diff options
Diffstat (limited to 'crypto/asn1')
73 files changed, 2302 insertions, 1581 deletions
diff --git a/crypto/asn1/a_bitstr.c b/crypto/asn1/a_bitstr.c index f462dd107368..7c256493571e 100644 --- a/crypto/asn1/a_bitstr.c +++ b/crypto/asn1/a_bitstr.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -18,7 +18,7 @@ int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) return ASN1_STRING_set(x, d, len); } -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) +int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) { int ret, j, bits, len; unsigned char *p, *d; @@ -76,8 +76,8 @@ int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) return ret; } -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long len) +ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long len) { ASN1_BIT_STRING *ret = NULL; const unsigned char *p; @@ -134,7 +134,7 @@ ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, *pp = p; return ret; err: - ASN1err(ASN1_F_C2I_ASN1_BIT_STRING, i); + ERR_raise(ERR_LIB_ASN1, i); if ((a == NULL) || (*a != ret)) ASN1_BIT_STRING_free(ret); return NULL; @@ -164,7 +164,7 @@ int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) return 1; /* Don't need to set */ c = OPENSSL_clear_realloc(a->data, a->length, w + 1); if (c == NULL) { - ASN1err(ASN1_F_ASN1_BIT_STRING_SET_BIT, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } if (w + 1 - a->length > 0) diff --git a/crypto/asn1/a_d2i_fp.c b/crypto/asn1/a_d2i_fp.c index a452b3deba08..e8602053f974 100644 --- a/crypto/asn1/a_d2i_fp.c +++ b/crypto/asn1/a_d2i_fp.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -13,6 +13,7 @@ #include "internal/numbers.h" #include <openssl/buffer.h> #include <openssl/asn1.h> +#include "internal/asn1.h" #include "crypto/asn1.h" #ifndef NO_OLD_ASN1 @@ -24,7 +25,7 @@ void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x) void *ret; if ((b = BIO_new(BIO_s_file())) == NULL) { - ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); return NULL; } BIO_set_fp(b, in, BIO_NOCLOSE); @@ -54,39 +55,53 @@ void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x) #endif -void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq) { BUF_MEM *b = NULL; const unsigned char *p; void *ret = NULL; int len; + if (in == NULL) + return NULL; len = asn1_d2i_read_bio(in, &b); if (len < 0) goto err; p = (const unsigned char *)b->data; - ret = ASN1_item_d2i(x, &p, len, it); + ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq); err: BUF_MEM_free(b); return ret; } +void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) +{ + return ASN1_item_d2i_bio_ex(it, in, x, NULL, NULL); +} + #ifndef OPENSSL_NO_STDIO -void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b; char *ret; if ((b = BIO_new(BIO_s_file())) == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); return NULL; } BIO_set_fp(b, in, BIO_NOCLOSE); - ret = ASN1_item_d2i_bio(it, b, x); + ret = ASN1_item_d2i_bio_ex(it, b, x, libctx, propq); BIO_free(b); return ret; } + +void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) +{ + return ASN1_item_d2i_fp_ex(it, in, x, NULL, NULL); +} #endif #define HEADER_SIZE 8 @@ -100,6 +115,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) uint32_t eos = 0; size_t off = 0; size_t len = 0; + size_t diff; const unsigned char *q; long slen; @@ -107,27 +123,28 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) b = BUF_MEM_new(); if (b == NULL) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } - ERR_clear_error(); + ERR_set_mark(); for (;;) { - if (want >= (len - off)) { - want -= (len - off); + diff = len - off; + if (want >= diff) { + want -= diff; if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } i = BIO_read(in, &(b->data[len]), want); - if ((i < 0) && ((len - off) == 0)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA); + if (i < 0 && diff == 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; } if (i > 0) { if (len + i < len) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); goto err; } len += i; @@ -137,15 +154,17 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) p = (unsigned char *)&(b->data[off]); q = p; - inf = ASN1_get_object(&q, &slen, &tag, &xclass, len - off); + diff = len - off; + if (diff == 0) + goto err; + inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff); if (inf & 0x80) { unsigned long e; - e = ERR_GET_REASON(ERR_peek_error()); + e = ERR_GET_REASON(ERR_peek_last_error()); if (e != ASN1_R_TOO_LONG) goto err; - else - ERR_clear_error(); /* clear error */ + ERR_pop_to_mark(); } i = q - p; /* header length */ off += i; /* end of data */ @@ -153,7 +172,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) if (inf & 1) { /* no data body so go round again */ if (eos == UINT32_MAX) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG); goto err; } eos++; @@ -174,7 +193,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) want -= (len - off); if (want > INT_MAX /* BIO_read takes an int length */ || len + want < len) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); goto err; } while (want > 0) { @@ -187,15 +206,14 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) size_t chunk = want > chunk_max ? chunk_max : want; if (!BUF_MEM_grow_clean(b, len + chunk)) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } want -= chunk; while (chunk > 0) { i = BIO_read(in, &(b->data[len]), chunk); if (i <= 0) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, - ASN1_R_NOT_ENOUGH_DATA); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA); goto err; } /* @@ -210,7 +228,7 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) } } if (off + slen < off) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); goto err; } off += slen; @@ -222,13 +240,14 @@ int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) } if (off > INT_MAX) { - ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); goto err; } *pb = b; return off; err: + ERR_clear_last_mark(); BUF_MEM_free(b); return -1; } diff --git a/crypto/asn1/a_digest.c b/crypto/asn1/a_digest.c index cc3532ea7df2..72cc8807799d 100644 --- a/crypto/asn1/a_digest.c +++ b/crypto/asn1/a_digest.c @@ -1,24 +1,29 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <stdio.h> #include <time.h> #include <sys/types.h> #include "internal/cryptlib.h" +#include <openssl/engine.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/buffer.h> #include <openssl/x509.h> +#include "crypto/x509.h" -#ifndef NO_ASN1_OLD +#ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, unsigned char *md, unsigned int *len) @@ -28,11 +33,11 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, inl = i2d(data, NULL); if (inl <= 0) { - ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_INTERNAL_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); return 0; } if ((str = OPENSSL_malloc(inl)) == NULL) { - ASN1err(ASN1_F_ASN1_DIGEST, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } p = str; @@ -48,20 +53,42 @@ int ASN1_digest(i2d_of_void *i2d, const EVP_MD *type, char *data, #endif -int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, - unsigned char *md, unsigned int *len) +int ossl_asn1_item_digest_ex(const ASN1_ITEM *it, const EVP_MD *md, void *asn, + unsigned char *data, unsigned int *len, + OSSL_LIB_CTX *libctx, const char *propq) { - int i; + int i, ret = 0; unsigned char *str = NULL; + EVP_MD *fetched_md = (EVP_MD *)md; i = ASN1_item_i2d(asn, &str, it); - if (!str) + if (i < 0 || str == NULL) return 0; - if (!EVP_Digest(str, i, md, len, type, NULL)) { - OPENSSL_free(str); - return 0; + if (EVP_MD_get0_provider(md) == NULL) { +#if !defined(OPENSSL_NO_ENGINE) + ENGINE *tmpeng = ENGINE_get_digest_engine(EVP_MD_get_type(md)); + + if (tmpeng != NULL) + ENGINE_finish(tmpeng); + else +#endif + fetched_md = EVP_MD_fetch(libctx, EVP_MD_get0_name(md), propq); } + if (fetched_md == NULL) + goto err; + + ret = EVP_Digest(str, i, data, len, fetched_md, NULL); +err: OPENSSL_free(str); - return 1; + if (fetched_md != md) + EVP_MD_free(fetched_md); + return ret; } + +int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *md, void *asn, + unsigned char *data, unsigned int *len) +{ + return ossl_asn1_item_digest_ex(it, md, asn, data, len, NULL, NULL); +} + diff --git a/crypto/asn1/a_dup.c b/crypto/asn1/a_dup.c index 50af6b000609..93e8b2aa8dab 100644 --- a/crypto/asn1/a_dup.c +++ b/crypto/asn1/a_dup.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,11 +9,11 @@ #include <stdio.h> #include "internal/cryptlib.h" -#include <openssl/asn1.h> +#include <openssl/asn1t.h> #ifndef NO_OLD_ASN1 -void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) +void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, const void *x) { unsigned char *b, *p; const unsigned char *p2; @@ -24,9 +24,12 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) return NULL; i = i2d(x, NULL); + if (i <= 0) + return NULL; + b = OPENSSL_malloc(i + 10); if (b == NULL) { - ASN1err(ASN1_F_ASN1_DUP, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } p = b; @@ -46,23 +49,49 @@ void *ASN1_dup(i2d_of_void *i2d, d2i_of_void *d2i, void *x) * decode. */ -void *ASN1_item_dup(const ASN1_ITEM *it, void *x) +void *ASN1_item_dup(const ASN1_ITEM *it, const void *x) { + ASN1_aux_cb *asn1_cb = NULL; unsigned char *b = NULL; const unsigned char *p; long i; - void *ret; + ASN1_VALUE *ret; + OSSL_LIB_CTX *libctx = NULL; + const char *propq = NULL; if (x == NULL) return NULL; + if (it->itype == ASN1_ITYPE_SEQUENCE || it->itype == ASN1_ITYPE_CHOICE + || it->itype == ASN1_ITYPE_NDEF_SEQUENCE) { + const ASN1_AUX *aux = it->funcs; + + asn1_cb = aux != NULL ? aux->asn1_cb : NULL; + } + + if (asn1_cb != NULL) { + if (!asn1_cb(ASN1_OP_DUP_PRE, (ASN1_VALUE **)&x, it, NULL) + || !asn1_cb(ASN1_OP_GET0_LIBCTX, (ASN1_VALUE **)&x, it, &libctx) + || !asn1_cb(ASN1_OP_GET0_PROPQ, (ASN1_VALUE **)&x, it, &propq)) + goto auxerr; + } + i = ASN1_item_i2d(x, &b, it); if (b == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_DUP, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } p = b; - ret = ASN1_item_d2i(NULL, &p, i, it); + ret = ASN1_item_d2i_ex(NULL, &p, i, it, libctx, propq); OPENSSL_free(b); + + if (asn1_cb != NULL + && !asn1_cb(ASN1_OP_DUP_POST, &ret, it, (void *)x)) + goto auxerr; + return ret; + + auxerr: + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_AUX_ERROR, "Type=%s", it->sname); + return NULL; } diff --git a/crypto/asn1/a_gentm.c b/crypto/asn1/a_gentm.c index 133bbb1581cb..0c06ac3c4163 100644 --- a/crypto/asn1/a_gentm.c +++ b/crypto/asn1/a_gentm.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -16,14 +16,18 @@ #include "internal/cryptlib.h" #include <openssl/asn1.h> #include "asn1_local.h" +#include <openssl/asn1t.h> + +IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_GENERALIZEDTIME) /* This is the primary function used to parse ASN1_GENERALIZEDTIME */ -int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d) +static int asn1_generalizedtime_to_tm(struct tm *tm, + const ASN1_GENERALIZEDTIME *d) { - /* wrapper around asn1_time_to_tm */ + /* wrapper around ossl_asn1_time_to_tm */ if (d->type != V_ASN1_GENERALIZEDTIME) return 0; - return asn1_time_to_tm(tm, d); + return ossl_asn1_time_to_tm(tm, d); } int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *d) @@ -71,7 +75,7 @@ ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj(ASN1_GENERALIZEDTIME *s, return NULL; } - return asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME); + return ossl_asn1_time_from_tm(s, ts, V_ASN1_GENERALIZEDTIME); } int ASN1_GENERALIZEDTIME_print(BIO *bp, const ASN1_GENERALIZEDTIME *tm) diff --git a/crypto/asn1/a_i2d_fp.c b/crypto/asn1/a_i2d_fp.c index 980c65a25d2d..4cc4773666c4 100644 --- a/crypto/asn1/a_i2d_fp.c +++ b/crypto/asn1/a_i2d_fp.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -15,13 +15,13 @@ #ifndef NO_OLD_ASN1 # ifndef OPENSSL_NO_STDIO -int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) +int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, const void *x) { BIO *b; int ret; if ((b = BIO_new(BIO_s_file())) == NULL) { - ASN1err(ASN1_F_ASN1_I2D_FP, ERR_R_BUF_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); return 0; } BIO_set_fp(b, out, BIO_NOCLOSE); @@ -31,7 +31,7 @@ int ASN1_i2d_fp(i2d_of_void *i2d, FILE *out, void *x) } # endif -int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) +int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, const void *x) { char *b; unsigned char *p; @@ -43,7 +43,7 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) b = OPENSSL_malloc(n); if (b == NULL) { - ASN1err(ASN1_F_ASN1_I2D_BIO, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } @@ -68,13 +68,13 @@ int ASN1_i2d_bio(i2d_of_void *i2d, BIO *out, unsigned char *x) #endif #ifndef OPENSSL_NO_STDIO -int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) +int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, const void *x) { BIO *b; int ret; if ((b = BIO_new(BIO_s_file())) == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_I2D_FP, ERR_R_BUF_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB); return 0; } BIO_set_fp(b, out, BIO_NOCLOSE); @@ -84,14 +84,14 @@ int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) } #endif -int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) +int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, const void *x) { unsigned char *b = NULL; int i, j = 0, n, ret = 1; n = ASN1_item_i2d(x, &b, it); if (b == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_I2D_BIO, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } @@ -109,3 +109,21 @@ int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) OPENSSL_free(b); return ret; } + +BIO *ASN1_item_i2d_mem_bio(const ASN1_ITEM *it, const ASN1_VALUE *val) +{ + BIO *res; + + if (it == NULL || val == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + + if ((res = BIO_new(BIO_s_mem())) == NULL) + return NULL; + if (ASN1_item_i2d_bio(it, res, val) <= 0) { + BIO_free(res); + res = NULL; + } + return res; +} diff --git a/crypto/asn1/a_int.c b/crypto/asn1/a_int.c index 9c1a9f52b5e6..19e41ec73e35 100644 --- a/crypto/asn1/a_int.c +++ b/crypto/asn1/a_int.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -79,8 +79,14 @@ static void twos_complement(unsigned char *dst, const unsigned char *src, unsigned int carry = pad & 1; /* Begin at the end of the encoding */ - dst += len; - src += len; + if (len != 0) { + /* + * if len == 0 then src/dst could be NULL, and this would be undefined + * behaviour. + */ + dst += len; + src += len; + } /* two's complement value: ~value + 1 */ while (len-- != 0) { *(--dst) = (unsigned char)(carry += *(--src) ^ pad); @@ -151,7 +157,7 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg, int neg, pad; /* Zero content length is illegal */ if (plen == 0) { - ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); return 0; } neg = p[0] & 0x80; @@ -184,7 +190,7 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg, } /* reject illegal padding: first two octets MSB can't match */ if (pad && (neg == (p[1] & 0x80))) { - ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING); return 0; } @@ -198,7 +204,7 @@ static size_t c2i_ibuf(unsigned char *b, int *pneg, return plen; } -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) +int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) { return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp); } @@ -210,7 +216,7 @@ static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen) uint64_t r; if (blen > sizeof(*pr)) { - ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } if (b == NULL) @@ -262,14 +268,14 @@ static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, * on ones'-complement system. */ *pr = (int64_t)(0 - r); } else { - ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); return 0; } } else { if (r <= INT64_MAX) { *pr = (int64_t)r; } else { - ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } } @@ -277,8 +283,8 @@ static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen, } /* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */ -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long len) +ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long len) { ASN1_INTEGER *ret = NULL; size_t r; @@ -302,16 +308,18 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, c2i_ibuf(ret->data, &neg, *pp, len); - if (neg) + if (neg != 0) ret->type |= V_ASN1_NEG; + else + ret->type &= ~V_ASN1_NEG; *pp += len; if (a != NULL) (*a) = ret; return ret; err: - ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); - if ((a == NULL) || (*a != ret)) + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); + if (a == NULL || *a != ret) ASN1_INTEGER_free(ret); return NULL; } @@ -319,11 +327,11 @@ ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype) { if (a == NULL) { - ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER); + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); return 0; } if ((a->type & ~V_ASN1_NEG) != itype) { - ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE); return 0; } return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG); @@ -354,15 +362,15 @@ static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a, int itype) { if (a == NULL) { - ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER); + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); return 0; } if ((a->type & ~V_ASN1_NEG) != itype) { - ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE); return 0; } if (a->type & V_ASN1_NEG) { - ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); return 0; } return asn1_get_uint64(pr, a->data, a->length); @@ -390,7 +398,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, ASN1_INTEGER *ret = NULL; const unsigned char *p; unsigned char *s; - long len; + long len = 0; int inf, tag, xclass; int i; @@ -413,6 +421,10 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, goto err; } + if (len < 0) { + i = ASN1_R_ILLEGAL_NEGATIVE_VALUE; + goto err; + } /* * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies * a missing NULL parameter. @@ -440,7 +452,7 @@ ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, *pp = p; return ret; err: - ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i); + ERR_raise(ERR_LIB_ASN1, i); if ((a == NULL) || (*a != ret)) ASN1_INTEGER_free(ret); return NULL; @@ -460,7 +472,7 @@ static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, } if (ret == NULL) { - ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -473,7 +485,7 @@ static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai, len = 1; if (ASN1_STRING_set(ret, NULL, len) == 0) { - ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } @@ -496,13 +508,13 @@ static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn, BIGNUM *ret; if ((ai->type & ~V_ASN1_NEG) != itype) { - ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE); return NULL; } ret = BN_bin2bn(ai->data, ai->length, bn); if (ret == NULL) { - ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB); return NULL; } if (ai->type & V_ASN1_NEG) @@ -603,7 +615,8 @@ BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn) } /* Internal functions used by x_int64.c */ -int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len) +int ossl_c2i_uint64_int(uint64_t *ret, int *neg, + const unsigned char **pp, long len) { unsigned char buf[sizeof(uint64_t)]; size_t buflen; @@ -612,14 +625,14 @@ int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len) if (buflen == 0) return 0; if (buflen > sizeof(uint64_t)) { - ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } (void)c2i_ibuf(buf, neg, *pp, len); return asn1_get_uint64(ret, buf, buflen); } -int i2c_uint64_int(unsigned char *p, uint64_t r, int neg) +int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg) { unsigned char buf[sizeof(uint64_t)]; size_t off; diff --git a/crypto/asn1/a_mbstr.c b/crypto/asn1/a_mbstr.c index bdb697ab30c1..22dea873eeba 100644 --- a/crypto/asn1/a_mbstr.c +++ b/crypto/asn1/a_mbstr.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -10,6 +10,7 @@ #include <stdio.h> #include "crypto/ctype.h" #include "internal/cryptlib.h" +#include "internal/unicode.h" #include <openssl/asn1.h> static int traverse_string(const unsigned char *p, int len, int inform, @@ -49,20 +50,20 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, ASN1_STRING *dest; unsigned char *p; int nchar; - char strbuf[32]; int (*cpyfunc) (unsigned long, void *) = NULL; if (len == -1) len = strlen((const char *)in); if (!mask) mask = DIRSTRING_TYPE; + if (len < 0) + return -1; /* First do a string check and work out the number of characters */ switch (inform) { case MBSTRING_BMP: if (len & 1) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, - ASN1_R_INVALID_BMPSTRING_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH); return -1; } nchar = len >> 1; @@ -70,8 +71,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, case MBSTRING_UNIV: if (len & 3) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, - ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); return -1; } nchar = len >> 2; @@ -82,7 +82,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* This counts the characters and does utf8 syntax checking */ ret = traverse_string(in, len, MBSTRING_UTF8, in_utf8, &nchar); if (ret < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_INVALID_UTF8STRING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UTF8STRING); return -1; } break; @@ -92,27 +92,25 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, break; default: - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_UNKNOWN_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } if ((minsize > 0) && (nchar < minsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_SHORT); - BIO_snprintf(strbuf, sizeof(strbuf), "%ld", minsize); - ERR_add_error_data(2, "minsize=", strbuf); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_SHORT, + "minsize=%ld", minsize); return -1; } if ((maxsize > 0) && (nchar > maxsize)) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_STRING_TOO_LONG); - BIO_snprintf(strbuf, sizeof(strbuf), "%ld", maxsize); - ERR_add_error_data(2, "maxsize=", strbuf); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_STRING_TOO_LONG, + "maxsize=%ld", maxsize); return -1; } /* Now work out minimal type (if any) */ if (traverse_string(in, len, inform, type_str, &mask) < 0) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ASN1_R_ILLEGAL_CHARACTERS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_CHARACTERS); return -1; } @@ -149,7 +147,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, free_out = 1; dest = ASN1_STRING_type_new(str_type); if (dest == NULL) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } *out = dest; @@ -157,7 +155,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, /* If both the same type just copy across */ if (inform == outform) { if (!ASN1_STRING_set(dest, in, len)) { - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } return str_type; @@ -189,7 +187,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, if ((p = OPENSSL_malloc(outlen + 1)) == NULL) { if (free_out) ASN1_STRING_free(dest); - ASN1err(ASN1_F_ASN1_MBSTRING_NCOPY, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } dest->length = outlen; @@ -247,6 +245,9 @@ static int traverse_string(const unsigned char *p, int len, int inform, static int in_utf8(unsigned long value, void *arg) { int *nchar; + + if (!is_unicode_valid(value)) + return -2; nchar = arg; (*nchar)++; return 1; @@ -256,9 +257,13 @@ static int in_utf8(unsigned long value, void *arg) static int out_utf8(unsigned long value, void *arg) { - int *outlen; + int *outlen, len; + + len = UTF8_putc(NULL, -1, value); + if (len <= 0) + return len; outlen = arg; - *outlen += UTF8_putc(NULL, -1, value); + *outlen += len; return 1; } @@ -283,6 +288,8 @@ static int type_str(unsigned long value, void *arg) types &= ~B_ASN1_T61STRING; if ((types & B_ASN1_BMPSTRING) && (value > 0xffff)) types &= ~B_ASN1_BMPSTRING; + if ((types & B_ASN1_UTF8STRING) && !is_unicode_valid(value)) + types &= ~B_ASN1_UTF8STRING; if (!types) return -1; *((unsigned long *)arg) = types; diff --git a/crypto/asn1/a_object.c b/crypto/asn1/a_object.c index 8ade9e50a7cb..c96c36e73029 100644 --- a/crypto/asn1/a_object.c +++ b/crypto/asn1/a_object.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -32,7 +32,7 @@ int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp) if (*pp == NULL) { if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) { - ASN1err(ASN1_F_I2D_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } } else { @@ -70,12 +70,12 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) if ((c >= '0') && (c <= '2')) { first = c - '0'; } else { - ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_FIRST_NUM_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_FIRST_NUM_TOO_LARGE); goto err; } if (num <= 0) { - ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_MISSING_SECOND_NUMBER); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_SECOND_NUMBER); goto err; } c = *(p++); @@ -84,7 +84,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) if (num <= 0) break; if ((c != '.') && (c != ' ')) { - ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_SEPARATOR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_SEPARATOR); goto err; } l = 0; @@ -97,7 +97,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) if ((c == ' ') || (c == '.')) break; if (!ossl_isdigit(c)) { - ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_INVALID_DIGIT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_DIGIT); goto err; } if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) { @@ -116,8 +116,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) } if (len == 0) { if ((first < 2) && (l >= 40)) { - ASN1err(ASN1_F_A2D_ASN1_OBJECT, - ASN1_R_SECOND_NUMBER_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_SECOND_NUMBER_TOO_LARGE); goto err; } if (use_bn) { @@ -136,8 +135,10 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) OPENSSL_free(tmp); tmpsize = blsize + 32; tmp = OPENSSL_malloc(tmpsize); - if (tmp == NULL) + if (tmp == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; + } } while (blsize--) { BN_ULONG t = BN_div_word(bl, 0x80L); @@ -157,7 +158,7 @@ int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) } if (out != NULL) { if (len + i > olen) { - ASN1err(ASN1_F_A2D_ASN1_OBJECT, ASN1_R_BUFFER_TOO_SMALL); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BUFFER_TOO_SMALL); goto err; } while (--i > 0) @@ -191,8 +192,12 @@ int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a) return BIO_write(bp, "NULL", 4); i = i2t_ASN1_OBJECT(buf, sizeof(buf), a); if (i > (int)(sizeof(buf) - 1)) { + if (i > INT_MAX - 1) { /* catch an integer overflow */ + ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG); + return -1; + } if ((p = OPENSSL_malloc(i + 1)) == NULL) { - ASN1err(ASN1_F_I2A_ASN1_OBJECT, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } i2t_ASN1_OBJECT(p, i + 1, a); @@ -227,17 +232,17 @@ ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, i = ASN1_R_EXPECTING_AN_OBJECT; goto err; } - ret = c2i_ASN1_OBJECT(a, &p, len); + ret = ossl_c2i_ASN1_OBJECT(a, &p, len); if (ret) *pp = p; return ret; err: - ASN1err(ASN1_F_D2I_ASN1_OBJECT, i); + ERR_raise(ERR_LIB_ASN1, i); return NULL; } -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long len) +ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long len) { ASN1_OBJECT *ret = NULL, tobj; const unsigned char *p; @@ -251,7 +256,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, */ if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL || p[len - 1] & 0x80) { - ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } /* Now 0 < len <= INT_MAX, so the cast is safe. */ @@ -281,7 +286,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, } for (i = 0; i < length; i++, p++) { if (*p == 0x80 && (!i || !(p[-1] & 0x80))) { - ASN1err(ASN1_F_C2I_ASN1_OBJECT, ASN1_R_INVALID_OBJECT_ENCODING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING); return NULL; } } @@ -329,7 +334,7 @@ ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, *pp = p; return ret; err: - ASN1err(ASN1_F_C2I_ASN1_OBJECT, i); + ERR_raise(ERR_LIB_ASN1, i); if ((a == NULL) || (*a != ret)) ASN1_OBJECT_free(ret); return NULL; @@ -341,7 +346,7 @@ ASN1_OBJECT *ASN1_OBJECT_new(void) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ASN1err(ASN1_F_ASN1_OBJECT_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } ret->flags = ASN1_OBJECT_FLAG_DYNAMIC; @@ -353,9 +358,11 @@ void ASN1_OBJECT_free(ASN1_OBJECT *a) if (a == NULL) return; if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) { -#ifndef CONST_STRICT /* disable purely for compile-time strict - * const checking. Doing this on a "real" - * compile will cause memory leaks */ +#ifndef CONST_STRICT + /* + * Disable purely for compile-time strict const checking. Doing this + * on a "real" compile will cause memory leaks + */ OPENSSL_free((void*)a->sn); OPENSSL_free((void*)a->ln); #endif diff --git a/crypto/asn1/a_octet.c b/crypto/asn1/a_octet.c index 2e1205caea00..fcb2ef0a7d08 100644 --- a/crypto/asn1/a_octet.c +++ b/crypto/asn1/a_octet.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/a_print.c b/crypto/asn1/a_print.c index 3790e82bb13a..d2768f74bdcd 100644 --- a/crypto/asn1/a_print.c +++ b/crypto/asn1/a_print.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/a_sign.c b/crypto/asn1/a_sign.c index 72381b665551..302045cfcdfa 100644 --- a/crypto/asn1/a_sign.c +++ b/crypto/asn1/a_sign.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -18,10 +18,11 @@ #include <openssl/x509.h> #include <openssl/objects.h> #include <openssl/buffer.h> +#include <openssl/core_names.h> #include "crypto/asn1.h" #include "crypto/evp.h" -#ifndef NO_ASN1_OLD +#ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, @@ -34,7 +35,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, X509_ALGOR *a; if (ctx == NULL) { - ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } for (i = 0; i < 2; i++) { @@ -61,27 +62,27 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, ASN1_OBJECT_free(a->algorithm); a->algorithm = OBJ_nid2obj(type->pkey_type); if (a->algorithm == NULL) { - ASN1err(ASN1_F_ASN1_SIGN, ASN1_R_UNKNOWN_OBJECT_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_OBJECT_TYPE); goto err; } if (a->algorithm->length == 0) { - ASN1err(ASN1_F_ASN1_SIGN, - ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); + ERR_raise(ERR_LIB_ASN1, + ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); goto err; } } inl = i2d(data, NULL); if (inl <= 0) { - ASN1err(ASN1_F_ASN1_SIGN, ERR_R_INTERNAL_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); goto err; } inll = (size_t)inl; buf_in = OPENSSL_malloc(inll); - outll = outl = EVP_PKEY_size(pkey); + outll = outl = EVP_PKEY_get_size(pkey); buf_out = OPENSSL_malloc(outll); if (buf_in == NULL || buf_out == NULL) { outl = 0; - ASN1err(ASN1_F_ASN1_SIGN, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } p = buf_in; @@ -92,7 +93,7 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, || !EVP_SignFinal(ctx, (unsigned char *)buf_out, (unsigned int *)&outl, pkey)) { outl = 0; - ASN1err(ASN1_F_ASN1_SIGN, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } OPENSSL_free(signature->data); @@ -114,54 +115,104 @@ int ASN1_sign(i2d_of_void *i2d, X509_ALGOR *algor1, X509_ALGOR *algor2, #endif -int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, - X509_ALGOR *algor2, ASN1_BIT_STRING *signature, void *asn, - EVP_PKEY *pkey, const EVP_MD *type) +int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, + ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey, const EVP_MD *md) { - int rv; - EVP_MD_CTX *ctx = EVP_MD_CTX_new(); + return ASN1_item_sign_ex(it, algor1, algor2, signature, data, NULL, pkey, + md, NULL, NULL); +} + +int ASN1_item_sign_ex(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, const ASN1_OCTET_STRING *id, + EVP_PKEY *pkey, const EVP_MD *md, OSSL_LIB_CTX *libctx, + const char *propq) +{ + int rv = 0; + EVP_MD_CTX *ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq); if (ctx == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN, ERR_R_MALLOC_FAILURE); - return 0; - } - if (!EVP_DigestSignInit(ctx, NULL, type, NULL, pkey)) { - EVP_MD_CTX_free(ctx); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } + /* We can use the non _ex variant here since the pkey is already setup */ + if (!EVP_DigestSignInit(ctx, NULL, md, NULL, pkey)) + goto err; - rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, asn, ctx); + rv = ASN1_item_sign_ctx(it, algor1, algor2, signature, data, ctx); + err: + EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); EVP_MD_CTX_free(ctx); return rv; } -int ASN1_item_sign_ctx(const ASN1_ITEM *it, - X509_ALGOR *algor1, X509_ALGOR *algor2, - ASN1_BIT_STRING *signature, void *asn, EVP_MD_CTX *ctx) +int ASN1_item_sign_ctx(const ASN1_ITEM *it, X509_ALGOR *algor1, + X509_ALGOR *algor2, ASN1_BIT_STRING *signature, + const void *data, EVP_MD_CTX *ctx) { - const EVP_MD *type; + const EVP_MD *md; EVP_PKEY *pkey; unsigned char *buf_in = NULL, *buf_out = NULL; size_t inl = 0, outl = 0, outll = 0; int signid, paramtype, buf_len = 0; - int rv; + int rv, pkey_id; - type = EVP_MD_CTX_md(ctx); - pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_pkey_ctx(ctx)); + md = EVP_MD_CTX_get0_md(ctx); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); if (pkey == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); goto err; } if (pkey->ameth == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); - goto err; - } + EVP_PKEY_CTX *pctx = EVP_MD_CTX_get_pkey_ctx(ctx); + OSSL_PARAM params[2]; + unsigned char aid[128]; + size_t aid_len = 0; + + if (pctx == NULL + || !EVP_PKEY_CTX_IS_SIGNATURE_OP(pctx)) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); + goto err; + } - if (pkey->ameth->item_sign) { - rv = pkey->ameth->item_sign(ctx, it, asn, algor1, algor2, signature); + params[0] = + OSSL_PARAM_construct_octet_string(OSSL_SIGNATURE_PARAM_ALGORITHM_ID, + aid, sizeof(aid)); + params[1] = OSSL_PARAM_construct_end(); + + if (EVP_PKEY_CTX_get_params(pctx, params) <= 0) + goto err; + + if ((aid_len = params[0].return_size) == 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + goto err; + } + + if (algor1 != NULL) { + const unsigned char *pp = aid; + + if (d2i_X509_ALGOR(&algor1, &pp, aid_len) == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + if (algor2 != NULL) { + const unsigned char *pp = aid; + + if (d2i_X509_ALGOR(&algor2, &pp, aid_len) == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); + goto err; + } + } + + rv = 3; + } else if (pkey->ameth->item_sign) { + rv = pkey->ameth->item_sign(ctx, it, data, algor1, algor2, signature); if (rv == 1) outl = signature->length; /*- @@ -172,7 +223,7 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, * 3: ASN1 method sets algorithm identifiers: just sign. */ if (rv <= 0) - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); if (rv <= 1) goto err; } else { @@ -180,15 +231,19 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, } if (rv == 2) { - if (type == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ASN1_R_CONTEXT_NOT_INITIALISED); + if (md == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_CONTEXT_NOT_INITIALISED); goto err; } - if (!OBJ_find_sigid_by_algs(&signid, - EVP_MD_nid(type), - pkey->ameth->pkey_id)) { - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, - ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + + pkey_id = +#ifndef OPENSSL_NO_SM2 + EVP_PKEY_get_id(pkey) == NID_sm2 ? NID_sm2 : +#endif + pkey->ameth->pkey_id; + + if (!OBJ_find_sigid_by_algs(&signid, EVP_MD_nid(md), pkey_id)) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); goto err; } @@ -204,24 +259,29 @@ int ASN1_item_sign_ctx(const ASN1_ITEM *it, } - buf_len = ASN1_item_i2d(asn, &buf_in, it); + buf_len = ASN1_item_i2d(data, &buf_in, it); if (buf_len <= 0) { outl = 0; - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_INTERNAL_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); goto err; } inl = buf_len; - outll = outl = EVP_PKEY_size(pkey); + if (!EVP_DigestSign(ctx, NULL, &outll, buf_in, inl)) { + outl = 0; + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + goto err; + } + outl = outll; buf_out = OPENSSL_malloc(outll); if (buf_in == NULL || buf_out == NULL) { outl = 0; - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } if (!EVP_DigestSign(ctx, buf_out, &outl, buf_in, inl)) { outl = 0; - ASN1err(ASN1_F_ASN1_ITEM_SIGN_CTX, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } OPENSSL_free(signature->data); diff --git a/crypto/asn1/a_strex.c b/crypto/asn1/a_strex.c index 284dde274c9f..b31761aae6f5 100644 --- a/crypto/asn1/a_strex.c +++ b/crypto/asn1/a_strex.c @@ -1,7 +1,7 @@ /* * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -32,7 +32,7 @@ ASN1_STRFLGS_ESC_MSB) /* - * Three IO functions for sending data to memory, a BIO and and a FILE + * Three IO functions for sending data to memory, a BIO and a FILE * pointer. */ static int send_bio_chars(void *arg, const void *buf, int len) @@ -152,13 +152,13 @@ static int do_buf(unsigned char *buf, int buflen, switch (charwidth) { case 4: if (buflen & 3) { - ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_UNIVERSALSTRING_LENGTH); return -1; } break; case 2: if (buflen & 1) { - ASN1err(ASN1_F_DO_BUF, ASN1_R_INVALID_BMPSTRING_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BMPSTRING_LENGTH); return -1; } break; @@ -283,7 +283,7 @@ static int do_dump(unsigned long lflags, char_io *io_ch, void *arg, if (der_len <= 0) return -1; if ((der_buf = OPENSSL_malloc(der_len)) == NULL) { - ASN1err(ASN1_F_DO_DUMP, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } p = der_buf; diff --git a/crypto/asn1/a_strnid.c b/crypto/asn1/a_strnid.c index f19a9de647b1..9e54db929282 100644 --- a/crypto/asn1/a_strnid.c +++ b/crypto/asn1/a_strnid.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -51,7 +51,7 @@ int ASN1_STRING_set_default_mask_asc(const char *p) char *end; if (strncmp(p, "MASK:", 5) == 0) { - if (!p[5]) + if (p[5] == '\0') return 0; mask = strtoul(p + 5, &end, 0); if (*end) @@ -129,6 +129,9 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) int idx; ASN1_STRING_TABLE fnd; + /* "stable" can be impacted by config, so load the config file first */ + OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CONFIG, NULL); + fnd.nid = nid; if (stable) { idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); @@ -157,7 +160,7 @@ static ASN1_STRING_TABLE *stable_get(int nid) if (tmp != NULL && tmp->flags & STABLE_FLAGS_MALLOC) return tmp; if ((rv = OPENSSL_zalloc(sizeof(*rv))) == NULL) { - ASN1err(ASN1_F_STABLE_GET, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } if (!sk_ASN1_STRING_TABLE_push(stable, rv)) { @@ -187,7 +190,7 @@ int ASN1_STRING_TABLE_add(int nid, tmp = stable_get(nid); if (tmp == NULL) { - ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } if (minsize >= 0) diff --git a/crypto/asn1/a_time.c b/crypto/asn1/a_time.c index 54e0de1931c2..9b3074e47e84 100644 --- a/crypto/asn1/a_time.c +++ b/crypto/asn1/a_time.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -16,6 +16,7 @@ #include <stdio.h> #include <time.h> +#include "crypto/asn1.h" #include "crypto/ctype.h" #include "internal/cryptlib.h" #include <openssl/asn1t.h> @@ -24,6 +25,7 @@ IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) +IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_TIME) static int is_utc(const int year) { @@ -71,7 +73,7 @@ static void determine_days(struct tm *tm) tm->tm_wday = (d + (13 * m) / 5 + y + y / 4 + c / 4 + 5 * c + 6) % 7; } -int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) +int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) { static const int min[9] = { 0, 0, 1, 1, 0, 0, 0, 0, 0 }; static const int max[9] = { 99, 99, 12, 31, 23, 59, 59, 12, 59 }; @@ -128,14 +130,14 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) i++; break; } - if (!ascii_isdigit(a[o])) + if (!ossl_ascii_isdigit(a[o])) goto err; n = a[o] - num_zero; /* incomplete 2-digital number */ if (++o == l) goto err; - if (!ascii_isdigit(a[o])) + if (!ossl_ascii_isdigit(a[o])) goto err; n = (n * 10) + a[o] - num_zero; /* no more bytes to read, but we haven't seen time-zone yet */ @@ -196,7 +198,7 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (++o == l) goto err; i = o; - while ((o < l) && ascii_isdigit(a[o])) + while ((o < l) && ossl_ascii_isdigit(a[o])) o++; /* Must have at least one digit after decimal point */ if (i == o) @@ -227,11 +229,11 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) if (o + 4 != l) goto err; for (i = end; i < end + 2; i++) { - if (!ascii_isdigit(a[o])) + if (!ossl_ascii_isdigit(a[o])) goto err; n = a[o] - num_zero; o++; - if (!ascii_isdigit(a[o])) + if (!ossl_ascii_isdigit(a[o])) goto err; n = (n * 10) + a[o] - num_zero; i2 = (d->type == V_ASN1_UTCTIME) ? i + 1 : i; @@ -262,7 +264,7 @@ int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d) return 0; } -ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) +ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type) { char* p; ASN1_TIME *tmps = NULL; @@ -327,14 +329,14 @@ ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, ts = OPENSSL_gmtime(&t, &data); if (ts == NULL) { - ASN1err(ASN1_F_ASN1_TIME_ADJ, ASN1_R_ERROR_GETTING_TIME); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_GETTING_TIME); return NULL; } if (offset_day || offset_sec) { if (!OPENSSL_gmtime_adj(ts, offset_day, offset_sec)) return NULL; } - return asn1_time_from_tm(s, ts, V_ASN1_UNDEF); + return ossl_asn1_time_from_tm(s, ts, V_ASN1_UNDEF); } int ASN1_TIME_check(const ASN1_TIME *t) @@ -359,7 +361,7 @@ ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(const ASN1_TIME *t, if (out != NULL) ret = *out; - ret = asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME); + ret = ossl_asn1_time_from_tm(ret, &tm, V_ASN1_GENERALIZEDTIME); if (out != NULL && ret != NULL) *out = ret; @@ -408,7 +410,7 @@ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) */ if (s != NULL && t.type == V_ASN1_GENERALIZEDTIME) { - if (!asn1_time_to_tm(&tm, &t)) + if (!ossl_asn1_time_to_tm(&tm, &t)) goto out; if (is_utc(tm.tm_year)) { t.length -= 2; @@ -418,8 +420,10 @@ int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str) * new t.data would be freed after ASN1_STRING_copy is done. */ t.data = OPENSSL_zalloc(t.length + 1); - if (t.data == NULL) + if (t.data == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto out; + } memcpy(t.data, str + 2, t.length); t.type = V_ASN1_UTCTIME; } @@ -446,7 +450,7 @@ int ASN1_TIME_to_tm(const ASN1_TIME *s, struct tm *tm) return 0; } - return asn1_time_to_tm(tm, s); + return ossl_asn1_time_to_tm(tm, s); } int ASN1_TIME_diff(int *pday, int *psec, @@ -466,17 +470,31 @@ static const char _asn1_mon[12][4] = { "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; +/* prints the time with the default date format (RFC 822) */ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) { + return ASN1_TIME_print_ex(bp, tm, ASN1_DTFLGS_RFC822); +} + +/* returns 1 on success, 0 on BIO write error or parse failure */ +int ASN1_TIME_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) +{ + return ossl_asn1_time_print_ex(bp, tm, flags) > 0; +} + + +/* prints the time with the date format of ISO 8601 */ +/* returns 0 on BIO write error, else -1 in case of parse failure, else 1 */ +int ossl_asn1_time_print_ex(BIO *bp, const ASN1_TIME *tm, unsigned long flags) +{ char *v; int gmt = 0, l; struct tm stm; const char upper_z = 0x5A, period = 0x2E; - if (!asn1_time_to_tm(&stm, tm)) { - /* asn1_time_to_tm will check the time type */ - goto err; - } + /* ossl_asn1_time_to_tm will check the time type */ + if (!ossl_asn1_time_to_tm(&stm, tm)) + return BIO_write(bp, "Bad time value", 14) ? -1 : 0; l = tm->length; v = (char *)tm->data; @@ -494,23 +512,38 @@ int ASN1_TIME_print(BIO *bp, const ASN1_TIME *tm) if (tm->length > 15 && v[14] == period) { f = &v[14]; f_len = 1; - while (14 + f_len < l && ascii_isdigit(f[f_len])) + while (14 + f_len < l && ossl_ascii_isdigit(f[f_len])) ++f_len; } - return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%.*s%s", + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, f_len, f, + (gmt ? "Z" : "")) > 0; + } + else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d%.*s %d%s", _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, stm.tm_min, stm.tm_sec, f_len, f, stm.tm_year + 1900, (gmt ? " GMT" : "")) > 0; + } } else { - return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", + if ((flags & ASN1_DTFLGS_TYPE_MASK) == ASN1_DTFLGS_ISO8601) { + return BIO_printf(bp, "%4d-%02d-%02d %02d:%02d:%02d%s", + stm.tm_year + 1900, stm.tm_mon + 1, + stm.tm_mday, stm.tm_hour, + stm.tm_min, stm.tm_sec, + (gmt ? "Z" : "")) > 0; + } + else { + return BIO_printf(bp, "%s %2d %02d:%02d:%02d %d%s", _asn1_mon[stm.tm_mon], stm.tm_mday, stm.tm_hour, stm.tm_min, stm.tm_sec, stm.tm_year + 1900, (gmt ? " GMT" : "")) > 0; + } } - err: - BIO_write(bp, "Bad time value", 14); - return 0; } int ASN1_TIME_cmp_time_t(const ASN1_TIME *s, time_t t) @@ -541,7 +574,7 @@ int ASN1_TIME_normalize(ASN1_TIME *t) if (!ASN1_TIME_to_tm(t, &tm)) return 0; - return asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL; + return ossl_asn1_time_from_tm(t, &tm, V_ASN1_UNDEF) != NULL; } int ASN1_TIME_compare(const ASN1_TIME *a, const ASN1_TIME *b) diff --git a/crypto/asn1/a_type.c b/crypto/asn1/a_type.c index 4a96315df03b..6b638bd80c18 100644 --- a/crypto/asn1/a_type.c +++ b/crypto/asn1/a_type.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -29,7 +29,7 @@ void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) && a->type != V_ASN1_NULL && a->value.ptr != NULL) { ASN1_TYPE **tmp_a = &a; - asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); + ossl_asn1_primitive_free((ASN1_VALUE **)tmp_a, NULL, 0); } a->type = type; if (type == V_ASN1_BOOLEAN) diff --git a/crypto/asn1/a_utctm.c b/crypto/asn1/a_utctm.c index 0ff37b16c51f..323941ba97e2 100644 --- a/crypto/asn1/a_utctm.c +++ b/crypto/asn1/a_utctm.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -12,19 +12,22 @@ #include "internal/cryptlib.h" #include <openssl/asn1.h> #include "asn1_local.h" +#include <openssl/asn1t.h> + +IMPLEMENT_ASN1_DUP_FUNCTION(ASN1_UTCTIME) /* This is the primary function used to parse ASN1_UTCTIME */ -int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) +int ossl_asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d) { - /* wrapper around ans1_time_to_tm */ + /* wrapper around ossl_asn1_time_to_tm */ if (d->type != V_ASN1_UTCTIME) return 0; - return asn1_time_to_tm(tm, d); + return ossl_asn1_time_to_tm(tm, d); } int ASN1_UTCTIME_check(const ASN1_UTCTIME *d) { - return asn1_utctime_to_tm(NULL, d); + return ossl_asn1_utctime_to_tm(NULL, d); } /* Sets the string via simple copy without cleaning it up */ @@ -66,7 +69,7 @@ ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, return NULL; } - return asn1_time_from_tm(s, ts, V_ASN1_UTCTIME); + return ossl_asn1_time_from_tm(s, ts, V_ASN1_UTCTIME); } int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) @@ -74,7 +77,7 @@ int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t) struct tm stm, ttm; int day, sec; - if (!asn1_utctime_to_tm(&stm, s)) + if (!ossl_asn1_utctime_to_tm(&stm, s)) return -2; if (OPENSSL_gmtime(&t, &ttm) == NULL) diff --git a/crypto/asn1/a_utf8.c b/crypto/asn1/a_utf8.c index e2dc09f6aee5..6572726cf1e5 100644 --- a/crypto/asn1/a_utf8.c +++ b/crypto/asn1/a_utf8.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,6 +9,7 @@ #include <stdio.h> #include "internal/cryptlib.h" +#include "internal/unicode.h" #include <openssl/asn1.h> /* UTF8 utilities */ @@ -58,6 +59,8 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val) value |= *p++ & 0x3f; if (value < 0x800) return -4; + if (is_unicode_surrogate(value)) + return -2; ret = 3; } else if ((*p & 0xf8) == 0xf0) { if (len < 4) @@ -73,40 +76,6 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val) if (value < 0x10000) return -4; ret = 4; - } else if ((*p & 0xfc) == 0xf8) { - if (len < 5) - return -1; - if (((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) - || ((p[4] & 0xc0) != 0x80)) - return -3; - value = ((unsigned long)(*p++ & 0x3)) << 24; - value |= ((unsigned long)(*p++ & 0x3f)) << 18; - value |= ((unsigned long)(*p++ & 0x3f)) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if (value < 0x200000) - return -4; - ret = 5; - } else if ((*p & 0xfe) == 0xfc) { - if (len < 6) - return -1; - if (((p[1] & 0xc0) != 0x80) - || ((p[2] & 0xc0) != 0x80) - || ((p[3] & 0xc0) != 0x80) - || ((p[4] & 0xc0) != 0x80) - || ((p[5] & 0xc0) != 0x80)) - return -3; - value = ((unsigned long)(*p++ & 0x1)) << 30; - value |= ((unsigned long)(*p++ & 0x3f)) << 24; - value |= ((unsigned long)(*p++ & 0x3f)) << 18; - value |= ((unsigned long)(*p++ & 0x3f)) << 12; - value |= (*p++ & 0x3f) << 6; - value |= *p++ & 0x3f; - if (value < 0x4000000) - return -4; - ret = 6; } else return -2; *val = value; @@ -116,15 +85,15 @@ int UTF8_getc(const unsigned char *str, int len, unsigned long *val) /* * This takes a character 'value' and writes the UTF8 encoded value in 'str' * where 'str' is a buffer containing 'len' characters. Returns the number of - * characters written or -1 if 'len' is too small. 'str' can be set to NULL - * in which case it just returns the number of characters. It will need at - * most 6 characters. + * characters written, -1 if 'len' is too small or -2 if 'value' is out of + * range. 'str' can be set to NULL in which case it just returns the number of + * characters. It will need at most 4 characters. */ int UTF8_putc(unsigned char *str, int len, unsigned long value) { if (!str) - len = 6; /* Maximum we will need */ + len = 4; /* Maximum we will need */ else if (len <= 0) return -1; if (value < 0x80) { @@ -142,6 +111,8 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) return 2; } if (value < 0x10000) { + if (is_unicode_surrogate(value)) + return -2; if (len < 3) return -1; if (str) { @@ -151,7 +122,7 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) } return 3; } - if (value < 0x200000) { + if (value < UNICODE_LIMIT) { if (len < 4) return -1; if (str) { @@ -162,27 +133,5 @@ int UTF8_putc(unsigned char *str, int len, unsigned long value) } return 4; } - if (value < 0x4000000) { - if (len < 5) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); - *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 5; - } - if (len < 6) - return -1; - if (str) { - *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); - *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); - *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); - *str = (unsigned char)((value & 0x3f) | 0x80); - } - return 6; + return -2; } diff --git a/crypto/asn1/a_verify.c b/crypto/asn1/a_verify.c index 4b5f54234fa5..9bf9bdd14ecc 100644 --- a/crypto/asn1/a_verify.c +++ b/crypto/asn1/a_verify.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -20,8 +20,9 @@ #include <openssl/evp.h> #include "crypto/asn1.h" #include "crypto/evp.h" +#include "crypto/rsa.h" -#ifndef NO_ASN1_OLD +#ifndef OPENSSL_NO_DEPRECATED_3_0 int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey) @@ -32,29 +33,29 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, int ret = -1, i, inl; if (ctx == NULL) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } i = OBJ_obj2nid(a->algorithm); type = EVP_get_digestbyname(OBJ_nid2sn(i)); if (type == NULL) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); goto err; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); goto err; } inl = i2d(data, NULL); if (inl <= 0) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_INTERNAL_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); goto err; } buf_in = OPENSSL_malloc((unsigned int)inl); if (buf_in == NULL) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } p = buf_in; @@ -66,14 +67,14 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, OPENSSL_clear_free(buf_in, (unsigned int)inl); if (!ret) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } ret = -1; if (EVP_VerifyFinal(ctx, (unsigned char *)signature->data, (unsigned int)signature->length, pkey) <= 0) { - ASN1err(ASN1_F_ASN1_VERIFY, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); ret = 0; goto err; } @@ -85,81 +86,127 @@ int ASN1_verify(i2d_of_void *i2d, X509_ALGOR *a, ASN1_BIT_STRING *signature, #endif -int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, - ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey) +int ASN1_item_verify(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + EVP_PKEY *pkey) { - EVP_MD_CTX *ctx = NULL; + return ASN1_item_verify_ex(it, alg, signature, data, NULL, pkey, NULL, NULL); +} + +int ASN1_item_verify_ex(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + const ASN1_OCTET_STRING *id, EVP_PKEY *pkey, + OSSL_LIB_CTX *libctx, const char *propq) +{ + EVP_MD_CTX *ctx; + int rv = -1; + + if ((ctx = evp_md_ctx_new_ex(pkey, id, libctx, propq)) != NULL) { + rv = ASN1_item_verify_ctx(it, alg, signature, data, ctx); + EVP_PKEY_CTX_free(EVP_MD_CTX_get_pkey_ctx(ctx)); + EVP_MD_CTX_free(ctx); + } + return rv; +} + +int ASN1_item_verify_ctx(const ASN1_ITEM *it, const X509_ALGOR *alg, + const ASN1_BIT_STRING *signature, const void *data, + EVP_MD_CTX *ctx) +{ + EVP_PKEY *pkey; unsigned char *buf_in = NULL; int ret = -1, inl = 0; int mdnid, pknid; size_t inll = 0; - if (!pkey) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_PASSED_NULL_PARAMETER); + pkey = EVP_PKEY_CTX_get0_pkey(EVP_MD_CTX_get_pkey_ctx(ctx)); + + if (pkey == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); return -1; } if (signature->type == V_ASN1_BIT_STRING && signature->flags & 0x7) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT); return -1; } - ctx = EVP_MD_CTX_new(); - if (ctx == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); - goto err; - } - /* Convert signature OID into digest and public key OIDs */ - if (!OBJ_find_sigid_algs(OBJ_obj2nid(a->algorithm), &mdnid, &pknid)) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + if (!OBJ_find_sigid_algs(OBJ_obj2nid(alg->algorithm), &mdnid, &pknid)) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - if (mdnid == NID_undef) { - if (!pkey->ameth || !pkey->ameth->item_verify) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, - ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + + if (mdnid == NID_undef && evp_pkey_is_legacy(pkey)) { + if (pkey->ameth == NULL || pkey->ameth->item_verify == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); goto err; } - ret = pkey->ameth->item_verify(ctx, it, asn, a, signature, pkey); + ret = pkey->ameth->item_verify(ctx, it, data, alg, signature, pkey); /* - * Return value of 2 means carry on, anything else means we exit - * straight away: either a fatal error of the underlying verification - * routine handles all verification. + * Return values meaning: + * <=0: error. + * 1: method does everything. + * 2: carry on as normal, method has called EVP_DigestVerifyInit() */ - if (ret != 2) + if (ret <= 0) + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + if (ret <= 1) goto err; - ret = -1; } else { - const EVP_MD *type = EVP_get_digestbynid(mdnid); - - if (type == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, - ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); - goto err; - } - - /* Check public key OID matches public key type */ - if (EVP_PKEY_type(pknid) != pkey->ameth->pkey_id) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ASN1_R_WRONG_PUBLIC_KEY_TYPE); - goto err; - } + const EVP_MD *type = NULL; - if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); - ret = 0; - goto err; + /* + * We don't yet have the ability for providers to be able to handle + * X509_ALGOR style parameters. Fortunately the only one that needs this + * so far is RSA-PSS, so we just special case this for now. In some + * future version of OpenSSL we should push this to the provider. + */ + if (mdnid == NID_undef && pknid == EVP_PKEY_RSA_PSS) { + if (!EVP_PKEY_is_a(pkey, "RSA") && !EVP_PKEY_is_a(pkey, "RSA-PSS")) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + /* This function also calls EVP_DigestVerifyInit */ + if (ossl_rsa_pss_to_ctx(ctx, NULL, alg, pkey) <= 0) { + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); + goto err; + } + } else { + /* Check public key OID matches public key type */ + if (!EVP_PKEY_is_a(pkey, OBJ_nid2sn(pknid))) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE); + goto err; + } + + if (mdnid != NID_undef) { + type = EVP_get_digestbynid(mdnid); + if (type == NULL) { + ERR_raise(ERR_LIB_ASN1, + ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + goto err; + } + } + + /* + * Note that some algorithms (notably Ed25519 and Ed448) may allow + * a NULL digest value. + */ + if (!EVP_DigestVerifyInit(ctx, NULL, type, NULL, pkey)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); + ret = 0; + goto err; + } } - } - inl = ASN1_item_i2d(asn, &buf_in, it); + inl = ASN1_item_i2d(data, &buf_in, it); if (inl <= 0) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_INTERNAL_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_INTERNAL_ERROR); goto err; } if (buf_in == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } inll = inl; @@ -167,12 +214,11 @@ int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ret = EVP_DigestVerify(ctx, signature->data, (size_t)signature->length, buf_in, inl); if (ret <= 0) { - ASN1err(ASN1_F_ASN1_ITEM_VERIFY, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } ret = 1; err: OPENSSL_clear_free(buf_in, inll); - EVP_MD_CTX_free(ctx); return ret; } diff --git a/crypto/asn1/ameth_lib.c b/crypto/asn1/ameth_lib.c index 5e8c3ed1d5b0..8b15da3beed6 100644 --- a/crypto/asn1/ameth_lib.c +++ b/crypto/asn1/ameth_lib.c @@ -1,13 +1,15 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#include "e_os.h" /* for strncasecmp */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include "internal/cryptlib.h" #include <stdio.h> #include <openssl/asn1t.h> @@ -56,6 +58,7 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) { EVP_PKEY_ASN1_METHOD tmp; const EVP_PKEY_ASN1_METHOD *t = &tmp, **ret; + tmp.pkey_id = type; if (app_methods) { int idx; @@ -64,7 +67,7 @@ static const EVP_PKEY_ASN1_METHOD *pkey_asn1_find(int type) return sk_EVP_PKEY_ASN1_METHOD_value(app_methods, idx); } ret = OBJ_bsearch_ameth(&t, standard_methods, OSSL_NELEM(standard_methods)); - if (!ret || !*ret) + if (ret == NULL || *ret == NULL) return NULL; return *ret; } @@ -130,7 +133,7 @@ const EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_find_str(ENGINE **pe, if (ameth->pkey_flags & ASN1_PKEY_ALIAS) continue; if ((int)strlen(ameth->pem_str) == len - && strncasecmp(ameth->pem_str, str, len) == 0) + && OPENSSL_strncasecmp(ameth->pem_str, str, len) == 0) return ameth; } return NULL; @@ -152,7 +155,7 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) && (ameth->pkey_flags & ASN1_PKEY_ALIAS) != 0) || (ameth->pem_str != NULL && (ameth->pkey_flags & ASN1_PKEY_ALIAS) == 0))) { - EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, ERR_R_PASSED_INVALID_ARGUMENT); + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_INVALID_ARGUMENT); return 0; } @@ -164,8 +167,8 @@ int EVP_PKEY_asn1_add0(const EVP_PKEY_ASN1_METHOD *ameth) tmp.pkey_id = ameth->pkey_id; if (sk_EVP_PKEY_ASN1_METHOD_find(app_methods, &tmp) >= 0) { - EVPerr(EVP_F_EVP_PKEY_ASN1_ADD0, - EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); + ERR_raise(ERR_LIB_EVP, + EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED); return 0; } @@ -219,8 +222,10 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, { EVP_PKEY_ASN1_METHOD *ameth = OPENSSL_zalloc(sizeof(*ameth)); - if (ameth == NULL) + if (ameth == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; + } ameth->pkey_id = id; ameth->pkey_base_id = id; @@ -228,13 +233,13 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, if (info) { ameth->info = OPENSSL_strdup(info); - if (!ameth->info) + if (ameth->info == NULL) goto err; } if (pem_str) { ameth->pem_str = OPENSSL_strdup(pem_str); - if (!ameth->pem_str) + if (ameth->pem_str == NULL) goto err; } @@ -242,46 +247,27 @@ EVP_PKEY_ASN1_METHOD *EVP_PKEY_asn1_new(int id, int flags, err: EVP_PKEY_asn1_free(ameth); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; - } void EVP_PKEY_asn1_copy(EVP_PKEY_ASN1_METHOD *dst, const EVP_PKEY_ASN1_METHOD *src) { - - dst->pub_decode = src->pub_decode; - dst->pub_encode = src->pub_encode; - dst->pub_cmp = src->pub_cmp; - dst->pub_print = src->pub_print; - - dst->priv_decode = src->priv_decode; - dst->priv_encode = src->priv_encode; - dst->priv_print = src->priv_print; - - dst->old_priv_encode = src->old_priv_encode; - dst->old_priv_decode = src->old_priv_decode; - - dst->pkey_size = src->pkey_size; - dst->pkey_bits = src->pkey_bits; - - dst->param_decode = src->param_decode; - dst->param_encode = src->param_encode; - dst->param_missing = src->param_missing; - dst->param_copy = src->param_copy; - dst->param_cmp = src->param_cmp; - dst->param_print = src->param_print; - - dst->pkey_free = src->pkey_free; - dst->pkey_ctrl = src->pkey_ctrl; - - dst->item_sign = src->item_sign; - dst->item_verify = src->item_verify; - - dst->siginf_set = src->siginf_set; - - dst->pkey_check = src->pkey_check; - + int pkey_id = dst->pkey_id; + int pkey_base_id = dst->pkey_base_id; + unsigned long pkey_flags = dst->pkey_flags; + char *pem_str = dst->pem_str; + char *info = dst->info; + + *dst = *src; + + /* We only copy the function pointers so restore the other values */ + dst->pkey_id = pkey_id; + dst->pkey_base_id = pkey_base_id; + dst->pkey_flags = pkey_flags; + dst->pem_str = pem_str; + dst->info = info; } void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) @@ -295,7 +281,7 @@ void EVP_PKEY_asn1_free(EVP_PKEY_ASN1_METHOD *ameth) void EVP_PKEY_asn1_set_public(EVP_PKEY_ASN1_METHOD *ameth, int (*pub_decode) (EVP_PKEY *pk, - X509_PUBKEY *pub), + const X509_PUBKEY *pub), int (*pub_encode) (X509_PUBKEY *pub, const EVP_PKEY *pk), int (*pub_cmp) (const EVP_PKEY *a, @@ -376,13 +362,13 @@ void EVP_PKEY_asn1_set_security_bits(EVP_PKEY_ASN1_METHOD *ameth, void EVP_PKEY_asn1_set_item(EVP_PKEY_ASN1_METHOD *ameth, int (*item_verify) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, - void *asn, - X509_ALGOR *a, - ASN1_BIT_STRING *sig, + const void *data, + const X509_ALGOR *a, + const ASN1_BIT_STRING *sig, EVP_PKEY *pkey), int (*item_sign) (EVP_MD_CTX *ctx, const ASN1_ITEM *it, - void *asn, + const void *data, X509_ALGOR *alg1, X509_ALGOR *alg2, ASN1_BIT_STRING *sig)) diff --git a/crypto/asn1/asn1_err.c b/crypto/asn1/asn1_err.c index cc0a59ca4c8b..a7b32e3a6e1a 100644 --- a/crypto/asn1/asn1_err.c +++ b/crypto/asn1/asn1_err.c @@ -1,8 +1,8 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -10,150 +10,10 @@ #include <openssl/err.h> #include <openssl/asn1err.h> +#include "crypto/asn1err.h" #ifndef OPENSSL_NO_ERR -static const ERR_STRING_DATA ASN1_str_functs[] = { - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2D_ASN1_OBJECT, 0), "a2d_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_INTEGER, 0), "a2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_A2I_ASN1_STRING, 0), "a2i_ASN1_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_APPEND_EXP, 0), "append_exp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIO_INIT, 0), "asn1_bio_init"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_BIT_STRING_SET_BIT, 0), - "ASN1_BIT_STRING_set_bit"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CB, 0), "asn1_cb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, 0), "asn1_check_tlen"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_COLLECT, 0), "asn1_collect"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_EX_PRIMITIVE, 0), - "asn1_d2i_ex_primitive"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_FP, 0), "ASN1_d2i_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, 0), "asn1_d2i_read_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DIGEST, 0), "ASN1_digest"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_ADB, 0), "asn1_do_adb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DO_LOCK, 0), "asn1_do_lock"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_DUP, 0), "ASN1_dup"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ENC_SAVE, 0), "asn1_enc_save"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_EX_C2I, 0), "asn1_ex_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_FIND_END, 0), "asn1_find_end"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERALIZEDTIME_ADJ, 0), - "ASN1_GENERALIZEDTIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GENERATE_V3, 0), "ASN1_generate_v3"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_INT64, 0), "asn1_get_int64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, 0), "ASN1_get_object"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_UINT64, 0), "asn1_get_uint64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_BIO, 0), "ASN1_i2d_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_I2D_FP, 0), "ASN1_i2d_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_D2I_FP, 0), "ASN1_item_d2i_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_DUP, 0), "ASN1_item_dup"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_D2I, 0), - "asn1_item_embed_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EMBED_NEW, 0), - "asn1_item_embed_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_EX_I2D, 0), "ASN1_item_ex_i2d"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_FLAGS_I2D, 0), - "asn1_item_flags_i2d"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_BIO, 0), "ASN1_item_i2d_bio"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_I2D_FP, 0), "ASN1_item_i2d_fp"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_PACK, 0), "ASN1_item_pack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN, 0), "ASN1_item_sign"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_SIGN_CTX, 0), - "ASN1_item_sign_ctx"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_UNPACK, 0), "ASN1_item_unpack"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_ITEM_VERIFY, 0), "ASN1_item_verify"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_MBSTRING_NCOPY, 0), - "ASN1_mbstring_ncopy"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OBJECT_NEW, 0), "ASN1_OBJECT_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_OUTPUT_DATA, 0), "asn1_output_data"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PCTX_NEW, 0), "ASN1_PCTX_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_PRIMITIVE_NEW, 0), - "asn1_primitive_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SCTX_NEW, 0), "ASN1_SCTX_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_SIGN, 0), "ASN1_sign"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STR2TYPE, 0), "asn1_str2type"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_INT64, 0), - "asn1_string_get_int64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_GET_UINT64, 0), - "asn1_string_get_uint64"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_SET, 0), "ASN1_STRING_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TABLE_ADD, 0), - "ASN1_STRING_TABLE_add"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TO_BN, 0), "asn1_string_to_bn"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_STRING_TYPE_NEW, 0), - "ASN1_STRING_type_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_EX_D2I, 0), - "asn1_template_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NEW, 0), "asn1_template_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, 0), - "asn1_template_noexp_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TIME_ADJ, 0), "ASN1_TIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, 0), - "ASN1_TYPE_get_int_octetstring"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_TYPE_GET_OCTETSTRING, 0), - "ASN1_TYPE_get_octetstring"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_UTCTIME_ADJ, 0), "ASN1_UTCTIME_adj"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_VERIFY, 0), "ASN1_verify"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_READ_ASN1, 0), "b64_read_asn1"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_B64_WRITE_ASN1, 0), "B64_write_ASN1"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BIO_NEW_NDEF, 0), "BIO_new_NDEF"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BITSTR_CB, 0), "bitstr_cb"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_BN_TO_ASN1_STRING, 0), "bn_to_asn1_string"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_BIT_STRING, 0), - "c2i_ASN1_BIT_STRING"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_INTEGER, 0), "c2i_ASN1_INTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_ASN1_OBJECT, 0), "c2i_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_IBUF, 0), "c2i_ibuf"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_C2I_UINT64_INT, 0), "c2i_uint64_int"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_COLLECT_DATA, 0), "collect_data"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_OBJECT, 0), "d2i_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_ASN1_UINTEGER, 0), "d2i_ASN1_UINTEGER"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_AUTOPRIVATEKEY, 0), - "d2i_AutoPrivateKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PRIVATEKEY, 0), "d2i_PrivateKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_D2I_PUBLICKEY, 0), "d2i_PublicKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_BUF, 0), "do_buf"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_CREATE, 0), "do_create"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_DUMP, 0), "do_dump"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_DO_TCREATE, 0), "do_tcreate"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2A_ASN1_OBJECT, 0), "i2a_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_BIO_STREAM, 0), - "i2d_ASN1_bio_stream"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_ASN1_OBJECT, 0), "i2d_ASN1_OBJECT"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_DSA_PUBKEY, 0), "i2d_DSA_PUBKEY"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_EC_PUBKEY, 0), "i2d_EC_PUBKEY"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PRIVATEKEY, 0), "i2d_PrivateKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_PUBLICKEY, 0), "i2d_PublicKey"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_I2D_RSA_PUBKEY, 0), "i2d_RSA_PUBKEY"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_LONG_C2I, 0), "long_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_PREFIX, 0), "ndef_prefix"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_NDEF_SUFFIX, 0), "ndef_suffix"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_OID_MODULE_INIT, 0), "oid_module_init"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PARSE_TAGGING, 0), "parse_tagging"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_IV, 0), "PKCS5_pbe2_set_iv"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE2_SET_SCRYPT, 0), - "PKCS5_pbe2_set_scrypt"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET, 0), "PKCS5_pbe_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBE_SET0_ALGOR, 0), - "PKCS5_pbe_set0_algor"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_PBKDF2_SET, 0), "PKCS5_pbkdf2_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_PKCS5_SCRYPT_SET, 0), "pkcs5_scrypt_set"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_READ_ASN1, 0), "SMIME_read_ASN1"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_SMIME_TEXT, 0), "SMIME_text"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STABLE_GET, 0), "stable_get"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_STBL_MODULE_INIT, 0), "stbl_module_init"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_C2I, 0), "uint32_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT32_NEW, 0), "uint32_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_C2I, 0), "uint64_c2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_UINT64_NEW, 0), "uint64_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_CRL_ADD0_REVOKED, 0), - "X509_CRL_add0_revoked"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_INFO_NEW, 0), "X509_INFO_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_ENCODE, 0), "x509_name_encode"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_D2I, 0), "x509_name_ex_d2i"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_NAME_EX_NEW, 0), "x509_name_ex_new"}, - {ERR_PACK(ERR_LIB_ASN1, ASN1_F_X509_PKEY_NEW, 0), "X509_PKEY_new"}, - {0, NULL} -}; - static const ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ADDING_OBJECT), "adding object"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ASN1_PARSE_ERROR), "asn1 parse error"}, @@ -249,6 +109,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_UTF8STRING), "invalid utf8string"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_INVALID_VALUE), "invalid value"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LENGTH_TOO_LONG), "length too long"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_LIST_ERROR), "list error"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_MIME_NO_CONTENT_TYPE), "mime no content type"}, @@ -313,6 +174,7 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "unexpected eoc"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), "universalstring is wrong length"}, + {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "unknown format"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), "unknown message digest algorithm"}, @@ -340,13 +202,11 @@ static const ERR_STRING_DATA ASN1_str_reasons[] = { #endif -int ERR_load_ASN1_strings(void) +int ossl_err_load_ASN1_strings(void) { #ifndef OPENSSL_NO_ERR - if (ERR_func_error_string(ASN1_str_functs[0].error) == NULL) { - ERR_load_strings_const(ASN1_str_functs); + if (ERR_reason_error_string(ASN1_str_reasons[0].error) == NULL) ERR_load_strings_const(ASN1_str_reasons); - } #endif return 1; } diff --git a/crypto/asn1/asn1_gen.c b/crypto/asn1/asn1_gen.c index 493a693aa384..64620a4f28a7 100644 --- a/crypto/asn1/asn1_gen.c +++ b/crypto/asn1/asn1_gen.c @@ -1,7 +1,7 @@ /* - * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -91,7 +91,7 @@ ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf) int err = 0; ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err); if (err) - ASN1err(ASN1_F_ASN1_GENERATE_V3, err); + ERR_raise(ERR_LIB_ASN1, err); return ret; } @@ -263,8 +263,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) utype = asn1_str2tag(elem, len); if (utype == -1) { - ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_TAG); - ERR_add_error_data(2, "tag=", elem); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_UNKNOWN_TAG, "tag=%s", elem); return -1; } @@ -274,7 +273,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) arg->str = vstart; /* If no value and not end of string, error */ if (!vstart && elem[len]) { - ASN1err(ASN1_F_ASN1_CB, ASN1_R_MISSING_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_VALUE); return -1; } return 0; @@ -285,7 +284,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) case ASN1_GEN_FLAG_IMP: /* Check for illegal multiple IMPLICIT tagging */ if (arg->imp_tag != -1) { - ASN1err(ASN1_F_ASN1_CB, ASN1_R_ILLEGAL_NESTED_TAGGING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NESTED_TAGGING); return -1; } if (!parse_tagging(vstart, vlen, &arg->imp_tag, &arg->imp_class)) @@ -322,7 +321,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) case ASN1_GEN_FLAG_FORMAT: if (!vstart) { - ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } if (strncmp(vstart, "ASCII", 5) == 0) @@ -334,7 +333,7 @@ static int asn1_cb(const char *elem, int len, void *bitstr) else if (strncmp(vstart, "BITLIST", 7) == 0) arg->format = ASN1_GEN_FORMAT_BITLIST; else { - ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_FORMAT); return -1; } break; @@ -347,7 +346,6 @@ static int asn1_cb(const char *elem, int len, void *bitstr) static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) { - char erch[2]; long tag_num; char *eptr; if (!vstart) @@ -357,7 +355,7 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) if (eptr && *eptr && (eptr > vstart + vlen)) return 0; if (tag_num < 0) { - ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_NUMBER); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER); return 0; } *ptag = tag_num; @@ -386,10 +384,8 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass) break; default: - erch[0] = *eptr; - erch[1] = 0; - ASN1err(ASN1_F_PARSE_TAGGING, ASN1_R_INVALID_MODIFIER); - ERR_add_error_data(2, "Char=", erch); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MODIFIER, + "Char=%c", *eptr); return 0; } @@ -469,12 +465,12 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class, tag_exp_type *exp_tmp; /* Can only have IMPLICIT if permitted */ if ((arg->imp_tag != -1) && !imp_ok) { - ASN1err(ASN1_F_APPEND_EXP, ASN1_R_ILLEGAL_IMPLICIT_TAG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_IMPLICIT_TAG); return 0; } if (arg->exp_count == ASN1_FLAG_EXP_MAX) { - ASN1err(ASN1_F_APPEND_EXP, ASN1_R_DEPTH_EXCEEDED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_DEPTH_EXCEEDED); return 0; } @@ -568,7 +564,8 @@ static int asn1_str2tag(const char *tagstr, int len) tntmp = tnst; for (i = 0; i < OSSL_NELEM(tnst); i++, tntmp++) { - if ((len == tntmp->len) && (strncmp(tntmp->strnam, tagstr, len) == 0)) + if ((len == tntmp->len) + && (OPENSSL_strncasecmp(tntmp->strnam, tagstr, len) == 0)) return tntmp->tag; } @@ -584,7 +581,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) int no_unused = 1; if ((atmp = ASN1_TYPE_new()) == NULL) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } @@ -595,21 +592,21 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_NULL: if (str && *str) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_NULL_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL_VALUE); goto bad_form; } break; case V_ASN1_BOOLEAN: if (format != ASN1_GEN_FORMAT_ASCII) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_NOT_ASCII_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ASCII_FORMAT); goto bad_form; } vtmp.name = NULL; vtmp.section = NULL; vtmp.value = (char *)str; if (!X509V3_get_value_bool(&vtmp, &atmp->value.boolean)) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BOOLEAN); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_BOOLEAN); goto bad_str; } break; @@ -617,23 +614,23 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: if (format != ASN1_GEN_FORMAT_ASCII) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_INTEGER_NOT_ASCII_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_NOT_ASCII_FORMAT); goto bad_form; } if ((atmp->value.integer = s2i_ASN1_INTEGER(NULL, str)) == NULL) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_INTEGER); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_INTEGER); goto bad_str; } break; case V_ASN1_OBJECT: if (format != ASN1_GEN_FORMAT_ASCII) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_OBJECT_NOT_ASCII_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_OBJECT_NOT_ASCII_FORMAT); goto bad_form; } if ((atmp->value.object = OBJ_txt2obj(str, 0)) == NULL) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_OBJECT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_OBJECT); goto bad_str; } break; @@ -641,20 +638,20 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_UTCTIME: case V_ASN1_GENERALIZEDTIME: if (format != ASN1_GEN_FORMAT_ASCII) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_TIME_NOT_ASCII_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TIME_NOT_ASCII_FORMAT); goto bad_form; } if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } if (!ASN1_STRING_set(atmp->value.asn1_string, str, -1)) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } atmp->value.asn1_string->type = utype; if (!ASN1_TIME_check(atmp->value.asn1_string)) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_TIME_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_TIME_VALUE); goto bad_str; } @@ -674,13 +671,13 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) else if (format == ASN1_GEN_FORMAT_UTF8) format = MBSTRING_UTF8; else { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_FORMAT); goto bad_form; } if (ASN1_mbstring_copy(&atmp->value.asn1_string, (unsigned char *)str, -1, format, ASN1_tag2bit(utype)) <= 0) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto bad_str; } @@ -689,13 +686,13 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) case V_ASN1_BIT_STRING: case V_ASN1_OCTET_STRING: if ((atmp->value.asn1_string = ASN1_STRING_new()) == NULL) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto bad_form; } if (format == ASN1_GEN_FORMAT_HEX) { if ((rdata = OPENSSL_hexstr2buf(str, &rdlen)) == NULL) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_HEX); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_HEX); goto bad_str; } atmp->value.asn1_string->data = rdata; @@ -707,13 +704,13 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) && (utype == V_ASN1_BIT_STRING)) { if (!CONF_parse_list (str, ',', 1, bitstr_cb, atmp->value.bit_string)) { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_LIST_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_LIST_ERROR); goto bad_str; } no_unused = 0; } else { - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_ILLEGAL_BITSTRING_FORMAT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_BITSTRING_FORMAT); goto bad_form; } @@ -726,7 +723,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype) break; default: - ASN1err(ASN1_F_ASN1_STR2TYPE, ASN1_R_UNSUPPORTED_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); goto bad_str; } @@ -752,11 +749,11 @@ static int bitstr_cb(const char *elem, int len, void *bitstr) if (eptr && *eptr && (eptr != elem + len)) return 0; if (bitnum < 0) { - ASN1err(ASN1_F_BITSTR_CB, ASN1_R_INVALID_NUMBER); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_NUMBER); return 0; } if (!ASN1_BIT_STRING_set_bit(bitstr, bitnum, 1)) { - ASN1err(ASN1_F_BITSTR_CB, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } return 1; diff --git a/crypto/asn1/asn1_item_list.c b/crypto/asn1/asn1_item_list.c index 9798192f4be2..b5a83ba8914b 100644 --- a/crypto/asn1/asn1_item_list.c +++ b/crypto/asn1/asn1_item_list.c @@ -1,12 +1,15 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* We need to use the low level ASN1 items until they are removed */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/asn1.h> diff --git a/crypto/asn1/asn1_item_list.h b/crypto/asn1/asn1_item_list.h index db8107ed1b19..1432012b7c7c 100644 --- a/crypto/asn1/asn1_item_list.h +++ b/crypto/asn1/asn1_item_list.h @@ -1,7 +1,7 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -63,8 +63,10 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(DIST_POINT_NAME), ASN1_ITEM_ref(DIST_POINT), #ifndef OPENSSL_NO_EC +# ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(ECPARAMETERS), ASN1_ITEM_ref(ECPKPARAMETERS), +# endif #endif ASN1_ITEM_ref(EDIPARTYNAME), ASN1_ITEM_ref(EXTENDED_KEY_USAGE), @@ -78,7 +80,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(IPAddressRange), #endif ASN1_ITEM_ref(ISSUING_DIST_POINT), -#if OPENSSL_API_COMPAT < 0x10200000L +#ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(LONG), #endif ASN1_ITEM_ref(NAME_CONSTRAINTS), @@ -134,7 +136,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(POLICY_MAPPING), ASN1_ITEM_ref(PROXY_CERT_INFO_EXTENSION), ASN1_ITEM_ref(PROXY_POLICY), -#ifndef OPENSSL_NO_RSA +#ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(RSAPrivateKey), ASN1_ITEM_ref(RSAPublicKey), ASN1_ITEM_ref(RSA_OAEP_PARAMS), @@ -145,6 +147,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { #endif ASN1_ITEM_ref(SXNETID), ASN1_ITEM_ref(SXNET), + ASN1_ITEM_ref(ISSUER_SIGN_TOOL), ASN1_ITEM_ref(USERNOTICE), ASN1_ITEM_ref(X509_ALGORS), ASN1_ITEM_ref(X509_ALGOR), @@ -164,7 +167,7 @@ static ASN1_ITEM_EXP *asn1_item_list[] = { ASN1_ITEM_ref(X509_SIG), ASN1_ITEM_ref(X509_VAL), ASN1_ITEM_ref(X509), -#if OPENSSL_API_COMPAT < 0x10200000L +#ifndef OPENSSL_NO_DEPRECATED_3_0 ASN1_ITEM_ref(ZLONG), #endif ASN1_ITEM_ref(INT32), diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c index b9b7ad8e9e02..5359cbc11720 100644 --- a/crypto/asn1/asn1_lib.c +++ b/crypto/asn1/asn1_lib.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -22,11 +22,13 @@ static int _asn1_check_infinite_end(const unsigned char **p, long len) /* * If there is 0 or 1 byte left, the length check should pick things up */ - if (len <= 0) - return 1; - else if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { - (*p) += 2; + if (len <= 0) { return 1; + } else { + if ((len >= 2) && ((*p)[0] == 0) && ((*p)[1] == 0)) { + (*p) += 2; + return 1; + } } return 0; } @@ -45,13 +47,15 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, int *pclass, long omax) { int i, ret; - long l; + long len; const unsigned char *p = *pp; int tag, xclass, inf; long max = omax; - if (!max) - goto err; + if (omax <= 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); + return 0x80; + } ret = (*p & V_ASN1_CONSTRUCTED); xclass = (*p & V_ASN1_PRIVATE); i = *p & V_ASN1_PRIMITIVE_TAG; @@ -59,18 +63,18 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, p++; if (--max == 0) goto err; - l = 0; + len = 0; while (*p & 0x80) { - l <<= 7L; - l |= *(p++) & 0x7f; + len <<= 7L; + len |= *(p++) & 0x7f; if (--max == 0) goto err; - if (l > (INT_MAX >> 7L)) + if (len > (INT_MAX >> 7L)) goto err; } - l <<= 7L; - l |= *(p++) & 0x7f; - tag = (int)l; + len <<= 7L; + len |= *(p++) & 0x7f; + tag = (int)len; if (--max == 0) goto err; } else { @@ -88,7 +92,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, goto err; if (*plength > (omax - (p - *pp))) { - ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); /* * Set this so that even if things are not long enough the values are * set correctly @@ -98,7 +102,7 @@ int ASN1_get_object(const unsigned char **pp, long *plength, int *ptag, *pp = p; return ret | inf; err: - ASN1err(ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG); return 0x80; } @@ -141,8 +145,9 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, } if (ret > LONG_MAX) return 0; - } else + } else { ret = i; + } } *pp = p; *rl = (long)ret; @@ -150,7 +155,7 @@ static int asn1_get_length(const unsigned char **pp, int *inf, long *rl, } /* - * class 0 is constructed constructed == 2 for indefinite length constructed + * constructed == 2 for indefinite length constructed */ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int xclass) @@ -160,9 +165,9 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, i = (constructed) ? V_ASN1_CONSTRUCTED : 0; i |= (xclass & V_ASN1_PRIVATE); - if (tag < 31) + if (tag < 31) { *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG); - else { + } else { *(p++) = i | V_ASN1_PRIMITIVE_TAG; for (i = 0, ttag = tag; ttag > 0; i++) ttag >>= 7; @@ -185,6 +190,7 @@ void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, int ASN1_put_eoc(unsigned char **pp) { unsigned char *p = *pp; + *p++ = 0; *p++ = 0; *pp = p; @@ -194,20 +200,21 @@ int ASN1_put_eoc(unsigned char **pp) static void asn1_put_length(unsigned char **pp, int length) { unsigned char *p = *pp; - int i, l; - if (length <= 127) + int i, len; + + if (length <= 127) { *(p++) = (unsigned char)length; - else { - l = length; - for (i = 0; l > 0; i++) - l >>= 8; + } else { + len = length; + for (i = 0; len > 0; i++) + len >>= 8; *(p++) = i | 0x80; - l = i; + len = i; while (i-- > 0) { p[i] = length & 0xff; length >>= 8; } - p += l; + p += len; } *pp = p; } @@ -215,6 +222,7 @@ static void asn1_put_length(unsigned char **pp, int length) int ASN1_object_size(int constructed, int length, int tag) { int ret = 1; + if (length < 0) return -1; if (tag >= 31) { @@ -256,6 +264,7 @@ int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) { ASN1_STRING *ret; + if (!str) return NULL; ret = ASN1_STRING_new(); @@ -287,7 +296,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) * '\0' terminator even though this isn't strictly necessary. */ if (len > INT_MAX - 1) { - ASN1err(0, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } if ((size_t)str->length <= len || str->data == NULL) { @@ -299,7 +308,7 @@ int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len_in) str->data = OPENSSL_realloc(c, len + 1); #endif if (str->data == NULL) { - ASN1err(ASN1_F_ASN1_STRING_SET, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); str->data = c; return 0; } @@ -340,14 +349,14 @@ ASN1_STRING *ASN1_STRING_type_new(int type) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } ret->type = type; return ret; } -void asn1_string_embed_free(ASN1_STRING *a, int embed) +void ossl_asn1_string_embed_free(ASN1_STRING *a, int embed) { if (a == NULL) return; @@ -361,7 +370,7 @@ void ASN1_STRING_free(ASN1_STRING *a) { if (a == NULL) return; - asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED); + ossl_asn1_string_embed_free(a, a->flags & ASN1_STRING_FLAG_EMBED); } void ASN1_STRING_clear_free(ASN1_STRING *a) @@ -385,8 +394,9 @@ int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) return a->type - b->type; else return i; - } else + } else { return i; + } } int ASN1_STRING_length(const ASN1_STRING *x) @@ -394,10 +404,12 @@ int ASN1_STRING_length(const ASN1_STRING *x) return x->length; } +#ifndef OPENSSL_NO_DEPRECATED_3_0 void ASN1_STRING_length_set(ASN1_STRING *x, int len) { x->length = len; } +#endif int ASN1_STRING_type(const ASN1_STRING *x) { @@ -409,9 +421,50 @@ const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *x) return x->data; } -# if OPENSSL_API_COMPAT < 0x10100000L +#ifndef OPENSSL_NO_DEPRECATED_1_1_0 unsigned char *ASN1_STRING_data(ASN1_STRING *x) { return x->data; } #endif + +/* |max_len| excludes NUL terminator and may be 0 to indicate no restriction */ +char *ossl_sk_ASN1_UTF8STRING2text(STACK_OF(ASN1_UTF8STRING) *text, + const char *sep, size_t max_len) +{ + int i; + ASN1_UTF8STRING *current; + size_t length = 0, sep_len; + char *result = NULL; + char *p; + + if (sep == NULL) + sep = ""; + sep_len = strlen(sep); + + for (i = 0; i < sk_ASN1_UTF8STRING_num(text); i++) { + current = sk_ASN1_UTF8STRING_value(text, i); + if (i > 0) + length += sep_len; + length += ASN1_STRING_length(current); + if (max_len != 0 && length > max_len) + return NULL; + } + if ((result = OPENSSL_malloc(length + 1)) == NULL) + return NULL; + + p = result; + for (i = 0; i < sk_ASN1_UTF8STRING_num(text); i++) { + current = sk_ASN1_UTF8STRING_value(text, i); + length = ASN1_STRING_length(current); + if (i > 0 && sep_len > 0) { + strncpy(p, sep, sep_len + 1); /* using + 1 to silence gcc warning */ + p += sep_len; + } + strncpy(p, (const char *)ASN1_STRING_get0_data(current), length); + p += length; + } + *p = '\0'; + + return result; +} diff --git a/crypto/asn1/asn1_local.h b/crypto/asn1/asn1_local.h index cec141721b34..f73bd8fc6a30 100644 --- a/crypto/asn1/asn1_local.h +++ b/crypto/asn1/asn1_local.h @@ -1,7 +1,7 @@ /* - * Copyright 2005-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2005-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -9,9 +9,11 @@ /* Internal ASN1 structures and functions: not for application use */ -int asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d); -int asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); -int asn1_generalizedtime_to_tm(struct tm *tm, const ASN1_GENERALIZEDTIME *d); +typedef const ASN1_VALUE const_ASN1_VALUE; +SKM_DEFINE_STACK_OF(const_ASN1_VALUE, const ASN1_VALUE, ASN1_VALUE) + +int ossl_asn1_time_to_tm(struct tm *tm, const ASN1_TIME *d); +int ossl_asn1_utctime_to_tm(struct tm *tm, const ASN1_UTCTIME *d); /* ASN1 scan context structure */ @@ -43,41 +45,50 @@ DEFINE_STACK_OF(MIME_PARAM) typedef struct mime_header_st MIME_HEADER; DEFINE_STACK_OF(MIME_HEADER) -void asn1_string_embed_free(ASN1_STRING *a, int embed); +void ossl_asn1_string_embed_free(ASN1_STRING *a, int embed); -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it); +int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it); +int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval, + const ASN1_ITEM *it); +int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value, + const ASN1_ITEM *it); -ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval, + const ASN1_TEMPLATE *tt); -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - int nullerr); +const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val, + const ASN1_TEMPLATE *tt, + int nullerr); -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); +int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it); -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, - const ASN1_ITEM *it); -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it); +void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it); +void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it); +int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, + const ASN1_ITEM *it); +int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it); -void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); -void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); -void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); +void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); +void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); -ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, - long length); -int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); -ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, - const unsigned char **pp, long length); -int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); -ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, - long length); +ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp, + long length); +int ossl_i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp); +ASN1_BIT_STRING *ossl_c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, + const unsigned char **pp, long length); +int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp); +ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, + long length); /* Internal functions used by x_int64.c */ -int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len); -int i2c_uint64_int(unsigned char *p, uint64_t r, int neg); +int ossl_c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, + long len); +int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg); + +ASN1_TIME *ossl_asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); -ASN1_TIME *asn1_time_from_tm(ASN1_TIME *s, struct tm *ts, int type); +int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq); diff --git a/crypto/asn1/asn1_par.c b/crypto/asn1/asn1_parse.c index a32fa47f2206..04d7ef66cfc9 100644 --- a/crypto/asn1/asn1_par.c +++ b/crypto/asn1/asn1_parse.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -17,25 +17,47 @@ #define ASN1_PARSE_MAXDEPTH 128 #endif -static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, - int indent); static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, int offset, int depth, int indent, int dump); -static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, - int indent) +static int asn1_print_info(BIO *bp, long offset, int depth, int hl, long len, + int tag, int xclass, int constructed, int indent) { - static const char fmt[] = "%-18s"; char str[128]; const char *p; + int pop_f_prefix = 0; + long saved_indent = -1; + int i = 0; + BIO *bio = NULL; if (constructed & V_ASN1_CONSTRUCTED) p = "cons: "; else p = "prim: "; - if (BIO_write(bp, p, 6) < 6) - goto err; - BIO_indent(bp, indent, 128); + if (constructed != (V_ASN1_CONSTRUCTED | 1)) { + if (BIO_snprintf(str, sizeof(str), "%5ld:d=%-2d hl=%ld l=%4ld %s", + offset, depth, (long)hl, len, p) <= 0) + goto err; + } else { + if (BIO_snprintf(str, sizeof(str), "%5ld:d=%-2d hl=%ld l=inf %s", + offset, depth, (long)hl, p) <= 0) + goto err; + } + if (bp != NULL) { + if (BIO_set_prefix(bp, str) <= 0) { + if ((bio = BIO_new(BIO_f_prefix())) == NULL + || (bp = BIO_push(bio, bp)) == NULL) + goto err; + pop_f_prefix = 1; + } + saved_indent = BIO_get_indent(bp); + if (BIO_set_prefix(bp, str) <= 0 || BIO_set_indent(bp, indent) < 0) + goto err; + } + /* + * BIO_set_prefix made a copy of |str|, so we can safely use it for + * something else, ASN.1 tag printout. + */ p = str; if ((xclass & V_ASN1_PRIVATE) == V_ASN1_PRIVATE) BIO_snprintf(str, sizeof(str), "priv [ %d ] ", tag); @@ -48,11 +70,14 @@ static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, else p = ASN1_tag2str(tag); - if (BIO_printf(bp, fmt, p) <= 0) - goto err; - return 1; + i = (BIO_printf(bp, "%-18s", p) > 0); err: - return 0; + if (saved_indent >= 0) + BIO_set_indent(bp, saved_indent); + if (pop_f_prefix) + BIO_pop(bp); + BIO_free(bio); + return i; } int ASN1_parse(BIO *bp, const unsigned char *pp, long len, int indent) @@ -92,9 +117,7 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, op = p; j = ASN1_get_object(&p, &len, &tag, &xclass, length); if (j & 0x80) { - if (BIO_write(bp, "Error in encoding\n", 18) <= 0) - goto end; - ret = 0; + BIO_puts(bp, "Error in encoding\n"); goto end; } hl = (p - op); @@ -102,19 +125,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, /* * if j == 0x21 it is a constructed indefinite length object */ - if (BIO_printf(bp, "%5ld:", (long)offset + (long)(op - *pp)) - <= 0) - goto end; - - if (j != (V_ASN1_CONSTRUCTED | 1)) { - if (BIO_printf(bp, "d=%-2d hl=%ld l=%4ld ", - depth, (long)hl, len) <= 0) - goto end; - } else { - if (BIO_printf(bp, "d=%-2d hl=%ld l=inf ", depth, (long)hl) <= 0) - goto end; - } - if (!asn1_print_info(bp, tag, xclass, j, (indent) ? depth : 0)) + if (!asn1_print_info(bp, (long)offset + (long)(op - *pp), depth, + hl, len, tag, xclass, j, (indent) ? depth : 0)) goto end; if (j & V_ASN1_CONSTRUCTED) { const unsigned char *sp = p; @@ -124,7 +136,6 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, goto end; if (len > length) { BIO_printf(bp, "length is greater than %ld\n", length); - ret = 0; goto end; } if ((j == 0x21) && (len == 0)) { @@ -132,10 +143,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, r = asn1_parse2(bp, &p, (long)(tot - p), offset + (p - *pp), depth + 1, indent, dump); - if (r == 0) { - ret = 0; + if (r == 0) goto end; - } if ((r == 2) || (p >= tot)) { len = p - sp; break; @@ -149,10 +158,8 @@ static int asn1_parse2(BIO *bp, const unsigned char **pp, long length, r = asn1_parse2(bp, &p, tmp, offset + (p - *pp), depth + 1, indent, dump); - if (r == 0) { - ret = 0; + if (r == 0) goto end; - } tmp -= p - sp; } } diff --git a/crypto/asn1/asn_mime.c b/crypto/asn1/asn_mime.c index 36853612b69c..b44b0f36858b 100644 --- a/crypto/asn1/asn_mime.c +++ b/crypto/asn1/asn_mime.c @@ -1,7 +1,7 @@ /* - * Copyright 2008-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2008-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -14,6 +14,7 @@ #include <openssl/x509.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include <openssl/cms.h> #include "crypto/evp.h" #include "internal/bio.h" #include "asn1_local.h" @@ -53,7 +54,7 @@ static int mime_param_cmp(const MIME_PARAM *const *a, const MIME_PARAM *const *b); static void mime_param_free(MIME_PARAM *param); static int mime_bound_check(char *line, int linelen, const char *bound, int blen); -static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret); +static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret); static int strip_eol(char *linebuf, int *plen, int flags); static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, const char *name); static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, const char *name); @@ -64,18 +65,24 @@ static void mime_hdr_free(MIME_HEADER *hdr); /* Output an ASN1 structure in BER format streaming if necessary */ +/* unfortunately cannot constify this due to CMS_stream() and PKCS7_stream() */ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, const ASN1_ITEM *it) { + int rv = 1; + /* If streaming create stream BIO and copy all content through it */ if (flags & SMIME_STREAM) { BIO *bio, *tbio; bio = BIO_new_NDEF(out, val, it); if (!bio) { - ASN1err(ASN1_F_I2D_ASN1_BIO_STREAM, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } - SMIME_crlf_copy(in, bio, flags); + if (!SMIME_crlf_copy(in, bio, flags)) { + rv = 0; + } + (void)BIO_flush(bio); /* Free up successive BIOs until we hit the old output BIO */ do { @@ -90,7 +97,7 @@ int i2d_ASN1_bio_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, */ else ASN1_item_i2d_bio(it, out, val); - return 1; + return rv; } /* Base 64 read and write of ASN1 structure */ @@ -102,7 +109,7 @@ static int B64_write_ASN1(BIO *out, ASN1_VALUE *val, BIO *in, int flags, int r; b64 = BIO_new(BIO_f_base64()); if (b64 == NULL) { - ASN1err(ASN1_F_B64_WRITE_ASN1, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } /* @@ -128,19 +135,20 @@ int PEM_write_bio_ASN1_stream(BIO *out, ASN1_VALUE *val, BIO *in, int flags, return r; } -static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it) +static ASN1_VALUE *b64_read_asn1(BIO *bio, const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *b64; ASN1_VALUE *val; if ((b64 = BIO_new(BIO_f_base64())) == NULL) { - ASN1err(ASN1_F_B64_READ_ASN1, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } bio = BIO_push(b64, bio); - val = ASN1_item_d2i_bio(it, bio, NULL); + val = ASN1_item_d2i_bio_ex(it, bio, x, libctx, propq); if (!val) - ASN1err(ASN1_F_B64_READ_ASN1, ASN1_R_DECODE_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR); (void)BIO_flush(bio); BIO_pop(bio); BIO_free(b64); @@ -207,9 +215,9 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) goto err; default: - if (have_unknown) + if (have_unknown) { write_comma = 0; - else { + } else { BIO_puts(out, "unknown"); have_unknown = 1; } @@ -227,14 +235,16 @@ static int asn1_write_micalg(BIO *out, STACK_OF(X509_ALGOR) *mdalgs) /* SMIME sender */ -int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, - int ctype_nid, int econt_nid, - STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it) +int SMIME_write_ASN1_ex(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq) { char bound[33], c; int i; const char *mime_prefix, *mime_eol, *cname = "smime.p7m"; const char *msg_type = NULL; + if (flags & SMIME_OLDMIME) mime_prefix = "application/x-pkcs7-"; else @@ -247,7 +257,7 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, if ((flags & SMIME_DETACHED) && data) { /* We want multipart/signed */ /* Generate a random boundary */ - if (RAND_bytes((unsigned char *)bound, 32) <= 0) + if (RAND_bytes_ex(libctx, (unsigned char *)bound, 32, 0) <= 0) return 0; for (i = 0; i < 32; i++) { c = bound[i] & 0xf; @@ -288,9 +298,9 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, /* Determine smime-type header */ - if (ctype_nid == NID_pkcs7_enveloped) + if (ctype_nid == NID_pkcs7_enveloped) { msg_type = "enveloped-data"; - else if (ctype_nid == NID_pkcs7_signed) { + } else if (ctype_nid == NID_pkcs7_signed) { if (econt_nid == NID_id_smime_ct_receipt) msg_type = "signed-receipt"; else if (sk_X509_ALGOR_num(mdalgs) >= 0) @@ -317,8 +327,17 @@ int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, return 1; } +int SMIME_write_ASN1(BIO *bio, ASN1_VALUE *val, BIO *data, int flags, + int ctype_nid, int econt_nid, + STACK_OF(X509_ALGOR) *mdalgs, const ASN1_ITEM *it) +{ + return SMIME_write_ASN1_ex(bio, val, data, flags, ctype_nid, econt_nid, + mdalgs, it, NULL, NULL); +} + /* Handle output of ASN1 data */ +/* cannot constify val because of CMS_dataFinal() */ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, const ASN1_ITEM *it) { @@ -332,12 +351,11 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, * set up to finalise when it is written through. */ if (!(flags & SMIME_DETACHED) || (flags & PKCS7_REUSE_DIGEST)) { - SMIME_crlf_copy(data, out, flags); - return 1; + return SMIME_crlf_copy(data, out, flags); } if (!aux || !aux->asn1_cb) { - ASN1err(ASN1_F_ASN1_OUTPUT_DATA, ASN1_R_STREAMING_NOT_SUPPORTED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED); return 0; } @@ -351,7 +369,8 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, return 0; /* Copy data across, passing through filter BIOs for processing */ - SMIME_crlf_copy(data, sarg.ndef_bio, flags); + if (!SMIME_crlf_copy(data, sarg.ndef_bio, flags)) + rv = 0; /* Finalize structure */ if (aux->asn1_cb(ASN1_OP_DETACHED_POST, &val, it, &sarg) <= 0) @@ -375,7 +394,9 @@ static int asn1_output_data(BIO *out, BIO *data, ASN1_VALUE *val, int flags, * opaque this is set to NULL */ -ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) +ASN1_VALUE *SMIME_read_ASN1_ex(BIO *bio, int flags, BIO **bcont, + const ASN1_ITEM *it, ASN1_VALUE **x, + OSSL_LIB_CTX *libctx, const char *propq) { BIO *asnin; STACK_OF(MIME_HEADER) *headers = NULL; @@ -389,14 +410,14 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) *bcont = NULL; if ((headers = mime_parse_hdr(bio)) == NULL) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_PARSE_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_PARSE_ERROR); return NULL; } if ((hdr = mime_hdr_find(headers, "content-type")) == NULL || hdr->value == NULL) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_CONTENT_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_CONTENT_TYPE); return NULL; } @@ -405,15 +426,15 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if (strcmp(hdr->value, "multipart/signed") == 0) { /* Split into two parts */ prm = mime_param_find(hdr, "boundary"); - if (!prm || !prm->param_value) { + if (prm == NULL || prm->param_value == NULL) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BOUNDARY); return NULL; } - ret = multi_split(bio, prm->param_value, &parts); + ret = multi_split(bio, flags, prm->param_value, &parts); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); if (!ret || (sk_BIO_num(parts) != 2)) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MULTIPART_BODY_FAILURE); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } @@ -422,7 +443,7 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) asnin = sk_BIO_value(parts, 1); if ((headers = mime_parse_hdr(asnin)) == NULL) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } @@ -432,23 +453,23 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if ((hdr = mime_hdr_find(headers, "content-type")) == NULL || hdr->value == NULL) { sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_SIG_CONTENT_TYPE); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } if (strcmp(hdr->value, "application/x-pkcs7-signature") && strcmp(hdr->value, "application/pkcs7-signature")) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_SIG_INVALID_MIME_TYPE, + "type: %s", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } sk_MIME_HEADER_pop_free(headers, mime_hdr_free); /* Read in ASN1 */ - if ((val = b64_read_asn1(asnin, it)) == NULL) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); + if ((val = b64_read_asn1(asnin, it, x, libctx, propq)) == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_SIG_PARSE_ERROR); sk_BIO_pop_free(parts, BIO_vfree); return NULL; } @@ -457,8 +478,9 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) *bcont = sk_BIO_value(parts, 0); BIO_free(asnin); sk_BIO_free(parts); - } else + } else { sk_BIO_pop_free(parts, BIO_vfree); + } return val; } @@ -466,20 +488,24 @@ ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) if (strcmp(hdr->value, "application/x-pkcs7-mime") && strcmp(hdr->value, "application/pkcs7-mime")) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE, + "type: %s", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return NULL; } sk_MIME_HEADER_pop_free(headers, mime_hdr_free); - if ((val = b64_read_asn1(bio, it)) == NULL) { - ASN1err(ASN1_F_SMIME_READ_ASN1, ASN1_R_ASN1_PARSE_ERROR); + if ((val = b64_read_asn1(bio, it, x, libctx, propq)) == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_ASN1_PARSE_ERROR); return NULL; } return val; +} +ASN1_VALUE *SMIME_read_ASN1(BIO *bio, BIO **bcont, const ASN1_ITEM *it) +{ + return SMIME_read_ASN1_ex(bio, 0, bcont, it, NULL, NULL, NULL); } /* Copy text from one BIO to another making the output CRLF at EOL */ @@ -495,8 +521,10 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) * when streaming as we don't end up with one OCTET STRING per line. */ bf = BIO_new(BIO_f_buffer()); - if (bf == NULL) + if (bf == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; + } out = BIO_push(bf, out); if (flags & SMIME_BINARY) { while ((len = BIO_read(in, linebuf, MAX_SMLEN)) > 0) @@ -507,7 +535,7 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_printf(out, "Content-Type: text/plain\r\n\r\n"); while ((len = BIO_gets(in, linebuf, MAX_SMLEN)) > 0) { eol = strip_eol(linebuf, &len, flags); - if (len) { + if (len > 0) { /* Not EOF: write out all CRLF */ if (flags & SMIME_ASCIICRLF) { int i; @@ -518,10 +546,11 @@ int SMIME_crlf_copy(BIO *in, BIO *out, int flags) BIO_write(out, linebuf, len); if (eol) BIO_write(out, "\r\n", 2); - } else if (flags & SMIME_ASCIICRLF) + } else if (flags & SMIME_ASCIICRLF) { eolcnt++; - else if (eol) + } else if (eol) { BIO_write(out, "\r\n", 2); + } } } ret = BIO_flush(out); @@ -542,18 +571,18 @@ int SMIME_text(BIO *in, BIO *out) MIME_HEADER *hdr; if ((headers = mime_parse_hdr(in)) == NULL) { - ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_PARSE_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_PARSE_ERROR); return 0; } if ((hdr = mime_hdr_find(headers, "content-type")) == NULL || hdr->value == NULL) { - ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_MIME_NO_CONTENT_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MIME_NO_CONTENT_TYPE); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return 0; } if (strcmp(hdr->value, "text/plain")) { - ASN1err(ASN1_F_SMIME_TEXT, ASN1_R_INVALID_MIME_TYPE); - ERR_add_error_data(2, "type: ", hdr->value); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_MIME_TYPE, + "type: %s", hdr->value); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return 0; } @@ -570,7 +599,7 @@ int SMIME_text(BIO *in, BIO *out) * canonical parts in a STACK of bios */ -static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) +static int multi_split(BIO *bio, int flags, const char *bound, STACK_OF(BIO) **ret) { char linebuf[MAX_SMLEN]; int len, blen; @@ -587,7 +616,7 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) *ret = parts; if (*ret == NULL) return 0; - while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { + while ((len = BIO_get_line(bio, linebuf, MAX_SMLEN)) > 0) { state = mime_bound_check(linebuf, len, bound, blen); if (state == 1) { first = 1; @@ -598,9 +627,9 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) return 0; } return 1; - } else if (part) { - /* Strip CR+LF from linebuf */ - next_eol = strip_eol(linebuf, &len, 0); + } else if (part != 0) { + /* Strip (possibly CR +) LF from linebuf */ + next_eol = strip_eol(linebuf, &len, flags); if (first) { first = 0; if (bpart) @@ -612,10 +641,20 @@ static int multi_split(BIO *bio, const char *bound, STACK_OF(BIO) **ret) if (bpart == NULL) return 0; BIO_set_mem_eof_return(bpart, 0); - } else if (eol) - BIO_write(bpart, "\r\n", 2); + } else if (eol) { + if ( +#ifndef OPENSSL_NO_CMS + (flags & CMS_BINARY) == 0 +#else + 1 +#endif + || (flags & SMIME_CRLFEOL) != 0) + BIO_write(bpart, "\r\n", 2); + else + BIO_write(bpart, "\n", 1); + } eol = next_eol; - if (len) + if (len > 0) BIO_write(bpart, linebuf, len); } } @@ -739,15 +778,16 @@ static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) goto err; mhdr = new_hdr; new_hdr = NULL; - } else if (state == MIME_VALUE) + } else if (state == MIME_VALUE) { mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); + } if (p == linebuf) break; /* Blank line means end of headers */ } return headers; -err: + err: mime_hdr_free(new_hdr); sk_MIME_HEADER_pop_free(headers, mime_hdr_free); return NULL; @@ -762,7 +802,7 @@ static char *strip_ends(char *name) static char *strip_start(char *name) { char *p, c; - /* Look for first non white space or quote */ + /* Look for first non whitespace or quote */ for (p = name; (c = *p); p++) { if (c == '"') { /* Next char is start of string if non null */ @@ -783,7 +823,7 @@ static char *strip_end(char *name) char *p, c; if (!name) return NULL; - /* Look for first non white space or quote */ + /* Look for first non whitespace or quote */ for (p = name + strlen(name) - 1; p >= name; p--) { c = *p; if (c == '"') { @@ -869,8 +909,8 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, const char *name, const char *va static int mime_hdr_cmp(const MIME_HEADER *const *a, const MIME_HEADER *const *b) { - if (!(*a)->name || !(*b)->name) - return ! !(*a)->name - ! !(*b)->name; + if ((*a)->name == NULL || (*b)->name == NULL) + return ((*a)->name != NULL) - ((*b)->name != NULL); return strcmp((*a)->name, (*b)->name); } @@ -878,8 +918,8 @@ static int mime_hdr_cmp(const MIME_HEADER *const *a, static int mime_param_cmp(const MIME_PARAM *const *a, const MIME_PARAM *const *b) { - if (!(*a)->param_name || !(*b)->param_name) - return ! !(*a)->param_name - ! !(*b)->param_name; + if ((*a)->param_name == NULL || (*b)->param_name == NULL) + return ((*a)->param_name != NULL) - ((*b)->param_name != NULL); return strcmp((*a)->param_name, (*b)->param_name); } @@ -959,11 +999,26 @@ static int strip_eol(char *linebuf, int *plen, int flags) char *p, c; int is_eol = 0; +#ifndef OPENSSL_NO_CMS + if ((flags & CMS_BINARY) != 0) { + if (len <= 0 || linebuf[len - 1] != '\n') + return 0; + if ((flags & SMIME_CRLFEOL) != 0) { + if (len <= 1 || linebuf[len - 2] != '\r') + return 0; + len--; + } + len--; + *plen = len; + return 1; + } +#endif + for (p = linebuf + len - 1; len > 0; len--, p--) { c = *p; if (c == '\n') { is_eol = 1; - } else if (is_eol && flags & SMIME_ASCIICRLF && c == 32) { + } else if (is_eol && (flags & SMIME_ASCIICRLF) != 0 && c == 32) { /* Strip trailing space on a line; 32 == ASCII for ' ' */ continue; } else if (c != '\r') { diff --git a/crypto/asn1/asn_moid.c b/crypto/asn1/asn_moid.c index 732ce972aa29..526219c1a723 100644 --- a/crypto/asn1/asn_moid.c +++ b/crypto/asn1/asn_moid.c @@ -1,7 +1,7 @@ /* - * Copyright 2002-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2002-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -29,13 +29,13 @@ static int oid_module_init(CONF_IMODULE *md, const CONF *cnf) oid_section = CONF_imodule_get_value(md); if ((sktmp = NCONF_get_section(cnf, oid_section)) == NULL) { - ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION); return 0; } for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { oval = sk_CONF_VALUE_value(sktmp, i); if (!do_create(oval->value, oval->name)) { - ASN1err(ASN1_F_OID_MODULE_INIT, ASN1_R_ADDING_OBJECT); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ADDING_OBJECT); return 0; } } @@ -84,7 +84,7 @@ static int do_create(const char *value, const char *name) } p++; if ((lntmp = OPENSSL_malloc((p - ln) + 1)) == NULL) { - ASN1err(ASN1_F_DO_CREATE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } memcpy(lntmp, ln, p - ln); diff --git a/crypto/asn1/asn_mstbl.c b/crypto/asn1/asn_mstbl.c index ddcbcd07fe6e..3543cd22568f 100644 --- a/crypto/asn1/asn_mstbl.c +++ b/crypto/asn1/asn_mstbl.c @@ -1,7 +1,7 @@ /* - * Copyright 2012-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2012-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -26,13 +26,13 @@ static int stbl_module_init(CONF_IMODULE *md, const CONF *cnf) stbl_section = CONF_imodule_get_value(md); if ((sktmp = NCONF_get_section(cnf, stbl_section)) == NULL) { - ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_ERROR_LOADING_SECTION); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_LOADING_SECTION); return 0; } for (i = 0; i < sk_CONF_VALUE_num(sktmp); i++) { mval = sk_CONF_VALUE_value(sktmp, i); if (!do_tcreate(mval->value, mval->name)) { - ASN1err(ASN1_F_STBL_MODULE_INIT, ASN1_R_INVALID_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_VALUE); return 0; } } @@ -96,17 +96,17 @@ static int do_tcreate(const char *value, const char *name) rv = 1; err: if (rv == 0) { - ASN1err(ASN1_F_DO_TCREATE, ASN1_R_INVALID_STRING_TABLE_VALUE); if (cnf) - ERR_add_error_data(4, "field=", cnf->name, - ", value=", cnf->value); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, + "field=%s, value=%s", cnf->name, cnf->value); else - ERR_add_error_data(4, "name=", name, ", value=", value); + ERR_raise_data(ERR_LIB_ASN1, ASN1_R_INVALID_STRING_TABLE_VALUE, + "name=%s, value=%s", name, value); } else { rv = ASN1_STRING_TABLE_add(nid, tbl_min, tbl_max, tbl_mask, tbl_flags); if (!rv) - ASN1err(ASN1_F_DO_TCREATE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); } sk_CONF_VALUE_pop_free(lst, X509V3_conf_free); return rv; diff --git a/crypto/asn1/asn_pack.c b/crypto/asn1/asn_pack.c index 63bc30675655..292e6d817697 100644 --- a/crypto/asn1/asn_pack.c +++ b/crypto/asn1/asn_pack.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -19,7 +19,7 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) if (oct == NULL || *oct == NULL) { if ((octmp = ASN1_STRING_new()) == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } } else { @@ -30,11 +30,11 @@ ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) octmp->data = NULL; if ((octmp->length = ASN1_item_i2d(obj, &octmp->data, it)) == 0) { - ASN1err(ASN1_F_ASN1_ITEM_PACK, ASN1_R_ENCODE_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ENCODE_ERROR); goto err; } if (octmp->data == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_PACK, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } @@ -57,6 +57,6 @@ void *ASN1_item_unpack(const ASN1_STRING *oct, const ASN1_ITEM *it) p = oct->data; if ((ret = ASN1_item_d2i(NULL, &p, oct->length, it)) == NULL) - ASN1err(ASN1_F_ASN1_ITEM_UNPACK, ASN1_R_DECODE_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_DECODE_ERROR); return ret; } diff --git a/crypto/asn1/bio_asn1.c b/crypto/asn1/bio_asn1.c index 17b0d1aa6cad..0ff239120451 100644 --- a/crypto/asn1/bio_asn1.c +++ b/crypto/asn1/bio_asn1.c @@ -1,7 +1,7 @@ /* * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -79,10 +79,8 @@ static int asn1_bio_setup_ex(BIO *b, BIO_ASN1_BUF_CTX *ctx, static const BIO_METHOD methods_asn1 = { BIO_TYPE_ASN1, "asn1", - /* TODO: Convert to new style write function */ bwrite_conv, asn1_bio_write, - /* TODO: Convert to new style read function */ bread_conv, asn1_bio_read, asn1_bio_puts, @@ -102,8 +100,10 @@ static int asn1_bio_new(BIO *b) { BIO_ASN1_BUF_CTX *ctx = OPENSSL_zalloc(sizeof(*ctx)); - if (ctx == NULL) + if (ctx == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; + } if (!asn1_bio_init(ctx, DEFAULT_ASN1_BUF_SIZE)) { OPENSSL_free(ctx); return 0; @@ -116,8 +116,8 @@ static int asn1_bio_new(BIO *b) static int asn1_bio_init(BIO_ASN1_BUF_CTX *ctx, int size) { - if ((ctx->buf = OPENSSL_malloc(size)) == NULL) { - ASN1err(ASN1_F_ASN1_BIO_INIT, ERR_R_MALLOC_FAILURE); + if (size <= 0 || (ctx->buf = OPENSSL_malloc(size)) == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } ctx->bufsize = size; diff --git a/crypto/asn1/bio_ndef.c b/crypto/asn1/bio_ndef.c index c8a776b482d0..e5b5319d7fd0 100644 --- a/crypto/asn1/bio_ndef.c +++ b/crypto/asn1/bio_ndef.c @@ -1,7 +1,7 @@ /* * Copyright 2008-2023 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -64,7 +64,7 @@ BIO *BIO_new_NDEF(BIO *out, ASN1_VALUE *val, const ASN1_ITEM *it) BIO *pop_bio = NULL; if (!aux || !aux->asn1_cb) { - ASN1err(ASN1_F_BIO_NEW_NDEF, ASN1_R_STREAMING_NOT_SUPPORTED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_STREAMING_NOT_SUPPORTED); return NULL; } ndef_aux = OPENSSL_zalloc(sizeof(*ndef_aux)); @@ -132,7 +132,7 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) unsigned char *p; int derlen; - if (!parg) + if (parg == NULL) return 0; ndef_aux = *(NDEF_SUPPORT **)parg; @@ -141,15 +141,15 @@ static int ndef_prefix(BIO *b, unsigned char **pbuf, int *plen, void *parg) if (derlen < 0) return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { - ASN1err(ASN1_F_NDEF_PREFIX, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } ndef_aux->derbuf = p; *pbuf = p; - derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); + ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); - if (!*ndef_aux->boundary) + if (*ndef_aux->boundary == NULL) return 0; *plen = *ndef_aux->boundary - *pbuf; @@ -162,7 +162,7 @@ static int ndef_prefix_free(BIO *b, unsigned char **pbuf, int *plen, { NDEF_SUPPORT *ndef_aux; - if (!parg) + if (parg == NULL) return 0; ndef_aux = *(NDEF_SUPPORT **)parg; @@ -197,7 +197,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) const ASN1_AUX *aux; ASN1_STREAM_ARG sarg; - if (!parg) + if (parg == NULL) return 0; ndef_aux = *(NDEF_SUPPORT **)parg; @@ -213,8 +213,10 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) return 0; derlen = ASN1_item_ndef_i2d(ndef_aux->val, NULL, ndef_aux->it); + if (derlen < 0) + return 0; if ((p = OPENSSL_malloc(derlen)) == NULL) { - ASN1err(ASN1_F_NDEF_SUFFIX, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } @@ -222,7 +224,7 @@ static int ndef_suffix(BIO *b, unsigned char **pbuf, int *plen, void *parg) *pbuf = p; derlen = ASN1_item_ndef_i2d(ndef_aux->val, &p, ndef_aux->it); - if (!*ndef_aux->boundary) + if (*ndef_aux->boundary == NULL) return 0; *pbuf = *ndef_aux->boundary; *plen = derlen - (*ndef_aux->boundary - ndef_aux->derbuf); diff --git a/crypto/asn1/build.info b/crypto/asn1/build.info index d3e92c81acfe..33b86fdd31f5 100644 --- a/crypto/asn1/build.info +++ b/crypto/asn1/build.info @@ -4,13 +4,20 @@ SOURCE[../../libcrypto]=\ a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c \ a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c \ x_algor.c x_val.c x_sig.c x_bignum.c \ - x_long.c x_int64.c x_info.c x_spki.c nsseq.c \ - d2i_pu.c d2i_pr.c i2d_pu.c i2d_pr.c\ + x_int64.c x_info.c x_spki.c nsseq.c \ + d2i_pu.c d2i_pr.c i2d_evp.c \ t_pkey.c t_spki.c t_bitst.c \ tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c tasn_typ.c \ tasn_prn.c tasn_scn.c ameth_lib.c \ - f_int.c f_string.c n_pkey.c \ + f_int.c f_string.c \ x_pkey.c bio_asn1.c bio_ndef.c asn_mime.c \ - asn1_gen.c asn1_par.c asn1_lib.c asn1_err.c a_strnid.c \ + asn1_gen.c asn1_parse.c asn1_lib.c asn1_err.c a_strnid.c \ evp_asn1.c asn_pack.c p5_pbe.c p5_pbev2.c p5_scrypt.c p8_pkey.c \ - asn_moid.c asn_mstbl.c asn1_item_list.c + asn_moid.c asn_mstbl.c asn1_item_list.c \ + d2i_param.c +IF[{- !$disabled{'rsa'} and !$disabled{'rc4'} -}] + SOURCE[../../libcrypto]=n_pkey.c +ENDIF +IF[{- !$disabled{'deprecated-3.0'} -}] + SOURCE[../../libcrypto]=x_long.c +ENDIF diff --git a/crypto/asn1/charmap.h b/crypto/asn1/charmap.h index 5630291bd58c..ac1eb076cc26 100644 --- a/crypto/asn1/charmap.h +++ b/crypto/asn1/charmap.h @@ -2,9 +2,9 @@ * WARNING: do not edit! * Generated by crypto/asn1/charmap.pl * - * Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/charmap.pl b/crypto/asn1/charmap.pl index 52fa5a7900ca..78053dee15fb 100644 --- a/crypto/asn1/charmap.pl +++ b/crypto/asn1/charmap.pl @@ -1,7 +1,7 @@ #! /usr/bin/env perl -# Copyright 2000-2022 The OpenSSL Project Authors. All Rights Reserved. +# Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. # -# Licensed under the OpenSSL license (the "License"). You may not use +# Licensed under the Apache License 2.0 (the "License"). You may not use # this file except in compliance with the License. You can obtain a copy # in the file LICENSE in the source distribution or at # https://www.openssl.org/source/license.html @@ -87,6 +87,7 @@ $arr[ord("?")] |= $PSTRING_CHAR; # Year the file was generated. my $YEAR = OpenSSL::copyright::year_of($0); + print <<EOF; /* * WARNING: do not edit! @@ -94,7 +95,7 @@ print <<EOF; * * Copyright 2000-$YEAR The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/d2i_param.c b/crypto/asn1/d2i_param.c new file mode 100644 index 000000000000..1a0e2bfe6da4 --- /dev/null +++ b/crypto/asn1/d2i_param.c @@ -0,0 +1,65 @@ +/* + * Copyright 2019-2021 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/evp.h> +#include <openssl/asn1.h> +#include "internal/asn1.h" +#include "crypto/asn1.h" +#include "crypto/evp.h" + +EVP_PKEY *d2i_KeyParams(int type, EVP_PKEY **a, const unsigned char **pp, + long length) +{ + EVP_PKEY *ret = NULL; + + if ((a == NULL) || (*a == NULL)) { + if ((ret = EVP_PKEY_new()) == NULL) + return NULL; + } else + ret = *a; + + if (type != EVP_PKEY_get_id(ret) && !EVP_PKEY_set_type(ret, type)) + goto err; + + if (ret->ameth == NULL || ret->ameth->param_decode == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); + goto err; + } + + if (!ret->ameth->param_decode(ret, pp, length)) + goto err; + + if (a != NULL) + (*a) = ret; + return ret; +err: + if (a == NULL || *a != ret) + EVP_PKEY_free(ret); + return NULL; +} + +EVP_PKEY *d2i_KeyParams_bio(int type, EVP_PKEY **a, BIO *in) +{ + BUF_MEM *b = NULL; + const unsigned char *p; + void *ret = NULL; + int len; + + len = asn1_d2i_read_bio(in, &b); + if (len < 0) + goto err; + + p = (unsigned char *)b->data; + ret = d2i_KeyParams(type, a, &p, len); +err: + BUF_MEM_free(b); + return ret; +} diff --git a/crypto/asn1/d2i_pr.c b/crypto/asn1/d2i_pr.c index 2094963036fe..720b7fd6c050 100644 --- a/crypto/asn1/d2i_pr.c +++ b/crypto/asn1/d2i_pr.c @@ -1,32 +1,89 @@ /* * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* We need to use some engine deprecated APIs */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/objects.h> +#include <openssl/decoder.h> #include <openssl/engine.h> #include <openssl/x509.h> #include <openssl/asn1.h> #include "crypto/asn1.h" #include "crypto/evp.h" +#include "internal/asn1.h" -EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, - long length) +static EVP_PKEY * +d2i_PrivateKey_decoder(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, const char *propq) +{ + OSSL_DECODER_CTX *dctx = NULL; + size_t len = length; + EVP_PKEY *pkey = NULL, *bak_a = NULL; + EVP_PKEY **ppkey = &pkey; + const char *key_name = NULL; + const char *input_structures[] = { "type-specific", "PrivateKeyInfo", NULL }; + int i, ret; + + if (keytype != EVP_PKEY_NONE) { + key_name = evp_pkey_type2name(keytype); + if (key_name == NULL) + return NULL; + } + + for (i = 0; i < (int)OSSL_NELEM(input_structures); ++i) { + const unsigned char *p = *pp; + + if (a != NULL && (bak_a = *a) != NULL) + ppkey = a; + dctx = OSSL_DECODER_CTX_new_for_pkey(ppkey, "DER", + input_structures[i], key_name, + EVP_PKEY_KEYPAIR, libctx, propq); + if (a != NULL) + *a = bak_a; + if (dctx == NULL) + continue; + + ret = OSSL_DECODER_from_data(dctx, pp, &len); + OSSL_DECODER_CTX_free(dctx); + if (ret) { + if (*ppkey != NULL + && evp_keymgmt_util_has(*ppkey, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) { + if (a != NULL) + *a = *ppkey; + return *ppkey; + } + *pp = p; + goto err; + } + } + /* Fall through to error if all decodes failed */ +err: + if (ppkey != a) + EVP_PKEY_free(*ppkey); + return NULL; +} + +EVP_PKEY * +ossl_d2i_PrivateKey_legacy(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, const char *propq) { EVP_PKEY *ret; const unsigned char *p = *pp; - if ((a == NULL) || (*a == NULL)) { + if (a == NULL || *a == NULL) { if ((ret = EVP_PKEY_new()) == NULL) { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); return NULL; } } else { @@ -37,35 +94,45 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, #endif } - if (!EVP_PKEY_set_type(ret, type)) { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + if (!EVP_PKEY_set_type(ret, keytype)) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; } + ERR_set_mark(); if (!ret->ameth->old_priv_decode || !ret->ameth->old_priv_decode(ret, &p, length)) { - if (ret->ameth->priv_decode) { + if (ret->ameth->priv_decode != NULL + || ret->ameth->priv_decode_ex != NULL) { EVP_PKEY *tmp; PKCS8_PRIV_KEY_INFO *p8 = NULL; p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); - if (!p8) + if (p8 == NULL) { + ERR_clear_last_mark(); goto err; - tmp = EVP_PKCS82PKEY(p8); + } + tmp = evp_pkcs82pkey_legacy(p8, libctx, propq); PKCS8_PRIV_KEY_INFO_free(p8); - if (tmp == NULL) + if (tmp == NULL) { + ERR_clear_last_mark(); goto err; + } EVP_PKEY_free(ret); ret = tmp; - if (EVP_PKEY_type(type) != EVP_PKEY_base_id(ret)) + ERR_pop_to_mark(); + if (EVP_PKEY_type(keytype) != EVP_PKEY_get_base_id(ret)) goto err; } else { - ASN1err(ASN1_F_D2I_PRIVATEKEY, ERR_R_ASN1_LIB); + ERR_clear_last_mark(); + ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); goto err; } + } else { + ERR_clear_last_mark(); } *pp = p; if (a != NULL) - (*a) = ret; + *a = ret; return ret; err: if (a == NULL || *a != ret) @@ -73,58 +140,36 @@ EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, return NULL; } -/* - * This works like d2i_PrivateKey() except it automatically works out the - * type - */ - -static EVP_PKEY *key_as_pkcs8(const unsigned char **pp, long length, int *carry_on) +EVP_PKEY *d2i_PrivateKey_ex(int keytype, EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq) { - const unsigned char *p = *pp; - PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); EVP_PKEY *ret; - if (p8 == NULL) - return NULL; - - ret = EVP_PKCS82PKEY(p8); + ret = d2i_PrivateKey_decoder(keytype, a, pp, length, libctx, propq); + /* try the legacy path if the decoder failed */ if (ret == NULL) - *carry_on = 0; - - PKCS8_PRIV_KEY_INFO_free(p8); - - if (ret != NULL) - *pp = p; - + ret = ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); return ret; } -EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, - long length) +EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, const unsigned char **pp, + long length) +{ + return d2i_PrivateKey_ex(type, a, pp, length, NULL, NULL); +} + +static EVP_PKEY *d2i_AutoPrivateKey_legacy(EVP_PKEY **a, + const unsigned char **pp, + long length, + OSSL_LIB_CTX *libctx, + const char *propq) { STACK_OF(ASN1_TYPE) *inkey; const unsigned char *p; int keytype; - EVP_PKEY *ret = NULL; - int carry_on = 1; - - ERR_set_mark(); - ret = key_as_pkcs8(pp, length, &carry_on); - if (ret != NULL) { - ERR_clear_last_mark(); - if (a != NULL) - *a = ret; - return ret; - } - if (carry_on == 0) { - ERR_clear_last_mark(); - ASN1err(ASN1_F_D2I_AUTOPRIVATEKEY, - ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return NULL; - } p = *pp; - /* * Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): by * analyzing it we can determine the passed structure: this assumes the @@ -136,19 +181,55 @@ EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, * Since we only need to discern "traditional format" RSA and DSA keys we * can just count the elements. */ - if (sk_ASN1_TYPE_num(inkey) == 6) + if (sk_ASN1_TYPE_num(inkey) == 6) { keytype = EVP_PKEY_DSA; - else if (sk_ASN1_TYPE_num(inkey) == 4) + } else if (sk_ASN1_TYPE_num(inkey) == 4) { keytype = EVP_PKEY_EC; - else + } else if (sk_ASN1_TYPE_num(inkey) == 3) { /* This seems to be PKCS8, not + * traditional format */ + PKCS8_PRIV_KEY_INFO *p8 = d2i_PKCS8_PRIV_KEY_INFO(NULL, &p, length); + EVP_PKEY *ret; + + sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + if (p8 == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return NULL; + } + ret = evp_pkcs82pkey_legacy(p8, libctx, propq); + PKCS8_PRIV_KEY_INFO_free(p8); + if (ret == NULL) + return NULL; + *pp = p; + if (a != NULL) { + *a = ret; + } + return ret; + } else { keytype = EVP_PKEY_RSA; + } sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); + return ossl_d2i_PrivateKey_legacy(keytype, a, pp, length, libctx, propq); +} - ret = d2i_PrivateKey(keytype, a, pp, length); - if (ret != NULL) - ERR_pop_to_mark(); - else - ERR_clear_last_mark(); +/* + * This works like d2i_PrivateKey() except it passes the keytype as + * EVP_PKEY_NONE, which then figures out the type during decoding. + */ +EVP_PKEY *d2i_AutoPrivateKey_ex(EVP_PKEY **a, const unsigned char **pp, + long length, OSSL_LIB_CTX *libctx, + const char *propq) +{ + EVP_PKEY *ret; + ret = d2i_PrivateKey_decoder(EVP_PKEY_NONE, a, pp, length, libctx, propq); + /* try the legacy path if the decoder failed */ + if (ret == NULL) + ret = d2i_AutoPrivateKey_legacy(a, pp, length, libctx, propq); return ret; } + +EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, const unsigned char **pp, + long length) +{ + return d2i_AutoPrivateKey_ex(a, pp, length, NULL, NULL); +} diff --git a/crypto/asn1/d2i_pu.c b/crypto/asn1/d2i_pu.c index 8327ac16ca9c..cf7825c43903 100644 --- a/crypto/asn1/d2i_pu.c +++ b/crypto/asn1/d2i_pu.c @@ -1,12 +1,18 @@ /* - * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ +/* + * DSA low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/bn.h> @@ -23,55 +29,70 @@ EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, const unsigned char **pp, long length) { EVP_PKEY *ret; + EVP_PKEY *copy = NULL; if ((a == NULL) || (*a == NULL)) { if ((ret = EVP_PKEY_new()) == NULL) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); return NULL; } - } else + } else { ret = *a; - if (type != EVP_PKEY_id(ret) && !EVP_PKEY_set_type(ret, type)) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_EVP_LIB); +#ifndef OPENSSL_NO_EC + if (evp_pkey_is_provided(ret) + && EVP_PKEY_get_base_id(ret) == EVP_PKEY_EC) { + if (!evp_pkey_copy_downgraded(©, ret)) + goto err; + } +#endif + } + + if ((type != EVP_PKEY_get_id(ret) || copy != NULL) + && !EVP_PKEY_set_type(ret, type)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_EVP_LIB); goto err; } - switch (EVP_PKEY_id(ret)) { -#ifndef OPENSSL_NO_RSA + switch (EVP_PKEY_get_base_id(ret)) { case EVP_PKEY_RSA: if ((ret->pkey.rsa = d2i_RSAPublicKey(NULL, pp, length)) == NULL) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); goto err; } break; -#endif #ifndef OPENSSL_NO_DSA case EVP_PKEY_DSA: - /* TMP UGLY CAST */ if (!d2i_DSAPublicKey(&ret->pkey.dsa, pp, length)) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); goto err; } break; #endif #ifndef OPENSSL_NO_EC case EVP_PKEY_EC: + if (copy != NULL) { + /* use downgraded parameters from copy */ + ret->pkey.ec = copy->pkey.ec; + copy->pkey.ec = NULL; + } if (!o2i_ECPublicKey(&ret->pkey.ec, pp, length)) { - ASN1err(ASN1_F_D2I_PUBLICKEY, ERR_R_ASN1_LIB); + ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB); goto err; } break; #endif default: - ASN1err(ASN1_F_D2I_PUBLICKEY, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); goto err; } if (a != NULL) (*a) = ret; + EVP_PKEY_free(copy); return ret; err: if (a == NULL || *a != ret) EVP_PKEY_free(ret); + EVP_PKEY_free(copy); return NULL; } diff --git a/crypto/asn1/evp_asn1.c b/crypto/asn1/evp_asn1.c index 895085a520a1..13d8ed3893ab 100644 --- a/crypto/asn1/evp_asn1.c +++ b/crypto/asn1/evp_asn1.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -11,6 +11,7 @@ #include "internal/cryptlib.h" #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include "crypto/asn1.h" int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) { @@ -26,14 +27,17 @@ int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) return 1; } -/* int max_len: for returned value */ +/* int max_len: for returned value + * if passing NULL in data, nothing is copied but the necessary length + * for it is returned. + */ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_len) { int ret, num; const unsigned char *p; if ((a->type != V_ASN1_OCTET_STRING) || (a->value.octet_string == NULL)) { - ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING, ASN1_R_DATA_IS_WRONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); return -1; } p = ASN1_STRING_get0_data(a->value.octet_string); @@ -42,7 +46,36 @@ int ASN1_TYPE_get_octetstring(const ASN1_TYPE *a, unsigned char *data, int max_l num = ret; else num = max_len; - memcpy(data, p, num); + if (num > 0 && data != NULL) + memcpy(data, p, num); + return ret; +} + +static ossl_inline void asn1_type_init_oct(ASN1_OCTET_STRING *oct, + unsigned char *data, int len) +{ + oct->data = data; + oct->type = V_ASN1_OCTET_STRING; + oct->length = len; + oct->flags = 0; +} + +static int asn1_type_get_int_oct(ASN1_OCTET_STRING *oct, int32_t anum, + long *num, unsigned char *data, int max_len) +{ + int ret = ASN1_STRING_length(oct), n; + + if (num != NULL) + *num = anum; + + if (max_len > ret) + n = ret; + else + n = max_len; + + if (data != NULL) + memcpy(data, ASN1_STRING_get0_data(oct), n); + return ret; } @@ -66,25 +99,18 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, atmp.num = num; atmp.oct = &oct; - oct.data = data; - oct.type = V_ASN1_OCTET_STRING; - oct.length = len; - oct.flags = 0; + asn1_type_init_oct(&oct, data, len); if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_int_oct), &atmp, &a)) return 1; return 0; } -/* - * we return the actual length... - */ -/* int max_len: for returned value */ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, unsigned char *data, int max_len) { asn1_int_oct *atmp = NULL; - int ret = -1, n; + int ret = -1; if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) { goto err; @@ -95,21 +121,67 @@ int ASN1_TYPE_get_int_octetstring(const ASN1_TYPE *a, long *num, if (atmp == NULL) goto err; - if (num != NULL) - *num = atmp->num; + ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); - ret = ASN1_STRING_length(atmp->oct); - if (max_len > ret) - n = ret; - else - n = max_len; - - if (data != NULL) - memcpy(data, ASN1_STRING_get0_data(atmp->oct), n); if (ret == -1) { err: - ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING, ASN1_R_DATA_IS_WRONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); } M_ASN1_free_of(atmp, asn1_int_oct); return ret; } + +typedef struct { + ASN1_OCTET_STRING *oct; + int32_t num; +} asn1_oct_int; + +/* + * Defined in RFC 5084 - + * Section 2. "Content-Authenticated Encryption Algorithms" + */ +ASN1_SEQUENCE(asn1_oct_int) = { + ASN1_SIMPLE(asn1_oct_int, oct, ASN1_OCTET_STRING), + ASN1_EMBED(asn1_oct_int, num, INT32) +} static_ASN1_SEQUENCE_END(asn1_oct_int) + +DECLARE_ASN1_ITEM(asn1_oct_int) + +int ossl_asn1_type_set_octetstring_int(ASN1_TYPE *a, long num, + unsigned char *data, int len) +{ + asn1_oct_int atmp; + ASN1_OCTET_STRING oct; + + atmp.num = num; + atmp.oct = &oct; + asn1_type_init_oct(&oct, data, len); + + if (ASN1_TYPE_pack_sequence(ASN1_ITEM_rptr(asn1_oct_int), &atmp, &a)) + return 1; + return 0; +} + +int ossl_asn1_type_get_octetstring_int(const ASN1_TYPE *a, long *num, + unsigned char *data, int max_len) +{ + asn1_oct_int *atmp = NULL; + int ret = -1; + + if ((a->type != V_ASN1_SEQUENCE) || (a->value.sequence == NULL)) + goto err; + + atmp = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(asn1_oct_int), a); + + if (atmp == NULL) + goto err; + + ret = asn1_type_get_int_oct(atmp->oct, atmp->num, num, data, max_len); + + if (ret == -1) { + err: + ERR_raise(ERR_LIB_ASN1, ASN1_R_DATA_IS_WRONG); + } + M_ASN1_free_of(atmp, asn1_oct_int); + return ret; +} diff --git a/crypto/asn1/f_int.c b/crypto/asn1/f_int.c index 3a18381173d4..d41e0069af63 100644 --- a/crypto/asn1/f_int.c +++ b/crypto/asn1/f_int.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -100,7 +100,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) k = 0; i -= again; if (i % 2 != 0) { - ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_ODD_NUMBER_OF_CHARS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); OPENSSL_free(s); return 0; } @@ -108,7 +108,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) if (num + i > slen) { sp = OPENSSL_clear_realloc(s, slen, num + i * 2); if (sp == NULL) { - ASN1err(ASN1_F_A2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_free(s); return 0; } @@ -119,8 +119,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) for (n = 0; n < 2; n++) { m = OPENSSL_hexchar2int(bufp[k + n]); if (m < 0) { - ASN1err(ASN1_F_A2I_ASN1_INTEGER, - ASN1_R_NON_HEX_CHARACTERS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS); goto err; } s[num + j] <<= 4; @@ -137,7 +136,7 @@ int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) bs->data = s; return 1; err: - ASN1err(ASN1_F_A2I_ASN1_INTEGER, ASN1_R_SHORT_LINE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE); OPENSSL_free(s); return 0; } diff --git a/crypto/asn1/f_string.c b/crypto/asn1/f_string.c index 53dfec71b5d4..4b65110d9866 100644 --- a/crypto/asn1/f_string.c +++ b/crypto/asn1/f_string.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -91,7 +91,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) k = 0; i -= again; if (i % 2 != 0) { - ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_ODD_NUMBER_OF_CHARS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ODD_NUMBER_OF_CHARS); OPENSSL_free(s); return 0; } @@ -99,7 +99,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) if (num + i > slen) { sp = OPENSSL_realloc(s, (unsigned int)num + i * 2); if (sp == NULL) { - ASN1err(ASN1_F_A2I_ASN1_STRING, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); OPENSSL_free(s); return 0; } @@ -110,8 +110,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) for (n = 0; n < 2; n++) { m = OPENSSL_hexchar2int(bufp[k + n]); if (m < 0) { - ASN1err(ASN1_F_A2I_ASN1_STRING, - ASN1_R_NON_HEX_CHARACTERS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NON_HEX_CHARACTERS); OPENSSL_free(s); return 0; } @@ -130,7 +129,7 @@ int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) return 1; err: - ASN1err(ASN1_F_A2I_ASN1_STRING, ASN1_R_SHORT_LINE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_SHORT_LINE); OPENSSL_free(s); return 0; } diff --git a/crypto/asn1/i2d_evp.c b/crypto/asn1/i2d_evp.c new file mode 100644 index 000000000000..0d66411be8fd --- /dev/null +++ b/crypto/asn1/i2d_evp.c @@ -0,0 +1,149 @@ +/* + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +/* + * Low level APIs are deprecated for public use, but still ok for + * internal use. + */ +#include "internal/deprecated.h" + +#include <stdio.h> +#include "internal/cryptlib.h" +#include <openssl/evp.h> +#include <openssl/encoder.h> +#include <openssl/buffer.h> +#include <openssl/x509.h> +#include <openssl/rsa.h> /* For i2d_RSAPublicKey */ +#include <openssl/dsa.h> /* For i2d_DSAPublicKey */ +#include <openssl/ec.h> /* For i2o_ECPublicKey */ +#include "crypto/asn1.h" +#include "crypto/evp.h" + +struct type_and_structure_st { + const char *output_type; + const char *output_structure; +}; + +static int i2d_provided(const EVP_PKEY *a, int selection, + const struct type_and_structure_st *output_info, + unsigned char **pp) +{ + OSSL_ENCODER_CTX *ctx = NULL; + int ret; + + for (ret = -1; + ret == -1 && output_info->output_type != NULL; + output_info++) { + /* + * The i2d_ calls don't take a boundary length for *pp. However, + * OSSL_ENCODER_to_data() needs one, so we make one up. Because + * OSSL_ENCODER_to_data() decrements this number by the amount of + * bytes written, we need to calculate the length written further + * down, when pp != NULL. + */ + size_t len = INT_MAX; + int pp_was_NULL = (pp == NULL || *pp == NULL); + + ctx = OSSL_ENCODER_CTX_new_for_pkey(a, selection, + output_info->output_type, + output_info->output_structure, + NULL); + if (ctx == NULL) + return -1; + if (OSSL_ENCODER_to_data(ctx, pp, &len)) { + if (pp_was_NULL) + ret = (int)len; + else + ret = INT_MAX - (int)len; + } + OSSL_ENCODER_CTX_free(ctx); + ctx = NULL; + } + + if (ret == -1) + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); + return ret; +} + +int i2d_KeyParams(const EVP_PKEY *a, unsigned char **pp) +{ + if (evp_pkey_is_provided(a)) { + static const struct type_and_structure_st output_info[] = { + { "DER", "type-specific" }, + { NULL, } + }; + + return i2d_provided(a, EVP_PKEY_KEY_PARAMETERS, output_info, pp); + } + if (a->ameth != NULL && a->ameth->param_encode != NULL) + return a->ameth->param_encode(a, pp); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_TYPE); + return -1; +} + +int i2d_KeyParams_bio(BIO *bp, const EVP_PKEY *pkey) +{ + return ASN1_i2d_bio_of(EVP_PKEY, i2d_KeyParams, bp, pkey); +} + +int i2d_PrivateKey(const EVP_PKEY *a, unsigned char **pp) +{ + if (evp_pkey_is_provided(a)) { + static const struct type_and_structure_st output_info[] = { + { "DER", "type-specific" }, + { "DER", "PrivateKeyInfo" }, + { NULL, } + }; + + return i2d_provided(a, EVP_PKEY_KEYPAIR, output_info, pp); + } + if (a->ameth != NULL && a->ameth->old_priv_encode != NULL) { + return a->ameth->old_priv_encode(a, pp); + } + if (a->ameth != NULL && a->ameth->priv_encode != NULL) { + PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); + int ret = 0; + + if (p8 != NULL) { + ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); + PKCS8_PRIV_KEY_INFO_free(p8); + } + return ret; + } + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return -1; +} + +int i2d_PublicKey(const EVP_PKEY *a, unsigned char **pp) +{ + if (evp_pkey_is_provided(a)) { + static const struct type_and_structure_st output_info[] = { + { "DER", "type-specific" }, + { "blob", NULL }, /* for EC */ + { NULL, } + }; + + return i2d_provided(a, EVP_PKEY_PUBLIC_KEY, output_info, pp); + } + switch (EVP_PKEY_get_base_id(a)) { + case EVP_PKEY_RSA: + return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); +#ifndef OPENSSL_NO_DSA + case EVP_PKEY_DSA: + return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp); +#endif +#ifndef OPENSSL_NO_EC + case EVP_PKEY_EC: + return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp); +#endif + default: + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); + return -1; + } +} diff --git a/crypto/asn1/i2d_pr.c b/crypto/asn1/i2d_pr.c deleted file mode 100644 index 0374c0bfbdc0..000000000000 --- a/crypto/asn1/i2d_pr.c +++ /dev/null @@ -1,33 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/evp.h> -#include <openssl/x509.h> -#include "crypto/asn1.h" -#include "crypto/evp.h" - -int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) -{ - if (a->ameth && a->ameth->old_priv_encode) { - return a->ameth->old_priv_encode(a, pp); - } - if (a->ameth && a->ameth->priv_encode) { - PKCS8_PRIV_KEY_INFO *p8 = EVP_PKEY2PKCS8(a); - int ret = 0; - if (p8 != NULL) { - ret = i2d_PKCS8_PRIV_KEY_INFO(p8, pp); - PKCS8_PRIV_KEY_INFO_free(p8); - } - return ret; - } - ASN1err(ASN1_F_I2D_PRIVATEKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return -1; -} diff --git a/crypto/asn1/i2d_pu.c b/crypto/asn1/i2d_pu.c deleted file mode 100644 index 8986c43cbee5..000000000000 --- a/crypto/asn1/i2d_pu.c +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include <stdio.h> -#include "internal/cryptlib.h" -#include <openssl/bn.h> -#include <openssl/evp.h> -#include <openssl/objects.h> -#include <openssl/rsa.h> -#include <openssl/dsa.h> -#include <openssl/ec.h> - -int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) -{ - switch (EVP_PKEY_id(a)) { -#ifndef OPENSSL_NO_RSA - case EVP_PKEY_RSA: - return i2d_RSAPublicKey(EVP_PKEY_get0_RSA(a), pp); -#endif -#ifndef OPENSSL_NO_DSA - case EVP_PKEY_DSA: - return i2d_DSAPublicKey(EVP_PKEY_get0_DSA(a), pp); -#endif -#ifndef OPENSSL_NO_EC - case EVP_PKEY_EC: - return i2o_ECPublicKey(EVP_PKEY_get0_EC_KEY(a), pp); -#endif - default: - ASN1err(ASN1_F_I2D_PUBLICKEY, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE); - return -1; - } -} diff --git a/crypto/asn1/n_pkey.c b/crypto/asn1/n_pkey.c index d1fb8a146d62..eb0918f79f97 100644 --- a/crypto/asn1/n_pkey.c +++ b/crypto/asn1/n_pkey.c @@ -1,26 +1,26 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html */ -#include "openssl/opensslconf.h" -#ifdef OPENSSL_NO_RSA -NON_EMPTY_TRANSLATION_UNIT -#else - -# include "internal/cryptlib.h" -# include <stdio.h> -# include <openssl/rsa.h> -# include <openssl/objects.h> -# include <openssl/asn1t.h> -# include <openssl/evp.h> -# include <openssl/x509.h> - -# ifndef OPENSSL_NO_RC4 +#include <openssl/opensslconf.h> +#include "internal/cryptlib.h" +#include <stdio.h> +#include <openssl/rsa.h> +#include <openssl/objects.h> +#include <openssl/asn1t.h> +#include <openssl/evp.h> +#include <openssl/x509.h> + +#define ASN1_BROKEN_SEQUENCE(tname) \ + static const ASN1_AUX tname##_aux = {NULL, ASN1_AFLG_BROKEN, 0, 0, 0, 0}; \ + ASN1_SEQUENCE(tname) +#define static_ASN1_BROKEN_SEQUENCE_END(stname) \ + static_ASN1_SEQUENCE_END_ref(stname, stname) typedef struct netscape_pkey_st { int32_t version; @@ -43,9 +43,9 @@ ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) } static_ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) -DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY,NETSCAPE_ENCRYPTED_PKEY) -IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) +DECLARE_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_ENCRYPTED_PKEY, NETSCAPE_ENCRYPTED_PKEY) +IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_ENCRYPTED_PKEY) ASN1_SEQUENCE(NETSCAPE_PKEY) = { ASN1_EMBED(NETSCAPE_PKEY, version, INT32), @@ -53,10 +53,6 @@ ASN1_SEQUENCE(NETSCAPE_PKEY) = { ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) } static_ASN1_SEQUENCE_END(NETSCAPE_PKEY) -DECLARE_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) -DECLARE_ASN1_ENCODE_FUNCTIONS_const(NETSCAPE_PKEY,NETSCAPE_PKEY) -IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) - -# endif /* OPENSSL_NO_RC4 */ - -#endif +DECLARE_ASN1_FUNCTIONS(NETSCAPE_PKEY) +DECLARE_ASN1_ENCODE_FUNCTIONS_name(NETSCAPE_PKEY, NETSCAPE_PKEY) +IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_PKEY) diff --git a/crypto/asn1/nsseq.c b/crypto/asn1/nsseq.c index c7baf40d30f5..09dc24f25f8d 100644 --- a/crypto/asn1/nsseq.c +++ b/crypto/asn1/nsseq.c @@ -1,7 +1,7 @@ /* * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/p5_pbe.c b/crypto/asn1/p5_pbe.c index ab7e16898fa3..9bc8aaa7a31e 100644 --- a/crypto/asn1/p5_pbe.c +++ b/crypto/asn1/p5_pbe.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -24,8 +24,9 @@ IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) /* Set an algorithm identifier for a PKCS#5 PBE algorithm */ -int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, - const unsigned char *salt, int saltlen) +int PKCS5_pbe_set0_algor_ex(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *ctx) { PBEPARAM *pbe = NULL; ASN1_STRING *pbe_str = NULL; @@ -33,33 +34,35 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, pbe = PBEPARAM_new(); if (pbe == NULL) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } if (iter <= 0) iter = PKCS5_DEFAULT_ITER; if (!ASN1_INTEGER_set(pbe->iter, iter)) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } if (!saltlen) saltlen = PKCS5_SALT_LEN; + if (saltlen < 0) + goto err; sstr = OPENSSL_malloc(saltlen); if (sstr == NULL) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } if (salt) memcpy(sstr, salt, saltlen); - else if (RAND_bytes(sstr, saltlen) <= 0) + else if (RAND_bytes_ex(ctx, sstr, saltlen, 0) <= 0) goto err; ASN1_STRING_set0(pbe->salt, sstr, saltlen); sstr = NULL; if (!ASN1_item_pack(pbe, ASN1_ITEM_rptr(PBEPARAM), &pbe_str)) { - ASN1err(ASN1_F_PKCS5_PBE_SET0_ALGOR, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } @@ -76,21 +79,35 @@ int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, return 0; } +int PKCS5_pbe_set0_algor(X509_ALGOR *algor, int alg, int iter, + const unsigned char *salt, int saltlen) +{ + return PKCS5_pbe_set0_algor_ex(algor, alg, iter, salt, saltlen, NULL); +} + /* Return an algorithm identifier for a PKCS#5 PBE algorithm */ -X509_ALGOR *PKCS5_pbe_set(int alg, int iter, - const unsigned char *salt, int saltlen) +X509_ALGOR *PKCS5_pbe_set_ex(int alg, int iter, + const unsigned char *salt, int saltlen, + OSSL_LIB_CTX *ctx) { X509_ALGOR *ret; ret = X509_ALGOR_new(); if (ret == NULL) { - ASN1err(ASN1_F_PKCS5_PBE_SET, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } - if (PKCS5_pbe_set0_algor(ret, alg, iter, salt, saltlen)) + if (PKCS5_pbe_set0_algor_ex(ret, alg, iter, salt, saltlen, ctx)) return ret; X509_ALGOR_free(ret); return NULL; } + +X509_ALGOR *PKCS5_pbe_set(int alg, int iter, + const unsigned char *salt, int saltlen) +{ + return PKCS5_pbe_set_ex(alg, iter, salt, saltlen, NULL); +} + diff --git a/crypto/asn1/p5_pbev2.c b/crypto/asn1/p5_pbev2.c index f91ba08f1ea4..711743a77b59 100644 --- a/crypto/asn1/p5_pbev2.c +++ b/crypto/asn1/p5_pbev2.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -10,6 +10,8 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/asn1t.h> +#include <openssl/core.h> +#include <openssl/core_names.h> #include <openssl/x509.h> #include <openssl/rand.h> @@ -37,20 +39,20 @@ IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) * and IV. */ -X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, - unsigned char *salt, int saltlen, - unsigned char *aiv, int prf_nid) +X509_ALGOR *PKCS5_pbe2_set_iv_ex(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid, + OSSL_LIB_CTX *libctx) { X509_ALGOR *scheme = NULL, *ret = NULL; - int alg_nid, keylen; + int alg_nid, keylen, ivlen; EVP_CIPHER_CTX *ctx = NULL; unsigned char iv[EVP_MAX_IV_LENGTH]; PBE2PARAM *pbe2 = NULL; - alg_nid = EVP_CIPHER_type(cipher); + alg_nid = EVP_CIPHER_get_type(cipher); if (alg_nid == NID_undef) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, - ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; } @@ -64,10 +66,11 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, goto merr; /* Create random IV */ - if (EVP_CIPHER_iv_length(cipher)) { + ivlen = EVP_CIPHER_get_iv_length(cipher); + if (ivlen > 0) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) + memcpy(iv, aiv, ivlen); + else if (RAND_bytes_ex(libctx, iv, ivlen, 0) <= 0) goto err; } @@ -79,25 +82,26 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, if (!EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0)) goto err; if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); goto err; } /* * If prf NID unspecified see if cipher has a preference. An error is OK * here: just means use default PRF. */ + ERR_set_mark(); if ((prf_nid == -1) && EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_PBE_PRF_NID, 0, &prf_nid) <= 0) { - ERR_clear_error(); prf_nid = NID_hmacWithSHA256; } + ERR_pop_to_mark(); EVP_CIPHER_CTX_free(ctx); ctx = NULL; /* If its RC2 then we'd better setup the key length */ if (alg_nid == NID_rc2_cbc) - keylen = EVP_CIPHER_key_length(cipher); + keylen = EVP_CIPHER_get_key_length(cipher); else keylen = -1; @@ -105,9 +109,10 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, X509_ALGOR_free(pbe2->keyfunc); - pbe2->keyfunc = PKCS5_pbkdf2_set(iter, salt, saltlen, prf_nid, keylen); + pbe2->keyfunc = PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, + libctx); - if (!pbe2->keyfunc) + if (pbe2->keyfunc == NULL) goto merr; /* Now set up top level AlgorithmIdentifier */ @@ -129,7 +134,7 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, return ret; merr: - ASN1err(ASN1_F_PKCS5_PBE2_SET_IV, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); err: EVP_CIPHER_CTX_free(ctx); @@ -140,14 +145,25 @@ X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, return NULL; } +X509_ALGOR *PKCS5_pbe2_set_iv(const EVP_CIPHER *cipher, int iter, + unsigned char *salt, int saltlen, + unsigned char *aiv, int prf_nid) +{ + return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, aiv, prf_nid, + NULL); +} + X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, unsigned char *salt, int saltlen) { - return PKCS5_pbe2_set_iv(cipher, iter, salt, saltlen, NULL, -1); + return PKCS5_pbe2_set_iv_ex(cipher, iter, salt, saltlen, NULL, -1, + NULL); } -X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, - int prf_nid, int keylen) + +X509_ALGOR *PKCS5_pbkdf2_set_ex(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen, + OSSL_LIB_CTX *libctx) { X509_ALGOR *keyfunc = NULL; PBKDF2PARAM *kdf = NULL; @@ -161,6 +177,8 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, kdf->salt->value.octet_string = osalt; kdf->salt->type = V_ASN1_OCTET_STRING; + if (saltlen < 0) + goto merr; if (saltlen == 0) saltlen = PKCS5_SALT_LEN; if ((osalt->data = OPENSSL_malloc(saltlen)) == NULL) @@ -170,7 +188,7 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, if (salt) memcpy(osalt->data, salt, saltlen); - else if (RAND_bytes(osalt->data, saltlen) <= 0) + else if (RAND_bytes_ex(libctx, osalt->data, saltlen, 0) <= 0) goto merr; if (iter <= 0) @@ -214,8 +232,15 @@ X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, return keyfunc; merr: - ASN1err(ASN1_F_PKCS5_PBKDF2_SET, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); PBKDF2PARAM_free(kdf); X509_ALGOR_free(keyfunc); return NULL; } + +X509_ALGOR *PKCS5_pbkdf2_set(int iter, unsigned char *salt, int saltlen, + int prf_nid, int keylen) +{ + return PKCS5_pbkdf2_set_ex(iter, salt, saltlen, prf_nid, keylen, NULL); +} + diff --git a/crypto/asn1/p5_scrypt.c b/crypto/asn1/p5_scrypt.c index 1491d96ec8d3..a02190d0dc11 100644 --- a/crypto/asn1/p5_scrypt.c +++ b/crypto/asn1/p5_scrypt.c @@ -1,7 +1,7 @@ /* - * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -10,10 +10,12 @@ #include <stdio.h> #include "internal/cryptlib.h" #include <openssl/asn1t.h> +#include <openssl/core_names.h> #include <openssl/err.h> #include <openssl/evp.h> #include <openssl/x509.h> #include <openssl/rand.h> +#include "crypto/evp.h" #ifndef OPENSSL_NO_SCRYPT /* PKCS#5 scrypt password based encryption structures */ @@ -49,20 +51,18 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, PBE2PARAM *pbe2 = NULL; if (!cipher) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_PASSED_NULL_PARAMETER); + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); goto err; } if (EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, - ASN1_R_INVALID_SCRYPT_PARAMETERS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_SCRYPT_PARAMETERS); goto err; } - alg_nid = EVP_CIPHER_type(cipher); + alg_nid = EVP_CIPHER_get_type(cipher); if (alg_nid == NID_undef) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, - ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); + ERR_raise(ERR_LIB_ASN1, ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); goto err; } @@ -79,10 +79,10 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, goto merr; /* Create random IV */ - if (EVP_CIPHER_iv_length(cipher)) { + if (EVP_CIPHER_get_iv_length(cipher)) { if (aiv) - memcpy(iv, aiv, EVP_CIPHER_iv_length(cipher)); - else if (RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)) <= 0) + memcpy(iv, aiv, EVP_CIPHER_get_iv_length(cipher)); + else if (RAND_bytes(iv, EVP_CIPHER_get_iv_length(cipher)) <= 0) goto err; } @@ -94,8 +94,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, if (EVP_CipherInit_ex(ctx, cipher, NULL, NULL, iv, 0) == 0) goto err; if (EVP_CIPHER_param_to_asn1(ctx, scheme->parameter) <= 0) { - ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, - ASN1_R_ERROR_SETTING_CIPHER_PARAMS); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ERROR_SETTING_CIPHER_PARAMS); goto err; } EVP_CIPHER_CTX_free(ctx); @@ -104,7 +103,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, /* If its RC2 then we'd better setup the key length */ if (alg_nid == NID_rc2_cbc) - keylen = EVP_CIPHER_key_length(cipher); + keylen = EVP_CIPHER_get_key_length(cipher); /* Setup keyfunc */ @@ -135,7 +134,7 @@ X509_ALGOR *PKCS5_pbe2_set_scrypt(const EVP_CIPHER *cipher, return ret; merr: - ASN1err(ASN1_F_PKCS5_PBE2_SET_SCRYPT, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); err: PBE2PARAM_free(pbe2); @@ -202,26 +201,27 @@ static X509_ALGOR *pkcs5_scrypt_set(const unsigned char *salt, size_t saltlen, return keyfunc; merr: - ASN1err(ASN1_F_PKCS5_SCRYPT_SET, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); err: SCRYPT_PARAMS_free(sparam); X509_ALGOR_free(keyfunc); return NULL; } -int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, - int passlen, ASN1_TYPE *param, - const EVP_CIPHER *c, const EVP_MD *md, int en_de) +int PKCS5_v2_scrypt_keyivgen_ex(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de, + OSSL_LIB_CTX *libctx, const char *propq) { unsigned char *salt, key[EVP_MAX_KEY_LENGTH]; uint64_t p, r, N; size_t saltlen; size_t keylen = 0; - int rv = 0; + int t, rv = 0; SCRYPT_PARAMS *sparam = NULL; - if (EVP_CIPHER_CTX_cipher(ctx) == NULL) { - EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_NO_CIPHER_SET); + if (EVP_CIPHER_CTX_get0_cipher(ctx) == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_NO_CIPHER_SET); goto err; } @@ -230,11 +230,16 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, sparam = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(SCRYPT_PARAMS), param); if (sparam == NULL) { - EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, EVP_R_DECODE_ERROR); + ERR_raise(ERR_LIB_EVP, EVP_R_DECODE_ERROR); goto err; } - keylen = EVP_CIPHER_CTX_key_length(ctx); + t = EVP_CIPHER_CTX_get_key_length(ctx); + if (t < 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); + goto err; + } + keylen = t; /* Now check the parameters of sparam */ @@ -242,8 +247,7 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, uint64_t spkeylen; if ((ASN1_INTEGER_get_uint64(&spkeylen, sparam->keyLength) == 0) || (spkeylen != keylen)) { - EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, - EVP_R_UNSUPPORTED_KEYLENGTH); + ERR_raise(ERR_LIB_EVP, EVP_R_UNSUPPORTED_KEYLENGTH); goto err; } } @@ -251,9 +255,9 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, if (ASN1_INTEGER_get_uint64(&N, sparam->costParameter) == 0 || ASN1_INTEGER_get_uint64(&r, sparam->blockSize) == 0 || ASN1_INTEGER_get_uint64(&p, sparam->parallelizationParameter) == 0 - || EVP_PBE_scrypt(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0) == 0) { - EVPerr(EVP_F_PKCS5_V2_SCRYPT_KEYIVGEN, - EVP_R_ILLEGAL_SCRYPT_PARAMETERS); + || EVP_PBE_scrypt_ex(NULL, 0, NULL, 0, N, r, p, 0, NULL, 0, + libctx, propq) == 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_ILLEGAL_SCRYPT_PARAMETERS); goto err; } @@ -261,8 +265,8 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, salt = sparam->salt->data; saltlen = sparam->salt->length; - if (EVP_PBE_scrypt(pass, passlen, salt, saltlen, N, r, p, 0, key, keylen) - == 0) + if (EVP_PBE_scrypt_ex(pass, passlen, salt, saltlen, N, r, p, 0, key, + keylen, libctx, propq) == 0) goto err; rv = EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); err: @@ -271,4 +275,12 @@ int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, SCRYPT_PARAMS_free(sparam); return rv; } + +int PKCS5_v2_scrypt_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, + int passlen, ASN1_TYPE *param, + const EVP_CIPHER *c, const EVP_MD *md, int en_de) +{ + return PKCS5_v2_scrypt_keyivgen_ex(ctx, pass, passlen, param, c, md, en_de, NULL, NULL); +} + #endif /* OPENSSL_NO_SCRYPT */ diff --git a/crypto/asn1/p8_pkey.c b/crypto/asn1/p8_pkey.c index ab509b1ac976..dee188519c22 100644 --- a/crypto/asn1/p8_pkey.c +++ b/crypto/asn1/p8_pkey.c @@ -1,7 +1,7 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -78,3 +78,14 @@ int PKCS8_pkey_add1_attr_by_NID(PKCS8_PRIV_KEY_INFO *p8, int nid, int type, return 1; return 0; } + +int PKCS8_pkey_add1_attr_by_OBJ(PKCS8_PRIV_KEY_INFO *p8, const ASN1_OBJECT *obj, int type, + const unsigned char *bytes, int len) +{ + return (X509at_add1_attr_by_OBJ(&p8->attributes, obj, type, bytes, len) != NULL); +} + +int PKCS8_pkey_add1_attr(PKCS8_PRIV_KEY_INFO *p8, X509_ATTRIBUTE *attr) +{ + return (X509at_add1_attr(&p8->attributes, attr) != NULL); +} diff --git a/crypto/asn1/standard_methods.h b/crypto/asn1/standard_methods.h index e74de55ffeb6..0b0c7ef6864f 100644 --- a/crypto/asn1/standard_methods.h +++ b/crypto/asn1/standard_methods.h @@ -1,7 +1,7 @@ /* - * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2006-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -13,49 +13,35 @@ * is used to search it. */ static const EVP_PKEY_ASN1_METHOD *standard_methods[] = { -#ifndef OPENSSL_NO_RSA - &rsa_asn1_meths[0], - &rsa_asn1_meths[1], -#endif + &ossl_rsa_asn1_meths[0], + &ossl_rsa_asn1_meths[1], #ifndef OPENSSL_NO_DH - &dh_asn1_meth, + &ossl_dh_asn1_meth, #endif #ifndef OPENSSL_NO_DSA - &dsa_asn1_meths[0], - &dsa_asn1_meths[1], - &dsa_asn1_meths[2], - &dsa_asn1_meths[3], - &dsa_asn1_meths[4], + &ossl_dsa_asn1_meths[0], + &ossl_dsa_asn1_meths[1], + &ossl_dsa_asn1_meths[2], + &ossl_dsa_asn1_meths[3], + &ossl_dsa_asn1_meths[4], #endif #ifndef OPENSSL_NO_EC - &eckey_asn1_meth, -#endif - &hmac_asn1_meth, -#ifndef OPENSSL_NO_CMAC - &cmac_asn1_meth, -#endif -#ifndef OPENSSL_NO_RSA - &rsa_pss_asn1_meth, + &ossl_eckey_asn1_meth, #endif + &ossl_rsa_pss_asn1_meth, #ifndef OPENSSL_NO_DH - &dhx_asn1_meth, + &ossl_dhx_asn1_meth, #endif #ifndef OPENSSL_NO_EC - &ecx25519_asn1_meth, - &ecx448_asn1_meth, -#endif -#ifndef OPENSSL_NO_POLY1305 - &poly1305_asn1_meth, -#endif -#ifndef OPENSSL_NO_SIPHASH - &siphash_asn1_meth, + &ossl_ecx25519_asn1_meth, + &ossl_ecx448_asn1_meth, #endif #ifndef OPENSSL_NO_EC - &ed25519_asn1_meth, - &ed448_asn1_meth, + &ossl_ed25519_asn1_meth, + &ossl_ed448_asn1_meth, #endif #ifndef OPENSSL_NO_SM2 - &sm2_asn1_meth, + &ossl_sm2_asn1_meth, #endif }; diff --git a/crypto/asn1/t_bitst.c b/crypto/asn1/t_bitst.c index c0aeca4c78cc..e7b817f78e15 100644 --- a/crypto/asn1/t_bitst.c +++ b/crypto/asn1/t_bitst.c @@ -1,7 +1,7 @@ /* * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/t_pkey.c b/crypto/asn1/t_pkey.c index 651622aedc8f..03579c877cfc 100644 --- a/crypto/asn1/t_pkey.c +++ b/crypto/asn1/t_pkey.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/t_spki.c b/crypto/asn1/t_spki.c index 3d4aea8ad9a4..0397f1f9ee50 100644 --- a/crypto/asn1/t_spki.c +++ b/crypto/asn1/t_spki.c @@ -1,7 +1,7 @@ /* * Copyright 1999-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -30,7 +30,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) BIO_printf(out, " Public Key Algorithm: %s\n", (i == NID_undef) ? "UNKNOWN" : OBJ_nid2ln(i)); pkey = X509_PUBKEY_get(spki->spkac->pubkey); - if (!pkey) + if (pkey == NULL) BIO_printf(out, " Unable to load public key\n"); else { EVP_PKEY_print_public(out, pkey, 4, NULL); diff --git a/crypto/asn1/tasn_dec.c b/crypto/asn1/tasn_dec.c index 82577b1edefe..11198087a57b 100644 --- a/crypto/asn1/tasn_dec.c +++ b/crypto/asn1/tasn_dec.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -17,7 +17,6 @@ #include "internal/numbers.h" #include "asn1_local.h" - /* * Constructed types with a recursive definition (such as can be found in PKCS7) * could eventually exceed the stack given malicious input with excessive @@ -29,7 +28,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth); + int depth, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_check_eoc(const unsigned char **in, long len); static int asn1_find_end(const unsigned char **in, long len, char inf); @@ -47,11 +47,13 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, static int asn1_template_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth); + ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth); + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq); static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, @@ -67,7 +69,7 @@ static const unsigned long tag2bit[32] = { /* tags 4- 7 */ B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN, /* tags 8-11 */ - B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, + B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, 0, B_ASN1_UNKNOWN, /* tags 12-15 */ B_ASN1_UTF8STRING, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, /* tags 16-19 */ @@ -91,9 +93,9 @@ unsigned long ASN1_tag2bit(int tag) /* Macro to initialize and invalidate the cache */ -#define asn1_tlc_clear(c) if (c) (c)->valid = 0 +#define asn1_tlc_clear(c) do { if ((c) != NULL) (c)->valid = 0; } while (0) /* Version to avoid compiler warning about 'c' always non-NULL */ -#define asn1_tlc_clear_nc(c) (c)->valid = 0 +#define asn1_tlc_clear_nc(c) do {(c)->valid = 0; } while (0) /* * Decode an ASN1 item, this currently behaves just like a standard 'd2i' @@ -102,29 +104,54 @@ unsigned long ASN1_tag2bit(int tag) * this will simply be a special case. */ -ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, - const unsigned char **in, long len, - const ASN1_ITEM *it) +static int asn1_item_ex_d2i_intern(ASN1_VALUE **pval, const unsigned char **in, + long len, const ASN1_ITEM *it, int tag, + int aclass, char opt, ASN1_TLC *ctx, + OSSL_LIB_CTX *libctx, const char *propq) +{ + int rv; + + if (pval == NULL || it == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0, + libctx, propq); + if (rv <= 0) + ASN1_item_ex_free(pval, it); + return rv; +} + +int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, + const ASN1_ITEM *it, + int tag, int aclass, char opt, ASN1_TLC *ctx) +{ + return asn1_item_ex_d2i_intern(pval, in, len, it, tag, aclass, opt, ctx, + NULL, NULL); +} + +ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq) { ASN1_TLC c; ASN1_VALUE *ptmpval = NULL; - if (!pval) + + if (pval == NULL) pval = &ptmpval; asn1_tlc_clear_nc(&c); - if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0) + if (asn1_item_ex_d2i_intern(pval, in, len, it, -1, 0, 0, &c, libctx, + propq) > 0) return *pval; return NULL; } -int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, - const ASN1_ITEM *it, - int tag, int aclass, char opt, ASN1_TLC *ctx) +ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval, + const unsigned char **in, long len, + const ASN1_ITEM *it) { - int rv; - rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0); - if (rv <= 0) - ASN1_item_ex_free(pval, it); - return rv; + return ASN1_item_d2i_ex(pval, in, len, it, NULL, NULL); } /* @@ -135,11 +162,12 @@ int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, long len, const ASN1_ITEM *it, int tag, int aclass, char opt, ASN1_TLC *ctx, - int depth) + int depth, OSSL_LIB_CTX *libctx, + const char *propq) { const ASN1_TEMPLATE *tt, *errtt = NULL; const ASN1_EXTERN_FUNCS *ef; - const ASN1_AUX *aux = it->funcs; + const ASN1_AUX *aux; ASN1_aux_cb *asn1_cb; const unsigned char *p = NULL, *q; unsigned char oclass; @@ -149,15 +177,23 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, int otag; int ret = 0; ASN1_VALUE **pchptr; - if (!pval) + + if (pval == NULL || it == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER); return 0; + } + if (len <= 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); + return 0; + } + aux = it->funcs; if (aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; else asn1_cb = 0; if (++depth > ASN1_MAX_CONSTRUCTED_NEST) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NESTED_TOO_DEEP); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NESTED_TOO_DEEP); goto err; } @@ -171,12 +207,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, * template in the template itself. */ if ((tag != -1) || opt) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, - ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); + ERR_raise(ERR_LIB_ASN1, + ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE); goto err; } - return asn1_template_ex_d2i(pval, in, len, - it->templates, opt, ctx, depth); + return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx, + depth, libctx, propq); } return asn1_d2i_ex_primitive(pval, in, len, it, tag, aclass, opt, ctx); @@ -187,7 +223,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, * if tag != -1, then this looks like an error in the template. */ if (tag != -1) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); goto err; } @@ -196,7 +232,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL, &p, len, -1, 0, 1, ctx); if (!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -205,7 +241,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, /* If OPTIONAL, assume this is OK */ if (opt) return -1; - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_NOT_UNIVERSAL); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL); goto err; } @@ -214,7 +250,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, /* If OPTIONAL, assume this is OK */ if (opt) return -1; - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MSTRING_WRONG_TAG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MSTRING_WRONG_TAG); goto err; } return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx); @@ -222,6 +258,9 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, case ASN1_ITYPE_EXTERN: /* Use new style d2i */ ef = it->funcs; + if (ef->asn1_ex_d2i_ex != NULL) + return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx, + libctx, propq); return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx); case ASN1_ITYPE_CHOICE: @@ -230,7 +269,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, * if tag != -1, then this looks like an error in the template. */ if (tag != -1) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_BAD_TEMPLATE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); goto err; } @@ -238,25 +277,26 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, goto auxerr; if (*pval) { /* Free up and zero CHOICE value if initialised */ - i = asn1_get_choice_selector(pval, it); + i = ossl_asn1_get_choice_selector(pval, it); if ((i >= 0) && (i < it->tcount)) { tt = it->templates + i; - pchptr = asn1_get_field_ptr(pval, tt); - asn1_template_free(pchptr, tt); - asn1_set_choice_selector(pval, -1, it); + pchptr = ossl_asn1_get_field_ptr(pval, tt); + ossl_asn1_template_free(pchptr, tt); + ossl_asn1_set_choice_selector(pval, -1, it); } - } else if (!ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); + } else if (!ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } /* CHOICE type, try each possibility in turn */ p = *in; for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { - pchptr = asn1_get_field_ptr(pval, tt); + pchptr = ossl_asn1_get_field_ptr(pval, tt); /* * We mark field as OPTIONAL so its absence can be recognised. */ - ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth); + ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth, + libctx, propq); /* If field not present, try the next one */ if (ret == -1) continue; @@ -267,9 +307,9 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, * Must be an ASN1 parsing error. * Free up any partial choice value */ - asn1_template_free(pchptr, tt); + ossl_asn1_template_free(pchptr, tt); errtt = tt; - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -281,11 +321,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ASN1_item_ex_free(pval, it); return -1; } - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_NO_MATCHING_CHOICE_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE); goto err; } - asn1_set_choice_selector(pval, i, it); + ossl_asn1_set_choice_selector(pval, i, it); if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; @@ -306,7 +346,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst, &p, len, tag, aclass, opt, ctx); if (!ret) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } else if (ret == -1) return -1; @@ -318,12 +358,13 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, else seq_nolen = seq_eoc; if (!cst) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED); goto err; } - if (!*pval && !ASN1_item_ex_new(pval, it)) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ERR_R_NESTED_ASN1_ERROR); + if (*pval == NULL + && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) { + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } @@ -335,11 +376,11 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, if (tt->flags & ASN1_TFLG_ADB_MASK) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; - seqtt = asn1_do_adb(pval, tt, 0); + seqtt = ossl_asn1_do_adb(*pval, tt, 0); if (seqtt == NULL) continue; - pseqval = asn1_get_field_ptr(pval, seqtt); - asn1_template_free(pseqval, seqtt); + pseqval = ossl_asn1_get_field_ptr(pval, seqtt); + ossl_asn1_template_free(pseqval, seqtt); } } @@ -347,22 +388,21 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; ASN1_VALUE **pseqval; - seqtt = asn1_do_adb(pval, tt, 1); + seqtt = ossl_asn1_do_adb(*pval, tt, 1); if (seqtt == NULL) goto err; - pseqval = asn1_get_field_ptr(pval, seqtt); + pseqval = ossl_asn1_get_field_ptr(pval, seqtt); /* Have we ran out of data? */ if (!len) break; q = p; if (asn1_check_eoc(&p, len)) { if (!seq_eoc) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_UNEXPECTED_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); goto err; } len -= p - q; seq_eoc = 0; - q = p; break; } /* @@ -380,7 +420,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, */ ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx, - depth); + depth, libctx, propq); if (!ret) { errtt = seqtt; goto err; @@ -388,7 +428,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, /* * OPTIONAL component absent. Free and zero the field. */ - asn1_template_free(pseqval, seqtt); + ossl_asn1_template_free(pseqval, seqtt); continue; } /* Update length */ @@ -397,12 +437,12 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, /* Check for EOC if expecting one */ if (seq_eoc && !asn1_check_eoc(&p, len)) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_MISSING_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); goto err; } /* Check all data read */ if (!seq_nolen && len) { - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_SEQUENCE_LENGTH_MISMATCH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH); goto err; } @@ -413,21 +453,21 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, */ for (; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; - seqtt = asn1_do_adb(pval, tt, 1); + seqtt = ossl_asn1_do_adb(*pval, tt, 1); if (seqtt == NULL) goto err; if (seqtt->flags & ASN1_TFLG_OPTIONAL) { ASN1_VALUE **pseqval; - pseqval = asn1_get_field_ptr(pval, seqtt); - asn1_template_free(pseqval, seqtt); + pseqval = ossl_asn1_get_field_ptr(pval, seqtt); + ossl_asn1_template_free(pseqval, seqtt); } else { errtt = seqtt; - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_FIELD_MISSING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_FIELD_MISSING); goto err; } } /* Save encoding */ - if (!asn1_enc_save(pval, *in, p - *in, it)) + if (!ossl_asn1_enc_save(pval, *in, p - *in, it)) goto auxerr; if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL)) goto auxerr; @@ -438,7 +478,7 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, return 0; } auxerr: - ASN1err(ASN1_F_ASN1_ITEM_EMBED_D2I, ASN1_R_AUX_ERROR); + ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR); err: if (errtt) ERR_add_error_data(4, "Field=", errtt->field_name, @@ -456,7 +496,8 @@ static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in, static int asn1_template_ex_d2i(ASN1_VALUE **val, const unsigned char **in, long inlen, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth) + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq) { int flags, aclass; int ret; @@ -481,19 +522,19 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, &p, inlen, tt->tag, aclass, opt, ctx); q = p; if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } else if (ret == -1) return -1; if (!cst) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, - ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED); return 0; } /* We've found the field so it can't be OPTIONAL now */ - ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth); + ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth, libctx, + propq); if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } /* We read the field in OK so update length */ @@ -501,7 +542,7 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, if (exp_eoc) { /* If NDEF we must have an EOC here */ if (!asn1_check_eoc(&p, len)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, ASN1_R_MISSING_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); goto err; } } else { @@ -509,13 +550,13 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, * Otherwise we must hit the EXPLICIT tag end or its an error */ if (len) { - ASN1err(ASN1_F_ASN1_TEMPLATE_EX_D2I, - ASN1_R_EXPLICIT_LENGTH_MISMATCH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH); goto err; } } } else - return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth); + return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth, + libctx, propq); *in = p; return 1; @@ -527,7 +568,8 @@ static int asn1_template_ex_d2i(ASN1_VALUE **val, static int asn1_template_noexp_d2i(ASN1_VALUE **val, const unsigned char **in, long len, const ASN1_TEMPLATE *tt, char opt, - ASN1_TLC *ctx, int depth) + ASN1_TLC *ctx, int depth, + OSSL_LIB_CTX *libctx, const char *propq) { int flags, aclass; int ret; @@ -539,7 +581,6 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, aclass = flags & ASN1_TFLG_TAG_CLASS; p = *in; - q = p; /* * If field is embedded then val needs fixing so it is a pointer to @@ -569,11 +610,11 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL, &p, len, sktag, skaclass, opt, ctx); if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } else if (ret == -1) return -1; - if (!*val) + if (*val == NULL) *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null(); else { /* @@ -587,8 +628,8 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, } } - if (!*val) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); + if (*val == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } @@ -599,8 +640,7 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, /* See if EOC found */ if (asn1_check_eoc(&p, len)) { if (!sk_eoc) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, - ASN1_R_UNEXPECTED_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); goto err; } len -= p - q; @@ -608,42 +648,41 @@ static int asn1_template_noexp_d2i(ASN1_VALUE **val, break; } skfield = NULL; - if (!asn1_item_embed_d2i(&skfield, &p, len, + if (asn1_item_embed_d2i(&skfield, &p, len, ASN1_ITEM_ptr(tt->item), -1, 0, 0, ctx, - depth)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, - ERR_R_NESTED_ASN1_ERROR); + depth, libctx, propq) <= 0) { + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); /* |skfield| may be partially allocated despite failure. */ ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); goto err; } len -= p - q; if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)); goto err; } } if (sk_eoc) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ASN1_R_MISSING_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); goto err; } } else if (flags & ASN1_TFLG_IMPTAG) { /* IMPLICIT tagging */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, - ctx, depth); + ctx, depth, libctx, propq); if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } else if (ret == -1) return -1; } else { /* Nothing special */ ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item), - -1, 0, opt, ctx, depth); + -1, 0, opt, ctx, depth, libctx, propq); if (!ret) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NOEXP_D2I, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); goto err; } else if (ret == -1) return -1; @@ -668,8 +707,9 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, BUF_MEM buf = { 0, NULL, 0, 0 }; const unsigned char *cont = NULL; long len; - if (!pval) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_NULL); + + if (pval == NULL) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL); return 0; /* Should never happen */ } @@ -683,19 +723,18 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, /* If type is ANY need to figure out type from tag */ unsigned char oclass; if (tag >= 0) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_ILLEGAL_TAGGED_ANY); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_TAGGED_ANY); return 0; } if (opt) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, - ASN1_R_ILLEGAL_OPTIONAL_ANY); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY); return 0; } p = *in; ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL, &p, inlen, -1, 0, 0, ctx); if (!ret) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } if (oclass != V_ASN1_UNIVERSAL) @@ -710,7 +749,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst, &p, inlen, tag, aclass, opt, ctx); if (!ret) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } else if (ret == -1) return -1; @@ -727,8 +766,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, } /* SEQUENCE and SET must be constructed */ else if (!cst) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, - ASN1_R_TYPE_NOT_CONSTRUCTED); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED); return 0; } @@ -746,7 +784,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER || utype == V_ASN1_ENUMERATED) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ASN1_R_TYPE_NOT_PRIMITIVE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TYPE_NOT_PRIMITIVE); return 0; } @@ -764,7 +802,7 @@ static int asn1_d2i_ex_primitive(ASN1_VALUE **pval, len = buf.length; /* Append a final null to string */ if (!BUF_MEM_grow_clean(&buf, len + 1)) { - ASN1err(ASN1_F_ASN1_D2I_EX_PRIMITIVE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } buf.data[len] = 0; @@ -805,7 +843,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return pf->prim_c2i(pval, cont, len, utype, free_cont, it); /* If ANY type clear type and set pointer to internal value */ if (it->utype == V_ASN1_ANY) { - if (!*pval) { + if (*pval == NULL) { typ = ASN1_TYPE_new(); if (typ == NULL) goto err; @@ -820,13 +858,13 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } switch (utype) { case V_ASN1_OBJECT: - if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) + if (!ossl_c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len)) goto err; break; case V_ASN1_NULL: if (len) { - ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_NULL_IS_WRONG_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NULL_IS_WRONG_LENGTH); goto err; } *pval = (ASN1_VALUE *)1; @@ -834,7 +872,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, case V_ASN1_BOOLEAN: if (len != 1) { - ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH); goto err; } else { ASN1_BOOLEAN *tbool; @@ -844,14 +882,14 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, break; case V_ASN1_BIT_STRING: - if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) + if (!ossl_c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len)) goto err; break; case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: tint = (ASN1_INTEGER **)pval; - if (!c2i_ASN1_INTEGER(tint, &cont, len)) + if (!ossl_c2i_ASN1_INTEGER(tint, &cont, len)) goto err; /* Fixup type to match the expected form */ (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG); @@ -876,19 +914,18 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, case V_ASN1_SEQUENCE: default: if (utype == V_ASN1_BMPSTRING && (len & 1)) { - ASN1err(ASN1_F_ASN1_EX_C2I, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH); goto err; } if (utype == V_ASN1_UNIVERSALSTRING && (len & 3)) { - ASN1err(ASN1_F_ASN1_EX_C2I, - ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH); goto err; } /* All based on ASN1_STRING and handled the same */ - if (!*pval) { + if (*pval == NULL) { stmp = ASN1_STRING_type_new(utype); if (stmp == NULL) { - ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); goto err; } *pval = (ASN1_VALUE *)stmp; @@ -904,7 +941,7 @@ static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, *free_cont = 0; } else { if (!ASN1_STRING_set(stmp, cont, len)) { - ASN1err(ASN1_F_ASN1_EX_C2I, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); ASN1_STRING_free(stmp); *pval = NULL; goto err; @@ -962,12 +999,12 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) /* Just read in a header: only care about the length */ if (!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len, -1, 0, 0, NULL)) { - ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } if (inf) { if (expected_eoc == UINT32_MAX) { - ASN1err(ASN1_F_ASN1_FIND_END, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } expected_eoc++; @@ -977,7 +1014,7 @@ static int asn1_find_end(const unsigned char **in, long len, char inf) len -= p - q; } if (expected_eoc) { - ASN1err(ASN1_F_ASN1_FIND_END, ASN1_R_MISSING_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); return 0; } *in = p; @@ -1024,7 +1061,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, * EOC is illegal outside indefinite length constructed form */ if (!inf) { - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_UNEXPECTED_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC); return 0; } inf = 0; @@ -1033,14 +1070,14 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p, len, tag, aclass, 0, NULL)) { - ASN1err(ASN1_F_ASN1_COLLECT, ERR_R_NESTED_ASN1_ERROR); + ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR); return 0; } /* If indefinite length constructed update max length */ if (cst) { if (depth >= ASN1_MAX_STRING_NEST) { - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_NESTED_ASN1_STRING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_NESTED_ASN1_STRING); return 0; } if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1)) @@ -1050,7 +1087,7 @@ static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len, len -= p - q; } if (inf) { - ASN1err(ASN1_F_ASN1_COLLECT, ASN1_R_MISSING_EOC); + ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC); return 0; } *in = p; @@ -1063,7 +1100,7 @@ static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) if (buf) { len = buf->length; if (!BUF_MEM_grow_clean(buf, len + plen)) { - ASN1err(ASN1_F_COLLECT_DATA, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } memcpy(buf->data + len, *p, plen); @@ -1077,10 +1114,11 @@ static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen) static int asn1_check_eoc(const unsigned char **in, long len) { const unsigned char *p; + if (len < 2) return 0; p = *in; - if (!p[0] && !p[1]) { + if (p[0] == '\0' && p[1] == '\0') { *in += 2; return 1; } @@ -1106,7 +1144,11 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, p = *in; q = p; - if (ctx && ctx->valid) { + if (len <= 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); + goto err; + } + if (ctx != NULL && ctx->valid) { i = ctx->ret; plen = ctx->plen; pclass = ctx->pclass; @@ -1114,7 +1156,7 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, p += ctx->hdrlen; } else { i = ASN1_get_object(&p, &plen, &ptag, &pclass, len); - if (ctx) { + if (ctx != NULL) { ctx->ret = i; ctx->plen = plen; ctx->pclass = pclass; @@ -1125,29 +1167,26 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, * If definite length, and no error, length + header can't exceed * total amount of data available. */ - if (!(i & 0x81) && ((plen + ctx->hdrlen) > len)) { - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_TOO_LONG); - asn1_tlc_clear(ctx); - return 0; + if ((i & 0x81) == 0 && (plen + ctx->hdrlen) > len) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG); + goto err; } } } - if (i & 0x80) { - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_BAD_OBJECT_HEADER); - asn1_tlc_clear(ctx); - return 0; + if ((i & 0x80) != 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_OBJECT_HEADER); + goto err; } if (exptag >= 0) { - if ((exptag != ptag) || (expclass != pclass)) { + if (exptag != ptag || expclass != pclass) { /* * If type is OPTIONAL, not an error: indicate missing type. */ - if (opt) + if (opt != 0) return -1; - asn1_tlc_clear(ctx); - ASN1err(ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG); - return 0; + ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_TAG); + goto err; } /* * We have a tag and class match: assume we are going to do something @@ -1156,24 +1195,28 @@ static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass, asn1_tlc_clear(ctx); } - if (i & 1) + if ((i & 1) != 0) plen = len - (p - q); - if (inf) + if (inf != NULL) *inf = i & 1; - if (cst) + if (cst != NULL) *cst = i & V_ASN1_CONSTRUCTED; - if (olen) + if (olen != NULL) *olen = plen; - if (oclass) + if (oclass != NULL) *oclass = pclass; - if (otag) + if (otag != NULL) *otag = ptag; *in = p; return 1; + + err: + asn1_tlc_clear(ctx); + return 0; } diff --git a/crypto/asn1/tasn_enc.c b/crypto/asn1/tasn_enc.c index bcc96337bca4..3ea18b0280dd 100644 --- a/crypto/asn1/tasn_enc.c +++ b/crypto/asn1/tasn_enc.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -16,16 +16,17 @@ #include "crypto/asn1.h" #include "asn1_local.h" -static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, +static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); -static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, +static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk, + unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort, int iclass); -static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, +static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int aclass); -static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, +static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it, int flags); -static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, +static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it); /* @@ -33,13 +34,13 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, * indefinite length constructed encoding, where appropriate */ -int ASN1_item_ndef_i2d(ASN1_VALUE *val, unsigned char **out, +int ASN1_item_ndef_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) { return asn1_item_flags_i2d(val, out, it, ASN1_TFLG_NDEF); } -int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) +int ASN1_item_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) { return asn1_item_flags_i2d(val, out, it, 0); } @@ -51,10 +52,10 @@ int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it) * allocated and populated with the encoding. */ -static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, +static int asn1_item_flags_i2d(const ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it, int flags) { - if (out && !*out) { + if (out != NULL && *out == NULL) { unsigned char *p, *buf; int len; @@ -62,7 +63,7 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, if (len <= 0) return len; if ((buf = OPENSSL_malloc(len)) == NULL) { - ASN1err(ASN1_F_ASN1_ITEM_FLAGS_I2D, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } p = buf; @@ -79,20 +80,22 @@ static int asn1_item_flags_i2d(ASN1_VALUE *val, unsigned char **out, * performs the normal item handling: it can be used in external types. */ -int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, +int ASN1_item_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) { const ASN1_TEMPLATE *tt = NULL; int i, seqcontlen, seqlen, ndef = 1; const ASN1_EXTERN_FUNCS *ef; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb = 0; + ASN1_aux_const_cb *asn1_cb = NULL; - if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) + if ((it->itype != ASN1_ITYPE_PRIMITIVE) && *pval == NULL) return 0; - if (aux && aux->asn1_cb) - asn1_cb = aux->asn1_cb; + if (aux != NULL) { + asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb + : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ + } switch (it->itype) { @@ -108,7 +111,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, * if tag != -1, then this looks like an error in the template. */ if (tag != -1) { - ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); return -1; } return asn1_i2d_ex_primitive(pval, out, it, -1, aclass); @@ -119,17 +122,17 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, * if tag != -1, then this looks like an error in the template. */ if (tag != -1) { - ASN1err(ASN1_F_ASN1_ITEM_EX_I2D, ASN1_R_BAD_TEMPLATE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE); return -1; } if (asn1_cb && !asn1_cb(ASN1_OP_I2D_PRE, pval, it, NULL)) return 0; - i = asn1_get_choice_selector(pval, it); + i = ossl_asn1_get_choice_selector_const(pval, it); if ((i >= 0) && (i < it->tcount)) { - ASN1_VALUE **pchval; + const ASN1_VALUE **pchval; const ASN1_TEMPLATE *chtt; chtt = it->templates + i; - pchval = asn1_get_field_ptr(pval, chtt); + pchval = ossl_asn1_get_const_field_ptr(pval, chtt); return asn1_template_ex_i2d(pchval, out, chtt, -1, aclass); } /* Fixme: error condition if selector out of range */ @@ -149,7 +152,7 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* fall through */ case ASN1_ITYPE_SEQUENCE: - i = asn1_enc_restore(&seqcontlen, out, pval, it); + i = ossl_asn1_enc_restore(&seqcontlen, out, pval, it); /* An error occurred */ if (i < 0) return 0; @@ -170,12 +173,12 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* First work out sequence content length */ for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; - ASN1_VALUE **pseqval; + const ASN1_VALUE **pseqval; int tmplen; - seqtt = asn1_do_adb(pval, tt, 1); + seqtt = ossl_asn1_do_adb(*pval, tt, 1); if (!seqtt) return 0; - pseqval = asn1_get_field_ptr(pval, seqtt); + pseqval = ossl_asn1_get_const_field_ptr(pval, seqtt); tmplen = asn1_template_ex_i2d(pseqval, NULL, seqtt, -1, aclass); if (tmplen == -1 || (tmplen > INT_MAX - seqcontlen)) return -1; @@ -189,11 +192,11 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, ASN1_put_object(out, ndef, seqcontlen, tag, aclass); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { const ASN1_TEMPLATE *seqtt; - ASN1_VALUE **pseqval; - seqtt = asn1_do_adb(pval, tt, 1); + const ASN1_VALUE **pseqval; + seqtt = ossl_asn1_do_adb(*pval, tt, 1); if (!seqtt) return 0; - pseqval = asn1_get_field_ptr(pval, seqtt); + pseqval = ossl_asn1_get_const_field_ptr(pval, seqtt); /* FIXME: check for errors in enhanced version */ asn1_template_ex_i2d(pseqval, out, seqtt, -1, aclass); } @@ -210,12 +213,12 @@ int ASN1_item_ex_i2d(ASN1_VALUE **pval, unsigned char **out, return 0; } -static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, +static int asn1_template_ex_i2d(const ASN1_VALUE **pval, unsigned char **out, const ASN1_TEMPLATE *tt, int tag, int iclass) { - int i, ret, flags, ttag, tclass, ndef; - ASN1_VALUE *tval; - flags = tt->flags; + const int flags = tt->flags; + int i, ret, ttag, tclass, ndef, len; + const ASN1_VALUE *tval; /* * If field is embedded then val needs fixing so it is a pointer to @@ -266,12 +269,12 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, if (flags & ASN1_TFLG_SK_MASK) { /* SET OF, SEQUENCE OF */ - STACK_OF(ASN1_VALUE) *sk = (STACK_OF(ASN1_VALUE) *)*pval; + STACK_OF(const_ASN1_VALUE) *sk = (STACK_OF(const_ASN1_VALUE) *)*pval; int isset, sktag, skaclass; int skcontlen, sklen; - ASN1_VALUE *skitem; + const ASN1_VALUE *skitem; - if (!*pval) + if (*pval == NULL) return 0; if (flags & ASN1_TFLG_SET_OF) { @@ -299,14 +302,17 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* Determine total length of items */ skcontlen = 0; - for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { - int tmplen; - skitem = sk_ASN1_VALUE_value(sk, i); - tmplen = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), - -1, iclass); - if (tmplen == -1 || (skcontlen > INT_MAX - tmplen)) + for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) { + skitem = sk_const_ASN1_VALUE_value(sk, i); + len = ASN1_item_ex_i2d(&skitem, NULL, ASN1_ITEM_ptr(tt->item), + -1, iclass); + if (len == -1 || (skcontlen > INT_MAX - len)) return -1; - skcontlen += tmplen; + if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); + return -1; + } + skcontlen += len; } sklen = ASN1_object_size(ndef, skcontlen, sktag); if (sklen == -1) @@ -342,8 +348,13 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, /* EXPLICIT tagging */ /* Find length of tagged item */ i = ASN1_item_ex_i2d(pval, NULL, ASN1_ITEM_ptr(tt->item), -1, iclass); - if (!i) + if (i == 0) { + if ((tt->flags & ASN1_TFLG_OPTIONAL) == 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); + return -1; + } return 0; + } /* Find length of EXPLICIT tag */ ret = ASN1_object_size(ndef, i, ttag); if (out && ret != -1) { @@ -357,9 +368,13 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, } /* Either normal or IMPLICIT tagging: combine class and flags */ - return ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), - ttag, tclass | iclass); - + len = ASN1_item_ex_i2d(pval, out, ASN1_ITEM_ptr(tt->item), + ttag, tclass | iclass); + if (len == 0 && (tt->flags & ASN1_TFLG_OPTIONAL) == 0) { + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT); + return -1; + } + return len; } /* Temporary structure used to hold DER encoding of items for SET OF */ @@ -367,7 +382,7 @@ static int asn1_template_ex_i2d(ASN1_VALUE **pval, unsigned char **out, typedef struct { unsigned char *data; int length; - ASN1_VALUE *field; + const ASN1_VALUE *field; } DER_ENC; static int der_cmp(const void *a, const void *b) @@ -383,34 +398,38 @@ static int der_cmp(const void *a, const void *b) /* Output the content octets of SET OF or SEQUENCE OF */ -static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, +static int asn1_set_seq_out(STACK_OF(const_ASN1_VALUE) *sk, + unsigned char **out, int skcontlen, const ASN1_ITEM *item, int do_sort, int iclass) { - int i; - ASN1_VALUE *skitem; + int i, ret = 0; + const ASN1_VALUE *skitem; unsigned char *tmpdat = NULL, *p = NULL; DER_ENC *derlst = NULL, *tder; + if (do_sort) { /* Don't need to sort less than 2 items */ - if (sk_ASN1_VALUE_num(sk) < 2) + if (sk_const_ASN1_VALUE_num(sk) < 2) do_sort = 0; else { - derlst = OPENSSL_malloc(sk_ASN1_VALUE_num(sk) + derlst = OPENSSL_malloc(sk_const_ASN1_VALUE_num(sk) * sizeof(*derlst)); - if (derlst == NULL) + if (derlst == NULL) { + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; + } tmpdat = OPENSSL_malloc(skcontlen); if (tmpdat == NULL) { - OPENSSL_free(derlst); - return 0; + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); + goto err; } } } /* If not sorting just output each item */ if (!do_sort) { - for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { - skitem = sk_ASN1_VALUE_value(sk, i); + for (i = 0; i < sk_const_ASN1_VALUE_num(sk); i++) { + skitem = sk_const_ASN1_VALUE_value(sk, i); ASN1_item_ex_i2d(&skitem, out, item, -1, iclass); } return 1; @@ -418,33 +437,35 @@ static int asn1_set_seq_out(STACK_OF(ASN1_VALUE) *sk, unsigned char **out, p = tmpdat; /* Doing sort: build up a list of each member's DER encoding */ - for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { - skitem = sk_ASN1_VALUE_value(sk, i); + for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) { + skitem = sk_const_ASN1_VALUE_value(sk, i); tder->data = p; tder->length = ASN1_item_ex_i2d(&skitem, &p, item, -1, iclass); tder->field = skitem; } /* Now sort them */ - qsort(derlst, sk_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); + qsort(derlst, sk_const_ASN1_VALUE_num(sk), sizeof(*derlst), der_cmp); /* Output sorted DER encoding */ p = *out; - for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) { + for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) { memcpy(p, tder->data, tder->length); p += tder->length; } *out = p; /* If do_sort is 2 then reorder the STACK */ if (do_sort == 2) { - for (i = 0, tder = derlst; i < sk_ASN1_VALUE_num(sk); i++, tder++) - (void)sk_ASN1_VALUE_set(sk, i, tder->field); + for (i = 0, tder = derlst; i < sk_const_ASN1_VALUE_num(sk); i++, tder++) + (void)sk_const_ASN1_VALUE_set(sk, i, tder->field); } + ret = 1; +err: OPENSSL_free(derlst); OPENSSL_free(tmpdat); - return 1; + return ret; } -static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, +static int asn1_i2d_ex_primitive(const ASN1_VALUE **pval, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) { int len; @@ -504,7 +525,7 @@ static int asn1_i2d_ex_primitive(ASN1_VALUE **pval, unsigned char **out, /* Produce content octets from a structure */ -static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, +static int asn1_ex_i2c(const ASN1_VALUE **pval, unsigned char *cout, int *putype, const ASN1_ITEM *it) { ASN1_BOOLEAN *tbool = NULL; @@ -522,7 +543,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, /* Should type be omitted? */ if ((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) { - if (!*pval) + if (*pval == NULL) return -1; } @@ -537,7 +558,7 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, typ = (ASN1_TYPE *)*pval; utype = typ->type; *putype = utype; - pval = &typ->value.asn1_value; + pval = (const ASN1_VALUE **)&typ->value.asn1_value; /* actually is const */ } else utype = *putype; @@ -574,15 +595,15 @@ static int asn1_ex_i2c(ASN1_VALUE **pval, unsigned char *cout, int *putype, break; case V_ASN1_BIT_STRING: - return i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, - cout ? &cout : NULL); + return ossl_i2c_ASN1_BIT_STRING((ASN1_BIT_STRING *)*pval, + cout ? &cout : NULL); case V_ASN1_INTEGER: case V_ASN1_ENUMERATED: /* * These are all have the same content format as ASN1_INTEGER */ - return i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); + return ossl_i2c_ASN1_INTEGER((ASN1_INTEGER *)*pval, cout ? &cout : NULL); case V_ASN1_OCTET_STRING: case V_ASN1_NUMERICSTRING: diff --git a/crypto/asn1/tasn_fre.c b/crypto/asn1/tasn_fre.c index 2916bef7863a..13aa6a728e2c 100644 --- a/crypto/asn1/tasn_fre.c +++ b/crypto/asn1/tasn_fre.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -17,15 +17,15 @@ void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it) { - asn1_item_embed_free(&val, it, 0); + ossl_asn1_item_embed_free(&val, it, 0); } void ASN1_item_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - asn1_item_embed_free(pval, it, 0); + ossl_asn1_item_embed_free(pval, it, 0); } -void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) +void ossl_asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) { const ASN1_TEMPLATE *tt = NULL, *seqtt; const ASN1_EXTERN_FUNCS *ef; @@ -33,9 +33,9 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) ASN1_aux_cb *asn1_cb; int i; - if (!pval) + if (pval == NULL) return; - if ((it->itype != ASN1_ITYPE_PRIMITIVE) && !*pval) + if ((it->itype != ASN1_ITYPE_PRIMITIVE) && *pval == NULL) return; if (aux && aux->asn1_cb) asn1_cb = aux->asn1_cb; @@ -46,13 +46,13 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) case ASN1_ITYPE_PRIMITIVE: if (it->templates) - asn1_template_free(pval, it->templates); + ossl_asn1_template_free(pval, it->templates); else - asn1_primitive_free(pval, it, embed); + ossl_asn1_primitive_free(pval, it, embed); break; case ASN1_ITYPE_MSTRING: - asn1_primitive_free(pval, it, embed); + ossl_asn1_primitive_free(pval, it, embed); break; case ASN1_ITYPE_CHOICE: @@ -61,13 +61,13 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) if (i == 2) return; } - i = asn1_get_choice_selector(pval, it); + i = ossl_asn1_get_choice_selector(pval, it); if ((i >= 0) && (i < it->tcount)) { ASN1_VALUE **pchval; tt = it->templates + i; - pchval = asn1_get_field_ptr(pval, tt); - asn1_template_free(pchval, tt); + pchval = ossl_asn1_get_field_ptr(pval, tt); + ossl_asn1_template_free(pchval, tt); } if (asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); @@ -85,14 +85,14 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) case ASN1_ITYPE_NDEF_SEQUENCE: case ASN1_ITYPE_SEQUENCE: - if (asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ + if (ossl_asn1_do_lock(pval, -1, it) != 0) /* if error or ref-counter > 0 */ return; if (asn1_cb) { i = asn1_cb(ASN1_OP_FREE_PRE, pval, it, NULL); if (i == 2) return; } - asn1_enc_free(pval, it); + ossl_asn1_enc_free(pval, it); /* * If we free up as normal we will invalidate any ANY DEFINED BY * field and we won't be able to determine the type of the field it @@ -103,11 +103,11 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) ASN1_VALUE **pseqval; tt--; - seqtt = asn1_do_adb(pval, tt, 0); + seqtt = ossl_asn1_do_adb(*pval, tt, 0); if (!seqtt) continue; - pseqval = asn1_get_field_ptr(pval, seqtt); - asn1_template_free(pseqval, seqtt); + pseqval = ossl_asn1_get_field_ptr(pval, seqtt); + ossl_asn1_template_free(pseqval, seqtt); } if (asn1_cb) asn1_cb(ASN1_OP_FREE_POST, pval, it, NULL); @@ -119,7 +119,7 @@ void asn1_item_embed_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) } } -void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +void ossl_asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { int embed = tt->flags & ASN1_TFLG_EMBED; ASN1_VALUE *tval; @@ -134,16 +134,16 @@ void asn1_template_free(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) for (i = 0; i < sk_ASN1_VALUE_num(sk); i++) { ASN1_VALUE *vtmp = sk_ASN1_VALUE_value(sk, i); - asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed); + ossl_asn1_item_embed_free(&vtmp, ASN1_ITEM_ptr(tt->item), embed); } sk_ASN1_VALUE_free(sk); *pval = NULL; } else { - asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed); + ossl_asn1_item_embed_free(pval, ASN1_ITEM_ptr(tt->item), embed); } } -void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) +void ossl_asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) { int utype; @@ -168,15 +168,15 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) utype = typ->type; pval = &typ->value.asn1_value; - if (!*pval) + if (*pval == NULL) return; } else if (it->itype == ASN1_ITYPE_MSTRING) { utype = -1; - if (!*pval) + if (*pval == NULL) return; } else { utype = it->utype; - if ((utype != V_ASN1_BOOLEAN) && !*pval) + if ((utype != V_ASN1_BOOLEAN) && *pval == NULL) return; } @@ -196,12 +196,12 @@ void asn1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) break; case V_ASN1_ANY: - asn1_primitive_free(pval, NULL, 0); + ossl_asn1_primitive_free(pval, NULL, 0); OPENSSL_free(*pval); break; default: - asn1_string_embed_free((ASN1_STRING *)*pval, embed); + ossl_asn1_string_embed_free((ASN1_STRING *)*pval, embed); break; } *pval = NULL; diff --git a/crypto/asn1/tasn_new.c b/crypto/asn1/tasn_new.c index 287f2af33b58..4b624bbdd4e5 100644 --- a/crypto/asn1/tasn_new.c +++ b/crypto/asn1/tasn_new.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -16,11 +16,13 @@ #include "asn1_local.h" static int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, - int embed); + int embed, OSSL_LIB_CTX *libctx, + const char *propq); static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed); static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); +static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + OSSL_LIB_CTX *libctx, const char *propq); static void asn1_template_clear(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt); static void asn1_primitive_clear(ASN1_VALUE **pval, const ASN1_ITEM *it); @@ -32,14 +34,31 @@ ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it) return NULL; } +ASN1_VALUE *ASN1_item_new_ex(const ASN1_ITEM *it, OSSL_LIB_CTX *libctx, + const char *propq) +{ + ASN1_VALUE *ret = NULL; + if (asn1_item_embed_new(&ret, it, 0, libctx, propq) > 0) + return ret; + return NULL; +} + /* Allocate an ASN1 structure */ + +int ossl_asn1_item_ex_new_intern(ASN1_VALUE **pval, const ASN1_ITEM *it, + OSSL_LIB_CTX *libctx, const char *propq) +{ + return asn1_item_embed_new(pval, it, 0, libctx, propq); +} + int ASN1_item_ex_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { - return asn1_item_embed_new(pval, it, 0); + return asn1_item_embed_new(pval, it, 0, NULL, NULL); } -int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) +int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed, + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_TEMPLATE *tt = NULL; const ASN1_EXTERN_FUNCS *ef; @@ -52,23 +71,24 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) else asn1_cb = 0; -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_push(it->sname ? it->sname : "asn1_item_embed_new"); -#endif - switch (it->itype) { case ASN1_ITYPE_EXTERN: ef = it->funcs; - if (ef && ef->asn1_ex_new) { - if (!ef->asn1_ex_new(pval, it)) - goto memerr; + if (ef != NULL) { + if (ef->asn1_ex_new_ex != NULL) { + if (!ef->asn1_ex_new_ex(pval, it, libctx, propq)) + goto memerr; + } else if (ef->asn1_ex_new != NULL) { + if (!ef->asn1_ex_new(pval, it)) + goto memerr; + } } break; case ASN1_ITYPE_PRIMITIVE: if (it->templates) { - if (!asn1_template_new(pval, it->templates)) + if (!asn1_template_new(pval, it->templates, libctx, propq)) goto memerr; } else if (!asn1_primitive_new(pval, it, embed)) goto memerr; @@ -85,9 +105,6 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) if (!i) goto auxerr; if (i == 2) { -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 1; } } @@ -98,7 +115,7 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) if (*pval == NULL) goto memerr; } - asn1_set_choice_selector(pval, -1, it); + ossl_asn1_set_choice_selector(pval, -1, it); if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr2; break; @@ -110,9 +127,6 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) if (!i) goto auxerr; if (i == 2) { -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 1; } } @@ -124,44 +138,35 @@ int asn1_item_embed_new(ASN1_VALUE **pval, const ASN1_ITEM *it, int embed) goto memerr; } /* 0 : init. lock */ - if (asn1_do_lock(pval, 0, it) < 0) { + if (ossl_asn1_do_lock(pval, 0, it) < 0) { if (!embed) { OPENSSL_free(*pval); *pval = NULL; } goto memerr; } - asn1_enc_init(pval, it); + ossl_asn1_enc_init(pval, it); for (i = 0, tt = it->templates; i < it->tcount; tt++, i++) { - pseqval = asn1_get_field_ptr(pval, tt); - if (!asn1_template_new(pseqval, tt)) + pseqval = ossl_asn1_get_field_ptr(pval, tt); + if (!asn1_template_new(pseqval, tt, libctx, propq)) goto memerr2; } if (asn1_cb && !asn1_cb(ASN1_OP_NEW_POST, pval, it, NULL)) goto auxerr2; break; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return 1; memerr2: - asn1_item_embed_free(pval, it, embed); + ossl_asn1_item_embed_free(pval, it, embed); memerr: - ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ERR_R_MALLOC_FAILURE); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; auxerr2: - asn1_item_embed_free(pval, it, embed); + ossl_asn1_item_embed_free(pval, it, embed); auxerr: - ASN1err(ASN1_F_ASN1_ITEM_EMBED_NEW, ASN1_R_AUX_ERROR); -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif + ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR); return 0; } @@ -199,7 +204,8 @@ static void asn1_item_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) } } -static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, + OSSL_LIB_CTX *libctx, const char *propq) { const ASN1_ITEM *it = ASN1_ITEM_ptr(tt->item); int embed = tt->flags & ASN1_TFLG_EMBED; @@ -219,16 +225,12 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) *pval = NULL; return 1; } -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_push(tt->field_name - ? tt->field_name : "asn1_template_new"); -#endif /* If SET OF or SEQUENCE OF, its a STACK */ if (tt->flags & ASN1_TFLG_SK_MASK) { STACK_OF(ASN1_VALUE) *skval; skval = sk_ASN1_VALUE_new_null(); if (!skval) { - ASN1err(ASN1_F_ASN1_TEMPLATE_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); ret = 0; goto done; } @@ -237,11 +239,8 @@ static int asn1_template_new(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) goto done; } /* Otherwise pass it back to the item routine */ - ret = asn1_item_embed_new(pval, it, embed); + ret = asn1_item_embed_new(pval, it, embed, libctx, propq); done: -#ifndef OPENSSL_NO_CRYPTO_MDEBUG - OPENSSL_mem_debug_pop(); -#endif return ret; } @@ -300,7 +299,7 @@ static int asn1_primitive_new(ASN1_VALUE **pval, const ASN1_ITEM *it, case V_ASN1_ANY: if ((typ = OPENSSL_malloc(sizeof(*typ))) == NULL) { - ASN1err(ASN1_F_ASN1_PRIMITIVE_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } typ->value.ptr = NULL; diff --git a/crypto/asn1/tasn_prn.c b/crypto/asn1/tasn_prn.c index 56d5ea0f39e3..7d8618e26c22 100644 --- a/crypto/asn1/tasn_prn.c +++ b/crypto/asn1/tasn_prn.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -38,7 +38,7 @@ ASN1_PCTX *ASN1_PCTX_new(void) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ASN1err(ASN1_F_ASN1_PCTX_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } return ret; @@ -101,15 +101,15 @@ void ASN1_PCTX_set_str_flags(ASN1_PCTX *p, unsigned long flags) /* Main print routines */ -static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, +static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, const ASN1_ITEM *it, const char *fname, const char *sname, int nohdr, const ASN1_PCTX *pctx); -static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, +static int asn1_template_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx); -static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, +static int asn1_primitive_print(BIO *out, const ASN1_VALUE **fld, const ASN1_ITEM *it, int indent, const char *fname, const char *sname, const ASN1_PCTX *pctx); @@ -118,7 +118,7 @@ static int asn1_print_fsname(BIO *out, int indent, const char *fname, const char *sname, const ASN1_PCTX *pctx); -int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, +int ASN1_item_print(BIO *out, const ASN1_VALUE *ifld, int indent, const ASN1_ITEM *it, const ASN1_PCTX *pctx) { const char *sname; @@ -131,25 +131,25 @@ int ASN1_item_print(BIO *out, ASN1_VALUE *ifld, int indent, return asn1_item_print_ctx(out, &ifld, indent, it, NULL, sname, 0, pctx); } -static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, +static int asn1_item_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, const ASN1_ITEM *it, const char *fname, const char *sname, int nohdr, const ASN1_PCTX *pctx) { const ASN1_TEMPLATE *tt; const ASN1_EXTERN_FUNCS *ef; - ASN1_VALUE **tmpfld; + const ASN1_VALUE **tmpfld; const ASN1_AUX *aux = it->funcs; - ASN1_aux_cb *asn1_cb; + ASN1_aux_const_cb *asn1_cb = NULL; ASN1_PRINT_ARG parg; int i; - if (aux && aux->asn1_cb) { + if (aux != NULL) { parg.out = out; parg.indent = indent; parg.pctx = pctx; - asn1_cb = aux->asn1_cb; - } else - asn1_cb = 0; + asn1_cb = ((aux->flags & ASN1_AFLG_CONST_CB) != 0) ? aux->asn1_const_cb + : (ASN1_aux_const_cb *)aux->asn1_cb; /* backward compatibility */ + } if (((it->itype != ASN1_ITYPE_PRIMITIVE) || (it->utype != V_ASN1_BOOLEAN)) && *fld == NULL) { @@ -195,7 +195,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, case ASN1_ITYPE_CHOICE: /* CHOICE type, get selector */ - i = asn1_get_choice_selector(fld, it); + i = ossl_asn1_get_choice_selector_const(fld, it); /* This should never happen... */ if ((i < 0) || (i >= it->tcount)) { if (BIO_printf(out, "ERROR: selector [%d] invalid\n", i) <= 0) @@ -203,7 +203,7 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, return 1; } tt = it->templates + i; - tmpfld = asn1_get_field_ptr(fld, tt); + tmpfld = ossl_asn1_get_const_field_ptr(fld, tt); if (!asn1_template_print_ctx(out, tmpfld, indent, tt, pctx)) return 0; break; @@ -233,10 +233,10 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, /* Print each field entry */ for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) { const ASN1_TEMPLATE *seqtt; - seqtt = asn1_do_adb(fld, tt, 1); + seqtt = ossl_asn1_do_adb(*fld, tt, 1); if (!seqtt) return 0; - tmpfld = asn1_get_field_ptr(fld, seqtt); + tmpfld = ossl_asn1_get_const_field_ptr(fld, seqtt); if (!asn1_template_print_ctx(out, tmpfld, indent + 2, seqtt, pctx)) return 0; @@ -261,12 +261,12 @@ static int asn1_item_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, return 1; } -static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, +static int asn1_template_print_ctx(BIO *out, const ASN1_VALUE **fld, int indent, const ASN1_TEMPLATE *tt, const ASN1_PCTX *pctx) { int i, flags; const char *sname, *fname; - ASN1_VALUE *tfld; + const ASN1_VALUE *tfld; flags = tt->flags; if (pctx->flags & ASN1_PCTX_FLAGS_SHOW_FIELD_STRUCT_NAME) sname = ASN1_ITEM_ptr(tt->item)->sname; @@ -282,14 +282,14 @@ static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, * a pointer to a field. */ if (flags & ASN1_TFLG_EMBED) { - tfld = (ASN1_VALUE *)fld; + tfld = (const ASN1_VALUE *)fld; fld = &tfld; } if (flags & ASN1_TFLG_SK_MASK) { char *tname; - ASN1_VALUE *skitem; - STACK_OF(ASN1_VALUE) *stack; + const ASN1_VALUE *skitem; + STACK_OF(const_ASN1_VALUE) *stack; /* SET OF, SEQUENCE OF */ if (fname) { @@ -304,12 +304,12 @@ static int asn1_template_print_ctx(BIO *out, ASN1_VALUE **fld, int indent, } else if (BIO_printf(out, "%*s%s:\n", indent, "", fname) <= 0) return 0; } - stack = (STACK_OF(ASN1_VALUE) *)*fld; - for (i = 0; i < sk_ASN1_VALUE_num(stack); i++) { + stack = (STACK_OF(const_ASN1_VALUE) *)*fld; + for (i = 0; i < sk_const_ASN1_VALUE_num(stack); i++) { if ((i > 0) && (BIO_puts(out, "\n") <= 0)) return 0; - skitem = sk_ASN1_VALUE_value(stack, i); + skitem = sk_const_ASN1_VALUE_value(stack, i); if (!asn1_item_print_ctx(out, &skitem, indent + 2, ASN1_ITEM_ptr(tt->item), NULL, NULL, 1, pctx)) @@ -430,7 +430,7 @@ static int asn1_print_obstring(BIO *out, const ASN1_STRING *str, int indent) return 1; } -static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, +static int asn1_primitive_print(BIO *out, const ASN1_VALUE **fld, const ASN1_ITEM *it, int indent, const char *fname, const char *sname, const ASN1_PCTX *pctx) @@ -456,9 +456,9 @@ static int asn1_primitive_print(BIO *out, ASN1_VALUE **fld, str = (ASN1_STRING *)*fld; } if (utype == V_ASN1_ANY) { - ASN1_TYPE *atype = (ASN1_TYPE *)*fld; + const ASN1_TYPE *atype = (const ASN1_TYPE *)*fld; utype = atype->type; - fld = &atype->value.asn1_value; + fld = (const ASN1_VALUE **)&atype->value.asn1_value; /* actually is const */ str = (ASN1_STRING *)*fld; if (pctx->flags & ASN1_PCTX_FLAGS_NO_ANY_TYPE) pname = NULL; diff --git a/crypto/asn1/tasn_scn.c b/crypto/asn1/tasn_scn.c index f0f218ae8bbe..bde697ee9925 100644 --- a/crypto/asn1/tasn_scn.c +++ b/crypto/asn1/tasn_scn.c @@ -1,7 +1,7 @@ /* - * Copyright 2010-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2010-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -27,7 +27,7 @@ ASN1_SCTX *ASN1_SCTX_new(int (*scan_cb) (ASN1_SCTX *ctx)) ASN1_SCTX *ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ASN1err(ASN1_F_ASN1_SCTX_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } ret->scan_cb = scan_cb; diff --git a/crypto/asn1/tasn_typ.c b/crypto/asn1/tasn_typ.c index 98d987901413..8095e32370fc 100644 --- a/crypto/asn1/tasn_typ.c +++ b/crypto/asn1/tasn_typ.c @@ -1,7 +1,7 @@ /* * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -80,5 +80,5 @@ ASN1_ITEM_TEMPLATE(ASN1_SET_ANY) = ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, ASN1_SET_ANY, ASN1_ANY) ASN1_ITEM_TEMPLATE_END(ASN1_SET_ANY) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) -IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) +IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname(ASN1_SEQUENCE_ANY, ASN1_SET_ANY, ASN1_SET_ANY) diff --git a/crypto/asn1/tasn_utl.c b/crypto/asn1/tasn_utl.c index a448685e19a9..e5f25d88df69 100644 --- a/crypto/asn1/tasn_utl.c +++ b/crypto/asn1/tasn_utl.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -26,9 +26,18 @@ * Given an ASN1_ITEM CHOICE type return the selector value */ -int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) +int ossl_asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) { int *sel = offset2ptr(*pval, it->utype); + + return *sel; +} + +int ossl_asn1_get_choice_selector_const(const ASN1_VALUE **pval, + const ASN1_ITEM *it) +{ + int *sel = offset2ptr(*pval, it->utype); + return *sel; } @@ -36,10 +45,11 @@ int asn1_get_choice_selector(ASN1_VALUE **pval, const ASN1_ITEM *it) * Given an ASN1_ITEM CHOICE type set the selector value, return old value. */ -int asn1_set_choice_selector(ASN1_VALUE **pval, int value, - const ASN1_ITEM *it) +int ossl_asn1_set_choice_selector(ASN1_VALUE **pval, int value, + const ASN1_ITEM *it) { int *sel, ret; + sel = offset2ptr(*pval, it->utype); ret = *sel; *sel = value; @@ -55,7 +65,7 @@ int asn1_set_choice_selector(ASN1_VALUE **pval, int value, * It returns -1 on initialisation error. * Used by ASN1_SEQUENCE construct of X509, X509_REQ, X509_CRL objects */ -int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) +int ossl_asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) { const ASN1_AUX *aux; CRYPTO_REF_COUNT *lck; @@ -66,7 +76,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) && (it->itype != ASN1_ITYPE_NDEF_SEQUENCE)) return 0; aux = it->funcs; - if (!aux || !(aux->flags & ASN1_AFLG_REFCOUNT)) + if (aux == NULL || (aux->flags & ASN1_AFLG_REFCOUNT) == 0) return 0; lck = offset2ptr(*pval, aux->ref_offset); lock = offset2ptr(*pval, aux->ref_lock); @@ -76,7 +86,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) *lck = ret = 1; *lock = CRYPTO_THREAD_lock_new(); if (*lock == NULL) { - ASN1err(ASN1_F_ASN1_DO_LOCK, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return -1; } break; @@ -87,9 +97,7 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) case -1: if (!CRYPTO_DOWN_REF(lck, &ret, *lock)) return -1; /* failed */ -#ifdef REF_PRINT - fprintf(stderr, "%p:%4d:%s\n", it, ret, it->sname); -#endif + REF_PRINT_EX(it->sname, ret, (void *)it); REF_ASSERT_ISNT(ret < 0); if (ret == 0) { CRYPTO_THREAD_lock_free(*lock); @@ -104,30 +112,44 @@ int asn1_do_lock(ASN1_VALUE **pval, int op, const ASN1_ITEM *it) static ASN1_ENCODING *asn1_get_enc_ptr(ASN1_VALUE **pval, const ASN1_ITEM *it) { const ASN1_AUX *aux; - if (!pval || !*pval) + + if (pval == NULL || *pval == NULL) + return NULL; + aux = it->funcs; + if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0) + return NULL; + return offset2ptr(*pval, aux->enc_offset); +} + +static const ASN1_ENCODING *asn1_get_const_enc_ptr(const ASN1_VALUE **pval, + const ASN1_ITEM *it) +{ + const ASN1_AUX *aux; + + if (pval == NULL || *pval == NULL) return NULL; aux = it->funcs; - if (!aux || !(aux->flags & ASN1_AFLG_ENCODING)) + if (aux == NULL || (aux->flags & ASN1_AFLG_ENCODING) == 0) return NULL; return offset2ptr(*pval, aux->enc_offset); } -void asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) +void ossl_asn1_enc_init(ASN1_VALUE **pval, const ASN1_ITEM *it) { - ASN1_ENCODING *enc; - enc = asn1_get_enc_ptr(pval, it); - if (enc) { + ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); + + if (enc != NULL) { enc->enc = NULL; enc->len = 0; enc->modified = 1; } } -void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) +void ossl_asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) { - ASN1_ENCODING *enc; - enc = asn1_get_enc_ptr(pval, it); - if (enc) { + ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); + + if (enc != NULL) { OPENSSL_free(enc->enc); enc->enc = NULL; enc->len = 0; @@ -135,17 +157,19 @@ void asn1_enc_free(ASN1_VALUE **pval, const ASN1_ITEM *it) } } -int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, - const ASN1_ITEM *it) +int ossl_asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, + const ASN1_ITEM *it) { - ASN1_ENCODING *enc; - enc = asn1_get_enc_ptr(pval, it); - if (!enc) + ASN1_ENCODING *enc = asn1_get_enc_ptr(pval, it); + + if (enc == NULL) return 1; OPENSSL_free(enc->enc); + if (inlen <= 0) + return 0; if ((enc->enc = OPENSSL_malloc(inlen)) == NULL) { - ASN1err(ASN1_F_ASN1_ENC_SAVE, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } memcpy(enc->enc, in, inlen); @@ -155,27 +179,27 @@ int asn1_enc_save(ASN1_VALUE **pval, const unsigned char *in, int inlen, return 1; } -int asn1_enc_restore(int *len, unsigned char **out, ASN1_VALUE **pval, - const ASN1_ITEM *it) +int ossl_asn1_enc_restore(int *len, unsigned char **out, const ASN1_VALUE **pval, + const ASN1_ITEM *it) { - ASN1_ENCODING *enc; - enc = asn1_get_enc_ptr(pval, it); - if (!enc || enc->modified) + const ASN1_ENCODING *enc = asn1_get_const_enc_ptr(pval, it); + + if (enc == NULL || enc->modified) return 0; if (out) { memcpy(*out, enc->enc, enc->len); *out += enc->len; } - if (len) + if (len != NULL) *len = enc->len; return 1; } /* Given an ASN1_TEMPLATE get a pointer to a field */ -ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) +ASN1_VALUE **ossl_asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) { - ASN1_VALUE **pvaltmp; - pvaltmp = offset2ptr(*pval, tt->offset); + ASN1_VALUE **pvaltmp = offset2ptr(*pval, tt->offset); + /* * NOTE for BOOLEAN types the field is just a plain int so we can't * return int **, so settle for (int *). @@ -183,31 +207,40 @@ ASN1_VALUE **asn1_get_field_ptr(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt) return pvaltmp; } +/* Given an ASN1_TEMPLATE get a const pointer to a field */ +const ASN1_VALUE **ossl_asn1_get_const_field_ptr(const ASN1_VALUE **pval, + const ASN1_TEMPLATE *tt) +{ + return offset2ptr(*pval, tt->offset); +} + /* * Handle ANY DEFINED BY template, find the selector, look up the relevant * ASN1_TEMPLATE in the table and return it. */ -const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, - int nullerr) +const ASN1_TEMPLATE *ossl_asn1_do_adb(const ASN1_VALUE *val, + const ASN1_TEMPLATE *tt, + int nullerr) { const ASN1_ADB *adb; const ASN1_ADB_TABLE *atbl; long selector; - ASN1_VALUE **sfld; + const ASN1_VALUE **sfld; int i; - if (!(tt->flags & ASN1_TFLG_ADB_MASK)) + + if ((tt->flags & ASN1_TFLG_ADB_MASK) == 0) return tt; /* Else ANY DEFINED BY ... get the table */ adb = ASN1_ADB_ptr(tt->item); /* Get the selector field */ - sfld = offset2ptr(*pval, adb->offset); + sfld = offset2ptr(val, adb->offset); /* Check if NULL */ if (*sfld == NULL) { - if (!adb->null_tt) + if (adb->null_tt == NULL) goto err; return adb->null_tt; } @@ -216,14 +249,14 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, * Convert type to a long: NB: don't check for NID_undef here because it * might be a legitimate value in the table */ - if (tt->flags & ASN1_TFLG_ADB_OID) + if ((tt->flags & ASN1_TFLG_ADB_OID) != 0) selector = OBJ_obj2nid((ASN1_OBJECT *)*sfld); else selector = ASN1_INTEGER_get((ASN1_INTEGER *)*sfld); /* Let application callback translate value */ if (adb->adb_cb != NULL && adb->adb_cb(&selector) == 0) { - ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); return NULL; } @@ -248,6 +281,6 @@ const ASN1_TEMPLATE *asn1_do_adb(ASN1_VALUE **pval, const ASN1_TEMPLATE *tt, err: /* FIXME: should log the value or OID of unsupported type */ if (nullerr) - ASN1err(ASN1_F_ASN1_DO_ADB, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE); return NULL; } diff --git a/crypto/asn1/tbl_standard.h b/crypto/asn1/tbl_standard.h index 777a73448246..3e8fe81eebdd 100644 --- a/crypto/asn1/tbl_standard.h +++ b/crypto/asn1/tbl_standard.h @@ -1,7 +1,7 @@ /* - * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -56,6 +56,7 @@ static const ASN1_STRING_TABLE tbl_standard[] = { {NID_SNILS, 1, 11, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, {NID_countryCode3c, 3, 3, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, {NID_countryCode3n, 3, 3, B_ASN1_NUMERICSTRING, STABLE_NO_MASK}, - {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK} + {NID_dnsName, 0, -1, B_ASN1_UTF8STRING, STABLE_NO_MASK}, + {NID_id_on_SmtpUTF8Mailbox, 1, ub_email_address, B_ASN1_UTF8STRING, STABLE_NO_MASK} }; diff --git a/crypto/asn1/x_algor.c b/crypto/asn1/x_algor.c index c9a8f1e9d1d4..c0a5f76803ee 100644 --- a/crypto/asn1/x_algor.c +++ b/crypto/asn1/x_algor.c @@ -1,7 +1,7 @@ /* - * Copyright 1998-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1998-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -11,6 +11,8 @@ #include <openssl/x509.h> #include <openssl/asn1.h> #include <openssl/asn1t.h> +#include <openssl/err.h> +#include "crypto/asn1.h" #include "crypto/evp.h" ASN1_SEQUENCE(X509_ALGOR) = { @@ -78,7 +80,7 @@ void X509_ALGOR_set_md(X509_ALGOR *alg, const EVP_MD *md) else param_type = V_ASN1_NULL; - X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_type(md)), param_type, NULL); + X509_ALGOR_set0(alg, OBJ_nid2obj(EVP_MD_get_type(md)), param_type, NULL); } @@ -96,7 +98,7 @@ int X509_ALGOR_cmp(const X509_ALGOR *a, const X509_ALGOR *b) int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) { if (src == NULL || dest == NULL) - return 0; + return 0; if (dest->algorithm) ASN1_OBJECT_free(dest->algorithm); @@ -108,9 +110,9 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) if (src->algorithm) if ((dest->algorithm = OBJ_dup(src->algorithm)) == NULL) - return 0; + return 0; - if (src->parameter) { + if (src->parameter != NULL) { dest->parameter = ASN1_TYPE_new(); if (dest->parameter == NULL) return 0; @@ -118,9 +120,71 @@ int X509_ALGOR_copy(X509_ALGOR *dest, const X509_ALGOR *src) /* Assuming this is also correct for a BOOL. * set does copy as a side effect. */ - if (ASN1_TYPE_set1(dest->parameter, - src->parameter->type, src->parameter->value.ptr) == 0) + if (ASN1_TYPE_set1(dest->parameter, src->parameter->type, + src->parameter->value.ptr) == 0) return 0; } + + return 1; +} + +/* allocate and set algorithm ID from EVP_MD, default SHA1 */ +int ossl_x509_algor_new_from_md(X509_ALGOR **palg, const EVP_MD *md) +{ + /* Default is SHA1 so no need to create it - still success */ + if (md == NULL || EVP_MD_is_a(md, "SHA1")) + return 1; + *palg = X509_ALGOR_new(); + if (*palg == NULL) + return 0; + X509_ALGOR_set_md(*palg, md); return 1; } + +/* convert algorithm ID to EVP_MD, default SHA1 */ +const EVP_MD *ossl_x509_algor_get_md(X509_ALGOR *alg) +{ + const EVP_MD *md; + + if (alg == NULL) + return EVP_sha1(); + md = EVP_get_digestbyobj(alg->algorithm); + if (md == NULL) + ERR_raise(ERR_LIB_ASN1, ASN1_R_UNKNOWN_DIGEST); + return md; +} + +X509_ALGOR *ossl_x509_algor_mgf1_decode(X509_ALGOR *alg) +{ + if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) + return NULL; + return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), + alg->parameter); +} + +/* Allocate and set MGF1 algorithm ID from EVP_MD */ +int ossl_x509_algor_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) +{ + X509_ALGOR *algtmp = NULL; + ASN1_STRING *stmp = NULL; + + *palg = NULL; + if (mgf1md == NULL || EVP_MD_is_a(mgf1md, "SHA1")) + return 1; + /* need to embed algorithm ID inside another */ + if (!ossl_x509_algor_new_from_md(&algtmp, mgf1md)) + goto err; + if (ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp) == NULL) + goto err; + *palg = X509_ALGOR_new(); + if (*palg == NULL) + goto err; + X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); + stmp = NULL; + err: + ASN1_STRING_free(stmp); + X509_ALGOR_free(algtmp); + if (*palg != NULL) + return 1; + return 0; +} diff --git a/crypto/asn1/x_bignum.c b/crypto/asn1/x_bignum.c index c6b3accd3a10..3ae58a49f0b2 100644 --- a/crypto/asn1/x_bignum.c +++ b/crypto/asn1/x_bignum.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2019 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -25,13 +25,13 @@ static int bn_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static int bn_secure_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, +static int bn_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); static int bn_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, +static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); static ASN1_PRIMITIVE_FUNCS bignum_pf = { @@ -91,7 +91,7 @@ static void bn_free(ASN1_VALUE **pval, const ASN1_ITEM *it) *pval = NULL; } -static int bn_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, +static int bn_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) { BIGNUM *bn; @@ -146,7 +146,7 @@ static int bn_secure_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return ret; } -static int bn_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, +static int bn_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { if (!BN_print(out, *(BIGNUM **)pval)) diff --git a/crypto/asn1/x_info.c b/crypto/asn1/x_info.c index 8d99f07c6361..f8bc4789884e 100644 --- a/crypto/asn1/x_info.c +++ b/crypto/asn1/x_info.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -19,7 +19,7 @@ X509_INFO *X509_INFO_new(void) ret = OPENSSL_zalloc(sizeof(*ret)); if (ret == NULL) { - ASN1err(ASN1_F_X509_INFO_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/asn1/x_int64.c b/crypto/asn1/x_int64.c index 96c1a259e1fe..eb78c7e36723 100644 --- a/crypto/asn1/x_int64.c +++ b/crypto/asn1/x_int64.c @@ -1,7 +1,7 @@ /* - * Copyright 2017-2018 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -29,7 +29,7 @@ static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) { - ASN1err(ASN1_F_UINT64_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } return 1; @@ -46,8 +46,8 @@ static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) **(uint64_t **)pval = 0; } -static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) +static int uint64_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { uint64_t utmp; int neg = 0; @@ -62,16 +62,16 @@ static int uint64_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, return -1; if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED && (int64_t)utmp < 0) { - /* i2c_uint64_int() assumes positive values */ + /* ossl_i2c_uint64_int() assumes positive values */ utmp = 0 - utmp; neg = 1; } - return i2c_uint64_int(cont, utmp, neg); + return ossl_i2c_uint64_int(cont, utmp, neg); } static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { uint64_t utmp = 0; char *cp; @@ -91,19 +91,19 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, if (len == 0) goto long_compat; - if (!c2i_uint64_int(&utmp, &neg, &cont, len)) + if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len)) return 0; if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { - ASN1err(ASN1_F_UINT64_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); return 0; } if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED && !neg && utmp > INT64_MAX) { - ASN1err(ASN1_F_UINT64_C2I, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } if (neg) - /* c2i_uint64_int() returns positive values */ + /* ossl_c2i_uint64_int() returns positive values */ utmp = 0 - utmp; long_compat: @@ -111,7 +111,7 @@ static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return 1; } -static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, +static int uint64_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) @@ -124,7 +124,7 @@ static int uint64_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it) { if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) { - ASN1err(ASN1_F_UINT32_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return 0; } return 1; @@ -141,8 +141,8 @@ static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) **(uint32_t **)pval = 0; } -static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, - const ASN1_ITEM *it) +static int uint32_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, + const ASN1_ITEM *it) { uint32_t utmp; int neg = 0; @@ -157,12 +157,12 @@ static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, return -1; if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED && (int32_t)utmp < 0) { - /* i2c_uint64_int() assumes positive values */ + /* ossl_i2c_uint64_int() assumes positive values */ utmp = 0 - utmp; neg = 1; } - return i2c_uint64_int(cont, (uint64_t)utmp, neg); + return ossl_i2c_uint64_int(cont, (uint64_t)utmp, neg); } /* @@ -173,7 +173,7 @@ static int uint32_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, #define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1) static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, - int utype, char *free_cont, const ASN1_ITEM *it) + int utype, char *free_cont, const ASN1_ITEM *it) { uint64_t utmp = 0; uint32_t utmp2 = 0; @@ -194,22 +194,22 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, if (len == 0) goto long_compat; - if (!c2i_uint64_int(&utmp, &neg, &cont, len)) + if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len)) return 0; if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { - ASN1err(ASN1_F_UINT32_C2I, ASN1_R_ILLEGAL_NEGATIVE_VALUE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); return 0; } if (neg) { if (utmp > ABS_INT32_MIN) { - ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_SMALL); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); return 0; } utmp = 0 - utmp; } else { if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX) || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) { - ASN1err(ASN1_F_UINT32_C2I, ASN1_R_TOO_LARGE); + ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); return 0; } } @@ -220,7 +220,7 @@ static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, return 1; } -static int uint32_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, +static int uint32_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) diff --git a/crypto/asn1/x_long.c b/crypto/asn1/x_long.c index bf9371ef55aa..0685780f08a0 100644 --- a/crypto/asn1/x_long.c +++ b/crypto/asn1/x_long.c @@ -1,7 +1,7 @@ /* - * Copyright 2000-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -11,10 +11,6 @@ #include "internal/cryptlib.h" #include <openssl/asn1t.h> -#if !(OPENSSL_API_COMPAT < 0x10200000L) -NON_EMPTY_TRANSLATION_UNIT -#else - #define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b)) /* @@ -25,11 +21,11 @@ NON_EMPTY_TRANSLATION_UNIT static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it); static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it); -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, +static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it); static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, int utype, char *free_cont, const ASN1_ITEM *it); -static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, +static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx); static ASN1_PRIMITIVE_FUNCS long_pf = { @@ -86,7 +82,7 @@ static int num_bits_ulong(unsigned long value) return (int)ret; } -static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, +static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, const ASN1_ITEM *it) { long ltmp; @@ -156,7 +152,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } } if (len > (int)sizeof(long)) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } @@ -167,7 +163,7 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, else sign = 0; } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */ - ASN1err(ASN1_F_LONG_C2I, ASN1_R_ILLEGAL_PADDING); + ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING); return 0; } utmp = 0; @@ -177,20 +173,20 @@ static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, } ltmp = (long)utmp; if (ltmp < 0) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } if (sign) ltmp = -ltmp - 1; if (ltmp == it->size) { - ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); + ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); return 0; } memcpy(pval, <mp, COPY_SIZE(*pval, ltmp)); return 1; } -static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, +static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, int indent, const ASN1_PCTX *pctx) { long l; @@ -198,4 +194,3 @@ static int long_print(BIO *out, ASN1_VALUE **pval, const ASN1_ITEM *it, memcpy(&l, pval, COPY_SIZE(*pval, l)); return BIO_printf(out, "%ld\n", l); } -#endif diff --git a/crypto/asn1/x_pkey.c b/crypto/asn1/x_pkey.c index 593049f0f26e..b63c7c6489f4 100644 --- a/crypto/asn1/x_pkey.c +++ b/crypto/asn1/x_pkey.c @@ -1,7 +1,7 @@ /* - * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html @@ -29,7 +29,7 @@ X509_PKEY *X509_PKEY_new(void) return ret; err: X509_PKEY_free(ret); - ASN1err(ASN1_F_X509_PKEY_NEW, ERR_R_MALLOC_FAILURE); + ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE); return NULL; } diff --git a/crypto/asn1/x_sig.c b/crypto/asn1/x_sig.c index fb24e240cba8..759a9566531e 100644 --- a/crypto/asn1/x_sig.c +++ b/crypto/asn1/x_sig.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/x_spki.c b/crypto/asn1/x_spki.c index 0d72a3f3a9d2..2d7de66eb79c 100644 --- a/crypto/asn1/x_spki.c +++ b/crypto/asn1/x_spki.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html diff --git a/crypto/asn1/x_val.c b/crypto/asn1/x_val.c index d1f1d3bff989..a4e57cbcc714 100644 --- a/crypto/asn1/x_val.c +++ b/crypto/asn1/x_val.c @@ -1,7 +1,7 @@ /* * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. * - * Licensed under the OpenSSL license (the "License"). You may not use + * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy * in the file LICENSE in the source distribution or at * https://www.openssl.org/source/license.html |