summaryrefslogtreecommitdiff
path: root/extra/yassl/taocrypt/src/asn.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'extra/yassl/taocrypt/src/asn.cpp')
-rw-r--r--extra/yassl/taocrypt/src/asn.cpp222
1 files changed, 147 insertions, 75 deletions
diff --git a/extra/yassl/taocrypt/src/asn.cpp b/extra/yassl/taocrypt/src/asn.cpp
index 1b81db4f0a4..a502666d15b 100644
--- a/extra/yassl/taocrypt/src/asn.cpp
+++ b/extra/yassl/taocrypt/src/asn.cpp
@@ -1,5 +1,5 @@
/*
- Copyright (c) 2005-2007 MySQL AB, 2009, 2010 Sun Microsystems, Inc.
+ Copyright (c) 2005, 2012, Oracle and/or its affiliates. All rights reserved.
Use is subject to license terms.
This program is free software; you can redistribute it and/or modify
@@ -111,7 +111,8 @@ bool ValidateDate(const byte* date, byte format, CertDecoder::DateType dt)
GetTime(certTime.tm_min, date, i);
GetTime(certTime.tm_sec, date, i);
- assert(date[i] == 'Z'); // only Zulu supported for this profile
+ if (date[i] != 'Z') // only Zulu supported for this profile
+ return false;
time_t ltime = time(0);
tm* localTime = gmtime(&ltime);
@@ -143,6 +144,8 @@ word32 GetLength(Source& source)
if (b >= LONG_LENGTH) {
word32 bytes = b & 0x7F;
+ if (source.IsLeft(bytes) == false) return 0;
+
while (bytes--) {
b = source.next();
length = (length << 8) | b;
@@ -214,9 +217,9 @@ void PublicKey::AddToEnd(const byte* data, word32 len)
Signer::Signer(const byte* k, word32 kSz, const char* n, const byte* h)
: key_(k, kSz)
{
- size_t sz = strlen(n);
- memcpy(name_, n, sz);
- name_[sz] = 0;
+ size_t sz = strlen(n);
+ memcpy(name_, n, sz);
+ name_[sz] = 0;
memcpy(hash_, h, SHA::DIGEST_SIZE);
}
@@ -364,12 +367,59 @@ void RSA_Public_Decoder::Decode(RSA_PublicKey& key)
ReadHeader();
if (source_.GetError().What()) return;
+ ReadHeaderOpenSSL(); // may or may not be
+ if (source_.GetError().What()) return;
+
// public key
key.SetModulus(GetInteger(Integer().Ref()));
key.SetPublicExponent(GetInteger(Integer().Ref()));
}
+// Read OpenSSL format public header
+void RSA_Public_Decoder::ReadHeaderOpenSSL()
+{
+ byte b = source_.next(); // peek
+ source_.prev();
+
+ if (b != INTEGER) { // have OpenSSL public format
+ GetSequence();
+ b = source_.next();
+ if (b != OBJECT_IDENTIFIER) {
+ source_.SetError(OBJECT_ID_E);
+ return;
+ }
+
+ word32 len = GetLength(source_);
+ source_.advance(len);
+
+ b = source_.next();
+ if (b == TAG_NULL) { // could have NULL tag and 0 terminator, may not
+ b = source_.next();
+ if (b != 0) {
+ source_.SetError(EXPECT_0_E);
+ return;
+ }
+ }
+ else
+ source_.prev(); // put back
+
+ b = source_.next();
+ if (b != BIT_STRING) {
+ source_.SetError(BIT_STR_E);
+ return;
+ }
+
+ len = GetLength(source_);
+ b = source_.next();
+ if (b != 0) // could have 0
+ source_.prev(); // put back
+
+ GetSequence();
+ }
+}
+
+
void RSA_Public_Decoder::ReadHeader()
{
GetSequence();
@@ -420,12 +470,12 @@ CertDecoder::CertDecoder(Source& s, bool decode, SignerList* signers,
bool noVerify, CertType ct)
: BER_Decoder(s), certBegin_(0), sigIndex_(0), sigLength_(0),
signature_(0), verify_(!noVerify)
-{
+{
issuer_[0] = 0;
subject_[0] = 0;
if (decode)
- Decode(signers, ct);
+ Decode(signers, ct);
}
@@ -470,9 +520,9 @@ void CertDecoder::Decode(SignerList* signers, CertType ct)
source_.SetError(SIG_OID_E);
return;
}
-
+
if (ct != CA && verify_ && !ValidateSignature(signers))
- source_.SetError(SIG_OTHER_E);
+ source_.SetError(SIG_OTHER_E);
}
@@ -530,8 +580,10 @@ void CertDecoder::StoreKey()
read = source_.get_index() - read;
length += read;
+ if (source_.GetError().What()) return;
while (read--) source_.prev();
+ if (source_.IsLeft(length) == false) return;
key_.SetSize(length);
key_.SetKey(source_.get_current());
source_.advance(length);
@@ -563,6 +615,8 @@ void CertDecoder::AddDSA()
word32 length = GetLength(source_);
length += source_.get_index() - idx;
+ if (source_.IsLeft(length) == false) return;
+
key_.AddToEnd(source_.get_buffer() + idx, length);
}
@@ -572,6 +626,8 @@ word32 CertDecoder::GetAlgoId()
{
if (source_.GetError().What()) return 0;
word32 length = GetSequence();
+
+ if (source_.GetError().What()) return 0;
byte b = source_.next();
if (b != OBJECT_IDENTIFIER) {
@@ -580,26 +636,25 @@ word32 CertDecoder::GetAlgoId()
}
length = GetLength(source_);
+ if (source_.IsLeft(length) == false) return 0;
+
word32 oid = 0;
-
while(length--)
oid += source_.next(); // just sum it up for now
- if (oid != SHAwDSA && oid != DSAk) {
- b = source_.next(); // should have NULL tag and 0
-
- if (b != TAG_NULL) {
- source_.SetError(TAG_NULL_E);
- return 0;
- }
-
+ // could have NULL tag and 0 terminator, but may not
+ b = source_.next();
+ if (b == TAG_NULL) {
b = source_.next();
if (b != 0) {
source_.SetError(EXPECT_0_E);
return 0;
}
}
-
+ else
+ // go back, didn't have it
+ b = source_.prev();
+
return oid;
}
@@ -616,6 +671,10 @@ word32 CertDecoder::GetSignature()
}
sigLength_ = GetLength(source_);
+ if (sigLength_ == 0 || source_.IsLeft(sigLength_) == false) {
+ source_.SetError(CONTENT_E);
+ return 0;
+ }
b = source_.next();
if (b != 0) {
@@ -653,20 +712,22 @@ word32 CertDecoder::GetDigest()
}
-char *CertDecoder::AddTag(char *ptr, const char *buf_end,
- const char *tag_name, word32 tag_name_length,
- word32 tag_value_length)
+// memory length checked add tag to buffer
+char* CertDecoder::AddTag(char* ptr, const char* buf_end, const char* tag_name,
+ word32 tag_name_length, word32 tag_value_length)
{
- if (ptr + tag_name_length + tag_value_length > buf_end)
- return 0;
-
- memcpy(ptr, tag_name, tag_name_length);
- ptr+= tag_name_length;
-
- memcpy(ptr, source_.get_current(), tag_value_length);
- ptr+= tag_value_length;
-
- return ptr;
+ if (ptr + tag_name_length + tag_value_length > buf_end) {
+ source_.SetError(CONTENT_E);
+ return 0;
+ }
+
+ memcpy(ptr, tag_name, tag_name_length);
+ ptr += tag_name_length;
+
+ memcpy(ptr, source_.get_current(), tag_value_length);
+ ptr += tag_value_length;
+
+ return ptr;
}
@@ -679,18 +740,20 @@ void CertDecoder::GetName(NameType nt)
word32 length = GetSequence(); // length of all distinguished names
if (length >= ASN_NAME_MAX)
- goto err;
+ return;
+ if (source_.IsLeft(length) == false) return;
length += source_.get_index();
-
- char *ptr, *buf_end;
+
+ char* ptr;
+ char* buf_end;
if (nt == ISSUER) {
- ptr= issuer_;
- buf_end= ptr + sizeof(issuer_) - 1; // 1 byte for trailing 0
+ ptr = issuer_;
+ buf_end = ptr + sizeof(issuer_) - 1; // 1 byte for trailing 0
}
else {
- ptr= subject_;
- buf_end= ptr + sizeof(subject_) - 1; // 1 byte for trailing 0
+ ptr = subject_;
+ buf_end = ptr + sizeof(subject_) - 1; // 1 byte for trailing 0
}
while (source_.get_index() < length) {
@@ -704,7 +767,10 @@ void CertDecoder::GetName(NameType nt)
}
word32 oidSz = GetLength(source_);
+ if (source_.IsLeft(oidSz) == false) return;
+
byte joint[2];
+ if (source_.IsLeft(sizeof(joint)) == false) return;
memcpy(joint, source_.get_current(), sizeof(joint));
// v1 name types
@@ -714,62 +780,68 @@ void CertDecoder::GetName(NameType nt)
b = source_.next(); // strType
word32 strLen = GetLength(source_);
+ if (source_.IsLeft(strLen) == false) return;
+
switch (id) {
case COMMON_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/CN=", 4, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/CN=", 4, strLen)))
+ return;
break;
case SUR_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/SN=", 4, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/SN=", 4, strLen)))
+ return;
break;
case COUNTRY_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/C=", 3, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/C=", 3, strLen)))
+ return;
break;
case LOCALITY_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/L=", 3, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/L=", 3, strLen)))
+ return;
break;
case STATE_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/ST=", 4, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/ST=", 4, strLen)))
+ return;
break;
case ORG_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/O=", 3, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/O=", 3, strLen)))
+ return;
break;
case ORGUNIT_NAME:
- if (!(ptr= AddTag(ptr, buf_end, "/OU=", 4, strLen)))
- goto err;
+ if (!(ptr = AddTag(ptr, buf_end, "/OU=", 4, strLen)))
+ return;
break;
}
sha.Update(source_.get_current(), strLen);
source_.advance(strLen);
}
- else {
+ else {
bool email = false;
if (joint[0] == 0x2a && joint[1] == 0x86) // email id hdr
email = true;
source_.advance(oidSz + 1);
word32 length = GetLength(source_);
+ if (source_.IsLeft(length) == false) return;
- if (email && !(ptr= AddTag(ptr, buf_end, "/emailAddress=", 14, length)))
- goto err;
+ if (email) {
+ if (!(ptr = AddTag(ptr, buf_end, "/emailAddress=", 14, length))) {
+ source_.SetError(CONTENT_E);
+ return;
+ }
+ }
source_.advance(length);
}
}
- *ptr= 0;
- sha.Final(nt == ISSUER ? issuerHash_ : subjectHash_);
-
- return;
-
-err:
- source_.SetError(CONTENT_E);
+ *ptr = 0;
+
+ if (nt == ISSUER)
+ sha.Final(issuerHash_);
+ else
+ sha.Final(subjectHash_);
}
@@ -785,6 +857,8 @@ void CertDecoder::GetDate(DateType dt)
}
word32 length = GetLength(source_);
+ if (source_.IsLeft(length) == false) return;
+
byte date[MAX_DATE_SZ];
if (length > MAX_DATE_SZ || length < MIN_DATE_SZ) {
source_.SetError(DATE_SZ_E);
@@ -794,8 +868,7 @@ void CertDecoder::GetDate(DateType dt)
memcpy(date, source_.get_current(), length);
source_.advance(length);
- if (!ValidateDate(date, b, dt) && verify_)
- {
+ if (!ValidateDate(date, b, dt) && verify_) {
if (dt == BEFORE)
source_.SetError(BEFORE_DATE_E);
else
@@ -856,7 +929,8 @@ void CertDecoder::GetCompareHash(const byte* plain, word32 sz, byte* digest,
// validate signature signed by someone else
bool CertDecoder::ValidateSignature(SignerList* signers)
{
- assert(signers);
+ if (!signers)
+ return false;
SignerList::iterator first = signers->begin();
SignerList::iterator last = signers->end();
@@ -1077,8 +1151,7 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
return 0;
}
word32 rLen = GetLength(source);
- if (rLen != 20)
- {
+ if (rLen != 20) {
if (rLen == 21) { // zero at front, eat
source.next();
--rLen;
@@ -1101,8 +1174,7 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
return 0;
}
word32 sLen = GetLength(source);
- if (sLen != 20)
- {
+ if (sLen != 20) {
if (sLen == 21) {
source.next(); // zero at front, eat
--sLen;
@@ -1123,6 +1195,7 @@ word32 DecodeDSA_Signature(byte* decoded, const byte* encoded, word32 sz)
}
+/*
// Get Cert in PEM format from BEGIN to END
int GetCert(Source& source)
{
@@ -1174,12 +1247,10 @@ void PKCS12_Decoder::Decode()
// Get MacData optional
- /*
- mac digestInfo like certdecoder::getdigest?
- macsalt octet string
- iter integer
+ // mac digestInfo like certdecoder::getdigest?
+ // macsalt octet string
+ // iter integer
- */
}
@@ -1199,6 +1270,7 @@ int GetPKCS_Cert(const char* password, Source& source)
return 0;
}
+*/
View Lorry Controller Status