diff options
| author | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-14 10:10:00 +0000 |
|---|---|---|
| committer | Nikos Mavrogiannopoulos <nmav@gnutls.org> | 2003-02-14 10:10:00 +0000 |
| commit | f4ec91303c25c7d7e0d293b5281cc19b8bca316a (patch) | |
| tree | 2a08c672a3aa78908c78dcc1480d98a3a34eaec8 | |
| parent | f26297baf636b1ea2ef076921dc75dd4980e8559 (diff) | |
| download | gnutls-f4ec91303c25c7d7e0d293b5281cc19b8bca316a.tar.gz | |
ported to libtasn1 0.2.x. Also the included minitasn1 was replaced by the 0.2.1 version of libtasn1.
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | configure.in | 4 | ||||
| -rw-r--r-- | includes/gnutls/x509.h | 18 | ||||
| -rw-r--r-- | lib/gnutls_cert.c | 7 | ||||
| -rw-r--r-- | lib/gnutls_dh_primes.c | 22 | ||||
| -rw-r--r-- | lib/gnutls_mpi.c | 10 | ||||
| -rw-r--r-- | lib/gnutls_mpi.h | 6 | ||||
| -rw-r--r-- | lib/gnutls_pk.c | 16 | ||||
| -rw-r--r-- | lib/gnutls_privkey.c | 34 | ||||
| -rw-r--r-- | lib/gnutls_x509.c | 14 | ||||
| -rw-r--r-- | lib/minitasn1/coding.c | 12 | ||||
| -rw-r--r-- | lib/minitasn1/decoding.c | 88 | ||||
| -rw-r--r-- | lib/minitasn1/element.c | 152 | ||||
| -rw-r--r-- | lib/minitasn1/errors.c | 38 | ||||
| -rw-r--r-- | lib/minitasn1/gstr.h | 4 | ||||
| -rw-r--r-- | lib/minitasn1/int.h | 31 | ||||
| -rw-r--r-- | lib/minitasn1/libtasn1.h | 37 | ||||
| -rw-r--r-- | lib/minitasn1/parser_aux.c | 53 | ||||
| -rw-r--r-- | lib/minitasn1/structure.c | 88 | ||||
| -rw-r--r-- | lib/x509/common.c | 59 | ||||
| -rw-r--r-- | lib/x509/compat.c | 20 | ||||
| -rw-r--r-- | lib/x509/crl.c | 28 | ||||
| -rw-r--r-- | lib/x509/dn.c | 36 | ||||
| -rw-r--r-- | lib/x509/dn.h | 18 | ||||
| -rw-r--r-- | lib/x509/extensions.c | 14 | ||||
| -rw-r--r-- | lib/x509/mpi.c | 31 | ||||
| -rw-r--r-- | lib/x509/pkcs7.c | 26 | ||||
| -rw-r--r-- | lib/x509/verify.c | 15 | ||||
| -rw-r--r-- | lib/x509/x509.c | 46 | ||||
| -rw-r--r-- | lib/x509/xml.c | 2 |
30 files changed, 563 insertions, 367 deletions
@@ -19,6 +19,7 @@ Version 0.9.0 - The only functions were removed are: gnutls_x509_certificate_to_xml() gnutls_x509_extract_dn_string() +- Ported to libtasn1 0.2.x Version 0.8.1 (22/01/2003) - Improved the SRP support, to prevent attackers guessing the diff --git a/configure.in b/configure.in index 1155150b9e..22742b6dbc 100644 --- a/configure.in +++ b/configure.in @@ -272,7 +272,9 @@ AC_ARG_WITH(included-libtasn1, minitasn1_enabled=$withval, minitasn1_enabled=no -AC_CHECK_LIB( tasn1, asn1_array2tree,:, +dnl We now need libtasn1 0.2.x +dnl +AC_CHECK_LIB( tasn1, asn1_read_tag,:, minitasn1_enabled=yes *** *** LibtASN1 was not found. Will use the included one.)) diff --git a/includes/gnutls/x509.h b/includes/gnutls/x509.h index f3813fcfc7..d17dd845fd 100644 --- a/includes/gnutls/x509.h +++ b/includes/gnutls/x509.h @@ -34,15 +34,15 @@ extern "C" { /* Some OIDs usually found in Distinguished names */ -#define GNUTLS_OID_X520_COUNTRY_NAME "2 5 4 6" -#define GNUTLS_OID_X520_ORGANIZATION_NAME "2 5 4 10" -#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2 5 4 11" -#define GNUTLS_OID_X520_COMMON_NAME "2 5 4 3" -#define GNUTLS_OID_X520_LOCALITY_NAME "2 5 4 7" -#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2 5 4 8" -#define GNUTLS_OID_LDAP_DC "0 9 2342 19200300 100 1 25" -#define GNUTLS_OID_LDAP_UID "0 9 2342 19200300 100 1 1" -#define GNUTLS_OID_PKCS9_EMAIL "1 2 840 113549 1 9 1" +#define GNUTLS_OID_X520_COUNTRY_NAME "2.5.4.6" +#define GNUTLS_OID_X520_ORGANIZATION_NAME "2.5.4.10" +#define GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" +#define GNUTLS_OID_X520_COMMON_NAME "2.5.4.3" +#define GNUTLS_OID_X520_LOCALITY_NAME "2.5.4.7" +#define GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" +#define GNUTLS_OID_LDAP_DC "0.9.2342.19200300.100.1.25" +#define GNUTLS_OID_LDAP_UID "0.9.2342.19200300.100.1.1" +#define GNUTLS_OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" /* Certificate handling functions */ diff --git a/lib/gnutls_cert.c b/lib/gnutls_cert.c index 26e2bc9947..4f17c8c787 100644 --- a/lib/gnutls_cert.c +++ b/lib/gnutls_cert.c @@ -527,9 +527,8 @@ int _gnutls_cert_get_dn(gnutls_cert * cert, gnutls_datum * odn ) int len, result; int start, end; - if ((result=_gnutls_asn1_create_element - (_gnutls_get_pkix(), "PKIX1.Certificate", &dn, - "dn")) != ASN1_SUCCESS) { + if ((result=asn1_create_element + (_gnutls_get_pkix(), "PKIX1.Certificate", &dn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -543,7 +542,7 @@ int _gnutls_cert_get_dn(gnutls_cert * cert, gnutls_datum * odn ) } result = asn1_der_decoding_startEnd(dn, cert->raw.data, cert->raw.size, - "dn.tbsCertificate.issuer", &start, + "tbsCertificate.issuer", &start, &end); if (result != ASN1_SUCCESS) { diff --git a/lib/gnutls_dh_primes.c b/lib/gnutls_dh_primes.c index 8b2d1c41c9..473bbf1821 100644 --- a/lib/gnutls_dh_primes.c +++ b/lib/gnutls_dh_primes.c @@ -343,8 +343,8 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, _params.size = params->size; } - if ((result = _gnutls_asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2, "c2")) + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -367,7 +367,7 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, /* Read PRIME */ len = sizeof(str) - 1; - if ((result = asn1_read_value(c2, "c2.prime", + if ((result = asn1_read_value(c2, "prime", str, &len)) != ASN1_SUCCESS) { gnutls_assert(); @@ -387,7 +387,7 @@ int gnutls_pkcs3_extract_dh_params(const gnutls_datum * params, /* Read the GENERATOR */ len = sizeof(str) - 1; - if ((result = asn1_read_value(c2, "c2.base", + if ((result = asn1_read_value(c2, "base", str, &len)) != ASN1_SUCCESS) { gnutls_assert(); gnutls_free( prime->data); @@ -437,8 +437,8 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, ASN1_TYPE c2; int result; - if ((result = _gnutls_asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2, "c2")) + if ((result = asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.DHParameter", &c2)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -446,7 +446,7 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, /* Write PRIME */ - if ((result = asn1_write_value(c2, "c2.prime", + if ((result = asn1_write_value(c2, "prime", prime->data, prime->size)) != ASN1_SUCCESS) { gnutls_assert(); @@ -456,14 +456,14 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, /* Write the GENERATOR */ - if ((result = asn1_write_value(c2, "c2.base", + if ((result = asn1_write_value(c2, "base", generator->data, generator->size)) != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&c2); return _gnutls_asn2err(result); } - if ((result = asn1_write_value(c2, "c2.privateValueLength", + if ((result = asn1_write_value(c2, "privateValueLength", NULL, 0)) != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&c2); @@ -471,7 +471,7 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, } if (format == GNUTLS_X509_FMT_DER) { - if ((result=asn1_der_coding( c2, "c2", params_data, params_data_size, NULL)) != ASN1_SUCCESS) { + if ((result=asn1_der_coding( c2, "", params_data, params_data_size, NULL)) != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&c2); @@ -488,7 +488,7 @@ int gnutls_pkcs3_export_dh_params( const gnutls_datum * prime, opaque *out; int len = sizeof(tmp) - 1; - if ((result=asn1_der_coding( c2, "c2", tmp, &len, NULL)) != ASN1_SUCCESS) { + if ((result=asn1_der_coding( c2, "", tmp, &len, NULL)) != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&c2); return _gnutls_asn2err(result); diff --git a/lib/gnutls_mpi.c b/lib/gnutls_mpi.c index 3a2e1b7738..13786de2ea 100644 --- a/lib/gnutls_mpi.c +++ b/lib/gnutls_mpi.c @@ -104,13 +104,3 @@ int len, result; return 0; } -/* front end for asn1_create_element. - */ -asn1_retCode _gnutls_asn1_create_element(ASN1_TYPE definitions,const char *source_name, - ASN1_TYPE *element, const char *dest_name) { - - *element = ASN1_TYPE_EMPTY; - - return asn1_create_element( definitions, source_name, element, dest_name); - -} diff --git a/lib/gnutls_mpi.h b/lib/gnutls_mpi.h index 3dea6971aa..c92a9d8ada 100644 --- a/lib/gnutls_mpi.h +++ b/lib/gnutls_mpi.h @@ -34,9 +34,7 @@ int _gnutls_mpi_scan_pgp( GNUTLS_MPI *ret_mpi, const opaque *buffer, size_t *nby int _gnutls_mpi_print( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ); int _gnutls_mpi_print_lz( opaque *buffer, size_t *nbytes, const GNUTLS_MPI a ); -int _gnutls_x509_read_int( ASN1_TYPE node, const char* value, char* tmpstr, int tmpstr_size, MPI* ret_mpi); - -asn1_retCode _gnutls_asn1_create_element(ASN1_TYPE definitions,const char *source_name, - ASN1_TYPE *element, const char *dest_name); +int _gnutls_x509_read_int( ASN1_TYPE node, const char* value, + char* tmpstr, int tmpstr_size, GNUTLS_MPI* ret_mpi); #endif diff --git a/lib/gnutls_pk.c b/lib/gnutls_pk.c index ee22b43224..559175e15a 100644 --- a/lib/gnutls_pk.c +++ b/lib/gnutls_pk.c @@ -318,8 +318,8 @@ opaque str[MAX_PARAMETER_SIZE]; size_t len = sizeof(str); size_t tot_len = 0; - if ((result=_gnutls_asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue", - &sig, "sig"))!=ASN1_SUCCESS) { + if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue", + &sig))!=ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -331,7 +331,7 @@ size_t tot_len = 0; } tot_len += len; - result = asn1_write_value( sig, "sig.r", str, len); + result = asn1_write_value( sig, "r", str, len); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -347,7 +347,7 @@ size_t tot_len = 0; } tot_len += len; - result = asn1_write_value( sig, "sig.s", str, len); + result = asn1_write_value( sig, "s", str, len); if (result != ASN1_SUCCESS) { gnutls_assert(); @@ -362,7 +362,7 @@ size_t tot_len = 0; asn1_delete_structure(&sig); } - result = asn1_der_coding( sig, "sig", sig_value->data, &sig_value->size, NULL); + result = asn1_der_coding( sig, "", sig_value->data, &sig_value->size, NULL); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&sig); @@ -426,7 +426,7 @@ int result; opaque str[MAX_PARAMETER_SIZE]; - if ((result=_gnutls_asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue", &sig, "sig"))!=ASN1_SUCCESS) { + if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), "GNUTLS.DSASignatureValue", &sig))!=ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -439,7 +439,7 @@ opaque str[MAX_PARAMETER_SIZE]; } result = - _gnutls_x509_read_int( sig, "sig.r", str, sizeof(str)-1, r); + _gnutls_x509_read_int( sig, "r", str, sizeof(str)-1, r); if (result < 0) { gnutls_assert(); asn1_delete_structure(&sig); @@ -447,7 +447,7 @@ opaque str[MAX_PARAMETER_SIZE]; } result = - _gnutls_x509_read_int( sig, "sig.s", str, sizeof(str)-1, s); + _gnutls_x509_read_int( sig, "s", str, sizeof(str)-1, s); if (result < 0) { gnutls_assert(); _gnutls_mpi_release( s); diff --git a/lib/gnutls_privkey.c b/lib/gnutls_privkey.c index e37de43520..a99596529f 100644 --- a/lib/gnutls_privkey.c +++ b/lib/gnutls_privkey.c @@ -47,9 +47,9 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, pkey->pk_algorithm = GNUTLS_PK_RSA; if ((result = - _gnutls_asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.RSAPrivateKey", &pkey_asn, - "rsakey")) != ASN1_SUCCESS) { + asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.RSAPrivateKey", &pkey_asn + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -66,7 +66,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, return _gnutls_asn2err(result); } - if ((result = _gnutls_x509_read_int(pkey_asn, "rsakey.modulus", + if ((result = _gnutls_x509_read_int(pkey_asn, "modulus", str, sizeof(str) - 1, &pkey->params[0])) < 0) { gnutls_assert(); @@ -75,7 +75,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, } if ((result = - _gnutls_x509_read_int(pkey_asn, "rsakey.publicExponent", str, + _gnutls_x509_read_int(pkey_asn, "publicExponent", str, sizeof(str) - 1, &pkey->params[1])) < 0) { gnutls_assert(); @@ -85,7 +85,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, } if ((result = - _gnutls_x509_read_int(pkey_asn, "rsakey.privateExponent", str, + _gnutls_x509_read_int(pkey_asn, "privateExponent", str, sizeof(str) - 1, &pkey->params[2])) < 0) { gnutls_assert(); @@ -95,7 +95,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, return result; } - if ((result = _gnutls_x509_read_int(pkey_asn, "rsakey.prime1", + if ((result = _gnutls_x509_read_int(pkey_asn, "prime1", str, sizeof(str) - 1, &pkey->params[3])) < 0) { gnutls_assert(); @@ -106,7 +106,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, return result; } - if ((result = _gnutls_x509_read_int(pkey_asn, "rsakey.prime2", + if ((result = _gnutls_x509_read_int(pkey_asn, "prime2", str, sizeof(str) - 1, &pkey->params[4])) < 0) { gnutls_assert(); @@ -133,7 +133,7 @@ int _gnutls_PKCS1key2gnutlsKey(gnutls_private_key * pkey, _gnutls_mpi_invm(pkey->params[5], pkey->params[3], pkey->params[4]); /* p, q */ #else - if ( (result=_gnutls_x509_read_int( pkey_asn, "rsakey.coefficient", + if ( (result=_gnutls_x509_read_int( pkey_asn, "coefficient", str, sizeof(str)-1, &pkey->params[5])) < 0) { gnutls_assert(); _gnutls_mpi_release( &pkey->params[0]); @@ -165,9 +165,9 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, pkey->pk_algorithm = GNUTLS_PK_DSA; if ((result = - _gnutls_asn1_create_element(_gnutls_get_gnutls_asn(), - "GNUTLS.DSAPrivateKey", &dsa_asn, - "dsakey")) != ASN1_SUCCESS) { + asn1_create_element(_gnutls_get_gnutls_asn(), + "GNUTLS.DSAPrivateKey", &dsa_asn + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -184,7 +184,7 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, return _gnutls_asn2err(result); } - if ((result = _gnutls_x509_read_int(dsa_asn, "dsakey.p", + if ((result = _gnutls_x509_read_int(dsa_asn, "p", str, sizeof(str) - 1, &pkey->params[0])) < 0) { gnutls_assert(); @@ -192,7 +192,7 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, return result; } - if ((result = _gnutls_x509_read_int(dsa_asn, "dsakey.q", + if ((result = _gnutls_x509_read_int(dsa_asn, "q", str, sizeof(str) - 1, &pkey->params[1])) < 0) { gnutls_assert(); @@ -201,7 +201,7 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, return result; } - if ((result = _gnutls_x509_read_int(dsa_asn, "dsakey.g", + if ((result = _gnutls_x509_read_int(dsa_asn, "g", str, sizeof(str) - 1, &pkey->params[2])) < 0) { gnutls_assert(); @@ -211,7 +211,7 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, return result; } - if ((result = _gnutls_x509_read_int(dsa_asn, "dsakey.Y", + if ((result = _gnutls_x509_read_int(dsa_asn, "Y", str, sizeof(str) - 1, &pkey->params[3])) < 0) { gnutls_assert(); @@ -222,7 +222,7 @@ int _gnutls_DSAkey2gnutlsKey(gnutls_private_key * pkey, return result; } - if ((result = _gnutls_x509_read_int(dsa_asn, "dsakey.priv", + if ((result = _gnutls_x509_read_int(dsa_asn, "priv", str, sizeof(str) - 1, &pkey->params[4])) < 0) { gnutls_assert(); diff --git a/lib/gnutls_x509.c b/lib/gnutls_x509.c index e0294318ac..c56f60b787 100644 --- a/lib/gnutls_x509.c +++ b/lib/gnutls_x509.c @@ -443,9 +443,9 @@ int _gnutls_der_check_if_rsa_key(const gnutls_datum * key_struct) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if ((result=_gnutls_asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", &c2, - "rsakey")) != ASN1_SUCCESS) + if ((result=asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPrivateKey", &c2 + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -477,9 +477,9 @@ int _gnutls_der_check_if_dsa_key(const gnutls_datum * key_struct) return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } - if ((result=_gnutls_asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", &c2, - "rsakey")) != ASN1_SUCCESS) + if ((result=asn1_create_element + (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPrivateKey", &c2 + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -673,7 +673,7 @@ static int read_key_file(gnutls_certificate_credentials res, const char *keyfile * DSA private keys are encoded the OpenSSL way, which is an ASN.1 * DER sequence of 6 INTEGERs - version, p, q, g, pub, priv. * - * Note that the keyUsage (2 5 29 15) PKIX extension in X.509 certificates + * Note that the keyUsage (2.5.29.15) PKIX extension in X.509 certificates * is supported. This means that certificates intended for signing cannot * be used for ciphersuites that require encryption. * diff --git a/lib/minitasn1/coding.c b/lib/minitasn1/coding.c index 41e2173984..3f6fdeffaf 100644 --- a/lib/minitasn1/coding.c +++ b/lib/minitasn1/coding.c @@ -45,12 +45,12 @@ void _asn1_error_description_value_not_found(node_asn *node,char *ErrorDescription) { - if (ErrorDescription==NULL) return; + if (ErrorDescription == NULL) return; - strcpy(ErrorDescription,":: value of element '"); + Estrcpy(ErrorDescription,":: value of element '"); _asn1_hierarchical_name(node,ErrorDescription+strlen(ErrorDescription), - MAX_ERROR_DESCRIPTION_SIZE-40); - strcat(ErrorDescription,"' not found"); + MAX_ERROR_DESCRIPTION_SIZE-40); + Estrcat(ErrorDescription,"' not found"); } @@ -233,11 +233,11 @@ _asn1_objectid_der(unsigned char *str,unsigned char *der,int *der_len) temp=(char *) malloc(strlen(str)+2); strcpy(temp, str); - strcat(temp, " "); + strcat(temp, "."); counter=0; n_start=temp; - while((n_end=strchr(n_start,' '))){ + while((n_end=strchr(n_start,'.'))){ *n_end=0; val=strtoul(n_start,NULL,10); counter++; diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c index 6e079bbda2..811a4761dc 100644 --- a/lib/minitasn1/decoding.c +++ b/lib/minitasn1/decoding.c @@ -37,10 +37,10 @@ void _asn1_error_description_tag_error(node_asn *node,char *ErrorDescription) { - strcpy(ErrorDescription,":: tag error near element '"); + Estrcpy(ErrorDescription,":: tag error near element '"); _asn1_hierarchical_name(node,ErrorDescription+strlen(ErrorDescription), MAX_ERROR_DESCRIPTION_SIZE-40); - strcat(ErrorDescription,"'"); + Estrcat(ErrorDescription,"'"); } @@ -145,7 +145,7 @@ _asn1_get_objectid_der(const unsigned char *der,int *der_len,unsigned char *str, val=der[len_len]-val1*40; _asn1_str_cpy(str, str_size, _asn1_ltostr(val1,temp)); - _asn1_str_cat(str, str_size, " "); + _asn1_str_cat(str, str_size, "."); _asn1_str_cat(str, str_size, _asn1_ltostr(val,temp)); val=0; @@ -153,7 +153,7 @@ _asn1_get_objectid_der(const unsigned char *der,int *der_len,unsigned char *str, val=val<<7; val|=der[len_len+k]&0x7F; if(!(der[len_len+k]&0x80)){ - _asn1_str_cat(str, str_size," "); + _asn1_str_cat(str, str_size,"."); _asn1_str_cat(str, str_size,_asn1_ltostr(val,temp)); val=0; } @@ -421,7 +421,6 @@ asn1_der_decoding(ASN1_TYPE *element,const unsigned char *der,int len, while(p3){ ris=_asn1_extract_tag_der(p3,der+counter,&len2); if(ris==ASN1_SUCCESS) break; - //if(ris==ASN1_ERROR_TYPE_ANY) return ASN1_ERROR_TYPE_ANY; p3=p3->right; } } @@ -430,7 +429,6 @@ asn1_der_decoding(ASN1_TYPE *element,const unsigned char *der,int len, p=p2; break; } - //else if(ris==ASN1_ERROR_TYPE_ANY) return ASN1_ERROR_TYPE_ANY; } p2=p2->right; } @@ -474,7 +472,6 @@ asn1_der_decoding(ASN1_TYPE *element,const unsigned char *der,int len, if(ris==ASN1_SUCCESS) ris=_asn1_extract_tag_der(p,der+counter,&len2); if(ris!=ASN1_SUCCESS){ - //if(ris==ASN1_ERROR_TYPE_ANY) return ASN1_ERROR_TYPE_ANY; if(p->type&CONST_OPTION){ p->type|=CONST_NOT_USED; move=RIGHT; @@ -484,7 +481,6 @@ asn1_der_decoding(ASN1_TYPE *element,const unsigned char *der,int len, move=RIGHT; } else { - //return (type_field(p->type)!=TYPE_ANY)?ASN1_TAG_ERROR:ASN1_ERROR_TYPE_ANY; if (errorDescription!=NULL) _asn1_error_description_tag_error(p,errorDescription); @@ -653,7 +649,7 @@ asn1_der_decoding(ASN1_TYPE *element,const unsigned char *der,int len, * asn1_der_decoding_element - Fill the element named ELEMENTNAME of the structure STRUCTURE with values of a DER encoding string. * @structure: pointer to an ASN1 structure * @elementName: name of the element to fill - * @der: vector that contains the DER encoding. + * @der: vector that contains the DER encoding of the whole structure. * @len: number of bytes of *der: der[0]..der[len-1] * @errorDescription: null-terminated string contains details when an arror accured. * @@ -661,14 +657,15 @@ asn1_der_decoding(ASN1_TYPE *element,const unsigned char *der,int len, * * Fill the element named ELEMENTNAME with values of a DER encoding string. * The sructure must just be created with function 'create_stucture'. - * If an error accurs during de decoding procedure, the *STRUCTURE is deleted + * The DER vector must contain the encoding string of the whole STRUCTURE. + * If an error accurs during the decoding procedure, the *STRUCTURE is deleted * and set equal to ASN1_TYPE_EMPTY. * * Returns: * * ASN1_SUCCESS\: DER encoding OK * - * ASN1_ELEMENT_NOT_FOUND\: ELEMENT is ASN1_TYPE_EMPTY. + * ASN1_ELEMENT_NOT_FOUND\: ELEMENT is ASN1_TYPE_EMPTY or elementName == NULL. * * ASN1_TAG_ERROR,ASN1_DER_ERROR\: the der encoding doesn't match the structure STRUCTURE. *ELEMENT deleted. **/ @@ -678,7 +675,7 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, { node_asn *node,*p,*p2,*p3,*nodeFound=ASN1_TYPE_EMPTY; char temp[128],currentName[MAX_NAME_SIZE*10],*dot_p,*char_p; - int nameLen=100,state; + int nameLen=MAX_NAME_SIZE*10-1,state; int counter,len2,len3,len4,move,ris; unsigned char class,*temp2; unsigned int tag; @@ -687,25 +684,42 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, if(node==ASN1_TYPE_EMPTY) return ASN1_ELEMENT_NOT_FOUND; + if(elementName == NULL){ + asn1_delete_structure(structure); + return ASN1_ELEMENT_NOT_FOUND; + } + if(node->type&CONST_OPTION){ asn1_delete_structure(structure); return ASN1_GENERIC_ERROR; } - nameLen-=strlen((*structure)->name); - if(nameLen>0) strcpy(currentName,(*structure)->name); - else{ - asn1_delete_structure(structure); + if((*structure)->name){ /* Has *structure a name? */ + nameLen-=strlen((*structure)->name); + if(nameLen>0) strcpy(currentName,(*structure)->name); + else{ + asn1_delete_structure(structure); return ASN1_MEM_ERROR; + } + if(!(strcmp(currentName,elementName))){ + state=FOUND; + nodeFound=*structure; + } + else if(!memcmp(currentName,elementName,strlen(currentName))) + state=SAME_BRANCH; + else + state=OTHER_BRANCH; } - if(!(strcmp(currentName,elementName))){ - state=FOUND; - nodeFound=*structure; + else{ /* *structure doesn't have a name? */ + currentName[0]=0; + if(elementName[0]==0){ + state=FOUND; + nodeFound=*structure; + } + else{ + state=SAME_BRANCH; + } } - else if(!memcmp(currentName,elementName,strlen(currentName))) - state=SAME_BRANCH; - else - state=OTHER_BRANCH; counter=0; move=DOWN; @@ -737,7 +751,6 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, while(p3){ ris=_asn1_extract_tag_der(p3,der+counter,&len2); if(ris==ASN1_SUCCESS) break; - //if(ris==ASN1_ERROR_TYPE_ANY) return ASN1_ERROR_TYPE_ANY; p3=p3->right; } } @@ -746,7 +759,6 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, p=p2; break; } - //else if(ris==ASN1_ERROR_TYPE_ANY) return ASN1_ERROR_TYPE_ANY; } p2=p2->right; } @@ -790,7 +802,6 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, if(ris==ASN1_SUCCESS) ris=_asn1_extract_tag_der(p,der+counter,&len2); if(ris!=ASN1_SUCCESS){ - //if(ris==ASN1_ERROR_TYPE_ANY) return ASN1_ERROR_TYPE_ANY; if(p->type&CONST_OPTION){ p->type|=CONST_NOT_USED; move=RIGHT; @@ -800,12 +811,10 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, move=RIGHT; } else { - //return (type_field(p->type)!=TYPE_ANY)?ASN1_TAG_ERROR:ASN1_ERROR_TYPE_ANY; if (errorDescription!=NULL) _asn1_error_description_tag_error(p,errorDescription); asn1_delete_structure(structure); - return ASN1_TAG_ERROR; } } @@ -1018,7 +1027,7 @@ asn1_der_decoding_element(ASN1_TYPE *structure,const char *elementName, if(state != FOUND){ nameLen-=strlen(p->name)+1; if(nameLen>0){ - strcat(currentName,"."); + if(currentName[0]) strcat(currentName,"."); strcat(currentName,p->name); } else{ @@ -1342,7 +1351,7 @@ asn1_der_decoding_startEnd(ASN1_TYPE element,const unsigned char *der,int len, asn1_retCode asn1_expand_any_defined_by(ASN1_TYPE definitions,ASN1_TYPE *element) { - char definitionsName[MAX_NAME_SIZE],name[2*MAX_NAME_SIZE+1],value[128]; + char definitionsName[MAX_NAME_SIZE],name[2*MAX_NAME_SIZE+1],value[MAX_NAME_SIZE]; asn1_retCode retCode=ASN1_SUCCESS,result; int len,len2,len3; ASN1_TYPE p,p2,p3,aux=ASN1_TYPE_EMPTY; @@ -1416,8 +1425,9 @@ asn1_expand_any_defined_by(ASN1_TYPE definitions,ASN1_TYPE *element) strcpy(name,definitionsName); strcat(name,p2->name); + len=MAX_NAME_SIZE; result=asn1_read_value(definitions,name,value,&len); - + if((result == ASN1_SUCCESS) && (!strcmp(p3->value,value))){ p2=p2->right; /* pointer to the structure to use for expansion */ @@ -1428,9 +1438,9 @@ asn1_expand_any_defined_by(ASN1_TYPE definitions,ASN1_TYPE *element) strcpy(name,definitionsName); strcat(name,p2->name); - result=asn1_create_element(definitions,name,&aux,p->name); + result=asn1_create_element(definitions,name,&aux); if(result == ASN1_SUCCESS){ - + _asn1_set_name(aux,p->name); len2=_asn1_get_length_der(p->value,&len3); result=asn1_der_decoding(&aux,p->value+len3,len2, @@ -1517,7 +1527,7 @@ asn1_expand_any_defined_by(ASN1_TYPE definitions,ASN1_TYPE *element) * @definitions: ASN1 definitions * @element: pointer to an ASN1 structure * @octetName: name of the OCTECT STRING field to expand. - * &objectName: name of the OBJECT IDENTIFIER field to use to define + * @objectName: name of the OBJECT IDENTIFIER field to use to define * the type for expansion. * * Description: @@ -1531,9 +1541,9 @@ asn1_expand_any_defined_by(ASN1_TYPE definitions,ASN1_TYPE *element) * * ASN1_SUCCESS\: substitution OK * - * ASN1_ELEMENT_NOT_FOUND: OBJECTNAME or OCTETNAME are not correct. + * ASN1_ELEMENT_NOT_FOUND\: OBJECTNAME or OCTETNAME are not correct. * - * ASN1_VALUE_NOT_VALID: wasn't possible to find the type to use + * ASN1_VALUE_NOT_VALID\: wasn't possible to find the type to use * for expansion. * * other errors\: result of der decoding process. @@ -1542,7 +1552,7 @@ asn1_retCode asn1_expand_octet_string(ASN1_TYPE definitions,ASN1_TYPE *element, const char *octetName,const char *objectName) { - char name[2*MAX_NAME_SIZE+1],value[512]; + char name[2*MAX_NAME_SIZE+1],value[MAX_NAME_SIZE]; asn1_retCode retCode=ASN1_SUCCESS,result; int len,len2,len3; ASN1_TYPE p2,aux=ASN1_TYPE_EMPTY; @@ -1595,9 +1605,9 @@ asn1_expand_octet_string(ASN1_TYPE definitions,ASN1_TYPE *element, strcat(name,"."); strcat(name,p2->name); - result=asn1_create_element(definitions,name,&aux,octetNode->name); + result=asn1_create_element(definitions,name,&aux); if(result == ASN1_SUCCESS){ - + _asn1_set_name(aux,octetNode->name); len2=_asn1_get_length_der(octetNode->value,&len3); result=asn1_der_decoding(&aux,octetNode->value+len3,len2, diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c index fcedf180db..c38c8b97b4 100644 --- a/lib/minitasn1/element.c +++ b/lib/minitasn1/element.c @@ -75,19 +75,15 @@ asn1_retCode _asn1_convert_integer(const char *value,unsigned char *value_out,int value_out_size, int *len) { char negative; - unsigned char val[SIZEOF_UNSIGNED_LONG_INT],temp; + unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; + long valtmp; int k,k2; - *((long*)val)=strtol(value,NULL,10); - -#ifndef WORDS_BIGENDIAN - /* change to big-endian byte ordering */ - for(k=0;k<SIZEOF_UNSIGNED_LONG_INT/2;k++){ - temp=val[k]; - val[k]=val[SIZEOF_UNSIGNED_LONG_INT-k-1]; - val[SIZEOF_UNSIGNED_LONG_INT-k-1]=temp; + valtmp=strtol(value,NULL,10); + + for(k=0;k<SIZEOF_UNSIGNED_LONG_INT;k++){ + val[SIZEOF_UNSIGNED_LONG_INT-k-1]=(valtmp >> (8*k)) & 0xFF; } -#endif if(val[0]&0x80) negative=1; else negative=0; @@ -145,6 +141,7 @@ _asn1_append_sequence_set(node_asn *node) _asn1_ltostr(n,temp+1); } _asn1_set_name(p2,temp); + p2->type |= CONST_OPTION; return ASN1_SUCCESS; } @@ -189,7 +186,7 @@ _asn1_append_sequence_set(node_asn *node) * value="FALSE" , len=1 -> boolean=FALSE * * \item OBJECT IDENTIFIER\: VALUE must be a null terminated string with each number separated by - * a blank (e.g. "1 2 3 543 1"). + * a dot (e.g. "1.2.3.543.1"). * LEN != 0 * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha * @@ -211,7 +208,7 @@ _asn1_append_sequence_set(node_asn *node) * value="$\backslash$x01$\backslash$x02$\backslash$x03" , len=3 -> three bytes octet string * * \item GeneralString\: VALUE contains the generalstring and LEN is the number of octet. - * value="$\backslash$x01$\backslash$x02$\backslash$x03" , len=3 -> three bytes octet string + * value="$\backslash$x01$\backslash$x02$\backslash$x03" , len=3 -> three bytes generalstring * * \item BIT STRING\: VALUE contains the bit string organized by bytes and LEN is the number of bits. * value="$\backslash$xCF" , len=6 -> bit string="110011" (six bits) @@ -235,14 +232,14 @@ _asn1_append_sequence_set(node_asn *node) * \item SET OF\: the same as SEQUENCE OF. * Using "pkix.asn": * - * result=asn1_write_value(cert,"certificate1.tbsCertificate.subject.rdnSequence.?LAST","NEW",1); + * result=asn1_write_value(cert,"tbsCertificate.subject.rdnSequence.?LAST","NEW",1); *\end{itemize} * * If an element is OPTIONAL and you want to delete it, you must use the value=NULL and len=0. * * Using "pkix.asn"\: * - * result=asn1_write_value(cert,"certificate1.tbsCertificate.issuerUniqueID",NULL,0); + * result=asn1_write_value(cert,"tbsCertificate.issuerUniqueID",NULL,0); * **/ asn1_retCode @@ -261,6 +258,16 @@ asn1_write_value(node_asn *node_root,const char *name, return ASN1_SUCCESS; } + if((type_field(node->type) == TYPE_SEQUENCE_OF) && (value == NULL) && (len==0)){ + p=node->down; + while((type_field(p->type)==TYPE_TAG) || (type_field(p->type)==TYPE_SIZE)) p=p->right; + + while(p->right) + asn1_delete_structure(&p->right); + + return ASN1_SUCCESS; + } + switch(type_field(node->type)){ case TYPE_BOOLEAN: if(!strcmp(value,"TRUE")){ @@ -380,7 +387,7 @@ asn1_write_value(node_asn *node_root,const char *name, break; case TYPE_OBJECT_ID: for(k=0;k<strlen(value);k++) - if((!isdigit(value[k])) && (value[k]!=' ') && (value[k]!='+')) + if((!isdigit(value[k])) && (value[k]!='.') && (value[k]!='+')) return ASN1_VALUE_NOT_VALID; _asn1_set_value(node,value,strlen(value)+1); break; @@ -419,6 +426,8 @@ asn1_write_value(node_asn *node_root,const char *name, } break; case TYPE_OCTET_STRING: + if(len==0) + len=strlen(value); _asn1_length_der(len,NULL,&len2); temp=(unsigned char *)_asn1_alloca(len+len2); if (temp==NULL) return ASN1_MEM_ERROR; @@ -428,6 +437,8 @@ asn1_write_value(node_asn *node_root,const char *name, _asn1_afree(temp); break; case TYPE_GENERALSTRING: + if(len==0) + len=strlen(value); _asn1_length_der(len,NULL,&len2); temp=(unsigned char *)_asn1_alloca(len+len2); if (temp==NULL) return ASN1_MEM_ERROR; @@ -437,6 +448,8 @@ asn1_write_value(node_asn *node_root,const char *name, _asn1_afree(temp); break; case TYPE_BIT_STRING: + if(len==0) + len=strlen(value); _asn1_length_der((len>>3)+2,NULL,&len2); temp=(unsigned char *)_asn1_alloca((len>>3)+2+len2); if (temp==NULL) return ASN1_MEM_ERROR; @@ -541,7 +554,7 @@ asn1_write_value(node_asn *node_root,const char *name, * \item BOOLEAN\: VALUE will be the null terminated string "TRUE" or "FALSE" and LEN=5 or LEN=6 * * \item OBJECT IDENTIFIER\: VALUE will be a null terminated string with each number separated by - * a blank (i.e. "1 2 3 543 1"). + * a dot (i.e. "1.2.3.543.1"). * LEN = strlen(VALUE)+1 * * \item UTCTime\: VALUE will be a null terminated string in one of these formats\: @@ -620,21 +633,19 @@ asn1_read_value(node_asn *root,const char *name,unsigned char *value, int *len) case TYPE_OBJECT_ID: if(node->type&CONST_ASSIGN){ value[0]=0; - // _asn1_str_cpy(value, *len, ""); p=node->down; while(p){ if(type_field(p->type)==TYPE_CONSTANT){ - // ADD_STR_VALUE( value, value_size, p->value); value_size-=strlen(p->value)+1; if(value_size<1) return ASN1_MEM_ERROR; strcat(value,p->value); if(p->right) { - // ADD_STR_VALUE( value, value_size, " "); - strcat(value," "); + strcat(value,"."); } } p=p->right; } + *len = strlen(value) + 1; } else { PUT_STR_VALUE(value, value_size, node->value); } @@ -668,3 +679,104 @@ asn1_read_value(node_asn *root,const char *name,unsigned char *value, int *len) } return ASN1_SUCCESS; } + + +/** + * asn1_read_tag - Returns the TAG of one element inside a structure + * @root: pointer to a structure + * @name: the name of the element inside a structure. + * @tag: variable that will contain the TAG value. + * @class: variable that will specify the TAG type. + * + * Description: + * + * Returns the TAG and the CLASS of one element inside a structure. + * CLASS can have one of these constants: ASN1_CLASS_APPLICATION, + * ASN1_CLASS_UNIVERSAL, ASN1_CLASS_PRIVATE or ASN1_CLASS_CONTEXT_SPECIFIC. + * + * Returns: + * + * ASN1_SUCCESS\: set value OK + * + * ASN1_ELEMENT_NOT_FOUND\: NAME is not a valid element. + * + **/ +asn1_retCode +asn1_read_tag(node_asn *root,const char *name,int *tag, int *class) +{ + node_asn *node,*p,*pTag; + + node=_asn1_find_node(root,name); + if(node==NULL) return ASN1_ELEMENT_NOT_FOUND; + + p=node->down; + + /* pTag will points to the IMPLICIT TAG */ + pTag=NULL; + if(node->type&CONST_TAG){ + while(p){ + if(type_field(p->type)==TYPE_TAG){ + if((p->type&CONST_IMPLICIT) && (pTag==NULL)) + pTag=p; + else if(p->type&CONST_EXPLICIT) + pTag=NULL; + } + p=p->right; + } + } + + if(pTag){ + *tag=strtoul(pTag->value,NULL,10); + + if(pTag->type&CONST_APPLICATION) *class=ASN1_CLASS_APPLICATION; + else if(pTag->type&CONST_UNIVERSAL) *class=ASN1_CLASS_UNIVERSAL; + else if(pTag->type&CONST_PRIVATE) *class=ASN1_CLASS_PRIVATE; + else *class=ASN1_CLASS_CONTEXT_SPECIFIC; + } + else{ + *class=ASN1_CLASS_UNIVERSAL; + + switch(type_field(node->type)){ + case TYPE_NULL: + *tag=ASN1_TAG_NULL;break; + case TYPE_BOOLEAN: + *tag=ASN1_TAG_BOOLEAN;break; + case TYPE_INTEGER: + *tag=ASN1_TAG_INTEGER;break; + case TYPE_ENUMERATED: + *tag=ASN1_TAG_ENUMERATED;break; + case TYPE_OBJECT_ID: + *tag=ASN1_TAG_OBJECT_ID;break; + case TYPE_TIME: + if(node->type&CONST_UTC){ + *tag=ASN1_TAG_UTCTime; + } + else *tag=ASN1_TAG_GENERALIZEDTime; + break; + case TYPE_OCTET_STRING: + *tag=ASN1_TAG_OCTET_STRING;break; + case TYPE_GENERALSTRING: + *tag=ASN1_TAG_GENERALSTRING;break; + case TYPE_BIT_STRING: + *tag=ASN1_TAG_BIT_STRING;break; + case TYPE_SEQUENCE: case TYPE_SEQUENCE_OF: + *tag=ASN1_TAG_SEQUENCE;break; + case TYPE_SET: case TYPE_SET_OF: + *tag=ASN1_TAG_SET;break; + case TYPE_TAG: + case TYPE_CHOICE: + case TYPE_ANY: + break; + default: + break; + } + } + + + return ASN1_SUCCESS; + +} + + + + diff --git a/lib/minitasn1/errors.c b/lib/minitasn1/errors.c index 3f90e1f669..bc51e9fe86 100644 --- a/lib/minitasn1/errors.c +++ b/lib/minitasn1/errors.c @@ -28,7 +28,7 @@ { #name, name } struct libtasn1_error_entry { - char *name; + const char *name; int number; }; typedef struct libtasn1_error_entry libtasn1_error_entry; @@ -55,7 +55,7 @@ static libtasn1_error_entry error_algorithms[] = { }; #define LIBTASN1_ERROR_LOOP(b) \ - libtasn1_error_entry *p; \ + const libtasn1_error_entry *p; \ for(p = error_algorithms; p->name != NULL; p++) { b ; } #define LIBTASN1_ERROR_ALG_LOOP(a) \ @@ -72,15 +72,14 @@ static libtasn1_error_entry error_algorithms[] = { **/ void libtasn1_perror(asn1_retCode error) { - char *ret = NULL; + const char *ret = NULL; /* avoid prefix */ LIBTASN1_ERROR_ALG_LOOP(ret = - _asn1_strdup(p->name + sizeof("ASN1_") - 1)); + p->name + sizeof("ASN1_") - 1); _libtasn1_log( "LIBTASN1 ERROR: %s\n", ret); - _asn1_free( ret); } @@ -93,7 +92,7 @@ void libtasn1_perror(asn1_retCode error) **/ const char* libtasn1_strerror(asn1_retCode error) { - char *ret = NULL; + const char *ret = NULL; /* avoid prefix */ LIBTASN1_ERROR_ALG_LOOP(ret = @@ -127,30 +126,3 @@ void _libtasn1_null_log( void* x, ...) { return; } # endif /* C99_MACROS */ #endif /* DEBUG */ - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/lib/minitasn1/gstr.h b/lib/minitasn1/gstr.h index dbedcbc407..62b86e79d3 100644 --- a/lib/minitasn1/gstr.h +++ b/lib/minitasn1/gstr.h @@ -1,3 +1,7 @@ void _asn1_str_cpy( char* dest, size_t dest_tot_size, const char* src); void _asn1_mem_cpy( char* dest, size_t dest_tot_size, const char* src, size_t src_size); void _asn1_str_cat( char* dest, size_t dest_tot_size, const char* src); + +#define Estrcpy(x,y) _asn1_str_cpy(x,MAX_ERROR_DESCRIPTION_SIZE,y) +#define Estrcat(x,y) _asn1_str_cat(x,MAX_ERROR_DESCRIPTION_SIZE,y) + diff --git a/lib/minitasn1/int.h b/lib/minitasn1/int.h index 6684de6b96..f9c62b3ce0 100644 --- a/lib/minitasn1/int.h +++ b/lib/minitasn1/int.h @@ -38,7 +38,32 @@ #define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ #define MAX_NAME_SIZE 128 /* maximum number of characters of a name inside an ASN1 file definitons */ -#define MAX_ERROR_DESCRIPTION_SIZE 1024 /* maximum number of characters of a description message */ +#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters of a description message */ + +/*****************************************/ +/* Constants returned by asn1_read_tag */ +/*****************************************/ +#define ASN1_CLASS_UNIVERSAL 1 +#define ASN1_CLASS_APPLICATION 2 +#define ASN1_CLASS_CONTEXT_SPECIFIC 3 +#define ASN1_CLASS_PRIVATE 4 + + +/*****************************************/ +/* Constants returned by asn1_read_tag */ +/*****************************************/ +#define ASN1_TAG_BOOLEAN 0x01 +#define ASN1_TAG_INTEGER 0x02 +#define ASN1_TAG_SEQUENCE 0x10 +#define ASN1_TAG_SET 0x11 +#define ASN1_TAG_OCTET_STRING 0x04 +#define ASN1_TAG_BIT_STRING 0x03 +#define ASN1_TAG_UTCTime 0x17 +#define ASN1_TAG_GENERALIZEDTime 0x18 +#define ASN1_TAG_OBJECT_ID 0x06 +#define ASN1_TAG_ENUMERATED 0x0A +#define ASN1_TAG_NULL 0x05 +#define ASN1_TAG_GENERALSTRING 0x1B /* define used for visiting trees */ @@ -136,7 +161,7 @@ typedef struct static_struct_asn ASN1_ARRAY_TYPE; #define CONST_GENERALIZED (1<<23) #define CONST_UTC (1<<24) -// #define CONST_IMPORTS (1<<25) +/* #define CONST_IMPORTS (1<<25) */ #define CONST_NOT_USED (1<<26) #define CONST_SET (1<<27) @@ -150,7 +175,7 @@ typedef struct static_struct_asn ASN1_ARRAY_TYPE; asn1_retCode asn1_delete_structure(ASN1_TYPE *structure); asn1_retCode asn1_create_element(ASN1_TYPE definitions,const char *source_name, - ASN1_TYPE *element,const char *dest_name); + ASN1_TYPE *element); asn1_retCode asn1_read_value(ASN1_TYPE element,const char *name, unsigned char *value,int *len); diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h index 2a7dcf7202..31ceee317b 100644 --- a/lib/minitasn1/libtasn1.h +++ b/lib/minitasn1/libtasn1.h @@ -28,14 +28,14 @@ extern "C" { #endif -#define LIBASN1_VERSION "0.1.1" +#define LIBASN1_VERSION "0.2.1" #include <sys/types.h> #include <time.h> #define MAX_NAME_SIZE 128 /* maximum number of characters of a name */ /* inside a file with ASN1 definitons */ -#define MAX_ERROR_DESCRIPTION_SIZE 1024 /* maximum number of characters */ +#define MAX_ERROR_DESCRIPTION_SIZE 128 /* maximum number of characters */ /* of a description message */ /* (null character included) */ @@ -71,6 +71,31 @@ typedef int asn1_retCode; /* type returned by libasn1 functions */ #define ASN1_PRINT_NAME_TYPE_VALUE 3 #define ASN1_PRINT_ALL 4 +/*****************************************/ +/* Constants returned by asn1_read_tag */ +/*****************************************/ +#define ASN1_CLASS_UNIVERSAL 1 +#define ASN1_CLASS_APPLICATION 2 +#define ASN1_CLASS_CONTEXT_SPECIFIC 3 +#define ASN1_CLASS_PRIVATE 4 + + +/*****************************************/ +/* Constants returned by asn1_read_tag */ +/*****************************************/ +#define ASN1_TAG_BOOLEAN 0x01 +#define ASN1_TAG_INTEGER 0x02 +#define ASN1_TAG_SEQUENCE 0x10 +#define ASN1_TAG_SET 0x11 +#define ASN1_TAG_OCTET_STRING 0x04 +#define ASN1_TAG_BIT_STRING 0x03 +#define ASN1_TAG_UTCTime 0x17 +#define ASN1_TAG_GENERALIZEDTime 0x18 +#define ASN1_TAG_OBJECT_ID 0x06 +#define ASN1_TAG_ENUMERATED 0x0A +#define ASN1_TAG_NULL 0x05 +#define ASN1_TAG_GENERALSTRING 0x1B + /******************************************************/ /* Structure definition used for the node of the tree */ @@ -115,7 +140,7 @@ asn1_retCode asn1_array2tree(const ASN1_ARRAY_TYPE *array, void asn1_print_structure(FILE *out,ASN1_TYPE structure,const char *name,int mode); asn1_retCode asn1_create_element(ASN1_TYPE definitions,const char *source_name, - ASN1_TYPE *element,const char *dest_name); + ASN1_TYPE *element); asn1_retCode asn1_delete_structure(ASN1_TYPE *structure); @@ -145,6 +170,12 @@ asn1_retCode asn1_expand_any_defined_by(ASN1_TYPE definitions, asn1_retCode asn1_expand_octet_string(ASN1_TYPE definitions,ASN1_TYPE *element, const char *octetName,const char *objectName); +asn1_retCode asn1_read_tag(node_asn *root,const char *name,int *tag, + int *class); + +asn1_retCode asn1_find_structure_from_oid(ASN1_TYPE definitions, + const char *oidValue,char *structureName); + const char* libtasn1_strerror(asn1_retCode error); void libtasn1_perror(asn1_retCode error); diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c index 96f6b24552..a0f7775a01 100644 --- a/lib/minitasn1/parser_aux.c +++ b/lib/minitasn1/parser_aux.c @@ -84,8 +84,10 @@ _asn1_add_node(unsigned int type) /* Function : _asn1_find_mode */ /* Description: searches an element called NAME starting from */ /* POINTER. The name is composed by differents */ -/* identifiers separated by dot.The first identifier */ -/* must be the name of *POINTER. */ +/* identifiers separated by dots.When *POINTER has a */ +/* name, the first identifier must be the name of */ +/* *POINTER, otherwise it must be the name of one */ +/* child of *POINTER. */ /* Parameters: */ /* pointer: NODE_ASN element pointer. */ /* name: null terminated string with the element's name to find.*/ @@ -95,31 +97,40 @@ node_asn * _asn1_find_node(node_asn *pointer,const char *name) { node_asn *p; - char *n_end,n[128]; + char *n_end,n[MAX_NAME_SIZE+1]; const char *n_start; - if((name==NULL) || (name[0]==0)) return NULL; + if(pointer == NULL) return NULL; - n_start=name; - n_end=strchr(n_start,'.'); /* search the first dot */ - if(n_end){ - memcpy(n,n_start,n_end-n_start); - n[n_end-n_start]=0; - n_start=n_end; - n_start++; - } - else{ - _asn1_str_cpy(n,sizeof(n),n_start); - n_start=NULL; - } + if(name==NULL) return NULL; p=pointer; - while(p){ - if((p->name) && (!strcmp(p->name,n))) break; - else p=p->right; - } /* while */ + n_start=name; - if(p==NULL) return NULL; + if(p->name != NULL){ /* has *pointer a name ? */ + n_end=strchr(n_start,'.'); /* search the first dot */ + if(n_end){ + memcpy(n,n_start,n_end-n_start); + n[n_end-n_start]=0; + n_start=n_end; + n_start++; + } + else{ + _asn1_str_cpy(n,sizeof(n),n_start); + n_start=NULL; + } + + while(p){ + if((p->name) && (!strcmp(p->name,n))) break; + else p=p->right; + } /* while */ + + if(p==NULL) return NULL; + } + else{ /* *pointer doesn't have a name */ + if(n_start[0]==0) + return p; + } while(n_start){ /* Has the end of NAME been reached? */ n_end=strchr(n_start,'.'); /* search the next dot */ diff --git a/lib/minitasn1/structure.c b/lib/minitasn1/structure.c index fb7b10f694..7eb6fdec05 100644 --- a/lib/minitasn1/structure.c +++ b/lib/minitasn1/structure.c @@ -224,9 +224,9 @@ asn1_array2tree(const ASN1_ARRAY_TYPE *array,ASN1_TYPE *definitions, if (errorDescription!=NULL) { if(result==ASN1_IDENTIFIER_NOT_FOUND) { - strcpy(errorDescription,":: identifier '"); - strcat(errorDescription,_asn1_identifierMissing); - strcat(errorDescription,"' not found"); + Estrcpy(errorDescription,":: identifier '"); + Estrcat(errorDescription,_asn1_identifierMissing); + Estrcat(errorDescription,"' not found"); } else errorDescription[0]=0; @@ -321,7 +321,7 @@ _asn1_copy_structure3(node_asn *source_node) if(p_s->value){ switch(type_field(p_s->type)){ case TYPE_OCTET_STRING: case TYPE_BIT_STRING: case TYPE_GENERALSTRING: - case TYPE_INTEGER: // case TYPE_DEFAULT: + case TYPE_INTEGER: len2=-1; len=_asn1_get_length_der(p_s->value,&len2); _asn1_set_value(p_d,p_s->value,len+len2); @@ -518,11 +518,10 @@ _asn1_expand_identifier(node_asn **node,node_asn *root) /** - * asn1_create_element - Creates a structure called DEST_NAME of type SOURCE_NAME. + * asn1_create_element - Creates a structure of type SOURCE_NAME. * @definitions: pointer to the structure returned by "parser_asn1" function * @source_name: the name of the type of the new structure (must be inside p_structure). * @element: pointer to the structure created. - * @dest_name: the name of the new structure. * Description: * * Creates a structure called DEST_NAME of type SOURCE_NAME. @@ -531,28 +530,23 @@ _asn1_expand_identifier(node_asn **node,node_asn *root) * * ASN1_SUCCESS\: creation OK * - * ASN1_ELEMENT_NOT_EMPTY\: *POINTER not ASN1_TYPE_EMPTY - * * ASN1_ELEMENT_NOT_FOUND\: SOURCE_NAME isn't known * * Example: using "pkix.asn" - * result=asn1_create_structure(cert_def,"PKIX1.Certificate",&cert,"certificate1"); + * result=asn1_create_structure(cert_def,"PKIX1.Certificate",&cert); **/ asn1_retCode asn1_create_element(ASN1_TYPE definitions,const char *source_name, - ASN1_TYPE *element,const char *dest_name) + ASN1_TYPE *element) { node_asn *dest_node; int res; - if(*element!=ASN1_TYPE_EMPTY) - return ASN1_ELEMENT_NOT_EMPTY; - dest_node=_asn1_copy_structure2(definitions,source_name); if(dest_node==NULL) return ASN1_ELEMENT_NOT_FOUND; - _asn1_set_name(dest_node,dest_name); + _asn1_set_name(dest_node,""); res=_asn1_expand_identifier(&dest_node,definitions); _asn1_type_choice_config(dest_node); @@ -833,9 +827,9 @@ asn1_print_structure(FILE *out,ASN1_TYPE structure,const char *name,int mode) * * Returns: * - * ASN1_SUCCESS: creation OK - * ASN1_ELEMENT_NOT_FOUND: NAME isn't known - * ASN1_GENERIC_ERROR: pointer num equal to NULL + * ASN1_SUCCESS\: creation OK + * ASN1_ELEMENT_NOT_FOUND\: NAME isn't known + * ASN1_GENERIC_ERROR\: pointer num equal to NULL * **/ asn1_retCode @@ -861,8 +855,68 @@ asn1_number_of_elements(ASN1_TYPE element,const char *name,int *num) } +/** + * asn1_find_structure_from_oid - Search the structure that is defined just + * after an OID definition. + * @definitions: ASN1 definitions + * @oidValue: value of the OID to search (e.g. "1.2.3.4"). + * @structureName: name returned by the function, that is the structure + * defined just after the OID of value equal to OIDVALUE. + * It must be an array of MAX_NAME_SIZE char elements. + * + * Description: + * + * Search the structure that is defined just after an OID definition. + * + * Returns: + * + * ASN1_SUCCESS\: structure found. + * + * ASN1_ELEMENT_NOT_FOUND\: OID equal to OIDVALUE not found. + * + **/ +asn1_retCode +asn1_find_structure_from_oid(ASN1_TYPE definitions, + const char *oidValue,char *structureName) +{ + char definitionsName[MAX_NAME_SIZE],name[2*MAX_NAME_SIZE+1]; + char value[MAX_NAME_SIZE]; + ASN1_TYPE p; + int len; + asn1_retCode result; + + if((definitions==ASN1_TYPE_EMPTY) || (oidValue==NULL)) + return ASN1_ELEMENT_NOT_FOUND; + strcpy(definitionsName,definitions->name); + strcat(definitionsName,"."); + + /* search the OBJECT_ID into definitions */ + p=definitions->down; + while(p){ + if((type_field(p->type)==TYPE_OBJECT_ID) && + (p->type & CONST_ASSIGN)){ + strcpy(name,definitionsName); + strcat(name,p->name); + + len=MAX_NAME_SIZE; + result=asn1_read_value(definitions,name,value,&len); + + if((result == ASN1_SUCCESS) && (!strcmp(oidValue,value))){ + p=p->right; + if(p==NULL) /* reach the end of ASN1 definitions */ + return ASN1_ELEMENT_NOT_FOUND; + + strcpy(structureName,p->name); + return ASN1_SUCCESS; + } + } + p=p->right; + } + + return ASN1_ELEMENT_NOT_FOUND; +} diff --git a/lib/x509/common.c b/lib/x509/common.c index 91dee0dbf2..73a49e2c80 100644 --- a/lib/x509/common.c +++ b/lib/x509/common.c @@ -37,26 +37,30 @@ typedef struct _oid2string { int printable; } oid2string; +#define PKIX1_RSA_OID "1.2.840.113549.1.1.1" +#define DSA_OID "1.2.840.10040.4.1" + static const oid2string OID2STR[] = { - {"2 5 4 6", "X520countryName", "C", 0, 1}, - {"2 5 4 12", "X520title", "T", 1, 1}, - {"2 5 4 10", "X520OrganizationName", "O", 1, 1}, - {"2 5 4 11", "X520OrganizationalUnitName", "OU", 1, 1}, - {"2 5 4 3", "X520CommonName", "CN", 1, 1}, - {"2 5 4 7", "X520LocalityName", "L", 1, 1}, - {"2 5 4 8", "X520StateOrProvinceName", "ST", 1, 1}, - {"2 5 4 5", "X520serialNumber", "serialNumber", 0, 1}, - {"2 5 4 20", "X520telephoneNumber", "telephoneNumber", 0, 1}, - - {"0 9 2342 19200300 100 1 25", "dc", "DC", 0, 1}, /* FIXME: CHOICE? */ - {"0 9 2342 19200300 100 1 1", "uid", "UID", 0, 1}, /* FIXME: CHOICE? */ - {"1 2 840 113549 1 9 1", "Pkcs9email", "EMAIL", 0, 1}, - {"1 2 840 113549 1 1 1", "rsaEncryption", NULL, 0, 0}, - {"1 2 840 113549 1 1 2", "md2WithRSAEncryption", NULL, 0, 0}, - {"1 2 840 113549 1 1 4", "md5WithRSAEncryption", NULL, 0, 0}, - {"1 2 840 113549 1 1 5", "sha1WithRSAEncryption", NULL, 0, 0}, - {"1 2 840 10040 4 3", "id-dsa-with-sha1", NULL, 0, 0}, - {"1 2 840 10040 4 1", "id-dsa", NULL, 0, 0}, + {"2.5.4.6", "X520countryName", "C", 0, 1}, + {"2.5.4.12", "X520title", "T", 1, 1}, + {"2.5.4.10", "X520OrganizationName", "O", 1, 1}, + {"2.5.4.11", "X520OrganizationalUnitName", "OU", 1, 1}, + {"2.5.4.3", "X520CommonName", "CN", 1, 1}, + {"2.5.4.7", "X520LocalityName", "L", 1, 1}, + {"2.5.4.8", "X520StateOrProvinceName", "ST", 1, 1}, + {"2.5.4.5", "X520serialNumber", "serialNumber", 0, 1}, + {"2.5.4.20", "X520telephoneNumber", "telephoneNumber", 0, 1}, + + {"0.9.2342.19200300.100.1.25", "dc", "DC", 0, 1}, /* FIXME: CHOICE? */ + {"0.9.2342.19200300.100.1.1", "uid", "UID", 0, 1}, /* FIXME: CHOICE? */ + {"1.2.840.113549.1.9.1", "Pkcs9email", "EMAIL", 0, 1}, + {PKIX1_RSA_OID, "rsaEncryption", NULL, 0, 0}, + {"1.2.840.113549.1.1.2", "md2WithRSAEncryption", NULL, 0, 0}, + + {"1.2.840.113549.1.1.4", "md5WithRSAEncryption", NULL, 0, 0}, + {"1.2.840.113549.1.1.5", "sha1WithRSAEncryption", NULL, 0, 0}, + {"1.2.840.10040.4.3", "id-dsa-with-sha1", NULL, 0, 0}, + {DSA_OID, "id-dsa", NULL, 0, 0}, {NULL, NULL, NULL, 0, 0} }; @@ -123,7 +127,8 @@ int _gnutls_x509_oid_data2string( const char* OID, void* value, int value_size, char * res, int *res_size) { int result; -char str[1024], tmpname[1024]; +char str[1024]; +char tmpname[128]; const char* ANAME = NULL; int CHOICE = -1, len = -1; ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; @@ -150,12 +155,10 @@ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; _gnutls_str_cpy(str, sizeof(str), "PKIX1."); _gnutls_str_cat(str, sizeof(str), ANAME); - _gnutls_str_cpy( tmpname, sizeof(tmpname), "temp-structure-"); - _gnutls_str_cat( tmpname, sizeof(tmpname), ANAME); if ((result = asn1_create_element(_gnutls_get_pkix(), str, - &tmpasn, tmpname)) != ASN1_SUCCESS) { + &tmpasn)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -169,7 +172,7 @@ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; * is the value; */ len = sizeof( str) - 1; - if ((result = asn1_read_value(tmpasn, tmpname, str, &len)) != ASN1_SUCCESS) { /* CHOICE */ + if ((result = asn1_read_value(tmpasn, "", str, &len)) != ASN1_SUCCESS) { /* CHOICE */ asn1_delete_structure(&tmpasn); return _gnutls_asn2err(result); } @@ -182,8 +185,7 @@ ASN1_TYPE tmpasn = ASN1_TYPE_EMPTY; } else { /* CHOICE */ str[len] = 0; - _gnutls_str_cat( tmpname, sizeof(tmpname), "."); - _gnutls_str_cat( tmpname, sizeof(tmpname), str); + _gnutls_str_cpy( tmpname, sizeof(tmpname), str); len = sizeof(str) - 1; if ((result = @@ -218,9 +220,6 @@ void _gnutls_int2str(unsigned int k, char *data) } -#define PKIX1_RSA_OID "1 2 840 113549 1 1 1" -#define DSA_OID "1 2 840 10040 4 1" - gnutls_pk_algorithm _gnutls_x509_oid2pk_algorithm( const char* oid) { if (strcmp( oid, PKIX1_RSA_OID) == 0) /* pkix-1 1 - RSA */ @@ -416,7 +415,7 @@ time_t _gnutls_x509_generalTime2gtime(char *ttime) } /* Extracts the time in time_t from the ASN1_TYPE given. When should - * be something like "crl2.tbsCertList.thisUpdate". + * be something like "tbsCertList.thisUpdate". */ #define MAX_TIME 1024 time_t _gnutls_x509_get_time(ASN1_TYPE c2, const char *when) diff --git a/lib/x509/compat.c b/lib/x509/compat.c index 0f8e457a4d..d3bde5ad8d 100644 --- a/lib/x509/compat.c +++ b/lib/x509/compat.c @@ -49,8 +49,8 @@ int gnutls_x509_extract_dn(const gnutls_datum * idn, gnutls_x509_dn * rdn) if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn, - "dn")) != ASN1_SUCCESS) { + "PKIX1.Name", &dn + )) != ASN1_SUCCESS) { return _gnutls_asn2err(result); } @@ -64,25 +64,25 @@ int gnutls_x509_extract_dn(const gnutls_datum * idn, gnutls_x509_dn * rdn) memset( rdn, 0, sizeof(gnutls_x509_dn)); len = sizeof(rdn->country); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_X520_COUNTRY_NAME, 0, rdn->country, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_COUNTRY_NAME, 0, rdn->country, &len); len = sizeof(rdn->organization); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_X520_ORGANIZATION_NAME, 0, rdn->organization, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_ORGANIZATION_NAME, 0, rdn->organization, &len); len = sizeof(rdn->organizational_unit_name); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, rdn->organizational_unit_name, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_ORGANIZATIONAL_UNIT_NAME, 0, rdn->organizational_unit_name, &len); len = sizeof(rdn->common_name); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_X520_COMMON_NAME, 0, rdn->common_name, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_COMMON_NAME, 0, rdn->common_name, &len); len = sizeof(rdn->locality_name); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_X520_LOCALITY_NAME, 0, rdn->locality_name, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_LOCALITY_NAME, 0, rdn->locality_name, &len); len = sizeof(rdn->state_or_province_name); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, rdn->state_or_province_name, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_X520_STATE_OR_PROVINCE_NAME, 0, rdn->state_or_province_name, &len); len = sizeof(rdn->email); - _gnutls_x509_parse_dn_oid( dn, "dn", GNUTLS_OID_PKCS9_EMAIL, 0, rdn->email, &len); + _gnutls_x509_parse_dn_oid( dn, "", GNUTLS_OID_PKCS9_EMAIL, 0, rdn->email, &len); asn1_delete_structure(&dn); @@ -575,7 +575,7 @@ int gnutls_x509_extract_certificate_dn_string(char *buf, unsigned int sizeof_buf * enumerated elements bitwise or'd. Note that expiration and activation dates are not checked * by this function, you should check them using the appropriate functions. * - * This function understands the basicConstraints (2 5 29 19) PKIX extension. + * This function understands the basicConstraints (2.5.29.19) PKIX extension. * This means that only a certificate authority can sign a certificate. * * However you must also check the peer's name in order to check if the verified certificate belongs to the diff --git a/lib/x509/crl.c b/lib/x509/crl.c index e627a23171..8d20d57baf 100644 --- a/lib/x509/crl.c +++ b/lib/x509/crl.c @@ -115,7 +115,7 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.CertificateList", - &crl->crl, "crl2"); + &crl->crl); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -133,7 +133,7 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, */ result = asn1_der_decoding_startEnd(crl->crl, _data.data, _data.size, - "crl2.tbsCertList", &start, &end); + "tbsCertList", &start, &end); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); gnutls_assert(); @@ -158,7 +158,7 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, */ len = sizeof(signature); result = - asn1_read_value(crl->crl, "crl2.signature", signature, + asn1_read_value(crl->crl, "signature", signature, &len); if (result != ASN1_SUCCESS) { @@ -187,7 +187,7 @@ int gnutls_x509_crl_import(gnutls_x509_crl crl, const gnutls_datum * data, len = sizeof(signature); result = asn1_read_value(crl->crl, - "crl2.signatureAlgorithm.algorithm", + "signatureAlgorithm.algorithm", signature, &len); if (result != ASN1_SUCCESS) { @@ -240,7 +240,7 @@ int gnutls_x509_crl_get_issuer_dn(gnutls_x509_crl crl, char *buf, } return _gnutls_x509_parse_dn(crl->crl, - "crl2.tbsCertList.issuer.rdnSequence", + "tbsCertList.issuer.rdnSequence", buf, sizeof_buf); @@ -275,7 +275,7 @@ int gnutls_x509_crl_get_issuer_dn_by_oid(gnutls_x509_crl crl, } return _gnutls_x509_parse_dn_oid(crl->crl, - "crl2.tbsCertList.issuer.rdnSequence", + "tbsCertList.issuer.rdnSequence", oid, indx, buf, sizeof_buf); @@ -314,7 +314,7 @@ int gnutls_x509_crl_get_version(gnutls_x509_crl crl) len = sizeof(version); if ((result = - asn1_read_value(crl->crl, "crl2.tbsCertList.version", version, + asn1_read_value(crl->crl, "tbsCertList.version", version, &len)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -335,7 +335,7 @@ int gnutls_x509_crl_get_version(gnutls_x509_crl crl) time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl) { return _gnutls_x509_get_time(crl->crl, - "crl2.tbsCertList.thisUpdate"); + "tbsCertList.thisUpdate"); } /** @@ -352,7 +352,7 @@ time_t gnutls_x509_crl_get_this_update(gnutls_x509_crl crl) time_t gnutls_x509_crl_get_next_update(gnutls_x509_crl crl) { return _gnutls_x509_get_time(crl->crl, - "crl2.tbsCertList.nextUpdate"); + "tbsCertList.nextUpdate"); } /** @@ -372,7 +372,7 @@ int gnutls_x509_crl_get_certificate_count(gnutls_x509_crl crl) result = asn1_number_of_elements(crl->crl, - "crl2.tbsCertList.revokedCertificates", + "tbsCertList.revokedCertificates", &count); if (result != ASN1_SUCCESS) { @@ -409,13 +409,13 @@ int gnutls_x509_crl_get_certificate(gnutls_x509_crl crl, int index, _gnutls_int2str(index + 1, str_index); _gnutls_str_cpy(serial_name, sizeof(serial_name), - "crl2.tbsCertList.revokedCertificates.?"); + "tbsCertList.revokedCertificates.?"); _gnutls_str_cat(serial_name, sizeof(serial_name), str_index); _gnutls_str_cat(serial_name, sizeof(serial_name), ".userCertificate"); _gnutls_str_cpy(date_name, sizeof(date_name), - "crl2.tbsCertList.revokedCertificates.?"); + "tbsCertList.revokedCertificates.?"); _gnutls_str_cat(date_name, sizeof(date_name), str_index); _gnutls_str_cat(date_name, sizeof(date_name), ".revocationDate"); @@ -458,7 +458,7 @@ int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl crl, */ if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertList", - &c2, "c2")) != ASN1_SUCCESS) { + &c2)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -475,7 +475,7 @@ int _gnutls_x509_crl_get_raw_issuer_dn(gnutls_x509_crl crl, result = asn1_der_decoding_startEnd(c2, crl->signed_data.data, - crl->signed_data.size, "c2.issuer", + crl->signed_data.size, "issuer", &start1, &end1); asn1_delete_structure(&c2); diff --git a/lib/x509/dn.c b/lib/x509/dn.c index 2b252e7d23..e9bcf10016 100644 --- a/lib/x509/dn.c +++ b/lib/x509/dn.c @@ -33,24 +33,11 @@ * Name (you need a parser just to read a name in the X.509 protoocols!!!) */ -/* converts all spaces to dots. Used to convert the - * OIDs returned by libtasn1 to the dotted OID format. - */ -static void dot_spaces(char *str) -{ - char *p; - - do { - p = strchr(str, ' '); - if (p) - *p = '.'; - } while (p); -} /* Converts the given OID to an ldap acceptable string or * a dotted OID. */ -static const char *oid2ldap_string(char *oid) +static const char *oid2ldap_string(const char *oid) { const char *ret; @@ -59,7 +46,6 @@ static const char *oid2ldap_string(char *oid) return ret; /* else return the OID in dotted format */ - dot_spaces(oid); return oid; } @@ -92,7 +78,7 @@ static char *str_escape(char *str, char *buffer, unsigned int buffer_size) /* Parses an X509 DN in the asn1_struct, and puts the output into * the string buf. The output is an LDAP encoded DN. * - * asn1_rdn_name must be a string in the form "crl2.tbsCertificate.issuer.rdnSequence". + * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence". * That is to point in the rndSequence. */ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, @@ -125,7 +111,7 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, do { k1++; - /* create a string like "crl2.tbsCertList.issuer.rdnSequence.?1" + /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ _gnutls_int2str(k1, counter); _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), @@ -299,7 +285,7 @@ int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, * given OID in the DN. * The output will be encoded in the LDAP way. (#hex for non printable). * - * asn1_rdn_name must be a string in the form "crl2.tbsCertificate.issuer.rdnSequence". + * asn1_rdn_name must be a string in the form "tbsCertificate.issuer.rdnSequence". * That is to point in the rndSequence. * * indx specifies which OID to return. Ie 0 means return the first specified @@ -332,7 +318,7 @@ int _gnutls_x509_parse_dn_oid(ASN1_TYPE asn1_struct, do { k1++; - /* create a string like "crl2.tbsCertList.issuer.rdnSequence.?1" + /* create a string like "tbsCertList.issuer.rdnSequence.?1" */ _gnutls_int2str(k1, counter); _gnutls_str_cpy(tmpbuffer1, sizeof(tmpbuffer1), @@ -513,8 +499,8 @@ int gnutls_x509_rdn_get(const gnutls_datum * idn, if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn, - "dn")) != ASN1_SUCCESS) { + "PKIX1.Name", &dn + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -527,7 +513,7 @@ int gnutls_x509_rdn_get(const gnutls_datum * idn, return _gnutls_asn2err(result); } - result = _gnutls_x509_parse_dn(dn, "dn", buf, sizeof_buf); + result = _gnutls_x509_parse_dn(dn, "", buf, sizeof_buf); asn1_delete_structure(&dn); return result; @@ -566,8 +552,8 @@ int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char* oid, int in if ((result = asn1_create_element(_gnutls_get_pkix(), - "PKIX1.Name", &dn, - "dn")) != ASN1_SUCCESS) { + "PKIX1.Name", &dn + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -580,7 +566,7 @@ int gnutls_x509_rdn_get_by_oid(const gnutls_datum * idn, const char* oid, int in return _gnutls_asn2err(result); } - result = _gnutls_x509_parse_dn_oid(dn, "dn", oid, indx, buf, sizeof_buf); + result = _gnutls_x509_parse_dn_oid(dn, "", oid, indx, buf, sizeof_buf); asn1_delete_structure(&dn); return result; diff --git a/lib/x509/dn.h b/lib/x509/dn.h index d6b0fff4d0..095ea1626b 100644 --- a/lib/x509/dn.h +++ b/lib/x509/dn.h @@ -3,15 +3,15 @@ /* Some OIDs usually found in Distinguished names */ -#define OID_X520_COUNTRY_NAME "2 5 4 6" -#define OID_X520_ORGANIZATION_NAME "2 5 4 10" -#define OID_X520_ORGANIZATIONAL_UNIT_NAME "2 5 4 11" -#define OID_X520_COMMON_NAME "2 5 4 3" -#define OID_X520_LOCALITY_NAME "2 5 4 7" -#define OID_X520_STATE_OR_PROVINCE_NAME "2 5 4 8" -#define OID_LDAP_DC "0 9 2342 19200300 100 1 25" -#define OID_LDAP_UID "0 9 2342 19200300 100 1 1" -#define OID_PKCS9_EMAIL "1 2 840 113549 1 9 1" +#define OID_X520_COUNTRY_NAME "2.5.4.6" +#define OID_X520_ORGANIZATION_NAME "2.5.4.10" +#define OID_X520_ORGANIZATIONAL_UNIT_NAME "2.5.4.11" +#define OID_X520_COMMON_NAME "2.5.4.3" +#define OID_X520_LOCALITY_NAME "2.5.4.7" +#define OID_X520_STATE_OR_PROVINCE_NAME "2.5.4.8" +#define OID_LDAP_DC "0.9.2342.19200300.100.1.25" +#define OID_LDAP_UID "0.9.2342.19200300.100.1.1" +#define OID_PKCS9_EMAIL "1.2.840.113549.1.9.1" int _gnutls_x509_parse_dn(ASN1_TYPE asn1_struct, const char* asn1_rdn_name, char *buf, diff --git a/lib/x509/extensions.c b/lib/x509/extensions.c index d288b38650..c5dcce6bd5 100644 --- a/lib/x509/extensions.c +++ b/lib/x509/extensions.c @@ -54,7 +54,7 @@ int _gnutls_x509_crt_get_extension( gnutls_x509_crt cert, const char* extension_ do { k++; - _gnutls_str_cpy(name, sizeof(name), "cert2.tbsCertificate.extensions.?"); + _gnutls_str_cpy(name, sizeof(name), "tbsCertificate.extensions.?"); _gnutls_int2str(k, counter); _gnutls_str_cat(name, sizeof(name), counter); @@ -171,8 +171,8 @@ int _gnutls_x509_ext_extract_keyUsage(uint16 *keyUsage, opaque * extnValue, keyUsage[0] = 0; if ((result=asn1_create_element - (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext, - "ku")) != ASN1_SUCCESS) { + (_gnutls_get_pkix(), "PKIX1.KeyUsage", &ext + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -186,7 +186,7 @@ int _gnutls_x509_ext_extract_keyUsage(uint16 *keyUsage, opaque * extnValue, } len = sizeof(str) - 1; - result = asn1_read_value(ext, "ku", str, &len); + result = asn1_read_value(ext, "", str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&ext); @@ -212,8 +212,8 @@ int _gnutls_x509_ext_extract_basicConstraints(int *CA, opaque * extnValue, *CA = 0; if ((result=asn1_create_element - (_gnutls_get_pkix(), "PKIX1.BasicConstraints", &ext, - "bc")) != ASN1_SUCCESS) { + (_gnutls_get_pkix(), "PKIX1.BasicConstraints", &ext + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -227,7 +227,7 @@ int _gnutls_x509_ext_extract_basicConstraints(int *CA, opaque * extnValue, } len = sizeof(str) - 1; - result = asn1_read_value(ext, "bc.cA", str, &len); + result = asn1_read_value(ext, "cA", str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&ext); diff --git a/lib/x509/mpi.c b/lib/x509/mpi.c index 1d488675af..c954706aef 100644 --- a/lib/x509/mpi.c +++ b/lib/x509/mpi.c @@ -39,8 +39,8 @@ int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params) ASN1_TYPE spk = ASN1_TYPE_EMPTY; if ((result=asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk, - "rsa_public_key")) != ASN1_SUCCESS) { + (_gnutls_get_gnutls_asn(), "GNUTLS.RSAPublicKey", &spk)) + != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -54,14 +54,14 @@ int _gnutls_x509_read_rsa_params(opaque * der, int dersize, GNUTLS_MPI * params) } - if ( (result=_gnutls_x509_read_int( spk, "rsa_public_key.modulus", + if ( (result=_gnutls_x509_read_int( spk, "modulus", str, sizeof(str)-1, ¶ms[0])) < 0) { gnutls_assert(); asn1_delete_structure(&spk); return GNUTLS_E_ASN1_GENERIC_ERROR; } - if ( (result=_gnutls_x509_read_int( spk, "rsa_public_key.publicExponent", + if ( (result=_gnutls_x509_read_int( spk, "publicExponent", str, sizeof(str)-1, ¶ms[1])) < 0) { gnutls_assert(); _gnutls_mpi_release(¶ms[0]); @@ -87,8 +87,8 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params) ASN1_TYPE spk = ASN1_TYPE_EMPTY; if ((result=asn1_create_element - (_gnutls_get_pkix(), "PKIX1.Dss-Parms", &spk, - "dsa_parms")) != ASN1_SUCCESS) { + (_gnutls_get_pkix(), "PKIX1.Dss-Parms", &spk + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -107,7 +107,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params) /* Read p */ - if ( (result=_gnutls_x509_read_int( spk, "dsa_parms.p", str, sizeof(str)-1, ¶ms[0])) < 0) { + if ( (result=_gnutls_x509_read_int( spk, "p", str, sizeof(str)-1, ¶ms[0])) < 0) { gnutls_assert(); asn1_delete_structure(&spk); return GNUTLS_E_ASN1_GENERIC_ERROR; @@ -115,7 +115,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params) /* Read q */ - if ( (result=_gnutls_x509_read_int( spk, "dsa_parms.q", str, sizeof(str)-1, ¶ms[1])) < 0) { + if ( (result=_gnutls_x509_read_int( spk, "q", str, sizeof(str)-1, ¶ms[1])) < 0) { gnutls_assert(); asn1_delete_structure(&spk); _gnutls_mpi_release(¶ms[0]); @@ -124,7 +124,7 @@ int _gnutls_x509_read_dsa_params(opaque * der, int dersize, GNUTLS_MPI * params) /* Read g */ - if ( (result=_gnutls_x509_read_int( spk, "dsa_parms.g", str, sizeof(str)-1, ¶ms[2])) < 0) { + if ( (result=_gnutls_x509_read_int( spk, "g", str, sizeof(str)-1, ¶ms[2])) < 0) { gnutls_assert(); asn1_delete_structure(&spk); _gnutls_mpi_release(¶ms[0]); @@ -149,8 +149,8 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params) ASN1_TYPE spk = ASN1_TYPE_EMPTY; if ( (result=asn1_create_element - (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk, - "dsa_public_key")) != ASN1_SUCCESS) { + (_gnutls_get_gnutls_asn(), "GNUTLS.DSAPublicKey", &spk + )) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -165,10 +165,11 @@ int _gnutls_x509_read_dsa_pubkey(opaque * der, int dersize, GNUTLS_MPI * params) /* Read p */ - if ( (result=_gnutls_x509_read_int( spk, "dsa_public_key", str, sizeof(str)-1, ¶ms[3])) < 0) { +#warning CHECK IT + if ( (result=_gnutls_x509_read_int( spk, "", str, sizeof(str)-1, ¶ms[3])) < 0) { gnutls_assert(); asn1_delete_structure(&spk); - return GNUTLS_E_ASN1_GENERIC_ERROR; + return _gnutls_asn2err(result); } asn1_delete_structure(&spk); @@ -195,7 +196,7 @@ int pk_algorithm; */ len = sizeof(str); result = asn1_read_value(cert->cert, - "cert2.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", str, &len); + "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", str, &len); len /= 8; if (result != ASN1_SUCCESS) { @@ -247,7 +248,7 @@ int pk_algorithm; len = sizeof(str); result = asn1_read_value(cert->cert, - "cert2.tbsCertificate.subjectPublicKeyInfo.algorithm.parameters", str, &len); + "tbsCertificate.subjectPublicKeyInfo.algorithm.parameters", str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); diff --git a/lib/x509/pkcs7.c b/lib/x509/pkcs7.c index b82b6ec706..75df9d9687 100644 --- a/lib/x509/pkcs7.c +++ b/lib/x509/pkcs7.c @@ -110,7 +110,7 @@ int gnutls_pkcs7_import(gnutls_pkcs7 pkcs7, const gnutls_datum * data, result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.ContentInfo", - &pkcs7->pkcs7, "pkcs7"); + &pkcs7->pkcs7); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -166,13 +166,13 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, /* root2 is used as a temp storage area */ len = sizeof(oid) - 1; - result = asn1_read_value(pkcs7->pkcs7, "pkcs7.contentType", oid, &len); + result = asn1_read_value(pkcs7->pkcs7, "contentType", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - if ( strcmp( oid, "1 2 840 113549 1 7 2") != 0) { + if ( strcmp( oid, "1.2.840.113549.1.7.2") != 0) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -184,7 +184,7 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, return GNUTLS_E_MEMORY_ERROR; } - result = asn1_read_value(pkcs7->pkcs7, "pkcs7.content", tmp, &tmp_size); + result = asn1_read_value(pkcs7->pkcs7, "content", tmp, &tmp_size); /* FIXME: a hard coded value */ if (result==ASN1_MEM_ERROR && tmp_size > 0 && tmp_size < 50*1024) { @@ -193,7 +193,7 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - result = asn1_read_value(pkcs7->pkcs7, "pkcs7.content", tmp, &tmp_size); + result = asn1_read_value(pkcs7->pkcs7, "content", tmp, &tmp_size); } if (result != ASN1_SUCCESS) { @@ -209,7 +209,7 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, /* Step 1. In case of a signed structure extract certificate set. */ if ((result=asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SignedData", &c2, "c2")) != ASN1_SUCCESS) { + (_gnutls_get_pkix(), "PKIX1.SignedData", &c2)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; } @@ -225,7 +225,7 @@ int gnutls_pkcs7_get_certificate(gnutls_pkcs7 pkcs7, /* Step 2. Parse the CertificateSet */ - _gnutls_str_cpy( root2, sizeof(root2), "c2.certificates.?"); + _gnutls_str_cpy( root2, sizeof(root2), "certificates.?"); _gnutls_int2str( indx+1, counter); _gnutls_str_cat( root2, sizeof(root2), counter); @@ -305,13 +305,13 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) /* root2 is used as a temp storage area */ - result = asn1_read_value(pkcs7->pkcs7, "pkcs7.contentType", oid, &len); + result = asn1_read_value(pkcs7->pkcs7, "contentType", oid, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } - if ( strcmp( oid, "1 2 840 113549 1 7 2") != 0) { + if ( strcmp( oid, "1.2.840.113549.1.7.2") != 0) { gnutls_assert(); return GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE; } @@ -323,7 +323,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) return GNUTLS_E_MEMORY_ERROR; } - result = asn1_read_value(pkcs7->pkcs7, "pkcs7.content", tmp, &tmp_size); + result = asn1_read_value(pkcs7->pkcs7, "content", tmp, &tmp_size); /* FIXME: a hard coded value */ if (result==ASN1_MEM_ERROR && tmp_size > 0 && tmp_size < 50*1024) { @@ -332,7 +332,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) gnutls_assert(); return GNUTLS_E_MEMORY_ERROR; } - result = asn1_read_value(pkcs7->pkcs7, "pkcs7.content", tmp, &tmp_size); + result = asn1_read_value(pkcs7->pkcs7, "content", tmp, &tmp_size); } if (result != ASN1_SUCCESS) { @@ -348,7 +348,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) /* Step 1. In case of a signed structure count the certificate set. */ if ((result=asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SignedData", &c2, "c2")) != ASN1_SUCCESS) { + (_gnutls_get_pkix(), "PKIX1.SignedData", &c2)) != ASN1_SUCCESS) { gnutls_assert(); result = _gnutls_asn2err(result); goto cleanup; @@ -368,7 +368,7 @@ int gnutls_pkcs7_get_certificate_count(gnutls_pkcs7 pkcs7) /* Step 2. Count the CertificateSet */ - result = asn1_number_of_elements( c2, "c2.certificates", &count); + result = asn1_number_of_elements( c2, "certificates", &count); asn1_delete_structure(&c2); diff --git a/lib/x509/verify.c b/lib/x509/verify.c index e29312ef5e..79f6b18b84 100644 --- a/lib/x509/verify.c +++ b/lib/x509/verify.c @@ -350,7 +350,8 @@ unsigned int _gnutls_x509_verify_certificate(gnutls_x509_crt * certificate_list, } - +#define OID_SHA1 "1.3.14.3.2.26" +#define OID_MD5 "1.2.840.113549.2.5" /* Reads the digest information. * we use DER here, although we should use BER. It works fine @@ -365,7 +366,7 @@ opaque str[1024]; int len; if ((result=asn1_create_element( _gnutls_get_gnutls_asn(), - "GNUTLS.DigestInfo", &dinfo, "digest_info"))!=ASN1_SUCCESS) { + "GNUTLS.DigestInfo", &dinfo))!=ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -379,7 +380,7 @@ int len; len = sizeof(str)-1; result = - asn1_read_value( dinfo, "digest_info.digestAlgorithm.algorithm", str, &len); + asn1_read_value( dinfo, "digestAlgorithm.algorithm", str, &len); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&dinfo); @@ -388,10 +389,10 @@ int len; *hash = (gnutls_mac_algorithm)-1; - if ( strcmp(str, "1 2 840 113549 2 5")==0) { /* MD5 */ + if ( strcmp(str, OID_MD5)==0) { /* MD5 */ *hash = GNUTLS_MAC_MD5; } else - if ( strcmp(str, "1 3 14 3 2 26")==0) { /* SHA1 ID */ + if ( strcmp(str, OID_SHA1)==0) { /* SHA1 ID */ *hash = GNUTLS_MAC_SHA; } @@ -405,7 +406,7 @@ int len; } result = - asn1_read_value( dinfo, "digest_info.digest", digest, digest_size); + asn1_read_value( dinfo, "digest", digest, digest_size); if (result != ASN1_SUCCESS) { gnutls_assert(); asn1_delete_structure(&dinfo); @@ -548,7 +549,7 @@ int ret, issuer_params_size, i; * by this function, you should check them using the appropriate functions. * * If no flags are specified (0), this function will use the - * basicConstraints (2 5 29 19) PKIX extension. This means that only a certificate + * basicConstraints (2.5.29.19) PKIX extension. This means that only a certificate * authority is allowed to sign a certificate. * * However you must also check the peer's name in order to check if the verified diff --git a/lib/x509/x509.c b/lib/x509/x509.c index 373264fc09..d4bdfb7e89 100644 --- a/lib/x509/x509.c +++ b/lib/x509/x509.c @@ -122,7 +122,7 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.Certificate", - &cert->cert, "cert2"); + &cert->cert); if (result != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); @@ -138,7 +138,7 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, /* Get the signed data */ result = asn1_der_decoding_startEnd(cert->cert, _data.data, _data.size, - "cert2.tbsCertificate", &start, + "tbsCertificate", &start, &end); if (result != ASN1_SUCCESS) { result = _gnutls_asn2err(result); @@ -163,7 +163,7 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, /* read the bit string of the signature */ len = sizeof(signature); - result = asn1_read_value( cert->cert, "cert2.signature", signature, + result = asn1_read_value( cert->cert, "signature", signature, &len); if (result != ASN1_SUCCESS) { @@ -188,7 +188,7 @@ int gnutls_x509_crt_import(gnutls_x509_crt cert, const gnutls_datum * data, */ len = sizeof(signature); - result = asn1_read_value( cert->cert, "cert2.signatureAlgorithm.algorithm", + result = asn1_read_value( cert->cert, "signatureAlgorithm.algorithm", signature, &len); if (result != ASN1_SUCCESS) { @@ -237,7 +237,7 @@ int gnutls_x509_crt_get_issuer_dn(gnutls_x509_crt cert, char *buf, return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn( cert->cert, "cert2.tbsCertificate.issuer.rdnSequence", + return _gnutls_x509_parse_dn( cert->cert, "tbsCertificate.issuer.rdnSequence", buf, sizeof_buf); @@ -270,7 +270,7 @@ int gnutls_x509_crt_get_issuer_dn_by_oid(gnutls_x509_crt cert, const char* oid, return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn_oid( cert->cert, "cert2.tbsCertificate.issuer.rdnSequence", oid, + return _gnutls_x509_parse_dn_oid( cert->cert, "tbsCertificate.issuer.rdnSequence", oid, indx, buf, sizeof_buf); @@ -299,7 +299,7 @@ int gnutls_x509_crt_get_dn(gnutls_x509_crt cert, char *buf, return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn( cert->cert, "cert2.tbsCertificate.subject.rdnSequence", + return _gnutls_x509_parse_dn( cert->cert, "tbsCertificate.subject.rdnSequence", buf, sizeof_buf); @@ -332,7 +332,7 @@ int gnutls_x509_crt_get_dn_by_oid(gnutls_x509_crt cert, const char* oid, return GNUTLS_E_INVALID_REQUEST; } - return _gnutls_x509_parse_dn_oid( cert->cert, "cert2.tbsCertificate.subject.rdnSequence", oid, + return _gnutls_x509_parse_dn_oid( cert->cert, "tbsCertificate.subject.rdnSequence", oid, indx, buf, sizeof_buf); @@ -370,7 +370,7 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt cert) int len, result; len = sizeof(version); - if ((result = asn1_read_value(cert->cert, "cert2.tbsCertificate.version", version, &len)) != + if ((result = asn1_read_value(cert->cert, "tbsCertificate.version", version, &len)) != ASN1_SUCCESS) { if (result == ASN1_ELEMENT_NOT_FOUND) return 1; /* the DEFAULT version */ @@ -392,7 +392,7 @@ int gnutls_x509_crt_get_version(gnutls_x509_crt cert) **/ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt cert) { - return _gnutls_x509_get_time( cert->cert, "cert2.tbsCertificate.validity.notBefore"); + return _gnutls_x509_get_time( cert->cert, "tbsCertificate.validity.notBefore"); } /** @@ -406,7 +406,7 @@ time_t gnutls_x509_crt_get_activation_time(gnutls_x509_crt cert) **/ time_t gnutls_x509_crt_get_expiration_time(gnutls_x509_crt cert) { - return _gnutls_x509_get_time( cert->cert, "cert2.tbsCertificate.validity.notAfter"); + return _gnutls_x509_get_time( cert->cert, "tbsCertificate.validity.notAfter"); } /** @@ -428,7 +428,7 @@ int gnutls_x509_crt_get_serial(gnutls_x509_crt cert, char* result, int* result_s { int ret; - if ((ret = asn1_read_value(cert->cert, "cert2.tbsCertificate.serialNumber", result, result_size)) < 0) { + if ((ret = asn1_read_value(cert->cert, "tbsCertificate.serialNumber", result, result_size)) < 0) { gnutls_assert(); return ret; } @@ -466,7 +466,7 @@ int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt cert, int* bits) result = asn1_read_value (cert->cert, - "cert2.tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm", + "tbsCertificate.subjectPublicKeyInfo.algorithm.algorithm", str, &len); @@ -486,7 +486,7 @@ int gnutls_x509_crt_get_pk_algorithm( gnutls_x509_crt cert, int* bits) len = sizeof(str) - 1; result = asn1_read_value - (cert->cert, "cert2.tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", + (cert->cert, "tbsCertificate.subjectPublicKeyInfo.subjectPublicKey", str, &len); len /= 8; @@ -561,7 +561,7 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, memset(ret, 0, *ret_size); if ((result = - _gnutls_x509_crt_get_extension(cert, "2 5 29 17", 0, &dnsname, critical)) < 0) { + _gnutls_x509_crt_get_extension(cert, "2.5.29.17", 0, &dnsname, critical)) < 0) { gnutls_assert(); return result; } @@ -572,7 +572,7 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, } if ((result=asn1_create_element - (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2, "san")) + (_gnutls_get_pkix(), "PKIX1.SubjectAltName", &c2)) != ASN1_SUCCESS) { gnutls_assert(); _gnutls_free_datum( &dnsname); @@ -593,7 +593,7 @@ int gnutls_x509_crt_get_subject_alt_name(gnutls_x509_crt cert, seq++; /* 0->1, 1->2 etc */ _gnutls_int2str( seq, num); - _gnutls_str_cpy( nptr, sizeof(nptr), "san.?"); + _gnutls_str_cpy( nptr, sizeof(nptr), "?"); _gnutls_str_cat( nptr, sizeof(nptr), num); len = sizeof(ext_data); @@ -661,7 +661,7 @@ int gnutls_x509_crt_get_ca_status(gnutls_x509_crt cert, int* critical) int ca; if ((result = - _gnutls_x509_crt_get_extension(cert, "2 5 29 19", 0, &basicConstraints, critical)) < 0) { + _gnutls_x509_crt_get_extension(cert, "2.5.29.19", 0, &basicConstraints, critical)) < 0) { gnutls_assert(); return result; } @@ -710,7 +710,7 @@ int gnutls_x509_crt_get_key_usage(gnutls_x509_crt cert, unsigned int *key_usage, uint16 _usage; if ((result = - _gnutls_x509_crt_get_extension(cert, "2 5 29 15", 0, &keyUsage, critical)) < 0) { + _gnutls_x509_crt_get_extension(cert, "2.5.29.15", 0, &keyUsage, critical)) < 0) { gnutls_assert(); return result; } @@ -797,7 +797,7 @@ int _gnutls_x509_crt_get_raw_dn2( gnutls_x509_crt cert, */ if ((result = asn1_create_element(_gnutls_get_pkix(), "PKIX1.TBSCertificate", - &c2, "c2")) != ASN1_SUCCESS) { + &c2)) != ASN1_SUCCESS) { gnutls_assert(); return _gnutls_asn2err(result); } @@ -843,7 +843,7 @@ int _gnutls_x509_crt_get_raw_dn2( gnutls_x509_crt cert, int _gnutls_x509_crt_get_raw_issuer_dn( gnutls_x509_crt cert, gnutls_const_datum* start) { - return _gnutls_x509_crt_get_raw_dn2( cert, "c2.issuer", start); + return _gnutls_x509_crt_get_raw_dn2( cert, "issuer", start); } /*- @@ -860,7 +860,7 @@ int _gnutls_x509_crt_get_raw_issuer_dn( gnutls_x509_crt cert, int _gnutls_x509_crt_get_raw_dn( gnutls_x509_crt cert, gnutls_const_datum * start) { - return _gnutls_x509_crt_get_raw_dn2( cert, "c2.subject", start); + return _gnutls_x509_crt_get_raw_dn2( cert, "subject", start); } @@ -989,7 +989,7 @@ gnutls_datum tmp; return GNUTLS_E_INVALID_REQUEST; } - result = asn1_der_coding( cert->cert, "cert2", + result = asn1_der_coding( cert->cert, "", cert_buf, &cert_buf_size, NULL); if (result != ASN1_SUCCESS) { diff --git a/lib/x509/xml.c b/lib/x509/xml.c index 637a4948e7..0cb2945c39 100644 --- a/lib/x509/xml.c +++ b/lib/x509/xml.c @@ -592,7 +592,7 @@ int gnutls_x509_crt_to_xml(gnutls_x509_crt cert, gnutls_datum* res, int detail) res->data = NULL; res->size = 0; - result = _gnutls_asn1_get_structure_xml( cert->cert, "cert2", res); + result = _gnutls_asn1_get_structure_xml( cert->cert, "", res); if (result < 0) { gnutls_assert(); return result; |