1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58
59 #include <string.h>
60
61 #include <openssl/asn1t.h>
62 #include <openssl/buf.h>
63 #include <openssl/err.h>
64 #include <openssl/mem.h>
65
66 #include "../internal.h"
67
68
69 static int asn1_check_eoc(const unsigned char **in, long len);
70 static int asn1_find_end(const unsigned char **in, long len, char inf);
71
72 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
73 char inf, int tag, int aclass, int depth);
74
75 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen);
76
77 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
78 char *inf, char *cst,
79 const unsigned char **in, long len,
80 int exptag, int expclass, char opt,
81 ASN1_TLC *ctx);
82
83 static int asn1_template_ex_d2i(ASN1_VALUE **pval,
84 const unsigned char **in, long len,
85 const ASN1_TEMPLATE *tt, char opt,
86 ASN1_TLC *ctx);
87 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
88 const unsigned char **in, long len,
89 const ASN1_TEMPLATE *tt, char opt,
90 ASN1_TLC *ctx);
91 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
92 const unsigned char **in, long len,
93 const ASN1_ITEM *it,
94 int tag, int aclass, char opt, ASN1_TLC *ctx);
95
96 /* Table to convert tags to bit values, used for MSTRING type */
97 static const unsigned long tag2bit[32] = {
98 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */
99 B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */
100 B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */
101 B_ASN1_UTF8STRING,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,B_ASN1_UNKNOWN,/* tags 12-15 */
102 B_ASN1_SEQUENCE,0,B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, /* tags 16-19 */
103 B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING, /* tags 20-22 */
104 B_ASN1_UTCTIME, B_ASN1_GENERALIZEDTIME, /* tags 23-24 */
105 B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, /* tags 25-27 */
106 B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, /* tags 28-31 */
107 };
108
ASN1_tag2bit(int tag)109 unsigned long ASN1_tag2bit(int tag)
110 {
111 if ((tag < 0) || (tag > 30)) return 0;
112 return tag2bit[tag];
113 }
114
115 /* Macro to initialize and invalidate the cache */
116
117 #define asn1_tlc_clear(c) if (c) (c)->valid = 0
118 /* Version to avoid compiler warning about 'c' always non-NULL */
119 #define asn1_tlc_clear_nc(c) (c)->valid = 0
120
121 /* Decode an ASN1 item, this currently behaves just
122 * like a standard 'd2i' function. 'in' points to
123 * a buffer to read the data from, in future we will
124 * have more advanced versions that can input data
125 * a piece at a time and this will simply be a special
126 * case.
127 */
128
ASN1_item_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long len,const ASN1_ITEM * it)129 ASN1_VALUE *ASN1_item_d2i(ASN1_VALUE **pval,
130 const unsigned char **in, long len, const ASN1_ITEM *it)
131 {
132 ASN1_TLC c;
133 ASN1_VALUE *ptmpval = NULL;
134 if (!pval)
135 pval = &ptmpval;
136 asn1_tlc_clear_nc(&c);
137 if (ASN1_item_ex_d2i(pval, in, len, it, -1, 0, 0, &c) > 0)
138 return *pval;
139 return NULL;
140 }
141
ASN1_template_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long len,const ASN1_TEMPLATE * tt)142 int ASN1_template_d2i(ASN1_VALUE **pval,
143 const unsigned char **in, long len, const ASN1_TEMPLATE *tt)
144 {
145 ASN1_TLC c;
146 asn1_tlc_clear_nc(&c);
147 return asn1_template_ex_d2i(pval, in, len, tt, 0, &c);
148 }
149
150
151 /* Decode an item, taking care of IMPLICIT tagging, if any.
152 * If 'opt' set and tag mismatch return -1 to handle OPTIONAL
153 */
154
ASN1_item_ex_d2i(ASN1_VALUE ** pval,const unsigned char ** in,long len,const ASN1_ITEM * it,int tag,int aclass,char opt,ASN1_TLC * ctx)155 int ASN1_item_ex_d2i(ASN1_VALUE **pval, const unsigned char **in, long len,
156 const ASN1_ITEM *it,
157 int tag, int aclass, char opt, ASN1_TLC *ctx)
158 {
159 const ASN1_TEMPLATE *tt, *errtt = NULL;
160 const ASN1_COMPAT_FUNCS *cf;
161 const ASN1_EXTERN_FUNCS *ef;
162 const ASN1_AUX *aux = it->funcs;
163 ASN1_aux_cb *asn1_cb;
164 const unsigned char *p = NULL, *q;
165 unsigned char *wp=NULL; /* BIG FAT WARNING! BREAKS CONST WHERE USED */
166 unsigned char imphack = 0, oclass;
167 char seq_eoc, seq_nolen, cst, isopt;
168 long tmplen;
169 int i;
170 int otag;
171 int ret = 0;
172 ASN1_VALUE **pchptr, *ptmpval;
173 int combine = aclass & ASN1_TFLG_COMBINE;
174 if (!pval)
175 return 0;
176 if (aux && aux->asn1_cb)
177 asn1_cb = aux->asn1_cb;
178 else asn1_cb = 0;
179
180 switch(it->itype)
181 {
182 case ASN1_ITYPE_PRIMITIVE:
183 if (it->templates)
184 {
185 /* tagging or OPTIONAL is currently illegal on an item
186 * template because the flags can't get passed down.
187 * In practice this isn't a problem: we include the
188 * relevant flags from the item template in the
189 * template itself.
190 */
191 if ((tag != -1) || opt)
192 {
193 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE);
194 goto err;
195 }
196 return asn1_template_ex_d2i(pval, in, len,
197 it->templates, opt, ctx);
198 }
199 return asn1_d2i_ex_primitive(pval, in, len, it,
200 tag, aclass, opt, ctx);
201 break;
202
203 case ASN1_ITYPE_MSTRING:
204 p = *in;
205 /* Just read in tag and class */
206 ret = asn1_check_tlen(NULL, &otag, &oclass, NULL, NULL,
207 &p, len, -1, 0, 1, ctx);
208 if (!ret)
209 {
210 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
211 goto err;
212 }
213
214 /* Must be UNIVERSAL class */
215 if (oclass != V_ASN1_UNIVERSAL)
216 {
217 /* If OPTIONAL, assume this is OK */
218 if (opt) return -1;
219 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_NOT_UNIVERSAL);
220 goto err;
221 }
222 /* Check tag matches bit map */
223 if (!(ASN1_tag2bit(otag) & it->utype))
224 {
225 /* If OPTIONAL, assume this is OK */
226 if (opt)
227 return -1;
228 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MSTRING_WRONG_TAG);
229 goto err;
230 }
231 return asn1_d2i_ex_primitive(pval, in, len,
232 it, otag, 0, 0, ctx);
233
234 case ASN1_ITYPE_EXTERN:
235 /* Use new style d2i */
236 ef = it->funcs;
237 return ef->asn1_ex_d2i(pval, in, len,
238 it, tag, aclass, opt, ctx);
239
240 case ASN1_ITYPE_COMPAT:
241 /* we must resort to old style evil hackery */
242 cf = it->funcs;
243
244 /* If OPTIONAL see if it is there */
245 if (opt)
246 {
247 int exptag;
248 p = *in;
249 if (tag == -1)
250 exptag = it->utype;
251 else exptag = tag;
252 /* Don't care about anything other than presence
253 * of expected tag */
254
255 ret = asn1_check_tlen(NULL, NULL, NULL, NULL, NULL,
256 &p, len, exptag, aclass, 1, ctx);
257 if (!ret)
258 {
259 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
260 goto err;
261 }
262 if (ret == -1)
263 return -1;
264 }
265
266 /* This is the old style evil hack IMPLICIT handling:
267 * since the underlying code is expecting a tag and
268 * class other than the one present we change the
269 * buffer temporarily then change it back afterwards.
270 * This doesn't and never did work for tags > 30.
271 *
272 * Yes this is *horrible* but it is only needed for
273 * old style d2i which will hopefully not be around
274 * for much longer.
275 * FIXME: should copy the buffer then modify it so
276 * the input buffer can be const: we should *always*
277 * copy because the old style d2i might modify the
278 * buffer.
279 */
280
281 if (tag != -1)
282 {
283 wp = *(unsigned char **)in;
284 imphack = *wp;
285 if (p == NULL)
286 {
287 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
288 goto err;
289 }
290 *wp = (unsigned char)((*p & V_ASN1_CONSTRUCTED)
291 | it->utype);
292 }
293
294 ptmpval = cf->asn1_d2i(pval, in, len);
295
296 if (tag != -1)
297 *wp = imphack;
298
299 if (ptmpval)
300 return 1;
301
302 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
303 goto err;
304
305
306 case ASN1_ITYPE_CHOICE:
307 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
308 goto auxerr;
309
310 if (*pval)
311 {
312 /* Free up and zero CHOICE value if initialised */
313 i = asn1_get_choice_selector(pval, it);
314 if ((i >= 0) && (i < it->tcount))
315 {
316 tt = it->templates + i;
317 pchptr = asn1_get_field_ptr(pval, tt);
318 ASN1_template_free(pchptr, tt);
319 asn1_set_choice_selector(pval, -1, it);
320 }
321 }
322 else if (!ASN1_item_ex_new(pval, it))
323 {
324 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
325 goto err;
326 }
327 /* CHOICE type, try each possibility in turn */
328 p = *in;
329 for (i = 0, tt=it->templates; i < it->tcount; i++, tt++)
330 {
331 pchptr = asn1_get_field_ptr(pval, tt);
332 /* We mark field as OPTIONAL so its absence
333 * can be recognised.
334 */
335 ret = asn1_template_ex_d2i(pchptr, &p, len, tt, 1, ctx);
336 /* If field not present, try the next one */
337 if (ret == -1)
338 continue;
339 /* If positive return, read OK, break loop */
340 if (ret > 0)
341 break;
342 /* Otherwise must be an ASN1 parsing error */
343 errtt = tt;
344 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
345 goto err;
346 }
347
348 /* Did we fall off the end without reading anything? */
349 if (i == it->tcount)
350 {
351 /* If OPTIONAL, this is OK */
352 if (opt)
353 {
354 /* Free and zero it */
355 ASN1_item_ex_free(pval, it);
356 return -1;
357 }
358 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NO_MATCHING_CHOICE_TYPE);
359 goto err;
360 }
361
362 asn1_set_choice_selector(pval, i, it);
363 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
364 goto auxerr;
365 *in = p;
366 return 1;
367
368 case ASN1_ITYPE_NDEF_SEQUENCE:
369 case ASN1_ITYPE_SEQUENCE:
370 p = *in;
371 tmplen = len;
372
373 /* If no IMPLICIT tagging set to SEQUENCE, UNIVERSAL */
374 if (tag == -1)
375 {
376 tag = V_ASN1_SEQUENCE;
377 aclass = V_ASN1_UNIVERSAL;
378 }
379 /* Get SEQUENCE length and update len, p */
380 ret = asn1_check_tlen(&len, NULL, NULL, &seq_eoc, &cst,
381 &p, len, tag, aclass, opt, ctx);
382 if (!ret)
383 {
384 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
385 goto err;
386 }
387 else if (ret == -1)
388 return -1;
389 if (aux && (aux->flags & ASN1_AFLG_BROKEN))
390 {
391 len = tmplen - (p - *in);
392 seq_nolen = 1;
393 }
394 /* If indefinite we don't do a length check */
395 else seq_nolen = seq_eoc;
396 if (!cst)
397 {
398 OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_NOT_CONSTRUCTED);
399 goto err;
400 }
401
402 if (!*pval && !ASN1_item_ex_new(pval, it))
403 {
404 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
405 goto err;
406 }
407
408 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_PRE, pval, it, NULL))
409 goto auxerr;
410
411 /* Free up and zero any ADB found */
412 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
413 {
414 if (tt->flags & ASN1_TFLG_ADB_MASK)
415 {
416 const ASN1_TEMPLATE *seqtt;
417 ASN1_VALUE **pseqval;
418 seqtt = asn1_do_adb(pval, tt, 1);
419 pseqval = asn1_get_field_ptr(pval, seqtt);
420 ASN1_template_free(pseqval, seqtt);
421 }
422 }
423
424 /* Get each field entry */
425 for (i = 0, tt = it->templates; i < it->tcount; i++, tt++)
426 {
427 const ASN1_TEMPLATE *seqtt;
428 ASN1_VALUE **pseqval;
429 seqtt = asn1_do_adb(pval, tt, 1);
430 if (!seqtt)
431 goto err;
432 pseqval = asn1_get_field_ptr(pval, seqtt);
433 /* Have we ran out of data? */
434 if (!len)
435 break;
436 q = p;
437 if (asn1_check_eoc(&p, len))
438 {
439 if (!seq_eoc)
440 {
441 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
442 goto err;
443 }
444 len -= p - q;
445 seq_eoc = 0;
446 q = p;
447 break;
448 }
449 /* This determines the OPTIONAL flag value. The field
450 * cannot be omitted if it is the last of a SEQUENCE
451 * and there is still data to be read. This isn't
452 * strictly necessary but it increases efficiency in
453 * some cases.
454 */
455 if (i == (it->tcount - 1))
456 isopt = 0;
457 else isopt = (char)(seqtt->flags & ASN1_TFLG_OPTIONAL);
458 /* attempt to read in field, allowing each to be
459 * OPTIONAL */
460
461 ret = asn1_template_ex_d2i(pseqval, &p, len,
462 seqtt, isopt, ctx);
463 if (!ret)
464 {
465 errtt = seqtt;
466 goto err;
467 }
468 else if (ret == -1)
469 {
470 /* OPTIONAL component absent.
471 * Free and zero the field.
472 */
473 ASN1_template_free(pseqval, seqtt);
474 continue;
475 }
476 /* Update length */
477 len -= p - q;
478 }
479
480 /* Check for EOC if expecting one */
481 if (seq_eoc && !asn1_check_eoc(&p, len))
482 {
483 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
484 goto err;
485 }
486 /* Check all data read */
487 if (!seq_nolen && len)
488 {
489 OPENSSL_PUT_ERROR(ASN1, ASN1_R_SEQUENCE_LENGTH_MISMATCH);
490 goto err;
491 }
492
493 /* If we get here we've got no more data in the SEQUENCE,
494 * however we may not have read all fields so check all
495 * remaining are OPTIONAL and clear any that are.
496 */
497 for (; i < it->tcount; tt++, i++)
498 {
499 const ASN1_TEMPLATE *seqtt;
500 seqtt = asn1_do_adb(pval, tt, 1);
501 if (!seqtt)
502 goto err;
503 if (seqtt->flags & ASN1_TFLG_OPTIONAL)
504 {
505 ASN1_VALUE **pseqval;
506 pseqval = asn1_get_field_ptr(pval, seqtt);
507 ASN1_template_free(pseqval, seqtt);
508 }
509 else
510 {
511 errtt = seqtt;
512 OPENSSL_PUT_ERROR(ASN1, ASN1_R_FIELD_MISSING);
513 goto err;
514 }
515 }
516 /* Save encoding */
517 if (!asn1_enc_save(pval, *in, p - *in, it))
518 goto auxerr;
519 if (asn1_cb && !asn1_cb(ASN1_OP_D2I_POST, pval, it, NULL))
520 goto auxerr;
521 *in = p;
522 return 1;
523
524 default:
525 return 0;
526 }
527 auxerr:
528 OPENSSL_PUT_ERROR(ASN1, ASN1_R_AUX_ERROR);
529 err:
530 if (combine == 0)
531 ASN1_item_ex_free(pval, it);
532 if (errtt)
533 ERR_add_error_data(4, "Field=", errtt->field_name,
534 ", Type=", it->sname);
535 else
536 ERR_add_error_data(2, "Type=", it->sname);
537 return 0;
538 }
539
540 /* Templates are handled with two separate functions.
541 * One handles any EXPLICIT tag and the other handles the rest.
542 */
543
asn1_template_ex_d2i(ASN1_VALUE ** val,const unsigned char ** in,long inlen,const ASN1_TEMPLATE * tt,char opt,ASN1_TLC * ctx)544 static int asn1_template_ex_d2i(ASN1_VALUE **val,
545 const unsigned char **in, long inlen,
546 const ASN1_TEMPLATE *tt, char opt,
547 ASN1_TLC *ctx)
548 {
549 int flags, aclass;
550 int ret;
551 long len;
552 const unsigned char *p, *q;
553 char exp_eoc;
554 if (!val)
555 return 0;
556 flags = tt->flags;
557 aclass = flags & ASN1_TFLG_TAG_CLASS;
558
559 p = *in;
560
561 /* Check if EXPLICIT tag expected */
562 if (flags & ASN1_TFLG_EXPTAG)
563 {
564 char cst;
565 /* Need to work out amount of data available to the inner
566 * content and where it starts: so read in EXPLICIT header to
567 * get the info.
568 */
569 ret = asn1_check_tlen(&len, NULL, NULL, &exp_eoc, &cst,
570 &p, inlen, tt->tag, aclass, opt, ctx);
571 q = p;
572 if (!ret)
573 {
574 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
575 return 0;
576 }
577 else if (ret == -1)
578 return -1;
579 if (!cst)
580 {
581 OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED);
582 return 0;
583 }
584 /* We've found the field so it can't be OPTIONAL now */
585 ret = asn1_template_noexp_d2i(val, &p, len, tt, 0, ctx);
586 if (!ret)
587 {
588 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
589 return 0;
590 }
591 /* We read the field in OK so update length */
592 len -= p - q;
593 if (exp_eoc)
594 {
595 /* If NDEF we must have an EOC here */
596 if (!asn1_check_eoc(&p, len))
597 {
598 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
599 goto err;
600 }
601 }
602 else
603 {
604 /* Otherwise we must hit the EXPLICIT tag end or its
605 * an error */
606 if (len)
607 {
608 OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPLICIT_LENGTH_MISMATCH);
609 goto err;
610 }
611 }
612 }
613 else
614 return asn1_template_noexp_d2i(val, in, inlen,
615 tt, opt, ctx);
616
617 *in = p;
618 return 1;
619
620 err:
621 ASN1_template_free(val, tt);
622 return 0;
623 }
624
asn1_template_noexp_d2i(ASN1_VALUE ** val,const unsigned char ** in,long len,const ASN1_TEMPLATE * tt,char opt,ASN1_TLC * ctx)625 static int asn1_template_noexp_d2i(ASN1_VALUE **val,
626 const unsigned char **in, long len,
627 const ASN1_TEMPLATE *tt, char opt,
628 ASN1_TLC *ctx)
629 {
630 int flags, aclass;
631 int ret;
632 const unsigned char *p;
633 if (!val)
634 return 0;
635 flags = tt->flags;
636 aclass = flags & ASN1_TFLG_TAG_CLASS;
637
638 p = *in;
639
640 if (flags & ASN1_TFLG_SK_MASK)
641 {
642 /* SET OF, SEQUENCE OF */
643 int sktag, skaclass;
644 char sk_eoc;
645 /* First work out expected inner tag value */
646 if (flags & ASN1_TFLG_IMPTAG)
647 {
648 sktag = tt->tag;
649 skaclass = aclass;
650 }
651 else
652 {
653 skaclass = V_ASN1_UNIVERSAL;
654 if (flags & ASN1_TFLG_SET_OF)
655 sktag = V_ASN1_SET;
656 else
657 sktag = V_ASN1_SEQUENCE;
658 }
659 /* Get the tag */
660 ret = asn1_check_tlen(&len, NULL, NULL, &sk_eoc, NULL,
661 &p, len, sktag, skaclass, opt, ctx);
662 if (!ret)
663 {
664 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
665 return 0;
666 }
667 else if (ret == -1)
668 return -1;
669 if (!*val)
670 *val = (ASN1_VALUE *)sk_new_null();
671 else
672 {
673 /* We've got a valid STACK: free up any items present */
674 STACK_OF(ASN1_VALUE) *sktmp
675 = (STACK_OF(ASN1_VALUE) *)*val;
676 ASN1_VALUE *vtmp;
677 while(sk_ASN1_VALUE_num(sktmp) > 0)
678 {
679 vtmp = sk_ASN1_VALUE_pop(sktmp);
680 ASN1_item_ex_free(&vtmp,
681 ASN1_ITEM_ptr(tt->item));
682 }
683 }
684
685 if (!*val)
686 {
687 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
688 goto err;
689 }
690
691 /* Read as many items as we can */
692 while(len > 0)
693 {
694 ASN1_VALUE *skfield;
695 const unsigned char *q = p;
696 /* See if EOC found */
697 if (asn1_check_eoc(&p, len))
698 {
699 if (!sk_eoc)
700 {
701 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
702 goto err;
703 }
704 len -= p - q;
705 sk_eoc = 0;
706 break;
707 }
708 skfield = NULL;
709 if (!ASN1_item_ex_d2i(&skfield, &p, len,
710 ASN1_ITEM_ptr(tt->item),
711 -1, 0, 0, ctx))
712 {
713 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
714 goto err;
715 }
716 len -= p - q;
717 if (!sk_ASN1_VALUE_push((STACK_OF(ASN1_VALUE) *)*val,
718 skfield))
719 {
720 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
721 goto err;
722 }
723 }
724 if (sk_eoc)
725 {
726 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
727 goto err;
728 }
729 }
730 else if (flags & ASN1_TFLG_IMPTAG)
731 {
732 /* IMPLICIT tagging */
733 ret = ASN1_item_ex_d2i(val, &p, len,
734 ASN1_ITEM_ptr(tt->item), tt->tag, aclass, opt, ctx);
735 if (!ret)
736 {
737 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
738 goto err;
739 }
740 else if (ret == -1)
741 return -1;
742 }
743 else
744 {
745 /* Nothing special */
746 ret = ASN1_item_ex_d2i(val, &p, len, ASN1_ITEM_ptr(tt->item),
747 -1, tt->flags & ASN1_TFLG_COMBINE, opt, ctx);
748 if (!ret)
749 {
750 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
751 goto err;
752 }
753 else if (ret == -1)
754 return -1;
755 }
756
757 *in = p;
758 return 1;
759
760 err:
761 ASN1_template_free(val, tt);
762 return 0;
763 }
764
asn1_d2i_ex_primitive(ASN1_VALUE ** pval,const unsigned char ** in,long inlen,const ASN1_ITEM * it,int tag,int aclass,char opt,ASN1_TLC * ctx)765 static int asn1_d2i_ex_primitive(ASN1_VALUE **pval,
766 const unsigned char **in, long inlen,
767 const ASN1_ITEM *it,
768 int tag, int aclass, char opt, ASN1_TLC *ctx)
769 OPENSSL_SUPPRESS_POTENTIALLY_UNINITIALIZED_WARNINGS
770 {
771 int ret = 0, utype;
772 long plen;
773 char cst, inf, free_cont = 0;
774 const unsigned char *p;
775 BUF_MEM buf;
776 const unsigned char *cont = NULL;
777 long len;
778 if (!pval)
779 {
780 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_NULL);
781 return 0; /* Should never happen */
782 }
783
784 if (it->itype == ASN1_ITYPE_MSTRING)
785 {
786 utype = tag;
787 tag = -1;
788 }
789 else
790 utype = it->utype;
791
792 if (utype == V_ASN1_ANY)
793 {
794 /* If type is ANY need to figure out type from tag */
795 unsigned char oclass;
796 if (tag >= 0)
797 {
798 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_TAGGED_ANY);
799 return 0;
800 }
801 if (opt)
802 {
803 OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OPTIONAL_ANY);
804 return 0;
805 }
806 p = *in;
807 ret = asn1_check_tlen(NULL, &utype, &oclass, NULL, NULL,
808 &p, inlen, -1, 0, 0, ctx);
809 if (!ret)
810 {
811 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
812 return 0;
813 }
814 if (oclass != V_ASN1_UNIVERSAL)
815 utype = V_ASN1_OTHER;
816 }
817 if (tag == -1)
818 {
819 tag = utype;
820 aclass = V_ASN1_UNIVERSAL;
821 }
822 p = *in;
823 /* Check header */
824 ret = asn1_check_tlen(&plen, NULL, NULL, &inf, &cst,
825 &p, inlen, tag, aclass, opt, ctx);
826 if (!ret)
827 {
828 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
829 return 0;
830 }
831 else if (ret == -1)
832 return -1;
833 ret = 0;
834 /* SEQUENCE, SET and "OTHER" are left in encoded form */
835 if ((utype == V_ASN1_SEQUENCE)
836 || (utype == V_ASN1_SET) || (utype == V_ASN1_OTHER))
837 {
838 /* Clear context cache for type OTHER because the auto clear
839 * when we have a exact match wont work
840 */
841 if (utype == V_ASN1_OTHER)
842 {
843 asn1_tlc_clear(ctx);
844 }
845 /* SEQUENCE and SET must be constructed */
846 else if (!cst)
847 {
848 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_CONSTRUCTED);
849 return 0;
850 }
851
852 cont = *in;
853 /* If indefinite length constructed find the real end */
854 if (inf)
855 {
856 if (!asn1_find_end(&p, plen, inf))
857 goto err;
858 len = p - cont;
859 }
860 else
861 {
862 len = p - cont + plen;
863 p += plen;
864 buf.data = NULL;
865 }
866 }
867 else if (cst)
868 {
869 if (utype == V_ASN1_NULL || utype == V_ASN1_BOOLEAN
870 || utype == V_ASN1_OBJECT || utype == V_ASN1_INTEGER
871 || utype == V_ASN1_ENUMERATED)
872 {
873 /* These types only have primitive encodings. */
874 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
875 return 0;
876 }
877
878 buf.length = 0;
879 buf.max = 0;
880 buf.data = NULL;
881 /* Should really check the internal tags are correct but
882 * some things may get this wrong. The relevant specs
883 * say that constructed string types should be OCTET STRINGs
884 * internally irrespective of the type. So instead just check
885 * for UNIVERSAL class and ignore the tag.
886 */
887 if (!asn1_collect(&buf, &p, plen, inf, -1, V_ASN1_UNIVERSAL, 0))
888 {
889 free_cont = 1;
890 goto err;
891 }
892 len = buf.length;
893 /* Append a final null to string */
894 if (!BUF_MEM_grow_clean(&buf, len + 1))
895 {
896 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
897 return 0;
898 }
899 buf.data[len] = 0;
900 cont = (const unsigned char *)buf.data;
901 free_cont = 1;
902 }
903 else
904 {
905 cont = p;
906 len = plen;
907 p += plen;
908 }
909
910 /* We now have content length and type: translate into a structure */
911 if (!asn1_ex_c2i(pval, cont, len, utype, &free_cont, it))
912 goto err;
913
914 *in = p;
915 ret = 1;
916 err:
917 if (free_cont && buf.data) OPENSSL_free(buf.data);
918 return ret;
919 }
920
921 /* Translate ASN1 content octets into a structure */
922
asn1_ex_c2i(ASN1_VALUE ** pval,const unsigned char * cont,int len,int utype,char * free_cont,const ASN1_ITEM * it)923 int asn1_ex_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
924 int utype, char *free_cont, const ASN1_ITEM *it)
925 {
926 ASN1_VALUE **opval = NULL;
927 ASN1_STRING *stmp;
928 ASN1_TYPE *typ = NULL;
929 int ret = 0;
930 const ASN1_PRIMITIVE_FUNCS *pf;
931 ASN1_INTEGER **tint;
932 pf = it->funcs;
933
934 if (pf && pf->prim_c2i)
935 return pf->prim_c2i(pval, cont, len, utype, free_cont, it);
936 /* If ANY type clear type and set pointer to internal value */
937 if (it->utype == V_ASN1_ANY)
938 {
939 if (!*pval)
940 {
941 typ = ASN1_TYPE_new();
942 if (typ == NULL)
943 goto err;
944 *pval = (ASN1_VALUE *)typ;
945 }
946 else
947 typ = (ASN1_TYPE *)*pval;
948
949 if (utype != typ->type)
950 ASN1_TYPE_set(typ, utype, NULL);
951 opval = pval;
952 pval = &typ->value.asn1_value;
953 }
954 switch(utype)
955 {
956 case V_ASN1_OBJECT:
957 if (!c2i_ASN1_OBJECT((ASN1_OBJECT **)pval, &cont, len))
958 goto err;
959 break;
960
961 case V_ASN1_NULL:
962 if (len)
963 {
964 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NULL_IS_WRONG_LENGTH);
965 goto err;
966 }
967 *pval = (ASN1_VALUE *)1;
968 break;
969
970 case V_ASN1_BOOLEAN:
971 if (len != 1)
972 {
973 OPENSSL_PUT_ERROR(ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
974 goto err;
975 }
976 else
977 {
978 ASN1_BOOLEAN *tbool;
979 tbool = (ASN1_BOOLEAN *)pval;
980 *tbool = *cont;
981 }
982 break;
983
984 case V_ASN1_BIT_STRING:
985 if (!c2i_ASN1_BIT_STRING((ASN1_BIT_STRING **)pval, &cont, len))
986 goto err;
987 break;
988
989 case V_ASN1_INTEGER:
990 case V_ASN1_NEG_INTEGER:
991 case V_ASN1_ENUMERATED:
992 case V_ASN1_NEG_ENUMERATED:
993 tint = (ASN1_INTEGER **)pval;
994 if (!c2i_ASN1_INTEGER(tint, &cont, len))
995 goto err;
996 /* Fixup type to match the expected form */
997 (*tint)->type = utype | ((*tint)->type & V_ASN1_NEG);
998 break;
999
1000 case V_ASN1_OCTET_STRING:
1001 case V_ASN1_NUMERICSTRING:
1002 case V_ASN1_PRINTABLESTRING:
1003 case V_ASN1_T61STRING:
1004 case V_ASN1_VIDEOTEXSTRING:
1005 case V_ASN1_IA5STRING:
1006 case V_ASN1_UTCTIME:
1007 case V_ASN1_GENERALIZEDTIME:
1008 case V_ASN1_GRAPHICSTRING:
1009 case V_ASN1_VISIBLESTRING:
1010 case V_ASN1_GENERALSTRING:
1011 case V_ASN1_UNIVERSALSTRING:
1012 case V_ASN1_BMPSTRING:
1013 case V_ASN1_UTF8STRING:
1014 case V_ASN1_OTHER:
1015 case V_ASN1_SET:
1016 case V_ASN1_SEQUENCE:
1017 default:
1018 if (utype == V_ASN1_BMPSTRING && (len & 1))
1019 {
1020 OPENSSL_PUT_ERROR(ASN1, ASN1_R_BMPSTRING_IS_WRONG_LENGTH);
1021 goto err;
1022 }
1023 if (utype == V_ASN1_UNIVERSALSTRING && (len & 3))
1024 {
1025 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH);
1026 goto err;
1027 }
1028 /* All based on ASN1_STRING and handled the same */
1029 if (!*pval)
1030 {
1031 stmp = ASN1_STRING_type_new(utype);
1032 if (!stmp)
1033 {
1034 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
1035 goto err;
1036 }
1037 *pval = (ASN1_VALUE *)stmp;
1038 }
1039 else
1040 {
1041 stmp = (ASN1_STRING *)*pval;
1042 stmp->type = utype;
1043 }
1044 /* If we've already allocated a buffer use it */
1045 if (*free_cont)
1046 {
1047 if (stmp->data)
1048 OPENSSL_free(stmp->data);
1049 stmp->data = (unsigned char *)cont; /* UGLY CAST! RL */
1050 stmp->length = len;
1051 *free_cont = 0;
1052 }
1053 else
1054 {
1055 if (!ASN1_STRING_set(stmp, cont, len))
1056 {
1057 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
1058 ASN1_STRING_free(stmp);
1059 *pval = NULL;
1060 goto err;
1061 }
1062 }
1063 break;
1064 }
1065 /* If ASN1_ANY and NULL type fix up value */
1066 if (typ && (utype == V_ASN1_NULL))
1067 typ->value.ptr = NULL;
1068
1069 ret = 1;
1070 err:
1071 if (!ret)
1072 {
1073 ASN1_TYPE_free(typ);
1074 if (opval)
1075 *opval = NULL;
1076 }
1077 return ret;
1078 }
1079
1080
1081 /* This function finds the end of an ASN1 structure when passed its maximum
1082 * length, whether it is indefinite length and a pointer to the content.
1083 * This is more efficient than calling asn1_collect because it does not
1084 * recurse on each indefinite length header.
1085 */
1086
asn1_find_end(const unsigned char ** in,long len,char inf)1087 static int asn1_find_end(const unsigned char **in, long len, char inf)
1088 {
1089 int expected_eoc;
1090 long plen;
1091 const unsigned char *p = *in, *q;
1092 /* If not indefinite length constructed just add length */
1093 if (inf == 0)
1094 {
1095 *in += len;
1096 return 1;
1097 }
1098 expected_eoc = 1;
1099 /* Indefinite length constructed form. Find the end when enough EOCs
1100 * are found. If more indefinite length constructed headers
1101 * are encountered increment the expected eoc count otherwise just
1102 * skip to the end of the data.
1103 */
1104 while (len > 0)
1105 {
1106 if(asn1_check_eoc(&p, len))
1107 {
1108 expected_eoc--;
1109 if (expected_eoc == 0)
1110 break;
1111 len -= 2;
1112 continue;
1113 }
1114 q = p;
1115 /* Just read in a header: only care about the length */
1116 if(!asn1_check_tlen(&plen, NULL, NULL, &inf, NULL, &p, len,
1117 -1, 0, 0, NULL))
1118 {
1119 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
1120 return 0;
1121 }
1122 if (inf)
1123 expected_eoc++;
1124 else
1125 p += plen;
1126 len -= p - q;
1127 }
1128 if (expected_eoc)
1129 {
1130 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
1131 return 0;
1132 }
1133 *in = p;
1134 return 1;
1135 }
1136 /* This function collects the asn1 data from a constructred string
1137 * type into a buffer. The values of 'in' and 'len' should refer
1138 * to the contents of the constructed type and 'inf' should be set
1139 * if it is indefinite length.
1140 */
1141
1142 #ifndef ASN1_MAX_STRING_NEST
1143 /* This determines how many levels of recursion are permitted in ASN1
1144 * string types. If it is not limited stack overflows can occur. If set
1145 * to zero no recursion is allowed at all. Although zero should be adequate
1146 * examples exist that require a value of 1. So 5 should be more than enough.
1147 */
1148 #define ASN1_MAX_STRING_NEST 5
1149 #endif
1150
1151
asn1_collect(BUF_MEM * buf,const unsigned char ** in,long len,char inf,int tag,int aclass,int depth)1152 static int asn1_collect(BUF_MEM *buf, const unsigned char **in, long len,
1153 char inf, int tag, int aclass, int depth)
1154 {
1155 const unsigned char *p, *q;
1156 long plen;
1157 char cst, ininf;
1158 p = *in;
1159 inf &= 1;
1160 /* If no buffer and not indefinite length constructed just pass over
1161 * the encoded data */
1162 if (!buf && !inf)
1163 {
1164 *in += len;
1165 return 1;
1166 }
1167 while(len > 0)
1168 {
1169 q = p;
1170 /* Check for EOC */
1171 if (asn1_check_eoc(&p, len))
1172 {
1173 /* EOC is illegal outside indefinite length
1174 * constructed form */
1175 if (!inf)
1176 {
1177 OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNEXPECTED_EOC);
1178 return 0;
1179 }
1180 inf = 0;
1181 break;
1182 }
1183
1184 if (!asn1_check_tlen(&plen, NULL, NULL, &ininf, &cst, &p,
1185 len, tag, aclass, 0, NULL))
1186 {
1187 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_ERROR);
1188 return 0;
1189 }
1190
1191 /* If indefinite length constructed update max length */
1192 if (cst)
1193 {
1194 if (depth >= ASN1_MAX_STRING_NEST)
1195 {
1196 OPENSSL_PUT_ERROR(ASN1, ASN1_R_NESTED_ASN1_STRING);
1197 return 0;
1198 }
1199 if (!asn1_collect(buf, &p, plen, ininf, tag, aclass,
1200 depth + 1))
1201 return 0;
1202 }
1203 else if (plen && !collect_data(buf, &p, plen))
1204 return 0;
1205 len -= p - q;
1206 }
1207 if (inf)
1208 {
1209 OPENSSL_PUT_ERROR(ASN1, ASN1_R_MISSING_EOC);
1210 return 0;
1211 }
1212 *in = p;
1213 return 1;
1214 }
1215
collect_data(BUF_MEM * buf,const unsigned char ** p,long plen)1216 static int collect_data(BUF_MEM *buf, const unsigned char **p, long plen)
1217 {
1218 int len;
1219 if (buf)
1220 {
1221 len = buf->length;
1222 if (!BUF_MEM_grow_clean(buf, len + plen))
1223 {
1224 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
1225 return 0;
1226 }
1227 memcpy(buf->data + len, *p, plen);
1228 }
1229 *p += plen;
1230 return 1;
1231 }
1232
1233 /* Check for ASN1 EOC and swallow it if found */
1234
asn1_check_eoc(const unsigned char ** in,long len)1235 static int asn1_check_eoc(const unsigned char **in, long len)
1236 {
1237 const unsigned char *p;
1238 if (len < 2) return 0;
1239 p = *in;
1240 if (!p[0] && !p[1])
1241 {
1242 *in += 2;
1243 return 1;
1244 }
1245 return 0;
1246 }
1247
1248 /* Check an ASN1 tag and length: a bit like ASN1_get_object
1249 * but it sets the length for indefinite length constructed
1250 * form, we don't know the exact length but we can set an
1251 * upper bound to the amount of data available minus the
1252 * header length just read.
1253 */
1254
asn1_check_tlen(long * olen,int * otag,unsigned char * oclass,char * inf,char * cst,const unsigned char ** in,long len,int exptag,int expclass,char opt,ASN1_TLC * ctx)1255 static int asn1_check_tlen(long *olen, int *otag, unsigned char *oclass,
1256 char *inf, char *cst,
1257 const unsigned char **in, long len,
1258 int exptag, int expclass, char opt,
1259 ASN1_TLC *ctx)
1260 {
1261 int i;
1262 int ptag, pclass;
1263 long plen;
1264 const unsigned char *p, *q;
1265 p = *in;
1266 q = p;
1267
1268 if (ctx && ctx->valid)
1269 {
1270 i = ctx->ret;
1271 plen = ctx->plen;
1272 pclass = ctx->pclass;
1273 ptag = ctx->ptag;
1274 p += ctx->hdrlen;
1275 }
1276 else
1277 {
1278 i = ASN1_get_object(&p, &plen, &ptag, &pclass, len);
1279 if (ctx)
1280 {
1281 ctx->ret = i;
1282 ctx->plen = plen;
1283 ctx->pclass = pclass;
1284 ctx->ptag = ptag;
1285 ctx->hdrlen = p - q;
1286 ctx->valid = 1;
1287 /* If definite length, and no error, length +
1288 * header can't exceed total amount of data available.
1289 */
1290 if (!(i & 0x81) && ((plen + ctx->hdrlen) > len))
1291 {
1292 OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
1293 asn1_tlc_clear(ctx);
1294 return 0;
1295 }
1296 }
1297 }
1298
1299 if (i & 0x80)
1300 {
1301 OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
1302 asn1_tlc_clear(ctx);
1303 return 0;
1304 }
1305 if (exptag >= 0)
1306 {
1307 if ((exptag != ptag) || (expclass != pclass))
1308 {
1309 /* If type is OPTIONAL, not an error:
1310 * indicate missing type.
1311 */
1312 if (opt) return -1;
1313 asn1_tlc_clear(ctx);
1314 OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_TAG);
1315 return 0;
1316 }
1317 /* We have a tag and class match:
1318 * assume we are going to do something with it */
1319 asn1_tlc_clear(ctx);
1320 }
1321
1322 if (i & 1)
1323 plen = len - (p - q);
1324
1325 if (inf)
1326 *inf = i & 1;
1327
1328 if (cst)
1329 *cst = i & V_ASN1_CONSTRUCTED;
1330
1331 if (olen)
1332 *olen = plen;
1333
1334 if (oclass)
1335 *oclass = pclass;
1336
1337 if (otag)
1338 *otag = ptag;
1339
1340 *in = p;
1341 return 1;
1342 }
1343