/* ssl_asn1.c * * Copyright (C) 2006-2023 wolfSSL Inc. * * This file is part of wolfSSL. * * wolfSSL is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * wolfSSL is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ #ifdef HAVE_CONFIG_H #include #endif #include #include #ifndef WC_NO_RNG #include #endif #if !defined(WOLFSSL_SSL_ASN1_INCLUDED) #ifndef WOLFSSL_IGNORE_FILE_WARN #warning ssl_asn1.c does not need to be compiled separately from ssl.c #endif #else /******************************************************************************* * ASN1_item APIs ******************************************************************************/ #ifndef NO_ASN #ifdef OPENSSL_EXTRA #ifdef OPENSSL_ALL /* Create an ASN1 item of the specified type. * * @param [out] item Pointer to location to place new ASN1 item. * @param [in] type Type of ASN1 item to create. * @return 0 on success. * @return 1 when item type not supported. * @return 1 when item type allocation fails. */ static int wolfssl_asn1_item_new(void** item, int type) { int err = 0; switch (type) { case WOLFSSL_X509_ALGOR_ASN1: *(WOLFSSL_X509_ALGOR**)item = wolfSSL_X509_ALGOR_new(); break; case WOLFSSL_ASN1_BIT_STRING_ASN1: *(WOLFSSL_ASN1_BIT_STRING**)item = wolfSSL_ASN1_BIT_STRING_new(); break; case WOLFSSL_ASN1_INTEGER_ASN1: *(WOLFSSL_ASN1_INTEGER**)item = wolfSSL_ASN1_INTEGER_new(); break; default: WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new"); *(void**)item = NULL; } /* Check whether an item was put in. */ if (*(void**)item == NULL) { err = 1; } return err; } /* Create a new ASN1 item based on a template. * * @param [in] tpl Template of ASN1 items. * @return A new ASN1 item on success. * @return NULL when tpl is NULL, dynamic memory allocation fails or ASN1 * item type not supported. */ void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* tpl) { int err = 0; void* ret = NULL; const WOLFSSL_ASN1_TEMPLATE *mem = NULL; size_t i; WOLFSSL_ENTER("wolfSSL_ASN1_item_new"); if (tpl != NULL) { ret = (void *)XMALLOC(tpl->size, NULL, DYNAMIC_TYPE_OPENSSL); } if (ret != NULL) { XMEMSET(ret, 0, tpl->size); for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) { if ((err = wolfssl_asn1_item_new( (void**)(((byte*)ret) + mem->offset), mem->type))) { break; } } } if (err) { wolfSSL_ASN1_item_free(ret, tpl); ret = NULL; } return ret; } /* Dispose of an ASN1 item of the specified type. * * @param [in, out] item Pointer to an anonymized ASN1 item to free. * @param [in] type Type of ASN1 item to free. */ static void wolfssl_asn1_item_free(void** item, int type) { switch (type) { case WOLFSSL_X509_ALGOR_ASN1: wolfSSL_X509_ALGOR_free(*(WOLFSSL_X509_ALGOR**)item); break; case WOLFSSL_ASN1_BIT_STRING_ASN1: wolfSSL_ASN1_BIT_STRING_free(*(WOLFSSL_ASN1_BIT_STRING**)item); break; case WOLFSSL_ASN1_INTEGER_ASN1: wolfSSL_ASN1_INTEGER_free(*(WOLFSSL_ASN1_INTEGER**)item); break; default: WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free"); } } /* Dispose of ASN1 item based on a template. * * @param [in, out] val ASN item to free. * @param [in, tpl Template of ASN1 items. */ void wolfSSL_ASN1_item_free(void *items, const WOLFSSL_ASN1_ITEM *tpl) { const WOLFSSL_ASN1_TEMPLATE *mem = NULL; size_t i; WOLFSSL_ENTER("wolfSSL_ASN1_item_free"); if (items != NULL) { for (mem = tpl->members, i = 0; i < tpl->mcount; mem++, i++) { wolfssl_asn1_item_free((void**)(((byte*)items) + mem->offset), mem->type); } } XFREE(items, NULL, DYNAMIC_TYPE_OPENSSL); } /* Offset buf if not NULL or NULL. */ #define bufLenOrNull(buf, len) (((buf) != NULL) ? ((buf) + (len)) : NULL) /* Encode X509 algorithm as DER. * * @param [in] algor X509 algorithm object. * @param [in, out] buf Buffer to encode into. May be NULL. * @return Length of DER encoding on success. * @return 0 on failure. */ static int wolfSSL_i2d_X509_ALGOR(const WOLFSSL_X509_ALGOR* algor, byte* buf) { int ret; word32 oid = 0; word32 idx = 0; if (algor->algorithm == 0) { WOLFSSL_MSG("X509_ALGOR algorithm not set"); ret = 0; } else if (GetObjectId(algor->algorithm->obj, &idx, &oid, (word32)algor->algorithm->grp, algor->algorithm->objSz) < 0) { WOLFSSL_MSG("Issue getting OID of object"); ret = 0; } else { ret = (int)SetAlgoID((int)oid, buf, algor->algorithm->grp, 0); } return ret; } /* Encode ASN.1 BIT_STRING as DER. * * @param [in] bit_str BIT_STRING object. * @param [in, out] buf Buffer to encode into. May be NULL. * @return Length of DER encoding on success. */ static int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bit_str, byte* buf) { int len; len = (int)SetBitString((word32)bit_str->length, 0, buf); if ((buf != NULL) && (bit_str->data != NULL)) { XMEMCPY(buf + len, bit_str->data, (size_t)bit_str->length); } return len + bit_str->length; } /* Encode ASN item as DER. * * @param [in] item Pointer to anonymized ASN item. * @param [in, out] buf Buffer to encode into. May be NULL. * @return Length of DER encoding on success. * @return 0 on failure. */ static int wolfssl_i2d_asn1_item(void** item, int type, byte* buf) { int len; switch (type) { case WOLFSSL_X509_ALGOR_ASN1: len = wolfSSL_i2d_X509_ALGOR(*(const WOLFSSL_X509_ALGOR**)item, buf); break; case WOLFSSL_ASN1_BIT_STRING_ASN1: len = wolfSSL_i2d_ASN1_BIT_STRING( *(const WOLFSSL_ASN1_BIT_STRING**)item, buf); break; case WOLFSSL_ASN1_INTEGER_ASN1: { byte *tmp_buf = buf; len = wolfSSL_i2d_ASN1_INTEGER( *(const WOLFSSL_ASN1_INTEGER**)item, &tmp_buf); if ((buf == NULL) && (tmp_buf != NULL)) { XFREE(tmp_buf, NULL, DYNAMIC_TYPE_ASN1); tmp_buf = NULL; } } break; default: WOLFSSL_MSG("Type not support in processMembers"); len = 0; } return len; } /* Encode members of an ASN.1 SEQUENCE as DER. * * @param [in] src ASN1 items to encode. * @param [in, out] buf Buffer to encode into. May be NULL. * @param [in] members ASN1 template members. * @param [in] mcount Count of template members. * @return Length of DER encoding on success. * @return 0 on failure. */ static int wolfssl_i2d_asn1_items(const void* src, byte*buf, const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount) { const WOLFSSL_ASN1_TEMPLATE* mem = NULL; int len = 0; int ret; size_t i; WOLFSSL_ENTER("wolfssl_i2d_asn1_items"); for (mem = members, i = 0; i < mcount; mem++, i++) { ret = wolfssl_i2d_asn1_item((void**)(((byte*)src) + mem->offset), mem->type, bufLenOrNull(buf, len)); if (ret == 0) { len = 0; break; } len += ret; } WOLFSSL_LEAVE("wolfssl_i2d_asn1_items", len); return len; } /* Encode sequence and items under it. * * @param [in] src ASN1 items to encode. * @param [in, out] buf Buffer to encode into. May be NULL. * @param [in] tpl Template of ASN1 items. * @return Length of DER encoding on success. * @return 0 on failure. */ static int i2d_ASN_SEQUENCE(const void* src, byte* buf, const WOLFSSL_ASN1_ITEM* tpl) { word32 seq_len; word32 len = 0; seq_len = (word32)wolfssl_i2d_asn1_items(src, NULL, tpl->members, tpl->mcount); if (seq_len != 0) { len = SetSequence(seq_len, buf); if (buf != NULL) { wolfssl_i2d_asn1_items(src, buf + len, tpl->members, tpl->mcount); } len += seq_len; } return (int)len; } /* Encode ASN1 template item. * * @param [in] src ASN1 items to encode. * @param [in, out] buf Buffer to encode into. May be NULL. * @param [in] tpl Template of ASN1 items. * @return Length of DER encoding on success. * @return 0 on failure. */ static int wolfssl_asn1_item_encode(const void* src, byte* buf, const WOLFSSL_ASN1_ITEM* tpl) { int len; switch (tpl->type) { case ASN_SEQUENCE: len = i2d_ASN_SEQUENCE(src, buf, tpl); break; default: WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d"); len = 0; } return len; } /* Encode ASN1 template. * * @param [in] src ASN1 items to encode. * @param [in, out] dest Pointer to buffer to encode into. May be NULL. * @param [in] tpl Template of ASN1 items. * @return Length of DER encoding on success. * @return 0 on failure. */ int wolfSSL_ASN1_item_i2d(const void* src, byte** dest, const WOLFSSL_ASN1_ITEM* tpl) { int ret = 1; int len = 0; byte* buf = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d"); /* Validate parameters. */ if ((src == NULL) || (tpl == NULL)) { ret = 0; } if ((ret == 1) && ((len = wolfssl_asn1_item_encode(src, NULL, tpl)) == 0)) { ret = 0; } if ((ret == 1) && (dest != NULL)) { if (*dest == NULL) { buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (buf == NULL) ret = 0; *dest = buf; } if (ret == 1) { len = wolfssl_asn1_item_encode(src, *dest, tpl); } } if (ret == 0) { XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); len = 0; } WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len); return len; } #endif /* OPENSSL_ALL */ #endif /* OPENSSL_EXTRA */ /******************************************************************************* * ASN1_BIT_STRING APIs ******************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Create a new ASN.1 BIT_STRING object. * * @return ASN.1 BIT_STRING object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void) { WOLFSSL_ASN1_BIT_STRING* bitStr; bitStr = (WOLFSSL_ASN1_BIT_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_BIT_STRING), NULL, DYNAMIC_TYPE_OPENSSL); if (bitStr) { XMEMSET(bitStr, 0, sizeof(WOLFSSL_ASN1_BIT_STRING)); } return bitStr; } /* Dispose of ASN.1 BIT_STRING object. * * Do not use bitStr after calling this function. * * @param [in, out] bitStr ASN.1 BIT_STRING to free. May be NULL. */ void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* bitStr) { if (bitStr != NULL) { /* Dispose of any data allocated in BIT_STRING. */ XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL); } /* Dispose of the ASN.1 BIT_STRING object. */ XFREE(bitStr, NULL, DYNAMIC_TYPE_OPENSSL); } /* Get the value of the bit from the ASN.1 BIT_STRING at specified index. * * A NULL object a value of 0 for the bit at all indices. * A negative index has a value of 0 for the bit. * * @param [in] bitStr ASN.1 BIT_STRING object. * @param [in] i Index of bit. * @return Value of bit. */ int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr, int i) { int bit = 0; /* Check for data and whether index is in range. */ if ((bitStr != NULL) && (bitStr->data != NULL) && (i >= 0) && (bitStr->length > (i / 8))) { bit = (bitStr->data[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0; } return bit; } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) && !defined(NO_CERTS) /* Grow data to require length. * * @param [in] bitStr ASN.1 BIT_STRING object. * @param [in] len Length, in bytes, of data required. * @return 1 on success. * @return 0 when dynamic memory allocation fails. */ static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr, int len) { int ret = 1; byte* tmp; /* Realloc to length required. */ tmp = (byte*)XREALLOC(bitStr->data, (size_t)len, NULL, DYNAMIC_TYPE_OPENSSL); if (tmp == NULL) { ret = 0; } else { /* Clear out new, top bytes. */ XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length)); bitStr->data = tmp; bitStr->length = len; } return ret; } /* Set the value of a bit in the ASN.1 BIT_STRING at specified index. * * @param [in] bitStr ASN.1 BIT_STRING object. * @param [in] idx Index of bit to set. * @param [in] val Value of bit to set. Valid values: 0 or 1. * @return 1 on success. * @return 0 when bitStr is NULL, idx is negative, val is not 0 or 1, or * dynamic memory allocation fails. */ int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx, int val) { int ret = 1; int i = 0; /* Validate parameters. */ if ((bitStr == NULL) || (idx < 0) || ((val != 0) && (val != 1))) { ret = 0; } if (ret == 1) { i = idx / 8; /* Check if we need to extend data range. */ if ((i >= bitStr->length) && (val != 0)) { /* Realloc data to handle having bit set at index. */ ret = wolfssl_asn1_bit_string_grow(bitStr, i + 1); } } if ((ret == 1) && (i < bitStr->length)) { /* Bit on at index. */ byte bit = 1 << (7 - (idx % 8)); /* Clear bit and set to value. */ bitStr->data[i] &= ~bit; bitStr->data[i] |= bit & (byte)(0 - val); } return ret; } #endif /* OPENSSL_ALL && !NO_CERTS */ /******************************************************************************* * ASN1_INTEGER APIs ******************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /* Create a new empty ASN.1 INTEGER object. * * @return ASN.1 INTEGER object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void) { WOLFSSL_ASN1_INTEGER* a; /* Allocate a new ASN.1 INTEGER object. */ a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL, DYNAMIC_TYPE_OPENSSL); if (a != NULL) { XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER)); /* Use fixed buffer field for data. */ a->data = a->intData; a->isDynamic = 0; /* Maximum supported by fixed buffer. */ a->dataMax = WOLFSSL_ASN1_INTEGER_MAX; /* No value set - no data. */ a->length = 0; } return a; } /* Free the ASN.1 INTEGER object and any dynamically allocated data. * * @param [in, out] in ASN.1 INTEGER object. */ void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in) { if ((in != NULL) && (in->isDynamic)) { /* Dispose of any data allocated in INTEGER. */ XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL); } /* Dispose of the ASN.1 INTEGER object. */ XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL); } #if defined(OPENSSL_EXTRA) /* Reset the data of ASN.1 INTEGER object back to empty fixed array. * * @param [in] a ASN.1 INTEGER object. */ static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a) { /* Don't use dynamic buffer anymore. */ if (a->isDynamic) { /* Cache pointer to allocated data. */ unsigned char* data = a->data; /* No longer dynamic. */ a->isDynamic = 0; /* Point data at fixed array. */ a->data = a->intData; /* Set maximum length to fixed array size. */ a->dataMax = (unsigned int)sizeof(a->intData); /* Dispose of dynamically allocated data. */ XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL); } /* Clear out data from fixed array. */ XMEMSET(a->intData, 0, sizeof(a->intData)); /* No data, no length. */ a->length = 0; /* No data, not negative. */ a->negative = 0; /* Set type to positive INTEGER. */ a->type = V_ASN1_INTEGER; } #endif /* OPENSSL_EXTRA */ /* Setup ASN.1 INTEGER object to handle data of required length. * * @param [in, out] a ASN.1 INTEGER object. * @param [in] len Required length in bytes. * @return 1 on success. * @return 0 on dynamic memory allocation failure. */ static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len, int keepOldData) { int ret = 1; byte* data; byte* oldData = a->intData; int oldLen = a->length; if (a->isDynamic && (len > (int)a->dataMax)) { oldData = a->data; a->isDynamic = 0; a->data = a->intData; a->dataMax = (unsigned int)sizeof(a->intData); } a->length = 0; if ((!a->isDynamic) && (len > (int)a->dataMax)) { /* Create a new buffer to hold large integer value. */ data = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL); if (data == NULL) { ret = 0; } else { /* Indicate data is dynamic and copy data over. */ a->isDynamic = 1; a->data = data; a->dataMax = (word32)len; } } if (keepOldData) { if (oldData != a->data) { /* Copy old data into new buffer. */ XMEMCPY(a->data, oldData, (size_t)oldLen); } /* Restore old length. */ a->length = oldLen; } if (oldData != a->intData) { /* Dispose of the old dynamic data. */ XFREE(oldData, NULL, DYNAMIC_TYPE_OPENSSL); } return ret; } /* Duplicate the ASN.1 INTEGER object into a newly allocated one. * * @param [in] src ASN.1 INTEGER object to copy. * @return ASN.1 INTEGER object on success. * @return NULL when src is NULL or dynamic memory allocation fails. */ WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src) { WOLFSSL_ASN1_INTEGER* dup = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup"); /* Check for object to duplicate. */ if (src != NULL) { /* Create a new ASN.1 INTEGER object to be copied into. */ dup = wolfSSL_ASN1_INTEGER_new(); } /* Check for object to copy into. */ if (dup != NULL) { /* Copy simple fields. */ dup->length = src->length; dup->negative = src->negative; dup->type = src->type; if (!src->isDynamic) { /* Copy over data from/to fixed buffer. */ XMEMCPY(dup->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX); } else if (wolfssl_asn1_integer_require_len(dup, src->length, 0) == 0) { wolfSSL_ASN1_INTEGER_free(dup); dup = NULL; } else { XMEMCPY(dup->data, src->data, (size_t)src->length); } } return dup; } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_EXTRA) /* Compare values in two ASN.1 INTEGER objects. * * @param [in] a First ASN.1 INTEGER object. * @param [in] b Second ASN.1 INTEGER object. * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. * @return -1 when a or b is NULL. */ int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, const WOLFSSL_ASN1_INTEGER* b) { int ret = 0; WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_cmp"); /* Validate parameters. */ if ((a == NULL) || (b == NULL)) { WOLFSSL_MSG("Bad parameter."); ret = -1; } /* Negative value < Positive value */ else if (a->negative && !b->negative) { ret = -1; } /* Positive value > Negative value */ else if (!a->negative && b->negative) { ret = 1; } else { /* Check for difference in length. */ if (a->length != b->length) { ret = a->length - b->length; } else { /* Compare data given they are the same length. */ ret = XMEMCMP(a->data, b->data, (size_t)a->length); } /* Reverse comparison result when both negative. */ if (a->negative) { ret = -ret; } } WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_cmp", ret); return ret; } /* Calculate 2's complement of DER encoding. * * @param [in] data Array that is number. * @param [in] length Number of bytes in array. * @return 0 on success. * @return -1 when get length from DER header failed. */ static void wolfssl_twos_compl(byte* data, int length) { int i; /* Invert bits - 1's complement. */ for (i = 0; i < length; ++i) { data[i] = ~data[i]; } /* 2's complement - add 1. */ for (i = length - 1; (++data[i]) == 0; --i) { /* Do nothing. */ } } /* Calculate 2's complement of DER encoding. * * @param [in] data Array that is number. * @param [in] length Number of bytes in array. * @param [out] neg When NULL, 2's complement data. * When not NULL, check for negative first and return. * @return 0 on success. * @return -1 when get length from DER header failed. */ static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg) { int ret = 0; word32 idx = 1; /* Skip tag. */ int len; /* Get length from DER header. */ if (GetLength(data, &idx, &len, (word32)length) < 0) { ret = -1; } else { if (neg != NULL) { *neg = data[idx] & 0x80; } if ((neg == NULL) || (*neg != 0)) { wolfssl_twos_compl(data + idx, length - (int)idx); } } return ret; } /* Encode ASN.1 INTEGER as DER without tag. * * When out points to NULL, a new buffer is allocated and returned. * * @param [in] a ASN.1 INTEGER object. * @param [in, out] out Pointer to buffer to hold encoding. May point to NULL. * @return Length of encoding on success. * @return -1 when a is NULL or no data, out is NULL, dynamic memory allocation * fails or encoding length fails. */ int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** out) { int ret = 0; byte* buf = NULL; WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER"); /* Validate parameters. */ if ((a == NULL) || (a->data == NULL) || (a->length <= 0) || (out == NULL)) { WOLFSSL_MSG("Bad parameter."); ret = -1; } if ((ret == 0) && (*out == NULL)) { /* Allocate buffer to hold encoding. */ buf = (unsigned char*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1); if (buf == NULL) { WOLFSSL_MSG("Failed to allocate output buffer."); ret = -1; } /* Return any allocated buffer. */ *out = buf; } if (ret == 0) { /* Copy the data (including tag and length) into output buffer. */ XMEMCPY(*out, a->data, (size_t)a->length); /* Only magnitude of the number stored (i.e. the sign isn't encoded). * The "negative" field is 1 if the value must be interpreted as * negative and we need to output the 2's complement of the value in * the DER output. */ if (a->negative) { ret = wolfssl_asn1_int_twos_compl(*out, a->length, NULL); } } if (ret == 0) { ret = a->length; /* Move pointer on passed encoding when buffer passed in. */ if (buf == NULL) { *out += a->length; } } /* Dispose of any dynamically allocated data on error. */ else if (buf != NULL) { /* Dispose of buffer allocated locally on error. */ XFREE(buf, NULL, DYNAMIC_TYPE_ASN1); /* Don't return freed buffer. */ *out = NULL; } WOLFSSL_LEAVE("wolfSSL_i2d_ASN1_INTEGER", ret); return ret; } /* Decode DER encoding of ASN.1 INTEGER. * * @param [out] a ASN.1 INTEGER object. May be NULL. * @param [in, out] in Pointer to buffer containing DER encoding. * @param [in] inSz Length of data in buffer. * @return ASN.1 INTEGER object on success. * @return NULL when in or *in is NULL, inSz is less than or equal to 2 or * parsing DER failed. */ WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a, const unsigned char** in, long inSz) { WOLFSSL_ASN1_INTEGER* ret = NULL; int err = 0; word32 idx = 1; int len = 0; WOLFSSL_ENTER("wolfSSL_d2i_ASN1_INTEGER"); /* Validate parameters. */ if ((in == NULL) || (*in == NULL) || (inSz <= 2)) { WOLFSSL_MSG("Bad parameter"); err = 1; } /* Check that the tag is correct. */ if ((!err) && (*in)[0] != ASN_INTEGER) { WOLFSSL_MSG("Tag doesn't indicate integer type."); err = 1; } /* Check that length and use this instead of inSz. */ if ((!err) && (GetLength(*in, &idx, &len, (word32)inSz) <= 0)) { WOLFSSL_MSG("ASN.1 length not valid."); err = 1; } /* Allocate a new ASN.1 INTEGER object. */ if ((!err) && ((ret = wolfSSL_ASN1_INTEGER_new()) == NULL)) { err = 1; } if ((!err) && (wolfssl_asn1_integer_require_len(ret, (int)idx + len, 0) != 1)) { err = 1; } if (!err) { /* Set type. */ ret->type = V_ASN1_INTEGER; /* Copy DER encoding and length. */ XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len)); ret->length = (int)idx + len; /* Do 2's complement if number is negative. */ if (wolfssl_asn1_int_twos_compl(ret->data, ret->length, &ret->negative) != 0) { err = 1; } } if ((!err) && ret->negative) { /* Update type if number was negative. */ ret->type |= V_ASN1_NEG_INTEGER; } if (err) { /* Dispose of dynamically allocated data on error. */ wolfSSL_ASN1_INTEGER_free(ret); ret = NULL; } else { if (a != NULL) { /* Return ASN.1 INTEGER through a. */ *a = ret; } *in += ret->length; } return ret; } #ifndef NO_BIO /* Get length of leading hexadecimal characters. * * Looks for continuation character before carriage returns and line feeds. * * @param [in] str String with input. * @param [in] len Length of string. * @param [out] cont Line continuation character at end of line before * carriage returns and line feeds. * @return Number of leading hexadecimal characters in string. */ static int wolfssl_a2i_asn1_integer_clear_to_eol(char* str, int len, int* cont) { byte num; word32 nLen; int i; /* Strip off trailing carriage returns and line feeds. */ while ((len > 0) && ((str[len - 1] == '\n') || (str[len - 1] == '\r'))) { len--; } /* Check for line continuation character. */ if ((len > 0) && (str[len - 1] == '\\')) { *cont = 1; len--; } else { *cont = 0; } /* Find end of hexadecimal characters. */ nLen = 1; for (i = 0; i < len; i++) { /* Check if character is a hexadecimal character. */ if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) == ASN_INPUT_E) { /* Found end of hexadecimal characters, return count. */ len = i; break; } } return len; } /* Read number from BIO as a string. * * Line continuation character at end of line means next line must be read. * * @param [in] bio BIO to read from. * @param [in] asn1 ASN.1 INTEGER object to put number into. * @param [in, out] buf Buffer to use when reading. * @param [in] size Length of buffer in bytes. * @return 1 on success. * @return 0 on failure. */ int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1, char *buf, int size) { int ret = 1; int readNextLine = 1; int len; word32 outLen = 0; const int hdrSz = 1 + MAX_LENGTH_SZ; WOLFSSL_ENTER("wolfSSL_a2i_ASN1_INTEGER"); if ((bio == NULL) || (asn1 == NULL) || (buf == NULL) || (size <= 0)) { WOLFSSL_MSG("Bad parameter"); ret = 0; } while ((ret == 1) && readNextLine) { int lineLen; /* Assume we won't be reading any more. */ readNextLine = 0; /* Read a line. */ lineLen = wolfSSL_BIO_gets(bio, buf, size); if (lineLen <= 0) { WOLFSSL_MSG("wolfSSL_BIO_gets error"); ret = 0; } if (ret == 1) { /* Find length of hexadecimal digits in string. */ lineLen = wolfssl_a2i_asn1_integer_clear_to_eol(buf, lineLen, &readNextLine); /* Check we have a valid hexadecimal string to process. */ if ((lineLen == 0) || ((lineLen % 2) != 0)) { WOLFSSL_MSG("Invalid line length"); ret = 0; } } if (ret == 1) { /* Calculate length of complete number so far. */ len = asn1->length + (lineLen / 2); /* Make sure enough space for number and maximum header. */ if (wolfssl_asn1_integer_require_len(asn1, len + hdrSz, outLen != 0) != 1) { ret = 0; } } if (ret == 1) { /* Decode string and append to data. */ outLen = (word32)(lineLen / 2); (void)Base16_Decode((byte*)buf, (word32)lineLen, asn1->data + asn1->length, &outLen); /* Update length of data. */ asn1->length += (int)outLen; } } if (ret == 1) { int idx; /* Get ASN.1 header length. */ idx = SetASNInt(asn1->length, asn1->data[0], NULL); /* Move data to be after ASN.1 header. */ XMEMMOVE(asn1->data + idx, asn1->data, (size_t)asn1->length); /* Encode ASN.1 header. */ SetASNInt(asn1->length, asn1->data[idx], asn1->data); /* Update length of data. */ asn1->length += idx; } return ret; } /* Write out number in ASN.1 INTEGER object to BIO as string. * * @param [in] bp BIO to write to. * @param [in] a ASN.1 INTEGER object. * @return Number of characters written on success. * @return 0 when bp or a is NULL. * @return 0 DER header in data is invalid. */ int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a) { int err = 0; word32 idx = 1; /* Skip ASN.1 INTEGER tag byte. */ int len = 0; byte buf[WOLFSSL_ASN1_INTEGER_MAX * 2 + 1]; word32 bufLen; WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER"); /* Validate parameters. */ if ((bp == NULL) || (a == NULL)) { err = 1; } if (!err) { /* Read DER length - must be at least 1 byte. */ if (GetLength(a->data, &idx, &len, (word32)a->length) <= 0) { err = 1; } } /* Keep encoding and writing while no error and bytes in data. */ while ((!err) && (idx < (word32)a->length)) { /* Number of bytes left to encode. */ int encLen = a->length - (int)idx; /* Reduce to maximum buffer size if necessary. */ if (encLen > (int)sizeof(buf) / 2) { encLen = (int)sizeof(buf) / 2; } /* Encode bytes from data into buffer. */ bufLen = (int)sizeof(buf); (void)Base16_Encode(a->data + idx, (word32)encLen, buf, &bufLen); /* Update index to next bytes to encoded. */ idx += (word32)encLen; /* Write out characters but not NUL char. */ if (wolfSSL_BIO_write(bp, buf, (int)bufLen - 1) != (int)(bufLen - 1)) { err = 1; } } if (err) { /* Return 0 on error. */ len = 0; } /* Return total number of characters written. */ return len * 2; } #endif /* !NO_BIO */ #ifndef NO_ASN /* Determine if a pad byte is required and its value for a number. * * Assumes values pointed to by pad and padVal are both 0. * * @param [in] data Number encoded as big-endian bytes. * @param [in] len Length of number in bytes. * @param [in, out] neg Indicates number is negative. * @param [out] pad Number of padding bytes required. * @param [out] padVal Padding byte to prepend. */ static void wolfssl_asn1_integer_pad(unsigned char* data, int len, unsigned char* neg, char* pad, unsigned char* padVal) { /* Check for empty data. */ if (len == 0) { *pad = 1; *padVal = 0x00; *neg = 0; } else { /* Get first, most significant, byte of encoded number. */ unsigned char firstByte = data[0]; /* 0 can't be negative. */ if ((len == 1) && (firstByte == 0x00)) { *neg = 0; } /* Positive value must not have top bit of first byte set. */ if ((!*neg) && (firstByte >= 0x80)) { *pad = 1; *padVal = 0x00; } /* Negative numbers are two's complemented. * Two's complement value must have top bit set. */ else if (*neg && (firstByte > 0x80)) { *pad = 1; *padVal = 0xff; } /* Checking for: 0x80[00]* * when negative that when two's complemented will be: 0x80[00]* * and therefore doesn't require pad byte. */ else if (*neg && (firstByte == 0x80)) { int i; /* Check rest of bytes. */ for (i = 1; i < len; i++) { if (data[i] != 0x00) { /* Not 0x80[00]* */ *pad = 1; *padVal = 0xff; break; } } } } } /* Convert ASN.1 INTEGER object into content octets. * * TODO: compatibility with OpenSSL? OpenSSL assumes data not DER encoded. * * When pp points to a buffer, on success pp will point to after the encoded * data. * * @param [in] a ASN.1 INTEGER object. * @param [in, out] pp Pointer to buffer. May be NULL. Cannot point to NULL. * @return Length of encoding on success. * @return 0 when a is NULL, pp points to NULL or DER length encoding invalid. */ int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) { int err = 0; int len = 0; char pad = 0; unsigned char padVal = 0; word32 idx = 1; WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER"); /* Validate parameters. */ if ((a == NULL) || ((pp != NULL) && (*pp == NULL))) { err = 1; } /* Get length from DER encoding. */ if ((!err) && (GetLength_ex(a->data, &idx, &len, a->dataMax, 0) < 0)) { err = 1; } if (!err) { /* Determine pad length and value. */ wolfssl_asn1_integer_pad(a->data + idx, len, &a->negative, &pad, &padVal); /* Total encoded length is number length plus one when padding. */ len += (int)pad; } /* Check buffer supplied to write into. */ if ((!err) && (pp != NULL)) { /* Put in any pad byte. */ if (pad) { (*pp)[0] = padVal; } /* Copy remaining bytes into output buffer. */ XMEMCPY(*pp + pad, a->data + idx, (size_t)(len - pad)); /* Two's complement copied bytes when negative. */ if (a->negative) { wolfssl_twos_compl(*pp + pad, len - pad); } /* Move pointer past encoded data. */ *pp += len; } return len; } /* Make a big number with the value in the ASN.1 INTEGER object. * * A new big number object is allocated when bn is NULL. * * @param [in] ai ASN.1 INTEGER object. * @param [in] bn Big number object. May be NULL. * @return Big number object on success. * @return NULL when ai is NULL or converting from binary fails. */ WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai, WOLFSSL_BIGNUM *bn) { int err = 0; word32 idx = 1; int len = 0; WOLFSSL_BIGNUM* ret = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN"); /* Validate parameters. */ if (ai == NULL) { err = 1; } if (!err) { /* Get the length of ASN.1 INTEGER number. */ if ((ai->data[0] != ASN_INTEGER) || (GetLength(ai->data, &idx, &len, (word32)ai->length) <= 0)) { #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) idx = 0; len = ai->length; #else WOLFSSL_MSG("Data in WOLFSSL_ASN1_INTEGER not DER encoded"); err = 1; #endif } } if (!err) { /* Convert binary to big number. */ ret = wolfSSL_BN_bin2bn(ai->data + idx, len, bn); if (ret != NULL) { /* Handle negative. */ (void)wolfssl_bn_set_neg(ret, ai->negative); } } return ret; } #endif /* !NO_ASN */ /* Create an ASN.1 INTEGER object from big number. * * Allocates a new ASN.1 INTEGER object when ai is NULL. * * @param [in] bn Big number to encode. * @param [in] ai ASN.1 INTEGER object. May be NULL. * @return ASN.1 INTEGER object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai) { int err = 0; WOLFSSL_ASN1_INTEGER* a = NULL; int len = 0; int numBits = 0; byte firstByte = 0; WOLFSSL_ENTER("wolfSSL_BN_to_ASN1_INTEGER"); /* Validate parameters. */ if (bn == NULL) { err = 1; } /* Use ASN.1 INTEGER object if provided. */ else if (ai != NULL) { a = ai; } /* Create an ASN.1 INTEGER object to return. */ else { a = wolfSSL_ASN1_INTEGER_new(); if (a == NULL) { err = 1; } } /* Check we have an ASN.1 INTEGER object to set. */ if (!err) { int length; /* Set type and negative. */ a->type = V_ASN1_INTEGER; if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) { a->negative = 1; a->type |= V_ASN1_NEG_INTEGER; } /* Get length in bytes of encoded number. */ len = wolfSSL_BN_num_bytes(bn); if (len == 0) { len = 1; } /* Get length in bits of encoded number. */ numBits = wolfSSL_BN_num_bits(bn); /* Leading zero required if most-significant byte has top bit set. */ if ((numBits > 0) && (numBits % 8) == 0) { firstByte = 0x80; } /* Get length of header based on length of number. */ length = SetASNInt(len, firstByte, NULL); /* Add number of bytes to encode number. */ length += len; /* Update data field to handle length. */ if (wolfssl_asn1_integer_require_len(a, length, 0) != 1) { err = 1; } } if (!err) { /* Write ASN.1 header. */ int idx = SetASNInt(len, firstByte, a->data); /* Populate data. */ if (numBits == 0) { a->data[idx] = 0; } else { /* Add encoded number. */ len = wolfSSL_BN_bn2bin(bn, a->data + idx); if (len < 0) { err = 1; } } /* Set length to encoded length. */ a->length = idx + len; } if (err) { /* Can't use ASN.1 INTEGER object. */ if (a != ai) { wolfSSL_ASN1_INTEGER_free(a); } a = NULL; } return a; } /* Get the value of the ASN.1 INTEGER as a long. * * Returning 0 on NULL and -1 on error is consistent with OpenSSL. * * @param [in] a ASN.1 INTEGER object. * @return Value as a long. * @return 0 when a is NULL. * @return -1 when a big number operation fails. */ long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a) { long ret = 1; WOLFSSL_BIGNUM* bn = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_get"); /* Validate parameter. */ if (a == NULL) { ret = 0; } if (ret > 0) { /* Create a big number from the DER encoding. */ bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL); if (bn == NULL) { ret = -1; } } if (ret > 0) { /* Get the big number as a word. */ ret = (long)wolfSSL_BN_get_word(bn); /* Negate number of ASN.1 INTEGER was negative. */ if (a->negative == 1) { ret = -ret; } } /* Dispose of big number as no longer needed. */ if (bn != NULL) { wolfSSL_BN_free(bn); } WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_get", (int)ret); return ret; } /* Sets the value of the ASN.1 INTEGER object to the long value. * * @param [in, out] a ASN.1 INTEGER object. * @param [in] v Value to set. * @return 1 on success. * @return 0 when a is NULL. */ int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v) { int ret = 1; /* Validate parameters. */ if (a == NULL) { ret = 0; } if (ret == 1) { byte j; unsigned int i = 0; byte tmp[sizeof(long)]; byte pad = 0; wolfssl_asn1_integer_reset_data(a); /* Check for negative. */ if (v < 0) { /* Set negative and 2's complement the value. */ a->negative = 1; a->type |= V_ASN1_NEG; v = -v; } /* Put value into temporary buffer - at least one byte encoded. */ tmp[0] = (byte)(v & 0xff); v >>= 8; for (j = 1; j < (byte)sizeof(long); j++) { if (v == 0) { break; } tmp[j] = (byte)(v & 0xff); v >>= 8; } /* Pad with 0x00 to indicate positive number when top bit set. */ if ((!a->negative) && (tmp[j-1] & 0x80)) { pad = 1; } /* Set tag. */ a->data[i++] = ASN_INTEGER; /* Set length of encoded value. */ a->data[i++] = pad + j; /* Set length of DER encoding. +2 for tag and length */ a->length = 2 + pad + j; /* Add pad byte if required. */ if (pad == 1) { a->data[i++] = 0; } /* Copy in data. */ for (; j > 0; j--) { a->data[i++] = tmp[j-1]; } } return ret; } #endif /* OPENSSL_EXTRA */ /******************************************************************************* * ASN1_OBJECT APIs ******************************************************************************/ #if !defined(NO_ASN) #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Create a new ASN.1 OBJECT_ID object. * * @return ASN.1 OBJECT_ID object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) { WOLFSSL_ASN1_OBJECT* obj; /* Allocate memory for new ASN.1 OBJECT. */ obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, DYNAMIC_TYPE_ASN1); if (obj != NULL) { XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); /* Setup pointers. */ obj->d.ia5 = &(obj->d.ia5_internal); #if defined(OPENSSL_ALL) obj->d.iPAddress = &(obj->d.iPAddress_internal); #endif /* Object was allocated. */ obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; } return obj; } /* Dispose of any ASN.1 OBJECT_ID dynamically allocated data. * * Do not use obj after calling this function. * * @param [in, out] obj ASN.1 OBJECT_ID object. */ void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) { if (obj != NULL) { /* Check for dynamically allocated copy of encoded data. */ if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) { #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_MSG("Freeing ASN1 data"); #endif XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); obj->obj = NULL; } #if defined(OPENSSL_EXTRA) /* Check for path length ASN.1 INTEGER - X.509 extension. */ if (obj->pathlen != NULL) { wolfSSL_ASN1_INTEGER_free(obj->pathlen); obj->pathlen = NULL; } #endif /* Check whether object was dynamically allocated. */ if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_MSG("Freeing ASN1 OBJECT"); #endif XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); } } } /* Duplicate the ASN.1 OBJECT_ID object. * * @param [in] obj ASN.1 OBJECT_ID object to copy. * @return New ASN.1 OBJECT_ID object on success. * @return NULL when obj is NULL or dynamic memory allocation fails. */ WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj) { WOLFSSL_ASN1_OBJECT* dupl = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_OBJECT_dup"); /* Validate parameter. */ if (obj == NULL) { WOLFSSL_MSG("Bad parameter"); } /* Create a new ASN.1 OBJECT_ID object to return. */ else if ((dupl = wolfSSL_ASN1_OBJECT_new()) == NULL) { WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error"); } if (dupl != NULL) { /* Copy short name. */ XMEMCPY(dupl->sName, obj->sName, WOLFSSL_MAX_SNAME); /* Copy simple fields. */ dupl->type = obj->type; dupl->grp = obj->grp; dupl->nid = obj->nid; dupl->objSz = obj->objSz; #ifdef OPENSSL_EXTRA dupl->ca = obj->ca; #endif /* Check for encoding. */ if (obj->obj) { /* Allocate memory for ASN.1 OBJECT_ID DER encoding. */ dupl->obj = (const unsigned char*)XMALLOC(obj->objSz, NULL, DYNAMIC_TYPE_ASN1); if (dupl->obj == NULL) { WOLFSSL_MSG("ASN1 obj malloc error"); wolfSSL_ASN1_OBJECT_free(dupl); dupl = NULL; } else { /* Encoding buffer was dynamically allocated. */ dupl->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; /* Copy DER encoding. */ XMEMCPY((byte*)dupl->obj, obj->obj, obj->objSz); } } } return dupl; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #endif /* !NO_ASN */ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /** * Parse DER encoding and return header information. * * *in is moved to the value of the ASN1 object * * @param [in, out] in Pointer to BER encoded data. * @param [out] len Length of parsed ASN1 object * @param [out] tag Tag value of parsed ASN1 object * @param [out] cls Class of parsed ASN1 object * @param [in] inLen Length of *in buffer * @return int Depends on which bits are set in the returned int: * 0x80 an error occurred during parsing. * 0x20 parsed object is constructed. * 0x01 the parsed object length is indefinite. */ int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag, int *cls, long inLen) { int err = 0; word32 inOutIdx = 0; int l = 0; byte t = 0; int ret = 0x80; WOLFSSL_ENTER("wolfSSL_ASN1_get_object"); if ((in == NULL) || (*in == NULL) || (len == NULL) || (tag == NULL) || (cls == NULL) || (inLen <= 0)) { WOLFSSL_MSG("Bad parameter"); err = 1; } if (!err) { /* Length at least 1, parameters valid - cannot fail to get tag. */ GetASNTag(*in, &inOutIdx, &t, (word32)inLen); /* Get length in DER encoding. */ if (GetLength_ex(*in, &inOutIdx, &l, (word32)inLen, 0) < 0) { WOLFSSL_MSG("GetLength error"); err = 1; } } if (!err) { /* Return header information. */ *tag = t & ASN_TYPE_MASK; /* Tag number is 5 lsb */ *cls = t & ASN_CLASS_MASK; /* Class is 2 msb */ *len = l; ret = t & ASN_CONSTRUCTED; if (l > (int)(inLen - inOutIdx)) { /* Still return other values but indicate error in msb */ ret |= 0x80; } /* Move pointer to after DER header. */ *in += inOutIdx; } return ret; } /* Creates and ASN.1 OBJECT_ID object from DER encoding. * * @param [out] a Pointer to return new ASN.1 OBJECT_ID through. * @param [in, out] der Pointer to buffer holding DER encoding. * @param [in] length Length of DER encoding in bytes. * @return New ASN.1 OBJECT_ID object on success. * @return NULL when der or *der is NULL or length is less than or equal zero. * @return NULL when not an OBJECT_ID or decoding fails. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **der, long length) { WOLFSSL_ASN1_OBJECT* ret = NULL; int err = 0; const unsigned char *d; long len = 0; int tag = 0; int cls; WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT"); /* Validate parameters. */ if ((der == NULL) || (*der == NULL) || (length <= 0)) { WOLFSSL_MSG("Bad parameter"); err = 1; } if (!err) { /* Get pointer to be modified along the way. */ d = *der; /* Move d to value and get length and tag. */ if (wolfSSL_ASN1_get_object(&d, &len, &tag, &cls, length) & 0x80) { WOLFSSL_MSG("wolfSSL_ASN1_get_object error"); err = 1; } } /* Check it DER encoding is of an OBJECT_ID. */ if ((!err) && (tag != ASN_OBJECT_ID)) { WOLFSSL_MSG("Not an ASN object"); err = 1; } /* Create an ASN.1 OBJECT_ID_object from value. TODO: not DER encoding? */ if ((!err) && ((ret = wolfSSL_c2i_ASN1_OBJECT(a, &d, len)) != NULL)) { /* Update pointer to after decoded bytes. */ *der = d; } return ret; } /* Write out DER encoding of ASN.1 OBJECT_ID. * * When pp is NULL, length is returned. * When pp points to NULL, a new buffer is allocated and returned through pp. * When pp points to a buffer, it is moved on past encoded data on success. * * @param [in] a ASN.1 OBJECT_ID object. * @param [in, out] pp Pointer to buffer to write to. May be NULL. * @return Length of encoding on success. * @return 0 when a or encoding buffer is NULL. * @return 0 when dynamic memory allocation fails. */ int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp) { int len = 0; WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OBJECT"); /* Validate parameters */ if ((a == NULL) || (a->obj == NULL)) { WOLFSSL_MSG("Bad parameters"); } /* Only return length when no pointer supplied. */ else if (pp == NULL) { len = (int)a->objSz; } else { byte *p = NULL; /* Check if we have a buffer to encode into. */ if (*pp == NULL) { /* Allocate a new buffer to return. */ p = (byte*)XMALLOC(a->objSz, NULL, DYNAMIC_TYPE_OPENSSL); if (p == NULL) { WOLFSSL_MSG("Bad malloc"); } else { /* Return allocated buffer. */ *pp = p; } } /* Check we have a buffer to encode into. */ if (*pp != NULL) { /* Copy in DER encoding. */ XMEMCPY(*pp, a->obj, a->objSz); /* Move on pointer if user supplied. */ if (p == NULL) { *pp += a->objSz; } /* Return length of DER encoding. */ len = (int)a->objSz; } } return len; } /* Create an ASN.1 OBJECT_ID object from the content octets. * * @param [out] a Pointer to return ASN.1 OBJECT_ID object. * @param [in, out] pp Pointer to buffer holding content octets. * @param [in] len Length of content octets in bytes. * @return New ASN.1 OBJECT_ID object on success. * @return NULL when pp or *pp is NULL or length is less than or equal zero. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a, const unsigned char **pp, long len) { int err = 0; WOLFSSL_ASN1_OBJECT* ret = NULL; WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT"); /* Validate parameters. */ if ((pp == NULL) || (*pp == NULL) || (len <= 0)) { WOLFSSL_MSG("Bad parameter"); err = 1; } /* Create a new ASN.1 OBJECT_ID object. */ if ((!err) && ((ret = wolfSSL_ASN1_OBJECT_new()) == NULL)) { WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error"); err = 1; } if (!err) { /* Allocate memory for content octets. */ ret->obj = (const unsigned char*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1); if (ret->obj == NULL) { WOLFSSL_MSG("error allocating asn data memory"); wolfSSL_ASN1_OBJECT_free(ret); ret = NULL; err = 1; } } if (!err) { /* Content octets buffer was dynamically allocated. */ ret->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA; /* Copy in content octets and set size. */ XMEMCPY((byte*)ret->obj, *pp, (size_t)len); ret->objSz = (unsigned int)len; /* Move pointer to after data copied out. */ *pp += len; /* Return ASN.1 OBJECT_ID object through a if required. */ if (a != NULL) { *a = ret; } } return ret; } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #ifdef OPENSSL_EXTRA /* Write at most buf_len bytes of textual representation of ASN.1 OBJECT_ID. * * @param [in, out] buf Buffer to write to. * @param [in] buf_len Length of buffer in bytes. * @param [in] a ASN.1 OBJECT_ID object. * @return Number of bytes written on success. * @return 0 on failure. */ int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) { WOLFSSL_ENTER("wolfSSL_i2t_ASN1_OBJECT"); return wolfSSL_OBJ_obj2txt(buf, buf_len, a, 0); } #ifndef NO_BIO /* Write out the text encoding of the ASN.1 OBJECT_ID. * * @param [in] bp BIO to write to. * @param [in] a ASN.1 OBJECT_ID object. * @return Number of bytes written on success. * @return 0 on failure. */ int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a) { int length = 0; int cLen = 0; word32 idx = 0; const char null_str[] = "NULL"; const char invalid_str[] = ""; char buf[80]; WOLFSSL_ENTER("wolfSSL_i2a_ASN1_OBJECT"); /* Validate parameters. */ if (bp == NULL) { /* Do nothing. */ } /* NULL object is written as "NULL". */ else if (a == NULL) { /* Write "NULL" - as done in OpenSSL. */ length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str)); } /* Try getting text version and write it out. */ else if ((length = i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) { length = wolfSSL_BIO_write(bp, buf, length); } /* Look for DER header. */ else if ((a->obj == NULL) || (a->obj[idx++] != ASN_OBJECT_ID)) { WOLFSSL_MSG("Bad ASN1 Object"); } /* Get length from DER header. */ else if (GetLength((const byte*)a->obj, &idx, &cLen, a->objSz) < 0) { length = 0; } else { /* Write out "" and dump content. */ length = wolfSSL_BIO_write(bp, invalid_str, (int)XSTRLEN(invalid_str)); length += wolfSSL_BIO_dump(bp, (const char*)(a->obj + idx), cLen); } return length; } #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ /******************************************************************************* * ASN1_SK_OBJECT APIs ******************************************************************************/ #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && !defined(NO_ASN) /* Create a new WOLFSSL_ASN1_OBJECT stack. * * @return New WOLFSSL_ASN1_OBJECT stack on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void) { WOLFSSL_ENTER("wolfSSL_sk_new_asn1_obj"); return wolfssl_sk_new_type(STACK_TYPE_OBJ); } /* Dispose of WOLFSL_ASN1_OBJECT stack. * * @param [in, out] sk Stack to free nodes in. */ void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { /* Dispose of stack. */ wolfSSL_sk_free(sk); } /* Dispose of all ASN.1 OBJECT_ID objects in ASN1_OBJECT stack. * * This is different then wolfSSL_ASN1_OBJECT_free in that it allows for * choosing the function to use when freeing an ASN1_OBJECT stack. * * @param [in, out] sk ASN.1 OBJECT_ID stack to free. * @param [in] f Free function to apply to each ASN.1 OBJECT_ID object. */ void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, void (*f) (WOLFSSL_ASN1_OBJECT*)) { WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_pop_free"); wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f); } /* Push a WOLFSSL_ASN1_OBJECT onto stack. * * @param [in, out] sk ASN.1 OBJECT_ID stack. * @param [in] obj ASN.1 OBJECT_ID object to push on. Cannot be NULL. * @return 1 on success. * @return 0 when sk or obj is NULL. * @return 0 when dynamic memory allocation fails. */ int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, WOLFSSL_ASN1_OBJECT* obj) { int ret = 0; WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push"); /* Push on when we have a stack and object to work with. */ if ((sk != NULL) && (obj != NULL)) { ret = wolfSSL_sk_push(sk, obj); } return ret; } /* Pop off a WOLFSSL_ASN1_OBJECT from the stack. * * @param [in, out] sk ASN.1 OBJECT_ID stack. * @return ASN.1 OBJECT_ID object on success. * @return NULL when stack is NULL or no nodes left in stack. */ WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop( WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) { return (WOLFSSL_ASN1_OBJECT*)wolfssl_sk_pop_type(sk, STACK_TYPE_OBJ); } #endif /* (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) && !NO_ASN */ /******************************************************************************* * ASN1_STRING APIs ******************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Create a new ASN.1 STRING object. * * @return New ASN.1 STRING object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void) { WOLFSSL_ASN1_STRING* asn1; #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new"); #endif asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL, DYNAMIC_TYPE_OPENSSL); if (asn1 != NULL) { XMEMSET(asn1, 0, sizeof(WOLFSSL_ASN1_STRING)); } return asn1; } /* Create a new ASN.1 STRING object. * * @param [in] type Encoding type. * @return New ASN.1 STRING object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type) { WOLFSSL_ASN1_STRING* asn1; #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new"); #endif asn1 = wolfSSL_ASN1_STRING_new(); if (asn1 != NULL) { asn1->type = type; } return asn1; } /* Dispose of ASN.1 STRING object. * * @param [in, out] asn1 ASN.1 STRING object. */ void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1) { #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free"); #endif /* Check we have an object to free. */ if (asn1 != NULL) { /* Dispose of dynamic data. */ if ((asn1->length > 0) && asn1->isDynamic) { XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); } } /* Dispose of ASN.1 STRING object. */ XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL); } /* Copy an ASN.1 STRING object from src into dest. * * @param [in, out] dest ASN.1 STRING object to copy into. * @param [in] src ASN.1 STRING object to copy from. */ int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dest, const WOLFSSL_ASN1_STRING* src) { int ret = 1; /* Validate parameters. */ if ((src == NULL) || (dest == NULL)) { ret = 0; } /* Set the DER encoding. */ if ((ret == 1) && (wolfSSL_ASN1_STRING_set(dest, src->data, src->length) != 1)) { ret = 0; } if (ret == 1) { /* Copy simple fields. */ dest->type = src->type; dest->flags = src->flags; } return ret; } /* Duplicate an ASN.1 STRING object. * * @param [in] asn1 ASN.1 STRING object to duplicate. * @return New ASN.1 STRING object on success. * @return NULL when asn1 is NULL or dynamic memory allocation fails. */ WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1) { WOLFSSL_ASN1_STRING* dupl = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_STRING_dup"); /* Check we have an object to duplicate. */ if (asn1 == NULL) { WOLFSSL_MSG("Bad parameter"); } else { /* Create a new ASN.1 STRING object. */ dupl = wolfSSL_ASN1_STRING_new(); if (dupl == NULL) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_new error"); } } if (dupl != NULL) { /* Copy the contents. */ if (wolfSSL_ASN1_STRING_copy(dupl, asn1) != 1) { WOLFSSL_MSG("wolfSSL_ASN1_STRING_copy error"); /* Dispose of duplicate and return NULL. */ wolfSSL_ASN1_STRING_free(dupl); dupl = NULL; } } return dupl; } /* Compare two ASN.1 STRING objects. * * Compares type when data the same. * * @param [in] a First ASN.1 STRING object. * @param [in] b Second ASN.1 STRING object. * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. * @return -1 when a or b is NULL. */ int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a, const WOLFSSL_ASN1_STRING *b) { int ret; WOLFSSL_ENTER("wolfSSL_ASN1_STRING_cmp"); /* Validate parameters. */ if ((a == NULL) || (b == NULL)) { ret = -1; } /* Compare length of data. */ else if (a->length != b->length) { ret = a->length - b->length; } /* Compare data. */ else if ((ret = XMEMCMP(a->data, b->data, (size_t)a->length)) == 0) { /* Compare ASN.1 types - wolfSSL_ASN1_STRING_type_new(). */ ret = a->type - b->type; } return ret; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) #if !defined(NO_CERTS) #ifndef NO_WOLFSSL_STUB WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn, const unsigned char **in, long len) { WOLFSSL_STUB("d2i_DISPLAYTEXT"); (void)asn; (void)in; (void)len; return NULL; } #endif #endif /* !NO_CERTS */ #endif /* OPENSSL_EXTRA */ #ifndef NO_ASN #if defined(OPENSSL_EXTRA) /* Convert ASN.1 STRING that is UniversalString type to PrintableString type. * * @param [in, out] s ASN.1 STRING object to convert. * @return 1 on success. * @return 0 when s is NULL. * @return 0 when type is not UniversalString or string is not of that format. */ int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s) { int ret = 1; char* p; WOLFSSL_ENTER("wolfSSL_ASN1_UNIVERSALSTRING_to_string"); /* Validate parameter. */ if (s == NULL) { WOLFSSL_MSG("Bad parameter"); ret = 0; } /* Check type of ASN.1 STRING. */ if ((ret == 1) && (s->type != V_ASN1_UNIVERSALSTRING)) { WOLFSSL_MSG("Input is not a universal string"); ret = 0; } /* Check length is indicative of UNIVERSAL_STRING. */ if ((ret == 1) && ((s->length % 4) != 0)) { WOLFSSL_MSG("Input string must be divisible by 4"); ret = 0; } if (ret == 1) { /* Ensure each UniversalString character looks right. */ for (p = s->data; p < s->data + s->length; p += 4) if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0')) break; /* Check whether we failed loop early. */ if (p != s->data + s->length) { WOLFSSL_MSG("Wrong string format"); ret = 0; } } if (ret == 1) { char* copy; /* Strip first three bytes of each four byte character. */ for (copy = p = s->data; p < s->data + s->length; p += 4) { *copy++ = p[3]; } /* Place NUL on end. */ *copy = '\0'; /* Update length and type. */ s->length /= 4; s->type = V_ASN1_PRINTABLESTRING; } return ret; } #endif /* OPENSSL_EXTRA */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Convert ASN.1 STRING to UTF8 encoding. * * Assumes stored encoding is UTF8. * Returned buffer should be freed using OPENSSL_free(). * * @param [out] out Pointer to return allocated string. * @param [in] asn1 ASN.1 STRING object. * @return Length of string, excluding NUL, on success. * @return -1 when out or asn1 is NULL. * @return -1 when no data to return. * @return -1 dynamic memory allocation fails. */ int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1) { unsigned char* buf = NULL; unsigned char* data = NULL; int len = -1; /* Validate parameters. */ if ((out != NULL) && (asn1 != NULL)) { /* Get data and length. */ data = wolfSSL_ASN1_STRING_data(asn1); len = wolfSSL_ASN1_STRING_length(asn1); /* Check data and length are usable. */ if ((data == NULL) || (len < 0)) { len = -1; } } if (len != -1) { /* Allocate buffer to hold string and NUL. */ buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL, DYNAMIC_TYPE_OPENSSL); if (buf == NULL) { len = -1; } } if (len != -1) { /* Copy in string - NUL always put on end of stored string. */ XMEMCPY(buf, data, (size_t)(len + 1)); /* Return buffer. */ *out = buf; } return len; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if defined(OPENSSL_EXTRA) /* Encode ASN.1 STRING data as hex digits separated by colon. * * Assumes length is greater than 0. * * @param [in] s ASN.1 STRING object. * @return Buffer containing string representation on success. * @return NULL when dynamic memory allocation fails. * @return NULL when encoding a character as hex fails. */ static char* wolfssl_asn1_string_to_hex_chars(const WOLFSSL_ASN1_STRING *s) { char* tmp; int tmpSz = s->length * 3; tmp = (char*)XMALLOC((size_t)tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (tmp == NULL) { WOLFSSL_MSG("Memory Error"); } else { int i; unsigned char* str = (unsigned char*)s->data; /* Put out all but last character as a hex digit with ':'. */ for (i = 0; i < s->length; i++) { /* Put in hex digit string at end of tmp. */ ByteToHexStr(str[i], tmp + i * 3); /* Check not last character. */ if (i < s->length - 1) { /* Put in separator: ':'. */ tmp[i * 3 + 2] = ':'; } /* Last character. */ else { /* Put in NUL to terminate string. */ tmp[i * 3 + 2] = '\0'; } } } return tmp; } /* Create a string encoding of ASN.1 STRING object. * * @param [in] method Method table. Unused. * @param [in] s ASN.1 STRING object. * @return Buffer containing string representation on success. * @return NULL when s or data is NULL. * @return NULL when dynamic memory allocation fails. * @return NULL when encoding a character as hex fails. */ char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method, const WOLFSSL_ASN1_STRING *s) { char* ret = NULL; WOLFSSL_ENTER("wolfSSL_i2s_ASN1_STRING"); (void)method; /* Validate parameters. */ if ((s == NULL) || (s->data == NULL)) { WOLFSSL_MSG("Bad Function Argument"); } /* Handle 0 length data separately. */ else if (s->length == 0) { ret = (char *)XMALLOC(1, NULL, DYNAMIC_TYPE_TMP_BUFFER); if (ret != NULL) { ret[0] = '\0'; } } else { /* Convert unreadable strings to hexadecimal. */ ret = wolfssl_asn1_string_to_hex_chars(s); } return ret; } #endif /* OPENSSL_EXTRA */ #endif /* NO_ASN */ #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) /* Get the type of encoding. * * @param [in] asn1 ASN.1 STRING object. * @return Encoding type on success. * @return 0 when asn1 is NULL or no encoding set. */ int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1) { int type = 0; #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type"); #endif if (asn1 != NULL) { type = asn1->type; } return type; } #ifndef NO_CERTS /* Get the pointer that is the data. * * @param [in] asn ASN.1 STRING object. * @return Buffer with string on success. * @return NULL when asn is NULL or no data set. */ const unsigned char* wolfSSL_ASN1_STRING_get0_data( const WOLFSSL_ASN1_STRING* asn) { char* data = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_STRING_get0_data"); if (asn != NULL) { data = asn->data; } return (const unsigned char*)data; } /* Get the pointer that is the data. * * @param [in] asn ASN.1 STRING object. * @return Buffer with string on success. * @return NULL when asn is NULL or no data set. */ unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn) { char* data = NULL; #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data"); #endif if (asn != NULL) { data = asn->data; } return (unsigned char*)data; } /* Get the length of the data. * * @param [in] asn ASN.1 STRING object. * @return String length on success. * @return 0 when asn is NULL or no data set. */ int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn) { int len = 0; #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length"); #endif if (asn) { len = asn->length; } return len; } #endif /* !NO_CERTS */ /* Set the string data. * * When sz is less than 0, the string length will be calculated using XSTRLEN. * * @param [in, out] asn1 ASN.1 STRING object. * @param [in] data String data to set. * @param [in] sz Length of data to set in bytes. * @return 1 on success. * @return 0 when asn1 is NULL or data is NULL and sz is not zero. * @return 0 when dynamic memory allocation fails. */ int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int sz) { int ret = 1; #ifdef WOLFSSL_DEBUG_OPENSSL WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set"); #endif /* Validate parameters. */ if ((asn1 == NULL) || ((data == NULL) && (sz != 0))) { ret = 0; } /* Calculate size from data if not passed in. */ if ((ret == 1) && (sz < 0)) { sz = (int)XSTRLEN((const char*)data); if (sz < 0) { ret = 0; } } if (ret == 1) { /* Dispose of any existing dynamic data. */ if (asn1->isDynamic) { XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); asn1->data = NULL; } /* Check string will fit - including NUL. */ if (sz + 1 > CTC_NAME_SIZE) { /* Allocate new buffer. */ asn1->data = (char*)XMALLOC((size_t)(sz + 1), NULL, DYNAMIC_TYPE_OPENSSL); if (asn1->data == NULL) { ret = 0; } else { /* Ensure buffer will be freed. */ asn1->isDynamic = 1; } } else { /* Clear out fixed array and use it for data. */ XMEMSET(asn1->strData, 0, CTC_NAME_SIZE); asn1->data = asn1->strData; asn1->isDynamic = 0; } } if (ret == 1) { /* Check if there is a string to copy. */ if (data != NULL) { /* Copy string and append NUL. */ XMEMCPY(asn1->data, data, (size_t)sz); asn1->data[sz] = '\0'; } /* Set size of string. */ asn1->length = sz; } return ret; } #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ !defined(WOLFCRYPT_ONLY) #ifndef NO_CERTS /* Make a UTF8 canonical version of ASN.1 STRING object's data. * * @param [in, out] asn ASN.1 STRING to set. */ static void wolfssl_asn1_string_canonicalize(WOLFSSL_ASN1_STRING* asn) { char* src = asn->data; char* p = asn->data + asn->length - 1; int len = asn->length; int i; /* Trim whitespace from the tail. */ for (; (len > 0) && (XISSPACE((unsigned char)*p)); len--) { p--; } if (len > 0) { /* Trim whitespace from the head. */ for (; XISSPACE((unsigned char)*src); len--) { src++; } } /* Output at the start. */ p = asn->data; /* Process each character in string after trim. */ for (i = 0; i < len; p++, i++) { /* Check for non-ascii character. */ if (!XISASCII(*src)) { /* Keep non-ascii character as-is. */ *p = *src++; } /* Check for whitespace. */ else if (XISSPACE((unsigned char)*src)) { /* Only use space character for whitespace. */ *p = 0x20; /* Skip any succeeding whitespace characters. */ while (XISSPACE((unsigned char)*++src)) { i++; } } else { /* Convert to lower case. */ *p = (char)XTOLOWER((unsigned char)*src++); } } /* Set actual length after canonicalization. */ asn->length = (int)(p - asn->data); } /* Make a canonical version of ASN.1 STRING object in ASN.1 STRING object. * * @param [in, out] asn_out ASN.1 STRING object to set. * @param [in] asn_in ASN.1 STRING object to get data from. * @return 1 on success. * @return BAD_FUNC_ARG when asn_out or asn_in is NULL. * @return 0 when no data. * @return 0 when dynamic memory allocation fails. */ int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out, const WOLFSSL_ASN1_STRING* asn_in) { int ret = 1; WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon"); /* Validate parameters. */ if ((asn_out == NULL) || (asn_in == NULL)) { WOLFSSL_MSG("invalid function arguments"); ret = BAD_FUNC_ARG; } if (ret == 1) { switch (asn_in->type) { case MBSTRING_UTF8: case V_ASN1_PRINTABLESTRING: /* Set type to UTF8. */ asn_out->type = MBSTRING_UTF8; /* Dispose of any dynamic data already in asn_out. */ if (asn_out->isDynamic) { XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL); asn_out->data = NULL; } /* Make ASN.1 STRING into UTF8 buffer. */ asn_out->length = wolfSSL_ASN1_STRING_to_UTF8( (unsigned char**)&asn_out->data, (WOLFSSL_ASN1_STRING*)asn_in); /* Check for error from creating UTF8 string. */ if (asn_out->length < 0) { ret = 0; } else { /* Data now dynamic after converting to UTF8. */ asn_out->isDynamic = 1; /* Canonicalize the data. */ wolfssl_asn1_string_canonicalize(asn_out); if (asn_out->length == 0) { /* Dispose of data if canonicalization removes all * characters. */ XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL); asn_out->data = NULL; asn_out->isDynamic = 0; } } break; default: /* Unrecognized format - just copy. */ WOLFSSL_MSG("just copy string"); ret = wolfSSL_ASN1_STRING_copy(asn_out, asn_in); } } return ret; } #endif /* !NO_CERTS */ #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && !WOLFCRYPT_ONLY */ #if defined(OPENSSL_EXTRA) #if !defined(NO_ASN) #ifndef NO_BIO /* Returns boolean indicating character is unprintable. * * @param [in] c ASCII character. * @return 1 when character is unprintable. * @return 0 when character is printable. */ static int wolfssl_unprintable_char(char c) { const unsigned char last_unprintable = 31; const unsigned char LF = 10; /* Line Feed */ const unsigned char CR = 13; /* Carriage Return */ return (c <= last_unprintable) && (c != LF) && (c != CR); } /* Print ASN.1 STRING to BIO. * * TODO: Unprintable characters conversion is destructive. * * @param [in] bio BIO to print to. * @param [in] str ASN.1 STRING to print. * @return Length of string written on success. * @return 0 when bio or str is NULL. * @return 0 when writing to BIO fails. */ int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str) { int len = 0; WOLFSSL_ENTER("wolfSSL_ASN1_STRING_print"); /* Validate parameters. */ if ((bio != NULL) && (str != NULL)) { int i; len = str->length; /* Convert all unprintable characters to '.'. */ for (i = 0; i < len; i++) { if (wolfssl_unprintable_char(str->data[i])) { str->data[i] = '.'; } } /* Write string to BIO. */ if (wolfSSL_BIO_write(bio, str->data, len) != len) { len = 0; } } return len; } #endif /* !NO_BIO */ #endif /* !NO_ASN */ /* Get a string for the ASN.1 tag. * * @param [in] tag ASN.1 tag. * @return A string. */ const char* wolfSSL_ASN1_tag2str(int tag) { static const char *const tag_label[31] = { "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED", "", "UTF8STRING", "", "", "", "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING", "", "BMPSTRING" }; const char* str = "(unknown)"; /* Clear negative flag. */ if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) { tag &= ~V_ASN1_NEG; } /* Check for known basic types. */ if ((tag >= 0) && (tag <= 30)) { str = tag_label[tag]; } return str; } #ifndef NO_BIO /* Print out ASN.1 tag for the ASN.1 STRING to the BIO. * * @param [in] bio BIO to write to. * @param [in] str ASN.1 STRING object. * @return Number of characters written on success. * @return 0 when BIO write fails. */ static int wolfssl_string_print_type(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str) { int type_len; const char *tag; /* Get tag and string length. */ tag = wolfSSL_ASN1_tag2str(str->type); type_len = (int)XSTRLEN(tag); /* Write tag to BIO. */ if (wolfSSL_BIO_write(bio, tag, type_len) != type_len){ type_len = 0; } /* Write colon after tag string. */ else if (wolfSSL_BIO_write(bio, ":", 1) != 1) { type_len = 0; } else { /* Written colon - update count. */ type_len++; } return type_len; } /* Dump hex digit representation of each string character to BIO. * * TODO: Assumes length is only one byte ie less than 128 characters long. * * @param [in] bio BIO to write to. * @param [in] str ASN.1 STRING object. * @param [in] asDer Whether to write out as a DER encoding. * @return Number of characters written to BIO on success. * @return -1 when writing to BIO fails. */ static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, int asDer) { const char* hash="#"; char hex_tmp[4]; int str_len = 1; /* Write out hash character to indicate hex string. */ if (wolfSSL_BIO_write(bio, hash, 1) != 1) { str_len = -1; } else { /* Check if we are to write out DER header. */ if (asDer) { /* Encode tag and length as hex into temporary. */ ByteToHexStr((byte)str->type, &hex_tmp[0]); ByteToHexStr((byte)str->length, &hex_tmp[2]); /* Update count of written characters: tag and length. */ str_len += 4; /* Write out tag and length as hex digits. */ if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) { str_len = -1; } } } if (str_len != -1) { char* p; char* end; /* Calculate end of string. */ end = str->data + str->length - 1; for (p = str->data; p <= end; p++) { /* Encode string character as hex into temporary. */ ByteToHexStr((byte)*p, hex_tmp); /* Update count of written characters. */ str_len += 2; /* Write out character as hex digites. */ if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) { str_len = -1; break; } } } return str_len; } /* Check whether character needs to be escaped. * * @param [in] c Character to check for. * @param [in] str String to check. * @return 1 when character found. * @return 0 when character not found. */ static int wolfssl_check_esc_char(char c) { int ret = 0; const char esc_ch[] = "+;<>\\"; const char* p = esc_ch; /* Check if character matches any of those needing escaping. */ for (; (*p) != '\0'; p++) { /* Check if character matches escape character. */ if (c == (*p)) { ret = 1; break; } } return ret; } /* Print out string, with escaping for special characters, to BIO. * * @param [in] bio BIO to write to. * @param [in] str ASN.1 STRING object. * @return Number of characters written to BIO on success. * @return -1 when writing to BIO fails. */ static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str) { char* p; int str_len = 0; /* Write all of string character by character. */ for (p = str->data; (*p) != '\0'; p++) { /* Check if character needs escaping. */ if (wolfssl_check_esc_char(*p)){ /* Update count of written characters. */ str_len++; /* Write out escaping character. */ if (wolfSSL_BIO_write(bio,"\\", 1) != 1) { str_len = -1; break; } } /* Update count of written characters. */ str_len++; /* Write out character. */ if (wolfSSL_BIO_write(bio, p, 1) != 1) { str_len = -1; break; } } return str_len; } /* Extended print ASN.1 STRING to BIO. * * @param [in] bio BIO to print to. * @param [in] str ASN.1 STRING to print. * @param [in] flags Flags describing output format. * @return Length of string written on success. * @return 0 when bio or str is NULL. * @return 0 when writing to BIO fails. */ int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str, unsigned long flags) { int err = 0; int str_len = -1; int type_len = 0; WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex"); /* Validate parameters. */ if ((bio == NULL) || (str == NULL)) { err = 1; } /* Check if ASN.1 type is to be printed. */ if ((!err) && (flags & ASN1_STRFLGS_SHOW_TYPE)) { /* Print type and colon to BIO. */ type_len = wolfssl_string_print_type(bio, str); if (type_len == 0) { err = 1; } } if (!err) { if (flags & ASN1_STRFLGS_DUMP_ALL) { /* Dump hex. */ str_len = wolfssl_asn1_string_dump_hex(bio, str, flags & ASN1_STRFLGS_DUMP_DER); } else if (flags & ASN1_STRFLGS_ESC_2253) { /* Print out string with escaping. */ str_len = wolfssl_asn1_string_print_esc_2253(bio, str); } else { /* Get number of characters to write. */ str_len = str->length; /* Print out string as is. */ if (wolfSSL_BIO_write(bio, str->data, str_len) != str_len) { err = 1; } } } if ((!err) && (str_len != -1)) { /* Include any characters written for type. */ str_len += type_len; } else { str_len = 0; } return str_len; } #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ /******************************************************************************* * ASN1_GENERALIZEDTIME APIs ******************************************************************************/ #ifdef OPENSSL_EXTRA /* Free the static ASN.1 GENERALIZED TIME object. * * Not an OpenSSL compatibility API. * * @param [in] asn1Time ASN.1 GENERALIZED TIME object. */ void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) { WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free"); if (asn1Time != NULL) { XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data)); } } #ifndef NO_BIO /* Return the month as a string. * * Assumes n is '01'-'12'. * * @param [in] n The number of the month as a two characters (1 based). * @return Month as a string. */ static WC_INLINE const char* MonthStr(const char* n) { static const char monthStr[12][4] = { "Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" }; const char* month = "BAD"; int i; i = (n[0] - '0') * 10 + (n[1] - '0') - 1; /* Convert string to number and index table. */ if ((i >= 0) && (i < 12)) { month = monthStr[i]; } return month; } /* Print an ASN.1 GENERALIZED TIME to a BIO. * * @param [in] bio BIO to write to. * @param [in] asnTime ASN.1 GENERALIZED TIME object. * @return 1 on success. * @return 0 when ASN.1 GENERALIZED TIME type is invalid. * @return 0 when writing to BIO fails. * @return BAD_FUNC_ARG when bio or asnTime is NULL. */ int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime) { int ret = 1; const char* p = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_print"); /* Validate parameters. */ if ((bio == NULL) || (asnTime == NULL)) { ret = BAD_FUNC_ARG; } /* Check type is GENERALIZED TIME. */ if ((ret == 1) && (asnTime->type != V_ASN1_GENERALIZEDTIME)) { WOLFSSL_MSG("Error, not GENERALIZED_TIME"); ret = 0; } if (ret == 1) { /* Get the string. */ p = (const char *)(asnTime->data); /* Print month as a 3 letter string. */ if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) != 3) { ret = 0; } } /* Print space separator. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) { ret = 0; } /* Print day. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 6, 2) != 2)) { ret = 0; } /* Print space separator. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) { ret = 0; } /* Print hour. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 8, 2) != 2)) { ret = 0; } /* Print time separator - colon. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) { ret = 0; } /* Print minutes. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 10, 2) != 2)) { ret = 0; } /* Print time separator - colon. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) { ret = 0; } /* Print seconds. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 12, 2) != 2)) { ret = 0; } /* Print space separator. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) { ret = 0; } /* Print year. */ if ((ret == 1) && (wolfSSL_BIO_write(bio, p, 4) != 4)) { ret = 0; } return ret; } #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ /******************************************************************************* * ASN1_TIME APIs ******************************************************************************/ #ifndef NO_ASN_TIME #ifdef OPENSSL_EXTRA /* Allocate a new ASN.1 TIME object. * * @return New empty ASN.1 TIME object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void) { WOLFSSL_ASN1_TIME* ret; /* Allocate a new ASN.1 TYPE object. */ ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_OPENSSL); if (ret != NULL) { /* Clear out fields. */ XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME)); } return ret; } /* Dispose of ASN.1 TIME object. * * @param [in, out] t ASN.1 TIME object. */ void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t) { /* Dispose of ASN.1 TIME object. */ XFREE(t, NULL, DYNAMIC_TYPE_OPENSSL); } #ifndef NO_WOLFSSL_STUB /* Set the Unix time GMT into ASN.1 TIME object. * * Not implemented. * * @param [in, out] a ASN.1 TIME object. * @param [in] t Unix time GMT. * @return An ASN.1 TIME object. */ WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *a, time_t t) { WOLFSSL_STUB("wolfSSL_ASN1_TIME_set"); (void)a; (void)t; return a; } #endif /* !NO_WOLFSSL_STUB */ /* Convert time to Unix time (GMT). * * @param [in] sec Second in minute. 0-59. * @param [in] minute Minute in hour. 0-59. * @param [in] hour Hour in day. 0-23. * @param [in] mday Day of month. 1-31. * @param [in] mon Month of year. 0-11 * @param [in] year Year including century. ie: 1991, 2023, 2048. * @return Seconds since 00:00:00 01/01/1970 for the time passed in. */ static long long wolfssl_time_to_unix_time(int sec, int minute, int hour, int mday, int mon, int year) { /* Number of cumulative days from the previous months, starting from * beginning of January. */ static const int monthDaysCumulative [12] = { 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334 }; int leapDays = year; /* Leap day at end of February. */ if (mon <= 1) { --leapDays; } /* Calculate leap days. */ leapDays = leapDays / 4 - leapDays / 100 + leapDays / 400 - 1969 / 4 + 1969 / 100 - 1969 / 400; /* Calculate number of seconds. */ return ((((long long) (year - 1970) * 365 + leapDays + monthDaysCumulative[mon] + mday - 1) * 24 + hour) * 60 + minute) * 60 + sec; } /* Convert ASN.1 TIME object to Unix time (GMT). * * @param [in] t ASN.1 TIME object. * @param [out] secs Number of seconds since 00:00:00 01/01/1970. * @return 1 on success. * @return 0 when conversion of time fails. */ static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t, long long* secs) { int ret = 1; struct tm tm_s; struct tm *tmGmt = &tm_s; /* Convert ASN.1 TIME to broken-down time. NULL treated as current time. */ ret = wolfSSL_ASN1_TIME_to_tm(t, tmGmt); if (ret != 1) { WOLFSSL_MSG("Failed to convert from time to struct tm."); } else { /* We use wolfssl_time_to_unix_time here instead of XMKTIME to avoid the * Year 2038 problem on platforms where time_t is 32 bits. struct tm * stores the year as years since 1900, so we add 1900 to the year. */ *secs = wolfssl_time_to_unix_time(tmGmt->tm_sec, tmGmt->tm_min, tmGmt->tm_hour, tmGmt->tm_mday, tmGmt->tm_mon, tmGmt->tm_year + 1900); } return ret; } /* Calculate difference in time of two ASN.1 TIME objects. * * @param [out] days Number of whole days between from and to. * @param [out] secs Number of seconds less than a day between from and to. * @param [in] from ASN.1 TIME object as start time. * @param [in] to ASN.1 TIME object as end time. * @return 1 on success. * @return 0 when days or secs is NULL. * @return 0 when conversion of time fails. */ int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to) { int ret = 1; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff"); /* Validate parameters. */ if (days == NULL) { WOLFSSL_MSG("days is NULL"); ret = 0; } if ((ret == 1) && (secs == NULL)) { WOLFSSL_MSG("secs is NULL"); ret = 0; } if ((ret == 1) && ((from == NULL) && (to == NULL))) { *days = 0; *secs = 0; } else if (ret == 1) { const long long SECS_PER_DAY = 24 * 60 * 60; long long fromSecs; long long toSecs = 0; ret = wolfssl_asn1_time_to_secs(from, &fromSecs); if (ret == 1) { ret = wolfssl_asn1_time_to_secs(to, &toSecs); } if (ret == 1) { long long diffSecs = toSecs - fromSecs; *days = (int) (diffSecs / SECS_PER_DAY); *secs = (int) (diffSecs - ((long long)*days * SECS_PER_DAY)); } } return ret; } /* Compare two ASN.1 TIME objects by comparing time value. * * @param [in] a First ASN.1 TIME object. * @param [in] b Second ASN.1 TIME object. * @return Negative value when a is less than b. * @return 0 when a equals b. * @return Positive value when a is greater than b. * @return -2 when a or b is invalid. */ int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a, const WOLFSSL_ASN1_TIME *b) { int ret; int days; int secs; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_compare"); /* Calculate difference in time between a and b. */ if (wolfSSL_ASN1_TIME_diff(&days, &secs, a, b) != 1) { WOLFSSL_MSG("Failed to get time difference."); ret = -2; } else if (days == 0 && secs == 0) { /* a and b are the same time. */ ret = 0; } else if (days >= 0 && secs >= 0) { /* a is before b. */ ret = -1; } /* Assume wolfSSL_ASN1_TIME_diff creates coherent values. */ else { ret = 1; } WOLFSSL_LEAVE("wolfSSL_ASN1_TIME_compare", ret); return ret; } #if !defined(USER_TIME) && !defined(TIME_OVERRIDES) /* Adjust the time into an ASN.1 TIME object. * * @param [in] a ASN.1 TIME object. May be NULL. * @param [in] t Time to offset. * @param [in] offset_day Number of days to offset. May be negative. * @param [in] offset_sec Number of seconds to offset. May be negative. * @return ASN.1 TIME object on success. * @return NULL when formatting time fails. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* a, time_t t, int offset_day, long offset_sec) { WOLFSSL_ASN1_TIME* ret = NULL; const time_t sec_per_day = 24*60*60; int time_get; char time_str[MAX_TIME_STRING_SZ]; time_t offset_day_sec = offset_day * sec_per_day; time_t t_adj = t + offset_day_sec + offset_sec; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj"); /* Get time string as either UTC or GeneralizedTime. */ time_get = GetFormattedTime(&t_adj, (byte*)time_str, MAX_TIME_STRING_SZ); if (time_get > 0) { ret = a; if (ret == NULL) { ret = wolfSSL_ASN1_TIME_new(); } /* Set the string into the ASN.1 TIME object. */ if ((wolfSSL_ASN1_TIME_set_string(ret, time_str) != 1) && (ret != a)) { wolfSSL_ASN1_TIME_free(ret); ret = NULL; } } return ret; } #endif /* !USER_TIME && !TIME_OVERRIDES */ /* Get the length of the ASN.1 TIME data. * * Not an OpenSSL function - ASN1_TIME is not opaque. * * @param [in] t ASN.1 TIME object. * @return Length of data on success. * @return 0 when t is NULL or no time set. */ int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t) { int len = 0; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length"); if (t != NULL) { len = t->length; } return len; } /* Get the data from the ASN.1 TIME object. * * Not an OpenSSL function - ASN1_TIME is not opaque. * * @param [in] t ASN.1 TIME object. * @return Data buffer on success. * @return NULL when t is NULL. */ unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t) { unsigned char* data = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data"); if (t != NULL) { data = (unsigned char*)t->data; } return data; } /* Check format of string in ASN.1 TIME object. * * @param [in] a ASN.1 TIME object. * @return 1 on success. * @return 0 when format invalid. */ int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a) { int ret = 1; char buf[MAX_TIME_STRING_SZ]; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check"); /* If can convert to human readable then format good. */ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf, MAX_TIME_STRING_SZ) == NULL) { ret = 0; } return ret; } /* Set the time as a string into ASN.1 TIME object. * * When t is NULL, str is checked only. * * @param [in, out] t ASN.1 TIME object. * @param [in] str Time as a string. * @return 1 on success. * @return 0 when str is NULL. * @return 0 when str is not formatted correctly. */ int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str) { int ret = 1; int slen = 0; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string"); if (str == NULL) { WOLFSSL_MSG("Bad parameter"); ret = 0; } if (ret == 1) { /* Get length of string including NUL terminator. */ slen = (int)XSTRLEN(str) + 1; if (slen > CTC_DATE_SIZE) { WOLFSSL_MSG("Date string too long"); ret = 0; } } if ((ret == 1) && (t != NULL)) { /* Copy in string including NUL terminator. */ XMEMCPY(t->data, str, (size_t)slen); /* Do not include NUL terminator in length. */ t->length = slen - 1; /* Set ASN.1 type based on string length. */ t->type = ((slen == ASN_UTC_TIME_SIZE) ? V_ASN1_UTCTIME : V_ASN1_GENERALIZEDTIME); } return ret; } /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object. * * @param [in] t ASN.1 TIME object. * @param [in, out] out ASN.1 GENERALIZED TIME object. * @return ASN.1 GENERALIZED TIME object on success. * @return NULL when t is NULL or t has wrong ASN.1 type. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, WOLFSSL_ASN1_TIME **out) { WOLFSSL_ASN1_TIME *ret = NULL; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); /* Validate parameters. */ if (t == NULL) { WOLFSSL_MSG("Invalid ASN_TIME value"); } /* Ensure ASN.1 type is one that is supported. */ else if ((t->type != V_ASN1_UTCTIME) && (t->type != V_ASN1_GENERALIZEDTIME)) { WOLFSSL_MSG("Invalid ASN_TIME type."); } /* Check for ASN.1 GENERALIZED TIME object being passed in. */ else if ((out != NULL) && (*out != NULL)) { /* Copy into the passed in object. */ ret = *out; } else { /* Create a new ASN.1 GENERALIZED TIME object. */ ret = wolfSSL_ASN1_TIME_new(); if (ret == NULL) { WOLFSSL_MSG("memory alloc failed."); } } if (ret != NULL) { /* Set the ASN.1 type and length of string. */ ret->type = V_ASN1_GENERALIZEDTIME; ret->length = ASN_GENERALIZED_TIME_SIZE; if (t->type == V_ASN1_GENERALIZEDTIME) { /* Just copy as data already appropriately formatted. */ XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE); } else { /* Convert UTC TIME to GENERALIZED TIME. */ if (t->data[0] >= '5') { /* >= 50 is 1900s. */ ret->data[0] = '1'; ret->data[1] = '9'; } else { /* < 50 is 2000s. */ ret->data[0] = '2'; ret->data[1] = '0'; } /* Append rest of the data as it is the same. */ XMEMCPY(&ret->data[2], t->data, ASN_UTC_TIME_SIZE); } /* Check for pointer to return result through. */ if (out != NULL) { *out = ret; } } return ret; } #endif /* OPENSSL_EXTRA */ #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) /* Get string from ASN.1 TIME object. * * Not an OpenSSL compatibility API. * * @param [in] t ASN.1 TIME object. * @param [in, out] buf Buffer to put string in. * @param [in] len Length of buffer in bytes. * @return buf on success. * @return NULL when t or buf is NULL, or len is less than 5. * @return NULL when ASN.1 TIME length is larger than len. * @return NULL when internal time format not valid. */ char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len) { WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string"); /* Validate parameters. */ if ((t == NULL) || (buf == NULL) || (len < 5)) { WOLFSSL_MSG("Bad argument"); buf = NULL; } /* Check internal length against passed in length. */ if ((buf != NULL) && (t->length > len)) { WOLFSSL_MSG("Length of date is longer then buffer"); buf = NULL; } /* Get time as human readable string. */ if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len)) { buf = NULL; } return buf; } /* Number of characters in a UTC TIME string. */ #define UTCTIME_LEN 13 /* Get year from UTC TIME string. * * @param [in] str UTC TIME string. * @param [in] len Length of string in bytes. * @param [out] year Year as extracted from string. * @return 1 on success. * @return 0 when length is too short for a UTC TIME. * @return 0 when not ZULU time. */ static int wolfssl_utctime_year(const unsigned char* str, int len, int* year) { int ret = 1; /* Check minimal length for UTC TIME. */ if (len < UTCTIME_LEN) { WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid."); ret = 0; } /* Only support ZULU time. */ if ((ret == 1) && (str[UTCTIME_LEN - 1] != 'Z')) { WOLFSSL_MSG("Expecting UTC time."); ret = 0; } if (ret == 1) { int tm_year; /* 2-digit year. */ tm_year = (str[0] - '0') * 10; tm_year += str[1] - '0'; /* Check for year being in the 2000s. */ if (tm_year < 50) { tm_year += 100; } *year = tm_year; } return ret; } /* Number of characters in a GENERALIZED TIME string. */ #define GENTIME_LEN 15 /* Get year from GENERALIZED TIME string. * * @param [in] str GENERALIZED TIME string. * @param [in] len Length of string in bytes. * @param [out] year Year as extracted from string. * @return 1 on success. * @return 0 when length is too short for a GENERALIZED TIME. * @return 0 when not ZULU time. */ static int wolfssl_gentime_year(const unsigned char* str, int len, int* year) { int ret = 1; /* Check minimal length for GENERALIZED TIME. */ if (len < GENTIME_LEN) { WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid."); ret = 0; } if ((ret == 1) && (str[GENTIME_LEN - 1] != 'Z')) { WOLFSSL_MSG("Expecting Generalized time."); ret = 0; } if (ret == 1) { int tm_year; /* 4-digit year. */ tm_year = (str[0] - '0') * 1000; tm_year += (str[1] - '0') * 100; tm_year += (str[2] - '0') * 10; tm_year += str[3] - '0'; /* Only need value to be years since 1900. */ tm_year -= 1900; *year = tm_year; } return ret; } /* Convert an ASN.1 TIME to a struct tm. * * @param [in] asnTime ASN.1 TIME object. * @param [in] tm Broken-down time. Must be non-NULL. * @return 1 on success. * @return 0 when string format is invalid. */ static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm) { int ret = 1; const unsigned char* asn1TimeBuf; int asn1TimeBufLen; int i = 0; #ifdef XMKTIME struct tm localTm; XMEMSET(&localTm, 0, sizeof localTm); #endif /* Get the string buffer - fixed array, can't fail. */ asn1TimeBuf = wolfSSL_ASN1_TIME_get_data(asnTime); /* Get the length of the string. */ asn1TimeBufLen = wolfSSL_ASN1_TIME_get_length(asnTime); if (asn1TimeBufLen <= 0) { WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer length."); ret = 0; } if (ret == 1) { /* Zero out values in broken-down time. */ XMEMSET(tm, 0, sizeof(struct tm)); if (asnTime->type == V_ASN1_UTCTIME) { /* Get year from UTC TIME string. */ int tm_year; if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen, &tm_year)) == 1) { tm->tm_year = tm_year; /* Month starts after year - 2 characters. */ i = 2; } } else if (asnTime->type == V_ASN1_GENERALIZEDTIME) { /* Get year from GENERALIZED TIME string. */ int tm_year; if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen, &tm_year)) == 1) { tm->tm_year = tm_year; /* Month starts after year - 4 characters. */ i = 4; } } else { /* No other time formats known. */ WOLFSSL_MSG("asnTime->type is invalid."); ret = 0; } } if (ret == 1) { /* Fill in rest of broken-down time from string. */ /* January is 0 not 1 */ tm->tm_mon = (asn1TimeBuf[i] - '0') * 10; i++; tm->tm_mon += (asn1TimeBuf[i] - '0') - 1; i++; tm->tm_mday = (asn1TimeBuf[i] - '0') * 10; i++; tm->tm_mday += (asn1TimeBuf[i] - '0'); i++; tm->tm_hour = (asn1TimeBuf[i] - '0') * 10; i++; tm->tm_hour += (asn1TimeBuf[i] - '0'); i++; tm->tm_min = (asn1TimeBuf[i] - '0') * 10; i++; tm->tm_min += (asn1TimeBuf[i] - '0'); i++; tm->tm_sec = (asn1TimeBuf[i] - '0') * 10; i++; tm->tm_sec += (asn1TimeBuf[i] - '0'); #ifdef XMKTIME XMEMCPY(&localTm, tm, sizeof(struct tm)); /* Call XMKTIME on tm to get tm_wday and tm_yday fields populated. Note that localTm is used here to avoid modifying other fields, such as tm_isdst/tm_gmtoff. */ XMKTIME(&localTm); tm->tm_wday = localTm.tm_wday; tm->tm_yday = localTm.tm_yday; #endif } return ret; } /* Get the current time into a broken-down time. * * @param [out] tm Broken-time time. * @return 1 on success. * @return 0 when tm is NULL. * @return 0 when get current time fails. * @return 0 when converting Unix time to broken-down time fails. */ static int wolfssl_get_current_time_tm(struct tm* tm) { int ret = 1; time_t currentTime; struct tm *tmpTs; #if defined(NEED_TMP_TIME) /* for use with gmtime_r */ struct tm tmpTimeStorage; tmpTs = &tmpTimeStorage; #else tmpTs = NULL; #endif (void)tmpTs; /* Must have a pointer to return result into. */ if (tm == NULL) { WOLFSSL_MSG("asnTime and tm are both NULL"); ret = 0; } if (ret == 1) { /* Get current Unix Time GMT. */ currentTime = wc_Time(0); if (currentTime <= 0) { WOLFSSL_MSG("Failed to get current time."); ret = 0; } } if (ret == 1) { /* Convert Unix Time GMT into broken-down time. */ tmpTs = XGMTIME(¤tTime, tmpTs); if (tmpTs == NULL) { WOLFSSL_MSG("Failed to convert current time to UTC."); ret = 0; } } if (ret == 1) { /* Copy from the structure returned into parameter. */ XMEMCPY(tm, tmpTs, sizeof(*tm)); } return ret; } /* Convert ASN.1 TIME object's time into broken-down representation. * * Internal time string is checked when tm is NULL. * * @param [in] asnTime ASN.1 TIME object. * @param [out] tm Broken-down time. * @return 1 on success. * @return 0 when asnTime is NULL and tm is NULL. * @return 0 getting current time fails. * @return 0 when internal time string is invalid. */ int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm) { int ret = 1; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_tm"); /* If asnTime is NULL, then the current time is converted. */ if (asnTime == NULL) { ret = wolfssl_get_current_time_tm(tm); } /* If tm is NULL this function performs a format check on asnTime only. */ else if (tm == NULL) { ret = wolfSSL_ASN1_TIME_check(asnTime); } else { /* Convert ASN.1 TIME to broken-down time. */ ret = wolfssl_asn1_time_to_tm(asnTime, tm); } return ret; } #ifndef NO_BIO /* Print the ASN.1 TIME object as a string to BIO. * * @param [in] bio BIO to write to. * @param [in] asnTime ASN.1 TIME object. * @return 1 on success. * @return 0 when bio or asnTime is NULL. * @return 0 when creating human readable string fails. * @return 0 when writing to BIO fails. */ int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) { int ret = 1; WOLFSSL_ENTER("wolfSSL_ASN1_TIME_print"); /* Validate parameters. */ if ((bio == NULL) || (asnTime == NULL)) { WOLFSSL_MSG("NULL function argument"); ret = 0; } if (ret == 1) { char buf[MAX_TIME_STRING_SZ]; int len; /* Create human readable string. */ if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf, sizeof(buf)) == NULL) { /* Write out something anyway but return error. */ XMEMSET(buf, 0, MAX_TIME_STRING_SZ); XSTRNCPY(buf, "Bad time value", sizeof(buf)-1); ret = 0; } /* Write out string. */ len = (int)XSTRLEN(buf); if (wolfSSL_BIO_write(bio, buf, len) != len) { WOLFSSL_MSG("Unable to write to bio"); ret = 0; } } return ret; } #endif /* !NO_BIO */ #endif /* WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA */ #ifdef OPENSSL_EXTRA #ifndef NO_BIO /* Print the ASN.1 UTC TIME object as a string to BIO. * * @param [in] bio BIO to write to. * @param [in] asnTime ASN.1 UTC TIME object. * @return 1 on success. * @return 0 when bio or asnTime is NULL. * @return 0 when ASN.1 type is not UTC TIME. * @return 0 when creating human readable string fails. * @return 0 when writing to BIO fails. */ int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) { int ret = 1; WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_print"); /* Validate parameters. */ if ((bio == NULL) || (a == NULL)) { ret = 0; } /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */ if ((ret == 1) && (a->type != V_ASN1_UTCTIME)) { WOLFSSL_MSG("Error, not UTC_TIME"); ret = 0; } if (ret == 1) { /* Use generic time printing function to do work. */ ret = wolfSSL_ASN1_TIME_print(bio, a); } return ret; } #endif /* !NO_BIO */ #endif /* OPENSSL_EXTRA */ #endif /* !NO_ASN_TIME */ /******************************************************************************* * ASN1_TYPE APIs ******************************************************************************/ #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) /** * Allocate a new ASN.1 TYPE object. * * @return New empty ASN.1 TYPE object on success. * @return NULL when dynamic memory allocation fails. */ WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void) { WOLFSSL_ASN1_TYPE* ret; /* Allocate a new ASN.1 TYPE object. */ ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE), NULL, DYNAMIC_TYPE_OPENSSL); if (ret != NULL) { /* Clear out fields. */ XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE)); } return ret; } /* Free the ASN.1 TYPE object's value field. * * @param [in, out] at ASN.1 TYPE object. */ static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at) { switch (at->type) { case V_ASN1_NULL: break; case V_ASN1_OBJECT: wolfSSL_ASN1_OBJECT_free(at->value.object); break; case V_ASN1_UTCTIME: #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA) wolfSSL_ASN1_TIME_free(at->value.utctime); #endif break; case V_ASN1_GENERALIZEDTIME: #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA) wolfSSL_ASN1_TIME_free(at->value.generalizedtime); #endif break; case V_ASN1_UTF8STRING: case V_ASN1_PRINTABLESTRING: case V_ASN1_T61STRING: case V_ASN1_IA5STRING: case V_ASN1_UNIVERSALSTRING: case V_ASN1_SEQUENCE: wolfSSL_ASN1_STRING_free(at->value.asn1_string); break; default: break; } } /** * Free ASN.1 TYPE object and its value. * * @param [in, out] at ASN.1 TYPE object. */ void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at) { if (at != NULL) { /* Dispose of value in ASN.1 TYPE object. */ wolfssl_asn1_type_free_value(at); } /* Dispose of ASN.1 TYPE object. */ XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL); } #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \ defined(WOLFSSL_WPAS_SMALL) /** * Set ASN.1 TYPE object with a type and value. * * Type of value for different types: * V_ASN1_NULL : Value should be NULL. * V_ASN1_OBJECT : WOLFSSL_ASN1_OBJECT. * V_ASN1_UTCTIME : WOLFSSL_ASN1_TIME. * V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME. * V_ASN1_UTF8STRING : WOLFSSL_ASN1_STRING. * V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING. * V_ASN1_T61STRING : WOLFSSL_ASN1_STRING. * V_ASN1_IA5STRING : WOLFSSL_ASN1_STRING. * V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING. * V_ASN1_SEQUENCE : WOLFSSL_ASN1_STRING. * * @param [in, out] a ASN.1 TYPE object to set. * @param [in] type ASN.1 type of value. * @param [in] value Value to store. */ void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value) { if (a != NULL) { switch (type) { case V_ASN1_NULL: if (value != NULL) { WOLFSSL_MSG("NULL tag meant to be always empty!"); /* No way to return error - value will not be used. */ } FALL_THROUGH; case V_ASN1_OBJECT: case V_ASN1_UTCTIME: case V_ASN1_GENERALIZEDTIME: case V_ASN1_UTF8STRING: case V_ASN1_PRINTABLESTRING: case V_ASN1_T61STRING: case V_ASN1_IA5STRING: case V_ASN1_UNIVERSALSTRING: case V_ASN1_SEQUENCE: /* Dispose of any value currently set. */ wolfssl_asn1_type_free_value(a); /* Assign anonymously typed input to anonymously typed field. */ a->value.ptr = (char *)value; /* Set the type required. */ a->type = type; break; default: WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE"); /* No way to return error. */ } } } #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */ #endif /* !NO_ASN */ #endif /* !WOLFSSL_SSL_ASN1_INCLUDED */