1 /* Copyright (C) 1995-1998 Eric Young ([email protected]) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young ([email protected]). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson ([email protected]). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young ([email protected])" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson ([email protected])" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 58 #ifndef OPENSSL_HEADER_ASN1_H 59 #define OPENSSL_HEADER_ASN1_H 60 61 #include <openssl/base.h> 62 63 #include <time.h> 64 65 #include <openssl/bio.h> 66 #include <openssl/bn.h> 67 #include <openssl/stack.h> 68 69 #if defined(__cplusplus) 70 extern "C" { 71 #endif 72 73 74 // Legacy ASN.1 library. 75 // 76 // This header is part of OpenSSL's ASN.1 implementation. It is retained for 77 // compatibility but should not be used by new code. The functions are difficult 78 // to use correctly, and have buggy or non-standard behaviors. They are thus 79 // particularly prone to behavior changes and API removals, as BoringSSL 80 // iterates on these issues. 81 // 82 // Use the new |CBS| and |CBB| library in <openssl/bytestring.h> instead. 83 84 85 // Tag constants. 86 // 87 // These constants are used in various APIs to specify ASN.1 types and tag 88 // components. See the specific API's documentation for details on which values 89 // are used and how. 90 91 // The following constants are tag classes. 92 #define V_ASN1_UNIVERSAL 0x00 93 #define V_ASN1_APPLICATION 0x40 94 #define V_ASN1_CONTEXT_SPECIFIC 0x80 95 #define V_ASN1_PRIVATE 0xc0 96 97 // V_ASN1_CONSTRUCTED indicates an element is constructed, rather than 98 // primitive. 99 #define V_ASN1_CONSTRUCTED 0x20 100 101 // V_ASN1_PRIMITIVE_TAG is the highest tag number which can be encoded in a 102 // single byte. Note this is unrelated to whether an element is constructed or 103 // primitive. 104 // 105 // TODO(davidben): Make this private. 106 #define V_ASN1_PRIMITIVE_TAG 0x1f 107 108 // V_ASN1_MAX_UNIVERSAL is the highest supported universal tag number. It is 109 // necessary to avoid ambiguity with |V_ASN1_NEG| and |MBSTRING_FLAG|. 110 // 111 // TODO(davidben): Make this private. 112 #define V_ASN1_MAX_UNIVERSAL 0xff 113 114 // V_ASN1_UNDEF is used in some APIs to indicate an ASN.1 element is omitted. 115 #define V_ASN1_UNDEF (-1) 116 117 // V_ASN1_OTHER is used in |ASN1_TYPE| to indicate a non-universal ASN.1 type. 118 #define V_ASN1_OTHER (-3) 119 120 // V_ASN1_ANY is used by the ASN.1 templates to indicate an ANY type. 121 #define V_ASN1_ANY (-4) 122 123 // The following constants are tag numbers for universal types. 124 #define V_ASN1_EOC 0 125 #define V_ASN1_BOOLEAN 1 126 #define V_ASN1_INTEGER 2 127 #define V_ASN1_BIT_STRING 3 128 #define V_ASN1_OCTET_STRING 4 129 #define V_ASN1_NULL 5 130 #define V_ASN1_OBJECT 6 131 #define V_ASN1_OBJECT_DESCRIPTOR 7 132 #define V_ASN1_EXTERNAL 8 133 #define V_ASN1_REAL 9 134 #define V_ASN1_ENUMERATED 10 135 #define V_ASN1_UTF8STRING 12 136 #define V_ASN1_SEQUENCE 16 137 #define V_ASN1_SET 17 138 #define V_ASN1_NUMERICSTRING 18 139 #define V_ASN1_PRINTABLESTRING 19 140 #define V_ASN1_T61STRING 20 141 #define V_ASN1_TELETEXSTRING 20 142 #define V_ASN1_VIDEOTEXSTRING 21 143 #define V_ASN1_IA5STRING 22 144 #define V_ASN1_UTCTIME 23 145 #define V_ASN1_GENERALIZEDTIME 24 146 #define V_ASN1_GRAPHICSTRING 25 147 #define V_ASN1_ISO64STRING 26 148 #define V_ASN1_VISIBLESTRING 26 149 #define V_ASN1_GENERALSTRING 27 150 #define V_ASN1_UNIVERSALSTRING 28 151 #define V_ASN1_BMPSTRING 30 152 153 // The following constants are used for |ASN1_STRING| values that represent 154 // negative INTEGER and ENUMERATED values. See |ASN1_STRING| for more details. 155 #define V_ASN1_NEG 0x100 156 #define V_ASN1_NEG_INTEGER (V_ASN1_INTEGER | V_ASN1_NEG) 157 #define V_ASN1_NEG_ENUMERATED (V_ASN1_ENUMERATED | V_ASN1_NEG) 158 159 // The following constants are bitmask representations of ASN.1 types. 160 #define B_ASN1_NUMERICSTRING 0x0001 161 #define B_ASN1_PRINTABLESTRING 0x0002 162 #define B_ASN1_T61STRING 0x0004 163 #define B_ASN1_TELETEXSTRING 0x0004 164 #define B_ASN1_VIDEOTEXSTRING 0x0008 165 #define B_ASN1_IA5STRING 0x0010 166 #define B_ASN1_GRAPHICSTRING 0x0020 167 #define B_ASN1_ISO64STRING 0x0040 168 #define B_ASN1_VISIBLESTRING 0x0040 169 #define B_ASN1_GENERALSTRING 0x0080 170 #define B_ASN1_UNIVERSALSTRING 0x0100 171 #define B_ASN1_OCTET_STRING 0x0200 172 #define B_ASN1_BIT_STRING 0x0400 173 #define B_ASN1_BMPSTRING 0x0800 174 #define B_ASN1_UNKNOWN 0x1000 175 #define B_ASN1_UTF8STRING 0x2000 176 #define B_ASN1_UTCTIME 0x4000 177 #define B_ASN1_GENERALIZEDTIME 0x8000 178 #define B_ASN1_SEQUENCE 0x10000 179 180 // ASN1_tag2bit converts |tag| from the tag number of a universal type to a 181 // corresponding |B_ASN1_*| constant, |B_ASN1_UNKNOWN|, or zero. If the 182 // |B_ASN1_*| constant above is defined, it will map the corresponding 183 // |V_ASN1_*| constant to it. Otherwise, whether it returns |B_ASN1_UNKNOWN| or 184 // zero is ill-defined and callers should not rely on it. 185 // 186 // TODO(https://crbug.com/boringssl/412): Figure out what |B_ASN1_UNNOWN| vs 187 // zero is meant to be. The main impact is what values go in |B_ASN1_PRINTABLE|. 188 // To that end, we must return zero on types that can't go in |ASN1_STRING|. 189 OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag); 190 191 // ASN1_tag2str returns a string representation of |tag|, interpret as a tag 192 // number for a universal type, or |V_ASN1_NEG_*|. 193 OPENSSL_EXPORT const char *ASN1_tag2str(int tag); 194 195 196 // API conventions. 197 // 198 // The following sample functions document the calling conventions used by 199 // legacy ASN.1 APIs. 200 201 #if 0 // Sample functions 202 203 // d2i_SAMPLE parses a structure from up to |len| bytes at |*inp|. On success, 204 // it advances |*inp| by the number of bytes read and returns a newly-allocated 205 // |SAMPLE| object containing the parsed structure. If |out| is non-NULL, it 206 // additionally frees the previous value at |*out| and updates |*out| to the 207 // result. If parsing or allocating the result fails, it returns NULL. 208 // 209 // This function does not reject trailing data in the input. This allows the 210 // caller to parse a sequence of concatenated structures. Callers parsing only 211 // one structure should check for trailing data by comparing the updated |*inp| 212 // with the end of the input. 213 // 214 // Note: If |out| and |*out| are both non-NULL, the object at |*out| is not 215 // updated in-place. Instead, it is freed, and the pointer is updated to the 216 // new object. This differs from OpenSSL. Callers are recommended to set |out| 217 // to NULL and instead use the return value. 218 SAMPLE *d2i_SAMPLE(SAMPLE **out, const uint8_t **inp, long len); 219 220 // i2d_SAMPLE marshals |in|. On error, it returns a negative value. On success, 221 // it returns the length of the result and outputs it via |outp| as follows: 222 // 223 // If |outp| is NULL, the function writes nothing. This mode can be used to size 224 // buffers. 225 // 226 // If |outp| is non-NULL but |*outp| is NULL, the function sets |*outp| to a 227 // newly-allocated buffer containing the result. The caller is responsible for 228 // releasing |*outp| with |OPENSSL_free|. This mode is recommended for most 229 // callers. 230 // 231 // If |outp| and |*outp| are non-NULL, the function writes the result to 232 // |*outp|, which must have enough space available, and advances |*outp| just 233 // past the output. 234 // 235 // WARNING: In the third mode, the function does not internally check output 236 // bounds. Failing to correctly size the buffer will result in a potentially 237 // exploitable memory error. 238 int i2d_SAMPLE(const SAMPLE *in, uint8_t **outp); 239 240 #endif // Sample functions 241 242 // The following typedefs are sometimes used for pointers to functions like 243 // |d2i_SAMPLE| and |i2d_SAMPLE|. Note, however, that these act on |void*|. 244 // Calling a function with a different pointer type is undefined in C, so this 245 // is only valid with a wrapper. 246 typedef void *d2i_of_void(void **, const unsigned char **, long); 247 typedef int i2d_of_void(const void *, unsigned char **); 248 249 250 // ASN.1 types. 251 // 252 // An |ASN1_ITEM| represents an ASN.1 type and allows working with ASN.1 types 253 // generically. 254 // 255 // |ASN1_ITEM|s use a different namespace from C types and are accessed via 256 // |ASN1_ITEM_*| macros. So, for example, |ASN1_OCTET_STRING| is both a C type 257 // and the name of an |ASN1_ITEM|, referenced as 258 // |ASN1_ITEM_rptr(ASN1_OCTET_STRING)|. 259 // 260 // Each |ASN1_ITEM| has a corresponding C type, typically with the same name, 261 // which represents values in the ASN.1 type. This type is either a pointer type 262 // or |ASN1_BOOLEAN|. When it is a pointer, NULL pointers represent omitted 263 // values. For example, an OCTET STRING value is declared with the C type 264 // |ASN1_OCTET_STRING*| and uses the |ASN1_ITEM| named |ASN1_OCTET_STRING|. An 265 // OPTIONAL OCTET STRING uses the same C type and represents an omitted value 266 // with a NULL pointer. |ASN1_BOOLEAN| is described in a later section. 267 268 // DECLARE_ASN1_ITEM declares an |ASN1_ITEM| with name |name|. The |ASN1_ITEM| 269 // may be referenced with |ASN1_ITEM_rptr|. Uses of this macro should document 270 // the corresponding ASN.1 and C types. 271 #define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it; 272 273 // ASN1_ITEM_rptr returns the |const ASN1_ITEM *| named |name|. 274 #define ASN1_ITEM_rptr(name) (&(name##_it)) 275 276 // ASN1_ITEM_EXP is an abstraction for referencing an |ASN1_ITEM| in a 277 // constant-initialized structure, such as a method table. It exists because, on 278 // some OpenSSL platforms, |ASN1_ITEM| references are indirected through 279 // functions. Structures reference the |ASN1_ITEM| by declaring a field like 280 // |ASN1_ITEM_EXP *item| and initializing it with |ASN1_ITEM_ref|. 281 typedef const ASN1_ITEM ASN1_ITEM_EXP; 282 283 // ASN1_ITEM_ref returns an |ASN1_ITEM_EXP*| for the |ASN1_ITEM| named |name|. 284 #define ASN1_ITEM_ref(name) (&(name##_it)) 285 286 // ASN1_ITEM_ptr converts |iptr|, which must be an |ASN1_ITEM_EXP*| to a 287 // |const ASN1_ITEM*|. 288 #define ASN1_ITEM_ptr(iptr) (iptr) 289 290 // ASN1_VALUE_st (aka |ASN1_VALUE|) is an opaque type used as a placeholder for 291 // the C type corresponding to an |ASN1_ITEM|. 292 typedef struct ASN1_VALUE_st ASN1_VALUE; 293 294 // ASN1_item_new allocates a new value of the C type corresponding to |it|, or 295 // NULL on error. On success, the caller must release the value with 296 // |ASN1_item_free|, or the corresponding C type's free function, when done. The 297 // new value will initialize fields of the value to some default state, such as 298 // an empty string. Note, however, that this default state sometimes omits 299 // required values, such as with CHOICE types. 300 // 301 // This function may not be used with |ASN1_ITEM|s whose C type is 302 // |ASN1_BOOLEAN|. 303 // 304 // WARNING: Casting the result of this function to the wrong type is a 305 // potentially exploitable memory error. Callers must ensure the value is used 306 // consistently with |it|. Prefer using type-specific functions such as 307 // |ASN1_OCTET_STRING_new|. 308 OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); 309 310 // ASN1_item_free releases memory associated with |val|, which must be an object 311 // of the C type corresponding to |it|. 312 // 313 // This function may not be used with |ASN1_ITEM|s whose C type is 314 // |ASN1_BOOLEAN|. 315 // 316 // WARNING: Passing a pointer of the wrong type into this function is a 317 // potentially exploitable memory error. Callers must ensure |val| is consistent 318 // with |it|. Prefer using type-specific functions such as 319 // |ASN1_OCTET_STRING_free|. 320 OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); 321 322 // ASN1_item_d2i parses the ASN.1 type |it| from up to |len| bytes at |*inp|. 323 // It behaves like |d2i_SAMPLE|, except that |out| and the return value are cast 324 // to |ASN1_VALUE| pointers. 325 // 326 // TODO(https://crbug.com/boringssl/444): C strict aliasing forbids type-punning 327 // |T*| and |ASN1_VALUE*| the way this function signature does. When that bug is 328 // resolved, we will need to pick which type |*out| is (probably |T*|). Do not 329 // use a non-NULL |out| to avoid ending up on the wrong side of this question. 330 // 331 // This function may not be used with |ASN1_ITEM|s whose C type is 332 // |ASN1_BOOLEAN|. 333 // 334 // WARNING: Casting the result of this function to the wrong type, or passing a 335 // pointer of the wrong type into this function, are potentially exploitable 336 // memory errors. Callers must ensure |out| is consistent with |it|. Prefer 337 // using type-specific functions such as |d2i_ASN1_OCTET_STRING|. 338 OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **out, 339 const unsigned char **inp, long len, 340 const ASN1_ITEM *it); 341 342 // ASN1_item_i2d marshals |val| as the ASN.1 type associated with |it|, as 343 // described in |i2d_SAMPLE|. 344 // 345 // This function may not be used with |ASN1_ITEM|s whose C type is 346 // |ASN1_BOOLEAN|. 347 // 348 // WARNING: Passing a pointer of the wrong type into this function is a 349 // potentially exploitable memory error. Callers must ensure |val| is consistent 350 // with |it|. Prefer using type-specific functions such as 351 // |i2d_ASN1_OCTET_STRING|. 352 OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **outp, 353 const ASN1_ITEM *it); 354 355 // ASN1_item_dup returns a newly-allocated copy of |x|, or NULL on error. |x| 356 // must be an object of |it|'s C type. 357 // 358 // This function may not be used with |ASN1_ITEM|s whose C type is 359 // |ASN1_BOOLEAN|. 360 // 361 // WARNING: Casting the result of this function to the wrong type, or passing a 362 // pointer of the wrong type into this function, are potentially exploitable 363 // memory errors. Prefer using type-specific functions such as 364 // |ASN1_STRING_dup|. 365 OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x); 366 367 // The following functions behave like |ASN1_item_d2i| but read from |in| 368 // instead. |out| is the same parameter as in |ASN1_item_d2i|, but written with 369 // |void*| instead. The return values similarly match. 370 // 371 // These functions may not be used with |ASN1_ITEM|s whose C type is 372 // |ASN1_BOOLEAN|. 373 // 374 // WARNING: These functions do not bound how much data is read from |in|. 375 // Parsing an untrusted input could consume unbounded memory. 376 OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *out); 377 OPENSSL_EXPORT void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *out); 378 379 // The following functions behave like |ASN1_item_i2d| but write to |out| 380 // instead. |in| is the same parameter as in |ASN1_item_i2d|, but written with 381 // |void*| instead. 382 // 383 // These functions may not be used with |ASN1_ITEM|s whose C type is 384 // |ASN1_BOOLEAN|. 385 OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *in); 386 OPENSSL_EXPORT int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *in); 387 388 // ASN1_item_unpack parses |oct|'s contents as |it|'s ASN.1 type. It returns a 389 // newly-allocated instance of |it|'s C type on success, or NULL on error. 390 // 391 // This function may not be used with |ASN1_ITEM|s whose C type is 392 // |ASN1_BOOLEAN|. 393 // 394 // WARNING: Casting the result of this function to the wrong type is a 395 // potentially exploitable memory error. Callers must ensure the value is used 396 // consistently with |it|. 397 OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, 398 const ASN1_ITEM *it); 399 400 // ASN1_item_pack marshals |obj| as |it|'s ASN.1 type. If |out| is NULL, it 401 // returns a newly-allocated |ASN1_STRING| with the result, or NULL on error. 402 // If |out| is non-NULL, but |*out| is NULL, it does the same but additionally 403 // sets |*out| to the result. If both |out| and |*out| are non-NULL, it writes 404 // the result to |*out| and returns |*out| on success or NULL on error. 405 // 406 // This function may not be used with |ASN1_ITEM|s whose C type is 407 // |ASN1_BOOLEAN|. 408 // 409 // WARNING: Passing a pointer of the wrong type into this function is a 410 // potentially exploitable memory error. Callers must ensure |val| is consistent 411 // with |it|. 412 OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, 413 ASN1_STRING **out); 414 415 416 // Booleans. 417 // 418 // This library represents ASN.1 BOOLEAN values with |ASN1_BOOLEAN|, which is an 419 // integer type. FALSE is zero, TRUE is 0xff, and an omitted OPTIONAL BOOLEAN is 420 // -1. 421 422 // ASN1_BOOLEAN_FALSE is FALSE as an |ASN1_BOOLEAN|. 423 #define ASN1_BOOLEAN_FALSE 0 424 425 // ASN1_BOOLEAN_TRUE is TRUE as an |ASN1_BOOLEAN|. Some code incorrectly uses 426 // 1, so prefer |b != ASN1_BOOLEAN_FALSE| over |b == ASN1_BOOLEAN_TRUE|. 427 #define ASN1_BOOLEAN_TRUE 0xff 428 429 // ASN1_BOOLEAN_NONE, in contexts where the |ASN1_BOOLEAN| represents an 430 // OPTIONAL BOOLEAN, is an omitted value. Using this value in other contexts is 431 // undefined and may be misinterpreted as TRUE. 432 #define ASN1_BOOLEAN_NONE (-1) 433 434 // d2i_ASN1_BOOLEAN parses a DER-encoded ASN.1 BOOLEAN from up to |len| bytes at 435 // |*inp|. On success, it advances |*inp| by the number of bytes read and 436 // returns the result. If |out| is non-NULL, it additionally writes the result 437 // to |*out|. On error, it returns |ASN1_BOOLEAN_NONE|. 438 // 439 // This function does not reject trailing data in the input. This allows the 440 // caller to parse a sequence of concatenated structures. Callers parsing only 441 // one structure should check for trailing data by comparing the updated |*inp| 442 // with the end of the input. 443 // 444 // WARNING: This function's is slightly different from other |d2i_*| functions 445 // because |ASN1_BOOLEAN| is not a pointer type. 446 OPENSSL_EXPORT ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *out, 447 const unsigned char **inp, 448 long len); 449 450 // i2d_ASN1_BOOLEAN marshals |a| as a DER-encoded ASN.1 BOOLEAN, as described in 451 // |i2d_SAMPLE|. 452 OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **outp); 453 454 // The following |ASN1_ITEM|s have ASN.1 type BOOLEAN and C type |ASN1_BOOLEAN|. 455 // |ASN1_TBOOLEAN| and |ASN1_FBOOLEAN| must be marked OPTIONAL. When omitted, 456 // they are parsed as TRUE and FALSE, respectively, rather than 457 // |ASN1_BOOLEAN_NONE|. 458 DECLARE_ASN1_ITEM(ASN1_BOOLEAN) 459 DECLARE_ASN1_ITEM(ASN1_TBOOLEAN) 460 DECLARE_ASN1_ITEM(ASN1_FBOOLEAN) 461 462 463 // Strings. 464 // 465 // ASN.1 contains a myriad of string types, as well as types that contain data 466 // that may be encoded into a string. This library uses a single type, 467 // |ASN1_STRING|, to represent most values. 468 469 // An asn1_string_st (aka |ASN1_STRING|) represents a value of a string-like 470 // ASN.1 type. It contains a |type| field, and a byte string |data| field with a 471 // type-specific representation. 472 // 473 // If |type| is one of |V_ASN1_OCTET_STRING|, |V_ASN1_UTF8STRING|, 474 // |V_ASN1_NUMERICSTRING|, |V_ASN1_PRINTABLESTRING|, |V_ASN1_T61STRING|, 475 // |V_ASN1_VIDEOTEXSTRING|, |V_ASN1_IA5STRING|, |V_ASN1_GRAPHICSTRING|, 476 // |V_ASN1_ISO64STRING|, |V_ASN1_VISIBLESTRING|, |V_ASN1_GENERALSTRING|, 477 // |V_ASN1_UNIVERSALSTRING|, or |V_ASN1_BMPSTRING|, the object represents an 478 // ASN.1 string type. The data contains the byte representation of the 479 // string. 480 // 481 // If |type| is |V_ASN1_BIT_STRING|, the object represents a BIT STRING value. 482 // See bit string documentation below for the data and flags. 483 // 484 // If |type| is one of |V_ASN1_INTEGER|, |V_ASN1_NEG_INTEGER|, 485 // |V_ASN1_ENUMERATED|, or |V_ASN1_NEG_ENUMERATED|, the object represents an 486 // INTEGER or ENUMERATED value. See integer documentation below for details. 487 // 488 // If |type| is |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, the object 489 // represents a GeneralizedTime or UTCTime value, respectively. The data 490 // contains the DER encoding of the value. For example, the UNIX epoch would be 491 // "19700101000000Z" for a GeneralizedTime and "700101000000Z" for a UTCTime. 492 // 493 // If |type| is |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or |V_ASN1_OTHER|, the object 494 // represents a SEQUENCE, SET, or arbitrary ASN.1 value, respectively. Unlike 495 // the above cases, the data contains the DER encoding of the entire structure, 496 // including the header. If the value is explicitly or implicitly tagged, this 497 // too will be reflected in the data field. As this case handles unknown types, 498 // the contents are not checked when parsing or serializing. 499 // 500 // Other values of |type| do not represent a valid ASN.1 value, though 501 // default-constructed objects may set |type| to -1. Such objects cannot be 502 // serialized. 503 // 504 // |ASN1_STRING| additionally has the following typedefs: |ASN1_BIT_STRING|, 505 // |ASN1_BMPSTRING|, |ASN1_ENUMERATED|, |ASN1_GENERALIZEDTIME|, 506 // |ASN1_GENERALSTRING|, |ASN1_IA5STRING|, |ASN1_INTEGER|, |ASN1_OCTET_STRING|, 507 // |ASN1_PRINTABLESTRING|, |ASN1_T61STRING|, |ASN1_TIME|, 508 // |ASN1_UNIVERSALSTRING|, |ASN1_UTCTIME|, |ASN1_UTF8STRING|, and 509 // |ASN1_VISIBLESTRING|. Other than |ASN1_TIME|, these correspond to universal 510 // ASN.1 types. |ASN1_TIME| represents a CHOICE of UTCTime and GeneralizedTime, 511 // with a cutoff of 2049, as used in Section 4.1.2.5 of RFC 5280. 512 // 513 // For clarity, callers are encouraged to use the appropriate typedef when 514 // available. They are the same type as |ASN1_STRING|, so a caller may freely 515 // pass them into functions expecting |ASN1_STRING|, such as 516 // |ASN1_STRING_length|. 517 // 518 // If a function returns an |ASN1_STRING| where the typedef or ASN.1 structure 519 // implies constraints on |type|, callers may assume that |type| is correct. 520 // However, if a function takes an |ASN1_STRING| as input, callers must ensure 521 // |type| matches. These invariants are not captured by the C type system and 522 // may not be checked at runtime. For example, callers may assume the output of 523 // |X509_get0_serialNumber| has type |V_ASN1_INTEGER| or |V_ASN1_NEG_INTEGER|. 524 // Callers must not pass a string of type |V_ASN1_OCTET_STRING| to 525 // |X509_set_serialNumber|. Doing so may break invariants on the |X509| object 526 // and break the |X509_get0_serialNumber| invariant. 527 // 528 // TODO(https://crbug.com/boringssl/445): This is very unfriendly. Getting the 529 // type field wrong should not cause memory errors, but it may do strange 530 // things. We should add runtime checks to anything that consumes |ASN1_STRING|s 531 // from the caller. 532 struct asn1_string_st { 533 int length; 534 int type; 535 unsigned char *data; 536 long flags; 537 }; 538 539 // ASN1_STRING_FLAG_BITS_LEFT indicates, in a BIT STRING |ASN1_STRING|, that 540 // flags & 0x7 contains the number of padding bits added to the BIT STRING 541 // value. When not set, all trailing zero bits in the last byte are implicitly 542 // treated as padding. This behavior is deprecated and should not be used. 543 #define ASN1_STRING_FLAG_BITS_LEFT 0x08 544 545 // ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of 546 // type |type|, or NULL on error. 547 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type); 548 549 // ASN1_STRING_new returns a newly-allocated empty |ASN1_STRING| object with an 550 // arbitrary type. Prefer one of the type-specific constructors, such as 551 // |ASN1_OCTET_STRING_new|, or |ASN1_STRING_type_new|. 552 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); 553 554 // ASN1_STRING_free releases memory associated with |str|. 555 OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); 556 557 // ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and 558 // zero on error. 559 OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); 560 561 // ASN1_STRING_dup returns a newly-allocated copy of |str|, or NULL on error. 562 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str); 563 564 // ASN1_STRING_type returns the type of |str|. This value will be one of the 565 // |V_ASN1_*| constants. 566 OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str); 567 568 // ASN1_STRING_get0_data returns a pointer to |str|'s contents. Callers should 569 // use |ASN1_STRING_length| to determine the length of the string. The string 570 // may have embedded NUL bytes and may not be NUL-terminated. 571 OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( 572 const ASN1_STRING *str); 573 574 // ASN1_STRING_data returns a mutable pointer to |str|'s contents. Callers 575 // should use |ASN1_STRING_length| to determine the length of the string. The 576 // string may have embedded NUL bytes and may not be NUL-terminated. 577 // 578 // Prefer |ASN1_STRING_get0_data|. 579 OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); 580 581 // ASN1_STRING_length returns the length of |str|, in bytes. 582 OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); 583 584 // ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an 585 // integer equal to, less than, or greater than zero if |a| is equal to, less 586 // than, or greater than |b|, respectively. This function compares by length, 587 // then data, then type. Note the data compared is the |ASN1_STRING| internal 588 // representation and the type order is arbitrary. While this comparison is 589 // suitable for sorting, callers should not rely on the exact order when |a| 590 // and |b| are different types. 591 // 592 // Note that, if |a| and |b| are INTEGERs, this comparison does not order the 593 // values numerically. For a numerical comparison, use |ASN1_INTEGER_cmp|. 594 OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); 595 596 // ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from 597 // |data|. It returns one on success and zero on error. If |data| is NULL, it 598 // updates the length and allocates the buffer as needed, but does not 599 // initialize the contents. 600 OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, 601 ossl_ssize_t len); 602 603 // ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It 604 // takes ownership of |data|, which must have been allocated with 605 // |OPENSSL_malloc|. 606 OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); 607 608 // The following functions call |ASN1_STRING_type_new| with the corresponding 609 // |V_ASN1_*| constant. 610 OPENSSL_EXPORT ASN1_BMPSTRING *ASN1_BMPSTRING_new(void); 611 OPENSSL_EXPORT ASN1_GENERALSTRING *ASN1_GENERALSTRING_new(void); 612 OPENSSL_EXPORT ASN1_IA5STRING *ASN1_IA5STRING_new(void); 613 OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_new(void); 614 OPENSSL_EXPORT ASN1_PRINTABLESTRING *ASN1_PRINTABLESTRING_new(void); 615 OPENSSL_EXPORT ASN1_T61STRING *ASN1_T61STRING_new(void); 616 OPENSSL_EXPORT ASN1_UNIVERSALSTRING *ASN1_UNIVERSALSTRING_new(void); 617 OPENSSL_EXPORT ASN1_UTF8STRING *ASN1_UTF8STRING_new(void); 618 OPENSSL_EXPORT ASN1_VISIBLESTRING *ASN1_VISIBLESTRING_new(void); 619 620 // The following functions call |ASN1_STRING_free|. 621 OPENSSL_EXPORT void ASN1_BMPSTRING_free(ASN1_BMPSTRING *str); 622 OPENSSL_EXPORT void ASN1_GENERALSTRING_free(ASN1_GENERALSTRING *str); 623 OPENSSL_EXPORT void ASN1_IA5STRING_free(ASN1_IA5STRING *str); 624 OPENSSL_EXPORT void ASN1_OCTET_STRING_free(ASN1_OCTET_STRING *str); 625 OPENSSL_EXPORT void ASN1_PRINTABLESTRING_free(ASN1_PRINTABLESTRING *str); 626 OPENSSL_EXPORT void ASN1_T61STRING_free(ASN1_T61STRING *str); 627 OPENSSL_EXPORT void ASN1_UNIVERSALSTRING_free(ASN1_UNIVERSALSTRING *str); 628 OPENSSL_EXPORT void ASN1_UTF8STRING_free(ASN1_UTF8STRING *str); 629 OPENSSL_EXPORT void ASN1_VISIBLESTRING_free(ASN1_VISIBLESTRING *str); 630 631 // The following functions parse up to |len| bytes from |*inp| as a 632 // DER-encoded ASN.1 value of the corresponding type, as described in 633 // |d2i_SAMPLE|. 634 OPENSSL_EXPORT ASN1_BMPSTRING *d2i_ASN1_BMPSTRING(ASN1_BMPSTRING **out, 635 const uint8_t **inp, 636 long len); 637 OPENSSL_EXPORT ASN1_GENERALSTRING *d2i_ASN1_GENERALSTRING( 638 ASN1_GENERALSTRING **out, const uint8_t **inp, long len); 639 OPENSSL_EXPORT ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **out, 640 const uint8_t **inp, 641 long len); 642 OPENSSL_EXPORT ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **out, 643 const uint8_t **inp, 644 long len); 645 OPENSSL_EXPORT ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING( 646 ASN1_PRINTABLESTRING **out, const uint8_t **inp, long len); 647 OPENSSL_EXPORT ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **out, 648 const uint8_t **inp, 649 long len); 650 OPENSSL_EXPORT ASN1_UNIVERSALSTRING *d2i_ASN1_UNIVERSALSTRING( 651 ASN1_UNIVERSALSTRING **out, const uint8_t **inp, long len); 652 OPENSSL_EXPORT ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **out, 653 const uint8_t **inp, 654 long len); 655 OPENSSL_EXPORT ASN1_VISIBLESTRING *d2i_ASN1_VISIBLESTRING( 656 ASN1_VISIBLESTRING **out, const uint8_t **inp, long len); 657 658 // The following functions marshal |in| as a DER-encoded ASN.1 value of the 659 // corresponding type, as described in |i2d_SAMPLE|. 660 OPENSSL_EXPORT int i2d_ASN1_BMPSTRING(const ASN1_BMPSTRING *in, uint8_t **outp); 661 OPENSSL_EXPORT int i2d_ASN1_GENERALSTRING(const ASN1_GENERALSTRING *in, 662 uint8_t **outp); 663 OPENSSL_EXPORT int i2d_ASN1_IA5STRING(const ASN1_IA5STRING *in, uint8_t **outp); 664 OPENSSL_EXPORT int i2d_ASN1_OCTET_STRING(const ASN1_OCTET_STRING *in, 665 uint8_t **outp); 666 OPENSSL_EXPORT int i2d_ASN1_PRINTABLESTRING(const ASN1_PRINTABLESTRING *in, 667 uint8_t **outp); 668 OPENSSL_EXPORT int i2d_ASN1_T61STRING(const ASN1_T61STRING *in, uint8_t **outp); 669 OPENSSL_EXPORT int i2d_ASN1_UNIVERSALSTRING(const ASN1_UNIVERSALSTRING *in, 670 uint8_t **outp); 671 OPENSSL_EXPORT int i2d_ASN1_UTF8STRING(const ASN1_UTF8STRING *in, 672 uint8_t **outp); 673 OPENSSL_EXPORT int i2d_ASN1_VISIBLESTRING(const ASN1_VISIBLESTRING *in, 674 uint8_t **outp); 675 676 // The following |ASN1_ITEM|s have the ASN.1 type referred to in their name and 677 // C type |ASN1_STRING*|. The C type may also be written as the corresponding 678 // typedef. 679 DECLARE_ASN1_ITEM(ASN1_BMPSTRING) 680 DECLARE_ASN1_ITEM(ASN1_GENERALSTRING) 681 DECLARE_ASN1_ITEM(ASN1_IA5STRING) 682 DECLARE_ASN1_ITEM(ASN1_OCTET_STRING) 683 DECLARE_ASN1_ITEM(ASN1_PRINTABLESTRING) 684 DECLARE_ASN1_ITEM(ASN1_T61STRING) 685 DECLARE_ASN1_ITEM(ASN1_UNIVERSALSTRING) 686 DECLARE_ASN1_ITEM(ASN1_UTF8STRING) 687 DECLARE_ASN1_ITEM(ASN1_VISIBLESTRING) 688 689 // ASN1_OCTET_STRING_dup calls |ASN1_STRING_dup|. 690 OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup( 691 const ASN1_OCTET_STRING *a); 692 693 // ASN1_OCTET_STRING_cmp calls |ASN1_STRING_cmp|. 694 OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, 695 const ASN1_OCTET_STRING *b); 696 697 // ASN1_OCTET_STRING_set calls |ASN1_STRING_set|. 698 OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, 699 const unsigned char *data, int len); 700 701 // ASN1_STRING_to_UTF8 converts |in| to UTF-8. On success, sets |*out| to a 702 // newly-allocated buffer containing the resulting string and returns the length 703 // of the string. The caller must call |OPENSSL_free| to release |*out| when 704 // done. On error, it returns a negative number. 705 OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out, 706 const ASN1_STRING *in); 707 708 // The following formats define encodings for use with functions like 709 // |ASN1_mbstring_copy|. Note |MBSTRING_ASC| refers to Latin-1, not ASCII. 710 #define MBSTRING_FLAG 0x1000 711 #define MBSTRING_UTF8 (MBSTRING_FLAG) 712 #define MBSTRING_ASC (MBSTRING_FLAG | 1) 713 #define MBSTRING_BMP (MBSTRING_FLAG | 2) 714 #define MBSTRING_UNIV (MBSTRING_FLAG | 4) 715 716 // DIRSTRING_TYPE contains the valid string types in an X.509 DirectoryString. 717 #define DIRSTRING_TYPE \ 718 (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | \ 719 B_ASN1_UTF8STRING) 720 721 // PKCS9STRING_TYPE contains the valid string types in a PKCS9String. 722 #define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING) 723 724 // ASN1_mbstring_copy converts |len| bytes from |in| to an ASN.1 string. If 725 // |len| is -1, |in| must be NUL-terminated and the length is determined by 726 // |strlen|. |in| is decoded according to |inform|, which must be one of 727 // |MBSTRING_*|. |mask| determines the set of valid output types and is a 728 // bitmask containing a subset of |B_ASN1_PRINTABLESTRING|, |B_ASN1_IA5STRING|, 729 // |B_ASN1_T61STRING|, |B_ASN1_BMPSTRING|, |B_ASN1_UNIVERSALSTRING|, and 730 // |B_ASN1_UTF8STRING|, in that preference order. This function chooses the 731 // first output type in |mask| which can represent |in|. It interprets T61String 732 // as Latin-1, rather than T.61. 733 // 734 // If |mask| is zero, |DIRSTRING_TYPE| is used by default. 735 // 736 // On success, this function returns the |V_ASN1_*| constant corresponding to 737 // the selected output type and, if |out| and |*out| are both non-NULL, updates 738 // the object at |*out| with the result. If |out| is non-NULL and |*out| is 739 // NULL, it instead sets |*out| to a newly-allocated |ASN1_STRING| containing 740 // the result. If |out| is NULL, it returns the selected output type without 741 // constructing an |ASN1_STRING|. On error, this function returns -1. 742 OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out, const uint8_t *in, 743 ossl_ssize_t len, int inform, 744 unsigned long mask); 745 746 // ASN1_mbstring_ncopy behaves like |ASN1_mbstring_copy| but returns an error if 747 // the input is less than |minsize| or greater than |maxsize| codepoints long. A 748 // |maxsize| value of zero is ignored. Note the sizes are measured in 749 // codepoints, not output bytes. 750 OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, const uint8_t *in, 751 ossl_ssize_t len, int inform, 752 unsigned long mask, ossl_ssize_t minsize, 753 ossl_ssize_t maxsize); 754 755 // ASN1_STRING_set_by_NID behaves like |ASN1_mbstring_ncopy|, but determines 756 // |mask|, |minsize|, and |maxsize| based on |nid|. When |nid| is a recognized 757 // X.509 attribute type, it will pick a suitable ASN.1 string type and bounds. 758 // For most attribute types, it preferentially chooses UTF8String. If |nid| is 759 // unrecognized, it uses UTF8String by default. 760 // 761 // Slightly unlike |ASN1_mbstring_ncopy|, this function interprets |out| and 762 // returns its result as follows: If |out| is NULL, it returns a newly-allocated 763 // |ASN1_STRING| containing the result. If |out| is non-NULL and 764 // |*out| is NULL, it additionally sets |*out| to the result. If both |out| and 765 // |*out| are non-NULL, it instead updates the object at |*out| and returns 766 // |*out|. In all cases, it returns NULL on error. 767 // 768 // This function supports the following NIDs: |NID_countryName|, 769 // |NID_dnQualifier|, |NID_domainComponent|, |NID_friendlyName|, 770 // |NID_givenName|, |NID_initials|, |NID_localityName|, |NID_ms_csp_name|, 771 // |NID_name|, |NID_organizationalUnitName|, |NID_organizationName|, 772 // |NID_pkcs9_challengePassword|, |NID_pkcs9_emailAddress|, 773 // |NID_pkcs9_unstructuredAddress|, |NID_pkcs9_unstructuredName|, 774 // |NID_serialNumber|, |NID_stateOrProvinceName|, and |NID_surname|. Additional 775 // NIDs may be registered with |ASN1_STRING_set_by_NID|, but it is recommended 776 // to call |ASN1_mbstring_ncopy| directly instead. 777 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 778 const unsigned char *in, 779 ossl_ssize_t len, int inform, 780 int nid); 781 782 // STABLE_NO_MASK causes |ASN1_STRING_TABLE_add| to allow types other than 783 // UTF8String. 784 #define STABLE_NO_MASK 0x02 785 786 // ASN1_STRING_TABLE_add registers the corresponding parameters with |nid|, for 787 // use with |ASN1_STRING_set_by_NID|. It returns one on success and zero on 788 // error. It is an error to call this function if |nid| is a built-in NID, or 789 // was already registered by a previous call. 790 // 791 // WARNING: This function affects global state in the library. If two libraries 792 // in the same address space register information for the same OID, one call 793 // will fail. Prefer directly passing the desired parametrs to 794 // |ASN1_mbstring_copy| or |ASN1_mbstring_ncopy| instead. 795 OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int nid, long minsize, long maxsize, 796 unsigned long mask, 797 unsigned long flags); 798 799 800 // Multi-strings. 801 // 802 // A multi-string, or "MSTRING", is an |ASN1_STRING| that represents a CHOICE of 803 // several string or string-like types, such as X.509's DirectoryString. The 804 // |ASN1_STRING|'s type field determines which type is used. 805 // 806 // Multi-string types are associated with a bitmask, using the |B_ASN1_*| 807 // constants, which defines which types are valid. 808 809 // B_ASN1_DIRECTORYSTRING is a bitmask of types allowed in an X.509 810 // DirectoryString (RFC 5280). 811 #define B_ASN1_DIRECTORYSTRING \ 812 (B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | \ 813 B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING) 814 815 // DIRECTORYSTRING_new returns a newly-allocated |ASN1_STRING| with type -1, or 816 // NULL on error. The resulting |ASN1_STRING| is not a valid X.509 817 // DirectoryString until initialized with a value. 818 OPENSSL_EXPORT ASN1_STRING *DIRECTORYSTRING_new(void); 819 820 // DIRECTORYSTRING_free calls |ASN1_STRING_free|. 821 OPENSSL_EXPORT void DIRECTORYSTRING_free(ASN1_STRING *str); 822 823 // d2i_DIRECTORYSTRING parses up to |len| bytes from |*inp| as a DER-encoded 824 // X.509 DirectoryString (RFC 5280), as described in |d2i_SAMPLE|. 825 // 826 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 827 // BER, but this will be removed in the future. 828 // 829 // TODO(https://crbug.com/boringssl/449): DirectoryString's non-empty string 830 // requirement is not currently enforced. 831 OPENSSL_EXPORT ASN1_STRING *d2i_DIRECTORYSTRING(ASN1_STRING **out, 832 const uint8_t **inp, long len); 833 834 // i2d_DIRECTORYSTRING marshals |in| as a DER-encoded X.509 DirectoryString (RFC 835 // 5280), as described in |i2d_SAMPLE|. 836 OPENSSL_EXPORT int i2d_DIRECTORYSTRING(const ASN1_STRING *in, uint8_t **outp); 837 838 // DIRECTORYSTRING is an |ASN1_ITEM| whose ASN.1 type is X.509 DirectoryString 839 // (RFC 5280) and C type is |ASN1_STRING*|. 840 DECLARE_ASN1_ITEM(DIRECTORYSTRING) 841 842 // B_ASN1_DISPLAYTEXT is a bitmask of types allowed in an X.509 DisplayText (RFC 843 // 5280). 844 #define B_ASN1_DISPLAYTEXT \ 845 (B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | \ 846 B_ASN1_UTF8STRING) 847 848 // DISPLAYTEXT_new returns a newly-allocated |ASN1_STRING| with type -1, or NULL 849 // on error. The resulting |ASN1_STRING| is not a valid X.509 DisplayText until 850 // initialized with a value. 851 OPENSSL_EXPORT ASN1_STRING *DISPLAYTEXT_new(void); 852 853 // DISPLAYTEXT_free calls |ASN1_STRING_free|. 854 OPENSSL_EXPORT void DISPLAYTEXT_free(ASN1_STRING *str); 855 856 // d2i_DISPLAYTEXT parses up to |len| bytes from |*inp| as a DER-encoded X.509 857 // DisplayText (RFC 5280), as described in |d2i_SAMPLE|. 858 // 859 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 860 // BER, but this will be removed in the future. 861 // 862 // TODO(https://crbug.com/boringssl/449): DisplayText's size limits are not 863 // currently enforced. 864 OPENSSL_EXPORT ASN1_STRING *d2i_DISPLAYTEXT(ASN1_STRING **out, 865 const uint8_t **inp, long len); 866 867 // i2d_DISPLAYTEXT marshals |in| as a DER-encoded X.509 DisplayText (RFC 5280), 868 // as described in |i2d_SAMPLE|. 869 OPENSSL_EXPORT int i2d_DISPLAYTEXT(const ASN1_STRING *in, uint8_t **outp); 870 871 // DISPLAYTEXT is an |ASN1_ITEM| whose ASN.1 type is X.509 DisplayText (RFC 872 // 5280) and C type is |ASN1_STRING*|. 873 DECLARE_ASN1_ITEM(DISPLAYTEXT) 874 875 876 // Bit strings. 877 // 878 // An ASN.1 BIT STRING type represents a string of bits. The string may not 879 // necessarily be a whole number of bytes. BIT STRINGs occur in ASN.1 structures 880 // in several forms: 881 // 882 // Some BIT STRINGs represent a bitmask of named bits, such as the X.509 key 883 // usage extension in RFC 5280, section 4.2.1.3. For such bit strings, DER 884 // imposes an additional restriction that trailing zero bits are removed. Some 885 // functions like |ASN1_BIT_STRING_set_bit| help in maintaining this. 886 // 887 // Other BIT STRINGs are arbitrary strings of bits used as identifiers and do 888 // not have this constraint, such as the X.509 issuerUniqueID field. 889 // 890 // Finally, some structures use BIT STRINGs as a container for byte strings. For 891 // example, the signatureValue field in X.509 and the subjectPublicKey field in 892 // SubjectPublicKeyInfo are defined as BIT STRINGs with a value specific to the 893 // AlgorithmIdentifier. While some unknown algorithm could choose to store 894 // arbitrary bit strings, all supported algorithms use a byte string, with bit 895 // order matching the DER encoding. Callers interpreting a BIT STRING as a byte 896 // string should use |ASN1_BIT_STRING_num_bytes| instead of |ASN1_STRING_length| 897 // and reject bit strings that are not a whole number of bytes. 898 // 899 // This library represents BIT STRINGs as |ASN1_STRING|s with type 900 // |V_ASN1_BIT_STRING|. The data contains the encoded form of the BIT STRING, 901 // including any padding bits added to round to a whole number of bytes, but 902 // excluding the leading byte containing the number of padding bits. If 903 // |ASN1_STRING_FLAG_BITS_LEFT| is set, the bottom three bits contains the 904 // number of padding bits. For example, DER encodes the BIT STRING {1, 0} as 905 // {0x06, 0x80 = 0b10_000000}. The |ASN1_STRING| representation has data of 906 // {0x80} and flags of ASN1_STRING_FLAG_BITS_LEFT | 6. If 907 // |ASN1_STRING_FLAG_BITS_LEFT| is unset, trailing zero bits are implicitly 908 // removed. Callers should not rely this representation when constructing bit 909 // strings. The padding bits in the |ASN1_STRING| data must be zero. 910 911 // ASN1_BIT_STRING_new calls |ASN1_STRING_type_new| with |V_ASN1_BIT_STRING|. 912 OPENSSL_EXPORT ASN1_BIT_STRING *ASN1_BIT_STRING_new(void); 913 914 // ASN1_BIT_STRING_free calls |ASN1_STRING_free|. 915 OPENSSL_EXPORT void ASN1_BIT_STRING_free(ASN1_BIT_STRING *str); 916 917 // d2i_ASN1_BIT_STRING parses up to |len| bytes from |*inp| as a DER-encoded 918 // ASN.1 BIT STRING, as described in |d2i_SAMPLE|. 919 OPENSSL_EXPORT ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out, 920 const uint8_t **inp, 921 long len); 922 923 // i2d_ASN1_BIT_STRING marshals |in| as a DER-encoded ASN.1 BIT STRING, as 924 // described in |i2d_SAMPLE|. 925 OPENSSL_EXPORT int i2d_ASN1_BIT_STRING(const ASN1_BIT_STRING *in, 926 uint8_t **outp); 927 928 // c2i_ASN1_BIT_STRING decodes |len| bytes from |*inp| as the contents of a 929 // DER-encoded BIT STRING, excluding the tag and length. It behaves like 930 // |d2i_SAMPLE| except, on success, it always consumes all |len| bytes. 931 OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **out, 932 const uint8_t **inp, 933 long len); 934 935 // i2c_ASN1_BIT_STRING encodes |in| as the contents of a DER-encoded BIT STRING, 936 // excluding the tag and length. If |outp| is non-NULL, it writes the result to 937 // |*outp|, advances |*outp| just past the output, and returns the number of 938 // bytes written. |*outp| must have space available for the result. If |outp| is 939 // NULL, it returns the number of bytes without writing anything. On error, it 940 // returns a value <= 0. 941 // 942 // Note this function differs slightly from |i2d_SAMPLE|. If |outp| is non-NULL 943 // and |*outp| is NULL, it does not allocate a new buffer. 944 // 945 // TODO(davidben): This function currently returns zero on error instead of -1, 946 // but it is also mostly infallible. I've currently documented <= 0 to suggest 947 // callers work with both. 948 OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *in, 949 uint8_t **outp); 950 951 // ASN1_BIT_STRING is an |ASN1_ITEM| with ASN.1 type BIT STRING and C type 952 // |ASN1_BIT_STRING*|. 953 DECLARE_ASN1_ITEM(ASN1_BIT_STRING) 954 955 // ASN1_BIT_STRING_num_bytes computes the length of |str| in bytes. If |str|'s 956 // bit length is a multiple of 8, it sets |*out| to the byte length and returns 957 // one. Otherwise, it returns zero. 958 // 959 // This function may be used with |ASN1_STRING_get0_data| to interpret |str| as 960 // a byte string. 961 OPENSSL_EXPORT int ASN1_BIT_STRING_num_bytes(const ASN1_BIT_STRING *str, 962 size_t *out); 963 964 // ASN1_BIT_STRING_set calls |ASN1_STRING_set|. It leaves flags unchanged, so 965 // the caller must set the number of unused bits. 966 // 967 // TODO(davidben): Maybe it should? Wrapping a byte string in a bit string is a 968 // common use case. 969 OPENSSL_EXPORT int ASN1_BIT_STRING_set(ASN1_BIT_STRING *str, 970 const unsigned char *d, 971 ossl_ssize_t length); 972 973 // ASN1_BIT_STRING_set_bit sets bit |n| of |str| to one if |value| is non-zero 974 // and zero if |value| is zero, resizing |str| as needed. It then truncates 975 // trailing zeros in |str| to align with the DER represention for a bit string 976 // with named bits. It returns one on success and zero on error. |n| is indexed 977 // beginning from zero. 978 OPENSSL_EXPORT int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *str, int n, 979 int value); 980 981 // ASN1_BIT_STRING_get_bit returns one if bit |n| of |a| is in bounds and set, 982 // and zero otherwise. |n| is indexed beginning from zero. 983 OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *str, int n); 984 985 // ASN1_BIT_STRING_check returns one if |str| only contains bits that are set in 986 // the |flags_len| bytes pointed by |flags|. Otherwise it returns zero. Bits in 987 // |flags| are arranged according to the DER representation, so bit 0 988 // corresponds to the MSB of |flags[0]|. 989 OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *str, 990 const unsigned char *flags, 991 int flags_len); 992 993 994 // Integers and enumerated values. 995 // 996 // INTEGER and ENUMERATED values are represented as |ASN1_STRING|s where the 997 // data contains the big-endian encoding of the absolute value of the integer. 998 // The sign bit is encoded in the type: non-negative values have a type of 999 // |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, while negative values have a type of 1000 // |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. Note this differs from DER's 1001 // two's complement representation. 1002 // 1003 // The data in the |ASN1_STRING| may not have leading zeros. Note this means 1004 // zero is represented as the empty string. Parsing functions will never return 1005 // invalid representations. If an invalid input is constructed, the marshaling 1006 // functions will skip leading zeros, however other functions, such as 1007 // |ASN1_INTEGER_cmp| or |ASN1_INTEGER_get|, may not return the correct result. 1008 1009 DEFINE_STACK_OF(ASN1_INTEGER) 1010 1011 // ASN1_INTEGER_new calls |ASN1_STRING_type_new| with |V_ASN1_INTEGER|. The 1012 // resulting object has value zero. 1013 OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_new(void); 1014 1015 // ASN1_INTEGER_free calls |ASN1_STRING_free|. 1016 OPENSSL_EXPORT void ASN1_INTEGER_free(ASN1_INTEGER *str); 1017 1018 // ASN1_INTEGER_dup calls |ASN1_STRING_dup|. 1019 OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); 1020 1021 // d2i_ASN1_INTEGER parses up to |len| bytes from |*inp| as a DER-encoded 1022 // ASN.1 INTEGER, as described in |d2i_SAMPLE|. 1023 OPENSSL_EXPORT ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **out, 1024 const uint8_t **inp, long len); 1025 1026 // i2d_ASN1_INTEGER marshals |in| as a DER-encoded ASN.1 INTEGER, as 1027 // described in |i2d_SAMPLE|. 1028 OPENSSL_EXPORT int i2d_ASN1_INTEGER(const ASN1_INTEGER *in, uint8_t **outp); 1029 1030 // c2i_ASN1_INTEGER decodes |len| bytes from |*inp| as the contents of a 1031 // DER-encoded INTEGER, excluding the tag and length. It behaves like 1032 // |d2i_SAMPLE| except, on success, it always consumes all |len| bytes. 1033 OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **in, 1034 const uint8_t **outp, long len); 1035 1036 // i2c_ASN1_INTEGER encodes |in| as the contents of a DER-encoded INTEGER, 1037 // excluding the tag and length. If |outp| is non-NULL, it writes the result to 1038 // |*outp|, advances |*outp| just past the output, and returns the number of 1039 // bytes written. |*outp| must have space available for the result. If |outp| is 1040 // NULL, it returns the number of bytes without writing anything. On error, it 1041 // returns a value <= 0. 1042 // 1043 // Note this function differs slightly from |i2d_SAMPLE|. If |outp| is non-NULL 1044 // and |*outp| is NULL, it does not allocate a new buffer. 1045 // 1046 // TODO(davidben): This function currently returns zero on error instead of -1, 1047 // but it is also mostly infallible. I've currently documented <= 0 to suggest 1048 // callers work with both. 1049 OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *in, uint8_t **outp); 1050 1051 // ASN1_INTEGER is an |ASN1_ITEM| with ASN.1 type INTEGER and C type 1052 // |ASN1_INTEGER*|. 1053 DECLARE_ASN1_ITEM(ASN1_INTEGER) 1054 1055 // ASN1_INTEGER_set_uint64 sets |a| to an INTEGER with value |v|. It returns one 1056 // on success and zero on error. 1057 OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v); 1058 1059 // ASN1_INTEGER_set_int64 sets |a| to an INTEGER with value |v|. It returns one 1060 // on success and zero on error. 1061 OPENSSL_EXPORT int ASN1_INTEGER_set_int64(ASN1_INTEGER *out, int64_t v); 1062 1063 // ASN1_INTEGER_get_uint64 converts |a| to a |uint64_t|. On success, it returns 1064 // one and sets |*out| to the result. If |a| did not fit or has the wrong type, 1065 // it returns zero. 1066 OPENSSL_EXPORT int ASN1_INTEGER_get_uint64(uint64_t *out, 1067 const ASN1_INTEGER *a); 1068 1069 // ASN1_INTEGER_get_int64 converts |a| to a |int64_t|. On success, it returns 1070 // one and sets |*out| to the result. If |a| did not fit or has the wrong type, 1071 // it returns zero. 1072 OPENSSL_EXPORT int ASN1_INTEGER_get_int64(int64_t *out, const ASN1_INTEGER *a); 1073 1074 // BN_to_ASN1_INTEGER sets |ai| to an INTEGER with value |bn| and returns |ai| 1075 // on success or NULL or error. If |ai| is NULL, it returns a newly-allocated 1076 // |ASN1_INTEGER| on success instead, which the caller must release with 1077 // |ASN1_INTEGER_free|. 1078 OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, 1079 ASN1_INTEGER *ai); 1080 1081 // ASN1_INTEGER_to_BN sets |bn| to the value of |ai| and returns |bn| on success 1082 // or NULL or error. If |bn| is NULL, it returns a newly-allocated |BIGNUM| on 1083 // success instead, which the caller must release with |BN_free|. 1084 OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); 1085 1086 // ASN1_INTEGER_cmp compares the values of |x| and |y|. It returns an integer 1087 // equal to, less than, or greater than zero if |x| is equal to, less than, or 1088 // greater than |y|, respectively. 1089 OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, 1090 const ASN1_INTEGER *y); 1091 1092 // ASN1_ENUMERATED_new calls |ASN1_STRING_type_new| with |V_ASN1_ENUMERATED|. 1093 // The resulting object has value zero. 1094 OPENSSL_EXPORT ASN1_ENUMERATED *ASN1_ENUMERATED_new(void); 1095 1096 // ASN1_ENUMERATED_free calls |ASN1_STRING_free|. 1097 OPENSSL_EXPORT void ASN1_ENUMERATED_free(ASN1_ENUMERATED *str); 1098 1099 // d2i_ASN1_ENUMERATED parses up to |len| bytes from |*inp| as a DER-encoded 1100 // ASN.1 ENUMERATED, as described in |d2i_SAMPLE|. 1101 OPENSSL_EXPORT ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **out, 1102 const uint8_t **inp, 1103 long len); 1104 1105 // i2d_ASN1_ENUMERATED marshals |in| as a DER-encoded ASN.1 ENUMERATED, as 1106 // described in |i2d_SAMPLE|. 1107 OPENSSL_EXPORT int i2d_ASN1_ENUMERATED(const ASN1_ENUMERATED *in, 1108 uint8_t **outp); 1109 1110 // ASN1_ENUMERATED is an |ASN1_ITEM| with ASN.1 type ENUMERATED and C type 1111 // |ASN1_ENUMERATED*|. 1112 DECLARE_ASN1_ITEM(ASN1_ENUMERATED) 1113 1114 // ASN1_ENUMERATED_set_uint64 sets |a| to an ENUMERATED with value |v|. It 1115 // returns one on success and zero on error. 1116 OPENSSL_EXPORT int ASN1_ENUMERATED_set_uint64(ASN1_ENUMERATED *out, uint64_t v); 1117 1118 // ASN1_ENUMERATED_set_int64 sets |a| to an ENUMERATED with value |v|. It 1119 // returns one on success and zero on error. 1120 OPENSSL_EXPORT int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *out, int64_t v); 1121 1122 // ASN1_ENUMERATED_get_uint64 converts |a| to a |uint64_t|. On success, it 1123 // returns one and sets |*out| to the result. If |a| did not fit or has the 1124 // wrong type, it returns zero. 1125 OPENSSL_EXPORT int ASN1_ENUMERATED_get_uint64(uint64_t *out, 1126 const ASN1_ENUMERATED *a); 1127 1128 // ASN1_ENUMERATED_get_int64 converts |a| to a |int64_t|. On success, it 1129 // returns one and sets |*out| to the result. If |a| did not fit or has the 1130 // wrong type, it returns zero. 1131 OPENSSL_EXPORT int ASN1_ENUMERATED_get_int64(int64_t *out, 1132 const ASN1_ENUMERATED *a); 1133 1134 // BN_to_ASN1_ENUMERATED sets |ai| to an ENUMERATED with value |bn| and returns 1135 // |ai| on success or NULL or error. If |ai| is NULL, it returns a 1136 // newly-allocated |ASN1_ENUMERATED| on success instead, which the caller must 1137 // release with |ASN1_ENUMERATED_free|. 1138 OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, 1139 ASN1_ENUMERATED *ai); 1140 1141 // ASN1_ENUMERATED_to_BN sets |bn| to the value of |ai| and returns |bn| on 1142 // success or NULL or error. If |bn| is NULL, it returns a newly-allocated 1143 // |BIGNUM| on success instead, which the caller must release with |BN_free|. 1144 OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, 1145 BIGNUM *bn); 1146 1147 1148 // Time. 1149 // 1150 // GeneralizedTime and UTCTime values are represented as |ASN1_STRING|s. The 1151 // type field is |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The 1152 // data field contains the DER encoding of the value. For example, the UNIX 1153 // epoch would be "19700101000000Z" for a GeneralizedTime and "700101000000Z" 1154 // for a UTCTime. 1155 // 1156 // ASN.1 does not define how to interpret UTCTime's two-digit year. RFC 5280 1157 // defines it as a range from 1950 to 2049 for X.509. The library uses the 1158 // RFC 5280 interpretation. It does not currently enforce the restrictions from 1159 // BER, and the additional restrictions from RFC 5280, but future versions may. 1160 // Callers should not rely on fractional seconds and non-UTC time zones. 1161 // 1162 // The |ASN1_TIME| typedef is a multi-string representing the X.509 Time type, 1163 // which is a CHOICE of GeneralizedTime and UTCTime, using UTCTime when the 1164 // value is in range. 1165 1166 // ASN1_UTCTIME_new calls |ASN1_STRING_type_new| with |V_ASN1_UTCTIME|. The 1167 // resulting object contains empty contents and must be initialized to be a 1168 // valid UTCTime. 1169 OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_new(void); 1170 1171 // ASN1_UTCTIME_free calls |ASN1_STRING_free|. 1172 OPENSSL_EXPORT void ASN1_UTCTIME_free(ASN1_UTCTIME *str); 1173 1174 // d2i_ASN1_UTCTIME parses up to |len| bytes from |*inp| as a DER-encoded 1175 // ASN.1 UTCTime, as described in |d2i_SAMPLE|. 1176 // 1177 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 1178 // BER, but this will be removed in the future. 1179 OPENSSL_EXPORT ASN1_UTCTIME *d2i_ASN1_UTCTIME(ASN1_UTCTIME **out, 1180 const uint8_t **inp, long len); 1181 1182 // i2d_ASN1_UTCTIME marshals |in| as a DER-encoded ASN.1 UTCTime, as 1183 // described in |i2d_SAMPLE|. 1184 OPENSSL_EXPORT int i2d_ASN1_UTCTIME(const ASN1_UTCTIME *in, uint8_t **outp); 1185 1186 // ASN1_UTCTIME is an |ASN1_ITEM| with ASN.1 type UTCTime and C type 1187 // |ASN1_UTCTIME*|. 1188 DECLARE_ASN1_ITEM(ASN1_UTCTIME) 1189 1190 // ASN1_UTCTIME_check returns one if |a| is a valid UTCTime and zero otherwise. 1191 OPENSSL_EXPORT int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); 1192 1193 // ASN1_UTCTIME_set represents |posix_time| as a UTCTime and writes the result 1194 // to |s|. It returns |s| on success and NULL on error. If |s| is NULL, it 1195 // returns a newly-allocated |ASN1_UTCTIME| instead. 1196 // 1197 // Note this function may fail if the time is out of range for UTCTime. 1198 OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, 1199 int64_t posix_time); 1200 1201 // ASN1_UTCTIME_adj adds |offset_day| days and |offset_sec| seconds to 1202 // |posix_time| and writes the result to |s| as a UTCTime. It returns |s| on 1203 // success and NULL on error. If |s| is NULL, it returns a newly-allocated 1204 // |ASN1_UTCTIME| instead. 1205 // 1206 // Note this function may fail if the time overflows or is out of range for 1207 // UTCTime. 1208 OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, 1209 int64_t posix_time, 1210 int offset_day, long offset_sec); 1211 1212 // ASN1_UTCTIME_set_string sets |s| to a UTCTime whose contents are a copy of 1213 // |str|. It returns one on success and zero on error or if |str| is not a valid 1214 // UTCTime. 1215 // 1216 // If |s| is NULL, this function validates |str| without copying it. 1217 OPENSSL_EXPORT int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); 1218 1219 // ASN1_UTCTIME_cmp_time_t compares |s| to |t|. It returns -1 if |s| < |t|, 0 if 1220 // they are equal, 1 if |s| > |t|, and -2 on error. 1221 OPENSSL_EXPORT int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); 1222 1223 // ASN1_GENERALIZEDTIME_new calls |ASN1_STRING_type_new| with 1224 // |V_ASN1_GENERALIZEDTIME|. The resulting object contains empty contents and 1225 // must be initialized to be a valid GeneralizedTime. 1226 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_new(void); 1227 1228 // ASN1_GENERALIZEDTIME_free calls |ASN1_STRING_free|. 1229 OPENSSL_EXPORT void ASN1_GENERALIZEDTIME_free(ASN1_GENERALIZEDTIME *str); 1230 1231 // d2i_ASN1_GENERALIZEDTIME parses up to |len| bytes from |*inp| as a 1232 // DER-encoded ASN.1 GeneralizedTime, as described in |d2i_SAMPLE|. 1233 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *d2i_ASN1_GENERALIZEDTIME( 1234 ASN1_GENERALIZEDTIME **out, const uint8_t **inp, long len); 1235 1236 // i2d_ASN1_GENERALIZEDTIME marshals |in| as a DER-encoded ASN.1 1237 // GeneralizedTime, as described in |i2d_SAMPLE|. 1238 OPENSSL_EXPORT int i2d_ASN1_GENERALIZEDTIME(const ASN1_GENERALIZEDTIME *in, 1239 uint8_t **outp); 1240 1241 // ASN1_GENERALIZEDTIME is an |ASN1_ITEM| with ASN.1 type GeneralizedTime and C 1242 // type |ASN1_GENERALIZEDTIME*|. 1243 DECLARE_ASN1_ITEM(ASN1_GENERALIZEDTIME) 1244 1245 // ASN1_GENERALIZEDTIME_check returns one if |a| is a valid GeneralizedTime and 1246 // zero otherwise. 1247 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); 1248 1249 // ASN1_GENERALIZEDTIME_set represents |posix_time| as a GeneralizedTime and 1250 // writes the result to |s|. It returns |s| on success and NULL on error. If |s| 1251 // is NULL, it returns a newly-allocated |ASN1_GENERALIZEDTIME| instead. 1252 // 1253 // Note this function may fail if the time is out of range for GeneralizedTime. 1254 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set( 1255 ASN1_GENERALIZEDTIME *s, int64_t posix_time); 1256 1257 // ASN1_GENERALIZEDTIME_adj adds |offset_day| days and |offset_sec| seconds to 1258 // |posix_time| and writes the result to |s| as a GeneralizedTime. It returns 1259 // |s| on success and NULL on error. If |s| is NULL, it returns a 1260 // newly-allocated |ASN1_GENERALIZEDTIME| instead. 1261 // 1262 // Note this function may fail if the time overflows or is out of range for 1263 // GeneralizedTime. 1264 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj( 1265 ASN1_GENERALIZEDTIME *s, int64_t posix_time, int offset_day, 1266 long offset_sec); 1267 1268 // ASN1_GENERALIZEDTIME_set_string sets |s| to a GeneralizedTime whose contents 1269 // are a copy of |str|. It returns one on success and zero on error or if |str| 1270 // is not a valid GeneralizedTime. 1271 // 1272 // If |s| is NULL, this function validates |str| without copying it. 1273 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, 1274 const char *str); 1275 1276 // B_ASN1_TIME is a bitmask of types allowed in an X.509 Time. 1277 #define B_ASN1_TIME (B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME) 1278 1279 // ASN1_TIME_new returns a newly-allocated |ASN1_TIME| with type -1, or NULL on 1280 // error. The resulting |ASN1_TIME| is not a valid X.509 Time until initialized 1281 // with a value. 1282 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_new(void); 1283 1284 // ASN1_TIME_free releases memory associated with |str|. 1285 OPENSSL_EXPORT void ASN1_TIME_free(ASN1_TIME *str); 1286 1287 // d2i_ASN1_TIME parses up to |len| bytes from |*inp| as a DER-encoded X.509 1288 // Time (RFC 5280), as described in |d2i_SAMPLE|. 1289 // 1290 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 1291 // BER, but this will be removed in the future. 1292 OPENSSL_EXPORT ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **out, const uint8_t **inp, 1293 long len); 1294 1295 // i2d_ASN1_TIME marshals |in| as a DER-encoded X.509 Time (RFC 5280), as 1296 // described in |i2d_SAMPLE|. 1297 OPENSSL_EXPORT int i2d_ASN1_TIME(const ASN1_TIME *in, uint8_t **outp); 1298 1299 // ASN1_TIME is an |ASN1_ITEM| whose ASN.1 type is X.509 Time (RFC 5280) and C 1300 // type is |ASN1_TIME*|. 1301 DECLARE_ASN1_ITEM(ASN1_TIME) 1302 1303 // ASN1_TIME_diff computes |to| - |from|. On success, it sets |*out_days| to the 1304 // difference in days, rounded towards zero, sets |*out_seconds| to the 1305 // remainder, and returns one. On error, it returns zero. 1306 // 1307 // If |from| is before |to|, both outputs will be <= 0, with at least one 1308 // negative. If |from| is after |to|, both will be >= 0, with at least one 1309 // positive. If they are equal, ignoring fractional seconds, both will be zero. 1310 // 1311 // Note this function may fail on overflow, or if |from| or |to| cannot be 1312 // decoded. 1313 OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds, 1314 const ASN1_TIME *from, const ASN1_TIME *to); 1315 1316 // ASN1_TIME_set_posix represents |posix_time| as a GeneralizedTime or UTCTime 1317 // and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses 1318 // UTCTime when the time fits and GeneralizedTime otherwise. It returns |s| on 1319 // success and NULL on error. If |s| is NULL, it returns a newly-allocated 1320 // |ASN1_TIME| instead. 1321 // 1322 // Note this function may fail if the time is out of range for GeneralizedTime. 1323 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set_posix(ASN1_TIME *s, int64_t posix_time); 1324 1325 // ASN1_TIME_set is exactly the same as |ASN1_TIME_set_posix| but with a 1326 // time_t as input for compatibility. 1327 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t time); 1328 1329 // ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to 1330 // |posix_time| and writes the result to |s|. As in RFC 5280, section 4.1.2.5, 1331 // it uses UTCTime when the time fits and GeneralizedTime otherwise. It returns 1332 // |s| on success and NULL on error. If |s| is NULL, it returns a 1333 // newly-allocated |ASN1_GENERALIZEDTIME| instead. 1334 // 1335 // Note this function may fail if the time overflows or is out of range for 1336 // GeneralizedTime. 1337 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, int64_t posix_time, 1338 int offset_day, long offset_sec); 1339 1340 // ASN1_TIME_check returns one if |t| is a valid UTCTime or GeneralizedTime, and 1341 // zero otherwise. |t|'s type determines which check is performed. This 1342 // function does not enforce that UTCTime was used when possible. 1343 OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t); 1344 1345 // ASN1_TIME_to_generalizedtime converts |t| to a GeneralizedTime. If |out| is 1346 // NULL, it returns a newly-allocated |ASN1_GENERALIZEDTIME| on success, or NULL 1347 // on error. If |out| is non-NULL and |*out| is NULL, it additionally sets 1348 // |*out| to the result. If |out| and |*out| are non-NULL, it instead updates 1349 // the object pointed by |*out| and returns |*out| on success or NULL on error. 1350 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime( 1351 const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); 1352 1353 // ASN1_TIME_set_string behaves like |ASN1_UTCTIME_set_string| if |str| is a 1354 // valid UTCTime, and |ASN1_GENERALIZEDTIME_set_string| if |str| is a valid 1355 // GeneralizedTime. If |str| is neither, it returns zero. 1356 OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); 1357 1358 // ASN1_TIME_set_string_X509 behaves like |ASN1_TIME_set_string| except it 1359 // additionally converts GeneralizedTime to UTCTime if it is in the range where 1360 // UTCTime is used. See RFC 5280, section 4.1.2.5. 1361 OPENSSL_EXPORT int ASN1_TIME_set_string_X509(ASN1_TIME *s, const char *str); 1362 1363 // ASN1_TIME_to_time_t converts |t| to a time_t value in |out|. On 1364 // success, one is returned. On failure zero is returned. This function 1365 // will fail if the time can not be represented in a time_t. 1366 OPENSSL_EXPORT int ASN1_TIME_to_time_t(const ASN1_TIME *t, time_t *out); 1367 1368 // ASN1_TIME_to_posix converts |t| to a POSIX time value in |out|. On 1369 // success, one is returned. On failure zero is returned. 1370 OPENSSL_EXPORT int ASN1_TIME_to_posix(const ASN1_TIME *t, int64_t *out); 1371 1372 // TODO(davidben): Expand and document function prototypes generated in macros. 1373 1374 1375 // NULL values. 1376 // 1377 // This library represents the ASN.1 NULL value by a non-NULL pointer to the 1378 // opaque type |ASN1_NULL|. An omitted OPTIONAL ASN.1 NULL value is a NULL 1379 // pointer. Unlike other pointer types, it is not necessary to free |ASN1_NULL| 1380 // pointers, but it is safe to do so. 1381 1382 // ASN1_NULL_new returns an opaque, non-NULL pointer. It is safe to call 1383 // |ASN1_NULL_free| on the result, but not necessary. 1384 OPENSSL_EXPORT ASN1_NULL *ASN1_NULL_new(void); 1385 1386 // ASN1_NULL_free does nothing. 1387 OPENSSL_EXPORT void ASN1_NULL_free(ASN1_NULL *null); 1388 1389 // d2i_ASN1_NULL parses a DER-encoded ASN.1 NULL value from up to |len| bytes 1390 // at |*inp|, as described in |d2i_SAMPLE|. 1391 OPENSSL_EXPORT ASN1_NULL *d2i_ASN1_NULL(ASN1_NULL **out, const uint8_t **inp, 1392 long len); 1393 1394 // i2d_ASN1_NULL marshals |in| as a DER-encoded ASN.1 NULL value, as described 1395 // in |i2d_SAMPLE|. 1396 OPENSSL_EXPORT int i2d_ASN1_NULL(const ASN1_NULL *in, uint8_t **outp); 1397 1398 // ASN1_NULL is an |ASN1_ITEM| with ASN.1 type NULL and C type |ASN1_NULL*|. 1399 DECLARE_ASN1_ITEM(ASN1_NULL) 1400 1401 1402 // Object identifiers. 1403 // 1404 // An |ASN1_OBJECT| represents a ASN.1 OBJECT IDENTIFIER. See also obj.h for 1405 // additional functions relating to |ASN1_OBJECT|. 1406 // 1407 // TODO(davidben): What's the relationship between asn1.h and obj.h? Most of 1408 // obj.h deals with the large NID table, but then functions like |OBJ_get0_data| 1409 // or |OBJ_dup| are general |ASN1_OBJECT| functions. 1410 1411 DEFINE_STACK_OF(ASN1_OBJECT) 1412 1413 // ASN1_OBJECT_create returns a newly-allocated |ASN1_OBJECT| with |len| bytes 1414 // from |data| as the encoded OID, or NULL on error. |data| should contain the 1415 // DER-encoded identifier, excluding the tag and length. 1416 // 1417 // |nid| should be |NID_undef|. Passing a NID value that does not match |data| 1418 // will cause some functions to misbehave. |sn| and |ln| should be NULL. If 1419 // non-NULL, they are stored as short and long names, respectively, but these 1420 // values have no effect for |ASN1_OBJECT|s created through this function. 1421 // 1422 // TODO(davidben): Should we just ignore all those parameters? NIDs and names 1423 // are only relevant for |ASN1_OBJECT|s in the obj.h table. 1424 OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, const uint8_t *data, 1425 size_t len, const char *sn, 1426 const char *ln); 1427 1428 // ASN1_OBJECT_free releases memory associated with |a|. If |a| is a static 1429 // |ASN1_OBJECT|, returned from |OBJ_nid2obj|, this function does nothing. 1430 OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a); 1431 1432 // d2i_ASN1_OBJECT parses a DER-encoded ASN.1 OBJECT IDENTIFIER from up to |len| 1433 // bytes at |*inp|, as described in |d2i_SAMPLE|. 1434 OPENSSL_EXPORT ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **out, 1435 const uint8_t **inp, long len); 1436 1437 // i2d_ASN1_OBJECT marshals |in| as a DER-encoded ASN.1 OBJECT IDENTIFIER, as 1438 // described in |i2d_SAMPLE|. 1439 OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *in, uint8_t **outp); 1440 1441 // c2i_ASN1_OBJECT decodes |len| bytes from |*inp| as the contents of a 1442 // DER-encoded OBJECT IDENTIFIER, excluding the tag and length. It behaves like 1443 // |d2i_SAMPLE| except, on success, it always consumes all |len| bytes. 1444 OPENSSL_EXPORT ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **out, 1445 const uint8_t **inp, long len); 1446 1447 // ASN1_OBJECT is an |ASN1_ITEM| with ASN.1 type OBJECT IDENTIFIER and C type 1448 // |ASN1_OBJECT*|. 1449 DECLARE_ASN1_ITEM(ASN1_OBJECT) 1450 1451 1452 // Arbitrary elements. 1453 1454 // An asn1_type_st (aka |ASN1_TYPE|) represents an arbitrary ASN.1 element, 1455 // typically used for ANY types. It contains a |type| field and a |value| union 1456 // dependent on |type|. 1457 // 1458 // WARNING: This struct has a complex representation. Callers must not construct 1459 // |ASN1_TYPE| values manually. Use |ASN1_TYPE_set| and |ASN1_TYPE_set1| 1460 // instead. Additionally, callers performing non-trivial operations on this type 1461 // are encouraged to use |CBS| and |CBB| from <openssl/bytestring.h>, and 1462 // convert to or from |ASN1_TYPE| with |d2i_ASN1_TYPE| or |i2d_ASN1_TYPE|. 1463 // 1464 // The |type| field corresponds to the tag of the ASN.1 element being 1465 // represented: 1466 // 1467 // If |type| is a |V_ASN1_*| constant for an ASN.1 string-like type, as defined 1468 // by |ASN1_STRING|, the tag matches the constant. |value| contains an 1469 // |ASN1_STRING| pointer (equivalently, one of the more specific typedefs). See 1470 // |ASN1_STRING| for details on the representation. Unlike |ASN1_STRING|, 1471 // |ASN1_TYPE| does not use the |V_ASN1_NEG| flag for negative INTEGER and 1472 // ENUMERATE values. For a negative value, the |ASN1_TYPE|'s |type| will be 1473 // |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, but |value| will an |ASN1_STRING| 1474 // whose |type| is |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. 1475 // 1476 // If |type| is |V_ASN1_OBJECT|, the tag is OBJECT IDENTIFIER and |value| 1477 // contains an |ASN1_OBJECT| pointer. 1478 // 1479 // If |type| is |V_ASN1_NULL|, the tag is NULL. |value| contains a NULL pointer. 1480 // 1481 // If |type| is |V_ASN1_BOOLEAN|, the tag is BOOLEAN. |value| contains an 1482 // |ASN1_BOOLEAN|. 1483 // 1484 // If |type| is |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or |V_ASN1_OTHER|, the tag is 1485 // SEQUENCE, SET, or some arbitrary tag, respectively. |value| uses the 1486 // corresponding |ASN1_STRING| representation. Although any type may be 1487 // represented in |V_ASN1_OTHER|, the parser will always return the more 1488 // specific encoding when available. 1489 // 1490 // Other values of |type| do not represent a valid ASN.1 value, though 1491 // default-constructed objects may set |type| to -1. Such objects cannot be 1492 // serialized. 1493 struct asn1_type_st { 1494 int type; 1495 union { 1496 char *ptr; 1497 ASN1_BOOLEAN boolean; 1498 ASN1_STRING *asn1_string; 1499 ASN1_OBJECT *object; 1500 ASN1_INTEGER *integer; 1501 ASN1_ENUMERATED *enumerated; 1502 ASN1_BIT_STRING *bit_string; 1503 ASN1_OCTET_STRING *octet_string; 1504 ASN1_PRINTABLESTRING *printablestring; 1505 ASN1_T61STRING *t61string; 1506 ASN1_IA5STRING *ia5string; 1507 ASN1_GENERALSTRING *generalstring; 1508 ASN1_BMPSTRING *bmpstring; 1509 ASN1_UNIVERSALSTRING *universalstring; 1510 ASN1_UTCTIME *utctime; 1511 ASN1_GENERALIZEDTIME *generalizedtime; 1512 ASN1_VISIBLESTRING *visiblestring; 1513 ASN1_UTF8STRING *utf8string; 1514 // set and sequence are left complete and still contain the entire element. 1515 ASN1_STRING *set; 1516 ASN1_STRING *sequence; 1517 ASN1_VALUE *asn1_value; 1518 } value; 1519 }; 1520 1521 DEFINE_STACK_OF(ASN1_TYPE) 1522 1523 // ASN1_TYPE_new returns a newly-allocated |ASN1_TYPE|, or NULL on allocation 1524 // failure. The resulting object has type -1 and must be initialized to be 1525 // a valid ANY value. 1526 OPENSSL_EXPORT ASN1_TYPE *ASN1_TYPE_new(void); 1527 1528 // ASN1_TYPE_free releases memory associated with |a|. 1529 OPENSSL_EXPORT void ASN1_TYPE_free(ASN1_TYPE *a); 1530 1531 // d2i_ASN1_TYPE parses up to |len| bytes from |*inp| as an ASN.1 value of any 1532 // type, as described in |d2i_SAMPLE|. Note this function only validates 1533 // primitive, universal types supported by this library. Values of type 1534 // |V_ASN1_SEQUENCE|, |V_ASN1_SET|, |V_ASN1_OTHER|, or an unsupported primitive 1535 // type must be validated by the caller when interpreting. 1536 // 1537 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 1538 // BER, but this will be removed in the future. 1539 OPENSSL_EXPORT ASN1_TYPE *d2i_ASN1_TYPE(ASN1_TYPE **out, const uint8_t **inp, 1540 long len); 1541 1542 // i2d_ASN1_TYPE marshals |in| as DER, as described in |i2d_SAMPLE|. 1543 OPENSSL_EXPORT int i2d_ASN1_TYPE(const ASN1_TYPE *in, uint8_t **outp); 1544 1545 // ASN1_ANY is an |ASN1_ITEM| with ASN.1 type ANY and C type |ASN1_TYPE*|. Note 1546 // the |ASN1_ITEM| name and C type do not match. 1547 DECLARE_ASN1_ITEM(ASN1_ANY) 1548 1549 // ASN1_TYPE_get returns the type of |a|, which will be one of the |V_ASN1_*| 1550 // constants, or zero if |a| is not fully initialized. 1551 OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a); 1552 1553 // ASN1_TYPE_set sets |a| to an |ASN1_TYPE| of type |type| and value |value|, 1554 // releasing the previous contents of |a|. 1555 // 1556 // If |type| is |V_ASN1_BOOLEAN|, |a| is set to FALSE if |value| is NULL and 1557 // TRUE otherwise. If setting |a| to TRUE, |value| may be an invalid pointer, 1558 // such as (void*)1. 1559 // 1560 // If |type| is |V_ASN1_NULL|, |value| must be NULL. 1561 // 1562 // For other values of |type|, this function takes ownership of |value|, which 1563 // must point to an object of the corresponding type. See |ASN1_TYPE| for 1564 // details. 1565 OPENSSL_EXPORT void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); 1566 1567 // ASN1_TYPE_set1 behaves like |ASN1_TYPE_set| except it does not take ownership 1568 // of |value|. It returns one on success and zero on error. 1569 OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); 1570 1571 // ASN1_TYPE_cmp returns zero if |a| and |b| are equal and some non-zero value 1572 // otherwise. Note this function can only be used for equality checks, not an 1573 // ordering. 1574 OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); 1575 1576 typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; 1577 1578 // d2i_ASN1_SEQUENCE_ANY parses up to |len| bytes from |*inp| as a DER-encoded 1579 // ASN.1 SEQUENCE OF ANY structure, as described in |d2i_SAMPLE|. The resulting 1580 // |ASN1_SEQUENCE_ANY| owns its contents and thus must be released with 1581 // |sk_ASN1_TYPE_pop_free| and |ASN1_TYPE_free|, not |sk_ASN1_TYPE_free|. 1582 // 1583 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 1584 // BER, but this will be removed in the future. 1585 OPENSSL_EXPORT ASN1_SEQUENCE_ANY *d2i_ASN1_SEQUENCE_ANY(ASN1_SEQUENCE_ANY **out, 1586 const uint8_t **inp, 1587 long len); 1588 1589 // i2d_ASN1_SEQUENCE_ANY marshals |in| as a DER-encoded SEQUENCE OF ANY 1590 // structure, as described in |i2d_SAMPLE|. 1591 OPENSSL_EXPORT int i2d_ASN1_SEQUENCE_ANY(const ASN1_SEQUENCE_ANY *in, 1592 uint8_t **outp); 1593 1594 // d2i_ASN1_SET_ANY parses up to |len| bytes from |*inp| as a DER-encoded ASN.1 1595 // SET OF ANY structure, as described in |d2i_SAMPLE|. The resulting 1596 // |ASN1_SEQUENCE_ANY| owns its contents and thus must be released with 1597 // |sk_ASN1_TYPE_pop_free| and |ASN1_TYPE_free|, not |sk_ASN1_TYPE_free|. 1598 // 1599 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 1600 // BER, but this will be removed in the future. 1601 OPENSSL_EXPORT ASN1_SEQUENCE_ANY *d2i_ASN1_SET_ANY(ASN1_SEQUENCE_ANY **out, 1602 const uint8_t **inp, 1603 long len); 1604 1605 // i2d_ASN1_SET_ANY marshals |in| as a DER-encoded SET OF ANY structure, as 1606 // described in |i2d_SAMPLE|. 1607 OPENSSL_EXPORT int i2d_ASN1_SET_ANY(const ASN1_SEQUENCE_ANY *in, 1608 uint8_t **outp); 1609 1610 1611 // Human-readable output. 1612 // 1613 // The following functions output types in some human-readable format. These 1614 // functions may be used for debugging and logging. However, the output should 1615 // not be consumed programmatically. They may be ambiguous or lose information. 1616 1617 // ASN1_UTCTIME_print writes a human-readable representation of |a| to |out|. It 1618 // returns one on success and zero on error. 1619 OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *out, const ASN1_UTCTIME *a); 1620 1621 // ASN1_GENERALIZEDTIME_print writes a human-readable representation of |a| to 1622 // |out|. It returns one on success and zero on error. 1623 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *out, 1624 const ASN1_GENERALIZEDTIME *a); 1625 1626 // ASN1_TIME_print writes a human-readable representation of |a| to |out|. It 1627 // returns one on success and zero on error. 1628 OPENSSL_EXPORT int ASN1_TIME_print(BIO *out, const ASN1_TIME *a); 1629 1630 // ASN1_STRING_print writes a human-readable representation of |str| to |out|. 1631 // It returns one on success and zero on error. Unprintable characters are 1632 // replaced with '.'. 1633 OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); 1634 1635 // The following flags must not collide with |XN_FLAG_*|. 1636 1637 // ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC 2253, section 1638 // 2.4. 1639 #define ASN1_STRFLGS_ESC_2253 1ul 1640 1641 // ASN1_STRFLGS_ESC_CTRL causes all control characters to be escaped. 1642 #define ASN1_STRFLGS_ESC_CTRL 2ul 1643 1644 // ASN1_STRFLGS_ESC_MSB causes all characters above 127 to be escaped. 1645 #define ASN1_STRFLGS_ESC_MSB 4ul 1646 1647 // ASN1_STRFLGS_ESC_QUOTE causes the string to be surrounded by quotes, rather 1648 // than using backslashes, when characters are escaped. Fewer characters will 1649 // require escapes in this case. 1650 #define ASN1_STRFLGS_ESC_QUOTE 8ul 1651 1652 // ASN1_STRFLGS_UTF8_CONVERT causes the string to be encoded as UTF-8, with each 1653 // byte in the UTF-8 encoding treated as an individual character for purposes of 1654 // escape sequences. If not set, each Unicode codepoint in the string is treated 1655 // as a character, with wide characters escaped as "\Uxxxx" or "\Wxxxxxxxx". 1656 // Note this can be ambiguous if |ASN1_STRFLGS_ESC_*| are all unset. In that 1657 // case, backslashes are not escaped, but wide characters are. 1658 #define ASN1_STRFLGS_UTF8_CONVERT 0x10ul 1659 1660 // ASN1_STRFLGS_IGNORE_TYPE causes the string type to be ignored. The 1661 // |ASN1_STRING| in-memory representation will be printed directly. 1662 #define ASN1_STRFLGS_IGNORE_TYPE 0x20ul 1663 1664 // ASN1_STRFLGS_SHOW_TYPE causes the string type to be included in the output. 1665 #define ASN1_STRFLGS_SHOW_TYPE 0x40ul 1666 1667 // ASN1_STRFLGS_DUMP_ALL causes all strings to be printed as a hexdump, using 1668 // RFC 2253 hexstring notation, such as "#0123456789ABCDEF". 1669 #define ASN1_STRFLGS_DUMP_ALL 0x80ul 1670 1671 // ASN1_STRFLGS_DUMP_UNKNOWN behaves like |ASN1_STRFLGS_DUMP_ALL| but only 1672 // applies to values of unknown type. If unset, unknown values will print 1673 // their contents as single-byte characters with escape sequences. 1674 #define ASN1_STRFLGS_DUMP_UNKNOWN 0x100ul 1675 1676 // ASN1_STRFLGS_DUMP_DER causes hexdumped strings (as determined by 1677 // |ASN1_STRFLGS_DUMP_ALL| or |ASN1_STRFLGS_DUMP_UNKNOWN|) to print the entire 1678 // DER element as in RFC 2253, rather than only the contents of the 1679 // |ASN1_STRING|. 1680 #define ASN1_STRFLGS_DUMP_DER 0x200ul 1681 1682 // ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC 2253, 1683 // additionally escaping control characters. 1684 #define ASN1_STRFLGS_RFC2253 \ 1685 (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \ 1686 ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | \ 1687 ASN1_STRFLGS_DUMP_DER) 1688 1689 // ASN1_STRING_print_ex writes a human-readable representation of |str| to 1690 // |out|. It returns the number of bytes written on success and -1 on error. If 1691 // |out| is NULL, it returns the number of bytes it would have written, without 1692 // writing anything. 1693 // 1694 // The |flags| should be a combination of combination of |ASN1_STRFLGS_*| 1695 // constants. See the documentation for each flag for how it controls the 1696 // output. If unsure, use |ASN1_STRFLGS_RFC2253|. 1697 OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, 1698 unsigned long flags); 1699 1700 // ASN1_STRING_print_ex_fp behaves like |ASN1_STRING_print_ex| but writes to a 1701 // |FILE| rather than a |BIO|. 1702 OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, 1703 unsigned long flags); 1704 1705 // i2a_ASN1_INTEGER writes a human-readable representation of |a| to |bp|. It 1706 // returns the number of bytes written on success, or a negative number on 1707 // error. On error, this function may have written a partial output to |bp|. 1708 OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); 1709 1710 // i2a_ASN1_ENUMERATED writes a human-readable representation of |a| to |bp|. It 1711 // returns the number of bytes written on success, or a negative number on 1712 // error. On error, this function may have written a partial output to |bp|. 1713 OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); 1714 1715 // i2a_ASN1_OBJECT writes a human-readable representation of |a| to |bp|. It 1716 // returns the number of bytes written on success, or a negative number on 1717 // error. On error, this function may have written a partial output to |bp|. 1718 OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); 1719 1720 // i2a_ASN1_STRING writes a text representation of |a|'s contents to |bp|. It 1721 // returns the number of bytes written on success, or a negative number on 1722 // error. On error, this function may have written a partial output to |bp|. 1723 // |type| is ignored. 1724 // 1725 // This function does not decode |a| into a Unicode string. It only hex-encodes 1726 // the internal representation of |a|. This is suitable for printing an OCTET 1727 // STRING, but may not be human-readable for any other string type. 1728 OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); 1729 1730 // i2t_ASN1_OBJECT calls |OBJ_obj2txt| with |always_return_oid| set to zero. 1731 OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf, int buf_len, 1732 const ASN1_OBJECT *a); 1733 1734 1735 // Low-level encoding functions. 1736 1737 // ASN1_get_object parses a BER element from up to |max_len| bytes at |*inp|. It 1738 // returns |V_ASN1_CONSTRUCTED| if it successfully parsed a constructed element, 1739 // zero if it successfully parsed a primitive element, and 0x80 on error. On 1740 // success, it additionally advances |*inp| to the element body, sets 1741 // |*out_length|, |*out_tag|, and |*out_class| to the element's length, tag 1742 // number, and tag class, respectively, 1743 // 1744 // Unlike OpenSSL, this function only supports DER. Indefinite and non-minimal 1745 // lengths are rejected. 1746 // 1747 // This function is difficult to use correctly. Use |CBS_get_asn1| and related 1748 // functions from bytestring.h. 1749 OPENSSL_EXPORT int ASN1_get_object(const unsigned char **inp, long *out_length, 1750 int *out_tag, int *out_class, long max_len); 1751 1752 // ASN1_put_object writes the header for a DER or BER element to |*outp| and 1753 // advances |*outp| by the number of bytes written. The caller is responsible 1754 // for ensuring |*outp| has enough space for the output. The header describes an 1755 // element with length |length|, tag number |tag|, and class |xclass|. |xclass| 1756 // should be one of the |V_ASN1_*| tag class constants. The element is primitive 1757 // if |constructed| is zero and constructed if it is one or two. If 1758 // |constructed| is two, |length| is ignored and the element uses 1759 // indefinite-length encoding. 1760 // 1761 // Use |CBB_add_asn1| instead. 1762 OPENSSL_EXPORT void ASN1_put_object(unsigned char **outp, int constructed, 1763 int length, int tag, int xclass); 1764 1765 // ASN1_put_eoc writes two zero bytes to |*outp|, advances |*outp| to point past 1766 // those bytes, and returns two. 1767 // 1768 // Use definite-length encoding instead. 1769 OPENSSL_EXPORT int ASN1_put_eoc(unsigned char **outp); 1770 1771 // ASN1_object_size returns the number of bytes needed to encode a DER or BER 1772 // value with length |length| and tag number |tag|, or -1 on error. |tag| should 1773 // not include the constructed bit or tag class. If |constructed| is zero or 1774 // one, the result uses a definite-length encoding with minimally-encoded 1775 // length, as in DER. If |constructed| is two, the result uses BER 1776 // indefinite-length encoding. 1777 // 1778 // Use |CBB_add_asn1| instead. 1779 OPENSSL_EXPORT int ASN1_object_size(int constructed, int length, int tag); 1780 1781 1782 // Function declaration macros. 1783 // 1784 // The following macros declare functions for ASN.1 types. Prefer writing the 1785 // prototypes directly. Particularly when |type|, |itname|, or |name| differ, 1786 // the macros can be difficult to understand. 1787 1788 #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) 1789 1790 #define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ 1791 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) 1792 1793 #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ 1794 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ 1795 DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) 1796 1797 #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ 1798 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ 1799 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) 1800 1801 #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ 1802 OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ 1803 long len); \ 1804 OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \ 1805 DECLARE_ASN1_ITEM(itname) 1806 1807 #define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ 1808 OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ 1809 long len); \ 1810 OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ 1811 DECLARE_ASN1_ITEM(name) 1812 1813 #define DECLARE_ASN1_FUNCTIONS_const(name) \ 1814 DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ 1815 DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) 1816 1817 #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ 1818 OPENSSL_EXPORT type *name##_new(void); \ 1819 OPENSSL_EXPORT void name##_free(type *a); 1820 1821 1822 // Deprecated functions. 1823 1824 // ASN1_STRING_set_default_mask does nothing. 1825 OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask); 1826 1827 // ASN1_STRING_set_default_mask_asc returns one. 1828 OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p); 1829 1830 // ASN1_STRING_get_default_mask returns |B_ASN1_UTF8STRING|. 1831 OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void); 1832 1833 // ASN1_STRING_TABLE_cleanup does nothing. 1834 OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void); 1835 1836 // M_ASN1_* are legacy aliases for various |ASN1_STRING| functions. Use the 1837 // functions themselves. 1838 #define M_ASN1_STRING_length(x) ASN1_STRING_length(x) 1839 #define M_ASN1_STRING_type(x) ASN1_STRING_type(x) 1840 #define M_ASN1_STRING_data(x) ASN1_STRING_data(x) 1841 #define M_ASN1_BIT_STRING_new() ASN1_BIT_STRING_new() 1842 #define M_ASN1_BIT_STRING_free(a) ASN1_BIT_STRING_free(a) 1843 #define M_ASN1_BIT_STRING_dup(a) ASN1_STRING_dup(a) 1844 #define M_ASN1_BIT_STRING_cmp(a, b) ASN1_STRING_cmp(a, b) 1845 #define M_ASN1_BIT_STRING_set(a, b, c) ASN1_BIT_STRING_set(a, b, c) 1846 #define M_ASN1_INTEGER_new() ASN1_INTEGER_new() 1847 #define M_ASN1_INTEGER_free(a) ASN1_INTEGER_free(a) 1848 #define M_ASN1_INTEGER_dup(a) ASN1_INTEGER_dup(a) 1849 #define M_ASN1_INTEGER_cmp(a, b) ASN1_INTEGER_cmp(a, b) 1850 #define M_ASN1_ENUMERATED_new() ASN1_ENUMERATED_new() 1851 #define M_ASN1_ENUMERATED_free(a) ASN1_ENUMERATED_free(a) 1852 #define M_ASN1_ENUMERATED_dup(a) ASN1_STRING_dup(a) 1853 #define M_ASN1_ENUMERATED_cmp(a, b) ASN1_STRING_cmp(a, b) 1854 #define M_ASN1_OCTET_STRING_new() ASN1_OCTET_STRING_new() 1855 #define M_ASN1_OCTET_STRING_free(a) ASN1_OCTET_STRING_free() 1856 #define M_ASN1_OCTET_STRING_dup(a) ASN1_OCTET_STRING_dup(a) 1857 #define M_ASN1_OCTET_STRING_cmp(a, b) ASN1_OCTET_STRING_cmp(a, b) 1858 #define M_ASN1_OCTET_STRING_set(a, b, c) ASN1_OCTET_STRING_set(a, b, c) 1859 #define M_ASN1_OCTET_STRING_print(a, b) ASN1_STRING_print(a, b) 1860 #define M_ASN1_PRINTABLESTRING_new() ASN1_PRINTABLESTRING_new() 1861 #define M_ASN1_PRINTABLESTRING_free(a) ASN1_PRINTABLESTRING_free(a) 1862 #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() 1863 #define M_ASN1_IA5STRING_free(a) ASN1_IA5STRING_free(a) 1864 #define M_ASN1_IA5STRING_dup(a) ASN1_STRING_dup(a) 1865 #define M_ASN1_UTCTIME_new() ASN1_UTCTIME_new() 1866 #define M_ASN1_UTCTIME_free(a) ASN1_UTCTIME_free(a) 1867 #define M_ASN1_UTCTIME_dup(a) ASN1_STRING_dup(a) 1868 #define M_ASN1_T61STRING_new() ASN1_T61STRING_new() 1869 #define M_ASN1_T61STRING_free(a) ASN1_T61STRING_free(a) 1870 #define M_ASN1_GENERALIZEDTIME_new() ASN1_GENERALIZEDTIME_new() 1871 #define M_ASN1_GENERALIZEDTIME_free(a) ASN1_GENERALIZEDTIME_free(a) 1872 #define M_ASN1_GENERALIZEDTIME_dup(a) ASN1_STRING_dup(a) 1873 #define M_ASN1_GENERALSTRING_new() ASN1_GENERALSTRING_new() 1874 #define M_ASN1_GENERALSTRING_free(a) ASN1_GENERALSTRING_free(a) 1875 #define M_ASN1_UNIVERSALSTRING_new() ASN1_UNIVERSALSTRING_new() 1876 #define M_ASN1_UNIVERSALSTRING_free(a) ASN1_UNIVERSALSTRING_free(a) 1877 #define M_ASN1_BMPSTRING_new() ASN1_BMPSTRING_new() 1878 #define M_ASN1_BMPSTRING_free(a) ASN1_BMPSTRING_free(a) 1879 #define M_ASN1_VISIBLESTRING_new() ASN1_VISIBLESTRING_new() 1880 #define M_ASN1_VISIBLESTRING_free(a) ASN1_VISIBLESTRING_free(a) 1881 #define M_ASN1_UTF8STRING_new() ASN1_UTF8STRING_new() 1882 #define M_ASN1_UTF8STRING_free(a) ASN1_UTF8STRING_free(a) 1883 1884 // B_ASN1_PRINTABLE is a bitmask for an ad-hoc subset of string-like types. Note 1885 // the presence of |B_ASN1_UNKNOWN| means it includes types which |ASN1_tag2bit| 1886 // maps to |B_ASN1_UNKNOWN|. 1887 // 1888 // Do not use this. Despite the name, it has no connection to PrintableString or 1889 // printable characters. See https://crbug.com/boringssl/412. 1890 #define B_ASN1_PRINTABLE \ 1891 (B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | \ 1892 B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | \ 1893 B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN) 1894 1895 // ASN1_PRINTABLE_new returns a newly-allocated |ASN1_STRING| with type -1, or 1896 // NULL on error. The resulting |ASN1_STRING| is not a valid ASN.1 value until 1897 // initialized with a value. 1898 OPENSSL_EXPORT ASN1_STRING *ASN1_PRINTABLE_new(void); 1899 1900 // ASN1_PRINTABLE_free calls |ASN1_STRING_free|. 1901 OPENSSL_EXPORT void ASN1_PRINTABLE_free(ASN1_STRING *str); 1902 1903 // d2i_ASN1_PRINTABLE parses up to |len| bytes from |*inp| as a DER-encoded 1904 // CHOICE of an ad-hoc subset of string-like types, as described in 1905 // |d2i_SAMPLE|. 1906 // 1907 // Do not use this. Despite, the name it has no connection to PrintableString or 1908 // printable characters. See https://crbug.com/boringssl/412. 1909 // 1910 // TODO(https://crbug.com/boringssl/354): This function currently also accepts 1911 // BER, but this will be removed in the future. 1912 OPENSSL_EXPORT ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **out, 1913 const uint8_t **inp, long len); 1914 1915 // i2d_ASN1_PRINTABLE marshals |in| as DER, as described in |i2d_SAMPLE|. 1916 // 1917 // Do not use this. Despite the name, it has no connection to PrintableString or 1918 // printable characters. See https://crbug.com/boringssl/412. 1919 OPENSSL_EXPORT int i2d_ASN1_PRINTABLE(const ASN1_STRING *in, uint8_t **outp); 1920 1921 // ASN1_PRINTABLE is an |ASN1_ITEM| whose ASN.1 type is a CHOICE of an ad-hoc 1922 // subset of string-like types, and whose C type is |ASN1_STRING*|. 1923 // 1924 // Do not use this. Despite the name, it has no connection to PrintableString or 1925 // printable characters. See https://crbug.com/boringssl/412. 1926 DECLARE_ASN1_ITEM(ASN1_PRINTABLE) 1927 1928 // ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on 1929 // success and zero on error. 1930 // 1931 // Use |ASN1_INTEGER_set_uint64| and |ASN1_INTEGER_set_int64| instead. 1932 OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); 1933 1934 // ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one 1935 // on success and zero on error. 1936 // 1937 // Use |ASN1_ENUMERATED_set_uint64| and |ASN1_ENUMERATED_set_int64| instead. 1938 OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); 1939 1940 // ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of 1941 // range or the wrong type. 1942 // 1943 // WARNING: This function's return value cannot distinguish errors from -1. 1944 // Use |ASN1_INTEGER_get_uint64| and |ASN1_INTEGER_get_int64| instead. 1945 OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a); 1946 1947 // ASN1_ENUMERATED_get returns the value of |a| as a |long|, or -1 if |a| is out 1948 // of range or the wrong type. 1949 // 1950 // WARNING: This function's return value cannot distinguish errors from -1. 1951 // Use |ASN1_ENUMERATED_get_uint64| and |ASN1_ENUMERATED_get_int64| instead. 1952 OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); 1953 1954 1955 #if defined(__cplusplus) 1956 } // extern C 1957 1958 extern "C++" { 1959 1960 BSSL_NAMESPACE_BEGIN 1961 1962 BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free) 1963 BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free) 1964 BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free) 1965 1966 BSSL_NAMESPACE_END 1967 1968 } // extern C++ 1969 1970 #endif 1971 1972 #define ASN1_R_ASN1_LENGTH_MISMATCH 100 1973 #define ASN1_R_AUX_ERROR 101 1974 #define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 102 1975 #define ASN1_R_BAD_OBJECT_HEADER 103 1976 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 104 1977 #define ASN1_R_BN_LIB 105 1978 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 1979 #define ASN1_R_BUFFER_TOO_SMALL 107 1980 #define ASN1_R_CONTEXT_NOT_INITIALISED 108 1981 #define ASN1_R_DECODE_ERROR 109 1982 #define ASN1_R_DEPTH_EXCEEDED 110 1983 #define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 111 1984 #define ASN1_R_ENCODE_ERROR 112 1985 #define ASN1_R_ERROR_GETTING_TIME 113 1986 #define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 114 1987 #define ASN1_R_EXPECTING_AN_INTEGER 115 1988 #define ASN1_R_EXPECTING_AN_OBJECT 116 1989 #define ASN1_R_EXPECTING_A_BOOLEAN 117 1990 #define ASN1_R_EXPECTING_A_TIME 118 1991 #define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 1992 #define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 1993 #define ASN1_R_FIELD_MISSING 121 1994 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 1995 #define ASN1_R_HEADER_TOO_LONG 123 1996 #define ASN1_R_ILLEGAL_BITSTRING_FORMAT 124 1997 #define ASN1_R_ILLEGAL_BOOLEAN 125 1998 #define ASN1_R_ILLEGAL_CHARACTERS 126 1999 #define ASN1_R_ILLEGAL_FORMAT 127 2000 #define ASN1_R_ILLEGAL_HEX 128 2001 #define ASN1_R_ILLEGAL_IMPLICIT_TAG 129 2002 #define ASN1_R_ILLEGAL_INTEGER 130 2003 #define ASN1_R_ILLEGAL_NESTED_TAGGING 131 2004 #define ASN1_R_ILLEGAL_NULL 132 2005 #define ASN1_R_ILLEGAL_NULL_VALUE 133 2006 #define ASN1_R_ILLEGAL_OBJECT 134 2007 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 135 2008 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 136 2009 #define ASN1_R_ILLEGAL_TAGGED_ANY 137 2010 #define ASN1_R_ILLEGAL_TIME_VALUE 138 2011 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 139 2012 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 140 2013 #define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 141 2014 #define ASN1_R_INVALID_BMPSTRING 142 2015 #define ASN1_R_INVALID_DIGIT 143 2016 #define ASN1_R_INVALID_MODIFIER 144 2017 #define ASN1_R_INVALID_NUMBER 145 2018 #define ASN1_R_INVALID_OBJECT_ENCODING 146 2019 #define ASN1_R_INVALID_SEPARATOR 147 2020 #define ASN1_R_INVALID_TIME_FORMAT 148 2021 #define ASN1_R_INVALID_UNIVERSALSTRING 149 2022 #define ASN1_R_INVALID_UTF8STRING 150 2023 #define ASN1_R_LIST_ERROR 151 2024 #define ASN1_R_MISSING_ASN1_EOS 152 2025 #define ASN1_R_MISSING_EOC 153 2026 #define ASN1_R_MISSING_SECOND_NUMBER 154 2027 #define ASN1_R_MISSING_VALUE 155 2028 #define ASN1_R_MSTRING_NOT_UNIVERSAL 156 2029 #define ASN1_R_MSTRING_WRONG_TAG 157 2030 #define ASN1_R_NESTED_ASN1_ERROR 158 2031 #define ASN1_R_NESTED_ASN1_STRING 159 2032 #define ASN1_R_NON_HEX_CHARACTERS 160 2033 #define ASN1_R_NOT_ASCII_FORMAT 161 2034 #define ASN1_R_NOT_ENOUGH_DATA 162 2035 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 163 2036 #define ASN1_R_NULL_IS_WRONG_LENGTH 164 2037 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT 165 2038 #define ASN1_R_ODD_NUMBER_OF_CHARS 166 2039 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 167 2040 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 168 2041 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 169 2042 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 170 2043 #define ASN1_R_SHORT_LINE 171 2044 #define ASN1_R_STREAMING_NOT_SUPPORTED 172 2045 #define ASN1_R_STRING_TOO_LONG 173 2046 #define ASN1_R_STRING_TOO_SHORT 174 2047 #define ASN1_R_TAG_VALUE_TOO_HIGH 175 2048 #define ASN1_R_TIME_NOT_ASCII_FORMAT 176 2049 #define ASN1_R_TOO_LONG 177 2050 #define ASN1_R_TYPE_NOT_CONSTRUCTED 178 2051 #define ASN1_R_TYPE_NOT_PRIMITIVE 179 2052 #define ASN1_R_UNEXPECTED_EOC 180 2053 #define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 181 2054 #define ASN1_R_UNKNOWN_FORMAT 182 2055 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 183 2056 #define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 184 2057 #define ASN1_R_UNKNOWN_TAG 185 2058 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 186 2059 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 187 2060 #define ASN1_R_UNSUPPORTED_TYPE 188 2061 #define ASN1_R_WRONG_PUBLIC_KEY_TYPE 189 2062 #define ASN1_R_WRONG_TAG 190 2063 #define ASN1_R_WRONG_TYPE 191 2064 #define ASN1_R_NESTED_TOO_DEEP 192 2065 #define ASN1_R_BAD_TEMPLATE 193 2066 #define ASN1_R_INVALID_BIT_STRING_PADDING 194 2067 #define ASN1_R_WRONG_INTEGER_TYPE 195 2068 #define ASN1_R_INVALID_INTEGER 196 2069 2070 #endif // OPENSSL_HEADER_ASN1_H 2071