1 files changed, 54 insertions, 25 deletions

diff --git a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
index 596b6564..65749239 100644
--- a/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
+++ b/Cryptlib/OpenSSL/crypto/asn1/asn1_gen.c
@@ -74,6 +74,8 @@
 #define ASN1_GEN_STR(str,val)   {str, sizeof(str) - 1, val}
 
 #define ASN1_FLAG_EXP_MAX       20
+/* Maximum number of nested sequences */
+#define ASN1_GEN_SEQ_MAX_DEPTH  50
 
 /* Input formats */
 
@@ -110,13 +112,16 @@ typedef struct {
     int exp_count;
 } tag_exp_arg;
 
+static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+                              int *perr);
 static int bitstr_cb(const char *elem, int len, void *bitstr);
 static int asn1_cb(const char *elem, int len, void *bitstr);
 static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
                       int exp_constructed, int exp_pad, int imp_ok);
 static int parse_tagging(const char *vstart, int vlen, int *ptag,
                          int *pclass);
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf);
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr);
 static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype);
 static int asn1_str2tag(const char *tagstr, int len);
 
@@ -133,6 +138,16 @@ ASN1_TYPE *ASN1_generate_nconf(char *str, CONF *nconf)
 
 ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
 {
+    int err = 0;
+    ASN1_TYPE *ret = generate_v3(str, cnf, 0, &err);
+    if (err)
+        ASN1err(ASN1_F_ASN1_GENERATE_V3, err);
+    return ret;
+}
+
+static ASN1_TYPE *generate_v3(char *str, X509V3_CTX *cnf, int depth,
+                              int *perr)
+{
     ASN1_TYPE *ret;
     tag_exp_arg asn1_tags;
     tag_exp_type *etmp;
@@ -152,17 +167,22 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
     asn1_tags.imp_class = -1;
     asn1_tags.format = ASN1_GEN_FORMAT_ASCII;
     asn1_tags.exp_count = 0;
-    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0)
+    if (CONF_parse_list(str, ',', 1, asn1_cb, &asn1_tags) != 0) {
+        *perr = ASN1_R_UNKNOWN_TAG;
         return NULL;
+    }
 
     if ((asn1_tags.utype == V_ASN1_SEQUENCE)
         || (asn1_tags.utype == V_ASN1_SET)) {
         if (!cnf) {
-            ASN1err(ASN1_F_ASN1_GENERATE_V3,
-                    ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG);
+            *perr = ASN1_R_SEQUENCE_OR_SET_NEEDS_CONFIG;
+            return NULL;
+        }
+        if (depth >= ASN1_GEN_SEQ_MAX_DEPTH) {
+            *perr = ASN1_R_ILLEGAL_NESTED_TAGGING;
             return NULL;
         }
-        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf);
+        ret = asn1_multi(asn1_tags.utype, asn1_tags.str, cnf, depth, perr);
     } else
         ret = asn1_str2type(asn1_tags.str, asn1_tags.format, asn1_tags.utype);
 
@@ -242,9 +262,14 @@ ASN1_TYPE *ASN1_generate_v3(char *str, X509V3_CTX *cnf)
 
     /* If IMPLICIT, output tag */
 
-    if (asn1_tags.imp_tag != -1)
+    if (asn1_tags.imp_tag != -1) {
+        if (asn1_tags.imp_class == V_ASN1_UNIVERSAL
+            && (asn1_tags.imp_tag == V_ASN1_SEQUENCE
+                || asn1_tags.imp_tag == V_ASN1_SET))
+            hdr_constructed = V_ASN1_CONSTRUCTED;
         ASN1_put_object(&p, hdr_constructed, hdr_len,
                         asn1_tags.imp_tag, asn1_tags.imp_class);
+    }
 
     /* Copy across original encoding */
     memcpy(p, cpy_start, cpy_len);
@@ -274,6 +299,9 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
 
     int tmp_tag, tmp_class;
 
+    if (elem == NULL)
+        return -1;
+
     for (i = 0, p = elem; i < len; p++, i++) {
         /* Look for the ':' in name value pairs */
         if (*p == ':') {
@@ -345,13 +373,17 @@ static int asn1_cb(const char *elem, int len, void *bitstr)
         break;
 
     case ASN1_GEN_FLAG_FORMAT:
+        if (!vstart) {
+            ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKNOWN_FORMAT);
+            return -1;
+        }
         if (!strncmp(vstart, "ASCII", 5))
             arg->format = ASN1_GEN_FORMAT_ASCII;
         else if (!strncmp(vstart, "UTF8", 4))
             arg->format = ASN1_GEN_FORMAT_UTF8;
         else if (!strncmp(vstart, "HEX", 3))
             arg->format = ASN1_GEN_FORMAT_HEX;
-        else if (!strncmp(vstart, "BITLIST", 3))
+        else if (!strncmp(vstart, "BITLIST", 7))
             arg->format = ASN1_GEN_FORMAT_BITLIST;
         else {
             ASN1err(ASN1_F_ASN1_CB, ASN1_R_UNKOWN_FORMAT);
@@ -423,14 +455,15 @@ static int parse_tagging(const char *vstart, int vlen, int *ptag, int *pclass)
 
 /* Handle multiple types: SET and SEQUENCE */
 
-static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
+static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf,
+                             int depth, int *perr)
 {
-    ASN1_TYPE *ret = NULL, *typ = NULL;
+    ASN1_TYPE *ret = NULL;
     STACK_OF(ASN1_TYPE) *sk = NULL;
     STACK_OF(CONF_VALUE) *sect = NULL;
-    unsigned char *der = NULL, *p;
+    unsigned char *der = NULL;
     int derlen;
-    int i, is_set;
+    int i;
     sk = sk_ASN1_TYPE_new_null();
     if (!sk)
         goto bad;
@@ -441,12 +474,13 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
         if (!sect)
             goto bad;
         for (i = 0; i < sk_CONF_VALUE_num(sect); i++) {
-            typ = ASN1_generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf);
+            ASN1_TYPE *typ =
+                generate_v3(sk_CONF_VALUE_value(sect, i)->value, cnf,
+                            depth + 1, perr);
             if (!typ)
                 goto bad;
             if (!sk_ASN1_TYPE_push(sk, typ))
                 goto bad;
-            typ = NULL;
         }
     }
 
@@ -455,18 +489,12 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
      */
 
     if (utype == V_ASN1_SET)
-        is_set = 1;
+        derlen = i2d_ASN1_SET_ANY(sk, &der);
     else
-        is_set = 0;
+        derlen = i2d_ASN1_SEQUENCE_ANY(sk, &der);
 
-    derlen = i2d_ASN1_SET_OF_ASN1_TYPE(sk, NULL, i2d_ASN1_TYPE, utype,
-                                       V_ASN1_UNIVERSAL, is_set);
-    der = OPENSSL_malloc(derlen);
-    if (!der)
+    if (derlen < 0)
         goto bad;
-    p = der;
-    i2d_ASN1_SET_OF_ASN1_TYPE(sk, &p, i2d_ASN1_TYPE, utype,
-                              V_ASN1_UNIVERSAL, is_set);
 
     if (!(ret = ASN1_TYPE_new()))
         goto bad;
@@ -488,8 +516,6 @@ static ASN1_TYPE *asn1_multi(int utype, const char *section, X509V3_CTX *cnf)
 
     if (sk)
         sk_ASN1_TYPE_pop_free(sk, ASN1_TYPE_free);
-    if (typ)
-        ASN1_TYPE_free(typ);
     if (sect)
         X509V3_section_free(cnf, sect);
 
@@ -535,7 +561,7 @@ static int append_exp(tag_exp_arg *arg, int exp_tag, int exp_class,
 static int asn1_str2tag(const char *tagstr, int len)
 {
     unsigned int i;
-    static struct tag_name_st *tntmp, tnst[] = {
+    static const struct tag_name_st *tntmp, tnst[] = {
         ASN1_GEN_STR("BOOL", V_ASN1_BOOLEAN),
         ASN1_GEN_STR("BOOLEAN", V_ASN1_BOOLEAN),
         ASN1_GEN_STR("NULL", V_ASN1_NULL),
@@ -570,6 +596,8 @@ static int asn1_str2tag(const char *tagstr, int len)
         ASN1_GEN_STR("TELETEXSTRING", V_ASN1_T61STRING),
         ASN1_GEN_STR("GeneralString", V_ASN1_GENERALSTRING),
         ASN1_GEN_STR("GENSTR", V_ASN1_GENERALSTRING),
+        ASN1_GEN_STR("NUMERIC", V_ASN1_NUMERICSTRING),
+        ASN1_GEN_STR("NUMERICSTRING", V_ASN1_NUMERICSTRING),
 
         /* Special cases */
         ASN1_GEN_STR("SEQUENCE", V_ASN1_SEQUENCE),
@@ -701,6 +729,7 @@ static ASN1_TYPE *asn1_str2type(const char *str, int format, int utype)
     case V_ASN1_VISIBLESTRING:
     case V_ASN1_UNIVERSALSTRING:
     case V_ASN1_GENERALSTRING:
+    case V_ASN1_NUMERICSTRING:
 
         if (format == ASN1_GEN_FORMAT_ASCII)
             format = MBSTRING_ASC;