|
@@ -0,0 +1,4026 @@
|
|
|
+/* ssl_asn1.c
|
|
|
+ *
|
|
|
+ * Copyright (C) 2006-2023 wolfSSL Inc.
|
|
|
+ *
|
|
|
+ * This file is part of wolfSSL.
|
|
|
+ *
|
|
|
+ * wolfSSL is free software; you can redistribute it and/or modify
|
|
|
+ * it under the terms of the GNU General Public License as published by
|
|
|
+ * the Free Software Foundation; either version 2 of the License, or
|
|
|
+ * (at your option) any later version.
|
|
|
+ *
|
|
|
+ * wolfSSL is distributed in the hope that it will be useful,
|
|
|
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
+ * GNU General Public License for more details.
|
|
|
+ *
|
|
|
+ * You should have received a copy of the GNU General Public License
|
|
|
+ * along with this program; if not, write to the Free Software
|
|
|
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
|
|
|
+ */
|
|
|
+
|
|
|
+#ifdef HAVE_CONFIG_H
|
|
|
+ #include <config.h>
|
|
|
+#endif
|
|
|
+
|
|
|
+#include <wolfssl/wolfcrypt/settings.h>
|
|
|
+
|
|
|
+ #include <wolfssl/internal.h>
|
|
|
+#ifndef WC_NO_RNG
|
|
|
+ #include <wolfssl/wolfcrypt/random.h>
|
|
|
+#endif
|
|
|
+
|
|
|
+#if !defined(WOLFSSL_SSL_ASN1_INCLUDED)
|
|
|
+ #ifndef WOLFSSL_IGNORE_FILE_WARN
|
|
|
+ #warning ssl_asn1.c does not need to be compiled separately from ssl.c
|
|
|
+ #endif
|
|
|
+#else
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_item APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#ifdef OPENSSL_EXTRA
|
|
|
+
|
|
|
+#ifdef OPENSSL_ALL
|
|
|
+
|
|
|
+/* Create an ASN1 item of the specified type.
|
|
|
+ *
|
|
|
+ * @param [out] item Pointer to location to place new ASN1 item.
|
|
|
+ * @param [in] type Type of ASN1 item to create.
|
|
|
+ * @return 0 on success.
|
|
|
+ * @return 1 when item type not supported.
|
|
|
+ * @return 1 when item type allocation fails.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_item_new(void** item, int type)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+
|
|
|
+ switch (type) {
|
|
|
+ case WOLFSSL_X509_ALGOR_ASN1:
|
|
|
+ *(WOLFSSL_X509_ALGOR**)item = wolfSSL_X509_ALGOR_new();
|
|
|
+ break;
|
|
|
+ case WOLFSSL_ASN1_BIT_STRING_ASN1:
|
|
|
+ *(WOLFSSL_ASN1_BIT_STRING**)item = wolfSSL_ASN1_BIT_STRING_new();
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new");
|
|
|
+ *(void**)item = NULL;
|
|
|
+ }
|
|
|
+ /* Check whether an item was put in. */
|
|
|
+ if (*(void**)item == NULL) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ return err;
|
|
|
+}
|
|
|
+
|
|
|
+/* Create a new ASN1 item based on a template.
|
|
|
+ *
|
|
|
+ * @param [in] tpl Template of ASN1 items.
|
|
|
+ * @return A new ASN1 item on success.
|
|
|
+ * @return NULL when tpl is NULL, dynamic memory allocation fails or ASN1
|
|
|
+ * item type not supported.
|
|
|
+ */
|
|
|
+void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* tpl)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ void* ret = NULL;
|
|
|
+ const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
|
|
|
+ size_t i;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
|
|
|
+
|
|
|
+ if (tpl != NULL) {
|
|
|
+ ret = (void *)XMALLOC(tpl->size, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret != NULL) {
|
|
|
+ XMEMSET(ret, 0, tpl->size);
|
|
|
+ for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
|
|
|
+ if ((err = wolfssl_asn1_item_new(
|
|
|
+ (void**)(((byte*)ret) + mem->offset), mem->type))) {
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (err) {
|
|
|
+ wolfSSL_ASN1_item_free(ret, tpl);
|
|
|
+ ret = NULL;
|
|
|
+ }
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of an ASN1 item of the specified type.
|
|
|
+ *
|
|
|
+ * @param [in, out] item Pointer to an anonymized ASN1 item to free.
|
|
|
+ * @param [in] type Type of ASN1 item to free.
|
|
|
+ */
|
|
|
+static void wolfssl_asn1_item_free(void** item, int type)
|
|
|
+{
|
|
|
+ switch (type) {
|
|
|
+ case WOLFSSL_X509_ALGOR_ASN1:
|
|
|
+ wolfSSL_X509_ALGOR_free(*(WOLFSSL_X509_ALGOR**)item);
|
|
|
+ break;
|
|
|
+ case WOLFSSL_ASN1_BIT_STRING_ASN1:
|
|
|
+ wolfSSL_ASN1_BIT_STRING_free(*(WOLFSSL_ASN1_BIT_STRING**)item);
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free");
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of ASN1 item based on a template.
|
|
|
+ *
|
|
|
+ * @param [in, out] val ASN item to free.
|
|
|
+ * @param [in, tpl Template of ASN1 items.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl)
|
|
|
+{
|
|
|
+ const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
|
|
|
+ size_t i;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
|
|
|
+
|
|
|
+ if (items != NULL) {
|
|
|
+ for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) {
|
|
|
+ wolfssl_asn1_item_free((void**)(((byte*)items) + mem->offset),
|
|
|
+ mem->type);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ XFREE(items, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+}
|
|
|
+
|
|
|
+/* Offset buf if not NULL or NULL. */
|
|
|
+#define bufLenOrNull(buf, len) ((buf != NULL) ? ((buf) + (len)) : NULL)
|
|
|
+
|
|
|
+/* Encode X509 algorithm as DER.
|
|
|
+ *
|
|
|
+ * @param [in] algor X509 algorithm object.
|
|
|
+ * @param [in, out] buf Buffer to encode into. May be NULL.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+static int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* algor, byte* buf)
|
|
|
+{
|
|
|
+ int ret;
|
|
|
+ word32 oid = 0;
|
|
|
+ word32 idx = 0;
|
|
|
+
|
|
|
+ if (algor->algorithm == 0) {
|
|
|
+ WOLFSSL_MSG("X509_ALGOR algorithm not set");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else if (GetObjectId(algor->algorithm->obj, &idx, &oid,
|
|
|
+ algor->algorithm->grp, algor->algorithm->objSz) < 0) {
|
|
|
+ WOLFSSL_MSG("Issue getting OID of object");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ ret = SetAlgoID(oid, buf, algor->algorithm->grp, 0);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode ASN.1 BIT_STRING as DER.
|
|
|
+ *
|
|
|
+ * @param [in] bit_str BIT_STRING object.
|
|
|
+ * @param [in, out] buf Buffer to encode into. May be NULL.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ */
|
|
|
+static int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bit_str,
|
|
|
+ byte* buf)
|
|
|
+{
|
|
|
+ int len;
|
|
|
+
|
|
|
+ len = SetBitString(bit_str->length, 0, buf);
|
|
|
+ if ((buf != NULL) && (bit_str->data != NULL)) {
|
|
|
+ XMEMCPY(buf + len, bit_str->data, bit_str->length);
|
|
|
+ }
|
|
|
+
|
|
|
+ return len + bit_str->length;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode ASN item as DER.
|
|
|
+ *
|
|
|
+ * @param [in] item Pointer to anonymized ASN item.
|
|
|
+ * @param [in, out] buf Buffer to encode into. May be NULL.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf)
|
|
|
+{
|
|
|
+ int len;
|
|
|
+
|
|
|
+ switch (type) {
|
|
|
+ case WOLFSSL_X509_ALGOR_ASN1:
|
|
|
+ len = wolfSSL_i2d_X509_ALGOR(*(const WOLFSSL_X509_ALGOR**)item,
|
|
|
+ buf);
|
|
|
+ break;
|
|
|
+ case WOLFSSL_ASN1_BIT_STRING_ASN1:
|
|
|
+ len = wolfSSL_i2d_ASN1_BIT_STRING(
|
|
|
+ *(const WOLFSSL_ASN1_BIT_STRING**)item, buf);
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ WOLFSSL_MSG("Type not support in processMembers");
|
|
|
+ len = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode members of an ASN.1 SEQUENCE as DER.
|
|
|
+ *
|
|
|
+ * @param [in] src ASN1 items to encode.
|
|
|
+ * @param [in, out] buf Buffer to encode into. May be NULL.
|
|
|
+ * @param [in] members ASN1 template members.
|
|
|
+ * @param [in] mcount Count of template members.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+static int wolfssl_i2d_asn1_items(const void* src, byte*buf,
|
|
|
+ const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount)
|
|
|
+{
|
|
|
+ const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
|
|
|
+ int len = 0;
|
|
|
+ int ret;
|
|
|
+ size_t i;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfssl_i2d_asn1_items");
|
|
|
+
|
|
|
+ for (mem = members, i = 0; i < mcount; mem++, i++) {
|
|
|
+ ret = wolfssl_i2d_asn1_item((void**)(((byte*)src) + mem->offset),
|
|
|
+ mem->type, bufLenOrNull(buf, len));
|
|
|
+ if (ret == 0) {
|
|
|
+ len = 0;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ len += ret;
|
|
|
+ }
|
|
|
+
|
|
|
+ WOLFSSL_LEAVE("wolfssl_i2d_asn1_items", len);
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode sequence and items under it.
|
|
|
+ *
|
|
|
+ * @param [in] src ASN1 items to encode.
|
|
|
+ * @param [in, out] buf Buffer to encode into. May be NULL.
|
|
|
+ * @param [in] tpl Template of ASN1 items.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+static int i2d_ASN_SEQUENCE(const void* src, byte* buf,
|
|
|
+ const WOLFSSL_ASN1_ITEM* tpl)
|
|
|
+{
|
|
|
+ int seq_len;
|
|
|
+ int len = 0;
|
|
|
+
|
|
|
+ seq_len = wolfssl_i2d_asn1_items(src, NULL, tpl->members, tpl->mcount);
|
|
|
+ if (seq_len != 0) {
|
|
|
+ len = SetSequence(seq_len, buf);
|
|
|
+ if (buf != NULL) {
|
|
|
+ wolfssl_i2d_asn1_items(src, buf + len, tpl->members, tpl->mcount);
|
|
|
+ }
|
|
|
+ len += seq_len;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode ASN1 template item.
|
|
|
+ *
|
|
|
+ * @param [in] src ASN1 items to encode.
|
|
|
+ * @param [in, out] buf Buffer to encode into. May be NULL.
|
|
|
+ * @param [in] tpl Template of ASN1 items.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_item_encode(const void* src, byte* buf,
|
|
|
+ const WOLFSSL_ASN1_ITEM* tpl)
|
|
|
+{
|
|
|
+ int len;
|
|
|
+
|
|
|
+ switch (tpl->type) {
|
|
|
+ case ASN_SEQUENCE:
|
|
|
+ len = i2d_ASN_SEQUENCE(src, buf, tpl);
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
|
|
|
+ len = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode ASN1 template.
|
|
|
+ *
|
|
|
+ * @param [in] src ASN1 items to encode.
|
|
|
+ * @param [in, out] dest Pointer to buffer to encode into. May be NULL.
|
|
|
+ * @param [in] tpl Template of ASN1 items.
|
|
|
+ * @return Length of DER encoding on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_item_i2d(const void* src, byte** dest,
|
|
|
+ const WOLFSSL_ASN1_ITEM* tpl)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ int len = 0;
|
|
|
+ byte* buf = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((src == NULL) || (tpl == NULL)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if ((ret == 1) && ((len = wolfssl_asn1_item_encode(src, NULL, tpl)) == 0)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if ((ret == 1) && (dest != NULL)) {
|
|
|
+ if (*dest == NULL) {
|
|
|
+ buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
|
|
|
+ if (buf == NULL)
|
|
|
+ ret = 0;
|
|
|
+ *dest = buf;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ len = wolfssl_asn1_item_encode(src, *dest, tpl);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 0) {
|
|
|
+ XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
|
|
|
+ len = 0;
|
|
|
+ }
|
|
|
+ WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_ALL */
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_BIT_STRING APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
|
|
+/* Create a new ASN.1 BIT_STRING object.
|
|
|
+ *
|
|
|
+ * @return ASN.1 BIT_STRING object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_BIT_STRING* bitStr;
|
|
|
+
|
|
|
+ bitStr = (WOLFSSL_ASN1_BIT_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_BIT_STRING),
|
|
|
+ NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (bitStr) {
|
|
|
+ XMEMSET(bitStr, 0, sizeof(WOLFSSL_ASN1_BIT_STRING));
|
|
|
+ }
|
|
|
+
|
|
|
+ return bitStr;
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of ASN.1 BIT_STRING object.
|
|
|
+ *
|
|
|
+ * Do not use bitStr after calling this function.
|
|
|
+ *
|
|
|
+ * @param [in, out] bitStr ASN.1 BIT_STRING to free. May be NULL.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* bitStr)
|
|
|
+{
|
|
|
+ if (bitStr != NULL) {
|
|
|
+ /* Dispose of any data allocated in BIT_STRING. */
|
|
|
+ XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ }
|
|
|
+ /* Dispose of the ASN.1 BIT_STRING object. */
|
|
|
+ XFREE(bitStr, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+}
|
|
|
+
|
|
|
+/* Get the value of the bit from the ASN.1 BIT_STRING at specified index.
|
|
|
+ *
|
|
|
+ * A NULL object a value of 0 for the bit at all indices.
|
|
|
+ * A negative index has a value of 0 for the bit.
|
|
|
+ *
|
|
|
+ * @param [in] bitStr ASN.1 BIT_STRING object.
|
|
|
+ * @param [in] i Index of bit.
|
|
|
+ * @return Value of bit.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr,
|
|
|
+ int i)
|
|
|
+{
|
|
|
+ int bit = 0;
|
|
|
+
|
|
|
+ /* Check for data and whether index is in range. */
|
|
|
+ if ((bitStr != NULL) && (bitStr->data != NULL) && (i >= 0) &&
|
|
|
+ (bitStr->length > (i / 8))) {
|
|
|
+ bit = (bitStr->data[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return bit;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
|
|
+
|
|
|
+#if defined(OPENSSL_ALL) && !defined(NO_CERTS)
|
|
|
+
|
|
|
+/* Grow data to require length.
|
|
|
+ *
|
|
|
+ * @param [in] bitStr ASN.1 BIT_STRING object.
|
|
|
+ * @param [in] len Length, in bytes, of data required.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr,
|
|
|
+ int len)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ byte* tmp;
|
|
|
+
|
|
|
+ /* Realloc to length required. */
|
|
|
+ tmp = (byte*)XREALLOC(bitStr->data, len, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (tmp == NULL) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Clear out new, top bytes. */
|
|
|
+ XMEMSET(tmp + bitStr->length, 0, len - bitStr->length);
|
|
|
+ bitStr->data = tmp;
|
|
|
+ bitStr->length = len;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Set the value of a bit in the ASN.1 BIT_STRING at specified index.
|
|
|
+ *
|
|
|
+ * @param [in] bitStr ASN.1 BIT_STRING object.
|
|
|
+ * @param [in] idx Index of bit to set.
|
|
|
+ * @param [in] val Value of bit to set. Valid values: 0 or 1.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when bitStr is NULL, idx is negative, val is not 0 or 1, or
|
|
|
+ * dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx,
|
|
|
+ int val)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ int i = 0;
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bitStr == NULL) || (idx < 0) || ((val != 0) && (val != 1))) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ i = idx / 8;
|
|
|
+
|
|
|
+ /* Check if we need to extend data range. */
|
|
|
+ if ((i >= bitStr->length) && (val != 0)) {
|
|
|
+ /* Realloc data to handle having bit set at index. */
|
|
|
+ ret = wolfssl_asn1_bit_string_grow(bitStr, i + 1);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if ((ret == 1) && (i < bitStr->length)) {
|
|
|
+ /* Bit on at index. */
|
|
|
+ byte bit = 1 << (7 - (idx % 8));
|
|
|
+
|
|
|
+ /* Clear bit and set to value. */
|
|
|
+ bitStr->data[i] &= ~bit;
|
|
|
+ bitStr->data[i] |= bit & (byte)(0 - val);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_ALL && !NO_CERTS */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_INTEGER APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
|
|
|
+/* Create a new empty ASN.1 INTEGER object.
|
|
|
+ *
|
|
|
+ * @return ASN.1 INTEGER object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_INTEGER* a;
|
|
|
+
|
|
|
+ /* Allocate a new ASN.1 INTEGER object. */
|
|
|
+ a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
|
|
|
+ DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (a != NULL) {
|
|
|
+ XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER));
|
|
|
+ /* Use fixed buffer field for data. */
|
|
|
+ a->data = a->intData;
|
|
|
+ a->isDynamic = 0;
|
|
|
+ /* Maximum supported by fixed buffer. */
|
|
|
+ a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
|
|
|
+ /* No value set - no data. */
|
|
|
+ a->length = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return a;
|
|
|
+}
|
|
|
+
|
|
|
+/* Free the ASN.1 INTEGER object and any dynamically allocated data.
|
|
|
+ *
|
|
|
+ * @param [in, out] in ASN.1 INTEGER object.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in)
|
|
|
+{
|
|
|
+ if ((in != NULL) && (in->isDynamic)) {
|
|
|
+ /* Dispose of any data allocated in BIT_STRING. */
|
|
|
+ XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ }
|
|
|
+ /* Dispose of the ASN.1 INTEGER object. */
|
|
|
+ XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+}
|
|
|
+
|
|
|
+/* Reset the data of ASN.1 INTEGER object back to empty fixed array.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 INTEGER object.
|
|
|
+ */
|
|
|
+static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a)
|
|
|
+{
|
|
|
+ /* Don't use dynamic buffer anymore. */
|
|
|
+ if (a->isDynamic) {
|
|
|
+ /* Cache pointer to allocated data. */
|
|
|
+ unsigned char* data = a->data;
|
|
|
+ /* No longer dynamic. */
|
|
|
+ a->isDynamic = 0;
|
|
|
+ /* Point data at fixed array. */
|
|
|
+ a->data = a->intData;
|
|
|
+ /* Set maximum length to fixed array size. */
|
|
|
+ a->dataMax = (unsigned int)sizeof(a->intData);
|
|
|
+ /* Dispose of dynamically allocated data. */
|
|
|
+ XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ }
|
|
|
+ /* Clear out data from fixed array. */
|
|
|
+ XMEMSET(a->intData, 0, sizeof(a->intData));
|
|
|
+ /* No data, no length. */
|
|
|
+ a->length = 0;
|
|
|
+ /* No data, not negative. */
|
|
|
+ a->negative = 0;
|
|
|
+ /* Set type to positive INTEGER. */
|
|
|
+ a->type = V_ASN1_INTEGER;
|
|
|
+}
|
|
|
+
|
|
|
+/* Setup ASN.1 INTEGER object to handle data of required length.
|
|
|
+ *
|
|
|
+ * @param [in, out] a ASN.1 INTEGER object.
|
|
|
+ * @param [in] len Required length in bytes.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 on dynamic memory allocation failure.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
|
|
|
+ int keepOldData)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ byte* data;
|
|
|
+ byte* oldData = a->intData;
|
|
|
+ int oldLen = a->length;
|
|
|
+
|
|
|
+ if (a->isDynamic && (len > (int)a->dataMax)) {
|
|
|
+ oldData = a->data;
|
|
|
+ a->isDynamic = 0;
|
|
|
+ a->data = a->intData;
|
|
|
+ a->dataMax = (unsigned int)sizeof(a->intData);
|
|
|
+ }
|
|
|
+ a->length = 0;
|
|
|
+ if ((!a->isDynamic) && (len > (int)a->dataMax)) {
|
|
|
+ /* Create a new buffer to hold large integer value. */
|
|
|
+ data = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (a->data == NULL) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Indicate data is dynamic and copy data over. */
|
|
|
+ a->isDynamic = 1;
|
|
|
+ a->data = data;
|
|
|
+ a->dataMax = len;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (keepOldData) {
|
|
|
+ if (oldData != a->data) {
|
|
|
+ /* Copy old data into new buffer. */
|
|
|
+ XMEMCPY(a->data, oldData, oldLen);
|
|
|
+ }
|
|
|
+ /* Restore old length. */
|
|
|
+ a->length = oldLen;
|
|
|
+ }
|
|
|
+ if (oldData != a->intData) {
|
|
|
+ /* Dispose of the old dynamic data. */
|
|
|
+ XFREE(oldData, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Duplicate the ASN.1 INTEGER object into a newly allocated one.
|
|
|
+ *
|
|
|
+ * @param [in] src ASN.1 INTEGER object to copy.
|
|
|
+ * @return ASN.1 INTEGER object on success.
|
|
|
+ * @return NULL when src is NULL or dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_INTEGER* dup = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup");
|
|
|
+
|
|
|
+ /* Check for object to duplicate. */
|
|
|
+ if (src != NULL) {
|
|
|
+ /* Create a new ASN.1 INTEGER object to be copied into. */
|
|
|
+ dup = wolfSSL_ASN1_INTEGER_new();
|
|
|
+ }
|
|
|
+ /* Check for object to copy into. */
|
|
|
+ if (dup != NULL) {
|
|
|
+ /* Copy simple fields. */
|
|
|
+ dup->length = src->length;
|
|
|
+ dup->negative = src->negative;
|
|
|
+ dup->type = src->type;
|
|
|
+
|
|
|
+ if (!src->isDynamic) {
|
|
|
+ /* Copy over data from/to fixed buffer. */
|
|
|
+ XMEMCPY(dup->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
|
|
|
+ }
|
|
|
+ else if (wolfssl_asn1_integer_require_len(dup, src->length, 0) == 0) {
|
|
|
+ wolfSSL_ASN1_INTEGER_free(dup);
|
|
|
+ dup = NULL;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ XMEMCPY(dup->data, src->data, src->length);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return dup;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA)
|
|
|
+
|
|
|
+/* Compare values in two ASN.1 INTEGER objects.
|
|
|
+ *
|
|
|
+ * @param [in] a First ASN.1 INTEGER object.
|
|
|
+ * @param [in] b Second ASN.1 INTEGER object.
|
|
|
+ * @return Negative value when a is less than b.
|
|
|
+ * @return 0 when a equals b.
|
|
|
+ * @return Positive value when a is greater than b.
|
|
|
+ * @return -1 when a or b is NULL.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
|
|
|
+ const WOLFSSL_ASN1_INTEGER* b)
|
|
|
+{
|
|
|
+ int ret = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_cmp");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((a == NULL) || (b == NULL)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter.");
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ /* Negative value < Positive value */
|
|
|
+ else if (a->negative && !b->negative) {
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ /* Positive value > Negative value */
|
|
|
+ else if (!a->negative && b->negative) {
|
|
|
+ ret = 1;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Check for difference in length. */
|
|
|
+ if (a->length != b->length) {
|
|
|
+ ret = a->length - b->length;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Compare data given they are the same length. */
|
|
|
+ ret = XMEMCMP(a->data, b->data, a->length);
|
|
|
+ }
|
|
|
+ /* Reverse comparison result when both negative. */
|
|
|
+ if (a->negative) {
|
|
|
+ ret = -ret;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_cmp", ret);
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+/* Calculate 2's complement of DER encoding.
|
|
|
+ *
|
|
|
+ * @param [in] data Array that is number.
|
|
|
+ * @param [in] length Number of bytes in array.
|
|
|
+ * @return 0 on success.
|
|
|
+ * @return -1 when get length from DER header failed.
|
|
|
+ */
|
|
|
+static void wolfssl_twos_compl(byte* data, int length)
|
|
|
+{
|
|
|
+ int i;
|
|
|
+
|
|
|
+ /* Invert bits - 1's complement. */
|
|
|
+ for (i = 0; i < length; ++i) {
|
|
|
+ data[i] = ~data[i];
|
|
|
+ }
|
|
|
+ /* 2's complement - add 1. */
|
|
|
+ for (i = length - 1; (++data[i]) == 0; --i) {
|
|
|
+ /* Do nothing. */
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+/* Calculate 2's complement of DER encoding.
|
|
|
+ *
|
|
|
+ * @param [in] data Array that is number.
|
|
|
+ * @param [in] length Number of bytes in array.
|
|
|
+ * @param [out] neg When NULL, 2's complement data.
|
|
|
+ * When not NULL, check for negative first and return.
|
|
|
+ * @return 0 on success.
|
|
|
+ * @return -1 when get length from DER header failed.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
|
|
|
+{
|
|
|
+ int ret = 0;
|
|
|
+ word32 idx = 1; /* Skip tag. */
|
|
|
+ int len;
|
|
|
+
|
|
|
+ /* Get length from DER header. */
|
|
|
+ if (GetLength(data, &idx, &len, length) < 0) {
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ if (neg != NULL) {
|
|
|
+ *neg = data[idx] & 0x80;
|
|
|
+ }
|
|
|
+ if ((neg == NULL) || (*neg != 0)) {
|
|
|
+ wolfssl_twos_compl(data + idx, length - idx);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Encode ASN.1 INTEGER as DER without tag.
|
|
|
+ *
|
|
|
+ * When out points to NULL, a new buffer is allocated and returned.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 INTEGER object.
|
|
|
+ * @param [in, out] out Pointer to buffer to hold encoding. May point to NULL.
|
|
|
+ * @return Length of encoding on success.
|
|
|
+ * @return -1 when a is NULL or no data, out is NULL, dynamic memory allocation
|
|
|
+ * fails or encoding length fails.
|
|
|
+ */
|
|
|
+int wolfSSL_i2d_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER* a, unsigned char** out)
|
|
|
+{
|
|
|
+ int ret = 0;
|
|
|
+ byte* buf = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((a == NULL) || (a->data == NULL) || (a->length <= 0) || (out == NULL)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter.");
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if ((ret == 0) && (*out == NULL)) {
|
|
|
+ /* Allocate buffer to hold encoding. */
|
|
|
+ buf = (unsigned char*)XMALLOC(a->length, NULL, DYNAMIC_TYPE_ASN1);
|
|
|
+ if (buf == NULL) {
|
|
|
+ WOLFSSL_MSG("Failed to allocate output buffer.");
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ /* Return any allocated buffer. */
|
|
|
+ *out = buf;
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ /* Copy the data (including tag and length) into output buffer. */
|
|
|
+ XMEMCPY(*out, a->data, a->length);
|
|
|
+ /* Only magnitude of the number stored (i.e. the sign isn't encoded).
|
|
|
+ * The "negative" field is 1 if the value must be interpreted as
|
|
|
+ * negative and we need to output the 2's complement of the value in
|
|
|
+ * the DER output.
|
|
|
+ */
|
|
|
+ if (a->negative) {
|
|
|
+ ret = wolfssl_asn1_int_twos_compl(*out, a->length, NULL);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 0) {
|
|
|
+ ret = a->length;
|
|
|
+ /* Move pointer on passed encoding when buffer passed in. */
|
|
|
+ if (buf == NULL) {
|
|
|
+ *out += a->length;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Dispose of any dynamically allocated data on error. */
|
|
|
+ else if (buf != NULL) {
|
|
|
+ /* Dispose of buffer allocated locally on error. */
|
|
|
+ XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
|
|
|
+ /* Don't return freed buffer. */
|
|
|
+ *out = NULL;
|
|
|
+ }
|
|
|
+
|
|
|
+ WOLFSSL_LEAVE("wolfSSL_i2d_ASN1_INTEGER", ret);
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Decode DER encoding of ASN.1 INTEGER.
|
|
|
+ *
|
|
|
+ * @param [out] a ASN.1 INTEGER object. May be NULL.
|
|
|
+ * @param [in, out] in Pointer to buffer containing DER encoding.
|
|
|
+ * @param [in] inSz Length of data in buffer.
|
|
|
+ * @return ASN.1 INTEGER object on success.
|
|
|
+ * @return NULL when in or *in is NULL, inSz is less than or equal to 2 or
|
|
|
+ * parsing DER failed.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
|
|
|
+ const unsigned char** in, long inSz)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_INTEGER* ret = NULL;
|
|
|
+ int err = 0;
|
|
|
+ word32 idx = 1;
|
|
|
+ int len = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_d2i_ASN1_INTEGER");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((in == NULL) || (*in == NULL) || (inSz <= 2)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check that the tag is correct. */
|
|
|
+ if ((!err) && (*in)[0] != ASN_INTEGER) {
|
|
|
+ WOLFSSL_MSG("Tag doesn't indicate integer type.");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ /* Check that length and use this instead of inSz. */
|
|
|
+ if ((!err) && (GetLength(*in, &idx, &len, (word32)inSz) <= 0)) {
|
|
|
+ WOLFSSL_MSG("ASN.1 length not valid.");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ /* Allocate a new ASN.1 INTEGER object. */
|
|
|
+ if ((!err) && ((ret = wolfSSL_ASN1_INTEGER_new()) == NULL)) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ if ((!err) && (wolfssl_asn1_integer_require_len(ret, idx + len, 0) != 1)) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ if (!err) {
|
|
|
+ /* Set type. */
|
|
|
+ ret->type = V_ASN1_INTEGER;
|
|
|
+
|
|
|
+ /* Copy DER encoding and length. */
|
|
|
+ XMEMCPY(ret->data, *in, idx + len);
|
|
|
+ ret->length = idx + len;
|
|
|
+ /* Do 2's complement if number is negative. */
|
|
|
+ if (wolfssl_asn1_int_twos_compl(ret->data, ret->length, &ret->negative)
|
|
|
+ != 0) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if ((!err) && ret->negative) {
|
|
|
+ /* Update type if number was negative. */
|
|
|
+ ret->type |= V_ASN1_NEG_INTEGER;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (err) {
|
|
|
+ /* Dispose of dynamically allocated data on error. */
|
|
|
+ wolfSSL_ASN1_INTEGER_free(ret);
|
|
|
+ ret = NULL;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ if (a != NULL) {
|
|
|
+ /* Return ASN.1 INTEGER through a. */
|
|
|
+ *a = ret;
|
|
|
+ }
|
|
|
+ *in += ret->length;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_BIO
|
|
|
+
|
|
|
+/* Get length of leading hexadecimal characters.
|
|
|
+ *
|
|
|
+ * Looks for continuation character before carriage returns and line feeds.
|
|
|
+ *
|
|
|
+ * @param [in] str String with input.
|
|
|
+ * @param [in] len Length of string.
|
|
|
+ * @param [out] cont Line continuation character at end of line before
|
|
|
+ * carriage returns and line feeds.
|
|
|
+ * @return Number of leading hexadecimal characters in string.
|
|
|
+ */
|
|
|
+static int wolfssl_a2i_asn1_integer_clear_to_eol(char* str, int len, int* cont)
|
|
|
+{
|
|
|
+ byte num;
|
|
|
+ word32 nLen;
|
|
|
+ int i;
|
|
|
+
|
|
|
+ /* Strip off trailing carriage returns and line feeds. */
|
|
|
+ while ((len > 0) && ((str[len - 1] == '\n') || (str[len - 1] == '\r'))) {
|
|
|
+ len--;
|
|
|
+ }
|
|
|
+ /* Check for line continuation character. */
|
|
|
+ if ((len > 0) && (str[len - 1] == '\\')) {
|
|
|
+ *cont = 1;
|
|
|
+ len--;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ *cont = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Find end of hexadecimal characters. */
|
|
|
+ nLen = 1;
|
|
|
+ for (i = 0; i < len; i++) {
|
|
|
+ /* Check if character is a hexadecimal character. */
|
|
|
+ if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) == ASN_INPUT_E)
|
|
|
+ {
|
|
|
+ /* Found end of hexadecimal characters, return count. */
|
|
|
+ len = i;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Read number from BIO as a string.
|
|
|
+ *
|
|
|
+ * Line continuation character at end of line means next line must be read.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to read from.
|
|
|
+ * @param [in] asn1 ASN.1 INTEGER object to put number into.
|
|
|
+ * @param [in, out] buf Buffer to use when reading.
|
|
|
+ * @param [in] size Length of buffer in bytes.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
|
|
|
+ char *buf, int size)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ int readNextLine = 1;
|
|
|
+ int lineLen;
|
|
|
+ int len;
|
|
|
+ word32 outLen = 0;
|
|
|
+ const int hdrSz = 1 + MAX_LENGTH_SZ;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_a2i_ASN1_INTEGER");
|
|
|
+
|
|
|
+ if ((bio == NULL) || (asn1 == NULL) || (buf == NULL) || (size <= 0)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ while ((ret == 1) && readNextLine) {
|
|
|
+ /* Assume we won't be reading any more. */
|
|
|
+ readNextLine = 0;
|
|
|
+
|
|
|
+ /* Read a line. */
|
|
|
+ lineLen = wolfSSL_BIO_gets(bio, buf, size);
|
|
|
+ if (lineLen <= 0) {
|
|
|
+ WOLFSSL_MSG("wolfSSL_BIO_gets error");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Find length of hexadecimal digits in string. */
|
|
|
+ lineLen = wolfssl_a2i_asn1_integer_clear_to_eol(buf, lineLen,
|
|
|
+ &readNextLine);
|
|
|
+ /* Check we have a valid hexadecimal string to process. */
|
|
|
+ if ((lineLen == 0) || ((lineLen % 2) != 0)) {
|
|
|
+ WOLFSSL_MSG("Invalid line length");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Calculate length of complete number so far. */
|
|
|
+ len = asn1->length + (lineLen / 2);
|
|
|
+ /* Make sure enough space for number and maximum header. */
|
|
|
+ if (wolfssl_asn1_integer_require_len(asn1, len + hdrSz, outLen != 0)
|
|
|
+ != 1) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Decode string and append to data. */
|
|
|
+ outLen = (word32)(lineLen / 2);
|
|
|
+ (void)Base16_Decode((byte*)buf, lineLen, asn1->data + asn1->length,
|
|
|
+ &outLen);
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Update length of data. */
|
|
|
+ asn1->length += outLen;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ int idx;
|
|
|
+
|
|
|
+ /* Get ASN.1 header length. */
|
|
|
+ idx = SetASNInt(asn1->length, asn1->data[0], NULL);
|
|
|
+ /* Move data to be after ASN.1 header. */
|
|
|
+ XMEMMOVE(asn1->data + idx, asn1->data, asn1->length);
|
|
|
+ /* Encode ASN.1 header. */
|
|
|
+ SetASNInt(asn1->length, asn1->data[idx], asn1->data);
|
|
|
+ /* Update length of data. */
|
|
|
+ asn1->length += idx;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Write out number in ASN.1 INTEGER object to BIO as string.
|
|
|
+ *
|
|
|
+ * @param [in] bp BIO to write to.
|
|
|
+ * @param [in] a ASN.1 INTEGER object.
|
|
|
+ * @return Number of characters written on success.
|
|
|
+ * @return 0 when bp or a is NULL.
|
|
|
+ * @return 0 DER header in data is invalid.
|
|
|
+ */
|
|
|
+int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ word32 idx = 1; /* Skip ASN.1 INTEGER tag byte. */
|
|
|
+ int len = 0;
|
|
|
+ byte buf[WOLFSSL_ASN1_INTEGER_MAX * 2 + 1];
|
|
|
+ word32 bufLen;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bp == NULL) || (a == NULL)) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!err) {
|
|
|
+ /* Read DER length - must be at least 1 byte. */
|
|
|
+ if (GetLength(a->data, &idx, &len, a->length) <= 0) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Keep encoding and writing while no error and bytes in data. */
|
|
|
+ while ((!err) && (idx < (word32)a->length)) {
|
|
|
+ /* Number of bytes left to encode. */
|
|
|
+ int encLen = a->length - idx;
|
|
|
+ /* Reduce to maximum buffer size if necessary. */
|
|
|
+ if (encLen > (int)sizeof(buf) / 2) {
|
|
|
+ encLen = (int)sizeof(buf) / 2;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Encode bytes from data into buffer. */
|
|
|
+ bufLen = (int)sizeof(buf);
|
|
|
+ (void)Base16_Encode(a->data + idx, encLen, buf, &bufLen);
|
|
|
+ /* Update index to next bytes to encoded. */
|
|
|
+ idx += encLen;
|
|
|
+
|
|
|
+ /* Write out characters but not NUL char. */
|
|
|
+ if (wolfSSL_BIO_write(bp, buf, bufLen - 1) != (int)(bufLen - 1)) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (err) {
|
|
|
+ /* Return 0 on error. */
|
|
|
+ len = 0;
|
|
|
+ }
|
|
|
+ /* Return total number of characters written. */
|
|
|
+ return len * 2;
|
|
|
+}
|
|
|
+#endif /* !NO_BIO */
|
|
|
+
|
|
|
+#ifndef NO_ASN
|
|
|
+/* Determine if a pad byte is required and its value for a number.
|
|
|
+ *
|
|
|
+ * Assumes values pointed to by pad and padVal are both 0.
|
|
|
+ *
|
|
|
+ * @param [in] data Number encoded as big-endian bytes.
|
|
|
+ * @param [in] len Length of number in bytes.
|
|
|
+ * @param [in, out] neg Indicates number is negative.
|
|
|
+ * @param [out] pad Number of padding bytes required.
|
|
|
+ * @param [out] padVal Padding byte to preprend.
|
|
|
+ */
|
|
|
+static void wolfssl_asn1_integer_pad(unsigned char* data, int len,
|
|
|
+ unsigned char* neg, char* pad, unsigned char* padVal)
|
|
|
+{
|
|
|
+ /* Check for empty data. */
|
|
|
+ if (len == 0) {
|
|
|
+ *pad = 1;
|
|
|
+ *padVal = 0x00;
|
|
|
+ *neg = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Get first, most significant, byte of encoded number. */
|
|
|
+ unsigned char firstByte = data[0];
|
|
|
+
|
|
|
+ /* 0 can't be negative. */
|
|
|
+ if ((len == 1) && (firstByte == 0x00)) {
|
|
|
+ *neg = 0;
|
|
|
+ }
|
|
|
+ /* Positive value must not have top bit of first byte set. */
|
|
|
+ if ((!*neg) && (firstByte >= 0x80)) {
|
|
|
+ *pad = 1;
|
|
|
+ *padVal = 0x00;
|
|
|
+ }
|
|
|
+ /* Negative numbers are two's complemented.
|
|
|
+ * Two's complement value must have top bit set.
|
|
|
+ */
|
|
|
+ else if (*neg && (firstByte > 0x80)) {
|
|
|
+ *pad = 1;
|
|
|
+ *padVal = 0xff;
|
|
|
+ }
|
|
|
+ /* Checking for: 0x80[00]*
|
|
|
+ * when negative that when two's complemented will be: 0x80[00]*
|
|
|
+ * and therefore doesn't require pad byte.
|
|
|
+ */
|
|
|
+ else if (*neg && (firstByte == 0x80)) {
|
|
|
+ int i;
|
|
|
+ /* Check rest of bytes. */
|
|
|
+ for (i = 1; i < len; i++) {
|
|
|
+ if (data[i] != 0x00) {
|
|
|
+ /* Not 0x80[00]* */
|
|
|
+ *pad = 1;
|
|
|
+ *padVal = 0xff;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+/* Convert ASN.1 INTEGER object into content octets.
|
|
|
+ *
|
|
|
+ * TODO: compatibility with OpenSSL? OpenSSL assumes data not DER encoded.
|
|
|
+ *
|
|
|
+ * When pp points to a buffer, on success pp will point to after the encoded
|
|
|
+ * data.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 INTEGER object.
|
|
|
+ * @param [in, out] pp Pointer to buffer. May be NULL. Cannot point to NULL.
|
|
|
+ * @return Length of encoding on success.
|
|
|
+ * @return 0 when a is NULL, pp points to NULL or DER length encoding invalid.
|
|
|
+ */
|
|
|
+int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ int len = 0;
|
|
|
+ char pad = 0;
|
|
|
+ unsigned char padVal = 0;
|
|
|
+ word32 idx = 1;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((a == NULL) || ((pp != NULL) && (*pp == NULL))) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Get length from DER encoding. */
|
|
|
+ if ((!err) && (GetLength_ex(a->data, &idx, &len, a->dataMax, 0) < 0)) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!err) {
|
|
|
+ /* Determine pad length and value. */
|
|
|
+ wolfssl_asn1_integer_pad(a->data + idx, len, &a->negative, &pad,
|
|
|
+ &padVal);
|
|
|
+ /* Total encoded length is number length plus one when padding. */
|
|
|
+ len += (int)pad;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check buffer supplied to write into. */
|
|
|
+ if ((!err) && (pp != NULL)) {
|
|
|
+ /* Put in any pad byte. */
|
|
|
+ if (pad) {
|
|
|
+ (*pp)[0] = padVal;
|
|
|
+ }
|
|
|
+ /* Copy remaining bytes into output buffer. */
|
|
|
+ XMEMCPY(*pp + pad, a->data + idx, len - pad);
|
|
|
+ /* Two's complement copied bytes when negative. */
|
|
|
+ if (a->negative) {
|
|
|
+ wolfssl_twos_compl(*pp + pad, len - pad);
|
|
|
+ }
|
|
|
+ /* Move pointer past encoded data. */
|
|
|
+ *pp += len;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Make a big number with the value in the ASN.1 INTEGER object.
|
|
|
+ *
|
|
|
+ * A new big number object is allocated when bn is NULL.
|
|
|
+ *
|
|
|
+ * @param [in] ai ASN.1 INTEGER object.
|
|
|
+ * @param [in] bn Big number object. May be NULL.
|
|
|
+ * @return Big number object on success.
|
|
|
+ * @return NULL when ai is NULL or converting from binary fails.
|
|
|
+ */
|
|
|
+WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
|
|
|
+ WOLFSSL_BIGNUM *bn)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ word32 idx = 1;
|
|
|
+ int len = 0;
|
|
|
+ WOLFSSL_BIGNUM* ret = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if (ai == NULL) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!err) {
|
|
|
+ /* Get the length of ASN.1 INTEGER number. */
|
|
|
+ if ((ai->data[0] != ASN_INTEGER) || (GetLength(ai->data, &idx, &len,
|
|
|
+ ai->length) <= 0)) {
|
|
|
+ #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
|
|
|
+ idx = 0;
|
|
|
+ len = ai->length;
|
|
|
+ #else
|
|
|
+ WOLFSSL_MSG("Data in WOLFSSL_ASN1_INTEGER not DER encoded");
|
|
|
+ err = 1;
|
|
|
+ #endif
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (!err) {
|
|
|
+ /* Convert binary to big number. */
|
|
|
+ ret = wolfSSL_BN_bin2bn(ai->data + idx, len, bn);
|
|
|
+ if (ret != NULL) {
|
|
|
+ /* Handle negative. */
|
|
|
+ (void)wolfssl_bn_set_neg(ret, ai->negative);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* !NO_ASN */
|
|
|
+
|
|
|
+/* Create an ASN.1 INTEGER object from big number.
|
|
|
+ *
|
|
|
+ * Allocates a new ASN.1 INTEGER object when ai is NULL.
|
|
|
+ *
|
|
|
+ * @param [in] bn Big number to encode.
|
|
|
+ * @param [in] ai ASN.1 INTEGER object. May be NULL.
|
|
|
+ * @return ASN.1 INTEGER object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
|
|
|
+ WOLFSSL_ASN1_INTEGER *ai)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ WOLFSSL_ASN1_INTEGER* a = NULL;
|
|
|
+ int len = 0;
|
|
|
+ int numBits = 0;
|
|
|
+ byte firstByte = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_BN_to_ASN1_INTEGER");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if (bn == NULL) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ /* Use ASN.1 INTEGER object if provided. */
|
|
|
+ else if (ai != NULL) {
|
|
|
+ a = ai;
|
|
|
+ }
|
|
|
+ /* Create an ASN.1 INTEGER object to return. */
|
|
|
+ else {
|
|
|
+ a = wolfSSL_ASN1_INTEGER_new();
|
|
|
+ if (a == NULL) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check we have an ASN.1 INTEGER object to set. */
|
|
|
+ if (!err) {
|
|
|
+ int length;
|
|
|
+
|
|
|
+ /* Set type and negative. */
|
|
|
+ a->type = V_ASN1_INTEGER;
|
|
|
+ if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
|
|
|
+ a->negative = 1;
|
|
|
+ a->type |= V_ASN1_NEG_INTEGER;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Get length in bytes of encoded number. */
|
|
|
+ len = wolfSSL_BN_num_bytes(bn);
|
|
|
+ if (len == 0) {
|
|
|
+ len = 1;
|
|
|
+ }
|
|
|
+ /* Get length in bits of encoded number. */
|
|
|
+ numBits = wolfSSL_BN_num_bits(bn);
|
|
|
+ /* Leading zero required if most-significant byte has top bit set. */
|
|
|
+ if ((numBits % 8) == 7) {
|
|
|
+ firstByte = 0x80;
|
|
|
+ }
|
|
|
+ /* Get length of header based on length of number. */
|
|
|
+ length = SetASNInt(len, firstByte, NULL);
|
|
|
+ if (firstByte != 0) {
|
|
|
+ /* Add one for leading zero. */
|
|
|
+ length++;
|
|
|
+ }
|
|
|
+ /* Add number of bytes to encode number. */
|
|
|
+ length += len;
|
|
|
+
|
|
|
+ /* Update data field to handle length. */
|
|
|
+ if (wolfssl_asn1_integer_require_len(a, length, 0) != 1) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (!err) {
|
|
|
+ /* Write ASN.1 header. */
|
|
|
+ int idx = SetASNInt(len, firstByte, a->data);
|
|
|
+
|
|
|
+ /* Populate data. */
|
|
|
+ if (numBits == 0) {
|
|
|
+ a->data[idx] = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ if (firstByte != 0) {
|
|
|
+ a->data[idx++] = 0;
|
|
|
+ }
|
|
|
+ /* Add encoded number. */
|
|
|
+ len = wolfSSL_BN_bn2bin(bn, a->data + idx);
|
|
|
+ if (len < 0) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Set length to encoded length. */
|
|
|
+ a->length = idx + len;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (err) {
|
|
|
+ /* Can't use ASN.1 INTEGER object. */
|
|
|
+ if (a != ai) {
|
|
|
+ wolfSSL_ASN1_INTEGER_free(a);
|
|
|
+ }
|
|
|
+ a = NULL;
|
|
|
+ }
|
|
|
+ return a;
|
|
|
+}
|
|
|
+
|
|
|
+/* Get the value of the ASN.1 INTEGER as a long.
|
|
|
+ *
|
|
|
+ * Returning 0 on NULL and -1 on error is consistent with OpenSSL.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 INTEGER object.
|
|
|
+ * @return Value as a long.
|
|
|
+ * @return 0 when a is NULL.
|
|
|
+ * @return -1 when a big number operation fails.
|
|
|
+ */
|
|
|
+long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a)
|
|
|
+{
|
|
|
+ long ret = 1;
|
|
|
+ WOLFSSL_BIGNUM* bn = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_get");
|
|
|
+
|
|
|
+ /* Validate parameter. */
|
|
|
+ if (a == NULL) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret > 0) {
|
|
|
+ /* Create a big number from the DER encoding. */
|
|
|
+ bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL);
|
|
|
+ if (bn == NULL) {
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret > 0) {
|
|
|
+ /* Get the big number as a word. */
|
|
|
+ ret = wolfSSL_BN_get_word(bn);
|
|
|
+ /* Negate number of ASN.1 INTEGER was negative. */
|
|
|
+ if (a->negative == 1) {
|
|
|
+ ret = -ret;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Dispose of big number as no longer needed. */
|
|
|
+ if (bn != NULL) {
|
|
|
+ wolfSSL_BN_free(bn);
|
|
|
+ }
|
|
|
+
|
|
|
+ WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_get", (int)ret);
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+/* Sets the value of the ASN.1 INTEGER object to the long value.
|
|
|
+ *
|
|
|
+ * @param [in, out] a ASN.1 INTEGER object.
|
|
|
+ * @param [in] v Value to set.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when a is NULL.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ byte j;
|
|
|
+ unsigned int i = 0;
|
|
|
+ byte tmp[sizeof(long)];
|
|
|
+ byte pad = 0;
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if (a == NULL) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ wolfssl_asn1_integer_reset_data(a);
|
|
|
+
|
|
|
+ /* Check for negative. */
|
|
|
+ if (v < 0) {
|
|
|
+ /* Set negative and 2's complement the value. */
|
|
|
+ a->negative = 1;
|
|
|
+ a->type |= V_ASN1_NEG;
|
|
|
+ v = -v;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Put value into temporary buffer - at least one byte encoded. */
|
|
|
+ tmp[0] = (byte)(v & 0xff);
|
|
|
+ v >>= 8;
|
|
|
+ for (j = 1; j < (byte)sizeof(long); j++) {
|
|
|
+ if (v == 0) {
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ tmp[j] = (byte)(v & 0xff);
|
|
|
+ v >>= 8;
|
|
|
+ }
|
|
|
+ /* Pad with 0x00 to indicate positive number when top bit set. */
|
|
|
+ if ((!a->negative) && (tmp[j-1] & 0x80)) {
|
|
|
+ pad = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Set tag. */
|
|
|
+ a->data[i++] = ASN_INTEGER;
|
|
|
+ /* Set length of encoded value. */
|
|
|
+ a->data[i++] = pad + j;
|
|
|
+ /* Set length of DER encoding. +2 for tag and length */
|
|
|
+ a->length = 2 + pad + j;
|
|
|
+
|
|
|
+ /* Add pad byte if required. */
|
|
|
+ if (pad == 1) {
|
|
|
+ a->data[i++] = 0;
|
|
|
+ }
|
|
|
+ /* Copy in data. */
|
|
|
+ for (; j > 0; j--) {
|
|
|
+ a->data[i++] = tmp[j-1];
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_OBJECT APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#if !defined(NO_ASN)
|
|
|
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
|
|
+/* Create a new ASN.1 OBJECT_ID object.
|
|
|
+ *
|
|
|
+ * @return ASN.1 OBJECT_ID object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_OBJECT* obj;
|
|
|
+
|
|
|
+ /* Allocate memory for new ASN.1 OBJECT. */
|
|
|
+ obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,
|
|
|
+ DYNAMIC_TYPE_ASN1);
|
|
|
+ if (obj != NULL) {
|
|
|
+ XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
|
|
|
+ /* Setup pointers. */
|
|
|
+ obj->d.ia5 = &(obj->d.ia5_internal);
|
|
|
+ #if defined(OPENSSL_ALL)
|
|
|
+ obj->d.iPAddress = &(obj->d.iPAddress_internal);
|
|
|
+ #endif
|
|
|
+ /* Object was allocated. */
|
|
|
+ obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
|
|
|
+ }
|
|
|
+
|
|
|
+ return obj;
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of any ASN.1 OBJECT_ID dynamically allocated data.
|
|
|
+ *
|
|
|
+ * Do not use obj after calling this function.
|
|
|
+ *
|
|
|
+ * @param [in, out] obj ASN.1 OBJECT_ID object.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
|
|
|
+{
|
|
|
+ if (obj != NULL) {
|
|
|
+ /* Check for dynamically allocated copy of encoded data. */
|
|
|
+ if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) {
|
|
|
+ #ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_MSG("Freeing ASN1 data");
|
|
|
+ #endif
|
|
|
+ XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
|
|
|
+ obj->obj = NULL;
|
|
|
+ }
|
|
|
+ #if defined(OPENSSL_EXTRA)
|
|
|
+ /* Check for path length ASN.1 INTEGER - X.509 extension. */
|
|
|
+ if (obj->pathlen != NULL) {
|
|
|
+ wolfSSL_ASN1_INTEGER_free(obj->pathlen);
|
|
|
+ obj->pathlen = NULL;
|
|
|
+ }
|
|
|
+ #endif
|
|
|
+ /* Check whether object was dynamically allocated. */
|
|
|
+ if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
|
|
|
+ #ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_MSG("Freeing ASN1 OBJECT");
|
|
|
+ #endif
|
|
|
+ XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+/* Duplicate the ASN.1 OBJECT_ID object.
|
|
|
+ *
|
|
|
+ * @param [in] obj ASN.1 OBJECT_ID object to copy.
|
|
|
+ * @return New ASN.1 OBJECT_ID object on success.
|
|
|
+ * @return NULL when obj is NULL or dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_OBJECT* dupl = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_OBJECT_dup");
|
|
|
+
|
|
|
+ /* Validate parameter. */
|
|
|
+ if (obj == NULL) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ }
|
|
|
+ /* Create a new ASN.1 OBJECT_ID object to return. */
|
|
|
+ else if ((dupl = wolfSSL_ASN1_OBJECT_new()) == NULL) {
|
|
|
+ WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
|
|
|
+ }
|
|
|
+ if (dupl != NULL) {
|
|
|
+ /* Copy short name. */
|
|
|
+ XMEMCPY(dupl->sName, obj->sName, WOLFSSL_MAX_SNAME);
|
|
|
+ /* Copy simple fields. */
|
|
|
+ dupl->type = obj->type;
|
|
|
+ dupl->grp = obj->grp;
|
|
|
+ dupl->nid = obj->nid;
|
|
|
+ dupl->objSz = obj->objSz;
|
|
|
+ /* Check for encoding. */
|
|
|
+ if (obj->obj) {
|
|
|
+ /* Allocate memory for ASN.1 OBJECT_ID DER encoding. */
|
|
|
+ dupl->obj = (const unsigned char*)XMALLOC(obj->objSz, NULL,
|
|
|
+ DYNAMIC_TYPE_ASN1);
|
|
|
+ if (dupl->obj == NULL) {
|
|
|
+ WOLFSSL_MSG("ASN1 obj malloc error");
|
|
|
+ wolfSSL_ASN1_OBJECT_free(dupl);
|
|
|
+ dupl = NULL;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Encoding buffer was dynamically allocated. */
|
|
|
+ dupl->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
|
|
|
+ /* Copy DER encoding. */
|
|
|
+ XMEMCPY((byte*)dupl->obj, obj->obj, obj->objSz);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return dupl;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
|
|
+#endif /* !NO_ASN */
|
|
|
+
|
|
|
+#ifdef OPENSSL_EXTRA
|
|
|
+
|
|
|
+/**
|
|
|
+ * Parse DER encoding and return header information.
|
|
|
+ *
|
|
|
+ * *in is moved to the value of the ASN1 object
|
|
|
+ *
|
|
|
+ * @param [in, out] in Pointer to BER encoded data.
|
|
|
+ * @param [out] len Length of parsed ASN1 object
|
|
|
+ * @param [out] tag Tag value of parsed ASN1 object
|
|
|
+ * @param [out] cls Class of parsed ASN1 object
|
|
|
+ * @param [in] inLen Length of *in buffer
|
|
|
+ * @return int Depends on which bits are set in the returned int:
|
|
|
+ * 0x80 an error occurred during parsing.
|
|
|
+ * 0x20 parsed object is constructed.
|
|
|
+ * 0x01 the parsed object length is indefinite.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
|
|
|
+ int *cls, long inLen)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ word32 inOutIdx = 0;
|
|
|
+ int l = 0;
|
|
|
+ byte t = 0;
|
|
|
+ int ret = 0x80;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_get_object");
|
|
|
+
|
|
|
+ if ((in == NULL) || (*in == NULL) || (len == NULL) || (tag == NULL) ||
|
|
|
+ (cls == NULL) || (inLen <= 0)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ if (!err) {
|
|
|
+ /* Length at least 1, parameters valid - cannot fail to get tag. */
|
|
|
+ GetASNTag(*in, &inOutIdx, &t, (word32)inLen);
|
|
|
+ /* Get length in DER encoding. */
|
|
|
+ if (GetLength_ex(*in, &inOutIdx, &l, (word32)inLen, 0) < 0) {
|
|
|
+ WOLFSSL_MSG("GetLength error");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (!err) {
|
|
|
+ /* Return header information. */
|
|
|
+ *tag = t & ASN_TYPE_MASK; /* Tag number is 5 lsb */
|
|
|
+ *cls = t & ASN_CLASS_MASK; /* Class is 2 msb */
|
|
|
+ *len = l;
|
|
|
+ ret = t & ASN_CONSTRUCTED;
|
|
|
+
|
|
|
+ if (l > (int)(inLen - inOutIdx)) {
|
|
|
+ /* Still return other values but indicate error in msb */
|
|
|
+ ret |= 0x80;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Move pointer to after DER header. */
|
|
|
+ *in += inOutIdx;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Creates and ASN.1 OBJECT_ID object from DER encoding.
|
|
|
+ *
|
|
|
+ * @param [out] a Pointer to return new ASN.1 OBJECT_ID through.
|
|
|
+ * @param [in, out] der Pointer to buffer holding DER encoding.
|
|
|
+ * @param [in] length Length of DER encoding in bytes.
|
|
|
+ * @return New ASN.1 OBJECT_ID object on success.
|
|
|
+ * @return NULL when der or *der is NULL or length is less than or equal zero.
|
|
|
+ * @return NULL when not an OBJECT_ID or decoding fails.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
|
|
|
+ const unsigned char **der, long length)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_OBJECT* ret = NULL;
|
|
|
+ int err = 0;
|
|
|
+ const unsigned char *d;
|
|
|
+ long len = 0;
|
|
|
+ int tag = 0;
|
|
|
+ int cls;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((der == NULL) || (*der == NULL) || (length <= 0)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ if (!err) {
|
|
|
+ /* Get pointer to be modified along the way. */
|
|
|
+ d = *der;
|
|
|
+
|
|
|
+ /* Move d to value and get length and tag. */
|
|
|
+ if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) {
|
|
|
+ WOLFSSL_MSG("wolfSSL_ASN1_get_object error");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Check it DER encoding is of an OBJECT_ID. */
|
|
|
+ if ((!err) && (tag != ASN_OBJECT_ID)) {
|
|
|
+ WOLFSSL_MSG("Not an ASN object");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ /* Create an ASN.1 OBJECT_ID_object from value. TODO: not DER encoding? */
|
|
|
+ if ((!err) && ((ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len)) != NULL)) {
|
|
|
+ /* Update pointer to after decoded bytes. */
|
|
|
+ *der = d;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Write out DER encoding of ASN.1 OBJECT_ID.
|
|
|
+ *
|
|
|
+ * When pp is NULL, length is returned.
|
|
|
+ * When pp points to NULL, a new buffer is allocated and returned through pp.
|
|
|
+ * When pp points to a buffer, it is moved on past encoded data on success.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 OBJECT_ID object.
|
|
|
+ * @param [in, out] pp Pointer to buffer to write to. May be NULL.
|
|
|
+ * @return Length of encoding on success.
|
|
|
+ * @return 0 when a or encoding buffer is NULL.
|
|
|
+ * @return 0 when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
|
|
|
+{
|
|
|
+ int len = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OBJECT");
|
|
|
+
|
|
|
+ /* Validate parameters */
|
|
|
+ if ((a == NULL) || (a->obj == NULL)) {
|
|
|
+ WOLFSSL_MSG("Bad parameters");
|
|
|
+ }
|
|
|
+ /* Only return length when no pointer supplied. */
|
|
|
+ else if (pp == NULL) {
|
|
|
+ len = (int)a->objSz;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ byte *p = NULL;
|
|
|
+
|
|
|
+ /* Check if we have a buffer to encode into. */
|
|
|
+ if (*pp == NULL) {
|
|
|
+ /* Allocate a new buffer to return. */
|
|
|
+ p = (byte*)XMALLOC(a->objSz, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (p == NULL) {
|
|
|
+ WOLFSSL_MSG("Bad malloc");
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Return allocated buffer. */
|
|
|
+ *pp = p;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check we have a buffer to encode into. */
|
|
|
+ if (*pp != NULL) {
|
|
|
+ /* Copy in DER encoding. */
|
|
|
+ XMEMCPY(*pp, a->obj, a->objSz);
|
|
|
+ /* Move on pointer if user supplied. */
|
|
|
+ if (p == NULL) {
|
|
|
+ *pp += a->objSz;
|
|
|
+ }
|
|
|
+ /* Return length of DER encoding. */
|
|
|
+ len = a->objSz;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Create an ASN.1 OBJECT_ID object from the content octets.
|
|
|
+ *
|
|
|
+ * @param [out] a Pointer to return ASN.1 OBJECT_ID object.
|
|
|
+ * @param [in, out] pp Pointer to buffer holding content octets.
|
|
|
+ * @param [in] len Length of content octets in bytes.
|
|
|
+ * @return New ASN.1 OBJECT_ID object on success.
|
|
|
+ * @return NULL when pp or *pp is NULL or length is less than or equal zero.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
|
|
|
+ const unsigned char **pp, long len)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ WOLFSSL_ASN1_OBJECT* ret = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((pp == NULL) || (*pp == NULL) || (len <= 0)) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Create a new ASN.1 OBJECT_ID object. */
|
|
|
+ if ((!err) && ((ret = wolfSSL_ASN1_OBJECT_new()) == NULL)) {
|
|
|
+ WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!err) {
|
|
|
+ /* Allocate memory for content octets. */
|
|
|
+ ret->obj = (const unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
|
|
|
+ if (ret->obj == NULL) {
|
|
|
+ WOLFSSL_MSG("error allocating asn data memory");
|
|
|
+ wolfSSL_ASN1_OBJECT_free(ret);
|
|
|
+ ret = NULL;
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!err) {
|
|
|
+ /* Content octets buffer was dynamically allocated. */
|
|
|
+ ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
|
|
|
+ /* Copy in content octets and set size. */
|
|
|
+ XMEMCPY((byte*)ret->obj, *pp, len);
|
|
|
+ ret->objSz = (unsigned int)len;
|
|
|
+
|
|
|
+ /* Move pointer to after data copied out. */
|
|
|
+ *pp += len;
|
|
|
+ /* Return ASN.1 OBJECT_ID object through a if required. */
|
|
|
+ if (a != NULL) {
|
|
|
+ *a = ret;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Write at most buf_len bytes of textual representation of ASN.1 OBJECT_ID.
|
|
|
+ *
|
|
|
+ * @param [in, out] buf Buffer to write to.
|
|
|
+ * @param [in] buf_len Length of buffer in bytes.
|
|
|
+ * @param [in] a ASN.1 OBJECT_ID object.
|
|
|
+ * @return Number of bytes written on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
|
|
|
+{
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2t_ASN1_OBJECT");
|
|
|
+
|
|
|
+ return wolfSSL_OBJ_obj2txt(buf, buf_len, a, 0);
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_BIO
|
|
|
+/* Write out the text encoding of the ASN.1 OBJECT_ID.
|
|
|
+ *
|
|
|
+ * @param [in] bp BIO to write to.
|
|
|
+ * @param [in] a ASN.1 OBJECT_ID object.
|
|
|
+ * @return Number of bytes written on success.
|
|
|
+ * @return 0 on failure.
|
|
|
+ */
|
|
|
+int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
|
|
|
+{
|
|
|
+ int done = 0;
|
|
|
+ int length = 0;
|
|
|
+ int cLen = 0;
|
|
|
+ word32 idx = 0;
|
|
|
+ const char null_str[] = "NULL";
|
|
|
+ const char invalid_str[] = "<INVALID>";
|
|
|
+ char buf[80];
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2a_ASN1_OBJECT");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if (bp == NULL) {
|
|
|
+ done = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* NULL object is written as "NULL". */
|
|
|
+ if ((!done) && (a == NULL)) {
|
|
|
+ /* Write "NULL" - as done in OpenSSL. */
|
|
|
+ length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str));
|
|
|
+ done = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Try getting text version and write it out. */
|
|
|
+ if ((!done) && ((length = i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0)) {
|
|
|
+ length = wolfSSL_BIO_write(bp, buf, length);
|
|
|
+ done = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Look for DER header. */
|
|
|
+ if ((!done) && ((a->obj == NULL) || (a->obj[idx++] != ASN_OBJECT_ID))) {
|
|
|
+ WOLFSSL_MSG("Bad ASN1 Object");
|
|
|
+ done = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Get length from DER header. */
|
|
|
+ if ((!done) && (GetLength((const byte*)a->obj, &idx, &cLen, a->objSz) < 0))
|
|
|
+ {
|
|
|
+ length = 0;
|
|
|
+ done = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!done) {
|
|
|
+ /* Write out "<INVALID>" and dump content. */
|
|
|
+ length = wolfSSL_BIO_write(bp, invalid_str, (int)XSTRLEN(invalid_str));
|
|
|
+ length += wolfSSL_BIO_dump(bp, (const char*)(a->obj + idx), cLen);
|
|
|
+ }
|
|
|
+
|
|
|
+ return length;
|
|
|
+}
|
|
|
+#endif /* !NO_BIO */
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_SK_OBJECT APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
|
|
|
+/* Create a new WOLFSSL_ASN1_OBJECT stack.
|
|
|
+ *
|
|
|
+ * @return New WOLFSSL_ASN1_OBJECT stack on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ENTER("wolfSSL_sk_new_asn1_obj");
|
|
|
+
|
|
|
+ return wolfssl_sk_new_type(STACK_TYPE_OBJ);
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of WOLFSL_ASN1_OBJECT stack.
|
|
|
+ *
|
|
|
+ * @param [in, out] sk Stack to free nodes in.
|
|
|
+ */
|
|
|
+void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
|
|
|
+{
|
|
|
+ /* Dispose of stack. */
|
|
|
+ wolfSSL_sk_free(sk);
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of all ASN.1 OBJECT_ID objects in ASN1_OBJECT stack.
|
|
|
+ *
|
|
|
+ * This is different then wolfSSL_ASN1_OBJECT_free in that it allows for
|
|
|
+ * choosing the function to use when freeing an ASN1_OBJECT stack.
|
|
|
+ *
|
|
|
+ * @param [in, out] sk ASN.1 OBJECT_ID stack to free.
|
|
|
+ * @param [in] f Free function to apply to each ASN.1 OBJECT_ID object.
|
|
|
+ */
|
|
|
+void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
|
|
|
+ void (*f) (WOLFSSL_ASN1_OBJECT*))
|
|
|
+{
|
|
|
+ WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_pop_free");
|
|
|
+ wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
|
|
|
+}
|
|
|
+
|
|
|
+/* Push a WOLFSSL_ASN1_OBJECT onto stack.
|
|
|
+ *
|
|
|
+ * @param [in, out] sk ASN.1 OBJECT_ID stack.
|
|
|
+ * @param [in] obj ASN.1 OBJECT_ID object to push on. Cannot be NULL.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when sk or obj is NULL.
|
|
|
+ * @return 0 when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
|
|
|
+ WOLFSSL_ASN1_OBJECT* obj)
|
|
|
+{
|
|
|
+ int ret = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
|
|
|
+
|
|
|
+ /* Push on when we have a stack and object to work with. */
|
|
|
+ if ((sk != NULL) && (obj != NULL)) {
|
|
|
+ ret = wolfSSL_sk_push(sk, obj);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Pop off a WOLFSSL_ASN1_OBJECT from the stack.
|
|
|
+ *
|
|
|
+ * @param [in, out] sk ASN.1 OBJECT_ID stack.
|
|
|
+ * @return ASN.1 OBJECT_ID object on success.
|
|
|
+ * @return NULL when stack is NULL or no nodes left in stack.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
|
|
|
+ WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
|
|
|
+{
|
|
|
+ return (WOLFSSL_ASN1_OBJECT*)wolfssl_sk_pop_type(sk, STACK_TYPE_OBJ);
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA && !NO_ASN */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_STRING APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
|
|
+
|
|
|
+/* Create a new ASN.1 STRING object.
|
|
|
+ *
|
|
|
+ * @return New ASN.1 STRING object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_STRING* asn1;
|
|
|
+
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
|
|
|
+#endif
|
|
|
+
|
|
|
+ asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
|
|
|
+ DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (asn1 != NULL) {
|
|
|
+ XMEMSET(asn1, 0, sizeof(WOLFSSL_ASN1_STRING));
|
|
|
+ }
|
|
|
+
|
|
|
+ return asn1;
|
|
|
+}
|
|
|
+
|
|
|
+/* Create a new ASN.1 STRING object.
|
|
|
+ *
|
|
|
+ * @param [in] type Encoding type.
|
|
|
+ * @return New ASN.1 STRING object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_STRING* asn1;
|
|
|
+
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
|
|
|
+#endif
|
|
|
+
|
|
|
+ asn1 = wolfSSL_ASN1_STRING_new();
|
|
|
+ if (asn1 != NULL) {
|
|
|
+ asn1->type = type;
|
|
|
+ }
|
|
|
+
|
|
|
+ return asn1;
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of ASN.1 STRING object.
|
|
|
+ *
|
|
|
+ * @param [in, out] asn1 ASN.1 STRING object.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
|
|
|
+{
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
|
|
|
+#endif
|
|
|
+
|
|
|
+ /* Check we have an object to free. */
|
|
|
+ if (asn1 != NULL) {
|
|
|
+ /* Dispose of dynamic data. */
|
|
|
+ if ((asn1->length > 0) && asn1->isDynamic) {
|
|
|
+ XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Dispose of ASN.1 STRING object. */
|
|
|
+ XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+}
|
|
|
+
|
|
|
+/* Copy an ASN.1 STRING object from src into dest.
|
|
|
+ *
|
|
|
+ * @param [in, out] dest ASN.1 STRING object to copy into.
|
|
|
+ * @param [in] src ASN.1 STRING object to copy from.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dest,
|
|
|
+ const WOLFSSL_ASN1_STRING* src)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((src == NULL) || (dest == NULL)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Set the DER encoding. */
|
|
|
+ if ((ret == 1) && (wolfSSL_ASN1_STRING_set(dest, src->data, src->length) !=
|
|
|
+ 1)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Copy simple fields. */
|
|
|
+ dest->type = src->type;
|
|
|
+ dest->flags = src->flags;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Duplicate an ASN.1 STRING object.
|
|
|
+ *
|
|
|
+ * @param [in] asn1 ASN.1 STRING object to duplicate.
|
|
|
+ * @return New ASN.1 STRING object on success.
|
|
|
+ * @return NULL when asn1 is NULL or dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_STRING* dupl = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_dup");
|
|
|
+
|
|
|
+ /* Check we have an object to duplicate. */
|
|
|
+ if (asn1 == NULL) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Create a new ASN.1 STRING object. */
|
|
|
+ dupl = wolfSSL_ASN1_STRING_new();
|
|
|
+ if (dupl == NULL) {
|
|
|
+ WOLFSSL_MSG("wolfSSL_ASN1_STRING_new error");
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (dupl != NULL) {
|
|
|
+ /* Copy the contents. */
|
|
|
+ if (wolfSSL_ASN1_STRING_copy(dupl, asn1) != 1) {
|
|
|
+ WOLFSSL_MSG("wolfSSL_ASN1_STRING_copy error");
|
|
|
+ /* Dispose of duplicate and return NULL. */
|
|
|
+ wolfSSL_ASN1_STRING_free(dupl);
|
|
|
+ dupl = NULL;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return dupl;
|
|
|
+}
|
|
|
+
|
|
|
+/* Compare two ASN.1 STRING objects.
|
|
|
+ *
|
|
|
+ * Compares type when data the same.
|
|
|
+ *
|
|
|
+ * @param [in] a First ASN.1 STRING object.
|
|
|
+ * @param [in] b Second ASN.1 STRING object.
|
|
|
+ * @return Negative value when a is less than b.
|
|
|
+ * @return 0 when a equals b.
|
|
|
+ * @return Positive value when a is greater than b.
|
|
|
+ * @return -1 when a or b is NULL.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
|
|
|
+ const WOLFSSL_ASN1_STRING *b)
|
|
|
+{
|
|
|
+ int ret;
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_cmp");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((a == NULL) || (b == NULL)) {
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ /* Compare length of data. */
|
|
|
+ else if (a->length != b->length) {
|
|
|
+ ret = a->length - b->length;
|
|
|
+ }
|
|
|
+ /* Compare data. */
|
|
|
+ else if ((ret = XMEMCMP(a->data, b->data, a->length)) == 0) {
|
|
|
+ /* Compare ASN.1 types - wolfSSL_ASN1_STRING_type_new(). */
|
|
|
+ ret = a->type - b->type;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA)
|
|
|
+#if !defined(NO_CERTS)
|
|
|
+#ifndef NO_WOLFSSL_STUB
|
|
|
+WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn,
|
|
|
+ const unsigned char **in, long len)
|
|
|
+{
|
|
|
+ WOLFSSL_STUB("d2i_DISPLAYTEXT");
|
|
|
+ (void)asn;
|
|
|
+ (void)in;
|
|
|
+ (void)len;
|
|
|
+ return NULL;
|
|
|
+}
|
|
|
+#endif
|
|
|
+#endif /* !NO_CERTS */
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+#ifndef NO_ASN
|
|
|
+#if defined(OPENSSL_EXTRA)
|
|
|
+/* Convert ASN.1 STRING that is UniversalString type to PrintableString type.
|
|
|
+ *
|
|
|
+ * @param [in, out] s ASN.1 STRING object to convert.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when s is NULL.
|
|
|
+ * @return 0 when type is not UniversalString or string is not of that format.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ char* p;
|
|
|
+ char* copy;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_UNIVERSALSTRING_to_string");
|
|
|
+
|
|
|
+ /* Validate parameter. */
|
|
|
+ if (s == NULL) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check type of ASN.1 STRING. */
|
|
|
+ if ((ret == 1) && (s->type != V_ASN1_UNIVERSALSTRING)) {
|
|
|
+ WOLFSSL_MSG("Input is not a universal string");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check length is indicative of UNIVERSAL_STRING. */
|
|
|
+ if ((ret == 1) && ((s->length % 4) != 0)) {
|
|
|
+ WOLFSSL_MSG("Input string must be divisible by 4");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Ensure each UniversalString character looks right. */
|
|
|
+ for (p = s->data; p < s->data + s->length; p += 4)
|
|
|
+ if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
|
|
|
+ break;
|
|
|
+ /* Check whether we failed loop early. */
|
|
|
+ if (p != s->data + s->length) {
|
|
|
+ WOLFSSL_MSG("Wrong string format");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Strip first three bytes of each four byte character. */
|
|
|
+ for (copy = p = s->data; p < s->data + s->length; p += 4) {
|
|
|
+ *copy++ = p[3];
|
|
|
+ }
|
|
|
+ /* Place NUL on end. */
|
|
|
+ *copy = '\0';
|
|
|
+ /* Update length and type. */
|
|
|
+ s->length /= 4;
|
|
|
+ s->type = V_ASN1_PRINTABLESTRING;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
|
|
+/* Convert ASN.1 STRING to UTF8 encoding.
|
|
|
+ *
|
|
|
+ * Assumes stored encoding is UTF8.
|
|
|
+ * Returned buffer should be freed using OPENSSL_free().
|
|
|
+ *
|
|
|
+ * @param [out] out Pointer to return allocated string.
|
|
|
+ * @param [in] asn1 ASN.1 STRING object.
|
|
|
+ * @return Length of string, excluding NUL, on success.
|
|
|
+ * @return -1 when out or asn1 is NULL.
|
|
|
+ * @return -1 when no data to return.
|
|
|
+ * @return -1 dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
|
|
|
+{
|
|
|
+ unsigned char* buf = NULL;
|
|
|
+ unsigned char* data = NULL;
|
|
|
+ int len = -1;
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((out != NULL) && (asn1 != NULL)) {
|
|
|
+ /* Get data and length. */
|
|
|
+ data = wolfSSL_ASN1_STRING_data(asn1);
|
|
|
+ len = wolfSSL_ASN1_STRING_length(asn1);
|
|
|
+ /* Check data and length are usable. */
|
|
|
+ if ((data == NULL) || (len < 0)) {
|
|
|
+ len = -1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (len != -1) {
|
|
|
+ /* Allocate buffer to hold string and NUL. */
|
|
|
+ buf = (unsigned char*)XMALLOC(len + 1, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (buf == NULL) {
|
|
|
+ len = -1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (len != -1) {
|
|
|
+ /* Copy in string - NUL always put on end of stored string. */
|
|
|
+ XMEMCPY(buf, data, len + 1);
|
|
|
+ /* Return buffer. */
|
|
|
+ *out = buf;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA)
|
|
|
+
|
|
|
+/* Encode ASN.1 STRING data as hex digits separated by colon.
|
|
|
+ *
|
|
|
+ * Assumes length is greater than 0.
|
|
|
+ *
|
|
|
+ * @param [in] s ASN.1 STRING object.
|
|
|
+ * @return Buffer cotaining string representation on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ * @return NULL when encoding a character as hex fails.
|
|
|
+ */
|
|
|
+static char* wolfssl_asn1_string_to_hex_chars(const WOLFSSL_ASN1_STRING *s)
|
|
|
+{
|
|
|
+ char* tmp;
|
|
|
+ int tmpSz = s->length * 3;
|
|
|
+
|
|
|
+ tmp = (char*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
+ if (tmp == NULL) {
|
|
|
+ WOLFSSL_MSG("Memory Error");
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ int i;
|
|
|
+ unsigned char* str = (unsigned char*)s->data;
|
|
|
+
|
|
|
+ /* Put out all but last character as a hex digit with ':'. */
|
|
|
+ for (i = 0; i < s->length; i++) {
|
|
|
+ /* Put in hex digit string at end of tmp. */
|
|
|
+ ByteToHexStr(str[i], tmp + i * 3);
|
|
|
+ /* Check not last character. */
|
|
|
+ if (i < s->length - 1) {
|
|
|
+ /* Put in separator: ':'. */
|
|
|
+ tmp[i * 3 + 2] = ':';
|
|
|
+ }
|
|
|
+ /* Last character. */
|
|
|
+ else {
|
|
|
+ /* Put in NUL to terminate string. */
|
|
|
+ tmp[i * 3 + 2] = '\0';
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return tmp;
|
|
|
+}
|
|
|
+
|
|
|
+/* Create a string encoding of ASN.1 STRING object.
|
|
|
+ *
|
|
|
+ * @param [in] method Method table. Unused.
|
|
|
+ * @param [in] s ASN.1 STRING object.
|
|
|
+ * @return Buffer containing string representation on success.
|
|
|
+ * @return NULL when s or data is NULL.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ * @return NULL when encoding a character as hex fails.
|
|
|
+ */
|
|
|
+char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
|
|
|
+ const WOLFSSL_ASN1_STRING *s)
|
|
|
+{
|
|
|
+ char* ret = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_i2s_ASN1_STRING");
|
|
|
+ (void)method;
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((s == NULL) || (s->data == NULL)) {
|
|
|
+ WOLFSSL_MSG("Bad Function Argument");
|
|
|
+ }
|
|
|
+ /* Handle 0 length data separately. */
|
|
|
+ else if (s->length == 0) {
|
|
|
+ ret = XMALLOC(1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
|
|
|
+ if (ret != NULL) {
|
|
|
+ ret[0] = '\0';
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Convert unreadable strings to hexdecimal. */
|
|
|
+ ret = wolfssl_asn1_string_to_hex_chars(s);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+#endif /* NO_ASN */
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
|
|
|
+/* Get the type of encoding.
|
|
|
+ *
|
|
|
+ * @param [in] asn1 ASN.1 STRING object.
|
|
|
+ * @return Encoding type on success.
|
|
|
+ * @return 0 when asn1 is NULL or no encoding set.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
|
|
|
+{
|
|
|
+ int type = 0;
|
|
|
+
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
|
|
|
+#endif
|
|
|
+
|
|
|
+ if (asn1 != NULL) {
|
|
|
+ type = asn1->type;
|
|
|
+ }
|
|
|
+
|
|
|
+ return type;
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_CERTS
|
|
|
+/* Get the pointer that is the data.
|
|
|
+ *
|
|
|
+ * @param [in] asn ASN.1 STRING object.
|
|
|
+ * @return Buffer with string on success.
|
|
|
+ * @return NULL when asn is NULL or no data set.
|
|
|
+ */
|
|
|
+const unsigned char* wolfSSL_ASN1_STRING_get0_data(
|
|
|
+ const WOLFSSL_ASN1_STRING* asn)
|
|
|
+{
|
|
|
+ char* data = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_get0_data");
|
|
|
+
|
|
|
+ if (asn != NULL) {
|
|
|
+ data = asn->data;
|
|
|
+ }
|
|
|
+
|
|
|
+ return (const unsigned char*)data;
|
|
|
+}
|
|
|
+
|
|
|
+/* Get the pointer that is the data.
|
|
|
+ *
|
|
|
+ * @param [in] asn ASN.1 STRING object.
|
|
|
+ * @return Buffer with string on success.
|
|
|
+ * @return NULL when asn is NULL or no data set.
|
|
|
+ */
|
|
|
+unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
|
|
|
+{
|
|
|
+ char* data = NULL;
|
|
|
+
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
|
|
|
+#endif
|
|
|
+
|
|
|
+ if (asn != NULL) {
|
|
|
+ data = asn->data;
|
|
|
+ }
|
|
|
+
|
|
|
+ return (unsigned char*)data;
|
|
|
+}
|
|
|
+
|
|
|
+/* Get the length of the data.
|
|
|
+ *
|
|
|
+ * @param [in] asn ASN.1 STRING object.
|
|
|
+ * @return String length on success.
|
|
|
+ * @return 0 when asn is NULL or no data set.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
|
|
|
+{
|
|
|
+ int len = 0;
|
|
|
+
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
|
|
|
+#endif
|
|
|
+
|
|
|
+ if (asn) {
|
|
|
+ len = asn->length;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+#endif /* !NO_CERTS */
|
|
|
+
|
|
|
+/* Set the string data.
|
|
|
+ *
|
|
|
+ * When sz is less than 0, the string length will be calculated using XSTRLEN.
|
|
|
+ *
|
|
|
+ * @param [in, out] asn1 ASN.1 STRING object.
|
|
|
+ * @param [in] data String data to set.
|
|
|
+ * @param [in] sz Length of data to set in bytes.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when asn1 is NULL or data is NULL and sz is not zero.
|
|
|
+ * @return 0 when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int sz)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+#ifdef WOLFSSL_DEBUG_OPENSSL
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
|
|
|
+#endif
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((asn1 == NULL) || ((data == NULL) && (sz != 0))) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Calculate size from data if not passed in. */
|
|
|
+ if ((ret == 1) && (sz < 0)) {
|
|
|
+ sz = (int)XSTRLEN((const char*)data);
|
|
|
+ if (sz < 0) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Dispose of any existing dynamic data. */
|
|
|
+ if (asn1->isDynamic) {
|
|
|
+ XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ asn1->data = NULL;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check string will fit - including NUL. */
|
|
|
+ if (sz + 1 > CTC_NAME_SIZE) {
|
|
|
+ /* Allocate new buffer. */
|
|
|
+ asn1->data = (char*)XMALLOC(sz + 1, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (asn1->data == NULL) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Ensure buffer will be freed. */
|
|
|
+ asn1->isDynamic = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Clear out fixed array and use it for data. */
|
|
|
+ XMEMSET(asn1->strData, 0, CTC_NAME_SIZE);
|
|
|
+ asn1->data = asn1->strData;
|
|
|
+ asn1->isDynamic = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Check if there is a string to copy. */
|
|
|
+ if (data != NULL) {
|
|
|
+ /* Copy string and append NUL. */
|
|
|
+ XMEMCPY(asn1->data, data, sz);
|
|
|
+ asn1->data[sz] = '\0';
|
|
|
+ }
|
|
|
+ /* Set size of string. */
|
|
|
+ asn1->length = sz;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
|
|
|
+
|
|
|
+#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
|
|
|
+ !defined(WOLFCRYPT_ONLY)
|
|
|
+#ifndef NO_CERTS
|
|
|
+
|
|
|
+/* Make a UTF8 canonical version of ASN.1 STRING object's data.
|
|
|
+ *
|
|
|
+ * @param [in, out] asn ASN.1 STRING to set.
|
|
|
+ */
|
|
|
+static void wolfssl_asn1_string_canonicalize(WOLFSSL_ASN1_STRING* asn)
|
|
|
+{
|
|
|
+ char* src = asn->data;
|
|
|
+ char* p = asn->data + asn->length - 1;
|
|
|
+ int len = asn->length;
|
|
|
+ int i;
|
|
|
+
|
|
|
+ /* Trim whitespace from the tail. */
|
|
|
+ for (; (len > 0) && (XISSPACE((unsigned char)*p)); len--) {
|
|
|
+ p--;
|
|
|
+ }
|
|
|
+ if (len > 0) {
|
|
|
+ /* Trim whitespace from the head. */
|
|
|
+ for (; XISSPACE((unsigned char)*src); len--) {
|
|
|
+ src++;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Output at the start. */
|
|
|
+ p = asn->data;
|
|
|
+ /* Process each character in string after trim. */
|
|
|
+ for (i = 0; i < len; p++, i++) {
|
|
|
+ /* Check for non-ascii character. */
|
|
|
+ if (!XISASCII(*src)) {
|
|
|
+ /* Keep non-ascii character as-is. */
|
|
|
+ *p = *src++;
|
|
|
+ }
|
|
|
+ /* Check for whitespace. */
|
|
|
+ else if (XISSPACE((unsigned char)*src)) {
|
|
|
+ /* Only use space character for whitespace. */
|
|
|
+ *p = 0x20;
|
|
|
+ /* Skip any succeeding whitespace characters. */
|
|
|
+ while (XISSPACE((unsigned char)*++src)) {
|
|
|
+ i++;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Convert to lower case. */
|
|
|
+ *p = (char)XTOLOWER((unsigned char)*src++);
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Set actual length after canonicalization. */
|
|
|
+ asn->length = (int)(p - asn->data);
|
|
|
+}
|
|
|
+
|
|
|
+/* Make a canonical version of ASN.1 STRING object in ASN.1 STRING object.
|
|
|
+ *
|
|
|
+ * @param [in, out] asn_out ASN.1 STRING object to set.
|
|
|
+ * @param [in] asn_in ASN.1 STRING object to get data from.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return BAD_FUNC_ARG when asn_out or asn_in is NULL.
|
|
|
+ * @return 0 when no data.
|
|
|
+ * @return 0 when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
|
|
|
+ const WOLFSSL_ASN1_STRING* asn_in)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((asn_out == NULL) || (asn_in == NULL)) {
|
|
|
+ WOLFSSL_MSG("invalid function arguments");
|
|
|
+ ret = BAD_FUNC_ARG;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ switch (asn_in->type) {
|
|
|
+ case MBSTRING_UTF8:
|
|
|
+ case V_ASN1_PRINTABLESTRING:
|
|
|
+ /* Set type to UTF8. */
|
|
|
+ asn_out->type = MBSTRING_UTF8;
|
|
|
+ /* Dispose of any dynamic data already in asn_out. */
|
|
|
+ if (asn_out->isDynamic) {
|
|
|
+ XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ asn_out->data = NULL;
|
|
|
+ }
|
|
|
+ /* Make ASN.1 STRING into UTF8 buffer. */
|
|
|
+ asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
|
|
|
+ (unsigned char**)&asn_out->data,
|
|
|
+ (WOLFSSL_ASN1_STRING*)asn_in);
|
|
|
+ /* Check for error from creating UTF8 string. */
|
|
|
+ if (asn_out->length < 0) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Data now dynamic after converting to UTF8. */
|
|
|
+ asn_out->isDynamic = 1;
|
|
|
+ /* Canonicalize the data. */
|
|
|
+ wolfssl_asn1_string_canonicalize(asn_out);
|
|
|
+ if (asn_out->length == 0) {
|
|
|
+ /* Dispose of data if canonicalization removes all
|
|
|
+ * characters. */
|
|
|
+ XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+ asn_out->data = NULL;
|
|
|
+ asn_out->isDynamic = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ /* Unrecognized format - just copy. */
|
|
|
+ WOLFSSL_MSG("just copy string");
|
|
|
+ ret = wolfSSL_ASN1_STRING_copy(asn_out, asn_in);
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* !NO_CERTS */
|
|
|
+#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && !WOLFCRYPT_ONLY */
|
|
|
+
|
|
|
+#if defined(OPENSSL_EXTRA)
|
|
|
+
|
|
|
+#if !defined(NO_ASN)
|
|
|
+#ifndef NO_BIO
|
|
|
+/* Returns boolean indicating character is unprintable.
|
|
|
+ *
|
|
|
+ * @param [in] c ASCII character.
|
|
|
+ * @return 1 when character is unprintable.
|
|
|
+ * @return 0 when character is printable.
|
|
|
+ */
|
|
|
+static int wolfssl_unprintable_char(char c)
|
|
|
+{
|
|
|
+ const unsigned char last_unprintable = 31;
|
|
|
+ const unsigned char LF = 10; /* Line Feed */
|
|
|
+ const unsigned char CR = 13; /* Carriage Return */
|
|
|
+
|
|
|
+ return (c <= last_unprintable) && (c != LF) && (c != CR);
|
|
|
+}
|
|
|
+
|
|
|
+/* Print ASN.1 STRING to BIO.
|
|
|
+ *
|
|
|
+ * TODO: Unprintable characters conversion is destructive.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to print to.
|
|
|
+ * @param [in] str ASN.1 STRING to print.
|
|
|
+ * @return Length of string written on success.
|
|
|
+ * @return 0 when bio or str is NULL.
|
|
|
+ * @return 0 when writing to BIO fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str)
|
|
|
+{
|
|
|
+ int len = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_print");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bio != NULL) && (str != NULL)) {
|
|
|
+ int i;
|
|
|
+
|
|
|
+ len = str->length;
|
|
|
+ /* Convert all unprintable characters to '.'. */
|
|
|
+ for (i = 0; i < len; i++) {
|
|
|
+ if (wolfssl_unprintable_char(str->data[i])) {
|
|
|
+ str->data[i] = '.';
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Write string to BIO. */
|
|
|
+ if (wolfSSL_BIO_write(bio, str->data, len) != len) {
|
|
|
+ len = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+#endif /* !NO_BIO */
|
|
|
+#endif /* !NO_ASN */
|
|
|
+
|
|
|
+/* Get a string for the ASN.1 tag.
|
|
|
+ *
|
|
|
+ * @param [in] tag ASN.1 tag.
|
|
|
+ * @return A string.
|
|
|
+ */
|
|
|
+const char* wolfSSL_ASN1_tag2str(int tag)
|
|
|
+{
|
|
|
+ static const char *const tag_label[31] = {
|
|
|
+ "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL",
|
|
|
+ "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED",
|
|
|
+ "<ASN1 11>", "UTF8STRING", "<ASN1 13>", "<ASN1 14>", "<ASN1 15>",
|
|
|
+ "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
|
|
|
+ "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
|
|
|
+ "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING",
|
|
|
+ "<ASN1 29>", "BMPSTRING"
|
|
|
+ };
|
|
|
+ const char* str = "(unknown)";
|
|
|
+
|
|
|
+ /* Clear negative flag. */
|
|
|
+ if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) {
|
|
|
+ tag &= ~V_ASN1_NEG;
|
|
|
+ }
|
|
|
+ /* Check for known basic types. */
|
|
|
+ if ((tag >= 0) && (tag <= 30)) {
|
|
|
+ str = tag_label[tag];
|
|
|
+ }
|
|
|
+
|
|
|
+ return str;
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_BIO
|
|
|
+
|
|
|
+/* Print out ASN.1 tag for the ASN.1 STRING to the BIO.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to write to.
|
|
|
+ * @param [in] str ASN.1 STRING object.
|
|
|
+ * @return Number of characters written on success.
|
|
|
+ * @return 0 when BIO write fails.
|
|
|
+ */
|
|
|
+static int wolfssl_string_print_type(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str)
|
|
|
+{
|
|
|
+ int type_len;
|
|
|
+ const char *tag;
|
|
|
+
|
|
|
+ /* Get tag and string length. */
|
|
|
+ tag = wolfSSL_ASN1_tag2str(str->type);
|
|
|
+ type_len = (int)XSTRLEN(tag);
|
|
|
+ /* Write tag to BIO. */
|
|
|
+ if (wolfSSL_BIO_write(bio, tag, type_len) != type_len){
|
|
|
+ type_len = 0;
|
|
|
+ }
|
|
|
+ /* Write colon after tag string. */
|
|
|
+ else if (wolfSSL_BIO_write(bio, ":", 1) != 1) {
|
|
|
+ type_len = 0;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Written colon - update count. */
|
|
|
+ type_len++;
|
|
|
+ }
|
|
|
+
|
|
|
+ return type_len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Dump hex digit representation of each string character to BIO.
|
|
|
+ *
|
|
|
+ * TODO: Assumes length is only one byte ie less than 128 characters long.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to write to.
|
|
|
+ * @param [in] str ASN.1 STRING object.
|
|
|
+ * @param [in] asDer Whether to write out as a DER encoding.
|
|
|
+ * @return Number of characters written to BIO on success.
|
|
|
+ * @return -1 when writing to BIO fails.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
|
|
|
+ WOLFSSL_ASN1_STRING *str, int asDer)
|
|
|
+{
|
|
|
+ const char* hash="#";
|
|
|
+ char hex_tmp[4];
|
|
|
+ char* p;
|
|
|
+ char* end;
|
|
|
+ int str_len = 1;
|
|
|
+
|
|
|
+ /* Write out hash character to indicate hex string. */
|
|
|
+ if (wolfSSL_BIO_write(bio, hash, 1) != 1) {
|
|
|
+ str_len = -1;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Check if we are to write out DER header. */
|
|
|
+ if (asDer) {
|
|
|
+ /* Encode tag and length as hex into temporary. */
|
|
|
+ ByteToHexStr((byte)str->type, &hex_tmp[0]);
|
|
|
+ ByteToHexStr((byte)str->length, &hex_tmp[2]);
|
|
|
+ /* Update count of written characters: tag and length. */
|
|
|
+ str_len += 4;
|
|
|
+ /* Write out tag and length as hex digits. */
|
|
|
+ if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) {
|
|
|
+ str_len = -1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (str_len != -1) {
|
|
|
+ /* Calculate end of string. */
|
|
|
+ end = str->data + str->length - 1;
|
|
|
+ for (p = str->data; p <= end; p++) {
|
|
|
+ /* Encode string characther as hex into temporary. */
|
|
|
+ ByteToHexStr((byte)*p, hex_tmp);
|
|
|
+ /* Update count of written characters. */
|
|
|
+ str_len += 2;
|
|
|
+ /* Write out character as hex digites. */
|
|
|
+ if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) {
|
|
|
+ str_len = -1;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return str_len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Check whether character needs to be escaped.
|
|
|
+ *
|
|
|
+ * @param [in] c Character to check for.
|
|
|
+ * @param [in] str String to check.
|
|
|
+ * @return 1 when character found.
|
|
|
+ * @return 0 when characther not found.
|
|
|
+ */
|
|
|
+static int wolfssl_check_esc_char(char c)
|
|
|
+{
|
|
|
+ int ret = 0;
|
|
|
+ const char esc_ch[] = "+;<>\\";
|
|
|
+ const char* p = esc_ch;
|
|
|
+
|
|
|
+ /* Check if character matches any of those needing escaping. */
|
|
|
+ for (; (*p) != '\0'; p++) {
|
|
|
+ /* Check if character matches escape character. */
|
|
|
+ if (c == (*p)) {
|
|
|
+ ret = 1;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Print out string, with escaping for special characters, to BIO.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to write to.
|
|
|
+ * @param [in] str ASN.1 STRING object.
|
|
|
+ * @return Number of characters written to BIO on success.
|
|
|
+ * @return -1 when writing to BIO fails.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
|
|
|
+ WOLFSSL_ASN1_STRING *str)
|
|
|
+{
|
|
|
+ char* p;
|
|
|
+ int str_len = 0;
|
|
|
+
|
|
|
+ /* Write all of string character by character. */
|
|
|
+ for (p = str->data; (*p) != '\0'; p++) {
|
|
|
+ /* Check if character needs escaping. */
|
|
|
+ if (wolfssl_check_esc_char(*p)){
|
|
|
+ /* Update count of written characters. */
|
|
|
+ str_len++;
|
|
|
+ /* Write out escaping character. */
|
|
|
+ if (wolfSSL_BIO_write(bio,"\\", 1) != 1) {
|
|
|
+ str_len = -1;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Update count of written characters. */
|
|
|
+ str_len++;
|
|
|
+ /* Write out character. */
|
|
|
+ if (wolfSSL_BIO_write(bio, p, 1) != 1) {
|
|
|
+ str_len = -1;
|
|
|
+ break;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return str_len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Extended print ASN.1 STRING to BIO.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to print to.
|
|
|
+ * @param [in] str ASN.1 STRING to print.
|
|
|
+ * @param [in] flags Flags describing output format.
|
|
|
+ * @return Length of string written on success.
|
|
|
+ * @return 0 when bio or str is NULL.
|
|
|
+ * @return 0 when writing to BIO fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
|
|
|
+ unsigned long flags)
|
|
|
+{
|
|
|
+ int err = 0;
|
|
|
+ int str_len = -1;
|
|
|
+ int type_len = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bio == NULL) || (str == NULL)) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ /* Check if ASN.1 type is to be printed. */
|
|
|
+ if ((!err) && (flags & ASN1_STRFLGS_SHOW_TYPE)) {
|
|
|
+ /* Print type and colon to BIO. */
|
|
|
+ type_len = wolfssl_string_print_type(bio, str);
|
|
|
+ if (type_len == 0) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (!err) {
|
|
|
+ if (flags & ASN1_STRFLGS_DUMP_ALL) {
|
|
|
+ /* Dump hex. */
|
|
|
+ str_len = wolfssl_asn1_string_dump_hex(bio, str,
|
|
|
+ flags & ASN1_STRFLGS_DUMP_DER);
|
|
|
+ }
|
|
|
+ else if (flags & ASN1_STRFLGS_ESC_2253) {
|
|
|
+ /* Print out string with escaping. */
|
|
|
+ str_len = wolfssl_asn1_string_print_esc_2253(bio, str);
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Get number of characters to write. */
|
|
|
+ str_len = str->length;
|
|
|
+ /* Print out string as is. */
|
|
|
+ if (wolfSSL_BIO_write(bio, str->data, str_len) != str_len) {
|
|
|
+ err = 1;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if ((!err) && (str_len != -1)) {
|
|
|
+ /* Include any characters written for type. */
|
|
|
+ str_len += type_len;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ str_len = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return str_len;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* !NO_BIO */
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_GENERALIZEDTIME APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#ifdef OPENSSL_EXTRA
|
|
|
+
|
|
|
+/* Free the static ASN.1 GENERALIZED TIME object.
|
|
|
+ *
|
|
|
+ * Not an OpenSSL compatibility API.
|
|
|
+ *
|
|
|
+ * @param [in] asn1Time ASN.1 GENERALIZED TIME object.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
|
|
|
+{
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free");
|
|
|
+ if (asn1Time != NULL) {
|
|
|
+ XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data));
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_BIO
|
|
|
+/* Return the month as a string.
|
|
|
+ *
|
|
|
+ * Assumes n is '01'-'12'.
|
|
|
+ *
|
|
|
+ * @param [in] n The number of the month as a two characters (1 based).
|
|
|
+ * @return Month as a string.
|
|
|
+ */
|
|
|
+static WC_INLINE const char* MonthStr(const char* n)
|
|
|
+{
|
|
|
+ static const char monthStr[12][4] = {
|
|
|
+ "Jan", "Feb", "Mar", "Apr", "May", "Jun",
|
|
|
+ "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
|
|
|
+ const char* month = "BAD";
|
|
|
+ int i;
|
|
|
+
|
|
|
+ i = (n[0] - '0') * 10 + (n[1] - '0') - 1;
|
|
|
+ /* Convert string to number and index table. */
|
|
|
+ if ((i >= 0) && (i <= 12)) {
|
|
|
+ month = monthStr[i];
|
|
|
+ }
|
|
|
+
|
|
|
+ return month;
|
|
|
+}
|
|
|
+
|
|
|
+/* Print an ASN.1 GENERALIZED TIME to a BIO.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to write to.
|
|
|
+ * @param [in] asnTime ASN.1 GENERALIZED TIME object.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when ASN.1 GENERALIZED TIME type is invalid.
|
|
|
+ * @return 0 when writing to BIO fails.
|
|
|
+ * @return BAD_FUNC_ARG when bio or asnTime is NULL.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
|
|
|
+ const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ const char* p = NULL;
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_print");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bio == NULL) || (asnTime == NULL)) {
|
|
|
+ ret = BAD_FUNC_ARG;
|
|
|
+ }
|
|
|
+ /* Check type is GENERALIZED TIME. */
|
|
|
+ if ((ret == 1) && (asnTime->type != V_ASN1_GENERALIZEDTIME)) {
|
|
|
+ WOLFSSL_MSG("Error, not GENERALIZED_TIME");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Get the string. */
|
|
|
+ p = (const char *)(asnTime->data);
|
|
|
+
|
|
|
+ /* Print month as a 3 letter string. */
|
|
|
+ if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) != 3) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ /* Print space separator. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Print day. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 6, 2) != 2)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Print space separator. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Print hour. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 8, 2) != 2)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Print time separator - colon. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Print minutes. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 10, 2) != 2)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Print time separator - colon. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Print seconds. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 12, 2) != 2)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Print space separator. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Print year. */
|
|
|
+ if ((ret == 1) && (wolfSSL_BIO_write(bio, p, 4) != 4)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* !NO_BIO */
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_TIME APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#ifndef NO_ASN_TIME
|
|
|
+
|
|
|
+#ifdef OPENSSL_EXTRA
|
|
|
+/* Allocate a new ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * @return New empty ASN.1 TIME object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_TIME* ret;
|
|
|
+
|
|
|
+ /* Allocate a new ASN.1 TYPE object. */
|
|
|
+ ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
|
|
|
+ DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (ret != NULL) {
|
|
|
+ /* Clear out fields. */
|
|
|
+ XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME));
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Dispose of ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * @param [in, out] t ASN.1 TIME object.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t)
|
|
|
+{
|
|
|
+ /* Dispose of ASN.1 TIME object. */
|
|
|
+ XFREE(t, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_WOLFSSL_STUB
|
|
|
+/* Set the Unix time GMT into ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * Not implemented.
|
|
|
+ *
|
|
|
+ * @param [in, out] a ASN.1 TIME object.
|
|
|
+ * @param [in] t Unix time GMT.
|
|
|
+ * @return An ASN.1 TIME object.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *a, time_t t)
|
|
|
+{
|
|
|
+ WOLFSSL_STUB("wolfSSL_ASN1_TIME_set");
|
|
|
+ (void)a;
|
|
|
+ (void)t;
|
|
|
+ return a;
|
|
|
+}
|
|
|
+#endif /* !NO_WOLFSSL_STUB */
|
|
|
+
|
|
|
+/* Convert time to Unix time (GMT).
|
|
|
+ *
|
|
|
+ * @param [in] sec Second in minute. 0-59.
|
|
|
+ * @param [in] minute Minute in hour. 0-59.
|
|
|
+ * @param [in] hour Hour in day. 0-23.
|
|
|
+ * @param [in] mday Day of month. 1-31.
|
|
|
+ * @param [in] mon Month of year. 0-11
|
|
|
+ * @param [in] year Year including century. ie: 1991, 2023, 2048.
|
|
|
+ * @return Seconds since 00:00:00 01/01/1970 for the time passed in.
|
|
|
+ */
|
|
|
+static long long wolfssl_time_to_unix_time(int sec, int minute, int hour,
|
|
|
+ int mday, int mon, int year)
|
|
|
+{
|
|
|
+ /* Number of cumulative days from the previous months, starting from
|
|
|
+ * beginning of January. */
|
|
|
+ static const int monthDaysCumulative [12] = {
|
|
|
+ 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
|
|
|
+ };
|
|
|
+ int leapDays = year;
|
|
|
+
|
|
|
+ /* Leap day at end of February. */
|
|
|
+ if (mon <= 1) {
|
|
|
+ --leapDays;
|
|
|
+ }
|
|
|
+ /* Calculate leap days. */
|
|
|
+ leapDays = leapDays / 4 - leapDays / 100 + leapDays / 400 - 1969 / 4 +
|
|
|
+ 1969 / 100 - 1969 / 400;
|
|
|
+
|
|
|
+ /* Calculate number of seconds. */
|
|
|
+ return ((((long long) (year - 1970) * 365 + leapDays +
|
|
|
+ monthDaysCumulative[mon] + mday - 1) * 24 + hour) * 60 + minute) *
|
|
|
+ 60 + sec;
|
|
|
+}
|
|
|
+
|
|
|
+/* Convert ASN.1 TIME object to Unix time (GMT).
|
|
|
+ *
|
|
|
+ * @param [in] t ASN.1 TIME object.
|
|
|
+ * @param [out] secs Number of seconds since 00:00:00 01/01/1970.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when conversion of time fails.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t,
|
|
|
+ long long* secs)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ struct tm tm_s;
|
|
|
+ struct tm *tmGmt = &tm_s;
|
|
|
+
|
|
|
+ /* Convert ASN.1 TIME to broken-down time. NULL treated as current time. */
|
|
|
+ ret = wolfSSL_ASN1_TIME_to_tm(t, tmGmt);
|
|
|
+ if (ret != 1) {
|
|
|
+ WOLFSSL_MSG("Failed to convert from time to struct tm.");
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* We use wolfssl_time_to_unix_time here instead of XMKTIME to avoid the
|
|
|
+ * Year 2038 problem on platforms where time_t is 32 bits. struct tm
|
|
|
+ * stores the year as years since 1900, so we add 1900 to the year. */
|
|
|
+ *secs = wolfssl_time_to_unix_time(tmGmt->tm_sec, tmGmt->tm_min,
|
|
|
+ tmGmt->tm_hour, tmGmt->tm_mday, tmGmt->tm_mon,
|
|
|
+ tmGmt->tm_year + 1900);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Calculate difference in time of two ASN.1 TIME objects.
|
|
|
+ *
|
|
|
+ * @param [out] days Number of whole days between from and to.
|
|
|
+ * @param [out] secs Number of serconds less than a day between from and to.
|
|
|
+ * @param [in] from ASN.1 TIME object as start time.
|
|
|
+ * @param [in] to ASN.1 TIME object as end time.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when days or secs is NULL.
|
|
|
+ * @return 0 when conversion of time fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
|
|
|
+ const WOLFSSL_ASN1_TIME *to)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if (days == NULL) {
|
|
|
+ WOLFSSL_MSG("days is NULL");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if ((ret == 1) && (secs == NULL)) {
|
|
|
+ WOLFSSL_MSG("secs is NULL");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if ((ret == 1) && ((from == NULL) && (to == NULL))) {
|
|
|
+ *days = 0;
|
|
|
+ *secs = 0;
|
|
|
+ }
|
|
|
+ else if (ret == 1) {
|
|
|
+ const int SECS_PER_DAY = 24 * 60 * 60;
|
|
|
+ long long fromSecs;
|
|
|
+ long long toSecs = 0;
|
|
|
+
|
|
|
+ ret = wolfssl_asn1_time_to_secs(from, &fromSecs);
|
|
|
+ if (ret == 1) {
|
|
|
+ ret = wolfssl_asn1_time_to_secs(to, &toSecs);
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ double diffSecs = (double)(toSecs - fromSecs);
|
|
|
+ *days = (int) (diffSecs / SECS_PER_DAY);
|
|
|
+ *secs = (int) (diffSecs - (((double)*days) * SECS_PER_DAY));
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Compare two ASN.1 TIME objects by comparing time value.
|
|
|
+ *
|
|
|
+ * @param [in] a First ASN.1 TIME object.
|
|
|
+ * @param [in] b Second ASN.1 TIME object.
|
|
|
+ * @return Negative value when a is less than b.
|
|
|
+ * @return 0 when a equals b.
|
|
|
+ * @return Positive value when a is greater than b.
|
|
|
+ * @return -2 when a or b is invalid.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
|
|
|
+ const WOLFSSL_ASN1_TIME *b)
|
|
|
+{
|
|
|
+ int ret;
|
|
|
+ int days;
|
|
|
+ int secs;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_compare");
|
|
|
+
|
|
|
+ /* Calculate difference in time between a and b. */
|
|
|
+ if (wolfSSL_ASN1_TIME_diff(&days, &secs, a, b) != 1) {
|
|
|
+ WOLFSSL_MSG("Failed to get time difference.");
|
|
|
+ ret = -2;
|
|
|
+ }
|
|
|
+ else if (days == 0 && secs == 0) {
|
|
|
+ /* a and b are the same time. */
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ else if (days >= 0 && secs >= 0) {
|
|
|
+ /* a is before b. */
|
|
|
+ ret = -1;
|
|
|
+ }
|
|
|
+ /* Assume wolfSSL_ASN1_TIME_diff creates coherent values. */
|
|
|
+ else {
|
|
|
+ ret = 1;
|
|
|
+ }
|
|
|
+
|
|
|
+ WOLFSSL_LEAVE("wolfSSL_ASN1_TIME_compare", ret);
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
|
|
|
+/* Adjust the time into an ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 TIME object. May be NULL.
|
|
|
+ * @param [in] t Time to offset.
|
|
|
+ * @param [in] offset_day Number of days to offset. May be negative.
|
|
|
+ * @param [in] offset_sec Number of seconds to offset. May be negative.
|
|
|
+ * @return ASN.1 TIME object on success.
|
|
|
+ * @return NULL when formatting time fails.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* a, time_t t,
|
|
|
+ int offset_day, long offset_sec)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_TIME* ret = NULL;
|
|
|
+ const time_t sec_per_day = 24*60*60;
|
|
|
+ int time_get;
|
|
|
+ char time_str[MAX_TIME_STRING_SZ];
|
|
|
+ time_t offset_day_sec = offset_day * sec_per_day;
|
|
|
+ time_t t_adj = t + offset_day_sec + offset_sec;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj");
|
|
|
+
|
|
|
+ /* Get time string as either UTC or GeneralizedTime. */
|
|
|
+ time_get = GetFormattedTime(&t_adj, (byte*)time_str, MAX_TIME_STRING_SZ);
|
|
|
+ if (time_get > 0) {
|
|
|
+ ret = a;
|
|
|
+ if (ret == NULL) {
|
|
|
+ ret = wolfSSL_ASN1_TIME_new();
|
|
|
+ }
|
|
|
+ /* Set the string into the ASN.1 TIME object. */
|
|
|
+ if ((wolfSSL_ASN1_TIME_set_string(ret, time_str) != 1) && (ret != a)) {
|
|
|
+ wolfSSL_ASN1_TIME_free(ret);
|
|
|
+ ret = NULL;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* !USER_TIME && !TIME_OVERRIDES */
|
|
|
+
|
|
|
+/* Get the length of the ASN.1 TIME data.
|
|
|
+ *
|
|
|
+ * Not an OpenSSL function - ASN1_TIME is not opaque.
|
|
|
+ *
|
|
|
+ * @param [in] t ASN.1 TIME object.
|
|
|
+ * @return Length of data on success.
|
|
|
+ * @return 0 when t is NULL or no time set.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t)
|
|
|
+{
|
|
|
+ int len = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length");
|
|
|
+
|
|
|
+ if (t != NULL) {
|
|
|
+ len = t->length;
|
|
|
+ }
|
|
|
+
|
|
|
+ return len;
|
|
|
+}
|
|
|
+
|
|
|
+/* Get the data from the ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * Not an OpenSSL function - ASN1_TIME is not opaque.
|
|
|
+ *
|
|
|
+ * @param [in] t ASN.1 TIME object.
|
|
|
+ * @return Data buffer on success.
|
|
|
+ * @return NULL when t is NULL.
|
|
|
+ */
|
|
|
+unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
|
|
|
+{
|
|
|
+ unsigned char* data = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data");
|
|
|
+
|
|
|
+ if (t != NULL) {
|
|
|
+ data = (unsigned char*)t->data;
|
|
|
+ }
|
|
|
+
|
|
|
+ return data;
|
|
|
+}
|
|
|
+
|
|
|
+/* Check format of string in ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * @param [in] a ASN.1 TIME object.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when format invalid.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ char buf[MAX_TIME_STRING_SZ];
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
|
|
|
+
|
|
|
+ /* If can convert to human readable then format good. */
|
|
|
+ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
|
|
|
+ MAX_TIME_STRING_SZ) == NULL) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Set the time as a string into ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * When t is NULL, str is checked only.
|
|
|
+ *
|
|
|
+ * @param [in, out] t ASN.1 TIME object.
|
|
|
+ * @param [in] str Time as a string.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when str is NULL.
|
|
|
+ * @return 0 when str is not formatted correctly.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ int slen = 0;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
|
|
|
+
|
|
|
+ if (str == NULL) {
|
|
|
+ WOLFSSL_MSG("Bad parameter");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Get length of string including NUL terminator. */
|
|
|
+ slen = (int)XSTRLEN(str) + 1;
|
|
|
+ if (slen > CTC_DATE_SIZE) {
|
|
|
+ WOLFSSL_MSG("Date string too long");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if ((ret == 1) && (t != NULL)) {
|
|
|
+ /* Copy in string including NUL terminator. */
|
|
|
+ XMEMCPY(t->data, str, slen);
|
|
|
+ /* Do not include NUL terminator in length. */
|
|
|
+ t->length = slen - 1;
|
|
|
+ /* Set ASN.1 type based on string length. */
|
|
|
+ t->type = ((slen == ASN_UTC_TIME_SIZE) ? V_ASN1_UTCTIME :
|
|
|
+ V_ASN1_GENERALIZEDTIME);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
|
|
|
+ *
|
|
|
+ * @param [in] t ASN.1 TIME object.
|
|
|
+ * @param [in, out] out ASN.1 GENERALIZED TIME object.
|
|
|
+ * @return ASN.1 GENERALIZED TIME object on success.
|
|
|
+ * @return NULL when t is NULL or t has wrong ASN.1 type.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
|
|
|
+ WOLFSSL_ASN1_TIME **out)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_TIME *ret = NULL;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if (t == NULL) {
|
|
|
+ WOLFSSL_MSG("Invalid ASN_TIME value");
|
|
|
+ }
|
|
|
+ /* Ensure ASN.1 type is one that is supported. */
|
|
|
+ else if ((t->type != V_ASN1_UTCTIME) &&
|
|
|
+ (t->type != V_ASN1_GENERALIZEDTIME)) {
|
|
|
+ WOLFSSL_MSG("Invalid ASN_TIME type.");
|
|
|
+ }
|
|
|
+ /* Check for ASN.1 GENERALIZED TIME object being passed in. */
|
|
|
+ else if ((out != NULL) && (*out != NULL)) {
|
|
|
+ /* Copy into the passed in object. */
|
|
|
+ ret = *out;
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Create a new ASN.1 GENERALIZED TIME object. */
|
|
|
+ ret = wolfSSL_ASN1_TIME_new();
|
|
|
+ if (ret == NULL) {
|
|
|
+ WOLFSSL_MSG("memory alloc failed.");
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret != NULL) {
|
|
|
+ /* Set the ASN.1 type and length of string. */
|
|
|
+ ret->type = V_ASN1_GENERALIZEDTIME;
|
|
|
+ ret->length = ASN_GENERALIZED_TIME_SIZE;
|
|
|
+
|
|
|
+ if (t->type == V_ASN1_GENERALIZEDTIME) {
|
|
|
+ /* Just copy as data already appropriately formatted. */
|
|
|
+ XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Convert UTC TIME to GENERALIZED TIME. */
|
|
|
+ if (t->data[0] >= '5') {
|
|
|
+ /* >= 50 is 1900s. */
|
|
|
+ ret->data[0] = '1'; ret->data[1] = '9';
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* < 50 is 2000s. */
|
|
|
+ ret->data[0] = '2'; ret->data[1] = '0';
|
|
|
+ }
|
|
|
+ /* Append rest of the data as it is the same. */
|
|
|
+ XMEMCPY(&ret->data[2], t->data, ASN_UTC_TIME_SIZE);
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check for pointer to return result through. */
|
|
|
+ if (out != NULL) {
|
|
|
+ *out = ret;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
|
|
|
+/* Get string from ASN.1 TIME object.
|
|
|
+ *
|
|
|
+ * Not an OpenSSL compatibility API.
|
|
|
+ *
|
|
|
+ * @param [in] t ASN.1 TIME object.
|
|
|
+ * @param [in, out] buf Buffer to put string in.
|
|
|
+ * @param [in] len Length of buffer in bytes.
|
|
|
+ * @return buf on success.
|
|
|
+ * @return NULL when t or buf is NULL, or len is less than 5.
|
|
|
+ * @return NULL when ASN.1 TIME length is larger than len.
|
|
|
+ * @return NULL when internal time format not valid.
|
|
|
+ */
|
|
|
+char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
|
|
|
+{
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((t == NULL) || (buf == NULL) || (len < 5)) {
|
|
|
+ WOLFSSL_MSG("Bad argument");
|
|
|
+ buf = NULL;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Check internal length against passed in length. */
|
|
|
+ if ((buf != NULL) && (t->length > len)) {
|
|
|
+ WOLFSSL_MSG("Length of date is longer then buffer");
|
|
|
+ buf = NULL;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Get time as human readable string. */
|
|
|
+ if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len)) {
|
|
|
+ buf = NULL;
|
|
|
+ }
|
|
|
+
|
|
|
+ return buf;
|
|
|
+}
|
|
|
+
|
|
|
+/* Number of characters in a UTC TIME string. */
|
|
|
+#define UTCTIME_LEN 13
|
|
|
+
|
|
|
+/* Get year from UTC TIME string.
|
|
|
+ *
|
|
|
+ * @param [in] str UTC TIME string.
|
|
|
+ * @param [in] len Length of string in bytes.
|
|
|
+ * @param [out] year Year as extracted from string.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when length is too short for a UTC TIME.
|
|
|
+ * @return 0 when not ZULU time.
|
|
|
+ */
|
|
|
+static int wolfssl_utctime_year(const unsigned char* str, int len, int* year)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ /* Check minimal length for UTC TIME. */
|
|
|
+ if (len < UTCTIME_LEN) {
|
|
|
+ WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Only support ZULU time. */
|
|
|
+ if ((ret == 1) && (str[UTCTIME_LEN - 1] != 'Z')) {
|
|
|
+ WOLFSSL_MSG("Expecting UTC time.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ int tm_year;
|
|
|
+ /* 2-digit year. */
|
|
|
+ tm_year = (str[0] - '0') * 10;
|
|
|
+ tm_year += str[1] - '0';
|
|
|
+ /* Check for year being in the 2000s. */
|
|
|
+ if (tm_year < 50) {
|
|
|
+ tm_year += 100;
|
|
|
+ }
|
|
|
+ *year = tm_year;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Number of characters in a GENERALIZED TIME string. */
|
|
|
+#define GENTIME_LEN 15
|
|
|
+
|
|
|
+/* Get year from GENERALIZED TIME string.
|
|
|
+ *
|
|
|
+ * @param [in] str GENERALIZED TIME string.
|
|
|
+ * @param [in] len Length of string in bytes.
|
|
|
+ * @param [out] year Year as extracted from string.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when length is too short for a GENERALIZED TIME.
|
|
|
+ * @return 0 when not ZULU time.
|
|
|
+ */
|
|
|
+static int wolfssl_gentime_year(const unsigned char* str, int len, int* year)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ /* Check minimal length for GENERALIZED TIME. */
|
|
|
+ if (len < GENTIME_LEN) {
|
|
|
+ WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if ((ret == 1) && (str[GENTIME_LEN - 1] != 'Z')) {
|
|
|
+ WOLFSSL_MSG("Expecting Generalized time.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ int tm_year;
|
|
|
+ /* 4-digit year. */
|
|
|
+ tm_year = (str[0] - '0') * 1000;
|
|
|
+ tm_year += (str[1] - '0') * 100;
|
|
|
+ tm_year += (str[2] - '0') * 10;
|
|
|
+ tm_year += str[3] - '0';
|
|
|
+ /* Only need value to be years since 1900. */
|
|
|
+ tm_year -= 1900;
|
|
|
+ *year = tm_year;
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Convert an ASN.1 TIME to a struct tm.
|
|
|
+ *
|
|
|
+ * @param [in] asnTime ASN.1 TIME object.
|
|
|
+ * @param [in] tm Broken-down time. Must be non-NULL.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when string format is invalid.
|
|
|
+ */
|
|
|
+static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
|
|
|
+ struct tm* tm)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ const unsigned char* asn1TimeBuf;
|
|
|
+ int asn1TimeBufLen;
|
|
|
+ int i = 0;
|
|
|
+
|
|
|
+ /* Get the string buffer - fixed array, can't fail. */
|
|
|
+ asn1TimeBuf = wolfSSL_ASN1_TIME_get_data(asnTime);
|
|
|
+ /* Get the length of the string. */
|
|
|
+ asn1TimeBufLen = wolfSSL_ASN1_TIME_get_length(asnTime);
|
|
|
+ if (asn1TimeBufLen <= 0) {
|
|
|
+ WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer length.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Zero out values in broken-down time. */
|
|
|
+ XMEMSET(tm, 0, sizeof(struct tm));
|
|
|
+
|
|
|
+ if (asnTime->type == V_ASN1_UTCTIME) {
|
|
|
+ /* Get year from UTC TIME string. */
|
|
|
+ if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen,
|
|
|
+ &tm->tm_year)) == 1) {
|
|
|
+ /* Month starts after year - 2 characters. */
|
|
|
+ i = 2;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else if (asnTime->type == V_ASN1_GENERALIZEDTIME) {
|
|
|
+ /* Get year from GENERALIZED TIME string. */
|
|
|
+ if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen,
|
|
|
+ &tm->tm_year)) == 1) {
|
|
|
+ /* Month starts after year - 4 characters. */
|
|
|
+ i = 4;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* No other time formats known. */
|
|
|
+ WOLFSSL_MSG("asnTime->type is invalid.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Fill in rest of broken-down time from string. */
|
|
|
+ /* January is 0 not 1 */
|
|
|
+ tm->tm_mon = (asn1TimeBuf[i] - '0') * 10; i++;
|
|
|
+ tm->tm_mon += (asn1TimeBuf[i] - '0') - 1; i++;
|
|
|
+ tm->tm_mday = (asn1TimeBuf[i] - '0') * 10; i++;
|
|
|
+ tm->tm_mday += (asn1TimeBuf[i] - '0'); i++;
|
|
|
+ tm->tm_hour = (asn1TimeBuf[i] - '0') * 10; i++;
|
|
|
+ tm->tm_hour += (asn1TimeBuf[i] - '0'); i++;
|
|
|
+ tm->tm_min = (asn1TimeBuf[i] - '0') * 10; i++;
|
|
|
+ tm->tm_min += (asn1TimeBuf[i] - '0'); i++;
|
|
|
+ tm->tm_sec = (asn1TimeBuf[i] - '0') * 10; i++;
|
|
|
+ tm->tm_sec += (asn1TimeBuf[i] - '0');
|
|
|
+
|
|
|
+ #ifdef XMKTIME
|
|
|
+ /* Call XMKTIME on tm to get tm_wday and tm_yday fields populated. */
|
|
|
+ XMKTIME(tm);
|
|
|
+ #endif
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Get the current time into a broken-down time.
|
|
|
+ *
|
|
|
+ * @param [out] tm Broken-time time.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when tm is NULL.
|
|
|
+ * @return 0 when get current time fails.
|
|
|
+ * @return 0 when converting Unix time to broken-down time fails.
|
|
|
+ */
|
|
|
+static int wolfssl_get_current_time_tm(struct tm* tm)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+ time_t currentTime;
|
|
|
+ struct tm *tmpTs;
|
|
|
+#if defined(NEED_TMP_TIME)
|
|
|
+ /* for use with gmtime_r */
|
|
|
+ struct tm tmpTimeStorage;
|
|
|
+ tmpTs = &tmpTimeStorage;
|
|
|
+#else
|
|
|
+ tmpTs = NULL;
|
|
|
+#endif
|
|
|
+ (void)tmpTs;
|
|
|
+
|
|
|
+ /* Must have a pointer to return result into. */
|
|
|
+ if (tm == NULL) {
|
|
|
+ WOLFSSL_MSG("asnTime and tm are both NULL");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Get current Unix Time GMT. */
|
|
|
+ currentTime = wc_Time(0);
|
|
|
+ if (currentTime <= 0) {
|
|
|
+ WOLFSSL_MSG("Failed to get current time.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Convert Unix Time GMT into broken-down time. */
|
|
|
+ tmpTs = XGMTIME(¤tTime, tmpTs);
|
|
|
+ if (tmpTs == NULL) {
|
|
|
+ WOLFSSL_MSG("Failed to convert current time to UTC.");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Copy from the structure returned into parameter. */
|
|
|
+ XMEMCPY(tm, tmpTs, sizeof(*tm));
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Convert ASN.1 TIME object's time into broken-down representation.
|
|
|
+ *
|
|
|
+ * Internal time string is checked when tm is NULL.
|
|
|
+ *
|
|
|
+ * @param [in] asnTime ASN.1 TIME object.
|
|
|
+ * @param [out] tm Broken-down time.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when asnTime is NULL and tm is NULL.
|
|
|
+ * @return 0 getting current time fails.
|
|
|
+ * @return 0 when internal time string is invalid.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_tm");
|
|
|
+
|
|
|
+ /* If asnTime is NULL, then the current time is converted. */
|
|
|
+ if (asnTime == NULL) {
|
|
|
+ ret = wolfssl_get_current_time_tm(tm);
|
|
|
+ }
|
|
|
+ /* If tm is NULL this function performs a format check on asnTime only. */
|
|
|
+ else if (tm == NULL) {
|
|
|
+ ret = wolfSSL_ASN1_TIME_check(asnTime);
|
|
|
+ }
|
|
|
+ else {
|
|
|
+ /* Convert ASN.1 TIME to broken-down time. */
|
|
|
+ ret = wolfssl_asn1_time_to_tm(asnTime, tm);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+#ifndef NO_BIO
|
|
|
+/* Print the ASN.1 TIME object as a string to BIO.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to write to.
|
|
|
+ * @param [in] asnTime ASN.1 TIME object.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when bio or asnTime is NULL.
|
|
|
+ * @return 0 when creating human readable string fails.
|
|
|
+ * @return 0 when writing to BIO fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
|
|
|
+{
|
|
|
+ char buf[MAX_TIME_STRING_SZ];
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_TIME_print");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bio == NULL) || (asnTime == NULL)) {
|
|
|
+ WOLFSSL_MSG("NULL function argument");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ int len;
|
|
|
+
|
|
|
+ /* Create human readable string. */
|
|
|
+ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf,
|
|
|
+ sizeof(buf)) == NULL) {
|
|
|
+ /* Write out something anyway but return error. */
|
|
|
+ XMEMSET(buf, 0, MAX_TIME_STRING_SZ);
|
|
|
+ XSTRNCPY(buf, "Bad time value", sizeof(buf)-1);
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ /* Write out string. */
|
|
|
+ len = (int)XSTRLEN(buf);
|
|
|
+ if (wolfSSL_BIO_write(bio, buf, len) != len) {
|
|
|
+ WOLFSSL_MSG("Unable to write to bio");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* !NO_BIO */
|
|
|
+
|
|
|
+#endif /* WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA */
|
|
|
+
|
|
|
+#ifdef OPENSSL_EXTRA
|
|
|
+
|
|
|
+#ifndef NO_BIO
|
|
|
+/* Print the ASN.1 UTC TIME object as a string to BIO.
|
|
|
+ *
|
|
|
+ * @param [in] bio BIO to write to.
|
|
|
+ * @param [in] asnTime ASN.1 UTC TIME object.
|
|
|
+ * @return 1 on success.
|
|
|
+ * @return 0 when bio or asnTime is NULL.
|
|
|
+ * @return 0 when ASN.1 type is not UTC TIME.
|
|
|
+ * @return 0 when creating human readable string fails.
|
|
|
+ * @return 0 when writing to BIO fails.
|
|
|
+ */
|
|
|
+int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
|
|
|
+{
|
|
|
+ int ret = 1;
|
|
|
+
|
|
|
+ WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_print");
|
|
|
+
|
|
|
+ /* Validate parameters. */
|
|
|
+ if ((bio == NULL) || (a == NULL)) {
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+ /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */
|
|
|
+ if ((ret == 1) && (a->type != V_ASN1_UTCTIME)) {
|
|
|
+ WOLFSSL_MSG("Error, not UTC_TIME");
|
|
|
+ ret = 0;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (ret == 1) {
|
|
|
+ /* Use generic time printing function to do work. */
|
|
|
+ ret = wolfSSL_ASN1_TIME_print(bio, a);
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+#endif /* !NO_BIO */
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+#endif /* !NO_ASN_TIME */
|
|
|
+
|
|
|
+/*******************************************************************************
|
|
|
+ * ASN1_TYPE APIs
|
|
|
+ ******************************************************************************/
|
|
|
+
|
|
|
+#ifdef OPENSSL_EXTRA
|
|
|
+
|
|
|
+/**
|
|
|
+ * Allocate a new ASN.1 TYPE object.
|
|
|
+ *
|
|
|
+ * @return New empty ASN.1 TYPE object on success.
|
|
|
+ * @return NULL when dynamic memory allocation fails.
|
|
|
+ */
|
|
|
+WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
|
|
|
+{
|
|
|
+ WOLFSSL_ASN1_TYPE* ret;
|
|
|
+
|
|
|
+ /* Allocate a new ASN.1 TYPE object. */
|
|
|
+ ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE), NULL,
|
|
|
+ DYNAMIC_TYPE_OPENSSL);
|
|
|
+ if (ret != NULL) {
|
|
|
+ /* Clear out fields. */
|
|
|
+ XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE));
|
|
|
+ }
|
|
|
+
|
|
|
+ return ret;
|
|
|
+}
|
|
|
+
|
|
|
+/* Free the ASN.1 TYPE object's value field.
|
|
|
+ *
|
|
|
+ * @param [in, out] at ASN.1 TYPE object.
|
|
|
+ */
|
|
|
+static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
|
|
|
+{
|
|
|
+ switch (at->type) {
|
|
|
+ case V_ASN1_NULL:
|
|
|
+ break;
|
|
|
+ case V_ASN1_OBJECT:
|
|
|
+ wolfSSL_ASN1_OBJECT_free(at->value.object);
|
|
|
+ break;
|
|
|
+ case V_ASN1_UTCTIME:
|
|
|
+ #ifndef NO_ASN_TIME
|
|
|
+ wolfSSL_ASN1_TIME_free(at->value.utctime);
|
|
|
+ #endif
|
|
|
+ break;
|
|
|
+ case V_ASN1_GENERALIZEDTIME:
|
|
|
+ #ifndef NO_ASN_TIME
|
|
|
+ wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
|
|
|
+ #endif
|
|
|
+ break;
|
|
|
+ case V_ASN1_UTF8STRING:
|
|
|
+ case V_ASN1_PRINTABLESTRING:
|
|
|
+ case V_ASN1_T61STRING:
|
|
|
+ case V_ASN1_IA5STRING:
|
|
|
+ case V_ASN1_UNIVERSALSTRING:
|
|
|
+ case V_ASN1_SEQUENCE:
|
|
|
+ wolfSSL_ASN1_STRING_free(at->value.asn1_string);
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ break;
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+/**
|
|
|
+ * Free ASN.1 TYPE object and its value.
|
|
|
+ *
|
|
|
+ * @param [in, out] at ASN.1 TYPE object.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
|
|
|
+{
|
|
|
+ if (at != NULL) {
|
|
|
+ /* Dispose of value in ASN.1 TYPE object. */
|
|
|
+ wolfssl_asn1_type_free_value(at);
|
|
|
+ }
|
|
|
+ /* Dispose of ASN.1 TYPE object. */
|
|
|
+ XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_EXTRA */
|
|
|
+
|
|
|
+#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS)
|
|
|
+/**
|
|
|
+ * Set ASN.1 TYPE object with a type and value.
|
|
|
+ *
|
|
|
+ * Type of value for different types:
|
|
|
+ * V_ASN1_NULL : Value should be NULL.
|
|
|
+ * V_ASN1_OBJECT : WOLFSSL_ASN1_OBJECT.
|
|
|
+ * V_ASN1_UTCTIME : WOLFSSL_ASN1_TIME.
|
|
|
+ * V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
|
|
|
+ * V_ASN1_UTF8STRING : WOLFSSL_ASN1_STRING.
|
|
|
+ * V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
|
|
|
+ * V_ASN1_T61STRING : WOLFSSL_ASN1_STRING.
|
|
|
+ * V_ASN1_IA5STRING : WOLFSSL_ASN1_STRING.
|
|
|
+ * V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
|
|
|
+ * V_ASN1_SEQUENCE : WOLFSSL_ASN1_STRING.
|
|
|
+ *
|
|
|
+ * @param [in, out] a ASN.1 TYPE object to set.
|
|
|
+ * @param [in] type ASN.1 type of value.
|
|
|
+ * @param [in] value Value to store.
|
|
|
+ */
|
|
|
+void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
|
|
|
+{
|
|
|
+ if (a != NULL) {
|
|
|
+ switch (type) {
|
|
|
+ case V_ASN1_NULL:
|
|
|
+ if (value != NULL) {
|
|
|
+ WOLFSSL_MSG("NULL tag meant to be always empty!");
|
|
|
+ /* No way to return error - value will not be used. */
|
|
|
+ }
|
|
|
+ /* fall-through */
|
|
|
+ case V_ASN1_OBJECT:
|
|
|
+ case V_ASN1_UTCTIME:
|
|
|
+ case V_ASN1_GENERALIZEDTIME:
|
|
|
+ case V_ASN1_UTF8STRING:
|
|
|
+ case V_ASN1_PRINTABLESTRING:
|
|
|
+ case V_ASN1_T61STRING:
|
|
|
+ case V_ASN1_IA5STRING:
|
|
|
+ case V_ASN1_UNIVERSALSTRING:
|
|
|
+ case V_ASN1_SEQUENCE:
|
|
|
+ /* Dispose of any value currently set. */
|
|
|
+ wolfssl_asn1_type_free_value(a);
|
|
|
+ /* Assign anonymously typed input to anonymously typed field. */
|
|
|
+ a->value.ptr = (char *)value;
|
|
|
+ /* Set the type required. */
|
|
|
+ a->type = type;
|
|
|
+ break;
|
|
|
+ default:
|
|
|
+ WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
|
|
|
+ /* No way to return error. */
|
|
|
+ }
|
|
|
+ }
|
|
|
+}
|
|
|
+
|
|
|
+#endif /* OPENSSL_ALL || WOLFSSL_WPAS */
|
|
|
+
|
|
|
+#endif /* !WOLFSSL_SSL_ASN1_INCLUDED */
|
|
|
+
|