自学教程：C++ ASN1_item_d2i函数代码示例

STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req){	X509_ATTRIBUTE *attr;	ASN1_TYPE *ext = NULL;	int idx, *pnid;	const unsigned char *p;	if ((req == NULL) || (req->req_info == NULL) || !ext_nids)		return (NULL);	for (pnid = ext_nids; *pnid != NID_undef; pnid++) {		idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);		if (idx == -1)			continue;		attr = X509_REQ_get_attr(req, idx);		if (attr->single)			ext = attr->value.single;		else if (sk_ASN1_TYPE_num(attr->value.set))			ext = sk_ASN1_TYPE_value(attr->value.set, 0);		break;	}	if (!ext || (ext->type != V_ASN1_SEQUENCE))		return NULL;	p = ext->value.sequence->data;	return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,	    ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));}

void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,	     const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf){	unsigned char *out;	const unsigned char *p;	void *ret;	int outlen;	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,			       &out, &outlen, 0)) {		PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);		return NULL;	}	p = out;#ifdef DEBUG_DECRYPT	{		FILE *op;		char fname[30];		static int fnm = 1;		sprintf(fname, "DER%d", fnm++);		op = fopen(fname, "wb");		fwrite (p, 1, outlen, op);		fclose(op);	}#endif	ret = ASN1_item_d2i(NULL, &p, outlen, it);	if (zbuf) OPENSSL_cleanse(out, outlen);	if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);	OPENSSL_free(out);	return ret;}

int FuzzerTestOneInput(const uint8_t *buf, size_t len) {    for (int n = 0; item_type[n] != NULL; ++n) {        const uint8_t *b = buf;        ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);        ASN1_item_free(o, item_type[n]);    }    return 0;}

void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it){	const unsigned char *p;	void *ret;	p = oct->data;	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))		ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);	return ret;}

void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it){	const unsigned char *p;	void *ret;	p = oct->data;	if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))		OPENSSL_PUT_ERROR(ASN1, ASN1_item_unpack, ASN1_R_DECODE_ERROR);	return ret;}

EXPORT_C void *X509V3_EXT_d2i(X509_EXTENSION *ext){	X509V3_EXT_METHOD *method;	const unsigned char *p;	if(!(method = X509V3_EXT_get(ext))) return NULL;	p = ext->value->data;	if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));	return method->d2i(NULL, &p, ext->value->length);}

void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)	{	BUF_MEM *b = NULL;	const unsigned char *p;	void *ret=NULL;	int len;	len = asn1_d2i_read_bio(in, &b);	if(len < 0) goto err;	p=(const unsigned char *)b->data;	ret=ASN1_item_d2i(x,&p,len, it);err:	if (b != NULL) BUF_MEM_free(b);	return(ret);	}

void *X509V3_EXT_d2i(X509_EXTENSION *ext){    const X509V3_EXT_METHOD *method;    const unsigned char *p;    ASN1_STRING *extvalue;    int extlen;    if ((method = X509V3_EXT_get(ext)) == NULL)        return NULL;    extvalue = X509_EXTENSION_get_data(ext);    p = ASN1_STRING_get0_data(extvalue);    extlen = ASN1_STRING_length(extvalue);    if (method->it)        return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));    return method->d2i(NULL, &p, extlen);}

void *ASN1_item_dup(const ASN1_ITEM *it, void *x)	{	unsigned char *b = NULL, *p;	long i;	void *ret;	if (x == NULL) return(NULL);	i=ASN1_item_i2d(x,&b,it);	if (b == NULL)		{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }	p= b;	ret=ASN1_item_d2i(NULL,&p,i, it);	OPENSSL_free(b);	return(ret);	}

int protocol_checkcert(void *peer, X509 * cert){  struct in_network net;  int i, j;  const unsigned char *p;  void *ext_str = NULL;  const STACK_OF(X509_EXTENSION) * exts = cert->cert_info->extensions;  X509_EXTENSION *ext;  X509V3_EXT_METHOD *method;  STACK_OF(GENERAL_SUBTREE) * trees;  GENERAL_SUBTREE *tree;  for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)    {      ext = sk_X509_EXTENSION_value(exts, i);      if ((method = X509V3_EXT_get(ext))          && method->ext_nid == NID_name_constraints)        {          p = ext->value->data;          if (method->it)            ext_str = ASN1_item_d2i(NULL, &p, ext->value->length,                                    ASN1_ITEM_ptr(method->it));          else            ext_str = method->d2i(NULL, &p, ext->value->length);          trees = ((NAME_CONSTRAINTS *) ext_str)->permittedSubtrees;          for (j = 0; j < sk_GENERAL_SUBTREE_num(trees); j++)            {              tree = sk_GENERAL_SUBTREE_value(trees, j);              if (tree->base->type == GEN_IPADD)                p = tree->base->d.ip->data;              if (tree->base->d.ip->length == 8)                {                  net.addr.s_addr = *((uint32_t *) p);                  net.netmask.s_addr = *((uint32_t *) & p[4]);                  printf("%s/", inet_ntoa(net.addr));                  printf("%s/n", inet_ntoa(net.netmask));                }//else if(len == 32) //IPv6//  See openssl/crypto/x509v3/v3_ncons.c:static int print_nc_ipadd()//else //DNS//  GENERAL_NAME_print(bp, tree->base);            }        }    }  return 0;}

/* * Internal static function for decoding of the publication reference. */static int decodePubReference(GTPublicationsFile *pubfile){	const unsigned char *p;	assert(pubfile->pub_reference == NULL);	p = pubfile->data + pubfile->pub_reference_begin;	ERR_clear_error();	pubfile->pub_reference = (GTReferences*) ASN1_item_d2i(NULL, &p,			pubfile->signature_block_begin - pubfile->pub_reference_begin,			ASN1_ITEM_rptr(GTReferences));	if (pubfile->pub_reference == NULL) {		return GT_isMallocFailure() ? GT_OUT_OF_MEMORY : GT_INVALID_FORMAT;	}	return GT_OK;}

int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx,                          ASN1_VALUE **pval, const ASN1_ITEM *it){    int rv, len;    const unsigned char *p;    rv = OCSP_REQ_CTX_nbio(rctx);    if (rv != 1)        return rv;    len = BIO_get_mem_data(rctx->mem, &p);    *pval = ASN1_item_d2i(NULL, &p, len, it);    if (*pval == NULL) {        rctx->state = OHS_ERROR;        return 0;    }    return 1;}

/* Match a hostname against the contents of a dNSName field of the   subjectAltName extension, if present. This is the preferred place for a   certificate to store its domain name, as opposed to in the commonName field.   It has the advantage that multiple names can be stored, so that one   certificate can match both "example.com" and "www.example.com".   If num_checked is not NULL, the number of dNSName fields that were checked   before returning will be stored in it. This is so you can distinguish between   the check failing because there were names but none matched, or because there   were no names to match. */static int cert_match_dnsname(X509 *cert, const char *hostname,    unsigned int *num_checked){    X509_EXTENSION *ext;    STACK_OF(GENERAL_NAME) *gen_names;    const X509V3_EXT_METHOD *method;    unsigned char *data;    int i;    if (num_checked != NULL)        *num_checked = 0;    i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);    if (i < 0)        return 0;    /* If there's more than one subjectAltName extension, forget it. */    if (X509_get_ext_by_NID(cert, NID_subject_alt_name, i) >= 0)        return 0;    ext = X509_get_ext(cert, i);    /* See the function X509V3_EXT_print in the OpenSSL source for this method       of getting a string value from an extension. */    method = X509V3_EXT_get(ext);    if (method == NULL)        return 0;    /* We must copy this address into a temporary variable because ASN1_item_d2i       increments it. We don't want it to corrupt ext->value->data. */    data = ext->value->data;    /* Here we rely on the fact that the internal representation (the "i" in       "i2d") for NID_subject_alt_name is STACK_OF(GENERAL_NAME). Converting it       to a stack of CONF_VALUE with a i2v method is not satisfactory, because a       CONF_VALUE doesn't contain the length of the value so you can't know the       presence of null bytes. */#if (OPENSSL_VERSION_NUMBER > 0x00907000L)    if (method->it != NULL) {        gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,            (const unsigned char **) &data,            ext->value->length, ASN1_ITEM_ptr(method->it));    } else {

static void *pkcs12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,                                     const uint8_t *pass_raw,                                     size_t pass_raw_len,                                     ASN1_OCTET_STRING *oct) {  uint8_t *out;  const uint8_t *p;  void *ret;  size_t out_len;  if (!pbe_crypt(algor, pass_raw, pass_raw_len, oct->data, oct->length,                 &out, &out_len, 0 /* decrypt */)) {    OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_decrypt_d2i, PKCS8_R_CRYPT_ERROR);    return NULL;  }  p = out;  ret = ASN1_item_d2i(NULL, &p, out_len, it);  OPENSSL_cleanse(out, out_len);  if (!ret) {    OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_decrypt_d2i, PKCS8_R_DECODE_ERROR);  }  OPENSSL_free(out);  return ret;}

void *PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,    const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf){	unsigned char *out;	const unsigned char *p;	void *ret;	int outlen;	if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,	    &out, &outlen, 0)) {		PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);		return NULL;	}	p = out;	ret = ASN1_item_d2i(NULL, &p, outlen, it);	if (zbuf)		explicit_bzero(out, outlen);	if (!ret)		PKCS12error(PKCS12_R_DECODE_ERROR);	free(out);	return ret;}

BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len){	return (BASIC_CONSTRAINTS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &BASIC_CONSTRAINTS_it);}

X509 *d2i_X509(X509 **a, const unsigned char **in, long len){	return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &X509_it);}

char* CERTIFICATE_FILE_CLASS::derDecode(unsigned char **buf_ptrptr, long length)//  DESCRIPTION     : Determine the type of the DER data and decode it.//  PRECONDITIONS   ://  POSTCONDITIONS  ://  EXCEPTIONS      : //  NOTES           : Returns a pointer to a new'd DVT_STATUS, which must be deleted by the caller//<<==========================================================================={	DVT_STATUS status = MSG_ERROR;	unsigned char *p;	STACK_OF(ASN1_TYPE) *inkey_ptr = NULL;	EVP_PKEY *pkey_ptr = NULL;	X509 *cert_ptr = NULL;	int count = 0;	// try to determine the contents of the file [this is adapted from d2i_AutoPrivateKey()]	p = *buf_ptrptr;	inkey_ptr = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, 					ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);	if (inkey_ptr == NULL)	{		// probably not a DER file		status = MSG_NO_VALUE;		goto end;	}	switch (sk_ASN1_TYPE_num(inkey_ptr))	{	case 3:		// certificate file		p = *buf_ptrptr;		cert_ptr = (X509*)ASN1_item_d2i(NULL, &p, length, ASN1_ITEM_rptr(X509));		if (cert_ptr == NULL)		{			openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding certificate in DER file");			status = MSG_ERROR;			goto end;		}		else		{			// save the certificate			if (!push(cert_ptr))			{				status = MSG_ERROR;				goto end;			}			count++;		}		break;	case 6:		// DSA private key file		p = *buf_ptrptr;		pkey_ptr = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, length);		if (pkey_ptr == NULL)		{			openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file");			status = MSG_ERROR;			goto end;		}		else		{			// save the private key			if (!push(pkey_ptr))			{				status = MSG_ERROR;				goto end;			}			count++;		}		break;	case 9:		// RSA private key file		p = *buf_ptrptr;		pkey_ptr = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, length);		if (pkey_ptr == NULL)		{			openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file");			status = MSG_ERROR;			goto end;		}		else		{			// save the private key			if (!push(pkey_ptr))			{				status = MSG_ERROR;				goto end;			}			count++;		}		break;	default:		// unknown data		status = MSG_NO_VALUE;		goto end;	}//.........这里部分代码省略.........

/** Search for a hostname match in the SubjectAlternativeNames.*/uint32_tcheck_san (SSL *ssl, const char *hostname){  X509 *cert;  int extcount, ok = 0;  /* What an OpenSSL mess ... */  if (NULL == (cert = SSL_get_peer_certificate(ssl)))  {    die ("Getting certificate failed");  }  if ((extcount = X509_get_ext_count(cert)) > 0)  {    int i;    for (i = 0; i < extcount; ++i)    {      const char *extstr;      X509_EXTENSION *ext;      ext = X509_get_ext(cert, i);      extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));      if (!strcmp(extstr, "subjectAltName"))      {        int j;        void *extvalstr;        const unsigned char *tmp;        STACK_OF(CONF_VALUE) *val;        CONF_VALUE *nval;#if OPENSSL_VERSION_NUMBER >= 0x10000000L        const#endif        X509V3_EXT_METHOD *method;        if (!(method = X509V3_EXT_get(ext)))        {          break;        }        tmp = ext->value->data;        if (method->it)        {          extvalstr = ASN1_item_d2i(NULL, &tmp, ext->value->length,                                    ASN1_ITEM_ptr(method->it));        } else {          extvalstr = method->d2i(NULL, &tmp, ext->value->length);        }        if (!extvalstr)        {          break;        }        if (method->i2v)        {          val = method->i2v(method, extvalstr, NULL);          for (j = 0; j < sk_CONF_VALUE_num(val); ++j)          {            nval = sk_CONF_VALUE_value(val, j);            if ((!strcasecmp(nval->name, "DNS") &&                !strcasecmp(nval->value, hostname) ) ||                (!strcasecmp(nval->name, "iPAddress") &&                !strcasecmp(nval->value, hostname)))            {              verb ("V: subjectAltName matched: %s, type: %s", nval->value, nval->name); // We matched this; so it's safe to print              ok = 1;              break;            }            // Attempt to match subjectAltName DNS names            if (!strcasecmp(nval->name, "DNS"))            {              ok = check_wildcard_match_rfc2595(hostname, nval->value);              if (ok)              {                break;              }            }            verb_debug ("V: subjectAltName found but not matched: %s, type: %s",                nval->value, sanitize_string(nval->name));          }        }      } else {        verb_debug ("V: found non subjectAltName extension");      }      if (ok)      {        break;      }    }  } else {    verb_debug ("V: no X509_EXTENSION field(s) found");  }  X509_free(cert);  return ok;}

X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len){	return (X509_ATTRIBUTE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &X509_ATTRIBUTE_it);}

X509_REVOKED *d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len){	return (X509_REVOKED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &X509_REVOKED_it);}

PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len){	return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &PKCS12_SAFEBAG_it);}

PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len){	return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &PKCS12_BAGS_it);}

X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len){	return (X509_CRL_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &X509_CRL_INFO_it);}

PROXY_POLICY *d2i_PROXY_POLICY(PROXY_POLICY **a, const unsigned char **in, long len){	return (PROXY_POLICY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &PROXY_POLICY_it);}

PROXY_CERT_INFO_EXTENSION *d2i_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION **a, const unsigned char **in, long len){	return (PROXY_CERT_INFO_EXTENSION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &PROXY_CERT_INFO_EXTENSION_it);}

OTHERNAME *d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len){	return (OTHERNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &OTHERNAME_it);}

GENERAL_NAMES *d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len){	return (GENERAL_NAMES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &GENERAL_NAMES_it);}

PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len){	return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &PKCS12_MAC_DATA_it);}

NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len){	return (NETSCAPE_SPKAC *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,	    &NETSCAPE_SPKAC_it);}