ERR_R_ASN1_LIB);
321 goto err;
322 }
323
324 ret = 1;
325
326 err:
327 freezero(in, in_len);
328 freezero(out, out_len);
329
330 return ret;
331}
332
333int
334ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2,
335 ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx)
336{
337 EVP_PKEY *pkey;
338 int rv;
339 int ret = 0;
340
341 if ((pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx)) == NULL) {
342 ASN1error(ASN1_R_CONTEXT_NOT_INITIALISED);
343 goto err;
344 }
345 if (pkey->ameth == NULL) {
346 ASN1error(ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED);
347 goto err;
348 }
349
350 /*
351 * API insanity ahead. If the item_sign() method is absent or if it
352 * returns 2, this means: do all the work here. If it returns 3, only
353 * sign. If it returns 1, then there's nothing to do but to return
354 * the signature's length. Everything else is an error.
355 */
356
357 rv = 2;
358 if (pkey->ameth->item_sign != NULL)
359 rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2,
360 signature);
361 if (rv <= 0 || rv > 3)
362 goto err;
363 if (rv == 1)
364 goto done;
365 if (rv == 2) {
366 if (!asn1_item_set_algorithm_identifiers(ctx, algor1, algor2))
367 goto err;
368 }
369
370 if (!asn1_item_sign(ctx, it, asn, signature))
371 goto err;
372
373 done:
374 ret = signature->length;
375
376 err:
377 EVP_MD_CTX_cleanup(ctx);
378
379 return ret;
380}
381LCRYPTO_ALIAS(ASN1_item_sign_ctx);
382
383int
384ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a,
385 ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey)
386{
387 EVP_MD_CTX *md_ctx = NULL;
388 unsigned char *in = NULL;
389 int mdnid, pknid;
390 int in_len = 0;
391 int ret = -1;
392
393 if (pkey == NULL) {
394 ASN1error(ERR_R_PASSED_NULL_PARAMETER);
395 goto err;
396 }
397
398 if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) {
399 ASN1error(ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
400 goto err;
401 }
402
403 if ((md_ctx = EVP_MD_CTX_new()) == NULL)
404 goto err;
405
406 /* Convert signature OID into digest and public key OIDs */
407 if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) {
408 ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
409 goto err;
410 }
411 if (mdnid == NID_undef) {
412 if (!pkey->ameth || !pkey->ameth->item_verify) {
413 ASN1error(ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM);
414 goto err;
415 }
416 ret = pkey->ameth->item_verify(md_ctx, it, asn, a,
417 signature, pkey);
418 /* Return value of 2 means carry on, anything else means we
419 * exit straight away: either a fatal error of the underlying
420 * verification routine handles all verification.
421 */
422 if (ret != 2)
423 goto err;
424 ret = -1;
425 } else {
426 const EVP_MD *type;
427 type = EVP_get_digestbynid(mdnid);
428 if (type == NULL) {
429 ASN1error(ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
430 goto err;
431 }
432
433 /* Check public key OID matches public key type */
434 if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) {
435 ASN1error(ASN1_R_WRONG_PUBLIC_KEY_TYPE);
436 goto err;
437 }
438
439 if (!EVP_DigestVerifyInit(md_ctx, NULL, type, NULL, pkey)) {
440 ASN1error(ERR_R_EVP_LIB);
441 ret = 0;
442 goto err;
443 }
444
445 }
446
447 if ((in_len = ASN1_item_i2d(asn, &in, it)) <= 0) {
448 ASN1error(ERR_R_MALLOC_FAILURE);
449 in_len = 0;
450 goto err;
451 }
452
453 if (EVP_DigestVerify(md_ctx, signature->data, signature->length,
454 in, in_len) <= 0) {
455 ASN1error(ERR_R_EVP_LIB);
456 ret = 0;
457 goto err;
458 }
459
460 ret = 1;
461
462 err:
463 EVP_MD_CTX_free(md_ctx);
464 freezero(in, in_len);
465
466 return ret;
467}
468LCRYPTO_ALIAS(ASN1_item_verify);
469
470#define HEADER_SIZE 8
471#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
472int
473asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
474{
475 BUF_MEM *b;
476 unsigned char *p;
477 const unsigned char *q;
478 long slen;
479 int i, inf, tag, xclass;
480 size_t want = HEADER_SIZE;
481 int eos = 0;
482 size_t off = 0;
483 size_t len = 0;
484
485 b = BUF_MEM_new();
486 if (b == NULL) {
487 ASN1error(ERR_R_MALLOC_FAILURE);
488 return -1;
489 }
490
491 ERR_clear_error();
492 for (;;) {
493 if (want >= (len - off)) {
494 want -= (len - off);
495
496 if (len + want < len ||
497 !BUF_MEM_grow_clean(b, len + want)) {
498 ASN1error(ERR_R_MALLOC_FAILURE);
499 goto err;
500 }
501 i = BIO_read(in, &(b->data[len]), want);
502 if ((i < 0) && ((len - off) == 0)) {
503 ASN1error(ASN1_R_NOT_ENOUGH_DATA);
504 goto err;
505 }
506 if (i > 0) {
507 if (len + i < len) {
508 ASN1error(ASN1_R_TOO_LONG);
509 goto err;
510 }
511 len += i;
512 }
513 }
514 /* else data already loaded */
515
516 p = (unsigned char *) & (b->data[off]);
517 q = p;
518 inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off);
519 if (inf & 0x80) {
520 unsigned long e;
521
522 e = ERR_GET_REASON(ERR_peek_error());
523 if (e != ASN1_R_TOO_LONG)
524 goto err;
525 else
526 ERR_clear_error(); /* clear error */
527 }
528 i = q - p; /* header length */
529 off += i; /* end of data */
530
531 if (inf & 1) {
532 /* no data body so go round again */
533 eos++;
534 if (eos < 0) {
535 ASN1error(ASN1_R_HEADER_TOO_LONG);
536 goto err;
537 }
538 want = HEADER_SIZE;
539 } else if (eos && slen == 0 && tag == V_ASN1_EOC) {
540 /* eos value, so go back and read another header */
541 eos--;
542 if (eos <= 0)
543 break;
544 else
545 want = HEADER_SIZE;
546 } else {
547 /* suck in slen bytes of data */
548 want = slen;
549 if (want > (len - off)) {
550 size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
551
552 want -= (len - off);
553 if (want > INT_MAX /* BIO_read takes an int length */ ||
554 len+want < len) {
555 ASN1error(ASN1_R_TOO_LONG);
556 goto err;
557 }
558 while (want > 0) {
559 /*
560 * Read content in chunks of increasing size
561 * so we can return an error for EOF without
562 * having to allocate the entire content length
563 * in one go.
564 */
565 size_t chunk = want > chunk_max ? chunk_max : want;
566
567 if (!BUF_MEM_grow_clean(b, len + chunk)) {
568 ASN1error(ERR_R_MALLOC_FAILURE);
569 goto err;
570 }
571 want -= chunk;
572 while (chunk > 0) {
573 i = BIO_read(in, &(b->data[len]), chunk);
574 if (i <= 0) {
575 ASN1error(ASN1_R_NOT_ENOUGH_DATA);
576 goto err;
577 }
578 /*
579 * This can't overflow because |len+want|
580 * didn't overflow.
581 */
582 len += i;
583 chunk -= i;
584 }
585 if (chunk_max < INT_MAX/2)
586 chunk_max *= 2;
587 }
588 }
589 if (off + slen < off) {
590 ASN1error(ASN1_R_TOO_LONG);
591 goto err;
592 }
593 off += slen;
594 if (eos <= 0) {
595 break;
596 } else
597 want = HEADER_SIZE;
598 }
599 }
600
601 if (off > INT_MAX) {
602 ASN1error(ASN1_R_TOO_LONG);
603 goto err;
604 }
605
606 *pb = b;
607 return off;
608
609 err:
610 if (b != NULL)
611 BUF_MEM_free(b);
612 return -1;
613}
614
615void *
616ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
617{
618 BUF_MEM *b = NULL;
619 const unsigned char *p;
620 void *ret = NULL;
621 int len;
622
623 len = asn1_d2i_read_bio(in, &b);
624 if (len < 0)
625 goto err;
626
627 p = (const unsigned char *)b->data;
628 ret = ASN1_item_d2i(x, &p, len, it);
629
630 err:
631 if (b != NULL)
632 BUF_MEM_free(b);
633 return (ret);
634}
635LCRYPTO_ALIAS(ASN1_item_d2i_bio);
636
637void *
638ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
639{
640 BIO *b;
641 char *ret;
642
643 if ((b = BIO_new(BIO_s_file())) == NULL) {
644 ASN1error(ERR_R_BUF_LIB);
645 return (NULL);
646 }
647 BIO_set_fp(b, in, BIO_NOCLOSE);
648 ret = ASN1_item_d2i_bio(it, b, x);
649 BIO_free(b);
650 return (ret);
651}
652LCRYPTO_ALIAS(ASN1_item_d2i_fp);
653
654int
655ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x)
656{
657 unsigned char *b = NULL;
658 int i, j = 0, n, ret = 1;
659
660 n = ASN1_item_i2d(x, &b, it);
661 if (b == NULL) {
662 ASN1error(ERR_R_MALLOC_FAILURE);
663 return (0);
664 }
665
666 for (;;) {
667 i = BIO_write(out, &(b[j]), n);
668 if (i == n)
669 break;
670 if (i <= 0) {
671 ret = 0;
672 break;
673 }
674 j += i;
675 n -= i;
676 }
677 free(b);
678 return (ret);
679}
680LCRYPTO_ALIAS(ASN1_item_i2d_bio);
681
682int
683ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x)
684{
685 BIO *b;
686 int ret;
687
688 if ((b = BIO_new(BIO_s_file())) == NULL) {
689 ASN1error(ERR_R_BUF_LIB);
690 return (0);
691 }
692 BIO_set_fp(b, out, BIO_NOCLOSE);
693 ret = ASN1_item_i2d_bio(it, b, x);
694 BIO_free(b);
695 return (ret);
696}
697LCRYPTO_ALIAS(ASN1_item_i2d_fp);
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c
deleted file mode 100644
index ac8da0e61d..0000000000
--- a/src/lib/libcrypto/asn1/asn1_lib.c
+++ /dev/null
@@ -1,204 +0,0 @@
1/* $OpenBSD: asn1_lib.c,v 1.54 2022/05/05 19:18:56 jsing Exp $ */
2/*
3 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <limits.h>
19#include <stdlib.h>
20
21#include "bytestring.h"
22
23int
24asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
25 int *out_constructed, uint32_t *out_tag_number)
26{
27 uint8_t tag_class, tag_val;
28 int tag_constructed;
29 uint32_t tag_number;
30
31 /*
32 * Decode ASN.1 identifier octets - see ITU-T X.690 section 8.1.2.
33 */
34
35 *out_class = 0;
36 *out_constructed = 0;
37 *out_tag_number = 0;
38
39 if (!CBS_get_u8(cbs, &tag_val))
40 return 0;
41
42 /*
43 * ASN.1 tag class, encoding (primitive or constructed) and tag number
44 * are encoded in one or more identifier octets - the first octet
45 * contains the 2 bit tag class, the 1 bit encoding type and 5 bits
46 * of tag number.
47 *
48 * For tag numbers larger than 30 (0x1e) the 5 bit tag number in the
49 * first octet is set to all ones (0x1f) - the tag number is then
50 * encoded in subsequent octets - each of which have a one bit
51 * continuation flag and 7 bits of tag number in big-endian form.
52 * The encoding should not contain leading zeros but can for BER.
53 */
54 tag_class = (tag_val >> 6) & 0x3;
55 tag_constructed = (tag_val >> 5) & 0x1;
56 tag_number = tag_val & 0x1f;
57
58 /* Long form. */
59 if (tag_number == 0x1f) {
60 tag_number = 0;
61 do {
62 if (!CBS_get_u8(cbs, &tag_val))
63 return 0;
64 if (der_mode && tag_number == 0 && tag_val == 0x80)
65 return 0;
66 if (tag_number > (UINT32_MAX >> 7))
67 return 0;
68 tag_number = tag_number << 7 | (tag_val & 0x7f);
69 } while ((tag_val & 0x80) != 0);
70 }
71
72 *out_class = tag_class;
73 *out_constructed = tag_constructed;
74 *out_tag_number = tag_number;
75
76 return 1;
77}
78
79int
80asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
81 size_t *out_length)
82{
83 uint8_t len_bytes;
84 size_t length;
85 uint8_t val;
86
87 /*
88 * Decode ASN.1 length octets - see ITU-T X.690 section 8.1.3.
89 */
90
91 *out_length = 0;
92 *out_indefinite = 0;
93
94 if (!CBS_get_u8(cbs, &val))
95 return 0;
96
97 /*
98 * Short form - length is encoded in the lower 7 bits of a single byte.
99 */
100 if (val < 0x80) {
101 *out_length = val;
102 return 1;
103 }
104
105 /*
106 * Indefinite length - content continues until an End of Content (EOC)
107 * marker is reached. Must be used with constructed encoding.
108 */
109 if (val == 0x80) {
110 *out_indefinite = 1;
111 return 1;
112 }
113
114 /*
115 * Long form - the lower 7 bits of the first byte specifies the number
116 * of bytes used to encode the length, the following bytes specify the
117 * length in big-endian form. The encoding should not contain leading
118 * zeros but can for BER. A length value of 0x7f is invalid.
119 */
120 if ((len_bytes = val & 0x7f) == 0x7f)
121 return 0;
122
123 length = 0;
124
125 while (len_bytes-- > 0) {
126 if (!CBS_get_u8(cbs, &val))
127 return 0;
128 if (der_mode && length == 0 && val == 0)
129 return 0;
130 if (length > (SIZE_MAX >> 8))
131 return 0;
132 length = (length << 8) | val;
133 }
134
135 *out_length = length;
136
137 return 1;
138}
139
140int
141asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_tag_class,
142 int *out_constructed, uint32_t *out_tag_number, int *out_indefinite,
143 size_t *out_length)
144{
145 int constructed, indefinite;
146 uint32_t tag_number;
147 uint8_t tag_class;
148 size_t length;
149
150 *out_tag_class = 0;
151 *out_constructed = 0;
152 *out_tag_number = 0;
153 *out_indefinite = 0;
154 *out_length = 0;
155
156 if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed,
157 &tag_number))
158 return 0;
159 if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length))
160 return 0;
161
162 /* Indefinite length can only be used with constructed encoding. */
163 if (indefinite && !constructed)
164 return 0;
165
166 *out_tag_class = tag_class;
167 *out_constructed = constructed;
168 *out_tag_number = tag_number;
169 *out_indefinite = indefinite;
170 *out_length = length;
171
172 return 1;
173}
174
175int
176asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number,
177 CBS *out_content)
178{
179 int constructed, indefinite;
180 uint32_t tag_number;
181 uint8_t tag_class;
182 size_t length;
183
184 *out_tag_number = 0;
185
186 CBS_init(out_content, NULL, 0);
187
188 if (!asn1_get_identifier_cbs(cbs, der_mode, &tag_class, &constructed,
189 &tag_number))
190 return 0;
191 if (!asn1_get_length_cbs(cbs, der_mode, &indefinite, &length))
192 return 0;
193
194 /* A primitive is not constructed and has a definite length. */
195 if (constructed || indefinite)
196 return 0;
197
198 if (!CBS_get_bytes(cbs, out_content, length))
199 return 0;
200
201 *out_tag_number = tag_number;
202
203 return 1;
204}
diff --git a/src/lib/libcrypto/asn1/asn1_local.h b/src/lib/libcrypto/asn1/asn1_local.h
deleted file mode 100644
index 19de978772..0000000000
--- a/src/lib/libcrypto/asn1/asn1_local.h
+++ /dev/null
@@ -1,193 +0,0 @@
1/* $OpenBSD: asn1_local.h,v 1.10 2024/03/02 09:10:42 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include "bytestring.h"
60
61__BEGIN_HIDDEN_DECLS
62
63/* Internal ASN1 structures and functions: not for application use */
64
65ASN1_TYPE *ASN1_TYPE_pack_sequence(const ASN1_ITEM *it, void *s, ASN1_TYPE **t);
66void *ASN1_TYPE_unpack_sequence(const ASN1_ITEM *it, const ASN1_TYPE *t);
67
68/* These are used internally in the ASN1_OBJECT to keep track of
69 * whether the names and data need to be free()ed */
70#define ASN1_OBJECT_FLAG_DYNAMIC 0x01 /* internal use */
71#define ASN1_OBJECT_FLAG_CRITICAL 0x02 /* critical x509v3 object id */
72#define ASN1_OBJECT_FLAG_DYNAMIC_STRINGS 0x04 /* internal use */
73#define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */
74struct asn1_object_st {
75 const char *sn, *ln;
76 int nid;
77 int length;
78 const unsigned char *data; /* data remains const after init */
79 int flags; /* Should we free this one */
80} /* ASN1_OBJECT */;
81
82/* ASN1 print context structure */
83
84struct asn1_pctx_st {
85 unsigned long flags;
86 unsigned long nm_flags;
87 unsigned long cert_flags;
88 unsigned long oid_flags;
89 unsigned long str_flags;
90} /* ASN1_PCTX */;
91
92int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it);
93int asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it);
94
95ASN1_VALUE ** asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
96
97const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr);
98
99int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it);
100
101void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it);
102void asn1_enc_cleanup(ASN1_VALUE **pval, const ASN1_ITEM *it);
103int asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it);
104int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, const ASN1_ITEM *it);
105
106int i2d_ASN1_BOOLEAN(int a, unsigned char **pp);
107int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length);
108
109/*
110 * Unicode codepoint constants
111 */
112#define UNICODE_MAX 0x10FFFF
113#define UNICODE_SURROGATE_MIN 0x00D800
114#define UNICODE_SURROGATE_MAX 0x00DFFF
115
116#define UNICODE_IS_SURROGATE(x) \
117 ((x) >= UNICODE_SURROGATE_MIN && (x) <= UNICODE_SURROGATE_MAX)
118
119int UTF8_getc(const unsigned char *str, int len, unsigned long *val);
120int UTF8_putc(unsigned char *str, int len, unsigned long value);
121
122int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
123
124int asn1_get_identifier_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
125 int *out_constructed, uint32_t *out_tag_number);
126int asn1_get_length_cbs(CBS *cbs, int der_mode, int *out_indefinite,
127 size_t *out_length);
128int asn1_get_object_cbs(CBS *cbs, int der_mode, uint8_t *out_class,
129 int *out_constructed, uint32_t *out_tag_number, int *out_indefinite,
130 size_t *out_length);
131int asn1_get_primitive(CBS *cbs, int der_mode, uint32_t *out_tag_number,
132 CBS *out_content);
133
134int asn1_must_be_constructed(int tag);
135int asn1_must_be_primitive(int tag);
136int asn1_tag2charwidth(int tag);
137
138int asn1_abs_set_unused_bits(ASN1_BIT_STRING *abs, uint8_t unused_bits);
139int c2i_ASN1_BIT_STRING_cbs(ASN1_BIT_STRING **out_abs, CBS *cbs);
140
141int c2i_ASN1_ENUMERATED_cbs(ASN1_ENUMERATED **out_aenum, CBS *cbs);
142
143int asn1_aint_get_uint64(CBS *cbs, uint64_t *out_val);
144int asn1_aint_set_uint64(uint64_t val, uint8_t **out_data, int *out_len);
145int asn1_aint_get_int64(CBS *cbs, int negative, int64_t *out_val);
146int c2i_ASN1_INTEGER_cbs(ASN1_INTEGER **out_aint, CBS *cbs);
147
148int c2i_ASN1_OBJECT_cbs(ASN1_OBJECT **out_aobj, CBS *content);
149int i2t_ASN1_OBJECT_internal(const ASN1_OBJECT *aobj, char *buf, int buf_len,
150 int no_name);
151ASN1_OBJECT *t2i_ASN1_OBJECT_internal(const char *oid);
152
153int asn1_time_parse_cbs(const CBS *cbs, int is_gentime, struct tm *out_tm);
154
155ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
156 long length);
157int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp);
158ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
159 const unsigned char **pp, long length);
160int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp);
161ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
162 long length);
163int OPENSSL_gmtime_adj(struct tm *tm, int offset_day, int64_t offset_sec);
164int OPENSSL_gmtime_diff(int *pday, int *psec, const struct tm *from,
165 const struct tm *to);
166int asn1_time_time_t_to_tm(const time_t *time, struct tm *out_tm);
167int asn1_time_tm_to_time_t(const struct tm *tm, time_t *out);
168
169int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it);
170
171const BIO_METHOD *BIO_f_asn1(void);
172
173BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it);
174
175int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
176 const ASN1_ITEM *it);
177int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
178 const char *hdr, const ASN1_ITEM *it);
179int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
180 int ctype_nid, int econt_nid, STACK_OF(X509_ALGOR) *mdalgs,
181 const ASN1_ITEM *it);
182ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it);
183
184int ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
185void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
186
187int ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
188void ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
189
190int ASN1_time_parse(const char *_bytes, size_t _len, struct tm *_tm, int _mode);
191int ASN1_time_tm_cmp(struct tm *_tm1, struct tm *_tm2);
192
193__END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/asn1/asn1_old.c b/src/lib/libcrypto/asn1/asn1_old.c
deleted file mode 100644
index 7992fccdef..0000000000
--- a/src/lib/libcrypto/asn1/asn1_old.c
+++ /dev/null
@@ -1,185 +0,0 @@
1/* $OpenBSD: asn1_old.c,v 1.6 2024/04/10 14:55:12 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61
62#include <openssl/asn1.h>
63#include <openssl/buffer.h>
64#include <openssl/err.h>
65
66#include "asn1_local.h"
67
68#ifndef NO_OLD_ASN1
69
70void *
71ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x)
72{
73 unsigned char *b, *p;
74 const unsigned char *p2;
75 int i;
76 char *ret;
77
78 if (x == NULL)
79 return (NULL);
80
81 i = i2d(x, NULL);
82 b = malloc(i + 10);
83 if (b == NULL) {
84 ASN1error(ERR_R_MALLOC_FAILURE);
85 return (NULL);
86 }
87 p = b;
88 i = i2d(x, &p);
89 p2 = b;
90 ret = d2i(NULL, &p2, i);
91 free(b);
92 return (ret);
93}
94LCRYPTO_ALIAS(ASN1_dup);
95
96void *
97ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
98{
99 BIO *b;
100 void *ret;
101
102 if ((b = BIO_new(BIO_s_file())) == NULL) {
103 ASN1error(ERR_R_BUF_LIB);
104 return (NULL);
105 }
106 BIO_set_fp(b, in, BIO_NOCLOSE);
107 ret = ASN1_d2i_bio(xnew, d2i, b, x);
108 BIO_free(b);
109 return (ret);
110}
111LCRYPTO_ALIAS(ASN1_d2i_fp);
112
113void *
114ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
115{
116 BUF_MEM *b = NULL;
117 const unsigned char *p;
118 void *ret = NULL;
119 int len;
120
121 len = asn1_d2i_read_bio(in, &b);
122 if (len < 0)
123 goto err;
124
125 p = (unsigned char *)b->data;
126 ret = d2i(x, &p, len);
127
128 err:
129 if (b != NULL)
130 BUF_MEM_free(b);
131 return (ret);
132}
133LCRYPTO_ALIAS(ASN1_d2i_bio);
134
135int
136ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x)
137{
138 BIO *b;
139 int ret;
140
141 if ((b = BIO_new(BIO_s_file())) == NULL) {
142 ASN1error(ERR_R_BUF_LIB);
143 return (0);
144 }
145 BIO_set_fp(b, out, BIO_NOCLOSE);
146 ret = ASN1_i2d_bio(i2d, b, x);
147 BIO_free(b);
148 return (ret);
149}
150LCRYPTO_ALIAS(ASN1_i2d_fp);
151
152int
153ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x)
154{
155 char *b;
156 unsigned char *p;
157 int i, j = 0, n, ret = 1;
158
159 n = i2d(x, NULL);
160 b = malloc(n);
161 if (b == NULL) {
162 ASN1error(ERR_R_MALLOC_FAILURE);
163 return (0);
164 }
165
166 p = (unsigned char *)b;
167 i2d(x, &p);
168
169 for (;;) {
170 i = BIO_write(out, &(b[j]), n);
171 if (i == n)
172 break;
173 if (i <= 0) {
174 ret = 0;
175 break;
176 }
177 j += i;
178 n -= i;
179 }
180 free(b);
181 return (ret);
182}
183LCRYPTO_ALIAS(ASN1_i2d_bio);
184
185#endif
diff --git a/src/lib/libcrypto/asn1/asn1_old_lib.c b/src/lib/libcrypto/asn1/asn1_old_lib.c
deleted file mode 100644
index 80362ae689..0000000000
--- a/src/lib/libcrypto/asn1/asn1_old_lib.c
+++ /dev/null
@@ -1,216 +0,0 @@
1/* $OpenBSD: asn1_old_lib.c,v 1.6 2023/07/05 21:23:36 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/err.h>
65
66#include "asn1_local.h"
67
68static void asn1_put_length(unsigned char **pp, int length);
69
70int
71ASN1_get_object(const unsigned char **pp, long *plength, int *ptag,
72 int *pclass, long omax)
73{
74 int constructed, indefinite;
75 uint32_t tag_number;
76 uint8_t tag_class;
77 size_t length;
78 CBS cbs;
79 int ret = 0;
80
81 *pclass = 0;
82 *ptag = 0;
83 *plength = 0;
84
85 CBS_init(&cbs, *pp, omax);
86
87 if (!asn1_get_object_cbs(&cbs, 0, &tag_class, &constructed, &tag_number,
88 &indefinite, &length)) {
89 ASN1error(ASN1_R_HEADER_TOO_LONG);
90 return 0x80;
91 }
92
93 if (tag_number > INT_MAX) {
94 ASN1error(ASN1_R_HEADER_TOO_LONG);
95 return 0x80;
96 }
97
98 /*
99 * API insanity ahead... in this case we add an error to the stack and
100 * signal an error by setting the 8th bit in the return value... but we
101 * still provide all of the decoded data.
102 */
103 if (length > CBS_len(&cbs) || length > LONG_MAX) {
104 ASN1error(ASN1_R_TOO_LONG);
105 ret = 0x80;
106 }
107
108 *pclass = tag_class << 6;
109 *ptag = tag_number;
110 *plength = length;
111
112 *pp = CBS_data(&cbs);
113
114 if (constructed)
115 ret |= 1 << 5;
116 if (indefinite)
117 ret |= 1;
118
119 return ret;
120}
121LCRYPTO_ALIAS(ASN1_get_object);
122
123/* class 0 is constructed
124 * constructed == 2 for indefinite length constructed */
125void
126ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
127 int xclass)
128{
129 unsigned char *p = *pp;
130 int i, ttag;
131
132 i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
133 i |= (xclass & V_ASN1_PRIVATE);
134 if (tag < 31)
135 *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
136 else {
137 *(p++) = i | V_ASN1_PRIMITIVE_TAG;
138 for(i = 0, ttag = tag; ttag > 0; i++)
139 ttag >>= 7;
140 ttag = i;
141 while (i-- > 0) {
142 p[i] = tag & 0x7f;
143 if (i != (ttag - 1))
144 p[i] |= 0x80;
145 tag >>= 7;
146 }
147 p += ttag;
148 }
149 if (constructed == 2)
150 *(p++) = 0x80;
151 else
152 asn1_put_length(&p, length);
153 *pp = p;
154}
155LCRYPTO_ALIAS(ASN1_put_object);
156
157int
158ASN1_put_eoc(unsigned char **pp)
159{
160 unsigned char *p = *pp;
161
162 *p++ = 0;
163 *p++ = 0;
164 *pp = p;
165 return 2;
166}
167LCRYPTO_ALIAS(ASN1_put_eoc);
168
169static void
170asn1_put_length(unsigned char **pp, int length)
171{
172 unsigned char *p = *pp;
173
174 int i, l;
175 if (length <= 127)
176 *(p++) = (unsigned char)length;
177 else {
178 l = length;
179 for (i = 0; l > 0; i++)
180 l >>= 8;
181 *(p++) = i | 0x80;
182 l = i;
183 while (i-- > 0) {
184 p[i] = length & 0xff;
185 length >>= 8;
186 }
187 p += l;
188 }
189 *pp = p;
190}
191
192int
193ASN1_object_size(int constructed, int length, int tag)
194{
195 int ret;
196
197 ret = length;
198 ret++;
199 if (tag >= 31) {
200 while (tag > 0) {
201 tag >>= 7;
202 ret++;
203 }
204 }
205 if (constructed == 2)
206 return ret + 3;
207 ret++;
208 if (length > 127) {
209 while (length > 0) {
210 length >>= 8;
211 ret++;
212 }
213 }
214 return (ret);
215}
216LCRYPTO_ALIAS(ASN1_object_size);
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c
deleted file mode 100644
index 712bb5260e..0000000000
--- a/src/lib/libcrypto/asn1/asn1_par.c
+++ /dev/null
@@ -1,386 +0,0 @@
1/* $OpenBSD: asn1_par.c,v 1.35 2023/07/05 21:23:36 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62#include <openssl/buffer.h>
63#include <openssl/objects.h>
64
65static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
66 int indent);
67static int asn1_parse2(BIO *bp, const unsigned char **pp, long length,
68 int offset, int depth, int indent, int dump);
69
70static int
71asn1_print_info(BIO *bp, int tag, int xclass, int constructed,
72 int indent)
73{
74 char str[128];
75 const char *p;
76
77 if (constructed & V_ASN1_CONSTRUCTED)
78 p="cons: ";
79 else
80 p="prim: ";
81 if (BIO_write(bp, p, 6) < 6)
82 goto err;
83 if (!BIO_indent(bp, indent, 128))
84 goto err;
85
86 p = str;
87 if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE)
88 snprintf(str, sizeof str, "priv [ %d ] ", tag);
89 else if ((xclass & V_ASN1_CONTEXT_SPECIFIC) == V_ASN1_CONTEXT_SPECIFIC)
90 snprintf(str, sizeof str, "cont [ %d ]", tag);
91 else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION)
92 snprintf(str, sizeof str, "appl [ %d ]", tag);
93 else if (tag > 30)
94 snprintf(str, sizeof str, "<ASN1 %d>", tag);
95 else
96 p = ASN1_tag2str(tag);
97
98 if (BIO_printf(bp, "%-18s", p) <= 0)
99 goto err;
100 return (1);
101 err:
102 return (0);
103}
104
105int
106ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent)
107{
108 return (asn1_parse2(bp, &pp, len, 0, 0, indent, 0));
109}
110LCRYPTO_ALIAS(ASN1_parse);
111
112int
113ASN1_parse_dump(BIO *bp, const unsigned char *pp, long len, int indent, int dump)
114{
115 return (asn1_parse2(bp, &pp, len, 0, 0, indent, dump));
116}
117LCRYPTO_ALIAS(ASN1_parse_dump);
118
119static int
120asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset,
121 int depth, int indent, int dump)
122{
123 const unsigned char *p, *ep, *tot, *op, *opp;
124 long len;
125 int tag, xclass, ret = 0;
126 int nl, hl, j, r;
127 ASN1_OBJECT *o = NULL;
128 ASN1_OCTET_STRING *os = NULL;
129 ASN1_INTEGER *ai = NULL;
130 ASN1_ENUMERATED *ae = NULL;
131 /* ASN1_BMPSTRING *bmp=NULL;*/
132 int dump_indent;
133
134 dump_indent = 6; /* Because we know BIO_dump_indent() */
135 p = *pp;
136 tot = p + length;
137 op = p - 1;
138 if (depth > 128) {
139 BIO_printf(bp, "Max depth exceeded\n");
140 goto end;
141 }
142 while ((p < tot) && (op < p)) {
143 op = p;
144 j = ASN1_get_object(&p, &len, &tag, &xclass, length);
145
146 if (j & 0x80) {
147 if (BIO_write(bp, "Error in encoding\n", 18) <= 0)
148 goto end;
149 ret = 0;
150 goto end;
151 }
152 hl = (p - op);
153 length -= hl;
154 /* if j == 0x21 it is a constructed indefinite length object */
155 if (BIO_printf(bp, "%5ld:", (long)offset +
156 (long)(op - *pp)) <= 0)
157 goto end;
158
159 if (j != (V_ASN1_CONSTRUCTED | 1)) {
160 if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ",
161 depth, (long)hl, len) <= 0)
162 goto end;
163 } else {
164 if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ",
165 depth, (long)hl) <= 0)
166 goto end;
167 }
168 if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0))
169 goto end;
170 if (j & V_ASN1_CONSTRUCTED) {
171 ep = p + len;
172 if (BIO_write(bp, "\n", 1) <= 0)
173 goto end;
174 if (len > length) {
175 BIO_printf(bp, "length is greater than %ld\n",
176 length);
177 ret = 0;
178 goto end;
179 }
180 if ((j == 0x21) && (len == 0)) {
181 for (;;) {
182 r = asn1_parse2(bp, &p, (long)(tot - p),
183 offset + (p - *pp), depth + 1,
184 indent, dump);
185 if (r == 0) {
186 ret = 0;
187 goto end;
188 }
189 if ((r == 2) || (p >= tot)) {
190 len = (long)(p - ep);
191 break;
192 }
193 }
194 } else {
195 while (p < ep) {
196 r = asn1_parse2(bp, &p, (long)(ep - p),
197 offset + (p - *pp), depth + 1,
198 indent, dump);
199 if (r == 0) {
200 ret = 0;
201 goto end;
202 }
203 }
204 }
205 } else if (xclass != 0) {
206 p += len;
207 if (BIO_write(bp, "\n", 1) <= 0)
208 goto end;
209 } else {
210 nl = 0;
211 if ((tag == V_ASN1_PRINTABLESTRING) ||
212 (tag == V_ASN1_T61STRING) ||
213 (tag == V_ASN1_IA5STRING) ||
214 (tag == V_ASN1_VISIBLESTRING) ||
215 (tag == V_ASN1_NUMERICSTRING) ||
216 (tag == V_ASN1_UTF8STRING) ||
217 (tag == V_ASN1_UTCTIME) ||
218 (tag == V_ASN1_GENERALIZEDTIME)) {
219 if (BIO_write(bp, ":", 1) <= 0)
220 goto end;
221 if ((len > 0) &&
222 BIO_write(bp, (const char *)p, (int)len) !=
223 (int)len)
224 goto end;
225 } else if (tag == V_ASN1_OBJECT) {
226 opp = op;
227 if (d2i_ASN1_OBJECT(&o, &opp, len + hl) !=
228 NULL) {
229 if (BIO_write(bp, ":", 1) <= 0)
230 goto end;
231 i2a_ASN1_OBJECT(bp, o);
232 } else {
233 if (BIO_write(bp, ":BAD OBJECT",
234 11) <= 0)
235 goto end;
236 }
237 } else if (tag == V_ASN1_BOOLEAN) {
238 if (len == 1 && p < tot) {
239 BIO_printf(bp, ":%u", p[0]);
240 } else {
241 if (BIO_write(bp, "Bad boolean\n",
242 12) <= 0)
243 goto end;
244 }
245 } else if (tag == V_ASN1_BMPSTRING) {
246 /* do the BMP thang */
247 } else if (tag == V_ASN1_OCTET_STRING) {
248 int i, printable = 1;
249
250 opp = op;
251 os = d2i_ASN1_OCTET_STRING(NULL, &opp, len + hl);
252 if (os != NULL && os->length > 0) {
253 opp = os->data;
254 /* testing whether the octet string is
255 * printable */
256 for (i = 0; i < os->length; i++) {
257 if (((opp[i] < ' ') &&
258 (opp[i] != '\n') &&
259 (opp[i] != '\r') &&
260 (opp[i] != '\t')) ||
261 (opp[i] > '~')) {
262 printable = 0;
263 break;
264 }
265 }
266 if (printable) {
267 /* printable string */
268 if (BIO_write(bp, ":", 1) <= 0)
269 goto end;
270 if (BIO_write(bp, (const char *)opp,
271 os->length) <= 0)
272 goto end;
273 } else if (!dump) {
274 /* not printable => print octet string
275 * as hex dump */
276 if (BIO_write(bp, "[HEX DUMP]:", 11) <= 0)
277 goto end;
278 for (i = 0; i < os->length; i++) {
279 if (BIO_printf(bp,
280 "%02X", opp[i]) <= 0)
281 goto end;
282 }
283 } else {
284 /* print the normal dump */
285 if (!nl) {
286 if (BIO_write(bp, "\n", 1) <= 0)
287 goto end;
288 }
289 if (BIO_dump_indent(bp,
290 (const char *)opp,
291 ((dump == -1 || dump >
292 os->length) ? os->length : dump),
293 dump_indent) <= 0)
294 goto end;
295 nl = 1;
296 }
297 }
298 ASN1_OCTET_STRING_free(os);
299 os = NULL;
300 } else if (tag == V_ASN1_INTEGER) {
301 int i;
302
303 opp = op;
304 ai = d2i_ASN1_INTEGER(NULL, &opp, len + hl);
305 if (ai != NULL) {
306 if (BIO_write(bp, ":", 1) <= 0)
307 goto end;
308 if (ai->type == V_ASN1_NEG_INTEGER)
309 if (BIO_write(bp, "-", 1) <= 0)
310 goto end;
311 for (i = 0; i < ai->length; i++) {
312 if (BIO_printf(bp, "%02X",
313 ai->data[i]) <= 0)
314 goto end;
315 }
316 if (ai->length == 0) {
317 if (BIO_write(bp, "00", 2) <= 0)
318 goto end;
319 }
320 } else {
321 if (BIO_write(bp, "BAD INTEGER", 11) <= 0)
322 goto end;
323 }
324 ASN1_INTEGER_free(ai);
325 ai = NULL;
326 } else if (tag == V_ASN1_ENUMERATED) {
327 int i;
328
329 opp = op;
330 ae = d2i_ASN1_ENUMERATED(NULL, &opp, len + hl);
331 if (ae != NULL) {
332 if (BIO_write(bp, ":", 1) <= 0)
333 goto end;
334 if (ae->type == V_ASN1_NEG_ENUMERATED)
335 if (BIO_write(bp, "-", 1) <= 0)
336 goto end;
337 for (i = 0; i < ae->length; i++) {
338 if (BIO_printf(bp, "%02X",
339 ae->data[i]) <= 0)
340 goto end;
341 }
342 if (ae->length == 0) {
343 if (BIO_write(bp, "00", 2) <= 0)
344 goto end;
345 }
346 } else {
347 if (BIO_write(bp, "BAD ENUMERATED", 14) <= 0)
348 goto end;
349 }
350 ASN1_ENUMERATED_free(ae);
351 ae = NULL;
352 } else if (len > 0 && dump) {
353 if (!nl) {
354 if (BIO_write(bp, "\n", 1) <= 0)
355 goto end;
356 }
357 if (BIO_dump_indent(bp, (const char *)p,
358 ((dump == -1 || dump > len) ? len : dump),
359 dump_indent) <= 0)
360 goto end;
361 nl = 1;
362 }
363
364 if (!nl) {
365 if (BIO_write(bp, "\n", 1) <= 0)
366 goto end;
367 }
368 p += len;
369 if ((tag == V_ASN1_EOC) && (xclass == 0)) {
370 ret = 2; /* End of sequence */
371 goto end;
372 }
373 }
374 length -= len;
375 }
376 ret = 1;
377
378 end:
379 if (o != NULL)
380 ASN1_OBJECT_free(o);
381 ASN1_OCTET_STRING_free(os);
382 ASN1_INTEGER_free(ai);
383 ASN1_ENUMERATED_free(ae);
384 *pp = p;
385 return (ret);
386}
diff --git a/src/lib/libcrypto/asn1/asn1_types.c b/src/lib/libcrypto/asn1/asn1_types.c
deleted file mode 100644
index 5f9644a718..0000000000
--- a/src/lib/libcrypto/asn1/asn1_types.c
+++ /dev/null
@@ -1,305 +0,0 @@
1/* $OpenBSD: asn1_types.c,v 1.3 2023/07/05 21:23:36 beck Exp $ */
2/*
3 * Copyright (c) 2021 Joel Sing <jsing@openbsd.org>
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stddef.h>
19
20#include <openssl/asn1.h>
21
22#define ASN1_ENCODING_CONSTRUCTED_ONLY 1
23#define ASN1_ENCODING_PRIMITIVE_ONLY 2
24
25struct asn1_type {
26 const char *name;
27 uint32_t bit_value;
28 int char_width;
29 int encoding;
30};
31
32/*
33 * Universal class tag types - ITU X.680.
34 */
35static const struct asn1_type asn1_types[31] = {
36 [0] = {
37 /* Tag 0 (0x00) - Reserved for use by encoding rules */
38 .name = "EOC",
39 .bit_value = 0,
40 .char_width = -1,
41 },
42 [1] = {
43 /* Tag 1 (0x01) - Boolean */
44 .name = "BOOLEAN",
45 .bit_value = 0,
46 .char_width = -1,
47 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
48 },
49 [2] = {
50 /* Tag 2 (0x02) - Integer */
51 .name = "INTEGER",
52 .bit_value = 0,
53 .char_width = -1,
54 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
55 },
56 [3] = {
57 /* Tag 3 (0x03) - BitString */
58 .name = "BIT STRING",
59 .bit_value = B_ASN1_BIT_STRING,
60 .char_width = -1,
61 },
62 [4] = {
63 /* Tag 4 (0x04) - OctetString */
64 .name = "OCTET STRING",
65 .bit_value = B_ASN1_OCTET_STRING,
66 .char_width = -1,
67 },
68 [5] = {
69 /* Tag 5 (0x05) - Null */
70 .name = "NULL",
71 .bit_value = 0,
72 .char_width = -1,
73 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
74 },
75 [6] = {
76 /* Tag 6 (0x06) - Object Identifier */
77 .name = "OBJECT",
78 .bit_value = 0,
79 .char_width = -1,
80 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
81 },
82 [7] = {
83 /* Tag 7 (0x07) - Object Descriptor */
84 .name = "OBJECT DESCRIPTOR",
85 .bit_value = B_ASN1_UNKNOWN,
86 .char_width = -1,
87 },
88 [8] = {
89 /* Tag 8 (0x08) - External */
90 .name = "EXTERNAL",
91 .bit_value = B_ASN1_UNKNOWN,
92 .char_width = -1,
93 },
94 [9] = {
95 /* Tag 9 (0x09) - Real */
96 .name = "REAL",
97 .bit_value = B_ASN1_UNKNOWN,
98 .char_width = -1,
99 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
100 },
101 [10] = {
102 /* Tag 10 (0x0a) - Enumerated */
103 .name = "ENUMERATED",
104 .bit_value = B_ASN1_UNKNOWN,
105 .char_width = -1,
106 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
107 },
108 [11] = {
109 /* Tag 11 (0x0b) - Embedded PDV */
110 .name = "<ASN1 11 EMBEDDED PDV>",
111 .bit_value = B_ASN1_UNKNOWN,
112 .char_width = -1,
113 },
114 [12] = {
115 /* Tag 12 (0x0c) - UTF8String */
116 .name = "UTF8STRING",
117 .bit_value = B_ASN1_UTF8STRING,
118 .char_width = 0,
119 },
120 [13] = {
121 /* Tag 13 (0x0d) - Relative Object Identifier */
122 .name = "<ASN1 13 RELATIVE OID>",
123 .bit_value = B_ASN1_UNKNOWN,
124 .char_width = -1,
125 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
126 },
127 [14] = {
128 /* Tag 14 (0x0e) - Time */
129 .name = "<ASN1 14 TIME>",
130 .bit_value = B_ASN1_UNKNOWN,
131 .char_width = -1,
132 .encoding = ASN1_ENCODING_PRIMITIVE_ONLY,
133 },
134 [15] = {
135 /* Tag 15 (0x0f) - Reserved */
136 .name = "<ASN1 15 RESERVED>",
137 .bit_value = B_ASN1_UNKNOWN,
138 .char_width = -1,
139 },
140 [16] = {
141 /* Tag 16 (0x10)- Sequence */
142 .name = "SEQUENCE",
143 .bit_value = B_ASN1_SEQUENCE,
144 .char_width = -1,
145 .encoding = ASN1_ENCODING_CONSTRUCTED_ONLY,
146 },
147 [17] = {
148 /* Tag 17 (0x11) - Set */
149 .name = "SET",
150 .bit_value = 0,
151 .char_width = -1,
152 .encoding = ASN1_ENCODING_CONSTRUCTED_ONLY,
153 },
154 [18] = {
155 /* Tag 18 (0x12) - NumericString */
156 .name = "NUMERICSTRING",
157 .bit_value = B_ASN1_NUMERICSTRING,
158 .char_width = -1,
159 },
160 [19] = {
161 /* Tag 19 (0x13) - PrintableString */
162 .name = "PRINTABLESTRING",
163 .bit_value = B_ASN1_PRINTABLESTRING,
164 .char_width = 1,
165 },
166 [20] = {
167 /* Tag 20 (0x14) - TeletexString (T61String) */
168 .name = "T61STRING",
169 .bit_value = B_ASN1_T61STRING,
170 .char_width = 1,
171 },
172 [21] = {
173 /* Tag 21 (0x15) - VideotexString */
174 .name = "VIDEOTEXSTRING",
175 .bit_value = B_ASN1_VIDEOTEXSTRING,
176 .char_width = -1,
177 },
178 [22] = {
179 /* Tag 22 (0x16) - IA5String */
180 .name = "IA5STRING",
181 .bit_value = B_ASN1_IA5STRING,
182 .char_width = 1,
183 },
184 [23] = {
185 /* Tag 23 (0x17) - UTCTime */
186 .name = "UTCTIME",
187 .bit_value = B_ASN1_UTCTIME,
188 .char_width = 1,
189 },
190 [24] = {
191 /* Tag 24 (0x18) - GeneralizedTime */
192 .name = "GENERALIZEDTIME",
193 .bit_value = B_ASN1_GENERALIZEDTIME,
194 .char_width = 1,
195 },
196 [25] = {
197 /* Tag 25 (0x19) - GraphicString */
198 .name = "GRAPHICSTRING",
199 .bit_value = B_ASN1_GRAPHICSTRING,
200 .char_width = -1,
201 },
202 [26] = {
203 /* Tag 26 (0x1a) - VisibleString (ISO646String) */
204 .name = "VISIBLESTRING",
205 .bit_value = B_ASN1_ISO64STRING,
206 .char_width = 1,
207 },
208 [27] = {
209 /* Tag 27 (0x1b) - GeneralString */
210 .name = "GENERALSTRING",
211 .bit_value = B_ASN1_GENERALSTRING,
212 .char_width = -1,
213 },
214 [28] = {
215 /* Tag 28 (0x1c) - UniversalString */
216 .name = "UNIVERSALSTRING",
217 .bit_value = B_ASN1_UNIVERSALSTRING,
218 .char_width = 4,
219 },
220 [29] = {
221 /* Tag 29 (0x1d) - Unallocated */
222 .name = "<ASN1 29>",
223 .bit_value = B_ASN1_UNKNOWN,
224 .char_width = -1,
225 },
226 [30] = {
227 /* Tag 30 (0x1e) - BMPString */
228 .name = "BMPSTRING",
229 .bit_value = B_ASN1_BMPSTRING,
230 .char_width = 2,
231 },
232};
233
234static const struct asn1_type *
235asn1_type_by_tag(int tag)
236{
237 if (tag < 0 || tag > 30)
238 return NULL;
239
240 return &asn1_types[tag];
241}
242
243int
244asn1_must_be_constructed(int tag)
245{
246 const struct asn1_type *at;
247
248 if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED)
249 tag &= ~V_ASN1_NEG;
250 if ((at = asn1_type_by_tag(tag)) != NULL)
251 return at->encoding == ASN1_ENCODING_CONSTRUCTED_ONLY;
252
253 return 0;
254}
255
256int
257asn1_must_be_primitive(int tag)
258{
259 const struct asn1_type *at;
260
261 if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED)
262 tag &= ~V_ASN1_NEG;
263 if ((at = asn1_type_by_tag(tag)) != NULL)
264 return at->encoding == ASN1_ENCODING_PRIMITIVE_ONLY;
265
266 return 0;
267}
268
269int
270asn1_tag2charwidth(int tag)
271{
272 const struct asn1_type *at;
273
274 if ((at = asn1_type_by_tag(tag)) != NULL)
275 return at->char_width;
276
277 return -1;
278}
279
280unsigned long
281ASN1_tag2bit(int tag)
282{
283 const struct asn1_type *at;
284
285 if ((at = asn1_type_by_tag(tag)) != NULL)
286 return (unsigned long)at->bit_value;
287
288 return 0;
289}
290LCRYPTO_ALIAS(ASN1_tag2bit);
291
292const char *
293ASN1_tag2str(int tag)
294{
295 const struct asn1_type *at;
296
297 if (tag == V_ASN1_NEG_INTEGER || tag == V_ASN1_NEG_ENUMERATED)
298 tag &= ~V_ASN1_NEG;
299
300 if ((at = asn1_type_by_tag(tag)) != NULL)
301 return at->name;
302
303 return "(unknown)";
304}
305LCRYPTO_ALIAS(ASN1_tag2str);
diff --git a/src/lib/libcrypto/asn1/asn1t.h b/src/lib/libcrypto/asn1/asn1t.h
deleted file mode 100644
index 22cde48669..0000000000
--- a/src/lib/libcrypto/asn1/asn1t.h
+++ /dev/null
@@ -1,904 +0,0 @@
1/* $OpenBSD: asn1t.h,v 1.24 2024/07/08 16:24:22 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#ifndef HEADER_ASN1T_H
59#define HEADER_ASN1T_H
60
61#include <stddef.h>
62
63#include <openssl/opensslconf.h>
64
65#include <openssl/asn1.h>
66
67/* ASN1 template defines, structures and functions */
68
69#ifdef __cplusplus
70extern "C" {
71#endif
72
73#ifndef LIBRESSL_INTERNAL
74
75/* Macro to obtain ASN1_ADB pointer from a type (only used internally) */
76#define ASN1_ADB_ptr(iptr) ((const ASN1_ADB *)(iptr))
77
78
79/* Macros for start and end of ASN1_ITEM definition */
80
81#define ASN1_ITEM_start(itname) \
82 const ASN1_ITEM itname##_it = {
83
84#define static_ASN1_ITEM_start(itname) \
85 static const ASN1_ITEM itname##_it = {
86
87#define ASN1_ITEM_end(itname) \
88 };
89
90
91
92/* Macros to aid ASN1 template writing */
93
94#define ASN1_ITEM_TEMPLATE(tname) \
95 static const ASN1_TEMPLATE tname##_item_tt
96
97#define ASN1_ITEM_TEMPLATE_END(tname) \
98 ;\
99 ASN1_ITEM_start(tname) \
100 ASN1_ITYPE_PRIMITIVE,\
101 -1,\
102 &tname##_item_tt,\
103 0,\
104 NULL,\
105 0,\
106 #tname \
107 ASN1_ITEM_end(tname)
108
109#define static_ASN1_ITEM_TEMPLATE_END(tname) \
110 ;\
111 static_ASN1_ITEM_start(tname) \
112 ASN1_ITYPE_PRIMITIVE,\
113 -1,\
114 &tname##_item_tt,\
115 0,\
116 NULL,\
117 0,\
118 #tname \
119 ASN1_ITEM_end(tname)
120
121
122/* This is a ASN1 type which just embeds a template */
123
124/*
125 * This pair helps declare a SEQUENCE. We can do:
126 *
127 * ASN1_SEQUENCE(stname) = {
128 * ... SEQUENCE components ...
129 * } ASN1_SEQUENCE_END(stname)
130 *
131 * This will produce an ASN1_ITEM called stname_it
132 * for a structure called stname.
133 *
134 * If you want the same structure but a different
135 * name then use:
136 *
137 * ASN1_SEQUENCE(itname) = {
138 * ... SEQUENCE components ...
139 * } ASN1_SEQUENCE_END_name(stname, itname)
140 *
141 * This will create an item called itname_it using
142 * a structure called stname.
143 */
144
145#define ASN1_SEQUENCE(tname) \
146 static const ASN1_TEMPLATE tname##_seq_tt[]
147
148#define ASN1_SEQUENCE_END(stname) ASN1_SEQUENCE_END_name(stname, stname)
149
150#define static_ASN1_SEQUENCE_END(stname) static_ASN1_SEQUENCE_END_name(stname, stname)
151
152#define ASN1_SEQUENCE_END_name(stname, tname) \
153 ;\
154 ASN1_ITEM_start(tname) \
155 ASN1_ITYPE_SEQUENCE,\
156 V_ASN1_SEQUENCE,\
157 tname##_seq_tt,\
158 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
159 NULL,\
160 sizeof(stname),\
161 #stname \
162 ASN1_ITEM_end(tname)
163
164#define static_ASN1_SEQUENCE_END_name(stname, tname) \
165 ;\
166 static_ASN1_ITEM_start(tname) \
167 ASN1_ITYPE_SEQUENCE,\
168 V_ASN1_SEQUENCE,\
169 tname##_seq_tt,\
170 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
171 NULL,\
172 sizeof(stname),\
173 #stname \
174 ASN1_ITEM_end(tname)
175
176#define ASN1_NDEF_SEQUENCE(tname) \
177 ASN1_SEQUENCE(tname)
178
179#define ASN1_NDEF_SEQUENCE_cb(tname, cb) \
180 ASN1_SEQUENCE_cb(tname, cb)
181
182#define ASN1_SEQUENCE_cb(tname, cb) \
183 static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
184 ASN1_SEQUENCE(tname)
185
186#define ASN1_SEQUENCE_ref(tname, cb, lck) \
187 static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_REFCOUNT, offsetof(tname, references), lck, cb, 0}; \
188 ASN1_SEQUENCE(tname)
189
190#define ASN1_SEQUENCE_enc(tname, enc, cb) \
191 static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_ENCODING, 0, 0, cb, offsetof(tname, enc)}; \
192 ASN1_SEQUENCE(tname)
193
194#define ASN1_NDEF_SEQUENCE_END(tname) \
195 ;\
196 ASN1_ITEM_start(tname) \
197 ASN1_ITYPE_NDEF_SEQUENCE,\
198 V_ASN1_SEQUENCE,\
199 tname##_seq_tt,\
200 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
201 NULL,\
202 sizeof(tname),\
203 #tname \
204 ASN1_ITEM_end(tname)
205
206#define static_ASN1_NDEF_SEQUENCE_END(tname) \
207 ;\
208 static_ASN1_ITEM_start(tname) \
209 ASN1_ITYPE_NDEF_SEQUENCE,\
210 V_ASN1_SEQUENCE,\
211 tname##_seq_tt,\
212 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
213 NULL,\
214 sizeof(tname),\
215 #tname \
216 ASN1_ITEM_end(tname)
217
218#define ASN1_SEQUENCE_END_enc(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
219
220#define ASN1_SEQUENCE_END_cb(stname, tname) ASN1_SEQUENCE_END_ref(stname, tname)
221
222#define static_ASN1_SEQUENCE_END_cb(stname, tname) static_ASN1_SEQUENCE_END_ref(stname, tname)
223
224#define ASN1_SEQUENCE_END_ref(stname, tname) \
225 ;\
226 ASN1_ITEM_start(tname) \
227 ASN1_ITYPE_SEQUENCE,\
228 V_ASN1_SEQUENCE,\
229 tname##_seq_tt,\
230 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
231 &tname##_aux,\
232 sizeof(stname),\
233 #stname \
234 ASN1_ITEM_end(tname)
235
236#define static_ASN1_SEQUENCE_END_ref(stname, tname) \
237 ;\
238 static_ASN1_ITEM_start(tname) \
239 ASN1_ITYPE_SEQUENCE,\
240 V_ASN1_SEQUENCE,\
241 tname##_seq_tt,\
242 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
243 &tname##_aux,\
244 sizeof(stname),\
245 #stname \
246 ASN1_ITEM_end(tname)
247
248#define ASN1_NDEF_SEQUENCE_END_cb(stname, tname) \
249 ;\
250 ASN1_ITEM_start(tname) \
251 ASN1_ITYPE_NDEF_SEQUENCE,\
252 V_ASN1_SEQUENCE,\
253 tname##_seq_tt,\
254 sizeof(tname##_seq_tt) / sizeof(ASN1_TEMPLATE),\
255 &tname##_aux,\
256 sizeof(stname),\
257 #stname \
258 ASN1_ITEM_end(tname)
259
260
261/*
262 * This pair helps declare a CHOICE type. We can do:
263 *
264 * ASN1_CHOICE(chname) = {
265 * ... CHOICE options ...
266 * ASN1_CHOICE_END(chname)
267 *
268 * This will produce an ASN1_ITEM called chname_it
269 * for a structure called chname. The structure
270 * definition must look like this:
271 * typedef struct {
272 * int type;
273 * union {
274 * ASN1_SOMETHING *opt1;
275 * ASN1_SOMEOTHER *opt2;
276 * } value;
277 * } chname;
278 *
279 * the name of the selector must be 'type'.
280 * to use an alternative selector name use the
281 * ASN1_CHOICE_END_selector() version.
282 */
283
284#define ASN1_CHOICE(tname) \
285 static const ASN1_TEMPLATE tname##_ch_tt[]
286
287#define ASN1_CHOICE_cb(tname, cb) \
288 static const ASN1_AUX tname##_aux = {NULL, 0, 0, 0, cb, 0}; \
289 ASN1_CHOICE(tname)
290
291#define ASN1_CHOICE_END(stname) ASN1_CHOICE_END_name(stname, stname)
292
293#define static_ASN1_CHOICE_END(stname) static_ASN1_CHOICE_END_name(stname, stname)
294
295#define ASN1_CHOICE_END_name(stname, tname) ASN1_CHOICE_END_selector(stname, tname, type)
296
297#define static_ASN1_CHOICE_END_name(stname, tname) static_ASN1_CHOICE_END_selector(stname, tname, type)
298
299#define ASN1_CHOICE_END_selector(stname, tname, selname) \
300 ;\
301 ASN1_ITEM_start(tname) \
302 ASN1_ITYPE_CHOICE,\
303 offsetof(stname,selname) ,\
304 tname##_ch_tt,\
305 sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
306 NULL,\
307 sizeof(stname),\
308 #stname \
309 ASN1_ITEM_end(tname)
310
311#define static_ASN1_CHOICE_END_selector(stname, tname, selname) \
312 ;\
313 static_ASN1_ITEM_start(tname) \
314 ASN1_ITYPE_CHOICE,\
315 offsetof(stname,selname) ,\
316 tname##_ch_tt,\
317 sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
318 NULL,\
319 sizeof(stname),\
320 #stname \
321 ASN1_ITEM_end(tname)
322
323#define ASN1_CHOICE_END_cb(stname, tname, selname) \
324 ;\
325 ASN1_ITEM_start(tname) \
326 ASN1_ITYPE_CHOICE,\
327 offsetof(stname,selname) ,\
328 tname##_ch_tt,\
329 sizeof(tname##_ch_tt) / sizeof(ASN1_TEMPLATE),\
330 &tname##_aux,\
331 sizeof(stname),\
332 #stname \
333 ASN1_ITEM_end(tname)
334
335/* This helps with the template wrapper form of ASN1_ITEM */
336
337#define ASN1_EX_TEMPLATE_TYPE(flags, tag, name, type) { \
338 (flags), (tag), 0,\
339 #name, ASN1_ITEM_ref(type) }
340
341/* These help with SEQUENCE or CHOICE components */
342
343/* used to declare other types */
344
345#define ASN1_EX_TYPE(flags, tag, stname, field, type) { \
346 (flags), (tag), offsetof(stname, field),\
347 #field, ASN1_ITEM_ref(type) }
348
349/* implicit and explicit helper macros */
350
351#define ASN1_IMP_EX(stname, field, type, tag, ex) \
352 ASN1_EX_TYPE(ASN1_TFLG_IMPLICIT | ex, tag, stname, field, type)
353
354#define ASN1_EXP_EX(stname, field, type, tag, ex) \
355 ASN1_EX_TYPE(ASN1_TFLG_EXPLICIT | ex, tag, stname, field, type)
356
357/* Any defined by macros: the field used is in the table itself */
358
359#define ASN1_ADB_OBJECT(tblname) { ASN1_TFLG_ADB_OID, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
360#define ASN1_ADB_INTEGER(tblname) { ASN1_TFLG_ADB_INT, -1, 0, #tblname, (const ASN1_ITEM *)&(tblname##_adb) }
361/* Plain simple type */
362#define ASN1_SIMPLE(stname, field, type) ASN1_EX_TYPE(0,0, stname, field, type)
363
364/* OPTIONAL simple type */
365#define ASN1_OPT(stname, field, type) ASN1_EX_TYPE(ASN1_TFLG_OPTIONAL, 0, stname, field, type)
366
367/* IMPLICIT tagged simple type */
368#define ASN1_IMP(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, 0)
369
370/* IMPLICIT tagged OPTIONAL simple type */
371#define ASN1_IMP_OPT(stname, field, type, tag) ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
372
373/* Same as above but EXPLICIT */
374
375#define ASN1_EXP(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, 0)
376#define ASN1_EXP_OPT(stname, field, type, tag) ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL)
377
378/* SEQUENCE OF type */
379#define ASN1_SEQUENCE_OF(stname, field, type) \
380 ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, stname, field, type)
381
382/* OPTIONAL SEQUENCE OF */
383#define ASN1_SEQUENCE_OF_OPT(stname, field, type) \
384 ASN1_EX_TYPE(ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
385
386/* Same as above but for SET OF */
387
388#define ASN1_SET_OF(stname, field, type) \
389 ASN1_EX_TYPE(ASN1_TFLG_SET_OF, 0, stname, field, type)
390
391#define ASN1_SET_OF_OPT(stname, field, type) \
392 ASN1_EX_TYPE(ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL, 0, stname, field, type)
393
394/* Finally compound types of SEQUENCE, SET, IMPLICIT, EXPLICIT and OPTIONAL */
395
396#define ASN1_IMP_SET_OF(stname, field, type, tag) \
397 ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
398
399#define ASN1_EXP_SET_OF(stname, field, type, tag) \
400 ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF)
401
402#define ASN1_IMP_SET_OF_OPT(stname, field, type, tag) \
403 ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
404
405#define ASN1_EXP_SET_OF_OPT(stname, field, type, tag) \
406 ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SET_OF|ASN1_TFLG_OPTIONAL)
407
408#define ASN1_IMP_SEQUENCE_OF(stname, field, type, tag) \
409 ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
410
411#define ASN1_IMP_SEQUENCE_OF_OPT(stname, field, type, tag) \
412 ASN1_IMP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
413
414#define ASN1_EXP_SEQUENCE_OF(stname, field, type, tag) \
415 ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF)
416
417#define ASN1_EXP_SEQUENCE_OF_OPT(stname, field, type, tag) \
418 ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_SEQUENCE_OF|ASN1_TFLG_OPTIONAL)
419
420/* EXPLICIT using indefinite length constructed form */
421#define ASN1_NDEF_EXP(stname, field, type, tag) \
422 ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_NDEF)
423
424/* EXPLICIT OPTIONAL using indefinite length constructed form */
425#define ASN1_NDEF_EXP_OPT(stname, field, type, tag) \
426 ASN1_EXP_EX(stname, field, type, tag, ASN1_TFLG_OPTIONAL|ASN1_TFLG_NDEF)
427
428/* Macros for the ASN1_ADB structure */
429
430#define ASN1_ADB(name) \
431 static const ASN1_ADB_TABLE name##_adbtbl[]
432
433
434#define ASN1_ADB_END(name, flags, field, app_table, def, none) \
435 ;\
436 static const ASN1_ADB name##_adb = {\
437 flags,\
438 offsetof(name, field),\
439 app_table,\
440 name##_adbtbl,\
441 sizeof(name##_adbtbl) / sizeof(ASN1_ADB_TABLE),\
442 def,\
443 none\
444 }
445
446
447#define ADB_ENTRY(val, template) {val, template}
448
449#define ASN1_ADB_TEMPLATE(name) \
450 static const ASN1_TEMPLATE name##_tt
451
452#endif /* !LIBRESSL_INTERNAL */
453
454/* This is the ASN1 template structure that defines
455 * a wrapper round the actual type. It determines the
456 * actual position of the field in the value structure,
457 * various flags such as OPTIONAL and the field name.
458 */
459
460struct ASN1_TEMPLATE_st {
461 unsigned long flags; /* Various flags */
462 long tag; /* tag, not used if no tagging */
463 unsigned long offset; /* Offset of this field in structure */
464 const char *field_name; /* Field name */
465 ASN1_ITEM_EXP *item; /* Relevant ASN1_ITEM or ASN1_ADB */
466};
467
468/* Macro to extract ASN1_ITEM and ASN1_ADB pointer from ASN1_TEMPLATE */
469
470#define ASN1_TEMPLATE_item(t) (t->item_ptr)
471#define ASN1_TEMPLATE_adb(t) (t->item_ptr)
472
473typedef struct ASN1_ADB_TABLE_st ASN1_ADB_TABLE;
474typedef struct ASN1_ADB_st ASN1_ADB;
475
476struct ASN1_ADB_st {
477 unsigned long flags; /* Various flags */
478 unsigned long offset; /* Offset of selector field */
479 const ASN1_ADB_TABLE *tbl; /* Table of possible types */
480 long tblcount; /* Number of entries in tbl */
481 const ASN1_TEMPLATE *default_tt; /* Type to use if no match */
482 const ASN1_TEMPLATE *null_tt; /* Type to use if selector is NULL */
483};
484
485struct ASN1_ADB_TABLE_st {
486 long value; /* NID for an object or value for an int */
487 const ASN1_TEMPLATE tt; /* item for this value */
488};
489
490/* template flags */
491
492/* Field is optional */
493#define ASN1_TFLG_OPTIONAL (0x1)
494
495/* Field is a SET OF */
496#define ASN1_TFLG_SET_OF (0x1 << 1)
497
498/* Field is a SEQUENCE OF */
499#define ASN1_TFLG_SEQUENCE_OF (0x2 << 1)
500
501/* Special case: this refers to a SET OF that
502 * will be sorted into DER order when encoded *and*
503 * the corresponding STACK will be modified to match
504 * the new order.
505 */
506#define ASN1_TFLG_SET_ORDER (0x3 << 1)
507
508/* Mask for SET OF or SEQUENCE OF */
509#define ASN1_TFLG_SK_MASK (0x3 << 1)
510
511/* These flags mean the tag should be taken from the
512 * tag field. If EXPLICIT then the underlying type
513 * is used for the inner tag.
514 */
515
516/* IMPLICIT tagging */
517#define ASN1_TFLG_IMPTAG (0x1 << 3)
518
519
520/* EXPLICIT tagging, inner tag from underlying type */
521#define ASN1_TFLG_EXPTAG (0x2 << 3)
522
523#define ASN1_TFLG_TAG_MASK (0x3 << 3)
524
525/* context specific IMPLICIT */
526#define ASN1_TFLG_IMPLICIT ASN1_TFLG_IMPTAG|ASN1_TFLG_CONTEXT
527
528/* context specific EXPLICIT */
529#define ASN1_TFLG_EXPLICIT ASN1_TFLG_EXPTAG|ASN1_TFLG_CONTEXT
530
531/*
532 * If tagging is in force these determine the type of tag to use. Otherwiser
533 * the tag is determined by the underlying type. These values reflect the
534 * actual octet format.
535 */
536
537/* Universal tag */
538#define ASN1_TFLG_UNIVERSAL (0x0<<6)
539/* Application tag */
540#define ASN1_TFLG_APPLICATION (0x1<<6)
541/* Context specific tag */
542#define ASN1_TFLG_CONTEXT (0x2<<6)
543/* Private tag */
544#define ASN1_TFLG_PRIVATE (0x3<<6)
545
546#define ASN1_TFLG_TAG_CLASS (0x3<<6)
547
548/*
549 * These are for ANY DEFINED BY type. In this case
550 * the 'item' field points to an ASN1_ADB structure
551 * which contains a table of values to decode the
552 * relevant type
553 */
554
555#define ASN1_TFLG_ADB_MASK (0x3<<8)
556
557#define ASN1_TFLG_ADB_OID (0x1<<8)
558
559#define ASN1_TFLG_ADB_INT (0x1<<9)
560
561/*
562 * This flag when present in a SEQUENCE OF, SET OF
563 * or EXPLICIT causes indefinite length constructed
564 * encoding to be used if required.
565 */
566
567#define ASN1_TFLG_NDEF (0x1<<11)
568
569/* This is the actual ASN1 item itself */
570
571struct ASN1_ITEM_st {
572 char itype; /* The item type, primitive, SEQUENCE, CHOICE or extern */
573 long utype; /* underlying type */
574 const ASN1_TEMPLATE *templates; /* If SEQUENCE or CHOICE this contains the contents */
575 long tcount; /* Number of templates if SEQUENCE or CHOICE */
576 const void *funcs; /* functions that handle this type */
577 long size; /* Structure size (usually)*/
578 const char *sname; /* Structure name */
579};
580
581/* These are values for the itype field and
582 * determine how the type is interpreted.
583 *
584 * For PRIMITIVE types the underlying type
585 * determines the behaviour if items is NULL.
586 *
587 * Otherwise templates must contain a single
588 * template and the type is treated in the
589 * same way as the type specified in the template.
590 *
591 * For SEQUENCE types the templates field points
592 * to the members, the size field is the
593 * structure size.
594 *
595 * For CHOICE types the templates field points
596 * to each possible member (typically a union)
597 * and the 'size' field is the offset of the
598 * selector.
599 *
600 * The 'funcs' field is used for application
601 * specific functions.
602 *
603 * The EXTERN type uses a new style d2i/i2d.
604 * The new style should be used where possible
605 * because it avoids things like the d2i IMPLICIT
606 * hack.
607 *
608 * MSTRING is a multiple string type, it is used
609 * for a CHOICE of character strings where the
610 * actual strings all occupy an ASN1_STRING
611 * structure. In this case the 'utype' field
612 * has a special meaning, it is used as a mask
613 * of acceptable types using the B_ASN1 constants.
614 *
615 * NDEF_SEQUENCE is the same as SEQUENCE except
616 * that it will use indefinite length constructed
617 * encoding if requested.
618 *
619 */
620
621#define ASN1_ITYPE_PRIMITIVE 0x0
622
623#define ASN1_ITYPE_SEQUENCE 0x1
624
625#define ASN1_ITYPE_CHOICE 0x2
626
627#define ASN1_ITYPE_EXTERN 0x4
628
629#define ASN1_ITYPE_MSTRING 0x5
630
631#define ASN1_ITYPE_NDEF_SEQUENCE 0x6
632
633/* Cache for ASN1 tag and length, so we
634 * don't keep re-reading it for things
635 * like CHOICE
636 */
637
638struct ASN1_TLC_st {
639 char valid; /* Values below are valid */
640 int ret; /* return value */
641 long plen; /* length */
642 int ptag; /* class value */
643 int pclass; /* class value */
644 int hdrlen; /* header length */
645};
646
647/* Typedefs for ASN1 function pointers */
648
649typedef ASN1_VALUE * ASN1_new_func(void);
650typedef void ASN1_free_func(ASN1_VALUE *a);
651typedef ASN1_VALUE * ASN1_d2i_func(ASN1_VALUE **a, const unsigned char ** in, long length);
652typedef int ASN1_i2d_func(ASN1_VALUE * a, unsigned char **in);
653
654typedef int ASN1_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
655 int tag, int aclass, char opt, ASN1_TLC *ctx);
656
657typedef int ASN1_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
658typedef int ASN1_ex_new_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
659typedef void ASN1_ex_free_func(ASN1_VALUE **pval, const ASN1_ITEM *it);
660
661typedef int ASN1_ex_print_func(BIO *out, ASN1_VALUE **pval,
662 int indent, const char *fname,
663 const ASN1_PCTX *pctx);
664
665typedef int ASN1_primitive_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it);
666typedef int ASN1_primitive_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it);
667typedef int ASN1_primitive_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx);
668
669typedef struct ASN1_EXTERN_FUNCS_st {
670 void *app_data;
671 ASN1_ex_new_func *asn1_ex_new;
672 ASN1_ex_free_func *asn1_ex_free;
673 ASN1_ex_free_func *asn1_ex_clear;
674 ASN1_ex_d2i *asn1_ex_d2i;
675 ASN1_ex_i2d *asn1_ex_i2d;
676 ASN1_ex_print_func *asn1_ex_print;
677} ASN1_EXTERN_FUNCS;
678
679typedef struct ASN1_PRIMITIVE_FUNCS_st {
680 void *app_data;
681 unsigned long flags;
682 ASN1_ex_new_func *prim_new;
683 ASN1_ex_free_func *prim_free;
684 ASN1_ex_free_func *prim_clear;
685 ASN1_primitive_c2i *prim_c2i;
686 ASN1_primitive_i2c *prim_i2c;
687 ASN1_primitive_print *prim_print;
688} ASN1_PRIMITIVE_FUNCS;
689
690/* This is the ASN1_AUX structure: it handles various
691 * miscellaneous requirements. For example the use of
692 * reference counts and an informational callback.
693 *
694 * The "informational callback" is called at various
695 * points during the ASN1 encoding and decoding. It can
696 * be used to provide minor customisation of the structures
697 * used. This is most useful where the supplied routines
698 * *almost* do the right thing but need some extra help
699 * at a few points. If the callback returns zero then
700 * it is assumed a fatal error has occurred and the
701 * main operation should be abandoned.
702 *
703 * If major changes in the default behaviour are required
704 * then an external type is more appropriate.
705 */
706
707typedef int ASN1_aux_cb(int operation, ASN1_VALUE **in, const ASN1_ITEM *it,
708 void *exarg);
709
710typedef struct ASN1_AUX_st {
711 void *app_data;
712 int flags;
713 int ref_offset; /* Offset of reference value */
714 int ref_lock; /* Lock type to use */
715 ASN1_aux_cb *asn1_cb;
716 int enc_offset; /* Offset of ASN1_ENCODING structure */
717} ASN1_AUX;
718
719/* For print related callbacks exarg points to this structure */
720typedef struct ASN1_PRINT_ARG_st {
721 BIO *out;
722 int indent;
723 const ASN1_PCTX *pctx;
724} ASN1_PRINT_ARG;
725
726/* For streaming related callbacks exarg points to this structure */
727typedef struct ASN1_STREAM_ARG_st {
728 /* BIO to stream through */
729 BIO *out;
730 /* BIO with filters appended */
731 BIO *ndef_bio;
732 /* Streaming I/O boundary */
733 unsigned char **boundary;
734} ASN1_STREAM_ARG;
735
736/* Flags in ASN1_AUX */
737
738/* Use a reference count */
739#define ASN1_AFLG_REFCOUNT 1
740/* Save the encoding of structure (useful for signatures) */
741#define ASN1_AFLG_ENCODING 2
742
743/* operation values for asn1_cb */
744
745#define ASN1_OP_NEW_PRE 0
746#define ASN1_OP_NEW_POST 1
747#define ASN1_OP_FREE_PRE 2
748#define ASN1_OP_FREE_POST 3
749#define ASN1_OP_D2I_PRE 4
750#define ASN1_OP_D2I_POST 5
751#define ASN1_OP_I2D_PRE 6
752#define ASN1_OP_I2D_POST 7
753#define ASN1_OP_PRINT_PRE 8
754#define ASN1_OP_PRINT_POST 9
755#define ASN1_OP_STREAM_PRE 10
756#define ASN1_OP_STREAM_POST 11
757#define ASN1_OP_DETACHED_PRE 12
758#define ASN1_OP_DETACHED_POST 13
759
760#ifndef LIBRESSL_INTERNAL
761
762/* Macro to implement a primitive type */
763#define IMPLEMENT_ASN1_TYPE(stname) IMPLEMENT_ASN1_TYPE_ex(stname, stname, 0)
764#define IMPLEMENT_ASN1_TYPE_ex(itname, vname, ex) \
765 ASN1_ITEM_start(itname) \
766 ASN1_ITYPE_PRIMITIVE, V_##vname, NULL, 0, NULL, ex, #itname \
767 ASN1_ITEM_end(itname)
768
769/* Macro to implement a multi string type */
770#define IMPLEMENT_ASN1_MSTRING(itname, mask) \
771 ASN1_ITEM_start(itname) \
772 ASN1_ITYPE_MSTRING, mask, NULL, 0, NULL, sizeof(ASN1_STRING), #itname \
773 ASN1_ITEM_end(itname)
774#define IMPLEMENT_EXTERN_ASN1(sname, tag, fptrs) \
775 ASN1_ITEM_start(sname) \
776 ASN1_ITYPE_EXTERN, \
777 tag, \
778 NULL, \
779 0, \
780 &fptrs, \
781 0, \
782 #sname \
783 ASN1_ITEM_end(sname)
784
785/* Macro to implement standard functions in terms of ASN1_ITEM structures */
786
787#define IMPLEMENT_ASN1_FUNCTIONS(stname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, stname, stname)
788
789#define IMPLEMENT_ASN1_FUNCTIONS_name(stname, itname) IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, itname)
790
791#define IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name(stname, itname) \
792 IMPLEMENT_ASN1_FUNCTIONS_ENCODE_fname(stname, itname, itname)
793
794#define IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS(stname) \
795 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(static, stname, stname, stname)
796
797#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS(stname) \
798 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, stname, stname)
799
800#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname(pre, stname, itname, fname) \
801 pre stname *fname##_new(void) \
802 { \
803 return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
804 } \
805 pre void fname##_free(stname *a) \
806 { \
807 ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
808 }
809
810#define IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname) \
811 stname *fname##_new(void) \
812 { \
813 return (stname *)ASN1_item_new(ASN1_ITEM_rptr(itname)); \
814 } \
815 void fname##_free(stname *a) \
816 { \
817 ASN1_item_free((ASN1_VALUE *)a, ASN1_ITEM_rptr(itname)); \
818 }
819
820#define IMPLEMENT_ASN1_FUNCTIONS_fname(stname, itname, fname) \
821 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
822 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
823
824#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(stname, itname, fname) \
825 stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
826 { \
827 return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
828 } \
829 int i2d_##fname(stname *a, unsigned char **out) \
830 { \
831 return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
832 }
833
834#define IMPLEMENT_ASN1_NDEF_FUNCTION(stname) \
835 int i2d_##stname##_NDEF(stname *a, unsigned char **out) \
836 { \
837 return ASN1_item_ndef_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(stname));\
838 }
839
840/* This includes evil casts to remove const: they will go away when full
841 * ASN1 constification is done.
842 */
843#define IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
844 stname *d2i_##fname(stname **a, const unsigned char **in, long len) \
845 { \
846 return (stname *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, ASN1_ITEM_rptr(itname));\
847 } \
848 int i2d_##fname(const stname *a, unsigned char **out) \
849 { \
850 return ASN1_item_i2d((ASN1_VALUE *)a, out, ASN1_ITEM_rptr(itname));\
851 }
852
853#define IMPLEMENT_ASN1_DUP_FUNCTION(stname) \
854 stname * stname##_dup(stname *x) \
855 { \
856 return ASN1_item_dup(ASN1_ITEM_rptr(stname), x); \
857 }
858
859#define IMPLEMENT_ASN1_PRINT_FUNCTION(stname) \
860 IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, stname, stname)
861
862#define IMPLEMENT_ASN1_PRINT_FUNCTION_fname(stname, itname, fname) \
863 int fname##_print_ctx(BIO *out, stname *x, int indent, \
864 const ASN1_PCTX *pctx) \
865 { \
866 return ASN1_item_print(out, (ASN1_VALUE *)x, indent, \
867 ASN1_ITEM_rptr(itname), pctx); \
868 }
869
870#define IMPLEMENT_ASN1_FUNCTIONS_const(name) \
871 IMPLEMENT_ASN1_FUNCTIONS_const_fname(name, name, name)
872
873#define IMPLEMENT_ASN1_FUNCTIONS_const_fname(stname, itname, fname) \
874 IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(stname, itname, fname) \
875 IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname(stname, itname, fname)
876
877#endif /* !LIBRESSL_INTERNAL */
878
879/* external definitions for primitive types */
880
881extern const ASN1_ITEM ASN1_BOOLEAN_it;
882extern const ASN1_ITEM ASN1_TBOOLEAN_it;
883extern const ASN1_ITEM ASN1_FBOOLEAN_it;
884extern const ASN1_ITEM ASN1_SEQUENCE_it;
885extern const ASN1_ITEM BIGNUM_it;
886extern const ASN1_ITEM LONG_it;
887extern const ASN1_ITEM ZLONG_it;
888extern const ASN1_ITEM CBIGNUM_it;
889
890DECLARE_STACK_OF(ASN1_VALUE)
891
892/* Functions used internally by the ASN1 code */
893
894int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
895void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
896int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it,
897 int tag, int aclass, char opt, ASN1_TLC *ctx);
898
899int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass);
900
901#ifdef __cplusplus
902}
903#endif
904#endif
diff --git a/src/lib/libcrypto/asn1/asn_mime.c b/src/lib/libcrypto/asn1/asn_mime.c
deleted file mode 100644
index 3995fc547c..0000000000
--- a/src/lib/libcrypto/asn1/asn_mime.c
+++ /dev/null
@@ -1,1011 +0,0 @@
1/* $OpenBSD: asn_mime.c,v 1.35 2025/01/17 05:02:18 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 */
54
55#include <ctype.h>
56#include <stdio.h>
57#include <stdlib.h>
58#include <string.h>
59
60#include <openssl/asn1.h>
61#include <openssl/asn1t.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65#include "asn1_local.h"
66#include "evp_local.h"
67
68/* Generalised MIME like utilities for streaming ASN1. Although many
69 * have a PKCS7/CMS like flavour others are more general purpose.
70 */
71
72/* MIME format structures
73 * Note that all are translated to lower case apart from
74 * parameter values. Quotes are stripped off
75 */
76
77typedef struct {
78 char *param_name; /* Param name e.g. "micalg" */
79 char *param_value; /* Param value e.g. "sha1" */
80} MIME_PARAM;
81
82DECLARE_STACK_OF(MIME_PARAM)
83
84typedef struct {
85 char *name; /* Name of line e.g. "content-type" */
86 char *value; /* Value of line e.g. "text/plain" */
87 STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */
88} MIME_HEADER;
89
90DECLARE_STACK_OF(MIME_HEADER)
91
92static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
93 const ASN1_ITEM *it);
94static char * strip_ends(char *name);
95static char * strip_start(char *name);
96static char * strip_end(char *name);
97static MIME_HEADER *mime_hdr_new(char *name, char *value);
98static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value);
99static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio);
100static int mime_hdr_cmp(const MIME_HEADER * const *a,
101 const MIME_HEADER * const *b);
102static int mime_param_cmp(const MIME_PARAM * const *a,
103 const MIME_PARAM * const *b);
104static void mime_param_free(MIME_PARAM *param);
105static int mime_bound_check(char *line, int linelen, char *bound, int blen);
106static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret);
107static int strip_eol(char *linebuf, int *plen);
108static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name);
109static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name);
110static void mime_hdr_free(MIME_HEADER *hdr);
111
112#define MAX_SMLEN 1024
113
114/* Output an ASN1 structure in BER format streaming if necessary */
115
116int
117i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
118 const ASN1_ITEM *it)
119{
120 BIO *bio, *tbio;
121 int ret;
122
123 /* Without streaming, write out the ASN.1 structure's content. */
124 if ((flags & SMIME_STREAM) == 0)
125 return ASN1_item_i2d_bio(it, out, val);
126
127 /* If streaming, create a stream BIO and copy all content through it. */
128 if ((bio = BIO_new_NDEF(out, val, it)) == NULL) {
129 ASN1error(ERR_R_MALLOC_FAILURE);
130 return 0;
131 }
132
133 ret = SMIME_crlf_copy(in, bio, flags);
134 (void)BIO_flush(bio);
135
136 /* Free up successive BIOs until we hit the old output BIO. */
137 do {
138 tbio = BIO_pop(bio);
139 BIO_free(bio);
140 bio = tbio;
141 } while (bio != out);
142
143 return ret;
144}
145
146/* Base 64 read and write of ASN1 structure */
147
148static int
149B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
150 const ASN1_ITEM *it)
151{
152 BIO *b64;
153 int r;
154
155 b64 = BIO_new(BIO_f_base64());
156 if (!b64) {
157 ASN1error(ERR_R_MALLOC_FAILURE);
158 return 0;
159 }
160 /* prepend the b64 BIO so all data is base64 encoded.
161 */
162 out = BIO_push(b64, out);
163 r = i2d_ASN1_bio_stream(out, val, in, flags, it);
164 (void)BIO_flush(out);
165 BIO_pop(out);
166 BIO_free(b64);
167 return r;
168}
169
170/* Streaming ASN1 PEM write */
171
172int
173PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags,
174 const char *hdr, const ASN1_ITEM *it)
175{
176 int r;
177
178 BIO_printf(out, "-----BEGIN %s-----\n", hdr);
179 r = B64_write_ASN1(out, val, in, flags, it);
180 BIO_printf(out, "-----END %s-----\n", hdr);
181 return r;
182}
183
184static ASN1_VALUE *
185b64_read_asn1(BIO *bio, const ASN1_ITEM *it)
186{
187 BIO *b64;
188 ASN1_VALUE *val;
189 if (!(b64 = BIO_new(BIO_f_base64()))) {
190 ASN1error(ERR_R_MALLOC_FAILURE);
191 return 0;
192 }
193 bio = BIO_push(b64, bio);
194 val = ASN1_item_d2i_bio(it, bio, NULL);
195 if (!val)
196 ASN1error(ASN1_R_DECODE_ERROR);
197 (void)BIO_flush(bio);
198 bio = BIO_pop(bio);
199 BIO_free(b64);
200 return val;
201}
202
203/* Generate the MIME "micalg" parameter from RFC3851, RFC4490 */
204
205static int
206asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs)
207{
208 const EVP_MD *md;
209 int i, have_unknown = 0, write_comma, ret = 0, md_nid;
210
211 have_unknown = 0;
212 write_comma = 0;
213 for (i = 0; i < sk_X509_ALGOR_num(mdalgs); i++) {
214 if (write_comma)
215 BIO_write(out, ",", 1);
216 write_comma = 1;
217 md_nid = OBJ_obj2nid(sk_X509_ALGOR_value(mdalgs, i)->algorithm);
218 md = EVP_get_digestbynid(md_nid);
219 if (md && md->md_ctrl) {
220 int rv;
221 char *micstr;
222 rv = md->md_ctrl(NULL, EVP_MD_CTRL_MICALG, 0, &micstr);
223 if (rv > 0) {
224 BIO_puts(out, micstr);
225 free(micstr);
226 continue;
227 }
228 if (rv != -2)
229 goto err;
230 }
231 switch (md_nid) {
232 case NID_sha1:
233 BIO_puts(out, "sha1");
234 break;
235
236 case NID_md5:
237 BIO_puts(out, "md5");
238 break;
239
240 case NID_sha256:
241 BIO_puts(out, "sha-256");
242 break;
243
244 case NID_sha384:
245 BIO_puts(out, "sha-384");
246 break;
247
248 case NID_sha512:
249 BIO_puts(out, "sha-512");
250 break;
251
252 case NID_id_GostR3411_94:
253 BIO_puts(out, "gostr3411-94");
254 goto err;
255 break;
256
257 default:
258 if (have_unknown)
259 write_comma = 0;
260 else {
261 BIO_puts(out, "unknown");
262 have_unknown = 1;
263 }
264 break;
265
266 }
267 }
268
269 ret = 1;
270
271 err:
272 return ret;
273}
274
275/* SMIME sender */
276
277int
278SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags,
279 int ctype_nid, int econt_nid, STACK_OF(X509_ALGOR) *mdalgs,
280 const ASN1_ITEM *it)
281{
282 char bound[33], c;
283 int i;
284 const char *mime_prefix, *mime_eol, *cname = "smime.p7m";
285 const char *msg_type = NULL;
286
287 if (flags & SMIME_OLDMIME)
288 mime_prefix = "application/x-pkcs7-";
289 else
290 mime_prefix = "application/pkcs7-";
291
292 if (flags & SMIME_CRLFEOL)
293 mime_eol = "\r\n";
294 else
295 mime_eol = "\n";
296 if ((flags & SMIME_DETACHED) && data) {
297 /* We want multipart/signed */
298 /* Generate a random boundary */
299 arc4random_buf(bound, 32);
300 for (i = 0; i < 32; i++) {
301 c = bound[i] & 0xf;
302 if (c < 10)
303 c += '0';
304 else
305 c += 'A' - 10;
306 bound[i] = c;
307 }
308 bound[32] = 0;
309 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
310 BIO_printf(bio, "Content-Type: multipart/signed;");
311 BIO_printf(bio, " protocol=\"%ssignature\";", mime_prefix);
312 BIO_puts(bio, " micalg=\"");
313 asn1_write_micalg(bio, mdalgs);
314 BIO_printf(bio, "\"; boundary=\"----%s\"%s%s",
315 bound, mime_eol, mime_eol);
316 BIO_printf(bio, "This is an S/MIME signed message%s%s",
317 mime_eol, mime_eol);
318 /* Now write out the first part */
319 BIO_printf(bio, "------%s%s", bound, mime_eol);
320 if (!asn1_output_data(bio, data, val, flags, it))
321 return 0;
322 BIO_printf(bio, "%s------%s%s", mime_eol, bound, mime_eol);
323
324 /* Headers for signature */
325
326 BIO_printf(bio, "Content-Type: %ssignature;", mime_prefix);
327 BIO_printf(bio, " name=\"smime.p7s\"%s", mime_eol);
328 BIO_printf(bio, "Content-Transfer-Encoding: base64%s",
329 mime_eol);
330 BIO_printf(bio, "Content-Disposition: attachment;");
331 BIO_printf(bio, " filename=\"smime.p7s\"%s%s",
332 mime_eol, mime_eol);
333 B64_write_ASN1(bio, val, NULL, 0, it);
334 BIO_printf(bio, "%s------%s--%s%s", mime_eol, bound,
335 mime_eol, mime_eol);
336 return 1;
337 }
338
339 /* Determine smime-type header */
340
341 if (ctype_nid == NID_pkcs7_enveloped)
342 msg_type = "enveloped-data";
343 else if (ctype_nid == NID_pkcs7_signed) {
344 if (econt_nid == NID_id_smime_ct_receipt)
345 msg_type = "signed-receipt";
346 else if (sk_X509_ALGOR_num(mdalgs) >= 0)
347 msg_type = "signed-data";
348 else
349 msg_type = "certs-only";
350 } else if (ctype_nid == NID_id_smime_ct_compressedData) {
351 msg_type = "compressed-data";
352 cname = "smime.p7z";
353 }
354 /* MIME headers */
355 BIO_printf(bio, "MIME-Version: 1.0%s", mime_eol);
356 BIO_printf(bio, "Content-Disposition: attachment;");
357 BIO_printf(bio, " filename=\"%s\"%s", cname, mime_eol);
358 BIO_printf(bio, "Content-Type: %smime;", mime_prefix);
359 if (msg_type)
360 BIO_printf(bio, " smime-type=%s;", msg_type);
361 BIO_printf(bio, " name=\"%s\"%s", cname, mime_eol);
362 BIO_printf(bio, "Content-Transfer-Encoding: base64%s%s",
363 mime_eol, mime_eol);
364 if (!B64_write_ASN1(bio, val, data, flags, it))
365 return 0;
366 BIO_printf(bio, "%s", mime_eol);
367 return 1;
368}
369
370/* Handle output of ASN1 data */
371
372
373static int
374asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags,
375 const ASN1_ITEM *it)
376{
377 BIO *tmpbio;
378 const ASN1_AUX *aux = it->funcs;
379 ASN1_STREAM_ARG sarg;
380 int rv = 1;
381
382 /*
383 * If data is not detached or resigning then the output BIO is
384 * already set up to finalise when it is written through.
385 */
386 if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) {
387 SMIME_crlf_copy(data, out, flags);
388 return 1;
389 }
390
391 if (!aux || !aux->asn1_cb) {
392 ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
393 return 0;
394 }
395
396 sarg.out = out;
397 sarg.ndef_bio = NULL;
398 sarg.boundary = NULL;
399
400 /* Let ASN1 code prepend any needed BIOs */
401
402 if (aux->asn1_cb(ASN1_OP_DETACHED_PRE, &val, it, &sarg) <= 0)
403 return 0;
404
405 /* Copy data across, passing through filter BIOs for processing */
406 SMIME_crlf_copy(data, sarg.ndef_bio, flags);
407
408 /* Finalize structure */
409 if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0)
410 rv = 0;
411
412 /* Now remove any digests prepended to the BIO */
413
414 while (sarg.ndef_bio != out) {
415 tmpbio = BIO_pop(sarg.ndef_bio);
416 BIO_free(sarg.ndef_bio);
417 sarg.ndef_bio = tmpbio;
418 }
419
420 return rv;
421}
422
423/* SMIME reader: handle multipart/signed and opaque signing.
424 * in multipart case the content is placed in a memory BIO
425 * pointed to by "bcont". In opaque this is set to NULL
426 */
427
428ASN1_VALUE *
429SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it)
430{
431 BIO *asnin;
432 STACK_OF(MIME_HEADER) *headers = NULL;
433 STACK_OF(BIO) *parts = NULL;
434 MIME_HEADER *hdr;
435 MIME_PARAM *prm;
436 ASN1_VALUE *val;
437 int ret;
438
439 if (bcont)
440 *bcont = NULL;
441
442 if (!(headers = mime_parse_hdr(bio))) {
443 ASN1error(ASN1_R_MIME_PARSE_ERROR);
444 return NULL;
445 }
446
447 if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
448 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
449 ASN1error(ASN1_R_NO_CONTENT_TYPE);
450 return NULL;
451 }
452
453 /* Handle multipart/signed */
454
455 if (!strcmp(hdr->value, "multipart/signed")) {
456 /* Split into two parts */
457 prm = mime_param_find(hdr, "boundary");
458 if (!prm || !prm->param_value) {
459 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
460 ASN1error(ASN1_R_NO_MULTIPART_BOUNDARY);
461 return NULL;
462 }
463 ret = multi_split(bio, prm->param_value, &parts);
464 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
465 if (!ret || (sk_BIO_num(parts) != 2) ) {
466 ASN1error(ASN1_R_NO_MULTIPART_BODY_FAILURE);
467 sk_BIO_pop_free(parts, BIO_vfree);
468 return NULL;
469 }
470
471 /* Parse the signature piece */
472 asnin = sk_BIO_value(parts, 1);
473
474 if (!(headers = mime_parse_hdr(asnin))) {
475 ASN1error(ASN1_R_MIME_SIG_PARSE_ERROR);
476 sk_BIO_pop_free(parts, BIO_vfree);
477 return NULL;
478 }
479
480 /* Get content type */
481
482 if (!(hdr = mime_hdr_find(headers, "content-type")) ||
483 !hdr->value) {
484 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
485 sk_BIO_pop_free(parts, BIO_vfree);
486 ASN1error(ASN1_R_NO_SIG_CONTENT_TYPE);
487 return NULL;
488 }
489
490 if (strcmp(hdr->value, "application/x-pkcs7-signature") &&
491 strcmp(hdr->value, "application/pkcs7-signature")) {
492 ASN1error(ASN1_R_SIG_INVALID_MIME_TYPE);
493 ERR_asprintf_error_data("type: %s", hdr->value);
494 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
495 sk_BIO_pop_free(parts, BIO_vfree);
496 return NULL;
497 }
498 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
499 /* Read in ASN1 */
500 if (!(val = b64_read_asn1(asnin, it))) {
501 ASN1error(ASN1_R_ASN1_SIG_PARSE_ERROR);
502 sk_BIO_pop_free(parts, BIO_vfree);
503 return NULL;
504 }
505
506 if (bcont) {
507 *bcont = sk_BIO_value(parts, 0);
508 BIO_free(asnin);
509 sk_BIO_free(parts);
510 } else sk_BIO_pop_free(parts, BIO_vfree);
511 return val;
512 }
513
514 /* OK, if not multipart/signed try opaque signature */
515
516 if (strcmp (hdr->value, "application/x-pkcs7-mime") &&
517 strcmp (hdr->value, "application/pkcs7-mime")) {
518 ASN1error(ASN1_R_INVALID_MIME_TYPE);
519 ERR_asprintf_error_data("type: %s", hdr->value);
520 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
521 return NULL;
522 }
523
524 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
525
526 if (!(val = b64_read_asn1(bio, it))) {
527 ASN1error(ASN1_R_ASN1_PARSE_ERROR);
528 return NULL;
529 }
530 return val;
531}
532
533/* Copy text from one BIO to another making the output CRLF at EOL */
534int
535SMIME_crlf_copy(BIO *in, BIO *out, int flags)
536{
537 BIO *bf;
538 char eol;
539 int len;
540 char linebuf[MAX_SMLEN];
541
542 /* Buffer output so we don't write one line at a time. This is
543 * useful when streaming as we don't end up with one OCTET STRING
544 * per line.
545 */
546 bf = BIO_new(BIO_f_buffer());
547 if (!bf)
548 return 0;
549 out = BIO_push(bf, out);
550 if (flags & SMIME_BINARY) {
551 while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0)
552 BIO_write(out, linebuf, len);
553 } else {
554 if (flags & SMIME_TEXT)
555 BIO_printf(out, "Content-Type: text/plain\r\n\r\n");
556 while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) {
557 eol = strip_eol(linebuf, &len);
558 if (len)
559 BIO_write(out, linebuf, len);
560 if (eol)
561 BIO_write(out, "\r\n", 2);
562 }
563 }
564 (void)BIO_flush(out);
565 BIO_pop(out);
566 BIO_free(bf);
567 return 1;
568}
569LCRYPTO_ALIAS(SMIME_crlf_copy);
570
571/* Strip off headers if they are text/plain */
572int
573SMIME_text(BIO *in, BIO *out)
574{
575 char iobuf[4096];
576 int len;
577 STACK_OF(MIME_HEADER) *headers;
578 MIME_HEADER *hdr;
579
580 if (!(headers = mime_parse_hdr(in))) {
581 ASN1error(ASN1_R_MIME_PARSE_ERROR);
582 return 0;
583 }
584 if (!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) {
585 ASN1error(ASN1_R_MIME_NO_CONTENT_TYPE);
586 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
587 return 0;
588 }
589 if (strcmp (hdr->value, "text/plain")) {
590 ASN1error(ASN1_R_INVALID_MIME_TYPE);
591 ERR_asprintf_error_data("type: %s", hdr->value);
592 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
593 return 0;
594 }
595 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
596 while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0)
597 BIO_write(out, iobuf, len);
598 if (len < 0)
599 return 0;
600 return 1;
601}
602LCRYPTO_ALIAS(SMIME_text);
603
604/*
605 * Split a multipart/XXX message body into component parts: result is
606 * canonical parts in a STACK of bios
607 */
608static int
609multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret)
610{
611 char linebuf[MAX_SMLEN];
612 int len, blen;
613 int eol = 0, next_eol = 0;
614 BIO *bpart = NULL;
615 STACK_OF(BIO) *parts;
616 char state, part, first;
617
618 blen = strlen(bound);
619 part = 0;
620 state = 0;
621 first = 1;
622 parts = sk_BIO_new_null();
623 *ret = parts;
624 if (parts == NULL)
625 return 0;
626 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
627 state = mime_bound_check(linebuf, len, bound, blen);
628 if (state == 1) {
629 first = 1;
630 part++;
631 } else if (state == 2) {
632 if (sk_BIO_push(parts, bpart) == 0)
633 return 0;
634 return 1;
635 } else if (part) {
636 /* Strip CR+LF from linebuf */
637 next_eol = strip_eol(linebuf, &len);
638 if (first) {
639 first = 0;
640 if (bpart != NULL) {
641 if (sk_BIO_push(parts, bpart) == 0)
642 return 0;
643 }
644 bpart = BIO_new(BIO_s_mem());
645 if (bpart == NULL)
646 return 0;
647 BIO_set_mem_eof_return(bpart, 0);
648 } else if (eol)
649 BIO_write(bpart, "\r\n", 2);
650 eol = next_eol;
651 if (len)
652 BIO_write(bpart, linebuf, len);
653 }
654 }
655 BIO_free(bpart);
656 return 0;
657}
658
659/* This is the big one: parse MIME header lines up to message body */
660
661#define MIME_INVALID 0
662#define MIME_START 1
663#define MIME_TYPE 2
664#define MIME_NAME 3
665#define MIME_VALUE 4
666#define MIME_QUOTE 5
667#define MIME_COMMENT 6
668
669static STACK_OF(MIME_HEADER) *
670mime_parse_hdr(BIO *bio)
671{
672 char *p, *q, c;
673 char *ntmp;
674 char linebuf[MAX_SMLEN];
675 MIME_HEADER *mhdr = NULL;
676 STACK_OF(MIME_HEADER) *headers;
677 int len, state, save_state = 0;
678
679 headers = sk_MIME_HEADER_new(mime_hdr_cmp);
680 if (!headers)
681 return NULL;
682 while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) {
683 /* If whitespace at line start then continuation line */
684 if (mhdr && isspace((unsigned char)linebuf[0]))
685 state = MIME_NAME;
686 else
687 state = MIME_START;
688 ntmp = NULL;
689
690 /* Go through all characters */
691 for (p = linebuf, q = linebuf;
692 (c = *p) && (c != '\r') && (c != '\n'); p++) {
693
694 /* State machine to handle MIME headers
695 * if this looks horrible that's because it *is*
696 */
697
698 switch (state) {
699 case MIME_START:
700 if (c == ':') {
701 state = MIME_TYPE;
702 *p = 0;
703 ntmp = strip_ends(q);
704 q = p + 1;
705 }
706 break;
707
708 case MIME_TYPE:
709 if (c == ';') {
710 *p = 0;
711 mhdr = mime_hdr_new(ntmp,
712 strip_ends(q));
713 if (mhdr == NULL)
714 goto merr;
715 if (sk_MIME_HEADER_push(headers,
716 mhdr) == 0)
717 goto merr;
718 ntmp = NULL;
719 q = p + 1;
720 state = MIME_NAME;
721 } else if (c == '(') {
722 save_state = state;
723 state = MIME_COMMENT;
724 }
725 break;
726
727 case MIME_COMMENT:
728 if (c == ')') {
729 state = save_state;
730 }
731 break;
732
733 case MIME_NAME:
734 if (c == '=') {
735 state = MIME_VALUE;
736 *p = 0;
737 ntmp = strip_ends(q);
738 q = p + 1;
739 }
740 break;
741
742 case MIME_VALUE:
743 if (c == ';') {
744 state = MIME_NAME;
745 *p = 0;
746 mime_hdr_addparam(mhdr, ntmp,
747 strip_ends(q));
748 ntmp = NULL;
749 q = p + 1;
750 } else if (c == '"') {
751 state = MIME_QUOTE;
752 } else if (c == '(') {
753 save_state = state;
754 state = MIME_COMMENT;
755 }
756 break;
757
758 case MIME_QUOTE:
759 if (c == '"') {
760 state = MIME_VALUE;
761 }
762 break;
763 }
764 }
765
766 if (state == MIME_TYPE) {
767 mhdr = mime_hdr_new(ntmp, strip_ends(q));
768 if (mhdr == NULL)
769 goto merr;
770 if (sk_MIME_HEADER_push(headers, mhdr) == 0)
771 goto merr;
772 } else if (state == MIME_VALUE)
773 mime_hdr_addparam(mhdr, ntmp, strip_ends(q));
774
775 if (p == linebuf)
776 break; /* Blank line means end of headers */
777 }
778
779 return headers;
780
781 merr:
782 if (mhdr != NULL)
783 mime_hdr_free(mhdr);
784 sk_MIME_HEADER_pop_free(headers, mime_hdr_free);
785 return NULL;
786}
787
788static char *
789strip_ends(char *name)
790{
791 return strip_end(strip_start(name));
792}
793
794/* Strip a parameter of whitespace from start of param */
795static char *
796strip_start(char *name)
797{
798 char *p, c;
799
800 /* Look for first non white space or quote */
801 for (p = name; (c = *p); p++) {
802 if (c == '"') {
803 /* Next char is start of string if non null */
804 if (p[1])
805 return p + 1;
806 /* Else null string */
807 return NULL;
808 }
809 if (!isspace((unsigned char)c))
810 return p;
811 }
812 return NULL;
813}
814
815/* As above but strip from end of string : maybe should handle brackets? */
816static char *
817strip_end(char *name)
818{
819 char *p, c;
820
821 if (!name)
822 return NULL;
823
824 /* Look for first non white space or quote */
825 for (p = name + strlen(name) - 1; p >= name; p--) {
826 c = *p;
827 if (c == '"') {
828 if (p - 1 == name)
829 return NULL;
830 *p = 0;
831 return name;
832 }
833 if (isspace((unsigned char)c))
834 *p = 0;
835 else
836 return name;
837 }
838 return NULL;
839}
840
841static MIME_HEADER *
842mime_hdr_new(char *name, char *value)
843{
844 MIME_HEADER *mhdr;
845 char *tmpname = NULL, *tmpval = NULL, *p;
846
847 if (name) {
848 if (!(tmpname = strdup(name)))
849 goto err;
850 for (p = tmpname; *p; p++)
851 *p = tolower((unsigned char)*p);
852 }
853 if (value) {
854 if (!(tmpval = strdup(value)))
855 goto err;
856 for (p = tmpval; *p; p++)
857 *p = tolower((unsigned char)*p);
858 }
859 mhdr = malloc(sizeof(MIME_HEADER));
860 if (!mhdr)
861 goto err;
862 mhdr->name = tmpname;
863 mhdr->value = tmpval;
864 if (!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) {
865 free(mhdr);
866 goto err;
867 }
868 return mhdr;
869 err:
870 free(tmpname);
871 free(tmpval);
872 return NULL;
873}
874
875static int
876mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value)
877{
878 char *tmpname = NULL, *tmpval = NULL, *p;
879 MIME_PARAM *mparam;
880
881 if (name) {
882 tmpname = strdup(name);
883 if (!tmpname)
884 goto err;
885 for (p = tmpname; *p; p++)
886 *p = tolower((unsigned char)*p);
887 }
888 if (value) {
889 tmpval = strdup(value);
890 if (!tmpval)
891 goto err;
892 }
893 /* Parameter values are case sensitive so leave as is */
894 mparam = malloc(sizeof(MIME_PARAM));
895 if (!mparam)
896 goto err;
897 mparam->param_name = tmpname;
898 mparam->param_value = tmpval;
899 if (sk_MIME_PARAM_push(mhdr->params, mparam) == 0) {
900 free(mparam);
901 goto err;
902 }
903 return 1;
904 err:
905 free(tmpname);
906 free(tmpval);
907 return 0;
908}
909
910static int
911mime_hdr_cmp(const MIME_HEADER * const *a, const MIME_HEADER * const *b)
912{
913 if (!(*a)->name || !(*b)->name)
914 return !!(*a)->name - !!(*b)->name;
915 return (strcmp((*a)->name, (*b)->name));
916}
917
918static int
919mime_param_cmp(const MIME_PARAM * const *a, const MIME_PARAM * const *b)
920{
921 if (!(*a)->param_name || !(*b)->param_name)
922 return !!(*a)->param_name - !!(*b)->param_name;
923 return (strcmp((*a)->param_name, (*b)->param_name));
924}
925
926/* Find a header with a given name (if possible) */
927
928static MIME_HEADER *
929mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name)
930{
931 MIME_HEADER htmp;
932 int idx;
933 htmp.name = name;
934 idx = sk_MIME_HEADER_find(hdrs, &htmp);
935 if (idx < 0)
936 return NULL;
937 return sk_MIME_HEADER_value(hdrs, idx);
938}
939
940static MIME_PARAM *
941mime_param_find(MIME_HEADER *hdr, char *name)
942{
943 MIME_PARAM param;
944 int idx;
945 param.param_name = name;
946 idx = sk_MIME_PARAM_find(hdr->params, &param);
947 if (idx < 0)
948 return NULL;
949 return sk_MIME_PARAM_value(hdr->params, idx);
950}
951
952static void
953mime_hdr_free(MIME_HEADER *hdr)
954{
955 free(hdr->name);
956 free(hdr->value);
957 if (hdr->params)
958 sk_MIME_PARAM_pop_free(hdr->params, mime_param_free);
959 free(hdr);
960}
961
962static void
963mime_param_free(MIME_PARAM *param)
964{
965 free(param->param_name);
966 free(param->param_value);
967 free(param);
968}
969
970/* Check for a multipart boundary. Returns:
971 * 0 : no boundary
972 * 1 : part boundary
973 * 2 : final boundary
974 */
975static int
976mime_bound_check(char *line, int linelen, char *bound, int blen)
977{
978 if (linelen == -1)
979 linelen = strlen(line);
980 if (blen == -1)
981 blen = strlen(bound);
982 /* Quickly eliminate if line length too short */
983 if (blen + 2 > linelen)
984 return 0;
985 /* Check for part boundary */
986 if (!strncmp(line, "--", 2) && !strncmp(line + 2, bound, blen)) {
987 if (!strncmp(line + blen + 2, "--", 2))
988 return 2;
989 else
990 return 1;
991 }
992 return 0;
993}
994
995static int
996strip_eol(char *linebuf, int *plen)
997{
998 int len = *plen;
999 char *p, c;
1000 int is_eol = 0;
1001
1002 for (p = linebuf + len - 1; len > 0; len--, p--) {
1003 c = *p;
1004 if (c == '\n')
1005 is_eol = 1;
1006 else if (c != '\r')
1007 break;
1008 }
1009 *plen = len;
1010 return is_eol;
1011}
diff --git a/src/lib/libcrypto/asn1/asn_moid.c b/src/lib/libcrypto/asn1/asn_moid.c
deleted file mode 100644
index e3c7d09446..0000000000
--- a/src/lib/libcrypto/asn1/asn_moid.c
+++ /dev/null
@@ -1,161 +0,0 @@
1/* $OpenBSD: asn_moid.c,v 1.18 2024/08/31 09:26:18 tb Exp $ */
2/* Written by Stephen Henson (steve@openssl.org) for the OpenSSL
3 * project 2001.
4 */
5/* ====================================================================
6 * Copyright (c) 2001-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <ctype.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/err.h>
64#include <openssl/conf.h>
65#include <openssl/crypto.h>
66#include <openssl/x509.h>
67
68#include "asn1_local.h"
69#include "conf_local.h"
70
71/* Simple ASN1 OID module: add all objects in a given section */
72
73static int do_create(char *value, char *name);
74
75static int
76oid_module_init(CONF_IMODULE *md, const CONF *cnf)
77{
78 int i;
79 const char *oid_section;
80 STACK_OF(CONF_VALUE) *sktmp;
81 CONF_VALUE *oval;
82
83 oid_section = CONF_imodule_get_value(md);
84 if (!(sktmp = NCONF_get_section(cnf, oid_section))) {
85 ASN1error(ASN1_R_ERROR_LOADING_SECTION);
86 return 0;
87 }
88 for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) {
89 oval = sk_CONF_VALUE_value(sktmp, i);
90 if (!do_create(oval->value, oval->name)) {
91 ASN1error(ASN1_R_ADDING_OBJECT);
92 return 0;
93 }
94 }
95 return 1;
96}
97
98static void
99oid_module_finish(CONF_IMODULE *md)
100{
101 OBJ_cleanup();
102}
103
104void
105ASN1_add_oid_module(void)
106{
107 CONF_module_add("oid_section", oid_module_init, oid_module_finish);
108}
109
110/* Create an OID based on a name value pair. Accept two formats.
111 * shortname = 1.2.3.4
112 * shortname = some long name, 1.2.3.4
113 */
114
115static int
116do_create(char *value, char *name)
117{
118 int nid;
119 ASN1_OBJECT *oid;
120 char *ln, *ostr, *p, *lntmp;
121
122 p = strrchr(value, ',');
123 if (!p) {
124 ln = name;
125 ostr = value;
126 } else {
127 ln = NULL;
128 ostr = p + 1;
129 if (!*ostr)
130 return 0;
131 while (isspace((unsigned char)*ostr))
132 ostr++;
133 }
134
135 nid = OBJ_create(ostr, name, ln);
136
137 if (nid == NID_undef)
138 return 0;
139
140 if (p) {
141 ln = value;
142 while (isspace((unsigned char)*ln))
143 ln++;
144 p--;
145 while (isspace((unsigned char)*p)) {
146 if (p == ln)
147 return 0;
148 p--;
149 }
150 p++;
151 lntmp = malloc((p - ln) + 1);
152 if (lntmp == NULL)
153 return 0;
154 memcpy(lntmp, ln, p - ln);
155 lntmp[p - ln] = 0;
156 oid = OBJ_nid2obj(nid);
157 oid->ln = lntmp;
158 }
159
160 return 1;
161}
diff --git a/src/lib/libcrypto/asn1/bio_asn1.c b/src/lib/libcrypto/asn1/bio_asn1.c
deleted file mode 100644
index b9f54cd4ef..0000000000
--- a/src/lib/libcrypto/asn1/bio_asn1.c
+++ /dev/null
@@ -1,453 +0,0 @@
1/* $OpenBSD: bio_asn1.c,v 1.23 2023/07/28 09:58:30 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59/* Experimental ASN1 BIO. When written through the data is converted
60 * to an ASN1 string type: default is OCTET STRING. Additional functions
61 * can be provided to add prefix and suffix data.
62 */
63
64#include <stdlib.h>
65#include <string.h>
66
67#include <openssl/bio.h>
68#include <openssl/asn1.h>
69
70#include "bio_local.h"
71
72#define BIO_C_SET_PREFIX 149
73#define BIO_C_SET_SUFFIX 151
74
75/* Must be large enough for biggest tag+length */
76#define DEFAULT_ASN1_BUF_SIZE 20
77
78typedef enum {
79 ASN1_STATE_START,
80 ASN1_STATE_PRE_COPY,
81 ASN1_STATE_HEADER,
82 ASN1_STATE_HEADER_COPY,
83 ASN1_STATE_DATA_COPY,
84 ASN1_STATE_POST_COPY,
85 ASN1_STATE_DONE
86} asn1_bio_state_t;
87
88typedef struct BIO_ASN1_EX_FUNCS_st {
89 asn1_ps_func *ex_func;
90 asn1_ps_func *ex_free_func;
91} BIO_ASN1_EX_FUNCS;
92
93typedef struct BIO_ASN1_BUF_CTX_t {
94 /* Internal state */
95 asn1_bio_state_t state;
96 /* Internal buffer */
97 unsigned char *buf;
98 /* Size of buffer */
99 int bufsize;
100 /* Current position in buffer */
101 int bufpos;
102 /* Current buffer length */
103 int buflen;
104 /* Amount of data to copy */
105 int copylen;
106 /* Class and tag to use */
107 int asn1_class, asn1_tag;
108 asn1_ps_func *prefix, *prefix_free, *suffix, *suffix_free;
109 /* Extra buffer for prefix and suffix data */
110 unsigned char *ex_buf;
111 int ex_len;
112 int ex_pos;
113 void *ex_arg;
114} BIO_ASN1_BUF_CTX;
115
116
117static int asn1_bio_write(BIO *h, const char *buf, int num);
118static int asn1_bio_read(BIO *h, char *buf, int size);
119static int asn1_bio_puts(BIO *h, const char *str);
120static int asn1_bio_gets(BIO *h, char *str, int size);
121static long asn1_bio_ctrl(BIO *h, int cmd, long arg1, void *arg2);
122static int asn1_bio_new(BIO *h);
123static int asn1_bio_free(BIO *data);
124static long asn1_bio_callback_ctrl(BIO *h, int cmd, BIO_info_cb *fp);
125
126static int asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
127 asn1_ps_func *cleanup, asn1_bio_state_t next);
128static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx,
129 asn1_ps_func *setup, asn1_bio_state_t ex_state,
130 asn1_bio_state_t other_state);
131
132static const BIO_METHOD methods_asn1 = {
133 .type = BIO_TYPE_ASN1,
134 .name = "asn1",
135 .bwrite = asn1_bio_write,
136 .bread = asn1_bio_read,
137 .bputs = asn1_bio_puts,
138 .bgets = asn1_bio_gets,
139 .ctrl = asn1_bio_ctrl,
140 .create = asn1_bio_new,
141 .destroy = asn1_bio_free,
142 .callback_ctrl = asn1_bio_callback_ctrl
143};
144
145const BIO_METHOD *
146BIO_f_asn1(void)
147{
148 return (&methods_asn1);
149}
150
151static int
152asn1_bio_new(BIO *b)
153{
154 BIO_ASN1_BUF_CTX *ctx;
155
156 if ((ctx = calloc(1, sizeof(*ctx))) == NULL)
157 return 0;
158
159 if ((ctx->buf = malloc(DEFAULT_ASN1_BUF_SIZE)) == NULL) {
160 free(ctx);
161 return 0;
162 }
163 ctx->bufsize = DEFAULT_ASN1_BUF_SIZE;
164 ctx->asn1_class = V_ASN1_UNIVERSAL;
165 ctx->asn1_tag = V_ASN1_OCTET_STRING;
166 ctx->state = ASN1_STATE_START;
167
168 b->init = 1;
169 b->ptr = ctx;
170 b->flags = 0;
171
172 return 1;
173}
174
175static int
176asn1_bio_free(BIO *b)
177{
178 BIO_ASN1_BUF_CTX *ctx = b->ptr;
179
180 if (ctx == NULL)
181 return 0;
182
183 if (ctx->prefix_free != NULL)
184 ctx->prefix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
185 if (ctx->suffix_free != NULL)
186 ctx->suffix_free(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg);
187
188 free(ctx->buf);
189 free(ctx);
190 b->init = 0;
191 b->ptr = NULL;
192 b->flags = 0;
193 return 1;
194}
195
196static int
197asn1_bio_write(BIO *b, const char *in , int inl)
198{
199 BIO_ASN1_BUF_CTX *ctx;
200 int wrmax, wrlen, ret, buflen;
201 unsigned char *p;
202
203 if (!in || (inl < 0) || (b->next_bio == NULL))
204 return 0;
205
206 if ((ctx = b->ptr) == NULL)
207 return 0;
208
209 wrlen = 0;
210 ret = -1;
211
212 for (;;) {
213 switch (ctx->state) {
214
215 /* Setup prefix data, call it */
216 case ASN1_STATE_START:
217 if (!asn1_bio_setup_ex(b, ctx, ctx->prefix,
218 ASN1_STATE_PRE_COPY, ASN1_STATE_HEADER))
219 return 0;
220 break;
221
222 /* Copy any pre data first */
223 case ASN1_STATE_PRE_COPY:
224 ret = asn1_bio_flush_ex(b, ctx, ctx->prefix_free,
225 ASN1_STATE_HEADER);
226 if (ret <= 0)
227 goto done;
228 break;
229
230 case ASN1_STATE_HEADER:
231 buflen = ASN1_object_size(0, inl, ctx->asn1_tag) - inl;
232 if (buflen <= 0 || buflen > ctx->bufsize)
233 return -1;
234 ctx->buflen = buflen;
235 p = ctx->buf;
236 ASN1_put_object(&p, 0, inl,
237 ctx->asn1_tag, ctx->asn1_class);
238 ctx->copylen = inl;
239 ctx->state = ASN1_STATE_HEADER_COPY;
240 break;
241
242 case ASN1_STATE_HEADER_COPY:
243 ret = BIO_write(b->next_bio,
244 ctx->buf + ctx->bufpos, ctx->buflen);
245 if (ret <= 0)
246 goto done;
247
248 ctx->buflen -= ret;
249 if (ctx->buflen)
250 ctx->bufpos += ret;
251 else {
252 ctx->bufpos = 0;
253 ctx->state = ASN1_STATE_DATA_COPY;
254 }
255 break;
256
257 case ASN1_STATE_DATA_COPY:
258
259 if (inl > ctx->copylen)
260 wrmax = ctx->copylen;
261 else
262 wrmax = inl;
263 ret = BIO_write(b->next_bio, in, wrmax);
264 if (ret <= 0)
265 goto done;
266 wrlen += ret;
267 ctx->copylen -= ret;
268 in += ret;
269 inl -= ret;
270
271 if (ctx->copylen == 0)
272 ctx->state = ASN1_STATE_HEADER;
273 if (inl == 0)
274 goto done;
275 break;
276
277 default:
278 BIO_clear_retry_flags(b);
279 return 0;
280 }
281
282 }
283
284 done:
285 BIO_clear_retry_flags(b);
286 BIO_copy_next_retry(b);
287
288 return (wrlen > 0) ? wrlen : ret;
289}
290
291static int
292asn1_bio_flush_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, asn1_ps_func *cleanup,
293 asn1_bio_state_t next)
294{
295 int ret;
296
297 if (ctx->ex_len <= 0)
298 return 1;
299 for (;;) {
300 ret = BIO_write(b->next_bio, ctx->ex_buf + ctx->ex_pos,
301 ctx->ex_len);
302 if (ret <= 0)
303 break;
304 ctx->ex_len -= ret;
305 if (ctx->ex_len > 0)
306 ctx->ex_pos += ret;
307 else {
308 if (cleanup)
309 cleanup(b, &ctx->ex_buf, &ctx->ex_len,
310 &ctx->ex_arg);
311 ctx->state = next;
312 ctx->ex_pos = 0;
313 break;
314 }
315 }
316 return ret;
317}
318
319static int
320asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, asn1_ps_func *setup,
321 asn1_bio_state_t ex_state, asn1_bio_state_t other_state)
322{
323 if (setup && !setup(b, &ctx->ex_buf, &ctx->ex_len, &ctx->ex_arg)) {
324 BIO_clear_retry_flags(b);
325 return 0;
326 }
327 if (ctx->ex_len > 0)
328 ctx->state = ex_state;
329 else
330 ctx->state = other_state;
331 return 1;
332}
333
334static int
335asn1_bio_read(BIO *b, char *in , int inl)
336{
337 if (!b->next_bio)
338 return 0;
339 return BIO_read(b->next_bio, in , inl);
340}
341
342static int
343asn1_bio_puts(BIO *b, const char *str)
344{
345 return asn1_bio_write(b, str, strlen(str));
346}
347
348static int
349asn1_bio_gets(BIO *b, char *str, int size)
350{
351 if (!b->next_bio)
352 return 0;
353 return BIO_gets(b->next_bio, str , size);
354}
355
356static long
357asn1_bio_callback_ctrl(BIO *b, int cmd, BIO_info_cb *fp)
358{
359 if (b->next_bio == NULL)
360 return (0);
361 return BIO_callback_ctrl(b->next_bio, cmd, fp);
362}
363
364static long
365asn1_bio_ctrl(BIO *b, int cmd, long arg1, void *arg2)
366{
367 BIO_ASN1_BUF_CTX *ctx;
368 BIO_ASN1_EX_FUNCS *ex_func;
369 long ret = 1;
370
371 if ((ctx = b->ptr) == NULL)
372 return 0;
373 switch (cmd) {
374
375 case BIO_C_SET_PREFIX:
376 ex_func = arg2;
377 ctx->prefix = ex_func->ex_func;
378 ctx->prefix_free = ex_func->ex_free_func;
379 break;
380
381 case BIO_C_SET_SUFFIX:
382 ex_func = arg2;
383 ctx->suffix = ex_func->ex_func;
384 ctx->suffix_free = ex_func->ex_free_func;
385 break;
386
387 case BIO_C_SET_EX_ARG:
388 ctx->ex_arg = arg2;
389 break;
390
391 case BIO_C_GET_EX_ARG:
392 *(void **)arg2 = ctx->ex_arg;
393 break;
394
395 case BIO_CTRL_FLUSH:
396 if (!b->next_bio)
397 return 0;
398
399 /* Call post function if possible */
400 if (ctx->state == ASN1_STATE_HEADER) {
401 if (!asn1_bio_setup_ex(b, ctx, ctx->suffix,
402 ASN1_STATE_POST_COPY, ASN1_STATE_DONE))
403 return 0;
404 }
405
406 if (ctx->state == ASN1_STATE_POST_COPY) {
407 ret = asn1_bio_flush_ex(b, ctx, ctx->suffix_free,
408 ASN1_STATE_DONE);
409 if (ret <= 0)
410 return ret;
411 }
412
413 if (ctx->state == ASN1_STATE_DONE)
414 return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
415 else {
416 BIO_clear_retry_flags(b);
417 return 0;
418 }
419 break;
420
421
422 default:
423 if (!b->next_bio)
424 return 0;
425 return BIO_ctrl(b->next_bio, cmd, arg1, arg2);
426
427 }
428
429 return ret;
430}
431
432static int
433asn1_bio_set_ex(BIO *b, int cmd, asn1_ps_func *ex_func, asn1_ps_func
434 *ex_free_func)
435{
436 BIO_ASN1_EX_FUNCS extmp;
437
438 extmp.ex_func = ex_func;
439 extmp.ex_free_func = ex_free_func;
440 return BIO_ctrl(b, cmd, 0, &extmp);
441}
442
443int
444BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free)
445{
446 return asn1_bio_set_ex(b, BIO_C_SET_PREFIX, prefix, prefix_free);
447}
448
449int
450BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free)
451{
452 return asn1_bio_set_ex(b, BIO_C_SET_SUFFIX, suffix, suffix_free);
453}
diff --git a/src/lib/libcrypto/asn1/bio_ndef.c b/src/lib/libcrypto/asn1/bio_ndef.c
deleted file mode 100644
index 98bb1cd197..0000000000
--- a/src/lib/libcrypto/asn1/bio_ndef.c
+++ /dev/null
@@ -1,270 +0,0 @@
1/* $OpenBSD: bio_ndef.c,v 1.24 2023/07/28 09:58:30 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project.
4 */
5/* ====================================================================
6 * Copyright (c) 2008 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 */
54
55#include <stdio.h>
56
57#include <openssl/asn1.h>
58#include <openssl/asn1t.h>
59#include <openssl/bio.h>
60#include <openssl/err.h>
61
62#include "asn1_local.h"
63
64int BIO_asn1_set_prefix(BIO *b, asn1_ps_func *prefix, asn1_ps_func *prefix_free);
65int BIO_asn1_set_suffix(BIO *b, asn1_ps_func *suffix, asn1_ps_func *suffix_free);
66
67/* Experimental NDEF ASN1 BIO support routines */
68
69/* The usage is quite simple, initialize an ASN1 structure,
70 * get a BIO from it then any data written through the BIO
71 * will end up translated to approptiate format on the fly.
72 * The data is streamed out and does *not* need to be
73 * all held in memory at once.
74 *
75 * When the BIO is flushed the output is finalized and any
76 * signatures etc written out.
77 *
78 * The BIO is a 'proper' BIO and can handle non blocking I/O
79 * correctly.
80 *
81 * The usage is simple. The implementation is *not*...
82 */
83
84/* BIO support data stored in the ASN1 BIO ex_arg */
85
86typedef struct ndef_aux_st {
87 /* ASN1 structure this BIO refers to */
88 ASN1_VALUE *val;
89 const ASN1_ITEM *it;
90 /* Top of the BIO chain */
91 BIO *ndef_bio;
92 /* Output BIO */
93 BIO *out;
94 /* Boundary where content is inserted */
95 unsigned char **boundary;
96 /* DER buffer start */
97 unsigned char *derbuf;
98} NDEF_SUPPORT;
99
100static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
101static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
102static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg);
103static int ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg);
104
105BIO *
106BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it)
107{
108 NDEF_SUPPORT *ndef_aux = NULL;
109 BIO *asn_bio = NULL, *pop_bio = NULL;
110 const ASN1_AUX *aux = it->funcs;
111 ASN1_STREAM_ARG sarg;
112
113 if (aux == NULL || aux->asn1_cb == NULL) {
114 ASN1error(ASN1_R_STREAMING_NOT_SUPPORTED);
115 goto err;
116 }
117
118 if ((asn_bio = BIO_new(BIO_f_asn1())) == NULL)
119 goto err;
120
121 if (BIO_push(asn_bio, out) == NULL)
122 goto err;
123 pop_bio = asn_bio;
124
125 /*
126 * Set up prefix and suffix handlers first. This ensures that ndef_aux
127 * is freed as part of asn_bio once it is the asn_bio's ex_arg.
128 */
129 if (BIO_asn1_set_prefix(asn_bio, ndef_prefix, ndef_prefix_free) <= 0)
130 goto err;
131 if (BIO_asn1_set_suffix(asn_bio, ndef_suffix, ndef_suffix_free) <= 0)
132 goto err;
133
134 /*
135 * Allocate early to avoid the tricky cleanup after the asn1_cb().
136 * Ownership of ndef_aux is transferred to asn_bio in BIO_ctrl().
137 * Keep a reference to populate it after callback success.
138 */
139 if ((ndef_aux = calloc(1, sizeof(*ndef_aux))) == NULL)
140 goto err;
141 if (BIO_ctrl(asn_bio, BIO_C_SET_EX_ARG, 0, ndef_aux) <= 0) {
142 free(ndef_aux);
143 goto err;
144 }
145
146 /*
147 * The callback prepends BIOs to the chain starting at asn_bio for
148 * digest, cipher, etc. The resulting chain starts at sarg.ndef_bio.
149 */
150
151 sarg.out = asn_bio;
152 sarg.ndef_bio = NULL;
153 sarg.boundary = NULL;
154
155 if (aux->asn1_cb(ASN1_OP_STREAM_PRE, &val, it, &sarg) <= 0)
156 goto err;
157
158 ndef_aux->val = val;
159 ndef_aux->it = it;
160 ndef_aux->ndef_bio = sarg.ndef_bio;
161 ndef_aux->boundary = sarg.boundary;
162 ndef_aux->out = asn_bio;
163
164 return sarg.ndef_bio;
165
166 err:
167 BIO_pop(pop_bio);
168 BIO_free(asn_bio);
169
170 return NULL;
171}
172
173static int
174ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
175{
176 NDEF_SUPPORT *ndef_aux;
177 unsigned char *p = NULL;
178 int derlen;
179
180 if (!parg)
181 return 0;
182
183 ndef_aux = *(NDEF_SUPPORT **)parg;
184
185 if ((derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it)) <= 0)
186 return 0;
187
188 ndef_aux->derbuf = p;
189 *pbuf = p;
190
191 if (*ndef_aux->boundary == NULL)
192 return 0;
193
194 *plen = *ndef_aux->boundary - *pbuf;
195
196 return 1;
197}
198
199static int
200ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
201{
202 NDEF_SUPPORT **pndef_aux = parg;
203
204 if (pndef_aux == NULL || *pndef_aux == NULL)
205 return 0;
206
207 free((*pndef_aux)->derbuf);
208 (*pndef_aux)->derbuf = NULL;
209
210 *pbuf = NULL;
211 *plen = 0;
212
213 return 1;
214}
215
216static int
217ndef_suffix_free(BIO *b, unsigned char **pbuf, int *plen, void *parg)
218{
219 NDEF_SUPPORT **pndef_aux = parg;
220
221 /* Ensure ndef_prefix_free() won't fail, so we won't leak *pndef_aux. */
222 if (pndef_aux == NULL || *pndef_aux == NULL)
223 return 0;
224 if (!ndef_prefix_free(b, pbuf, plen, parg))
225 return 0;
226
227 free(*pndef_aux);
228 *pndef_aux = NULL;
229
230 return 1;
231}
232
233static int
234ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg)
235{
236 NDEF_SUPPORT *ndef_aux;
237 unsigned char *p = NULL;
238 int derlen;
239 const ASN1_AUX *aux;
240 ASN1_STREAM_ARG sarg;
241
242 if (!parg)
243 return 0;
244
245 ndef_aux = *(NDEF_SUPPORT **)parg;
246
247 aux = ndef_aux->it->funcs;
248
249 /* Finalize structures */
250 sarg.ndef_bio = ndef_aux->ndef_bio;
251 sarg.out = ndef_aux->out;
252 sarg.boundary = ndef_aux->boundary;
253 if (aux->asn1_cb(ASN1_OP_STREAM_POST,
254 &ndef_aux->val, ndef_aux->it, &sarg) <= 0)
255 return 0;
256
257 if ((derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it)) <= 0)
258 return 0;
259
260 ndef_aux->derbuf = p;
261 *pbuf = p;
262
263 if (*ndef_aux->boundary == NULL)
264 return 0;
265
266 *pbuf = *ndef_aux->boundary;
267 *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf);
268
269 return 1;
270}
diff --git a/src/lib/libcrypto/asn1/charmap.h b/src/lib/libcrypto/asn1/charmap.h
deleted file mode 100644
index bed5487600..0000000000
--- a/src/lib/libcrypto/asn1/charmap.h
+++ /dev/null
@@ -1,19 +0,0 @@
1/* $OpenBSD: charmap.h,v 1.5 2016/12/21 15:49:29 jsing Exp $ */
2/* Auto generated with chartype.pl script.
3 * Mask of various character properties
4 */
5
6__BEGIN_HIDDEN_DECLS
7
8static const unsigned char char_type[] = {
9 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
10 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2, 2,
11 120, 0, 1, 40, 0, 0, 0, 16, 16, 16, 0, 25, 25, 16, 16, 16,
12 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 9, 9, 16, 9, 16,
13 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
14 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 1, 0, 0, 0,
15 0, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16,
16 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 16, 0, 0, 0, 0, 2
17};
18
19__END_HIDDEN_DECLS
diff --git a/src/lib/libcrypto/asn1/charmap.pl b/src/lib/libcrypto/asn1/charmap.pl
deleted file mode 100644
index 2875c59867..0000000000
--- a/src/lib/libcrypto/asn1/charmap.pl
+++ /dev/null
@@ -1,80 +0,0 @@
1#!/usr/local/bin/perl -w
2
3use strict;
4
5my ($i, @arr);
6
7# Set up an array with the type of ASCII characters
8# Each set bit represents a character property.
9
10# RFC2253 character properties
11my $RFC2253_ESC = 1; # Character escaped with \
12my $ESC_CTRL = 2; # Escaped control character
13# These are used with RFC1779 quoting using "
14my $NOESC_QUOTE = 8; # Not escaped if quoted
15my $PSTRING_CHAR = 0x10; # Valid PrintableString character
16my $RFC2253_FIRST_ESC = 0x20; # Escaped with \ if first character
17my $RFC2253_LAST_ESC = 0x40; # Escaped with \ if last character
18
19for($i = 0; $i < 128; $i++) {
20 # Set the RFC2253 escape characters (control)
21 $arr[$i] = 0;
22 if(($i < 32) || ($i > 126)) {
23 $arr[$i] |= $ESC_CTRL;
24 }
25
26 # Some PrintableString characters
27 if( ( ( $i >= ord("a")) && ( $i <= ord("z")) )
28 || ( ( $i >= ord("A")) && ( $i <= ord("Z")) )
29 || ( ( $i >= ord("0")) && ( $i <= ord("9")) ) ) {
30 $arr[$i] |= $PSTRING_CHAR;
31 }
32}
33
34# Now setup the rest
35
36# Remaining RFC2253 escaped characters
37
38$arr[ord(" ")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC | $RFC2253_LAST_ESC;
39$arr[ord("#")] |= $NOESC_QUOTE | $RFC2253_FIRST_ESC;
40
41$arr[ord(",")] |= $NOESC_QUOTE | $RFC2253_ESC;
42$arr[ord("+")] |= $NOESC_QUOTE | $RFC2253_ESC;
43$arr[ord("\"")] |= $RFC2253_ESC;
44$arr[ord("\\")] |= $RFC2253_ESC;
45$arr[ord("<")] |= $NOESC_QUOTE | $RFC2253_ESC;
46$arr[ord(">")] |= $NOESC_QUOTE | $RFC2253_ESC;
47$arr[ord(";")] |= $NOESC_QUOTE | $RFC2253_ESC;
48
49# Remaining PrintableString characters
50
51$arr[ord(" ")] |= $PSTRING_CHAR;
52$arr[ord("'")] |= $PSTRING_CHAR;
53$arr[ord("(")] |= $PSTRING_CHAR;
54$arr[ord(")")] |= $PSTRING_CHAR;
55$arr[ord("+")] |= $PSTRING_CHAR;
56$arr[ord(",")] |= $PSTRING_CHAR;
57$arr[ord("-")] |= $PSTRING_CHAR;
58$arr[ord(".")] |= $PSTRING_CHAR;
59$arr[ord("/")] |= $PSTRING_CHAR;
60$arr[ord(":")] |= $PSTRING_CHAR;
61$arr[ord("=")] |= $PSTRING_CHAR;
62$arr[ord("?")] |= $PSTRING_CHAR;
63
64# Now generate the C code
65
66print <<EOF;
67/* Auto generated with chartype.pl script.
68 * Mask of various character properties
69 */
70
71static unsigned char char_type[] = {
72EOF
73
74for($i = 0; $i < 128; $i++) {
75 print("\n") if($i && (($i % 16) == 0));
76 printf("%2d", $arr[$i]);
77 print(",") if ($i != 127);
78}
79print("\n};\n\n");
80
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c
deleted file mode 100644
index 582d2d9a9b..0000000000
--- a/src/lib/libcrypto/asn1/p5_pbe.c
+++ /dev/null
@@ -1,188 +0,0 @@
1/* $OpenBSD: p5_pbe.c,v 1.28 2024/07/08 14:48:49 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66
67#include "x509_local.h"
68
69/* PKCS#5 password based encryption structure */
70
71static const ASN1_TEMPLATE PBEPARAM_seq_tt[] = {
72 {
73 .offset = offsetof(PBEPARAM, salt),
74 .field_name = "salt",
75 .item = &ASN1_OCTET_STRING_it,
76 },
77 {
78 .offset = offsetof(PBEPARAM, iter),
79 .field_name = "iter",
80 .item = &ASN1_INTEGER_it,
81 },
82};
83
84const ASN1_ITEM PBEPARAM_it = {
85 .itype = ASN1_ITYPE_SEQUENCE,
86 .utype = V_ASN1_SEQUENCE,
87 .templates = PBEPARAM_seq_tt,
88 .tcount = sizeof(PBEPARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
89 .size = sizeof(PBEPARAM),
90 .sname = "PBEPARAM",
91};
92LCRYPTO_ALIAS(PBEPARAM_it);
93
94
95PBEPARAM *
96d2i_PBEPARAM(PBEPARAM **a, const unsigned char **in, long len)
97{
98 return (PBEPARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
99 &PBEPARAM_it);
100}
101
102int
103i2d_PBEPARAM(PBEPARAM *a, unsigned char **out)
104{
105 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBEPARAM_it);
106}
107
108PBEPARAM *
109PBEPARAM_new(void)
110{
111 return (PBEPARAM *)ASN1_item_new(&PBEPARAM_it);
112}
113
114void
115PBEPARAM_free(PBEPARAM *a)
116{
117 ASN1_item_free((ASN1_VALUE *)a, &PBEPARAM_it);
118}
119
120
121/* Set an algorithm identifier for a PKCS#5 PBE algorithm */
122
123int
124PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter,
125 const unsigned char *salt, int saltlen)
126{
127 PBEPARAM *pbe = NULL;
128 ASN1_STRING *pbe_str = NULL;
129 unsigned char *sstr;
130
131 if ((pbe = PBEPARAM_new()) == NULL) {
132 ASN1error(ERR_R_MALLOC_FAILURE);
133 goto err;
134 }
135 if (iter <= 0)
136 iter = PKCS5_DEFAULT_ITER;
137 if (!ASN1_INTEGER_set(pbe->iter, iter)) {
138 ASN1error(ERR_R_MALLOC_FAILURE);
139 goto err;
140 }
141 if (!saltlen)
142 saltlen = PKCS5_SALT_LEN;
143 if (!ASN1_STRING_set(pbe->salt, NULL, saltlen)) {
144 ASN1error(ERR_R_MALLOC_FAILURE);
145 goto err;
146 }
147 sstr = ASN1_STRING_data(pbe->salt);
148 if (salt)
149 memcpy(sstr, salt, saltlen);
150 else
151 arc4random_buf(sstr, saltlen);
152
153 if (!ASN1_item_pack(pbe, &PBEPARAM_it, &pbe_str)) {
154 ASN1error(ERR_R_MALLOC_FAILURE);
155 goto err;
156 }
157
158 PBEPARAM_free(pbe);
159 pbe = NULL;
160
161 if (X509_ALGOR_set0(algor, OBJ_nid2obj(alg), V_ASN1_SEQUENCE, pbe_str))
162 return 1;
163
164 err:
165 if (pbe != NULL)
166 PBEPARAM_free(pbe);
167 ASN1_STRING_free(pbe_str);
168 return 0;
169}
170
171/* Return an algorithm identifier for a PKCS#5 PBE algorithm */
172
173X509_ALGOR *
174PKCS5_pbe_set(int alg, int iter, const unsigned char *salt, int saltlen)
175{
176 X509_ALGOR *ret;
177 ret = X509_ALGOR_new();
178 if (!ret) {
179 ASN1error(ERR_R_MALLOC_FAILURE);
180 return NULL;
181 }
182
183 if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen))
184 return ret;
185
186 X509_ALGOR_free(ret);
187 return NULL;
188}
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c
deleted file mode 100644
index 76872a8dec..0000000000
--- a/src/lib/libcrypto/asn1/p5_pbev2.c
+++ /dev/null
@@ -1,356 +0,0 @@
1/* $OpenBSD: p5_pbev2.c,v 1.35 2024/03/26 07:03:10 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999-2004.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <stdlib.h>
61#include <string.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66
67#include "evp_local.h"
68#include "x509_local.h"
69
70/* PKCS#5 v2.0 password based encryption structures */
71
72static const ASN1_TEMPLATE PBE2PARAM_seq_tt[] = {
73 {
74 .offset = offsetof(PBE2PARAM, keyfunc),
75 .field_name = "keyfunc",
76 .item = &X509_ALGOR_it,
77 },
78 {
79 .offset = offsetof(PBE2PARAM, encryption),
80 .field_name = "encryption",
81 .item = &X509_ALGOR_it,
82 },
83};
84
85const ASN1_ITEM PBE2PARAM_it = {
86 .itype = ASN1_ITYPE_SEQUENCE,
87 .utype = V_ASN1_SEQUENCE,
88 .templates = PBE2PARAM_seq_tt,
89 .tcount = sizeof(PBE2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
90 .size = sizeof(PBE2PARAM),
91 .sname = "PBE2PARAM",
92};
93
94
95PBE2PARAM *
96d2i_PBE2PARAM(PBE2PARAM **a, const unsigned char **in, long len)
97{
98 return (PBE2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
99 &PBE2PARAM_it);
100}
101
102int
103i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **out)
104{
105 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBE2PARAM_it);
106}
107
108PBE2PARAM *
109PBE2PARAM_new(void)
110{
111 return (PBE2PARAM *)ASN1_item_new(&PBE2PARAM_it);
112}
113
114void
115PBE2PARAM_free(PBE2PARAM *a)
116{
117 ASN1_item_free((ASN1_VALUE *)a, &PBE2PARAM_it);
118}
119
120static const ASN1_TEMPLATE PBKDF2PARAM_seq_tt[] = {
121 {
122 .offset = offsetof(PBKDF2PARAM, salt),
123 .field_name = "salt",
124 .item = &ASN1_ANY_it,
125 },
126 {
127 .offset = offsetof(PBKDF2PARAM, iter),
128 .field_name = "iter",
129 .item = &ASN1_INTEGER_it,
130 },
131 {
132 .flags = ASN1_TFLG_OPTIONAL,
133 .offset = offsetof(PBKDF2PARAM, keylength),
134 .field_name = "keylength",
135 .item = &ASN1_INTEGER_it,
136 },
137 {
138 .flags = ASN1_TFLG_OPTIONAL,
139 .offset = offsetof(PBKDF2PARAM, prf),
140 .field_name = "prf",
141 .item = &X509_ALGOR_it,
142 },
143};
144
145const ASN1_ITEM PBKDF2PARAM_it = {
146 .itype = ASN1_ITYPE_SEQUENCE,
147 .utype = V_ASN1_SEQUENCE,
148 .templates = PBKDF2PARAM_seq_tt,
149 .tcount = sizeof(PBKDF2PARAM_seq_tt) / sizeof(ASN1_TEMPLATE),
150 .size = sizeof(PBKDF2PARAM),
151 .sname = "PBKDF2PARAM",
152};
153
154
155PBKDF2PARAM *
156d2i_PBKDF2PARAM(PBKDF2PARAM **a, const unsigned char **in, long len)
157{
158 return (PBKDF2PARAM *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
159 &PBKDF2PARAM_it);
160}
161
162int
163i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **out)
164{
165 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PBKDF2PARAM_it);
166}
167
168PBKDF2PARAM *
169PBKDF2PARAM_new(void)
170{
171 return (PBKDF2PARAM *)ASN1_item_new(&PBKDF2PARAM_it);
172}
173
174void
175PBKDF2PARAM_free(PBKDF2PARAM *a)
176{
177 ASN1_item_free((ASN1_VALUE *)a, &PBKDF2PARAM_it);
178}
179
180/*
181 * Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm:
182 * yes I know this is horrible!
183 */
184
185X509_ALGOR *
186PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt,
187 int saltlen)
188{
189 X509_ALGOR *scheme = NULL, *kalg = NULL, *ret = NULL;
190 int prf_nid = NID_hmacWithSHA1;
191 int alg_nid, keylen;
192 EVP_CIPHER_CTX ctx;
193 unsigned char iv[EVP_MAX_IV_LENGTH];
194 PBE2PARAM *pbe2 = NULL;
195 ASN1_OBJECT *obj;
196
197 alg_nid = EVP_CIPHER_type(cipher);
198 if (alg_nid == NID_undef) {
199 ASN1error(ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER);
200 goto err;
201 }
202 obj = OBJ_nid2obj(alg_nid);
203
204 if (!(pbe2 = PBE2PARAM_new()))
205 goto merr;
206
207 /* Setup the AlgorithmIdentifier for the encryption scheme */
208 scheme = pbe2->encryption;
209
210 scheme->algorithm = obj;
211 if (!(scheme->parameter = ASN1_TYPE_new()))
212 goto merr;
213
214 /* Create random IV */
215 if (EVP_CIPHER_iv_length(cipher) > 0)
216 arc4random_buf(iv, EVP_CIPHER_iv_length(cipher));
217
218 EVP_CIPHER_CTX_legacy_clear(&ctx);
219
220 /* Dummy cipherinit to just setup the IV, and PRF */
221 if (!EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0))
222 goto err;
223 if (EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) {
224 ASN1error(ASN1_R_ERROR_SETTING_CIPHER_PARAMS);
225 EVP_CIPHER_CTX_cleanup(&ctx);
226 goto err;
227 }
228 EVP_CIPHER_CTX_cleanup(&ctx);
229
230 /* If its RC2 then we'd better setup the key length */
231
232 if (alg_nid == NID_rc2_cbc)
233 keylen = EVP_CIPHER_key_length(cipher);
234 else
235 keylen = -1;
236
237 /* Setup keyfunc */
238
239 X509_ALGOR_free(pbe2->keyfunc);
240
241 pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen);
242
243 if (!pbe2->keyfunc)
244 goto merr;
245
246 /* Now set up top level AlgorithmIdentifier */
247
248 if (!(ret = X509_ALGOR_new()))
249 goto merr;
250 if (!(ret->parameter = ASN1_TYPE_new()))
251 goto merr;
252
253 ret->algorithm = OBJ_nid2obj(NID_pbes2);
254
255 /* Encode PBE2PARAM into parameter */
256
257 if (!ASN1_item_pack(pbe2, &PBE2PARAM_it,
258 &ret->parameter->value.sequence)) goto merr;
259 ret->parameter->type = V_ASN1_SEQUENCE;
260
261 PBE2PARAM_free(pbe2);
262 pbe2 = NULL;
263
264 return ret;
265
266 merr:
267 ASN1error(ERR_R_MALLOC_FAILURE);
268
269 err:
270 PBE2PARAM_free(pbe2);
271 /* Note 'scheme' is freed as part of pbe2 */
272 X509_ALGOR_free(kalg);
273 X509_ALGOR_free(ret);
274
275 return NULL;
276}
277
278X509_ALGOR *
279PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, int prf_nid,
280 int keylen)
281{
282 X509_ALGOR *keyfunc = NULL;
283 PBKDF2PARAM *kdf = NULL;
284 ASN1_OCTET_STRING *osalt = NULL;
285
286 if (!(kdf = PBKDF2PARAM_new()))
287 goto merr;
288 if (!(osalt = ASN1_OCTET_STRING_new()))
289 goto merr;
290
291 kdf->salt->value.octet_string = osalt;
292 kdf->salt->type = V_ASN1_OCTET_STRING;
293
294 if (!saltlen)
295 saltlen = PKCS5_SALT_LEN;
296 if (!(osalt->data = malloc (saltlen)))
297 goto merr;
298
299 osalt->length = saltlen;
300
301 if (salt)
302 memcpy (osalt->data, salt, saltlen);
303 else
304 arc4random_buf(osalt->data, saltlen);
305
306 if (iter <= 0)
307 iter = PKCS5_DEFAULT_ITER;
308
309 if (!ASN1_INTEGER_set(kdf->iter, iter))
310 goto merr;
311
312 /* If have a key len set it up */
313
314 if (keylen > 0) {
315 if (!(kdf->keylength = ASN1_INTEGER_new()))
316 goto merr;
317 if (!ASN1_INTEGER_set(kdf->keylength, keylen))
318 goto merr;
319 }
320
321 /* prf can stay NULL if we are using hmacWithSHA1 */
322 if (prf_nid > 0 && prf_nid != NID_hmacWithSHA1) {
323 kdf->prf = X509_ALGOR_new();
324 if (!kdf->prf)
325 goto merr;
326 X509_ALGOR_set0(kdf->prf, OBJ_nid2obj(prf_nid),
327 V_ASN1_NULL, NULL);
328 }
329
330 /* Finally setup the keyfunc structure */
331
332 keyfunc = X509_ALGOR_new();
333 if (!keyfunc)
334 goto merr;
335
336 keyfunc->algorithm = OBJ_nid2obj(NID_id_pbkdf2);
337
338 /* Encode PBKDF2PARAM into parameter of pbe2 */
339
340 if (!(keyfunc->parameter = ASN1_TYPE_new()))
341 goto merr;
342
343 if (!ASN1_item_pack(kdf, &PBKDF2PARAM_it,
344 &keyfunc->parameter->value.sequence))
345 goto merr;
346 keyfunc->parameter->type = V_ASN1_SEQUENCE;
347
348 PBKDF2PARAM_free(kdf);
349 return keyfunc;
350
351 merr:
352 ASN1error(ERR_R_MALLOC_FAILURE);
353 PBKDF2PARAM_free(kdf);
354 X509_ALGOR_free(keyfunc);
355 return NULL;
356}
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c
deleted file mode 100644
index bdb0c39ad5..0000000000
--- a/src/lib/libcrypto/asn1/p8_pkey.c
+++ /dev/null
@@ -1,196 +0,0 @@
1/* $OpenBSD: p8_pkey.c,v 1.25 2024/07/08 14:48:49 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/asn1t.h>
63#include <openssl/x509.h>
64
65#include "x509_local.h"
66
67/* Minor tweak to operation: zero private key data */
68static int
69pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
70{
71 /* Since the structure must still be valid use ASN1_OP_FREE_PRE */
72 if (operation == ASN1_OP_FREE_PRE) {
73 PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval;
74 if (key->pkey != NULL)
75 explicit_bzero(key->pkey->data, key->pkey->length);
76 }
77 return 1;
78}
79
80static const ASN1_AUX PKCS8_PRIV_KEY_INFO_aux = {
81 .asn1_cb = pkey_cb,
82};
83static const ASN1_TEMPLATE PKCS8_PRIV_KEY_INFO_seq_tt[] = {
84 {
85 .offset = offsetof(PKCS8_PRIV_KEY_INFO, version),
86 .field_name = "version",
87 .item = &ASN1_INTEGER_it,
88 },
89 {
90 .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkeyalg),
91 .field_name = "pkeyalg",
92 .item = &X509_ALGOR_it,
93 },
94 {
95 .offset = offsetof(PKCS8_PRIV_KEY_INFO, pkey),
96 .field_name = "pkey",
97 .item = &ASN1_OCTET_STRING_it,
98 },
99 {
100 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
101 .offset = offsetof(PKCS8_PRIV_KEY_INFO, attributes),
102 .field_name = "attributes",
103 .item = &X509_ATTRIBUTE_it,
104 },
105};
106
107const ASN1_ITEM PKCS8_PRIV_KEY_INFO_it = {
108 .itype = ASN1_ITYPE_SEQUENCE,
109 .utype = V_ASN1_SEQUENCE,
110 .templates = PKCS8_PRIV_KEY_INFO_seq_tt,
111 .tcount = sizeof(PKCS8_PRIV_KEY_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
112 .funcs = &PKCS8_PRIV_KEY_INFO_aux,
113 .size = sizeof(PKCS8_PRIV_KEY_INFO),
114 .sname = "PKCS8_PRIV_KEY_INFO",
115};
116LCRYPTO_ALIAS(PKCS8_PRIV_KEY_INFO_it);
117
118
119PKCS8_PRIV_KEY_INFO *
120d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, const unsigned char **in, long len)
121{
122 return (PKCS8_PRIV_KEY_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
123 &PKCS8_PRIV_KEY_INFO_it);
124}
125LCRYPTO_ALIAS(d2i_PKCS8_PRIV_KEY_INFO);
126
127int
128i2d_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO *a, unsigned char **out)
129{
130 return ASN1_item_i2d((ASN1_VALUE *)a, out, &PKCS8_PRIV_KEY_INFO_it);
131}
132LCRYPTO_ALIAS(i2d_PKCS8_PRIV_KEY_INFO);
133
134PKCS8_PRIV_KEY_INFO *
135PKCS8_PRIV_KEY_INFO_new(void)
136{
137 return (PKCS8_PRIV_KEY_INFO *)ASN1_item_new(&PKCS8_PRIV_KEY_INFO_it);
138}
139LCRYPTO_ALIAS(PKCS8_PRIV_KEY_INFO_new);
140
141void
142PKCS8_PRIV_KEY_INFO_free(PKCS8_PRIV_KEY_INFO *a)
143{
144 ASN1_item_free((ASN1_VALUE *)a, &PKCS8_PRIV_KEY_INFO_it);
145}
146LCRYPTO_ALIAS(PKCS8_PRIV_KEY_INFO_free);
147
148int
149PKCS8_pkey_set0(PKCS8_PRIV_KEY_INFO *priv, ASN1_OBJECT *aobj, int version,
150 int ptype, void *pval, unsigned char *penc, int penclen)
151{
152 if (version >= 0) {
153 if (!ASN1_INTEGER_set(priv->version, version))
154 return 0;
155 }
156 if (!X509_ALGOR_set0(priv->pkeyalg, aobj, ptype, pval))
157 return 0;
158 if (penc != NULL)
159 ASN1_STRING_set0(priv->pkey, penc, penclen);
160 return 1;
161}
162LCRYPTO_ALIAS(PKCS8_pkey_set0);
163
164int
165PKCS8_pkey_get0(const ASN1_OBJECT **ppkalg, const unsigned char **pk,
166 int *ppklen, const X509_ALGOR **pa, const PKCS8_PRIV_KEY_INFO *p8)
167{
168 if (ppkalg != NULL)
169 *ppkalg = p8->pkeyalg->algorithm;
170 if (pk != NULL) {
171 *pk = ASN1_STRING_data(p8->pkey);
172 *ppklen = ASN1_STRING_length(p8->pkey);
173 }
174 if (pa != NULL)
175 *pa = p8->pkeyalg;
176 return 1;
177}
178LCRYPTO_ALIAS(PKCS8_pkey_get0);
179
180const STACK_OF(X509_ATTRIBUTE) *
181PKCS8_pkey_get0_attrs(const PKCS8_PRIV_KEY_INFO *p8)
182{
183 return p8->attributes;
184}
185LCRYPTO_ALIAS(PKCS8_pkey_get0_attrs);
186
187int
188PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type,
189 const unsigned char *bytes, int len)
190{
191 if (X509at_add1_attr_by_NID(&p8->attributes, nid, type, bytes,
192 len) != NULL)
193 return 1;
194 return 0;
195}
196LCRYPTO_ALIAS(PKCS8_pkey_add1_attr_by_NID);
diff --git a/src/lib/libcrypto/asn1/posix_time.h b/src/lib/libcrypto/asn1/posix_time.h
deleted file mode 100644
index 82b3f30bc2..0000000000
--- a/src/lib/libcrypto/asn1/posix_time.h
+++ /dev/null
@@ -1,54 +0,0 @@
1/* $OpenBSD: posix_time.h,v 1.1 2024/02/18 16:28:38 tb Exp $ */
2/*
3 * Copyright (c) 2022, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef OPENSSL_HEADER_POSIX_TIME_H
19#define OPENSSL_HEADER_POSIX_TIME_H
20
21#include <stdint.h>
22#include <time.h>
23
24#if defined(__cplusplus)
25extern "C" {
26#endif
27
28/*
29 * OPENSSL_posix_to_tm converts a int64_t POSIX time value in |time|, which must
30 * be in the range of year 0000 to 9999, to a broken out time value in |tm|. It
31 * returns one on success and zero on error.
32 */
33int OPENSSL_posix_to_tm(int64_t time, struct tm *out_tm);
34
35/*
36 * OPENSSL_tm_to_posix converts a time value between the years 0 and 9999 in
37 * |tm| to a POSIX time value in |out|. One is returned on success, zero is
38 * returned on failure. It is a failure if |tm| contains out of range values.
39 */
40int OPENSSL_tm_to_posix(const struct tm *tm, int64_t *out);
41
42/*
43 * OPENSSL_timegm converts a time value between the years 0 and 9999 in |tm| to
44 * a time_t value in |out|. One is returned on success, zero is returned on
45 * failure. It is a failure if the converted time can not be represented in a
46 * time_t, or if the tm contains out of range values.
47 */
48int OPENSSL_timegm(const struct tm *tm, time_t *out);
49
50#if defined(__cplusplus)
51} /* extern C */
52#endif
53
54#endif /* OPENSSL_HEADER_POSIX_TIME_H */
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c
deleted file mode 100644
index 6449e7f199..0000000000
--- a/src/lib/libcrypto/asn1/t_crl.c
+++ /dev/null
@@ -1,152 +0,0 @@
1/* $OpenBSD: t_crl.c,v 1.26 2024/05/03 02:52:00 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include <limits.h>
61
62#include <openssl/bn.h>
63#include <openssl/buffer.h>
64#include <openssl/err.h>
65#include <openssl/objects.h>
66#include <openssl/x509.h>
67#include <openssl/x509v3.h>
68
69#include "x509_local.h"
70
71int
72X509_CRL_print_fp(FILE *fp, X509_CRL *x)
73{
74 BIO *b;
75 int ret;
76
77 if ((b = BIO_new(BIO_s_file())) == NULL) {
78 X509error(ERR_R_BUF_LIB);
79 return (0);
80 }
81 BIO_set_fp(b, fp, BIO_NOCLOSE);
82 ret = X509_CRL_print(b, x);
83 BIO_free(b);
84 return (ret);
85}
86LCRYPTO_ALIAS(X509_CRL_print_fp);
87
88int
89X509_CRL_print(BIO *out, X509_CRL *x)
90{
91 STACK_OF(X509_REVOKED) *rev;
92 X509_REVOKED *r;
93 long l;
94 int i;
95 char *p;
96
97 BIO_printf(out, "Certificate Revocation List (CRL):\n");
98 l = X509_CRL_get_version(x);
99 if (l >= 0 && l <= 1) {
100 if (BIO_printf(out, "%8sVersion: %lu (0x%lx)\n",
101 "", l + 1, l) <= 0)
102 goto err;
103 } else {
104 if (BIO_printf(out, "%8sVersion: unknown (%ld)\n",
105 "", l) <= 0)
106 goto err;
107 }
108 if (X509_signature_print(out, x->sig_alg, NULL) == 0)
109 goto err;
110 p = X509_NAME_oneline(X509_CRL_get_issuer(x), NULL, 0);
111 if (p == NULL)
112 goto err;
113 BIO_printf(out, "%8sIssuer: %s\n", "", p);
114 free(p);
115 BIO_printf(out, "%8sLast Update: ", "");
116 ASN1_TIME_print(out, X509_CRL_get_lastUpdate(x));
117 BIO_printf(out, "\n%8sNext Update: ", "");
118 if (X509_CRL_get_nextUpdate(x))
119 ASN1_TIME_print(out, X509_CRL_get_nextUpdate(x));
120 else
121 BIO_printf(out, "NONE");
122 BIO_printf(out, "\n");
123
124 X509V3_extensions_print(out, "CRL extensions",
125 x->crl->extensions, 0, 8);
126
127 rev = X509_CRL_get_REVOKED(x);
128
129 if (sk_X509_REVOKED_num(rev) > 0)
130 BIO_printf(out, "Revoked Certificates:\n");
131 else
132 BIO_printf(out, "No Revoked Certificates.\n");
133
134 for (i = 0; i < sk_X509_REVOKED_num(rev); i++) {
135 r = sk_X509_REVOKED_value(rev, i);
136 BIO_printf(out, " Serial Number: ");
137 i2a_ASN1_INTEGER(out, r->serialNumber);
138 BIO_printf(out, "\n Revocation Date: ");
139 ASN1_TIME_print(out, r->revocationDate);
140 BIO_printf(out, "\n");
141 X509V3_extensions_print(out, "CRL entry extensions",
142 r->extensions, 0, 8);
143 }
144 if (X509_signature_print(out, x->sig_alg, x->signature) == 0)
145 goto err;
146
147 return 1;
148
149 err:
150 return 0;
151}
152LCRYPTO_ALIAS(X509_CRL_print);
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c
deleted file mode 100644
index 1d4be9865d..0000000000
--- a/src/lib/libcrypto/asn1/t_req.c
+++ /dev/null
@@ -1,263 +0,0 @@
1/* $OpenBSD: t_req.c,v 1.28 2024/05/03 02:52:00 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/bn.h>
64#include <openssl/buffer.h>
65#include <openssl/err.h>
66#include <openssl/objects.h>
67#include <openssl/x509.h>
68#include <openssl/x509v3.h>
69
70#ifndef OPENSSL_NO_DSA
71#include <openssl/dsa.h>
72#endif
73#ifndef OPENSSL_NO_RSA
74#include <openssl/rsa.h>
75#endif
76
77#include "x509_local.h"
78
79int
80X509_REQ_print_fp(FILE *fp, X509_REQ *x)
81{
82 BIO *b;
83 int ret;
84
85 if ((b = BIO_new(BIO_s_file())) == NULL) {
86 X509error(ERR_R_BUF_LIB);
87 return (0);
88 }
89 BIO_set_fp(b, fp, BIO_NOCLOSE);
90 ret = X509_REQ_print(b, x);
91 BIO_free(b);
92 return (ret);
93}
94LCRYPTO_ALIAS(X509_REQ_print_fp);
95
96int
97X509_REQ_print_ex(BIO *bp, X509_REQ *x, unsigned long nmflags,
98 unsigned long cflag)
99{
100 unsigned long l;
101 int i;
102 X509_REQ_INFO *ri;
103 EVP_PKEY *pkey;
104 STACK_OF(X509_ATTRIBUTE) *sk;
105 STACK_OF(X509_EXTENSION) *exts = NULL;
106 char mlch = ' ';
107 int nmindent = 0;
108
109 if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
110 mlch = '\n';
111 nmindent = 12;
112 }
113
114 if (nmflags == X509_FLAG_COMPAT)
115 nmindent = 16;
116
117 ri = x->req_info;
118 if (!(cflag & X509_FLAG_NO_HEADER)) {
119 if (BIO_write(bp, "Certificate Request:\n", 21) <= 0)
120 goto err;
121 if (BIO_write(bp, " Data:\n", 10) <= 0)
122
123 goto err;
124 }
125 if (!(cflag & X509_FLAG_NO_VERSION)) {
126 if ((l = X509_REQ_get_version(x)) == 0) {
127 if (BIO_printf(bp, "%8sVersion: 1 (0x0)\n", "") <= 0)
128 goto err;
129 } else {
130 if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n",
131 "", l) <= 0)
132 goto err;
133 }
134 }
135 if (!(cflag & X509_FLAG_NO_SUBJECT)) {
136 if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
137 goto err;
138 if (X509_NAME_print_ex(bp, ri->subject, nmindent, nmflags) < 0)
139 goto err;
140 if (BIO_write(bp, "\n", 1) <= 0)
141 goto err;
142 }
143 if (!(cflag & X509_FLAG_NO_PUBKEY)) {
144 if (BIO_write(bp, " Subject Public Key Info:\n",
145 33) <= 0)
146 goto err;
147 if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
148 goto err;
149 if (i2a_ASN1_OBJECT(bp, ri->pubkey->algor->algorithm) <= 0)
150 goto err;
151 if (BIO_puts(bp, "\n") <= 0)
152 goto err;
153
154 pkey = X509_REQ_get_pubkey(x);
155 if (pkey == NULL) {
156 BIO_printf(bp, "%12sUnable to load Public Key\n", "");
157 ERR_print_errors(bp);
158 } else {
159 EVP_PKEY_print_public(bp, pkey, 16, NULL);
160 EVP_PKEY_free(pkey);
161 }
162 }
163
164 if (!(cflag & X509_FLAG_NO_ATTRIBUTES)) {
165 /* may not be */
166 if (BIO_printf(bp, "%8sAttributes:\n", "") <= 0)
167 goto err;
168
169 sk = x->req_info->attributes;
170 if (sk_X509_ATTRIBUTE_num(sk) == 0) {
171 if (BIO_printf(bp, "%12sa0:00\n", "") <= 0)
172 goto err;
173 } else {
174 for (i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) {
175 ASN1_TYPE *at;
176 X509_ATTRIBUTE *a;
177 ASN1_BIT_STRING *bs = NULL;
178 int j, type = 0, count = 1, ii = 0;
179
180 a = sk_X509_ATTRIBUTE_value(sk, i);
181 if (X509_REQ_extension_nid(
182 OBJ_obj2nid(a->object)))
183 continue;
184 if (BIO_printf(bp, "%12s", "") <= 0)
185 goto err;
186 if ((j = i2a_ASN1_OBJECT(bp, a->object)) > 0) {
187 ii = 0;
188 count = sk_ASN1_TYPE_num(a->set);
189 get_next:
190 at = sk_ASN1_TYPE_value(a->set, ii);
191 type = at->type;
192 bs = at->value.asn1_string;
193 }
194 for (j = 25 - j; j > 0; j--)
195 if (BIO_write(bp, " ", 1) != 1)
196 goto err;
197 if (BIO_puts(bp, ":") <= 0)
198 goto err;
199 if ((type == V_ASN1_PRINTABLESTRING) ||
200 (type == V_ASN1_T61STRING) ||
201 (type == V_ASN1_IA5STRING)) {
202 if (BIO_write(bp, (char *)bs->data,
203 bs->length) != bs->length)
204 goto err;
205 BIO_puts(bp, "\n");
206 } else {
207 BIO_puts(bp,
208 "unable to print attribute\n");
209 }
210 if (++ii < count)
211 goto get_next;
212 }
213 }
214 }
215 if (!(cflag & X509_FLAG_NO_EXTENSIONS)) {
216 exts = X509_REQ_get_extensions(x);
217 if (exts) {
218 BIO_printf(bp, "%8sRequested Extensions:\n", "");
219 for (i = 0; i < sk_X509_EXTENSION_num(exts); i++) {
220 ASN1_OBJECT *obj;
221 X509_EXTENSION *ex;
222 int j;
223 ex = sk_X509_EXTENSION_value(exts, i);
224 if (BIO_printf(bp, "%12s", "") <= 0)
225 goto err;
226 obj = X509_EXTENSION_get_object(ex);
227 i2a_ASN1_OBJECT(bp, obj);
228 j = X509_EXTENSION_get_critical(ex);
229 if (BIO_printf(bp, ": %s\n",
230 j ? "critical" : "") <= 0)
231 goto err;
232 if (!X509V3_EXT_print(bp, ex, cflag, 16)) {
233 BIO_printf(bp, "%16s", "");
234 ASN1_STRING_print(bp, ex->value);
235 }
236 if (BIO_write(bp, "\n", 1) <= 0)
237 goto err;
238 }
239 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
240 exts = NULL;
241 }
242 }
243
244 if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
245 if (!X509_signature_print(bp, x->sig_alg, x->signature))
246 goto err;
247 }
248
249 return (1);
250
251 err:
252 sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free);
253 X509error(ERR_R_BUF_LIB);
254 return (0);
255}
256LCRYPTO_ALIAS(X509_REQ_print_ex);
257
258int
259X509_REQ_print(BIO *bp, X509_REQ *x)
260{
261 return X509_REQ_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
262}
263LCRYPTO_ALIAS(X509_REQ_print);
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c
deleted file mode 100644
index 1a315c1573..0000000000
--- a/src/lib/libcrypto/asn1/t_spki.c
+++ /dev/null
@@ -1,116 +0,0 @@
1/* $OpenBSD: t_spki.c,v 1.17 2024/04/09 13:55:02 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1.h>
64#include <openssl/bn.h>
65#include <openssl/x509.h>
66
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#ifndef OPENSSL_NO_RSA
71#include <openssl/rsa.h>
72#endif
73
74#include "x509_local.h"
75
76/* Print out an SPKI */
77
78int
79NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki)
80{
81 EVP_PKEY *pkey;
82 ASN1_IA5STRING *chal;
83 int i, n;
84 char *s;
85
86 BIO_printf(out, "Netscape SPKI:\n");
87 i = OBJ_obj2nid(spki->spkac->pubkey->algor->algorithm);
88 BIO_printf(out, " Public Key Algorithm: %s\n",
89 (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
90 pkey = X509_PUBKEY_get(spki->spkac->pubkey);
91 if (!pkey)
92 BIO_printf(out, " Unable to load public key\n");
93 else {
94 EVP_PKEY_print_public(out, pkey, 4, NULL);
95 EVP_PKEY_free(pkey);
96 }
97 chal = spki->spkac->challenge;
98 if (chal->length)
99 BIO_printf(out, " Challenge String: %.*s\n", chal->length,
100 chal->data);
101 i = OBJ_obj2nid(spki->sig_algor->algorithm);
102 BIO_printf(out, " Signature Algorithm: %s",
103 (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i));
104
105 n = spki->signature->length;
106 s = (char *)spki->signature->data;
107 for (i = 0; i < n; i++) {
108 if ((i % 18) == 0)
109 BIO_write(out, "\n ", 7);
110 BIO_printf(out, "%02x%s", (unsigned char)s[i],
111 ((i + 1) == n) ? "" : ":");
112 }
113 BIO_write(out, "\n", 1);
114 return 1;
115}
116LCRYPTO_ALIAS(NETSCAPE_SPKI_print);
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c
deleted file mode 100644
index 7cf4557314..0000000000
--- a/src/lib/libcrypto/asn1/t_x509.c
+++ /dev/null
@@ -1,485 +0,0 @@
1/* $OpenBSD: t_x509.c,v 1.51 2025/02/08 03:41:36 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <limits.h>
60#include <stdint.h>
61#include <stdio.h>
62#include <stdlib.h>
63
64#include <openssl/opensslconf.h>
65
66#include <openssl/asn1.h>
67#include <openssl/bio.h>
68#include <openssl/err.h>
69#include <openssl/evp.h>
70#include <openssl/objects.h>
71#include <openssl/sha.h>
72#include <openssl/x509.h>
73#include <openssl/x509v3.h>
74
75#include "evp_local.h"
76#include "x509_local.h"
77
78int
79X509_print_fp(FILE *fp, X509 *x)
80{
81 return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
82}
83LCRYPTO_ALIAS(X509_print_fp);
84
85int
86X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag)
87{
88 BIO *b;
89 int ret;
90
91 if ((b = BIO_new(BIO_s_file())) == NULL) {
92 X509error(ERR_R_BUF_LIB);
93 return (0);
94 }
95 BIO_set_fp(b, fp, BIO_NOCLOSE);
96 ret = X509_print_ex(b, x, nmflag, cflag);
97 BIO_free(b);
98 return (ret);
99}
100LCRYPTO_ALIAS(X509_print_ex_fp);
101
102int
103X509_print(BIO *bp, X509 *x)
104{
105 return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT);
106}
107LCRYPTO_ALIAS(X509_print);
108
109int
110X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag)
111{
112 long l;
113 int ret = 0, i;
114 char *m = NULL, mlch = ' ';
115 int nmindent = 0;
116 X509_CINF *ci;
117 ASN1_INTEGER *bs;
118 EVP_PKEY *pkey = NULL;
119
120 if ((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) {
121 mlch = '\n';
122 nmindent = 12;
123 }
124
125 if (nmflags == X509_FLAG_COMPAT)
126 nmindent = 16;
127
128 ci = x->cert_info;
129 if (!(cflag & X509_FLAG_NO_HEADER)) {
130 if (BIO_write(bp, "Certificate:\n", 13) <= 0)
131 goto err;
132 if (BIO_write(bp, " Data:\n", 10) <= 0)
133 goto err;
134 }
135 if (!(cflag & X509_FLAG_NO_VERSION)) {
136 l = X509_get_version(x);
137 if (l >= 0 && l <= 2) {
138 if (BIO_printf(bp, "%8sVersion: %ld (0x%lx)\n",
139 "", l + 1, l) <= 0)
140 goto err;
141 } else {
142 if (BIO_printf(bp, "%8sVersion: unknown (%ld)\n",
143 "", l) <= 0)
144 goto err;
145 }
146 }
147 if (!(cflag & X509_FLAG_NO_SERIAL)) {
148 if (BIO_write(bp, " Serial Number:", 22) <= 0)
149 goto err;
150
151 bs = X509_get_serialNumber(x);
152 l = -1;
153
154 /*
155 * For historical reasons, non-negative serial numbers are
156 * printed in decimal as long as they fit into a long. Using
157 * ASN1_INTEGER_get_uint64() avoids an error on the stack for
158 * numbers between LONG_MAX and ULONG_MAX. Otherwise fall back
159 * to hexadecimal, also for numbers that are non-conformant
160 * (negative or larger than 2^159 - 1).
161 */
162 if (bs->length <= sizeof(long) && bs->type == V_ASN1_INTEGER) {
163 uint64_t u64;
164
165 if (ASN1_INTEGER_get_uint64(&u64, bs) && u64 <= LONG_MAX)
166 l = (long)u64;
167 }
168 if (l >= 0) {
169 if (BIO_printf(bp, " %ld (0x%lx)\n", l, l) <= 0)
170 goto err;
171 } else {
172 const char *neg = "";
173
174 if (bs->type == V_ASN1_NEG_INTEGER)
175 neg = " (Negative)";
176
177 if (BIO_printf(bp, "\n%12s%s", "", neg) <= 0)
178 goto err;
179 for (i = 0; i < bs->length; i++) {
180 if (BIO_printf(bp, "%02x%c", bs->data[i],
181 ((i + 1 == bs->length) ? '\n' : ':')) <= 0)
182 goto err;
183 }
184 }
185
186 }
187
188 if (!(cflag & X509_FLAG_NO_SIGNAME)) {
189 if (X509_signature_print(bp, x->sig_alg, NULL) <= 0)
190 goto err;
191 }
192
193 if (!(cflag & X509_FLAG_NO_ISSUER)) {
194 if (BIO_printf(bp, " Issuer:%c", mlch) <= 0)
195 goto err;
196 if (X509_NAME_print_ex(bp, X509_get_issuer_name(x),
197 nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0))
198 goto err;
199 if (BIO_write(bp, "\n", 1) <= 0)
200 goto err;
201 }
202 if (!(cflag & X509_FLAG_NO_VALIDITY)) {
203 if (BIO_write(bp, " Validity\n", 17) <= 0)
204 goto err;
205 if (BIO_write(bp, " Not Before: ", 24) <= 0)
206 goto err;
207 if (!ASN1_TIME_print(bp, X509_get_notBefore(x)))
208 goto err;
209 if (BIO_write(bp, "\n Not After : ", 25) <= 0)
210 goto err;
211 if (!ASN1_TIME_print(bp, X509_get_notAfter(x)))
212 goto err;
213 if (BIO_write(bp, "\n", 1) <= 0)
214 goto err;
215 }
216 if (!(cflag & X509_FLAG_NO_SUBJECT)) {
217 if (BIO_printf(bp, " Subject:%c", mlch) <= 0)
218 goto err;
219 if (X509_NAME_print_ex(bp, X509_get_subject_name(x),
220 nmindent, nmflags) < (nmflags == X509_FLAG_COMPAT ? 1 : 0))
221 goto err;
222 if (BIO_write(bp, "\n", 1) <= 0)
223 goto err;
224 }
225 if (!(cflag & X509_FLAG_NO_PUBKEY)) {
226 if (BIO_write(bp, " Subject Public Key Info:\n",
227 33) <= 0)
228 goto err;
229 if (BIO_printf(bp, "%12sPublic Key Algorithm: ", "") <= 0)
230 goto err;
231 if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0)
232 goto err;
233 if (BIO_puts(bp, "\n") <= 0)
234 goto err;
235
236 pkey = X509_get_pubkey(x);
237 if (pkey == NULL) {
238 BIO_printf(bp, "%12sUnable to load Public Key\n", "");
239 ERR_print_errors(bp);
240 } else {
241 EVP_PKEY_print_public(bp, pkey, 16, NULL);
242 EVP_PKEY_free(pkey);
243 }
244 }
245
246 if (!(cflag & X509_FLAG_NO_EXTENSIONS))
247 X509V3_extensions_print(bp, "X509v3 extensions",
248 ci->extensions, cflag, 8);
249
250 if (!(cflag & X509_FLAG_NO_SIGDUMP)) {
251 if (X509_signature_print(bp, x->sig_alg, x->signature) <= 0)
252 goto err;
253 }
254 if (!(cflag & X509_FLAG_NO_AUX)) {
255 if (!X509_CERT_AUX_print(bp, x->aux, 0))
256 goto err;
257 }
258 ret = 1;
259
260 err:
261 free(m);
262 return (ret);
263}
264LCRYPTO_ALIAS(X509_print_ex);
265
266int
267X509_ocspid_print(BIO *bp, X509 *x)
268{
269 unsigned char *der = NULL;
270 unsigned char *dertmp;
271 int derlen;
272 int i;
273 unsigned char SHA1md[SHA_DIGEST_LENGTH];
274
275 /* display the hash of the subject as it would appear
276 in OCSP requests */
277 if (BIO_printf(bp, " Subject OCSP hash: ") <= 0)
278 goto err;
279 if ((derlen = i2d_X509_NAME(x->cert_info->subject, NULL)) <= 0)
280 goto err;
281 if ((der = dertmp = malloc(derlen)) == NULL)
282 goto err;
283 if (i2d_X509_NAME(x->cert_info->subject, &dertmp) <= 0)
284 goto err;
285
286 if (!EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL))
287 goto err;
288 for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
289 if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
290 goto err;
291 }
292 free (der);
293 der = NULL;
294
295 /* display the hash of the public key as it would appear
296 in OCSP requests */
297 if (BIO_printf(bp, "\n Public key OCSP hash: ") <= 0)
298 goto err;
299
300 if (!EVP_Digest(x->cert_info->key->public_key->data,
301 x->cert_info->key->public_key->length,
302 SHA1md, NULL, EVP_sha1(), NULL))
303 goto err;
304 for (i = 0; i < SHA_DIGEST_LENGTH; i++) {
305 if (BIO_printf(bp, "%02X", SHA1md[i]) <= 0)
306 goto err;
307 }
308 BIO_printf(bp, "\n");
309
310 return (1);
311
312 err:
313 free(der);
314 return (0);
315}
316LCRYPTO_ALIAS(X509_ocspid_print);
317
318int
319X509_signature_dump(BIO *bp, const ASN1_STRING *sig, int indent)
320{
321 const unsigned char *s;
322 int i, n;
323
324 n = sig->length;
325 s = sig->data;
326 for (i = 0; i < n; i++) {
327 if ((i % 18) == 0) {
328 if (BIO_write(bp, "\n", 1) <= 0)
329 return 0;
330 if (BIO_indent(bp, indent, indent) <= 0)
331 return 0;
332 }
333 if (BIO_printf(bp, "%02x%s", s[i],
334 ((i + 1) == n) ? "" : ":") <= 0)
335 return 0;
336 }
337 if (BIO_write(bp, "\n", 1) != 1)
338 return 0;
339
340 return 1;
341}
342LCRYPTO_ALIAS(X509_signature_dump);
343
344int
345X509_signature_print(BIO *bp, const X509_ALGOR *sigalg, const ASN1_STRING *sig)
346{
347 int sig_nid;
348 if (BIO_puts(bp, " Signature Algorithm: ") <= 0)
349 return 0;
350 if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0)
351 return 0;
352
353 sig_nid = OBJ_obj2nid(sigalg->algorithm);
354 if (sig_nid != NID_undef) {
355 int pkey_nid, dig_nid;
356 const EVP_PKEY_ASN1_METHOD *ameth;
357 if (OBJ_find_sigid_algs(sig_nid, &dig_nid, &pkey_nid)) {
358 ameth = EVP_PKEY_asn1_find(NULL, pkey_nid);
359 if (ameth && ameth->sig_print)
360 return ameth->sig_print(bp, sigalg, sig, 9, 0);
361 }
362 }
363 if (sig)
364 return X509_signature_dump(bp, sig, 9);
365 else if (BIO_puts(bp, "\n") <= 0)
366 return 0;
367 return 1;
368}
369LCRYPTO_ALIAS(X509_signature_print);
370
371int
372ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm)
373{
374 if (tm->type == V_ASN1_UTCTIME)
375 return ASN1_UTCTIME_print(bp, tm);
376 if (tm->type == V_ASN1_GENERALIZEDTIME)
377 return ASN1_GENERALIZEDTIME_print(bp, tm);
378 BIO_write(bp, "Bad time value", 14);
379 return (0);
380}
381LCRYPTO_ALIAS(ASN1_TIME_print);
382
383static const char *mon[12] = {
384 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
385 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
386};
387
388int
389ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm)
390{
391 char *v;
392 int gmt = 0;
393 int i;
394 int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
395 char *f = "";
396 int f_len = 0;
397
398 i = tm->length;
399 v = (char *)tm->data;
400
401 if (i < 12)
402 goto err;
403 if (v[i-1] == 'Z')
404 gmt = 1;
405 for (i = 0; i < 12; i++)
406 if ((v[i] > '9') || (v[i] < '0'))
407 goto err;
408 y = (v[0] - '0') * 1000 + (v[1] - '0') * 100 +
409 (v[2] - '0') * 10 + (v[3] - '0');
410 M = (v[4] - '0') * 10 + (v[5] - '0');
411 if ((M > 12) || (M < 1))
412 goto err;
413 d = (v[6] - '0') * 10 + (v[7] - '0');
414 h = (v[8] - '0') * 10 + (v[9] - '0');
415 m = (v[10] - '0') * 10 + (v[11] - '0');
416 if (tm->length >= 14 &&
417 (v[12] >= '0') && (v[12] <= '9') &&
418 (v[13] >= '0') && (v[13] <= '9')) {
419 s = (v[12] - '0') * 10 + (v[13] - '0');
420 /* Check for fractions of seconds. */
421 if (tm->length >= 15 && v[14] == '.') {
422 int l = tm->length;
423 f = &v[14]; /* The decimal point. */
424 f_len = 1;
425 while (14 + f_len < l && f[f_len] >= '0' &&
426 f[f_len] <= '9')
427 ++f_len;
428 }
429 }
430
431 if (BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s",
432 mon[M - 1], d, h, m, s, f_len, f, y, (gmt) ? " GMT" : "") <= 0)
433 return (0);
434 else
435 return (1);
436
437 err:
438 BIO_write(bp, "Bad time value", 14);
439 return (0);
440}
441LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_print);
442
443int
444ASN1_UTCTIME_print(BIO *bp, const ASN1_UTCTIME *tm)
445{
446 const char *v;
447 int gmt = 0;
448 int i;
449 int y = 0, M = 0, d = 0, h = 0, m = 0, s = 0;
450
451 i = tm->length;
452 v = (const char *)tm->data;
453
454 if (i < 10)
455 goto err;
456 if (v[i-1] == 'Z')
457 gmt = 1;
458 for (i = 0; i < 10; i++)
459 if ((v[i] > '9') || (v[i] < '0'))
460 goto err;
461 y = (v[0] - '0') * 10 + (v[1] - '0');
462 if (y < 50)
463 y += 100;
464 M = (v[2] - '0') * 10 + (v[3] - '0');
465 if ((M > 12) || (M < 1))
466 goto err;
467 d = (v[4] - '0') * 10 + (v[5] - '0');
468 h = (v[6] - '0') * 10 + (v[7] - '0');
469 m = (v[8] - '0') * 10 + (v[9] - '0');
470 if (tm->length >=12 &&
471 (v[10] >= '0') && (v[10] <= '9') &&
472 (v[11] >= '0') && (v[11] <= '9'))
473 s = (v[10] - '0') * 10 + (v[11] - '0');
474
475 if (BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s",
476 mon[M - 1], d, h, m, s, y + 1900, (gmt) ? " GMT" : "") <= 0)
477 return (0);
478 else
479 return (1);
480
481 err:
482 BIO_write(bp, "Bad time value", 14);
483 return (0);
484}
485LCRYPTO_ALIAS(ASN1_UTCTIME_print);
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c
deleted file mode 100644
index 7dbf844cc7..0000000000
--- a/src/lib/libcrypto/asn1/t_x509a.c
+++ /dev/null
@@ -1,119 +0,0 @@
1/* $OpenBSD: t_x509a.c,v 1.13 2023/07/07 19:37:52 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64
65#include "x509_local.h"
66
67/* X509_CERT_AUX and string set routines */
68
69int
70X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent)
71{
72 char oidstr[80], first;
73 int i;
74 if (!aux)
75 return 1;
76 if (aux->trust) {
77 first = 1;
78 BIO_printf(out, "%*sTrusted Uses:\n%*s",
79 indent, "", indent + 2, "");
80 for (i = 0; i < sk_ASN1_OBJECT_num(aux->trust); i++) {
81 if (!first)
82 BIO_puts(out, ", ");
83 else
84 first = 0;
85 OBJ_obj2txt(oidstr, sizeof oidstr,
86 sk_ASN1_OBJECT_value(aux->trust, i), 0);
87 BIO_puts(out, oidstr);
88 }
89 BIO_puts(out, "\n");
90 } else
91 BIO_printf(out, "%*sNo Trusted Uses.\n", indent, "");
92 if (aux->reject) {
93 first = 1;
94 BIO_printf(out, "%*sRejected Uses:\n%*s",
95 indent, "", indent + 2, "");
96 for (i = 0; i < sk_ASN1_OBJECT_num(aux->reject); i++) {
97 if (!first)
98 BIO_puts(out, ", ");
99 else
100 first = 0;
101 OBJ_obj2txt(oidstr, sizeof oidstr,
102 sk_ASN1_OBJECT_value(aux->reject, i), 0);
103 BIO_puts(out, oidstr);
104 }
105 BIO_puts(out, "\n");
106 } else
107 BIO_printf(out, "%*sNo Rejected Uses.\n", indent, "");
108 if (aux->alias)
109 BIO_printf(out, "%*sAlias: %.*s\n", indent, "",
110 aux->alias->length, aux->alias->data);
111 if (aux->keyid) {
112 BIO_printf(out, "%*sKey Id: ", indent, "");
113 for (i = 0; i < aux->keyid->length; i++)
114 BIO_printf(out, "%s%02X", i ? ":" : "",
115 aux->keyid->data[i]);
116 BIO_write(out, "\n", 1);
117 }
118 return 1;
119}
diff --git a/src/lib/libcrypto/asn1/tasn_dec.c b/src/lib/libcrypto/asn1/tasn_dec.c
deleted file mode 100644
index 31b9efee54..0000000000
--- a/src/lib/libcrypto/asn1/tasn_dec.c
+++ /dev/null
@@ -1,1260 +0,0 @@
1/* $OpenBSD: tasn_dec.c,v 1.88 2023/07/28 10:00:10 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <stddef.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/buffer.h>
66#include <openssl/err.h>
67#include <openssl/objects.h>
68
69#include "asn1_local.h"
70#include "bytestring.h"
71
72/*
73 * Constructed types with a recursive definition (such as can be found in PKCS7)
74 * could eventually exceed the stack given malicious input with excessive
75 * recursion. Therefore we limit the stack depth.
76 */
77#define ASN1_MAX_CONSTRUCTED_NEST 30
78
79#ifndef ASN1_MAX_STRING_NEST
80/*
81 * This determines how many levels of recursion are permitted in ASN.1 string
82 * types. If it is not limited stack overflows can occur. If set to zero no
83 * recursion is allowed at all.
84 */
85#define ASN1_MAX_STRING_NEST 5
86#endif
87
88static int asn1_template_d2i(ASN1_VALUE **pval, CBS *cbs,
89 const ASN1_TEMPLATE *at, int optional, int depth);
90
91static int
92asn1_check_eoc(CBS *cbs)
93{
94 uint16_t eoc;
95
96 if (!CBS_peek_u16(cbs, &eoc))
97 return 0;
98 if (eoc != 0)
99 return 0;
100
101 return CBS_skip(cbs, 2);
102}
103
104static int
105asn1_check_tag(CBS *cbs, size_t *out_len, int *out_tag, uint8_t *out_class,
106 int *out_indefinite, int *out_constructed, int expected_tag,
107 int expected_class, int optional)
108{
109 int constructed, indefinite;
110 uint32_t tag_number;
111 uint8_t tag_class;
112 size_t length;
113
114 if (out_len != NULL)
115 *out_len = 0;
116 if (out_tag != NULL)
117 *out_tag = 0;
118 if (out_class != NULL)
119 *out_class = 0;
120 if (out_indefinite != NULL)
121 *out_indefinite = 0;
122 if (out_constructed != NULL)
123 *out_constructed = 0;
124
125 if (!asn1_get_identifier_cbs(cbs, 0, &tag_class, &constructed,
126 &tag_number)) {
127 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
128 return 0;
129 }
130 if (expected_tag >= 0) {
131 if (expected_tag != tag_number ||
132 expected_class != tag_class << 6) {
133 /* Indicate missing type if this is OPTIONAL. */
134 if (optional)
135 return -1;
136
137 ASN1error(ASN1_R_WRONG_TAG);
138 return 0;
139 }
140 }
141 if (!asn1_get_length_cbs(cbs, 0, &indefinite, &length)) {
142 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
143 return 0;
144 }
145
146 /* Indefinite length can only be used with constructed encoding. */
147 if (indefinite && !constructed) {
148 ASN1error(ASN1_R_BAD_OBJECT_HEADER);
149 return 0;
150 }
151
152 if (!indefinite && CBS_len(cbs) < length) {
153 ASN1error(ASN1_R_TOO_LONG);
154 return 0;
155 }
156
157 if (tag_number > INT_MAX) {
158 ASN1error(ASN1_R_TOO_LONG);
159 return 0;
160 }
161
162 if (indefinite)
163 length = CBS_len(cbs);
164
165 if (out_len != NULL)
166 *out_len = length;
167 if (out_tag != NULL)
168 *out_tag = tag_number;
169 if (out_class != NULL)
170 *out_class = tag_class << 6;
171 if (out_indefinite != NULL)
172 *out_indefinite = indefinite;
173 if (out_constructed != NULL)
174 *out_constructed = constructed;
175
176 return 1;
177}
178
179/* Collect the contents from a constructed ASN.1 object. */
180static int
181asn1_collect(CBB *cbb, CBS *cbs, int indefinite, int expected_tag,
182 int expected_class, int depth)
183{
184 int constructed;
185 size_t length;
186 CBS content;
187 int need_eoc;
188
189 if (depth > ASN1_MAX_STRING_NEST) {
190 ASN1error(ASN1_R_NESTED_ASN1_STRING);
191 return 0;
192 }
193
194 need_eoc = indefinite;
195
196 while (CBS_len(cbs) > 0) {
197 if (asn1_check_eoc(cbs)) {
198 if (!need_eoc) {
199 ASN1error(ASN1_R_UNEXPECTED_EOC);
200 return 0;
201 }
202 return 1;
203 }
204 if (!asn1_check_tag(cbs, &length, NULL, NULL, &indefinite,
205 &constructed, expected_tag, expected_class, 0)) {
206 ASN1error(ERR_R_NESTED_ASN1_ERROR);
207 return 0;
208 }
209
210 if (constructed) {
211 if (!asn1_collect(cbb, cbs, indefinite, expected_tag,
212 expected_class, depth + 1))
213 return 0;
214 continue;
215 }
216
217 if (!CBS_get_bytes(cbs, &content, length)) {
218 ASN1error(ERR_R_NESTED_ASN1_ERROR);
219 return 0;
220 }
221 if (!CBB_add_bytes(cbb, CBS_data(&content), CBS_len(&content)))
222 return 0;
223 }
224
225 if (need_eoc) {
226 ASN1error(ASN1_R_MISSING_EOC);
227 return 0;
228 }
229
230 return 1;
231}
232
233/* Find the end of an ASN.1 object. */
234static int
235asn1_find_end(CBS *cbs, size_t length, int indefinite)
236{
237 size_t eoc_count;
238
239 if (!indefinite) {
240 if (!CBS_skip(cbs, length)) {
241 ASN1error(ERR_R_NESTED_ASN1_ERROR);
242 return 0;
243 }
244 return 1;
245 }
246
247 eoc_count = 1;
248
249 while (CBS_len(cbs) > 0) {
250 if (asn1_check_eoc(cbs)) {
251 if (--eoc_count == 0)
252 break;
253 continue;
254 }
255 if (!asn1_check_tag(cbs, &length, NULL, NULL,
256 &indefinite, NULL, -1, 0, 0)) {
257 ASN1error(ERR_R_NESTED_ASN1_ERROR);
258 return 0;
259 }
260 if (indefinite) {
261 eoc_count++;
262 continue;
263 }
264 if (!CBS_skip(cbs, length))
265 return 0;
266 }
267
268 if (eoc_count > 0) {
269 ASN1error(ASN1_R_MISSING_EOC);
270 return 0;
271 }
272
273 return 1;
274}
275
276static int
277asn1_c2i_primitive(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
278{
279 ASN1_BOOLEAN *abool;
280 ASN1_STRING *astr;
281 uint8_t val;
282 int ret = 0;
283
284 if (it->funcs != NULL)
285 goto err;
286
287 if (CBS_len(content) > INT_MAX)
288 goto err;
289
290 switch (utype) {
291 case V_ASN1_OBJECT:
292 if (!c2i_ASN1_OBJECT_cbs((ASN1_OBJECT **)pval, content))
293 goto err;
294 break;
295
296 case V_ASN1_NULL:
297 if (CBS_len(content) != 0) {
298 ASN1error(ASN1_R_NULL_IS_WRONG_LENGTH);
299 goto err;
300 }
301 *pval = (ASN1_VALUE *)1;
302 break;
303
304 case V_ASN1_BOOLEAN:
305 abool = (ASN1_BOOLEAN *)pval;
306 if (CBS_len(content) != 1) {
307 ASN1error(ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
308 goto err;
309 }
310 if (!CBS_get_u8(content, &val))
311 goto err;
312 *abool = val;
313 break;
314
315 case V_ASN1_BIT_STRING:
316 if (!c2i_ASN1_BIT_STRING_cbs((ASN1_BIT_STRING **)pval, content))
317 goto err;
318 break;
319
320 case V_ASN1_ENUMERATED:
321 if (!c2i_ASN1_ENUMERATED_cbs((ASN1_ENUMERATED **)pval, content))
322 goto err;
323 break;
324
325 case V_ASN1_INTEGER:
326 if (!c2i_ASN1_INTEGER_cbs((ASN1_INTEGER **)pval, content))
327 goto err;
328 break;
329
330 case V_ASN1_OCTET_STRING:
331 case V_ASN1_NUMERICSTRING:
332 case V_ASN1_PRINTABLESTRING:
333 case V_ASN1_T61STRING:
334 case V_ASN1_VIDEOTEXSTRING:
335 case V_ASN1_IA5STRING:
336 case V_ASN1_UTCTIME:
337 case V_ASN1_GENERALIZEDTIME:
338 case V_ASN1_GRAPHICSTRING:
339 case V_ASN1_VISIBLESTRING:
340 case V_ASN1_GENERALSTRING:
341 case V_ASN1_UNIVERSALSTRING:
342 case V_ASN1_BMPSTRING:
343 case V_ASN1_UTF8STRING:
344 case V_ASN1_OTHER:
345 case V_ASN1_SET:
346 case V_ASN1_SEQUENCE:
347 default:
348 if (utype == V_ASN1_BMPSTRING && (CBS_len(content) & 1)) {
349 ASN1error(ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
350 goto err;
351 }
352 if (utype == V_ASN1_UNIVERSALSTRING && (CBS_len(content) & 3)) {
353 ASN1error(ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
354 goto err;
355 }
356 if (utype == V_ASN1_UTCTIME || utype == V_ASN1_GENERALIZEDTIME) {
357 if (!asn1_time_parse_cbs(content,
358 utype == V_ASN1_GENERALIZEDTIME, NULL)) {
359 ASN1error(ASN1_R_INVALID_TIME_FORMAT);
360 goto err;
361 }
362 }
363 /* All based on ASN1_STRING and handled the same way. */
364 if (*pval != NULL) {
365 ASN1_STRING_free((ASN1_STRING *)*pval);
366 *pval = NULL;
367 }
368 if ((astr = ASN1_STRING_type_new(utype)) == NULL) {
369 ASN1error(ERR_R_MALLOC_FAILURE);
370 goto err;
371 }
372 if (!ASN1_STRING_set(astr, CBS_data(content), CBS_len(content))) {
373 ASN1_STRING_free(astr);
374 goto err;
375 }
376 *pval = (ASN1_VALUE *)astr;
377 break;
378 }
379
380 ret = 1;
381
382 err:
383 return ret;
384}
385
386static int
387asn1_c2i_any(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
388{
389 ASN1_TYPE *atype;
390
391 if (it->utype != V_ASN1_ANY || it->funcs != NULL)
392 return 0;
393
394 if (*pval != NULL) {
395 ASN1_TYPE_free((ASN1_TYPE *)*pval);
396 *pval = NULL;
397 }
398
399 if ((atype = ASN1_TYPE_new()) == NULL)
400 return 0;
401
402 if (!asn1_c2i_primitive(&atype->value.asn1_value, content, utype, it)) {
403 ASN1_TYPE_free(atype);
404 return 0;
405 }
406 atype->type = utype;
407
408 /* Fix up value for ASN.1 NULL. */
409 if (atype->type == V_ASN1_NULL)
410 atype->value.ptr = NULL;
411
412 *pval = (ASN1_VALUE *)atype;
413
414 return 1;
415}
416
417static int
418asn1_c2i(ASN1_VALUE **pval, CBS *content, int utype, const ASN1_ITEM *it)
419{
420 if (CBS_len(content) > INT_MAX)
421 return 0;
422
423 if (it->funcs != NULL) {
424 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
425 char free_content = 0;
426
427 if (pf->prim_c2i == NULL)
428 return 0;
429
430 return pf->prim_c2i(pval, CBS_data(content), CBS_len(content),
431 utype, &free_content, it);
432 }
433
434 if (it->utype == V_ASN1_ANY)
435 return asn1_c2i_any(pval, content, utype, it);
436
437 return asn1_c2i_primitive(pval, content, utype, it);
438}
439
440/*
441 * Decode ASN.1 content into a primitive type. There are three possible forms -
442 * a SEQUENCE/SET/OTHER that is stored verbatim (including the ASN.1 tag and
443 * length octets), constructed objects and non-constructed objects. In the
444 * first two cases indefinite length is permitted, which we may need to handle.
445 * When this function is called the *cbs should reference the start of the
446 * ASN.1 object (i.e. the tag/length header), while *cbs_object should
447 * reference the start of the object contents (i.e. after the tag/length
448 * header. Additionally, the *cbs_object offset should be relative to the
449 * ASN.1 object being parsed. On success the *cbs will point at the octet
450 * after the object.
451 */
452static int
453asn1_d2i_primitive_content(ASN1_VALUE **pval, CBS *cbs, CBS *cbs_object,
454 int utype, int constructed, int indefinite, size_t length,
455 const ASN1_ITEM *it)
456{
457 CBS cbs_content, cbs_initial;
458 uint8_t *data = NULL;
459 size_t data_len = 0;
460 CBB cbb;
461 int ret = 0;
462
463 memset(&cbb, 0, sizeof(cbb));
464
465 CBS_dup(cbs, &cbs_initial);
466 CBS_init(&cbs_content, NULL, 0);
467
468 if (asn1_must_be_constructed(utype) && !constructed) {
469 ASN1error(ASN1_R_TYPE_NOT_CONSTRUCTED);
470 goto err;
471 }
472 if (asn1_must_be_primitive(utype) && constructed) {
473 ASN1error(ASN1_R_TYPE_NOT_PRIMITIVE);
474 goto err;
475 }
476
477 /* SEQUENCE, SET and "OTHER" are left in encoded form. */
478 if (utype == V_ASN1_SEQUENCE || utype == V_ASN1_SET ||
479 utype == V_ASN1_OTHER) {
480 if (!asn1_find_end(cbs_object, length, indefinite))
481 goto err;
482 if (!CBS_get_bytes(&cbs_initial, &cbs_content,
483 CBS_offset(cbs_object)))
484 goto err;
485 } else if (constructed) {
486 /*
487 * Should really check the internal tags are correct but
488 * some things may get this wrong. The relevant specs
489 * say that constructed string types should be OCTET STRINGs
490 * internally irrespective of the type. So instead just check
491 * for UNIVERSAL class and ignore the tag.
492 */
493 if (!CBB_init(&cbb, 0))
494 goto err;
495 if (!asn1_collect(&cbb, cbs_object, indefinite, -1,
496 V_ASN1_UNIVERSAL, 0))
497 goto err;
498 if (!CBB_finish(&cbb, &data, &data_len))
499 goto err;
500
501 CBS_init(&cbs_content, data, data_len);
502 } else {
503 if (!CBS_get_bytes(cbs_object, &cbs_content, length))
504 goto err;
505 }
506
507 if (!asn1_c2i(pval, &cbs_content, utype, it))
508 goto err;
509
510 if (!CBS_skip(cbs, CBS_offset(cbs_object)))
511 goto err;
512
513 ret = 1;
514
515 err:
516 CBB_cleanup(&cbb);
517 freezero(data, data_len);
518
519 return ret;
520}
521
522static int
523asn1_d2i_any(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
524 int tag_number, int tag_class, int optional)
525{
526 int constructed, indefinite;
527 uint8_t object_class;
528 int object_type;
529 CBS cbs_object;
530 size_t length;
531
532 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
533
534 if (it->utype != V_ASN1_ANY)
535 return 0;
536
537 if (tag_number >= 0) {
538 ASN1error(ASN1_R_ILLEGAL_TAGGED_ANY);
539 return 0;
540 }
541 if (optional) {
542 ASN1error(ASN1_R_ILLEGAL_OPTIONAL_ANY);
543 return 0;
544 }
545
546 /* Determine type from ASN.1 tag. */
547 if (asn1_check_tag(&cbs_object, &length, &object_type, &object_class,
548 &indefinite, &constructed, -1, 0, 0) != 1) {
549 ASN1error(ERR_R_NESTED_ASN1_ERROR);
550 return 0;
551 }
552 if (object_class != V_ASN1_UNIVERSAL)
553 object_type = V_ASN1_OTHER;
554
555 return asn1_d2i_primitive_content(pval, cbs, &cbs_object, object_type,
556 constructed, indefinite, length, it);
557}
558
559static int
560asn1_d2i_mstring(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
561 int tag_number, int tag_class, int optional)
562{
563 int constructed, indefinite;
564 uint8_t object_class;
565 int object_tag;
566 CBS cbs_object;
567 size_t length;
568
569 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
570
571 /*
572 * It never makes sense for multi-strings to have implicit tagging, so
573 * if tag_number != -1, then this looks like an error in the template.
574 */
575 if (tag_number != -1) {
576 ASN1error(ASN1_R_BAD_TEMPLATE);
577 return 0;
578 }
579
580 if (asn1_check_tag(&cbs_object, &length, &object_tag, &object_class,
581 &indefinite, &constructed, -1, 0, 1) != 1) {
582 ASN1error(ERR_R_NESTED_ASN1_ERROR);
583 return 0;
584 }
585
586 /* Class must be UNIVERSAL. */
587 if (object_class != V_ASN1_UNIVERSAL) {
588 if (optional)
589 return -1;
590 ASN1error(ASN1_R_MSTRING_NOT_UNIVERSAL);
591 return 0;
592 }
593 /* Check tag matches bit map. */
594 if ((ASN1_tag2bit(object_tag) & it->utype) == 0) {
595 if (optional)
596 return -1;
597 ASN1error(ASN1_R_MSTRING_WRONG_TAG);
598 return 0;
599 }
600
601 return asn1_d2i_primitive_content(pval, cbs, &cbs_object,
602 object_tag, constructed, indefinite, length, it);
603}
604
605static int
606asn1_d2i_primitive(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
607 int tag_number, int tag_class, int optional)
608{
609 CBS cbs_object;
610 int constructed, indefinite;
611 int utype = it->utype;
612 size_t length;
613 int ret;
614
615 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
616
617 if (it->itype == ASN1_ITYPE_MSTRING)
618 return 0;
619
620 if (it->utype == V_ASN1_ANY)
621 return asn1_d2i_any(pval, cbs, it, tag_number, tag_class, optional);
622
623 if (tag_number == -1) {
624 tag_number = it->utype;
625 tag_class = V_ASN1_UNIVERSAL;
626 }
627
628 ret = asn1_check_tag(&cbs_object, &length, NULL, NULL, &indefinite,
629 &constructed, tag_number, tag_class, optional);
630 if (ret == -1)
631 return -1;
632 if (ret != 1) {
633 ASN1error(ERR_R_NESTED_ASN1_ERROR);
634 return 0;
635 }
636
637 return asn1_d2i_primitive_content(pval, cbs, &cbs_object, utype,
638 constructed, indefinite, length, it);
639}
640
641static int
642asn1_item_d2i_choice(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
643 int tag_number, int tag_class, int optional, int depth)
644{
645 const ASN1_TEMPLATE *at, *errat = NULL;
646 const ASN1_AUX *aux;
647 ASN1_aux_cb *asn1_cb = NULL;
648 ASN1_VALUE *achoice = NULL;
649 ASN1_VALUE **pchptr;
650 int i, ret;
651
652 if ((aux = it->funcs) != NULL)
653 asn1_cb = aux->asn1_cb;
654
655 if (it->itype != ASN1_ITYPE_CHOICE)
656 goto err;
657
658 /*
659 * It never makes sense for CHOICE types to have implicit tagging, so
660 * if tag_number != -1, then this looks like an error in the template.
661 */
662 if (tag_number != -1) {
663 ASN1error(ASN1_R_BAD_TEMPLATE);
664 goto err;
665 }
666
667 if (*pval != NULL) {
668 ASN1_item_ex_free(pval, it);
669 *pval = NULL;
670 }
671
672 if (!ASN1_item_ex_new(&achoice, it)) {
673 ASN1error(ERR_R_NESTED_ASN1_ERROR);
674 goto err;
675 }
676
677 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &achoice, it, NULL)) {
678 ASN1error(ASN1_R_AUX_ERROR);
679 goto err;
680 }
681
682 /* Try each possible CHOICE in turn. */
683 for (i = 0; i < it->tcount; i++) {
684 at = &it->templates[i];
685
686 pchptr = asn1_get_field_ptr(&achoice, at);
687
688 /* Mark field as OPTIONAL so its absence can be identified. */
689 ret = asn1_template_d2i(pchptr, cbs, at, 1, depth);
690 if (ret == -1)
691 continue;
692 if (ret != 1) {
693 ASN1error(ERR_R_NESTED_ASN1_ERROR);
694 errat = at;
695 goto err;
696 }
697
698 /* We've successfully decoded an ASN.1 object. */
699 asn1_set_choice_selector(&achoice, i, it);
700 break;
701 }
702
703 /* Did we fall off the end without reading anything? */
704 if (i == it->tcount) {
705 if (optional) {
706 ASN1_item_ex_free(&achoice, it);
707 return -1;
708 }
709 ASN1error(ASN1_R_NO_MATCHING_CHOICE_TYPE);
710 goto err;
711 }
712
713 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &achoice, it, NULL)) {
714 ASN1error(ASN1_R_AUX_ERROR);
715 goto err;
716 }
717
718 *pval = achoice;
719 achoice = NULL;
720
721 return 1;
722
723 err:
724 ASN1_item_ex_free(&achoice, it);
725
726 if (errat != NULL)
727 ERR_asprintf_error_data("Field=%s, Type=%s", errat->field_name,
728 it->sname);
729 else
730 ERR_asprintf_error_data("Type=%s", it->sname);
731
732 return 0;
733}
734
735static int
736asn1_item_d2i_sequence(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
737 int tag_number, int tag_class, int optional, int depth)
738{
739 CBS cbs_seq, cbs_seq_content, cbs_object;
740 int constructed, indefinite, optional_field;
741 const ASN1_TEMPLATE *errat = NULL;
742 const ASN1_TEMPLATE *seqat, *at;
743 ASN1_aux_cb *asn1_cb = NULL;
744 const ASN1_AUX *aux;
745 ASN1_VALUE *aseq = NULL;
746 ASN1_VALUE **pseqval;
747 int eoc_needed, i;
748 size_t length;
749 int ret = 0;
750
751 CBS_init(&cbs_seq, CBS_data(cbs), CBS_len(cbs));
752
753 if ((aux = it->funcs) != NULL)
754 asn1_cb = aux->asn1_cb;
755
756 if (it->itype != ASN1_ITYPE_NDEF_SEQUENCE &&
757 it->itype != ASN1_ITYPE_SEQUENCE)
758 goto err;
759
760 if (*pval != NULL) {
761 ASN1_item_ex_free(pval, it);
762 *pval = NULL;
763 }
764
765 /* If no IMPLICIT tagging use UNIVERSAL/SEQUENCE. */
766 if (tag_number == -1) {
767 tag_class = V_ASN1_UNIVERSAL;
768 tag_number = V_ASN1_SEQUENCE;
769 }
770
771 /* Read ASN.1 SEQUENCE header. */
772 ret = asn1_check_tag(&cbs_seq, &length, NULL, NULL, &indefinite,
773 &constructed, tag_number, tag_class, optional);
774 if (ret == -1)
775 return -1;
776 if (ret != 1) {
777 ASN1error(ERR_R_NESTED_ASN1_ERROR);
778 goto err;
779 }
780
781 if (!constructed) {
782 ASN1error(ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
783 goto err;
784 }
785
786 if (indefinite) {
787 eoc_needed = 1;
788 CBS_init(&cbs_seq_content, CBS_data(&cbs_seq), CBS_len(&cbs_seq));
789 } else {
790 eoc_needed = 0;
791 if (!CBS_get_bytes(&cbs_seq, &cbs_seq_content, length))
792 goto err;
793 }
794
795 if (!ASN1_item_ex_new(&aseq, it)) {
796 ASN1error(ERR_R_NESTED_ASN1_ERROR);
797 goto err;
798 }
799
800 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_PRE, &aseq, it, NULL)) {
801 ASN1error(ASN1_R_AUX_ERROR);
802 goto err;
803 }
804
805 for (i = 0; i < it->tcount; i++) {
806 at = &it->templates[i];
807
808 if (asn1_check_eoc(&cbs_seq_content)) {
809 if (!indefinite) {
810 ASN1error(ASN1_R_UNEXPECTED_EOC);
811 goto err;
812 }
813 eoc_needed = 0;
814 break;
815 }
816 if (CBS_len(&cbs_seq_content) == 0)
817 break;
818
819 if ((seqat = asn1_do_adb(&aseq, at, 1)) == NULL)
820 goto err;
821
822 pseqval = asn1_get_field_ptr(&aseq, seqat);
823
824 /*
825 * This was originally implemented to "increase efficiency",
826 * however it currently needs to remain since it papers over
827 * the use of ASN.1 ANY with OPTIONAL in SEQUENCEs (which
828 * asn1_d2i_primitive() currently rejects).
829 */
830 optional_field = (seqat->flags & ASN1_TFLG_OPTIONAL) != 0;
831 if (i == it->tcount - 1)
832 optional_field = 0;
833
834 ret = asn1_template_d2i(pseqval, &cbs_seq_content,
835 seqat, optional_field, depth);
836 if (ret == -1) {
837 /* Absent OPTIONAL component. */
838 ASN1_template_free(pseqval, seqat);
839 continue;
840 }
841 if (ret != 1) {
842 errat = seqat;
843 goto err;
844 }
845 }
846
847 if (eoc_needed && !asn1_check_eoc(&cbs_seq_content)) {
848 ASN1error(ASN1_R_MISSING_EOC);
849 goto err;
850 }
851
852 if (indefinite) {
853 if (!CBS_skip(&cbs_seq, CBS_offset(&cbs_seq_content)))
854 goto err;
855 } else if (CBS_len(&cbs_seq_content) != 0) {
856 ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH);
857 goto err;
858 }
859
860 /*
861 * There is no more data in the ASN.1 SEQUENCE, however we may not have
862 * populated all fields - check that any remaining are OPTIONAL.
863 */
864 for (; i < it->tcount; i++) {
865 at = &it->templates[i];
866
867 if ((seqat = asn1_do_adb(&aseq, at, 1)) == NULL)
868 goto err;
869
870 if ((seqat->flags & ASN1_TFLG_OPTIONAL) == 0) {
871 ASN1error(ASN1_R_FIELD_MISSING);
872 errat = seqat;
873 goto err;
874 }
875
876 /* XXX - this is probably unnecessary with earlier free. */
877 pseqval = asn1_get_field_ptr(&aseq, seqat);
878 ASN1_template_free(pseqval, seqat);
879 }
880
881 if (!CBS_get_bytes(cbs, &cbs_object, CBS_offset(&cbs_seq)))
882 goto err;
883
884 if (!asn1_enc_save(&aseq, &cbs_object, it)) {
885 ASN1error(ERR_R_MALLOC_FAILURE);
886 goto err;
887 }
888
889 if (asn1_cb != NULL && !asn1_cb(ASN1_OP_D2I_POST, &aseq, it, NULL)) {
890 ASN1error(ASN1_R_AUX_ERROR);
891 goto err;
892 }
893
894 *pval = aseq;
895 aseq = NULL;
896
897 return 1;
898
899 err:
900 ASN1_item_ex_free(&aseq, it);
901
902 if (errat != NULL)
903 ERR_asprintf_error_data("Field=%s, Type=%s", errat->field_name,
904 it->sname);
905 else
906 ERR_asprintf_error_data("Type=%s", it->sname);
907
908 return 0;
909}
910
911static int
912asn1_item_d2i_extern(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
913 int tag_number, int tag_class, int optional)
914{
915 const ASN1_EXTERN_FUNCS *ef = it->funcs;
916 const unsigned char *p = NULL;
917 ASN1_TLC ctx = { 0 };
918 int ret = 0;
919
920 if (CBS_len(cbs) > LONG_MAX)
921 return 0;
922
923 p = CBS_data(cbs);
924
925 if ((ret = ef->asn1_ex_d2i(pval, &p, (long)CBS_len(cbs), it,
926 tag_number, tag_class, optional, &ctx)) == 1) {
927 if (!CBS_skip(cbs, p - CBS_data(cbs)))
928 goto err;
929 }
930 return ret;
931
932 err:
933 ASN1_item_ex_free(pval, it);
934
935 ERR_asprintf_error_data("Type=%s", it->sname);
936
937 return 0;
938}
939
940static int
941asn1_item_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it,
942 int tag_number, int tag_class, int optional, int depth)
943{
944 if (pval == NULL)
945 return 0;
946
947 if (++depth > ASN1_MAX_CONSTRUCTED_NEST) {
948 ASN1error(ASN1_R_NESTED_TOO_DEEP);
949 goto err;
950 }
951
952 switch (it->itype) {
953 case ASN1_ITYPE_PRIMITIVE:
954 if (it->templates != NULL) {
955 /*
956 * Tagging or OPTIONAL is currently illegal on an item
957 * template because the flags can't get passed down.
958 * In practice this isn't a problem: we include the
959 * relevant flags from the item template in the
960 * template itself.
961 */
962 if (tag_number != -1 || optional) {
963 ASN1error(ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
964 goto err;
965 }
966 return asn1_template_d2i(pval, cbs, it->templates,
967 optional, depth);
968 }
969 return asn1_d2i_primitive(pval, cbs, it, tag_number, tag_class,
970 optional);
971
972 case ASN1_ITYPE_MSTRING:
973 return asn1_d2i_mstring(pval, cbs, it, tag_number, tag_class,
974 optional);
975
976 case ASN1_ITYPE_EXTERN:
977 return asn1_item_d2i_extern(pval, cbs, it, tag_number,
978 tag_class, optional);
979
980 case ASN1_ITYPE_CHOICE:
981 return asn1_item_d2i_choice(pval, cbs, it, tag_number,
982 tag_class, optional, depth);
983
984 case ASN1_ITYPE_NDEF_SEQUENCE:
985 case ASN1_ITYPE_SEQUENCE:
986 return asn1_item_d2i_sequence(pval, cbs, it, tag_number,
987 tag_class, optional, depth);
988
989 default:
990 return 0;
991 }
992
993 err:
994 ASN1_item_ex_free(pval, it);
995
996 ERR_asprintf_error_data("Type=%s", it->sname);
997
998 return 0;
999}
1000
1001static void
1002asn1_template_stack_of_free(STACK_OF(ASN1_VALUE) *avals,
1003 const ASN1_TEMPLATE *at)
1004{
1005 ASN1_VALUE *aval;
1006
1007 if (avals == NULL)
1008 return;
1009
1010 while (sk_ASN1_VALUE_num(avals) > 0) {
1011 aval = sk_ASN1_VALUE_pop(avals);
1012 ASN1_item_ex_free(&aval, at->item);
1013 }
1014 sk_ASN1_VALUE_free(avals);
1015}
1016
1017static int
1018asn1_template_stack_of_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at,
1019 int optional, int depth)
1020{
1021 CBS cbs_object, cbs_object_content;
1022 STACK_OF(ASN1_VALUE) *avals = NULL;
1023 ASN1_VALUE *aval = NULL;
1024 int tag_number, tag_class;
1025 int eoc_needed;
1026 int indefinite;
1027 size_t length;
1028 int ret;
1029
1030 CBS_init(&cbs_object, CBS_data(cbs), CBS_len(cbs));
1031
1032 if (pval == NULL)
1033 return 0;
1034
1035 asn1_template_stack_of_free((STACK_OF(ASN1_VALUE) *)*pval, at);
1036 *pval = NULL;
1037
1038 tag_number = at->tag;
1039 tag_class = at->flags & ASN1_TFLG_TAG_CLASS;
1040
1041 /* Determine the inner tag value for SET OF or SEQUENCE OF. */
1042 if ((at->flags & ASN1_TFLG_IMPTAG) == 0) {
1043 tag_number = V_ASN1_SEQUENCE;
1044 tag_class = V_ASN1_UNIVERSAL;
1045 if ((at->flags & ASN1_TFLG_SET_OF) != 0)
1046 tag_number = V_ASN1_SET;
1047 }
1048
1049 ret = asn1_check_tag(&cbs_object, &length, NULL, NULL, &indefinite,
1050 NULL, tag_number, tag_class, optional);
1051 if (ret == -1)
1052 return -1;
1053 if (ret != 1) {
1054 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1055 return 0;
1056 }
1057
1058 if (indefinite) {
1059 eoc_needed = 1;
1060 CBS_init(&cbs_object_content, CBS_data(&cbs_object),
1061 CBS_len(&cbs_object));
1062 } else {
1063 eoc_needed = 0;
1064 if (!CBS_get_bytes(&cbs_object, &cbs_object_content,
1065 length))
1066 goto err;
1067 }
1068
1069 if ((avals = sk_ASN1_VALUE_new_null()) == NULL) {
1070 ASN1error(ERR_R_MALLOC_FAILURE);
1071 goto err;
1072 }
1073
1074 /* Read as many items as possible. */
1075 while (CBS_len(&cbs_object_content) > 0) {
1076 if (asn1_check_eoc(&cbs_object_content)) {
1077 if (!eoc_needed) {
1078 ASN1error(ASN1_R_UNEXPECTED_EOC);
1079 goto err;
1080 }
1081 eoc_needed = 0;
1082 break;
1083 }
1084 if (!asn1_item_d2i(&aval, &cbs_object_content, at->item, -1, 0,
1085 0, depth)) {
1086 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1087 goto err;
1088 }
1089 if (!sk_ASN1_VALUE_push(avals, aval)) {
1090 ASN1error(ERR_R_MALLOC_FAILURE);
1091 goto err;
1092 }
1093 aval = NULL;
1094 }
1095 if (eoc_needed) {
1096 ASN1error(ASN1_R_MISSING_EOC);
1097 goto err;
1098 }
1099
1100 if (indefinite) {
1101 if (!CBS_skip(&cbs_object, CBS_offset(&cbs_object_content)))
1102 goto err;
1103 }
1104
1105 if (!CBS_skip(cbs, CBS_offset(&cbs_object)))
1106 goto err;
1107
1108 *pval = (ASN1_VALUE *)avals;
1109 avals = NULL;
1110
1111 return 1;
1112
1113 err:
1114 asn1_template_stack_of_free(avals, at);
1115 ASN1_item_ex_free(&aval, at->item);
1116
1117 return 0;
1118}
1119
1120static int
1121asn1_template_noexp_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at,
1122 int optional, int depth)
1123{
1124 int tag_number, tag_class;
1125 int ret;
1126
1127 if (pval == NULL)
1128 return 0;
1129
1130 if ((at->flags & ASN1_TFLG_SK_MASK) != 0)
1131 return asn1_template_stack_of_d2i(pval, cbs, at, optional, depth);
1132
1133 tag_number = -1;
1134 tag_class = V_ASN1_UNIVERSAL;
1135
1136 /* See if we need to use IMPLICIT tagging. */
1137 if ((at->flags & ASN1_TFLG_IMPTAG) != 0) {
1138 tag_number = at->tag;
1139 tag_class = at->flags & ASN1_TFLG_TAG_CLASS;
1140 }
1141
1142 ret = asn1_item_d2i(pval, cbs, at->item, tag_number, tag_class,
1143 optional, depth);
1144 if (ret == -1)
1145 return -1;
1146 if (ret != 1) {
1147 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1148 goto err;
1149 }
1150
1151 return 1;
1152
1153 err:
1154 /* XXX - The called function should have freed already. */
1155 ASN1_template_free(pval, at);
1156 return 0;
1157}
1158
1159static int
1160asn1_template_d2i(ASN1_VALUE **pval, CBS *cbs, const ASN1_TEMPLATE *at,
1161 int optional, int depth)
1162{
1163 CBS cbs_exp, cbs_exp_content;
1164 int constructed, indefinite;
1165 size_t length;
1166 int ret;
1167
1168 if (pval == NULL)
1169 return 0;
1170
1171 /* Check if EXPLICIT tag is expected. */
1172 if ((at->flags & ASN1_TFLG_EXPTAG) == 0)
1173 return asn1_template_noexp_d2i(pval, cbs, at, optional, depth);
1174
1175 CBS_init(&cbs_exp, CBS_data(cbs), CBS_len(cbs));
1176
1177 /* Read ASN.1 header for EXPLICIT tagged object. */
1178 ret = asn1_check_tag(&cbs_exp, &length, NULL, NULL, &indefinite,
1179 &constructed, at->tag, at->flags & ASN1_TFLG_TAG_CLASS, optional);
1180 if (ret == -1)
1181 return -1;
1182 if (ret != 1) {
1183 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1184 return 0;
1185 }
1186
1187 if (!constructed) {
1188 ASN1error(ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
1189 return 0;
1190 }
1191
1192 if (indefinite) {
1193 CBS_init(&cbs_exp_content, CBS_data(&cbs_exp), CBS_len(&cbs_exp));
1194 } else {
1195 if (!CBS_get_bytes(&cbs_exp, &cbs_exp_content, length))
1196 goto err;
1197 }
1198
1199 if ((ret = asn1_template_noexp_d2i(pval, &cbs_exp_content, at, 0,
1200 depth)) != 1) {
1201 ASN1error(ERR_R_NESTED_ASN1_ERROR);
1202 return 0;
1203 }
1204
1205 if (indefinite) {
1206 if (!asn1_check_eoc(&cbs_exp_content)) {
1207 ASN1error(ASN1_R_MISSING_EOC);
1208 goto err;
1209 }
1210 if (!CBS_skip(&cbs_exp, CBS_offset(&cbs_exp_content)))
1211 goto err;
1212 } else if (CBS_len(&cbs_exp_content) != 0) {
1213 ASN1error(ASN1_R_SEQUENCE_LENGTH_MISMATCH);
1214 goto err;
1215 }
1216
1217 if (!CBS_skip(cbs, CBS_offset(&cbs_exp)))
1218 goto err;
1219
1220 return 1;
1221
1222 err:
1223 ASN1_template_free(pval, at);
1224 return 0;
1225}
1226
1227ASN1_VALUE *
1228ASN1_item_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
1229 const ASN1_ITEM *it)
1230{
1231 ASN1_VALUE *ptmpval = NULL;
1232
1233 if (pval == NULL)
1234 pval = &ptmpval;
1235 if (ASN1_item_ex_d2i(pval, in, inlen, it, -1, 0, 0, NULL) <= 0)
1236 return NULL;
1237
1238 return *pval;
1239}
1240LCRYPTO_ALIAS(ASN1_item_d2i);
1241
1242int
1243ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long inlen,
1244 const ASN1_ITEM *it, int tag_number, int tag_class, char optional,
1245 ASN1_TLC *ctx)
1246{
1247 CBS cbs;
1248 int ret;
1249
1250 if (inlen < 0)
1251 return 0;
1252
1253 CBS_init(&cbs, *in, inlen);
1254 if ((ret = asn1_item_d2i(pval, &cbs, it, tag_number, tag_class,
1255 (int)optional, 0)) == 1)
1256 *in = CBS_data(&cbs);
1257
1258 return ret;
1259}
1260LCRYPTO_ALIAS(ASN1_item_ex_d2i);
diff --git a/src/lib/libcrypto/asn1/tasn_enc.c b/src/lib/libcrypto/asn1/tasn_enc.c
deleted file mode 100644
index b71993a139..0000000000
--- a/src/lib/libcrypto/asn1/tasn_enc.c
+++ /dev/null
@@ -1,682 +0,0 @@
1/* $OpenBSD: tasn_enc.c,v 1.33 2023/07/28 10:00:10 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stddef.h>
60#include <string.h>
61
62#include <openssl/asn1.h>
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/objects.h>
66
67#include "asn1_local.h"
68
69static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
70 const ASN1_ITEM *it, int tag, int aclass);
71static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out,
72 int skcontlen, const ASN1_ITEM *item, int do_sort, int iclass);
73static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
74 const ASN1_TEMPLATE *tt, int tag, int aclass);
75static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out,
76 const ASN1_ITEM *it, int flags);
77static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
78 const ASN1_ITEM *it);
79
80/* Top level i2d equivalents: the 'ndef' variant instructs the encoder
81 * to use indefinite length constructed encoding, where appropriate
82 */
83
84int
85ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
86{
87 return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF);
88}
89
90int
91ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it)
92{
93 return asn1_item_flags_i2d(val, out, it, 0);
94}
95LCRYPTO_ALIAS(ASN1_item_i2d);
96
97/* Encode an ASN1 item, this is use by the
98 * standard 'i2d' function. 'out' points to
99 * a buffer to output the data to.
100 *
101 * The new i2d has one additional feature. If the output
102 * buffer is NULL (i.e. *out == NULL) then a buffer is
103 * allocated and populated with the encoding.
104 */
105
106static int
107asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it,
108 int flags)
109{
110 unsigned char *p, *buf;
111 int len;
112
113 if (out == NULL || *out != NULL)
114 return ASN1_item_ex_i2d(&val, out, it, -1, flags);
115
116 if ((len = ASN1_item_ex_i2d(&val, NULL, it, -1, flags)) <= 0)
117 return len;
118
119 if ((buf = calloc(1, len)) == NULL)
120 return -1;
121
122 p = buf;
123 if (ASN1_item_ex_i2d(&val, &p, it, -1, flags) != len) {
124 freezero(buf, len);
125 ASN1error(ASN1_R_LENGTH_ERROR);
126 return -1;
127 }
128
129 *out = buf;
130
131 return len;
132}
133
134/* Encode an item, taking care of IMPLICIT tagging (if any).
135 * This function performs the normal item handling: it can be
136 * used in external types.
137 */
138
139int
140ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
141 int tag, int aclass)
142{
143 const ASN1_TEMPLATE *tt = NULL;
144 int i, seqcontlen, seqlen, ndef = 1;
145 const ASN1_EXTERN_FUNCS *ef;
146 const ASN1_AUX *aux = it->funcs;
147 ASN1_aux_cb *asn1_cb = NULL;
148
149 if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval)
150 return 0;
151
152 if (aux && aux->asn1_cb)
153 asn1_cb = aux->asn1_cb;
154
155 switch (it->itype) {
156
157 case ASN1_ITYPE_PRIMITIVE:
158 if (it->templates)
159 return asn1_template_ex_i2d(pval, out, it->templates,
160 tag, aclass);
161 return asn1_i2d_ex_primitive(pval, out, it, tag, aclass);
162 break;
163
164 case ASN1_ITYPE_MSTRING:
165 /*
166 * It never makes sense for multi-strings to have implicit
167 * tagging, so if tag != -1, then this looks like an error in
168 * the template.
169 */
170 if (tag != -1) {
171 ASN1error(ASN1_R_BAD_TEMPLATE);
172 return 0;
173 }
174 return asn1_i2d_ex_primitive(pval, out, it, -1, aclass);
175
176 case ASN1_ITYPE_CHOICE:
177 /*
178 * It never makes sense for CHOICE types to have implicit
179 * tagging, so if tag != -1, then this looks like an error in
180 * the template.
181 */
182 if (tag != -1) {
183 ASN1error(ASN1_R_BAD_TEMPLATE);
184 return 0;
185 }
186 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
187 return 0;
188 i = asn1_get_choice_selector(pval, it);
189 if ((i >= 0) && (i < it->tcount)) {
190 ASN1_VALUE **pchval;
191 const ASN1_TEMPLATE *chtt;
192 chtt = it->templates + i;
193 pchval = asn1_get_field_ptr(pval, chtt);
194 return asn1_template_ex_i2d(pchval, out, chtt,
195 -1, aclass);
196 }
197 /* Fixme: error condition if selector out of range */
198 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
199 return 0;
200 break;
201
202 case ASN1_ITYPE_EXTERN:
203 /* If new style i2d it does all the work */
204 ef = it->funcs;
205 return ef->asn1_ex_i2d(pval, out, it, tag, aclass);
206
207 case ASN1_ITYPE_NDEF_SEQUENCE:
208 /* Use indefinite length constructed if requested */
209 if (aclass & ASN1_TFLG_NDEF)
210 ndef = 2;
211 /* fall through */
212
213 case ASN1_ITYPE_SEQUENCE:
214 i = asn1_enc_restore(&seqcontlen, out, pval, it);
215 /* An error occurred */
216 if (i < 0)
217 return 0;
218 /* We have a valid cached encoding... */
219 if (i > 0)
220 return seqcontlen;
221 /* Otherwise carry on */
222 seqcontlen = 0;
223 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
224 if (tag == -1) {
225 tag = V_ASN1_SEQUENCE;
226 /* Retain any other flags in aclass */
227 aclass = (aclass & ~ASN1_TFLG_TAG_CLASS) |
228 V_ASN1_UNIVERSAL;
229 }
230 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL))
231 return 0;
232 /* First work out sequence content length */
233 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
234 const ASN1_TEMPLATE *seqtt;
235 ASN1_VALUE **pseqval;
236 seqtt = asn1_do_adb(pval, tt, 1);
237 if (!seqtt)
238 return 0;
239 pseqval = asn1_get_field_ptr(pval, seqtt);
240 /* FIXME: check for errors in enhanced version */
241 seqcontlen += asn1_template_ex_i2d(pseqval, NULL, seqtt,
242 -1, aclass);
243 }
244
245 seqlen = ASN1_object_size(ndef, seqcontlen, tag);
246 if (!out)
247 return seqlen;
248 /* Output SEQUENCE header */
249 ASN1_put_object(out, ndef, seqcontlen, tag, aclass);
250 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
251 const ASN1_TEMPLATE *seqtt;
252 ASN1_VALUE **pseqval;
253 seqtt = asn1_do_adb(pval, tt, 1);
254 if (!seqtt)
255 return 0;
256 pseqval = asn1_get_field_ptr(pval, seqtt);
257 /* FIXME: check for errors in enhanced version */
258 asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass);
259 }
260 if (ndef == 2)
261 ASN1_put_eoc(out);
262 if (asn1_cb && !asn1_cb(ASN1_OP_I2D_POST, pval, it, NULL))
263 return 0;
264 return seqlen;
265
266 default:
267 return 0;
268
269 }
270 return 0;
271}
272LCRYPTO_ALIAS(ASN1_item_ex_i2d);
273
274static int
275asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out,
276 const ASN1_TEMPLATE *tt, int tag, int iclass)
277{
278 int i, ret, flags, ttag, tclass, ndef;
279 flags = tt->flags;
280 /* Work out tag and class to use: tagging may come
281 * either from the template or the arguments, not both
282 * because this would create ambiguity. Additionally
283 * the iclass argument may contain some additional flags
284 * which should be noted and passed down to other levels.
285 */
286 if (flags & ASN1_TFLG_TAG_MASK) {
287 /* Error if argument and template tagging */
288 if (tag != -1)
289 /* FIXME: error code here */
290 return -1;
291 /* Get tagging from template */
292 ttag = tt->tag;
293 tclass = flags & ASN1_TFLG_TAG_CLASS;
294 } else if (tag != -1) {
295 /* No template tagging, get from arguments */
296 ttag = tag;
297 tclass = iclass & ASN1_TFLG_TAG_CLASS;
298 } else {
299 ttag = -1;
300 tclass = 0;
301 }
302 /*
303 * Remove any class mask from iflag.
304 */
305 iclass &= ~ASN1_TFLG_TAG_CLASS;
306
307 /* At this point 'ttag' contains the outer tag to use,
308 * 'tclass' is the class and iclass is any flags passed
309 * to this function.
310 */
311
312 /* if template and arguments require ndef, use it */
313 if ((flags & ASN1_TFLG_NDEF) && (iclass & ASN1_TFLG_NDEF))
314 ndef = 2;
315 else
316 ndef = 1;
317
318 if (flags & ASN1_TFLG_SK_MASK) {
319 /* SET OF, SEQUENCE OF */
320 STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
321 int isset, sktag, skaclass;
322 int skcontlen, sklen;
323 ASN1_VALUE *skitem;
324
325 if (!*pval)
326 return 0;
327
328 if (flags & ASN1_TFLG_SET_OF) {
329 isset = 1;
330 /* 2 means we reorder */
331 if (flags & ASN1_TFLG_SEQUENCE_OF)
332 isset = 2;
333 } else
334 isset = 0;
335
336 /* Work out inner tag value: if EXPLICIT
337 * or no tagging use underlying type.
338 */
339 if ((ttag != -1) && !(flags & ASN1_TFLG_EXPTAG)) {
340 sktag = ttag;
341 skaclass = tclass;
342 } else {
343 skaclass = V_ASN1_UNIVERSAL;
344 if (isset)
345 sktag = V_ASN1_SET;
346 else
347 sktag = V_ASN1_SEQUENCE;
348 }
349
350 /* Determine total length of items */
351 skcontlen = 0;
352 for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
353 skitem = sk_ASN1_VALUE_value(sk, i);
354 skcontlen += ASN1_item_ex_i2d(&skitem, NULL,
355 tt->item, -1, iclass);
356 }
357 sklen = ASN1_object_size(ndef, skcontlen, sktag);
358 /* If EXPLICIT need length of surrounding tag */
359 if (flags & ASN1_TFLG_EXPTAG)
360 ret = ASN1_object_size(ndef, sklen, ttag);
361 else
362 ret = sklen;
363
364 if (!out)
365 return ret;
366
367 /* Now encode this lot... */
368 /* EXPLICIT tag */
369 if (flags & ASN1_TFLG_EXPTAG)
370 ASN1_put_object(out, ndef, sklen, ttag, tclass);
371 /* SET or SEQUENCE and IMPLICIT tag */
372 ASN1_put_object(out, ndef, skcontlen, sktag, skaclass);
373 /* And the stuff itself */
374 asn1_set_seq_out(sk, out, skcontlen, tt->item,
375 isset, iclass);
376 if (ndef == 2) {
377 ASN1_put_eoc(out);
378 if (flags & ASN1_TFLG_EXPTAG)
379 ASN1_put_eoc(out);
380 }
381
382 return ret;
383 }
384
385 if (flags & ASN1_TFLG_EXPTAG) {
386 /* EXPLICIT tagging */
387 /* Find length of tagged item */
388 i = ASN1_item_ex_i2d(pval, NULL, tt->item,
389 -1, iclass);
390 if (!i)
391 return 0;
392 /* Find length of EXPLICIT tag */
393 ret = ASN1_object_size(ndef, i, ttag);
394 if (out) {
395 /* Output tag and item */
396 ASN1_put_object(out, ndef, i, ttag, tclass);
397 ASN1_item_ex_i2d(pval, out, tt->item,
398 -1, iclass);
399 if (ndef == 2)
400 ASN1_put_eoc(out);
401 }
402 return ret;
403 }
404
405 /* Either normal or IMPLICIT tagging: combine class and flags */
406 return ASN1_item_ex_i2d(pval, out, tt->item,
407 ttag, tclass | iclass);
408}
409
410/* Temporary structure used to hold DER encoding of items for SET OF */
411
412typedef struct {
413 unsigned char *data;
414 int length;
415 ASN1_VALUE *field;
416} DER_ENC;
417
418static int
419der_cmp(const void *a, const void *b)
420{
421 const DER_ENC *d1 = a, *d2 = b;
422 int cmplen, i;
423
424 cmplen = (d1->length < d2->length) ? d1->length : d2->length;
425 i = memcmp(d1->data, d2->data, cmplen);
426 if (i)
427 return i;
428 return d1->length - d2->length;
429}
430
431/* Output the content octets of SET OF or SEQUENCE OF */
432
433static int
434asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, int skcontlen,
435 const ASN1_ITEM *item, int do_sort, int iclass)
436{
437 int i;
438 ASN1_VALUE *skitem;
439 unsigned char *tmpdat = NULL, *p = NULL;
440 DER_ENC *derlst = NULL, *tder;
441
442 if (do_sort) {
443 /* Don't need to sort less than 2 items */
444 if (sk_ASN1_VALUE_num(sk) < 2)
445 do_sort = 0;
446 else {
447 derlst = reallocarray(NULL, sk_ASN1_VALUE_num(sk),
448 sizeof(*derlst));
449 tmpdat = malloc(skcontlen);
450 if (!derlst || !tmpdat) {
451 free(derlst);
452 free(tmpdat);
453 return 0;
454 }
455 }
456 }
457 /* If not sorting just output each item */
458 if (!do_sort) {
459 for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
460 skitem = sk_ASN1_VALUE_value(sk, i);
461 ASN1_item_ex_i2d(&skitem, out, item, -1, iclass);
462 }
463 return 1;
464 }
465 p = tmpdat;
466
467 /* Doing sort: build up a list of each member's DER encoding */
468 for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
469 skitem = sk_ASN1_VALUE_value(sk, i);
470 tder->data = p;
471 tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass);
472 tder->field = skitem;
473 }
474
475 /* Now sort them */
476 qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp);
477 /* Output sorted DER encoding */
478 p = *out;
479 for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) {
480 memcpy(p, tder->data, tder->length);
481 p += tder->length;
482 }
483 *out = p;
484 /* If do_sort is 2 then reorder the STACK */
485 if (do_sort == 2) {
486 for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++)
487 (void)sk_ASN1_VALUE_set(sk, i, tder->field);
488 }
489 free(derlst);
490 free(tmpdat);
491 return 1;
492}
493
494static int
495asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out,
496 const ASN1_ITEM *it, int tag, int aclass)
497{
498 int olen, len;
499 int utype;
500 int usetag;
501 int ndef = 0;
502
503 utype = it->utype;
504
505 /* Get length of content octets and maybe find
506 * out the underlying type.
507 */
508
509 olen = len = asn1_ex_i2c(pval, NULL, &utype, it);
510
511 /* If SEQUENCE, SET or OTHER then header is
512 * included in pseudo content octets so don't
513 * include tag+length. We need to check here
514 * because the call to asn1_ex_i2c() could change
515 * utype.
516 */
517 if ((utype == V_ASN1_SEQUENCE) || (utype == V_ASN1_SET) ||
518 (utype == V_ASN1_OTHER))
519 usetag = 0;
520 else
521 usetag = 1;
522
523 /* -1 means omit type */
524 if (len == -1)
525 return 0;
526
527 /* -2 return is special meaning use ndef */
528 if (len == -2) {
529 ndef = 2;
530 len = 0;
531 }
532
533 /* Treat any other negative value as an error. */
534 if (len < 0)
535 return -1;
536
537 /* If not implicitly tagged get tag from underlying type */
538 if (tag == -1)
539 tag = utype;
540
541 /* Output tag+length followed by content octets */
542 if (out) {
543 if (usetag)
544 ASN1_put_object(out, ndef, len, tag, aclass);
545 if (asn1_ex_i2c(pval, *out, &utype, it) != olen)
546 return -1;
547 if (ndef)
548 ASN1_put_eoc(out);
549 else
550 *out += len;
551 }
552
553 if (usetag)
554 return ASN1_object_size(ndef, len, tag);
555 return len;
556}
557
558/* Produce content octets from a structure */
559
560static int
561asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype,
562 const ASN1_ITEM *it)
563{
564 ASN1_BOOLEAN *tbool = NULL;
565 ASN1_STRING *strtmp;
566 ASN1_OBJECT *otmp;
567 int utype;
568 const unsigned char *cont;
569 unsigned char c;
570 int len;
571
572 if (it->funcs != NULL) {
573 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
574
575 if (pf->prim_i2c == NULL)
576 return -1;
577 return pf->prim_i2c(pval, cout, putype, it);
578 }
579
580 /* Should type be omitted? */
581 if ((it->itype != ASN1_ITYPE_PRIMITIVE) ||
582 (it->utype != V_ASN1_BOOLEAN)) {
583 if (!*pval)
584 return -1;
585 }
586
587 if (it->itype == ASN1_ITYPE_MSTRING) {
588 /* If MSTRING type set the underlying type */
589 strtmp = (ASN1_STRING *)*pval;
590 utype = strtmp->type;
591 *putype = utype;
592 } else if (it->utype == V_ASN1_ANY) {
593 /* If ANY set type and pointer to value */
594 ASN1_TYPE *typ;
595 typ = (ASN1_TYPE *)*pval;
596 utype = typ->type;
597 *putype = utype;
598 pval = &typ->value.asn1_value;
599 } else
600 utype = *putype;
601
602 switch (utype) {
603 case V_ASN1_OBJECT:
604 otmp = (ASN1_OBJECT *)*pval;
605 cont = otmp->data;
606 len = otmp->length;
607 break;
608
609 case V_ASN1_NULL:
610 cont = NULL;
611 len = 0;
612 break;
613
614 case V_ASN1_BOOLEAN:
615 tbool = (ASN1_BOOLEAN *)pval;
616 if (*tbool == -1)
617 return -1;
618 if (it->utype != V_ASN1_ANY) {
619 /* Default handling if value == size field then omit */
620 if (*tbool && (it->size > 0))
621 return -1;
622 if (!*tbool && !it->size)
623 return -1;
624 }
625 c = (unsigned char)*tbool;
626 cont = &c;
627 len = 1;
628 break;
629
630 case V_ASN1_BIT_STRING:
631 return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval,
632 cout ? &cout : NULL);
633 break;
634
635 case V_ASN1_INTEGER:
636 case V_ASN1_ENUMERATED:
637 /* These are all have the same content format
638 * as ASN1_INTEGER
639 */
640 return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval,
641 cout ? &cout : NULL);
642 break;
643
644 case V_ASN1_OCTET_STRING:
645 case V_ASN1_NUMERICSTRING:
646 case V_ASN1_PRINTABLESTRING:
647 case V_ASN1_T61STRING:
648 case V_ASN1_VIDEOTEXSTRING:
649 case V_ASN1_IA5STRING:
650 case V_ASN1_UTCTIME:
651 case V_ASN1_GENERALIZEDTIME:
652 case V_ASN1_GRAPHICSTRING:
653 case V_ASN1_VISIBLESTRING:
654 case V_ASN1_GENERALSTRING:
655 case V_ASN1_UNIVERSALSTRING:
656 case V_ASN1_BMPSTRING:
657 case V_ASN1_UTF8STRING:
658 case V_ASN1_SEQUENCE:
659 case V_ASN1_SET:
660 default:
661 /* All based on ASN1_STRING and handled the same */
662 strtmp = (ASN1_STRING *)*pval;
663 /* Special handling for NDEF */
664 if ((it->size == ASN1_TFLG_NDEF) &&
665 (strtmp->flags & ASN1_STRING_FLAG_NDEF)) {
666 if (cout) {
667 strtmp->data = cout;
668 strtmp->length = 0;
669 }
670 /* Special return code */
671 return -2;
672 }
673 cont = strtmp->data;
674 len = strtmp->length;
675
676 break;
677
678 }
679 if (cout && len)
680 memcpy(cout, cont, len);
681 return len;
682}
diff --git a/src/lib/libcrypto/asn1/tasn_fre.c b/src/lib/libcrypto/asn1/tasn_fre.c
deleted file mode 100644
index 0e259a13ab..0000000000
--- a/src/lib/libcrypto/asn1/tasn_fre.c
+++ /dev/null
@@ -1,242 +0,0 @@
1/* $OpenBSD: tasn_fre.c,v 1.24 2024/12/11 11:22:06 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stddef.h>
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63#include <openssl/objects.h>
64
65#include "asn1_local.h"
66
67static void asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
68
69/* Free up an ASN1 structure */
70
71void
72ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it)
73{
74 asn1_item_free(&val, it);
75}
76LCRYPTO_ALIAS(ASN1_item_free);
77
78void
79ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
80{
81 asn1_item_free(pval, it);
82}
83LCRYPTO_ALIAS(ASN1_item_ex_free);
84
85static void
86asn1_item_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
87{
88 const ASN1_TEMPLATE *tt = NULL, *seqtt;
89 const ASN1_EXTERN_FUNCS *ef;
90 const ASN1_AUX *aux = it->funcs;
91 ASN1_aux_cb *asn1_cb = NULL;
92 int i;
93
94 if (pval == NULL)
95 return;
96 /* For primitive types *pval may be something other than C pointer. */
97 if (it->itype != ASN1_ITYPE_PRIMITIVE && *pval == NULL)
98 return;
99
100 if (aux != NULL && aux->asn1_cb != NULL)
101 asn1_cb = aux->asn1_cb;
102
103 switch (it->itype) {
104 case ASN1_ITYPE_PRIMITIVE:
105 if (it->templates)
106 ASN1_template_free(pval, it->templates);
107 else
108 ASN1_primitive_free(pval, it);
109 break;
110
111 case ASN1_ITYPE_MSTRING:
112 ASN1_primitive_free(pval, it);
113 break;
114
115 case ASN1_ITYPE_CHOICE:
116 if (asn1_cb) {
117 i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
118 if (i == 2)
119 return;
120 }
121 i = asn1_get_choice_selector(pval, it);
122 if ((i >= 0) && (i < it->tcount)) {
123 ASN1_VALUE **pchval;
124 tt = it->templates + i;
125 pchval = asn1_get_field_ptr(pval, tt);
126 ASN1_template_free(pchval, tt);
127 }
128 if (asn1_cb)
129 asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
130 free(*pval);
131 *pval = NULL;
132 break;
133
134 case ASN1_ITYPE_EXTERN:
135 ef = it->funcs;
136 if (ef && ef->asn1_ex_free)
137 ef->asn1_ex_free(pval, it);
138 break;
139
140 case ASN1_ITYPE_NDEF_SEQUENCE:
141 case ASN1_ITYPE_SEQUENCE:
142 if (asn1_do_lock(pval, -1, it) > 0)
143 return;
144 if (asn1_cb) {
145 i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL);
146 if (i == 2)
147 return;
148 }
149 asn1_enc_cleanup(pval, it);
150 /* If we free up as normal we will invalidate any
151 * ANY DEFINED BY field and we wont be able to
152 * determine the type of the field it defines. So
153 * free up in reverse order.
154 */
155 for (i = it->tcount - 1; i >= 0; i--) {
156 ASN1_VALUE **pseqval;
157 seqtt = asn1_do_adb(pval, &it->templates[i], 0);
158 if (!seqtt)
159 continue;
160 pseqval = asn1_get_field_ptr(pval, seqtt);
161 ASN1_template_free(pseqval, seqtt);
162 }
163 if (asn1_cb)
164 asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL);
165 free(*pval);
166 *pval = NULL;
167 break;
168 }
169}
170
171void
172ASN1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
173{
174 int i;
175 if (tt->flags & ASN1_TFLG_SK_MASK) {
176 STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval;
177 for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) {
178 ASN1_VALUE *vtmp;
179 vtmp = sk_ASN1_VALUE_value(sk, i);
180 asn1_item_free(&vtmp, tt->item);
181 }
182 sk_ASN1_VALUE_free(sk);
183 *pval = NULL;
184 } else
185 asn1_item_free(pval, tt->item);
186}
187
188void
189ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
190{
191 int utype;
192
193 if (it != NULL && it->funcs != NULL) {
194 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
195
196 pf->prim_free(pval, it);
197 return;
198 }
199
200 /* Special case: if 'it' is NULL free contents of ASN1_TYPE */
201 if (!it) {
202 ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
203 utype = typ->type;
204 pval = &typ->value.asn1_value;
205 if (!*pval)
206 return;
207 } else if (it->itype == ASN1_ITYPE_MSTRING) {
208 utype = -1;
209 if (!*pval)
210 return;
211 } else {
212 utype = it->utype;
213 if ((utype != V_ASN1_BOOLEAN) && !*pval)
214 return;
215 }
216
217 switch (utype) {
218 case V_ASN1_OBJECT:
219 ASN1_OBJECT_free((ASN1_OBJECT *)*pval);
220 break;
221
222 case V_ASN1_BOOLEAN:
223 if (it)
224 *(ASN1_BOOLEAN *)pval = it->size;
225 else
226 *(ASN1_BOOLEAN *)pval = -1;
227 return;
228
229 case V_ASN1_NULL:
230 break;
231
232 case V_ASN1_ANY:
233 ASN1_primitive_free(pval, NULL);
234 free(*pval);
235 break;
236
237 default:
238 ASN1_STRING_free((ASN1_STRING *)*pval);
239 break;
240 }
241 *pval = NULL;
242}
diff --git a/src/lib/libcrypto/asn1/tasn_new.c b/src/lib/libcrypto/asn1/tasn_new.c
deleted file mode 100644
index 10c1137dbf..0000000000
--- a/src/lib/libcrypto/asn1/tasn_new.c
+++ /dev/null
@@ -1,344 +0,0 @@
1/* $OpenBSD: tasn_new.c,v 1.25 2023/07/28 10:00:10 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59
60#include <stddef.h>
61#include <openssl/asn1.h>
62#include <openssl/objects.h>
63#include <openssl/err.h>
64#include <openssl/asn1t.h>
65#include <string.h>
66
67#include "asn1_local.h"
68
69static int asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
70static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
71static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt);
72static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
73
74ASN1_VALUE *
75ASN1_item_new(const ASN1_ITEM *it)
76{
77 ASN1_VALUE *ret = NULL;
78 if (ASN1_item_ex_new(&ret, it) > 0)
79 return ret;
80 return NULL;
81}
82LCRYPTO_ALIAS(ASN1_item_new);
83
84/* Allocate an ASN1 structure */
85
86int
87ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
88{
89 return asn1_item_ex_new(pval, it);
90}
91LCRYPTO_ALIAS(ASN1_item_ex_new);
92
93static int
94asn1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
95{
96 const ASN1_TEMPLATE *tt = NULL;
97 const ASN1_EXTERN_FUNCS *ef;
98 const ASN1_AUX *aux = it->funcs;
99 ASN1_aux_cb *asn1_cb = NULL;
100 ASN1_VALUE **pseqval;
101 int i;
102
103 if (aux != NULL && aux->asn1_cb != NULL)
104 asn1_cb = aux->asn1_cb;
105
106 *pval = NULL;
107
108 switch (it->itype) {
109 case ASN1_ITYPE_EXTERN:
110 ef = it->funcs;
111 if (ef && ef->asn1_ex_new) {
112 if (!ef->asn1_ex_new(pval, it))
113 goto memerr;
114 }
115 break;
116
117 case ASN1_ITYPE_PRIMITIVE:
118 if (it->templates) {
119 if (!ASN1_template_new(pval, it->templates))
120 goto memerr;
121 } else if (!ASN1_primitive_new(pval, it))
122 goto memerr;
123 break;
124
125 case ASN1_ITYPE_MSTRING:
126 if (!ASN1_primitive_new(pval, it))
127 goto memerr;
128 break;
129
130 case ASN1_ITYPE_CHOICE:
131 if (asn1_cb) {
132 i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
133 if (!i)
134 goto auxerr;
135 if (i == 2) {
136 return 1;
137 }
138 }
139 *pval = calloc(1, it->size);
140 if (!*pval)
141 goto memerr;
142 asn1_set_choice_selector(pval, -1, it);
143 if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
144 goto auxerr;
145 break;
146
147 case ASN1_ITYPE_NDEF_SEQUENCE:
148 case ASN1_ITYPE_SEQUENCE:
149 if (asn1_cb) {
150 i = asn1_cb(ASN1_OP_NEW_PRE, pval, it, NULL);
151 if (!i)
152 goto auxerr;
153 if (i == 2) {
154 return 1;
155 }
156 }
157 *pval = calloc(1, it->size);
158 if (!*pval)
159 goto memerr;
160 asn1_do_lock(pval, 0, it);
161 asn1_enc_init(pval, it);
162 for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) {
163 pseqval = asn1_get_field_ptr(pval, tt);
164 if (!ASN1_template_new(pseqval, tt))
165 goto memerr;
166 }
167 if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL))
168 goto auxerr;
169 break;
170 }
171 return 1;
172
173 memerr:
174 ASN1error(ERR_R_MALLOC_FAILURE);
175 return 0;
176
177 auxerr:
178 ASN1error(ASN1_R_AUX_ERROR);
179 ASN1_item_ex_free(pval, it);
180 return 0;
181
182}
183
184static void
185asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
186{
187 const ASN1_EXTERN_FUNCS *ef;
188
189 switch (it->itype) {
190 case ASN1_ITYPE_EXTERN:
191 ef = it->funcs;
192 if (ef && ef->asn1_ex_clear)
193 ef->asn1_ex_clear(pval, it);
194 else
195 *pval = NULL;
196 break;
197
198 case ASN1_ITYPE_PRIMITIVE:
199 if (it->templates)
200 asn1_template_clear(pval, it->templates);
201 else
202 asn1_primitive_clear(pval, it);
203 break;
204
205 case ASN1_ITYPE_MSTRING:
206 asn1_primitive_clear(pval, it);
207 break;
208
209 case ASN1_ITYPE_CHOICE:
210 case ASN1_ITYPE_SEQUENCE:
211 case ASN1_ITYPE_NDEF_SEQUENCE:
212 *pval = NULL;
213 break;
214 }
215}
216
217int
218ASN1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
219{
220 const ASN1_ITEM *it = tt->item;
221 int ret;
222
223 if (tt->flags & ASN1_TFLG_OPTIONAL) {
224 asn1_template_clear(pval, tt);
225 return 1;
226 }
227 /* If ANY DEFINED BY nothing to do */
228
229 if (tt->flags & ASN1_TFLG_ADB_MASK) {
230 *pval = NULL;
231 return 1;
232 }
233 /* If SET OF or SEQUENCE OF, its a STACK */
234 if (tt->flags & ASN1_TFLG_SK_MASK) {
235 STACK_OF(ASN1_VALUE) *skval;
236 skval = sk_ASN1_VALUE_new_null();
237 if (!skval) {
238 ASN1error(ERR_R_MALLOC_FAILURE);
239 ret = 0;
240 goto done;
241 }
242 *pval = (ASN1_VALUE *)skval;
243 ret = 1;
244 goto done;
245 }
246 /* Otherwise pass it back to the item routine */
247 ret = asn1_item_ex_new(pval, it);
248 done:
249 return ret;
250}
251
252static void
253asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
254{
255 /* If ADB or STACK just NULL the field */
256 if (tt->flags & (ASN1_TFLG_ADB_MASK|ASN1_TFLG_SK_MASK))
257 *pval = NULL;
258 else
259 asn1_item_clear(pval, tt->item);
260}
261
262
263/* NB: could probably combine most of the real XXX_new() behaviour and junk
264 * all the old functions.
265 */
266
267int
268ASN1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
269{
270 ASN1_TYPE *typ;
271 ASN1_STRING *str;
272 int utype;
273
274 if (it != NULL && it->funcs != NULL) {
275 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
276
277 if (pf->prim_new == NULL)
278 return 0;
279 return pf->prim_new(pval, it);
280 }
281
282 if (!it || (it->itype == ASN1_ITYPE_MSTRING))
283 utype = V_ASN1_UNDEF;
284 else
285 utype = it->utype;
286 switch (utype) {
287 case V_ASN1_OBJECT:
288 *pval = (ASN1_VALUE *)OBJ_nid2obj(NID_undef);
289 return 1;
290
291 case V_ASN1_BOOLEAN:
292 *(ASN1_BOOLEAN *)pval = it->size;
293 return 1;
294
295 case V_ASN1_NULL:
296 *pval = (ASN1_VALUE *)1;
297 return 1;
298
299 case V_ASN1_ANY:
300 typ = malloc(sizeof(ASN1_TYPE));
301 if (typ != NULL) {
302 typ->value.ptr = NULL;
303 typ->type = V_ASN1_UNDEF;
304 }
305 *pval = (ASN1_VALUE *)typ;
306 break;
307
308 default:
309 str = ASN1_STRING_type_new(utype);
310 if (it != NULL && it->itype == ASN1_ITYPE_MSTRING &&
311 str != NULL)
312 str->flags |= ASN1_STRING_FLAG_MSTRING;
313 *pval = (ASN1_VALUE *)str;
314 break;
315 }
316 if (*pval)
317 return 1;
318 return 0;
319}
320
321static void
322asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
323{
324 int utype;
325
326 if (it != NULL && it->funcs != NULL) {
327 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
328
329 if (pf->prim_clear)
330 pf->prim_clear(pval, it);
331 else
332 *pval = NULL;
333 return;
334 }
335
336 if (!it || (it->itype == ASN1_ITYPE_MSTRING))
337 utype = V_ASN1_UNDEF;
338 else
339 utype = it->utype;
340 if (utype == V_ASN1_BOOLEAN)
341 *(ASN1_BOOLEAN *)pval = it->size;
342 else
343 *pval = NULL;
344}
diff --git a/src/lib/libcrypto/asn1/tasn_prn.c b/src/lib/libcrypto/asn1/tasn_prn.c
deleted file mode 100644
index 07764fc091..0000000000
--- a/src/lib/libcrypto/asn1/tasn_prn.c
+++ /dev/null
@@ -1,513 +0,0 @@
1/* $OpenBSD: tasn_prn.c,v 1.27 2024/03/02 09:04:07 tb Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000,2005 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stddef.h>
60
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63#include <openssl/buffer.h>
64#include <openssl/err.h>
65#include <openssl/objects.h>
66#include <openssl/x509v3.h>
67
68#include "asn1_local.h"
69
70/* Print routines.
71 */
72
73/* ASN1_PCTX routines */
74
75static const ASN1_PCTX default_pctx = {
76 .flags = ASN1_PCTX_FLAGS_SHOW_ABSENT,
77};
78
79static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
80 const ASN1_ITEM *it, const char *fname, const char *sname, int nohdr,
81 const ASN1_PCTX *pctx);
82
83int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
84 const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx);
85
86static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld,
87 const ASN1_ITEM *it, int indent, const char *fname, const char *sname,
88 const ASN1_PCTX *pctx);
89
90static int asn1_print_fsname(BIO *out, int indent, const char *fname,
91 const char *sname, const ASN1_PCTX *pctx);
92
93int
94ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, const ASN1_ITEM *it,
95 const ASN1_PCTX *pctx)
96{
97 const char *sname;
98
99 if (pctx == NULL)
100 pctx = &default_pctx;
101 if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
102 sname = NULL;
103 else
104 sname = it->sname;
105 return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname,
106 0, pctx);
107}
108LCRYPTO_ALIAS(ASN1_item_print);
109
110static int
111asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, const ASN1_ITEM *it,
112 const char *fname, const char *sname, int nohdr, const ASN1_PCTX *pctx)
113{
114 const ASN1_TEMPLATE *tt;
115 const ASN1_EXTERN_FUNCS *ef;
116 ASN1_VALUE **tmpfld;
117 const ASN1_AUX *aux = it->funcs;
118 ASN1_aux_cb *asn1_cb;
119 ASN1_PRINT_ARG parg;
120 int i;
121
122 if (aux && aux->asn1_cb) {
123 parg.out = out;
124 parg.indent = indent;
125 parg.pctx = pctx;
126 asn1_cb = aux->asn1_cb;
127 } else
128 asn1_cb = NULL;
129
130 if ((it->itype != ASN1_ITYPE_PRIMITIVE ||
131 it->utype != V_ASN1_BOOLEAN) && *fld == NULL) {
132 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_ABSENT) {
133 if (!nohdr &&
134 !asn1_print_fsname(out, indent, fname, sname, pctx))
135 return 0;
136 if (BIO_puts(out, "<ABSENT>\n") <= 0)
137 return 0;
138 }
139 return 1;
140 }
141
142 switch (it->itype) {
143 case ASN1_ITYPE_PRIMITIVE:
144 if (it->templates) {
145 if (!asn1_template_print_ctx(out, fld, indent,
146 it->templates, pctx))
147 return 0;
148 }
149 /* fall thru */
150 case ASN1_ITYPE_MSTRING:
151 if (!asn1_primitive_print(out, fld, it,
152 indent, fname, sname, pctx))
153 return 0;
154 break;
155
156 case ASN1_ITYPE_EXTERN:
157 if (!nohdr &&
158 !asn1_print_fsname(out, indent, fname, sname, pctx))
159 return 0;
160 /* Use new style print routine if possible */
161 ef = it->funcs;
162 if (ef && ef->asn1_ex_print) {
163 i = ef->asn1_ex_print(out, fld, indent, "", pctx);
164 if (!i)
165 return 0;
166 if ((i == 2) && (BIO_puts(out, "\n") <= 0))
167 return 0;
168 return 1;
169 } else if (sname &&
170 BIO_printf(out, ":EXTERNAL TYPE %s\n", sname) <= 0)
171 return 0;
172 break;
173
174 case ASN1_ITYPE_CHOICE:
175 /* CHOICE type, get selector */
176 i = asn1_get_choice_selector(fld, it);
177 /* This should never happen... */
178 if ((i < 0) || (i >= it->tcount)) {
179 if (BIO_printf(out,
180 "ERROR: selector [%d] invalid\n", i) <= 0)
181 return 0;
182 return 1;
183 }
184 tt = it->templates + i;
185 tmpfld = asn1_get_field_ptr(fld, tt);
186 if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx))
187 return 0;
188 break;
189
190 case ASN1_ITYPE_SEQUENCE:
191 case ASN1_ITYPE_NDEF_SEQUENCE:
192 if (!nohdr &&
193 !asn1_print_fsname(out, indent, fname, sname, pctx))
194 return 0;
195 if (fname || sname) {
196 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
197 if (BIO_puts(out, " {\n") <= 0)
198 return 0;
199 } else {
200 if (BIO_puts(out, "\n") <= 0)
201 return 0;
202 }
203 }
204
205 if (asn1_cb) {
206 i = asn1_cb(ASN1_OP_PRINT_PRE, fld, it, &parg);
207 if (i == 0)
208 return 0;
209 if (i == 2)
210 return 1;
211 }
212
213 /* Print each field entry */
214 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
215 const ASN1_TEMPLATE *seqtt;
216
217 seqtt = asn1_do_adb(fld, tt, 1);
218 if (seqtt == NULL)
219 return 0;
220 tmpfld = asn1_get_field_ptr(fld, seqtt);
221 if (!asn1_template_print_ctx(out, tmpfld, indent + 2,
222 seqtt, pctx))
223 return 0;
224 }
225 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
226 if (BIO_printf(out, "%*s}\n", indent, "") < 0)
227 return 0;
228 }
229
230 if (asn1_cb) {
231 i = asn1_cb(ASN1_OP_PRINT_POST, fld, it, &parg);
232 if (i == 0)
233 return 0;
234 }
235 break;
236
237 default:
238 BIO_printf(out, "Unprocessed type %d\n", it->itype);
239 return 0;
240 }
241
242 return 1;
243}
244
245int
246asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent,
247 const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx)
248{
249 int i, flags;
250 const char *sname, *fname;
251
252 flags = tt->flags;
253 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME)
254 sname = tt->item->sname;
255 else
256 sname = NULL;
257 if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
258 fname = NULL;
259 else
260 fname = tt->field_name;
261 if (flags & ASN1_TFLG_SK_MASK) {
262 char *tname;
263 ASN1_VALUE *skitem;
264 STACK_OF(ASN1_VALUE) *stack;
265
266 /* SET OF, SEQUENCE OF */
267 if (fname) {
268 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SSOF) {
269 if (flags & ASN1_TFLG_SET_OF)
270 tname = "SET";
271 else
272 tname = "SEQUENCE";
273 if (BIO_printf(out, "%*s%s OF %s {\n",
274 indent, "", tname, tt->field_name) <= 0)
275 return 0;
276 } else if (BIO_printf(out, "%*s%s:\n", indent, "",
277 fname) <= 0)
278 return 0;
279 }
280 stack = (STACK_OF(ASN1_VALUE) *)*fld;
281 for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) {
282 if ((i > 0) && (BIO_puts(out, "\n") <= 0))
283 return 0;
284 skitem = sk_ASN1_VALUE_value(stack, i);
285 if (!asn1_item_print_ctx(out, &skitem, indent + 2,
286 tt->item, NULL, NULL, 1, pctx))
287 return 0;
288 }
289 if (!i && BIO_printf(out, "%*s<EMPTY>\n", indent + 2, "") <= 0)
290 return 0;
291 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_SEQUENCE) {
292 if (BIO_printf(out, "%*s}\n", indent, "") <= 0)
293 return 0;
294 }
295 return 1;
296 }
297 return asn1_item_print_ctx(out, fld, indent, tt->item,
298 fname, sname, 0, pctx);
299}
300
301static int
302asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname,
303 const ASN1_PCTX *pctx)
304{
305 if (indent < 0)
306 return 0;
307 if (!BIO_indent(out, indent, indent))
308 return 0;
309 if (pctx->flags & ASN1_PCTX_FLAGS_NO_STRUCT_NAME)
310 sname = NULL;
311 if (pctx->flags & ASN1_PCTX_FLAGS_NO_FIELD_NAME)
312 fname = NULL;
313 if (!sname && !fname)
314 return 1;
315 if (fname) {
316 if (BIO_puts(out, fname) <= 0)
317 return 0;
318 }
319 if (sname) {
320 if (fname) {
321 if (BIO_printf(out, " (%s)", sname) <= 0)
322 return 0;
323 } else {
324 if (BIO_puts(out, sname) <= 0)
325 return 0;
326 }
327 }
328 if (BIO_write(out, ": ", 2) != 2)
329 return 0;
330 return 1;
331}
332
333static int
334asn1_print_boolean_ctx(BIO *out, int boolval, const ASN1_PCTX *pctx)
335{
336 const char *str;
337 switch (boolval) {
338 case -1:
339 str = "BOOL ABSENT";
340 break;
341
342 case 0:
343 str = "FALSE";
344 break;
345
346 default:
347 str = "TRUE";
348 break;
349
350 }
351
352 if (BIO_puts(out, str) <= 0)
353 return 0;
354 return 1;
355
356}
357
358static int
359asn1_print_integer_ctx(BIO *out, ASN1_INTEGER *str, const ASN1_PCTX *pctx)
360{
361 char *s;
362 int ret = 1;
363 if ((s = i2s_ASN1_INTEGER(NULL, str)) == NULL)
364 return 0;
365 if (BIO_puts(out, s) <= 0)
366 ret = 0;
367 free(s);
368 return ret;
369}
370
371static int
372asn1_print_oid_ctx(BIO *out, const ASN1_OBJECT *oid, const ASN1_PCTX *pctx)
373{
374 char objbuf[80];
375 const char *ln;
376 ln = OBJ_nid2ln(OBJ_obj2nid(oid));
377 if (!ln)
378 ln = "";
379 OBJ_obj2txt(objbuf, sizeof objbuf, oid, 1);
380 if (BIO_printf(out, "%s (%s)", ln, objbuf) <= 0)
381 return 0;
382 return 1;
383}
384
385static int
386asn1_print_obstring_ctx(BIO *out, ASN1_STRING *str, int indent,
387 const ASN1_PCTX *pctx)
388{
389 if (str->type == V_ASN1_BIT_STRING) {
390 if (BIO_printf(out, " (%ld unused bits)\n",
391 str->flags & 0x7) <= 0)
392 return 0;
393 } else if (BIO_puts(out, "\n") <= 0)
394 return 0;
395 if ((str->length > 0) &&
396 BIO_dump_indent(out, (char *)str->data, str->length,
397 indent + 2) <= 0)
398 return 0;
399 return 1;
400}
401
402static int
403asn1_primitive_print(BIO *out, ASN1_VALUE **fld, const ASN1_ITEM *it,
404 int indent, const char *fname, const char *sname, const ASN1_PCTX *pctx)
405{
406 long utype;
407 ASN1_STRING *str;
408 int ret = 1, needlf = 1;
409 const char *pname;
410
411 if (!asn1_print_fsname(out, indent, fname, sname, pctx))
412 return 0;
413
414 if (it != NULL && it->funcs != NULL) {
415 const ASN1_PRIMITIVE_FUNCS *pf = it->funcs;
416
417 if (pf->prim_print == NULL)
418 return 0;
419
420 return pf->prim_print(out, fld, it, indent, pctx);
421 }
422 if (it->itype == ASN1_ITYPE_MSTRING) {
423 str = (ASN1_STRING *)*fld;
424 utype = str->type & ~V_ASN1_NEG;
425 } else {
426 utype = it->utype;
427 if (utype == V_ASN1_BOOLEAN)
428 str = NULL;
429 else
430 str = (ASN1_STRING *)*fld;
431 }
432 if (utype == V_ASN1_ANY) {
433 ASN1_TYPE *atype = (ASN1_TYPE *)*fld;
434 utype = atype->type;
435 fld = &atype->value.asn1_value;
436 str = (ASN1_STRING *)*fld;
437 if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE)
438 pname = NULL;
439 else
440 pname = ASN1_tag2str(utype);
441 } else {
442 if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_TYPE)
443 pname = ASN1_tag2str(utype);
444 else
445 pname = NULL;
446 }
447
448 if (utype == V_ASN1_NULL) {
449 if (BIO_puts(out, "NULL\n") <= 0)
450 return 0;
451 return 1;
452 }
453
454 if (pname) {
455 if (BIO_puts(out, pname) <= 0)
456 return 0;
457 if (BIO_puts(out, ":") <= 0)
458 return 0;
459 }
460
461 switch (utype) {
462 case V_ASN1_BOOLEAN:
463 {
464 int boolval = *(int *)fld;
465 if (boolval == -1)
466 boolval = it->size;
467 ret = asn1_print_boolean_ctx(out, boolval, pctx);
468 }
469 break;
470
471 case V_ASN1_INTEGER:
472 case V_ASN1_ENUMERATED:
473 ret = asn1_print_integer_ctx(out, str, pctx);
474 break;
475
476 case V_ASN1_UTCTIME:
477 ret = ASN1_UTCTIME_print(out, str);
478 break;
479
480 case V_ASN1_GENERALIZEDTIME:
481 ret = ASN1_GENERALIZEDTIME_print(out, str);
482 break;
483
484 case V_ASN1_OBJECT:
485 ret = asn1_print_oid_ctx(out, (const ASN1_OBJECT *)*fld, pctx);
486 break;
487
488 case V_ASN1_OCTET_STRING:
489 case V_ASN1_BIT_STRING:
490 ret = asn1_print_obstring_ctx(out, str, indent, pctx);
491 needlf = 0;
492 break;
493
494 case V_ASN1_SEQUENCE:
495 case V_ASN1_SET:
496 case V_ASN1_OTHER:
497 if (BIO_puts(out, "\n") <= 0)
498 return 0;
499 if (ASN1_parse_dump(out, str->data, str->length,
500 indent, 0) <= 0)
501 ret = 0;
502 needlf = 0;
503 break;
504
505 default:
506 ret = ASN1_STRING_print_ex(out, str, pctx->str_flags);
507 }
508 if (!ret)
509 return 0;
510 if (needlf && BIO_puts(out, "\n") <= 0)
511 return 0;
512 return 1;
513}
diff --git a/src/lib/libcrypto/asn1/tasn_typ.c b/src/lib/libcrypto/asn1/tasn_typ.c
deleted file mode 100644
index 0f7fcb0e03..0000000000
--- a/src/lib/libcrypto/asn1/tasn_typ.c
+++ /dev/null
@@ -1,739 +0,0 @@
1/* $OpenBSD: tasn_typ.c,v 1.20 2024/07/08 16:24:22 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58#include <stdio.h>
59#include <openssl/asn1.h>
60#include <openssl/asn1t.h>
61
62/* Declarations for string types */
63
64const ASN1_ITEM ASN1_NULL_it = {
65 .itype = ASN1_ITYPE_PRIMITIVE,
66 .utype = V_ASN1_NULL,
67 .sname = "ASN1_NULL",
68};
69LCRYPTO_ALIAS(ASN1_NULL_it);
70
71ASN1_NULL *
72d2i_ASN1_NULL(ASN1_NULL **a, const unsigned char **in, long len)
73{
74 return (ASN1_NULL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
75 &ASN1_NULL_it);
76}
77LCRYPTO_ALIAS(d2i_ASN1_NULL);
78
79int
80i2d_ASN1_NULL(ASN1_NULL *a, unsigned char **out)
81{
82 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_NULL_it);
83}
84LCRYPTO_ALIAS(i2d_ASN1_NULL);
85
86ASN1_NULL *
87ASN1_NULL_new(void)
88{
89 return (ASN1_NULL *)ASN1_item_new(&ASN1_NULL_it);
90}
91LCRYPTO_ALIAS(ASN1_NULL_new);
92
93void
94ASN1_NULL_free(ASN1_NULL *a)
95{
96 ASN1_item_free((ASN1_VALUE *)a, &ASN1_NULL_it);
97}
98LCRYPTO_ALIAS(ASN1_NULL_free);
99
100
101const ASN1_ITEM ASN1_UTF8STRING_it = {
102 .itype = ASN1_ITYPE_PRIMITIVE,
103 .utype = V_ASN1_UTF8STRING,
104 .sname = "ASN1_UTF8STRING",
105};
106LCRYPTO_ALIAS(ASN1_UTF8STRING_it);
107
108ASN1_UTF8STRING *
109d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, const unsigned char **in, long len)
110{
111 return (ASN1_UTF8STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
112 &ASN1_UTF8STRING_it);
113}
114LCRYPTO_ALIAS(d2i_ASN1_UTF8STRING);
115
116int
117i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **out)
118{
119 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UTF8STRING_it);
120}
121LCRYPTO_ALIAS(i2d_ASN1_UTF8STRING);
122
123ASN1_UTF8STRING *
124ASN1_UTF8STRING_new(void)
125{
126 return (ASN1_UTF8STRING *)ASN1_item_new(&ASN1_UTF8STRING_it);
127}
128LCRYPTO_ALIAS(ASN1_UTF8STRING_new);
129
130void
131ASN1_UTF8STRING_free(ASN1_UTF8STRING *a)
132{
133 ASN1_item_free((ASN1_VALUE *)a, &ASN1_UTF8STRING_it);
134}
135LCRYPTO_ALIAS(ASN1_UTF8STRING_free);
136
137
138const ASN1_ITEM ASN1_PRINTABLESTRING_it = {
139 .itype = ASN1_ITYPE_PRIMITIVE,
140 .utype = V_ASN1_PRINTABLESTRING,
141 .sname = "ASN1_PRINTABLESTRING",
142};
143LCRYPTO_ALIAS(ASN1_PRINTABLESTRING_it);
144
145ASN1_PRINTABLESTRING *
146d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, const unsigned char **in,
147 long len)
148{
149 return (ASN1_PRINTABLESTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
150 &ASN1_PRINTABLESTRING_it);
151}
152LCRYPTO_ALIAS(d2i_ASN1_PRINTABLESTRING);
153
154int
155i2d_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING *a, unsigned char **out)
156{
157 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_PRINTABLESTRING_it);
158}
159LCRYPTO_ALIAS(i2d_ASN1_PRINTABLESTRING);
160
161ASN1_PRINTABLESTRING *
162ASN1_PRINTABLESTRING_new(void)
163{
164 return (ASN1_PRINTABLESTRING *)ASN1_item_new(&ASN1_PRINTABLESTRING_it);
165}
166LCRYPTO_ALIAS(ASN1_PRINTABLESTRING_new);
167
168void
169ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *a)
170{
171 ASN1_item_free((ASN1_VALUE *)a, &ASN1_PRINTABLESTRING_it);
172}
173LCRYPTO_ALIAS(ASN1_PRINTABLESTRING_free);
174
175
176const ASN1_ITEM ASN1_T61STRING_it = {
177 .itype = ASN1_ITYPE_PRIMITIVE,
178 .utype = V_ASN1_T61STRING,
179 .sname = "ASN1_T61STRING",
180};
181LCRYPTO_ALIAS(ASN1_T61STRING_it);
182
183ASN1_T61STRING *
184d2i_ASN1_T61STRING(ASN1_T61STRING **a, const unsigned char **in, long len)
185{
186 return (ASN1_T61STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
187 &ASN1_T61STRING_it);
188}
189LCRYPTO_ALIAS(d2i_ASN1_T61STRING);
190
191int
192i2d_ASN1_T61STRING(ASN1_T61STRING *a, unsigned char **out)
193{
194 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_T61STRING_it);
195}
196LCRYPTO_ALIAS(i2d_ASN1_T61STRING);
197
198ASN1_T61STRING *
199ASN1_T61STRING_new(void)
200{
201 return (ASN1_T61STRING *)ASN1_item_new(&ASN1_T61STRING_it);
202}
203LCRYPTO_ALIAS(ASN1_T61STRING_new);
204
205void
206ASN1_T61STRING_free(ASN1_T61STRING *a)
207{
208 ASN1_item_free((ASN1_VALUE *)a, &ASN1_T61STRING_it);
209}
210LCRYPTO_ALIAS(ASN1_T61STRING_free);
211
212
213const ASN1_ITEM ASN1_IA5STRING_it = {
214 .itype = ASN1_ITYPE_PRIMITIVE,
215 .utype = V_ASN1_IA5STRING,
216 .sname = "ASN1_IA5STRING",
217};
218LCRYPTO_ALIAS(ASN1_IA5STRING_it);
219
220ASN1_IA5STRING *
221d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, const unsigned char **in, long len)
222{
223 return (ASN1_IA5STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
224 &ASN1_IA5STRING_it);
225}
226LCRYPTO_ALIAS(d2i_ASN1_IA5STRING);
227
228int
229i2d_ASN1_IA5STRING(ASN1_IA5STRING *a, unsigned char **out)
230{
231 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_IA5STRING_it);
232}
233LCRYPTO_ALIAS(i2d_ASN1_IA5STRING);
234
235ASN1_IA5STRING *
236ASN1_IA5STRING_new(void)
237{
238 return (ASN1_IA5STRING *)ASN1_item_new(&ASN1_IA5STRING_it);
239}
240LCRYPTO_ALIAS(ASN1_IA5STRING_new);
241
242void
243ASN1_IA5STRING_free(ASN1_IA5STRING *a)
244{
245 ASN1_item_free((ASN1_VALUE *)a, &ASN1_IA5STRING_it);
246}
247LCRYPTO_ALIAS(ASN1_IA5STRING_free);
248
249
250const ASN1_ITEM ASN1_GENERALSTRING_it = {
251 .itype = ASN1_ITYPE_PRIMITIVE,
252 .utype = V_ASN1_GENERALSTRING,
253 .sname = "ASN1_GENERALSTRING",
254};
255LCRYPTO_ALIAS(ASN1_GENERALSTRING_it);
256
257ASN1_GENERALSTRING *
258d2i_ASN1_GENERALSTRING(ASN1_GENERALSTRING **a, const unsigned char **in,
259 long len)
260{
261 return (ASN1_GENERALSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
262 &ASN1_GENERALSTRING_it);
263}
264LCRYPTO_ALIAS(d2i_ASN1_GENERALSTRING);
265
266int
267i2d_ASN1_GENERALSTRING(ASN1_GENERALSTRING *a, unsigned char **out)
268{
269 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_GENERALSTRING_it);
270}
271LCRYPTO_ALIAS(i2d_ASN1_GENERALSTRING);
272
273ASN1_GENERALSTRING *
274ASN1_GENERALSTRING_new(void)
275{
276 return (ASN1_GENERALSTRING *)ASN1_item_new(&ASN1_GENERALSTRING_it);
277}
278LCRYPTO_ALIAS(ASN1_GENERALSTRING_new);
279
280void
281ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *a)
282{
283 ASN1_item_free((ASN1_VALUE *)a, &ASN1_GENERALSTRING_it);
284}
285LCRYPTO_ALIAS(ASN1_GENERALSTRING_free);
286
287
288const ASN1_ITEM ASN1_UTCTIME_it = {
289 .itype = ASN1_ITYPE_PRIMITIVE,
290 .utype = V_ASN1_UTCTIME,
291 .sname = "ASN1_UTCTIME",
292};
293LCRYPTO_ALIAS(ASN1_UTCTIME_it);
294
295ASN1_UTCTIME *
296d2i_ASN1_UTCTIME(ASN1_UTCTIME **a, const unsigned char **in, long len)
297{
298 return (ASN1_UTCTIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
299 &ASN1_UTCTIME_it);
300}
301LCRYPTO_ALIAS(d2i_ASN1_UTCTIME);
302
303int
304i2d_ASN1_UTCTIME(ASN1_UTCTIME *a, unsigned char **out)
305{
306 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UTCTIME_it);
307}
308LCRYPTO_ALIAS(i2d_ASN1_UTCTIME);
309
310ASN1_UTCTIME *
311ASN1_UTCTIME_new(void)
312{
313 return (ASN1_UTCTIME *)ASN1_item_new(&ASN1_UTCTIME_it);
314}
315LCRYPTO_ALIAS(ASN1_UTCTIME_new);
316
317void
318ASN1_UTCTIME_free(ASN1_UTCTIME *a)
319{
320 ASN1_item_free((ASN1_VALUE *)a, &ASN1_UTCTIME_it);
321}
322LCRYPTO_ALIAS(ASN1_UTCTIME_free);
323
324
325const ASN1_ITEM ASN1_GENERALIZEDTIME_it = {
326 .itype = ASN1_ITYPE_PRIMITIVE,
327 .utype = V_ASN1_GENERALIZEDTIME,
328 .sname = "ASN1_GENERALIZEDTIME",
329};
330LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_it);
331
332ASN1_GENERALIZEDTIME *
333d2i_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME **a, const unsigned char **in,
334 long len)
335{
336 return (ASN1_GENERALIZEDTIME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
337 &ASN1_GENERALIZEDTIME_it);
338}
339LCRYPTO_ALIAS(d2i_ASN1_GENERALIZEDTIME);
340
341int
342i2d_ASN1_GENERALIZEDTIME(ASN1_GENERALIZEDTIME *a, unsigned char **out)
343{
344 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_GENERALIZEDTIME_it);
345}
346LCRYPTO_ALIAS(i2d_ASN1_GENERALIZEDTIME);
347
348ASN1_GENERALIZEDTIME *
349ASN1_GENERALIZEDTIME_new(void)
350{
351 return (ASN1_GENERALIZEDTIME *)ASN1_item_new(&ASN1_GENERALIZEDTIME_it);
352}
353LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_new);
354
355void
356ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *a)
357{
358 ASN1_item_free((ASN1_VALUE *)a, &ASN1_GENERALIZEDTIME_it);
359}
360LCRYPTO_ALIAS(ASN1_GENERALIZEDTIME_free);
361
362
363const ASN1_ITEM ASN1_VISIBLESTRING_it = {
364 .itype = ASN1_ITYPE_PRIMITIVE,
365 .utype = V_ASN1_VISIBLESTRING,
366 .sname = "ASN1_VISIBLESTRING",
367};
368LCRYPTO_ALIAS(ASN1_VISIBLESTRING_it);
369
370ASN1_VISIBLESTRING *
371d2i_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING **a, const unsigned char **in,
372 long len)
373{
374 return (ASN1_VISIBLESTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
375 &ASN1_VISIBLESTRING_it);
376}
377LCRYPTO_ALIAS(d2i_ASN1_VISIBLESTRING);
378
379int
380i2d_ASN1_VISIBLESTRING(ASN1_VISIBLESTRING *a, unsigned char **out)
381{
382 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_VISIBLESTRING_it);
383}
384LCRYPTO_ALIAS(i2d_ASN1_VISIBLESTRING);
385
386ASN1_VISIBLESTRING *
387ASN1_VISIBLESTRING_new(void)
388{
389 return (ASN1_VISIBLESTRING *)ASN1_item_new(&ASN1_VISIBLESTRING_it);
390}
391LCRYPTO_ALIAS(ASN1_VISIBLESTRING_new);
392
393void
394ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *a)
395{
396 ASN1_item_free((ASN1_VALUE *)a, &ASN1_VISIBLESTRING_it);
397}
398LCRYPTO_ALIAS(ASN1_VISIBLESTRING_free);
399
400
401const ASN1_ITEM ASN1_UNIVERSALSTRING_it = {
402 .itype = ASN1_ITYPE_PRIMITIVE,
403 .utype = V_ASN1_UNIVERSALSTRING,
404 .sname = "ASN1_UNIVERSALSTRING",
405};
406LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_it);
407
408ASN1_UNIVERSALSTRING *
409d2i_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING **a, const unsigned char **in,
410 long len)
411{
412 return (ASN1_UNIVERSALSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
413 &ASN1_UNIVERSALSTRING_it);
414}
415LCRYPTO_ALIAS(d2i_ASN1_UNIVERSALSTRING);
416
417int
418i2d_ASN1_UNIVERSALSTRING(ASN1_UNIVERSALSTRING *a, unsigned char **out)
419{
420 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_UNIVERSALSTRING_it);
421}
422LCRYPTO_ALIAS(i2d_ASN1_UNIVERSALSTRING);
423
424ASN1_UNIVERSALSTRING *
425ASN1_UNIVERSALSTRING_new(void)
426{
427 return (ASN1_UNIVERSALSTRING *)ASN1_item_new(&ASN1_UNIVERSALSTRING_it);
428}
429LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_new);
430
431void
432ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *a)
433{
434 ASN1_item_free((ASN1_VALUE *)a, &ASN1_UNIVERSALSTRING_it);
435}
436LCRYPTO_ALIAS(ASN1_UNIVERSALSTRING_free);
437
438
439const ASN1_ITEM ASN1_BMPSTRING_it = {
440 .itype = ASN1_ITYPE_PRIMITIVE,
441 .utype = V_ASN1_BMPSTRING,
442 .sname = "ASN1_BMPSTRING",
443};
444LCRYPTO_ALIAS(ASN1_BMPSTRING_it);
445
446ASN1_BMPSTRING *
447d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **a, const unsigned char **in, long len)
448{
449 return (ASN1_BMPSTRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
450 &ASN1_BMPSTRING_it);
451}
452LCRYPTO_ALIAS(d2i_ASN1_BMPSTRING);
453
454int
455i2d_ASN1_BMPSTRING(ASN1_BMPSTRING *a, unsigned char **out)
456{
457 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_BMPSTRING_it);
458}
459LCRYPTO_ALIAS(i2d_ASN1_BMPSTRING);
460
461ASN1_BMPSTRING *
462ASN1_BMPSTRING_new(void)
463{
464 return (ASN1_BMPSTRING *)ASN1_item_new(&ASN1_BMPSTRING_it);
465}
466LCRYPTO_ALIAS(ASN1_BMPSTRING_new);
467
468void
469ASN1_BMPSTRING_free(ASN1_BMPSTRING *a)
470{
471 ASN1_item_free((ASN1_VALUE *)a, &ASN1_BMPSTRING_it);
472}
473LCRYPTO_ALIAS(ASN1_BMPSTRING_free);
474
475const ASN1_ITEM ASN1_ANY_it = {
476 .itype = ASN1_ITYPE_PRIMITIVE,
477 .utype = V_ASN1_ANY,
478 .sname = "ASN1_ANY",
479};
480LCRYPTO_ALIAS(ASN1_ANY_it);
481
482
483/* Just swallow an ASN1_SEQUENCE in an ASN1_STRING */
484
485const ASN1_ITEM ASN1_SEQUENCE_it = {
486 .itype = ASN1_ITYPE_PRIMITIVE,
487 .utype = V_ASN1_SEQUENCE,
488 .sname = "ASN1_SEQUENCE",
489};
490LCRYPTO_ALIAS(ASN1_SEQUENCE_it);
491
492
493/* Multistring types */
494
495
496const ASN1_ITEM ASN1_PRINTABLE_it = {
497 .itype = ASN1_ITYPE_MSTRING,
498 .utype = B_ASN1_PRINTABLE,
499 .templates = NULL,
500 .tcount = 0,
501 .funcs = NULL,
502 .size = sizeof(ASN1_STRING),
503 .sname = "ASN1_PRINTABLE",
504};
505LCRYPTO_ALIAS(ASN1_PRINTABLE_it);
506
507ASN1_STRING *
508d2i_ASN1_PRINTABLE(ASN1_STRING **a, const unsigned char **in, long len)
509{
510 return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
511 &ASN1_PRINTABLE_it);
512}
513LCRYPTO_ALIAS(d2i_ASN1_PRINTABLE);
514
515int
516i2d_ASN1_PRINTABLE(ASN1_STRING *a, unsigned char **out)
517{
518 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_PRINTABLE_it);
519}
520LCRYPTO_ALIAS(i2d_ASN1_PRINTABLE);
521
522ASN1_STRING *
523ASN1_PRINTABLE_new(void)
524{
525 return (ASN1_STRING *)ASN1_item_new(&ASN1_PRINTABLE_it);
526}
527LCRYPTO_ALIAS(ASN1_PRINTABLE_new);
528
529void
530ASN1_PRINTABLE_free(ASN1_STRING *a)
531{
532 ASN1_item_free((ASN1_VALUE *)a, &ASN1_PRINTABLE_it);
533}
534LCRYPTO_ALIAS(ASN1_PRINTABLE_free);
535
536
537const ASN1_ITEM DISPLAYTEXT_it = {
538 .itype = ASN1_ITYPE_MSTRING,
539 .utype = B_ASN1_DISPLAYTEXT,
540 .templates = NULL,
541 .tcount = 0,
542 .funcs = NULL,
543 .size = sizeof(ASN1_STRING),
544 .sname = "DISPLAYTEXT",
545};
546LCRYPTO_ALIAS(DISPLAYTEXT_it);
547
548ASN1_STRING *
549d2i_DISPLAYTEXT(ASN1_STRING **a, const unsigned char **in, long len)
550{
551 return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
552 &DISPLAYTEXT_it);
553}
554LCRYPTO_ALIAS(d2i_DISPLAYTEXT);
555
556int
557i2d_DISPLAYTEXT(ASN1_STRING *a, unsigned char **out)
558{
559 return ASN1_item_i2d((ASN1_VALUE *)a, out, &DISPLAYTEXT_it);
560}
561LCRYPTO_ALIAS(i2d_DISPLAYTEXT);
562
563ASN1_STRING *
564DISPLAYTEXT_new(void)
565{
566 return (ASN1_STRING *)ASN1_item_new(&DISPLAYTEXT_it);
567}
568LCRYPTO_ALIAS(DISPLAYTEXT_new);
569
570void
571DISPLAYTEXT_free(ASN1_STRING *a)
572{
573 ASN1_item_free((ASN1_VALUE *)a, &DISPLAYTEXT_it);
574}
575LCRYPTO_ALIAS(DISPLAYTEXT_free);
576
577
578const ASN1_ITEM DIRECTORYSTRING_it = {
579 .itype = ASN1_ITYPE_MSTRING,
580 .utype = B_ASN1_DIRECTORYSTRING,
581 .templates = NULL,
582 .tcount = 0,
583 .funcs = NULL,
584 .size = sizeof(ASN1_STRING),
585 .sname = "DIRECTORYSTRING",
586};
587LCRYPTO_ALIAS(DIRECTORYSTRING_it);
588
589ASN1_STRING *
590d2i_DIRECTORYSTRING(ASN1_STRING **a, const unsigned char **in, long len)
591{
592 return (ASN1_STRING *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
593 &DIRECTORYSTRING_it);
594}
595LCRYPTO_ALIAS(d2i_DIRECTORYSTRING);
596
597int
598i2d_DIRECTORYSTRING(ASN1_STRING *a, unsigned char **out)
599{
600 return ASN1_item_i2d((ASN1_VALUE *)a, out, &DIRECTORYSTRING_it);
601}
602LCRYPTO_ALIAS(i2d_DIRECTORYSTRING);
603
604ASN1_STRING *
605DIRECTORYSTRING_new(void)
606{
607 return (ASN1_STRING *)ASN1_item_new(&DIRECTORYSTRING_it);
608}
609LCRYPTO_ALIAS(DIRECTORYSTRING_new);
610
611void
612DIRECTORYSTRING_free(ASN1_STRING *a)
613{
614 ASN1_item_free((ASN1_VALUE *)a, &DIRECTORYSTRING_it);
615}
616LCRYPTO_ALIAS(DIRECTORYSTRING_free);
617
618/* Three separate BOOLEAN type: normal, DEFAULT TRUE and DEFAULT FALSE */
619
620const ASN1_ITEM ASN1_BOOLEAN_it = {
621 .itype = ASN1_ITYPE_PRIMITIVE,
622 .utype = V_ASN1_BOOLEAN,
623 .size = -1,
624 .sname = "ASN1_BOOLEAN",
625};
626
627int
628i2d_ASN1_BOOLEAN(int a, unsigned char **out)
629{
630 return ASN1_item_ex_i2d((ASN1_VALUE **)&a, out,
631 &ASN1_BOOLEAN_it, -1, 0);
632}
633
634int
635d2i_ASN1_BOOLEAN(int *a, const unsigned char **in, long len)
636{
637 ASN1_BOOLEAN abool;
638
639 if (ASN1_item_ex_d2i((ASN1_VALUE **)&abool, in, len, &ASN1_BOOLEAN_it,
640 -1, 0, 0, NULL) <= 0)
641 return -1;
642
643 if (a != NULL)
644 *a = abool;
645
646 return abool;
647}
648
649const ASN1_ITEM ASN1_TBOOLEAN_it = {
650 .itype = ASN1_ITYPE_PRIMITIVE,
651 .utype = V_ASN1_BOOLEAN,
652 .size = 1,
653 .sname = "ASN1_TBOOLEAN",
654};
655
656const ASN1_ITEM ASN1_FBOOLEAN_it = {
657 .itype = ASN1_ITYPE_PRIMITIVE,
658 .utype = V_ASN1_BOOLEAN,
659 .size = 0,
660 .sname = "ASN1_FBOOLEAN",
661};
662
663/* Special, OCTET STRING with indefinite length constructed support */
664
665const ASN1_ITEM ASN1_OCTET_STRING_NDEF_it = {
666 .itype = ASN1_ITYPE_PRIMITIVE,
667 .utype = V_ASN1_OCTET_STRING,
668 .size = ASN1_TFLG_NDEF,
669 .sname = "ASN1_OCTET_STRING_NDEF",
670};
671
672static const ASN1_TEMPLATE ASN1_SEQUENCE_ANY_item_tt = {
673 .flags = ASN1_TFLG_SEQUENCE_OF,
674 .tag = 0,
675 .offset = 0,
676 .field_name = "ASN1_SEQUENCE_ANY",
677 .item = &ASN1_ANY_it,
678};
679
680const ASN1_ITEM ASN1_SEQUENCE_ANY_it = {
681 .itype = ASN1_ITYPE_PRIMITIVE,
682 .utype = -1,
683 .templates = &ASN1_SEQUENCE_ANY_item_tt,
684 .tcount = 0,
685 .funcs = NULL,
686 .size = 0,
687 .sname = "ASN1_SEQUENCE_ANY",
688};
689LCRYPTO_ALIAS(ASN1_SEQUENCE_ANY_it);
690
691static const ASN1_TEMPLATE ASN1_SET_ANY_item_tt = {
692 .flags = ASN1_TFLG_SET_OF,
693 .tag = 0,
694 .offset = 0,
695 .field_name = "ASN1_SET_ANY",
696 .item = &ASN1_ANY_it,
697};
698
699const ASN1_ITEM ASN1_SET_ANY_it = {
700 .itype = ASN1_ITYPE_PRIMITIVE,
701 .utype = -1,
702 .templates = &ASN1_SET_ANY_item_tt,
703 .tcount = 0,
704 .funcs = NULL,
705 .size = 0,
706 .sname = "ASN1_SET_ANY",
707};
708LCRYPTO_ALIAS(ASN1_SET_ANY_it);
709
710
711ASN1_SEQUENCE_ANY *
712d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len)
713{
714 return (ASN1_SEQUENCE_ANY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
715 &ASN1_SEQUENCE_ANY_it);
716}
717LCRYPTO_ALIAS(d2i_ASN1_SEQUENCE_ANY);
718
719int
720i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out)
721{
722 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_SEQUENCE_ANY_it);
723}
724LCRYPTO_ALIAS(i2d_ASN1_SEQUENCE_ANY);
725
726ASN1_SEQUENCE_ANY *
727d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **a, const unsigned char **in, long len)
728{
729 return (ASN1_SEQUENCE_ANY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
730 &ASN1_SET_ANY_it);
731}
732LCRYPTO_ALIAS(d2i_ASN1_SET_ANY);
733
734int
735i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *a, unsigned char **out)
736{
737 return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_SET_ANY_it);
738}
739LCRYPTO_ALIAS(i2d_ASN1_SET_ANY);
diff --git a/src/lib/libcrypto/asn1/tasn_utl.c b/src/lib/libcrypto/asn1/tasn_utl.c
deleted file mode 100644
index ae546edd4b..0000000000
--- a/src/lib/libcrypto/asn1/tasn_utl.c
+++ /dev/null
@@ -1,299 +0,0 @@
1/* $OpenBSD: tasn_utl.c,v 1.18 2022/12/26 07:18:51 jmc Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000-2004 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <stddef.h>
61#include <string.h>
62
63#include <openssl/asn1.h>
64#include <openssl/asn1t.h>
65#include <openssl/objects.h>
66#include <openssl/err.h>
67
68#include "bytestring.h"
69
70/* Utility functions for manipulating fields and offsets */
71
72/* Add 'offset' to 'addr' */
73#define offset2ptr(addr, offset) (void *)(((char *) addr) + offset)
74
75/* Given an ASN1_ITEM CHOICE type return
76 * the selector value
77 */
78
79int
80asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it)
81{
82 int *sel = offset2ptr(*pval, it->utype);
83 return *sel;
84}
85
86/* Given an ASN1_ITEM CHOICE type set
87 * the selector value, return old value.
88 */
89
90int
91asn1_set_choice_selector(ASN1_VALUE **pval, int value, const ASN1_ITEM *it)
92{
93 int *sel, ret;
94 sel = offset2ptr(*pval, it->utype);
95 ret = *sel;
96 *sel = value;
97 return ret;
98}
99
100/* Do reference counting. The value 'op' decides what to do.
101 * if it is +1 then the count is incremented. If op is 0 count is
102 * set to 1. If op is -1 count is decremented and the return value
103 * is the current reference count or 0 if no reference count exists.
104 */
105
106int
107asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it)
108{
109 const ASN1_AUX *aux;
110 int *lck, ret;
111
112 if ((it->itype != ASN1_ITYPE_SEQUENCE) &&
113 (it->itype != ASN1_ITYPE_NDEF_SEQUENCE))
114 return 0;
115 aux = it->funcs;
116 if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT))
117 return 0;
118 lck = offset2ptr(*pval, aux->ref_offset);
119 if (op == 0) {
120 *lck = 1;
121 return 1;
122 }
123 ret = CRYPTO_add(lck, op, aux->ref_lock);
124 return ret;
125}
126
127static ASN1_ENCODING *
128asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it)
129{
130 const ASN1_AUX *aux = it->funcs;
131
132 if (pval == NULL || *pval == NULL)
133 return NULL;
134
135 if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0)
136 return NULL;
137
138 return offset2ptr(*pval, aux->enc_offset);
139}
140
141void
142asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it)
143{
144 ASN1_ENCODING *aenc;
145
146 if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
147 return;
148
149 aenc->enc = NULL;
150 aenc->len = 0;
151 aenc->modified = 1;
152}
153
154static void
155asn1_enc_clear(ASN1_ENCODING *aenc)
156{
157 freezero(aenc->enc, aenc->len);
158 aenc->enc = NULL;
159 aenc->len = 0;
160 aenc->modified = 1;
161}
162
163void
164asn1_enc_cleanup(ASN1_VALUE **pval, const ASN1_ITEM *it)
165{
166 ASN1_ENCODING *aenc;
167
168 if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
169 return;
170
171 asn1_enc_clear(aenc);
172}
173
174int
175asn1_enc_save(ASN1_VALUE **pval, CBS *cbs, const ASN1_ITEM *it)
176{
177 ASN1_ENCODING *aenc;
178 uint8_t *data = NULL;
179 size_t data_len = 0;
180
181 if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
182 return 1;
183
184 asn1_enc_clear(aenc);
185
186 if (!CBS_stow(cbs, &data, &data_len))
187 return 0;
188 if (data_len > LONG_MAX) {
189 freezero(data, data_len);
190 return 0;
191 }
192
193 aenc->enc = data;
194 aenc->len = (long)data_len;
195 aenc->modified = 0;
196
197 return 1;
198}
199
200int
201asn1_enc_restore(int *out_len, unsigned char **out, ASN1_VALUE **pval,
202 const ASN1_ITEM *it)
203{
204 ASN1_ENCODING *aenc;
205
206 if ((aenc = asn1_get_enc_ptr(pval, it)) == NULL)
207 return 0;
208
209 if (aenc->modified)
210 return 0;
211
212 if (out != NULL) {
213 memcpy(*out, aenc->enc, aenc->len);
214 *out += aenc->len;
215 }
216
217 if (out_len != NULL)
218 *out_len = aenc->len;
219
220 return 1;
221}
222
223/* Given an ASN1_TEMPLATE get a pointer to a field */
224ASN1_VALUE **
225asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt)
226{
227 ASN1_VALUE **pvaltmp;
228
229 pvaltmp = offset2ptr(*pval, tt->offset);
230 /* NOTE for BOOLEAN types the field is just a plain
231 * int so we can't return int **, so settle for
232 * (int *).
233 */
234 return pvaltmp;
235}
236
237/* Handle ANY DEFINED BY template, find the selector, look up
238 * the relevant ASN1_TEMPLATE in the table and return it.
239 */
240
241const ASN1_TEMPLATE *
242asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, int nullerr)
243{
244 const ASN1_ADB *adb;
245 const ASN1_ADB_TABLE *atbl;
246 long selector;
247 ASN1_VALUE **sfld;
248 int i;
249
250 if (!(tt->flags & ASN1_TFLG_ADB_MASK))
251 return tt;
252
253 /* Else ANY DEFINED BY ... get the table */
254 adb = (const ASN1_ADB *)tt->item;
255
256 /* Get the selector field */
257 sfld = offset2ptr(*pval, adb->offset);
258
259 /* Check if NULL */
260 if (!sfld) {
261 if (!adb->null_tt)
262 goto err;
263 return adb->null_tt;
264 }
265
266 /* Convert type to a long:
267 * NB: don't check for NID_undef here because it
268 * might be a legitimate value in the table
269 */
270 if (tt->flags & ASN1_TFLG_ADB_OID)
271 selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld);
272 else
273 selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld);
274
275 /* Try to find matching entry in table
276 * Maybe should check application types first to
277 * allow application override? Might also be useful
278 * to have a flag which indicates table is sorted and
279 * we can do a binary search. For now stick to a
280 * linear search.
281 */
282
283 for (atbl = adb->tbl, i = 0; i < adb->tblcount; i++, atbl++)
284 if (atbl->value == selector)
285 return &atbl->tt;
286
287 /* FIXME: need to search application table too */
288
289 /* No match, return default type */
290 if (!adb->default_tt)
291 goto err;
292 return adb->default_tt;
293
294 err:
295 /* FIXME: should log the value or OID of unsupported type */
296 if (nullerr)
297 ASN1error(ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE);
298 return NULL;
299}
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c
deleted file mode 100644
index b01ee982a6..0000000000
--- a/src/lib/libcrypto/asn1/x_algor.c
+++ /dev/null
@@ -1,295 +0,0 @@
1/* $OpenBSD: x_algor.c,v 1.41 2024/07/08 14:48:49 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stddef.h>
60
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63#include <openssl/x509.h>
64
65#include "x509_local.h"
66
67static const ASN1_TEMPLATE X509_ALGOR_seq_tt[] = {
68 {
69 .offset = offsetof(X509_ALGOR, algorithm),
70 .field_name = "algorithm",
71 .item = &ASN1_OBJECT_it,
72 },
73 {
74 .flags = ASN1_TFLG_OPTIONAL,
75 .offset = offsetof(X509_ALGOR, parameter),
76 .field_name = "parameter",
77 .item = &ASN1_ANY_it,
78 },
79};
80
81const ASN1_ITEM X509_ALGOR_it = {
82 .itype = ASN1_ITYPE_SEQUENCE,
83 .utype = V_ASN1_SEQUENCE,
84 .templates = X509_ALGOR_seq_tt,
85 .tcount = sizeof(X509_ALGOR_seq_tt) / sizeof(ASN1_TEMPLATE),
86 .size = sizeof(X509_ALGOR),
87 .sname = "X509_ALGOR",
88};
89LCRYPTO_ALIAS(X509_ALGOR_it);
90
91static const ASN1_TEMPLATE X509_ALGORS_item_tt = {
92 .flags = ASN1_TFLG_SEQUENCE_OF,
93 .tag = 0,
94 .offset = 0,
95 .field_name = "algorithms",
96 .item = &X509_ALGOR_it,
97};
98
99const ASN1_ITEM X509_ALGORS_it = {
100 .itype = ASN1_ITYPE_PRIMITIVE,
101 .utype = -1,
102 .templates = &X509_ALGORS_item_tt,
103 .tcount = 0,
104 .funcs = NULL,
105 .size = 0,
106 .sname = "X509_ALGORS",
107};
108LCRYPTO_ALIAS(X509_ALGORS_it);
109
110X509_ALGOR *
111d2i_X509_ALGOR(X509_ALGOR **a, const unsigned char **in, long len)
112{
113 return (X509_ALGOR *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
114 &X509_ALGOR_it);
115}
116LCRYPTO_ALIAS(d2i_X509_ALGOR);
117
118int
119i2d_X509_ALGOR(X509_ALGOR *a, unsigned char **out)
120{
121 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ALGOR_it);
122}
123LCRYPTO_ALIAS(i2d_X509_ALGOR);
124
125X509_ALGOR *
126X509_ALGOR_new(void)
127{
128 return (X509_ALGOR *)ASN1_item_new(&X509_ALGOR_it);
129}
130LCRYPTO_ALIAS(X509_ALGOR_new);
131
132void
133X509_ALGOR_free(X509_ALGOR *a)
134{
135 ASN1_item_free((ASN1_VALUE *)a, &X509_ALGOR_it);
136}
137LCRYPTO_ALIAS(X509_ALGOR_free);
138
139X509_ALGORS *
140d2i_X509_ALGORS(X509_ALGORS **a, const unsigned char **in, long len)
141{
142 return (X509_ALGORS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
143 &X509_ALGORS_it);
144}
145LCRYPTO_ALIAS(d2i_X509_ALGORS);
146
147int
148i2d_X509_ALGORS(X509_ALGORS *a, unsigned char **out)
149{
150 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ALGORS_it);
151}
152LCRYPTO_ALIAS(i2d_X509_ALGORS);
153
154X509_ALGOR *
155X509_ALGOR_dup(X509_ALGOR *x)
156{
157 return ASN1_item_dup(&X509_ALGOR_it, x);
158}
159LCRYPTO_ALIAS(X509_ALGOR_dup);
160
161static int
162X509_ALGOR_set0_obj(X509_ALGOR *alg, ASN1_OBJECT *aobj)
163{
164 ASN1_OBJECT_free(alg->algorithm);
165 alg->algorithm = aobj;
166
167 return 1;
168}
169
170static int
171X509_ALGOR_set_obj_by_nid(X509_ALGOR *alg, int nid)
172{
173 ASN1_OBJECT *aobj;
174
175 if ((aobj = OBJ_nid2obj(nid)) == NULL)
176 return 0;
177 if (!X509_ALGOR_set0_obj(alg, aobj))
178 return 0;
179
180 return 1;
181}
182
183static int
184X509_ALGOR_set0_parameter(X509_ALGOR *alg, int parameter_type,
185 void *parameter_value)
186{
187 if (parameter_type == V_ASN1_UNDEF) {
188 ASN1_TYPE_free(alg->parameter);
189 alg->parameter = NULL;
190
191 return 1;
192 }
193
194 if (alg->parameter == NULL)
195 alg->parameter = ASN1_TYPE_new();
196 if (alg->parameter == NULL)
197 return 0;
198
199 if (parameter_type != 0)
200 ASN1_TYPE_set(alg->parameter, parameter_type, parameter_value);
201
202 return 1;
203}
204
205int
206X509_ALGOR_set0_by_nid(X509_ALGOR *alg, int nid, int parameter_type,
207 void *parameter_value)
208{
209 if (alg == NULL)
210 return 0;
211
212 if (!X509_ALGOR_set_obj_by_nid(alg, nid))
213 return 0;
214
215 if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value))
216 return 0;
217
218 return 1;
219}
220
221int
222X509_ALGOR_set0(X509_ALGOR *alg, ASN1_OBJECT *aobj, int parameter_type,
223 void *parameter_value)
224{
225 if (alg == NULL)
226 return 0;
227
228 /* Set parameter first to preserve public API behavior on failure. */
229 if (!X509_ALGOR_set0_parameter(alg, parameter_type, parameter_value))
230 return 0;
231
232 if (!X509_ALGOR_set0_obj(alg, aobj))
233 return 0;
234
235 return 1;
236}
237LCRYPTO_ALIAS(X509_ALGOR_set0);
238
239void
240X509_ALGOR_get0(const ASN1_OBJECT **out_aobj, int *out_type,
241 const void **out_value, const X509_ALGOR *alg)
242{
243 int type = V_ASN1_UNDEF;
244 const void *value = NULL;
245
246 if (out_aobj != NULL)
247 *out_aobj = alg->algorithm;
248
249 /* Ensure out_value is not left uninitialized if out_type is NULL. */
250 if (out_value != NULL)
251 *out_value = NULL;
252
253 if (out_type == NULL)
254 return;
255
256 if (alg->parameter != NULL) {
257 type = alg->parameter->type;
258 value = alg->parameter->value.ptr;
259 }
260
261 *out_type = type;
262 if (out_value != NULL)
263 *out_value = value;
264}
265LCRYPTO_ALIAS(X509_ALGOR_get0);
266
267int
268X509_ALGOR_set_evp_md(X509_ALGOR *alg, const EVP_MD *md)
269{
270 int parameter_type = V_ASN1_NULL;
271 int nid = EVP_MD_type(md);
272
273 if ((EVP_MD_flags(md) & EVP_MD_FLAG_DIGALGID_ABSENT) != 0)
274 parameter_type = V_ASN1_UNDEF;
275
276 if (!X509_ALGOR_set0_by_nid(alg, nid, parameter_type, NULL))
277 return 0;
278
279 return 1;
280}
281
282int
283X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b)
284{
285 int cmp;
286
287 if ((cmp = OBJ_cmp(a->algorithm, b->algorithm)) != 0)
288 return cmp;
289
290 if (a->parameter == NULL && b->parameter == NULL)
291 return 0;
292
293 return ASN1_TYPE_cmp(a->parameter, b->parameter);
294}
295LCRYPTO_ALIAS(X509_ALGOR_cmp);
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c
deleted file mode 100644
index 8e4f94094f..0000000000
--- a/src/lib/libcrypto/asn1/x_attrib.c
+++ /dev/null
@@ -1,159 +0,0 @@
1/* $OpenBSD: x_attrib.c,v 1.23 2024/07/08 14:48:49 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/objects.h>
63#include <openssl/x509.h>
64
65#include "x509_local.h"
66
67static const ASN1_TEMPLATE X509_ATTRIBUTE_seq_tt[] = {
68 {
69 .flags = 0,
70 .tag = 0,
71 .offset = offsetof(X509_ATTRIBUTE, object),
72 .field_name = "object",
73 .item = &ASN1_OBJECT_it,
74 },
75 {
76 .flags = ASN1_TFLG_SET_OF,
77 .tag = 0,
78 .offset = offsetof(X509_ATTRIBUTE, set),
79 .field_name = "set",
80 .item = &ASN1_ANY_it,
81 },
82};
83
84const ASN1_ITEM X509_ATTRIBUTE_it = {
85 .itype = ASN1_ITYPE_SEQUENCE,
86 .utype = V_ASN1_SEQUENCE,
87 .templates = X509_ATTRIBUTE_seq_tt,
88 .tcount = sizeof(X509_ATTRIBUTE_seq_tt) / sizeof(ASN1_TEMPLATE),
89 .funcs = NULL,
90 .size = sizeof(X509_ATTRIBUTE),
91 .sname = "X509_ATTRIBUTE",
92};
93LCRYPTO_ALIAS(X509_ATTRIBUTE_it);
94
95
96X509_ATTRIBUTE *
97d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len)
98{
99 return (X509_ATTRIBUTE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
100 &X509_ATTRIBUTE_it);
101}
102LCRYPTO_ALIAS(d2i_X509_ATTRIBUTE);
103
104int
105i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a, unsigned char **out)
106{
107 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_ATTRIBUTE_it);
108}
109LCRYPTO_ALIAS(i2d_X509_ATTRIBUTE);
110
111X509_ATTRIBUTE *
112X509_ATTRIBUTE_new(void)
113{
114 return (X509_ATTRIBUTE *)ASN1_item_new(&X509_ATTRIBUTE_it);
115}
116LCRYPTO_ALIAS(X509_ATTRIBUTE_new);
117
118void
119X509_ATTRIBUTE_free(X509_ATTRIBUTE *a)
120{
121 ASN1_item_free((ASN1_VALUE *)a, &X509_ATTRIBUTE_it);
122}
123LCRYPTO_ALIAS(X509_ATTRIBUTE_free);
124
125X509_ATTRIBUTE *
126X509_ATTRIBUTE_dup(X509_ATTRIBUTE *x)
127{
128 return ASN1_item_dup(&X509_ATTRIBUTE_it, x);
129}
130LCRYPTO_ALIAS(X509_ATTRIBUTE_dup);
131
132X509_ATTRIBUTE *
133X509_ATTRIBUTE_create(int nid, int atrtype, void *value)
134{
135 X509_ATTRIBUTE *ret = NULL;
136 ASN1_TYPE *val = NULL;
137 ASN1_OBJECT *oid;
138
139 if ((oid = OBJ_nid2obj(nid)) == NULL)
140 return (NULL);
141 if ((ret = X509_ATTRIBUTE_new()) == NULL)
142 return (NULL);
143 ret->object = oid;
144 if ((val = ASN1_TYPE_new()) == NULL)
145 goto err;
146 if (!sk_ASN1_TYPE_push(ret->set, val))
147 goto err;
148
149 ASN1_TYPE_set(val, atrtype, value);
150 return (ret);
151
152 err:
153 if (ret != NULL)
154 X509_ATTRIBUTE_free(ret);
155 if (val != NULL)
156 ASN1_TYPE_free(val);
157 return (NULL);
158}
159LCRYPTO_ALIAS(X509_ATTRIBUTE_create);
diff --git a/src/lib/libcrypto/asn1/x_bignum.c b/src/lib/libcrypto/asn1/x_bignum.c
deleted file mode 100644
index 3e265b9cbc..0000000000
--- a/src/lib/libcrypto/asn1/x_bignum.c
+++ /dev/null
@@ -1,207 +0,0 @@
1/* $OpenBSD: x_bignum.c,v 1.15 2024/07/08 16:24:22 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/bn.h>
63
64#include "asn1_local.h"
65#include "bytestring.h"
66
67/*
68 * Custom primitive type for that reads an ASN.1 INTEGER into a BIGNUM.
69 */
70
71static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
72static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
73static void bn_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
74
75static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype,
76 const ASN1_ITEM *it);
77static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
78 int utype, char *free_cont, const ASN1_ITEM *it);
79static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
80 int indent, const ASN1_PCTX *pctx);
81
82static const ASN1_PRIMITIVE_FUNCS bignum_pf = {
83 .app_data = NULL,
84 .flags = 0,
85 .prim_new = bn_new,
86 .prim_free = bn_free,
87 .prim_clear = bn_clear,
88 .prim_c2i = bn_c2i,
89 .prim_i2c = bn_i2c,
90 .prim_print = bn_print,
91};
92
93const ASN1_ITEM BIGNUM_it = {
94 .itype = ASN1_ITYPE_PRIMITIVE,
95 .utype = V_ASN1_INTEGER,
96 .templates = NULL,
97 .tcount = 0,
98 .funcs = &bignum_pf,
99 .size = 0,
100 .sname = "BIGNUM",
101};
102LCRYPTO_ALIAS(BIGNUM_it);
103
104const ASN1_ITEM CBIGNUM_it = {
105 .itype = ASN1_ITYPE_PRIMITIVE,
106 .utype = V_ASN1_INTEGER,
107 .templates = NULL,
108 .tcount = 0,
109 .funcs = &bignum_pf,
110 .size = 0,
111 .sname = "BIGNUM",
112};
113LCRYPTO_ALIAS(CBIGNUM_it);
114
115static int
116bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
117{
118 if ((*pval = (ASN1_VALUE *)BN_new()) == NULL)
119 return 0;
120
121 return 1;
122}
123
124static void
125bn_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
126{
127 BN_free((BIGNUM *)*pval);
128 *pval = NULL;
129}
130
131static void
132bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
133{
134 if (*pval == NULL)
135 return;
136
137 bn_clear(pval, it);
138}
139
140static int
141bn_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype, const ASN1_ITEM *it)
142{
143 ASN1_INTEGER *aint = NULL;
144 unsigned char **pp = NULL;
145 const BIGNUM *bn;
146 int ret;
147
148 if (*pval == NULL)
149 return -1;
150
151 bn = (const BIGNUM *)*pval;
152
153 if ((aint = BN_to_ASN1_INTEGER(bn, NULL)) == NULL)
154 return -1;
155
156 if (content != NULL)
157 pp = &content;
158
159 ret = i2c_ASN1_INTEGER(aint, pp);
160
161 ASN1_INTEGER_free(aint);
162
163 return ret;
164}
165
166static int
167bn_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
168 char *free_content, const ASN1_ITEM *it)
169{
170 ASN1_INTEGER *aint = NULL;
171 BIGNUM *bn;
172 CBS cbs;
173 int ret = 0;
174
175 bn_clear(pval, it);
176
177 if (len < 0)
178 goto err;
179 CBS_init(&cbs, content, len);
180 if (!c2i_ASN1_INTEGER_cbs(&aint, &cbs))
181 goto err;
182
183 if ((bn = ASN1_INTEGER_to_BN(aint, NULL)) == NULL)
184 goto err;
185 *pval = (ASN1_VALUE *)bn;
186
187 ret = 1;
188
189 err:
190 ASN1_INTEGER_free(aint);
191
192 return ret;
193}
194
195static int
196bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
197 const ASN1_PCTX *pctx)
198{
199 const BIGNUM *bn = (BIGNUM *)*pval;
200
201 if (!BN_print(out, bn))
202 return 0;
203 if (BIO_printf(out, "\n") <= 0)
204 return 0;
205
206 return 1;
207}
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c
deleted file mode 100644
index 7ad8350f3d..0000000000
--- a/src/lib/libcrypto/asn1/x_crl.c
+++ /dev/null
@@ -1,702 +0,0 @@
1/* $OpenBSD: x_crl.c,v 1.48 2025/02/27 20:13:41 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68#include "asn1_local.h"
69#include "x509_local.h"
70
71static void setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp);
72
73static const ASN1_TEMPLATE X509_REVOKED_seq_tt[] = {
74 {
75 .offset = offsetof(X509_REVOKED, serialNumber),
76 .field_name = "serialNumber",
77 .item = &ASN1_INTEGER_it,
78 },
79 {
80 .offset = offsetof(X509_REVOKED, revocationDate),
81 .field_name = "revocationDate",
82 .item = &ASN1_TIME_it,
83 },
84 {
85 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
86 .offset = offsetof(X509_REVOKED, extensions),
87 .field_name = "extensions",
88 .item = &X509_EXTENSION_it,
89 },
90};
91
92const ASN1_ITEM X509_REVOKED_it = {
93 .itype = ASN1_ITYPE_SEQUENCE,
94 .utype = V_ASN1_SEQUENCE,
95 .templates = X509_REVOKED_seq_tt,
96 .tcount = sizeof(X509_REVOKED_seq_tt) / sizeof(ASN1_TEMPLATE),
97 .size = sizeof(X509_REVOKED),
98 .sname = "X509_REVOKED",
99};
100LCRYPTO_ALIAS(X509_REVOKED_it);
101
102static int
103X509_REVOKED_cmp(const X509_REVOKED * const *a, const X509_REVOKED * const *b)
104{
105 return ASN1_INTEGER_cmp((*a)->serialNumber, (*b)->serialNumber);
106}
107
108/* The X509_CRL_INFO structure needs a bit of customisation.
109 * Since we cache the original encoding the signature wont be affected by
110 * reordering of the revoked field.
111 */
112static int
113crl_info_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
114{
115 X509_CRL_INFO *a = (X509_CRL_INFO *)*pval;
116
117 if (!a || !a->revoked)
118 return 1;
119 switch (operation) {
120 /* Just set cmp function here. We don't sort because that
121 * would affect the output of X509_CRL_print().
122 */
123 case ASN1_OP_D2I_POST:
124 (void)sk_X509_REVOKED_set_cmp_func(a->revoked, X509_REVOKED_cmp);
125 break;
126 }
127 return 1;
128}
129
130
131static const ASN1_AUX X509_CRL_INFO_aux = {
132 .flags = ASN1_AFLG_ENCODING,
133 .asn1_cb = crl_info_cb,
134 .enc_offset = offsetof(X509_CRL_INFO, enc),
135};
136static const ASN1_TEMPLATE X509_CRL_INFO_seq_tt[] = {
137 {
138 .flags = ASN1_TFLG_OPTIONAL,
139 .offset = offsetof(X509_CRL_INFO, version),
140 .field_name = "version",
141 .item = &ASN1_INTEGER_it,
142 },
143 {
144 .offset = offsetof(X509_CRL_INFO, sig_alg),
145 .field_name = "sig_alg",
146 .item = &X509_ALGOR_it,
147 },
148 {
149 .offset = offsetof(X509_CRL_INFO, issuer),
150 .field_name = "issuer",
151 .item = &X509_NAME_it,
152 },
153 {
154 .offset = offsetof(X509_CRL_INFO, lastUpdate),
155 .field_name = "lastUpdate",
156 .item = &ASN1_TIME_it,
157 },
158 {
159 .flags = ASN1_TFLG_OPTIONAL,
160 .offset = offsetof(X509_CRL_INFO, nextUpdate),
161 .field_name = "nextUpdate",
162 .item = &ASN1_TIME_it,
163 },
164 {
165 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
166 .offset = offsetof(X509_CRL_INFO, revoked),
167 .field_name = "revoked",
168 .item = &X509_REVOKED_it,
169 },
170 {
171 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
172 .offset = offsetof(X509_CRL_INFO, extensions),
173 .field_name = "extensions",
174 .item = &X509_EXTENSION_it,
175 },
176};
177
178const ASN1_ITEM X509_CRL_INFO_it = {
179 .itype = ASN1_ITYPE_SEQUENCE,
180 .utype = V_ASN1_SEQUENCE,
181 .templates = X509_CRL_INFO_seq_tt,
182 .tcount = sizeof(X509_CRL_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
183 .funcs = &X509_CRL_INFO_aux,
184 .size = sizeof(X509_CRL_INFO),
185 .sname = "X509_CRL_INFO",
186};
187LCRYPTO_ALIAS(X509_CRL_INFO_it);
188
189/* Set CRL entry issuer according to CRL certificate issuer extension.
190 * Check for unhandled critical CRL entry extensions.
191 */
192
193static int
194crl_set_issuers(X509_CRL *crl)
195{
196 int i, j;
197 GENERAL_NAMES *gens, *gtmp;
198 STACK_OF(X509_REVOKED) *revoked;
199
200 revoked = X509_CRL_get_REVOKED(crl);
201
202 gens = NULL;
203 for (i = 0; i < sk_X509_REVOKED_num(revoked); i++) {
204 X509_REVOKED *rev = sk_X509_REVOKED_value(revoked, i);
205 STACK_OF(X509_EXTENSION) *exts;
206 ASN1_ENUMERATED *reason;
207 X509_EXTENSION *ext;
208 gtmp = X509_REVOKED_get_ext_d2i(rev, NID_certificate_issuer,
209 &j, NULL);
210 if (!gtmp && (j != -1)) {
211 crl->flags |= EXFLAG_INVALID;
212 return 1;
213 }
214
215 if (gtmp) {
216 gens = gtmp;
217 if (!crl->issuers) {
218 crl->issuers = sk_GENERAL_NAMES_new_null();
219 if (!crl->issuers)
220 return 0;
221 }
222 if (!sk_GENERAL_NAMES_push(crl->issuers, gtmp))
223 return 0;
224 }
225 rev->issuer = gens;
226
227 reason = X509_REVOKED_get_ext_d2i(rev, NID_crl_reason,
228 &j, NULL);
229 if (!reason && (j != -1)) {
230 crl->flags |= EXFLAG_INVALID;
231 return 1;
232 }
233
234 if (reason) {
235 rev->reason = ASN1_ENUMERATED_get(reason);
236 ASN1_ENUMERATED_free(reason);
237 } else
238 rev->reason = CRL_REASON_NONE;
239
240 /* Check for critical CRL entry extensions */
241
242 exts = rev->extensions;
243
244 for (j = 0; j < sk_X509_EXTENSION_num(exts); j++) {
245 ext = sk_X509_EXTENSION_value(exts, j);
246 if (ext->critical > 0) {
247 if (OBJ_obj2nid(ext->object) ==
248 NID_certificate_issuer)
249 continue;
250 crl->flags |= EXFLAG_CRITICAL;
251 break;
252 }
253 }
254 }
255
256 return 1;
257}
258
259/* The X509_CRL structure needs a bit of customisation. Cache some extensions
260 * and hash of the whole CRL.
261 */
262static int
263crl_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
264{
265 X509_CRL *crl = (X509_CRL *)*pval;
266 STACK_OF(X509_EXTENSION) *exts;
267 X509_EXTENSION *ext;
268 int idx;
269 int rc = 1;
270
271 switch (operation) {
272 case ASN1_OP_NEW_POST:
273 crl->idp = NULL;
274 crl->akid = NULL;
275 crl->flags = 0;
276 crl->idp_flags = 0;
277 crl->idp_reasons = CRLDP_ALL_REASONS;
278 crl->issuers = NULL;
279 crl->crl_number = NULL;
280 crl->base_crl_number = NULL;
281 break;
282
283 case ASN1_OP_D2I_POST:
284 X509_CRL_digest(crl, X509_CRL_HASH_EVP, crl->hash, NULL);
285 crl->idp = X509_CRL_get_ext_d2i(crl,
286 NID_issuing_distribution_point, NULL, NULL);
287 if (crl->idp)
288 setup_idp(crl, crl->idp);
289
290 crl->akid = X509_CRL_get_ext_d2i(crl,
291 NID_authority_key_identifier, NULL, NULL);
292
293 crl->crl_number = X509_CRL_get_ext_d2i(crl,
294 NID_crl_number, NULL, NULL);
295
296 crl->base_crl_number = X509_CRL_get_ext_d2i(crl,
297 NID_delta_crl, NULL, NULL);
298 /* Delta CRLs must have CRL number */
299 if (crl->base_crl_number && !crl->crl_number)
300 crl->flags |= EXFLAG_INVALID;
301
302 /* See if we have any unhandled critical CRL extensions and
303 * indicate this in a flag. We only currently handle IDP,
304 * AKID and deltas, so anything else critical sets the flag.
305 *
306 * This code accesses the X509_CRL structure directly:
307 * applications shouldn't do this.
308 */
309
310 exts = crl->crl->extensions;
311
312 for (idx = 0; idx < sk_X509_EXTENSION_num(exts); idx++) {
313 int nid;
314 ext = sk_X509_EXTENSION_value(exts, idx);
315 nid = OBJ_obj2nid(ext->object);
316 if (nid == NID_freshest_crl)
317 crl->flags |= EXFLAG_FRESHEST;
318 if (ext->critical > 0) {
319 /* We handle IDP, AKID and deltas */
320 if (nid == NID_issuing_distribution_point ||
321 nid == NID_authority_key_identifier ||
322 nid == NID_delta_crl)
323 break;
324 crl->flags |= EXFLAG_CRITICAL;
325 break;
326 }
327 }
328
329 if (!crl_set_issuers(crl))
330 return 0;
331 break;
332
333 case ASN1_OP_FREE_POST:
334 AUTHORITY_KEYID_free(crl->akid);
335 ISSUING_DIST_POINT_free(crl->idp);
336 ASN1_INTEGER_free(crl->crl_number);
337 ASN1_INTEGER_free(crl->base_crl_number);
338 sk_GENERAL_NAMES_pop_free(crl->issuers, GENERAL_NAMES_free);
339 break;
340 }
341 return rc;
342}
343
344/* Convert IDP into a more convenient form */
345
346static void
347setup_idp(X509_CRL *crl, ISSUING_DIST_POINT *idp)
348{
349 int idp_only = 0;
350
351 /* Set various flags according to IDP */
352 crl->idp_flags |= IDP_PRESENT;
353 if (idp->onlyuser > 0) {
354 idp_only++;
355 crl->idp_flags |= IDP_ONLYUSER;
356 }
357 if (idp->onlyCA > 0) {
358 idp_only++;
359 crl->idp_flags |= IDP_ONLYCA;
360 }
361 if (idp->onlyattr > 0) {
362 idp_only++;
363 crl->idp_flags |= IDP_ONLYATTR;
364 }
365
366 if (idp_only > 1)
367 crl->idp_flags |= IDP_INVALID;
368
369 if (idp->indirectCRL > 0)
370 crl->idp_flags |= IDP_INDIRECT;
371
372 if (idp->onlysomereasons) {
373 crl->idp_flags |= IDP_REASONS;
374 if (idp->onlysomereasons->length > 0)
375 crl->idp_reasons = idp->onlysomereasons->data[0];
376 if (idp->onlysomereasons->length > 1)
377 crl->idp_reasons |=
378 (idp->onlysomereasons->data[1] << 8);
379 crl->idp_reasons &= CRLDP_ALL_REASONS;
380 }
381
382 DIST_POINT_set_dpname(idp->distpoint, X509_CRL_get_issuer(crl));
383}
384
385static const ASN1_AUX X509_CRL_aux = {
386 .app_data = NULL,
387 .flags = ASN1_AFLG_REFCOUNT,
388 .ref_offset = offsetof(X509_CRL, references),
389 .ref_lock = CRYPTO_LOCK_X509_CRL,
390 .asn1_cb = crl_cb,
391};
392static const ASN1_TEMPLATE X509_CRL_seq_tt[] = {
393 {
394 .offset = offsetof(X509_CRL, crl),
395 .field_name = "crl",
396 .item = &X509_CRL_INFO_it,
397 },
398 {
399 .offset = offsetof(X509_CRL, sig_alg),
400 .field_name = "sig_alg",
401 .item = &X509_ALGOR_it,
402 },
403 {
404 .offset = offsetof(X509_CRL, signature),
405 .field_name = "signature",
406 .item = &ASN1_BIT_STRING_it,
407 },
408};
409
410const ASN1_ITEM X509_CRL_it = {
411 .itype = ASN1_ITYPE_SEQUENCE,
412 .utype = V_ASN1_SEQUENCE,
413 .templates = X509_CRL_seq_tt,
414 .tcount = sizeof(X509_CRL_seq_tt) / sizeof(ASN1_TEMPLATE),
415 .funcs = &X509_CRL_aux,
416 .size = sizeof(X509_CRL),
417 .sname = "X509_CRL",
418};
419LCRYPTO_ALIAS(X509_CRL_it);
420
421
422X509_REVOKED *
423d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len)
424{
425 return (X509_REVOKED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
426 &X509_REVOKED_it);
427}
428LCRYPTO_ALIAS(d2i_X509_REVOKED);
429
430int
431i2d_X509_REVOKED(X509_REVOKED *a, unsigned char **out)
432{
433 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REVOKED_it);
434}
435LCRYPTO_ALIAS(i2d_X509_REVOKED);
436
437X509_REVOKED *
438X509_REVOKED_new(void)
439{
440 return (X509_REVOKED *)ASN1_item_new(&X509_REVOKED_it);
441}
442LCRYPTO_ALIAS(X509_REVOKED_new);
443
444void
445X509_REVOKED_free(X509_REVOKED *a)
446{
447 ASN1_item_free((ASN1_VALUE *)a, &X509_REVOKED_it);
448}
449LCRYPTO_ALIAS(X509_REVOKED_free);
450
451X509_REVOKED *
452X509_REVOKED_dup(X509_REVOKED *a)
453{
454 return ASN1_item_dup(&X509_REVOKED_it, a);
455}
456LCRYPTO_ALIAS(X509_REVOKED_dup);
457
458X509_CRL_INFO *
459d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len)
460{
461 return (X509_CRL_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
462 &X509_CRL_INFO_it);
463}
464LCRYPTO_ALIAS(d2i_X509_CRL_INFO);
465
466int
467i2d_X509_CRL_INFO(X509_CRL_INFO *a, unsigned char **out)
468{
469 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_INFO_it);
470}
471LCRYPTO_ALIAS(i2d_X509_CRL_INFO);
472
473X509_CRL_INFO *
474X509_CRL_INFO_new(void)
475{
476 return (X509_CRL_INFO *)ASN1_item_new(&X509_CRL_INFO_it);
477}
478LCRYPTO_ALIAS(X509_CRL_INFO_new);
479
480void
481X509_CRL_INFO_free(X509_CRL_INFO *a)
482{
483 ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_INFO_it);
484}
485LCRYPTO_ALIAS(X509_CRL_INFO_free);
486
487X509_CRL *
488d2i_X509_CRL(X509_CRL **a, const unsigned char **in, long len)
489{
490 return (X509_CRL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
491 &X509_CRL_it);
492}
493LCRYPTO_ALIAS(d2i_X509_CRL);
494
495int
496i2d_X509_CRL(X509_CRL *a, unsigned char **out)
497{
498 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CRL_it);
499}
500LCRYPTO_ALIAS(i2d_X509_CRL);
501
502X509_CRL *
503X509_CRL_new(void)
504{
505 return (X509_CRL *)ASN1_item_new(&X509_CRL_it);
506}
507LCRYPTO_ALIAS(X509_CRL_new);
508
509void
510X509_CRL_free(X509_CRL *a)
511{
512 ASN1_item_free((ASN1_VALUE *)a, &X509_CRL_it);
513}
514LCRYPTO_ALIAS(X509_CRL_free);
515
516X509_CRL *
517X509_CRL_dup(X509_CRL *x)
518{
519 return ASN1_item_dup(&X509_CRL_it, x);
520}
521LCRYPTO_ALIAS(X509_CRL_dup);
522
523int
524X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev)
525{
526 X509_CRL_INFO *inf;
527
528 inf = crl->crl;
529 if (!inf->revoked)
530 inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp);
531 if (!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) {
532 ASN1error(ERR_R_MALLOC_FAILURE);
533 return 0;
534 }
535 inf->enc.modified = 1;
536 return 1;
537}
538LCRYPTO_ALIAS(X509_CRL_add0_revoked);
539
540int
541X509_CRL_verify(X509_CRL *crl, EVP_PKEY *pkey)
542{
543 return ASN1_item_verify(&X509_CRL_INFO_it, crl->sig_alg, crl->signature,
544 crl->crl, pkey);
545}
546LCRYPTO_ALIAS(X509_CRL_verify);
547
548static int
549crl_revoked_issuer_match(X509_CRL *crl, X509_NAME *nm, X509_REVOKED *rev)
550{
551 int i;
552
553 if (!rev->issuer) {
554 if (!nm)
555 return 1;
556 if (!X509_NAME_cmp(nm, X509_CRL_get_issuer(crl)))
557 return 1;
558 return 0;
559 }
560
561 if (!nm)
562 nm = X509_CRL_get_issuer(crl);
563
564 for (i = 0; i < sk_GENERAL_NAME_num(rev->issuer); i++) {
565 GENERAL_NAME *gen = sk_GENERAL_NAME_value(rev->issuer, i);
566 if (gen->type != GEN_DIRNAME)
567 continue;
568 if (!X509_NAME_cmp(nm, gen->d.directoryName))
569 return 1;
570 }
571 return 0;
572
573}
574
575static int
576crl_lookup(X509_CRL *crl, X509_REVOKED **ret, ASN1_INTEGER *serial,
577 X509_NAME *issuer)
578{
579 X509_REVOKED rtmp, *rev;
580 int idx;
581
582 rtmp.serialNumber = serial;
583 if (!sk_X509_REVOKED_is_sorted(crl->crl->revoked)) {
584 CRYPTO_w_lock(CRYPTO_LOCK_X509_CRL);
585 sk_X509_REVOKED_sort(crl->crl->revoked);
586 CRYPTO_w_unlock(CRYPTO_LOCK_X509_CRL);
587 }
588 idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp);
589 if (idx < 0)
590 return 0;
591 /* Need to look for matching name */
592 for (; idx < sk_X509_REVOKED_num(crl->crl->revoked); idx++) {
593 rev = sk_X509_REVOKED_value(crl->crl->revoked, idx);
594 if (ASN1_INTEGER_cmp(rev->serialNumber, serial))
595 return 0;
596 if (crl_revoked_issuer_match(crl, issuer, rev)) {
597 if (ret)
598 *ret = rev;
599 if (rev->reason == CRL_REASON_REMOVE_FROM_CRL)
600 return 2;
601 return 1;
602 }
603 }
604 return 0;
605}
606
607int
608X509_CRL_get0_by_serial(X509_CRL *crl, X509_REVOKED **ret,
609 ASN1_INTEGER *serial)
610{
611 return crl_lookup(crl, ret, serial, NULL);
612}
613LCRYPTO_ALIAS(X509_CRL_get0_by_serial);
614
615int
616X509_CRL_get0_by_cert(X509_CRL *crl, X509_REVOKED **ret, X509 *x)
617{
618 return crl_lookup(crl, ret, X509_get_serialNumber(x),
619 X509_get_issuer_name(x));
620}
621LCRYPTO_ALIAS(X509_CRL_get0_by_cert);
622
623int
624X509_CRL_get_signature_nid(const X509_CRL *crl)
625{
626 return OBJ_obj2nid(crl->sig_alg->algorithm);
627}
628LCRYPTO_ALIAS(X509_CRL_get_signature_nid);
629
630const STACK_OF(X509_EXTENSION) *
631X509_CRL_get0_extensions(const X509_CRL *crl)
632{
633 return crl->crl->extensions;
634}
635LCRYPTO_ALIAS(X509_CRL_get0_extensions);
636
637long
638X509_CRL_get_version(const X509_CRL *crl)
639{
640 return ASN1_INTEGER_get(crl->crl->version);
641}
642LCRYPTO_ALIAS(X509_CRL_get_version);
643
644const ASN1_TIME *
645X509_CRL_get0_lastUpdate(const X509_CRL *crl)
646{
647 return crl->crl->lastUpdate;
648}
649LCRYPTO_ALIAS(X509_CRL_get0_lastUpdate);
650
651ASN1_TIME *
652X509_CRL_get_lastUpdate(X509_CRL *crl)
653{
654 return crl->crl->lastUpdate;
655}
656LCRYPTO_ALIAS(X509_CRL_get_lastUpdate);
657
658const ASN1_TIME *
659X509_CRL_get0_nextUpdate(const X509_CRL *crl)
660{
661 return crl->crl->nextUpdate;
662}
663LCRYPTO_ALIAS(X509_CRL_get0_nextUpdate);
664
665ASN1_TIME *
666X509_CRL_get_nextUpdate(X509_CRL *crl)
667{
668 return crl->crl->nextUpdate;
669}
670LCRYPTO_ALIAS(X509_CRL_get_nextUpdate);
671
672X509_NAME *
673X509_CRL_get_issuer(const X509_CRL *crl)
674{
675 return crl->crl->issuer;
676}
677LCRYPTO_ALIAS(X509_CRL_get_issuer);
678
679STACK_OF(X509_REVOKED) *
680X509_CRL_get_REVOKED(X509_CRL *crl)
681{
682 return crl->crl->revoked;
683}
684LCRYPTO_ALIAS(X509_CRL_get_REVOKED);
685
686void
687X509_CRL_get0_signature(const X509_CRL *crl, const ASN1_BIT_STRING **psig,
688 const X509_ALGOR **palg)
689{
690 if (psig != NULL)
691 *psig = crl->signature;
692 if (palg != NULL)
693 *palg = crl->sig_alg;
694}
695LCRYPTO_ALIAS(X509_CRL_get0_signature);
696
697const X509_ALGOR *
698X509_CRL_get0_tbs_sigalg(const X509_CRL *crl)
699{
700 return crl->crl->sig_alg;
701}
702LCRYPTO_ALIAS(X509_CRL_get0_tbs_sigalg);
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c
deleted file mode 100644
index 21ee48395f..0000000000
--- a/src/lib/libcrypto/asn1/x_exten.c
+++ /dev/null
@@ -1,164 +0,0 @@
1/* $OpenBSD: x_exten.c,v 1.22 2024/07/08 14:48:49 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stddef.h>
60#include <openssl/x509.h>
61#include <openssl/asn1.h>
62#include <openssl/asn1t.h>
63
64#include "x509_local.h"
65
66static const ASN1_TEMPLATE X509_EXTENSION_seq_tt[] = {
67 {
68 .offset = offsetof(X509_EXTENSION, object),
69 .field_name = "object",
70 .item = &ASN1_OBJECT_it,
71 },
72 {
73 .flags = ASN1_TFLG_OPTIONAL,
74 .offset = offsetof(X509_EXTENSION, critical),
75 .field_name = "critical",
76 .item = &ASN1_BOOLEAN_it,
77 },
78 {
79 .offset = offsetof(X509_EXTENSION, value),
80 .field_name = "value",
81 .item = &ASN1_OCTET_STRING_it,
82 },
83};
84
85const ASN1_ITEM X509_EXTENSION_it = {
86 .itype = ASN1_ITYPE_SEQUENCE,
87 .utype = V_ASN1_SEQUENCE,
88 .templates = X509_EXTENSION_seq_tt,
89 .tcount = sizeof(X509_EXTENSION_seq_tt) / sizeof(ASN1_TEMPLATE),
90 .size = sizeof(X509_EXTENSION),
91 .sname = "X509_EXTENSION",
92};
93LCRYPTO_ALIAS(X509_EXTENSION_it);
94
95static const ASN1_TEMPLATE X509_EXTENSIONS_item_tt = {
96 .flags = ASN1_TFLG_SEQUENCE_OF,
97 .tag = 0,
98 .offset = 0,
99 .field_name = "Extension",
100 .item = &X509_EXTENSION_it,
101};
102
103const ASN1_ITEM X509_EXTENSIONS_it = {
104 .itype = ASN1_ITYPE_PRIMITIVE,
105 .utype = -1,
106 .templates = &X509_EXTENSIONS_item_tt,
107 .tcount = 0,
108 .funcs = NULL,
109 .size = 0,
110 .sname = "X509_EXTENSIONS",
111};
112LCRYPTO_ALIAS(X509_EXTENSIONS_it);
113
114
115X509_EXTENSION *
116d2i_X509_EXTENSION(X509_EXTENSION **a, const unsigned char **in, long len)
117{
118 return (X509_EXTENSION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
119 &X509_EXTENSION_it);
120}
121LCRYPTO_ALIAS(d2i_X509_EXTENSION);
122
123int
124i2d_X509_EXTENSION(X509_EXTENSION *a, unsigned char **out)
125{
126 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSION_it);
127}
128LCRYPTO_ALIAS(i2d_X509_EXTENSION);
129
130X509_EXTENSION *
131X509_EXTENSION_new(void)
132{
133 return (X509_EXTENSION *)ASN1_item_new(&X509_EXTENSION_it);
134}
135LCRYPTO_ALIAS(X509_EXTENSION_new);
136
137void
138X509_EXTENSION_free(X509_EXTENSION *a)
139{
140 ASN1_item_free((ASN1_VALUE *)a, &X509_EXTENSION_it);
141}
142LCRYPTO_ALIAS(X509_EXTENSION_free);
143
144X509_EXTENSIONS *
145d2i_X509_EXTENSIONS(X509_EXTENSIONS **a, const unsigned char **in, long len)
146{
147 return (X509_EXTENSIONS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
148 &X509_EXTENSIONS_it);
149}
150LCRYPTO_ALIAS(d2i_X509_EXTENSIONS);
151
152int
153i2d_X509_EXTENSIONS(X509_EXTENSIONS *a, unsigned char **out)
154{
155 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_EXTENSIONS_it);
156}
157LCRYPTO_ALIAS(i2d_X509_EXTENSIONS);
158
159X509_EXTENSION *
160X509_EXTENSION_dup(X509_EXTENSION *x)
161{
162 return ASN1_item_dup(&X509_EXTENSION_it, x);
163}
164LCRYPTO_ALIAS(X509_EXTENSION_dup);
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c
deleted file mode 100644
index d2c4bcfe7a..0000000000
--- a/src/lib/libcrypto/asn1/x_info.c
+++ /dev/null
@@ -1,96 +0,0 @@
1/* $OpenBSD: x_info.c,v 1.22 2024/12/11 10:28:03 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1.h>
62#include <openssl/err.h>
63#include <openssl/x509.h>
64
65X509_INFO *
66X509_INFO_new(void)
67{
68 X509_INFO *ret;
69
70 if ((ret = calloc(1, sizeof(X509_INFO))) == NULL) {
71 ASN1error(ERR_R_MALLOC_FAILURE);
72 return NULL;
73 }
74 ret->references = 1;
75
76 return ret;
77}
78LCRYPTO_ALIAS(X509_INFO_new);
79
80void
81X509_INFO_free(X509_INFO *x)
82{
83 if (x == NULL)
84 return;
85
86 if (CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_INFO) > 0)
87 return;
88
89 X509_free(x->x509);
90 X509_CRL_free(x->crl);
91 X509_PKEY_free(x->x_pkey);
92 free(x->enc_data);
93
94 free(x);
95}
96LCRYPTO_ALIAS(X509_INFO_free);
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c
deleted file mode 100644
index 5e673f4521..0000000000
--- a/src/lib/libcrypto/asn1/x_long.c
+++ /dev/null
@@ -1,241 +0,0 @@
1/* $OpenBSD: x_long.c,v 1.21 2024/07/08 16:24:22 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000.
4 */
5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <limits.h>
60#include <string.h>
61
62#include <openssl/asn1t.h>
63#include <openssl/bn.h>
64#include <openssl/err.h>
65
66#include "asn1_local.h"
67
68/*
69 * Custom primitive type for long handling. This converts between an
70 * ASN1_INTEGER and a long directly.
71 */
72
73static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
74static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
75static void long_clear(ASN1_VALUE **pval, const ASN1_ITEM *it);
76
77static int long_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype,
78 const ASN1_ITEM *it);
79static int long_c2i(ASN1_VALUE **pval, const unsigned char *content, int len,
80 int utype, char *free_content, const ASN1_ITEM *it);
81static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it,
82 int indent, const ASN1_PCTX *pctx);
83
84static const ASN1_PRIMITIVE_FUNCS long_pf = {
85 .app_data = NULL,
86 .flags = 0,
87 .prim_new = long_new,
88 .prim_free = long_free,
89 .prim_clear = long_clear,
90 .prim_c2i = long_c2i,
91 .prim_i2c = long_i2c,
92 .prim_print = long_print,
93};
94
95const ASN1_ITEM LONG_it = {
96 .itype = ASN1_ITYPE_PRIMITIVE,
97 .utype = V_ASN1_INTEGER,
98 .templates = NULL,
99 .tcount = 0,
100 .funcs = &long_pf,
101 .size = ASN1_LONG_UNDEF,
102 .sname = "LONG",
103};
104LCRYPTO_ALIAS(LONG_it);
105
106const ASN1_ITEM ZLONG_it = {
107 .itype = ASN1_ITYPE_PRIMITIVE,
108 .utype = V_ASN1_INTEGER,
109 .templates = NULL,
110 .tcount = 0,
111 .funcs = &long_pf,
112 .size = 0,
113 .sname = "ZLONG",
114};
115LCRYPTO_ALIAS(ZLONG_it);
116
117static void
118long_get(ASN1_VALUE **pval, long *out_val)
119{
120 memcpy(out_val, pval, sizeof(long));
121}
122
123static void
124long_set(ASN1_VALUE **pval, long val)
125{
126 memcpy(pval, &val, sizeof(long));
127}
128
129static int
130long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
131{
132 long_clear(pval, it);
133
134 return 1;
135}
136
137static void
138long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
139{
140 long_clear(pval, it);
141}
142
143static void
144long_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
145{
146 /* Zero value. */
147 long_set(pval, it->size);
148}
149
150static int
151long_i2c(ASN1_VALUE **pval, unsigned char *content, int *putype,
152 const ASN1_ITEM *it)
153{
154 ASN1_INTEGER *aint;
155 uint8_t **pp = NULL;
156 long val;
157 int ret = 0;
158
159 long_get(pval, &val);
160
161 /*
162 * The zero value for this type (stored in the overloaded it->size
163 * field) is considered to be invalid.
164 */
165 if (val == it->size)
166 return -1;
167
168 if ((aint = ASN1_INTEGER_new()) == NULL)
169 goto err;
170 if (!ASN1_INTEGER_set_int64(aint, (int64_t)val))
171 goto err;
172 if (content != NULL)
173 pp = &content;
174 ret = i2c_ASN1_INTEGER(aint, pp);
175
176 err:
177 ASN1_INTEGER_free(aint);
178
179 return ret;
180}
181
182static int
183long_c2i(ASN1_VALUE **pval, const unsigned char *content, int len, int utype,
184 char *free_content, const ASN1_ITEM *it)
185{
186 ASN1_INTEGER *aint = NULL;
187 const uint8_t **pp = NULL;
188 int64_t val = 0;
189 int ret = 0;
190
191 /*
192 * The original long_i2c() mishandled 0 values and encoded them as
193 * content with zero length, rather than a single zero byte. Permit
194 * zero length content here for backwards compatibility.
195 */
196 if (len != 0) {
197 if (content != NULL)
198 pp = &content;
199 if (!c2i_ASN1_INTEGER(&aint, pp, len))
200 goto err;
201 if (!ASN1_INTEGER_get_int64(&val, aint))
202 goto err;
203 }
204
205 if (val < LONG_MIN || val > LONG_MAX) {
206 ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
207 goto err;
208 }
209
210 /*
211 * The zero value for this type (stored in the overloaded it->size
212 * field) is considered to be invalid.
213 */
214 if (val == (int64_t)it->size) {
215 ASN1error(ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
216 goto err;
217 }
218
219 long_set(pval, (long)val);
220
221 ret = 1;
222
223 err:
224 ASN1_INTEGER_free(aint);
225
226 return ret;
227}
228
229static int
230long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, int indent,
231 const ASN1_PCTX *pctx)
232{
233 long val;
234
235 long_get(pval, &val);
236
237 if (BIO_printf(out, "%ld\n", val) <= 0)
238 return 0;
239
240 return 1;
241}
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c
deleted file mode 100644
index c60714b74f..0000000000
--- a/src/lib/libcrypto/asn1/x_name.c
+++ /dev/null
@@ -1,666 +0,0 @@
1/* $OpenBSD: x_name.c,v 1.45 2025/03/20 09:41:47 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <ctype.h>
60#include <stdio.h>
61#include <string.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66
67#include "asn1_local.h"
68#include "x509_local.h"
69
70typedef STACK_OF(X509_NAME_ENTRY) STACK_OF_X509_NAME_ENTRY;
71DECLARE_STACK_OF(STACK_OF_X509_NAME_ENTRY)
72
73static int x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in,
74 long len, const ASN1_ITEM *it, int tag, int aclass, char opt,
75 ASN1_TLC *ctx);
76
77static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out,
78 const ASN1_ITEM *it, int tag, int aclass);
79static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it);
80static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it);
81
82static int x509_name_encode(X509_NAME *a);
83static int x509_name_canon(X509_NAME *a);
84static int asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in);
85static int i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname,
86 unsigned char **in);
87
88static int x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent,
89 const char *fname, const ASN1_PCTX *pctx);
90
91static const ASN1_TEMPLATE X509_NAME_ENTRY_seq_tt[] = {
92 {
93 .offset = offsetof(X509_NAME_ENTRY, object),
94 .field_name = "object",
95 .item = &ASN1_OBJECT_it,
96 },
97 {
98 .offset = offsetof(X509_NAME_ENTRY, value),
99 .field_name = "value",
100 .item = &ASN1_PRINTABLE_it,
101 },
102};
103
104const ASN1_ITEM X509_NAME_ENTRY_it = {
105 .itype = ASN1_ITYPE_SEQUENCE,
106 .utype = V_ASN1_SEQUENCE,
107 .templates = X509_NAME_ENTRY_seq_tt,
108 .tcount = sizeof(X509_NAME_ENTRY_seq_tt) / sizeof(ASN1_TEMPLATE),
109 .size = sizeof(X509_NAME_ENTRY),
110 .sname = "X509_NAME_ENTRY",
111};
112LCRYPTO_ALIAS(X509_NAME_ENTRY_it);
113
114
115X509_NAME_ENTRY *
116d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a, const unsigned char **in, long len)
117{
118 return (X509_NAME_ENTRY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
119 &X509_NAME_ENTRY_it);
120}
121LCRYPTO_ALIAS(d2i_X509_NAME_ENTRY);
122
123int
124i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a, unsigned char **out)
125{
126 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_NAME_ENTRY_it);
127}
128LCRYPTO_ALIAS(i2d_X509_NAME_ENTRY);
129
130X509_NAME_ENTRY *
131X509_NAME_ENTRY_new(void)
132{
133 return (X509_NAME_ENTRY *)ASN1_item_new(&X509_NAME_ENTRY_it);
134}
135LCRYPTO_ALIAS(X509_NAME_ENTRY_new);
136
137void
138X509_NAME_ENTRY_free(X509_NAME_ENTRY *a)
139{
140 ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_ENTRY_it);
141}
142LCRYPTO_ALIAS(X509_NAME_ENTRY_free);
143
144X509_NAME_ENTRY *
145X509_NAME_ENTRY_dup(X509_NAME_ENTRY *x)
146{
147 return ASN1_item_dup(&X509_NAME_ENTRY_it, x);
148}
149LCRYPTO_ALIAS(X509_NAME_ENTRY_dup);
150
151/* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY }
152 * so declare two template wrappers for this
153 */
154
155static const ASN1_TEMPLATE X509_NAME_ENTRIES_item_tt = {
156 .flags = ASN1_TFLG_SET_OF,
157 .tag = 0,
158 .offset = 0,
159 .field_name = "RDNS",
160 .item = &X509_NAME_ENTRY_it,
161};
162
163static const ASN1_ITEM X509_NAME_ENTRIES_it = {
164 .itype = ASN1_ITYPE_PRIMITIVE,
165 .utype = -1,
166 .templates = &X509_NAME_ENTRIES_item_tt,
167 .tcount = 0,
168 .funcs = NULL,
169 .size = 0,
170 .sname = "X509_NAME_ENTRIES",
171};
172
173static const ASN1_TEMPLATE X509_NAME_INTERNAL_item_tt = {
174 .flags = ASN1_TFLG_SEQUENCE_OF,
175 .tag = 0,
176 .offset = 0,
177 .field_name = "Name",
178 .item = &X509_NAME_ENTRIES_it,
179};
180
181static const ASN1_ITEM X509_NAME_INTERNAL_it = {
182 .itype = ASN1_ITYPE_PRIMITIVE,
183 .utype = -1,
184 .templates = &X509_NAME_INTERNAL_item_tt,
185 .tcount = 0,
186 .funcs = NULL,
187 .size = 0,
188 .sname = "X509_NAME_INTERNAL",
189};
190
191/* Normally that's where it would end: we'd have two nested STACK structures
192 * representing the ASN1. Unfortunately X509_NAME uses a completely different
193 * form and caches encodings so we have to process the internal form and convert
194 * to the external form.
195 */
196
197const ASN1_EXTERN_FUNCS x509_name_ff = {
198 .app_data = NULL,
199 .asn1_ex_new = x509_name_ex_new,
200 .asn1_ex_free = x509_name_ex_free,
201 .asn1_ex_clear = NULL,
202 .asn1_ex_d2i = x509_name_ex_d2i,
203 .asn1_ex_i2d = x509_name_ex_i2d,
204 .asn1_ex_print = x509_name_ex_print,
205};
206
207const ASN1_ITEM X509_NAME_it = {
208 .itype = ASN1_ITYPE_EXTERN,
209 .utype = V_ASN1_SEQUENCE,
210 .templates = NULL,
211 .tcount = 0,
212 .funcs = &x509_name_ff,
213 .size = 0,
214 .sname = "X509_NAME",
215};
216LCRYPTO_ALIAS(X509_NAME_it);
217
218X509_NAME *
219d2i_X509_NAME(X509_NAME **a, const unsigned char **in, long len)
220{
221 return (X509_NAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
222 &X509_NAME_it);
223}
224LCRYPTO_ALIAS(d2i_X509_NAME);
225
226int
227i2d_X509_NAME(X509_NAME *a, unsigned char **out)
228{
229 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_NAME_it);
230}
231LCRYPTO_ALIAS(i2d_X509_NAME);
232
233X509_NAME *
234X509_NAME_new(void)
235{
236 return (X509_NAME *)ASN1_item_new(&X509_NAME_it);
237}
238LCRYPTO_ALIAS(X509_NAME_new);
239
240void
241X509_NAME_free(X509_NAME *a)
242{
243 ASN1_item_free((ASN1_VALUE *)a, &X509_NAME_it);
244}
245LCRYPTO_ALIAS(X509_NAME_free);
246
247X509_NAME *
248X509_NAME_dup(X509_NAME *x)
249{
250 return ASN1_item_dup(&X509_NAME_it, x);
251}
252LCRYPTO_ALIAS(X509_NAME_dup);
253
254static int
255x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it)
256{
257 X509_NAME *ret = NULL;
258
259 ret = malloc(sizeof(X509_NAME));
260 if (!ret)
261 goto memerr;
262 if ((ret->entries = sk_X509_NAME_ENTRY_new_null()) == NULL)
263 goto memerr;
264 if ((ret->bytes = BUF_MEM_new()) == NULL)
265 goto memerr;
266 ret->canon_enc = NULL;
267 ret->canon_enclen = 0;
268 ret->modified = 1;
269 *val = (ASN1_VALUE *)ret;
270 return 1;
271
272 memerr:
273 ASN1error(ERR_R_MALLOC_FAILURE);
274 if (ret) {
275 if (ret->entries)
276 sk_X509_NAME_ENTRY_free(ret->entries);
277 free(ret);
278 }
279 return 0;
280}
281
282static void
283x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
284{
285 X509_NAME *a;
286
287 if (!pval || !*pval)
288 return;
289 a = (X509_NAME *)*pval;
290
291 BUF_MEM_free(a->bytes);
292 sk_X509_NAME_ENTRY_pop_free(a->entries, X509_NAME_ENTRY_free);
293 free(a->canon_enc);
294 free(a);
295 *pval = NULL;
296}
297
298static int
299x509_name_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long len,
300 const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
301{
302 const unsigned char *p = *in, *q;
303 union {
304 STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
305 ASN1_VALUE *a;
306 } intname = {NULL};
307 union {
308 X509_NAME *x;
309 ASN1_VALUE *a;
310 } nm = {NULL};
311 int i, j, ret;
312 STACK_OF(X509_NAME_ENTRY) *entries;
313 X509_NAME_ENTRY *entry;
314 q = p;
315
316 /* Get internal representation of Name */
317 ret = ASN1_item_ex_d2i(&intname.a, &p, len,
318 &X509_NAME_INTERNAL_it, tag, aclass, opt, ctx);
319
320 if (ret <= 0)
321 return ret;
322
323 if (*val)
324 x509_name_ex_free(val, NULL);
325 if (!x509_name_ex_new(&nm.a, NULL))
326 goto err;
327 /* We've decoded it: now cache encoding */
328 if (!BUF_MEM_grow(nm.x->bytes, p - q))
329 goto err;
330 memcpy(nm.x->bytes->data, q, p - q);
331
332 /* Convert internal representation to X509_NAME structure */
333 for (i = 0; i < sk_STACK_OF_X509_NAME_ENTRY_num(intname.s); i++) {
334 entries = sk_STACK_OF_X509_NAME_ENTRY_value(intname.s, i);
335 for (j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) {
336 entry = sk_X509_NAME_ENTRY_value(entries, j);
337 entry->set = i;
338 if (!sk_X509_NAME_ENTRY_push(nm.x->entries, entry))
339 goto err;
340 }
341 sk_X509_NAME_ENTRY_free(entries);
342 }
343 sk_STACK_OF_X509_NAME_ENTRY_free(intname.s);
344 ret = x509_name_canon(nm.x);
345 if (!ret)
346 goto err;
347 nm.x->modified = 0;
348 *val = nm.a;
349 *in = p;
350 return ret;
351
352 err:
353 if (nm.x != NULL)
354 X509_NAME_free(nm.x);
355 ASN1error(ERR_R_NESTED_ASN1_ERROR);
356 return 0;
357}
358
359static int
360x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it,
361 int tag, int aclass)
362{
363 int ret;
364 X509_NAME *a = (X509_NAME *)*val;
365
366 if (a->modified) {
367 ret = x509_name_encode(a);
368 if (ret < 0)
369 return ret;
370 ret = x509_name_canon(a);
371 if (ret < 0)
372 return ret;
373 }
374 ret = a->bytes->length;
375 if (out != NULL) {
376 memcpy(*out, a->bytes->data, ret);
377 *out += ret;
378 }
379 return ret;
380}
381
382static void
383local_sk_X509_NAME_ENTRY_free(STACK_OF(X509_NAME_ENTRY) *ne)
384{
385 sk_X509_NAME_ENTRY_free(ne);
386}
387
388static void
389local_sk_X509_NAME_ENTRY_pop_free(STACK_OF(X509_NAME_ENTRY) *ne)
390{
391 sk_X509_NAME_ENTRY_pop_free(ne, X509_NAME_ENTRY_free);
392}
393
394static int
395x509_name_encode(X509_NAME *a)
396{
397 union {
398 STACK_OF(STACK_OF_X509_NAME_ENTRY) *s;
399 ASN1_VALUE *a;
400 } intname = {NULL};
401 int len;
402 unsigned char *p;
403 STACK_OF(X509_NAME_ENTRY) *entries = NULL;
404 X509_NAME_ENTRY *entry;
405 int i, set = -1;
406
407 intname.s = sk_STACK_OF_X509_NAME_ENTRY_new_null();
408 if (!intname.s)
409 goto memerr;
410 for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
411 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
412 if (entry->set != set) {
413 entries = sk_X509_NAME_ENTRY_new_null();
414 if (!entries)
415 goto memerr;
416 if (!sk_STACK_OF_X509_NAME_ENTRY_push(intname.s,
417 entries)) {
418 sk_X509_NAME_ENTRY_free(entries);
419 goto memerr;
420 }
421 set = entry->set;
422 }
423 if (entries == NULL /* if entry->set is bogusly -1 */ ||
424 !sk_X509_NAME_ENTRY_push(entries, entry))
425 goto memerr;
426 }
427 len = ASN1_item_ex_i2d(&intname.a, NULL,
428 &X509_NAME_INTERNAL_it, -1, -1);
429 if (!BUF_MEM_grow(a->bytes, len))
430 goto memerr;
431 p = (unsigned char *)a->bytes->data;
432 ASN1_item_ex_i2d(&intname.a, &p, &X509_NAME_INTERNAL_it,
433 -1, -1);
434 sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
435 local_sk_X509_NAME_ENTRY_free);
436 a->modified = 0;
437 return len;
438
439 memerr:
440 sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname.s,
441 local_sk_X509_NAME_ENTRY_free);
442 ASN1error(ERR_R_MALLOC_FAILURE);
443 return -1;
444}
445
446static int
447x509_name_ex_print(BIO *out, ASN1_VALUE **pval, int indent, const char *fname,
448 const ASN1_PCTX *pctx)
449{
450 if (X509_NAME_print_ex(out, (X509_NAME *)*pval, indent,
451 pctx->nm_flags) <= 0)
452 return 0;
453 return 2;
454}
455
456/* This function generates the canonical encoding of the Name structure.
457 * In it all strings are converted to UTF8, leading, trailing and
458 * multiple spaces collapsed, converted to lower case and the leading
459 * SEQUENCE header removed.
460 *
461 * In future we could also normalize the UTF8 too.
462 *
463 * By doing this comparison of Name structures can be rapidly
464 * performed by just using memcmp() of the canonical encoding.
465 * By omitting the leading SEQUENCE name constraints of type
466 * dirName can also be checked with a simple memcmp().
467 */
468
469static int
470x509_name_canon(X509_NAME *a)
471{
472 unsigned char *p;
473 STACK_OF(STACK_OF_X509_NAME_ENTRY) *intname = NULL;
474 STACK_OF(X509_NAME_ENTRY) *entries = NULL;
475 X509_NAME_ENTRY *entry, *tmpentry = NULL;
476 int i, len, set = -1, ret = 0;
477
478 if (a->canon_enc) {
479 free(a->canon_enc);
480 a->canon_enc = NULL;
481 }
482 /* Special case: empty X509_NAME => null encoding */
483 if (sk_X509_NAME_ENTRY_num(a->entries) == 0) {
484 a->canon_enclen = 0;
485 return 1;
486 }
487 intname = sk_STACK_OF_X509_NAME_ENTRY_new_null();
488 if (!intname)
489 goto err;
490 for (i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) {
491 entry = sk_X509_NAME_ENTRY_value(a->entries, i);
492 if (entry->set != set) {
493 entries = sk_X509_NAME_ENTRY_new_null();
494 if (!entries)
495 goto err;
496 if (sk_STACK_OF_X509_NAME_ENTRY_push(intname,
497 entries) == 0) {
498 sk_X509_NAME_ENTRY_free(entries);
499 goto err;
500 }
501 set = entry->set;
502 }
503 tmpentry = X509_NAME_ENTRY_new();
504 if (tmpentry == NULL)
505 goto err;
506 tmpentry->object = OBJ_dup(entry->object);
507 if (tmpentry->object == NULL)
508 goto err;
509 if (!asn1_string_canon(tmpentry->value, entry->value))
510 goto err;
511 if (entries == NULL /* if entry->set is bogusly -1 */ ||
512 !sk_X509_NAME_ENTRY_push(entries, tmpentry))
513 goto err;
514 tmpentry = NULL;
515 }
516
517 /* Finally generate encoding */
518 len = i2d_name_canon(intname, NULL);
519 if (len < 0)
520 goto err;
521 p = malloc(len);
522 if (p == NULL)
523 goto err;
524 a->canon_enc = p;
525 a->canon_enclen = len;
526 i2d_name_canon(intname, &p);
527 ret = 1;
528
529 err:
530 if (tmpentry)
531 X509_NAME_ENTRY_free(tmpentry);
532 if (intname)
533 sk_STACK_OF_X509_NAME_ENTRY_pop_free(intname,
534 local_sk_X509_NAME_ENTRY_pop_free);
535 return ret;
536}
537
538/* Bitmap of all the types of string that will be canonicalized. */
539
540#define ASN1_MASK_CANON \
541 (B_ASN1_UTF8STRING | B_ASN1_BMPSTRING | B_ASN1_UNIVERSALSTRING \
542 | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_IA5STRING \
543 | B_ASN1_VISIBLESTRING)
544
545
546static int
547asn1_string_canon(ASN1_STRING *out, ASN1_STRING *in)
548{
549 unsigned char *to, *from;
550 int len, i;
551
552 /* If type not in bitmask just copy string across */
553 if (!(ASN1_tag2bit(in->type) & ASN1_MASK_CANON)) {
554 if (!ASN1_STRING_copy(out, in))
555 return 0;
556 return 1;
557 }
558
559 out->type = V_ASN1_UTF8STRING;
560 out->length = ASN1_STRING_to_UTF8(&out->data, in);
561 if (out->length == -1)
562 return 0;
563
564 to = out->data;
565 from = to;
566
567 len = out->length;
568
569 /* Convert string in place to canonical form.
570 * Ultimately we may need to handle a wider range of characters
571 * but for now ignore anything with MSB set and rely on the
572 * isspace() and tolower() functions.
573 */
574
575 /* Ignore leading spaces */
576 while ((len > 0) && !(*from & 0x80) && isspace(*from)) {
577 from++;
578 len--;
579 }
580
581 to = from + len - 1;
582
583 /* Ignore trailing spaces */
584 while ((len > 0) && !(*to & 0x80) && isspace(*to)) {
585 to--;
586 len--;
587 }
588
589 to = out->data;
590
591 i = 0;
592 while (i < len) {
593 /* If MSB set just copy across */
594 if (*from & 0x80) {
595 *to++ = *from++;
596 i++;
597 }
598 /* Collapse multiple spaces */
599 else if (isspace(*from)) {
600 /* Copy one space across */
601 *to++ = ' ';
602 /* Ignore subsequent spaces. Note: don't need to
603 * check len here because we know the last
604 * character is a non-space so we can't overflow.
605 */
606 do {
607 from++;
608 i++;
609 } while (!(*from & 0x80) && isspace(*from));
610 } else {
611 *to++ = tolower(*from);
612 from++;
613 i++;
614 }
615 }
616
617 out->length = to - out->data;
618
619 return 1;
620}
621
622static int
623i2d_name_canon(STACK_OF(STACK_OF_X509_NAME_ENTRY) *_intname, unsigned char **in)
624{
625 int i, len, ltmp;
626 ASN1_VALUE *v;
627 STACK_OF(ASN1_VALUE) *intname = (STACK_OF(ASN1_VALUE) *)_intname;
628
629 len = 0;
630 for (i = 0; i < sk_ASN1_VALUE_num(intname); i++) {
631 v = sk_ASN1_VALUE_value(intname, i);
632 ltmp = ASN1_item_ex_i2d(&v, in,
633 &X509_NAME_ENTRIES_it, -1, -1);
634 if (ltmp < 0)
635 return ltmp;
636 len += ltmp;
637 }
638 return len;
639}
640
641int
642X509_NAME_set(X509_NAME **xn, X509_NAME *name)
643{
644 if (*xn == name)
645 return *xn != NULL;
646 if ((name = X509_NAME_dup(name)) == NULL)
647 return 0;
648 X509_NAME_free(*xn);
649 *xn = name;
650 return 1;
651}
652LCRYPTO_ALIAS(X509_NAME_set);
653
654int
655X509_NAME_get0_der(X509_NAME *nm, const unsigned char **pder, size_t *pderlen)
656{
657 /* Make sure encoding is valid. */
658 if (i2d_X509_NAME(nm, NULL) <= 0)
659 return 0;
660 if (pder != NULL)
661 *pder = (unsigned char *)nm->bytes->data;
662 if (pderlen != NULL)
663 *pderlen = nm->bytes->length;
664 return 1;
665}
666LCRYPTO_ALIAS(X509_NAME_get0_der);
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c
deleted file mode 100644
index 5c96c13ab9..0000000000
--- a/src/lib/libcrypto/asn1/x_pkey.c
+++ /dev/null
@@ -1,123 +0,0 @@
1/* $OpenBSD: x_pkey.c,v 1.24 2024/04/09 13:55:02 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <string.h>
61
62#include <openssl/err.h>
63#include <openssl/evp.h>
64#include <openssl/objects.h>
65#include <openssl/x509.h>
66
67X509_PKEY *
68X509_PKEY_new(void)
69{
70 X509_PKEY *ret = NULL;
71
72 if ((ret = malloc(sizeof(X509_PKEY))) == NULL) {
73 ASN1error(ERR_R_MALLOC_FAILURE);
74 goto err;
75 }
76 ret->version = 0;
77 if ((ret->enc_algor = X509_ALGOR_new()) == NULL) {
78 ASN1error(ERR_R_MALLOC_FAILURE);
79 goto err;
80 }
81 if ((ret->enc_pkey = ASN1_OCTET_STRING_new()) == NULL) {
82 ASN1error(ERR_R_MALLOC_FAILURE);
83 goto err;
84 }
85 ret->dec_pkey = NULL;
86 ret->key_length = 0;
87 ret->key_data = NULL;
88 ret->key_free = 0;
89 ret->cipher.cipher = NULL;
90 memset(ret->cipher.iv, 0, EVP_MAX_IV_LENGTH);
91 ret->references = 1;
92 return (ret);
93
94 err:
95 if (ret) {
96 X509_ALGOR_free(ret->enc_algor);
97 free(ret);
98 }
99 return NULL;
100}
101LCRYPTO_ALIAS(X509_PKEY_new);
102
103void
104X509_PKEY_free(X509_PKEY *x)
105{
106 int i;
107
108 if (x == NULL)
109 return;
110
111 i = CRYPTO_add(&x->references, -1, CRYPTO_LOCK_X509_PKEY);
112 if (i > 0)
113 return;
114
115 if (x->enc_algor != NULL)
116 X509_ALGOR_free(x->enc_algor);
117 ASN1_OCTET_STRING_free(x->enc_pkey);
118 EVP_PKEY_free(x->dec_pkey);
119 if ((x->key_data != NULL) && (x->key_free))
120 free(x->key_data);
121 free(x);
122}
123LCRYPTO_ALIAS(X509_PKEY_free);
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c
deleted file mode 100644
index 1e772a3458..0000000000
--- a/src/lib/libcrypto/asn1/x_pubkey.c
+++ /dev/null
@@ -1,775 +0,0 @@
1/* $OpenBSD: x_pubkey.c,v 1.37 2024/07/08 14:48:49 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/err.h>
65#include <openssl/x509.h>
66
67#ifndef OPENSSL_NO_DSA
68#include <openssl/dsa.h>
69#endif
70#ifndef OPENSSL_NO_RSA
71#include <openssl/rsa.h>
72#endif
73
74#include "asn1_local.h"
75#include "evp_local.h"
76#include "x509_local.h"
77
78/* Minor tweak to operation: free up EVP_PKEY */
79static int
80pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
81{
82 if (operation == ASN1_OP_FREE_POST) {
83 X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval;
84 EVP_PKEY_free(pubkey->pkey);
85 }
86 return 1;
87}
88
89static const ASN1_AUX X509_PUBKEY_aux = {
90 .asn1_cb = pubkey_cb,
91};
92static const ASN1_TEMPLATE X509_PUBKEY_seq_tt[] = {
93 {
94 .offset = offsetof(X509_PUBKEY, algor),
95 .field_name = "algor",
96 .item = &X509_ALGOR_it,
97 },
98 {
99 .offset = offsetof(X509_PUBKEY, public_key),
100 .field_name = "public_key",
101 .item = &ASN1_BIT_STRING_it,
102 },
103};
104
105const ASN1_ITEM X509_PUBKEY_it = {
106 .itype = ASN1_ITYPE_SEQUENCE,
107 .utype = V_ASN1_SEQUENCE,
108 .templates = X509_PUBKEY_seq_tt,
109 .tcount = sizeof(X509_PUBKEY_seq_tt) / sizeof(ASN1_TEMPLATE),
110 .funcs = &X509_PUBKEY_aux,
111 .size = sizeof(X509_PUBKEY),
112 .sname = "X509_PUBKEY",
113};
114LCRYPTO_ALIAS(X509_PUBKEY_it);
115
116X509_PUBKEY *
117d2i_X509_PUBKEY(X509_PUBKEY **a, const unsigned char **in, long len)
118{
119 return (X509_PUBKEY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
120 &X509_PUBKEY_it);
121}
122LCRYPTO_ALIAS(d2i_X509_PUBKEY);
123
124int
125i2d_X509_PUBKEY(X509_PUBKEY *a, unsigned char **out)
126{
127 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_PUBKEY_it);
128}
129LCRYPTO_ALIAS(i2d_X509_PUBKEY);
130
131X509_PUBKEY *
132X509_PUBKEY_new(void)
133{
134 return (X509_PUBKEY *)ASN1_item_new(&X509_PUBKEY_it);
135}
136LCRYPTO_ALIAS(X509_PUBKEY_new);
137
138void
139X509_PUBKEY_free(X509_PUBKEY *a)
140{
141 ASN1_item_free((ASN1_VALUE *)a, &X509_PUBKEY_it);
142}
143LCRYPTO_ALIAS(X509_PUBKEY_free);
144
145int
146X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey)
147{
148 X509_PUBKEY *pk = NULL;
149
150 if (x == NULL)
151 return (0);
152 if ((pk = X509_PUBKEY_new()) == NULL)
153 goto error;
154
155 if (pkey->ameth) {
156 if (pkey->ameth->pub_encode) {
157 if (!pkey->ameth->pub_encode(pk, pkey)) {
158 X509error(X509_R_PUBLIC_KEY_ENCODE_ERROR);
159 goto error;
160 }
161 } else {
162 X509error(X509_R_METHOD_NOT_SUPPORTED);
163 goto error;
164 }
165 } else {
166 X509error(X509_R_UNSUPPORTED_ALGORITHM);
167 goto error;
168 }
169
170 if (*x != NULL)
171 X509_PUBKEY_free(*x);
172
173 *x = pk;
174
175 return 1;
176
177 error:
178 if (pk != NULL)
179 X509_PUBKEY_free(pk);
180 return 0;
181}
182LCRYPTO_ALIAS(X509_PUBKEY_set);
183
184EVP_PKEY *
185X509_PUBKEY_get0(X509_PUBKEY *key)
186{
187 EVP_PKEY *ret = NULL;
188
189 if (key == NULL)
190 goto error;
191
192 if (key->pkey != NULL)
193 return key->pkey;
194
195 if (key->public_key == NULL)
196 goto error;
197
198 if ((ret = EVP_PKEY_new()) == NULL) {
199 X509error(ERR_R_MALLOC_FAILURE);
200 goto error;
201 }
202
203 if (!EVP_PKEY_set_type(ret, OBJ_obj2nid(key->algor->algorithm))) {
204 X509error(X509_R_UNSUPPORTED_ALGORITHM);
205 goto error;
206 }
207
208 if (ret->ameth->pub_decode) {
209 if (!ret->ameth->pub_decode(ret, key)) {
210 X509error(X509_R_PUBLIC_KEY_DECODE_ERROR);
211 goto error;
212 }
213 } else {
214 X509error(X509_R_METHOD_NOT_SUPPORTED);
215 goto error;
216 }
217
218 /* Check to see if another thread set key->pkey first */
219 CRYPTO_w_lock(CRYPTO_LOCK_EVP_PKEY);
220 if (key->pkey) {
221 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
222 EVP_PKEY_free(ret);
223 ret = key->pkey;
224 } else {
225 key->pkey = ret;
226 CRYPTO_w_unlock(CRYPTO_LOCK_EVP_PKEY);
227 }
228
229 return ret;
230
231 error:
232 EVP_PKEY_free(ret);
233 return (NULL);
234}
235LCRYPTO_ALIAS(X509_PUBKEY_get0);
236
237EVP_PKEY *
238X509_PUBKEY_get(X509_PUBKEY *key)
239{
240 EVP_PKEY *pkey;
241
242 if ((pkey = X509_PUBKEY_get0(key)) == NULL)
243 return (NULL);
244
245 CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
246
247 return pkey;
248}
249LCRYPTO_ALIAS(X509_PUBKEY_get);
250
251/*
252 * Decode an X509_PUBKEY into the specified key type.
253 */
254static int
255pubkey_ex_d2i(int pkey_type, ASN1_VALUE **pval, const unsigned char **in,
256 long len, const ASN1_ITEM *it)
257{
258 const ASN1_EXTERN_FUNCS *ef = it->funcs;
259 const unsigned char *p = *in;
260 X509_PUBKEY *xpk = NULL;
261 ASN1_VALUE *key = NULL;
262 EVP_PKEY *pkey = NULL;
263 int ret = 0;
264
265 if ((xpk = d2i_X509_PUBKEY(NULL, &p, len)) == NULL)
266 goto err;
267 if ((pkey = X509_PUBKEY_get(xpk)) == NULL)
268 goto err;
269
270 switch (pkey_type) {
271 case EVP_PKEY_NONE:
272 key = (ASN1_VALUE *)pkey;
273 pkey = NULL;
274 break;
275
276 case EVP_PKEY_DSA:
277 key = (ASN1_VALUE *)EVP_PKEY_get1_DSA(pkey);
278 break;
279
280 case EVP_PKEY_RSA:
281 key = (ASN1_VALUE *)EVP_PKEY_get1_RSA(pkey);
282 break;
283
284 case EVP_PKEY_EC:
285 key = (ASN1_VALUE *)EVP_PKEY_get1_EC_KEY(pkey);
286 break;
287
288 default:
289 goto err;
290 }
291
292 if (key == NULL)
293 goto err;
294
295 ef->asn1_ex_free(pval, it);
296
297 *pval = key;
298 *in = p;
299 ret = 1;
300
301 err:
302 EVP_PKEY_free(pkey);
303 X509_PUBKEY_free(xpk);
304
305 return ret;
306}
307
308/*
309 * Encode the specified key type into an X509_PUBKEY.
310 */
311static int
312pubkey_ex_i2d(int pkey_type, ASN1_VALUE **pval, unsigned char **out,
313 const ASN1_ITEM *it)
314{
315 X509_PUBKEY *xpk = NULL;
316 EVP_PKEY *pkey, *pktmp;
317 int ret = -1;
318
319 if ((pkey = pktmp = EVP_PKEY_new()) == NULL)
320 goto err;
321
322 switch (pkey_type) {
323 case EVP_PKEY_NONE:
324 pkey = (EVP_PKEY *)*pval;
325 break;
326
327 case EVP_PKEY_DSA:
328 if (!EVP_PKEY_set1_DSA(pkey, (DSA *)*pval))
329 goto err;
330 break;
331
332 case EVP_PKEY_RSA:
333 if (!EVP_PKEY_set1_RSA(pkey, (RSA *)*pval))
334 goto err;
335 break;
336
337 case EVP_PKEY_EC:
338 if (!EVP_PKEY_set1_EC_KEY(pkey, (EC_KEY*)*pval))
339 goto err;
340 break;
341
342 default:
343 goto err;
344 }
345
346 if (!X509_PUBKEY_set(&xpk, pkey))
347 goto err;
348
349 ret = i2d_X509_PUBKEY(xpk, out);
350
351 err:
352 EVP_PKEY_free(pktmp);
353 X509_PUBKEY_free(xpk);
354
355 return ret;
356}
357
358static int
359pkey_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
360{
361 if ((*pval = (ASN1_VALUE *)EVP_PKEY_new()) == NULL)
362 return 0;
363
364 return 1;
365}
366
367static void
368pkey_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
369{
370 EVP_PKEY_free((EVP_PKEY *)*pval);
371 *pval = NULL;
372}
373
374static int
375pkey_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
376 const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
377{
378 return pubkey_ex_d2i(EVP_PKEY_NONE, pval, in, len, it);
379}
380
381static int
382pkey_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
383 int tag, int aclass)
384{
385 return pubkey_ex_i2d(EVP_PKEY_NONE, pval, out, it);
386}
387
388const ASN1_EXTERN_FUNCS pkey_pubkey_asn1_ff = {
389 .app_data = NULL,
390 .asn1_ex_new = pkey_pubkey_ex_new,
391 .asn1_ex_free = pkey_pubkey_ex_free,
392 .asn1_ex_clear = NULL,
393 .asn1_ex_d2i = pkey_pubkey_ex_d2i,
394 .asn1_ex_i2d = pkey_pubkey_ex_i2d,
395 .asn1_ex_print = NULL,
396};
397
398const ASN1_ITEM EVP_PKEY_PUBKEY_it = {
399 .itype = ASN1_ITYPE_EXTERN,
400 .utype = 0,
401 .templates = NULL,
402 .tcount = 0,
403 .funcs = &pkey_pubkey_asn1_ff,
404 .size = 0,
405 .sname = NULL,
406};
407
408EVP_PKEY *
409d2i_PUBKEY(EVP_PKEY **pkey, const unsigned char **in, long len)
410{
411 return (EVP_PKEY *)ASN1_item_d2i((ASN1_VALUE **)pkey, in, len,
412 &EVP_PKEY_PUBKEY_it);
413}
414LCRYPTO_ALIAS(d2i_PUBKEY);
415
416int
417i2d_PUBKEY(EVP_PKEY *pkey, unsigned char **out)
418{
419 return ASN1_item_i2d((ASN1_VALUE *)pkey, out, &EVP_PKEY_PUBKEY_it);
420}
421LCRYPTO_ALIAS(i2d_PUBKEY);
422
423EVP_PKEY *
424d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **pkey)
425{
426 return (EVP_PKEY *)ASN1_item_d2i_bio(&EVP_PKEY_PUBKEY_it, bp,
427 (ASN1_VALUE **)pkey);
428}
429LCRYPTO_ALIAS(d2i_PUBKEY_bio);
430
431int
432i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey)
433{
434 return ASN1_item_i2d_bio(&EVP_PKEY_PUBKEY_it, bp, (ASN1_VALUE *)pkey);
435}
436LCRYPTO_ALIAS(i2d_PUBKEY_bio);
437
438EVP_PKEY *
439d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **pkey)
440{
441 return (EVP_PKEY *)ASN1_item_d2i_fp(&EVP_PKEY_PUBKEY_it, fp,
442 (ASN1_VALUE **)pkey);
443}
444LCRYPTO_ALIAS(d2i_PUBKEY_fp);
445
446int
447i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey)
448{
449 return ASN1_item_i2d_fp(&EVP_PKEY_PUBKEY_it, fp, (ASN1_VALUE *)pkey);
450}
451LCRYPTO_ALIAS(i2d_PUBKEY_fp);
452
453/*
454 * The following are equivalents but which return RSA and DSA keys.
455 */
456#ifndef OPENSSL_NO_RSA
457
458static int
459rsa_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
460{
461 if ((*pval = (ASN1_VALUE *)RSA_new()) == NULL)
462 return 0;
463
464 return 1;
465}
466
467static void
468rsa_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
469{
470 RSA_free((RSA *)*pval);
471 *pval = NULL;
472}
473
474static int
475rsa_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
476 const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
477{
478 return pubkey_ex_d2i(EVP_PKEY_RSA, pval, in, len, it);
479}
480
481static int
482rsa_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
483 int tag, int aclass)
484{
485 return pubkey_ex_i2d(EVP_PKEY_RSA, pval, out, it);
486}
487
488const ASN1_EXTERN_FUNCS rsa_pubkey_asn1_ff = {
489 .app_data = NULL,
490 .asn1_ex_new = rsa_pubkey_ex_new,
491 .asn1_ex_free = rsa_pubkey_ex_free,
492 .asn1_ex_clear = NULL,
493 .asn1_ex_d2i = rsa_pubkey_ex_d2i,
494 .asn1_ex_i2d = rsa_pubkey_ex_i2d,
495 .asn1_ex_print = NULL,
496};
497
498const ASN1_ITEM RSA_PUBKEY_it = {
499 .itype = ASN1_ITYPE_EXTERN,
500 .utype = 0,
501 .templates = NULL,
502 .tcount = 0,
503 .funcs = &rsa_pubkey_asn1_ff,
504 .size = 0,
505 .sname = NULL,
506};
507
508RSA *
509d2i_RSA_PUBKEY(RSA **rsa, const unsigned char **in, long len)
510{
511 return (RSA *)ASN1_item_d2i((ASN1_VALUE **)rsa, in, len,
512 &RSA_PUBKEY_it);
513}
514LCRYPTO_ALIAS(d2i_RSA_PUBKEY);
515
516int
517i2d_RSA_PUBKEY(RSA *rsa, unsigned char **out)
518{
519 return ASN1_item_i2d((ASN1_VALUE *)rsa, out, &RSA_PUBKEY_it);
520}
521LCRYPTO_ALIAS(i2d_RSA_PUBKEY);
522
523RSA *
524d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa)
525{
526 return (RSA *)ASN1_item_d2i_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE **)rsa);
527}
528LCRYPTO_ALIAS(d2i_RSA_PUBKEY_bio);
529
530int
531i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa)
532{
533 return ASN1_item_i2d_bio(&RSA_PUBKEY_it, bp, (ASN1_VALUE *)rsa);
534}
535LCRYPTO_ALIAS(i2d_RSA_PUBKEY_bio);
536
537RSA *
538d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa)
539{
540 return (RSA *)ASN1_item_d2i_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE **)rsa);
541}
542LCRYPTO_ALIAS(d2i_RSA_PUBKEY_fp);
543
544int
545i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa)
546{
547 return ASN1_item_i2d_fp(&RSA_PUBKEY_it, fp, (ASN1_VALUE *)rsa);
548}
549LCRYPTO_ALIAS(i2d_RSA_PUBKEY_fp);
550#endif
551
552#ifndef OPENSSL_NO_DSA
553
554static int
555dsa_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
556{
557 if ((*pval = (ASN1_VALUE *)DSA_new()) == NULL)
558 return 0;
559
560 return 1;
561}
562
563static void
564dsa_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
565{
566 DSA_free((DSA *)*pval);
567 *pval = NULL;
568}
569
570static int
571dsa_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
572 const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
573{
574 return pubkey_ex_d2i(EVP_PKEY_DSA, pval, in, len, it);
575}
576
577static int
578dsa_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
579 int tag, int aclass)
580{
581 return pubkey_ex_i2d(EVP_PKEY_DSA, pval, out, it);
582}
583
584const ASN1_EXTERN_FUNCS dsa_pubkey_asn1_ff = {
585 .app_data = NULL,
586 .asn1_ex_new = dsa_pubkey_ex_new,
587 .asn1_ex_free = dsa_pubkey_ex_free,
588 .asn1_ex_clear = NULL,
589 .asn1_ex_d2i = dsa_pubkey_ex_d2i,
590 .asn1_ex_i2d = dsa_pubkey_ex_i2d,
591 .asn1_ex_print = NULL,
592};
593
594const ASN1_ITEM DSA_PUBKEY_it = {
595 .itype = ASN1_ITYPE_EXTERN,
596 .utype = 0,
597 .templates = NULL,
598 .tcount = 0,
599 .funcs = &dsa_pubkey_asn1_ff,
600 .size = 0,
601 .sname = NULL,
602};
603
604DSA *
605d2i_DSA_PUBKEY(DSA **dsa, const unsigned char **in, long len)
606{
607 return (DSA *)ASN1_item_d2i((ASN1_VALUE **)dsa, in, len,
608 &DSA_PUBKEY_it);
609}
610LCRYPTO_ALIAS(d2i_DSA_PUBKEY);
611
612int
613i2d_DSA_PUBKEY(DSA *dsa, unsigned char **out)
614{
615 return ASN1_item_i2d((ASN1_VALUE *)dsa, out, &DSA_PUBKEY_it);
616}
617LCRYPTO_ALIAS(i2d_DSA_PUBKEY);
618
619DSA *
620d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa)
621{
622 return (DSA *)ASN1_item_d2i_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE **)dsa);
623}
624LCRYPTO_ALIAS(d2i_DSA_PUBKEY_bio);
625
626int
627i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa)
628{
629 return ASN1_item_i2d_bio(&DSA_PUBKEY_it, bp, (ASN1_VALUE *)dsa);
630}
631LCRYPTO_ALIAS(i2d_DSA_PUBKEY_bio);
632
633DSA *
634d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa)
635{
636 return (DSA *)ASN1_item_d2i_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE **)dsa);
637}
638LCRYPTO_ALIAS(d2i_DSA_PUBKEY_fp);
639
640int
641i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa)
642{
643 return ASN1_item_i2d_fp(&DSA_PUBKEY_it, fp, (ASN1_VALUE *)dsa);
644}
645LCRYPTO_ALIAS(i2d_DSA_PUBKEY_fp);
646
647#endif
648
649#ifndef OPENSSL_NO_EC
650
651static int
652ec_pubkey_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
653{
654 if ((*pval = (ASN1_VALUE *)EC_KEY_new()) == NULL)
655 return 0;
656
657 return 1;
658}
659
660static void
661ec_pubkey_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
662{
663 EC_KEY_free((EC_KEY *)*pval);
664 *pval = NULL;
665}
666
667static int
668ec_pubkey_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
669 const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx)
670{
671 return pubkey_ex_d2i(EVP_PKEY_EC, pval, in, len, it);
672}
673
674static int
675ec_pubkey_ex_i2d(ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it,
676 int tag, int aclass)
677{
678 return pubkey_ex_i2d(EVP_PKEY_EC, pval, out, it);
679}
680
681const ASN1_EXTERN_FUNCS ec_pubkey_asn1_ff = {
682 .app_data = NULL,
683 .asn1_ex_new = ec_pubkey_ex_new,
684 .asn1_ex_free = ec_pubkey_ex_free,
685 .asn1_ex_clear = NULL,
686 .asn1_ex_d2i = ec_pubkey_ex_d2i,
687 .asn1_ex_i2d = ec_pubkey_ex_i2d,
688 .asn1_ex_print = NULL,
689};
690
691const ASN1_ITEM EC_PUBKEY_it = {
692 .itype = ASN1_ITYPE_EXTERN,
693 .utype = 0,
694 .templates = NULL,
695 .tcount = 0,
696 .funcs = &ec_pubkey_asn1_ff,
697 .size = 0,
698 .sname = NULL,
699};
700
701EC_KEY *
702d2i_EC_PUBKEY(EC_KEY **ec, const unsigned char **in, long len)
703{
704 return (EC_KEY *)ASN1_item_d2i((ASN1_VALUE **)ec, in, len,
705 &EC_PUBKEY_it);
706}
707LCRYPTO_ALIAS(d2i_EC_PUBKEY);
708
709int
710i2d_EC_PUBKEY(EC_KEY *ec, unsigned char **out)
711{
712 return ASN1_item_i2d((ASN1_VALUE *)ec, out, &EC_PUBKEY_it);
713}
714LCRYPTO_ALIAS(i2d_EC_PUBKEY);
715
716EC_KEY *
717d2i_EC_PUBKEY_bio(BIO *bp, EC_KEY **ec)
718{
719 return (EC_KEY *)ASN1_item_d2i_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE **)ec);
720}
721LCRYPTO_ALIAS(d2i_EC_PUBKEY_bio);
722
723int
724i2d_EC_PUBKEY_bio(BIO *bp, EC_KEY *ec)
725{
726 return ASN1_item_i2d_bio(&EC_PUBKEY_it, bp, (ASN1_VALUE *)ec);
727}
728LCRYPTO_ALIAS(i2d_EC_PUBKEY_bio);
729
730EC_KEY *
731d2i_EC_PUBKEY_fp(FILE *fp, EC_KEY **ec)
732{
733 return (EC_KEY *)ASN1_item_d2i_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE **)ec);
734}
735LCRYPTO_ALIAS(d2i_EC_PUBKEY_fp);
736
737int
738i2d_EC_PUBKEY_fp(FILE *fp, EC_KEY *ec)
739{
740 return ASN1_item_i2d_fp(&EC_PUBKEY_it, fp, (ASN1_VALUE *)ec);
741}
742LCRYPTO_ALIAS(i2d_EC_PUBKEY_fp);
743#endif
744
745int
746X509_PUBKEY_set0_param(X509_PUBKEY *pub, ASN1_OBJECT *aobj, int ptype,
747 void *pval, unsigned char *penc, int penclen)
748{
749 if (!X509_ALGOR_set0(pub->algor, aobj, ptype, pval))
750 return 0;
751
752 if (penc == NULL)
753 return 1;
754
755 ASN1_STRING_set0(pub->public_key, penc, penclen);
756
757 return asn1_abs_set_unused_bits(pub->public_key, 0);
758}
759LCRYPTO_ALIAS(X509_PUBKEY_set0_param);
760
761int
762X509_PUBKEY_get0_param(ASN1_OBJECT **ppkalg, const unsigned char **pk,
763 int *ppklen, X509_ALGOR **pa, X509_PUBKEY *pub)
764{
765 if (ppkalg)
766 *ppkalg = pub->algor->algorithm;
767 if (pk) {
768 *pk = pub->public_key->data;
769 *ppklen = pub->public_key->length;
770 }
771 if (pa)
772 *pa = pub->algor;
773 return 1;
774}
775LCRYPTO_ALIAS(X509_PUBKEY_get0_param);
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c
deleted file mode 100644
index 50b55ecf50..0000000000
--- a/src/lib/libcrypto/asn1/x_req.c
+++ /dev/null
@@ -1,258 +0,0 @@
1/* $OpenBSD: x_req.c,v 1.23 2024/07/08 14:48:49 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63
64#include "x509_local.h"
65
66/* X509_REQ_INFO is handled in an unusual way to get round
67 * invalid encodings. Some broken certificate requests don't
68 * encode the attributes field if it is empty. This is in
69 * violation of PKCS#10 but we need to tolerate it. We do
70 * this by making the attributes field OPTIONAL then using
71 * the callback to initialise it to an empty STACK.
72 *
73 * This means that the field will be correctly encoded unless
74 * we NULL out the field.
75 *
76 * As a result we no longer need the req_kludge field because
77 * the information is now contained in the attributes field:
78 * 1. If it is NULL then it's the invalid omission.
79 * 2. If it is empty it is the correct encoding.
80 * 3. If it is not empty then some attributes are present.
81 *
82 */
83
84static int
85rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
86{
87 X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval;
88
89 if (operation == ASN1_OP_NEW_POST) {
90 rinf->attributes = sk_X509_ATTRIBUTE_new_null();
91 if (!rinf->attributes)
92 return 0;
93 }
94 return 1;
95}
96
97static const ASN1_AUX X509_REQ_INFO_aux = {
98 .flags = ASN1_AFLG_ENCODING,
99 .asn1_cb = rinf_cb,
100 .enc_offset = offsetof(X509_REQ_INFO, enc),
101};
102static const ASN1_TEMPLATE X509_REQ_INFO_seq_tt[] = {
103 {
104 .offset = offsetof(X509_REQ_INFO, version),
105 .field_name = "version",
106 .item = &ASN1_INTEGER_it,
107 },
108 {
109 .offset = offsetof(X509_REQ_INFO, subject),
110 .field_name = "subject",
111 .item = &X509_NAME_it,
112 },
113 {
114 .offset = offsetof(X509_REQ_INFO, pubkey),
115 .field_name = "pubkey",
116 .item = &X509_PUBKEY_it,
117 },
118 /* This isn't really OPTIONAL but it gets round invalid
119 * encodings
120 */
121 {
122 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SET_OF | ASN1_TFLG_OPTIONAL,
123 .offset = offsetof(X509_REQ_INFO, attributes),
124 .field_name = "attributes",
125 .item = &X509_ATTRIBUTE_it,
126 },
127};
128
129const ASN1_ITEM X509_REQ_INFO_it = {
130 .itype = ASN1_ITYPE_SEQUENCE,
131 .utype = V_ASN1_SEQUENCE,
132 .templates = X509_REQ_INFO_seq_tt,
133 .tcount = sizeof(X509_REQ_INFO_seq_tt) / sizeof(ASN1_TEMPLATE),
134 .funcs = &X509_REQ_INFO_aux,
135 .size = sizeof(X509_REQ_INFO),
136 .sname = "X509_REQ_INFO",
137};
138LCRYPTO_ALIAS(X509_REQ_INFO_it);
139
140
141X509_REQ_INFO *
142d2i_X509_REQ_INFO(X509_REQ_INFO **a, const unsigned char **in, long len)
143{
144 return (X509_REQ_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
145 &X509_REQ_INFO_it);
146}
147LCRYPTO_ALIAS(d2i_X509_REQ_INFO);
148
149int
150i2d_X509_REQ_INFO(X509_REQ_INFO *a, unsigned char **out)
151{
152 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_INFO_it);
153}
154LCRYPTO_ALIAS(i2d_X509_REQ_INFO);
155
156X509_REQ_INFO *
157X509_REQ_INFO_new(void)
158{
159 return (X509_REQ_INFO *)ASN1_item_new(&X509_REQ_INFO_it);
160}
161LCRYPTO_ALIAS(X509_REQ_INFO_new);
162
163void
164X509_REQ_INFO_free(X509_REQ_INFO *a)
165{
166 ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_INFO_it);
167}
168LCRYPTO_ALIAS(X509_REQ_INFO_free);
169
170static const ASN1_AUX X509_REQ_aux = {
171 .app_data = NULL,
172 .flags = ASN1_AFLG_REFCOUNT,
173 .ref_offset = offsetof(X509_REQ, references),
174 .ref_lock = CRYPTO_LOCK_X509_REQ,
175};
176static const ASN1_TEMPLATE X509_REQ_seq_tt[] = {
177 {
178 .offset = offsetof(X509_REQ, req_info),
179 .field_name = "req_info",
180 .item = &X509_REQ_INFO_it,
181 },
182 {
183 .offset = offsetof(X509_REQ, sig_alg),
184 .field_name = "sig_alg",
185 .item = &X509_ALGOR_it,
186 },
187 {
188 .offset = offsetof(X509_REQ, signature),
189 .field_name = "signature",
190 .item = &ASN1_BIT_STRING_it,
191 },
192};
193
194const ASN1_ITEM X509_REQ_it = {
195 .itype = ASN1_ITYPE_SEQUENCE,
196 .utype = V_ASN1_SEQUENCE,
197 .templates = X509_REQ_seq_tt,
198 .tcount = sizeof(X509_REQ_seq_tt) / sizeof(ASN1_TEMPLATE),
199 .funcs = &X509_REQ_aux,
200 .size = sizeof(X509_REQ),
201 .sname = "X509_REQ",
202};
203LCRYPTO_ALIAS(X509_REQ_it);
204
205
206X509_REQ *
207d2i_X509_REQ(X509_REQ **a, const unsigned char **in, long len)
208{
209 return (X509_REQ *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
210 &X509_REQ_it);
211}
212LCRYPTO_ALIAS(d2i_X509_REQ);
213
214int
215i2d_X509_REQ(X509_REQ *a, unsigned char **out)
216{
217 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_REQ_it);
218}
219LCRYPTO_ALIAS(i2d_X509_REQ);
220
221X509_REQ *
222X509_REQ_new(void)
223{
224 return (X509_REQ *)ASN1_item_new(&X509_REQ_it);
225}
226LCRYPTO_ALIAS(X509_REQ_new);
227
228void
229X509_REQ_free(X509_REQ *a)
230{
231 ASN1_item_free((ASN1_VALUE *)a, &X509_REQ_it);
232}
233LCRYPTO_ALIAS(X509_REQ_free);
234
235X509_REQ *
236X509_REQ_dup(X509_REQ *x)
237{
238 return ASN1_item_dup(&X509_REQ_it, x);
239}
240LCRYPTO_ALIAS(X509_REQ_dup);
241
242int
243X509_REQ_get_signature_nid(const X509_REQ *req)
244{
245 return OBJ_obj2nid(req->sig_alg->algorithm);
246}
247LCRYPTO_ALIAS(X509_REQ_get_signature_nid);
248
249void
250X509_REQ_get0_signature(const X509_REQ *req, const ASN1_BIT_STRING **psig,
251 const X509_ALGOR **palg)
252{
253 if (psig != NULL)
254 *psig = req->signature;
255 if (palg != NULL)
256 *palg = req->sig_alg;
257}
258LCRYPTO_ALIAS(X509_REQ_get0_signature);
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c
deleted file mode 100644
index be28e9722b..0000000000
--- a/src/lib/libcrypto/asn1/x_sig.c
+++ /dev/null
@@ -1,138 +0,0 @@
1/* $OpenBSD: x_sig.c,v 1.18 2024/07/08 14:48:49 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63
64#include "x509_local.h"
65
66static const ASN1_TEMPLATE X509_SIG_seq_tt[] = {
67 {
68 .offset = offsetof(X509_SIG, algor),
69 .field_name = "algor",
70 .item = &X509_ALGOR_it,
71 },
72 {
73 .offset = offsetof(X509_SIG, digest),
74 .field_name = "digest",
75 .item = &ASN1_OCTET_STRING_it,
76 },
77};
78
79const ASN1_ITEM X509_SIG_it = {
80 .itype = ASN1_ITYPE_SEQUENCE,
81 .utype = V_ASN1_SEQUENCE,
82 .templates = X509_SIG_seq_tt,
83 .tcount = sizeof(X509_SIG_seq_tt) / sizeof(ASN1_TEMPLATE),
84 .size = sizeof(X509_SIG),
85 .sname = "X509_SIG",
86};
87LCRYPTO_ALIAS(X509_SIG_it);
88
89
90X509_SIG *
91d2i_X509_SIG(X509_SIG **a, const unsigned char **in, long len)
92{
93 return (X509_SIG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
94 &X509_SIG_it);
95}
96LCRYPTO_ALIAS(d2i_X509_SIG);
97
98int
99i2d_X509_SIG(X509_SIG *a, unsigned char **out)
100{
101 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_SIG_it);
102}
103LCRYPTO_ALIAS(i2d_X509_SIG);
104
105X509_SIG *
106X509_SIG_new(void)
107{
108 return (X509_SIG *)ASN1_item_new(&X509_SIG_it);
109}
110LCRYPTO_ALIAS(X509_SIG_new);
111
112void
113X509_SIG_free(X509_SIG *a)
114{
115 ASN1_item_free((ASN1_VALUE *)a, &X509_SIG_it);
116}
117LCRYPTO_ALIAS(X509_SIG_free);
118
119void
120X509_SIG_get0(const X509_SIG *sig, const X509_ALGOR **palg,
121 const ASN1_OCTET_STRING **pdigest)
122{
123 if (palg != NULL)
124 *palg = sig->algor;
125 if (pdigest != NULL)
126 *pdigest = sig->digest;
127}
128LCRYPTO_ALIAS(X509_SIG_get0);
129
130void
131X509_SIG_getm(X509_SIG *sig, X509_ALGOR **palg, ASN1_OCTET_STRING **pdigest)
132{
133 if (palg != NULL)
134 *palg = sig->algor;
135 if (pdigest != NULL)
136 *pdigest = sig->digest;
137}
138LCRYPTO_ALIAS(X509_SIG_getm);
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c
deleted file mode 100644
index e711b80611..0000000000
--- a/src/lib/libcrypto/asn1/x_spki.c
+++ /dev/null
@@ -1,184 +0,0 @@
1/* $OpenBSD: x_spki.c,v 1.15 2024/07/08 14:48:49 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59 /* This module was send to me my Pat Richards <patr@x509.com> who
60 * wrote it. It is under my Copyright with his permission
61 */
62
63#include <stdio.h>
64
65#include <openssl/x509.h>
66#include <openssl/asn1t.h>
67
68static const ASN1_TEMPLATE NETSCAPE_SPKAC_seq_tt[] = {
69 {
70 .offset = offsetof(NETSCAPE_SPKAC, pubkey),
71 .field_name = "pubkey",
72 .item = &X509_PUBKEY_it,
73 },
74 {
75 .offset = offsetof(NETSCAPE_SPKAC, challenge),
76 .field_name = "challenge",
77 .item = &ASN1_IA5STRING_it,
78 },
79};
80
81const ASN1_ITEM NETSCAPE_SPKAC_it = {
82 .itype = ASN1_ITYPE_SEQUENCE,
83 .utype = V_ASN1_SEQUENCE,
84 .templates = NETSCAPE_SPKAC_seq_tt,
85 .tcount = sizeof(NETSCAPE_SPKAC_seq_tt) / sizeof(ASN1_TEMPLATE),
86 .size = sizeof(NETSCAPE_SPKAC),
87 .sname = "NETSCAPE_SPKAC",
88};
89LCRYPTO_ALIAS(NETSCAPE_SPKAC_it);
90
91
92NETSCAPE_SPKAC *
93d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len)
94{
95 return (NETSCAPE_SPKAC *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
96 &NETSCAPE_SPKAC_it);
97}
98LCRYPTO_ALIAS(d2i_NETSCAPE_SPKAC);
99
100int
101i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a, unsigned char **out)
102{
103 return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKAC_it);
104}
105LCRYPTO_ALIAS(i2d_NETSCAPE_SPKAC);
106
107NETSCAPE_SPKAC *
108NETSCAPE_SPKAC_new(void)
109{
110 return (NETSCAPE_SPKAC *)ASN1_item_new(&NETSCAPE_SPKAC_it);
111}
112LCRYPTO_ALIAS(NETSCAPE_SPKAC_new);
113
114void
115NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a)
116{
117 ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKAC_it);
118}
119LCRYPTO_ALIAS(NETSCAPE_SPKAC_free);
120
121static const ASN1_TEMPLATE NETSCAPE_SPKI_seq_tt[] = {
122 {
123 .flags = 0,
124 .tag = 0,
125 .offset = offsetof(NETSCAPE_SPKI, spkac),
126 .field_name = "spkac",
127 .item = &NETSCAPE_SPKAC_it,
128 },
129 {
130 .flags = 0,
131 .tag = 0,
132 .offset = offsetof(NETSCAPE_SPKI, sig_algor),
133 .field_name = "sig_algor",
134 .item = &X509_ALGOR_it,
135 },
136 {
137 .flags = 0,
138 .tag = 0,
139 .offset = offsetof(NETSCAPE_SPKI, signature),
140 .field_name = "signature",
141 .item = &ASN1_BIT_STRING_it,
142 },
143};
144
145const ASN1_ITEM NETSCAPE_SPKI_it = {
146 .itype = ASN1_ITYPE_SEQUENCE,
147 .utype = V_ASN1_SEQUENCE,
148 .templates = NETSCAPE_SPKI_seq_tt,
149 .tcount = sizeof(NETSCAPE_SPKI_seq_tt) / sizeof(ASN1_TEMPLATE),
150 .funcs = NULL,
151 .size = sizeof(NETSCAPE_SPKI),
152 .sname = "NETSCAPE_SPKI",
153};
154LCRYPTO_ALIAS(NETSCAPE_SPKI_it);
155
156
157NETSCAPE_SPKI *
158d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a, const unsigned char **in, long len)
159{
160 return (NETSCAPE_SPKI *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
161 &NETSCAPE_SPKI_it);
162}
163LCRYPTO_ALIAS(d2i_NETSCAPE_SPKI);
164
165int
166i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a, unsigned char **out)
167{
168 return ASN1_item_i2d((ASN1_VALUE *)a, out, &NETSCAPE_SPKI_it);
169}
170LCRYPTO_ALIAS(i2d_NETSCAPE_SPKI);
171
172NETSCAPE_SPKI *
173NETSCAPE_SPKI_new(void)
174{
175 return (NETSCAPE_SPKI *)ASN1_item_new(&NETSCAPE_SPKI_it);
176}
177LCRYPTO_ALIAS(NETSCAPE_SPKI_new);
178
179void
180NETSCAPE_SPKI_free(NETSCAPE_SPKI *a)
181{
182 ASN1_item_free((ASN1_VALUE *)a, &NETSCAPE_SPKI_it);
183}
184LCRYPTO_ALIAS(NETSCAPE_SPKI_free);
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c
deleted file mode 100644
index 08501f17e0..0000000000
--- a/src/lib/libcrypto/asn1/x_val.c
+++ /dev/null
@@ -1,117 +0,0 @@
1/* $OpenBSD: x_val.c,v 1.16 2024/08/31 10:14:17 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63
64#include "x509_local.h"
65
66static const ASN1_TEMPLATE X509_VAL_seq_tt[] = {
67 {
68 .offset = offsetof(X509_VAL, notBefore),
69 .field_name = "notBefore",
70 .item = &ASN1_TIME_it,
71 },
72 {
73 .offset = offsetof(X509_VAL, notAfter),
74 .field_name = "notAfter",
75 .item = &ASN1_TIME_it,
76 },
77};
78
79const ASN1_ITEM X509_VAL_it = {
80 .itype = ASN1_ITYPE_SEQUENCE,
81 .utype = V_ASN1_SEQUENCE,
82 .templates = X509_VAL_seq_tt,
83 .tcount = sizeof(X509_VAL_seq_tt) / sizeof(ASN1_TEMPLATE),
84 .size = sizeof(X509_VAL),
85 .sname = "X509_VAL",
86};
87LCRYPTO_ALIAS(X509_VAL_it);
88
89
90X509_VAL *
91d2i_X509_VAL(X509_VAL **a, const unsigned char **in, long len)
92{
93 return (X509_VAL *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
94 &X509_VAL_it);
95}
96LCRYPTO_ALIAS(d2i_X509_VAL);
97
98int
99i2d_X509_VAL(X509_VAL *a, unsigned char **out)
100{
101 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_VAL_it);
102}
103LCRYPTO_ALIAS(i2d_X509_VAL);
104
105X509_VAL *
106X509_VAL_new(void)
107{
108 return (X509_VAL *)ASN1_item_new(&X509_VAL_it);
109}
110LCRYPTO_ALIAS(X509_VAL_new);
111
112void
113X509_VAL_free(X509_VAL *a)
114{
115 ASN1_item_free((ASN1_VALUE *)a, &X509_VAL_it);
116}
117LCRYPTO_ALIAS(X509_VAL_free);
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c
deleted file mode 100644
index 069d84926f..0000000000
--- a/src/lib/libcrypto/asn1/x_x509.c
+++ /dev/null
@@ -1,387 +0,0 @@
1/* $OpenBSD: x_x509.c,v 1.41 2025/02/21 05:44:28 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
52 *
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60
61#include <openssl/opensslconf.h>
62
63#include <openssl/asn1t.h>
64#include <openssl/evp.h>
65#include <openssl/x509.h>
66#include <openssl/x509v3.h>
67
68#include "x509_local.h"
69
70static const ASN1_AUX X509_CINF_aux = {
71 .flags = ASN1_AFLG_ENCODING,
72 .enc_offset = offsetof(X509_CINF, enc),
73};
74static const ASN1_TEMPLATE X509_CINF_seq_tt[] = {
75 {
76 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_OPTIONAL,
77 .offset = offsetof(X509_CINF, version),
78 .field_name = "version",
79 .item = &ASN1_INTEGER_it,
80 },
81 {
82 .offset = offsetof(X509_CINF, serialNumber),
83 .field_name = "serialNumber",
84 .item = &ASN1_INTEGER_it,
85 },
86 {
87 .offset = offsetof(X509_CINF, signature),
88 .field_name = "signature",
89 .item = &X509_ALGOR_it,
90 },
91 {
92 .offset = offsetof(X509_CINF, issuer),
93 .field_name = "issuer",
94 .item = &X509_NAME_it,
95 },
96 {
97 .offset = offsetof(X509_CINF, validity),
98 .field_name = "validity",
99 .item = &X509_VAL_it,
100 },
101 {
102 .offset = offsetof(X509_CINF, subject),
103 .field_name = "subject",
104 .item = &X509_NAME_it,
105 },
106 {
107 .offset = offsetof(X509_CINF, key),
108 .field_name = "key",
109 .item = &X509_PUBKEY_it,
110 },
111 {
112 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
113 .tag = 1,
114 .offset = offsetof(X509_CINF, issuerUID),
115 .field_name = "issuerUID",
116 .item = &ASN1_BIT_STRING_it,
117 },
118 {
119 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_OPTIONAL,
120 .tag = 2,
121 .offset = offsetof(X509_CINF, subjectUID),
122 .field_name = "subjectUID",
123 .item = &ASN1_BIT_STRING_it,
124 },
125 {
126 .flags = ASN1_TFLG_EXPLICIT | ASN1_TFLG_SEQUENCE_OF |
127 ASN1_TFLG_OPTIONAL,
128 .tag = 3,
129 .offset = offsetof(X509_CINF, extensions),
130 .field_name = "extensions",
131 .item = &X509_EXTENSION_it,
132 },
133};
134
135const ASN1_ITEM X509_CINF_it = {
136 .itype = ASN1_ITYPE_SEQUENCE,
137 .utype = V_ASN1_SEQUENCE,
138 .templates = X509_CINF_seq_tt,
139 .tcount = sizeof(X509_CINF_seq_tt) / sizeof(ASN1_TEMPLATE),
140 .funcs = &X509_CINF_aux,
141 .size = sizeof(X509_CINF),
142 .sname = "X509_CINF",
143};
144LCRYPTO_ALIAS(X509_CINF_it);
145
146
147X509_CINF *
148d2i_X509_CINF(X509_CINF **a, const unsigned char **in, long len)
149{
150 return (X509_CINF *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
151 &X509_CINF_it);
152}
153LCRYPTO_ALIAS(d2i_X509_CINF);
154
155int
156i2d_X509_CINF(X509_CINF *a, unsigned char **out)
157{
158 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CINF_it);
159}
160LCRYPTO_ALIAS(i2d_X509_CINF);
161
162X509_CINF *
163X509_CINF_new(void)
164{
165 return (X509_CINF *)ASN1_item_new(&X509_CINF_it);
166}
167LCRYPTO_ALIAS(X509_CINF_new);
168
169void
170X509_CINF_free(X509_CINF *a)
171{
172 ASN1_item_free((ASN1_VALUE *)a, &X509_CINF_it);
173}
174LCRYPTO_ALIAS(X509_CINF_free);
175/* X509 top level structure needs a bit of customisation */
176
177static int
178x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it, void *exarg)
179{
180 X509 *ret = (X509 *)*pval;
181
182 switch (operation) {
183
184 case ASN1_OP_NEW_POST:
185 ret->ex_flags = 0;
186 ret->ex_pathlen = -1;
187 ret->skid = NULL;
188 ret->akid = NULL;
189 ret->aux = NULL;
190 ret->crldp = NULL;
191#ifndef OPENSSL_NO_RFC3779
192 ret->rfc3779_addr = NULL;
193 ret->rfc3779_asid = NULL;
194#endif
195 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
196 break;
197
198 case ASN1_OP_FREE_POST:
199 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data);
200 X509_CERT_AUX_free(ret->aux);
201 ASN1_OCTET_STRING_free(ret->skid);
202 AUTHORITY_KEYID_free(ret->akid);
203 CRL_DIST_POINTS_free(ret->crldp);
204 GENERAL_NAMES_free(ret->altname);
205 NAME_CONSTRAINTS_free(ret->nc);
206#ifndef OPENSSL_NO_RFC3779
207 sk_IPAddressFamily_pop_free(ret->rfc3779_addr, IPAddressFamily_free);
208 ASIdentifiers_free(ret->rfc3779_asid);
209#endif
210 break;
211 }
212
213 return 1;
214}
215LCRYPTO_ALIAS(d2i_X509_CINF);
216
217static const ASN1_AUX X509_aux = {
218 .app_data = NULL,
219 .flags = ASN1_AFLG_REFCOUNT,
220 .ref_offset = offsetof(X509, references),
221 .ref_lock = CRYPTO_LOCK_X509,
222 .asn1_cb = x509_cb,
223};
224static const ASN1_TEMPLATE X509_seq_tt[] = {
225 {
226 .offset = offsetof(X509, cert_info),
227 .field_name = "cert_info",
228 .item = &X509_CINF_it,
229 },
230 {
231 .offset = offsetof(X509, sig_alg),
232 .field_name = "sig_alg",
233 .item = &X509_ALGOR_it,
234 },
235 {
236 .offset = offsetof(X509, signature),
237 .field_name = "signature",
238 .item = &ASN1_BIT_STRING_it,
239 },
240};
241
242const ASN1_ITEM X509_it = {
243 .itype = ASN1_ITYPE_SEQUENCE,
244 .utype = V_ASN1_SEQUENCE,
245 .templates = X509_seq_tt,
246 .tcount = sizeof(X509_seq_tt) / sizeof(ASN1_TEMPLATE),
247 .funcs = &X509_aux,
248 .size = sizeof(X509),
249 .sname = "X509",
250};
251LCRYPTO_ALIAS(X509_it);
252
253
254X509 *
255d2i_X509(X509 **a, const unsigned char **in, long len)
256{
257 return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
258 &X509_it);
259}
260LCRYPTO_ALIAS(d2i_X509);
261
262int
263i2d_X509(X509 *a, unsigned char **out)
264{
265 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_it);
266}
267LCRYPTO_ALIAS(i2d_X509);
268
269X509 *
270X509_new(void)
271{
272 return (X509 *)ASN1_item_new(&X509_it);
273}
274LCRYPTO_ALIAS(X509_new);
275
276void
277X509_free(X509 *a)
278{
279 ASN1_item_free((ASN1_VALUE *)a, &X509_it);
280}
281LCRYPTO_ALIAS(X509_free);
282
283X509 *
284X509_dup(X509 *x)
285{
286 return ASN1_item_dup(&X509_it, x);
287}
288LCRYPTO_ALIAS(X509_dup);
289
290int
291X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
292 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
293{
294 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp,
295 new_func, dup_func, free_func);
296}
297LCRYPTO_ALIAS(X509_get_ex_new_index);
298
299int
300X509_set_ex_data(X509 *r, int idx, void *arg)
301{
302 return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
303}
304LCRYPTO_ALIAS(X509_set_ex_data);
305
306void *
307X509_get_ex_data(X509 *r, int idx)
308{
309 return (CRYPTO_get_ex_data(&r->ex_data, idx));
310}
311LCRYPTO_ALIAS(X509_get_ex_data);
312
313/* X509_AUX ASN1 routines. X509_AUX is the name given to
314 * a certificate with extra info tagged on the end. Since these
315 * functions set how a certificate is trusted they should only
316 * be used when the certificate comes from a reliable source
317 * such as local storage.
318 *
319 */
320
321X509 *
322d2i_X509_AUX(X509 **a, const unsigned char **pp, long length)
323{
324 const unsigned char *q;
325 X509 *ret;
326
327 /* Save start position */
328 q = *pp;
329 ret = d2i_X509(NULL, pp, length);
330 /* If certificate unreadable then forget it */
331 if (!ret)
332 return NULL;
333 /* update length */
334 length -= *pp - q;
335 if (length > 0) {
336 if (!d2i_X509_CERT_AUX(&ret->aux, pp, length))
337 goto err;
338 }
339 if (a != NULL) {
340 X509_free(*a);
341 *a = ret;
342 }
343 return ret;
344
345 err:
346 X509_free(ret);
347 return NULL;
348}
349LCRYPTO_ALIAS(d2i_X509_AUX);
350
351int
352i2d_X509_AUX(X509 *a, unsigned char **pp)
353{
354 int length;
355
356 length = i2d_X509(a, pp);
357 if (a)
358 length += i2d_X509_CERT_AUX(a->aux, pp);
359 return length;
360}
361LCRYPTO_ALIAS(i2d_X509_AUX);
362
363int
364i2d_re_X509_tbs(X509 *x, unsigned char **pp)
365{
366 x->cert_info->enc.modified = 1;
367 return i2d_X509_CINF(x->cert_info, pp);
368}
369LCRYPTO_ALIAS(i2d_re_X509_tbs);
370
371void
372X509_get0_signature(const ASN1_BIT_STRING **psig, const X509_ALGOR **palg,
373 const X509 *x)
374{
375 if (psig != NULL)
376 *psig = x->signature;
377 if (palg != NULL)
378 *palg = x->sig_alg;
379}
380LCRYPTO_ALIAS(X509_get0_signature);
381
382int
383X509_get_signature_nid(const X509 *x)
384{
385 return OBJ_obj2nid(x->sig_alg->algorithm);
386}
387LCRYPTO_ALIAS(X509_get_signature_nid);
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c
deleted file mode 100644
index aaa22d1351..0000000000
--- a/src/lib/libcrypto/asn1/x_x509a.c
+++ /dev/null
@@ -1,282 +0,0 @@
1/* $OpenBSD: x_x509a.c,v 1.22 2024/04/09 13:55:02 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60
61#include <openssl/asn1t.h>
62#include <openssl/evp.h>
63#include <openssl/x509.h>
64
65#include "x509_local.h"
66
67/* X509_CERT_AUX routines. These are used to encode additional
68 * user modifiable data about a certificate. This data is
69 * appended to the X509 encoding when the *_X509_AUX routines
70 * are used. This means that the "traditional" X509 routines
71 * will simply ignore the extra data.
72 */
73
74static X509_CERT_AUX *aux_get(X509 *x);
75
76static const ASN1_TEMPLATE X509_CERT_AUX_seq_tt[] = {
77 {
78 .flags = ASN1_TFLG_SEQUENCE_OF | ASN1_TFLG_OPTIONAL,
79 .offset = offsetof(X509_CERT_AUX, trust),
80 .field_name = "trust",
81 .item = &ASN1_OBJECT_it,
82 },
83 {
84 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF |
85 ASN1_TFLG_OPTIONAL,
86 .tag = 0,
87 .offset = offsetof(X509_CERT_AUX, reject),
88 .field_name = "reject",
89 .item = &ASN1_OBJECT_it,
90 },
91 {
92 .flags = ASN1_TFLG_OPTIONAL,
93 .offset = offsetof(X509_CERT_AUX, alias),
94 .field_name = "alias",
95 .item = &ASN1_UTF8STRING_it,
96 },
97 {
98 .flags = ASN1_TFLG_OPTIONAL,
99 .offset = offsetof(X509_CERT_AUX, keyid),
100 .field_name = "keyid",
101 .item = &ASN1_OCTET_STRING_it,
102 },
103 {
104 .flags = ASN1_TFLG_IMPLICIT | ASN1_TFLG_SEQUENCE_OF |
105 ASN1_TFLG_OPTIONAL,
106 .tag = 1,
107 .offset = offsetof(X509_CERT_AUX, other),
108 .field_name = "other",
109 .item = &X509_ALGOR_it,
110 },
111};
112
113const ASN1_ITEM X509_CERT_AUX_it = {
114 .itype = ASN1_ITYPE_SEQUENCE,
115 .utype = V_ASN1_SEQUENCE,
116 .templates = X509_CERT_AUX_seq_tt,
117 .tcount = sizeof(X509_CERT_AUX_seq_tt) / sizeof(ASN1_TEMPLATE),
118 .size = sizeof(X509_CERT_AUX),
119 .sname = "X509_CERT_AUX",
120};
121
122
123X509_CERT_AUX *
124d2i_X509_CERT_AUX(X509_CERT_AUX **a, const unsigned char **in, long len)
125{
126 return (X509_CERT_AUX *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
127 &X509_CERT_AUX_it);
128}
129
130int
131i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **out)
132{
133 return ASN1_item_i2d((ASN1_VALUE *)a, out, &X509_CERT_AUX_it);
134}
135
136X509_CERT_AUX *
137X509_CERT_AUX_new(void)
138{
139 return (X509_CERT_AUX *)ASN1_item_new(&X509_CERT_AUX_it);
140}
141
142void
143X509_CERT_AUX_free(X509_CERT_AUX *a)
144{
145 ASN1_item_free((ASN1_VALUE *)a, &X509_CERT_AUX_it);
146}
147
148static X509_CERT_AUX *
149aux_get(X509 *x)
150{
151 if (!x)
152 return NULL;
153 if (!x->aux && !(x->aux = X509_CERT_AUX_new()))
154 return NULL;
155 return x->aux;
156}
157
158int
159X509_alias_set1(X509 *x, const unsigned char *name, int len)
160{
161 X509_CERT_AUX *aux;
162 if (!name) {
163 if (!x || !x->aux || !x->aux->alias)
164 return 1;
165 ASN1_UTF8STRING_free(x->aux->alias);
166 x->aux->alias = NULL;
167 return 1;
168 }
169 if (!(aux = aux_get(x)))
170 return 0;
171 if (!aux->alias && !(aux->alias = ASN1_UTF8STRING_new()))
172 return 0;
173 return ASN1_STRING_set(aux->alias, name, len);
174}
175LCRYPTO_ALIAS(X509_alias_set1);
176
177int
178X509_keyid_set1(X509 *x, const unsigned char *id, int len)
179{
180 X509_CERT_AUX *aux;
181 if (!id) {
182 if (!x || !x->aux || !x->aux->keyid)
183 return 1;
184 ASN1_OCTET_STRING_free(x->aux->keyid);
185 x->aux->keyid = NULL;
186 return 1;
187 }
188 if (!(aux = aux_get(x)))
189 return 0;
190 if (!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new()))
191 return 0;
192 return ASN1_STRING_set(aux->keyid, id, len);
193}
194LCRYPTO_ALIAS(X509_keyid_set1);
195
196unsigned char *
197X509_alias_get0(X509 *x, int *len)
198{
199 if (!x->aux || !x->aux->alias)
200 return NULL;
201 if (len)
202 *len = x->aux->alias->length;
203 return x->aux->alias->data;
204}
205LCRYPTO_ALIAS(X509_alias_get0);
206
207unsigned char *
208X509_keyid_get0(X509 *x, int *len)
209{
210 if (!x->aux || !x->aux->keyid)
211 return NULL;
212 if (len)
213 *len = x->aux->keyid->length;
214 return x->aux->keyid->data;
215}
216LCRYPTO_ALIAS(X509_keyid_get0);
217
218int
219X509_add1_trust_object(X509 *x, const ASN1_OBJECT *obj)
220{
221 X509_CERT_AUX *aux;
222 ASN1_OBJECT *objtmp;
223 int rc;
224
225 if (!(objtmp = OBJ_dup(obj)))
226 return 0;
227 if (!(aux = aux_get(x)))
228 goto err;
229 if (!aux->trust && !(aux->trust = sk_ASN1_OBJECT_new_null()))
230 goto err;
231 rc = sk_ASN1_OBJECT_push(aux->trust, objtmp);
232 if (rc != 0)
233 return rc;
234
235 err:
236 ASN1_OBJECT_free(objtmp);
237 return 0;
238}
239LCRYPTO_ALIAS(X509_add1_trust_object);
240
241int
242X509_add1_reject_object(X509 *x, const ASN1_OBJECT *obj)
243{
244 X509_CERT_AUX *aux;
245 ASN1_OBJECT *objtmp;
246 int rc;
247
248 if (!(objtmp = OBJ_dup(obj)))
249 return 0;
250 if (!(aux = aux_get(x)))
251 goto err;
252 if (!aux->reject && !(aux->reject = sk_ASN1_OBJECT_new_null()))
253 goto err;
254 rc = sk_ASN1_OBJECT_push(aux->reject, objtmp);
255 if (rc != 0)
256 return rc;
257
258 err:
259 ASN1_OBJECT_free(objtmp);
260 return 0;
261}
262LCRYPTO_ALIAS(X509_add1_reject_object);
263
264void
265X509_trust_clear(X509 *x)
266{
267 if (x->aux && x->aux->trust) {
268 sk_ASN1_OBJECT_pop_free(x->aux->trust, ASN1_OBJECT_free);
269 x->aux->trust = NULL;
270 }
271}
272LCRYPTO_ALIAS(X509_trust_clear);
273
274void
275X509_reject_clear(X509 *x)
276{
277 if (x->aux && x->aux->reject) {
278 sk_ASN1_OBJECT_pop_free(x->aux->reject, ASN1_OBJECT_free);
279 x->aux->reject = NULL;
280 }
281}
282LCRYPTO_ALIAS(X509_reject_clear);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-06 20:31:43 +0000