1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2 * All rights reserved. 3 * 4 * This package is an SSL implementation written 5 * by Eric Young (eay@cryptsoft.com). 6 * The implementation was written so as to conform with Netscapes SSL. 7 * 8 * This library is free for commercial and non-commercial use as long as 9 * the following conditions are aheared to. The following conditions 10 * apply to all code found in this distribution, be it the RC4, RSA, 11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * included with this distribution is covered by the same copyright terms 13 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * 15 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * the code are not to be removed. 17 * If this package is used in a product, Eric Young should be given attribution 18 * as the author of the parts of the library used. 19 * This can be in the form of a textual message at program startup or 20 * in documentation (online or textual) provided with the package. 21 * 22 * Redistribution and use in source and binary forms, with or without 23 * modification, are permitted provided that the following conditions 24 * are met: 25 * 1. Redistributions of source code must retain the copyright 26 * notice, this list of conditions and the following disclaimer. 27 * 2. Redistributions in binary form must reproduce the above copyright 28 * notice, this list of conditions and the following disclaimer in the 29 * documentation and/or other materials provided with the distribution. 30 * 3. All advertising materials mentioning features or use of this software 31 * must display the following acknowledgement: 32 * "This product includes cryptographic software written by 33 * Eric Young (eay@cryptsoft.com)" 34 * The word 'cryptographic' can be left out if the rouines from the library 35 * being used are not cryptographic related :-). 36 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * the apps directory (application code) you must include an acknowledgement: 38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * SUCH DAMAGE. 51 * 52 * The licence and distribution terms for any publically available version or 53 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * copied and put under another distribution licence 55 * [including the GNU Public Licence.] 56 */ 57 58 #ifndef HEADER_ASN1_H 59 #define HEADER_ASN1_H 60 61 #include <openssl/base.h> 62 63 #include <time.h> 64 65 #include <openssl/bio.h> 66 #include <openssl/stack.h> 67 68 #include <openssl/bn.h> 69 70 #ifdef __cplusplus 71 extern "C" { 72 #endif 73 74 75 // Legacy ASN.1 library. 76 // 77 // This header is part of OpenSSL's ASN.1 implementation. It is retained for 78 // compatibility but otherwise underdocumented and not actively maintained. Use 79 // the new |CBS| and |CBB| library in <openssl/bytestring.h> instead. 80 81 82 // Tag constants. 83 // 84 // These constants are used in various APIs to specify ASN.1 types and tag 85 // components. See the specific API's documentation for details on which values 86 // are used and how. 87 88 // The following constants are tag classes. 89 #define V_ASN1_UNIVERSAL 0x00 90 #define V_ASN1_APPLICATION 0x40 91 #define V_ASN1_CONTEXT_SPECIFIC 0x80 92 #define V_ASN1_PRIVATE 0xc0 93 94 // V_ASN1_CONSTRUCTED indicates an element is constructed, rather than 95 // primitive. 96 #define V_ASN1_CONSTRUCTED 0x20 97 98 // V_ASN1_PRIMITIVE_TAG is the highest tag number which can be encoded in a 99 // single byte. Note this is unrelated to whether an element is constructed or 100 // primitive. 101 // 102 // TODO(davidben): Make this private. 103 #define V_ASN1_PRIMITIVE_TAG 0x1f 104 105 // V_ASN1_MAX_UNIVERSAL is the highest supported universal tag number. It is 106 // necessary to avoid ambiguity with |V_ASN1_NEG| and |MBSTRING_FLAG|. 107 // 108 // TODO(davidben): Make this private. 109 #define V_ASN1_MAX_UNIVERSAL 0xff 110 111 // V_ASN1_UNDEF is used in some APIs to indicate an ASN.1 element is omitted. 112 #define V_ASN1_UNDEF (-1) 113 114 // V_ASN1_OTHER is used in |ASN1_TYPE| to indicate a non-universal ASN.1 type. 115 #define V_ASN1_OTHER (-3) 116 117 // V_ASN1_ANY is used by the ASN.1 templates to indicate an ANY type. 118 #define V_ASN1_ANY (-4) 119 120 // The following constants are tag numbers for universal types. 121 #define V_ASN1_EOC 0 122 #define V_ASN1_BOOLEAN 1 123 #define V_ASN1_INTEGER 2 124 #define V_ASN1_BIT_STRING 3 125 #define V_ASN1_OCTET_STRING 4 126 #define V_ASN1_NULL 5 127 #define V_ASN1_OBJECT 6 128 #define V_ASN1_OBJECT_DESCRIPTOR 7 129 #define V_ASN1_EXTERNAL 8 130 #define V_ASN1_REAL 9 131 #define V_ASN1_ENUMERATED 10 132 #define V_ASN1_UTF8STRING 12 133 #define V_ASN1_SEQUENCE 16 134 #define V_ASN1_SET 17 135 #define V_ASN1_NUMERICSTRING 18 136 #define V_ASN1_PRINTABLESTRING 19 137 #define V_ASN1_T61STRING 20 138 #define V_ASN1_TELETEXSTRING 20 139 #define V_ASN1_VIDEOTEXSTRING 21 140 #define V_ASN1_IA5STRING 22 141 #define V_ASN1_UTCTIME 23 142 #define V_ASN1_GENERALIZEDTIME 24 143 #define V_ASN1_GRAPHICSTRING 25 144 #define V_ASN1_ISO64STRING 26 145 #define V_ASN1_VISIBLESTRING 26 146 #define V_ASN1_GENERALSTRING 27 147 #define V_ASN1_UNIVERSALSTRING 28 148 #define V_ASN1_BMPSTRING 30 149 150 // The following constants are used for |ASN1_STRING| values that represent 151 // negative INTEGER and ENUMERATED values. See |ASN1_STRING| for more details. 152 #define V_ASN1_NEG 0x100 153 #define V_ASN1_NEG_INTEGER (V_ASN1_INTEGER | V_ASN1_NEG) 154 #define V_ASN1_NEG_ENUMERATED (V_ASN1_ENUMERATED | V_ASN1_NEG) 155 156 // The following constants are bitmask representations of ASN.1 types. 157 #define B_ASN1_NUMERICSTRING 0x0001 158 #define B_ASN1_PRINTABLESTRING 0x0002 159 #define B_ASN1_T61STRING 0x0004 160 #define B_ASN1_TELETEXSTRING 0x0004 161 #define B_ASN1_VIDEOTEXSTRING 0x0008 162 #define B_ASN1_IA5STRING 0x0010 163 #define B_ASN1_GRAPHICSTRING 0x0020 164 #define B_ASN1_ISO64STRING 0x0040 165 #define B_ASN1_VISIBLESTRING 0x0040 166 #define B_ASN1_GENERALSTRING 0x0080 167 #define B_ASN1_UNIVERSALSTRING 0x0100 168 #define B_ASN1_OCTET_STRING 0x0200 169 #define B_ASN1_BIT_STRING 0x0400 170 #define B_ASN1_BMPSTRING 0x0800 171 #define B_ASN1_UNKNOWN 0x1000 172 #define B_ASN1_UTF8STRING 0x2000 173 #define B_ASN1_UTCTIME 0x4000 174 #define B_ASN1_GENERALIZEDTIME 0x8000 175 #define B_ASN1_SEQUENCE 0x10000 176 177 // ASN1_tag2str returns a string representation of |tag|, interpret as a tag 178 // number for a universal type, or |V_ASN1_NEG_*|. 179 OPENSSL_EXPORT const char *ASN1_tag2str(int tag); 180 181 182 // Strings. 183 // 184 // ASN.1 contains a myriad of string types, as well as types that contain data 185 // that may be encoded into a string. This library uses a single type, 186 // |ASN1_STRING|, to represent most values. 187 188 // An asn1_string_st (aka |ASN1_STRING|) represents a value of a string-like 189 // ASN.1 type. It contains a type field, and a byte string data field with a 190 // type-specific representation. 191 // 192 // When representing a string value, the type field is one of 193 // |V_ASN1_OCTET_STRING|, |V_ASN1_UTF8STRING|, |V_ASN1_NUMERICSTRING|, 194 // |V_ASN1_PRINTABLESTRING|, |V_ASN1_T61STRING|, |V_ASN1_VIDEOTEXSTRING|, 195 // |V_ASN1_IA5STRING|, |V_ASN1_GRAPHICSTRING|, |V_ASN1_ISO64STRING|, 196 // |V_ASN1_VISIBLESTRING|, |V_ASN1_GENERALSTRING|, |V_ASN1_UNIVERSALSTRING|, or 197 // |V_ASN1_BMPSTRING|. The data contains the byte representation of of the 198 // string. 199 // 200 // When representing a BIT STRING value, the type field is |V_ASN1_BIT_STRING|. 201 // See bit string documentation below for how the data and flags are used. 202 // 203 // When representing an INTEGER or ENUMERATED value, the type field is one of 204 // |V_ASN1_INTEGER|, |V_ASN1_NEG_INTEGER|, |V_ASN1_ENUMERATED|, or 205 // |V_ASN1_NEG_ENUMERATED|. See integer documentation below for details. 206 // 207 // When representing a GeneralizedTime or UTCTime value, the type field is 208 // |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The data contains 209 // the DER encoding of the value. For example, the UNIX epoch would be 210 // "19700101000000Z" for a GeneralizedTime and "700101000000Z" for a UTCTime. 211 // 212 // |ASN1_STRING|, when stored in an |ASN1_TYPE|, may also represent an element 213 // with tag not directly supported by this library. See |ASN1_TYPE| for details. 214 // 215 // |ASN1_STRING| additionally has the following typedefs: |ASN1_BIT_STRING|, 216 // |ASN1_BMPSTRING|, |ASN1_ENUMERATED|, |ASN1_GENERALIZEDTIME|, 217 // |ASN1_GENERALSTRING|, |ASN1_IA5STRING|, |ASN1_INTEGER|, |ASN1_OCTET_STRING|, 218 // |ASN1_PRINTABLESTRING|, |ASN1_T61STRING|, |ASN1_TIME|, 219 // |ASN1_UNIVERSALSTRING|, |ASN1_UTCTIME|, |ASN1_UTF8STRING|, and 220 // |ASN1_VISIBLESTRING|. Other than |ASN1_TIME|, these correspond to universal 221 // ASN.1 types. |ASN1_TIME| represents a CHOICE of UTCTime and GeneralizedTime, 222 // with a cutoff of 2049, as used in Section 4.1.2.5 of RFC 5280. 223 // 224 // For clarity, callers are encouraged to use the appropriate typedef when 225 // available. They are the same type as |ASN1_STRING|, so a caller may freely 226 // pass them into functions expecting |ASN1_STRING|, such as 227 // |ASN1_STRING_length|. 228 // 229 // If a function returns an |ASN1_STRING| where the typedef or ASN.1 structure 230 // implies constraints on the type field, callers may assume that the type field 231 // is correct. However, if a function takes an |ASN1_STRING| as input, callers 232 // must ensure the type field matches. These invariants are not captured by the 233 // C type system and may not be checked at runtime. For example, callers may 234 // assume the output of |X509_get0_serialNumber| has type |V_ASN1_INTEGER| or 235 // |V_ASN1_NEG_INTEGER|. Callers must not pass a string of type 236 // |V_ASN1_OCTET_STRING| to |X509_set_serialNumber|. Doing so may break 237 // invariants on the |X509| object and break the |X509_get0_serialNumber| 238 // invariant. 239 // 240 // TODO(davidben): This is very unfriendly. Getting the type field wrong should 241 // not cause memory errors, but it may do strange things. We should add runtime 242 // checks to anything that consumes |ASN1_STRING|s from the caller. 243 struct asn1_string_st { 244 int length; 245 int type; 246 unsigned char *data; 247 long flags; 248 }; 249 250 // ASN1_STRING_FLAG_BITS_LEFT indicates, in a BIT STRING |ASN1_STRING|, that 251 // flags & 0x7 contains the number of padding bits added to the BIT STRING 252 // value. When not set, all trailing zero bits in the last byte are implicitly 253 // treated as padding. This behavior is deprecated and should not be used. 254 #define ASN1_STRING_FLAG_BITS_LEFT 0x08 255 256 // ASN1_STRING_type_new returns a newly-allocated empty |ASN1_STRING| object of 257 // type |type|, or NULL on error. 258 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_type_new(int type); 259 260 // ASN1_STRING_new returns a newly-allocated empty |ASN1_STRING| object with an 261 // arbitrary type. Prefer one of the type-specific constructors, such as 262 // |ASN1_OCTET_STRING_new|, or |ASN1_STRING_type_new|. 263 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_new(void); 264 265 // ASN1_STRING_free releases memory associated with |str|. 266 OPENSSL_EXPORT void ASN1_STRING_free(ASN1_STRING *str); 267 268 // ASN1_STRING_copy sets |dst| to a copy of |str|. It returns one on success and 269 // zero on error. 270 OPENSSL_EXPORT int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str); 271 272 // ASN1_STRING_dup returns a newly-allocated copy of |str|, or NULL on error. 273 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str); 274 275 // ASN1_STRING_type returns the type of |str|. This value will be one of the 276 // |V_ASN1_*| constants. 277 OPENSSL_EXPORT int ASN1_STRING_type(const ASN1_STRING *str); 278 279 // ASN1_STRING_get0_data returns a pointer to |str|'s contents. Callers should 280 // use |ASN1_STRING_length| to determine the length of the string. The string 281 // may have embedded NUL bytes and may not be NUL-terminated. 282 OPENSSL_EXPORT const unsigned char *ASN1_STRING_get0_data( 283 const ASN1_STRING *str); 284 285 // ASN1_STRING_data returns a mutable pointer to |str|'s contents. Callers 286 // should use |ASN1_STRING_length| to determine the length of the string. The 287 // string may have embedded NUL bytes and may not be NUL-terminated. 288 // 289 // Prefer |ASN1_STRING_get0_data|. 290 OPENSSL_EXPORT unsigned char *ASN1_STRING_data(ASN1_STRING *str); 291 292 // ASN1_STRING_length returns the length of |str|, in bytes. 293 OPENSSL_EXPORT int ASN1_STRING_length(const ASN1_STRING *str); 294 295 // ASN1_STRING_cmp compares |a| and |b|'s type and contents. It returns an 296 // integer equal to, less than, or greater than zero if |a| is equal to, less 297 // than, or greater than |b|, respectively. This function compares by length, 298 // then data, then type. Note the data compared is the |ASN1_STRING| internal 299 // representation and the type order is arbitrary. While this comparison is 300 // suitable for sorting, callers should not rely on the exact order when |a| 301 // and |b| are different types. 302 // 303 // If |a| or |b| are BIT STRINGs, this function does not compare the 304 // |ASN1_STRING_FLAG_BITS_LEFT| flags. Additionally, if |a| and |b| are 305 // INTEGERs, this comparison does not order the values numerically. For a 306 // numerical comparison, use |ASN1_INTEGER_cmp|. 307 // 308 // TODO(davidben): The BIT STRING comparison seems like a bug. Fix it? 309 OPENSSL_EXPORT int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b); 310 311 // ASN1_STRING_set sets the contents of |str| to a copy of |len| bytes from 312 // |data|. It returns one on success and zero on error. 313 OPENSSL_EXPORT int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); 314 315 // ASN1_STRING_set0 sets the contents of |str| to |len| bytes from |data|. It 316 // takes ownership of |data|, which must have been allocated with 317 // |OPENSSL_malloc|. 318 OPENSSL_EXPORT void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len); 319 320 // ASN1_STRING_to_UTF8 converts |in| to UTF-8. On success, sets |*out| to a 321 // newly-allocated buffer containing the resulting string and returns the length 322 // of the string. The caller must call |OPENSSL_free| to release |*out| when 323 // done. On error, it returns a negative number. 324 OPENSSL_EXPORT int ASN1_STRING_to_UTF8(unsigned char **out, 325 const ASN1_STRING *in); 326 327 // The following formats define encodings for use with functions like 328 // |ASN1_mbstring_copy|. 329 #define MBSTRING_FLAG 0x1000 330 #define MBSTRING_UTF8 (MBSTRING_FLAG) 331 // |MBSTRING_ASC| refers to Latin-1, not ASCII. 332 #define MBSTRING_ASC (MBSTRING_FLAG | 1) 333 #define MBSTRING_BMP (MBSTRING_FLAG | 2) 334 #define MBSTRING_UNIV (MBSTRING_FLAG | 4) 335 336 // DIRSTRING_TYPE contains the valid string types in an X.509 DirectoryString. 337 #define DIRSTRING_TYPE \ 338 (B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | B_ASN1_BMPSTRING | \ 339 B_ASN1_UTF8STRING) 340 341 // PKCS9STRING_TYPE contains the valid string types in a PKCS9String. 342 #define PKCS9STRING_TYPE (DIRSTRING_TYPE | B_ASN1_IA5STRING) 343 344 // ASN1_mbstring_copy converts |len| bytes from |in| to an ASN.1 string. If 345 // |len| is -1, |in| must be NUL-terminated and the length is determined by 346 // |strlen|. |in| is decoded according to |inform|, which must be one of 347 // |MBSTRING_*|. |mask| determines the set of valid output types and is a 348 // bitmask containing a subset of |B_ASN1_PRINTABLESTRING|, |B_ASN1_IA5STRING|, 349 // |B_ASN1_T61STRING|, |B_ASN1_BMPSTRING|, |B_ASN1_UNIVERSALSTRING|, and 350 // |B_ASN1_UTF8STRING|, in that preference order. This function chooses the 351 // first output type in |mask| which can represent |in|. It interprets T61String 352 // as Latin-1, rather than T.61. 353 // 354 // If |mask| is zero, |DIRSTRING_TYPE| is used by default. 355 // 356 // On success, this function returns the |V_ASN1_*| constant corresponding to 357 // the selected output type and, if |out| and |*out| are both non-NULL, updates 358 // the object at |*out| with the result. If |out| is non-NULL and |*out| is 359 // NULL, it instead sets |*out| to a newly-allocated |ASN1_STRING| containing 360 // the result. If |out| is NULL, it returns the selected output type without 361 // constructing an |ASN1_STRING|. On error, this function returns -1. 362 OPENSSL_EXPORT int ASN1_mbstring_copy(ASN1_STRING **out, const uint8_t *in, 363 int len, int inform, unsigned long mask); 364 365 // ASN1_mbstring_ncopy behaves like |ASN1_mbstring_copy| but returns an error if 366 // the input is less than |minsize| or greater than |maxsize| codepoints long. A 367 // |maxsize| value of zero is ignored. Note the sizes are measured in 368 // codepoints, not output bytes. 369 OPENSSL_EXPORT int ASN1_mbstring_ncopy(ASN1_STRING **out, const uint8_t *in, 370 int len, int inform, unsigned long mask, 371 long minsize, long maxsize); 372 373 // TODO(davidben): Expand and document function prototypes generated in macros. 374 375 376 // Bit strings. 377 // 378 // An ASN.1 BIT STRING type represents a string of bits. The string may not 379 // necessarily be a whole number of bytes. BIT STRINGs occur in ASN.1 structures 380 // in several forms: 381 // 382 // Some BIT STRINGs represent a bitmask of named bits, such as the X.509 key 383 // usage extension in RFC 5280, section 4.2.1.3. For such bit strings, DER 384 // imposes an additional restriction that trailing zero bits are removed. Some 385 // functions like |ASN1_BIT_STRING_set_bit| help in maintaining this. 386 // 387 // Other BIT STRINGs are arbitrary strings of bits used as identifiers and do 388 // not have this constraint, such as the X.509 issuerUniqueID field. 389 // 390 // Finally, some structures use BIT STRINGs as a container for byte strings. For 391 // example, the signatureValue field in X.509 and the subjectPublicKey field in 392 // SubjectPublicKeyInfo are defined as BIT STRINGs with a value specific to the 393 // AlgorithmIdentifier. While some unknown algorithm could choose to store 394 // arbitrary bit strings, all supported algorithms use a byte string, with bit 395 // order matching the DER encoding. Callers interpreting a BIT STRING as a byte 396 // string should use |ASN1_BIT_STRING_num_bytes| instead of |ASN1_STRING_length| 397 // and reject bit strings that are not a whole number of bytes. 398 // 399 // This library represents BIT STRINGs as |ASN1_STRING|s with type 400 // |V_ASN1_BIT_STRING|. The data contains the encoded form of the BIT STRING, 401 // including any padding bits added to round to a whole number of bytes, but 402 // excluding the leading byte containing the number of padding bits. If 403 // |ASN1_STRING_FLAG_BITS_LEFT| is set, the bottom three bits contains the 404 // number of padding bits. For example, DER encodes the BIT STRING {1, 0} as 405 // {0x06, 0x80 = 0b10_000000}. The |ASN1_STRING| representation has data of 406 // {0x80} and flags of ASN1_STRING_FLAG_BITS_LEFT | 6. If 407 // |ASN1_STRING_FLAG_BITS_LEFT| is unset, trailing zero bits are implicitly 408 // removed. Callers should not rely this representation when constructing bit 409 // strings. 410 411 // ASN1_BIT_STRING_num_bytes computes the length of |str| in bytes. If |str|'s 412 // bit length is a multiple of 8, it sets |*out| to the byte length and returns 413 // one. Otherwise, it returns zero. 414 // 415 // This function may be used with |ASN1_STRING_get0_data| to interpret |str| as 416 // a byte string. 417 OPENSSL_EXPORT int ASN1_BIT_STRING_num_bytes(const ASN1_BIT_STRING *str, 418 size_t *out); 419 420 // ASN1_BIT_STRING_set calls |ASN1_STRING_set|. It leaves flags unchanged, so 421 // the caller must set the number of unused bits. 422 // 423 // TODO(davidben): Maybe it should? Wrapping a byte string in a bit string is a 424 // common use case. 425 OPENSSL_EXPORT int ASN1_BIT_STRING_set(ASN1_BIT_STRING *str, 426 const unsigned char *d, int length); 427 428 // ASN1_BIT_STRING_set_bit sets bit |n| of |str| to one if |value| is non-zero 429 // and zero if |value| is zero, resizing |str| as needed. It then truncates 430 // trailing zeros in |str| to align with the DER represention for a bit string 431 // with named bits. It returns one on success and zero on error. |n| is indexed 432 // beginning from zero. 433 OPENSSL_EXPORT int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *str, int n, 434 int value); 435 436 // ASN1_BIT_STRING_get_bit returns one if bit |n| of |a| is in bounds and set, 437 // and zero otherwise. |n| is indexed beginning from zero. 438 OPENSSL_EXPORT int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *str, int n); 439 440 // ASN1_BIT_STRING_check returns one if |str| only contains bits that are set in 441 // the |flags_len| bytes pointed by |flags|. Otherwise it returns zero. Bits in 442 // |flags| are arranged according to the DER representation, so bit 0 443 // corresponds to the MSB of |flags[0]|. 444 OPENSSL_EXPORT int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *str, 445 const unsigned char *flags, 446 int flags_len); 447 448 // TODO(davidben): Expand and document function prototypes generated in macros. 449 450 451 // Integers and enumerated values. 452 // 453 // INTEGER and ENUMERATED values are represented as |ASN1_STRING|s where the 454 // data contains the big-endian encoding of the absolute value of the integer. 455 // The sign bit is encoded in the type: non-negative values have a type of 456 // |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, while negative values have a type of 457 // |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. Note this differs from DER's 458 // two's complement representation. 459 460 // ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on 461 // success and zero on error. 462 OPENSSL_EXPORT int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); 463 464 // ASN1_INTEGER_set sets |a| to an INTEGER with value |v|. It returns one on 465 // success and zero on error. 466 OPENSSL_EXPORT int ASN1_INTEGER_set_uint64(ASN1_INTEGER *out, uint64_t v); 467 468 // ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of 469 // range or the wrong type. 470 OPENSSL_EXPORT long ASN1_INTEGER_get(const ASN1_INTEGER *a); 471 472 // BN_to_ASN1_INTEGER sets |ai| to an INTEGER with value |bn| and returns |ai| 473 // on success or NULL or error. If |ai| is NULL, it returns a newly-allocated 474 // |ASN1_INTEGER| on success instead, which the caller must release with 475 // |ASN1_INTEGER_free|. 476 OPENSSL_EXPORT ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, 477 ASN1_INTEGER *ai); 478 479 // ASN1_INTEGER_to_BN sets |bn| to the value of |ai| and returns |bn| on success 480 // or NULL or error. If |bn| is NULL, it returns a newly-allocated |BIGNUM| on 481 // success instead, which the caller must release with |BN_free|. 482 OPENSSL_EXPORT BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn); 483 484 // ASN1_INTEGER_cmp compares the values of |x| and |y|. It returns an integer 485 // equal to, less than, or greater than zero if |x| is equal to, less than, or 486 // greater than |y|, respectively. 487 OPENSSL_EXPORT int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, 488 const ASN1_INTEGER *y); 489 490 // ASN1_ENUMERATED_set sets |a| to an ENUMERATED with value |v|. It returns one 491 // on success and zero on error. 492 OPENSSL_EXPORT int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); 493 494 // ASN1_INTEGER_get returns the value of |a| as a |long|, or -1 if |a| is out of 495 // range or the wrong type. 496 OPENSSL_EXPORT long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a); 497 498 // BN_to_ASN1_ENUMERATED sets |ai| to an ENUMERATED with value |bn| and returns 499 // |ai| on success or NULL or error. If |ai| is NULL, it returns a 500 // newly-allocated |ASN1_INTEGER| on success instead, which the caller must 501 // release with |ASN1_INTEGER_free|. 502 OPENSSL_EXPORT ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, 503 ASN1_ENUMERATED *ai); 504 505 // ASN1_ENUMERATED_to_BN sets |bn| to the value of |ai| and returns |bn| on 506 // success or NULL or error. If |bn| is NULL, it returns a newly-allocated 507 // |BIGNUM| on success instead, which the caller must release with |BN_free|. 508 OPENSSL_EXPORT BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, 509 BIGNUM *bn); 510 511 // TODO(davidben): Expand and document function prototypes generated in macros. 512 513 514 // Time. 515 // 516 // GeneralizedTime and UTCTime values are represented as |ASN1_STRING|s. The 517 // type field is |V_ASN1_GENERALIZEDTIME| or |V_ASN1_UTCTIME|, respectively. The 518 // data field contains the DER encoding of the value. For example, the UNIX 519 // epoch would be "19700101000000Z" for a GeneralizedTime and "700101000000Z" 520 // for a UTCTime. 521 // 522 // ASN.1 does not define how to interpret UTCTime's two-digit year. RFC 5280 523 // defines it as a range from 1950 to 2049 for X.509. The library uses the 524 // RFC 5280 interpretation. It does not currently enforce the restrictions from 525 // BER, and the additional restrictions from RFC 5280, but future versions may. 526 // Callers should not rely on fractional seconds and non-UTC time zones. 527 // 528 // The |ASN1_TIME| typedef represents the X.509 Time type, which is a CHOICE of 529 // GeneralizedTime and UTCTime, using UTCTime when the value is in range. 530 531 // ASN1_UTCTIME_check returns one if |a| is a valid UTCTime and zero otherwise. 532 OPENSSL_EXPORT int ASN1_UTCTIME_check(const ASN1_UTCTIME *a); 533 534 // ASN1_UTCTIME_set represents |t| as a UTCTime and writes the result to |s|. It 535 // returns |s| on success and NULL on error. If |s| is NULL, it returns a 536 // newly-allocated |ASN1_UTCTIME| instead. 537 // 538 // Note this function may fail if the time is out of range for UTCTime. 539 OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s, time_t t); 540 541 // ASN1_UTCTIME_adj adds |offset_day| days and |offset_sec| seconds to |t| and 542 // writes the result to |s| as a UTCTime. It returns |s| on success and NULL on 543 // error. If |s| is NULL, it returns a newly-allocated |ASN1_UTCTIME| instead. 544 // 545 // Note this function may fail if the time overflows or is out of range for 546 // UTCTime. 547 OPENSSL_EXPORT ASN1_UTCTIME *ASN1_UTCTIME_adj(ASN1_UTCTIME *s, time_t t, 548 int offset_day, long offset_sec); 549 550 // ASN1_UTCTIME_set_string sets |s| to a UTCTime whose contents are a copy of 551 // |str|. It returns one on success and zero on error or if |str| is not a valid 552 // UTCTime. 553 // 554 // If |s| is NULL, this function validates |str| without copying it. 555 OPENSSL_EXPORT int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, const char *str); 556 557 // ASN1_UTCTIME_cmp_time_t compares |s| to |t|. It returns -1 if |s| < |t|, 0 if 558 // they are equal, 1 if |s| > |t|, and -2 on error. 559 OPENSSL_EXPORT int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); 560 561 // ASN1_GENERALIZEDTIME_check returns one if |a| is a valid GeneralizedTime and 562 // zero otherwise. 563 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_check(const ASN1_GENERALIZEDTIME *a); 564 565 // ASN1_GENERALIZEDTIME_set represents |t| as a GeneralizedTime and writes the 566 // result to |s|. It returns |s| on success and NULL on error. If |s| is NULL, 567 // it returns a newly-allocated |ASN1_GENERALIZEDTIME| instead. 568 // 569 // Note this function may fail if the time is out of range for GeneralizedTime. 570 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set( 571 ASN1_GENERALIZEDTIME *s, time_t t); 572 573 // ASN1_GENERALIZEDTIME_adj adds |offset_day| days and |offset_sec| seconds to 574 // |t| and writes the result to |s| as a GeneralizedTime. It returns |s| on 575 // success and NULL on error. If |s| is NULL, it returns a newly-allocated 576 // |ASN1_GENERALIZEDTIME| instead. 577 // 578 // Note this function may fail if the time overflows or is out of range for 579 // GeneralizedTime. 580 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_adj( 581 ASN1_GENERALIZEDTIME *s, time_t t, int offset_day, long offset_sec); 582 583 // ASN1_GENERALIZEDTIME_set_string sets |s| to a GeneralizedTime whose contents 584 // are a copy of |str|. It returns one on success and zero on error or if |str| 585 // is not a valid GeneralizedTime. 586 // 587 // If |s| is NULL, this function validates |str| without copying it. 588 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, 589 const char *str); 590 591 // ASN1_TIME_diff computes |to| - |from|. On success, it sets |*out_days| to the 592 // difference in days, rounded towards zero, sets |*out_seconds| to the 593 // remainder, and returns one. On error, it returns zero. 594 // 595 // If |from| is before |to|, both outputs will be <= 0, with at least one 596 // negative. If |from| is after |to|, both will be >= 0, with at least one 597 // positive. If they are equal, ignoring fractional seconds, both will be zero. 598 // 599 // Note this function may fail on overflow, or if |from| or |to| cannot be 600 // decoded. 601 OPENSSL_EXPORT int ASN1_TIME_diff(int *out_days, int *out_seconds, 602 const ASN1_TIME *from, const ASN1_TIME *to); 603 604 // ASN1_TIME_set represents |t| as a GeneralizedTime or UTCTime and writes 605 // the result to |s|. As in RFC 5280, section 4.1.2.5, it uses UTCTime when the 606 // time fits and GeneralizedTime otherwise. It returns |s| on success and NULL 607 // on error. If |s| is NULL, it returns a newly-allocated |ASN1_TIME| instead. 608 // 609 // Note this function may fail if the time is out of range for GeneralizedTime. 610 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t); 611 612 // ASN1_TIME_adj adds |offset_day| days and |offset_sec| seconds to 613 // |t| and writes the result to |s|. As in RFC 5280, section 4.1.2.5, it uses 614 // UTCTime when the time fits and GeneralizedTime otherwise. It returns |s| on 615 // success and NULL on error. If |s| is NULL, it returns a newly-allocated 616 // |ASN1_GENERALIZEDTIME| instead. 617 // 618 // Note this function may fail if the time overflows or is out of range for 619 // GeneralizedTime. 620 OPENSSL_EXPORT ASN1_TIME *ASN1_TIME_adj(ASN1_TIME *s, time_t t, int offset_day, 621 long offset_sec); 622 623 // ASN1_TIME_check returns one if |t| is a valid UTCTime or GeneralizedTime, and 624 // zero otherwise. |t|'s type determines which check is performed. This 625 // function does not enforce that UTCTime was used when possible. 626 OPENSSL_EXPORT int ASN1_TIME_check(const ASN1_TIME *t); 627 628 // ASN1_TIME_to_generalizedtime converts |t| to a GeneralizedTime. If |out| is 629 // NULL, it returns a newly-allocated |ASN1_GENERALIZEDTIME| on success, or NULL 630 // on error. If |out| is non-NULL and |*out| is NULL, it additionally sets 631 // |*out| to the result. If |out| and |*out| are non-NULL, it instead updates 632 // the object pointed by |*out| and returns |*out| on success or NULL on error. 633 OPENSSL_EXPORT ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime( 634 const ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); 635 636 // ASN1_TIME_set_string behaves like |ASN1_UTCTIME_set_string| if |str| is a 637 // valid UTCTime, and |ASN1_GENERALIZEDTIME_set_string| if |str| is a valid 638 // GeneralizedTime. If |str| is neither, it returns zero. 639 OPENSSL_EXPORT int ASN1_TIME_set_string(ASN1_TIME *s, const char *str); 640 641 // TODO(davidben): Expand and document function prototypes generated in macros. 642 643 644 // Arbitrary elements. 645 646 // ASN1_VALUE_st (aka |ASN1_VALUE|) is an opaque type used internally in the 647 // library. 648 typedef struct ASN1_VALUE_st ASN1_VALUE; 649 650 // An asn1_type_st (aka |ASN1_TYPE|) represents an arbitrary ASN.1 element, 651 // typically used used for ANY types. It contains a |type| field and a |value| 652 // union dependent on |type|. 653 // 654 // WARNING: This struct has a complex representation. Callers must not construct 655 // |ASN1_TYPE| values manually. Use |ASN1_TYPE_set| and |ASN1_TYPE_set1| 656 // instead. Additionally, callers performing non-trivial operations on this type 657 // are encouraged to use |CBS| and |CBB| from <openssl/bytestring.h>, and 658 // convert to or from |ASN1_TYPE| with |d2i_ASN1_TYPE| or |i2d_ASN1_TYPE|. 659 // 660 // The |type| field corresponds to the tag of the ASN.1 element being 661 // represented: 662 // 663 // If |type| is a |V_ASN1_*| constant for an ASN.1 string-like type, as defined 664 // by |ASN1_STRING|, the tag matches the constant. |value| contains an 665 // |ASN1_STRING| pointer (equivalently, one of the more specific typedefs). See 666 // |ASN1_STRING| for details on the representation. Unlike |ASN1_STRING|, 667 // |ASN1_TYPE| does not use the |V_ASN1_NEG| flag for negative INTEGER and 668 // ENUMERATE values. For a negative value, the |ASN1_TYPE|'s |type| will be 669 // |V_ASN1_INTEGER| or |V_ASN1_ENUMERATED|, but |value| will an |ASN1_STRING| 670 // whose |type| is |V_ASN1_NEG_INTEGER| or |V_ASN1_NEG_ENUMERATED|. 671 // 672 // If |type| is |V_ASN1_OBJECT|, the tag is OBJECT IDENTIFIER and |value| 673 // contains an |ASN1_OBJECT| pointer. 674 // 675 // If |type| is |V_ASN1_NULL|, the tag is NULL. |value| contains a NULL pointer. 676 // 677 // If |type| is |V_ASN1_BOOLEAN|, the tag is BOOLEAN. |value| contains an 678 // |ASN1_BOOLEAN|. 679 // 680 // If |type| is |V_ASN1_SEQUENCE|, |V_ASN1_SET|, or |V_ASN1_OTHER|, the tag is 681 // SEQUENCE, SET, or some non-universal tag, respectively. |value| is an 682 // |ASN1_STRING| containing the entire element, including the tag and length. 683 // The |ASN1_STRING|'s |type| field matches the containing |ASN1_TYPE|'s |type|. 684 // 685 // Other positive values of |type|, up to |V_ASN1_MAX_UNIVERSAL|, correspond to 686 // universal primitive tags not directly supported by this library. |value| is 687 // an |ASN1_STRING| containing the body of the element, excluding the tag 688 // and length. The |ASN1_STRING|'s |type| field matches the containing 689 // |ASN1_TYPE|'s |type|. 690 struct asn1_type_st { 691 int type; 692 union { 693 char *ptr; 694 ASN1_BOOLEAN boolean; 695 ASN1_STRING *asn1_string; 696 ASN1_OBJECT *object; 697 ASN1_INTEGER *integer; 698 ASN1_ENUMERATED *enumerated; 699 ASN1_BIT_STRING *bit_string; 700 ASN1_OCTET_STRING *octet_string; 701 ASN1_PRINTABLESTRING *printablestring; 702 ASN1_T61STRING *t61string; 703 ASN1_IA5STRING *ia5string; 704 ASN1_GENERALSTRING *generalstring; 705 ASN1_BMPSTRING *bmpstring; 706 ASN1_UNIVERSALSTRING *universalstring; 707 ASN1_UTCTIME *utctime; 708 ASN1_GENERALIZEDTIME *generalizedtime; 709 ASN1_VISIBLESTRING *visiblestring; 710 ASN1_UTF8STRING *utf8string; 711 // set and sequence are left complete and still contain the entire element. 712 ASN1_STRING *set; 713 ASN1_STRING *sequence; 714 ASN1_VALUE *asn1_value; 715 } value; 716 }; 717 718 // ASN1_TYPE_get returns the type of |a|, which will be one of the |V_ASN1_*| 719 // constants, or zero if |a| is not fully initialized. 720 OPENSSL_EXPORT int ASN1_TYPE_get(const ASN1_TYPE *a); 721 722 // ASN1_TYPE_set sets |a| to an |ASN1_TYPE| of type |type| and value |value|, 723 // releasing the previous contents of |a|. 724 // 725 // If |type| is |V_ASN1_BOOLEAN|, |a| is set to FALSE if |value| is NULL and 726 // TRUE otherwise. If setting |a| to TRUE, |value| may be an invalid pointer, 727 // such as (void*)1. 728 // 729 // If |type| is |V_ASN1_NULL|, |value| must be NULL. 730 // 731 // For other values of |type|, this function takes ownership of |value|, which 732 // must point to an object of the corresponding type. See |ASN1_TYPE| for 733 // details. 734 OPENSSL_EXPORT void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); 735 736 // ASN1_TYPE_set1 behaves like |ASN1_TYPE_set| except it does not take ownership 737 // of |value|. It returns one on success and zero on error. 738 OPENSSL_EXPORT int ASN1_TYPE_set1(ASN1_TYPE *a, int type, const void *value); 739 740 // ASN1_TYPE_cmp returns zero if |a| and |b| are equal and some non-zero value 741 // otherwise. Note this function can only be used for equality checks, not an 742 // ordering. 743 OPENSSL_EXPORT int ASN1_TYPE_cmp(const ASN1_TYPE *a, const ASN1_TYPE *b); 744 745 // TODO(davidben): Most of |ASN1_TYPE|'s APIs are hidden behind macros. Expand 746 // the macros, document them, and move them to this section. 747 748 749 // Human-readable output. 750 // 751 // The following functions output types in some human-readable format. These 752 // functions may be used for debugging and logging. However, the output should 753 // not be consumed programmatically. They may be ambiguous or lose information. 754 755 // ASN1_UTCTIME_print writes a human-readable representation of |a| to |out|. It 756 // returns one on success and zero on error. 757 OPENSSL_EXPORT int ASN1_UTCTIME_print(BIO *out, const ASN1_UTCTIME *a); 758 759 // ASN1_GENERALIZEDTIME_print writes a human-readable representation of |a| to 760 // |out|. It returns one on success and zero on error. 761 OPENSSL_EXPORT int ASN1_GENERALIZEDTIME_print(BIO *out, 762 const ASN1_GENERALIZEDTIME *a); 763 764 // ASN1_TIME_print writes a human-readable representation of |a| to |out|. It 765 // returns one on success and zero on error. 766 OPENSSL_EXPORT int ASN1_TIME_print(BIO *out, const ASN1_TIME *a); 767 768 // ASN1_STRING_print writes a human-readable representation of |str| to |out|. 769 // It returns one on success and zero on error. Unprintable characters are 770 // replaced with '.'. 771 OPENSSL_EXPORT int ASN1_STRING_print(BIO *out, const ASN1_STRING *str); 772 773 // ASN1_STRFLGS_ESC_2253 causes characters to be escaped as in RFC 2253, section 774 // 2.4. 775 #define ASN1_STRFLGS_ESC_2253 1 776 777 // ASN1_STRFLGS_ESC_CTRL causes all control characters to be escaped. 778 #define ASN1_STRFLGS_ESC_CTRL 2 779 780 // ASN1_STRFLGS_ESC_MSB causes all characters above 127 to be escaped. 781 #define ASN1_STRFLGS_ESC_MSB 4 782 783 // ASN1_STRFLGS_ESC_QUOTE causes the string to be surrounded by quotes, rather 784 // than using backslashes, when characters are escaped. Fewer characters will 785 // require escapes in this case. 786 #define ASN1_STRFLGS_ESC_QUOTE 8 787 788 // ASN1_STRFLGS_UTF8_CONVERT causes the string to be encoded as UTF-8, with each 789 // byte in the UTF-8 encoding treated as an individual character for purposes of 790 // escape sequences. If not set, each Unicode codepoint in the string is treated 791 // as a character, with wide characters escaped as "\Uxxxx" or "\Wxxxxxxxx". 792 // Note this can be ambiguous if |ASN1_STRFLGS_ESC_*| are all unset. In that 793 // case, backslashes are not escaped, but wide characters are. 794 #define ASN1_STRFLGS_UTF8_CONVERT 0x10 795 796 // ASN1_STRFLGS_IGNORE_TYPE causes the string type to be ignored. The 797 // |ASN1_STRING| in-memory representation will be printed directly. 798 #define ASN1_STRFLGS_IGNORE_TYPE 0x20 799 800 // ASN1_STRFLGS_SHOW_TYPE causes the string type to be included in the output. 801 #define ASN1_STRFLGS_SHOW_TYPE 0x40 802 803 // ASN1_STRFLGS_DUMP_ALL causes all strings to be printed as a hexdump, using 804 // RFC 2253 hexstring notation, such as "#0123456789ABCDEF". 805 #define ASN1_STRFLGS_DUMP_ALL 0x80 806 807 // ASN1_STRFLGS_DUMP_UNKNOWN behaves like |ASN1_STRFLGS_DUMP_ALL| but only 808 // applies to values of unknown type. If unset, unknown values will print 809 // their contents as single-byte characters with escape sequences. 810 #define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 811 812 // ASN1_STRFLGS_DUMP_DER causes hexdumped strings (as determined by 813 // |ASN1_STRFLGS_DUMP_ALL| or |ASN1_STRFLGS_DUMP_UNKNOWN|) to print the entire 814 // DER element as in RFC 2253, rather than only the contents of the 815 // |ASN1_STRING|. 816 #define ASN1_STRFLGS_DUMP_DER 0x200 817 818 // ASN1_STRFLGS_RFC2253 causes the string to be escaped as in RFC 2253, 819 // additionally escaping control characters. 820 #define ASN1_STRFLGS_RFC2253 \ 821 (ASN1_STRFLGS_ESC_2253 | ASN1_STRFLGS_ESC_CTRL | ASN1_STRFLGS_ESC_MSB | \ 822 ASN1_STRFLGS_UTF8_CONVERT | ASN1_STRFLGS_DUMP_UNKNOWN | \ 823 ASN1_STRFLGS_DUMP_DER) 824 825 // ASN1_STRING_print_ex writes a human-readable representation of |str| to 826 // |out|. It returns the number of bytes written on success and -1 on error. If 827 // |out| is NULL, it returns the number of bytes it would have written, without 828 // writing anything. 829 // 830 // The |flags| should be a combination of combination of |ASN1_STRFLGS_*| 831 // constants. See the documentation for each flag for how it controls the 832 // output. If unsure, use |ASN1_STRFLGS_RFC2253|. 833 OPENSSL_EXPORT int ASN1_STRING_print_ex(BIO *out, const ASN1_STRING *str, 834 unsigned long flags); 835 836 // ASN1_STRING_print_ex_fp behaves like |ASN1_STRING_print_ex| but writes to a 837 // |FILE| rather than a |BIO|. 838 OPENSSL_EXPORT int ASN1_STRING_print_ex_fp(FILE *fp, const ASN1_STRING *str, 839 unsigned long flags); 840 841 842 // Underdocumented functions. 843 // 844 // The following functions are not yet documented and organized. 845 846 DEFINE_STACK_OF(ASN1_OBJECT) 847 848 // ASN1_ENCODING structure: this is used to save the received 849 // encoding of an ASN1 type. This is useful to get round 850 // problems with invalid encodings which can break signatures. 851 852 typedef struct ASN1_ENCODING_st { 853 unsigned char *enc; // DER encoding 854 long len; // Length of encoding 855 int modified; // set to 1 if 'enc' is invalid 856 // alias_only is zero if |enc| owns the buffer that it points to 857 // (although |enc| may still be NULL). If one, |enc| points into a 858 // buffer that is owned elsewhere. 859 unsigned alias_only : 1; 860 // alias_only_on_next_parse is one iff the next parsing operation 861 // should avoid taking a copy of the input and rather set 862 // |alias_only|. 863 unsigned alias_only_on_next_parse : 1; 864 } ASN1_ENCODING; 865 866 #define STABLE_FLAGS_MALLOC 0x01 867 #define STABLE_NO_MASK 0x02 868 869 typedef struct asn1_string_table_st { 870 int nid; 871 long minsize; 872 long maxsize; 873 unsigned long mask; 874 unsigned long flags; 875 } ASN1_STRING_TABLE; 876 877 // Declarations for template structures: for full definitions 878 // see asn1t.h 879 typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; 880 typedef struct ASN1_TLC_st ASN1_TLC; 881 882 // Declare ASN1 functions: the implement macro in in asn1t.h 883 884 #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) 885 886 #define DECLARE_ASN1_ALLOC_FUNCTIONS(type) \ 887 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, type) 888 889 #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ 890 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ 891 DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) 892 893 #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ 894 DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ 895 DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) 896 897 #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ 898 OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ 899 long len); \ 900 OPENSSL_EXPORT int i2d_##name(type *a, unsigned char **out); \ 901 DECLARE_ASN1_ITEM(itname) 902 903 #define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ 904 OPENSSL_EXPORT type *d2i_##name(type **a, const unsigned char **in, \ 905 long len); \ 906 OPENSSL_EXPORT int i2d_##name(const type *a, unsigned char **out); \ 907 DECLARE_ASN1_ITEM(name) 908 909 #define DECLARE_ASN1_FUNCTIONS_const(name) \ 910 DECLARE_ASN1_ALLOC_FUNCTIONS(name) \ 911 DECLARE_ASN1_ENCODE_FUNCTIONS_const(name, name) 912 913 #define DECLARE_ASN1_ALLOC_FUNCTIONS_name(type, name) \ 914 OPENSSL_EXPORT type *name##_new(void); \ 915 OPENSSL_EXPORT void name##_free(type *a); 916 917 #define DECLARE_ASN1_PRINT_FUNCTION(stname) \ 918 DECLARE_ASN1_PRINT_FUNCTION_fname(stname, stname) 919 920 #define DECLARE_ASN1_PRINT_FUNCTION_fname(stname, fname) \ 921 OPENSSL_EXPORT int fname##_print_ctx(BIO *out, stname *x, int indent, \ 922 const ASN1_PCTX *pctx); 923 924 typedef void *d2i_of_void(void **, const unsigned char **, long); 925 typedef int i2d_of_void(const void *, unsigned char **); 926 927 // The following macros and typedefs allow an ASN1_ITEM 928 // to be embedded in a structure and referenced. Since 929 // the ASN1_ITEM pointers need to be globally accessible 930 // (possibly from shared libraries) they may exist in 931 // different forms. On platforms that support it the 932 // ASN1_ITEM structure itself will be globally exported. 933 // Other platforms will export a function that returns 934 // an ASN1_ITEM pointer. 935 // 936 // To handle both cases transparently the macros below 937 // should be used instead of hard coding an ASN1_ITEM 938 // pointer in a structure. 939 // 940 // The structure will look like this: 941 // 942 // typedef struct SOMETHING_st { 943 // ... 944 // ASN1_ITEM_EXP *iptr; 945 // ... 946 // } SOMETHING; 947 // 948 // It would be initialised as e.g.: 949 // 950 // SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; 951 // 952 // and the actual pointer extracted with: 953 // 954 // const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); 955 // 956 // Finally an ASN1_ITEM pointer can be extracted from an 957 // appropriate reference with: ASN1_ITEM_rptr(X509). This 958 // would be used when a function takes an ASN1_ITEM * argument. 959 // 960 961 // ASN1_ITEM pointer exported type 962 typedef const ASN1_ITEM ASN1_ITEM_EXP; 963 964 // Macro to obtain ASN1_ITEM pointer from exported type 965 #define ASN1_ITEM_ptr(iptr) (iptr) 966 967 // Macro to include ASN1_ITEM pointer from base type 968 #define ASN1_ITEM_ref(iptr) (&(iptr##_it)) 969 970 #define ASN1_ITEM_rptr(ref) (&(ref##_it)) 971 972 #define DECLARE_ASN1_ITEM(name) extern OPENSSL_EXPORT const ASN1_ITEM name##_it; 973 974 DEFINE_STACK_OF(ASN1_INTEGER) 975 976 DEFINE_STACK_OF(ASN1_TYPE) 977 978 typedef STACK_OF(ASN1_TYPE) ASN1_SEQUENCE_ANY; 979 980 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SEQUENCE_ANY) 981 DECLARE_ASN1_ENCODE_FUNCTIONS_const(ASN1_SEQUENCE_ANY, ASN1_SET_ANY) 982 983 // M_ASN1_* are legacy aliases for various |ASN1_STRING| functions. Use the 984 // functions themselves. 985 #define M_ASN1_STRING_length(x) ASN1_STRING_length(x) 986 #define M_ASN1_STRING_type(x) ASN1_STRING_type(x) 987 #define M_ASN1_STRING_data(x) ASN1_STRING_data(x) 988 #define M_ASN1_BIT_STRING_new() ASN1_BIT_STRING_new() 989 #define M_ASN1_BIT_STRING_free(a) ASN1_BIT_STRING_free(a) 990 #define M_ASN1_BIT_STRING_dup(a) ASN1_STRING_dup(a) 991 #define M_ASN1_BIT_STRING_cmp(a, b) ASN1_STRING_cmp(a, b) 992 #define M_ASN1_BIT_STRING_set(a, b, c) ASN1_BIT_STRING_set(a, b, c) 993 #define M_ASN1_INTEGER_new() ASN1_INTEGER_new() 994 #define M_ASN1_INTEGER_free(a) ASN1_INTEGER_free(a) 995 #define M_ASN1_INTEGER_dup(a) ASN1_INTEGER_dup(a) 996 #define M_ASN1_INTEGER_cmp(a, b) ASN1_INTEGER_cmp(a, b) 997 #define M_ASN1_ENUMERATED_new() ASN1_ENUMERATED_new() 998 #define M_ASN1_ENUMERATED_free(a) ASN1_ENUMERATED_free(a) 999 #define M_ASN1_ENUMERATED_dup(a) ASN1_STRING_dup(a) 1000 #define M_ASN1_ENUMERATED_cmp(a, b) ASN1_STRING_cmp(a, b) 1001 #define M_ASN1_OCTET_STRING_new() ASN1_OCTET_STRING_new() 1002 #define M_ASN1_OCTET_STRING_free(a) ASN1_OCTET_STRING_free() 1003 #define M_ASN1_OCTET_STRING_dup(a) ASN1_OCTET_STRING_dup(a) 1004 #define M_ASN1_OCTET_STRING_cmp(a, b) ASN1_OCTET_STRING_cmp(a, b) 1005 #define M_ASN1_OCTET_STRING_set(a, b, c) ASN1_OCTET_STRING_set(a, b, c) 1006 #define M_ASN1_OCTET_STRING_print(a, b) ASN1_STRING_print(a, b) 1007 #define M_ASN1_PRINTABLESTRING_new() ASN1_PRINTABLESTRING_new() 1008 #define M_ASN1_PRINTABLESTRING_free(a) ASN1_PRINTABLESTRING_free(a) 1009 #define M_ASN1_IA5STRING_new() ASN1_IA5STRING_new() 1010 #define M_ASN1_IA5STRING_free(a) ASN1_IA5STRING_free(a) 1011 #define M_ASN1_IA5STRING_dup(a) ASN1_STRING_dup(a) 1012 #define M_ASN1_UTCTIME_new() ASN1_UTCTIME_new() 1013 #define M_ASN1_UTCTIME_free(a) ASN1_UTCTIME_free(a) 1014 #define M_ASN1_UTCTIME_dup(a) ASN1_STRING_dup(a) 1015 #define M_ASN1_T61STRING_new() ASN1_T61STRING_new() 1016 #define M_ASN1_T61STRING_free(a) ASN1_T61STRING_free(a) 1017 #define M_ASN1_GENERALIZEDTIME_new() ASN1_GENERALIZEDTIME_new() 1018 #define M_ASN1_GENERALIZEDTIME_free(a) ASN1_GENERALIZEDTIME_free(a) 1019 #define M_ASN1_GENERALIZEDTIME_dup(a) ASN1_STRING_dup(a) 1020 #define M_ASN1_GENERALSTRING_new() ASN1_GENERALSTRING_new() 1021 #define M_ASN1_GENERALSTRING_free(a) ASN1_GENERALSTRING_free(a) 1022 #define M_ASN1_UNIVERSALSTRING_new() ASN1_UNIVERSALSTRING_new() 1023 #define M_ASN1_UNIVERSALSTRING_free(a) ASN1_UNIVERSALSTRING_free(a) 1024 #define M_ASN1_BMPSTRING_new() ASN1_BMPSTRING_new() 1025 #define M_ASN1_BMPSTRING_free(a) ASN1_BMPSTRING_free(a) 1026 #define M_ASN1_VISIBLESTRING_new() ASN1_VISIBLESTRING_new() 1027 #define M_ASN1_VISIBLESTRING_free(a) ASN1_VISIBLESTRING_free(a) 1028 #define M_ASN1_UTF8STRING_new() ASN1_UTF8STRING_new() 1029 #define M_ASN1_UTF8STRING_free(a) ASN1_UTF8STRING_free(a) 1030 1031 #define B_ASN1_TIME B_ASN1_UTCTIME | B_ASN1_GENERALIZEDTIME 1032 1033 #define B_ASN1_PRINTABLE \ 1034 B_ASN1_NUMERICSTRING | B_ASN1_PRINTABLESTRING | B_ASN1_T61STRING | \ 1035 B_ASN1_IA5STRING | B_ASN1_BIT_STRING | B_ASN1_UNIVERSALSTRING | \ 1036 B_ASN1_BMPSTRING | B_ASN1_UTF8STRING | B_ASN1_SEQUENCE | B_ASN1_UNKNOWN 1037 1038 #define B_ASN1_DIRECTORYSTRING \ 1039 B_ASN1_PRINTABLESTRING | B_ASN1_TELETEXSTRING | B_ASN1_BMPSTRING | \ 1040 B_ASN1_UNIVERSALSTRING | B_ASN1_UTF8STRING 1041 1042 #define B_ASN1_DISPLAYTEXT \ 1043 B_ASN1_IA5STRING | B_ASN1_VISIBLESTRING | B_ASN1_BMPSTRING | B_ASN1_UTF8STRING 1044 1045 DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) 1046 1047 OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_new(void); 1048 OPENSSL_EXPORT void ASN1_OBJECT_free(ASN1_OBJECT *a); 1049 OPENSSL_EXPORT int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp); 1050 OPENSSL_EXPORT ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, 1051 const unsigned char **pp, 1052 long length); 1053 OPENSSL_EXPORT ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, 1054 const unsigned char **pp, 1055 long length); 1056 1057 DECLARE_ASN1_ITEM(ASN1_OBJECT) 1058 1059 DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) 1060 OPENSSL_EXPORT int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, 1061 unsigned char **pp); 1062 OPENSSL_EXPORT ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, 1063 const unsigned char **pp, 1064 long length); 1065 1066 OPENSSL_EXPORT int i2d_ASN1_BOOLEAN(int a, unsigned char **pp); 1067 OPENSSL_EXPORT int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, 1068 long length); 1069 1070 DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) 1071 OPENSSL_EXPORT int i2c_ASN1_INTEGER(const ASN1_INTEGER *a, unsigned char **pp); 1072 OPENSSL_EXPORT ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, 1073 const unsigned char **pp, 1074 long length); 1075 OPENSSL_EXPORT ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x); 1076 1077 DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) 1078 1079 DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) 1080 OPENSSL_EXPORT ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup( 1081 const ASN1_OCTET_STRING *a); 1082 OPENSSL_EXPORT int ASN1_OCTET_STRING_cmp(const ASN1_OCTET_STRING *a, 1083 const ASN1_OCTET_STRING *b); 1084 OPENSSL_EXPORT int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, 1085 const unsigned char *data, int len); 1086 1087 DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) 1088 DECLARE_ASN1_FUNCTIONS(ASN1_UNIVERSALSTRING) 1089 DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) 1090 DECLARE_ASN1_FUNCTIONS(ASN1_NULL) 1091 DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) 1092 1093 DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) 1094 1095 DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) 1096 DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) 1097 DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) 1098 DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) 1099 DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) 1100 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) 1101 DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) 1102 DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) 1103 DECLARE_ASN1_FUNCTIONS(ASN1_TIME) 1104 1105 OPENSSL_EXPORT int i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a); 1106 OPENSSL_EXPORT int i2a_ASN1_ENUMERATED(BIO *bp, const ASN1_ENUMERATED *a); 1107 OPENSSL_EXPORT int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a); 1108 OPENSSL_EXPORT int i2a_ASN1_STRING(BIO *bp, const ASN1_STRING *a, int type); 1109 OPENSSL_EXPORT int i2t_ASN1_OBJECT(char *buf, int buf_len, 1110 const ASN1_OBJECT *a); 1111 1112 OPENSSL_EXPORT ASN1_OBJECT *ASN1_OBJECT_create(int nid, 1113 const unsigned char *data, 1114 int len, const char *sn, 1115 const char *ln); 1116 1117 // ASN1_PRINTABLE_type interprets |len| bytes from |s| as a Latin-1 string. It 1118 // returns the first of |V_ASN1_PRINTABLESTRING|, |V_ASN1_IA5STRING|, or 1119 // |V_ASN1_T61STRING| that can represent every character. If |len| is negative, 1120 // |strlen(s)| is used instead. 1121 OPENSSL_EXPORT int ASN1_PRINTABLE_type(const unsigned char *s, int len); 1122 1123 OPENSSL_EXPORT unsigned long ASN1_tag2bit(int tag); 1124 1125 // SPECIALS 1126 OPENSSL_EXPORT int ASN1_get_object(const unsigned char **pp, long *plength, 1127 int *ptag, int *pclass, long omax); 1128 OPENSSL_EXPORT void ASN1_put_object(unsigned char **pp, int constructed, 1129 int length, int tag, int xclass); 1130 OPENSSL_EXPORT int ASN1_put_eoc(unsigned char **pp); 1131 OPENSSL_EXPORT int ASN1_object_size(int constructed, int length, int tag); 1132 1133 OPENSSL_EXPORT void *ASN1_item_dup(const ASN1_ITEM *it, void *x); 1134 1135 OPENSSL_EXPORT void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); 1136 OPENSSL_EXPORT int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); 1137 1138 OPENSSL_EXPORT void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); 1139 OPENSSL_EXPORT int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); 1140 1141 // Used to load and write netscape format cert 1142 1143 OPENSSL_EXPORT void *ASN1_item_unpack(const ASN1_STRING *oct, 1144 const ASN1_ITEM *it); 1145 1146 OPENSSL_EXPORT ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, 1147 ASN1_OCTET_STRING **oct); 1148 1149 // ASN1_STRING_set_default_mask does nothing. 1150 OPENSSL_EXPORT void ASN1_STRING_set_default_mask(unsigned long mask); 1151 1152 // ASN1_STRING_set_default_mask_asc returns one. 1153 OPENSSL_EXPORT int ASN1_STRING_set_default_mask_asc(const char *p); 1154 1155 // ASN1_STRING_get_default_mask returns |B_ASN1_UTF8STRING|. 1156 OPENSSL_EXPORT unsigned long ASN1_STRING_get_default_mask(void); 1157 1158 OPENSSL_EXPORT ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, 1159 const unsigned char *in, 1160 int inlen, int inform, 1161 int nid); 1162 OPENSSL_EXPORT ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); 1163 OPENSSL_EXPORT int ASN1_STRING_TABLE_add(int, long, long, unsigned long, 1164 unsigned long); 1165 OPENSSL_EXPORT void ASN1_STRING_TABLE_cleanup(void); 1166 1167 // ASN1 template functions 1168 1169 // Old API compatible functions 1170 OPENSSL_EXPORT ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); 1171 OPENSSL_EXPORT void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); 1172 OPENSSL_EXPORT ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **val, 1173 const unsigned char **in, long len, 1174 const ASN1_ITEM *it); 1175 OPENSSL_EXPORT int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, 1176 const ASN1_ITEM *it); 1177 1178 OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_nconf(const char *str, CONF *nconf); 1179 OPENSSL_EXPORT ASN1_TYPE *ASN1_generate_v3(const char *str, X509V3_CTX *cnf); 1180 1181 1182 #ifdef __cplusplus 1183 } 1184 1185 extern "C++" { 1186 1187 BSSL_NAMESPACE_BEGIN 1188 1189 BORINGSSL_MAKE_DELETER(ASN1_OBJECT, ASN1_OBJECT_free) 1190 BORINGSSL_MAKE_DELETER(ASN1_STRING, ASN1_STRING_free) 1191 BORINGSSL_MAKE_DELETER(ASN1_TYPE, ASN1_TYPE_free) 1192 1193 BSSL_NAMESPACE_END 1194 1195 } // extern C++ 1196 1197 #endif 1198 1199 #define ASN1_R_ASN1_LENGTH_MISMATCH 100 1200 #define ASN1_R_AUX_ERROR 101 1201 #define ASN1_R_BAD_GET_ASN1_OBJECT_CALL 102 1202 #define ASN1_R_BAD_OBJECT_HEADER 103 1203 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 104 1204 #define ASN1_R_BN_LIB 105 1205 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 1206 #define ASN1_R_BUFFER_TOO_SMALL 107 1207 #define ASN1_R_CONTEXT_NOT_INITIALISED 108 1208 #define ASN1_R_DECODE_ERROR 109 1209 #define ASN1_R_DEPTH_EXCEEDED 110 1210 #define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 111 1211 #define ASN1_R_ENCODE_ERROR 112 1212 #define ASN1_R_ERROR_GETTING_TIME 113 1213 #define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 114 1214 #define ASN1_R_EXPECTING_AN_INTEGER 115 1215 #define ASN1_R_EXPECTING_AN_OBJECT 116 1216 #define ASN1_R_EXPECTING_A_BOOLEAN 117 1217 #define ASN1_R_EXPECTING_A_TIME 118 1218 #define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 1219 #define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 1220 #define ASN1_R_FIELD_MISSING 121 1221 #define ASN1_R_FIRST_NUM_TOO_LARGE 122 1222 #define ASN1_R_HEADER_TOO_LONG 123 1223 #define ASN1_R_ILLEGAL_BITSTRING_FORMAT 124 1224 #define ASN1_R_ILLEGAL_BOOLEAN 125 1225 #define ASN1_R_ILLEGAL_CHARACTERS 126 1226 #define ASN1_R_ILLEGAL_FORMAT 127 1227 #define ASN1_R_ILLEGAL_HEX 128 1228 #define ASN1_R_ILLEGAL_IMPLICIT_TAG 129 1229 #define ASN1_R_ILLEGAL_INTEGER 130 1230 #define ASN1_R_ILLEGAL_NESTED_TAGGING 131 1231 #define ASN1_R_ILLEGAL_NULL 132 1232 #define ASN1_R_ILLEGAL_NULL_VALUE 133 1233 #define ASN1_R_ILLEGAL_OBJECT 134 1234 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 135 1235 #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 136 1236 #define ASN1_R_ILLEGAL_TAGGED_ANY 137 1237 #define ASN1_R_ILLEGAL_TIME_VALUE 138 1238 #define ASN1_R_INTEGER_NOT_ASCII_FORMAT 139 1239 #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 140 1240 #define ASN1_R_INVALID_BIT_STRING_BITS_LEFT 141 1241 #define ASN1_R_INVALID_BMPSTRING 142 1242 #define ASN1_R_INVALID_DIGIT 143 1243 #define ASN1_R_INVALID_MODIFIER 144 1244 #define ASN1_R_INVALID_NUMBER 145 1245 #define ASN1_R_INVALID_OBJECT_ENCODING 146 1246 #define ASN1_R_INVALID_SEPARATOR 147 1247 #define ASN1_R_INVALID_TIME_FORMAT 148 1248 #define ASN1_R_INVALID_UNIVERSALSTRING 149 1249 #define ASN1_R_INVALID_UTF8STRING 150 1250 #define ASN1_R_LIST_ERROR 151 1251 #define ASN1_R_MISSING_ASN1_EOS 152 1252 #define ASN1_R_MISSING_EOC 153 1253 #define ASN1_R_MISSING_SECOND_NUMBER 154 1254 #define ASN1_R_MISSING_VALUE 155 1255 #define ASN1_R_MSTRING_NOT_UNIVERSAL 156 1256 #define ASN1_R_MSTRING_WRONG_TAG 157 1257 #define ASN1_R_NESTED_ASN1_ERROR 158 1258 #define ASN1_R_NESTED_ASN1_STRING 159 1259 #define ASN1_R_NON_HEX_CHARACTERS 160 1260 #define ASN1_R_NOT_ASCII_FORMAT 161 1261 #define ASN1_R_NOT_ENOUGH_DATA 162 1262 #define ASN1_R_NO_MATCHING_CHOICE_TYPE 163 1263 #define ASN1_R_NULL_IS_WRONG_LENGTH 164 1264 #define ASN1_R_OBJECT_NOT_ASCII_FORMAT 165 1265 #define ASN1_R_ODD_NUMBER_OF_CHARS 166 1266 #define ASN1_R_SECOND_NUMBER_TOO_LARGE 167 1267 #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 168 1268 #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 169 1269 #define ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG 170 1270 #define ASN1_R_SHORT_LINE 171 1271 #define ASN1_R_STREAMING_NOT_SUPPORTED 172 1272 #define ASN1_R_STRING_TOO_LONG 173 1273 #define ASN1_R_STRING_TOO_SHORT 174 1274 #define ASN1_R_TAG_VALUE_TOO_HIGH 175 1275 #define ASN1_R_TIME_NOT_ASCII_FORMAT 176 1276 #define ASN1_R_TOO_LONG 177 1277 #define ASN1_R_TYPE_NOT_CONSTRUCTED 178 1278 #define ASN1_R_TYPE_NOT_PRIMITIVE 179 1279 #define ASN1_R_UNEXPECTED_EOC 180 1280 #define ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH 181 1281 #define ASN1_R_UNKNOWN_FORMAT 182 1282 #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 183 1283 #define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 184 1284 #define ASN1_R_UNKNOWN_TAG 185 1285 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 186 1286 #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 187 1287 #define ASN1_R_UNSUPPORTED_TYPE 188 1288 #define ASN1_R_WRONG_PUBLIC_KEY_TYPE 189 1289 #define ASN1_R_WRONG_TAG 190 1290 #define ASN1_R_WRONG_TYPE 191 1291 #define ASN1_R_NESTED_TOO_DEEP 192 1292 #define ASN1_R_BAD_TEMPLATE 193 1293 1294 #endif 1295