Bug Summary

File:out/../deps/openssl/openssl/crypto/asn1/tasn_dec.c
Warning:line 261, column 13
Access to field 'asn1_ex_d2i_ex' results in a dereference of a null pointer (loaded from variable 'ef')

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -clear-ast-before-backend -disable-llvm-verifier -discard-value-names -main-file-name tasn_dec.c -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -setup-static-analyzer -mrelocation-model pic -pic-level 2 -pic-is-pie -mframe-pointer=all -fmath-errno -ffp-contract=on -fno-rounding-math -mconstructor-aliases -funwind-tables=2 -target-cpu x86-64 -tune-cpu generic -debugger-tuning=gdb -fcoverage-compilation-dir=/home/maurizio/node-v18.6.0/out -resource-dir /usr/local/lib/clang/16.0.0 -D V8_DEPRECATION_WARNINGS -D V8_IMMINENT_DEPRECATION_WARNINGS -D _GLIBCXX_USE_CXX11_ABI=1 -D NODE_OPENSSL_CONF_NAME=nodejs_conf -D NODE_OPENSSL_HAS_QUIC -D __STDC_FORMAT_MACROS -D OPENSSL_NO_PINSHARED -D OPENSSL_THREADS -D OPENSSL_NO_HW -D OPENSSL_API_COMPAT=0x10100001L -D STATIC_LEGACY -D NDEBUG -D OPENSSL_USE_NODELETE -D L_ENDIAN -D OPENSSL_BUILDING_OPENSSL -D AES_ASM -D BSAES_ASM -D CMLL_ASM -D ECP_NISTZ256_ASM -D GHASH_ASM -D KECCAK1600_ASM -D MD5_ASM -D OPENSSL_BN_ASM_GF2m -D OPENSSL_BN_ASM_MONT -D OPENSSL_BN_ASM_MONT5 -D OPENSSL_CPUID_OBJ -D OPENSSL_IA32_SSE2 -D PADLOCK_ASM -D POLY1305_ASM -D SHA1_ASM -D SHA256_ASM -D SHA512_ASM -D VPAES_ASM -D WHIRLPOOL_ASM -D X25519_ASM -D OPENSSL_PIC -D MODULESDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl/lib/openssl-modules" -D OPENSSLDIR="/home/maurizio/node-v18.6.0/out/Release/obj.target/deps/openssl" -D OPENSSLDIR="/etc/ssl" -D ENGINESDIR="/dev/null" -D TERMIOS -I ../deps/openssl/openssl -I ../deps/openssl/openssl/include -I ../deps/openssl/openssl/crypto -I ../deps/openssl/openssl/crypto/include -I ../deps/openssl/openssl/crypto/modes -I ../deps/openssl/openssl/crypto/ec/curve448 -I ../deps/openssl/openssl/crypto/ec/curve448/arch_32 -I ../deps/openssl/openssl/providers/common/include -I ../deps/openssl/openssl/providers/implementations/include -I ../deps/openssl/config -I ../deps/openssl/config/archs/linux-x86_64/asm -I ../deps/openssl/config/archs/linux-x86_64/asm/include -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto -I ../deps/openssl/config/archs/linux-x86_64/asm/crypto/include/internal -I ../deps/openssl/config/archs/linux-x86_64/asm/providers/common/include -internal-isystem /usr/local/lib/clang/16.0.0/include -internal-isystem /usr/local/include -internal-isystem /usr/lib/gcc/x86_64-redhat-linux/8/../../../../x86_64-redhat-linux/include -internal-externc-isystem /include -internal-externc-isystem /usr/include -O3 -Wno-unused-parameter -Wno-missing-field-initializers -Wno-old-style-declaration -fdebug-compilation-dir=/home/maurizio/node-v18.6.0/out -ferror-limit 19 -fgnuc-version=4.2.1 -vectorize-loops -vectorize-slp -analyzer-output=html -faddrsig -D__GCC_HAVE_DWARF2_CFI_ASM=1 -o /tmp/scan-build-2022-08-22-142216-507842-1 -x c ../deps/openssl/openssl/crypto/asn1/tasn_dec.c
1/*
2 * Copyright 2000-2021 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stddef.h>
11#include <string.h>
12#include <openssl/asn1.h>
13#include <openssl/asn1t.h>
14#include <openssl/objects.h>
15#include <openssl/buffer.h>
16#include <openssl/err.h>
17#include "internal/numbers.h"
18#include "asn1_local.h"
19
20/*
21 * Constructed types with a recursive definition (such as can be found in PKCS7)
22 * could eventually exceed the stack given malicious input with excessive
23 * recursion. Therefore we limit the stack depth. This is the maximum number of
24 * recursive invocations of asn1_item_embed_d2i().
25 */
26#define ASN1_MAX_CONSTRUCTED_NEST30 30
27
28static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
29 long len, const ASN1_ITEM *it,
30 int tag, int aclass, char opt, ASN1_TLC *ctx,
31 int depth, OSSL_LIB_CTX *libctx,
32 const char *propq);
33
34static int asn1_check_eoc(const unsigned char **in, long len);
35static int asn1_find_end(const unsigned char **in, long len, char inf);
36
37static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
38 char inf, int tag, int aclass, int depth);
39
40static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
41
42static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
43 char *inf, char *cst,
44 const unsigned char **in, long len,
45 int exptag, int expclass, char opt, ASN1_TLC *ctx);
46
47static int asn1_template_ex_d2i(ASN1_VALUE **pval,
48 const unsigned char **in, long len,
49 const ASN1_TEMPLATE *tt, char opt,
50 ASN1_TLC *ctx, int depth, OSSL_LIB_CTX *libctx,
51 const char *propq);
52static int asn1_template_noexp_d2i(ASN1_VALUE **val,
53 const unsigned char **in, long len,
54 const ASN1_TEMPLATE *tt, char opt,
55 ASN1_TLC *ctx, int depth,
56 OSSL_LIB_CTX *libctx, const char *propq);
57static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
58 const unsigned char **in, long len,
59 const ASN1_ITEM *it,
60 int tag, int aclass, char opt,
61 ASN1_TLC *ctx);
62static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
63 int utype, char *free_cont, const ASN1_ITEM *it);
64
65/* Table to convert tags to bit values, used for MSTRING type */
66static const unsigned long tag2bit[32] = {
67 /* tags 0 - 3 */
68 0, 0, 0, B_ASN1_BIT_STRING0x0400,
69 /* tags 4- 7 */
70 B_ASN1_OCTET_STRING0x0200, 0, 0, B_ASN1_UNKNOWN0x1000,
71 /* tags 8-11 */
72 B_ASN1_UNKNOWN0x1000, B_ASN1_UNKNOWN0x1000, 0, B_ASN1_UNKNOWN0x1000,
73 /* tags 12-15 */
74 B_ASN1_UTF8STRING0x2000, B_ASN1_UNKNOWN0x1000, B_ASN1_UNKNOWN0x1000, B_ASN1_UNKNOWN0x1000,
75 /* tags 16-19 */
76 B_ASN1_SEQUENCE0x10000, 0, B_ASN1_NUMERICSTRING0x0001, B_ASN1_PRINTABLESTRING0x0002,
77 /* tags 20-22 */
78 B_ASN1_T61STRING0x0004, B_ASN1_VIDEOTEXSTRING0x0008, B_ASN1_IA5STRING0x0010,
79 /* tags 23-24 */
80 B_ASN1_UTCTIME0x4000, B_ASN1_GENERALIZEDTIME0x8000,
81 /* tags 25-27 */
82 B_ASN1_GRAPHICSTRING0x0020, B_ASN1_ISO64STRING0x0040, B_ASN1_GENERALSTRING0x0080,
83 /* tags 28-31 */
84 B_ASN1_UNIVERSALSTRING0x0100, B_ASN1_UNKNOWN0x1000, B_ASN1_BMPSTRING0x0800, B_ASN1_UNKNOWN0x1000,
85};
86
87unsigned long ASN1_tag2bit(int tag)
88{
89 if ((tag < 0) || (tag > 30))
90 return 0;
91 return tag2bit[tag];
92}
93
94/* Macro to initialize and invalidate the cache */
95
96#define asn1_tlc_clear(c)do { if ((c) != ((void*)0)) (c)->valid = 0; } while (0) do { if ((c) != NULL((void*)0)) (c)->valid = 0; } while (0)
97/* Version to avoid compiler warning about 'c' always non-NULL */
98#define asn1_tlc_clear_nc(c)do {(c)->valid = 0; } while (0) do {(c)->valid = 0; } while (0)
99
100/*
101 * Decode an ASN1 item, this currently behaves just like a standard 'd2i'
102 * function. 'in' points to a buffer to read the data from, in future we
103 * will have more advanced versions that can input data a piece at a time and
104 * this will simply be a special case.
105 */
106
107static int asn1_item_ex_d2i_intern(ASN1_VALUE **pval, const unsigned char **in,
108 long len, const ASN1_ITEM *it, int tag,
109 int aclass, char opt, ASN1_TLC *ctx,
110 OSSL_LIB_CTX *libctx, const char *propq)
111{
112 int rv;
113
114 if (pval == NULL((void*)0) || it == NULL((void*)0)) {
115 ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,115,__func__), ERR_set_error)((13),((258|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
116 return 0;
117 }
118 rv = asn1_item_embed_d2i(pval, in, len, it, tag, aclass, opt, ctx, 0,
119 libctx, propq);
120 if (rv <= 0)
121 ASN1_item_ex_free(pval, it);
122 return rv;
123}
124
125int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
126 const ASN1_ITEM *it,
127 int tag, int aclass, char opt, ASN1_TLC *ctx)
128{
129 return asn1_item_ex_d2i_intern(pval, in, len, it, tag, aclass, opt, ctx,
130 NULL((void*)0), NULL((void*)0));
131}
132
133ASN1_VALUE *ASN1_item_d2i_ex(ASN1_VALUE **pval,
134 const unsigned char **in, long len,
135 const ASN1_ITEM *it, OSSL_LIB_CTX *libctx,
136 const char *propq)
137{
138 ASN1_TLC c;
139 ASN1_VALUE *ptmpval = NULL((void*)0);
140
141 if (pval == NULL((void*)0))
142 pval = &ptmpval;
143 asn1_tlc_clear_nc(&c)do {(&c)->valid = 0; } while (0);
144 if (asn1_item_ex_d2i_intern(pval, in, len, it, -1, 0, 0, &c, libctx,
145 propq) > 0)
146 return *pval;
147 return NULL((void*)0);
148}
149
150ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
151 const unsigned char **in, long len,
152 const ASN1_ITEM *it)
153{
154 return ASN1_item_d2i_ex(pval, in, len, it, NULL((void*)0), NULL((void*)0));
155}
156
157/*
158 * Decode an item, taking care of IMPLICIT tagging, if any. If 'opt' set and
159 * tag mismatch return -1 to handle OPTIONAL
160 */
161
162static int asn1_item_embed_d2i(ASN1_VALUE **pval, const unsigned char **in,
163 long len, const ASN1_ITEM *it,
164 int tag, int aclass, char opt, ASN1_TLC *ctx,
165 int depth, OSSL_LIB_CTX *libctx,
166 const char *propq)
167{
168 const ASN1_TEMPLATE *tt, *errtt = NULL((void*)0);
169 const ASN1_EXTERN_FUNCS *ef;
170 const ASN1_AUX *aux;
171 ASN1_aux_cb *asn1_cb;
172 const unsigned char *p = NULL((void*)0), *q;
173 unsigned char oclass;
174 char seq_eoc, seq_nolen, cst, isopt;
175 long tmplen;
176 int i;
177 int otag;
178 int ret = 0;
179 ASN1_VALUE **pchptr;
180
181 if (pval == NULL((void*)0) || it == NULL((void*)0)) {
1
Assuming 'pval' is not equal to NULL
2
Assuming 'it' is not equal to NULL
3
Taking false branch
182 ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,182,__func__), ERR_set_error)((13),((258|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
183 return 0;
184 }
185 if (len <= 0) {
4
Assuming 'len' is > 0
5
Taking false branch
186 ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,186,__func__), ERR_set_error)((13),(224),((void*)0));
187 return 0;
188 }
189 aux = it->funcs;
190 if (aux && aux->asn1_cb)
6
Assuming 'aux' is null
191 asn1_cb = aux->asn1_cb;
192 else
193 asn1_cb = 0;
194
195 if (++depth > ASN1_MAX_CONSTRUCTED_NEST30) {
7
Assuming the condition is false
8
Taking false branch
196 ERR_raise(ERR_LIB_ASN1, ASN1_R_NESTED_TOO_DEEP)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,196,__func__), ERR_set_error)((13),(201),((void*)0));
197 goto err;
198 }
199
200 switch (it->itype) {
9
Control jumps to 'case 4:' at line 258
201 case ASN1_ITYPE_PRIMITIVE0x0:
202 if (it->templates) {
203 /*
204 * tagging or OPTIONAL is currently illegal on an item template
205 * because the flags can't get passed down. In practice this
206 * isn't a problem: we include the relevant flags from the item
207 * template in the template itself.
208 */
209 if ((tag != -1) || opt) {
210 ERR_raise(ERR_LIB_ASN1,(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,211,__func__), ERR_set_error)((13),(170),((void*)0))
211 ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,211,__func__), ERR_set_error)((13),(170),((void*)0));
212 goto err;
213 }
214 return asn1_template_ex_d2i(pval, in, len, it->templates, opt, ctx,
215 depth, libctx, propq);
216 }
217 return asn1_d2i_ex_primitive(pval, in, len, it,
218 tag, aclass, opt, ctx);
219
220 case ASN1_ITYPE_MSTRING0x5:
221 /*
222 * It never makes sense for multi-strings to have implicit tagging, so
223 * if tag != -1, then this looks like an error in the template.
224 */
225 if (tag != -1) {
226 ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,226,__func__), ERR_set_error)((13),(230),((void*)0));
227 goto err;
228 }
229
230 p = *in;
231 /* Just read in tag and class */
232 ret = asn1_check_tlen(NULL((void*)0), &otag, &oclass, NULL((void*)0), NULL((void*)0),
233 &p, len, -1, 0, 1, ctx);
234 if (!ret) {
235 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,235,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
236 goto err;
237 }
238
239 /* Must be UNIVERSAL class */
240 if (oclass != V_ASN1_UNIVERSAL0x00) {
241 /* If OPTIONAL, assume this is OK */
242 if (opt)
243 return -1;
244 ERR_raise(ERR_LIB_ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,244,__func__), ERR_set_error)((13),(139),((void*)0));
245 goto err;
246 }
247
248 /* Check tag matches bit map */
249 if (!(ASN1_tag2bit(otag) & it->utype)) {
250 /* If OPTIONAL, assume this is OK */
251 if (opt)
252 return -1;
253 ERR_raise(ERR_LIB_ASN1, ASN1_R_MSTRING_WRONG_TAG)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,253,__func__), ERR_set_error)((13),(140),((void*)0));
254 goto err;
255 }
256 return asn1_d2i_ex_primitive(pval, in, len, it, otag, 0, 0, ctx);
257
258 case ASN1_ITYPE_EXTERN0x4:
259 /* Use new style d2i */
260 ef = it->funcs;
10
Null pointer value stored to 'ef'
261 if (ef->asn1_ex_d2i_ex != NULL((void*)0))
11
Access to field 'asn1_ex_d2i_ex' results in a dereference of a null pointer (loaded from variable 'ef')
262 return ef->asn1_ex_d2i_ex(pval, in, len, it, tag, aclass, opt, ctx,
263 libctx, propq);
264 return ef->asn1_ex_d2i(pval, in, len, it, tag, aclass, opt, ctx);
265
266 case ASN1_ITYPE_CHOICE0x2:
267 /*
268 * It never makes sense for CHOICE types to have implicit tagging, so
269 * if tag != -1, then this looks like an error in the template.
270 */
271 if (tag != -1) {
272 ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_TEMPLATE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,272,__func__), ERR_set_error)((13),(230),((void*)0));
273 goto err;
274 }
275
276 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE4, pval, it, NULL((void*)0)))
277 goto auxerr;
278 if (*pval) {
279 /* Free up and zero CHOICE value if initialised */
280 i = ossl_asn1_get_choice_selector(pval, it);
281 if ((i >= 0) && (i < it->tcount)) {
282 tt = it->templates + i;
283 pchptr = ossl_asn1_get_field_ptr(pval, tt);
284 ossl_asn1_template_free(pchptr, tt);
285 ossl_asn1_set_choice_selector(pval, -1, it);
286 }
287 } else if (!ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) {
288 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,288,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
289 goto err;
290 }
291 /* CHOICE type, try each possibility in turn */
292 p = *in;
293 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
294 pchptr = ossl_asn1_get_field_ptr(pval, tt);
295 /*
296 * We mark field as OPTIONAL so its absence can be recognised.
297 */
298 ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx, depth,
299 libctx, propq);
300 /* If field not present, try the next one */
301 if (ret == -1)
302 continue;
303 /* If positive return, read OK, break loop */
304 if (ret > 0)
305 break;
306 /*
307 * Must be an ASN1 parsing error.
308 * Free up any partial choice value
309 */
310 ossl_asn1_template_free(pchptr, tt);
311 errtt = tt;
312 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,312,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
313 goto err;
314 }
315
316 /* Did we fall off the end without reading anything? */
317 if (i == it->tcount) {
318 /* If OPTIONAL, this is OK */
319 if (opt) {
320 /* Free and zero it */
321 ASN1_item_ex_free(pval, it);
322 return -1;
323 }
324 ERR_raise(ERR_LIB_ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,324,__func__), ERR_set_error)((13),(143),((void*)0));
325 goto err;
326 }
327
328 ossl_asn1_set_choice_selector(pval, i, it);
329
330 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST5, pval, it, NULL((void*)0)))
331 goto auxerr;
332 *in = p;
333 return 1;
334
335 case ASN1_ITYPE_NDEF_SEQUENCE0x6:
336 case ASN1_ITYPE_SEQUENCE0x1:
337 p = *in;
338 tmplen = len;
339
340 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
341 if (tag == -1) {
342 tag = V_ASN1_SEQUENCE16;
343 aclass = V_ASN1_UNIVERSAL0x00;
344 }
345 /* Get SEQUENCE length and update len, p */
346 ret = asn1_check_tlen(&len, NULL((void*)0), NULL((void*)0), &seq_eoc, &cst,
347 &p, len, tag, aclass, opt, ctx);
348 if (!ret) {
349 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,349,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
350 goto err;
351 } else if (ret == -1)
352 return -1;
353 if (aux && (aux->flags & ASN1_AFLG_BROKEN4)) {
354 len = tmplen - (p - *in);
355 seq_nolen = 1;
356 }
357 /* If indefinite we don't do a length check */
358 else
359 seq_nolen = seq_eoc;
360 if (!cst) {
361 ERR_raise(ERR_LIB_ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,361,__func__), ERR_set_error)((13),(149),((void*)0));
362 goto err;
363 }
364
365 if (*pval == NULL((void*)0)
366 && !ossl_asn1_item_ex_new_intern(pval, it, libctx, propq)) {
367 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,367,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
368 goto err;
369 }
370
371 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE4, pval, it, NULL((void*)0)))
372 goto auxerr;
373
374 /* Free up and zero any ADB found */
375 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
376 if (tt->flags & ASN1_TFLG_ADB_MASK(0x3<<8)) {
377 const ASN1_TEMPLATE *seqtt;
378 ASN1_VALUE **pseqval;
379 seqtt = ossl_asn1_do_adb(*pval, tt, 0);
380 if (seqtt == NULL((void*)0))
381 continue;
382 pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
383 ossl_asn1_template_free(pseqval, seqtt);
384 }
385 }
386
387 /* Get each field entry */
388 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++) {
389 const ASN1_TEMPLATE *seqtt;
390 ASN1_VALUE **pseqval;
391 seqtt = ossl_asn1_do_adb(*pval, tt, 1);
392 if (seqtt == NULL((void*)0))
393 goto err;
394 pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
395 /* Have we ran out of data? */
396 if (!len)
397 break;
398 q = p;
399 if (asn1_check_eoc(&p, len)) {
400 if (!seq_eoc) {
401 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,401,__func__), ERR_set_error)((13),(159),((void*)0));
402 goto err;
403 }
404 len -= p - q;
405 seq_eoc = 0;
406 break;
407 }
408 /*
409 * This determines the OPTIONAL flag value. The field cannot be
410 * omitted if it is the last of a SEQUENCE and there is still
411 * data to be read. This isn't strictly necessary but it
412 * increases efficiency in some cases.
413 */
414 if (i == (it->tcount - 1))
415 isopt = 0;
416 else
417 isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL(0x1));
418 /*
419 * attempt to read in field, allowing each to be OPTIONAL
420 */
421
422 ret = asn1_template_ex_d2i(pseqval, &p, len, seqtt, isopt, ctx,
423 depth, libctx, propq);
424 if (!ret) {
425 errtt = seqtt;
426 goto err;
427 } else if (ret == -1) {
428 /*
429 * OPTIONAL component absent. Free and zero the field.
430 */
431 ossl_asn1_template_free(pseqval, seqtt);
432 continue;
433 }
434 /* Update length */
435 len -= p - q;
436 }
437
438 /* Check for EOC if expecting one */
439 if (seq_eoc && !asn1_check_eoc(&p, len)) {
440 ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,440,__func__), ERR_set_error)((13),(137),((void*)0));
441 goto err;
442 }
443 /* Check all data read */
444 if (!seq_nolen && len) {
445 ERR_raise(ERR_LIB_ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,445,__func__), ERR_set_error)((13),(148),((void*)0));
446 goto err;
447 }
448
449 /*
450 * If we get here we've got no more data in the SEQUENCE, however we
451 * may not have read all fields so check all remaining are OPTIONAL
452 * and clear any that are.
453 */
454 for (; i < it->tcount; tt++, i++) {
455 const ASN1_TEMPLATE *seqtt;
456 seqtt = ossl_asn1_do_adb(*pval, tt, 1);
457 if (seqtt == NULL((void*)0))
458 goto err;
459 if (seqtt->flags & ASN1_TFLG_OPTIONAL(0x1)) {
460 ASN1_VALUE **pseqval;
461 pseqval = ossl_asn1_get_field_ptr(pval, seqtt);
462 ossl_asn1_template_free(pseqval, seqtt);
463 } else {
464 errtt = seqtt;
465 ERR_raise(ERR_LIB_ASN1, ASN1_R_FIELD_MISSING)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,465,__func__), ERR_set_error)((13),(121),((void*)0));
466 goto err;
467 }
468 }
469 /* Save encoding */
470 if (!ossl_asn1_enc_save(pval, *in, p - *in, it))
471 goto auxerr;
472 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST5, pval, it, NULL((void*)0)))
473 goto auxerr;
474 *in = p;
475 return 1;
476
477 default:
478 return 0;
479 }
480 auxerr:
481 ERR_raise(ERR_LIB_ASN1, ASN1_R_AUX_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,481,__func__), ERR_set_error)((13),(100),((void*)0));
482 err:
483 if (errtt)
484 ERR_add_error_data(4, "Field=", errtt->field_name,
485 ", Type=", it->sname);
486 else
487 ERR_add_error_data(2, "Type=", it->sname);
488 return 0;
489}
490
491/*
492 * Templates are handled with two separate functions. One handles any
493 * EXPLICIT tag and the other handles the rest.
494 */
495
496static int asn1_template_ex_d2i(ASN1_VALUE **val,
497 const unsigned char **in, long inlen,
498 const ASN1_TEMPLATE *tt, char opt,
499 ASN1_TLC *ctx, int depth,
500 OSSL_LIB_CTX *libctx, const char *propq)
501{
502 int flags, aclass;
503 int ret;
504 long len;
505 const unsigned char *p, *q;
506 char exp_eoc;
507 if (!val)
508 return 0;
509 flags = tt->flags;
510 aclass = flags & ASN1_TFLG_TAG_CLASS(0x3<<6);
511
512 p = *in;
513
514 /* Check if EXPLICIT tag expected */
515 if (flags & ASN1_TFLG_EXPTAG(0x2 << 3)) {
516 char cst;
517 /*
518 * Need to work out amount of data available to the inner content and
519 * where it starts: so read in EXPLICIT header to get the info.
520 */
521 ret = asn1_check_tlen(&len, NULL((void*)0), NULL((void*)0), &exp_eoc, &cst,
522 &p, inlen, tt->tag, aclass, opt, ctx);
523 q = p;
524 if (!ret) {
525 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,525,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
526 return 0;
527 } else if (ret == -1)
528 return -1;
529 if (!cst) {
530 ERR_raise(ERR_LIB_ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,530,__func__), ERR_set_error)((13),(120),((void*)0));
531 return 0;
532 }
533 /* We've found the field so it can't be OPTIONAL now */
534 ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx, depth, libctx,
535 propq);
536 if (!ret) {
537 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,537,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
538 return 0;
539 }
540 /* We read the field in OK so update length */
541 len -= p - q;
542 if (exp_eoc) {
543 /* If NDEF we must have an EOC here */
544 if (!asn1_check_eoc(&p, len)) {
545 ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,545,__func__), ERR_set_error)((13),(137),((void*)0));
546 goto err;
547 }
548 } else {
549 /*
550 * Otherwise we must hit the EXPLICIT tag end or its an error
551 */
552 if (len) {
553 ERR_raise(ERR_LIB_ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,553,__func__), ERR_set_error)((13),(119),((void*)0));
554 goto err;
555 }
556 }
557 } else
558 return asn1_template_noexp_d2i(val, in, inlen, tt, opt, ctx, depth,
559 libctx, propq);
560
561 *in = p;
562 return 1;
563
564 err:
565 return 0;
566}
567
568static int asn1_template_noexp_d2i(ASN1_VALUE **val,
569 const unsigned char **in, long len,
570 const ASN1_TEMPLATE *tt, char opt,
571 ASN1_TLC *ctx, int depth,
572 OSSL_LIB_CTX *libctx, const char *propq)
573{
574 int flags, aclass;
575 int ret;
576 ASN1_VALUE *tval;
577 const unsigned char *p, *q;
578 if (!val)
579 return 0;
580 flags = tt->flags;
581 aclass = flags & ASN1_TFLG_TAG_CLASS(0x3<<6);
582
583 p = *in;
584
585 /*
586 * If field is embedded then val needs fixing so it is a pointer to
587 * a pointer to a field.
588 */
589 if (tt->flags & ASN1_TFLG_EMBED(0x1 << 12)) {
590 tval = (ASN1_VALUE *)val;
591 val = &tval;
592 }
593
594 if (flags & ASN1_TFLG_SK_MASK(0x3 << 1)) {
595 /* SET OF, SEQUENCE OF */
596 int sktag, skaclass;
597 char sk_eoc;
598 /* First work out expected inner tag value */
599 if (flags & ASN1_TFLG_IMPTAG(0x1 << 3)) {
600 sktag = tt->tag;
601 skaclass = aclass;
602 } else {
603 skaclass = V_ASN1_UNIVERSAL0x00;
604 if (flags & ASN1_TFLG_SET_OF(0x1 << 1))
605 sktag = V_ASN1_SET17;
606 else
607 sktag = V_ASN1_SEQUENCE16;
608 }
609 /* Get the tag */
610 ret = asn1_check_tlen(&len, NULL((void*)0), NULL((void*)0), &sk_eoc, NULL((void*)0),
611 &p, len, sktag, skaclass, opt, ctx);
612 if (!ret) {
613 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,613,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
614 return 0;
615 } else if (ret == -1)
616 return -1;
617 if (*val == NULL((void*)0))
618 *val = (ASN1_VALUE *)sk_ASN1_VALUE_new_null()((struct stack_st_ASN1_VALUE *)OPENSSL_sk_new_null());
619 else {
620 /*
621 * We've got a valid STACK: free up any items present
622 */
623 STACK_OF(ASN1_VALUE)struct stack_st_ASN1_VALUE *sktmp = (STACK_OF(ASN1_VALUE)struct stack_st_ASN1_VALUE *)*val;
624 ASN1_VALUE *vtmp;
625 while (sk_ASN1_VALUE_num(sktmp)OPENSSL_sk_num(ossl_check_const_ASN1_VALUE_sk_type(sktmp)) > 0) {
626 vtmp = sk_ASN1_VALUE_pop(sktmp)((ASN1_VALUE *)OPENSSL_sk_pop(ossl_check_ASN1_VALUE_sk_type(sktmp
)));
627 ASN1_item_ex_free(&vtmp, ASN1_ITEM_ptr(tt->item)(tt->item()));
628 }
629 }
630
631 if (*val == NULL((void*)0)) {
632 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,632,__func__), ERR_set_error)((13),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
633 goto err;
634 }
635
636 /* Read as many items as we can */
637 while (len > 0) {
638 ASN1_VALUE *skfield;
639 q = p;
640 /* See if EOC found */
641 if (asn1_check_eoc(&p, len)) {
642 if (!sk_eoc) {
643 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,643,__func__), ERR_set_error)((13),(159),((void*)0));
644 goto err;
645 }
646 len -= p - q;
647 sk_eoc = 0;
648 break;
649 }
650 skfield = NULL((void*)0);
651 if (asn1_item_embed_d2i(&skfield, &p, len,
652 ASN1_ITEM_ptr(tt->item)(tt->item()), -1, 0, 0, ctx,
653 depth, libctx, propq) <= 0) {
654 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,654,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
655 /* |skfield| may be partially allocated despite failure. */
656 ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)(tt->item()));
657 goto err;
658 }
659 len -= p - q;
660 if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val, skfield)OPENSSL_sk_push(ossl_check_ASN1_VALUE_sk_type((struct stack_st_ASN1_VALUE
*)*val), ossl_check_ASN1_VALUE_type(skfield))) {
661 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,661,__func__), ERR_set_error)((13),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
662 ASN1_item_free(skfield, ASN1_ITEM_ptr(tt->item)(tt->item()));
663 goto err;
664 }
665 }
666 if (sk_eoc) {
667 ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,667,__func__), ERR_set_error)((13),(137),((void*)0));
668 goto err;
669 }
670 } else if (flags & ASN1_TFLG_IMPTAG(0x1 << 3)) {
671 /* IMPLICIT tagging */
672 ret = asn1_item_embed_d2i(val, &p, len,
673 ASN1_ITEM_ptr(tt->item)(tt->item()), tt->tag, aclass, opt,
674 ctx, depth, libctx, propq);
675 if (!ret) {
676 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,676,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
677 goto err;
678 } else if (ret == -1)
679 return -1;
680 } else {
681 /* Nothing special */
682 ret = asn1_item_embed_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item)(tt->item()),
683 -1, 0, opt, ctx, depth, libctx, propq);
684 if (!ret) {
685 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,685,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
686 goto err;
687 } else if (ret == -1)
688 return -1;
689 }
690
691 *in = p;
692 return 1;
693
694 err:
695 return 0;
696}
697
698static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
699 const unsigned char **in, long inlen,
700 const ASN1_ITEM *it,
701 int tag, int aclass, char opt, ASN1_TLC *ctx)
702{
703 int ret = 0, utype;
704 long plen;
705 char cst, inf, free_cont = 0;
706 const unsigned char *p;
707 BUF_MEM buf = { 0, NULL((void*)0), 0, 0 };
708 const unsigned char *cont = NULL((void*)0);
709 long len;
710
711 if (pval == NULL((void*)0)) {
712 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NULL)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,712,__func__), ERR_set_error)((13),(125),((void*)0));
713 return 0; /* Should never happen */
714 }
715
716 if (it->itype == ASN1_ITYPE_MSTRING0x5) {
717 utype = tag;
718 tag = -1;
719 } else
720 utype = it->utype;
721
722 if (utype == V_ASN1_ANY-4) {
723 /* If type is ANY need to figure out type from tag */
724 unsigned char oclass;
725 if (tag >= 0) {
726 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_TAGGED_ANY)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,726,__func__), ERR_set_error)((13),(127),((void*)0));
727 return 0;
728 }
729 if (opt) {
730 ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,730,__func__), ERR_set_error)((13),(126),((void*)0));
731 return 0;
732 }
733 p = *in;
734 ret = asn1_check_tlen(NULL((void*)0), &utype, &oclass, NULL((void*)0), NULL((void*)0),
735 &p, inlen, -1, 0, 0, ctx);
736 if (!ret) {
737 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,737,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
738 return 0;
739 }
740 if (oclass != V_ASN1_UNIVERSAL0x00)
741 utype = V_ASN1_OTHER-3;
742 }
743 if (tag == -1) {
744 tag = utype;
745 aclass = V_ASN1_UNIVERSAL0x00;
746 }
747 p = *in;
748 /* Check header */
749 ret = asn1_check_tlen(&plen, NULL((void*)0), NULL((void*)0), &inf, &cst,
750 &p, inlen, tag, aclass, opt, ctx);
751 if (!ret) {
752 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,752,__func__), ERR_set_error)((13),((266|(0x2 << 18L))
),((void*)0));
753 return 0;
754 } else if (ret == -1)
755 return -1;
756 ret = 0;
757 /* SEQUENCE, SET and "OTHER" are left in encoded form */
758 if ((utype == V_ASN1_SEQUENCE16)
759 || (utype == V_ASN1_SET17) || (utype == V_ASN1_OTHER-3)) {
760 /*
761 * Clear context cache for type OTHER because the auto clear when we
762 * have a exact match won't work
763 */
764 if (utype == V_ASN1_OTHER-3) {
765 asn1_tlc_clear(ctx)do { if ((ctx) != ((void*)0)) (ctx)->valid = 0; } while (0
);
766 }
767 /* SEQUENCE and SET must be constructed */
768 else if (!cst) {
769 ERR_raise(ERR_LIB_ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,769,__func__), ERR_set_error)((13),(156),((void*)0));
770 return 0;
771 }
772
773 cont = *in;
774 /* If indefinite length constructed find the real end */
775 if (inf) {
776 if (!asn1_find_end(&p, plen, inf))
777 goto err;
778 len = p - cont;
779 } else {
780 len = p - cont + plen;
781 p += plen;
782 }
783 } else if (cst) {
784 if (utype == V_ASN1_NULL5 || utype == V_ASN1_BOOLEAN1
785 || utype == V_ASN1_OBJECT6 || utype == V_ASN1_INTEGER2
786 || utype == V_ASN1_ENUMERATED10) {
787 ERR_raise(ERR_LIB_ASN1, ASN1_R_TYPE_NOT_PRIMITIVE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,787,__func__), ERR_set_error)((13),(195),((void*)0));
788 return 0;
789 }
790
791 /* Free any returned 'buf' content */
792 free_cont = 1;
793 /*
794 * Should really check the internal tags are correct but some things
795 * may get this wrong. The relevant specs say that constructed string
796 * types should be OCTET STRINGs internally irrespective of the type.
797 * So instead just check for UNIVERSAL class and ignore the tag.
798 */
799 if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL0x00, 0)) {
800 goto err;
801 }
802 len = buf.length;
803 /* Append a final null to string */
804 if (!BUF_MEM_grow_clean(&buf, len + 1)) {
805 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,805,__func__), ERR_set_error)((13),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
806 goto err;
807 }
808 buf.data[len] = 0;
809 cont = (const unsigned char *)buf.data;
810 } else {
811 cont = p;
812 len = plen;
813 p += plen;
814 }
815
816 /* We now have content length and type: translate into a structure */
817 /* asn1_ex_c2i may reuse allocated buffer, and so sets free_cont to 0 */
818 if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
819 goto err;
820
821 *in = p;
822 ret = 1;
823 err:
824 if (free_cont)
825 OPENSSL_free(buf.data)CRYPTO_free(buf.data, "../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
, 825);
826 return ret;
827}
828
829/* Translate ASN1 content octets into a structure */
830
831static int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
832 int utype, char *free_cont, const ASN1_ITEM *it)
833{
834 ASN1_VALUE **opval = NULL((void*)0);
835 ASN1_STRING *stmp;
836 ASN1_TYPE *typ = NULL((void*)0);
837 int ret = 0;
838 const ASN1_PRIMITIVE_FUNCS *pf;
839 ASN1_INTEGER **tint;
840 pf = it->funcs;
841
842 if (pf && pf->prim_c2i)
843 return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
844 /* If ANY type clear type and set pointer to internal value */
845 if (it->utype == V_ASN1_ANY-4) {
846 if (*pval == NULL((void*)0)) {
847 typ = ASN1_TYPE_new();
848 if (typ == NULL((void*)0))
849 goto err;
850 *pval = (ASN1_VALUE *)typ;
851 } else
852 typ = (ASN1_TYPE *)*pval;
853
854 if (utype != typ->type)
855 ASN1_TYPE_set(typ, utype, NULL((void*)0));
856 opval = pval;
857 pval = &typ->value.asn1_value;
858 }
859 switch (utype) {
860 case V_ASN1_OBJECT6:
861 if (!ossl_c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
862 goto err;
863 break;
864
865 case V_ASN1_NULL5:
866 if (len) {
867 ERR_raise(ERR_LIB_ASN1, ASN1_R_NULL_IS_WRONG_LENGTH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,867,__func__), ERR_set_error)((13),(144),((void*)0));
868 goto err;
869 }
870 *pval = (ASN1_VALUE *)1;
871 break;
872
873 case V_ASN1_BOOLEAN1:
874 if (len != 1) {
875 ERR_raise(ERR_LIB_ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,875,__func__), ERR_set_error)((13),(106),((void*)0));
876 goto err;
877 } else {
878 ASN1_BOOLEAN *tbool;
879 tbool = (ASN1_BOOLEAN *)pval;
880 *tbool = *cont;
881 }
882 break;
883
884 case V_ASN1_BIT_STRING3:
885 if (!ossl_c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
886 goto err;
887 break;
888
889 case V_ASN1_INTEGER2:
890 case V_ASN1_ENUMERATED10:
891 tint = (ASN1_INTEGER **)pval;
892 if (!ossl_c2i_ASN1_INTEGER(tint, &cont, len))
893 goto err;
894 /* Fixup type to match the expected form */
895 (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG0x100);
896 break;
897
898 case V_ASN1_OCTET_STRING4:
899 case V_ASN1_NUMERICSTRING18:
900 case V_ASN1_PRINTABLESTRING19:
901 case V_ASN1_T61STRING20:
902 case V_ASN1_VIDEOTEXSTRING21:
903 case V_ASN1_IA5STRING22:
904 case V_ASN1_UTCTIME23:
905 case V_ASN1_GENERALIZEDTIME24:
906 case V_ASN1_GRAPHICSTRING25:
907 case V_ASN1_VISIBLESTRING26:
908 case V_ASN1_GENERALSTRING27:
909 case V_ASN1_UNIVERSALSTRING28:
910 case V_ASN1_BMPSTRING30:
911 case V_ASN1_UTF8STRING12:
912 case V_ASN1_OTHER-3:
913 case V_ASN1_SET17:
914 case V_ASN1_SEQUENCE16:
915 default:
916 if (utype == V_ASN1_BMPSTRING30 && (len & 1)) {
917 ERR_raise(ERR_LIB_ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,917,__func__), ERR_set_error)((13),(214),((void*)0));
918 goto err;
919 }
920 if (utype == V_ASN1_UNIVERSALSTRING28 && (len & 3)) {
921 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,921,__func__), ERR_set_error)((13),(215),((void*)0));
922 goto err;
923 }
924 /* All based on ASN1_STRING and handled the same */
925 if (*pval == NULL((void*)0)) {
926 stmp = ASN1_STRING_type_new(utype);
927 if (stmp == NULL((void*)0)) {
928 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,928,__func__), ERR_set_error)((13),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
929 goto err;
930 }
931 *pval = (ASN1_VALUE *)stmp;
932 } else {
933 stmp = (ASN1_STRING *)*pval;
934 stmp->type = utype;
935 }
936 /* If we've already allocated a buffer use it */
937 if (*free_cont) {
938 OPENSSL_free(stmp->data)CRYPTO_free(stmp->data, "../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
, 938);
939 stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
940 stmp->length = len;
941 *free_cont = 0;
942 } else {
943 if (!ASN1_STRING_set(stmp, cont, len)) {
944 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,944,__func__), ERR_set_error)((13),((256|((0x1 << 18L)
|(0x2 << 18L)))),((void*)0));
945 ASN1_STRING_free(stmp);
946 *pval = NULL((void*)0);
947 goto err;
948 }
949 }
950 break;
951 }
952 /* If ASN1_ANY and NULL type fix up value */
953 if (typ && (utype == V_ASN1_NULL5))
954 typ->value.ptr = NULL((void*)0);
955
956 ret = 1;
957 err:
958 if (!ret) {
959 ASN1_TYPE_free(typ);
960 if (opval)
961 *opval = NULL((void*)0);
962 }
963 return ret;
964}
965
966/*
967 * This function finds the end of an ASN1 structure when passed its maximum
968 * length, whether it is indefinite length and a pointer to the content. This
969 * is more efficient than calling asn1_collect because it does not recurse on
970 * each indefinite length header.
971 */
972
973static int asn1_find_end(const unsigned char **in, long len, char inf)
974{
975 uint32_t expected_eoc;
976 long plen;
977 const unsigned char *p = *in, *q;
978 /* If not indefinite length constructed just add length */
979 if (inf == 0) {
980 *in += len;
981 return 1;
982 }
983 expected_eoc = 1;
984 /*
985 * Indefinite length constructed form. Find the end when enough EOCs are
986 * found. If more indefinite length constructed headers are encountered
987 * increment the expected eoc count otherwise just skip to the end of the
988 * data.
989 */
990 while (len > 0) {
991 if (asn1_check_eoc(&p, len)) {
992 expected_eoc--;
993 if (expected_eoc == 0)
994 break;
995 len -= 2;
996 continue;
997 }
998 q = p;
999 /* Just read in a header: only care about the length */
1000 if (!asn1_check_tlen(&plen, NULL((void*)0), NULL((void*)0), &inf, NULL((void*)0), &p, len,
1001 -1, 0, 0, NULL((void*)0))) {
1002 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1002,__func__), ERR_set_error)((13),((266|(0x2 << 18L)
)),((void*)0));
1003 return 0;
1004 }
1005 if (inf) {
1006 if (expected_eoc == UINT32_MAX(4294967295U)) {
1007 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1007,__func__), ERR_set_error)((13),((266|(0x2 << 18L)
)),((void*)0));
1008 return 0;
1009 }
1010 expected_eoc++;
1011 } else {
1012 p += plen;
1013 }
1014 len -= p - q;
1015 }
1016 if (expected_eoc) {
1017 ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1017,__func__), ERR_set_error)((13),(137),((void*)0));
1018 return 0;
1019 }
1020 *in = p;
1021 return 1;
1022}
1023
1024/*
1025 * This function collects the asn1 data from a constructed string type into
1026 * a buffer. The values of 'in' and 'len' should refer to the contents of the
1027 * constructed type and 'inf' should be set if it is indefinite length.
1028 */
1029
1030#ifndef ASN1_MAX_STRING_NEST5
1031/*
1032 * This determines how many levels of recursion are permitted in ASN1 string
1033 * types. If it is not limited stack overflows can occur. If set to zero no
1034 * recursion is allowed at all. Although zero should be adequate examples
1035 * exist that require a value of 1. So 5 should be more than enough.
1036 */
1037# define ASN1_MAX_STRING_NEST5 5
1038#endif
1039
1040static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
1041 char inf, int tag, int aclass, int depth)
1042{
1043 const unsigned char *p, *q;
1044 long plen;
1045 char cst, ininf;
1046 p = *in;
1047 inf &= 1;
1048 /*
1049 * If no buffer and not indefinite length constructed just pass over the
1050 * encoded data
1051 */
1052 if (!buf && !inf) {
1053 *in += len;
1054 return 1;
1055 }
1056 while (len > 0) {
1057 q = p;
1058 /* Check for EOC */
1059 if (asn1_check_eoc(&p, len)) {
1060 /*
1061 * EOC is illegal outside indefinite length constructed form
1062 */
1063 if (!inf) {
1064 ERR_raise(ERR_LIB_ASN1, ASN1_R_UNEXPECTED_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1064,__func__), ERR_set_error)((13),(159),((void*)0));
1065 return 0;
1066 }
1067 inf = 0;
1068 break;
1069 }
1070
1071 if (!asn1_check_tlen(&plen, NULL((void*)0), NULL((void*)0), &ininf, &cst, &p,
1072 len, tag, aclass, 0, NULL((void*)0))) {
1073 ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1073,__func__), ERR_set_error)((13),((266|(0x2 << 18L)
)),((void*)0));
1074 return 0;
1075 }
1076
1077 /* If indefinite length constructed update max length */
1078 if (cst) {
1079 if (depth >= ASN1_MAX_STRING_NEST5) {
1080 ERR_raise(ERR_LIB_ASN1, ASN1_R_NESTED_ASN1_STRING)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1080,__func__), ERR_set_error)((13),(197),((void*)0));
1081 return 0;
1082 }
1083 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass, depth + 1))
1084 return 0;
1085 } else if (plen && !collect_data(buf, &p, plen))
1086 return 0;
1087 len -= p - q;
1088 }
1089 if (inf) {
1090 ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_EOC)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1090,__func__), ERR_set_error)((13),(137),((void*)0));
1091 return 0;
1092 }
1093 *in = p;
1094 return 1;
1095}
1096
1097static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
1098{
1099 int len;
1100 if (buf) {
1101 len = buf->length;
1102 if (!BUF_MEM_grow_clean(buf, len + plen)) {
1103 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1103,__func__), ERR_set_error)((13),((256|((0x1 << 18L
)|(0x2 << 18L)))),((void*)0));
1104 return 0;
1105 }
1106 memcpy(buf->data + len, *p, plen);
1107 }
1108 *p += plen;
1109 return 1;
1110}
1111
1112/* Check for ASN1 EOC and swallow it if found */
1113
1114static int asn1_check_eoc(const unsigned char **in, long len)
1115{
1116 const unsigned char *p;
1117
1118 if (len < 2)
1119 return 0;
1120 p = *in;
1121 if (p[0] == '\0' && p[1] == '\0') {
1122 *in += 2;
1123 return 1;
1124 }
1125 return 0;
1126}
1127
1128/*
1129 * Check an ASN1 tag and length: a bit like ASN1_get_object but it sets the
1130 * length for indefinite length constructed form, we don't know the exact
1131 * length but we can set an upper bound to the amount of data available minus
1132 * the header length just read.
1133 */
1134
1135static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
1136 char *inf, char *cst,
1137 const unsigned char **in, long len,
1138 int exptag, int expclass, char opt, ASN1_TLC *ctx)
1139{
1140 int i;
1141 int ptag, pclass;
1142 long plen;
1143 const unsigned char *p, *q;
1144 p = *in;
1145 q = p;
1146
1147 if (len <= 0) {
1148 ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1148,__func__), ERR_set_error)((13),(224),((void*)0));
1149 goto err;
1150 }
1151 if (ctx != NULL((void*)0) && ctx->valid) {
1152 i = ctx->ret;
1153 plen = ctx->plen;
1154 pclass = ctx->pclass;
1155 ptag = ctx->ptag;
1156 p += ctx->hdrlen;
1157 } else {
1158 i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
1159 if (ctx != NULL((void*)0)) {
1160 ctx->ret = i;
1161 ctx->plen = plen;
1162 ctx->pclass = pclass;
1163 ctx->ptag = ptag;
1164 ctx->hdrlen = p - q;
1165 ctx->valid = 1;
1166 /*
1167 * If definite length, and no error, length + header can't exceed
1168 * total amount of data available.
1169 */
1170 if ((i & 0x81) == 0 && (plen + ctx->hdrlen) > len) {
1171 ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1171,__func__), ERR_set_error)((13),(155),((void*)0));
1172 goto err;
1173 }
1174 }
1175 }
1176
1177 if ((i & 0x80) != 0) {
1178 ERR_raise(ERR_LIB_ASN1, ASN1_R_BAD_OBJECT_HEADER)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1178,__func__), ERR_set_error)((13),(102),((void*)0));
1179 goto err;
1180 }
1181 if (exptag >= 0) {
1182 if (exptag != ptag || expclass != pclass) {
1183 /*
1184 * If type is OPTIONAL, not an error: indicate missing type.
1185 */
1186 if (opt != 0)
1187 return -1;
1188 ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_TAG)(ERR_new(), ERR_set_debug("../deps/openssl/openssl/crypto/asn1/tasn_dec.c"
,1188,__func__), ERR_set_error)((13),(168),((void*)0));
1189 goto err;
1190 }
1191 /*
1192 * We have a tag and class match: assume we are going to do something
1193 * with it
1194 */
1195 asn1_tlc_clear(ctx)do { if ((ctx) != ((void*)0)) (ctx)->valid = 0; } while (0
);
1196 }
1197
1198 if ((i & 1) != 0)
1199 plen = len - (p - q);
1200
1201 if (inf != NULL((void*)0))
1202 *inf = i & 1;
1203
1204 if (cst != NULL((void*)0))
1205 *cst = i & V_ASN1_CONSTRUCTED0x20;
1206
1207 if (olen != NULL((void*)0))
1208 *olen = plen;
1209
1210 if (oclass != NULL((void*)0))
1211 *oclass = pclass;
1212
1213 if (otag != NULL((void*)0))
1214 *otag = ptag;
1215
1216 *in = p;
1217 return 1;
1218
1219 err:
1220 asn1_tlc_clear(ctx)do { if ((ctx) != ((void*)0)) (ctx)->valid = 0; } while (0
);
1221 return 0;
1222}