diff options
83 files changed, 816 insertions, 8660 deletions
diff --git a/.gitignore b/.gitignore index e19ca802cb..88c4d33b68 100644 --- a/.gitignore +++ b/.gitignore @@ -189,7 +189,8 @@ fuzz/*_fuzzer *.gcda *.gcno *.gcov -gl +/gl/* +!/gl/override /GNUmakefile GnuTLS-*-coverage/ gnutls-*.tar.* diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ccc4eddfa1..5ce88f2662 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -390,6 +390,42 @@ MinGW64.DLLs: - win64-build/ retry: 1 +MinGW64.Vista+: + stage: stage1-testing + image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD + script: + - ./bootstrap + - export CC="ccache x86_64-w64-mingw32-gcc" + # Target Vista instead of XP, currently the default in mingw + - export CPPFLAGS="-D_WIN32_WINT=0x600" + - export WINEPATH=/usr/x86_64-w64-mingw32/sys-root/mingw/bin + - mount -t binfmt_misc binfmt_misc /proc/sys/fs/binfmt_misc + - echo ':DOSWin:M::MZ::/usr/bin/wine64:' > /proc/sys/fs/binfmt_misc/register + - mkdir -p build + - cd build + - dash ../configure --disable-gcc-warnings --host=x86_64-w64-mingw32 --target=x86_64-w64-mingw32 --cache-file ../cache/config.cache --with-included-libtasn1 --disable-guile --disable-nls --with-included-unistring --enable-local-libopts --disable-full-test-suite --disable-non-suiteb-curves --disable-doc + # generate the certtool autogen file to check whether later compilation will modify it + - mingw64-make -j$BUILDJOBS -C src certtool-args.c.bak + - mingw64-make -j$BUILDJOBS + - mingw64-make -j$CHECKJOBS -C tests check + - cd .. + # since we use --enable-local-libopts the generated files must equal the .bak + - cmp build/src/certtool-args.c build/src/certtool-args.c.bak || false + tags: + - shared + - docker + - linux + except: + - tags + artifacts: + expire_in: 1 week + when: on_failure + paths: + - build/*.log + - build/tests/*.log + - build/tests/*/*.log + retry: 1 + MinGW64: stage: stage1-testing image: $CI_REGISTRY/$BUILD_IMAGES_PROJECT:$MINGW_BUILD diff --git a/.gitmodules b/.gitmodules index 672f483a31..911c918895 100644 --- a/.gitmodules +++ b/.gitmodules @@ -16,3 +16,6 @@ [submodule "devel/nettle"] path = devel/nettle url = https://gitlab.com/gnutls/nettle.git +[submodule "devel/libtasn1"] + path = devel/libtasn1 + url = https://gitlab.com/gnutls/libtasn1.git diff --git a/.travis.yml b/.travis.yml index 026a05f26e..02f641b6a4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,6 +1,16 @@ os: - osx +osx_image: + # MacOS X 10.15.4 + - xcode11.5 + # MacOS X 10.14.6 + - xcode11.3 + # MacOS X 10.13 + - xcode10.1 + # MacOS X 10.13, Default + - xcode9.4 + language: c compiler: - clang @@ -10,6 +10,7 @@ See the end for copying conditions. ** API and ABI modifications: GNUTLS_CIPHER_AES_128_SIV: Added GNUTLS_CIPHER_AES_256_SIV: Added +GNUTLS_CIPHER_AES_192_GCM: Added gnutls_pkcs7_print_signature_info: Added * Version 3.6.13 (released 2020-03-31) diff --git a/bootstrap.conf b/bootstrap.conf index 3693846aaf..3abfe10464 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -23,12 +23,12 @@ gnulib_tool_option_extras="--with-tests --avoid=alignof-tests --avoid=lock-tests use_libtool=1 checkout_only_file= local_gl_dir=gl/override/ -required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle" +required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/tlsfuzzer tests/suite/tls-fuzzer/tlslite-ng devel/nettle devel/libtasn1" -# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca byteswap c-ctype extensions func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf verify vsnprintf warnings +# Reproduce by: gnulib-tool --import --local-dir=gl/override --lib=libgnu --source-base=gl --m4-base=gl/m4 --doc-base=doc --tests-base=gl/tests --aux-dir=build-aux --with-tests --avoid=alignof-tests --avoid=lock-tests --avoid=lseek-tests --lgpl=2 --no-conditional-dependencies --libtool --macro-prefix=gl --no-vc-files alloca attribute byteswap c-ctype extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash-pjw-bare havelib intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv snprintf stdint strcase strndup strtok_r strverscmp sys_socket sys_stat time_r unistd vasprintf verify vsnprintf warnings gnulib_modules=" -alloca byteswap c-ctype c-strcase extensions func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings +alloca attribute byteswap c-ctype c-strcase extensions fopen-gnu func gendocs getline gettext-h gettimeofday hash hash-pjw-bare havelib arpa_inet inet_ntop inet_pton intprops ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings memmem-simple minmax netdb netinet_in pmccabe2html read-file secure_getenv setsockopt snprintf stdint strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types time_r unistd valgrind-tests vasprintf verify vsnprintf warnings " unistring_modules=" @@ -104,4 +104,5 @@ bootstrap_post_import_hook () devel/import-ecc-from-nettle.sh devel/import-from-nettle.sh + devel/import-minitasn1.sh } diff --git a/configure.ac b/configure.ac index f4c2e04bde..99ffc0c6b4 100644 --- a/configure.ac +++ b/configure.ac @@ -111,6 +111,7 @@ AM_CONDITIONAL(ENABLE_CXX, test "$use_cxx" != "no") dnl Detect windows build use_accel=yes +have_vista_dynamic=yes case "$host" in *android*) have_android=yes @@ -119,6 +120,24 @@ case "$host" in *mingw32* | *mingw64*) have_win=yes AC_DEFINE([_UNICODE], [1], [Defined to 1 for Unicode (wide chars) APIs]) + LIB_CRYPT32="-lcrypt32" + AC_SUBST([LIB_CRYPT32]) + AC_PREPROC_IFELSE([AC_LANG_PROGRAM( + [[#include <windows.h> + #if defined(_WIN32_WINNT) && _WIN32_WINNT >= 0x0600 + # error Vista APIs allowed statically + #endif + ]],[[;]])],[have_vista_dynamic=yes],[have_vista_dynamic=no]) + AC_ARG_ENABLE(dyn_ncrypt, + AS_HELP_STRING([--enable-dyn-ncrypt], [use ncrypt dynamically]), + enable_dyn_ncrypt=$enableval, enable_dyn_ncrypt=$have_vista_dynamic + ) + if test "x$enable_dyn_ncrypt" = "xyes"; then + AC_DEFINE([DYN_NCRYPT], 1, [Dynamic use of ncrypt API (win32)]) + else + LIBNCRYPT="-lncrypt" + fi + AC_SUBST([LIBNCRYPT]) ;; *darwin*) have_macosx=yes @@ -128,7 +147,7 @@ case "$host" in dnl intended minimum runtime version. LDFLAGS="$LDFLAGS -Wl,-no_weak_imports" AC_MSG_CHECKING([whether the linker supports -Wl,-no_weak_imports]) - AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], + AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <sys/select.h>], [fd_set rfds; FD_ZERO(&rfds); FD_SET(0, &rfds);])], [AC_MSG_RESULT(yes)], [AC_MSG_RESULT(no); LDFLAGS="$save_LDFLAGS"]) ;; *solaris*) @@ -1108,7 +1127,6 @@ AC_DEFINE([GNUTLS_INTERNAL_BUILD], 1, [We allow temporarily usage of deprecated AC_DEFINE([fread_file], [_gnutls_fread_file], [static lib rename]) AC_DEFINE([read_file], [_gnutls_read_file], [static lib rename]) -AC_DEFINE([read_binary_file], [_gnutls_read_binary_file], [static lib rename]) dnl configuration options for config file parsing (inih) AC_DEFINE([INI_MAX_LINE], 2048, [inih maximum line size]) diff --git a/devel/import-minitasn1.sh b/devel/import-minitasn1.sh new file mode 100755 index 0000000000..d8b48daac8 --- /dev/null +++ b/devel/import-minitasn1.sh @@ -0,0 +1,67 @@ +#!/bin/sh + +# This script copies files from the libtasn1 upstream, with necessary +# adjustments for bundling in GnuTLS. + +set +e + +: ${srcdir=.} +SRC=$srcdir/devel/libtasn1/lib +DST=$srcdir/lib/minitasn1 + +IMPORTS=" +coding.c +decoding.c +element.c +element.h +errors.c +gstr.c +gstr.h +int.h +parser_aux.c +parser_aux.h +structure.c +structure.h +version.c +libtasn1.h +" + +test -d $DST || mkdir $DST + +ASN1_VERSION=`grep AC_INIT $SRC/../configure.ac | sed -e 's/.*\],\[\([^]]*\)\],\[.*/\1/g'` +ASN1_VERSION_MAJOR=`echo ${ASN1_VERSION} | cut -d . -f 1` +ASN1_VERSION_MINOR=`echo ${ASN1_VERSION} | cut -d . -f 2` +ASN1_VERSION_PATCH=`echo ${ASN1_VERSION} | cut -d . -f 3` +ASN1_VERSION_NUMBER=`printf '0x%02x%02x%02x' $ASN1_VERSION_MAJOR $ASN1_VERSION_MINOR $ASN1_VERSION_PATCH` + +for f in $IMPORTS; do + src=$SRC/$f + dst=$DST/$f + if test "$f" = "libtasn1.h"; then + src=$SRC/includes/$f.in + fi + if test -f $src; then + if test -f $dst; then + echo "Replacing $dst (existing file backed up in $dst~)" + mv $dst $dst~ + else + echo "Copying file $dst" + fi + cp $src $dst + case $dst in + */libtasn1.h) + sed \ + -e 's/@VERSION@/'${ASN1_VERSION}'/g' \ + -e 's/@ASN1_VERSION_MAJOR@/'${ASN1_VERSION_MAJOR}'/g' \ + -e 's/@ASN1_VERSION_MINOR@/'${ASN1_VERSION_MINOR}'/g' \ + -e 's/@ASN1_VERSION_PATCH@/'${ASN1_VERSION_PATCH}'/g' \ + -e 's/@ASN1_VERSION_NUMBER@/'${ASN1_VERSION_NUMBER}'/g' \ + $dst > $dst-t && \ + mv $dst-t $dst + ;; + esac + else + echo "Error: $src not found" 1>&2 + exit 1 + fi +done diff --git a/devel/libgnutls-latest-x86_64.abi b/devel/libgnutls-latest-x86_64.abi index 8e5e787950..4f8d92b32d 100644 --- a/devel/libgnutls-latest-x86_64.abi +++ b/devel/libgnutls-latest-x86_64.abi @@ -1518,6 +1518,7 @@ <enumerator name='GNUTLS_CIPHER_CHACHA20_32' value='36'/> <enumerator name='GNUTLS_CIPHER_AES_128_SIV' value='37'/> <enumerator name='GNUTLS_CIPHER_AES_256_SIV' value='38'/> + <enumerator name='GNUTLS_CIPHER_AES_192_GCM' value='39'/> <enumerator name='GNUTLS_CIPHER_IDEA_PGP_CFB' value='200'/> <enumerator name='GNUTLS_CIPHER_3DES_PGP_CFB' value='201'/> <enumerator name='GNUTLS_CIPHER_CAST5_PGP_CFB' value='202'/> diff --git a/devel/libtasn1 b/devel/libtasn1 new file mode 160000 +Subproject 78204593822b4c1a8e0ca87f57c48e5936b0fe2 diff --git a/doc/cha-internals.texi b/doc/cha-internals.texi index 2a9bc1a45b..f188caecc9 100644 --- a/doc/cha-internals.texi +++ b/doc/cha-internals.texi @@ -667,15 +667,29 @@ is for the conformance to NIST's FIPS140-2 publication, which consists of polici for cryptographic modules (such as software libraries). Its implementation in GnuTLS is designed for Red Hat Enterprise Linux, and can only be enabled when the library is explicitly compiled with the '--enable-fips140-mode' -configure option. The operation of the library is then modified, as follows. +configure option. + +There are two distinct library states with regard to FIPS140-2: the FIPS140-2 +mode is @emph{installed} if @code{/etc/system-fips} is present, and the +FIPS140-2 mode is @emph{enabled} if @code{/proc/sys/crypto/fips_enabled} +contains '1', which is typically set with the ``fips=1'' kernel command line +option. + +When the FIPS140-2 mode is installed, the operation of the library is modified +as follows. @itemize -@item FIPS140-2 mode is enabled when @code{/proc/sys/crypto/fips_enabled} contains '1' and @code{/etc/system-fips} is present. -@item Only approved by FIPS140-2 algorithms are enabled -@item Only approved by FIPS140-2 key lengths are allowed for key generation @item The random generator used switches to DRBG-AES @item The integrity of the GnuTLS and dependent libraries is checked on startup @item Algorithm self-tests are run on library load +@end itemize + +When the FIPS140-2 mode is enabled, The operation of the library is in addition +modified as follows. + +@itemize +@item Only approved by FIPS140-2 algorithms are enabled +@item Only approved by FIPS140-2 key lengths are allowed for key generation @item Any cryptographic operation will be refused if any of the self-tests failed @end itemize diff --git a/doc/examples/ex-ocsp-client.c b/doc/examples/ex-ocsp-client.c index 33eff67a6c..f0b56fffe2 100644 --- a/doc/examples/ex-ocsp-client.c +++ b/doc/examples/ex-ocsp-client.c @@ -183,7 +183,7 @@ static gnutls_x509_crt_t load_cert(const char *cert_file) if (ret < 0) exit(1); - data.data = (void *) read_binary_file(cert_file, &size); + data.data = (void *) read_file(cert_file, RF_BINARY, &size); data.size = size; if (!data.data) { diff --git a/doc/examples/ex-pkcs12.c b/doc/examples/ex-pkcs12.c index 7890518f94..0e2b64ee1c 100644 --- a/doc/examples/ex-pkcs12.c +++ b/doc/examples/ex-pkcs12.c @@ -28,7 +28,7 @@ write_pkcs12(const gnutls_datum_t * cert, gnutls_pkcs12_bag_t bag, key_bag; char pkcs12_struct[10 * 1024]; size_t pkcs12_struct_size; - FILE *fd; + FILE *fp; /* A good idea might be to use gnutls_x509_privkey_get_key_id() * to obtain a unique ID. @@ -116,13 +116,13 @@ write_pkcs12(const gnutls_datum_t * cert, return 1; } - fd = fopen(OUTFILE, "w"); - if (fd == NULL) { + fp = fopen(OUTFILE, "w"); + if (fp == NULL) { fprintf(stderr, "cannot open file\n"); return 1; } - fwrite(pkcs12_struct, 1, pkcs12_struct_size, fd); - fclose(fd); + fwrite(pkcs12_struct, 1, pkcs12_struct_size, fp); + fclose(fp); gnutls_pkcs12_bag_deinit(bag); gnutls_pkcs12_bag_deinit(key_bag); diff --git a/gnulib b/gnulib -Subproject 02c8a3da2c4462ecf78944af9f6fd2c986fa536 +Subproject fb64a78174042189f4d012cbd748d565f021cd6 diff --git a/lib/Makefile.am b/lib/Makefile.am index eddd1167a7..f55f298f7b 100644 --- a/lib/Makefile.am +++ b/lib/Makefile.am @@ -151,7 +151,7 @@ libgnutls_la_LIBADD = ../gl/libgnu.la x509/libgnutls_x509.la \ auth/libgnutls_auth.la algorithms/libgnutls_alg.la \ extras/libgnutls_extras.la thirdparty_libadd = $(LTLIBZ) $(LTLIBINTL) $(LIBSOCKET) $(LTLIBNSL) \ - $(P11_KIT_LIBS) $(LIB_SELECT) + $(P11_KIT_LIBS) $(LIB_SELECT) $(LIB_CRYPT32) if HAVE_LIBIDN2 thirdparty_libadd += $(LIBIDN2_LIBS) @@ -208,10 +208,6 @@ defexec_DATA = libgnutls-$(DLL_VERSION).def DISTCLEANFILES += $(defexec_DATA) endif -if WINDOWS -thirdparty_libadd += -lcrypt32 -endif - if MACOSX libgnutls_la_LDFLAGS += -framework Security -framework CoreFoundation endif diff --git a/lib/accelerated/aarch64/aarch64-common.c b/lib/accelerated/aarch64/aarch64-common.c index 38cff360b6..82cd8715fe 100644 --- a/lib/accelerated/aarch64/aarch64-common.c +++ b/lib/accelerated/aarch64/aarch64-common.c @@ -207,6 +207,14 @@ void _register_aarch64_crypto(unsigned capabilities) ret = gnutls_crypto_single_cipher_register + (GNUTLS_CIPHER_AES_192_GCM, 90, + &_gnutls_aes_gcm_aarch64, 0); + if (ret < 0) { + gnutls_assert(); + } + + ret = + gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM, 90, &_gnutls_aes_gcm_aarch64, 0); if (ret < 0) { diff --git a/lib/accelerated/aarch64/aes-gcm-aarch64.c b/lib/accelerated/aarch64/aes-gcm-aarch64.c index c88fe9759f..01f22136a6 100644 --- a/lib/accelerated/aarch64/aes-gcm-aarch64.c +++ b/lib/accelerated/aarch64/aes-gcm-aarch64.c @@ -83,6 +83,7 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_192_GCM && algorithm != GNUTLS_CIPHER_AES_256_GCM) return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/accelerated/cryptodev-gcm.c b/lib/accelerated/cryptodev-gcm.c index bd9f1a025d..876756094e 100644 --- a/lib/accelerated/cryptodev-gcm.c +++ b/lib/accelerated/cryptodev-gcm.c @@ -69,6 +69,7 @@ static void aes_gcm_deinit(void *_ctx) static const int cipher_map[] = { [GNUTLS_CIPHER_AES_128_GCM] = CRYPTO_AES_GCM, + [GNUTLS_CIPHER_AES_192_GCM] = CRYPTO_AES_GCM, [GNUTLS_CIPHER_AES_256_GCM] = CRYPTO_AES_GCM, }; diff --git a/lib/accelerated/x86/aes-gcm-x86-aesni.c b/lib/accelerated/x86/aes-gcm-x86-aesni.c index e5110ef528..6c1bb1f6fd 100644 --- a/lib/accelerated/x86/aes-gcm-x86-aesni.c +++ b/lib/accelerated/x86/aes-gcm-x86-aesni.c @@ -60,6 +60,14 @@ static void x86_aes128_set_encrypt_key(void *_ctx, aesni_set_encrypt_key(key, 16*8, ctx); } +static void x86_aes192_set_encrypt_key(void *_ctx, + const uint8_t * key) +{ + AES_KEY *ctx = _ctx; + + aesni_set_encrypt_key(key, 24*8, ctx); +} + static void x86_aes256_set_encrypt_key(void *_ctx, const uint8_t * key) { @@ -74,6 +82,7 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_192_GCM && algorithm != GNUTLS_CIPHER_AES_256_GCM) return GNUTLS_E_INVALID_REQUEST; @@ -94,6 +103,9 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t length) if (length == 16) { GCM_SET_KEY(ctx, x86_aes128_set_encrypt_key, x86_aes_encrypt, key); + } else if (length == 24) { + GCM_SET_KEY(ctx, x86_aes192_set_encrypt_key, x86_aes_encrypt, + key); } else if (length == 32) { GCM_SET_KEY(ctx, x86_aes256_set_encrypt_key, x86_aes_encrypt, key); diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c b/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c index 747a894921..3b4140acb2 100644 --- a/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c +++ b/lib/accelerated/x86/aes-gcm-x86-pclmul-avx.c @@ -81,6 +81,7 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_192_GCM && algorithm != GNUTLS_CIPHER_AES_256_GCM) return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/accelerated/x86/aes-gcm-x86-pclmul.c b/lib/accelerated/x86/aes-gcm-x86-pclmul.c index 2225b93376..dc1e68dfe8 100644 --- a/lib/accelerated/x86/aes-gcm-x86-pclmul.c +++ b/lib/accelerated/x86/aes-gcm-x86-pclmul.c @@ -81,6 +81,7 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_192_GCM && algorithm != GNUTLS_CIPHER_AES_256_GCM) return GNUTLS_E_INVALID_REQUEST; diff --git a/lib/accelerated/x86/aes-gcm-x86-ssse3.c b/lib/accelerated/x86/aes-gcm-x86-ssse3.c index 5580cc2214..f6b14681c9 100644 --- a/lib/accelerated/x86/aes-gcm-x86-ssse3.c +++ b/lib/accelerated/x86/aes-gcm-x86-ssse3.c @@ -69,6 +69,14 @@ static void x86_aes_128_set_encrypt_key(void *_ctx, vpaes_set_encrypt_key(key, 16*8, ctx); } +static void x86_aes_192_set_encrypt_key(void *_ctx, + const uint8_t * key) +{ + AES_KEY *ctx = _ctx; + + vpaes_set_encrypt_key(key, 24*8, ctx); +} + static void x86_aes_256_set_encrypt_key(void *_ctx, const uint8_t * key) { @@ -83,6 +91,7 @@ aes_gcm_cipher_init(gnutls_cipher_algorithm_t algorithm, void **_ctx, { /* we use key size to distinguish */ if (algorithm != GNUTLS_CIPHER_AES_128_GCM && + algorithm != GNUTLS_CIPHER_AES_192_GCM && algorithm != GNUTLS_CIPHER_AES_256_GCM) return GNUTLS_E_INVALID_REQUEST; @@ -103,6 +112,9 @@ aes_gcm_cipher_setkey(void *_ctx, const void *key, size_t keysize) if (keysize == 16) { GCM_SET_KEY(ctx, x86_aes_128_set_encrypt_key, x86_aes_encrypt, key); + } else if (keysize == 24) { + GCM_SET_KEY(ctx, x86_aes_192_set_encrypt_key, x86_aes_encrypt, + key); } else if (keysize == 32) { GCM_SET_KEY(ctx, x86_aes_256_set_encrypt_key, x86_aes_encrypt, key); diff --git a/lib/accelerated/x86/x86-common.c b/lib/accelerated/x86/x86-common.c index 459397c118..3845c6b4c9 100644 --- a/lib/accelerated/x86/x86-common.c +++ b/lib/accelerated/x86/x86-common.c @@ -562,6 +562,14 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_cipher_register + (GNUTLS_CIPHER_AES_192_GCM, 90, + &_gnutls_aes_gcm_x86_ssse3, 0); + if (ret < 0) { + gnutls_assert(); + } + + ret = + gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM, 90, &_gnutls_aes_gcm_x86_ssse3, 0); if (ret < 0) { @@ -755,6 +763,14 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_cipher_register + (GNUTLS_CIPHER_AES_192_GCM, 80, + &_gnutls_aes_gcm_pclmul_avx, 0); + if (ret < 0) { + gnutls_assert(); + } + + ret = + gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM, 80, &_gnutls_aes_gcm_pclmul_avx, 0); if (ret < 0) { @@ -773,6 +789,14 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_cipher_register + (GNUTLS_CIPHER_AES_192_GCM, 80, + &_gnutls_aes_gcm_pclmul, 0); + if (ret < 0) { + gnutls_assert(); + } + + ret = + gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM, 80, &_gnutls_aes_gcm_pclmul, 0); if (ret < 0) { @@ -792,6 +816,14 @@ void register_x86_intel_crypto(unsigned capabilities) ret = gnutls_crypto_single_cipher_register + (GNUTLS_CIPHER_AES_192_GCM, 80, + &_gnutls_aes_gcm_x86_aesni, 0); + if (ret < 0) { + gnutls_assert(); + } + + ret = + gnutls_crypto_single_cipher_register (GNUTLS_CIPHER_AES_256_GCM, 80, &_gnutls_aes_gcm_x86_aesni, 0); if (ret < 0) { diff --git a/lib/algorithms/ciphers.c b/lib/algorithms/ciphers.c index 59dc7ea7fb..d57c1d5dba 100644 --- a/lib/algorithms/ciphers.c +++ b/lib/algorithms/ciphers.c @@ -69,6 +69,15 @@ static const cipher_entry_st algorithms[] = { .explicit_iv = 8, .cipher_iv = 12, .tagsize = 16}, + { .name = "AES-192-GCM", + .id = GNUTLS_CIPHER_AES_192_GCM, + .blocksize = 16, + .keysize = 24, + .type = CIPHER_AEAD, + .implicit_iv = 4, + .explicit_iv = 8, + .cipher_iv = 12, + .tagsize = 16}, { .name = "AES-256-GCM", .id = GNUTLS_CIPHER_AES_256_GCM, .blocksize = 16, diff --git a/lib/auth/psk_passwd.c b/lib/auth/psk_passwd.c index a0427914f9..9a9d68c488 100644 --- a/lib/auth/psk_passwd.c +++ b/lib/auth/psk_passwd.c @@ -155,7 +155,7 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, gnutls_datum_t * psk) { gnutls_psk_server_credentials_t cred; - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; int ret; @@ -203,13 +203,13 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, /* Open the selected password file. */ - fd = fopen(cred->password_file, "r"); - if (fd == NULL) { + fp = fopen(cred->password_file, "re"); + if (fp == NULL) { gnutls_assert(); return GNUTLS_E_SRP_PWD_ERROR; } - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { if (username_matches(&username_datum, line, line_size)) { ret = pwd_put_values(psk, line); if (ret < 0) { @@ -231,8 +231,8 @@ _gnutls_psk_pwd_find_entry(gnutls_session_t session, ret = 0; cleanup: - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); zeroize_key(line, line_size); free(line); diff --git a/lib/auth/srp_passwd.c b/lib/auth/srp_passwd.c index baa4086e77..49039a66e7 100644 --- a/lib/auth/srp_passwd.c +++ b/lib/auth/srp_passwd.c @@ -193,7 +193,7 @@ static int parse_tpasswd_conf_values(SRP_PWD_ENTRY * entry, char *str) static int pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) { - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; unsigned i, len; @@ -202,14 +202,14 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) snprintf(indexstr, sizeof(indexstr), "%u", (unsigned int) idx); - fd = fopen(pconf_file, "r"); - if (fd == NULL) { + fp = fopen(pconf_file, "re"); + if (fp == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; } len = strlen(indexstr); - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != ':') @@ -234,7 +234,7 @@ pwd_read_conf(const char *pconf_file, SRP_PWD_ENTRY * entry, int idx) cleanup: zeroize_key(line, line_size); free(line); - fclose(fd); + fclose(fp); return ret; } @@ -244,7 +244,7 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, SRP_PWD_ENTRY ** _entry) { gnutls_srp_server_credentials_t cred; - FILE *fd = NULL; + FILE *fp = NULL; char *line = NULL; size_t line_size = 0; unsigned i, len; @@ -308,15 +308,15 @@ _gnutls_srp_pwd_read_entry(gnutls_session_t state, char *username, /* Open the selected password file. */ - fd = fopen(cred->password_file, "r"); - if (fd == NULL) { + fp = fopen(cred->password_file, "re"); + if (fp == NULL) { gnutls_assert(); ret = GNUTLS_E_SRP_PWD_ERROR; goto cleanup; } len = strlen(username); - while (getline(&line, &line_size, fd) > 0) { + while (getline(&line, &line_size, fp) > 0) { /* move to first ':' */ i = 0; while ((i < line_size) && (line[i] != '\0') @@ -372,8 +372,8 @@ found: zeroize_key(line, line_size); free(line); } - if (fd) - fclose(fd); + if (fp) + fclose(fp); return ret; } diff --git a/lib/cert-cred-rawpk.c b/lib/cert-cred-rawpk.c index cfa65eb318..56bc5f6584 100644 --- a/lib/cert-cred-rawpk.c +++ b/lib/cert-cred-rawpk.c @@ -239,8 +239,6 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, gnutls_privkey_t privkey; gnutls_pubkey_t pubkey; gnutls_pcert_st* pcert; - gnutls_datum_t rawpubkey = { NULL, 0 }; // to hold rawpk data from file - size_t key_size; gnutls_str_array_t str_names; unsigned int i; @@ -291,8 +289,13 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, } } else { + gnutls_datum_t rawpubkey; // to hold rawpk data from file + size_t key_size; + /* Read our raw public-key into memory from file */ - rawpubkey.data = (void*) read_binary_file(rawpkfile, &key_size); + rawpubkey.data = (void*) read_file(rawpkfile, + RF_BINARY | RF_SENSITIVE, + &key_size); if (rawpubkey.data == NULL) { gnutls_privkey_deinit(privkey); @@ -307,7 +310,9 @@ int gnutls_certificate_set_rawpk_key_file(gnutls_certificate_credentials_t cred, ret = gnutls_pcert_import_rawpk_raw(pcert, &rawpubkey, format, key_usage, 0); - _gnutls_free_datum(&rawpubkey); + zeroize_key(rawpubkey.data, rawpubkey.size); + free(rawpubkey.data); + rawpubkey.size = 0; if (ret < 0) { gnutls_privkey_deinit(privkey); diff --git a/lib/cert-cred-x509.c b/lib/cert-cred-x509.c index 4e86a59ba6..04aa3169b6 100644 --- a/lib/cert-cred-x509.c +++ b/lib/cert-cred-x509.c @@ -543,7 +543,7 @@ read_cert_file(gnutls_certificate_credentials_t res, return read_cert_url(res, key, certfile); } - data = read_binary_file(certfile, &size); + data = read_file(certfile, RF_BINARY, &size); if (data == NULL) { gnutls_assert(); @@ -588,7 +588,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res, (GNUTLS_E_UNIMPLEMENTED_FEATURE); } - data = read_binary_file(keyfile, &size); + data = read_file(keyfile, RF_BINARY | RF_SENSITIVE, &size); if (data == NULL) { gnutls_assert(); @@ -596,6 +596,7 @@ _gnutls_read_key_file(gnutls_certificate_credentials_t res, } ret = _gnutls_read_key_mem(res, data, size, type, pass, flags, rkey); + zeroize_key(data, size); free(data); return ret; @@ -1447,7 +1448,8 @@ int size_t size; int ret; - p12blob.data = (void *) read_binary_file(pkcs12file, &size); + p12blob.data = (void *) read_file(pkcs12file, RF_BINARY | RF_SENSITIVE, + &size); p12blob.size = (unsigned int) size; if (p12blob.data == NULL) { gnutls_assert(); @@ -1457,7 +1459,9 @@ int ret = gnutls_certificate_set_x509_simple_pkcs12_mem(res, &p12blob, type, password); + zeroize_key(p12blob.data, p12blob.size); free(p12blob.data); + p12blob.size = 0; return ret; } diff --git a/lib/crypto-selftests.c b/lib/crypto-selftests.c index f904b029b2..a589a7747c 100644 --- a/lib/crypto-selftests.c +++ b/lib/crypto-selftests.c @@ -141,6 +141,27 @@ const struct cipher_aead_vectors_st aes128_gcm_vectors[] = { "\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb\x94\xfa\xe9\x5a\xe7\x12\x1a\x47"} }; +const struct cipher_aead_vectors_st aes192_gcm_vectors[] = { + { + .compat_apis = 1, + STR(key, key_size, + "\xfe\xff\xe9\x92\x86\x65\x73\x1c\x6d\x6a\x8f\x94\x67\x30\x83\x08\xfe\xff\xe9\x92\x86\x65\x73\x1c"), + .auth = NULL, + .auth_size = 0, + STR(plaintext, plaintext_size, + "\xd9\x31\x32\x25\xf8\x84\x06\xe5\xa5\x59\x09\xc5\xaf\xf5\x26\x9a\x86\xa7\xa9\x53\x15\x34\xf7\xda\x2e\x4c\x30\x3d\x8a\x31\x8a\x72\x1c\x3c\x0c\x95\x95\x68\x09\x53\x2f\xcf\x0e\x24\x49\xa6\xb5\x25\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57\xba\x63\x7b\x39\x1a\xaf\xd2\x55"), + .ciphertext = + (uint8_t *) + "\x39\x80\xca\x0b\x3c\x00\xe8\x41\xeb\x06\xfa\xc4\x87\x2a\x27\x57\x85\x9e\x1c\xea\xa6\xef\xd9\x84\x62\x85\x93\xb4\x0c\xa1\xe1\x9c\x7d\x77\x3d\x00\xc1\x44\xc5\x25\xac\x61\x9d\x18\xc8\x4a\x3f\x47\x18\xe2\x44\x8b\x2f\xe3\x24\xd9\xcc\xda\x27\x10\xac\xad\xe2\x56", + STR(iv, iv_size, + "\xca\xfe\xba\xbe\xfa\xce\xdb\xad\xde\xca\xf8\x88"), + .tag_size = 16, + .tag = + (void *) + "\x99\x24\xa7\xc8\x58\x73\x36\xbf\xb1\x18\x02\x4d\xb8\x67\x4a\x14"}, + +}; + const struct cipher_aead_vectors_st aes256_gcm_vectors[] = { { .compat_apis = 1, @@ -1939,13 +1960,6 @@ static int test_mac(gnutls_mac_algorithm_t mac, return ret; \ } -#define FIPS_STARTUP_ONLY_TEST_CASE(x, func, vectors) case x: \ - if (_gnutls_fips_mode_enabled() != 1) { \ - ret = func(x, V(vectors), flags); \ - if (!(flags & GNUTLS_SELF_TEST_FLAG_ALL) || ret < 0) \ - return ret; \ - } - /*- * gnutls_cipher_self_test: * @flags: GNUTLS_SELF_TEST_FLAG flags @@ -1991,6 +2005,9 @@ int gnutls_cipher_self_test(unsigned flags, gnutls_cipher_algorithm_t cipher) CASE(GNUTLS_CIPHER_AES_128_GCM, test_cipher_aead, aes128_gcm_vectors); FALLTHROUGH; + CASE(GNUTLS_CIPHER_AES_192_GCM, test_cipher_aead, + aes192_gcm_vectors); + FALLTHROUGH; CASE(GNUTLS_CIPHER_AES_256_GCM, test_cipher_aead, aes256_gcm_vectors); FALLTHROUGH; @@ -2075,7 +2092,7 @@ int gnutls_mac_self_test(unsigned flags, gnutls_mac_algorithm_t mac) switch (mac) { case GNUTLS_MAC_UNKNOWN: - FIPS_STARTUP_ONLY_TEST_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); + NON_FIPS_CASE(GNUTLS_MAC_MD5, test_mac, hmac_md5_vectors); FALLTHROUGH; CASE(GNUTLS_MAC_SHA1, test_mac, hmac_sha1_vectors); FALLTHROUGH; @@ -2135,7 +2152,7 @@ int gnutls_digest_self_test(unsigned flags, gnutls_digest_algorithm_t digest) switch (digest) { case GNUTLS_DIG_UNKNOWN: - FIPS_STARTUP_ONLY_TEST_CASE(GNUTLS_DIG_MD5, test_digest, md5_vectors); + NON_FIPS_CASE(GNUTLS_DIG_MD5, test_digest, md5_vectors); FALLTHROUGH; CASE(GNUTLS_DIG_SHA1, test_digest, sha1_vectors); FALLTHROUGH; diff --git a/lib/datum.h b/lib/datum.h index 3d86a0dc72..35b9e3b97c 100644 --- a/lib/datum.h +++ b/lib/datum.h @@ -28,13 +28,13 @@ /* This will copy the provided data in @dat. If the provided data are * NULL or zero-size @dat will be NULL as well. */ -attr_warn_unused_result attr_nonnull((1)) +NODISCARD ATTRIBUTE_NONNULL((1)) int _gnutls_set_datum(gnutls_datum_t * dat, const void *data, size_t data_size); /* This will always return a non-NULL, and zero-terminated string in @dat. */ -attr_warn_unused_result attr_nonnull((1)) +NODISCARD ATTRIBUTE_NONNULL((1)) int _gnutls_set_strdatum(gnutls_datum_t * dat, const void *data, size_t data_size); @@ -48,7 +48,7 @@ void _gnutls_free_datum(gnutls_datum_t * dat) } } -inline static attr_nonnull_all +inline static ATTRIBUTE_NONNULL() void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) { if (dat->data != NULL) { @@ -59,7 +59,7 @@ void _gnutls_free_temp_key_datum(gnutls_datum_t * dat) dat->size = 0; } -inline static attr_nonnull_all +inline static ATTRIBUTE_NONNULL() void _gnutls_free_key_datum(gnutls_datum_t * dat) { if (dat->data != NULL) { diff --git a/lib/ext/session_ticket.c b/lib/ext/session_ticket.c index c854d9c2a9..8d4595821a 100644 --- a/lib/ext/session_ticket.c +++ b/lib/ext/session_ticket.c @@ -787,15 +787,17 @@ int _gnutls_recv_new_session_ticket(gnutls_session_t session) ret = GNUTLS_E_MEMORY_ERROR; goto error; } - priv->session_ticket = - gnutls_realloc_fast(priv->session_ticket, ticket_len); - if (!priv->session_ticket) { - gnutls_free(priv); - gnutls_assert(); - ret = GNUTLS_E_MEMORY_ERROR; - goto error; + if (ticket_len > 0) { + priv->session_ticket = + gnutls_realloc_fast(priv->session_ticket, ticket_len); + if (!priv->session_ticket) { + gnutls_free(priv); + gnutls_assert(); + ret = GNUTLS_E_MEMORY_ERROR; + goto error; + } + memcpy(priv->session_ticket, p, ticket_len); } - memcpy(priv->session_ticket, p, ticket_len); priv->session_ticket_len = ticket_len; epriv = priv; diff --git a/lib/file.c b/lib/file.c index cec1281bd1..3ded84913b 100644 --- a/lib/file.c +++ b/lib/file.c @@ -27,13 +27,13 @@ int _gnutls_file_exists(const char *file) { - FILE *fd; + FILE *fp; - fd = fopen(file, "r"); - if (fd == NULL) + fp = fopen(file, "re"); + if (fp == NULL) return -1; - fclose(fd); + fclose(fp); return 0; } @@ -46,6 +46,10 @@ int _gnutls_file_exists(const char *file) * zero terminated but the terminating null is not included in length. * The returned data are allocated using gnutls_malloc(). * + * Note that this function is not designed for reading sensitive materials, + * such as private keys, on practical applications. When the reading fails + * in the middle, the partially loaded content might remain on memory. + * * Returns: On success, %GNUTLS_E_SUCCESS (0) is returned, otherwise * an error code is returned. * @@ -55,7 +59,7 @@ int gnutls_load_file(const char *filename, gnutls_datum_t * data) { size_t len; - data->data = (void *) read_binary_file(filename, &len); + data->data = (void *) read_file(filename, RF_BINARY, &len); if (data->data == NULL) return GNUTLS_E_FILE_ERROR; diff --git a/lib/fips.c b/lib/fips.c index 3c43250aaf..acdd2ec23e 100644 --- a/lib/fips.c +++ b/lib/fips.c @@ -93,7 +93,7 @@ unsigned _gnutls_fips_mode_enabled(void) goto exit; } - fd = fopen(FIPS_KERNEL_FILE, "r"); + fd = fopen(FIPS_KERNEL_FILE, "re"); if (fd != NULL) { f1p = fgetc(fd); fclose(fd); @@ -102,14 +102,13 @@ unsigned _gnutls_fips_mode_enabled(void) else f1p = 0; } - f2p = !access(FIPS_SYSTEM_FILE, F_OK); - - if (f1p != 0 && f2p != 0) { + if (f1p != 0) { _gnutls_debug_log("FIPS140-2 mode enabled\n"); ret = GNUTLS_FIPS140_STRICT; goto exit; } + f2p = !access(FIPS_SYSTEM_FILE, F_OK); if (f2p != 0) { /* a funny state where self tests are performed * and ignored */ diff --git a/lib/fips.h b/lib/fips.h index 1464c9595b..f76f24da75 100644 --- a/lib/fips.h +++ b/lib/fips.h @@ -138,6 +138,7 @@ static unsigned is_cipher_algo_forbidden(gnutls_cipher_algorithm_t algo) case GNUTLS_CIPHER_AES_256_CBC: case GNUTLS_CIPHER_AES_192_CBC: case GNUTLS_CIPHER_AES_128_GCM: + case GNUTLS_CIPHER_AES_192_GCM: case GNUTLS_CIPHER_AES_256_GCM: case GNUTLS_CIPHER_AES_128_CCM: case GNUTLS_CIPHER_AES_256_CCM: diff --git a/lib/gnutls.pc.in b/lib/gnutls.pc.in index 4b6b5578f5..15d3ab057c 100644 --- a/lib/gnutls.pc.in +++ b/lib/gnutls.pc.in @@ -19,6 +19,6 @@ Description: Transport Security Layer implementation for the GNU system URL: https://www.gnutls.org/ Version: @VERSION@ Libs: -L${libdir} -lgnutls -Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ +Libs.private: @LIBINTL@ @LIBSOCKET@ @INET_PTON_LIB@ @LIBPTHREAD@ @LIB_SELECT@ @TSS_LIBS@ @GMP_LIBS@ @LIBUNISTRING@ @LIBATOMIC_LIBS@ @LIB_CRYPT32@ @LIBNCRYPT@ @GNUTLS_REQUIRES_PRIVATE@ Cflags: -I${includedir} diff --git a/lib/gnutls_int.h b/lib/gnutls_int.h index 9959c82202..4db7a2534d 100644 --- a/lib/gnutls_int.h +++ b/lib/gnutls_int.h @@ -55,6 +55,8 @@ typedef int ssize_t; #include <nettle/memxor.h> +#include "attribute.h" + #define ENABLE_ALIGN16 #ifdef __clang_major @@ -76,26 +78,6 @@ typedef int ssize_t; # define unlikely #endif -#if _GNUTLS_GCC_VERSION >= 30300 -# define attr_nonnull_all __attribute__ ((nonnull)) -# define attr_nonnull(a) __attribute__ ((nonnull a)) -#else -# define attr_nonnull_all -# define attr_nonnull(a) -#endif - -#if _GNUTLS_GCC_VERSION >= 30400 && (_GNUTLS_CLANG_VERSION == 0 || _GNUTLS_CLANG_VERSION >= 40000) -# define attr_warn_unused_result __attribute__((warn_unused_result)) -#else -# define attr_warn_unused_result -#endif - -#if _GNUTLS_GCC_VERSION >= 70100 -# define FALLTHROUGH __attribute__ ((fallthrough)) -#else -# define FALLTHROUGH -#endif - #include <gnutls/gnutls.h> #include <gnutls/dtls.h> #include <gnutls/abstract.h> diff --git a/lib/includes/gnutls/gnutls.h.in b/lib/includes/gnutls/gnutls.h.in index 7d9870996a..264da238a0 100644 --- a/lib/includes/gnutls/gnutls.h.in +++ b/lib/includes/gnutls/gnutls.h.in @@ -143,6 +143,7 @@ extern "C" { * the AEAD interface, and the IV plays a role as * the authentication tag while it is prepended to * the cipher text. + * @GNUTLS_CIPHER_AES_192_GCM: AES in GCM mode with 192-bit keys (AEAD). * * Enumeration of different symmetric encryption algorithms. */ @@ -186,6 +187,7 @@ typedef enum gnutls_cipher_algorithm { GNUTLS_CIPHER_CHACHA20_32 = 36, GNUTLS_CIPHER_AES_128_SIV = 37, GNUTLS_CIPHER_AES_256_SIV = 38, + GNUTLS_CIPHER_AES_192_GCM = 39, /* used only for PGP internals. Ignored in TLS/SSL */ @@ -143,7 +143,7 @@ void _gnutls_nss_keylog_write(gnutls_session_t session, checked_env = 1; keylogfile = secure_getenv("SSLKEYLOGFILE"); if (keylogfile != NULL) - keylog = fopen(keylogfile, "a"); + keylog = fopen(keylogfile, "ae"); } if (keylog) { diff --git a/lib/minitasn1/.gitignore b/lib/minitasn1/.gitignore new file mode 100644 index 0000000000..68359a7869 --- /dev/null +++ b/lib/minitasn1/.gitignore @@ -0,0 +1,2 @@ +*.c +*.h diff --git a/lib/minitasn1/Makefile.am b/lib/minitasn1/Makefile.am index 9b6769746d..054de9e3d3 100644 --- a/lib/minitasn1/Makefile.am +++ b/lib/minitasn1/Makefile.am @@ -27,6 +27,10 @@ AM_CPPFLAGS = -DASN1_BUILDING \ -I$(builddir)/../../gl \ -I$(srcdir)/.. +# Too many warnings from gnulib macros +WARN_CFLAGS += \ + -Wno-type-limits + noinst_LTLIBRARIES = libminitasn1.la libminitasn1_la_SOURCES = libtasn1.h gstr.h int.h parser_aux.h \ diff --git a/lib/minitasn1/coding.c b/lib/minitasn1/coding.c deleted file mode 100644 index 7141df7b4e..0000000000 --- a/lib/minitasn1/coding.c +++ /dev/null @@ -1,1347 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - - -/*****************************************************/ -/* File: coding.c */ -/* Description: Functions to create a DER coding of */ -/* an ASN1 type. */ -/*****************************************************/ - -#include <int.h> -#include "parser_aux.h" -#include <gstr.h> -#include "element.h" -#include "minmax.h" -#include <structure.h> - -#define MAX_TAG_LEN 16 - -/******************************************************/ -/* Function : _asn1_error_description_value_not_found */ -/* Description: creates the ErrorDescription string */ -/* for the ASN1_VALUE_NOT_FOUND error. */ -/* Parameters: */ -/* node: node of the tree where the value is NULL. */ -/* ErrorDescription: string returned. */ -/* Return: */ -/******************************************************/ -static void -_asn1_error_description_value_not_found (asn1_node node, - char *ErrorDescription) -{ - - if (ErrorDescription == NULL) - return; - - Estrcpy (ErrorDescription, ":: value of element '"); - _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription), - ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40); - Estrcat (ErrorDescription, "' not found"); - -} - -/** - * asn1_length_der: - * @len: value to convert. - * @der: buffer to hold the returned encoding (may be %NULL). - * @der_len: number of meaningful bytes of ANS (der[0]..der[der_len-1]). - * - * Creates the DER encoding of the provided length value. - * The @der buffer must have enough room for the output. The maximum - * length this function will encode is %ASN1_MAX_LENGTH_SIZE. - * - * To know the size of the DER encoding use a %NULL value for @der. - **/ -void -asn1_length_der (unsigned long int len, unsigned char *der, int *der_len) -{ - int k; - unsigned char temp[ASN1_MAX_LENGTH_SIZE]; -#if SIZEOF_UNSIGNED_LONG_INT > 8 - len &= 0xFFFFFFFFFFFFFFFF; -#endif - - if (len < 128) - { - /* short form */ - if (der != NULL) - der[0] = (unsigned char) len; - *der_len = 1; - } - else - { - /* Long form */ - k = 0; - while (len) - { - temp[k++] = len & 0xFF; - len = len >> 8; - } - *der_len = k + 1; - if (der != NULL) - { - der[0] = ((unsigned char) k & 0x7F) + 128; - while (k--) - der[*der_len - 1 - k] = temp[k]; - } - } -} - -/******************************************************/ -/* Function : _asn1_tag_der */ -/* Description: creates the DER coding for the CLASS */ -/* and TAG parameters. */ -/* It is limited by the ASN1_MAX_TAG_SIZE variable */ -/* Parameters: */ -/* class: value to convert. */ -/* tag_value: value to convert. */ -/* ans: string returned. */ -/* ans_len: number of meaningful bytes of ANS */ -/* (ans[0]..ans[ans_len-1]). */ -/* Return: */ -/******************************************************/ -static void -_asn1_tag_der (unsigned char class, unsigned int tag_value, - unsigned char *ans, int *ans_len) -{ - int k; - unsigned char temp[ASN1_MAX_TAG_SIZE]; - - if (tag_value < 31) - { - /* short form */ - ans[0] = (class & 0xE0) + ((unsigned char) (tag_value & 0x1F)); - *ans_len = 1; - } - else - { - /* Long form */ - ans[0] = (class & 0xE0) + 31; - k = 0; - while (tag_value != 0) - { - temp[k++] = tag_value & 0x7F; - tag_value >>= 7; - - if (k > ASN1_MAX_TAG_SIZE - 1) - break; /* will not encode larger tags */ - } - *ans_len = k + 1; - while (k--) - ans[*ans_len - 1 - k] = temp[k] + 128; - ans[*ans_len - 1] -= 128; - } -} - -/** - * asn1_octet_der: - * @str: the input data. - * @str_len: STR length (str[0]..str[*str_len-1]). - * @der: encoded string returned. - * @der_len: number of meaningful bytes of DER (der[0]..der[der_len-1]). - * - * Creates a length-value DER encoding for the input data. - * The DER encoding of the input data will be placed in the @der variable. - * - * Note that the OCTET STRING tag is not included in the output. - * - * This function does not return any value because it is expected - * that @der_len will contain enough bytes to store the string - * plus the DER encoding. The DER encoding size can be obtained using - * asn1_length_der(). - **/ -void -asn1_octet_der (const unsigned char *str, int str_len, - unsigned char *der, int *der_len) -{ - int len_len; - - if (der == NULL || str_len < 0) - return; - - asn1_length_der (str_len, der, &len_len); - memcpy (der + len_len, str, str_len); - *der_len = str_len + len_len; -} - - -/** - * asn1_encode_simple_der: - * @etype: The type of the string to be encoded (ASN1_ETYPE_) - * @str: the string data. - * @str_len: the string length - * @tl: the encoded tag and length - * @tl_len: the bytes of the @tl field - * - * Creates the DER encoding for various simple ASN.1 types like strings etc. - * It stores the tag and length in @tl, which should have space for at least - * %ASN1_MAX_TL_SIZE bytes. Initially @tl_len should contain the size of @tl. - * - * The complete DER encoding should consist of the value in @tl appended - * with the provided @str. - * - * Returns: %ASN1_SUCCESS if successful or an error value. - **/ -int -asn1_encode_simple_der (unsigned int etype, const unsigned char *str, - unsigned int str_len, unsigned char *tl, - unsigned int *tl_len) -{ - int tag_len, len_len; - unsigned tlen; - unsigned char der_tag[ASN1_MAX_TAG_SIZE]; - unsigned char der_length[ASN1_MAX_LENGTH_SIZE]; - unsigned char *p; - - if (str == NULL) - return ASN1_VALUE_NOT_VALID; - - if (ETYPE_OK (etype) == 0) - return ASN1_VALUE_NOT_VALID; - - /* doesn't handle constructed classes */ - if (ETYPE_CLASS (etype) != ASN1_CLASS_UNIVERSAL) - return ASN1_VALUE_NOT_VALID; - - _asn1_tag_der (ETYPE_CLASS (etype), ETYPE_TAG (etype), der_tag, &tag_len); - - asn1_length_der (str_len, der_length, &len_len); - - if (tag_len <= 0 || len_len <= 0) - return ASN1_VALUE_NOT_VALID; - - tlen = tag_len + len_len; - - if (*tl_len < tlen) - return ASN1_MEM_ERROR; - - p = tl; - memcpy (p, der_tag, tag_len); - p += tag_len; - memcpy (p, der_length, len_len); - - *tl_len = tlen; - - return ASN1_SUCCESS; -} - -/******************************************************/ -/* Function : _asn1_time_der */ -/* Description: creates the DER coding for a TIME */ -/* type (length included). */ -/* Parameters: */ -/* str: TIME null-terminated string. */ -/* der: string returned. */ -/* der_len: number of meaningful bytes of DER */ -/* (der[0]..der[ans_len-1]). Initially it */ -/* if must store the lenght of DER. */ -/* Return: */ -/* ASN1_MEM_ERROR when DER isn't big enough */ -/* ASN1_SUCCESS otherwise */ -/******************************************************/ -static int -_asn1_time_der (unsigned char *str, int str_len, unsigned char *der, - int *der_len) -{ - int len_len; - int max_len; - - max_len = *der_len; - - asn1_length_der (str_len, (max_len > 0) ? der : NULL, &len_len); - - if ((len_len + str_len) <= max_len) - memcpy (der + len_len, str, str_len); - *der_len = len_len + str_len; - - if ((*der_len) > max_len) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - - -/* -void -_asn1_get_utctime_der(unsigned char *der,int *der_len,unsigned char *str) -{ - int len_len,str_len; - char temp[20]; - - if(str==NULL) return; - str_len=asn1_get_length_der(der,*der_len,&len_len); - if (str_len<0) return; - memcpy(temp,der+len_len,str_len); - *der_len=str_len+len_len; - switch(str_len){ - case 11: - temp[10]=0; - strcat(temp,"00+0000"); - break; - case 13: - temp[12]=0; - strcat(temp,"+0000"); - break; - case 15: - temp[15]=0; - memmove(temp+12,temp+10,6); - temp[10]=temp[11]='0'; - break; - case 17: - temp[17]=0; - break; - default: - return; - } - strcpy(str,temp); -} -*/ - -/******************************************************/ -/* Function : _asn1_objectid_der */ -/* Description: creates the DER coding for an */ -/* OBJECT IDENTIFIER type (length included). */ -/* Parameters: */ -/* str: OBJECT IDENTIFIER null-terminated string. */ -/* der: string returned. */ -/* der_len: number of meaningful bytes of DER */ -/* (der[0]..der[ans_len-1]). Initially it */ -/* must store the length of DER. */ -/* Return: */ -/* ASN1_MEM_ERROR when DER isn't big enough */ -/* ASN1_SUCCESS if succesful */ -/* or an error value. */ -/******************************************************/ -static int -_asn1_objectid_der (unsigned char *str, unsigned char *der, int *der_len) -{ - int len_len, counter, k, first, max_len; - char *temp, *n_end, *n_start; - unsigned char bit7; - uint64_t val, val1 = 0; - int str_len = _asn1_strlen (str); - - max_len = *der_len; - - temp = malloc (str_len + 2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - memcpy (temp, str, str_len); - temp[str_len] = '.'; - temp[str_len + 1] = 0; - - counter = 0; - n_start = temp; - while ((n_end = strchr (n_start, '.'))) - { - *n_end = 0; - val = _asn1_strtou64 (n_start, NULL, 10); - counter++; - - if (counter == 1) - val1 = val; - else if (counter == 2) - { - if (max_len > 0) - der[0] = 40 * val1 + val; - *der_len = 1; - } - else - { - first = 0; - for (k = sizeof(val); k >= 0; k--) - { - bit7 = (val >> (k * 7)) & 0x7F; - if (bit7 || first || !k) - { - if (k) - bit7 |= 0x80; - if (max_len > (*der_len)) - der[*der_len] = bit7; - (*der_len)++; - first = 1; - } - } - - } - n_start = n_end + 1; - } - - asn1_length_der (*der_len, NULL, &len_len); - if (max_len >= (*der_len + len_len)) - { - memmove (der + len_len, der, *der_len); - asn1_length_der (*der_len, der, &len_len); - } - *der_len += len_len; - - free (temp); - - if (max_len < (*der_len)) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - - -static const unsigned char bit_mask[] = - { 0xFF, 0xFE, 0xFC, 0xF8, 0xF0, 0xE0, 0xC0, 0x80 }; - -/** - * asn1_bit_der: - * @str: BIT string. - * @bit_len: number of meaningful bits in STR. - * @der: string returned. - * @der_len: number of meaningful bytes of DER - * (der[0]..der[ans_len-1]). - * - * Creates a length-value DER encoding for the input data - * as it would have been for a BIT STRING. - * The DER encoded data will be copied in @der. - * - * Note that the BIT STRING tag is not included in the output. - * - * This function does not return any value because it is expected - * that @der_len will contain enough bytes to store the string - * plus the DER encoding. The DER encoding size can be obtained using - * asn1_length_der(). - **/ -void -asn1_bit_der (const unsigned char *str, int bit_len, - unsigned char *der, int *der_len) -{ - int len_len, len_byte, len_pad; - - if (der == NULL) - return; - - len_byte = bit_len >> 3; - len_pad = 8 - (bit_len & 7); - if (len_pad == 8) - len_pad = 0; - else - len_byte++; - asn1_length_der (len_byte + 1, der, &len_len); - der[len_len] = len_pad; - - if (str) - memcpy (der + len_len + 1, str, len_byte); - der[len_len + len_byte] &= bit_mask[len_pad]; - *der_len = len_byte + len_len + 1; -} - - -/******************************************************/ -/* Function : _asn1_complete_explicit_tag */ -/* Description: add the length coding to the EXPLICIT */ -/* tags. */ -/* Parameters: */ -/* node: pointer to the tree element. */ -/* der: string with the DER coding of the whole tree*/ -/* counter: number of meaningful bytes of DER */ -/* (der[0]..der[*counter-1]). */ -/* max_len: size of der vector */ -/* Return: */ -/* ASN1_MEM_ERROR if der vector isn't big enough, */ -/* otherwise ASN1_SUCCESS. */ -/******************************************************/ -static int -_asn1_complete_explicit_tag (asn1_node node, unsigned char *der, - int *counter, int *max_len) -{ - asn1_node p; - int is_tag_implicit, len2, len3; - unsigned char temp[SIZEOF_UNSIGNED_INT]; - - is_tag_implicit = 0; - - if (node->type & CONST_TAG) - { - p = node->down; - if (p == NULL) - return ASN1_DER_ERROR; - /* When there are nested tags we must complete them reverse to - the order they were created. This is because completing a tag - modifies all data within it, including the incomplete tags - which store buffer positions -- simon@josefsson.org 2002-09-06 - */ - while (p->right) - p = p->right; - while (p && p != node->down->left) - { - if (type_field (p->type) == ASN1_ETYPE_TAG) - { - if (p->type & CONST_EXPLICIT) - { - len2 = strtol (p->name, NULL, 10); - _asn1_set_name (p, NULL); - - asn1_length_der (*counter - len2, temp, &len3); - if (len3 <= (*max_len)) - { - memmove (der + len2 + len3, der + len2, - *counter - len2); - memcpy (der + len2, temp, len3); - } - *max_len -= len3; - *counter += len3; - is_tag_implicit = 0; - } - else - { /* CONST_IMPLICIT */ - if (!is_tag_implicit) - { - is_tag_implicit = 1; - } - } - } - p = p->left; - } - } - - if (*max_len < 0) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - -const tag_and_class_st _asn1_tags[] = { - [ASN1_ETYPE_GENERALSTRING] = - {ASN1_TAG_GENERALSTRING, ASN1_CLASS_UNIVERSAL, "type:GENERALSTRING"}, - [ASN1_ETYPE_NUMERIC_STRING] = - {ASN1_TAG_NUMERIC_STRING, ASN1_CLASS_UNIVERSAL, "type:NUMERIC_STR"}, - [ASN1_ETYPE_IA5_STRING] = - {ASN1_TAG_IA5_STRING, ASN1_CLASS_UNIVERSAL, "type:IA5_STR"}, - [ASN1_ETYPE_TELETEX_STRING] = - {ASN1_TAG_TELETEX_STRING, ASN1_CLASS_UNIVERSAL, "type:TELETEX_STR"}, - [ASN1_ETYPE_PRINTABLE_STRING] = - {ASN1_TAG_PRINTABLE_STRING, ASN1_CLASS_UNIVERSAL, "type:PRINTABLE_STR"}, - [ASN1_ETYPE_UNIVERSAL_STRING] = - {ASN1_TAG_UNIVERSAL_STRING, ASN1_CLASS_UNIVERSAL, "type:UNIVERSAL_STR"}, - [ASN1_ETYPE_BMP_STRING] = - {ASN1_TAG_BMP_STRING, ASN1_CLASS_UNIVERSAL, "type:BMP_STR"}, - [ASN1_ETYPE_UTF8_STRING] = - {ASN1_TAG_UTF8_STRING, ASN1_CLASS_UNIVERSAL, "type:UTF8_STR"}, - [ASN1_ETYPE_VISIBLE_STRING] = - {ASN1_TAG_VISIBLE_STRING, ASN1_CLASS_UNIVERSAL, "type:VISIBLE_STR"}, - [ASN1_ETYPE_OCTET_STRING] = - {ASN1_TAG_OCTET_STRING, ASN1_CLASS_UNIVERSAL, "type:OCT_STR"}, - [ASN1_ETYPE_BIT_STRING] = - {ASN1_TAG_BIT_STRING, ASN1_CLASS_UNIVERSAL, "type:BIT_STR"}, - [ASN1_ETYPE_OBJECT_ID] = - {ASN1_TAG_OBJECT_ID, ASN1_CLASS_UNIVERSAL, "type:OBJ_ID"}, - [ASN1_ETYPE_NULL] = {ASN1_TAG_NULL, ASN1_CLASS_UNIVERSAL, "type:NULL"}, - [ASN1_ETYPE_BOOLEAN] = - {ASN1_TAG_BOOLEAN, ASN1_CLASS_UNIVERSAL, "type:BOOLEAN"}, - [ASN1_ETYPE_INTEGER] = - {ASN1_TAG_INTEGER, ASN1_CLASS_UNIVERSAL, "type:INTEGER"}, - [ASN1_ETYPE_ENUMERATED] = - {ASN1_TAG_ENUMERATED, ASN1_CLASS_UNIVERSAL, "type:ENUMERATED"}, - [ASN1_ETYPE_SEQUENCE] = - {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, - "type:SEQUENCE"}, - [ASN1_ETYPE_SEQUENCE_OF] = - {ASN1_TAG_SEQUENCE, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, - "type:SEQ_OF"}, - [ASN1_ETYPE_SET] = - {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, "type:SET"}, - [ASN1_ETYPE_SET_OF] = - {ASN1_TAG_SET, ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED, - "type:SET_OF"}, - [ASN1_ETYPE_GENERALIZED_TIME] = - {ASN1_TAG_GENERALIZEDTime, ASN1_CLASS_UNIVERSAL, "type:GENERALIZED_TIME"}, - [ASN1_ETYPE_UTC_TIME] = - {ASN1_TAG_UTCTime, ASN1_CLASS_UNIVERSAL, "type:UTC_TIME"}, -}; - -unsigned int _asn1_tags_size = sizeof (_asn1_tags) / sizeof (_asn1_tags[0]); - -/******************************************************/ -/* Function : _asn1_insert_tag_der */ -/* Description: creates the DER coding of tags of one */ -/* NODE. */ -/* Parameters: */ -/* node: pointer to the tree element. */ -/* der: string returned */ -/* counter: number of meaningful bytes of DER */ -/* (counter[0]..der[*counter-1]). */ -/* max_len: size of der vector */ -/* Return: */ -/* ASN1_GENERIC_ERROR if the type is unknown, */ -/* ASN1_MEM_ERROR if der vector isn't big enough, */ -/* otherwise ASN1_SUCCESS. */ -/******************************************************/ -static int -_asn1_insert_tag_der (asn1_node node, unsigned char *der, int *counter, - int *max_len) -{ - asn1_node p; - int tag_len, is_tag_implicit; - unsigned char class, class_implicit = 0, temp[MAX(SIZEOF_UNSIGNED_INT * 3 + 1, LTOSTR_MAX_SIZE)]; - unsigned long tag_implicit = 0; - unsigned char tag_der[MAX_TAG_LEN]; - - is_tag_implicit = 0; - - if (node->type & CONST_TAG) - { - p = node->down; - while (p) - { - if (type_field (p->type) == ASN1_ETYPE_TAG) - { - if (p->type & CONST_APPLICATION) - class = ASN1_CLASS_APPLICATION; - else if (p->type & CONST_UNIVERSAL) - class = ASN1_CLASS_UNIVERSAL; - else if (p->type & CONST_PRIVATE) - class = ASN1_CLASS_PRIVATE; - else - class = ASN1_CLASS_CONTEXT_SPECIFIC; - - if (p->type & CONST_EXPLICIT) - { - if (is_tag_implicit) - _asn1_tag_der (class_implicit, tag_implicit, tag_der, - &tag_len); - else - _asn1_tag_der (class | ASN1_CLASS_STRUCTURED, - _asn1_strtoul (p->value, NULL, 10), - tag_der, &tag_len); - - *max_len -= tag_len; - if (der && *max_len >= 0) - memcpy (der + *counter, tag_der, tag_len); - *counter += tag_len; - - _asn1_ltostr (*counter, (char *) temp); - _asn1_set_name (p, (const char *) temp); - - is_tag_implicit = 0; - } - else - { /* CONST_IMPLICIT */ - if (!is_tag_implicit) - { - if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) || - (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) - || (type_field (node->type) == ASN1_ETYPE_SET) - || (type_field (node->type) == ASN1_ETYPE_SET_OF)) - class |= ASN1_CLASS_STRUCTURED; - class_implicit = class; - tag_implicit = _asn1_strtoul (p->value, NULL, 10); - is_tag_implicit = 1; - } - } - } - p = p->right; - } - } - - if (is_tag_implicit) - { - _asn1_tag_der (class_implicit, tag_implicit, tag_der, &tag_len); - } - else - { - unsigned type = type_field (node->type); - switch (type) - { - CASE_HANDLED_ETYPES: - _asn1_tag_der (_asn1_tags[type].class, _asn1_tags[type].tag, - tag_der, &tag_len); - break; - case ASN1_ETYPE_TAG: - case ASN1_ETYPE_CHOICE: - case ASN1_ETYPE_ANY: - tag_len = 0; - break; - default: - return ASN1_GENERIC_ERROR; - } - } - - *max_len -= tag_len; - if (der && *max_len >= 0) - memcpy (der + *counter, tag_der, tag_len); - *counter += tag_len; - - if (*max_len < 0) - return ASN1_MEM_ERROR; - - return ASN1_SUCCESS; -} - -/******************************************************/ -/* Function : _asn1_ordering_set */ -/* Description: puts the elements of a SET type in */ -/* the correct order according to DER rules. */ -/* Parameters: */ -/* der: string with the DER coding. */ -/* node: pointer to the SET element. */ -/* Return: */ -/* ASN1_SUCCESS if successful */ -/* or an error value. */ -/******************************************************/ -static int -_asn1_ordering_set (unsigned char *der, int der_len, asn1_node node) -{ - struct vet - { - int end; - unsigned long value; - struct vet *next, *prev; - }; - - int counter, len, len2; - struct vet *first, *last, *p_vet, *p2_vet; - asn1_node p; - unsigned char class, *temp; - unsigned long tag, t; - int err; - - counter = 0; - - if (type_field (node->type) != ASN1_ETYPE_SET) - return ASN1_VALUE_NOT_VALID; - - p = node->down; - while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) || - (type_field (p->type) == ASN1_ETYPE_SIZE))) - p = p->right; - - if ((p == NULL) || (p->right == NULL)) - return ASN1_SUCCESS; - - first = last = NULL; - while (p) - { - p_vet = malloc (sizeof (struct vet)); - if (p_vet == NULL) - { - err = ASN1_MEM_ALLOC_ERROR; - goto error; - } - - p_vet->next = NULL; - p_vet->prev = last; - if (first == NULL) - first = p_vet; - else - last->next = p_vet; - last = p_vet; - - /* tag value calculation */ - err = asn1_get_tag_der (der + counter, der_len - counter, &class, &len2, - &tag); - if (err != ASN1_SUCCESS) - goto error; - - t = ((unsigned int)class) << 24; - p_vet->value = t | tag; - counter += len2; - - /* extraction and length */ - len2 = asn1_get_length_der (der + counter, der_len - counter, &len); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - counter += len + len2; - - p_vet->end = counter; - p = p->right; - } - - p_vet = first; - - while (p_vet) - { - p2_vet = p_vet->next; - counter = 0; - while (p2_vet) - { - if (p_vet->value > p2_vet->value) - { - /* change position */ - temp = malloc (p_vet->end - counter); - if (temp == NULL) - { - err = ASN1_MEM_ALLOC_ERROR; - goto error; - } - - memcpy (temp, der + counter, p_vet->end - counter); - memcpy (der + counter, der + p_vet->end, - p2_vet->end - p_vet->end); - memcpy (der + counter + p2_vet->end - p_vet->end, temp, - p_vet->end - counter); - free (temp); - - tag = p_vet->value; - p_vet->value = p2_vet->value; - p2_vet->value = tag; - - p_vet->end = counter + (p2_vet->end - p_vet->end); - } - counter = p_vet->end; - - p2_vet = p2_vet->next; - p_vet = p_vet->next; - } - - if (p_vet != first) - p_vet->prev->next = NULL; - else - first = NULL; - free (p_vet); - p_vet = first; - } - return ASN1_SUCCESS; - -error: - while (first != NULL) - { - p_vet = first; - first = first->next; - free(p_vet); - } - return err; -} - -/******************************************************/ -/* Function : _asn1_ordering_set_of */ -/* Description: puts the elements of a SET OF type in */ -/* the correct order according to DER rules. */ -/* Parameters: */ -/* der: string with the DER coding. */ -/* node: pointer to the SET OF element. */ -/* Return: */ -/* ASN1_SUCCESS if successful */ -/* or an error value. */ -/******************************************************/ -static int -_asn1_ordering_set_of (unsigned char *der, int der_len, asn1_node node) -{ - struct vet - { - int end; - struct vet *next, *prev; - }; - - int counter, len, len2, change; - struct vet *first, *last, *p_vet, *p2_vet; - asn1_node p; - unsigned char *temp, class; - unsigned long k, length; - int err; - - counter = 0; - - if (type_field (node->type) != ASN1_ETYPE_SET_OF) - return ASN1_VALUE_NOT_VALID; - - p = node->down; - while (p && ((type_field (p->type) == ASN1_ETYPE_TAG) || - (type_field (p->type) == ASN1_ETYPE_SIZE))) - p = p->right; - if (p == NULL) - return ASN1_VALUE_NOT_VALID; - p = p->right; - - if ((p == NULL) || (p->right == NULL)) - return ASN1_SUCCESS; - - first = last = NULL; - while (p) - { - p_vet = malloc (sizeof (struct vet)); - if (p_vet == NULL) - { - err = ASN1_MEM_ALLOC_ERROR; - goto error; - } - - p_vet->next = NULL; - p_vet->prev = last; - if (first == NULL) - first = p_vet; - else - last->next = p_vet; - last = p_vet; - - /* extraction of tag and length */ - if (der_len - counter > 0) - { - - err = asn1_get_tag_der (der + counter, der_len - counter, &class, - &len, NULL); - if (err != ASN1_SUCCESS) - goto error; - counter += len; - - len2 = asn1_get_length_der (der + counter, der_len - counter, &len); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - counter += len + len2; - } - else - { - err = ASN1_DER_ERROR; - goto error; - } - - p_vet->end = counter; - p = p->right; - } - - p_vet = first; - - while (p_vet) - { - p2_vet = p_vet->next; - counter = 0; - while (p2_vet) - { - length = MIN(p_vet->end - counter, p2_vet->end - p_vet->end); - change = -1; - for (k = 0; k < length; k++) - if (der[counter + k] > der[p_vet->end + k]) - { - change = 1; - break; - } - else if (der[counter + k] < der[p_vet->end + k]) - { - change = 0; - break; - } - - if ((change == -1) - && ((p_vet->end - counter) > (p2_vet->end - p_vet->end))) - change = 1; - - if (change == 1) - { - /* change position */ - temp = malloc (p_vet->end - counter); - if (temp == NULL) - { - err = ASN1_MEM_ALLOC_ERROR; - goto error; - } - - memcpy (temp, der + counter, (p_vet->end) - counter); - memcpy (der + counter, der + (p_vet->end), - (p2_vet->end) - (p_vet->end)); - memcpy (der + counter + (p2_vet->end) - (p_vet->end), temp, - (p_vet->end) - counter); - free (temp); - - p_vet->end = counter + (p2_vet->end - p_vet->end); - } - counter = p_vet->end; - - p2_vet = p2_vet->next; - p_vet = p_vet->next; - } - - if (p_vet != first) - p_vet->prev->next = NULL; - else - first = NULL; - free (p_vet); - p_vet = first; - } - return ASN1_SUCCESS; - -error: - while (first != NULL) - { - p_vet = first; - first = first->next; - free(p_vet); - } - return err; -} - -/** - * asn1_der_coding: - * @element: pointer to an ASN1 element - * @name: the name of the structure you want to encode (it must be - * inside *POINTER). - * @ider: vector that will contain the DER encoding. DER must be a - * pointer to memory cells already allocated. - * @len: number of bytes of *@ider: @ider[0]..@ider[len-1], Initialy - * holds the sizeof of der vector. - * @ErrorDescription: return the error description or an empty - * string if success. - * - * Creates the DER encoding for the NAME structure (inside *POINTER - * structure). - * - * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND - * if @name is not a valid element, %ASN1_VALUE_NOT_FOUND if there - * is an element without a value, %ASN1_MEM_ERROR if the @ider - * vector isn't big enough and in this case @len will contain the - * length needed. - **/ -int -asn1_der_coding (asn1_node element, const char *name, void *ider, int *len, - char *ErrorDescription) -{ - asn1_node node, p, p2; - unsigned char temp[MAX(LTOSTR_MAX_SIZE, SIZEOF_UNSIGNED_LONG_INT * 3 + 1)]; - int counter, counter_old, len2, len3, move, max_len, max_len_old; - int err; - unsigned char *der = ider; - - if (ErrorDescription) - ErrorDescription[0] = 0; - - node = asn1_find_node (element, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - /* Node is now a locally allocated variable. - * That is because in some point we modify the - * structure, and I don't know why! --nmav - */ - node = _asn1_copy_structure3 (node); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - max_len = *len; - - counter = 0; - move = DOWN; - p = node; - - while (1) - { - - counter_old = counter; - max_len_old = max_len; - if (move != UP) - { - p->start = counter; - err = _asn1_insert_tag_der (p, der, &counter, &max_len); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - } - switch (type_field (p->type)) - { - case ASN1_ETYPE_NULL: - max_len--; - if (max_len >= 0) - der[counter] = 0; - counter++; - move = RIGHT; - break; - case ASN1_ETYPE_BOOLEAN: - if ((p->type & CONST_DEFAULT) && (p->value == NULL)) - { - counter = counter_old; - max_len = max_len_old; - } - else - { - if (p->value == NULL) - { - _asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - max_len -= 2; - if (max_len >= 0) - { - der[counter++] = 1; - if (p->value[0] == 'F') - der[counter++] = 0; - else - der[counter++] = 0xFF; - } - else - counter += 2; - } - move = RIGHT; - break; - case ASN1_ETYPE_INTEGER: - case ASN1_ETYPE_ENUMERATED: - if ((p->type & CONST_DEFAULT) && (p->value == NULL)) - { - counter = counter_old; - max_len = max_len_old; - } - else - { - if (p->value == NULL) - { - _asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2 + len3; - if (max_len >= 0) - memcpy (der + counter, p->value, len3 + len2); - counter += len3 + len2; - } - move = RIGHT; - break; - case ASN1_ETYPE_OBJECT_ID: - if ((p->type & CONST_DEFAULT) && (p->value == NULL)) - { - counter = counter_old; - max_len = max_len_old; - } - else - { - if (p->value == NULL) - { - _asn1_error_description_value_not_found (p, - ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = max_len; - err = _asn1_objectid_der (p->value, der + counter, &len2); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - - max_len -= len2; - counter += len2; - } - move = RIGHT; - break; - case ASN1_ETYPE_GENERALIZED_TIME: - case ASN1_ETYPE_UTC_TIME: - if (p->value == NULL) - { - _asn1_error_description_value_not_found (p, ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = max_len; - err = _asn1_time_der (p->value, p->value_len, der + counter, &len2); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - - max_len -= len2; - counter += len2; - move = RIGHT; - break; - case ASN1_ETYPE_OCTET_STRING: - case ASN1_ETYPE_GENERALSTRING: - case ASN1_ETYPE_NUMERIC_STRING: - case ASN1_ETYPE_IA5_STRING: - case ASN1_ETYPE_TELETEX_STRING: - case ASN1_ETYPE_PRINTABLE_STRING: - case ASN1_ETYPE_UNIVERSAL_STRING: - case ASN1_ETYPE_BMP_STRING: - case ASN1_ETYPE_UTF8_STRING: - case ASN1_ETYPE_VISIBLE_STRING: - case ASN1_ETYPE_BIT_STRING: - if (p->value == NULL) - { - _asn1_error_description_value_not_found (p, ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2 + len3; - if (max_len >= 0) - memcpy (der + counter, p->value, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case ASN1_ETYPE_SEQUENCE: - case ASN1_ETYPE_SET: - if (move != UP) - { - p->tmp_ival = counter; - if (p->down == NULL) - { - move = UP; - continue; - } - else - { - p2 = p->down; - while (p2 && (type_field (p2->type) == ASN1_ETYPE_TAG)) - p2 = p2->right; - if (p2) - { - p = p2; - move = RIGHT; - continue; - } - move = UP; - continue; - } - } - else - { /* move==UP */ - len2 = p->tmp_ival; - p->tmp_ival = 0; - if ((type_field (p->type) == ASN1_ETYPE_SET) && (max_len >= 0)) - { - err = _asn1_ordering_set (der + len2, counter - len2, p); - if (err != ASN1_SUCCESS) - goto error; - } - asn1_length_der (counter - len2, temp, &len3); - max_len -= len3; - if (max_len >= 0) - { - memmove (der + len2 + len3, der + len2, counter - len2); - memcpy (der + len2, temp, len3); - } - counter += len3; - move = RIGHT; - } - break; - case ASN1_ETYPE_SEQUENCE_OF: - case ASN1_ETYPE_SET_OF: - if (move != UP) - { - p->tmp_ival = counter; - p = p->down; - while ((type_field (p->type) == ASN1_ETYPE_TAG) - || (type_field (p->type) == ASN1_ETYPE_SIZE)) - p = p->right; - if (p->right) - { - p = p->right; - move = RIGHT; - continue; - } - else - p = _asn1_find_up (p); - move = UP; - } - if (move == UP) - { - len2 = p->tmp_ival; - p->tmp_ival = 0; - if ((type_field (p->type) == ASN1_ETYPE_SET_OF) - && (counter - len2 > 0) && (max_len >= 0)) - { - err = _asn1_ordering_set_of (der + len2, counter - len2, p); - if (err != ASN1_SUCCESS) - goto error; - } - asn1_length_der (counter - len2, temp, &len3); - max_len -= len3; - if (max_len >= 0) - { - memmove (der + len2 + len3, der + len2, counter - len2); - memcpy (der + len2, temp, len3); - } - counter += len3; - move = RIGHT; - } - break; - case ASN1_ETYPE_ANY: - if (p->value == NULL) - { - _asn1_error_description_value_not_found (p, ErrorDescription); - err = ASN1_VALUE_NOT_FOUND; - goto error; - } - len2 = asn1_get_length_der (p->value, p->value_len, &len3); - if (len2 < 0) - { - err = ASN1_DER_ERROR; - goto error; - } - max_len -= len2; - if (max_len >= 0) - memcpy (der + counter, p->value + len3, len2); - counter += len2; - move = RIGHT; - break; - default: - move = (move == UP) ? RIGHT : DOWN; - break; - } - - if ((move != DOWN) && (counter != counter_old)) - { - p->end = counter - 1; - err = _asn1_complete_explicit_tag (p, der, &counter, &max_len); - if (err != ASN1_SUCCESS && err != ASN1_MEM_ERROR) - goto error; - } - - if (p == node && move != DOWN) - break; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - *len = counter; - - if (max_len < 0) - { - err = ASN1_MEM_ERROR; - goto error; - } - - err = ASN1_SUCCESS; - -error: - asn1_delete_structure (&node); - return err; -} diff --git a/lib/minitasn1/decoding.c b/lib/minitasn1/decoding.c deleted file mode 100644 index 0ee35d3d09..0000000000 --- a/lib/minitasn1/decoding.c +++ /dev/null @@ -1,2369 +0,0 @@ -/* - * Copyright (C) 2002-2016 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - - -/*****************************************************/ -/* File: decoding.c */ -/* Description: Functions to manage DER decoding */ -/*****************************************************/ - -#include <int.h> -#include <parser_aux.h> -#include <gstr.h> -#include <structure.h> -#include <element.h> -#include <limits.h> -#include <intprops.h> - -#ifdef DEBUG -# define warn() fprintf(stderr, "%s: %d\n", __func__, __LINE__) -#else -# define warn() -#endif - -#define IS_ERR(len, flags) (len < -1 || ((flags & ASN1_DECODE_FLAG_STRICT_DER) && len < 0)) - -#define HAVE_TWO(x) (x>=2?1:0) - -#define DECODE_FLAG_HAVE_TAG 1 -#define DECODE_FLAG_INDEFINITE (1<<1) -/* On indefinite string decoding, allow this maximum levels - * of recursion. Allowing infinite recursion, makes the BER - * decoder susceptible to stack exhaustion due to that recursion. - */ -#define DECODE_FLAG_LEVEL1 (1<<2) -#define DECODE_FLAG_LEVEL2 (1<<3) -#define DECODE_FLAG_LEVEL3 (1<<4) - -#define DECR_LEN(l, s) do { \ - l -= s; \ - if (l < 0) { \ - warn(); \ - result = ASN1_DER_ERROR; \ - goto cleanup; \ - } \ - } while (0) - -static int -_asn1_get_indefinite_length_string (const unsigned char *der, int der_len, int *len); - -static int -_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - unsigned int _der_len, unsigned char **str, - unsigned int *str_len, unsigned int *ber_len, - unsigned dflags); - -static int -_asn1_decode_simple_der (unsigned int etype, const unsigned char *der, - unsigned int _der_len, const unsigned char **str, - unsigned int *str_len, unsigned dflags); - -static void -_asn1_error_description_tag_error (asn1_node node, char *ErrorDescription) -{ - - Estrcpy (ErrorDescription, ":: tag error near element '"); - _asn1_hierarchical_name (node, ErrorDescription + strlen (ErrorDescription), - ASN1_MAX_ERROR_DESCRIPTION_SIZE - 40); - Estrcat (ErrorDescription, "'"); - -} - -/** - * asn1_get_length_der: - * @der: DER data to decode. - * @der_len: Length of DER data to decode. - * @len: Output variable containing the length of the DER length field. - * - * Extract a length field from DER data. - * - * Returns: Return the decoded length value, or -1 on indefinite - * length, or -2 when the value was too big to fit in a int, or -4 - * when the decoded length value plus @len would exceed @der_len. - **/ -long -asn1_get_length_der (const unsigned char *der, int der_len, int *len) -{ - unsigned int ans; - int k, punt, sum; - - *len = 0; - if (der_len <= 0) - return 0; - - if (!(der[0] & 128)) - { - /* short form */ - *len = 1; - ans = der[0]; - } - else - { - /* Long form */ - k = der[0] & 0x7F; - punt = 1; - if (k) - { /* definite length method */ - ans = 0; - while (punt <= k && punt < der_len) - { - if (INT_MULTIPLY_OVERFLOW (ans, 256)) - return -2; - ans *= 256; - - if (INT_ADD_OVERFLOW (ans, ((unsigned) der[punt]))) - return -2; - ans += der[punt]; - punt++; - } - } - else - { /* indefinite length method */ - *len = punt; - return -1; - } - - *len = punt; - } - - sum = ans; - if (ans >= INT_MAX || INT_ADD_OVERFLOW (sum, (*len))) - return -2; - sum += *len; - - if (sum > der_len) - return -4; - - return ans; -} - -/** - * asn1_get_tag_der: - * @der: DER data to decode. - * @der_len: Length of DER data to decode. - * @cls: Output variable containing decoded class. - * @len: Output variable containing the length of the DER TAG data. - * @tag: Output variable containing the decoded tag (may be %NULL). - * - * Decode the class and TAG from DER code. - * - * Returns: Returns %ASN1_SUCCESS on success, or an error. - **/ -int -asn1_get_tag_der (const unsigned char *der, int der_len, - unsigned char *cls, int *len, unsigned long *tag) -{ - unsigned int ris; - int punt; - - if (der == NULL || der_len < 2 || len == NULL) - return ASN1_DER_ERROR; - - *cls = der[0] & 0xE0; - if ((der[0] & 0x1F) != 0x1F) - { - /* short form */ - *len = 1; - ris = der[0] & 0x1F; - } - else - { - /* Long form */ - punt = 1; - ris = 0; - while (punt < der_len && der[punt] & 128) - { - - if (INT_MULTIPLY_OVERFLOW (ris, 128)) - return ASN1_DER_ERROR; - ris *= 128; - - if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F)))) - return ASN1_DER_ERROR; - ris += (der[punt] & 0x7F); - punt++; - } - - if (punt >= der_len) - return ASN1_DER_ERROR; - - if (INT_MULTIPLY_OVERFLOW (ris, 128)) - return ASN1_DER_ERROR; - ris *= 128; - - if (INT_ADD_OVERFLOW (ris, ((unsigned) (der[punt] & 0x7F)))) - return ASN1_DER_ERROR; - ris += (der[punt] & 0x7F); - punt++; - - *len = punt; - } - - if (tag) - *tag = ris; - return ASN1_SUCCESS; -} - -/** - * asn1_get_length_ber: - * @ber: BER data to decode. - * @ber_len: Length of BER data to decode. - * @len: Output variable containing the length of the BER length field. - * - * Extract a length field from BER data. The difference to - * asn1_get_length_der() is that this function will return a length - * even if the value has indefinite encoding. - * - * Returns: Return the decoded length value, or negative value when - * the value was too big. - * - * Since: 2.0 - **/ -long -asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len) -{ - int ret; - long err; - - ret = asn1_get_length_der (ber, ber_len, len); - if (ret == -1 && ber_len > 1) - { /* indefinite length method */ - err = _asn1_get_indefinite_length_string (ber + 1, ber_len-1, &ret); - if (err != ASN1_SUCCESS) - return -3; - } - - return ret; -} - -/** - * asn1_get_octet_der: - * @der: DER data to decode containing the OCTET SEQUENCE. - * @der_len: The length of the @der data to decode. - * @ret_len: Output variable containing the encoded length of the DER data. - * @str: Pre-allocated output buffer to put decoded OCTET SEQUENCE in. - * @str_size: Length of pre-allocated output buffer. - * @str_len: Output variable containing the length of the contents of the OCTET SEQUENCE. - * - * Extract an OCTET SEQUENCE from DER data. Note that this function - * expects the DER data past the tag field, i.e., the length and - * content octets. - * - * Returns: Returns %ASN1_SUCCESS on success, or an error. - **/ -int -asn1_get_octet_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, int str_size, - int *str_len) -{ - int len_len = 0; - - if (der_len <= 0) - return ASN1_GENERIC_ERROR; - - *str_len = asn1_get_length_der (der, der_len, &len_len); - - if (*str_len < 0) - return ASN1_DER_ERROR; - - *ret_len = *str_len + len_len; - if (str_size >= *str_len) - { - if (*str_len > 0 && str != NULL) - memcpy (str, der + len_len, *str_len); - } - else - { - return ASN1_MEM_ERROR; - } - - return ASN1_SUCCESS; -} - - -/*- - * _asn1_get_time_der: - * @type: %ASN1_ETYPE_GENERALIZED_TIME or %ASN1_ETYPE_UTC_TIME - * @der: DER data to decode containing the time - * @der_len: Length of DER data to decode. - * @ret_len: Output variable containing the length of the DER data. - * @str: Pre-allocated output buffer to put the textual time in. - * @str_size: Length of pre-allocated output buffer. - * @flags: Zero or %ASN1_DECODE_FLAG_STRICT_DER - * - * Performs basic checks in the DER encoded time object and returns its textual form. - * The textual form will be in the YYYYMMDD000000Z format for GeneralizedTime - * and YYMMDD000000Z for UTCTime. - * - * Returns: %ASN1_SUCCESS on success, or an error. - -*/ -static int -_asn1_get_time_der (unsigned type, const unsigned char *der, int der_len, int *ret_len, - char *str, int str_size, unsigned flags) -{ - int len_len, str_len; - unsigned i; - unsigned sign_count = 0; - unsigned dot_count = 0; - const unsigned char *p; - - if (der_len <= 0 || str == NULL) - return ASN1_DER_ERROR; - - str_len = asn1_get_length_der (der, der_len, &len_len); - if (str_len <= 0 || str_size < str_len) - return ASN1_DER_ERROR; - - /* perform some sanity checks on the data */ - if (str_len < 8) - { - warn(); - return ASN1_TIME_ENCODING_ERROR; - } - - if ((flags & ASN1_DECODE_FLAG_STRICT_DER) && !(flags & ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME)) - { - p = &der[len_len]; - for (i=0;i<(unsigned)(str_len-1);i++) - { - if (isdigit(p[i]) == 0) - { - if (type == ASN1_ETYPE_GENERALIZED_TIME) - { - /* tolerate lax encodings */ - if (p[i] == '.' && dot_count == 0) - { - dot_count++; - continue; - } - - /* This is not really valid DER, but there are - * structures using that */ - if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && - (p[i] == '+' || p[i] == '-') && sign_count == 0) - { - sign_count++; - continue; - } - } - - warn(); - return ASN1_TIME_ENCODING_ERROR; - } - } - - if (sign_count == 0 && p[str_len-1] != 'Z') - { - warn(); - return ASN1_TIME_ENCODING_ERROR; - } - } - memcpy (str, der + len_len, str_len); - str[str_len] = 0; - *ret_len = str_len + len_len; - - return ASN1_SUCCESS; -} - -/** - * asn1_get_objectid_der: - * @der: DER data to decode containing the OBJECT IDENTIFIER - * @der_len: Length of DER data to decode. - * @ret_len: Output variable containing the length of the DER data. - * @str: Pre-allocated output buffer to put the textual object id in. - * @str_size: Length of pre-allocated output buffer. - * - * Converts a DER encoded object identifier to its textual form. This - * function expects the DER object identifier without the tag. - * - * Returns: %ASN1_SUCCESS on success, or an error. - **/ -int -asn1_get_object_id_der (const unsigned char *der, int der_len, int *ret_len, - char *str, int str_size) -{ - int len_len, len, k; - int leading; - char temp[LTOSTR_MAX_SIZE]; - uint64_t val, val1; - - *ret_len = 0; - if (str && str_size > 0) - str[0] = 0; /* no oid */ - - if (str == NULL || der_len <= 0) - return ASN1_GENERIC_ERROR; - - len = asn1_get_length_der (der, der_len, &len_len); - - if (len <= 0 || len + len_len > der_len) - return ASN1_DER_ERROR; - - val1 = der[len_len] / 40; - val = der[len_len] - val1 * 40; - - _asn1_str_cpy (str, str_size, _asn1_ltostr (val1, temp)); - _asn1_str_cat (str, str_size, "."); - _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); - - val = 0; - leading = 1; - for (k = 1; k < len; k++) - { - /* X.690 mandates that the leading byte must never be 0x80 - */ - if (leading != 0 && der[len_len + k] == 0x80) - return ASN1_DER_ERROR; - leading = 0; - - /* check for wrap around */ - if (INT_LEFT_SHIFT_OVERFLOW (val, 7)) - return ASN1_DER_ERROR; - - val = val << 7; - val |= der[len_len + k] & 0x7F; - - if (!(der[len_len + k] & 0x80)) - { - _asn1_str_cat (str, str_size, "."); - _asn1_str_cat (str, str_size, _asn1_ltostr (val, temp)); - val = 0; - leading = 1; - } - } - - if (INT_ADD_OVERFLOW (len, len_len)) - return ASN1_DER_ERROR; - - *ret_len = len + len_len; - - return ASN1_SUCCESS; -} - -/** - * asn1_get_bit_der: - * @der: DER data to decode containing the BIT SEQUENCE. - * @der_len: Length of DER data to decode. - * @ret_len: Output variable containing the length of the DER data. - * @str: Pre-allocated output buffer to put decoded BIT SEQUENCE in. - * @str_size: Length of pre-allocated output buffer. - * @bit_len: Output variable containing the size of the BIT SEQUENCE. - * - * Extract a BIT SEQUENCE from DER data. - * - * Returns: %ASN1_SUCCESS on success, or an error. - **/ -int -asn1_get_bit_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, int str_size, - int *bit_len) -{ - int len_len = 0, len_byte; - - if (der_len <= 0) - return ASN1_GENERIC_ERROR; - - len_byte = asn1_get_length_der (der, der_len, &len_len) - 1; - if (len_byte < 0) - return ASN1_DER_ERROR; - - *ret_len = len_byte + len_len + 1; - *bit_len = len_byte * 8 - der[len_len]; - - if (*bit_len < 0) - return ASN1_DER_ERROR; - - if (str_size >= len_byte) - { - if (len_byte > 0 && str) - memcpy (str, der + len_len + 1, len_byte); - } - else - { - return ASN1_MEM_ERROR; - } - - return ASN1_SUCCESS; -} - -/* tag_len: the total tag length (explicit+inner) - * inner_tag_len: the inner_tag length - */ -static int -_asn1_extract_tag_der (asn1_node node, const unsigned char *der, int der_len, - int *tag_len, int *inner_tag_len, unsigned flags) -{ - asn1_node p; - int counter, len2, len3, is_tag_implicit; - int result; - unsigned long tag, tag_implicit = 0; - unsigned char class, class2, class_implicit = 0; - - if (der_len <= 0) - return ASN1_GENERIC_ERROR; - - counter = is_tag_implicit = 0; - - if (node->type & CONST_TAG) - { - p = node->down; - while (p) - { - if (type_field (p->type) == ASN1_ETYPE_TAG) - { - if (p->type & CONST_APPLICATION) - class2 = ASN1_CLASS_APPLICATION; - else if (p->type & CONST_UNIVERSAL) - class2 = ASN1_CLASS_UNIVERSAL; - else if (p->type & CONST_PRIVATE) - class2 = ASN1_CLASS_PRIVATE; - else - class2 = ASN1_CLASS_CONTEXT_SPECIFIC; - - if (p->type & CONST_EXPLICIT) - { - if (asn1_get_tag_der - (der + counter, der_len, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - - DECR_LEN(der_len, len2); - counter += len2; - - if (flags & ASN1_DECODE_FLAG_STRICT_DER) - len3 = - asn1_get_length_der (der + counter, der_len, - &len2); - else - len3 = - asn1_get_length_ber (der + counter, der_len, - &len2); - if (len3 < 0) - return ASN1_DER_ERROR; - - DECR_LEN(der_len, len2); - counter += len2; - - if (!is_tag_implicit) - { - if ((class != (class2 | ASN1_CLASS_STRUCTURED)) || - (tag != strtoul ((char *) p->value, NULL, 10))) - return ASN1_TAG_ERROR; - } - else - { /* ASN1_TAG_IMPLICIT */ - if ((class != class_implicit) || (tag != tag_implicit)) - return ASN1_TAG_ERROR; - } - is_tag_implicit = 0; - } - else - { /* ASN1_TAG_IMPLICIT */ - if (!is_tag_implicit) - { - if ((type_field (node->type) == ASN1_ETYPE_SEQUENCE) || - (type_field (node->type) == ASN1_ETYPE_SEQUENCE_OF) - || (type_field (node->type) == ASN1_ETYPE_SET) - || (type_field (node->type) == ASN1_ETYPE_SET_OF)) - class2 |= ASN1_CLASS_STRUCTURED; - class_implicit = class2; - tag_implicit = strtoul ((char *) p->value, NULL, 10); - is_tag_implicit = 1; - } - } - } - p = p->right; - } - } - - if (is_tag_implicit) - { - if (asn1_get_tag_der - (der + counter, der_len, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - - DECR_LEN(der_len, len2); - - if ((class != class_implicit) || (tag != tag_implicit)) - { - if (type_field (node->type) == ASN1_ETYPE_OCTET_STRING) - { - class_implicit |= ASN1_CLASS_STRUCTURED; - if ((class != class_implicit) || (tag != tag_implicit)) - return ASN1_TAG_ERROR; - } - else - return ASN1_TAG_ERROR; - } - } - else - { - unsigned type = type_field (node->type); - if (type == ASN1_ETYPE_TAG) - { - *tag_len = 0; - if (inner_tag_len) - *inner_tag_len = 0; - return ASN1_SUCCESS; - } - - if (asn1_get_tag_der - (der + counter, der_len, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - - DECR_LEN(der_len, len2); - - switch (type) - { - case ASN1_ETYPE_NULL: - case ASN1_ETYPE_BOOLEAN: - case ASN1_ETYPE_INTEGER: - case ASN1_ETYPE_ENUMERATED: - case ASN1_ETYPE_OBJECT_ID: - case ASN1_ETYPE_GENERALSTRING: - case ASN1_ETYPE_NUMERIC_STRING: - case ASN1_ETYPE_IA5_STRING: - case ASN1_ETYPE_TELETEX_STRING: - case ASN1_ETYPE_PRINTABLE_STRING: - case ASN1_ETYPE_UNIVERSAL_STRING: - case ASN1_ETYPE_BMP_STRING: - case ASN1_ETYPE_UTF8_STRING: - case ASN1_ETYPE_VISIBLE_STRING: - case ASN1_ETYPE_BIT_STRING: - case ASN1_ETYPE_SEQUENCE: - case ASN1_ETYPE_SEQUENCE_OF: - case ASN1_ETYPE_SET: - case ASN1_ETYPE_SET_OF: - case ASN1_ETYPE_GENERALIZED_TIME: - case ASN1_ETYPE_UTC_TIME: - if ((class != _asn1_tags[type].class) - || (tag != _asn1_tags[type].tag)) - return ASN1_DER_ERROR; - break; - - case ASN1_ETYPE_OCTET_STRING: - /* OCTET STRING is handled differently to allow - * BER encodings (structured class). */ - if (((class != ASN1_CLASS_UNIVERSAL) - && (class != (ASN1_CLASS_UNIVERSAL | ASN1_CLASS_STRUCTURED))) - || (tag != ASN1_TAG_OCTET_STRING)) - return ASN1_DER_ERROR; - break; - case ASN1_ETYPE_ANY: - counter -= len2; - break; - case ASN1_ETYPE_CHOICE: - counter -= len2; - break; - default: - return ASN1_DER_ERROR; - break; - } - } - - counter += len2; - *tag_len = counter; - if (inner_tag_len) - *inner_tag_len = len2; - return ASN1_SUCCESS; - -cleanup: - return result; -} - -static int -extract_tag_der_recursive(asn1_node node, const unsigned char *der, int der_len, - int *ret_len, int *inner_len, unsigned flags) -{ -asn1_node p; -int ris = ASN1_DER_ERROR; - - if (type_field (node->type) == ASN1_ETYPE_CHOICE) - { - p = node->down; - while (p) - { - ris = _asn1_extract_tag_der (p, der, der_len, ret_len, inner_len, flags); - if (ris == ASN1_SUCCESS) - break; - p = p->right; - } - - *ret_len = 0; - return ris; - } - else - return _asn1_extract_tag_der (node, der, der_len, ret_len, inner_len, flags); -} - -static int -_asn1_delete_not_used (asn1_node node) -{ - asn1_node p, p2; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if (p->type & CONST_NOT_USED) - { - p2 = NULL; - if (p != node) - { - p2 = _asn1_find_left (p); - if (!p2) - p2 = _asn1_find_up (p); - } - asn1_delete_structure (&p); - p = p2; - } - - if (!p) - break; /* reach node */ - - if (p->down) - { - p = p->down; - } - else - { - if (p == node) - p = NULL; - else if (p->right) - p = p->right; - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p->right) - { - p = p->right; - break; - } - } - } - } - } - return ASN1_SUCCESS; -} - -static int -_asn1_get_indefinite_length_string (const unsigned char *der, - int der_len, int *len) -{ - int len2, len3, counter, indefinite; - int result; - unsigned long tag; - unsigned char class; - - counter = indefinite = 0; - - while (1) - { - if (HAVE_TWO(der_len) && (der[counter] == 0) && (der[counter + 1] == 0)) - { - counter += 2; - DECR_LEN(der_len, 2); - - indefinite--; - if (indefinite <= 0) - break; - else - continue; - } - - if (asn1_get_tag_der - (der + counter, der_len, &class, &len2, - &tag) != ASN1_SUCCESS) - return ASN1_DER_ERROR; - - DECR_LEN(der_len, len2); - counter += len2; - - len2 = asn1_get_length_der (der + counter, der_len, &len3); - if (len2 < -1) - return ASN1_DER_ERROR; - - if (len2 == -1) - { - indefinite++; - counter += 1; - DECR_LEN(der_len, 1); - } - else - { - counter += len2 + len3; - DECR_LEN(der_len, len2+len3); - } - } - - *len = counter; - return ASN1_SUCCESS; - -cleanup: - return result; -} - -static void delete_unneeded_choice_fields(asn1_node p) -{ - asn1_node p2; - - while (p->right) - { - p2 = p->right; - asn1_delete_structure (&p2); - } -} - - -/** - * asn1_der_decoding2 - * @element: pointer to an ASN1 structure. - * @ider: vector that contains the DER encoding. - * @max_ider_len: pointer to an integer giving the information about the - * maximal number of bytes occupied by *@ider. The real size of the DER - * encoding is returned through this pointer. - * @flags: flags controlling the behaviour of the function. - * @errorDescription: null-terminated string contains details when an - * error occurred. - * - * Fill the structure *@element with values of a DER encoding string. The - * structure must just be created with function asn1_create_element(). - * - * If %ASN1_DECODE_FLAG_ALLOW_PADDING flag is set then the function will ignore - * padding after the decoded DER data. Upon a successful return the value of - * *@max_ider_len will be set to the number of bytes decoded. - * - * If %ASN1_DECODE_FLAG_STRICT_DER flag is set then the function will - * not decode any BER-encoded elements. - * - * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND - * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or - * %ASN1_DER_ERROR if the der encoding doesn't match the structure - * name (*@ELEMENT deleted). - **/ -int -asn1_der_decoding2 (asn1_node *element, const void *ider, int *max_ider_len, - unsigned int flags, char *errorDescription) -{ - asn1_node node, p, p2, p3; - char temp[128]; - int counter, len2, len3, len4, move, ris, tlen; - struct node_tail_cache_st tcache = {NULL, NULL}; - unsigned char class; - unsigned long tag; - int tag_len; - int indefinite, result, total_len = *max_ider_len, ider_len = *max_ider_len; - int inner_tag_len; - unsigned char *ptmp; - const unsigned char *ptag; - const unsigned char *der = ider; - - node = *element; - - if (errorDescription != NULL) - errorDescription[0] = 0; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - if (node->type & CONST_OPTION) - { - result = ASN1_GENERIC_ERROR; - warn(); - goto cleanup; - } - - counter = 0; - move = DOWN; - p = node; - while (1) - { - tag_len = 0; - inner_tag_len = 0; - ris = ASN1_SUCCESS; - if (move != UP) - { - if (p->type & CONST_SET) - { - p2 = _asn1_find_up (p); - len2 = p2->tmp_ival; - if (len2 == -1) - { - if (HAVE_TWO(ider_len) && !der[counter] && !der[counter + 1]) - { - p = p2; - move = UP; - counter += 2; - DECR_LEN(ider_len, 2); - continue; - } - } - else if (counter == len2) - { - p = p2; - move = UP; - continue; - } - else if (counter > len2) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - p2 = p2->down; - while (p2) - { - if ((p2->type & CONST_SET) && (p2->type & CONST_NOT_USED)) - { - ris = - extract_tag_der_recursive (p2, der + counter, - ider_len, &len2, NULL, flags); - if (ris == ASN1_SUCCESS) - { - p2->type &= ~CONST_NOT_USED; - p = p2; - break; - } - } - p2 = p2->right; - } - if (p2 == NULL) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - } - - /* the position in the DER structure this starts */ - p->start = counter; - p->end = total_len - 1; - - if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) - { - p2 = _asn1_find_up (p); - len2 = p2->tmp_ival; - if (counter == len2) - { - if (p->right) - { - p2 = p->right; - move = RIGHT; - } - else - move = UP; - - if (p->type & CONST_OPTION) - asn1_delete_structure (&p); - - p = p2; - continue; - } - } - - if (type_field (p->type) == ASN1_ETYPE_CHOICE) - { - while (p->down) - { - ris = - extract_tag_der_recursive (p->down, der + counter, - ider_len, &len2, NULL, flags); - - if (ris == ASN1_SUCCESS) - { - delete_unneeded_choice_fields(p->down); - break; - } - else if (ris == ASN1_ERROR_TYPE_ANY) - { - result = ASN1_ERROR_TYPE_ANY; - warn(); - goto cleanup; - } - else - { - p2 = p->down; - asn1_delete_structure (&p2); - } - } - - if (p->down == NULL) - { - if (!(p->type & CONST_OPTION)) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - } - else if (type_field (p->type) != ASN1_ETYPE_CHOICE) - p = p->down; - - p->start = counter; - } - - if ((p->type & CONST_OPTION) || (p->type & CONST_DEFAULT)) - { - p2 = _asn1_find_up (p); - len2 = p2->tmp_ival; - - if ((len2 != -1) && (counter > len2)) - ris = ASN1_TAG_ERROR; - } - - if (ris == ASN1_SUCCESS) - ris = - extract_tag_der_recursive (p, der + counter, ider_len, - &tag_len, &inner_tag_len, flags); - - if (ris != ASN1_SUCCESS) - { - if (p->type & CONST_OPTION) - { - p->type |= CONST_NOT_USED; - move = RIGHT; - } - else if (p->type & CONST_DEFAULT) - { - _asn1_set_value (p, NULL, 0); - move = RIGHT; - } - else - { - if (errorDescription != NULL) - _asn1_error_description_tag_error (p, errorDescription); - - result = ASN1_TAG_ERROR; - warn(); - goto cleanup; - } - } - else - { - DECR_LEN(ider_len, tag_len); - counter += tag_len; - } - } - - if (ris == ASN1_SUCCESS) - { - switch (type_field (p->type)) - { - case ASN1_ETYPE_NULL: - DECR_LEN(ider_len, 1); - if (der[counter]) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - counter++; - move = RIGHT; - break; - case ASN1_ETYPE_BOOLEAN: - DECR_LEN(ider_len, 2); - - if (der[counter++] != 1) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - if (der[counter++] == 0) - _asn1_set_value (p, "F", 1); - else - _asn1_set_value (p, "T", 1); - move = RIGHT; - break; - case ASN1_ETYPE_INTEGER: - case ASN1_ETYPE_ENUMERATED: - len2 = - asn1_get_length_der (der + counter, ider_len, &len3); - if (len2 < 0) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len3+len2); - - _asn1_set_value (p, der + counter, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case ASN1_ETYPE_OBJECT_ID: - result = - asn1_get_object_id_der (der + counter, ider_len, &len2, - temp, sizeof (temp)); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len2); - - tlen = strlen (temp); - if (tlen > 0) - _asn1_set_value (p, temp, tlen + 1); - - counter += len2; - move = RIGHT; - break; - case ASN1_ETYPE_GENERALIZED_TIME: - case ASN1_ETYPE_UTC_TIME: - result = - _asn1_get_time_der (type_field (p->type), der + counter, ider_len, &len2, temp, - sizeof (temp) - 1, flags); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len2); - - tlen = strlen (temp); - if (tlen > 0) - _asn1_set_value (p, temp, tlen); - - counter += len2; - move = RIGHT; - break; - case ASN1_ETYPE_OCTET_STRING: - if (counter < inner_tag_len) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - ptag = der + counter - inner_tag_len; - if (flags & ASN1_DECODE_FLAG_STRICT_DER || !(ptag[0] & ASN1_CLASS_STRUCTURED)) - { - len2 = - asn1_get_length_der (der + counter, ider_len, &len3); - if (len2 < 0) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len3+len2); - - _asn1_set_value (p, der + counter, len3 + len2); - counter += len3 + len2; - } - else - { - unsigned dflags = 0, vlen, ber_len; - - if (ptag[0] & ASN1_CLASS_STRUCTURED) - dflags |= DECODE_FLAG_INDEFINITE; - - result = _asn1_decode_simple_ber(type_field (p->type), der+counter, ider_len, &ptmp, &vlen, &ber_len, dflags); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, ber_len); - - _asn1_set_value_lv (p, ptmp, vlen); - - counter += ber_len; - free(ptmp); - } - move = RIGHT; - break; - case ASN1_ETYPE_GENERALSTRING: - case ASN1_ETYPE_NUMERIC_STRING: - case ASN1_ETYPE_IA5_STRING: - case ASN1_ETYPE_TELETEX_STRING: - case ASN1_ETYPE_PRINTABLE_STRING: - case ASN1_ETYPE_UNIVERSAL_STRING: - case ASN1_ETYPE_BMP_STRING: - case ASN1_ETYPE_UTF8_STRING: - case ASN1_ETYPE_VISIBLE_STRING: - case ASN1_ETYPE_BIT_STRING: - len2 = - asn1_get_length_der (der + counter, ider_len, &len3); - if (len2 < 0) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len3+len2); - - _asn1_set_value (p, der + counter, len3 + len2); - counter += len3 + len2; - move = RIGHT; - break; - case ASN1_ETYPE_SEQUENCE: - case ASN1_ETYPE_SET: - if (move == UP) - { - len2 = p->tmp_ival; - p->tmp_ival = 0; - if (len2 == -1) - { /* indefinite length method */ - DECR_LEN(ider_len, 2); - if ((der[counter]) || der[counter + 1]) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - counter += 2; - } - else - { /* definite length method */ - if (len2 != counter) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - } - move = RIGHT; - } - else - { /* move==DOWN || move==RIGHT */ - len3 = - asn1_get_length_der (der + counter, ider_len, &len2); - if (IS_ERR(len3, flags)) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len2); - counter += len2; - - if (len3 > 0) - { - p->tmp_ival = counter + len3; - move = DOWN; - } - else if (len3 == 0) - { - p2 = p->down; - while (p2) - { - if (type_field (p2->type) != ASN1_ETYPE_TAG) - { - p3 = p2->right; - asn1_delete_structure (&p2); - p2 = p3; - } - else - p2 = p2->right; - } - move = RIGHT; - } - else - { /* indefinite length method */ - p->tmp_ival = -1; - move = DOWN; - } - } - break; - case ASN1_ETYPE_SEQUENCE_OF: - case ASN1_ETYPE_SET_OF: - if (move == UP) - { - len2 = p->tmp_ival; - if (len2 == -1) - { /* indefinite length method */ - if (!HAVE_TWO(ider_len) || ((der[counter]) || der[counter + 1])) - { - result = _asn1_append_sequence_set (p, &tcache); - if (result != 0) - { - warn(); - goto cleanup; - } - p = tcache.tail; - move = RIGHT; - continue; - } - - p->tmp_ival = 0; - tcache.tail = NULL; /* finished decoding this structure */ - tcache.head = NULL; - DECR_LEN(ider_len, 2); - counter += 2; - } - else - { /* definite length method */ - if (len2 > counter) - { - result = _asn1_append_sequence_set (p, &tcache); - if (result != 0) - { - warn(); - goto cleanup; - } - p = tcache.tail; - move = RIGHT; - continue; - } - - p->tmp_ival = 0; - tcache.tail = NULL; /* finished decoding this structure */ - tcache.head = NULL; - - if (len2 != counter) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - } - } - else - { /* move==DOWN || move==RIGHT */ - len3 = - asn1_get_length_der (der + counter, ider_len, &len2); - if (IS_ERR(len3, flags)) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len2); - counter += len2; - if (len3) - { - if (len3 > 0) - { /* definite length method */ - p->tmp_ival = counter + len3; - } - else - { /* indefinite length method */ - p->tmp_ival = -1; - } - - p2 = p->down; - if (p2 == NULL) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - while ((type_field (p2->type) == ASN1_ETYPE_TAG) - || (type_field (p2->type) == ASN1_ETYPE_SIZE)) - p2 = p2->right; - if (p2->right == NULL) - { - result = _asn1_append_sequence_set (p, &tcache); - if (result != 0) - { - warn(); - goto cleanup; - } - } - p = p2; - } - } - move = RIGHT; - break; - case ASN1_ETYPE_ANY: - /* Check indefinite lenth method in an EXPLICIT TAG */ - - if (!(flags & ASN1_DECODE_FLAG_STRICT_DER) && (p->type & CONST_TAG) && - tag_len == 2 && (der[counter - 1] == 0x80)) - indefinite = 1; - else - indefinite = 0; - - if (asn1_get_tag_der - (der + counter, ider_len, &class, &len2, - &tag) != ASN1_SUCCESS) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len2); - - len4 = - asn1_get_length_der (der + counter + len2, - ider_len, &len3); - if (IS_ERR(len4, flags)) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - if (len4 != -1) /* definite */ - { - len2 += len4; - - DECR_LEN(ider_len, len4+len3); - _asn1_set_value_lv (p, der + counter, len2 + len3); - counter += len2 + len3; - } - else /* == -1 */ - { /* indefinite length */ - ider_len += len2; /* undo DECR_LEN */ - - if (counter == 0) - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - - result = - _asn1_get_indefinite_length_string (der + counter, ider_len, &len2); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - - DECR_LEN(ider_len, len2); - _asn1_set_value_lv (p, der + counter, len2); - counter += len2; - - } - - /* Check if a couple of 0x00 are present due to an EXPLICIT TAG with - an indefinite length method. */ - if (indefinite) - { - DECR_LEN(ider_len, 2); - if (!der[counter] && !der[counter + 1]) - { - counter += 2; - } - else - { - result = ASN1_DER_ERROR; - warn(); - goto cleanup; - } - } - - move = RIGHT; - break; - default: - move = (move == UP) ? RIGHT : DOWN; - break; - } - } - - if (p) - { - p->end = counter - 1; - } - - if (p == node && move != DOWN) - break; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - if ((move == RIGHT) && !(p->type & CONST_SET)) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - _asn1_delete_not_used (*element); - - if ((ider_len < 0) || - (!(flags & ASN1_DECODE_FLAG_ALLOW_PADDING) && (ider_len != 0))) - { - warn(); - result = ASN1_DER_ERROR; - goto cleanup; - } - - *max_ider_len = total_len - ider_len; - - return ASN1_SUCCESS; - -cleanup: - asn1_delete_structure (element); - return result; -} - - -/** - * asn1_der_decoding: - * @element: pointer to an ASN1 structure. - * @ider: vector that contains the DER encoding. - * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1]. - * @errorDescription: null-terminated string contains details when an - * error occurred. - * - * Fill the structure *@element with values of a DER encoding - * string. The structure must just be created with function - * asn1_create_element(). - * - * Note that the *@element variable is provided as a pointer for - * historical reasons. - * - * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND - * if @ELEMENT is %NULL, and %ASN1_TAG_ERROR or - * %ASN1_DER_ERROR if the der encoding doesn't match the structure - * name (*@ELEMENT deleted). - **/ -int -asn1_der_decoding (asn1_node * element, const void *ider, int ider_len, - char *errorDescription) -{ - return asn1_der_decoding2 (element, ider, &ider_len, 0, errorDescription); -} - -/** - * asn1_der_decoding_element: - * @structure: pointer to an ASN1 structure - * @elementName: name of the element to fill - * @ider: vector that contains the DER encoding of the whole structure. - * @len: number of bytes of *der: der[0]..der[len-1] - * @errorDescription: null-terminated string contains details when an - * error occurred. - * - * Fill the element named @ELEMENTNAME with values of a DER encoding - * string. The structure must just be created with function - * asn1_create_element(). The DER vector must contain the encoding - * string of the whole @STRUCTURE. If an error occurs during the - * decoding procedure, the *@STRUCTURE is deleted and set equal to - * %NULL. - * - * This function is deprecated and may just be an alias to asn1_der_decoding - * in future versions. Use asn1_der_decoding() instead. - * - * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND - * if ELEMENT is %NULL or @elementName == NULL, and - * %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding doesn't - * match the structure @structure (*ELEMENT deleted). - **/ -int -asn1_der_decoding_element (asn1_node * structure, const char *elementName, - const void *ider, int len, char *errorDescription) -{ - return asn1_der_decoding(structure, ider, len, errorDescription); -} - -/** - * asn1_der_decoding_startEnd: - * @element: pointer to an ASN1 element - * @ider: vector that contains the DER encoding. - * @ider_len: number of bytes of *@ider: @ider[0]..@ider[len-1] - * @name_element: an element of NAME structure. - * @start: the position of the first byte of NAME_ELEMENT decoding - * (@ider[*start]) - * @end: the position of the last byte of NAME_ELEMENT decoding - * (@ider[*end]) - * - * Find the start and end point of an element in a DER encoding - * string. I mean that if you have a der encoding and you have already - * used the function asn1_der_decoding() to fill a structure, it may - * happen that you want to find the piece of string concerning an - * element of the structure. - * - * One example is the sequence "tbsCertificate" inside an X509 - * certificate. - * - * Note that since libtasn1 3.7 the @ider and @ider_len parameters - * can be omitted, if the element is already decoded using asn1_der_decoding(). - * - * Returns: %ASN1_SUCCESS if DER encoding OK, %ASN1_ELEMENT_NOT_FOUND - * if ELEMENT is %asn1_node EMPTY or @name_element is not a valid - * element, %ASN1_TAG_ERROR or %ASN1_DER_ERROR if the der encoding - * doesn't match the structure ELEMENT. - **/ -int -asn1_der_decoding_startEnd (asn1_node element, const void *ider, int ider_len, - const char *name_element, int *start, int *end) -{ - asn1_node node, node_to_find; - int result = ASN1_DER_ERROR; - - node = element; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - node_to_find = asn1_find_node (node, name_element); - - if (node_to_find == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - *start = node_to_find->start; - *end = node_to_find->end; - - if (*start == 0 && *end == 0) - { - if (ider == NULL || ider_len == 0) - return ASN1_GENERIC_ERROR; - - /* it seems asn1_der_decoding() wasn't called before. Do it now */ - result = asn1_der_decoding (&node, ider, ider_len, NULL); - if (result != ASN1_SUCCESS) - { - warn(); - return result; - } - - node_to_find = asn1_find_node (node, name_element); - if (node_to_find == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - *start = node_to_find->start; - *end = node_to_find->end; - } - - if (*end < *start) - return ASN1_GENERIC_ERROR; - - return ASN1_SUCCESS; -} - -/** - * asn1_expand_any_defined_by: - * @definitions: ASN1 definitions - * @element: pointer to an ASN1 structure - * - * Expands every "ANY DEFINED BY" element of a structure created from - * a DER decoding process (asn1_der_decoding function). The element - * ANY must be defined by an OBJECT IDENTIFIER. The type used to - * expand the element ANY is the first one following the definition of - * the actual value of the OBJECT IDENTIFIER. - * - * Returns: %ASN1_SUCCESS if Substitution OK, %ASN1_ERROR_TYPE_ANY if - * some "ANY DEFINED BY" element couldn't be expanded due to a - * problem in OBJECT_ID -> TYPE association, or other error codes - * depending on DER decoding. - **/ -int -asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element) -{ - char name[2 * ASN1_MAX_NAME_SIZE + 1], - value[ASN1_MAX_NAME_SIZE]; - int retCode = ASN1_SUCCESS, result; - int len, len2, len3; - asn1_node p, p2, p3, aux = NULL; - char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - const char *definitionsName; - - if ((definitions == NULL) || (*element == NULL)) - return ASN1_ELEMENT_NOT_FOUND; - - definitionsName = definitions->name; - - p = *element; - while (p) - { - - switch (type_field (p->type)) - { - case ASN1_ETYPE_ANY: - if ((p->type & CONST_DEFINED_BY) && (p->value)) - { - /* search the "DEF_BY" element */ - p2 = p->down; - while ((p2) && (type_field (p2->type) != ASN1_ETYPE_CONSTANT)) - p2 = p2->right; - - if (!p2) - { - retCode = ASN1_ERROR_TYPE_ANY; - break; - } - - p3 = _asn1_find_up (p); - - if (!p3) - { - retCode = ASN1_ERROR_TYPE_ANY; - break; - } - - p3 = p3->down; - while (p3) - { - if (!(strcmp (p3->name, p2->name))) - break; - p3 = p3->right; - } - - if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) || - (p3->value == NULL)) - { - - p3 = _asn1_find_up (p); - p3 = _asn1_find_up (p3); - - if (!p3) - { - retCode = ASN1_ERROR_TYPE_ANY; - break; - } - - p3 = p3->down; - - while (p3) - { - if (!(strcmp (p3->name, p2->name))) - break; - p3 = p3->right; - } - - if ((!p3) || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) - || (p3->value == NULL)) - { - retCode = ASN1_ERROR_TYPE_ANY; - break; - } - } - - /* search the OBJECT_ID into definitions */ - p2 = definitions->down; - while (p2) - { - if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) && - (p2->type & CONST_ASSIGN)) - { - snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name); - - len = ASN1_MAX_NAME_SIZE; - result = - asn1_read_value (definitions, name, value, &len); - - if ((result == ASN1_SUCCESS) - && (!_asn1_strcmp (p3->value, value))) - { - p2 = p2->right; /* pointer to the structure to - use for expansion */ - while ((p2) && (p2->type & CONST_ASSIGN)) - p2 = p2->right; - - if (p2) - { - snprintf(name, sizeof(name), "%s.%s", definitionsName, p2->name); - - result = - asn1_create_element (definitions, name, &aux); - if (result == ASN1_SUCCESS) - { - _asn1_cpy_name (aux, p); - len2 = - asn1_get_length_der (p->value, - p->value_len, &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - - result = - asn1_der_decoding (&aux, p->value + len3, - len2, - errorDescription); - if (result == ASN1_SUCCESS) - { - - _asn1_set_right (aux, p->right); - _asn1_set_right (p, aux); - - result = asn1_delete_structure (&p); - if (result == ASN1_SUCCESS) - { - p = aux; - aux = NULL; - break; - } - else - { /* error with asn1_delete_structure */ - asn1_delete_structure (&aux); - retCode = result; - break; - } - } - else - { /* error with asn1_der_decoding */ - retCode = result; - break; - } - } - else - { /* error with asn1_create_element */ - retCode = result; - break; - } - } - else - { /* error with the pointer to the structure to exapand */ - retCode = ASN1_ERROR_TYPE_ANY; - break; - } - } - } - p2 = p2->right; - } /* end while */ - - if (!p2) - { - retCode = ASN1_ERROR_TYPE_ANY; - break; - } - - } - break; - default: - break; - } - - - if (p->down) - { - p = p->down; - } - else if (p == *element) - { - p = NULL; - break; - } - else if (p->right) - p = p->right; - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == *element) - { - p = NULL; - break; - } - if (p->right) - { - p = p->right; - break; - } - } - } - } - - return retCode; -} - -/** - * asn1_expand_octet_string: - * @definitions: ASN1 definitions - * @element: pointer to an ASN1 structure - * @octetName: name of the OCTECT STRING field to expand. - * @objectName: name of the OBJECT IDENTIFIER field to use to define - * the type for expansion. - * - * Expands an "OCTET STRING" element of a structure created from a DER - * decoding process (the asn1_der_decoding() function). The type used - * for expansion is the first one following the definition of the - * actual value of the OBJECT IDENTIFIER indicated by OBJECTNAME. - * - * Returns: %ASN1_SUCCESS if substitution OK, %ASN1_ELEMENT_NOT_FOUND - * if @objectName or @octetName are not correct, - * %ASN1_VALUE_NOT_VALID if it wasn't possible to find the type to - * use for expansion, or other errors depending on DER decoding. - **/ -int -asn1_expand_octet_string (asn1_node definitions, asn1_node * element, - const char *octetName, const char *objectName) -{ - char name[2 * ASN1_MAX_NAME_SIZE + 1], value[ASN1_MAX_NAME_SIZE]; - int retCode = ASN1_SUCCESS, result; - int len, len2, len3; - asn1_node p2, aux = NULL; - asn1_node octetNode = NULL, objectNode = NULL; - char errorDescription[ASN1_MAX_ERROR_DESCRIPTION_SIZE]; - - if ((definitions == NULL) || (*element == NULL)) - return ASN1_ELEMENT_NOT_FOUND; - - octetNode = asn1_find_node (*element, octetName); - if (octetNode == NULL) - return ASN1_ELEMENT_NOT_FOUND; - if (type_field (octetNode->type) != ASN1_ETYPE_OCTET_STRING) - return ASN1_ELEMENT_NOT_FOUND; - if (octetNode->value == NULL) - return ASN1_VALUE_NOT_FOUND; - - objectNode = asn1_find_node (*element, objectName); - if (objectNode == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - if (type_field (objectNode->type) != ASN1_ETYPE_OBJECT_ID) - return ASN1_ELEMENT_NOT_FOUND; - - if (objectNode->value == NULL) - return ASN1_VALUE_NOT_FOUND; - - - /* search the OBJECT_ID into definitions */ - p2 = definitions->down; - while (p2) - { - if ((type_field (p2->type) == ASN1_ETYPE_OBJECT_ID) && - (p2->type & CONST_ASSIGN)) - { - strcpy (name, definitions->name); - strcat (name, "."); - strcat (name, p2->name); - - len = sizeof (value); - result = asn1_read_value (definitions, name, value, &len); - - if ((result == ASN1_SUCCESS) - && (!_asn1_strcmp (objectNode->value, value))) - { - - p2 = p2->right; /* pointer to the structure to - use for expansion */ - while ((p2) && (p2->type & CONST_ASSIGN)) - p2 = p2->right; - - if (p2) - { - strcpy (name, definitions->name); - strcat (name, "."); - strcat (name, p2->name); - - result = asn1_create_element (definitions, name, &aux); - if (result == ASN1_SUCCESS) - { - _asn1_cpy_name (aux, octetNode); - len2 = - asn1_get_length_der (octetNode->value, - octetNode->value_len, &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - - result = - asn1_der_decoding (&aux, octetNode->value + len3, - len2, errorDescription); - if (result == ASN1_SUCCESS) - { - - _asn1_set_right (aux, octetNode->right); - _asn1_set_right (octetNode, aux); - - result = asn1_delete_structure (&octetNode); - if (result == ASN1_SUCCESS) - { - aux = NULL; - break; - } - else - { /* error with asn1_delete_structure */ - asn1_delete_structure (&aux); - retCode = result; - break; - } - } - else - { /* error with asn1_der_decoding */ - retCode = result; - break; - } - } - else - { /* error with asn1_create_element */ - retCode = result; - break; - } - } - else - { /* error with the pointer to the structure to exapand */ - retCode = ASN1_VALUE_NOT_VALID; - break; - } - } - } - - p2 = p2->right; - - } - - if (!p2) - retCode = ASN1_VALUE_NOT_VALID; - - return retCode; -} - -/*- - * _asn1_decode_simple_der: - * @etype: The type of the string to be encoded (ASN1_ETYPE_) - * @der: the encoded string - * @_der_len: the bytes of the encoded string - * @str: a pointer to the data - * @str_len: the length of the data - * @dflags: DECODE_FLAG_* - * - * Decodes a simple DER encoded type (e.g. a string, which is not constructed). - * The output is a pointer inside the @der. - * - * Returns: %ASN1_SUCCESS if successful or an error value. - -*/ -static int -_asn1_decode_simple_der (unsigned int etype, const unsigned char *der, - unsigned int _der_len, const unsigned char **str, - unsigned int *str_len, unsigned dflags) -{ - int tag_len, len_len; - const unsigned char *p; - int der_len = _der_len; - unsigned char class; - unsigned long tag; - long ret; - - if (der == NULL || der_len == 0) - return ASN1_VALUE_NOT_VALID; - - if (ETYPE_OK (etype) == 0 || ETYPE_IS_STRING(etype) == 0) - return ASN1_VALUE_NOT_VALID; - - /* doesn't handle constructed classes */ - class = ETYPE_CLASS(etype); - if (class != ASN1_CLASS_UNIVERSAL) - return ASN1_VALUE_NOT_VALID; - - p = der; - - if (dflags & DECODE_FLAG_HAVE_TAG) - { - ret = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag); - if (ret != ASN1_SUCCESS) - return ret; - - if (class != ETYPE_CLASS (etype) || tag != ETYPE_TAG (etype)) - { - warn(); - return ASN1_DER_ERROR; - } - - p += tag_len; - der_len -= tag_len; - if (der_len <= 0) - return ASN1_DER_ERROR; - } - - ret = asn1_get_length_der (p, der_len, &len_len); - if (ret < 0) - return ASN1_DER_ERROR; - - p += len_len; - der_len -= len_len; - if (der_len <= 0) - return ASN1_DER_ERROR; - - *str_len = ret; - *str = p; - - return ASN1_SUCCESS; -} - -/** - * asn1_decode_simple_der: - * @etype: The type of the string to be encoded (ASN1_ETYPE_) - * @der: the encoded string - * @_der_len: the bytes of the encoded string - * @str: a pointer to the data - * @str_len: the length of the data - * - * Decodes a simple DER encoded type (e.g. a string, which is not constructed). - * The output is a pointer inside the @der. - * - * Returns: %ASN1_SUCCESS if successful or an error value. - **/ -int -asn1_decode_simple_der (unsigned int etype, const unsigned char *der, - unsigned int _der_len, const unsigned char **str, - unsigned int *str_len) -{ - return _asn1_decode_simple_der(etype, der, _der_len, str, str_len, DECODE_FLAG_HAVE_TAG); -} - -static int append(uint8_t **dst, unsigned *dst_size, const unsigned char *src, unsigned src_size) -{ - *dst = _asn1_realloc(*dst, *dst_size+src_size); - if (*dst == NULL) - return ASN1_MEM_ERROR; - memcpy(*dst + *dst_size, src, src_size); - *dst_size += src_size; - return ASN1_SUCCESS; -} - -/*- - * _asn1_decode_simple_ber: - * @etype: The type of the string to be encoded (ASN1_ETYPE_) - * @der: the encoded string - * @_der_len: the bytes of the encoded string - * @str: a pointer to the data - * @str_len: the length of the data - * @ber_len: the total length occupied by BER (may be %NULL) - * @have_tag: whether a DER tag is included - * - * Decodes a BER encoded type. The output is an allocated value - * of the data. This decodes BER STRINGS only. Other types are - * decoded as DER. - * - * Returns: %ASN1_SUCCESS if successful or an error value. - -*/ -static int -_asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - unsigned int _der_len, unsigned char **str, - unsigned int *str_len, unsigned int *ber_len, - unsigned dflags) -{ - int tag_len, len_len; - const unsigned char *p; - int der_len = _der_len; - uint8_t *total = NULL; - unsigned total_size = 0; - unsigned char class; - unsigned long tag; - unsigned char *out = NULL; - const unsigned char *cout = NULL; - unsigned out_len; - long result; - - if (ber_len) *ber_len = 0; - - if (der == NULL || der_len == 0) - { - warn(); - return ASN1_VALUE_NOT_VALID; - } - - if (ETYPE_OK (etype) == 0) - { - warn(); - return ASN1_VALUE_NOT_VALID; - } - - /* doesn't handle constructed + definite classes */ - class = ETYPE_CLASS (etype); - if (class != ASN1_CLASS_UNIVERSAL) - { - warn(); - return ASN1_VALUE_NOT_VALID; - } - - p = der; - - if (dflags & DECODE_FLAG_HAVE_TAG) - { - result = asn1_get_tag_der (p, der_len, &class, &tag_len, &tag); - if (result != ASN1_SUCCESS) - { - warn(); - return result; - } - - if (tag != ETYPE_TAG (etype)) - { - warn(); - return ASN1_DER_ERROR; - } - - p += tag_len; - - DECR_LEN(der_len, tag_len); - - if (ber_len) *ber_len += tag_len; - } - - /* indefinite constructed */ - if ((((dflags & DECODE_FLAG_INDEFINITE) || class == ASN1_CLASS_STRUCTURED) && ETYPE_IS_STRING(etype)) && - !(dflags & DECODE_FLAG_LEVEL3)) - { - len_len = 1; - - DECR_LEN(der_len, len_len); - if (p[0] != 0x80) - { - warn(); - result = ASN1_DER_ERROR; - goto cleanup; - } - - p += len_len; - - if (ber_len) *ber_len += len_len; - - /* decode the available octet strings */ - do - { - unsigned tmp_len; - unsigned flags = DECODE_FLAG_HAVE_TAG; - - if (dflags & DECODE_FLAG_LEVEL1) - flags |= DECODE_FLAG_LEVEL2; - else if (dflags & DECODE_FLAG_LEVEL2) - flags |= DECODE_FLAG_LEVEL3; - else - flags |= DECODE_FLAG_LEVEL1; - - result = _asn1_decode_simple_ber(etype, p, der_len, &out, &out_len, &tmp_len, - flags); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - - p += tmp_len; - DECR_LEN(der_len, tmp_len); - - if (ber_len) *ber_len += tmp_len; - - DECR_LEN(der_len, 2); /* we need the EOC */ - - if (out_len > 0) - { - result = append(&total, &total_size, out, out_len); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - } - - free(out); - out = NULL; - - if (p[0] == 0 && p[1] == 0) /* EOC */ - { - if (ber_len) *ber_len += 2; - break; - } - - /* no EOC */ - der_len += 2; - - if (der_len == 2) - { - warn(); - result = ASN1_DER_ERROR; - goto cleanup; - } - } - while(1); - } - else if (class == ETYPE_CLASS(etype)) - { - if (ber_len) - { - result = asn1_get_length_der (p, der_len, &len_len); - if (result < 0) - { - warn(); - result = ASN1_DER_ERROR; - goto cleanup; - } - *ber_len += result + len_len; - } - - /* non-string values are decoded as DER */ - result = _asn1_decode_simple_der(etype, der, _der_len, &cout, &out_len, dflags); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - - result = append(&total, &total_size, cout, out_len); - if (result != ASN1_SUCCESS) - { - warn(); - goto cleanup; - } - } - else - { - warn(); - result = ASN1_DER_ERROR; - goto cleanup; - } - - *str = total; - *str_len = total_size; - - return ASN1_SUCCESS; -cleanup: - free(out); - free(total); - return result; -} - -/** - * asn1_decode_simple_ber: - * @etype: The type of the string to be encoded (ASN1_ETYPE_) - * @der: the encoded string - * @_der_len: the bytes of the encoded string - * @str: a pointer to the data - * @str_len: the length of the data - * @ber_len: the total length occupied by BER (may be %NULL) - * - * Decodes a BER encoded type. The output is an allocated value - * of the data. This decodes BER STRINGS only. Other types are - * decoded as DER. - * - * Returns: %ASN1_SUCCESS if successful or an error value. - **/ -int -asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - unsigned int _der_len, unsigned char **str, - unsigned int *str_len, unsigned int *ber_len) -{ - return _asn1_decode_simple_ber(etype, der, _der_len, str, str_len, ber_len, DECODE_FLAG_HAVE_TAG); -} diff --git a/lib/minitasn1/element.c b/lib/minitasn1/element.c deleted file mode 100644 index b09f82647f..0000000000 --- a/lib/minitasn1/element.c +++ /dev/null @@ -1,1111 +0,0 @@ -/* - * Copyright (C) 2000-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -/*****************************************************/ -/* File: element.c */ -/* Description: Functions with the read and write */ -/* functions. */ -/*****************************************************/ - - -#include <int.h> -#include "parser_aux.h" -#include <gstr.h> -#include "structure.h" - -#include "element.h" - -void -_asn1_hierarchical_name (asn1_node node, char *name, int name_size) -{ - asn1_node p; - char tmp_name[64]; - - p = node; - - name[0] = 0; - - while (p != NULL) - { - if (p->name[0] != 0) - { - _asn1_str_cpy (tmp_name, sizeof (tmp_name), name), - _asn1_str_cpy (name, name_size, p->name); - _asn1_str_cat (name, name_size, "."); - _asn1_str_cat (name, name_size, tmp_name); - } - p = _asn1_find_up (p); - } - - if (name[0] == 0) - _asn1_str_cpy (name, name_size, "ROOT"); -} - - -/******************************************************************/ -/* Function : _asn1_convert_integer */ -/* Description: converts an integer from a null terminated string */ -/* to der decoding. The convertion from a null */ -/* terminated string to an integer is made with */ -/* the 'strtol' function. */ -/* Parameters: */ -/* value: null terminated string to convert. */ -/* value_out: convertion result (memory must be already */ -/* allocated). */ -/* value_out_size: number of bytes of value_out. */ -/* len: number of significant byte of value_out. */ -/* Return: ASN1_MEM_ERROR or ASN1_SUCCESS */ -/******************************************************************/ -int -_asn1_convert_integer (const unsigned char *value, unsigned char *value_out, - int value_out_size, int *len) -{ - char negative; - unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; - long valtmp; - int k, k2; - - valtmp = _asn1_strtol (value, NULL, 10); - - for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) - { - val[SIZEOF_UNSIGNED_LONG_INT - k - 1] = (valtmp >> (8 * k)) & 0xFF; - } - - if (val[0] & 0x80) - negative = 1; - else - negative = 0; - - for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT - 1; k++) - { - if (negative && (val[k] != 0xFF)) - break; - else if (!negative && val[k]) - break; - } - - if ((negative && !(val[k] & 0x80)) || (!negative && (val[k] & 0x80))) - k--; - - *len = SIZEOF_UNSIGNED_LONG_INT - k; - - if (SIZEOF_UNSIGNED_LONG_INT - k > value_out_size) - /* VALUE_OUT is too short to contain the value conversion */ - return ASN1_MEM_ERROR; - - if (value_out != NULL) - { - for (k2 = k; k2 < SIZEOF_UNSIGNED_LONG_INT; k2++) - value_out[k2 - k] = val[k2]; - } - -#if 0 - printf ("_asn1_convert_integer: valueIn=%s, lenOut=%d", value, *len); - for (k = 0; k < SIZEOF_UNSIGNED_LONG_INT; k++) - printf (", vOut[%d]=%d", k, value_out[k]); - printf ("\n"); -#endif - - return ASN1_SUCCESS; -} - -/* Appends a new element into the sequence (or set) defined by this - * node. The new element will have a name of '?number', where number - * is a monotonically increased serial number. - * - * The last element in the list may be provided in @pcache, to avoid - * traversing the list, an expensive operation in long lists. - * - * On success it returns in @pcache the added element (which is the - * tail in the list of added elements). - */ -int -_asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcache) -{ - asn1_node p, p2; - char temp[LTOSTR_MAX_SIZE]; - long n; - - if (!node || !(node->down)) - return ASN1_GENERIC_ERROR; - - p = node->down; - while ((type_field (p->type) == ASN1_ETYPE_TAG) - || (type_field (p->type) == ASN1_ETYPE_SIZE)) - p = p->right; - - p2 = _asn1_copy_structure3 (p); - if (p2 == NULL) - return ASN1_GENERIC_ERROR; - - if (pcache == NULL || pcache->tail == NULL || pcache->head != node) - { - while (p->right) - { - p = p->right; - } - } - else - { - p = pcache->tail; - } - - _asn1_set_right (p, p2); - if (pcache) - { - pcache->head = node; - pcache->tail = p2; - } - - if (p->name[0] == 0) - _asn1_str_cpy (temp, sizeof (temp), "?1"); - else - { - n = strtol (p->name + 1, NULL, 0); - n++; - temp[0] = '?'; - _asn1_ltostr (n, temp + 1); - } - _asn1_set_name (p2, temp); - /* p2->type |= CONST_OPTION; */ - - return ASN1_SUCCESS; -} - - -/** - * asn1_write_value: - * @node_root: pointer to a structure - * @name: the name of the element inside the structure that you want to set. - * @ivalue: vector used to specify the value to set. If len is >0, - * VALUE must be a two's complement form integer. if len=0 *VALUE - * must be a null terminated string with an integer value. - * @len: number of bytes of *value to use to set the value: - * value[0]..value[len-1] or 0 if value is a null terminated string - * - * Set the value of one element inside a structure. - * - * If an element is OPTIONAL and you want to delete it, you must use - * the value=NULL and len=0. Using "pkix.asn": - * - * result=asn1_write_value(cert, "tbsCertificate.issuerUniqueID", - * NULL, 0); - * - * Description for each type: - * - * INTEGER: VALUE must contain a two's complement form integer. - * - * value[0]=0xFF , len=1 -> integer=-1. - * value[0]=0xFF value[1]=0xFF , len=2 -> integer=-1. - * value[0]=0x01 , len=1 -> integer= 1. - * value[0]=0x00 value[1]=0x01 , len=2 -> integer= 1. - * value="123" , len=0 -> integer= 123. - * - * ENUMERATED: As INTEGER (but only with not negative numbers). - * - * BOOLEAN: VALUE must be the null terminated string "TRUE" or - * "FALSE" and LEN != 0. - * - * value="TRUE" , len=1 -> boolean=TRUE. - * value="FALSE" , len=1 -> boolean=FALSE. - * - * OBJECT IDENTIFIER: VALUE must be a null terminated string with - * each number separated by a dot (e.g. "1.2.3.543.1"). LEN != 0. - * - * value="1 2 840 10040 4 3" , len=1 -> OID=dsa-with-sha. - * - * UTCTime: VALUE must be a null terminated string in one of these - * formats: "YYMMDDhhmmssZ", "YYMMDDhhmmssZ", - * "YYMMDDhhmmss+hh'mm'", "YYMMDDhhmmss-hh'mm'", - * "YYMMDDhhmm+hh'mm'", or "YYMMDDhhmm-hh'mm'". LEN != 0. - * - * value="9801011200Z" , len=1 -> time=Jannuary 1st, 1998 - * at 12h 00m Greenwich Mean Time - * - * GeneralizedTime: VALUE must be in one of this format: - * "YYYYMMDDhhmmss.sZ", "YYYYMMDDhhmmss.sZ", - * "YYYYMMDDhhmmss.s+hh'mm'", "YYYYMMDDhhmmss.s-hh'mm'", - * "YYYYMMDDhhmm+hh'mm'", or "YYYYMMDDhhmm-hh'mm'" where ss.s - * indicates the seconds with any precision like "10.1" or "01.02". - * LEN != 0 - * - * value="2001010112001.12-0700" , len=1 -> time=Jannuary - * 1st, 2001 at 12h 00m 01.12s Pacific Daylight Time - * - * OCTET STRING: VALUE contains the octet string and LEN is the - * number of octets. - * - * value="$\backslash$x01$\backslash$x02$\backslash$x03" , - * len=3 -> three bytes octet string - * - * GeneralString: VALUE contains the generalstring and LEN is the - * number of octets. - * - * value="$\backslash$x01$\backslash$x02$\backslash$x03" , - * len=3 -> three bytes generalstring - * - * BIT STRING: VALUE contains the bit string organized by bytes and - * LEN is the number of bits. - * - * value="$\backslash$xCF" , len=6 -> bit string="110011" (six - * bits) - * - * CHOICE: if NAME indicates a choice type, VALUE must specify one of - * the alternatives with a null terminated string. LEN != 0. Using - * "pkix.asn"\: - * - * result=asn1_write_value(cert, - * "certificate1.tbsCertificate.subject", "rdnSequence", - * 1); - * - * ANY: VALUE indicates the der encoding of a structure. LEN != 0. - * - * SEQUENCE OF: VALUE must be the null terminated string "NEW" and - * LEN != 0. With this instruction another element is appended in - * the sequence. The name of this element will be "?1" if it's the - * first one, "?2" for the second and so on. - * - * Using "pkix.asn"\: - * - * result=asn1_write_value(cert, - * "certificate1.tbsCertificate.subject.rdnSequence", "NEW", 1); - * - * SET OF: the same as SEQUENCE OF. Using "pkix.asn": - * - * result=asn1_write_value(cert, - * "tbsCertificate.subject.rdnSequence.?LAST", "NEW", 1); - * - * Returns: %ASN1_SUCCESS if the value was set, - * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, and - * %ASN1_VALUE_NOT_VALID if @ivalue has a wrong format. - **/ -int -asn1_write_value (asn1_node node_root, const char *name, - const void *ivalue, int len) -{ - asn1_node node, p, p2; - unsigned char *temp, *value_temp = NULL, *default_temp = NULL; - int len2, k, k2, negative; - size_t i; - const unsigned char *value = ivalue; - unsigned int type; - - node = asn1_find_node (node_root, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - if ((node->type & CONST_OPTION) && (value == NULL) && (len == 0)) - { - asn1_delete_structure (&node); - return ASN1_SUCCESS; - } - - type = type_field (node->type); - - if ((type == ASN1_ETYPE_SEQUENCE_OF || type == ASN1_ETYPE_SET_OF) && (value == NULL) && (len == 0)) - { - p = node->down; - while ((type_field (p->type) == ASN1_ETYPE_TAG) - || (type_field (p->type) == ASN1_ETYPE_SIZE)) - p = p->right; - - while (p->right) - asn1_delete_structure (&p->right); - - return ASN1_SUCCESS; - } - - /* Don't allow element deletion for other types */ - if (value == NULL) - { - return ASN1_VALUE_NOT_VALID; - } - - switch (type) - { - case ASN1_ETYPE_BOOLEAN: - if (!_asn1_strcmp (value, "TRUE")) - { - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - if (p->type & CONST_TRUE) - _asn1_set_value (node, NULL, 0); - else - _asn1_set_value (node, "T", 1); - } - else - _asn1_set_value (node, "T", 1); - } - else if (!_asn1_strcmp (value, "FALSE")) - { - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - if (p->type & CONST_FALSE) - _asn1_set_value (node, NULL, 0); - else - _asn1_set_value (node, "F", 1); - } - else - _asn1_set_value (node, "F", 1); - } - else - return ASN1_VALUE_NOT_VALID; - break; - case ASN1_ETYPE_INTEGER: - case ASN1_ETYPE_ENUMERATED: - if (len == 0) - { - if ((isdigit (value[0])) || (value[0] == '-')) - { - value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); - if (value_temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - _asn1_convert_integer (value, value_temp, - SIZEOF_UNSIGNED_LONG_INT, &len); - } - else - { /* is an identifier like v1 */ - if (!(node->type & CONST_LIST)) - return ASN1_VALUE_NOT_VALID; - p = node->down; - while (p) - { - if (type_field (p->type) == ASN1_ETYPE_CONSTANT) - { - if (!_asn1_strcmp (p->name, value)) - { - value_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); - if (value_temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - _asn1_convert_integer (p->value, - value_temp, - SIZEOF_UNSIGNED_LONG_INT, - &len); - break; - } - } - p = p->right; - } - if (p == NULL) - return ASN1_VALUE_NOT_VALID; - } - } - else - { /* len != 0 */ - value_temp = malloc (len); - if (value_temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - memcpy (value_temp, value, len); - } - - if (value_temp[0] & 0x80) - negative = 1; - else - negative = 0; - - if (negative && (type_field (node->type) == ASN1_ETYPE_ENUMERATED)) - { - free (value_temp); - return ASN1_VALUE_NOT_VALID; - } - - for (k = 0; k < len - 1; k++) - if (negative && (value_temp[k] != 0xFF)) - break; - else if (!negative && value_temp[k]) - break; - - if ((negative && !(value_temp[k] & 0x80)) || - (!negative && (value_temp[k] & 0x80))) - k--; - - _asn1_set_value_lv (node, value_temp + k, len - k); - - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - if ((isdigit (p->value[0])) || (p->value[0] == '-')) - { - default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); - if (default_temp == NULL) - { - free (value_temp); - return ASN1_MEM_ALLOC_ERROR; - } - - _asn1_convert_integer (p->value, default_temp, - SIZEOF_UNSIGNED_LONG_INT, &len2); - } - else - { /* is an identifier like v1 */ - if (!(node->type & CONST_LIST)) - { - free (value_temp); - return ASN1_VALUE_NOT_VALID; - } - p2 = node->down; - while (p2) - { - if (type_field (p2->type) == ASN1_ETYPE_CONSTANT) - { - if (!_asn1_strcmp (p2->name, p->value)) - { - default_temp = malloc (SIZEOF_UNSIGNED_LONG_INT); - if (default_temp == NULL) - { - free (value_temp); - return ASN1_MEM_ALLOC_ERROR; - } - - _asn1_convert_integer (p2->value, - default_temp, - SIZEOF_UNSIGNED_LONG_INT, - &len2); - break; - } - } - p2 = p2->right; - } - if (p2 == NULL) - { - free (value_temp); - return ASN1_VALUE_NOT_VALID; - } - } - - - if ((len - k) == len2) - { - for (k2 = 0; k2 < len2; k2++) - if (value_temp[k + k2] != default_temp[k2]) - { - break; - } - if (k2 == len2) - _asn1_set_value (node, NULL, 0); - } - free (default_temp); - } - free (value_temp); - break; - case ASN1_ETYPE_OBJECT_ID: - for (i = 0; i < _asn1_strlen (value); i++) - if ((!isdigit (value[i])) && (value[i] != '.') && (value[i] != '+')) - return ASN1_VALUE_NOT_VALID; - if (node->type & CONST_DEFAULT) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - if (!_asn1_strcmp (value, p->value)) - { - _asn1_set_value (node, NULL, 0); - break; - } - } - _asn1_set_value (node, value, _asn1_strlen (value) + 1); - break; - case ASN1_ETYPE_UTC_TIME: - { - len = _asn1_strlen (value); - if (len < 11) - return ASN1_VALUE_NOT_VALID; - for (k = 0; k < 10; k++) - if (!isdigit (value[k])) - return ASN1_VALUE_NOT_VALID; - switch (len) - { - case 11: - if (value[10] != 'Z') - return ASN1_VALUE_NOT_VALID; - break; - case 13: - if ((!isdigit (value[10])) || (!isdigit (value[11])) || - (value[12] != 'Z')) - return ASN1_VALUE_NOT_VALID; - break; - case 15: - if ((value[10] != '+') && (value[10] != '-')) - return ASN1_VALUE_NOT_VALID; - for (k = 11; k < 15; k++) - if (!isdigit (value[k])) - return ASN1_VALUE_NOT_VALID; - break; - case 17: - if ((!isdigit (value[10])) || (!isdigit (value[11]))) - return ASN1_VALUE_NOT_VALID; - if ((value[12] != '+') && (value[12] != '-')) - return ASN1_VALUE_NOT_VALID; - for (k = 13; k < 17; k++) - if (!isdigit (value[k])) - return ASN1_VALUE_NOT_VALID; - break; - default: - return ASN1_VALUE_NOT_FOUND; - } - _asn1_set_value (node, value, len); - } - break; - case ASN1_ETYPE_GENERALIZED_TIME: - len = _asn1_strlen (value); - _asn1_set_value (node, value, len); - break; - case ASN1_ETYPE_OCTET_STRING: - case ASN1_ETYPE_GENERALSTRING: - case ASN1_ETYPE_NUMERIC_STRING: - case ASN1_ETYPE_IA5_STRING: - case ASN1_ETYPE_TELETEX_STRING: - case ASN1_ETYPE_PRINTABLE_STRING: - case ASN1_ETYPE_UNIVERSAL_STRING: - case ASN1_ETYPE_BMP_STRING: - case ASN1_ETYPE_UTF8_STRING: - case ASN1_ETYPE_VISIBLE_STRING: - if (len == 0) - len = _asn1_strlen (value); - _asn1_set_value_lv (node, value, len); - break; - case ASN1_ETYPE_BIT_STRING: - if (len == 0) - len = _asn1_strlen (value); - asn1_length_der ((len >> 3) + 2, NULL, &len2); - temp = malloc ((len >> 3) + 2 + len2); - if (temp == NULL) - return ASN1_MEM_ALLOC_ERROR; - - asn1_bit_der (value, len, temp, &len2); - _asn1_set_value_m (node, temp, len2); - temp = NULL; - break; - case ASN1_ETYPE_CHOICE: - p = node->down; - while (p) - { - if (!_asn1_strcmp (p->name, value)) - { - p2 = node->down; - while (p2) - { - if (p2 != p) - { - asn1_delete_structure (&p2); - p2 = node->down; - } - else - p2 = p2->right; - } - break; - } - p = p->right; - } - if (!p) - return ASN1_ELEMENT_NOT_FOUND; - break; - case ASN1_ETYPE_ANY: - _asn1_set_value_lv (node, value, len); - break; - case ASN1_ETYPE_SEQUENCE_OF: - case ASN1_ETYPE_SET_OF: - if (_asn1_strcmp (value, "NEW")) - return ASN1_VALUE_NOT_VALID; - _asn1_append_sequence_set (node, NULL); - break; - default: - return ASN1_ELEMENT_NOT_FOUND; - break; - } - - return ASN1_SUCCESS; -} - - -#define PUT_VALUE( ptr, ptr_size, data, data_size) \ - *len = data_size; \ - if (ptr_size < data_size) { \ - return ASN1_MEM_ERROR; \ - } else { \ - if (ptr && data_size > 0) \ - memcpy (ptr, data, data_size); \ - } - -#define PUT_STR_VALUE( ptr, ptr_size, data) \ - *len = _asn1_strlen (data) + 1; \ - if (ptr_size < *len) { \ - return ASN1_MEM_ERROR; \ - } else { \ - /* this strcpy is checked */ \ - if (ptr) { \ - _asn1_strcpy (ptr, data); \ - } \ - } - -#define PUT_AS_STR_VALUE( ptr, ptr_size, data, data_size) \ - *len = data_size + 1; \ - if (ptr_size < *len) { \ - return ASN1_MEM_ERROR; \ - } else { \ - /* this strcpy is checked */ \ - if (ptr) { \ - if (data_size > 0) \ - memcpy (ptr, data, data_size); \ - ptr[data_size] = 0; \ - } \ - } - -#define ADD_STR_VALUE( ptr, ptr_size, data) \ - *len += _asn1_strlen(data); \ - if (ptr_size < (int) *len) { \ - (*len)++; \ - return ASN1_MEM_ERROR; \ - } else { \ - /* this strcat is checked */ \ - if (ptr) _asn1_strcat (ptr, data); \ - } - -/** - * asn1_read_value: - * @root: pointer to a structure. - * @name: the name of the element inside a structure that you want to read. - * @ivalue: vector that will contain the element's content, must be a - * pointer to memory cells already allocated (may be %NULL). - * @len: number of bytes of *value: value[0]..value[len-1]. Initialy - * holds the sizeof value. - * - * Returns the value of one element inside a structure. - * If an element is OPTIONAL and this returns - * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present - * in the der encoding that created the structure. The first element - * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and - * so on. If the @root provided is a node to specific sequence element, - * then the keyword "?CURRENT" is also acceptable and indicates the - * current sequence element of this node. - * - * Note that there can be valid values with length zero. In these case - * this function will succeed and @len will be zero. - * - * INTEGER: VALUE will contain a two's complement form integer. - * - * integer=-1 -> value[0]=0xFF , len=1. - * integer=1 -> value[0]=0x01 , len=1. - * - * ENUMERATED: As INTEGER (but only with not negative numbers). - * - * BOOLEAN: VALUE will be the null terminated string "TRUE" or - * "FALSE" and LEN=5 or LEN=6. - * - * OBJECT IDENTIFIER: VALUE will be a null terminated string with - * each number separated by a dot (i.e. "1.2.3.543.1"). - * - * LEN = strlen(VALUE)+1 - * - * UTCTime: VALUE will be a null terminated string in one of these - * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". - * LEN=strlen(VALUE)+1. - * - * GeneralizedTime: VALUE will be a null terminated string in the - * same format used to set the value. - * - * OCTET STRING: VALUE will contain the octet string and LEN will be - * the number of octets. - * - * GeneralString: VALUE will contain the generalstring and LEN will - * be the number of octets. - * - * BIT STRING: VALUE will contain the bit string organized by bytes - * and LEN will be the number of bits. - * - * CHOICE: If NAME indicates a choice type, VALUE will specify the - * alternative selected. - * - * ANY: If NAME indicates an any type, VALUE will indicate the DER - * encoding of the structure actually used. - * - * Returns: %ASN1_SUCCESS if value is returned, - * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, - * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element - * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough - * to store the result, and in this case @len will contain the number of - * bytes needed. On the occasion that the stored data are of zero-length - * this function may return %ASN1_SUCCESS even if the provided @len is zero. - **/ -int -asn1_read_value (asn1_node root, const char *name, void *ivalue, int *len) -{ - return asn1_read_value_type (root, name, ivalue, len, NULL); -} - -/** - * asn1_read_value_type: - * @root: pointer to a structure. - * @name: the name of the element inside a structure that you want to read. - * @ivalue: vector that will contain the element's content, must be a - * pointer to memory cells already allocated (may be %NULL). - * @len: number of bytes of *value: value[0]..value[len-1]. Initialy - * holds the sizeof value. - * @etype: The type of the value read (ASN1_ETYPE) - * - * Returns the type and value of one element inside a structure. - * If an element is OPTIONAL and this returns - * %ASN1_ELEMENT_NOT_FOUND, it means that this element wasn't present - * in the der encoding that created the structure. The first element - * of a SEQUENCE_OF or SET_OF is named "?1". The second one "?2" and - * so on. If the @root provided is a node to specific sequence element, - * then the keyword "?CURRENT" is also acceptable and indicates the - * current sequence element of this node. - * - * Note that there can be valid values with length zero. In these case - * this function will succeed and @len will be zero. - * - * - * INTEGER: VALUE will contain a two's complement form integer. - * - * integer=-1 -> value[0]=0xFF , len=1. - * integer=1 -> value[0]=0x01 , len=1. - * - * ENUMERATED: As INTEGER (but only with not negative numbers). - * - * BOOLEAN: VALUE will be the null terminated string "TRUE" or - * "FALSE" and LEN=5 or LEN=6. - * - * OBJECT IDENTIFIER: VALUE will be a null terminated string with - * each number separated by a dot (i.e. "1.2.3.543.1"). - * - * LEN = strlen(VALUE)+1 - * - * UTCTime: VALUE will be a null terminated string in one of these - * formats: "YYMMDDhhmmss+hh'mm'" or "YYMMDDhhmmss-hh'mm'". - * LEN=strlen(VALUE)+1. - * - * GeneralizedTime: VALUE will be a null terminated string in the - * same format used to set the value. - * - * OCTET STRING: VALUE will contain the octet string and LEN will be - * the number of octets. - * - * GeneralString: VALUE will contain the generalstring and LEN will - * be the number of octets. - * - * BIT STRING: VALUE will contain the bit string organized by bytes - * and LEN will be the number of bits. - * - * CHOICE: If NAME indicates a choice type, VALUE will specify the - * alternative selected. - * - * ANY: If NAME indicates an any type, VALUE will indicate the DER - * encoding of the structure actually used. - * - * Returns: %ASN1_SUCCESS if value is returned, - * %ASN1_ELEMENT_NOT_FOUND if @name is not a valid element, - * %ASN1_VALUE_NOT_FOUND if there isn't any value for the element - * selected, and %ASN1_MEM_ERROR if The value vector isn't big enough - * to store the result, and in this case @len will contain the number of - * bytes needed. On the occasion that the stored data are of zero-length - * this function may return %ASN1_SUCCESS even if the provided @len is zero. - **/ -int -asn1_read_value_type (asn1_node root, const char *name, void *ivalue, - int *len, unsigned int *etype) -{ - asn1_node node, p, p2; - int len2, len3, result; - int value_size = *len; - unsigned char *value = ivalue; - unsigned type; - - node = asn1_find_node (root, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - type = type_field (node->type); - - if ((type != ASN1_ETYPE_NULL) && - (type != ASN1_ETYPE_CHOICE) && - !(node->type & CONST_DEFAULT) && !(node->type & CONST_ASSIGN) && - (node->value == NULL)) - return ASN1_VALUE_NOT_FOUND; - - if (etype) - *etype = type; - switch (type) - { - case ASN1_ETYPE_NULL: - PUT_STR_VALUE (value, value_size, "NULL"); - break; - case ASN1_ETYPE_BOOLEAN: - if ((node->type & CONST_DEFAULT) && (node->value == NULL)) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - if (p->type & CONST_TRUE) - { - PUT_STR_VALUE (value, value_size, "TRUE"); - } - else - { - PUT_STR_VALUE (value, value_size, "FALSE"); - } - } - else if (node->value[0] == 'T') - { - PUT_STR_VALUE (value, value_size, "TRUE"); - } - else - { - PUT_STR_VALUE (value, value_size, "FALSE"); - } - break; - case ASN1_ETYPE_INTEGER: - case ASN1_ETYPE_ENUMERATED: - if ((node->type & CONST_DEFAULT) && (node->value == NULL)) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - if ((isdigit (p->value[0])) || (p->value[0] == '-') - || (p->value[0] == '+')) - { - result = _asn1_convert_integer - (p->value, value, value_size, len); - if (result != ASN1_SUCCESS) - return result; - } - else - { /* is an identifier like v1 */ - p2 = node->down; - while (p2) - { - if (type_field (p2->type) == ASN1_ETYPE_CONSTANT) - { - if (!_asn1_strcmp (p2->name, p->value)) - { - result = _asn1_convert_integer - (p2->value, value, value_size, - len); - if (result != ASN1_SUCCESS) - return result; - break; - } - } - p2 = p2->right; - } - } - } - else - { - len2 = -1; - result = asn1_get_octet_der - (node->value, node->value_len, &len2, value, value_size, - len); - if (result != ASN1_SUCCESS) - return result; - } - break; - case ASN1_ETYPE_OBJECT_ID: - if (node->type & CONST_ASSIGN) - { - *len = 0; - if (value) - value[0] = 0; - p = node->down; - while (p) - { - if (type_field (p->type) == ASN1_ETYPE_CONSTANT) - { - ADD_STR_VALUE (value, value_size, p->value); - if (p->right) - { - ADD_STR_VALUE (value, value_size, "."); - } - } - p = p->right; - } - (*len)++; - } - else if ((node->type & CONST_DEFAULT) && (node->value == NULL)) - { - p = node->down; - while (type_field (p->type) != ASN1_ETYPE_DEFAULT) - p = p->right; - PUT_STR_VALUE (value, value_size, p->value); - } - else - { - PUT_STR_VALUE (value, value_size, node->value); - } - break; - case ASN1_ETYPE_GENERALIZED_TIME: - case ASN1_ETYPE_UTC_TIME: - PUT_AS_STR_VALUE (value, value_size, node->value, node->value_len); - break; - case ASN1_ETYPE_OCTET_STRING: - case ASN1_ETYPE_GENERALSTRING: - case ASN1_ETYPE_NUMERIC_STRING: - case ASN1_ETYPE_IA5_STRING: - case ASN1_ETYPE_TELETEX_STRING: - case ASN1_ETYPE_PRINTABLE_STRING: - case ASN1_ETYPE_UNIVERSAL_STRING: - case ASN1_ETYPE_BMP_STRING: - case ASN1_ETYPE_UTF8_STRING: - case ASN1_ETYPE_VISIBLE_STRING: - len2 = -1; - result = asn1_get_octet_der - (node->value, node->value_len, &len2, value, value_size, - len); - if (result != ASN1_SUCCESS) - return result; - break; - case ASN1_ETYPE_BIT_STRING: - len2 = -1; - result = asn1_get_bit_der - (node->value, node->value_len, &len2, value, value_size, - len); - if (result != ASN1_SUCCESS) - return result; - break; - case ASN1_ETYPE_CHOICE: - PUT_STR_VALUE (value, value_size, node->down->name); - break; - case ASN1_ETYPE_ANY: - len3 = -1; - len2 = asn1_get_length_der (node->value, node->value_len, &len3); - if (len2 < 0) - return ASN1_DER_ERROR; - PUT_VALUE (value, value_size, node->value + len3, len2); - break; - default: - return ASN1_ELEMENT_NOT_FOUND; - break; - } - return ASN1_SUCCESS; -} - - -/** - * asn1_read_tag: - * @root: pointer to a structure - * @name: the name of the element inside a structure. - * @tagValue: variable that will contain the TAG value. - * @classValue: variable that will specify the TAG type. - * - * Returns the TAG and the CLASS of one element inside a structure. - * CLASS can have one of these constants: %ASN1_CLASS_APPLICATION, - * %ASN1_CLASS_UNIVERSAL, %ASN1_CLASS_PRIVATE or - * %ASN1_CLASS_CONTEXT_SPECIFIC. - * - * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if - * @name is not a valid element. - **/ -int -asn1_read_tag (asn1_node root, const char *name, int *tagValue, - int *classValue) -{ - asn1_node node, p, pTag; - - node = asn1_find_node (root, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node->down; - - /* pTag will points to the IMPLICIT TAG */ - pTag = NULL; - if (node->type & CONST_TAG) - { - while (p) - { - if (type_field (p->type) == ASN1_ETYPE_TAG) - { - if ((p->type & CONST_IMPLICIT) && (pTag == NULL)) - pTag = p; - else if (p->type & CONST_EXPLICIT) - pTag = NULL; - } - p = p->right; - } - } - - if (pTag) - { - *tagValue = _asn1_strtoul (pTag->value, NULL, 10); - - if (pTag->type & CONST_APPLICATION) - *classValue = ASN1_CLASS_APPLICATION; - else if (pTag->type & CONST_UNIVERSAL) - *classValue = ASN1_CLASS_UNIVERSAL; - else if (pTag->type & CONST_PRIVATE) - *classValue = ASN1_CLASS_PRIVATE; - else - *classValue = ASN1_CLASS_CONTEXT_SPECIFIC; - } - else - { - unsigned type = type_field (node->type); - *classValue = ASN1_CLASS_UNIVERSAL; - - switch (type) - { - CASE_HANDLED_ETYPES: - *tagValue = _asn1_tags[type].tag; - break; - case ASN1_ETYPE_TAG: - case ASN1_ETYPE_CHOICE: - case ASN1_ETYPE_ANY: - *tagValue = -1; - break; - default: - break; - } - } - - return ASN1_SUCCESS; -} - -/** - * asn1_read_node_value: - * @node: pointer to a node. - * @data: a point to a asn1_data_node_st - * - * Returns the value a data node inside a asn1_node structure. - * The data returned should be handled as constant values. - * - * Returns: %ASN1_SUCCESS if the node exists. - **/ -int -asn1_read_node_value (asn1_node node, asn1_data_node_st * data) -{ - data->name = node->name; - data->value = node->value; - data->value_len = node->value_len; - data->type = type_field (node->type); - - return ASN1_SUCCESS; -} diff --git a/lib/minitasn1/element.h b/lib/minitasn1/element.h deleted file mode 100644 index 4e45367415..0000000000 --- a/lib/minitasn1/element.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2000-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#ifndef _ELEMENT_H -#define _ELEMENT_H - - -struct node_tail_cache_st -{ - asn1_node head; /* the first element of the sequence */ - asn1_node tail; -}; - -int _asn1_append_sequence_set (asn1_node node, struct node_tail_cache_st *pcached); - -int _asn1_convert_integer (const unsigned char *value, - unsigned char *value_out, - int value_out_size, int *len); - -void _asn1_hierarchical_name (asn1_node node, char *name, int name_size); - -#endif diff --git a/lib/minitasn1/errors.c b/lib/minitasn1/errors.c deleted file mode 100644 index fef45ae742..0000000000 --- a/lib/minitasn1/errors.c +++ /dev/null @@ -1,99 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#include <int.h> -#ifdef STDC_HEADERS -#include <stdarg.h> -#endif - -#define LIBTASN1_ERROR_ENTRY(name) { #name, name } - -struct libtasn1_error_entry -{ - const char *name; - int number; -}; -typedef struct libtasn1_error_entry libtasn1_error_entry; - -static const libtasn1_error_entry error_algorithms[] = { - LIBTASN1_ERROR_ENTRY (ASN1_SUCCESS), - LIBTASN1_ERROR_ENTRY (ASN1_FILE_NOT_FOUND), - LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_FOUND), - LIBTASN1_ERROR_ENTRY (ASN1_IDENTIFIER_NOT_FOUND), - LIBTASN1_ERROR_ENTRY (ASN1_DER_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_FOUND), - LIBTASN1_ERROR_ENTRY (ASN1_GENERIC_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_VALUE_NOT_VALID), - LIBTASN1_ERROR_ENTRY (ASN1_TAG_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_TAG_IMPLICIT), - LIBTASN1_ERROR_ENTRY (ASN1_ERROR_TYPE_ANY), - LIBTASN1_ERROR_ENTRY (ASN1_SYNTAX_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_MEM_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_MEM_ALLOC_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_DER_OVERFLOW), - LIBTASN1_ERROR_ENTRY (ASN1_NAME_TOO_LONG), - LIBTASN1_ERROR_ENTRY (ASN1_ARRAY_ERROR), - LIBTASN1_ERROR_ENTRY (ASN1_ELEMENT_NOT_EMPTY), - LIBTASN1_ERROR_ENTRY (ASN1_TIME_ENCODING_ERROR), - {0, 0} -}; - -/** - * asn1_perror: - * @error: is an error returned by a libtasn1 function. - * - * Prints a string to stderr with a description of an error. This - * function is like perror(). The only difference is that it accepts - * an error returned by a libtasn1 function. - * - * Since: 1.6 - **/ -void -asn1_perror (int error) -{ - const char *str = asn1_strerror (error); - fprintf (stderr, "LIBTASN1 ERROR: %s\n", str ? str : "(null)"); -} - -/** - * asn1_strerror: - * @error: is an error returned by a libtasn1 function. - * - * Returns a string with a description of an error. This function is - * similar to strerror. The only difference is that it accepts an - * error (number) returned by a libtasn1 function. - * - * Returns: Pointer to static zero-terminated string describing error - * code. - * - * Since: 1.6 - **/ -const char * -asn1_strerror (int error) -{ - const libtasn1_error_entry *p; - - for (p = error_algorithms; p->name != NULL; p++) - if (p->number == error) - return p->name + sizeof ("ASN1_") - 1; - - return NULL; -} diff --git a/lib/minitasn1/gstr.c b/lib/minitasn1/gstr.c deleted file mode 100644 index e91a3a151c..0000000000 --- a/lib/minitasn1/gstr.c +++ /dev/null @@ -1,74 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#include <int.h> -#include "gstr.h" - -/* These function are like strcat, strcpy. They only - * do bounds checking (they shouldn't cause buffer overruns), - * and they always produce null terminated strings. - * - * They should be used only with null terminated strings. - */ -void -_asn1_str_cat (char *dest, size_t dest_tot_size, const char *src) -{ - size_t str_size = strlen (src); - size_t dest_size = strlen (dest); - - if (dest_tot_size - dest_size > str_size) - { - strcat (dest, src); - } - else - { - if (dest_tot_size - dest_size > 0) - { - strncat (dest, src, (dest_tot_size - dest_size) - 1); - dest[dest_tot_size - 1] = 0; - } - } -} - -/* Returns the bytes copied (not including the null terminator) */ -unsigned int -_asn1_str_cpy (char *dest, size_t dest_tot_size, const char *src) -{ - size_t str_size = strlen (src); - - if (dest_tot_size > str_size) - { - strcpy (dest, src); - return str_size; - } - else - { - if (dest_tot_size > 0) - { - str_size = dest_tot_size - 1; - memcpy (dest, src, str_size); - dest[str_size] = 0; - return str_size; - } - else - return 0; - } -} diff --git a/lib/minitasn1/gstr.h b/lib/minitasn1/gstr.h deleted file mode 100644 index 00c335ca93..0000000000 --- a/lib/minitasn1/gstr.h +++ /dev/null @@ -1,42 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -unsigned int _asn1_str_cpy (char *dest, size_t dest_tot_size, - const char *src); -void _asn1_str_cat (char *dest, size_t dest_tot_size, const char *src); - -#define Estrcpy(x,y) _asn1_str_cpy(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y) -#define Estrcat(x,y) _asn1_str_cat(x,ASN1_MAX_ERROR_DESCRIPTION_SIZE,y) - -inline static -void safe_memset(void *data, int c, size_t size) -{ - volatile unsigned volatile_zero = 0; - volatile char *vdata = (volatile char*)data; - - /* This is based on a nice trick for safe memset, - * sent by David Jacobson in the openssl-dev mailing list. - */ - - if (size > 0) do { - memset(data, c, size); - } while(vdata[volatile_zero] != c); -} diff --git a/lib/minitasn1/int.h b/lib/minitasn1/int.h deleted file mode 100644 index 7d2eea379c..0000000000 --- a/lib/minitasn1/int.h +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#ifndef INT_H -#define INT_H - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <string.h> -#include <stdlib.h> -#include <stdio.h> -#include <ctype.h> -#include <stdint.h> - -#ifdef HAVE_SYS_TYPES_H -#include <sys/types.h> -#endif - -#include <libtasn1.h> - -#define ASN1_SMALL_VALUE_SIZE 16 - -/* This structure is also in libtasn1.h, but then contains less - fields. You cannot make any modifications to these first fields - without breaking ABI. */ -struct asn1_node_st -{ - /* public fields: */ - char name[ASN1_MAX_NAME_SIZE + 1]; /* Node name */ - unsigned int name_hash; - unsigned int type; /* Node type */ - unsigned char *value; /* Node value */ - int value_len; - asn1_node down; /* Pointer to the son node */ - asn1_node right; /* Pointer to the brother node */ - asn1_node left; /* Pointer to the next list element */ - /* private fields: */ - unsigned char small_value[ASN1_SMALL_VALUE_SIZE]; /* For small values */ - - /* values used during decoding/coding */ - int tmp_ival; - unsigned start; /* the start of the DER sequence - if decoded */ - unsigned end; /* the end of the DER sequence - if decoded */ -}; - -typedef struct tag_and_class_st -{ - unsigned tag; - unsigned class; - const char *desc; -} tag_and_class_st; - -/* the types that are handled in _asn1_tags */ -#define CASE_HANDLED_ETYPES \ - case ASN1_ETYPE_NULL: \ - case ASN1_ETYPE_BOOLEAN: \ - case ASN1_ETYPE_INTEGER: \ - case ASN1_ETYPE_ENUMERATED: \ - case ASN1_ETYPE_OBJECT_ID: \ - case ASN1_ETYPE_OCTET_STRING: \ - case ASN1_ETYPE_GENERALSTRING: \ - case ASN1_ETYPE_NUMERIC_STRING: \ - case ASN1_ETYPE_IA5_STRING: \ - case ASN1_ETYPE_TELETEX_STRING: \ - case ASN1_ETYPE_PRINTABLE_STRING: \ - case ASN1_ETYPE_UNIVERSAL_STRING: \ - case ASN1_ETYPE_BMP_STRING: \ - case ASN1_ETYPE_UTF8_STRING: \ - case ASN1_ETYPE_VISIBLE_STRING: \ - case ASN1_ETYPE_BIT_STRING: \ - case ASN1_ETYPE_SEQUENCE: \ - case ASN1_ETYPE_SEQUENCE_OF: \ - case ASN1_ETYPE_SET: \ - case ASN1_ETYPE_UTC_TIME: \ - case ASN1_ETYPE_GENERALIZED_TIME: \ - case ASN1_ETYPE_SET_OF - -#define ETYPE_TAG(etype) (_asn1_tags[etype].tag) -#define ETYPE_CLASS(etype) (_asn1_tags[etype].class) -#define ETYPE_OK(etype) (((etype) != ASN1_ETYPE_INVALID && \ - (etype) <= _asn1_tags_size && \ - _asn1_tags[(etype)].desc != NULL)?1:0) - -#define ETYPE_IS_STRING(etype) ((etype == ASN1_ETYPE_GENERALSTRING || \ - etype == ASN1_ETYPE_NUMERIC_STRING || etype == ASN1_ETYPE_IA5_STRING || \ - etype == ASN1_ETYPE_TELETEX_STRING || etype == ASN1_ETYPE_PRINTABLE_STRING || \ - etype == ASN1_ETYPE_UNIVERSAL_STRING || etype == ASN1_ETYPE_BMP_STRING || \ - etype == ASN1_ETYPE_UTF8_STRING || etype == ASN1_ETYPE_VISIBLE_STRING || \ - etype == ASN1_ETYPE_OCTET_STRING)?1:0) - -extern unsigned int _asn1_tags_size; -extern const tag_and_class_st _asn1_tags[]; - -#define _asn1_strlen(s) strlen((const char *) s) -#define _asn1_strtol(n,e,b) strtol((const char *) n, e, b) -#define _asn1_strtoul(n,e,b) strtoul((const char *) n, e, b) -#define _asn1_strcmp(a,b) strcmp((const char *)a, (const char *)b) -#define _asn1_strcpy(a,b) strcpy((char *)a, (const char *)b) -#define _asn1_strcat(a,b) strcat((char *)a, (const char *)b) - -#if SIZEOF_UNSIGNED_LONG_INT == 8 -# define _asn1_strtou64(n,e,b) strtoul((const char *) n, e, b) -#else -# define _asn1_strtou64(n,e,b) strtoull((const char *) n, e, b) -#endif - -#define MAX_LOG_SIZE 1024 /* maximum number of characters of a log message */ - -/* Define used for visiting trees. */ -#define UP 1 -#define RIGHT 2 -#define DOWN 3 - -/***********************************************************************/ -/* List of constants to better specify the type of typedef asn1_node_st. */ -/***********************************************************************/ -/* Used with TYPE_TAG */ -#define CONST_UNIVERSAL (1<<8) -#define CONST_PRIVATE (1<<9) -#define CONST_APPLICATION (1<<10) -#define CONST_EXPLICIT (1<<11) -#define CONST_IMPLICIT (1<<12) - -#define CONST_TAG (1<<13) /* Used in ASN.1 assignement */ -#define CONST_OPTION (1<<14) -#define CONST_DEFAULT (1<<15) -#define CONST_TRUE (1<<16) -#define CONST_FALSE (1<<17) - -#define CONST_LIST (1<<18) /* Used with TYPE_INTEGER and TYPE_BIT_STRING */ -#define CONST_MIN_MAX (1<<19) - -#define CONST_1_PARAM (1<<20) - -#define CONST_SIZE (1<<21) - -#define CONST_DEFINED_BY (1<<22) - -/* Those two are deprecated and used for backwards compatibility */ -#define CONST_GENERALIZED (1<<23) -#define CONST_UTC (1<<24) - -/* #define CONST_IMPORTS (1<<25) */ - -#define CONST_NOT_USED (1<<26) -#define CONST_SET (1<<27) -#define CONST_ASSIGN (1<<28) - -#define CONST_DOWN (1<<29) -#define CONST_RIGHT (1<<30) - - -#define ASN1_ETYPE_TIME 17 -/****************************************/ -/* Returns the first 8 bits. */ -/* Used with the field type of asn1_node_st */ -/****************************************/ -inline static unsigned int -type_field (unsigned int ntype) -{ - return (ntype & 0xff); -} - -/* To convert old types from a static structure */ -inline static unsigned int -convert_old_type (unsigned int ntype) -{ - unsigned int type = ntype & 0xff; - if (type == ASN1_ETYPE_TIME) - { - if (ntype & CONST_UTC) - type = ASN1_ETYPE_UTC_TIME; - else - type = ASN1_ETYPE_GENERALIZED_TIME; - - ntype &= ~(CONST_UTC | CONST_GENERALIZED); - ntype &= 0xffffff00; - ntype |= type; - - return ntype; - } - else - return ntype; -} - -static inline -void *_asn1_realloc(void *ptr, size_t size) -{ - void *ret; - - if (size == 0) - return ptr; - - ret = realloc(ptr, size); - if (ret == NULL) - { - free(ptr); - } - return ret; -} - -#endif /* INT_H */ diff --git a/lib/minitasn1/libtasn1.h b/lib/minitasn1/libtasn1.h deleted file mode 100644 index 626b11ec67..0000000000 --- a/lib/minitasn1/libtasn1.h +++ /dev/null @@ -1,405 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * LIBTASN1 is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * LIBTASN1 is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with LIBTASN1; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - * - */ - -#ifndef LIBTASN1_H -#define LIBTASN1_H - -#ifndef ASN1_API -#if defined ASN1_BUILDING && defined HAVE_VISIBILITY && HAVE_VISIBILITY -#define ASN1_API __attribute__((__visibility__("default"))) -#elif defined ASN1_BUILDING && defined _MSC_VER && ! defined ASN1_STATIC -#define ASN1_API __declspec(dllexport) -#elif defined _MSC_VER && ! defined ASN1_STATIC -#define ASN1_API __declspec(dllimport) -#else -#define ASN1_API -#endif -#endif - -#include <sys/types.h> -#include <time.h> -#include <stdio.h> /* for FILE* */ - -#ifdef __cplusplus -extern "C" -{ -#endif - -#define ASN1_VERSION "4.12" - -#if defined(__GNUC__) && !defined(ASN1_INTERNAL_BUILD) -# define _ASN1_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -# if _ASN1_GCC_VERSION >= 30100 -# define _ASN1_GCC_ATTR_DEPRECATED __attribute__ ((__deprecated__)) -# endif -#endif - -#ifndef _ASN1_GCC_ATTR_DEPRECATED -#define _ASN1_GCC_ATTR_DEPRECATED -#endif - - /*****************************************/ - /* Errors returned by libtasn1 functions */ - /*****************************************/ -#define ASN1_SUCCESS 0 -#define ASN1_FILE_NOT_FOUND 1 -#define ASN1_ELEMENT_NOT_FOUND 2 -#define ASN1_IDENTIFIER_NOT_FOUND 3 -#define ASN1_DER_ERROR 4 -#define ASN1_VALUE_NOT_FOUND 5 -#define ASN1_GENERIC_ERROR 6 -#define ASN1_VALUE_NOT_VALID 7 -#define ASN1_TAG_ERROR 8 -#define ASN1_TAG_IMPLICIT 9 -#define ASN1_ERROR_TYPE_ANY 10 -#define ASN1_SYNTAX_ERROR 11 -#define ASN1_MEM_ERROR 12 -#define ASN1_MEM_ALLOC_ERROR 13 -#define ASN1_DER_OVERFLOW 14 -#define ASN1_NAME_TOO_LONG 15 -#define ASN1_ARRAY_ERROR 16 -#define ASN1_ELEMENT_NOT_EMPTY 17 -#define ASN1_TIME_ENCODING_ERROR 18 - - /*************************************/ - /* Constants used in asn1_visit_tree */ - /*************************************/ -#define ASN1_PRINT_NAME 1 -#define ASN1_PRINT_NAME_TYPE 2 -#define ASN1_PRINT_NAME_TYPE_VALUE 3 -#define ASN1_PRINT_ALL 4 - - /*****************************************/ - /* Constants returned by asn1_read_tag */ - /*****************************************/ -#define ASN1_CLASS_UNIVERSAL 0x00 /* old: 1 */ -#define ASN1_CLASS_APPLICATION 0x40 /* old: 2 */ -#define ASN1_CLASS_CONTEXT_SPECIFIC 0x80 /* old: 3 */ -#define ASN1_CLASS_PRIVATE 0xC0 /* old: 4 */ -#define ASN1_CLASS_STRUCTURED 0x20 - - /*****************************************/ - /* Constants returned by asn1_read_tag */ - /*****************************************/ -#define ASN1_TAG_BOOLEAN 0x01 -#define ASN1_TAG_INTEGER 0x02 -#define ASN1_TAG_SEQUENCE 0x10 -#define ASN1_TAG_SET 0x11 -#define ASN1_TAG_OCTET_STRING 0x04 -#define ASN1_TAG_BIT_STRING 0x03 -#define ASN1_TAG_UTCTime 0x17 -#define ASN1_TAG_GENERALIZEDTime 0x18 -#define ASN1_TAG_OBJECT_ID 0x06 -#define ASN1_TAG_ENUMERATED 0x0A -#define ASN1_TAG_NULL 0x05 -#define ASN1_TAG_GENERALSTRING 0x1B -#define ASN1_TAG_NUMERIC_STRING 0x12 -#define ASN1_TAG_IA5_STRING 0x16 -#define ASN1_TAG_TELETEX_STRING 0x14 -#define ASN1_TAG_PRINTABLE_STRING 0x13 -#define ASN1_TAG_UNIVERSAL_STRING 0x1C -#define ASN1_TAG_BMP_STRING 0x1E -#define ASN1_TAG_UTF8_STRING 0x0C -#define ASN1_TAG_VISIBLE_STRING 0x1A - - /******************************************************/ - /* Structure definition used for the node of the tree */ - /* that represent an ASN.1 DEFINITION. */ - /******************************************************/ - - typedef struct asn1_node_st asn1_node_st; - - typedef asn1_node_st *asn1_node; - - /* maximum number of characters of a name */ - /* inside a file with ASN1 definitons */ -#define ASN1_MAX_NAME_SIZE 64 - - - /*****************************************/ - /* For the on-disk format of ASN.1 trees */ - /*****************************************/ - struct asn1_static_node_st - { - const char *name; /* Node name */ - unsigned int type; /* Node type */ - const void *value; /* Node value */ - }; - typedef struct asn1_static_node_st asn1_static_node; - -/* List of constants for field type of node_asn */ -#define ASN1_ETYPE_INVALID 0 -#define ASN1_ETYPE_CONSTANT 1 -#define ASN1_ETYPE_IDENTIFIER 2 -#define ASN1_ETYPE_INTEGER 3 -#define ASN1_ETYPE_BOOLEAN 4 -#define ASN1_ETYPE_SEQUENCE 5 -#define ASN1_ETYPE_BIT_STRING 6 -#define ASN1_ETYPE_OCTET_STRING 7 -#define ASN1_ETYPE_TAG 8 -#define ASN1_ETYPE_DEFAULT 9 -#define ASN1_ETYPE_SIZE 10 -#define ASN1_ETYPE_SEQUENCE_OF 11 -#define ASN1_ETYPE_OBJECT_ID 12 -#define ASN1_ETYPE_ANY 13 -#define ASN1_ETYPE_SET 14 -#define ASN1_ETYPE_SET_OF 15 -#define ASN1_ETYPE_DEFINITIONS 16 -#define ASN1_ETYPE_CHOICE 18 -#define ASN1_ETYPE_IMPORTS 19 -#define ASN1_ETYPE_NULL 20 -#define ASN1_ETYPE_ENUMERATED 21 -#define ASN1_ETYPE_GENERALSTRING 27 -#define ASN1_ETYPE_NUMERIC_STRING 28 -#define ASN1_ETYPE_IA5_STRING 29 -#define ASN1_ETYPE_TELETEX_STRING 30 -#define ASN1_ETYPE_PRINTABLE_STRING 31 -#define ASN1_ETYPE_UNIVERSAL_STRING 32 -#define ASN1_ETYPE_BMP_STRING 33 -#define ASN1_ETYPE_UTF8_STRING 34 -#define ASN1_ETYPE_VISIBLE_STRING 35 -#define ASN1_ETYPE_UTC_TIME 36 -#define ASN1_ETYPE_GENERALIZED_TIME 37 - -/* Flags used by asn1_delete_structure2() */ - -/* makes sure the values are zeroized prior to deinitialization */ -#define ASN1_DELETE_FLAG_ZEROIZE 1 - -/* Flags used by asn1_der_decoding2(). */ - -/* This flag would allow arbitrary data past the DER data */ -#define ASN1_DECODE_FLAG_ALLOW_PADDING 1 -/* This flag would ensure that no BER decoding takes place */ -#define ASN1_DECODE_FLAG_STRICT_DER (1<<1) -/* This flag will tolerate Time encoding errors when in strict DER */ -#define ASN1_DECODE_FLAG_ALLOW_INCORRECT_TIME (1<<2) - - - struct asn1_data_node_st - { - const char *name; /* Node name */ - const void *value; /* Node value */ - unsigned int value_len; /* Node value size */ - unsigned int type; /* Node value type (ASN1_ETYPE_*) */ - }; - typedef struct asn1_data_node_st asn1_data_node_st; - - /***********************************/ - /* Fixed constants */ - /***********************************/ - - - /* maximum number of characters */ - /* of a description message */ - /* (null character included) */ -#define ASN1_MAX_ERROR_DESCRIPTION_SIZE 128 - - /***********************************/ - /* Functions definitions */ - /***********************************/ - - extern ASN1_API int - asn1_parser2tree (const char *file, - asn1_node * definitions, char *error_desc); - - extern ASN1_API int - asn1_parser2array (const char *inputFileName, - const char *outputFileName, - const char *vectorName, char *error_desc); - - extern ASN1_API int - asn1_array2tree (const asn1_static_node * array, - asn1_node * definitions, char *errorDescription); - - extern ASN1_API void - asn1_print_structure (FILE * out, asn1_node structure, - const char *name, int mode); - - extern ASN1_API int - asn1_create_element (asn1_node definitions, - const char *source_name, asn1_node * element); - - extern ASN1_API int asn1_delete_structure (asn1_node * structure); - - extern ASN1_API int asn1_delete_structure2 (asn1_node * structure, unsigned int flags); - - extern ASN1_API int - asn1_delete_element (asn1_node structure, const char *element_name); - - extern ASN1_API int - asn1_write_value (asn1_node node_root, const char *name, - const void *ivalue, int len); - - extern ASN1_API int - asn1_read_value (asn1_node root, const char *name, - void *ivalue, int *len); - - extern ASN1_API int - asn1_read_value_type (asn1_node root, const char *name, - void *ivalue, int *len, unsigned int *etype); - - extern ASN1_API int - asn1_read_node_value (asn1_node node, asn1_data_node_st * data); - - extern ASN1_API int - asn1_number_of_elements (asn1_node element, const char *name, int *num); - - extern ASN1_API int - asn1_der_coding (asn1_node element, const char *name, - void *ider, int *len, char *ErrorDescription); - - extern ASN1_API int - asn1_der_decoding2 (asn1_node *element, const void *ider, - int *max_ider_len, unsigned int flags, - char *errorDescription); - - extern ASN1_API int - asn1_der_decoding (asn1_node * element, const void *ider, - int len, char *errorDescription); - - /* Do not use. Use asn1_der_decoding() instead. */ - extern ASN1_API int - asn1_der_decoding_element (asn1_node * structure, - const char *elementName, - const void *ider, int len, - char *errorDescription) _ASN1_GCC_ATTR_DEPRECATED; - - extern ASN1_API int - asn1_der_decoding_startEnd (asn1_node element, - const void *ider, int len, - const char *name_element, - int *start, int *end); - - extern ASN1_API int - asn1_expand_any_defined_by (asn1_node definitions, asn1_node * element); - - extern ASN1_API int - asn1_expand_octet_string (asn1_node definitions, - asn1_node * element, - const char *octetName, const char *objectName); - - extern ASN1_API int - asn1_read_tag (asn1_node root, const char *name, - int *tagValue, int *classValue); - - extern ASN1_API const char *asn1_find_structure_from_oid (asn1_node - definitions, - const char - *oidValue); - - extern ASN1_API const char *asn1_check_version (const char *req_version); - - extern ASN1_API const char *asn1_strerror (int error); - - extern ASN1_API void asn1_perror (int error); - -#define ASN1_MAX_TAG_SIZE 4 -#define ASN1_MAX_LENGTH_SIZE 9 -#define ASN1_MAX_TL_SIZE (ASN1_MAX_TAG_SIZE+ASN1_MAX_LENGTH_SIZE) - extern ASN1_API long - asn1_get_length_der (const unsigned char *der, int der_len, int *len); - - extern ASN1_API long - asn1_get_length_ber (const unsigned char *ber, int ber_len, int *len); - - extern ASN1_API void - asn1_length_der (unsigned long int len, unsigned char *der, int *der_len); - - /* Other utility functions. */ - - extern ASN1_API - int asn1_decode_simple_der (unsigned int etype, const unsigned char *der, - unsigned int der_len, - const unsigned char **str, - unsigned int *str_len); - - extern ASN1_API - int asn1_decode_simple_ber (unsigned int etype, const unsigned char *der, - unsigned int der_len, - unsigned char **str, - unsigned int *str_len, - unsigned int *ber_len); - - extern ASN1_API int - asn1_encode_simple_der (unsigned int etype, const unsigned char *str, - unsigned int str_len, unsigned char *tl, - unsigned int *tl_len); - - extern ASN1_API asn1_node - asn1_find_node (asn1_node pointer, const char *name); - - extern ASN1_API int - asn1_copy_node (asn1_node dst, const char *dst_name, - asn1_node src, const char *src_name); - extern ASN1_API asn1_node - asn1_dup_node (asn1_node src, const char *src_name); - - /* Internal and low-level DER utility functions. */ - - extern ASN1_API int - asn1_get_tag_der (const unsigned char *der, int der_len, - unsigned char *cls, int *len, unsigned long *tag); - - extern ASN1_API void - asn1_octet_der (const unsigned char *str, int str_len, - unsigned char *der, int *der_len); - - extern ASN1_API int - asn1_get_octet_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, - int str_size, int *str_len); - - extern ASN1_API void asn1_bit_der (const unsigned char *str, int bit_len, - unsigned char *der, int *der_len); - - extern ASN1_API int - asn1_get_bit_der (const unsigned char *der, int der_len, - int *ret_len, unsigned char *str, - int str_size, int *bit_len); - - extern ASN1_API int - asn1_get_object_id_der (const unsigned char *der, - int der_len, int *ret_len, - char *str, int str_size); - -/* Compatibility types */ - - typedef int asn1_retCode; /* type returned by libtasn1 functions */ - -#define node_asn_struct asn1_node_st -#define node_asn asn1_node_st -#define ASN1_TYPE asn1_node -#define ASN1_TYPE_EMPTY NULL - -#define static_struct_asn asn1_static_node_st -#define ASN1_ARRAY_TYPE asn1_static_node -#define asn1_static_node_t asn1_static_node - -#define node_data_struct asn1_data_node_st -#define ASN1_DATA_NODE asn1_data_node_st - -#ifdef __cplusplus -} -#endif - -#endif /* LIBTASN1_H */ diff --git a/lib/minitasn1/parser_aux.c b/lib/minitasn1/parser_aux.c deleted file mode 100644 index 786ea640a4..0000000000 --- a/lib/minitasn1/parser_aux.c +++ /dev/null @@ -1,1097 +0,0 @@ -/* - * Copyright (C) 2000-2016 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#include <int.h> -#include <hash-pjw-bare.h> -#include "parser_aux.h" -#include "gstr.h" -#include "structure.h" -#include "element.h" - -char _asn1_identifierMissing[ASN1_MAX_NAME_SIZE + 1]; /* identifier name not found */ - -/***********************************************/ -/* Type: list_type */ -/* Description: type used in the list during */ -/* the structure creation. */ -/***********************************************/ -typedef struct list_struct -{ - asn1_node node; - struct list_struct *next; -} list_type; - - -/* Pointer to the first element of the list */ -list_type *firstElement = NULL; - -/******************************************************/ -/* Function : _asn1_add_static_node */ -/* Description: creates a new NODE_ASN element and */ -/* puts it in the list pointed by firstElement. */ -/* Parameters: */ -/* type: type of the new element (see ASN1_ETYPE_ */ -/* and CONST_ constants). */ -/* Return: pointer to the new element. */ -/******************************************************/ -asn1_node -_asn1_add_static_node (unsigned int type) -{ - list_type *listElement; - asn1_node punt; - - punt = calloc (1, sizeof (struct asn1_node_st)); - if (punt == NULL) - return NULL; - - listElement = malloc (sizeof (list_type)); - if (listElement == NULL) - { - free (punt); - return NULL; - } - - listElement->node = punt; - listElement->next = firstElement; - firstElement = listElement; - - punt->type = type; - - return punt; -} - -/** - * asn1_find_node: - * @pointer: NODE_ASN element pointer. - * @name: null terminated string with the element's name to find. - * - * Searches for an element called @name starting from @pointer. The - * name is composed by different identifiers separated by dots. When - * *@pointer has a name, the first identifier must be the name of - * *@pointer, otherwise it must be the name of one child of *@pointer. - * - * Returns: the search result, or %NULL if not found. - **/ -asn1_node -asn1_find_node (asn1_node pointer, const char *name) -{ - asn1_node p; - char *n_end, n[ASN1_MAX_NAME_SIZE + 1]; - const char *n_start; - unsigned int nsize; - unsigned int nhash; - - if (pointer == NULL) - return NULL; - - if (name == NULL) - return NULL; - - p = pointer; - n_start = name; - - if (name[0] == '?' && name[1] == 'C' && p->name[0] == '?') - { /* ?CURRENT */ - n_start = strchr(n_start, '.'); - if (n_start) - n_start++; - } - else if (p->name[0] != 0) - { /* has *pointer got a name ? */ - n_end = strchr (n_start, '.'); /* search the first dot */ - if (n_end) - { - nsize = n_end - n_start; - if (nsize >= sizeof(n)) - return NULL; - - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; - n_start++; - - nhash = hash_pjw_bare (n, nsize); - } - else - { - nsize = _asn1_str_cpy (n, sizeof (n), n_start); - nhash = hash_pjw_bare (n, nsize); - - n_start = NULL; - } - - while (p) - { - if (nhash == p->name_hash && (!strcmp (p->name, n))) - break; - else - p = p->right; - } /* while */ - - if (p == NULL) - return NULL; - } - else - { /* *pointer doesn't have a name */ - if (n_start[0] == 0) - return p; - } - - while (n_start) - { /* Has the end of NAME been reached? */ - n_end = strchr (n_start, '.'); /* search the next dot */ - if (n_end) - { - nsize = n_end - n_start; - if (nsize >= sizeof(n)) - return NULL; - - memcpy (n, n_start, nsize); - n[nsize] = 0; - n_start = n_end; - n_start++; - - nhash = hash_pjw_bare (n, nsize); - } - else - { - nsize = _asn1_str_cpy (n, sizeof (n), n_start); - nhash = hash_pjw_bare (n, nsize); - n_start = NULL; - } - - if (p->down == NULL) - return NULL; - - p = p->down; - if (p == NULL) - return NULL; - - /* The identifier "?LAST" indicates the last element - in the right chain. */ - if (n[0] == '?' && n[1] == 'L') /* ?LAST */ - { - while (p->right) - p = p->right; - } - else - { /* no "?LAST" */ - while (p) - { - if (p->name_hash == nhash && !strcmp (p->name, n)) - break; - else - p = p->right; - } - } - if (p == NULL) - return NULL; - } /* while */ - - return p; -} - - -/******************************************************************/ -/* Function : _asn1_set_value */ -/* Description: sets the field VALUE in a NODE_ASN element. The */ -/* previous value (if exist) will be lost */ -/* Parameters: */ -/* node: element pointer. */ -/* value: pointer to the value that you want to set. */ -/* len: character number of value. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -asn1_node -_asn1_set_value (asn1_node node, const void *value, unsigned int len) -{ - if (node == NULL) - return node; - if (node->value) - { - if (node->value != node->small_value) - free (node->value); - node->value = NULL; - node->value_len = 0; - } - - if (!len) - return node; - - if (len < sizeof (node->small_value)) - { - node->value = node->small_value; - } - else - { - node->value = malloc (len); - if (node->value == NULL) - return NULL; - } - node->value_len = len; - - memcpy (node->value, value, len); - return node; -} - -/******************************************************************/ -/* Function : _asn1_set_value_lv */ -/* Description: sets the field VALUE in a NODE_ASN element. The */ -/* previous value (if exist) will be lost. The value */ -/* given is stored as an length-value format (LV */ -/* Parameters: */ -/* node: element pointer. */ -/* value: pointer to the value that you want to set. */ -/* len: character number of value. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -asn1_node -_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len) -{ - int len2; - void *temp; - - if (node == NULL) - return node; - - asn1_length_der (len, NULL, &len2); - temp = malloc (len + len2); - if (temp == NULL) - return NULL; - - asn1_octet_der (value, len, temp, &len2); - return _asn1_set_value_m (node, temp, len2); -} - -/* the same as _asn1_set_value except that it sets an already malloc'ed - * value. - */ -asn1_node -_asn1_set_value_m (asn1_node node, void *value, unsigned int len) -{ - if (node == NULL) - return node; - - if (node->value) - { - if (node->value != node->small_value) - free (node->value); - node->value = NULL; - node->value_len = 0; - } - - if (!len) - return node; - - node->value = value; - node->value_len = len; - - return node; -} - -/******************************************************************/ -/* Function : _asn1_append_value */ -/* Description: appends to the field VALUE in a NODE_ASN element. */ -/* */ -/* Parameters: */ -/* node: element pointer. */ -/* value: pointer to the value that you want to be appended. */ -/* len: character number of value. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -asn1_node -_asn1_append_value (asn1_node node, const void *value, unsigned int len) -{ - if (node == NULL) - return node; - - if (node->value == NULL) - return _asn1_set_value (node, value, len); - - if (len == 0) - return node; - - if (node->value == node->small_value) - { - /* value is in node */ - int prev_len = node->value_len; - node->value_len += len; - node->value = malloc (node->value_len); - if (node->value == NULL) - { - node->value_len = 0; - return NULL; - } - - if (prev_len > 0) - memcpy (node->value, node->small_value, prev_len); - - memcpy (&node->value[prev_len], value, len); - - return node; - } - else /* if (node->value != NULL && node->value != node->small_value) */ - { - /* value is allocated */ - int prev_len = node->value_len; - node->value_len += len; - - node->value = _asn1_realloc (node->value, node->value_len); - if (node->value == NULL) - { - node->value_len = 0; - return NULL; - } - - memcpy (&node->value[prev_len], value, len); - - return node; - } -} - -/******************************************************************/ -/* Function : _asn1_set_name */ -/* Description: sets the field NAME in a NODE_ASN element. The */ -/* previous value (if exist) will be lost */ -/* Parameters: */ -/* node: element pointer. */ -/* name: a null terminated string with the name that you want */ -/* to set. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -asn1_node -_asn1_set_name (asn1_node node, const char *name) -{ - unsigned int nsize; - - if (node == NULL) - return node; - - if (name == NULL) - { - node->name[0] = 0; - node->name_hash = hash_pjw_bare (node->name, 0); - return node; - } - - nsize = _asn1_str_cpy (node->name, sizeof (node->name), name); - node->name_hash = hash_pjw_bare (node->name, nsize); - - return node; -} - -/******************************************************************/ -/* Function : _asn1_cpy_name */ -/* Description: copies the field NAME in a NODE_ASN element. */ -/* Parameters: */ -/* dst: a dest element pointer. */ -/* src: a source element pointer. */ -/* Return: pointer to the NODE_ASN element. */ -/******************************************************************/ -asn1_node -_asn1_cpy_name (asn1_node dst, asn1_node src) -{ - if (dst == NULL) - return dst; - - if (src == NULL) - { - dst->name[0] = 0; - dst->name_hash = hash_pjw_bare (dst->name, 0); - return dst; - } - - _asn1_str_cpy (dst->name, sizeof (dst->name), src->name); - dst->name_hash = src->name_hash; - - return dst; -} - -/******************************************************************/ -/* Function : _asn1_set_right */ -/* Description: sets the field RIGHT in a NODE_ASN element. */ -/* Parameters: */ -/* node: element pointer. */ -/* right: pointer to a NODE_ASN element that you want be pointed*/ -/* by NODE. */ -/* Return: pointer to *NODE. */ -/******************************************************************/ -asn1_node -_asn1_set_right (asn1_node node, asn1_node right) -{ - if (node == NULL) - return node; - node->right = right; - if (right) - right->left = node; - return node; -} - - -/******************************************************************/ -/* Function : _asn1_get_last_right */ -/* Description: return the last element along the right chain. */ -/* Parameters: */ -/* node: starting element pointer. */ -/* Return: pointer to the last element along the right chain. */ -/******************************************************************/ -asn1_node -_asn1_get_last_right (asn1_node node) -{ - asn1_node p; - - if (node == NULL) - return NULL; - p = node; - while (p->right) - p = p->right; - return p; -} - -/******************************************************************/ -/* Function : _asn1_remove_node */ -/* Description: gets free the memory allocated for an NODE_ASN */ -/* element (not the elements pointed by it). */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* flags: ASN1_DELETE_FLAG_* */ -/******************************************************************/ -void -_asn1_remove_node (asn1_node node, unsigned int flags) -{ - if (node == NULL) - return; - - if (node->value != NULL) - { - if (flags & ASN1_DELETE_FLAG_ZEROIZE) - { - safe_memset(node->value, 0, node->value_len); - } - - if (node->value != node->small_value) - free (node->value); - } - free (node); -} - -/******************************************************************/ -/* Function : _asn1_find_up */ -/* Description: return the father of the NODE_ASN element. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: Null if not found. */ -/******************************************************************/ -asn1_node -_asn1_find_up (asn1_node node) -{ - asn1_node p; - - if (node == NULL) - return NULL; - - p = node; - - while ((p->left != NULL) && (p->left->right == p)) - p = p->left; - - return p->left; -} - -/******************************************************************/ -/* Function : _asn1_delete_list */ -/* Description: deletes the list elements (not the elements */ -/* pointed by them). */ -/******************************************************************/ -void -_asn1_delete_list (void) -{ - list_type *listElement; - - while (firstElement) - { - listElement = firstElement; - firstElement = firstElement->next; - free (listElement); - } -} - -/******************************************************************/ -/* Function : _asn1_delete_list_and nodes */ -/* Description: deletes the list elements and the elements */ -/* pointed by them. */ -/******************************************************************/ -void -_asn1_delete_list_and_nodes (void) -{ - list_type *listElement; - - while (firstElement) - { - listElement = firstElement; - firstElement = firstElement->next; - _asn1_remove_node (listElement->node, 0); - free (listElement); - } -} - - -char * -_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]) -{ - uint64_t d, r; - char temp[LTOSTR_MAX_SIZE]; - int count, k, start; - uint64_t val; - - if (v < 0) - { - str[0] = '-'; - start = 1; - val = -((uint64_t)v); - } - else - { - val = v; - start = 0; - } - - count = 0; - do - { - d = val / 10; - r = val - d * 10; - temp[start + count] = '0' + (char) r; - count++; - val = d; - } - while (val && ((start+count) < LTOSTR_MAX_SIZE-1)); - - for (k = 0; k < count; k++) - str[k + start] = temp[start + count - k - 1]; - str[count + start] = 0; - return str; -} - - -/******************************************************************/ -/* Function : _asn1_change_integer_value */ -/* Description: converts into DER coding the value assign to an */ -/* INTEGER constant. */ -/* Parameters: */ -/* node: root of an ASN1element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -int -_asn1_change_integer_value (asn1_node node) -{ - asn1_node p; - unsigned char val[SIZEOF_UNSIGNED_LONG_INT]; - unsigned char val2[SIZEOF_UNSIGNED_LONG_INT + 1]; - int len; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if ((type_field (p->type) == ASN1_ETYPE_INTEGER) - && (p->type & CONST_ASSIGN)) - { - if (p->value) - { - _asn1_convert_integer (p->value, val, sizeof (val), &len); - asn1_octet_der (val, len, val2, &len); - _asn1_set_value (p, val2, len); - } - } - - if (p->down) - { - p = p->down; - } - else - { - if (p == node) - p = NULL; - else if (p->right) - p = p->right; - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p && p->right) - { - p = p->right; - break; - } - } - } - } - } - - return ASN1_SUCCESS; -} - - -/******************************************************************/ -/* Function : _asn1_expand_object_id */ -/* Description: expand the IDs of an OBJECT IDENTIFIER constant. */ -/* Parameters: */ -/* node: root of an ASN1 element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -int -_asn1_expand_object_id (asn1_node node) -{ - asn1_node p, p2, p3, p4, p5; - char name_root[ASN1_MAX_NAME_SIZE], name2[2 * ASN1_MAX_NAME_SIZE + 1]; - int move, tlen; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - _asn1_str_cpy (name_root, sizeof (name_root), node->name); - - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) - && (p->type & CONST_ASSIGN)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT)) - { - if (p2->value && !isdigit (p2->value[0])) - { - _asn1_str_cpy (name2, sizeof (name2), name_root); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), - (char *) p2->value); - p3 = asn1_find_node (node, name2); - if (!p3 - || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) - || !(p3->type & CONST_ASSIGN)) - return ASN1_ELEMENT_NOT_FOUND; - _asn1_set_down (p, p2->right); - _asn1_remove_node (p2, 0); - p2 = p; - p4 = p3->down; - while (p4) - { - if (type_field (p4->type) == ASN1_ETYPE_CONSTANT) - { - p5 = - _asn1_add_single_node (ASN1_ETYPE_CONSTANT); - _asn1_set_name (p5, p4->name); - if (p4->value) - { - tlen = _asn1_strlen (p4->value); - if (tlen > 0) - _asn1_set_value (p5, p4->value, tlen + 1); - } - if (p2 == p) - { - _asn1_set_right (p5, p->down); - _asn1_set_down (p, p5); - } - else - { - _asn1_set_right (p5, p2->right); - _asn1_set_right (p2, p5); - } - p2 = p5; - } - p4 = p4->right; - } - move = DOWN; - continue; - } - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p && p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - - /*******************************/ - /* expand DEFAULT */ - /*******************************/ - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && - (p->type & CONST_DEFAULT)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) - { - _asn1_str_cpy (name2, sizeof (name2), name_root); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - p3 = asn1_find_node (node, name2); - if (!p3 || (type_field (p3->type) != ASN1_ETYPE_OBJECT_ID) - || !(p3->type & CONST_ASSIGN)) - return ASN1_ELEMENT_NOT_FOUND; - p4 = p3->down; - name2[0] = 0; - while (p4) - { - if (type_field (p4->type) == ASN1_ETYPE_CONSTANT) - { - if (p4->value == NULL) - return ASN1_VALUE_NOT_FOUND; - - if (name2[0]) - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), - (char *) p4->value); - } - p4 = p4->right; - } - tlen = strlen (name2); - if (tlen > 0) - _asn1_set_value (p2, name2, tlen + 1); - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p && p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - - -/******************************************************************/ -/* Function : _asn1_type_set_config */ -/* Description: sets the CONST_SET and CONST_NOT_USED properties */ -/* in the fields of the SET elements. */ -/* Parameters: */ -/* node: root of an ASN1 element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -int -_asn1_type_set_config (asn1_node node) -{ - asn1_node p, p2; - int move; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if (type_field (p->type) == ASN1_ETYPE_SET) - { - p2 = p->down; - while (p2) - { - if (type_field (p2->type) != ASN1_ETYPE_TAG) - p2->type |= CONST_SET | CONST_NOT_USED; - p2 = p2->right; - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p && p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - - -/******************************************************************/ -/* Function : _asn1_check_identifier */ -/* Description: checks the definitions of all the identifiers */ -/* and the first element of an OBJECT_ID (e.g. {pkix 0 4}). */ -/* The _asn1_identifierMissing global variable is filled if */ -/* necessary. */ -/* Parameters: */ -/* node: root of an ASN1 element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL, */ -/* ASN1_IDENTIFIER_NOT_FOUND if an identifier is not defined, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -int -_asn1_check_identifier (asn1_node node) -{ - asn1_node p, p2; - char name2[ASN1_MAX_NAME_SIZE * 2 + 2]; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if (p->value && type_field (p->type) == ASN1_ETYPE_IDENTIFIER) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p->value); - p2 = asn1_find_node (node, name2); - if (p2 == NULL) - { - if (p->value) - _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p->value); - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); - return ASN1_IDENTIFIER_NOT_FOUND; - } - } - else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && - (p->type & CONST_DEFAULT)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == ASN1_ETYPE_DEFAULT)) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); - if (p2->value) - { - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); - } - else - _asn1_strcpy (_asn1_identifierMissing, "(null)"); - - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) || - !(p2->type & CONST_ASSIGN)) - return ASN1_IDENTIFIER_NOT_FOUND; - else - _asn1_identifierMissing[0] = 0; - } - } - else if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && - (p->type & CONST_ASSIGN)) - { - p2 = p->down; - if (p2 && (type_field (p2->type) == ASN1_ETYPE_CONSTANT)) - { - if (p2->value && !isdigit (p2->value[0])) - { - _asn1_str_cpy (name2, sizeof (name2), node->name); - _asn1_str_cat (name2, sizeof (name2), "."); - _asn1_str_cat (name2, sizeof (name2), (char *) p2->value); - _asn1_str_cpy (_asn1_identifierMissing, sizeof(_asn1_identifierMissing), (char*)p2->value); - - p2 = asn1_find_node (node, name2); - if (!p2 || (type_field (p2->type) != ASN1_ETYPE_OBJECT_ID) - || !(p2->type & CONST_ASSIGN)) - return ASN1_IDENTIFIER_NOT_FOUND; - else - _asn1_identifierMissing[0] = 0; - } - } - } - - if (p->down) - { - p = p->down; - } - else if (p->right) - p = p->right; - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p && p->right) - { - p = p->right; - break; - } - } - } - } - - return ASN1_SUCCESS; -} - - -/******************************************************************/ -/* Function : _asn1_set_default_tag */ -/* Description: sets the default IMPLICIT or EXPLICIT property in */ -/* the tagged elements that don't have this declaration. */ -/* Parameters: */ -/* node: pointer to a DEFINITIONS element. */ -/* Return: */ -/* ASN1_ELEMENT_NOT_FOUND if NODE is NULL or not a pointer to */ -/* a DEFINITIONS element, */ -/* otherwise ASN1_SUCCESS */ -/******************************************************************/ -int -_asn1_set_default_tag (asn1_node node) -{ - asn1_node p; - - if ((node == NULL) || (type_field (node->type) != ASN1_ETYPE_DEFINITIONS)) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - while (p) - { - if ((type_field (p->type) == ASN1_ETYPE_TAG) && - !(p->type & CONST_EXPLICIT) && !(p->type & CONST_IMPLICIT)) - { - if (node->type & CONST_EXPLICIT) - p->type |= CONST_EXPLICIT; - else - p->type |= CONST_IMPLICIT; - } - - if (p->down) - { - p = p->down; - } - else if (p->right) - p = p->right; - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == node) - { - p = NULL; - break; - } - if (p && p->right) - { - p = p->right; - break; - } - } - } - } - - return ASN1_SUCCESS; -} diff --git a/lib/minitasn1/parser_aux.h b/lib/minitasn1/parser_aux.h deleted file mode 100644 index 9f9183312e..0000000000 --- a/lib/minitasn1/parser_aux.h +++ /dev/null @@ -1,158 +0,0 @@ -/* - * Copyright (C) 2000-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#ifndef _PARSER_AUX_H -#define _PARSER_AUX_H - -/***************************************/ -/* Functions used by ASN.1 parser */ -/***************************************/ -asn1_node _asn1_add_static_node (unsigned int type); - -asn1_node -_asn1_set_value (asn1_node node, const void *value, unsigned int len); - -asn1_node _asn1_set_value_m (asn1_node node, void *value, unsigned int len); - -asn1_node -_asn1_set_value_lv (asn1_node node, const void *value, unsigned int len); - -asn1_node -_asn1_append_value (asn1_node node, const void *value, unsigned int len); - -asn1_node _asn1_set_name (asn1_node node, const char *name); - -asn1_node _asn1_cpy_name (asn1_node dst, asn1_node src); - -asn1_node _asn1_set_right (asn1_node node, asn1_node right); - -asn1_node _asn1_get_last_right (asn1_node node); - -void _asn1_remove_node (asn1_node node, unsigned int flags); - -void _asn1_delete_list (void); - -void _asn1_delete_list_and_nodes (void); - -/* Max 64-bit integer length is 20 chars + 1 for sign + 1 for null termination */ -#define LTOSTR_MAX_SIZE 22 -char *_asn1_ltostr (int64_t v, char str[LTOSTR_MAX_SIZE]); - -asn1_node _asn1_find_up (asn1_node node); - -int _asn1_change_integer_value (asn1_node node); - -int _asn1_expand_object_id (asn1_node node); - -int _asn1_type_set_config (asn1_node node); - -int _asn1_check_identifier (asn1_node node); - -int _asn1_set_default_tag (asn1_node node); - -/******************************************************************/ -/* Function : _asn1_get_right */ -/* Description: returns the element pointed by the RIGHT field of */ -/* a NODE_ASN element. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: field RIGHT of NODE. */ -/******************************************************************/ -inline static asn1_node -_asn1_get_right (asn1_node node) -{ - if (node == NULL) - return NULL; - return node->right; -} - -/******************************************************************/ -/* Function : _asn1_set_down */ -/* Description: sets the field DOWN in a NODE_ASN element. */ -/* Parameters: */ -/* node: element pointer. */ -/* down: pointer to a NODE_ASN element that you want be pointed */ -/* by NODE. */ -/* Return: pointer to *NODE. */ -/******************************************************************/ -inline static asn1_node -_asn1_set_down (asn1_node node, asn1_node down) -{ - if (node == NULL) - return node; - node->down = down; - if (down) - down->left = node; - return node; -} - -/******************************************************************/ -/* Function : _asn1_get_down */ -/* Description: returns the element pointed by the DOWN field of */ -/* a NODE_ASN element. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: field DOWN of NODE. */ -/******************************************************************/ -inline static asn1_node -_asn1_get_down (asn1_node node) -{ - if (node == NULL) - return NULL; - return node->down; -} - -/******************************************************************/ -/* Function : _asn1_get_name */ -/* Description: returns the name of a NODE_ASN element. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: a null terminated string. */ -/******************************************************************/ -inline static char * -_asn1_get_name (asn1_node node) -{ - if (node == NULL) - return NULL; - return node->name; -} - -/******************************************************************/ -/* Function : _asn1_mod_type */ -/* Description: change the field TYPE of an NODE_ASN element. */ -/* The new value is the old one | (bitwise or) the */ -/* paramener VALUE. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* value: the integer value that must be or-ed with the current */ -/* value of field TYPE. */ -/* Return: NODE pointer. */ -/******************************************************************/ -inline static asn1_node -_asn1_mod_type (asn1_node node, unsigned int value) -{ - if (node == NULL) - return node; - node->type |= value; - return node; -} - -#endif diff --git a/lib/minitasn1/structure.c b/lib/minitasn1/structure.c deleted file mode 100644 index 01715b138b..0000000000 --- a/lib/minitasn1/structure.c +++ /dev/null @@ -1,1197 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - - -/*****************************************************/ -/* File: structure.c */ -/* Description: Functions to create and delete an */ -/* ASN1 tree. */ -/*****************************************************/ - - -#include <int.h> -#include <structure.h> -#include "parser_aux.h" -#include <gstr.h> - - -extern char _asn1_identifierMissing[]; - - -/******************************************************/ -/* Function : _asn1_add_single_node */ -/* Description: creates a new NODE_ASN element. */ -/* Parameters: */ -/* type: type of the new element (see ASN1_ETYPE_ */ -/* and CONST_ constants). */ -/* Return: pointer to the new element. */ -/******************************************************/ -asn1_node -_asn1_add_single_node (unsigned int type) -{ - asn1_node punt; - - punt = calloc (1, sizeof (struct asn1_node_st)); - if (punt == NULL) - return NULL; - - punt->type = type; - - return punt; -} - - -/******************************************************************/ -/* Function : _asn1_find_left */ -/* Description: returns the NODE_ASN element with RIGHT field that*/ -/* points the element NODE. */ -/* Parameters: */ -/* node: NODE_ASN element pointer. */ -/* Return: NULL if not found. */ -/******************************************************************/ -asn1_node -_asn1_find_left (asn1_node node) -{ - if ((node == NULL) || (node->left == NULL) || (node->left->down == node)) - return NULL; - - return node->left; -} - - -int -_asn1_create_static_structure (asn1_node pointer, char *output_file_name, - char *vector_name) -{ - FILE *file; - asn1_node p; - unsigned long t; - - file = fopen (output_file_name, "w"); - - if (file == NULL) - return ASN1_FILE_NOT_FOUND; - - fprintf (file, "#if HAVE_CONFIG_H\n"); - fprintf (file, "# include \"config.h\"\n"); - fprintf (file, "#endif\n\n"); - - fprintf (file, "#include <libtasn1.h>\n\n"); - - fprintf (file, "const asn1_static_node %s[] = {\n", vector_name); - - p = pointer; - - while (p) - { - fprintf (file, " { "); - - if (p->name[0] != 0) - fprintf (file, "\"%s\", ", p->name); - else - fprintf (file, "NULL, "); - - t = p->type; - if (p->down) - t |= CONST_DOWN; - if (p->right) - t |= CONST_RIGHT; - - fprintf (file, "%lu, ", t); - - if (p->value) - fprintf (file, "\"%s\"},\n", p->value); - else - fprintf (file, "NULL },\n"); - - if (p->down) - { - p = p->down; - } - else if (p->right) - { - p = p->right; - } - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == pointer) - { - p = NULL; - break; - } - if (p->right) - { - p = p->right; - break; - } - } - } - } - - fprintf (file, " { NULL, 0, NULL }\n};\n"); - - fclose (file); - - return ASN1_SUCCESS; -} - - -/** - * asn1_array2tree: - * @array: specify the array that contains ASN.1 declarations - * @definitions: return the pointer to the structure created by - * *ARRAY ASN.1 declarations - * @errorDescription: return the error description. - * - * Creates the structures needed to manage the ASN.1 definitions. - * @array is a vector created by asn1_parser2array(). - * - * Returns: %ASN1_SUCCESS if structure was created correctly, - * %ASN1_ELEMENT_NOT_EMPTY if *@definitions not NULL, - * %ASN1_IDENTIFIER_NOT_FOUND if in the file there is an identifier - * that is not defined (see @errorDescription for more information), - * %ASN1_ARRAY_ERROR if the array pointed by @array is wrong. - **/ -int -asn1_array2tree (const asn1_static_node * array, asn1_node * definitions, - char *errorDescription) -{ - asn1_node p, p_last = NULL; - unsigned long k; - int move; - int result; - unsigned int type; - - if (errorDescription) - errorDescription[0] = 0; - - if (*definitions != NULL) - return ASN1_ELEMENT_NOT_EMPTY; - - move = UP; - - k = 0; - while (array[k].value || array[k].type || array[k].name) - { - type = convert_old_type (array[k].type); - - p = _asn1_add_static_node (type & (~CONST_DOWN)); - if (array[k].name) - _asn1_set_name (p, array[k].name); - if (array[k].value) - _asn1_set_value (p, array[k].value, strlen (array[k].value) + 1); - - if (*definitions == NULL) - *definitions = p; - - if (move == DOWN) - _asn1_set_down (p_last, p); - else if (move == RIGHT) - _asn1_set_right (p_last, p); - - p_last = p; - - if (type & CONST_DOWN) - move = DOWN; - else if (type & CONST_RIGHT) - move = RIGHT; - else - { - while (1) - { - if (p_last == *definitions) - break; - - p_last = _asn1_find_up (p_last); - - if (p_last == NULL) - break; - - if (p_last->type & CONST_RIGHT) - { - p_last->type &= ~CONST_RIGHT; - move = RIGHT; - break; - } - } /* while */ - } - k++; - } /* while */ - - if (p_last == *definitions) - { - result = _asn1_check_identifier (*definitions); - if (result == ASN1_SUCCESS) - { - _asn1_change_integer_value (*definitions); - _asn1_expand_object_id (*definitions); - } - } - else - { - result = ASN1_ARRAY_ERROR; - } - - if (errorDescription != NULL) - { - if (result == ASN1_IDENTIFIER_NOT_FOUND) - { - Estrcpy (errorDescription, ":: identifier '"); - Estrcat (errorDescription, _asn1_identifierMissing); - Estrcat (errorDescription, "' not found"); - } - else - errorDescription[0] = 0; - } - - if (result != ASN1_SUCCESS) - { - _asn1_delete_list_and_nodes (); - *definitions = NULL; - } - else - _asn1_delete_list (); - - return result; -} - -/** - * asn1_delete_structure: - * @structure: pointer to the structure that you want to delete. - * - * Deletes the structure *@structure. At the end, *@structure is set - * to NULL. - * - * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if - * *@structure was NULL. - **/ -int -asn1_delete_structure (asn1_node * structure) -{ - return asn1_delete_structure2(structure, 0); -} - -/** - * asn1_delete_structure2: - * @structure: pointer to the structure that you want to delete. - * @flags: additional flags (see %ASN1_DELETE_FLAG) - * - * Deletes the structure *@structure. At the end, *@structure is set - * to NULL. - * - * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if - * *@structure was NULL. - **/ -int -asn1_delete_structure2 (asn1_node * structure, unsigned int flags) -{ - asn1_node p, p2, p3; - - if (*structure == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = *structure; - while (p) - { - if (p->down) - { - p = p->down; - } - else - { /* no down */ - p2 = p->right; - if (p != *structure) - { - p3 = _asn1_find_up (p); - _asn1_set_down (p3, p2); - _asn1_remove_node (p, flags); - p = p3; - } - else - { /* p==root */ - p3 = _asn1_find_left (p); - if (!p3) - { - p3 = _asn1_find_up (p); - if (p3) - _asn1_set_down (p3, p2); - else - { - if (p->right) - p->right->left = NULL; - } - } - else - _asn1_set_right (p3, p2); - _asn1_remove_node (p, flags); - p = NULL; - } - } - } - - *structure = NULL; - return ASN1_SUCCESS; -} - - - -/** - * asn1_delete_element: - * @structure: pointer to the structure that contains the element you - * want to delete. - * @element_name: element's name you want to delete. - * - * Deletes the element named *@element_name inside *@structure. - * - * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if - * the @element_name was not found. - **/ -int -asn1_delete_element (asn1_node structure, const char *element_name) -{ - asn1_node p2, p3, source_node; - - source_node = asn1_find_node (structure, element_name); - - if (source_node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p2 = source_node->right; - p3 = _asn1_find_left (source_node); - if (!p3) - { - p3 = _asn1_find_up (source_node); - if (p3) - _asn1_set_down (p3, p2); - else if (source_node->right) - source_node->right->left = NULL; - } - else - _asn1_set_right (p3, p2); - - return asn1_delete_structure (&source_node); -} - -asn1_node -_asn1_copy_structure3 (asn1_node source_node) -{ - asn1_node dest_node, p_s, p_d, p_d_prev; - int move; - - if (source_node == NULL) - return NULL; - - dest_node = _asn1_add_single_node (source_node->type); - - p_s = source_node; - p_d = dest_node; - - move = DOWN; - - do - { - if (move != UP) - { - if (p_s->name[0] != 0) - _asn1_cpy_name (p_d, p_s); - if (p_s->value) - _asn1_set_value (p_d, p_s->value, p_s->value_len); - if (p_s->down) - { - p_s = p_s->down; - p_d_prev = p_d; - p_d = _asn1_add_single_node (p_s->type); - _asn1_set_down (p_d_prev, p_d); - continue; - } - p_d->start = p_s->start; - p_d->end = p_s->end; - } - - if (p_s == source_node) - break; - - if (p_s->right) - { - move = RIGHT; - p_s = p_s->right; - p_d_prev = p_d; - p_d = _asn1_add_single_node (p_s->type); - _asn1_set_right (p_d_prev, p_d); - } - else - { - move = UP; - p_s = _asn1_find_up (p_s); - p_d = _asn1_find_up (p_d); - } - } - while (p_s != source_node); - - return dest_node; -} - - -static asn1_node -_asn1_copy_structure2 (asn1_node root, const char *source_name) -{ - asn1_node source_node; - - source_node = asn1_find_node (root, source_name); - - return _asn1_copy_structure3 (source_node); - -} - - -static int -_asn1_type_choice_config (asn1_node node) -{ - asn1_node p, p2, p3, p4; - int move, tlen; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node; - move = DOWN; - - while (!((p == node) && (move == UP))) - { - if (move != UP) - { - if ((type_field (p->type) == ASN1_ETYPE_CHOICE) - && (p->type & CONST_TAG)) - { - p2 = p->down; - while (p2) - { - if (type_field (p2->type) != ASN1_ETYPE_TAG) - { - p2->type |= CONST_TAG; - p3 = _asn1_find_left (p2); - while (p3) - { - if (type_field (p3->type) == ASN1_ETYPE_TAG) - { - p4 = _asn1_add_single_node (p3->type); - tlen = _asn1_strlen (p3->value); - if (tlen > 0) - _asn1_set_value (p4, p3->value, tlen + 1); - _asn1_set_right (p4, p2->down); - _asn1_set_down (p2, p4); - } - p3 = _asn1_find_left (p3); - } - } - p2 = p2->right; - } - p->type &= ~(CONST_TAG); - p2 = p->down; - while (p2) - { - p3 = p2->right; - if (type_field (p2->type) == ASN1_ETYPE_TAG) - asn1_delete_structure (&p2); - p2 = p3; - } - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - - -static int -_asn1_expand_identifier (asn1_node * node, asn1_node root) -{ - asn1_node p, p2, p3; - char name2[ASN1_MAX_NAME_SIZE + 2]; - int move; - - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = *node; - move = DOWN; - - while (!((p == *node) && (move == UP))) - { - if (move != UP) - { - if (type_field (p->type) == ASN1_ETYPE_IDENTIFIER) - { - snprintf (name2, sizeof (name2), "%s.%s", root->name, p->value); - p2 = _asn1_copy_structure2 (root, name2); - if (p2 == NULL) - { - return ASN1_IDENTIFIER_NOT_FOUND; - } - _asn1_cpy_name (p2, p); - p2->right = p->right; - p2->left = p->left; - if (p->right) - p->right->left = p2; - p3 = p->down; - if (p3) - { - while (p3->right) - p3 = p3->right; - _asn1_set_right (p3, p2->down); - _asn1_set_down (p2, p->down); - } - - p3 = _asn1_find_left (p); - if (p3) - _asn1_set_right (p3, p2); - else - { - p3 = _asn1_find_up (p); - if (p3) - _asn1_set_down (p3, p2); - else - { - p2->left = NULL; - } - } - - if (p->type & CONST_SIZE) - p2->type |= CONST_SIZE; - if (p->type & CONST_TAG) - p2->type |= CONST_TAG; - if (p->type & CONST_OPTION) - p2->type |= CONST_OPTION; - if (p->type & CONST_DEFAULT) - p2->type |= CONST_DEFAULT; - if (p->type & CONST_SET) - p2->type |= CONST_SET; - if (p->type & CONST_NOT_USED) - p2->type |= CONST_NOT_USED; - - if (p == *node) - *node = p2; - _asn1_remove_node (p, 0); - p = p2; - move = DOWN; - continue; - } - move = DOWN; - } - else - move = RIGHT; - - if (move == DOWN) - { - if (p->down) - p = p->down; - else - move = RIGHT; - } - - if (p == *node) - { - move = UP; - continue; - } - - if (move == RIGHT) - { - if (p->right) - p = p->right; - else - move = UP; - } - if (move == UP) - p = _asn1_find_up (p); - } - - return ASN1_SUCCESS; -} - - -/** - * asn1_create_element: - * @definitions: pointer to the structure returned by "parser_asn1" function - * @source_name: the name of the type of the new structure (must be - * inside p_structure). - * @element: pointer to the structure created. - * - * Creates a structure of type @source_name. Example using - * "pkix.asn": - * - * rc = asn1_create_element(cert_def, "PKIX1.Certificate", certptr); - * - * Returns: %ASN1_SUCCESS if creation OK, %ASN1_ELEMENT_NOT_FOUND if - * @source_name is not known. - **/ -int -asn1_create_element (asn1_node definitions, const char *source_name, - asn1_node * element) -{ - asn1_node dest_node; - int res; - - dest_node = _asn1_copy_structure2 (definitions, source_name); - - if (dest_node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - _asn1_set_name (dest_node, ""); - - res = _asn1_expand_identifier (&dest_node, definitions); - _asn1_type_choice_config (dest_node); - - *element = dest_node; - - return res; -} - - -/** - * asn1_print_structure: - * @out: pointer to the output file (e.g. stdout). - * @structure: pointer to the structure that you want to visit. - * @name: an element of the structure - * @mode: specify how much of the structure to print, can be - * %ASN1_PRINT_NAME, %ASN1_PRINT_NAME_TYPE, - * %ASN1_PRINT_NAME_TYPE_VALUE, or %ASN1_PRINT_ALL. - * - * Prints on the @out file descriptor the structure's tree starting - * from the @name element inside the structure @structure. - **/ -void -asn1_print_structure (FILE * out, asn1_node structure, const char *name, - int mode) -{ - asn1_node p, root; - int k, indent = 0, len, len2, len3; - - if (out == NULL) - return; - - root = asn1_find_node (structure, name); - - if (root == NULL) - return; - - p = root; - while (p) - { - if (mode == ASN1_PRINT_ALL) - { - for (k = 0; k < indent; k++) - fprintf (out, " "); - fprintf (out, "name:"); - if (p->name[0] != 0) - fprintf (out, "%s ", p->name); - else - fprintf (out, "NULL "); - } - else - { - switch (type_field (p->type)) - { - case ASN1_ETYPE_CONSTANT: - case ASN1_ETYPE_TAG: - case ASN1_ETYPE_SIZE: - break; - default: - for (k = 0; k < indent; k++) - fprintf (out, " "); - fprintf (out, "name:"); - if (p->name[0] != 0) - fprintf (out, "%s ", p->name); - else - fprintf (out, "NULL "); - } - } - - if (mode != ASN1_PRINT_NAME) - { - unsigned type = type_field (p->type); - switch (type) - { - case ASN1_ETYPE_CONSTANT: - if (mode == ASN1_PRINT_ALL) - fprintf (out, "type:CONST"); - break; - case ASN1_ETYPE_TAG: - if (mode == ASN1_PRINT_ALL) - fprintf (out, "type:TAG"); - break; - case ASN1_ETYPE_SIZE: - if (mode == ASN1_PRINT_ALL) - fprintf (out, "type:SIZE"); - break; - case ASN1_ETYPE_DEFAULT: - fprintf (out, "type:DEFAULT"); - break; - case ASN1_ETYPE_IDENTIFIER: - fprintf (out, "type:IDENTIFIER"); - break; - case ASN1_ETYPE_ANY: - fprintf (out, "type:ANY"); - break; - case ASN1_ETYPE_CHOICE: - fprintf (out, "type:CHOICE"); - break; - case ASN1_ETYPE_DEFINITIONS: - fprintf (out, "type:DEFINITIONS"); - break; - CASE_HANDLED_ETYPES: - fprintf (out, "%s", _asn1_tags[type].desc); - break; - default: - break; - } - } - - if ((mode == ASN1_PRINT_NAME_TYPE_VALUE) || (mode == ASN1_PRINT_ALL)) - { - switch (type_field (p->type)) - { - case ASN1_ETYPE_CONSTANT: - if (mode == ASN1_PRINT_ALL) - if (p->value) - fprintf (out, " value:%s", p->value); - break; - case ASN1_ETYPE_TAG: - if (mode == ASN1_PRINT_ALL) - if (p->value) - fprintf (out, " value:%s", p->value); - break; - case ASN1_ETYPE_SIZE: - if (mode == ASN1_PRINT_ALL) - if (p->value) - fprintf (out, " value:%s", p->value); - break; - case ASN1_ETYPE_DEFAULT: - if (p->value) - fprintf (out, " value:%s", p->value); - else if (p->type & CONST_TRUE) - fprintf (out, " value:TRUE"); - else if (p->type & CONST_FALSE) - fprintf (out, " value:FALSE"); - break; - case ASN1_ETYPE_IDENTIFIER: - if (p->value) - fprintf (out, " value:%s", p->value); - break; - case ASN1_ETYPE_INTEGER: - if (p->value) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - fprintf (out, " value:0x"); - if (len > 0) - for (k = 0; k < len; k++) - fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); - } - break; - case ASN1_ETYPE_ENUMERATED: - if (p->value) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - fprintf (out, " value:0x"); - if (len > 0) - for (k = 0; k < len; k++) - fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); - } - break; - case ASN1_ETYPE_BOOLEAN: - if (p->value) - { - if (p->value[0] == 'T') - fprintf (out, " value:TRUE"); - else if (p->value[0] == 'F') - fprintf (out, " value:FALSE"); - } - break; - case ASN1_ETYPE_BIT_STRING: - if (p->value) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - if (len > 0) - { - fprintf (out, " value(%i):", - (len - 1) * 8 - (p->value[len2])); - for (k = 1; k < len; k++) - fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); - } - } - break; - case ASN1_ETYPE_GENERALIZED_TIME: - case ASN1_ETYPE_UTC_TIME: - if (p->value) - { - fprintf (out, " value:"); - for (k = 0; k < p->value_len; k++) - fprintf (out, "%c", (p->value)[k]); - } - break; - case ASN1_ETYPE_GENERALSTRING: - case ASN1_ETYPE_NUMERIC_STRING: - case ASN1_ETYPE_IA5_STRING: - case ASN1_ETYPE_TELETEX_STRING: - case ASN1_ETYPE_PRINTABLE_STRING: - case ASN1_ETYPE_UNIVERSAL_STRING: - case ASN1_ETYPE_UTF8_STRING: - case ASN1_ETYPE_VISIBLE_STRING: - if (p->value) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - fprintf (out, " value:"); - if (len > 0) - for (k = 0; k < len; k++) - fprintf (out, "%c", (p->value)[k + len2]); - } - break; - case ASN1_ETYPE_BMP_STRING: - case ASN1_ETYPE_OCTET_STRING: - if (p->value) - { - len2 = -1; - len = asn1_get_length_der (p->value, p->value_len, &len2); - fprintf (out, " value:"); - if (len > 0) - for (k = 0; k < len; k++) - fprintf (out, "%02x", (unsigned) (p->value)[k + len2]); - } - break; - case ASN1_ETYPE_OBJECT_ID: - if (p->value) - fprintf (out, " value:%s", p->value); - break; - case ASN1_ETYPE_ANY: - if (p->value) - { - len3 = -1; - len2 = asn1_get_length_der (p->value, p->value_len, &len3); - fprintf (out, " value:"); - if (len2 > 0) - for (k = 0; k < len2; k++) - fprintf (out, "%02x", (unsigned) (p->value)[k + len3]); - } - break; - case ASN1_ETYPE_SET: - case ASN1_ETYPE_SET_OF: - case ASN1_ETYPE_CHOICE: - case ASN1_ETYPE_DEFINITIONS: - case ASN1_ETYPE_SEQUENCE_OF: - case ASN1_ETYPE_SEQUENCE: - case ASN1_ETYPE_NULL: - break; - default: - break; - } - } - - if (mode == ASN1_PRINT_ALL) - { - if (p->type & 0x1FFFFF00) - { - fprintf (out, " attr:"); - if (p->type & CONST_UNIVERSAL) - fprintf (out, "UNIVERSAL,"); - if (p->type & CONST_PRIVATE) - fprintf (out, "PRIVATE,"); - if (p->type & CONST_APPLICATION) - fprintf (out, "APPLICATION,"); - if (p->type & CONST_EXPLICIT) - fprintf (out, "EXPLICIT,"); - if (p->type & CONST_IMPLICIT) - fprintf (out, "IMPLICIT,"); - if (p->type & CONST_TAG) - fprintf (out, "TAG,"); - if (p->type & CONST_DEFAULT) - fprintf (out, "DEFAULT,"); - if (p->type & CONST_TRUE) - fprintf (out, "TRUE,"); - if (p->type & CONST_FALSE) - fprintf (out, "FALSE,"); - if (p->type & CONST_LIST) - fprintf (out, "LIST,"); - if (p->type & CONST_MIN_MAX) - fprintf (out, "MIN_MAX,"); - if (p->type & CONST_OPTION) - fprintf (out, "OPTION,"); - if (p->type & CONST_1_PARAM) - fprintf (out, "1_PARAM,"); - if (p->type & CONST_SIZE) - fprintf (out, "SIZE,"); - if (p->type & CONST_DEFINED_BY) - fprintf (out, "DEF_BY,"); - if (p->type & CONST_GENERALIZED) - fprintf (out, "GENERALIZED,"); - if (p->type & CONST_UTC) - fprintf (out, "UTC,"); - if (p->type & CONST_SET) - fprintf (out, "SET,"); - if (p->type & CONST_NOT_USED) - fprintf (out, "NOT_USED,"); - if (p->type & CONST_ASSIGN) - fprintf (out, "ASSIGNMENT,"); - } - } - - if (mode == ASN1_PRINT_ALL) - { - fprintf (out, "\n"); - } - else - { - switch (type_field (p->type)) - { - case ASN1_ETYPE_CONSTANT: - case ASN1_ETYPE_TAG: - case ASN1_ETYPE_SIZE: - break; - default: - fprintf (out, "\n"); - } - } - - if (p->down) - { - p = p->down; - indent += 2; - } - else if (p == root) - { - p = NULL; - break; - } - else if (p->right) - p = p->right; - else - { - while (1) - { - p = _asn1_find_up (p); - if (p == root) - { - p = NULL; - break; - } - indent -= 2; - if (p->right) - { - p = p->right; - break; - } - } - } - } -} - - - -/** - * asn1_number_of_elements: - * @element: pointer to the root of an ASN1 structure. - * @name: the name of a sub-structure of ROOT. - * @num: pointer to an integer where the result will be stored - * - * Counts the number of elements of a sub-structure called NAME with - * names equal to "?1","?2", ... - * - * Returns: %ASN1_SUCCESS if successful, %ASN1_ELEMENT_NOT_FOUND if - * @name is not known, %ASN1_GENERIC_ERROR if pointer @num is %NULL. - **/ -int -asn1_number_of_elements (asn1_node element, const char *name, int *num) -{ - asn1_node node, p; - - if (num == NULL) - return ASN1_GENERIC_ERROR; - - *num = 0; - - node = asn1_find_node (element, name); - if (node == NULL) - return ASN1_ELEMENT_NOT_FOUND; - - p = node->down; - - while (p) - { - if (p->name[0] == '?') - (*num)++; - p = p->right; - } - - return ASN1_SUCCESS; -} - - -/** - * asn1_find_structure_from_oid: - * @definitions: ASN1 definitions - * @oidValue: value of the OID to search (e.g. "1.2.3.4"). - * - * Search the structure that is defined just after an OID definition. - * - * Returns: %NULL when @oidValue not found, otherwise the pointer to a - * constant string that contains the element name defined just after - * the OID. - **/ -const char * -asn1_find_structure_from_oid (asn1_node definitions, const char *oidValue) -{ - char name[2 * ASN1_MAX_NAME_SIZE + 1]; - char value[ASN1_MAX_NAME_SIZE]; - asn1_node p; - int len; - int result; - const char *definitionsName; - - if ((definitions == NULL) || (oidValue == NULL)) - return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ - - definitionsName = definitions->name; - - /* search the OBJECT_ID into definitions */ - p = definitions->down; - while (p) - { - if ((type_field (p->type) == ASN1_ETYPE_OBJECT_ID) && - (p->type & CONST_ASSIGN)) - { - snprintf(name, sizeof(name), "%s.%s", definitionsName, p->name); - - len = ASN1_MAX_NAME_SIZE; - result = asn1_read_value (definitions, name, value, &len); - - if ((result == ASN1_SUCCESS) && (!strcmp (oidValue, value))) - { - p = p->right; - if (p == NULL) /* reach the end of ASN1 definitions */ - return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ - - return p->name; - } - } - p = p->right; - } - - return NULL; /* ASN1_ELEMENT_NOT_FOUND; */ -} - -/** - * asn1_copy_node: - * @dst: Destination asn1 node. - * @dst_name: Field name in destination node. - * @src: Source asn1 node. - * @src_name: Field name in source node. - * - * Create a deep copy of a asn1_node variable. That - * function requires @dst to be expanded using asn1_create_element(). - * - * Returns: Return %ASN1_SUCCESS on success. - **/ -int -asn1_copy_node (asn1_node dst, const char *dst_name, - asn1_node src, const char *src_name) -{ - int result; - asn1_node dst_node; - void *data = NULL; - int size = 0; - - result = asn1_der_coding (src, src_name, NULL, &size, NULL); - if (result != ASN1_MEM_ERROR) - return result; - - data = malloc (size); - if (data == NULL) - return ASN1_MEM_ERROR; - - result = asn1_der_coding (src, src_name, data, &size, NULL); - if (result != ASN1_SUCCESS) - { - free (data); - return result; - } - - dst_node = asn1_find_node (dst, dst_name); - if (dst_node == NULL) - { - free (data); - return ASN1_ELEMENT_NOT_FOUND; - } - - result = asn1_der_decoding (&dst_node, data, size, NULL); - - free (data); - - return result; -} - -/** - * asn1_dup_node: - * @src: Source asn1 node. - * @src_name: Field name in source node. - * - * Create a deep copy of a asn1_node variable. This function - * will return an exact copy of the provided structure. - * - * Returns: Return %NULL on failure. - **/ -asn1_node -asn1_dup_node (asn1_node src, const char *src_name) -{ - return _asn1_copy_structure2(src, src_name); -} diff --git a/lib/minitasn1/structure.h b/lib/minitasn1/structure.h deleted file mode 100644 index bb6e7a9b9a..0000000000 --- a/lib/minitasn1/structure.h +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright (C) 2002-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -/*************************************************/ -/* File: structure.h */ -/* Description: list of exported object by */ -/* "structure.c" */ -/*************************************************/ - -#ifndef _STRUCTURE_H -#define _STRUCTURE_H - -int _asn1_create_static_structure (asn1_node pointer, - char *output_file_name, char *vector_name); - -asn1_node _asn1_copy_structure3 (asn1_node source_node); - -asn1_node _asn1_add_single_node (unsigned int type); - -asn1_node _asn1_find_left (asn1_node node); - -#endif diff --git a/lib/minitasn1/version.c b/lib/minitasn1/version.c deleted file mode 100644 index 25f8a8f28e..0000000000 --- a/lib/minitasn1/version.c +++ /dev/null @@ -1,51 +0,0 @@ -/* - * Copyright (C) 2000-2014 Free Software Foundation, Inc. - * - * This file is part of LIBTASN1. - * - * The LIBTASN1 library is free software; you can redistribute it - * and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - * - * This library is distributed in the hope that it will be useful, but - * WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA - * 02110-1301, USA - */ - -#ifdef HAVE_CONFIG_H -#include <config.h> -#endif - -#include <string.h> /* for strverscmp */ - -#include "libtasn1.h" - -/** - * asn1_check_version: - * @req_version: Required version number, or %NULL. - * - * Check that the version of the library is at minimum the - * requested one and return the version string; return %NULL if the - * condition is not satisfied. If a %NULL is passed to this function, - * no check is done, but the version string is simply returned. - * - * See %ASN1_VERSION for a suitable @req_version string. - * - * Returns: Version string of run-time library, or %NULL if the - * run-time library does not meet the required version number. - */ -const char * -asn1_check_version (const char *req_version) -{ - if (!req_version || strverscmp (req_version, ASN1_VERSION) <= 0) - return ASN1_VERSION; - - return NULL; -} diff --git a/lib/nettle/cipher.c b/lib/nettle/cipher.c index 70a6509f2b..69ed70213d 100644 --- a/lib/nettle/cipher.c +++ b/lib/nettle/cipher.c @@ -481,6 +481,23 @@ static const struct nettle_cipher_st builtin_ciphers[] = { .set_iv = (setiv_func)gcm_aes128_set_iv, .max_iv_size = GCM_IV_SIZE, }, + { .algo = GNUTLS_CIPHER_AES_192_GCM, + .block_size = AES_BLOCK_SIZE, + .key_size = AES192_KEY_SIZE, + .encrypt_block = (nettle_cipher_func*)aes192_encrypt, + .decrypt_block = (nettle_cipher_func*)aes192_decrypt, + + .ctx_size = sizeof(struct gcm_aes192_ctx), + .encrypt = _gcm_encrypt, + .decrypt = _gcm_decrypt, + .set_encrypt_key = (nettle_set_key_func*)gcm_aes192_set_key, + .set_decrypt_key = (nettle_set_key_func*)gcm_aes192_set_key, + + .tag = (nettle_hash_digest_func*)gcm_aes192_digest, + .auth = (nettle_hash_update_func*)gcm_aes192_update, + .set_iv = (setiv_func)gcm_aes192_set_iv, + .max_iv_size = GCM_IV_SIZE, + }, { .algo = GNUTLS_CIPHER_AES_256_GCM, .block_size = AES_BLOCK_SIZE, .key_size = AES256_KEY_SIZE, @@ -1030,6 +1047,7 @@ wrap_nettle_cipher_setiv(void *_ctx, const void *iv, size_t iv_size) switch (ctx->cipher->algo) { case GNUTLS_CIPHER_AES_128_GCM: + case GNUTLS_CIPHER_AES_192_GCM: case GNUTLS_CIPHER_AES_256_GCM: FIPS_RULE(iv_size < GCM_IV_SIZE, GNUTLS_E_INVALID_REQUEST, "access to short GCM nonce size\n"); break; diff --git a/lib/pkcs11.c b/lib/pkcs11.c index d03bf6e444..fad16aaf4f 100644 --- a/lib/pkcs11.c +++ b/lib/pkcs11.c @@ -889,7 +889,7 @@ static void compat_load(const char *configfile) if (configfile == NULL) configfile = "/etc/gnutls/pkcs11.conf"; - fp = fopen(configfile, "r"); + fp = fopen(configfile, "re"); if (fp == NULL) { gnutls_assert(); return; diff --git a/lib/priority.c b/lib/priority.c index ad99459adb..0a284ae1f1 100644 --- a/lib/priority.c +++ b/lib/priority.c @@ -1304,6 +1304,7 @@ static void _gnutls_update_system_priorities(void) { int ret; struct stat sb; + FILE *fp; if (stat(system_priority_file, &sb) < 0) { _gnutls_debug_log("cfg: unable to access: %s: %d\n", @@ -1321,7 +1322,14 @@ static void _gnutls_update_system_priorities(void) if (system_wide_priority_strings_init != 0) _name_val_array_clear(&system_wide_priority_strings); - ret = ini_parse(system_priority_file, cfg_ini_handler, NULL); + fp = fopen(system_priority_file, "re"); + if (fp == NULL) { + _gnutls_debug_log("cfg: unable to open: %s: %d\n", + system_priority_file, errno); + return; + } + ret = ini_parse_file(fp, cfg_ini_handler, NULL); + fclose(fp); if (ret != 0) { _gnutls_debug_log("cfg: unable to parse: %s: %d\n", system_priority_file, ret); diff --git a/lib/random.c b/lib/random.c index 6462738416..605fc8d51a 100644 --- a/lib/random.c +++ b/lib/random.c @@ -105,9 +105,9 @@ int _gnutls_rnd_preinit(void) #elif defined(ENABLE_FIPS140) /* The FIPS140 random generator is only enabled when we are compiled - * with FIPS support, _and_ the system requires FIPS140. + * with FIPS support, _and_ the system is in FIPS installed state. */ - if (_gnutls_fips_mode_enabled() == 1) { + if (_gnutls_fips_mode_enabled() != 0) { ret = gnutls_crypto_rnd_register(100, &_gnutls_fips_rnd_ops); if (ret < 0) return ret; diff --git a/lib/system/keys-win.c b/lib/system/keys-win.c index 678a668e49..f9a4b1ca9e 100644 --- a/lib/system/keys-win.c +++ b/lib/system/keys-win.c @@ -26,6 +26,7 @@ #define _WIN32_WINNT 0x600 #endif +#include <config.h> #include "gnutls_int.h" #include "errors.h" #include <gnutls/gnutls.h> @@ -45,8 +46,6 @@ #include <winbase.h> #include <winapifamily.h> -#define DYN_NCRYPT - #ifdef __MINGW32__ # include <_mingw.h> # ifdef __MINGW64_VERSION_MAJOR @@ -234,6 +233,7 @@ get_id(const char *url, uint8_t * bin, size_t * bin_size, unsigned cert) return 0; } +#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) static void *memrev(unsigned char *pvData, DWORD cbData) { @@ -437,6 +437,106 @@ static int capi_info(gnutls_privkey_t key, unsigned int flags, void *userdata) return -1; } +static +int privkey_import_capi(gnutls_privkey_t pkey, const char *url, + priv_st *priv, CRYPT_KEY_PROV_INFO *kpi) +{ + HCRYPTPROV hCryptProv = NULL; + int ret, enc_too = 0; + DWORD i, dwErrCode = 0; + + if (CryptAcquireContextW(&hCryptProv, + kpi->pwszContainerName, + kpi->pwszProvName, + kpi->dwProvType, kpi->dwFlags)) { + for (i = 0; i < kpi->cProvParam; i++) + if (!CryptSetProvParam(hCryptProv, + kpi->rgProvParam[i]. + dwParam, + kpi->rgProvParam[i]. + pbData, + kpi->rgProvParam[i]. + dwFlags)) { + dwErrCode = GetLastError(); + break; + }; + } else { + dwErrCode = GetLastError(); + } + + if (ERROR_SUCCESS != dwErrCode) { + _gnutls_debug_log + ("error in getting cryptprov: %d from %s\n", + (int)GetLastError(), url); + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + goto cleanup; + } + + { + BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2]; + PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf; + DWORD len = sizeof(buf); + + if (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_FIRST)) { + DWORD hash = 0; + do { + switch (pAlgo->aiAlgid) { + case CALG_RSA_SIGN: + priv->pk = GNUTLS_PK_RSA; + enc_too = 1; + break; + case CALG_DSS_SIGN: + priv->pk = + priv->pk == + GNUTLS_PK_RSA ? + GNUTLS_PK_RSA : + GNUTLS_PK_DSA; + break; + case CALG_SHA1: + hash = 1; + break; + case CALG_SHA_256: + hash = 256; + break; + default: + break; + } + + len = sizeof(buf); // reset the buffer size + } while (CryptGetProvParam + (hCryptProv, PP_ENUMALGS_EX, buf, &len, + CRYPT_NEXT)); + + if (priv->pk == GNUTLS_PK_DSA) + priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; + else + priv->sign_algo = + (hash > + 1) ? GNUTLS_SIGN_RSA_SHA256 : + GNUTLS_SIGN_RSA_SHA1; + } + } + + priv->hCryptProv = hCryptProv; + priv->dwKeySpec = kpi->dwKeySpec; + + ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign, + (enc_too != + 0) ? capi_decrypt : NULL, + capi_deinit, capi_info, 0); + cleanup: + if (ret < 0) { + if (hCryptProv != 0) + CryptReleaseContext(hCryptProv, 0); + } + return ret; +} +#endif /* WINAPI_PARTITION_DESKTOP */ + static int cng_sign(gnutls_privkey_t key, void *userdata, const gnutls_datum_t * raw_data, gnutls_datum_t * signature) @@ -597,6 +697,70 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) return -1; } +static +int privkey_import_ncrypt(gnutls_privkey_t pkey, const char *url, + priv_st *priv, CRYPT_KEY_PROV_INFO *kpi, NCRYPT_PROV_HANDLE *sctx) +{ + SECURITY_STATUS r; + NCRYPT_KEY_HANDLE nc = NULL; + int ret, enc_too = 0; + WCHAR algo_str[64]; + DWORD algo_str_size = 0; + + r = pNCryptOpenKey(*sctx, &nc, kpi->pwszContainerName, 0, 0); + if (FAILED(r)) { + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + goto cleanup; + } + + r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY, + (BYTE *) algo_str, sizeof(algo_str), + &algo_str_size, 0); + if (FAILED(r)) { + ret = + gnutls_assert_val + (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); + goto cleanup; + } + + if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_RSA; + priv->sign_algo = GNUTLS_SIGN_RSA_SHA256; + enc_too = 1; + } else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_DSA; + priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; + } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_EC; + priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256; + } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_EC; + priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384; + } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) { + priv->pk = GNUTLS_PK_EC; + priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512; + } else { + _gnutls_debug_log("unknown key algorithm: %ls\n", + algo_str); + ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); + goto cleanup; + } + priv->nc = nc; + + ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign, + (enc_too != + 0) ? cng_decrypt : NULL, + cng_deinit, cng_info, 0); + cleanup: + if (ret < 0) { + if (nc != 0) + pNCryptFreeObject(nc); + } + return ret; +} + /*- * _gnutls_privkey_import_system: * @pkey: The private key @@ -613,25 +777,20 @@ static int cng_info(gnutls_privkey_t key, unsigned int flags, void *userdata) -*/ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) { -#if WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_APP) +#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) && _WIN32_WINNT < 0x0A00 /*win10 */ return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); -#else +#else /* WINAPI_PARTITION_DESKTOP || _WIN32_WINNT_WIN10 */ uint8_t id[MAX_WID_SIZE]; HCERTSTORE store = NULL; size_t id_size; const CERT_CONTEXT *cert = NULL; CRYPT_HASH_BLOB blob; CRYPT_KEY_PROV_INFO *kpi = NULL; - NCRYPT_KEY_HANDLE nc = NULL; - HCRYPTPROV hCryptProv = NULL; NCRYPT_PROV_HANDLE sctx = NULL; DWORD kpi_size; SECURITY_STATUS r; - int ret, enc_too = 0; - WCHAR algo_str[64]; - DWORD algo_str_size = 0; + int ret; priv_st *priv; - DWORD i, dwErrCode = 0; if (ncrypt_init == 0) return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); @@ -702,157 +861,31 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) r = pNCryptOpenStorageProvider(&sctx, kpi->pwszProvName, 0); if (!FAILED(r)) { /* if this works carry on with CNG */ - r = pNCryptOpenKey(sctx, &nc, kpi->pwszContainerName, 0, 0); - if (FAILED(r)) { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - goto cleanup; - } - - r = pNCryptGetProperty(nc, NCRYPT_ALGORITHM_PROPERTY, - (BYTE *) algo_str, sizeof(algo_str), - &algo_str_size, 0); - if (FAILED(r)) { - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - goto cleanup; - } - - if (StrCmpW(algo_str, BCRYPT_RSA_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_RSA; - priv->sign_algo = GNUTLS_SIGN_RSA_SHA256; - enc_too = 1; - } else if (StrCmpW(algo_str, BCRYPT_DSA_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_DSA; - priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; - } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P256_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_EC; - priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA256; - } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P384_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_EC; - priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA384; - } else if (StrCmpW(algo_str, BCRYPT_ECDSA_P521_ALGORITHM) == 0) { - priv->pk = GNUTLS_PK_EC; - priv->sign_algo = GNUTLS_SIGN_ECDSA_SHA512; - } else { - _gnutls_debug_log("unknown key algorithm: %ls\n", - algo_str); - ret = gnutls_assert_val(GNUTLS_E_UNKNOWN_PK_ALGORITHM); - goto cleanup; - } - priv->nc = nc; - - ret = gnutls_privkey_import_ext3(pkey, priv, cng_sign, - (enc_too != - 0) ? cng_decrypt : NULL, - cng_deinit, cng_info, 0); + ret = privkey_import_ncrypt(pkey, url, priv, kpi, &sctx); if (ret < 0) { gnutls_assert(); goto cleanup; } } else { +#if !WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP) + /* CAPI is not supported in UWP */ + return gnutls_assert_val(GNUTLS_E_UNIMPLEMENTED_FEATURE); +#else /* WINAPI_PARTITION_DESKTOP */ /* this should be CAPI */ _gnutls_debug_log ("error in opening CNG keystore: %x from %ls\n", (int)r, kpi->pwszProvName); - if (CryptAcquireContextW(&hCryptProv, - kpi->pwszContainerName, - kpi->pwszProvName, - kpi->dwProvType, kpi->dwFlags)) { - for (i = 0; i < kpi->cProvParam; i++) - if (!CryptSetProvParam(hCryptProv, - kpi->rgProvParam[i]. - dwParam, - kpi->rgProvParam[i]. - pbData, - kpi->rgProvParam[i]. - dwFlags)) { - dwErrCode = GetLastError(); - break; - }; - } else { - dwErrCode = GetLastError(); - } - - if (ERROR_SUCCESS != dwErrCode) { - _gnutls_debug_log - ("error in getting cryptprov: %d from %s\n", - (int)GetLastError(), url); - ret = - gnutls_assert_val - (GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE); - goto cleanup; - } - - { - BYTE buf[100 + sizeof(PROV_ENUMALGS_EX) * 2]; - PROV_ENUMALGS_EX *pAlgo = (PROV_ENUMALGS_EX *) buf; - DWORD len = sizeof(buf); - - if (CryptGetProvParam - (hCryptProv, PP_ENUMALGS_EX, buf, &len, - CRYPT_FIRST)) { - DWORD hash = 0; - do { - switch (pAlgo->aiAlgid) { - case CALG_RSA_SIGN: - priv->pk = GNUTLS_PK_RSA; - enc_too = 1; - break; - case CALG_DSS_SIGN: - priv->pk = - priv->pk == - GNUTLS_PK_RSA ? - GNUTLS_PK_RSA : - GNUTLS_PK_DSA; - break; - case CALG_SHA1: - hash = 1; - break; - case CALG_SHA_256: - hash = 256; - break; - default: - break; - } - - len = sizeof(buf); // reset the buffer size - } while (CryptGetProvParam - (hCryptProv, PP_ENUMALGS_EX, buf, &len, - CRYPT_NEXT)); - - if (priv->pk == GNUTLS_PK_DSA) - priv->sign_algo = GNUTLS_SIGN_DSA_SHA1; - else - priv->sign_algo = - (hash > - 1) ? GNUTLS_SIGN_RSA_SHA256 : - GNUTLS_SIGN_RSA_SHA1; - } - } - - priv->hCryptProv = hCryptProv; - priv->dwKeySpec = kpi->dwKeySpec; - - ret = gnutls_privkey_import_ext3(pkey, priv, capi_sign, - (enc_too != - 0) ? capi_decrypt : NULL, - capi_deinit, capi_info, 0); + ret = privkey_import_capi(pkey, url, priv, kpi); if (ret < 0) { gnutls_assert(); goto cleanup; } +#endif /* WINAPI_PARTITION_DESKTOP */ } ret = 0; cleanup: if (ret < 0) { - if (nc != 0) - pNCryptFreeObject(nc); - if (hCryptProv != 0) - CryptReleaseContext(hCryptProv, 0); gnutls_free(priv); } if (sctx != 0) @@ -865,7 +898,7 @@ int _gnutls_privkey_import_system_url(gnutls_privkey_t pkey, const char *url) CertCloseStore(store, 0); return ret; -#endif +#endif /* WINAPI_PARTITION_DESKTOP || _WIN32_WINNT_WIN10 */ } int _gnutls_x509_crt_import_system_url(gnutls_x509_crt_t crt, const char *url) @@ -1487,13 +1520,16 @@ int _gnutls_system_key_init(void) ret = GNUTLS_E_CRYPTO_INIT_FAILED; goto fail; } -#endif ncrypt_init = 1; return 0; fail: FreeLibrary(ncrypt_lib); return ret; +#else + ncrypt_init = 1; + return 0; +#endif } void _gnutls_system_key_deinit(void) diff --git a/lib/verify-tofu.c b/lib/verify-tofu.c index 36328e04af..5cedeed118 100644 --- a/lib/verify-tofu.c +++ b/lib/verify-tofu.c @@ -326,7 +326,7 @@ static int verify_pubkey(const char *file, const char *host, const char *service, const gnutls_datum_t * pubkey) { - FILE *fd; + FILE *fp; char *line = NULL; size_t line_size = 0; int ret, l2, mismatch = 0; @@ -343,14 +343,14 @@ static int verify_pubkey(const char *file, if (service != NULL) service_len = strlen(service); - fd = fopen(file, "rb"); - if (fd == NULL) { + fp = fopen(file, "rbe"); + if (fp == NULL) { ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); goto cleanup; } do { - l2 = getline(&line, &line_size, fd); + l2 = getline(&line, &line_size, fp); if (l2 > 0) { ret = parse_line(line, host, host_len, service, @@ -371,8 +371,8 @@ static int verify_pubkey(const char *file, cleanup: free(line); - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); gnutls_free(b64key.data); return ret; @@ -400,7 +400,7 @@ int store_pubkey(const char *db_name, const char *host, const char *service, time_t expiration, const gnutls_datum_t * pubkey) { - FILE *fd = NULL; + FILE *fp = NULL; gnutls_datum_t b64key = { NULL, 0 }; int ret; @@ -414,8 +414,8 @@ int store_pubkey(const char *db_name, const char *host, goto cleanup; } - fd = fopen(db_name, "ab+"); - if (fd == NULL) { + fp = fopen(db_name, "abe+"); + if (fp == NULL) { ret = gnutls_assert_val(GNUTLS_E_FILE_ERROR); goto cleanup; } @@ -425,14 +425,14 @@ int store_pubkey(const char *db_name, const char *host, if (host == NULL) host = "*"; - fprintf(fd, "|g0|%s|%s|%lu|%.*s\n", host, service, + fprintf(fp, "|g0|%s|%s|%lu|%.*s\n", host, service, (unsigned long) expiration, b64key.size, b64key.data); ret = 0; cleanup: - if (fd != NULL) - fclose(fd); + if (fp != NULL) + fclose(fp); gnutls_mutex_unlock(&_gnutls_file_mutex); gnutls_free(b64key.data); @@ -446,11 +446,11 @@ int store_commitment(const char *db_name, const char *host, gnutls_digest_algorithm_t hash_algo, const gnutls_datum_t * hash) { - FILE *fd; + FILE *fp; char buffer[MAX_HASH_SIZE * 2 + 1]; - fd = fopen(db_name, "ab+"); - if (fd == NULL) + fp = fopen(db_name, "abe+"); + if (fp == NULL) return gnutls_assert_val(GNUTLS_E_FILE_ERROR); if (service == NULL) @@ -458,12 +458,12 @@ int store_commitment(const char *db_name, const char *host, if (host == NULL) host = "*"; - fprintf(fd, "|c0|%s|%s|%lu|%u|%s\n", host, service, + fprintf(fp, "|c0|%s|%s|%lu|%u|%s\n", host, service, (unsigned long) expiration, (unsigned) hash_algo, _gnutls_bin2hex(hash->data, hash->size, buffer, sizeof(buffer), NULL)); - fclose(fd); + fclose(fp); return 0; } diff --git a/lib/x509/output.c b/lib/x509/output.c index c8b0c66ddb..705e8babfa 100644 --- a/lib/x509/output.c +++ b/lib/x509/output.c @@ -448,7 +448,9 @@ print_aki_gn_serial(gnutls_buffer_st * str, gnutls_x509_aki_t aki) err = gnutls_x509_aki_get_cert_issuer(aki, 0, &alt_type, &san, &other_oid, &serial); - if (err < 0) { + if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { + return; + } else if (err < 0) { addf(str, "error: gnutls_x509_aki_get_cert_issuer: %s\n", gnutls_strerror(err)); return; @@ -481,10 +483,11 @@ static void print_aki(gnutls_buffer_st * str, gnutls_datum_t *der) goto cleanup; } + /* Check if an alternative name is there */ + print_aki_gn_serial(str, aki); + err = gnutls_x509_aki_get_id(aki, &id); if (err == GNUTLS_E_REQUESTED_DATA_NOT_AVAILABLE) { - /* Check if an alternative name is there */ - print_aki_gn_serial(str, aki); goto cleanup; } else if (err < 0) { addf(str, "error: gnutls_x509_aki_get_id: %s\n", @@ -1259,6 +1262,22 @@ static void print_extension(gnutls_buffer_st * str, const char *prefix, critical ? _("critical") : _("not critical")); print_issuer_sign_tool(str, prefix, der); + } else if (strcmp(oid, "2.5.4.3") == 0) { + int ret; + gnutls_datum_t tmp = {NULL, 0}; + + addf(str, _("%s\t\tCommon Name (%s):\n"), + prefix, + critical ? _("critical") : _("not critical")); + + ret = _gnutls_x509_decode_string(ASN1_ETYPE_PRINTABLE_STRING, der->data, der->size, &tmp, 0); + if (ret < 0) { + addf(str, "error: x509_decode_string: %s\n", + gnutls_strerror(ret)); + } else { + addf(str, "%s\t\t\t%s\n", prefix, tmp.data); + gnutls_free(tmp.data); + } } else { addf(str, _("%s\t\tUnknown extension %s (%s):\n"), prefix, oid, diff --git a/lib/x509/verify-high2.c b/lib/x509/verify-high2.c index 50020d074c..9820595e97 100644 --- a/lib/x509/verify-high2.c +++ b/lib/x509/verify-high2.c @@ -356,7 +356,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_binary_file(ca_file, &size); + cas.data = (void *) read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -366,7 +366,7 @@ gnutls_x509_trust_list_add_trust_file(gnutls_x509_trust_list_t list, } if (crl_file) { - crls.data = (void *) read_binary_file(crl_file, &size); + crls.data = (void *) read_file(crl_file, RF_BINARY, &size); if (crls.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; @@ -551,7 +551,7 @@ gnutls_x509_trust_list_remove_trust_file(gnutls_x509_trust_list_t list, } else #endif { - cas.data = (void *) read_binary_file(ca_file, &size); + cas.data = (void *) read_file(ca_file, RF_BINARY, &size); if (cas.data == NULL) { gnutls_assert(); return GNUTLS_E_FILE_ERROR; diff --git a/src/certtool-common.c b/src/certtool-common.c index c76352c9d8..3af2d08080 100644 --- a/src/certtool-common.c +++ b/src/certtool-common.c @@ -270,7 +270,7 @@ gnutls_privkey_t load_private_key(int mand, common_info_st * info) if (gnutls_url_is_supported(info->privkey) != 0) return _load_url_privkey(info->privkey); - dat.data = (void *) read_binary_file(info->privkey, &size); + dat.data = (void *) read_file(info->privkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -313,7 +313,7 @@ load_x509_private_key(int mand, common_info_st * info) app_exit(1); } - dat.data = (void *) read_binary_file(info->privkey, &size); + dat.data = (void *) read_file(info->privkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -389,7 +389,7 @@ gnutls_x509_crt_t load_cert(int mand, common_info_st * info) gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, common_info_st * info) { - FILE *fd; + FILE *fp; static gnutls_x509_crt_t *crt; int ret; gnutls_datum_t dat; @@ -409,18 +409,18 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, return NULL; } - fd = fopen(info->cert, "r"); - if (fd == NULL) { + fp = fopen(info->cert, "r"); + if (fp == NULL) { fprintf(stderr, "Could not open %s\n", info->cert); app_exit(1); } - fix_lbuffer(file_size(fd)); + fix_lbuffer(file_size(fp)); - size = fread(lbuffer, 1, lbuffer_size - 1, fd); + size = fread(lbuffer, 1, lbuffer_size - 1, fp); lbuffer[size] = 0; - fclose(fd); + fclose(fp); dat.data = (void *) lbuffer; dat.size = size; @@ -448,7 +448,7 @@ gnutls_x509_crt_t *load_cert_list(int mand, size_t * crt_size, gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, common_info_st * info) { - FILE *fd; + FILE *fp; static gnutls_x509_crl_t *crl; unsigned int crl_max; int ret; @@ -467,18 +467,18 @@ gnutls_x509_crl_t *load_crl_list(int mand, size_t * crl_size, return NULL; } - fd = fopen(info->crl, "r"); - if (fd == NULL) { + fp = fopen(info->crl, "r"); + if (fp == NULL) { fprintf(stderr, "Could not open %s\n", info->crl); app_exit(1); } - fix_lbuffer(file_size(fd)); + fix_lbuffer(file_size(fp)); - size = fread(lbuffer, 1, lbuffer_size - 1, fd); + size = fread(lbuffer, 1, lbuffer_size - 1, fp); lbuffer[size] = 0; - fclose(fd); + fclose(fp); dat.data = (void *) lbuffer; dat.size = size; @@ -519,7 +519,7 @@ gnutls_x509_crq_t load_request(common_info_st * info) app_exit(1); } - dat.data = (void *) read_binary_file(info->request, &size); + dat.data = (void *) read_file(info->request, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -560,7 +560,7 @@ gnutls_privkey_t load_ca_private_key(common_info_st * info) if (gnutls_url_is_supported(info->ca_privkey) != 0) return _load_url_privkey(info->ca_privkey); - dat.data = (void *) read_binary_file(info->ca_privkey, &size); + dat.data = (void *) read_file(info->ca_privkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -610,7 +610,7 @@ gnutls_x509_crt_t load_ca_cert(unsigned mand, common_info_st * info) return crt; } - dat.data = (void *) read_binary_file(info->ca, &size); + dat.data = (void *) read_file(info->ca, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -657,7 +657,7 @@ gnutls_pubkey_t load_pubkey(int mand, common_info_st * info) app_exit(1); } - dat.data = (void *) read_binary_file(info->pubkey, &size); + dat.data = (void *) read_file(info->pubkey, RF_BINARY, &size); dat.size = size; if (!dat.data) { @@ -1090,7 +1090,7 @@ void dh_info(FILE * infile, FILE * outfile, common_info_st * ci) app_exit(1); } - params.data = (void *) fread_file(infile, &size); + params.data = (void *) fread_file(infile, 0, &size); params.size = size; if (params.data == NULL) { diff --git a/src/certtool.c b/src/certtool.c index a46f774114..0e24ac8281 100644 --- a/src/certtool.c +++ b/src/certtool.c @@ -1530,7 +1530,7 @@ void certificate_info(int pubkey, common_info_st * cinfo) gnutls_datum_t pem; unsigned int crt_num; - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -1651,7 +1651,7 @@ void crl_info(common_info_st *cinfo) app_exit(1); } - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -1723,7 +1723,7 @@ void crq_info(common_info_st *cinfo) app_exit(1); } - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -2241,7 +2241,7 @@ static void load_data(common_info_st *cinfo, gnutls_datum_t *data) app_exit(1); } - data->data = (void *) fread_file(fp, &size); + data->data = (void *) fread_file(fp, 0, &size); if (data->data == NULL) { fprintf(stderr, "Error reading data file"); app_exit(1); @@ -2513,7 +2513,7 @@ static void verify_chain(common_info_st * cinfo) app_exit(1); } - buf = (void *) fread_file(infile, &size); + buf = (void *) fread_file(infile, 0, &size); if (buf == NULL) { fprintf(stderr, "Error reading certificate chain"); app_exit(1); @@ -2530,7 +2530,7 @@ static void verify_certificate(common_info_st * cinfo) char *cas = NULL; size_t cert_size; - cert = (void *) fread_file(infile, &cert_size); + cert = (void *) fread_file(infile, 0, &cert_size); if (cert == NULL) { fprintf(stderr, "Error reading certificate chain"); app_exit(1); @@ -2573,7 +2573,7 @@ void verify_crl(common_info_st * cinfo) app_exit(1); } - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -2661,7 +2661,7 @@ void verify_pkcs7(common_info_st * cinfo, const char *purpose, unsigned display_ app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -2785,7 +2785,7 @@ void pkcs7_sign(common_info_st * cinfo, unsigned embed) app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3404,7 +3404,7 @@ void pkcs12_info(common_info_st * cinfo) app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3593,7 +3593,7 @@ void pkcs8_info(void) size_t size; gnutls_datum_t data; - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3618,7 +3618,7 @@ void pkcs7_info(common_info_st *cinfo, unsigned display_data) app_exit(1); } - data.data = (void *) fread_file(infile, &size); + data.data = (void *) fread_file(infile, 0, &size); data.size = size; if (!data.data) { @@ -3787,7 +3787,7 @@ gnutls_pubkey_t find_pubkey(gnutls_x509_crt_t crt, common_info_st * cinfo) pubkey = load_pubkey(0, cinfo); if (pubkey == NULL) { /* load from stdin */ - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -3931,7 +3931,7 @@ void certificate_fpr(common_info_st * cinfo) crt = load_cert(0, cinfo); if (crt == NULL) { - pem.data = (void *) fread_file(infile, &size); + pem.data = (void *) fread_file(infile, 0, &size); pem.size = size; if (!pem.data) { @@ -1036,7 +1036,7 @@ static int try_resume(socket_st * hd) fprintf(stderr, "could not open %s\n", OPT_ARG(EARLYDATA)); exit(1); } - edata.data = (void *) fread_file(fp, &size); + edata.data = (void *) fread_file(fp, 0, &size); edata.size = size; fclose(fp); } diff --git a/src/ocsptool.c b/src/ocsptool.c index 3b7940962c..a963de039a 100644 --- a/src/ocsptool.c +++ b/src/ocsptool.c @@ -99,10 +99,9 @@ static void request_info(void) if (HAVE_OPT(LOAD_REQUEST)) dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_REQUEST), - &size); + (void *) read_file(OPT_ARG(LOAD_REQUEST), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, &size); + dat.data = (void *) fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading request\n"); app_exit(1); @@ -236,10 +235,9 @@ static void response_info(void) if (HAVE_OPT(LOAD_RESPONSE)) dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_RESPONSE), - &size); + (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, &size); + dat.data = (void *) fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading response\n"); app_exit(1); @@ -348,7 +346,7 @@ static int _verify_response(gnutls_datum_t * data, gnutls_datum_t * nonce, if (HAVE_OPT(LOAD_TRUST)) { dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_TRUST), &size); + (void *) read_file(OPT_ARG(LOAD_TRUST), RF_BINARY, &size); if (dat.data == NULL) { fprintf(stderr, "error reading --load-trust: %s\n", OPT_ARG(LOAD_TRUST)); @@ -524,10 +522,9 @@ static void verify_response(gnutls_datum_t *nonce) if (HAVE_OPT(LOAD_RESPONSE)) dat.data = - (void *) read_binary_file(OPT_ARG(LOAD_RESPONSE), - &size); + (void *) read_file(OPT_ARG(LOAD_RESPONSE), RF_BINARY, &size); else - dat.data = (void *) fread_file(infile, &size); + dat.data = (void *) fread_file(infile, 0, &size); if (dat.data == NULL) { fprintf(stderr, "error reading response\n"); app_exit(1); @@ -141,35 +141,35 @@ int main(int argc, char **argv) static int filecopy(const char *src, const char *dst) { - FILE *fd, *fd2; + FILE *fp, *fp2; char line[5 * 1024]; char *p; - fd = fopen(dst, "w"); - if (fd == NULL) { + fp = fopen(dst, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", dst); return -1; } - fd2 = fopen(src, "r"); - if (fd2 == NULL) { + fp2 = fopen(src, "r"); + if (fp2 == NULL) { /* empty file */ - fclose(fd); + fclose(fp); return 0; } line[sizeof(line) - 1] = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; - fputs(line, fd); + fputs(line, fp); } while (1); - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); return 0; } @@ -178,7 +178,7 @@ static int write_key(const char *username, const char *key, int key_size, const char *passwd_file) { - FILE *fd; + FILE *fp; char line[5 * 1024]; char *p, *pp; char tmpname[1024]; @@ -186,7 +186,7 @@ write_key(const char *username, const char *key, int key_size, /* delete previous entry */ struct stat st; - FILE *fd2; + FILE *fp2; int put; if (strlen(passwd_file) + 5 > sizeof(tmpname)) { @@ -207,25 +207,25 @@ write_key(const char *username, const char *key, int key_size, return -1; } - fd = fopen(passwd_file, "w"); - if (fd == NULL) { + fp = fopen(passwd_file, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", passwd_file); (void)remove(tmpname); return -1; } - fd2 = fopen(tmpname, "r"); - if (fd2 == NULL) { + fp2 = fopen(tmpname, "r"); + if (fp2 == NULL) { fprintf(stderr, "Cannot open '%s' for read\n", tmpname); (void)remove(tmpname); - fclose(fd); + fclose(fp); return -1; } put = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; @@ -237,19 +237,19 @@ write_key(const char *username, const char *key, int key_size, MAX(strlen(username), (unsigned int) (pp - p))) == 0) { put = 1; - fprintf(fd, "%s:%s\n", username, key); + fprintf(fp, "%s:%s\n", username, key); } else { - fputs(line, fd); + fputs(line, fp); } } while (1); if (put == 0) { - fprintf(fd, "%s:%s\n", username, key); + fprintf(fp, "%s:%s\n", username, key); } - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); (void)remove(tmpname); diff --git a/src/serv.c b/src/serv.c index 414cd0546b..57304bc9d3 100644 --- a/src/serv.c +++ b/src/serv.c @@ -219,7 +219,7 @@ static void read_dh_params(void) char tmpdata[2048]; int size; gnutls_datum_t params; - FILE *fd; + FILE *fp; if (gnutls_dh_params_init(&dh_params) < 0) { fprintf(stderr, "Error in dh parameter initialization\n"); @@ -228,15 +228,15 @@ static void read_dh_params(void) /* read the params file */ - fd = fopen(dh_params_file, "r"); - if (fd == NULL) { + fp = fopen(dh_params_file, "r"); + if (fp == NULL) { fprintf(stderr, "Could not open %s\n", dh_params_file); exit(1); } - size = fread(tmpdata, 1, sizeof(tmpdata) - 1, fd); + size = fread(tmpdata, 1, sizeof(tmpdata) - 1, fp); tmpdata[size] = 0; - fclose(fd); + fclose(fp); params.data = (unsigned char *) tmpdata; params.size = size; diff --git a/src/srptool.c b/src/srptool.c index 27821be238..7939f6bfab 100644 --- a/src/srptool.c +++ b/src/srptool.c @@ -74,14 +74,14 @@ static void print_num(const char *msg, const gnutls_datum_t * num) static int generate_create_conf(const char *tpasswd_conf) { - FILE *fd; + FILE *fp; char line[5 * 1024]; int index = 1, srp_idx; gnutls_datum_t g, n; gnutls_datum_t str_g, str_n; - fd = fopen(tpasswd_conf, "w"); - if (fd == NULL) { + fp = fopen(tpasswd_conf, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open file '%s'\n", tpasswd_conf); return -1; } @@ -119,13 +119,13 @@ static int generate_create_conf(const char *tpasswd_conf) if (gnutls_srp_base64_encode_alloc(&n, &str_n) < 0) { fprintf(stderr, "Could not encode\n"); - fclose(fd); + fclose(fp); return -1; } if (gnutls_srp_base64_encode_alloc(&g, &str_g) < 0) { fprintf(stderr, "Could not encode\n"); - fclose(fd); + fclose(fp); return -1; } @@ -134,11 +134,11 @@ static int generate_create_conf(const char *tpasswd_conf) gnutls_free(str_n.data); gnutls_free(str_g.data); - fwrite(line, 1, strlen(line), fd); + fwrite(line, 1, strlen(line), fp); } - fclose(fd); + fclose(fp); return 0; @@ -211,35 +211,35 @@ _verify_passwd_int(const char *username, const char *passwd, static int filecopy(const char *src, const char *dst) { - FILE *fd, *fd2; + FILE *fp, *fp2; char line[5 * 1024]; char *p; - fd = fopen(dst, "w"); - if (fd == NULL) { + fp = fopen(dst, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", dst); return -1; } - fd2 = fopen(src, "r"); - if (fd2 == NULL) { + fp2 = fopen(src, "r"); + if (fp2 == NULL) { /* empty file */ - fclose(fd); + fclose(fp); return 0; } line[sizeof(line) - 1] = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; - fputs(line, fd); + fputs(line, fp); } while (1); - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); return 0; } @@ -247,18 +247,18 @@ static int filecopy(const char *src, const char *dst) /* accepts password file */ static int find_strchr(const char *username, const char *file) { - FILE *fd; + FILE *fp; char *pos; char line[5 * 1024]; unsigned int i; - fd = fopen(file, "r"); - if (fd == NULL) { + fp = fopen(file, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot open file '%s'\n", file); return -1; } - while (fgets(line, sizeof(line), fd) != NULL) { + while (fgets(line, sizeof(line), fp) != NULL) { /* move to first ':' */ i = 0; while ((line[i] != ':') && (line[i] != '\0') @@ -269,12 +269,12 @@ static int find_strchr(const char *username, const char *file) /* find the index */ pos = strrchr(line, ':'); pos++; - fclose(fd); + fclose(fp); return atoi(pos); } } - fclose(fd); + fclose(fp); return -1; } @@ -285,7 +285,7 @@ static int verify_passwd(const char *conffile, const char *tpasswd, const char *username, const char *passwd) { - FILE *fd; + FILE *fp; char line[5 * 1024]; unsigned int i; gnutls_datum_t g, n; @@ -299,14 +299,14 @@ verify_passwd(const char *conffile, const char *tpasswd, return -1; } - fd = fopen(conffile, "r"); - if (fd == NULL) { + fp = fopen(conffile, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot find %s\n", conffile); return -1; } do { - p = fgets(line, sizeof(line) - 1, fd); + p = fgets(line, sizeof(line) - 1, fp); } while (p != NULL && atoi(p) != iindex); @@ -316,20 +316,20 @@ verify_passwd(const char *conffile, const char *tpasswd, } line[sizeof(line) - 1] = 0; - fclose(fd); + fclose(fp); if ((iindex = read_conf_values(&g, &n, line)) < 0) { fprintf(stderr, "Cannot parse conf file '%s'\n", conffile); return -1; } - fd = fopen(tpasswd, "r"); - if (fd == NULL) { + fp = fopen(tpasswd, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot open file '%s'\n", tpasswd); return -1; } - while (fgets(line, sizeof(line), fd) != NULL) { + while (fgets(line, sizeof(line), fp) != NULL) { /* move to first ':' * This is the actual verifier. */ @@ -342,7 +342,7 @@ verify_passwd(const char *conffile, const char *tpasswd, char *verifier_pos, *salt_pos; pos = strchr(line, ':'); - fclose(fd); + fclose(fp); if (pos == NULL) { fprintf(stderr, "Cannot parse conf file '%s'\n", @@ -369,7 +369,7 @@ verify_passwd(const char *conffile, const char *tpasswd, } } - fclose(fd); + fclose(fp); return -1; } @@ -511,7 +511,7 @@ int crypt_int(const char *username, const char *passwd, int salt_size, const char *tpasswd_conf, const char *tpasswd, int uindex) { - FILE *fd; + FILE *fp; char *cr; gnutls_datum_t g, n; char line[5 * 1024]; @@ -519,14 +519,14 @@ crypt_int(const char *username, const char *passwd, int salt_size, int iindex; char tmpname[1024]; - fd = fopen(tpasswd_conf, "r"); - if (fd == NULL) { + fp = fopen(tpasswd_conf, "r"); + if (fp == NULL) { fprintf(stderr, "Cannot find %s\n", tpasswd_conf); return -1; } do { /* find the specified uindex in file */ - p = fgets(line, sizeof(line) - 1, fd); + p = fgets(line, sizeof(line) - 1, fp); } while (p != NULL && (iindex = atoi(p)) != uindex); @@ -536,7 +536,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, } line[sizeof(line) - 1] = 0; - fclose(fd); + fclose(fp); if ((iindex = read_conf_values(&g, &n, line)) < 0) { fprintf(stderr, "Cannot parse conf file '%s'\n", tpasswd_conf); @@ -550,7 +550,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, } else { /* delete previous entry */ struct stat st; - FILE *fd2; + FILE *fp2; int put; if (strlen(tpasswd) + 5 > sizeof(tmpname)) { @@ -572,16 +572,16 @@ crypt_int(const char *username, const char *passwd, int salt_size, return -1; } - fd = fopen(tpasswd, "w"); - if (fd == NULL) { + fp = fopen(tpasswd, "w"); + if (fp == NULL) { fprintf(stderr, "Cannot open '%s' for write\n", tpasswd); (void)remove(tmpname); return -1; } - fd2 = fopen(tmpname, "r"); - if (fd2 == NULL) { + fp2 = fopen(tmpname, "r"); + if (fp2 == NULL) { fprintf(stderr, "Cannot open '%s' for read\n", tmpname); (void)remove(tmpname); @@ -590,7 +590,7 @@ crypt_int(const char *username, const char *passwd, int salt_size, put = 0; do { - p = fgets(line, sizeof(line) - 1, fd2); + p = fgets(line, sizeof(line) - 1, fp2); if (p == NULL) break; @@ -602,20 +602,20 @@ crypt_int(const char *username, const char *passwd, int salt_size, MAX(strlen(username), (unsigned int) (pp - p))) == 0) { put = 1; - fprintf(fd, "%s:%s:%u\n", username, cr, + fprintf(fp, "%s:%s:%u\n", username, cr, iindex); } else { - fputs(line, fd); + fputs(line, fp); } } while (1); if (put == 0) { - fprintf(fd, "%s:%s:%u\n", username, cr, iindex); + fprintf(fp, "%s:%s:%u\n", username, cr, iindex); } - fclose(fd); - fclose(fd2); + fclose(fp); + fclose(fp2); (void)remove(tmpname); diff --git a/tests/Makefile.am b/tests/Makefile.am index a41067f5af..11a083c637 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -567,6 +567,7 @@ endif if !WINDOWS indirect_tests += datefudge-check +noinst_PROGRAMS = datefudge-check endif check_PROGRAMS = $(cpptests) $(ctests) $(indirect_tests) diff --git a/tests/aead-cipher-vec.c b/tests/aead-cipher-vec.c index 10e3db8626..fba9010d9e 100644 --- a/tests/aead-cipher-vec.c +++ b/tests/aead-cipher-vec.c @@ -116,6 +116,7 @@ doit(void) } start("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM); + start("aes-192-gcm", GNUTLS_CIPHER_AES_192_GCM); start("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM); start("aes-128-ccm", GNUTLS_CIPHER_AES_128_CCM); if (!gnutls_fips140_mode_enabled()) diff --git a/tests/atfork.c b/tests/atfork.c index 42c4851efd..654519dc7c 100644 --- a/tests/atfork.c +++ b/tests/atfork.c @@ -32,7 +32,6 @@ #include <sys/wait.h> #endif -#include "utils.h" #include <gnutls/gnutls.h> #include <gnutls/crypto.h> @@ -46,6 +45,10 @@ void doit(void) #include "../lib/atfork.h" #include "../lib/atfork.c" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + void doit(void) { pid_t pid; diff --git a/tests/cert-tests/Makefile.am b/tests/cert-tests/Makefile.am index 87d9314363..17886ef7c5 100644 --- a/tests/cert-tests/Makefile.am +++ b/tests/cert-tests/Makefile.am @@ -101,7 +101,7 @@ EXTRA_DIST = data/ca-no-pathlen.pem data/no-ca-or-pathlen.pem data/aki-cert.pem data/cert-with-non-digits-time-ca.pem data/cert-with-non-digits-time.pem \ data/chain-512-leaf.pem data/chain-512-subca.pem data/chain-512-ca.pem \ templates/template-no-ca-honor.tmpl templates/template-no-ca-explicit.tmpl \ - data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem + data/crq-cert-no-ca-explicit.pem data/crq-cert-no-ca-honor.pem data/commonName.cer dist_check_SCRIPTS = pathlen aki invalid-sig email \ pkcs7 pkcs7-broken-sigs privkey-import name-constraints certtool-long-cn crl provable-privkey \ diff --git a/tests/cert-tests/certtool b/tests/cert-tests/certtool index e604634678..3494aaacbe 100755 --- a/tests/cert-tests/certtool +++ b/tests/cert-tests/certtool @@ -153,6 +153,18 @@ if test $? = 0;then exit 1 fi +${VALGRIND} "${CERTTOOL}" -i --infile "${srcdir}/data/commonName.cer" | grep -v "Not After:" > ${TMPFILE1} +if test $? != 0;then + echo "commonName cert output failed" + exit 1 +fi + +${DIFF} "${srcdir}/data/commonName.cer" ${TMPFILE1} +if test $? != 0;then + exit 1 +fi + + rm -f ${TMPFILE1} ${TMPFILE2} export TZ="UTC" diff --git a/tests/cert-tests/data/commonName.cer b/tests/cert-tests/data/commonName.cer new file mode 100644 index 0000000000..91d02fdd85 --- /dev/null +++ b/tests/cert-tests/data/commonName.cer @@ -0,0 +1,52 @@ +X.509 Certificate Information: + Version: 3 + Serial Number (hex): 06376c00aa00648a11cfb8d4aa5c35f4 + Issuer: CN=Root Agency + Validity: + Not Before: Tue May 28 22:02:59 UTC 1996 + Subject: CN=Root Agency + Subject Public Key Algorithm: RSA + Algorithm Security Level: Export (512 bits) + Modulus (bits 512): + 00:81:55:22:b9:8a:a4:6f:ed:d6:e7:d9:66:0f:55:bc + d7:cd:d5:bc:4e:40:02:21:a2:b1:f7:87:30:85:5e:d2 + f2:44:b9:dc:9b:75:b6:fb:46:5f:42:b6:9d:23:36:0b + de:54:0f:cd:bd:1f:99:2a:10:58:11:cb:40:cb:b5:a7 + 41 + Exponent (bits 24): + 01:00:01 + Extensions: + Common Name (not critical): + For Testing Purposes Only Sample Software Publishing Credentials Agency + Unknown extension 2.5.29.1 (not critical): + ASCII: 0>.....-...O..a!..dc..0.1.0...U....Root Agency...7l...d......\5. + Hexdump: 303e801012e4092d061d1d4f008d6121dc166463a1183016311430120603550403130b526f6f74204167656e6379821006376c00aa00648a11cfb8d4aa5c35f4 + Signature Algorithm: RSA-MD5 +warning: signed using a broken signature algorithm that can be forged. + Signature: + 2d:2e:3e:7b:89:42:89:3f:a8:21:17:fa:f0:f5:c3:95 + db:62:69:5b:c9:dc:c1:b3:fa:f0:c4:6f:6f:64:9a:bd + e7:1b:25:68:72:83:67:bd:56:b0:8d:01:bd:2a:f7:cc + 4b:bd:87:a5:ba:87:20:4c:42:11:41:ad:10:17:3b:8c +Other Information: + Fingerprint: + sha1:fee449ee0e3965a5246f000e87fde2a065fd89d4 + sha256:8b13dbb25eb339a630c76c810d14b44b552e68dc10a93e82e754da23f858774a + Public Key ID: + sha1:38596dac2a46c9002309905e1f02c1fb5df724cd + sha256:73a97a992bfd29b91ef23175b367db9c561c516f634f759e3d430230a3d0695c + Public Key PIN: + pin-sha256:c6l6mSv9Kbke8jF1s2fbnFYcUW9jT3WePUMCMKPQaVw= + +-----BEGIN CERTIFICATE----- +MIIByjCCAXSgAwIBAgIQBjdsAKoAZIoRz7jUqlw19DANBgkqhkiG9w0BAQQFADAW +MRQwEgYDVQQDEwtSb290IEFnZW5jeTAeFw05NjA1MjgyMjAyNTlaFw0zOTEyMzEy +MzU5NTlaMBYxFDASBgNVBAMTC1Jvb3QgQWdlbmN5MFswDQYJKoZIhvcNAQEBBQAD +SgAwRwJAgVUiuYqkb+3W59lmD1W8183VvE5AAiGisfeHMIVe0vJEudybdbb7Rl9C +tp0jNgveVA/NvR+ZKhBYEctAy7WnQQIDAQABo4GeMIGbMFAGA1UEAwRJE0dGb3Ig +VGVzdGluZyBQdXJwb3NlcyBPbmx5IFNhbXBsZSBTb2Z0d2FyZSBQdWJsaXNoaW5n +IENyZWRlbnRpYWxzIEFnZW5jeTBHBgNVHQEEQDA+gBAS5AktBh0dTwCNYSHcFmRj +oRgwFjEUMBIGA1UEAxMLUm9vdCBBZ2VuY3mCEAY3bACqAGSKEc+41KpcNfQwDQYJ +KoZIhvcNAQEEBQADQQAtLj57iUKJP6ghF/rw9cOV22JpW8ncwbP68MRvb2Savecb +JWhyg2e9VrCNAb0q98xLvYeluocgTEIRQa0QFzuM +-----END CERTIFICATE----- diff --git a/tests/cert-tests/data/long-oids.pem b/tests/cert-tests/data/long-oids.pem index 0306f536b9..15e8b3ed24 100644 --- a/tests/cert-tests/data/long-oids.pem +++ b/tests/cert-tests/data/long-oids.pem @@ -36,6 +36,8 @@ X.509 Certificate Information: Key encipherment. Data encipherment. Authority Key Identifier (not critical): + directoryName: CN=sat-r220-10.lab.eng.rdu2.redhat.com,OU=SomeOrgUnit,O=Katello,L=Raleigh,ST=North Carolina,C=US + serial: 00a4e7caebbe435dcc caca62860405f0f59b38d22c3c8c650fc6baa53c Subject Key Identifier (not critical): 0e8d7b53ba5a9e9244e56458a1db8347053e32d3 diff --git a/tests/mpi.c b/tests/mpi.c index 604024622d..65a0dd0516 100644 --- a/tests/mpi.c +++ b/tests/mpi.c @@ -26,12 +26,15 @@ #include <stdio.h> -#include "utils.h" #include "../lib/gnutls_int.h" #include "../lib/mpi.h" #include "../lib/errors.h" #include "../lib/debug.h" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); diff --git a/tests/pkcs12_s2k.c b/tests/pkcs12_s2k.c index 7301f293f5..1516afbf35 100644 --- a/tests/pkcs12_s2k.c +++ b/tests/pkcs12_s2k.c @@ -26,11 +26,14 @@ #include <stdio.h> -#include <utils.h> #include "../lib/gnutls_int.h" #include "../lib/x509/x509_int.h" #include "../lib/debug.h" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include <utils.h> + static void tls_log_func(int level, const char *str) { fprintf(stderr, "|<%d>| %s", level, str); diff --git a/tests/slow/cipher-api-test.c b/tests/slow/cipher-api-test.c index a29963aa5a..17872b7a43 100644 --- a/tests/slow/cipher-api-test.c +++ b/tests/slow/cipher-api-test.c @@ -266,8 +266,10 @@ void start(const char *name, int algo, unsigned aead) void doit(void) { start("aes128-gcm", GNUTLS_CIPHER_AES_128_GCM, 1); + start("aes192-gcm", GNUTLS_CIPHER_AES_192_GCM, 1); start("aes256-gcm", GNUTLS_CIPHER_AES_256_GCM, 1); start("aes128-cbc", GNUTLS_CIPHER_AES_128_CBC, 0); + start("aes192-cbc", GNUTLS_CIPHER_AES_192_CBC, 0); start("aes256-cbc", GNUTLS_CIPHER_AES_256_CBC, 0); start("3des-cbc", GNUTLS_CIPHER_3DES_CBC, 0); if (!gnutls_fips140_mode_enabled()) { diff --git a/tests/slow/cipher-openssl-compat.c b/tests/slow/cipher-openssl-compat.c index 64adf25a45..3d55131e52 100644 --- a/tests/slow/cipher-openssl-compat.c +++ b/tests/slow/cipher-openssl-compat.c @@ -195,6 +195,7 @@ void doit(void) /* ciphers */ cipher_test("aes-128-gcm", GNUTLS_CIPHER_AES_128_GCM, 16); + cipher_test("aes-192-gcm", GNUTLS_CIPHER_AES_192_GCM, 16); cipher_test("aes-256-gcm", GNUTLS_CIPHER_AES_256_GCM, 16); #if OPENSSL_VERSION_NUMBER >= 0x10100000L if (!gnutls_fips140_mode_enabled()) { diff --git a/tests/srp.c b/tests/srp.c index c927e877be..607e52ae46 100644 --- a/tests/srp.c +++ b/tests/srp.c @@ -329,21 +329,21 @@ const char *tpasswd_conf_file = void doit(void) { - FILE *fd; + FILE *fp; - fd = fopen("tpasswd.conf", "w"); - if (fd == NULL) + fp = fopen("tpasswd.conf", "w"); + if (fp == NULL) exit(1); - fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fd); - fclose(fd); + fwrite(tpasswd_conf_file, 1, strlen(tpasswd_conf_file), fp); + fclose(fp); - fd = fopen("tpasswd", "w"); - if (fd == NULL) + fp = fopen("tpasswd", "w"); + if (fp == NULL) exit(1); - fwrite(tpasswd_file, 1, strlen(tpasswd_file), fd); - fclose(fd); + fwrite(tpasswd_file, 1, strlen(tpasswd_file), fp); + fclose(fp); start("tls1.2 srp-1024", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test", "test", 0); start("tls1.2 srp-1536", "NORMAL:-VERS-ALL:+VERS-TLS1.2:-KX-ALL:+SRP", "test2", "test2", 0); diff --git a/tests/tls13/anti_replay.c b/tests/tls13/anti_replay.c index e0aea00385..506c11596a 100644 --- a/tests/tls13/anti_replay.c +++ b/tests/tls13/anti_replay.c @@ -24,11 +24,14 @@ #include <assert.h> #include <stdint.h> -#include "utils.h" #include "virt-time.h" #include "../../lib/tls13/anti_replay.h" #include "../../lib/system.h" +/* utils.h must be loaded after gnutls_int.h, as it redefines some + * macros from gnulib */ +#include "utils.h" + #define MAX_CLIENT_HELLO_RECORDED 10 struct storage_st { diff --git a/tests/utils.h b/tests/utils.h index 61d6dc9f9e..935368088a 100644 --- a/tests/utils.h +++ b/tests/utils.h @@ -41,13 +41,13 @@ # error tests cannot be compiled with NDEBUG defined #endif -#if _GNUTLS_GCC_VERSION >= 70100 -#define FALLTHROUGH __attribute__ ((fallthrough)) -#endif - #ifndef FALLTHROUGH +#if _GNUTLS_GCC_VERSION >= 70100 +# define FALLTHROUGH __attribute__ ((fallthrough)) +#else # define FALLTHROUGH #endif +#endif /* number of elements within an array */ #define countof(a) (sizeof(a)/sizeof(*(a))) |