1
0

ssl_asn1.c 133 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155215621572158215921602161216221632164216521662167216821692170217121722173217421752176217721782179218021812182218321842185218621872188218921902191219221932194219521962197219821992200220122022203220422052206220722082209221022112212221322142215221622172218221922202221222222232224222522262227222822292230223122322233223422352236223722382239224022412242224322442245224622472248224922502251225222532254225522562257225822592260226122622263226422652266226722682269227022712272227322742275227622772278227922802281228222832284228522862287228822892290229122922293229422952296229722982299230023012302230323042305230623072308230923102311231223132314231523162317231823192320232123222323232423252326232723282329233023312332233323342335233623372338233923402341234223432344234523462347234823492350235123522353235423552356235723582359236023612362236323642365236623672368236923702371237223732374237523762377237823792380238123822383238423852386238723882389239023912392239323942395239623972398239924002401240224032404240524062407240824092410241124122413241424152416241724182419242024212422242324242425242624272428242924302431243224332434243524362437243824392440244124422443244424452446244724482449245024512452245324542455245624572458245924602461246224632464246524662467246824692470247124722473247424752476247724782479248024812482248324842485248624872488248924902491249224932494249524962497249824992500250125022503250425052506250725082509251025112512251325142515251625172518251925202521252225232524252525262527252825292530253125322533253425352536253725382539254025412542254325442545254625472548254925502551255225532554255525562557255825592560256125622563256425652566256725682569257025712572257325742575257625772578257925802581258225832584258525862587258825892590259125922593259425952596259725982599260026012602260326042605260626072608260926102611261226132614261526162617261826192620262126222623262426252626262726282629263026312632263326342635263626372638263926402641264226432644264526462647264826492650265126522653265426552656265726582659266026612662266326642665266626672668266926702671267226732674267526762677267826792680268126822683268426852686268726882689269026912692269326942695269626972698269927002701270227032704270527062707270827092710271127122713271427152716271727182719272027212722272327242725272627272728272927302731273227332734273527362737273827392740274127422743274427452746274727482749275027512752275327542755275627572758275927602761276227632764276527662767276827692770277127722773277427752776277727782779278027812782278327842785278627872788278927902791279227932794279527962797279827992800280128022803280428052806280728082809281028112812281328142815281628172818281928202821282228232824282528262827282828292830283128322833283428352836283728382839284028412842284328442845284628472848284928502851285228532854285528562857285828592860286128622863286428652866286728682869287028712872287328742875287628772878287928802881288228832884288528862887288828892890289128922893289428952896289728982899290029012902290329042905290629072908290929102911291229132914291529162917291829192920292129222923292429252926292729282929293029312932293329342935293629372938293929402941294229432944294529462947294829492950295129522953295429552956295729582959296029612962296329642965296629672968296929702971297229732974297529762977297829792980298129822983298429852986298729882989299029912992299329942995299629972998299930003001300230033004300530063007300830093010301130123013301430153016301730183019302030213022302330243025302630273028302930303031303230333034303530363037303830393040304130423043304430453046304730483049305030513052305330543055305630573058305930603061306230633064306530663067306830693070307130723073307430753076307730783079308030813082308330843085308630873088308930903091309230933094309530963097309830993100310131023103310431053106310731083109311031113112311331143115311631173118311931203121312231233124312531263127312831293130313131323133313431353136313731383139314031413142314331443145314631473148314931503151315231533154315531563157315831593160316131623163316431653166316731683169317031713172317331743175317631773178317931803181318231833184318531863187318831893190319131923193319431953196319731983199320032013202320332043205320632073208320932103211321232133214321532163217321832193220322132223223322432253226322732283229323032313232323332343235323632373238323932403241324232433244324532463247324832493250325132523253325432553256325732583259326032613262326332643265326632673268326932703271327232733274327532763277327832793280328132823283328432853286328732883289329032913292329332943295329632973298329933003301330233033304330533063307330833093310331133123313331433153316331733183319332033213322332333243325332633273328332933303331333233333334333533363337333833393340334133423343334433453346334733483349335033513352335333543355335633573358335933603361336233633364336533663367336833693370337133723373337433753376337733783379338033813382338333843385338633873388338933903391339233933394339533963397339833993400340134023403340434053406340734083409341034113412341334143415341634173418341934203421342234233424342534263427342834293430343134323433343434353436343734383439344034413442344334443445344634473448344934503451345234533454345534563457345834593460346134623463346434653466346734683469347034713472347334743475347634773478347934803481348234833484348534863487348834893490349134923493349434953496349734983499350035013502350335043505350635073508350935103511351235133514351535163517351835193520352135223523352435253526352735283529353035313532353335343535353635373538353935403541354235433544354535463547354835493550355135523553355435553556355735583559356035613562356335643565356635673568356935703571357235733574357535763577357835793580358135823583358435853586358735883589359035913592359335943595359635973598359936003601360236033604360536063607360836093610361136123613361436153616361736183619362036213622362336243625362636273628362936303631363236333634363536363637363836393640364136423643364436453646364736483649365036513652365336543655365636573658365936603661366236633664366536663667366836693670367136723673367436753676367736783679368036813682368336843685368636873688368936903691369236933694369536963697369836993700370137023703370437053706370737083709371037113712371337143715371637173718371937203721372237233724372537263727372837293730373137323733373437353736373737383739374037413742374337443745374637473748374937503751375237533754375537563757375837593760376137623763376437653766376737683769377037713772377337743775377637773778377937803781378237833784378537863787378837893790379137923793379437953796379737983799380038013802380338043805380638073808380938103811381238133814381538163817381838193820382138223823382438253826382738283829383038313832383338343835383638373838383938403841384238433844384538463847384838493850385138523853385438553856385738583859386038613862386338643865386638673868386938703871387238733874387538763877387838793880388138823883388438853886388738883889389038913892389338943895389638973898389939003901390239033904390539063907390839093910391139123913391439153916391739183919392039213922392339243925392639273928392939303931393239333934393539363937393839393940394139423943394439453946394739483949395039513952395339543955395639573958395939603961396239633964396539663967396839693970397139723973397439753976397739783979398039813982398339843985398639873988398939903991399239933994399539963997399839994000400140024003400440054006400740084009401040114012401340144015401640174018401940204021402240234024402540264027402840294030403140324033403440354036403740384039404040414042404340444045404640474048404940504051405240534054405540564057405840594060406140624063406440654066406740684069407040714072407340744075407640774078407940804081408240834084408540864087408840894090409140924093409440954096409740984099410041014102410341044105410641074108410941104111411241134114411541164117411841194120412141224123412441254126412741284129413041314132413341344135413641374138413941404141414241434144414541464147414841494150415141524153415441554156415741584159416041614162416341644165416641674168416941704171417241734174417541764177417841794180418141824183418441854186418741884189419041914192419341944195419641974198419942004201420242034204420542064207420842094210421142124213421442154216421742184219422042214222422342244225422642274228422942304231423242334234423542364237423842394240424142424243424442454246424742484249425042514252425342544255425642574258425942604261426242634264426542664267426842694270427142724273427442754276427742784279428042814282428342844285428642874288428942904291429242934294429542964297429842994300430143024303430443054306430743084309431043114312431343144315431643174318431943204321432243234324432543264327432843294330433143324333433443354336433743384339434043414342434343444345434643474348434943504351435243534354435543564357435843594360436143624363436443654366436743684369437043714372437343744375437643774378437943804381438243834384438543864387438843894390439143924393439443954396439743984399440044014402440344044405440644074408440944104411441244134414441544164417441844194420442144224423442444254426442744284429443044314432443344344435443644374438443944404441444244434444444544464447444844494450445144524453445444554456445744584459446044614462446344644465446644674468446944704471447244734474447544764477447844794480448144824483448444854486448744884489449044914492449344944495449644974498449945004501450245034504450545064507450845094510451145124513451445154516451745184519452045214522452345244525452645274528452945304531453245334534453545364537453845394540454145424543454445454546454745484549455045514552455345544555455645574558455945604561456245634564456545664567456845694570457145724573457445754576457745784579458045814582458345844585458645874588458945904591459245934594459545964597459845994600460146024603460446054606460746084609461046114612461346144615461646174618461946204621462246234624462546264627462846294630463146324633463446354636463746384639464046414642464346444645464646474648464946504651465246534654465546564657465846594660466146624663466446654666466746684669467046714672467346744675467646774678467946804681468246834684468546864687468846894690469146924693469446954696469746984699470047014702470347044705470647074708470947104711471247134714471547164717471847194720472147224723472447254726
  1. /* ssl_asn1.c
  2. *
  3. * Copyright (C) 2006-2024 wolfSSL Inc.
  4. *
  5. * This file is part of wolfSSL.
  6. *
  7. * wolfSSL is free software; you can redistribute it and/or modify
  8. * it under the terms of the GNU General Public License as published by
  9. * the Free Software Foundation; either version 2 of the License, or
  10. * (at your option) any later version.
  11. *
  12. * wolfSSL is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU General Public License
  18. * along with this program; if not, write to the Free Software
  19. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20. */
  21. #ifdef HAVE_CONFIG_H
  22. #include <config.h>
  23. #endif
  24. #include <wolfssl/wolfcrypt/settings.h>
  25. #include <wolfssl/internal.h>
  26. #ifndef WC_NO_RNG
  27. #include <wolfssl/wolfcrypt/random.h>
  28. #endif
  29. #if !defined(WOLFSSL_SSL_ASN1_INCLUDED)
  30. #ifndef WOLFSSL_IGNORE_FILE_WARN
  31. #warning ssl_asn1.c does not need to be compiled separately from ssl.c
  32. #endif
  33. #else
  34. /*******************************************************************************
  35. * ASN1_item APIs
  36. ******************************************************************************/
  37. #ifndef NO_ASN
  38. #ifdef OPENSSL_EXTRA
  39. #ifdef OPENSSL_ALL
  40. /* Provides access to the member of the obj offset by offset */
  41. #define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset)))
  42. #define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset)))
  43. static void* asn1_new_tpl(const WOLFSSL_ASN1_TEMPLATE *mem)
  44. {
  45. if (mem->sequence)
  46. return wolfSSL_sk_new_null();
  47. else
  48. return mem->new_func();
  49. }
  50. static void* asn1_item_alloc(const WOLFSSL_ASN1_ITEM* item)
  51. {
  52. void* ret = NULL;
  53. /* allocation */
  54. switch (item->type) {
  55. case WOLFSSL_ASN1_SEQUENCE:
  56. case WOLFSSL_ASN1_CHOICE:
  57. ret = (void *)XMALLOC(item->size, NULL, DYNAMIC_TYPE_OPENSSL);
  58. if (ret != NULL)
  59. XMEMSET(ret, 0, item->size);
  60. break;
  61. case WOLFSSL_ASN1_OBJECT_TYPE:
  62. if (item->mcount != 1 || item->members->offset) {
  63. WOLFSSL_MSG("incorrect member count or offset");
  64. return NULL;
  65. }
  66. ret = asn1_new_tpl(item->members);
  67. break;
  68. default:
  69. WOLFSSL_MSG("ASN1 type not implemented");
  70. return NULL;
  71. }
  72. return ret;
  73. }
  74. static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item)
  75. {
  76. const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
  77. size_t i;
  78. int ret = 0;
  79. switch (item->type) {
  80. case WOLFSSL_ASN1_SEQUENCE:
  81. for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
  82. asn1Mem(obj, mem->offset) = asn1_new_tpl(mem);
  83. if (asn1Mem(obj, mem->offset) == NULL) {
  84. ret = WOLFSSL_FATAL_ERROR;
  85. break;
  86. }
  87. }
  88. break;
  89. case WOLFSSL_ASN1_OBJECT_TYPE:
  90. /* Initialized by new_func. Nothing to do. */
  91. break;
  92. case WOLFSSL_ASN1_CHOICE:
  93. asn1Type(obj, item->toffset) = -1;
  94. /* We don't know what to initialize. Nothing to do. */
  95. break;
  96. default:
  97. WOLFSSL_MSG("ASN1 type not implemented");
  98. ret = WOLFSSL_FATAL_ERROR;
  99. break;
  100. }
  101. return ret;
  102. }
  103. /* Create a new ASN1 item based on a template.
  104. *
  105. * @param [in] item Info about ASN1 items.
  106. * @return A new ASN1 item on success.
  107. * @return NULL when item is NULL, dynamic memory allocation fails or ASN1
  108. * item type not supported.
  109. */
  110. void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* item)
  111. {
  112. void* ret = NULL;
  113. WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
  114. if (item == NULL)
  115. return NULL;
  116. /* allocation */
  117. ret = asn1_item_alloc(item);
  118. if (ret == NULL)
  119. return NULL;
  120. /* initialization */
  121. if (asn1_item_init(ret, item) != 0) {
  122. wolfSSL_ASN1_item_free(ret, item);
  123. ret = NULL;
  124. }
  125. return ret;
  126. }
  127. static void asn1_free_tpl(void *obj, const WOLFSSL_ASN1_TEMPLATE *mem)
  128. {
  129. if (obj != NULL) {
  130. if (mem->sequence)
  131. wolfSSL_sk_pop_free((WOLFSSL_STACK *)obj, mem->free_func);
  132. else
  133. mem->free_func(obj);
  134. }
  135. }
  136. /* Dispose of ASN1 item based on a template.
  137. *
  138. * @param [in, out] val ASN item to free.
  139. * @param [in, item Info about ASN1 items.
  140. */
  141. void wolfSSL_ASN1_item_free(void *obj, const WOLFSSL_ASN1_ITEM *item)
  142. {
  143. const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
  144. size_t i;
  145. WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
  146. if (obj != NULL) {
  147. switch (item->type) {
  148. case WOLFSSL_ASN1_SEQUENCE:
  149. for (mem = item->members, i = 0; i < item->mcount; mem++, i++)
  150. asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
  151. XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
  152. break;
  153. case WOLFSSL_ASN1_CHOICE:
  154. if (asn1Type(obj, item->toffset) < 0)
  155. break; /* type not set */
  156. for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
  157. if (asn1Type(obj, item->toffset) == mem->tag) {
  158. asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
  159. break;
  160. }
  161. }
  162. XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
  163. break;
  164. case WOLFSSL_ASN1_OBJECT_TYPE:
  165. asn1_free_tpl(obj, item->members);
  166. break;
  167. default:
  168. WOLFSSL_MSG("ASN1 type not implemented");
  169. break;
  170. }
  171. }
  172. }
  173. static int i2d_asn1_items(const void* obj, byte** buf,
  174. const WOLFSSL_ASN1_TEMPLATE* mem)
  175. {
  176. int len = 0;
  177. int ret = 0;
  178. if (mem->sequence) {
  179. const WOLFSSL_STACK* sk = (WOLFSSL_STACK *)asn1Mem(obj, mem->offset);
  180. int ski; /* stack index */
  181. int innerLen = 0;
  182. /* Figure out the inner length first */
  183. for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
  184. ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), NULL);
  185. if (ret <= 0)
  186. break;
  187. innerLen += ret;
  188. }
  189. if (ret <= 0)
  190. return 0;
  191. if (buf != NULL && *buf != NULL) {
  192. /* Now write it out */
  193. int writeLen = 0;
  194. *buf += SetSequence((word32)innerLen, *buf);
  195. for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
  196. ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), buf);
  197. if (ret <= 0)
  198. break;
  199. writeLen += ret;
  200. }
  201. if (ret <= 0 || writeLen != innerLen)
  202. return 0;
  203. }
  204. len = (int)SetSequence((word32)innerLen, NULL) + innerLen;
  205. }
  206. else {
  207. ret = mem->i2d_func(asn1Mem(obj, mem->offset),
  208. buf != NULL && *buf != NULL ? buf : NULL);
  209. if (ret <= 0)
  210. return 0;
  211. len = ret;
  212. }
  213. return len;
  214. }
  215. /* Encode members of an ASN.1 SEQUENCE as DER.
  216. *
  217. * @param [in] src ASN1 items to encode.
  218. * @param [in, out] buf Buffer to encode into. May be NULL.
  219. * @param [in] members ASN1 template members.
  220. * @param [in] mcount Count of template members.
  221. * @return Length of DER encoding on success.
  222. * @return 0 on failure.
  223. */
  224. static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
  225. const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount)
  226. {
  227. const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
  228. int len = 0;
  229. int ret;
  230. size_t i;
  231. WOLFSSL_ENTER("wolfssl_i2d_asn1_items");
  232. for (mem = members, i = 0; i < mcount; mem++, i++) {
  233. byte* tmp = buf;
  234. if (mem->ex && mem->tag >= 0) {
  235. /* Figure out the inner length */
  236. int innerLen = 0;
  237. int hdrLen = 0;
  238. ret = i2d_asn1_items(obj, NULL, mem);
  239. if (ret <= 0) {
  240. len = 0;
  241. break;
  242. }
  243. innerLen = ret;
  244. hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0);
  245. len += hdrLen;
  246. if (buf != NULL)
  247. buf += hdrLen;
  248. }
  249. ret = i2d_asn1_items(obj, &buf, mem);
  250. if (ret <= 0) {
  251. len = 0;
  252. break;
  253. }
  254. if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) {
  255. /* Encode the implicit tag */
  256. byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
  257. SetImplicit(tmp[0], mem->tag, 0, imp, 0);
  258. tmp[0] = imp[0];
  259. }
  260. len += ret;
  261. }
  262. WOLFSSL_LEAVE("wolfssl_i2d_asn1_items", len);
  263. return len;
  264. }
  265. /* Encode sequence and items under it.
  266. *
  267. * @param [in] src ASN1 items to encode.
  268. * @param [in, out] buf Buffer to encode into. May be NULL.
  269. * @param [in] tpl Template of ASN1 items.
  270. * @return Length of DER encoding on success.
  271. * @return 0 on failure.
  272. */
  273. static int i2d_ASN_SEQUENCE(const void* obj, byte* buf,
  274. const WOLFSSL_ASN1_ITEM* item)
  275. {
  276. word32 seq_len;
  277. word32 len = 0;
  278. seq_len = (word32)wolfssl_i2d_asn1_items(obj, NULL, item->members,
  279. item->mcount);
  280. if (seq_len != 0) {
  281. len = SetSequence(seq_len, buf);
  282. if (buf != NULL) {
  283. if (wolfssl_i2d_asn1_items(obj, buf + len, item->members,
  284. item->mcount) > 0)
  285. len += seq_len; /* success */
  286. else
  287. len = 0; /* error */
  288. }
  289. else
  290. len += seq_len;
  291. }
  292. return (int)len;
  293. }
  294. static int i2d_ASN_CHOICE(const void* obj, byte* buf,
  295. const WOLFSSL_ASN1_ITEM* item)
  296. {
  297. const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
  298. size_t i;
  299. if (asn1Type(obj, item->toffset) < 0)
  300. return 0; /* type not set */
  301. for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
  302. if (asn1Type(obj, item->toffset) == mem->tag) {
  303. return wolfssl_i2d_asn1_items(obj, buf, mem, 1);
  304. }
  305. }
  306. return 0;
  307. }
  308. static int i2d_ASN_OBJECT_TYPE(const void* obj, byte* buf,
  309. const WOLFSSL_ASN1_ITEM* item)
  310. {
  311. /* To be able to use wolfssl_i2d_asn1_items without any modifications,
  312. * pass in a pointer to obj so that asn1Mem uses the correct pointer. */
  313. const void ** obj_pp = &obj;
  314. return wolfssl_i2d_asn1_items(obj_pp, buf, item->members, item->mcount);
  315. }
  316. /* Encode ASN1 template item.
  317. *
  318. * @param [in] src ASN1 items to encode.
  319. * @param [in, out] buf Buffer to encode into. May be NULL.
  320. * @param [in] tpl Template of ASN1 items.
  321. * @return Length of DER encoding on success.
  322. * @return 0 on failure.
  323. */
  324. static int wolfssl_asn1_item_encode(const void* obj, byte* buf,
  325. const WOLFSSL_ASN1_ITEM* item)
  326. {
  327. int len;
  328. switch (item->type) {
  329. case WOLFSSL_ASN1_SEQUENCE:
  330. len = i2d_ASN_SEQUENCE(obj, buf, item);
  331. break;
  332. case WOLFSSL_ASN1_OBJECT_TYPE:
  333. len = i2d_ASN_OBJECT_TYPE(obj, buf, item);
  334. break;
  335. case WOLFSSL_ASN1_CHOICE:
  336. len = i2d_ASN_CHOICE(obj, buf, item);
  337. break;
  338. default:
  339. WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
  340. len = 0;
  341. }
  342. return len;
  343. }
  344. /* Encode ASN1 template.
  345. *
  346. * @param [in] src ASN1 items to encode.
  347. * @param [in, out] dest Pointer to buffer to encode into. May be NULL.
  348. * @param [in] tpl Template of ASN1 items.
  349. * @return Length of DER encoding on success.
  350. * @return WOLFSSL_FATAL_ERROR on failure.
  351. */
  352. int wolfSSL_ASN1_item_i2d(const void* obj, byte** dest,
  353. const WOLFSSL_ASN1_ITEM* item)
  354. {
  355. int ret = 1;
  356. int len = 0;
  357. byte* buf = NULL;
  358. WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
  359. /* Validate parameters. */
  360. if ((obj == NULL) || (item == NULL)) {
  361. ret = 0;
  362. }
  363. if ((ret == 1) && ((len = wolfssl_asn1_item_encode(obj, NULL, item)) == 0))
  364. ret = 0;
  365. if ((ret == 1) && (dest != NULL)) {
  366. if (*dest == NULL) {
  367. buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
  368. if (buf == NULL)
  369. ret = 0;
  370. }
  371. else
  372. buf = *dest;
  373. if (ret == 1) {
  374. len = wolfssl_asn1_item_encode(obj, buf, item);
  375. if (len <= 0)
  376. ret = 0;
  377. }
  378. if (ret == 1) {
  379. if (*dest == NULL)
  380. *dest = buf;
  381. else
  382. *dest += len;
  383. }
  384. }
  385. if (ret == 0) {
  386. if (*dest == NULL)
  387. XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
  388. len = WOLFSSL_FATAL_ERROR;
  389. }
  390. WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
  391. return len;
  392. }
  393. static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
  394. long* len)
  395. {
  396. void* ret;
  397. const byte* tmp = *src;
  398. ret = mem->d2i_func(NULL, &tmp, *len);
  399. if (ret == NULL) {
  400. WOLFSSL_MSG("d2i error");
  401. return NULL;
  402. }
  403. if (tmp <= *src) {
  404. WOLFSSL_MSG("ptr not advanced");
  405. mem->free_func(ret); /* never a stack so we can call this directly */
  406. return NULL;
  407. }
  408. *len -= (long)(tmp - *src);
  409. *src = tmp;
  410. return ret;
  411. }
  412. static void* d2i_generic_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
  413. long* len)
  414. {
  415. void* ret = NULL;
  416. if (mem->sequence) {
  417. long skl = 0;
  418. int slen = 0;
  419. WOLFSSL_STACK* sk = NULL;
  420. word32 idx = 0;
  421. const byte* tmp = *src;
  422. if (GetSequence(tmp, &idx, &slen, (word32)*len) < 0)
  423. goto error;
  424. skl = (long)slen;
  425. tmp += idx;
  426. ret = sk = wolfSSL_sk_new_null();
  427. while (skl > 0) {
  428. void* new_obj = d2i_obj(mem, &tmp, &skl);
  429. if (new_obj == NULL) {
  430. WOLFSSL_MSG("d2i_obj failed");
  431. goto error;
  432. }
  433. if (wolfSSL_sk_insert(sk, new_obj, -1) <= 0) {
  434. mem->free_func(new_obj);
  435. WOLFSSL_MSG("push failed");
  436. goto error;
  437. }
  438. }
  439. if (skl != 0) {
  440. WOLFSSL_MSG("l not zero after sequence");
  441. goto error;
  442. }
  443. *len -= (long)slen;
  444. *src = tmp;
  445. }
  446. else {
  447. ret = d2i_obj(mem, src, len);
  448. }
  449. return ret;
  450. error:
  451. asn1_free_tpl(ret, mem);
  452. return NULL;
  453. }
  454. static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
  455. long* len, byte** impBuf, int* asnLen)
  456. {
  457. if (mem->tag >= 0) {
  458. byte tag = 0;
  459. word32 idx = 0;
  460. if (mem->ex) {
  461. if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
  462. (byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | mem->tag)
  463. != tag ||
  464. GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
  465. WOLFSSL_MSG("asn tag error");
  466. return WOLFSSL_FATAL_ERROR;
  467. }
  468. *len -= idx;
  469. *src += idx;
  470. }
  471. else {
  472. /* Underlying d2i functions won't be able to handle the implicit
  473. * tag so we substitute it for the expected tag. */
  474. if (mem->first_byte == 0) {
  475. WOLFSSL_MSG("first byte not set");
  476. return WOLFSSL_FATAL_ERROR;
  477. }
  478. if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
  479. (byte)mem->tag != (tag & ASN_TYPE_MASK) ||
  480. GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
  481. WOLFSSL_MSG("asn tag error");
  482. return WOLFSSL_FATAL_ERROR;
  483. }
  484. *asnLen += idx; /* total buffer length */
  485. *impBuf = (byte*)XMALLOC(*asnLen, NULL,
  486. DYNAMIC_TYPE_TMP_BUFFER);
  487. if (*impBuf == NULL) {
  488. WOLFSSL_MSG("malloc error");
  489. return WOLFSSL_FATAL_ERROR;
  490. }
  491. XMEMCPY(*impBuf, *src, *asnLen);
  492. (*impBuf)[0] = mem->first_byte;
  493. }
  494. }
  495. return 0;
  496. }
  497. static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
  498. const byte** src, long* len)
  499. {
  500. int asnLen = -1;
  501. const byte *tmp = NULL;
  502. void* ret = NULL;
  503. byte* impBuf = NULL;
  504. long l;
  505. if (*len <= 0) {
  506. WOLFSSL_MSG("buffer too short");
  507. return NULL;
  508. }
  509. if (d2i_handle_tags(mem, src, len, &impBuf, &asnLen) != 0) {
  510. WOLFSSL_MSG("tags error");
  511. goto error;
  512. }
  513. if (impBuf != NULL)
  514. tmp = impBuf;
  515. else
  516. tmp = *src;
  517. l = (long)(asnLen >= 0 ? asnLen : *len);
  518. ret = d2i_generic_obj(mem, &tmp, &l);
  519. if (l < 0) {
  520. WOLFSSL_MSG("ptr advanced too far");
  521. goto error;
  522. }
  523. if (impBuf != NULL) {
  524. tmp = *src + (tmp - impBuf); /* for the next calculation */
  525. XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  526. impBuf = NULL;
  527. }
  528. if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
  529. WOLFSSL_MSG("ptr not advanced enough");
  530. goto error;
  531. }
  532. *len -= (long)(tmp - *src);
  533. *src = tmp;
  534. return ret;
  535. error:
  536. asn1_free_tpl(ret, mem);
  537. if (impBuf != NULL)
  538. XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  539. return NULL;
  540. }
  541. static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len,
  542. const WOLFSSL_ASN1_ITEM* item)
  543. {
  544. const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
  545. int err;
  546. word32 idx = 0;
  547. int slen = 0;
  548. size_t i;
  549. const byte* s = *src;
  550. err = GetSequence(s, &idx, &slen, (word32)len);
  551. if (err <= 0) {
  552. WOLFSSL_MSG("GetSequence error");
  553. return WOLFSSL_FATAL_ERROR;
  554. }
  555. s += idx;
  556. len -= idx;
  557. for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
  558. asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len);
  559. if (asn1Mem(obj, mem->offset) == NULL) {
  560. WOLFSSL_MSG("d2i error");
  561. return WOLFSSL_FATAL_ERROR;
  562. }
  563. }
  564. *src = s;
  565. return 0;
  566. }
  567. static int d2i_ASN_CHOICE(void* obj, const byte **src, long len,
  568. const WOLFSSL_ASN1_ITEM* item)
  569. {
  570. const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
  571. size_t i;
  572. for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
  573. asn1Mem(obj, mem->offset) = d2i_generic(mem, src, &len);
  574. if (asn1Mem(obj, mem->offset) != NULL) {
  575. asn1Type(obj, item->toffset) = mem->tag;
  576. return 0;
  577. }
  578. }
  579. WOLFSSL_MSG("der does not decode with any CHOICE");
  580. return WOLFSSL_FATAL_ERROR;
  581. }
  582. static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len,
  583. const WOLFSSL_ASN1_ITEM* item)
  584. {
  585. return d2i_generic(item->members, src, &len);
  586. }
  587. void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
  588. const WOLFSSL_ASN1_ITEM* item)
  589. {
  590. void* obj = NULL;
  591. int err = 0;
  592. const byte *tmp;
  593. WOLFSSL_ENTER("wolfSSL_ASN1_item_d2i");
  594. if (src == NULL || *src == NULL || len <= 0 || item == NULL) {
  595. WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", 0);
  596. return NULL;
  597. }
  598. tmp = *src;
  599. /* Create an empty object. */
  600. switch (item->type) {
  601. case WOLFSSL_ASN1_SEQUENCE:
  602. case WOLFSSL_ASN1_CHOICE:
  603. obj = asn1_item_alloc(item);
  604. if (obj == NULL)
  605. return NULL;
  606. break;
  607. case WOLFSSL_ASN1_OBJECT_TYPE:
  608. /* allocated later */
  609. break;
  610. default:
  611. WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
  612. return NULL;
  613. }
  614. switch (item->type) {
  615. case WOLFSSL_ASN1_SEQUENCE:
  616. err = d2i_ASN_SEQUENCE(obj, &tmp, len, item);
  617. break;
  618. case WOLFSSL_ASN1_CHOICE:
  619. err = d2i_ASN_CHOICE(obj, &tmp, len, item);
  620. break;
  621. case WOLFSSL_ASN1_OBJECT_TYPE:
  622. obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item);
  623. if (obj == NULL)
  624. err = WOLFSSL_FATAL_ERROR;
  625. break;
  626. default:
  627. WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
  628. err = WOLFSSL_FATAL_ERROR;
  629. break;
  630. }
  631. if (err == 0)
  632. *src = tmp;
  633. else {
  634. wolfSSL_ASN1_item_free(obj, item);
  635. obj = NULL;
  636. }
  637. if (dst != NULL && obj != NULL) {
  638. if (*dst != NULL)
  639. wolfSSL_ASN1_item_free(*dst, item);
  640. *dst = obj;
  641. }
  642. WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", obj != NULL);
  643. return obj;
  644. }
  645. #endif /* OPENSSL_ALL */
  646. #endif /* OPENSSL_EXTRA */
  647. /*******************************************************************************
  648. * ASN1_BIT_STRING APIs
  649. ******************************************************************************/
  650. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  651. /* Create a new ASN.1 BIT_STRING object.
  652. *
  653. * @return ASN.1 BIT_STRING object on success.
  654. * @return NULL when dynamic memory allocation fails.
  655. */
  656. WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void)
  657. {
  658. WOLFSSL_ASN1_BIT_STRING* bitStr;
  659. bitStr = (WOLFSSL_ASN1_BIT_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_BIT_STRING),
  660. NULL, DYNAMIC_TYPE_OPENSSL);
  661. if (bitStr) {
  662. XMEMSET(bitStr, 0, sizeof(WOLFSSL_ASN1_BIT_STRING));
  663. }
  664. return bitStr;
  665. }
  666. /* Dispose of ASN.1 BIT_STRING object.
  667. *
  668. * Do not use bitStr after calling this function.
  669. *
  670. * @param [in, out] bitStr ASN.1 BIT_STRING to free. May be NULL.
  671. */
  672. void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* bitStr)
  673. {
  674. if (bitStr != NULL) {
  675. /* Dispose of any data allocated in BIT_STRING. */
  676. XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
  677. }
  678. /* Dispose of the ASN.1 BIT_STRING object. */
  679. XFREE(bitStr, NULL, DYNAMIC_TYPE_OPENSSL);
  680. }
  681. /* Get the value of the bit from the ASN.1 BIT_STRING at specified index.
  682. *
  683. * A NULL object a value of 0 for the bit at all indices.
  684. * A negative index has a value of 0 for the bit.
  685. *
  686. * @param [in] bitStr ASN.1 BIT_STRING object.
  687. * @param [in] i Index of bit.
  688. * @return Value of bit.
  689. */
  690. int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr,
  691. int i)
  692. {
  693. int bit = 0;
  694. /* Check for data and whether index is in range. */
  695. if ((bitStr != NULL) && (bitStr->data != NULL) && (i >= 0) &&
  696. (bitStr->length > (i / 8))) {
  697. bit = (bitStr->data[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
  698. }
  699. return bit;
  700. }
  701. /* Grow data to require length.
  702. *
  703. * @param [in] bitStr ASN.1 BIT_STRING object.
  704. * @param [in] len Length, in bytes, of data required.
  705. * @return 1 on success.
  706. * @return 0 when dynamic memory allocation fails.
  707. */
  708. static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr,
  709. int len)
  710. {
  711. int ret = 1;
  712. byte* tmp;
  713. /* Realloc to length required. */
  714. tmp = (byte*)XREALLOC(bitStr->data, (size_t)len, NULL,
  715. DYNAMIC_TYPE_OPENSSL);
  716. if (tmp == NULL) {
  717. ret = 0;
  718. }
  719. else {
  720. /* Clear out new, top bytes. */
  721. if (len > bitStr->length)
  722. XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
  723. bitStr->data = tmp;
  724. bitStr->length = len;
  725. }
  726. return ret;
  727. }
  728. /* Set the value of a bit in the ASN.1 BIT_STRING at specified index.
  729. *
  730. * @param [in] bitStr ASN.1 BIT_STRING object.
  731. * @param [in] idx Index of bit to set.
  732. * @param [in] val Value of bit to set. Valid values: 0 or 1.
  733. * @return 1 on success.
  734. * @return 0 when bitStr is NULL, idx is negative, val is not 0 or 1, or
  735. * dynamic memory allocation fails.
  736. */
  737. int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx,
  738. int val)
  739. {
  740. int ret = 1;
  741. int i = 0;
  742. /* Validate parameters. */
  743. if ((bitStr == NULL) || (idx < 0) || ((val != 0) && (val != 1))) {
  744. ret = 0;
  745. }
  746. if (ret == 1) {
  747. i = idx / 8;
  748. /* Check if we need to extend data range. */
  749. if ((i >= bitStr->length) && (val != 0)) {
  750. /* Realloc data to handle having bit set at index. */
  751. ret = wolfssl_asn1_bit_string_grow(bitStr, i + 1);
  752. }
  753. }
  754. if ((ret == 1) && (i < bitStr->length)) {
  755. /* Bit on at index. */
  756. byte bit = 1 << (7 - (idx % 8));
  757. /* Clear bit and set to value. */
  758. bitStr->data[i] &= ~bit;
  759. bitStr->data[i] |= bit & (byte)(0 - val);
  760. }
  761. return ret;
  762. }
  763. /* Serialize object to DER encoding
  764. *
  765. * @param bstr Object to serialize
  766. * @param pp Output
  767. * @return Length on success
  768. * Negative number on failure
  769. */
  770. int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
  771. unsigned char** pp)
  772. {
  773. int len;
  774. unsigned char* buf;
  775. if (bstr == NULL || (bstr->data == NULL && bstr->length != 0))
  776. return WOLFSSL_FATAL_ERROR;
  777. len = (int)SetBitString((word32)bstr->length, 0, NULL) + bstr->length;
  778. if (pp != NULL) {
  779. word32 idx;
  780. if (*pp != NULL)
  781. buf = *pp;
  782. else {
  783. buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
  784. if (buf == NULL)
  785. return WOLFSSL_FATAL_ERROR;
  786. }
  787. idx = SetBitString((word32)bstr->length, 0, buf);
  788. if (bstr->length > 0)
  789. XMEMCPY(buf + idx, bstr->data, (size_t)bstr->length);
  790. if (*pp != NULL)
  791. *pp += len;
  792. else
  793. *pp = buf;
  794. }
  795. return len;
  796. }
  797. WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
  798. WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len)
  799. {
  800. WOLFSSL_ASN1_BIT_STRING* ret = NULL;
  801. #ifdef WOLFSSL_ASN_TEMPLATE
  802. word32 idx = 0;
  803. byte tag = 0;
  804. int length = 0;
  805. WOLFSSL_ENTER("wolfSSL_d2i_ASN1_BIT_STRING");
  806. if (src == NULL || *src == NULL || len == 0)
  807. return NULL;
  808. if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
  809. return NULL;
  810. if (tag != ASN_BIT_STRING)
  811. return NULL;
  812. if (GetLength(*src, &idx, &length, (word32)len) < 0)
  813. return NULL;
  814. if (GetASN_BitString(*src, idx, length) != 0)
  815. return NULL;
  816. idx++; /* step over unused bits */
  817. length--;
  818. ret = wolfSSL_ASN1_BIT_STRING_new();
  819. if (ret == NULL)
  820. return NULL;
  821. if (wolfssl_asn1_bit_string_grow(ret, length) != 1) {
  822. wolfSSL_ASN1_BIT_STRING_free(ret);
  823. return NULL;
  824. }
  825. XMEMCPY(ret->data, *src + idx, length);
  826. *src += idx + (word32)length;
  827. if (out != NULL) {
  828. if (*out != NULL)
  829. wolfSSL_ASN1_BIT_STRING_free(*out);
  830. *out = ret;
  831. }
  832. #else
  833. WOLFSSL_MSG("d2i_ASN1_BIT_STRING needs --enable-asn=template");
  834. (void)out;
  835. (void)src;
  836. (void)len;
  837. #endif
  838. return ret;
  839. }
  840. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
  841. /*******************************************************************************
  842. * ASN1_INTEGER APIs
  843. ******************************************************************************/
  844. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  845. /* Create a new empty ASN.1 INTEGER object.
  846. *
  847. * @return ASN.1 INTEGER object on success.
  848. * @return NULL when dynamic memory allocation fails.
  849. */
  850. WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void)
  851. {
  852. WOLFSSL_ASN1_INTEGER* a;
  853. /* Allocate a new ASN.1 INTEGER object. */
  854. a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
  855. DYNAMIC_TYPE_OPENSSL);
  856. if (a != NULL) {
  857. XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER));
  858. /* Use fixed buffer field for data. */
  859. a->data = a->intData;
  860. a->isDynamic = 0;
  861. /* Maximum supported by fixed buffer. */
  862. a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
  863. /* No value set - no data. */
  864. a->length = 0;
  865. }
  866. return a;
  867. }
  868. /* Free the ASN.1 INTEGER object and any dynamically allocated data.
  869. *
  870. * @param [in, out] in ASN.1 INTEGER object.
  871. */
  872. void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in)
  873. {
  874. if ((in != NULL) && (in->isDynamic)) {
  875. /* Dispose of any data allocated in INTEGER. */
  876. XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL);
  877. }
  878. /* Dispose of the ASN.1 INTEGER object. */
  879. XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL);
  880. }
  881. #if defined(OPENSSL_EXTRA)
  882. /* Reset the data of ASN.1 INTEGER object back to empty fixed array.
  883. *
  884. * @param [in] a ASN.1 INTEGER object.
  885. */
  886. static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a)
  887. {
  888. /* Don't use dynamic buffer anymore. */
  889. if (a->isDynamic) {
  890. /* Cache pointer to allocated data. */
  891. unsigned char* data = a->data;
  892. /* No longer dynamic. */
  893. a->isDynamic = 0;
  894. /* Point data at fixed array. */
  895. a->data = a->intData;
  896. /* Set maximum length to fixed array size. */
  897. a->dataMax = (unsigned int)sizeof(a->intData);
  898. /* Dispose of dynamically allocated data. */
  899. XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL);
  900. }
  901. /* Clear out data from fixed array. */
  902. XMEMSET(a->intData, 0, sizeof(a->intData));
  903. /* No data, no length. */
  904. a->length = 0;
  905. /* No data, not negative. */
  906. a->negative = 0;
  907. /* Set type to positive INTEGER. */
  908. a->type = WOLFSSL_V_ASN1_INTEGER;
  909. }
  910. #endif /* OPENSSL_EXTRA */
  911. /* Setup ASN.1 INTEGER object to handle data of required length.
  912. *
  913. * @param [in, out] a ASN.1 INTEGER object.
  914. * @param [in] len Required length in bytes.
  915. * @return 1 on success.
  916. * @return 0 on dynamic memory allocation failure.
  917. */
  918. static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
  919. int keepOldData)
  920. {
  921. int ret = 1;
  922. byte* data;
  923. byte* oldData = a->intData;
  924. int oldLen = a->length;
  925. if (a->isDynamic && (len > (int)a->dataMax)) {
  926. oldData = a->data;
  927. a->isDynamic = 0;
  928. a->data = a->intData;
  929. a->dataMax = (unsigned int)sizeof(a->intData);
  930. }
  931. a->length = 0;
  932. if ((!a->isDynamic) && (len > (int)a->dataMax)) {
  933. /* Create a new buffer to hold large integer value. */
  934. data = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
  935. if (data == NULL) {
  936. ret = 0;
  937. }
  938. else {
  939. /* Indicate data is dynamic and copy data over. */
  940. a->isDynamic = 1;
  941. a->data = data;
  942. a->dataMax = (word32)len;
  943. }
  944. }
  945. if (keepOldData) {
  946. if (oldData != a->data) {
  947. /* Copy old data into new buffer. */
  948. XMEMCPY(a->data, oldData, (size_t)oldLen);
  949. }
  950. /* Restore old length. */
  951. a->length = oldLen;
  952. }
  953. if (oldData != a->intData) {
  954. /* Dispose of the old dynamic data. */
  955. XFREE(oldData, NULL, DYNAMIC_TYPE_OPENSSL);
  956. }
  957. return ret;
  958. }
  959. /* Duplicate the ASN.1 INTEGER object into a newly allocated one.
  960. *
  961. * @param [in] src ASN.1 INTEGER object to copy.
  962. * @return ASN.1 INTEGER object on success.
  963. * @return NULL when src is NULL or dynamic memory allocation fails.
  964. */
  965. WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
  966. {
  967. WOLFSSL_ASN1_INTEGER* dup = NULL;
  968. WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup");
  969. /* Check for object to duplicate. */
  970. if (src != NULL) {
  971. /* Create a new ASN.1 INTEGER object to be copied into. */
  972. dup = wolfSSL_ASN1_INTEGER_new();
  973. }
  974. /* Check for object to copy into. */
  975. if (dup != NULL) {
  976. /* Copy simple fields. */
  977. dup->length = src->length;
  978. dup->negative = src->negative;
  979. dup->type = src->type;
  980. if (!src->isDynamic) {
  981. /* Copy over data from/to fixed buffer. */
  982. XMEMCPY(dup->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
  983. }
  984. else if (wolfssl_asn1_integer_require_len(dup, src->length, 0) == 0) {
  985. wolfSSL_ASN1_INTEGER_free(dup);
  986. dup = NULL;
  987. }
  988. else {
  989. XMEMCPY(dup->data, src->data, (size_t)src->length);
  990. }
  991. }
  992. return dup;
  993. }
  994. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
  995. #if defined(OPENSSL_EXTRA)
  996. /* Compare values in two ASN.1 INTEGER objects.
  997. *
  998. * @param [in] a First ASN.1 INTEGER object.
  999. * @param [in] b Second ASN.1 INTEGER object.
  1000. * @return Negative value when a is less than b.
  1001. * @return 0 when a equals b.
  1002. * @return Positive value when a is greater than b.
  1003. * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  1004. */
  1005. int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
  1006. const WOLFSSL_ASN1_INTEGER* b)
  1007. {
  1008. int ret = 0;
  1009. WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_cmp");
  1010. /* Validate parameters. */
  1011. if ((a == NULL) || (b == NULL)) {
  1012. WOLFSSL_MSG("Bad parameter.");
  1013. ret = WOLFSSL_FATAL_ERROR;
  1014. }
  1015. /* Negative value < Positive value */
  1016. else if (a->negative && !b->negative) {
  1017. ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */
  1018. }
  1019. /* Positive value > Negative value */
  1020. else if (!a->negative && b->negative) {
  1021. ret = 1;
  1022. }
  1023. else {
  1024. /* Check for difference in length. */
  1025. if (a->length != b->length) {
  1026. ret = a->length - b->length;
  1027. }
  1028. else {
  1029. /* Compare data given they are the same length. */
  1030. ret = XMEMCMP(a->data, b->data, (size_t)a->length);
  1031. }
  1032. /* Reverse comparison result when both negative. */
  1033. if (a->negative) {
  1034. ret = -ret;
  1035. }
  1036. }
  1037. WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_cmp", ret);
  1038. return ret;
  1039. }
  1040. /* Calculate 2's complement of DER encoding.
  1041. *
  1042. * @param [in] data Array that is number.
  1043. * @param [in] length Number of bytes in array.
  1044. * @return 0 on success.
  1045. * @return -1 when get length from DER header failed.
  1046. */
  1047. static void wolfssl_twos_compl(byte* data, int length)
  1048. {
  1049. int i;
  1050. /* Invert bits - 1's complement. */
  1051. for (i = 0; i < length; ++i) {
  1052. data[i] = ~data[i];
  1053. }
  1054. /* 2's complement - add 1. */
  1055. for (i = length - 1; (++data[i]) == 0; --i) {
  1056. /* Do nothing. */
  1057. }
  1058. }
  1059. /* Calculate 2's complement of DER encoding.
  1060. *
  1061. * @param [in|out] data Array that is number.
  1062. * @param [in] length Number of bytes in array.
  1063. * @param [out] neg When NULL, 2's complement data.
  1064. * When not NULL, check for negative first and return.
  1065. * @return 0 on success.
  1066. * @return -1 when get length from DER header failed.
  1067. */
  1068. static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
  1069. {
  1070. int ret = 0;
  1071. word32 idx = 1; /* Skip tag. */
  1072. int len;
  1073. /* Get length from DER header. */
  1074. if (GetLength(data, &idx, &len, (word32)length) < 0) {
  1075. ret = WOLFSSL_FATAL_ERROR;
  1076. }
  1077. else {
  1078. if (neg != NULL) {
  1079. *neg = data[idx] & 0x80;
  1080. }
  1081. if ((neg == NULL) || (*neg != 0)) {
  1082. wolfssl_twos_compl(data + idx, length - (int)idx);
  1083. }
  1084. }
  1085. return ret;
  1086. }
  1087. /* Encode ASN.1 INTEGER as DER without tag.
  1088. *
  1089. * When out points to NULL, a new buffer is allocated and returned.
  1090. *
  1091. * @param [in] a ASN.1 INTEGER object.
  1092. * @param [in, out] out Pointer to buffer to hold encoding. May point to NULL.
  1093. * @return Length of encoding on success.
  1094. * @return -1 when a is NULL or no data, out is NULL, dynamic memory allocation
  1095. * fails or encoding length fails.
  1096. */
  1097. int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp)
  1098. {
  1099. WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER");
  1100. /* Validate parameters. */
  1101. if (a == NULL || a->data == NULL || a->length <= 0) {
  1102. WOLFSSL_MSG("Bad parameter.");
  1103. return WOLFSSL_FATAL_ERROR;
  1104. }
  1105. if (pp != NULL) {
  1106. byte* buf;
  1107. if (*pp != NULL)
  1108. buf = *pp;
  1109. else {
  1110. buf = (byte*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1);
  1111. if (buf == NULL)
  1112. return WOLFSSL_FATAL_ERROR;
  1113. }
  1114. /* Copy the data (including tag and length) into output buffer. */
  1115. XMEMCPY(buf, a->data, (size_t)a->length);
  1116. /* Only magnitude of the number stored (i.e. the sign isn't encoded).
  1117. * The "negative" field is 1 if the value must be interpreted as
  1118. * negative and we need to output the 2's complement of the value in
  1119. * the DER output.
  1120. */
  1121. if (a->negative &&
  1122. wolfssl_asn1_int_twos_compl(buf, a->length, NULL) != 0) {
  1123. if (*pp == NULL)
  1124. XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
  1125. return WOLFSSL_FATAL_ERROR;
  1126. }
  1127. if (*pp != NULL)
  1128. *pp += a->length;
  1129. else
  1130. *pp = buf;
  1131. }
  1132. return a->length;
  1133. }
  1134. /* Decode DER encoding of ASN.1 INTEGER.
  1135. *
  1136. * @param [out] a ASN.1 INTEGER object. May be NULL.
  1137. * @param [in, out] in Pointer to buffer containing DER encoding.
  1138. * @param [in] inSz Length of data in buffer.
  1139. * @return ASN.1 INTEGER object on success.
  1140. * @return NULL when in or *in is NULL, inSz is less than or equal to 2 or
  1141. * parsing DER failed.
  1142. */
  1143. WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
  1144. const unsigned char** in, long inSz)
  1145. {
  1146. WOLFSSL_ASN1_INTEGER* ret = NULL;
  1147. int err = 0;
  1148. word32 idx = 1;
  1149. int len = 0;
  1150. WOLFSSL_ENTER("wolfSSL_d2i_ASN1_INTEGER");
  1151. /* Validate parameters. */
  1152. if ((in == NULL) || (*in == NULL) || (inSz <= 2)) {
  1153. WOLFSSL_MSG("Bad parameter");
  1154. err = 1;
  1155. }
  1156. /* Check that the tag is correct. */
  1157. if ((!err) && (*in)[0] != ASN_INTEGER) {
  1158. WOLFSSL_MSG("Tag doesn't indicate integer type.");
  1159. err = 1;
  1160. }
  1161. /* Check that length and use this instead of inSz. */
  1162. if ((!err) && (GetLength(*in, &idx, &len, (word32)inSz) <= 0)) {
  1163. WOLFSSL_MSG("ASN.1 length not valid.");
  1164. err = 1;
  1165. }
  1166. /* Allocate a new ASN.1 INTEGER object. */
  1167. if ((!err) && ((ret = wolfSSL_ASN1_INTEGER_new()) == NULL)) {
  1168. err = 1;
  1169. }
  1170. if ((!err) && (wolfssl_asn1_integer_require_len(ret, (int)idx + len, 0) !=
  1171. 1)) {
  1172. err = 1;
  1173. }
  1174. if (!err) {
  1175. /* Set type. */
  1176. ret->type = WOLFSSL_V_ASN1_INTEGER;
  1177. /* Copy DER encoding and length. */
  1178. XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len));
  1179. ret->length = (int)idx + len;
  1180. /* Do 2's complement if number is negative. */
  1181. if (wolfssl_asn1_int_twos_compl(ret->data, ret->length, &ret->negative)
  1182. != 0) {
  1183. err = 1;
  1184. }
  1185. }
  1186. if ((!err) && ret->negative) {
  1187. /* Update type if number was negative. */
  1188. ret->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
  1189. }
  1190. if (err) {
  1191. /* Dispose of dynamically allocated data on error. */
  1192. wolfSSL_ASN1_INTEGER_free(ret);
  1193. ret = NULL;
  1194. }
  1195. else {
  1196. if (a != NULL) {
  1197. /* Return ASN.1 INTEGER through a. */
  1198. *a = ret;
  1199. }
  1200. *in += ret->length;
  1201. }
  1202. return ret;
  1203. }
  1204. #ifndef NO_BIO
  1205. /* Get length of leading hexadecimal characters.
  1206. *
  1207. * Looks for continuation character before carriage returns and line feeds.
  1208. *
  1209. * @param [in] str String with input.
  1210. * @param [in] len Length of string.
  1211. * @param [out] cont Line continuation character at end of line before
  1212. * carriage returns and line feeds.
  1213. * @return Number of leading hexadecimal characters in string.
  1214. */
  1215. static int wolfssl_a2i_asn1_integer_clear_to_eol(char* str, int len, int* cont)
  1216. {
  1217. byte num;
  1218. word32 nLen;
  1219. int i;
  1220. /* Strip off trailing carriage returns and line feeds. */
  1221. while ((len > 0) && ((str[len - 1] == '\n') || (str[len - 1] == '\r'))) {
  1222. len--;
  1223. }
  1224. /* Check for line continuation character. */
  1225. if ((len > 0) && (str[len - 1] == '\\')) {
  1226. *cont = 1;
  1227. len--;
  1228. }
  1229. else {
  1230. *cont = 0;
  1231. }
  1232. /* Find end of hexadecimal characters. */
  1233. nLen = 1;
  1234. for (i = 0; i < len; i++) {
  1235. /* Check if character is a hexadecimal character. */
  1236. if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) ==
  1237. WC_NO_ERR_TRACE(ASN_INPUT_E))
  1238. {
  1239. /* Found end of hexadecimal characters, return count. */
  1240. len = i;
  1241. break;
  1242. }
  1243. }
  1244. return len;
  1245. }
  1246. /* Read number from BIO as a string.
  1247. *
  1248. * Line continuation character at end of line means next line must be read.
  1249. *
  1250. * @param [in] bio BIO to read from.
  1251. * @param [in] asn1 ASN.1 INTEGER object to put number into.
  1252. * @param [in, out] buf Buffer to use when reading.
  1253. * @param [in] size Length of buffer in bytes.
  1254. * @return 1 on success.
  1255. * @return 0 on failure.
  1256. */
  1257. int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
  1258. char *buf, int size)
  1259. {
  1260. int ret = 1;
  1261. int readNextLine = 1;
  1262. int len;
  1263. word32 outLen = 0;
  1264. const int hdrSz = 1 + MAX_LENGTH_SZ;
  1265. WOLFSSL_ENTER("wolfSSL_a2i_ASN1_INTEGER");
  1266. if ((bio == NULL) || (asn1 == NULL) || (buf == NULL) || (size <= 0)) {
  1267. WOLFSSL_MSG("Bad parameter");
  1268. ret = 0;
  1269. }
  1270. while ((ret == 1) && readNextLine) {
  1271. int lineLen;
  1272. /* Assume we won't be reading any more. */
  1273. readNextLine = 0;
  1274. /* Read a line. */
  1275. lineLen = wolfSSL_BIO_gets(bio, buf, size);
  1276. if (lineLen <= 0) {
  1277. WOLFSSL_MSG("wolfSSL_BIO_gets error");
  1278. ret = 0;
  1279. }
  1280. if (ret == 1) {
  1281. /* Find length of hexadecimal digits in string. */
  1282. lineLen = wolfssl_a2i_asn1_integer_clear_to_eol(buf, lineLen,
  1283. &readNextLine);
  1284. /* Check we have a valid hexadecimal string to process. */
  1285. if ((lineLen == 0) || ((lineLen % 2) != 0)) {
  1286. WOLFSSL_MSG("Invalid line length");
  1287. ret = 0;
  1288. }
  1289. }
  1290. if (ret == 1) {
  1291. /* Calculate length of complete number so far. */
  1292. len = asn1->length + (lineLen / 2);
  1293. /* Make sure enough space for number and maximum header. */
  1294. if (wolfssl_asn1_integer_require_len(asn1, len + hdrSz, outLen != 0)
  1295. != 1) {
  1296. ret = 0;
  1297. }
  1298. }
  1299. if (ret == 1) {
  1300. /* Decode string and append to data. */
  1301. outLen = (word32)(lineLen / 2);
  1302. (void)Base16_Decode((byte*)buf, (word32)lineLen,
  1303. asn1->data + asn1->length, &outLen);
  1304. /* Update length of data. */
  1305. asn1->length += (int)outLen;
  1306. }
  1307. }
  1308. if (ret == 1) {
  1309. int idx;
  1310. /* Get ASN.1 header length. */
  1311. idx = SetASNInt(asn1->length, asn1->data[0], NULL);
  1312. /* Move data to be after ASN.1 header. */
  1313. XMEMMOVE(asn1->data + idx, asn1->data, (size_t)asn1->length);
  1314. /* Encode ASN.1 header. */
  1315. SetASNInt(asn1->length, asn1->data[idx], asn1->data);
  1316. /* Update length of data. */
  1317. asn1->length += idx;
  1318. }
  1319. return ret;
  1320. }
  1321. /* Write out number in ASN.1 INTEGER object to BIO as string.
  1322. *
  1323. * @param [in] bp BIO to write to.
  1324. * @param [in] a ASN.1 INTEGER object.
  1325. * @return Number of characters written on success.
  1326. * @return 0 when bp or a is NULL.
  1327. * @return 0 DER header in data is invalid.
  1328. */
  1329. int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
  1330. {
  1331. int err = 0;
  1332. word32 idx = 1; /* Skip ASN.1 INTEGER tag byte. */
  1333. int len = 0;
  1334. byte buf[WOLFSSL_ASN1_INTEGER_MAX * 2 + 1];
  1335. word32 bufLen;
  1336. WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER");
  1337. /* Validate parameters. */
  1338. if ((bp == NULL) || (a == NULL)) {
  1339. err = 1;
  1340. }
  1341. if (!err) {
  1342. /* Read DER length - must be at least 1 byte. */
  1343. if (GetLength(a->data, &idx, &len, (word32)a->length) <= 0) {
  1344. err = 1;
  1345. }
  1346. }
  1347. /* Keep encoding and writing while no error and bytes in data. */
  1348. while ((!err) && (idx < (word32)a->length)) {
  1349. /* Number of bytes left to encode. */
  1350. int encLen = a->length - (int)idx;
  1351. /* Reduce to maximum buffer size if necessary. */
  1352. if (encLen > (int)sizeof(buf) / 2) {
  1353. encLen = (int)sizeof(buf) / 2;
  1354. }
  1355. /* Encode bytes from data into buffer. */
  1356. bufLen = (int)sizeof(buf);
  1357. (void)Base16_Encode(a->data + idx, (word32)encLen, buf, &bufLen);
  1358. /* Update index to next bytes to encoded. */
  1359. idx += (word32)encLen;
  1360. /* Write out characters but not NUL char. */
  1361. if (wolfSSL_BIO_write(bp, buf, (int)bufLen - 1) != (int)(bufLen - 1)) {
  1362. err = 1;
  1363. }
  1364. }
  1365. if (err) {
  1366. /* Return 0 on error. */
  1367. len = 0;
  1368. }
  1369. /* Return total number of characters written. */
  1370. return len * 2;
  1371. }
  1372. #endif /* !NO_BIO */
  1373. #ifndef NO_ASN
  1374. /* Determine if a pad byte is required and its value for a number.
  1375. *
  1376. * Assumes values pointed to by pad and padVal are both 0.
  1377. *
  1378. * @param [in] data Number encoded as big-endian bytes.
  1379. * @param [in] len Length of number in bytes.
  1380. * @param [in, out] neg Indicates number is negative.
  1381. * @param [out] pad Number of padding bytes required.
  1382. * @param [out] padVal Padding byte to prepend.
  1383. */
  1384. static void wolfssl_asn1_integer_pad(unsigned char* data, int len,
  1385. unsigned char* neg, char* pad, unsigned char* padVal)
  1386. {
  1387. /* Check for empty data. */
  1388. if (len == 0) {
  1389. *pad = 1;
  1390. *padVal = 0x00;
  1391. *neg = 0;
  1392. }
  1393. else {
  1394. /* Get first, most significant, byte of encoded number. */
  1395. unsigned char firstByte = data[0];
  1396. /* 0 can't be negative. */
  1397. if ((len == 1) && (firstByte == 0x00)) {
  1398. *neg = 0;
  1399. }
  1400. /* Positive value must not have top bit of first byte set. */
  1401. if ((!*neg) && (firstByte >= 0x80)) {
  1402. *pad = 1;
  1403. *padVal = 0x00;
  1404. }
  1405. /* Negative numbers are two's complemented.
  1406. * Two's complement value must have top bit set.
  1407. */
  1408. else if (*neg && (firstByte > 0x80)) {
  1409. *pad = 1;
  1410. *padVal = 0xff;
  1411. }
  1412. /* Checking for: 0x80[00]*
  1413. * when negative that when two's complemented will be: 0x80[00]*
  1414. * and therefore doesn't require pad byte.
  1415. */
  1416. else if (*neg && (firstByte == 0x80)) {
  1417. int i;
  1418. /* Check rest of bytes. */
  1419. for (i = 1; i < len; i++) {
  1420. if (data[i] != 0x00) {
  1421. /* Not 0x80[00]* */
  1422. *pad = 1;
  1423. *padVal = 0xff;
  1424. break;
  1425. }
  1426. }
  1427. }
  1428. }
  1429. }
  1430. /* Convert ASN.1 INTEGER object into content octets.
  1431. *
  1432. * TODO: compatibility with OpenSSL? OpenSSL assumes data not DER encoded.
  1433. *
  1434. * When pp points to a buffer, on success pp will point to after the encoded
  1435. * data.
  1436. *
  1437. * @param [in] a ASN.1 INTEGER object.
  1438. * @param [in, out] pp Pointer to buffer. May be NULL. Cannot point to NULL.
  1439. * @return Length of encoding on success.
  1440. * @return 0 when a is NULL, pp points to NULL or DER length encoding invalid.
  1441. */
  1442. int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp)
  1443. {
  1444. int err = 0;
  1445. int len = 0;
  1446. char pad = 0;
  1447. unsigned char padVal = 0;
  1448. word32 idx = 1;
  1449. WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER");
  1450. /* Validate parameters. */
  1451. if ((a == NULL) || ((pp != NULL) && (*pp == NULL))) {
  1452. err = 1;
  1453. }
  1454. /* Get length from DER encoding. */
  1455. if ((!err) && (GetLength_ex(a->data, &idx, &len, a->dataMax, 0) < 0)) {
  1456. err = 1;
  1457. }
  1458. if (!err) {
  1459. /* Determine pad length and value. */
  1460. wolfssl_asn1_integer_pad(a->data + idx, len, &a->negative, &pad,
  1461. &padVal);
  1462. /* Total encoded length is number length plus one when padding. */
  1463. len += (int)pad;
  1464. }
  1465. /* Check buffer supplied to write into. */
  1466. if ((!err) && (pp != NULL)) {
  1467. /* Put in any pad byte. */
  1468. if (pad) {
  1469. (*pp)[0] = padVal;
  1470. }
  1471. /* Copy remaining bytes into output buffer. */
  1472. XMEMCPY(*pp + pad, a->data + idx, (size_t)(len - pad));
  1473. /* Two's complement copied bytes when negative. */
  1474. if (a->negative) {
  1475. wolfssl_twos_compl(*pp + pad, len - pad);
  1476. }
  1477. /* Move pointer past encoded data. */
  1478. *pp += len;
  1479. }
  1480. return len;
  1481. }
  1482. /* Make a big number with the value in the ASN.1 INTEGER object.
  1483. *
  1484. * A new big number object is allocated when bn is NULL.
  1485. *
  1486. * @param [in] ai ASN.1 INTEGER object.
  1487. * @param [in] bn Big number object. May be NULL.
  1488. * @return Big number object on success.
  1489. * @return NULL when ai is NULL or converting from binary fails.
  1490. */
  1491. WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
  1492. WOLFSSL_BIGNUM *bn)
  1493. {
  1494. int err = 0;
  1495. word32 idx = 1;
  1496. int len = 0;
  1497. WOLFSSL_BIGNUM* ret = NULL;
  1498. WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN");
  1499. /* Validate parameters. */
  1500. if (ai == NULL) {
  1501. err = 1;
  1502. }
  1503. if (!err) {
  1504. /* Get the length of ASN.1 INTEGER number. */
  1505. if ((ai->data[0] != ASN_INTEGER) || (GetLength(ai->data, &idx, &len,
  1506. (word32)ai->length) <= 0)) {
  1507. #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
  1508. idx = 0;
  1509. len = ai->length;
  1510. #else
  1511. WOLFSSL_MSG("Data in WOLFSSL_ASN1_INTEGER not DER encoded");
  1512. err = 1;
  1513. #endif
  1514. }
  1515. }
  1516. if (!err) {
  1517. /* Convert binary to big number. */
  1518. ret = wolfSSL_BN_bin2bn(ai->data + idx, len, bn);
  1519. if (ret != NULL) {
  1520. /* Handle negative. */
  1521. (void)wolfssl_bn_set_neg(ret, ai->negative);
  1522. }
  1523. }
  1524. return ret;
  1525. }
  1526. #endif /* !NO_ASN */
  1527. /* Create an ASN.1 INTEGER object from big number.
  1528. *
  1529. * Allocates a new ASN.1 INTEGER object when ai is NULL.
  1530. *
  1531. * @param [in] bn Big number to encode.
  1532. * @param [in] ai ASN.1 INTEGER object. May be NULL.
  1533. * @return ASN.1 INTEGER object on success.
  1534. * @return NULL when dynamic memory allocation fails.
  1535. */
  1536. WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
  1537. WOLFSSL_ASN1_INTEGER *ai)
  1538. {
  1539. int err = 0;
  1540. WOLFSSL_ASN1_INTEGER* a = NULL;
  1541. int len = 0;
  1542. int numBits = 0;
  1543. byte firstByte = 0;
  1544. WOLFSSL_ENTER("wolfSSL_BN_to_ASN1_INTEGER");
  1545. /* Validate parameters. */
  1546. if (bn == NULL) {
  1547. err = 1;
  1548. }
  1549. /* Use ASN.1 INTEGER object if provided. */
  1550. else if (ai != NULL) {
  1551. a = ai;
  1552. }
  1553. /* Create an ASN.1 INTEGER object to return. */
  1554. else {
  1555. a = wolfSSL_ASN1_INTEGER_new();
  1556. if (a == NULL) {
  1557. err = 1;
  1558. }
  1559. }
  1560. /* Check we have an ASN.1 INTEGER object to set. */
  1561. if (!err) {
  1562. int length;
  1563. /* Set type and negative. */
  1564. a->type = WOLFSSL_V_ASN1_INTEGER;
  1565. if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
  1566. a->negative = 1;
  1567. a->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
  1568. }
  1569. /* Get length in bytes of encoded number. */
  1570. len = wolfSSL_BN_num_bytes(bn);
  1571. if (len == 0) {
  1572. len = 1;
  1573. }
  1574. /* Get length in bits of encoded number. */
  1575. numBits = wolfSSL_BN_num_bits(bn);
  1576. /* Leading zero required if most-significant byte has top bit set. */
  1577. if ((numBits > 0) && (numBits % 8) == 0) {
  1578. firstByte = 0x80;
  1579. }
  1580. /* Get length of header based on length of number. */
  1581. length = SetASNInt(len, firstByte, NULL);
  1582. /* Add number of bytes to encode number. */
  1583. length += len;
  1584. /* Update data field to handle length. */
  1585. if (wolfssl_asn1_integer_require_len(a, length, 0) != 1) {
  1586. err = 1;
  1587. }
  1588. }
  1589. if (!err) {
  1590. /* Write ASN.1 header. */
  1591. int idx = SetASNInt(len, firstByte, a->data);
  1592. /* Populate data. */
  1593. if (numBits == 0) {
  1594. a->data[idx] = 0;
  1595. }
  1596. else {
  1597. /* Add encoded number. */
  1598. len = wolfSSL_BN_bn2bin(bn, a->data + idx);
  1599. if (len < 0) {
  1600. err = 1;
  1601. }
  1602. }
  1603. /* Set length to encoded length. */
  1604. a->length = idx + len;
  1605. }
  1606. if (err) {
  1607. /* Can't use ASN.1 INTEGER object. */
  1608. if (a != ai) {
  1609. wolfSSL_ASN1_INTEGER_free(a);
  1610. }
  1611. a = NULL;
  1612. }
  1613. return a;
  1614. }
  1615. /* Get the value of the ASN.1 INTEGER as a long.
  1616. *
  1617. * Returning 0 on NULL and -1 on error is consistent with OpenSSL.
  1618. *
  1619. * @param [in] a ASN.1 INTEGER object.
  1620. * @return Value as a long.
  1621. * @return 0 when a is NULL.
  1622. * @return -1 when a big number operation fails.
  1623. */
  1624. long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a)
  1625. {
  1626. long ret = 1;
  1627. WOLFSSL_BIGNUM* bn = NULL;
  1628. WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_get");
  1629. /* Validate parameter. */
  1630. if (a == NULL) {
  1631. ret = 0;
  1632. }
  1633. if (ret > 0) {
  1634. /* Create a big number from the DER encoding. */
  1635. bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL);
  1636. if (bn == NULL) {
  1637. ret = WOLFSSL_FATAL_ERROR;
  1638. }
  1639. }
  1640. if (ret > 0) {
  1641. /* Get the big number as a word. */
  1642. ret = (long)wolfSSL_BN_get_word(bn);
  1643. /* Negate number of ASN.1 INTEGER was negative. */
  1644. if (a->negative == 1) {
  1645. ret = -ret;
  1646. }
  1647. }
  1648. /* Dispose of big number as no longer needed. */
  1649. if (bn != NULL) {
  1650. wolfSSL_BN_free(bn);
  1651. }
  1652. WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_get", (int)ret);
  1653. return ret;
  1654. }
  1655. /* Sets the value of the ASN.1 INTEGER object to the long value.
  1656. *
  1657. * @param [in, out] a ASN.1 INTEGER object.
  1658. * @param [in] v Value to set.
  1659. * @return 1 on success.
  1660. * @return 0 when a is NULL.
  1661. */
  1662. int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
  1663. {
  1664. int ret = 1;
  1665. /* Validate parameters. */
  1666. if (a == NULL) {
  1667. ret = 0;
  1668. }
  1669. if (ret == 1) {
  1670. byte j;
  1671. unsigned int i = 0;
  1672. byte tmp[sizeof(long)];
  1673. byte pad = 0;
  1674. wolfssl_asn1_integer_reset_data(a);
  1675. /* Check for negative. */
  1676. if (v < 0) {
  1677. /* Set negative and 2's complement the value. */
  1678. a->negative = 1;
  1679. a->type |= WOLFSSL_V_ASN1_NEG;
  1680. v = -v;
  1681. }
  1682. /* Put value into temporary buffer - at least one byte encoded. */
  1683. tmp[0] = (byte)(v & 0xff);
  1684. v >>= 8;
  1685. for (j = 1; j < (byte)sizeof(long); j++) {
  1686. if (v == 0) {
  1687. break;
  1688. }
  1689. tmp[j] = (byte)(v & 0xff);
  1690. v >>= 8;
  1691. }
  1692. /* Pad with 0x00 to indicate positive number when top bit set. */
  1693. if ((!a->negative) && (tmp[j-1] & 0x80)) {
  1694. pad = 1;
  1695. }
  1696. /* Set tag. */
  1697. a->data[i++] = ASN_INTEGER;
  1698. /* Set length of encoded value. */
  1699. a->data[i++] = pad + j;
  1700. /* Set length of DER encoding. +2 for tag and length */
  1701. a->length = 2 + pad + j;
  1702. /* Add pad byte if required. */
  1703. if (pad == 1) {
  1704. a->data[i++] = 0;
  1705. }
  1706. /* Copy in data. */
  1707. for (; j > 0; j--) {
  1708. a->data[i++] = tmp[j-1];
  1709. }
  1710. }
  1711. return ret;
  1712. }
  1713. #endif /* OPENSSL_EXTRA */
  1714. /*******************************************************************************
  1715. * ASN1_OBJECT APIs
  1716. ******************************************************************************/
  1717. #if !defined(NO_ASN)
  1718. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  1719. /* Create a new ASN.1 OBJECT_ID object.
  1720. *
  1721. * @return ASN.1 OBJECT_ID object on success.
  1722. * @return NULL when dynamic memory allocation fails.
  1723. */
  1724. WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
  1725. {
  1726. WOLFSSL_ASN1_OBJECT* obj;
  1727. /* Allocate memory for new ASN.1 OBJECT. */
  1728. obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,
  1729. DYNAMIC_TYPE_ASN1);
  1730. if (obj != NULL) {
  1731. XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
  1732. /* Setup pointers. */
  1733. obj->d.ia5 = &(obj->d.ia5_internal);
  1734. #if defined(OPENSSL_ALL)
  1735. obj->d.iPAddress = &(obj->d.iPAddress_internal);
  1736. #endif
  1737. /* Object was allocated. */
  1738. obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
  1739. }
  1740. return obj;
  1741. }
  1742. /* Dispose of any ASN.1 OBJECT_ID dynamically allocated data.
  1743. *
  1744. * Do not use obj after calling this function.
  1745. *
  1746. * @param [in, out] obj ASN.1 OBJECT_ID object.
  1747. */
  1748. void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
  1749. {
  1750. if (obj != NULL) {
  1751. /* Check for dynamically allocated copy of encoded data. */
  1752. if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) {
  1753. #ifdef WOLFSSL_DEBUG_OPENSSL
  1754. WOLFSSL_MSG("Freeing ASN1 data");
  1755. #endif
  1756. XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
  1757. obj->obj = NULL;
  1758. }
  1759. #if defined(OPENSSL_EXTRA)
  1760. /* Check for path length ASN.1 INTEGER - X.509 extension. */
  1761. if (obj->pathlen != NULL) {
  1762. wolfSSL_ASN1_INTEGER_free(obj->pathlen);
  1763. obj->pathlen = NULL;
  1764. }
  1765. #endif
  1766. /* Check whether object was dynamically allocated. */
  1767. if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
  1768. #ifdef WOLFSSL_DEBUG_OPENSSL
  1769. WOLFSSL_MSG("Freeing ASN1 OBJECT");
  1770. #endif
  1771. XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
  1772. }
  1773. }
  1774. }
  1775. /* Duplicate the ASN.1 OBJECT_ID object.
  1776. *
  1777. * @param [in] obj ASN.1 OBJECT_ID object to copy.
  1778. * @return New ASN.1 OBJECT_ID object on success.
  1779. * @return NULL when obj is NULL or dynamic memory allocation fails.
  1780. */
  1781. WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj)
  1782. {
  1783. WOLFSSL_ASN1_OBJECT* dupl = NULL;
  1784. WOLFSSL_ENTER("wolfSSL_ASN1_OBJECT_dup");
  1785. /* Validate parameter. */
  1786. if (obj == NULL) {
  1787. WOLFSSL_MSG("Bad parameter");
  1788. }
  1789. /* Create a new ASN.1 OBJECT_ID object to return. */
  1790. else if ((dupl = wolfSSL_ASN1_OBJECT_new()) == NULL) {
  1791. WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
  1792. }
  1793. if (dupl != NULL) {
  1794. /* Copy short name. */
  1795. XMEMCPY(dupl->sName, obj->sName, WOLFSSL_MAX_SNAME);
  1796. /* Copy simple fields. */
  1797. dupl->type = obj->type;
  1798. dupl->grp = obj->grp;
  1799. dupl->nid = obj->nid;
  1800. dupl->objSz = obj->objSz;
  1801. #ifdef OPENSSL_EXTRA
  1802. dupl->ca = obj->ca;
  1803. #endif
  1804. /* Check for encoding. */
  1805. if (obj->obj) {
  1806. /* Allocate memory for ASN.1 OBJECT_ID DER encoding. */
  1807. dupl->obj = (const unsigned char*)XMALLOC(obj->objSz, NULL,
  1808. DYNAMIC_TYPE_ASN1);
  1809. if (dupl->obj == NULL) {
  1810. WOLFSSL_MSG("ASN1 obj malloc error");
  1811. wolfSSL_ASN1_OBJECT_free(dupl);
  1812. dupl = NULL;
  1813. }
  1814. else {
  1815. /* Encoding buffer was dynamically allocated. */
  1816. dupl->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
  1817. /* Copy DER encoding. */
  1818. XMEMCPY((byte*)dupl->obj, obj->obj, obj->objSz);
  1819. }
  1820. }
  1821. }
  1822. return dupl;
  1823. }
  1824. #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
  1825. #endif /* !NO_ASN */
  1826. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  1827. /**
  1828. * Parse DER encoding and return header information.
  1829. *
  1830. * *in is moved to the value of the ASN1 object
  1831. *
  1832. * @param [in, out] in Pointer to BER encoded data.
  1833. * @param [out] len Length of parsed ASN1 object
  1834. * @param [out] tag Tag value of parsed ASN1 object
  1835. * @param [out] cls Class of parsed ASN1 object
  1836. * @param [in] inLen Length of *in buffer
  1837. * @return int Depends on which bits are set in the returned int:
  1838. * 0x80 an error occurred during parsing.
  1839. * 0x20 parsed object is constructed.
  1840. * 0x01 the parsed object length is indefinite.
  1841. */
  1842. int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
  1843. int *cls, long inLen)
  1844. {
  1845. int err = 0;
  1846. word32 inOutIdx = 0;
  1847. int l = 0;
  1848. byte t = 0;
  1849. int ret = 0x80;
  1850. WOLFSSL_ENTER("wolfSSL_ASN1_get_object");
  1851. if ((in == NULL) || (*in == NULL) || (len == NULL) || (tag == NULL) ||
  1852. (cls == NULL) || (inLen <= 0)) {
  1853. WOLFSSL_MSG("Bad parameter");
  1854. err = 1;
  1855. }
  1856. if (!err) {
  1857. /* Length at least 1, parameters valid - cannot fail to get tag. */
  1858. GetASNTag(*in, &inOutIdx, &t, (word32)inLen);
  1859. /* Get length in DER encoding. */
  1860. if (GetLength_ex(*in, &inOutIdx, &l, (word32)inLen, 0) < 0) {
  1861. WOLFSSL_MSG("GetLength error");
  1862. err = 1;
  1863. }
  1864. }
  1865. if (!err) {
  1866. /* Return header information. */
  1867. *tag = t & ASN_TYPE_MASK; /* Tag number is 5 lsb */
  1868. *cls = t & ASN_CLASS_MASK; /* Class is 2 msb */
  1869. *len = l;
  1870. ret = t & ASN_CONSTRUCTED;
  1871. if (l > (int)(inLen - inOutIdx)) {
  1872. /* Still return other values but indicate error in msb */
  1873. ret |= 0x80;
  1874. }
  1875. /* Move pointer to after DER header. */
  1876. *in += inOutIdx;
  1877. }
  1878. return ret;
  1879. }
  1880. int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len,
  1881. int addHdr)
  1882. {
  1883. word32 idx = 0;
  1884. if (obj == NULL || der == NULL || len == 0)
  1885. return WOLFSSL_FAILURE;
  1886. if (addHdr)
  1887. idx = SetHeader(ASN_OBJECT_ID, (word32)len, NULL, 0);
  1888. if (obj->obj != NULL) {
  1889. XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
  1890. obj->obj = NULL;
  1891. obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
  1892. }
  1893. obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1);
  1894. if (obj->obj == NULL)
  1895. return WOLFSSL_FAILURE;
  1896. if (addHdr)
  1897. SetHeader(ASN_OBJECT_ID, (word32)len, (byte*)obj->obj, 0);
  1898. XMEMCPY((byte*)obj->obj + idx, der, len);
  1899. obj->objSz = (unsigned int)(idx + len);
  1900. obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
  1901. return WOLFSSL_SUCCESS;
  1902. }
  1903. /* Creates and ASN.1 OBJECT_ID object from DER encoding.
  1904. *
  1905. * @param [out] a Pointer to return new ASN.1 OBJECT_ID through.
  1906. * @param [in, out] der Pointer to buffer holding DER encoding.
  1907. * @param [in] length Length of DER encoding in bytes.
  1908. * @return New ASN.1 OBJECT_ID object on success.
  1909. * @return NULL when der or *der is NULL or length is less than or equal zero.
  1910. * @return NULL when not an OBJECT_ID or decoding fails.
  1911. * @return NULL when dynamic memory allocation fails.
  1912. */
  1913. WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
  1914. const unsigned char **der, long length)
  1915. {
  1916. WOLFSSL_ASN1_OBJECT* ret = NULL;
  1917. int len = 0;
  1918. word32 idx = 0;
  1919. WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
  1920. /* Validate parameters. */
  1921. if ((der == NULL) || (*der == NULL) || (length <= 0)) {
  1922. WOLFSSL_MSG("Bad parameter");
  1923. return NULL;
  1924. }
  1925. if (GetASNHeader(*der, ASN_OBJECT_ID, &idx, &len, (word32)length) < 0) {
  1926. WOLFSSL_MSG("error getting tag");
  1927. return NULL;
  1928. }
  1929. if (len <= 0) {
  1930. WOLFSSL_MSG("zero length");
  1931. return NULL;
  1932. }
  1933. ret = wolfSSL_ASN1_OBJECT_new();
  1934. if (ret == NULL) {
  1935. WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
  1936. return NULL;
  1937. }
  1938. if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) {
  1939. wolfSSL_ASN1_OBJECT_free(ret);
  1940. return NULL;
  1941. }
  1942. *der += idx + len;
  1943. if (a != NULL) {
  1944. if (*a != NULL)
  1945. wolfSSL_ASN1_OBJECT_free(*a);
  1946. *a = ret;
  1947. }
  1948. return ret;
  1949. }
  1950. /* Write out DER encoding of ASN.1 OBJECT_ID.
  1951. *
  1952. * When pp is NULL, length is returned.
  1953. * When pp points to NULL, a new buffer is allocated and returned through pp.
  1954. * When pp points to a buffer, it is moved on past encoded data on success.
  1955. *
  1956. * @param [in] a ASN.1 OBJECT_ID object.
  1957. * @param [in, out] pp Pointer to buffer to write to. May be NULL.
  1958. * @return Length of encoding on success.
  1959. * @return 0 when a or encoding buffer is NULL.
  1960. * @return 0 when dynamic memory allocation fails.
  1961. */
  1962. int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
  1963. {
  1964. int len = 0;
  1965. WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OBJECT");
  1966. /* Validate parameters */
  1967. if ((a == NULL) || (a->obj == NULL)) {
  1968. WOLFSSL_MSG("Bad parameters");
  1969. }
  1970. /* Only return length when no pointer supplied. */
  1971. else if (pp == NULL) {
  1972. len = (int)a->objSz;
  1973. }
  1974. else {
  1975. byte *p = NULL;
  1976. /* Check if we have a buffer to encode into. */
  1977. if (*pp == NULL) {
  1978. /* Allocate a new buffer to return. */
  1979. p = (byte*)XMALLOC(a->objSz, NULL, DYNAMIC_TYPE_OPENSSL);
  1980. if (p == NULL) {
  1981. WOLFSSL_MSG("Bad malloc");
  1982. }
  1983. else {
  1984. /* Return allocated buffer. */
  1985. *pp = p;
  1986. }
  1987. }
  1988. /* Check we have a buffer to encode into. */
  1989. if (*pp != NULL) {
  1990. /* Copy in DER encoding. */
  1991. XMEMCPY(*pp, a->obj, a->objSz);
  1992. /* Move on pointer if user supplied. */
  1993. if (p == NULL) {
  1994. *pp += a->objSz;
  1995. }
  1996. /* Return length of DER encoding. */
  1997. len = (int)a->objSz;
  1998. }
  1999. }
  2000. return len;
  2001. }
  2002. /* Create an ASN.1 OBJECT_ID object from the content octets.
  2003. *
  2004. * @param [out] a Pointer to return ASN.1 OBJECT_ID object.
  2005. * @param [in, out] pp Pointer to buffer holding content octets.
  2006. * @param [in] len Length of content octets in bytes.
  2007. * @return New ASN.1 OBJECT_ID object on success.
  2008. * @return NULL when pp or *pp is NULL or length is less than or equal zero.
  2009. * @return NULL when dynamic memory allocation fails.
  2010. */
  2011. WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
  2012. const unsigned char **pp, long len)
  2013. {
  2014. WOLFSSL_ASN1_OBJECT* ret = NULL;
  2015. WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT");
  2016. /* Validate parameters. */
  2017. if ((pp == NULL) || (*pp == NULL) || (len <= 0)) {
  2018. WOLFSSL_MSG("Bad parameter");
  2019. return NULL;
  2020. }
  2021. /* Create a new ASN.1 OBJECT_ID object. */
  2022. ret = wolfSSL_ASN1_OBJECT_new();
  2023. if (ret == NULL) {
  2024. WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
  2025. return NULL;
  2026. }
  2027. if (wolfssl_asn1_obj_set(ret, *pp, (word32)len, 1) != WOLFSSL_SUCCESS) {
  2028. WOLFSSL_MSG("wolfssl_asn1_obj_set error");
  2029. wolfSSL_ASN1_OBJECT_free(ret);
  2030. return NULL;
  2031. }
  2032. /* Move pointer to after data copied out. */
  2033. *pp += len;
  2034. /* Return ASN.1 OBJECT_ID object through a if required. */
  2035. if (a != NULL) {
  2036. if (*a != NULL)
  2037. wolfSSL_ASN1_OBJECT_free(*a);
  2038. *a = ret;
  2039. }
  2040. return ret;
  2041. }
  2042. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
  2043. #ifdef OPENSSL_EXTRA
  2044. /* Write at most buf_len bytes of textual representation of ASN.1 OBJECT_ID.
  2045. *
  2046. * @param [in, out] buf Buffer to write to.
  2047. * @param [in] buf_len Length of buffer in bytes.
  2048. * @param [in] a ASN.1 OBJECT_ID object.
  2049. * @return Number of bytes written on success.
  2050. * @return 0 on failure.
  2051. */
  2052. int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
  2053. {
  2054. WOLFSSL_ENTER("wolfSSL_i2t_ASN1_OBJECT");
  2055. return wolfSSL_OBJ_obj2txt(buf, buf_len, a, 0);
  2056. }
  2057. #ifndef NO_BIO
  2058. /* Write out the text encoding of the ASN.1 OBJECT_ID.
  2059. *
  2060. * @param [in] bp BIO to write to.
  2061. * @param [in] a ASN.1 OBJECT_ID object.
  2062. * @return Number of bytes written on success.
  2063. * @return 0 on failure.
  2064. */
  2065. int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
  2066. {
  2067. int length = 0;
  2068. int cLen = 0;
  2069. word32 idx = 0;
  2070. const char null_str[] = "NULL";
  2071. const char invalid_str[] = "<INVALID>";
  2072. char buf[80];
  2073. WOLFSSL_ENTER("wolfSSL_i2a_ASN1_OBJECT");
  2074. /* Validate parameters. */
  2075. if (bp == NULL) {
  2076. /* Do nothing. */
  2077. }
  2078. /* NULL object is written as "NULL". */
  2079. else if (a == NULL) {
  2080. /* Write "NULL" - as done in OpenSSL. */
  2081. length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str));
  2082. }
  2083. /* Try getting text version and write it out. */
  2084. else if ((length = wolfSSL_i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
  2085. length = wolfSSL_BIO_write(bp, buf, length);
  2086. }
  2087. /* Look for DER header. */
  2088. else if ((a->obj == NULL) || (a->obj[idx++] != ASN_OBJECT_ID)) {
  2089. WOLFSSL_MSG("Bad ASN1 Object");
  2090. }
  2091. /* Get length from DER header. */
  2092. else if (GetLength((const byte*)a->obj, &idx, &cLen, a->objSz) < 0) {
  2093. length = 0;
  2094. }
  2095. else {
  2096. /* Write out "<INVALID>" and dump content. */
  2097. length = wolfSSL_BIO_write(bp, invalid_str, (int)XSTRLEN(invalid_str));
  2098. length += wolfSSL_BIO_dump(bp, (const char*)(a->obj + idx), cLen);
  2099. }
  2100. return length;
  2101. }
  2102. #endif /* !NO_BIO */
  2103. #endif /* OPENSSL_EXTRA */
  2104. /*******************************************************************************
  2105. * ASN1_SK_OBJECT APIs
  2106. ******************************************************************************/
  2107. #if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && !defined(NO_ASN)
  2108. /* Create a new WOLFSSL_ASN1_OBJECT stack.
  2109. *
  2110. * @return New WOLFSSL_ASN1_OBJECT stack on success.
  2111. * @return NULL when dynamic memory allocation fails.
  2112. */
  2113. WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void)
  2114. {
  2115. WOLFSSL_ENTER("wolfSSL_sk_new_asn1_obj");
  2116. return wolfssl_sk_new_type(STACK_TYPE_OBJ);
  2117. }
  2118. /* Dispose of WOLFSL_ASN1_OBJECT stack.
  2119. *
  2120. * @param [in, out] sk Stack to free nodes in.
  2121. */
  2122. void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
  2123. {
  2124. /* Dispose of stack. */
  2125. wolfSSL_sk_free(sk);
  2126. }
  2127. /* Dispose of all ASN.1 OBJECT_ID objects in ASN1_OBJECT stack.
  2128. *
  2129. * This is different then wolfSSL_ASN1_OBJECT_free in that it allows for
  2130. * choosing the function to use when freeing an ASN1_OBJECT stack.
  2131. *
  2132. * @param [in, out] sk ASN.1 OBJECT_ID stack to free.
  2133. * @param [in] f Free function to apply to each ASN.1 OBJECT_ID object.
  2134. */
  2135. void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
  2136. void (*f) (WOLFSSL_ASN1_OBJECT*))
  2137. {
  2138. WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_pop_free");
  2139. wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
  2140. }
  2141. /* Push a WOLFSSL_ASN1_OBJECT onto stack.
  2142. *
  2143. * @param [in, out] sk ASN.1 OBJECT_ID stack.
  2144. * @param [in] obj ASN.1 OBJECT_ID object to push on. Cannot be NULL.
  2145. * @return 1 on success.
  2146. * @return 0 when sk or obj is NULL.
  2147. * @return 0 when dynamic memory allocation fails.
  2148. */
  2149. int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
  2150. WOLFSSL_ASN1_OBJECT* obj)
  2151. {
  2152. WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
  2153. return wolfSSL_sk_push(sk, obj);
  2154. }
  2155. /* Pop off a WOLFSSL_ASN1_OBJECT from the stack.
  2156. *
  2157. * @param [in, out] sk ASN.1 OBJECT_ID stack.
  2158. * @return ASN.1 OBJECT_ID object on success.
  2159. * @return NULL when stack is NULL or no nodes left in stack.
  2160. */
  2161. WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
  2162. WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
  2163. {
  2164. return (WOLFSSL_ASN1_OBJECT*)wolfssl_sk_pop_type(sk, STACK_TYPE_OBJ);
  2165. }
  2166. #endif /* (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) && !NO_ASN */
  2167. /*******************************************************************************
  2168. * ASN1_STRING APIs
  2169. ******************************************************************************/
  2170. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  2171. /* Create a new ASN.1 STRING object.
  2172. *
  2173. * @return New ASN.1 STRING object on success.
  2174. * @return NULL when dynamic memory allocation fails.
  2175. */
  2176. WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void)
  2177. {
  2178. WOLFSSL_ASN1_STRING* asn1;
  2179. #ifdef WOLFSSL_DEBUG_OPENSSL
  2180. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
  2181. #endif
  2182. asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
  2183. DYNAMIC_TYPE_OPENSSL);
  2184. if (asn1 != NULL) {
  2185. XMEMSET(asn1, 0, sizeof(WOLFSSL_ASN1_STRING));
  2186. }
  2187. return asn1;
  2188. }
  2189. /* Create a new ASN.1 STRING object.
  2190. *
  2191. * @param [in] type Encoding type.
  2192. * @return New ASN.1 STRING object on success.
  2193. * @return NULL when dynamic memory allocation fails.
  2194. */
  2195. WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type)
  2196. {
  2197. WOLFSSL_ASN1_STRING* asn1;
  2198. #ifdef WOLFSSL_DEBUG_OPENSSL
  2199. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
  2200. #endif
  2201. asn1 = wolfSSL_ASN1_STRING_new();
  2202. if (asn1 != NULL) {
  2203. asn1->type = type;
  2204. }
  2205. return asn1;
  2206. }
  2207. /* Dispose of ASN.1 STRING object.
  2208. *
  2209. * @param [in, out] asn1 ASN.1 STRING object.
  2210. */
  2211. void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
  2212. {
  2213. #ifdef WOLFSSL_DEBUG_OPENSSL
  2214. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
  2215. #endif
  2216. /* Check we have an object to free. */
  2217. if (asn1 != NULL) {
  2218. /* Dispose of dynamic data. */
  2219. if ((asn1->length > 0) && asn1->isDynamic) {
  2220. XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
  2221. }
  2222. }
  2223. /* Dispose of ASN.1 STRING object. */
  2224. XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL);
  2225. }
  2226. /* Copy an ASN.1 STRING object from src into dest.
  2227. *
  2228. * @param [in, out] dest ASN.1 STRING object to copy into.
  2229. * @param [in] src ASN.1 STRING object to copy from.
  2230. */
  2231. int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dest,
  2232. const WOLFSSL_ASN1_STRING* src)
  2233. {
  2234. int ret = 1;
  2235. /* Validate parameters. */
  2236. if ((src == NULL) || (dest == NULL)) {
  2237. ret = 0;
  2238. }
  2239. /* Set the DER encoding. */
  2240. if ((ret == 1) && (wolfSSL_ASN1_STRING_set(dest, src->data, src->length) !=
  2241. 1)) {
  2242. ret = 0;
  2243. }
  2244. if (ret == 1) {
  2245. /* Copy simple fields. */
  2246. dest->type = src->type;
  2247. dest->flags = src->flags;
  2248. }
  2249. return ret;
  2250. }
  2251. /* Duplicate an ASN.1 STRING object.
  2252. *
  2253. * @param [in] asn1 ASN.1 STRING object to duplicate.
  2254. * @return New ASN.1 STRING object on success.
  2255. * @return NULL when asn1 is NULL or dynamic memory allocation fails.
  2256. */
  2257. WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1)
  2258. {
  2259. WOLFSSL_ASN1_STRING* dupl = NULL;
  2260. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_dup");
  2261. /* Check we have an object to duplicate. */
  2262. if (asn1 == NULL) {
  2263. WOLFSSL_MSG("Bad parameter");
  2264. }
  2265. else {
  2266. /* Create a new ASN.1 STRING object. */
  2267. dupl = wolfSSL_ASN1_STRING_new();
  2268. if (dupl == NULL) {
  2269. WOLFSSL_MSG("wolfSSL_ASN1_STRING_new error");
  2270. }
  2271. }
  2272. if (dupl != NULL) {
  2273. /* Copy the contents. */
  2274. if (wolfSSL_ASN1_STRING_copy(dupl, asn1) != 1) {
  2275. WOLFSSL_MSG("wolfSSL_ASN1_STRING_copy error");
  2276. /* Dispose of duplicate and return NULL. */
  2277. wolfSSL_ASN1_STRING_free(dupl);
  2278. dupl = NULL;
  2279. }
  2280. }
  2281. return dupl;
  2282. }
  2283. /* Compare two ASN.1 STRING objects.
  2284. *
  2285. * Compares type when data the same.
  2286. *
  2287. * @param [in] a First ASN.1 STRING object.
  2288. * @param [in] b Second ASN.1 STRING object.
  2289. * @return Negative value when a is less than b.
  2290. * @return 0 when a equals b.
  2291. * @return Positive value when a is greater than b.
  2292. * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
  2293. */
  2294. int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
  2295. const WOLFSSL_ASN1_STRING *b)
  2296. {
  2297. int ret;
  2298. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_cmp");
  2299. /* Validate parameters. */
  2300. if ((a == NULL) || (b == NULL)) {
  2301. ret = WOLFSSL_FATAL_ERROR;
  2302. }
  2303. /* Compare length of data. */
  2304. else if (a->length != b->length) {
  2305. ret = a->length - b->length;
  2306. }
  2307. /* Compare data. */
  2308. else if ((ret = XMEMCMP(a->data, b->data, (size_t)a->length)) == 0) {
  2309. /* Compare ASN.1 types - wolfSSL_ASN1_STRING_type_new(). */
  2310. ret = a->type - b->type;
  2311. }
  2312. return ret;
  2313. }
  2314. #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
  2315. #if defined(OPENSSL_EXTRA)
  2316. #if !defined(NO_CERTS)
  2317. #ifndef NO_WOLFSSL_STUB
  2318. WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn,
  2319. const unsigned char **in, long len)
  2320. {
  2321. WOLFSSL_STUB("d2i_DISPLAYTEXT");
  2322. (void)asn;
  2323. (void)in;
  2324. (void)len;
  2325. return NULL;
  2326. }
  2327. #endif
  2328. #endif /* !NO_CERTS */
  2329. #endif /* OPENSSL_EXTRA */
  2330. #ifndef NO_ASN
  2331. #if defined(OPENSSL_EXTRA)
  2332. /* Convert ASN.1 STRING that is UniversalString type to PrintableString type.
  2333. *
  2334. * @param [in, out] s ASN.1 STRING object to convert.
  2335. * @return 1 on success.
  2336. * @return 0 when s is NULL.
  2337. * @return 0 when type is not UniversalString or string is not of that format.
  2338. */
  2339. int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
  2340. {
  2341. int ret = 1;
  2342. char* p;
  2343. WOLFSSL_ENTER("wolfSSL_ASN1_UNIVERSALSTRING_to_string");
  2344. /* Validate parameter. */
  2345. if (s == NULL) {
  2346. WOLFSSL_MSG("Bad parameter");
  2347. ret = 0;
  2348. }
  2349. /* Check type of ASN.1 STRING. */
  2350. if ((ret == 1) && (s->type != WOLFSSL_V_ASN1_UNIVERSALSTRING)) {
  2351. WOLFSSL_MSG("Input is not a universal string");
  2352. ret = 0;
  2353. }
  2354. /* Check length is indicative of UNIVERSAL_STRING. */
  2355. if ((ret == 1) && ((s->length % 4) != 0)) {
  2356. WOLFSSL_MSG("Input string must be divisible by 4");
  2357. ret = 0;
  2358. }
  2359. if (ret == 1) {
  2360. /* Ensure each UniversalString character looks right. */
  2361. for (p = s->data; p < s->data + s->length; p += 4)
  2362. if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
  2363. break;
  2364. /* Check whether we failed loop early. */
  2365. if (p != s->data + s->length) {
  2366. WOLFSSL_MSG("Wrong string format");
  2367. ret = 0;
  2368. }
  2369. }
  2370. if (ret == 1) {
  2371. char* copy;
  2372. /* Strip first three bytes of each four byte character. */
  2373. for (copy = p = s->data; p < s->data + s->length; p += 4) {
  2374. *copy++ = p[3];
  2375. }
  2376. /* Place NUL on end. */
  2377. *copy = '\0';
  2378. /* Update length and type. */
  2379. s->length /= 4;
  2380. s->type = WOLFSSL_V_ASN1_PRINTABLESTRING;
  2381. }
  2382. return ret;
  2383. }
  2384. #endif /* OPENSSL_EXTRA */
  2385. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  2386. /* Convert ASN.1 STRING to UTF8 encoding.
  2387. *
  2388. * Assumes stored encoding is UTF8.
  2389. * Returned buffer should be freed using OPENSSL_free().
  2390. *
  2391. * @param [out] out Pointer to return allocated string.
  2392. * @param [in] asn1 ASN.1 STRING object.
  2393. * @return Length of string, excluding NUL, on success.
  2394. * @return -1 when out or asn1 is NULL.
  2395. * @return -1 when no data to return.
  2396. * @return -1 dynamic memory allocation fails.
  2397. */
  2398. int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
  2399. {
  2400. unsigned char* buf = NULL;
  2401. unsigned char* data = NULL;
  2402. int len = -1;
  2403. /* Validate parameters. */
  2404. if ((out != NULL) && (asn1 != NULL)) {
  2405. /* Get data and length. */
  2406. data = wolfSSL_ASN1_STRING_data(asn1);
  2407. len = wolfSSL_ASN1_STRING_length(asn1);
  2408. /* Check data and length are usable. */
  2409. if ((data == NULL) || (len < 0)) {
  2410. len = WOLFSSL_FATAL_ERROR;
  2411. }
  2412. }
  2413. if (len != -1) {
  2414. /* Allocate buffer to hold string and NUL. */
  2415. buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL,
  2416. DYNAMIC_TYPE_OPENSSL);
  2417. if (buf == NULL) {
  2418. len = WOLFSSL_FATAL_ERROR;
  2419. }
  2420. }
  2421. if (len != -1) {
  2422. /* Copy in string - NUL always put on end of stored string. */
  2423. XMEMCPY(buf, data, (size_t)(len + 1));
  2424. /* Return buffer. */
  2425. *out = buf;
  2426. }
  2427. return len;
  2428. }
  2429. #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
  2430. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  2431. /* Encode ASN.1 STRING data as hex digits separated by colon.
  2432. *
  2433. * Assumes length is greater than 0.
  2434. *
  2435. * @param [in] s ASN.1 STRING object.
  2436. * @return Buffer containing string representation on success.
  2437. * @return NULL when dynamic memory allocation fails.
  2438. * @return NULL when encoding a character as hex fails.
  2439. */
  2440. static char* wolfssl_asn1_string_to_hex_chars(const WOLFSSL_ASN1_STRING *s)
  2441. {
  2442. char* tmp;
  2443. int tmpSz = s->length * 3;
  2444. tmp = (char*)XMALLOC((size_t)tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2445. if (tmp == NULL) {
  2446. WOLFSSL_MSG("Memory Error");
  2447. }
  2448. else {
  2449. int i;
  2450. unsigned char* str = (unsigned char*)s->data;
  2451. /* Put out all but last character as a hex digit with ':'. */
  2452. for (i = 0; i < s->length; i++) {
  2453. /* Put in hex digit string at end of tmp. */
  2454. ByteToHexStr(str[i], tmp + i * 3);
  2455. /* Check not last character. */
  2456. if (i < s->length - 1) {
  2457. /* Put in separator: ':'. */
  2458. tmp[i * 3 + 2] = ':';
  2459. }
  2460. /* Last character. */
  2461. else {
  2462. /* Put in NUL to terminate string. */
  2463. tmp[i * 3 + 2] = '\0';
  2464. }
  2465. }
  2466. }
  2467. return tmp;
  2468. }
  2469. /* Create a string encoding of ASN.1 STRING object.
  2470. *
  2471. * @param [in] method Method table. Unused.
  2472. * @param [in] s ASN.1 STRING object.
  2473. * @return Buffer containing string representation on success.
  2474. * @return NULL when s or data is NULL.
  2475. * @return NULL when dynamic memory allocation fails.
  2476. * @return NULL when encoding a character as hex fails.
  2477. */
  2478. char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
  2479. const WOLFSSL_ASN1_STRING *s)
  2480. {
  2481. char* ret = NULL;
  2482. WOLFSSL_ENTER("wolfSSL_i2s_ASN1_STRING");
  2483. (void)method;
  2484. /* Validate parameters. */
  2485. if ((s == NULL) || (s->data == NULL)) {
  2486. WOLFSSL_MSG("Bad Function Argument");
  2487. }
  2488. /* Handle 0 length data separately. */
  2489. else if (s->length == 0) {
  2490. ret = (char *)XMALLOC(1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
  2491. if (ret != NULL) {
  2492. ret[0] = '\0';
  2493. }
  2494. }
  2495. else {
  2496. /* Convert unreadable strings to hexadecimal. */
  2497. ret = wolfssl_asn1_string_to_hex_chars(s);
  2498. }
  2499. return ret;
  2500. }
  2501. static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s,
  2502. unsigned char **pp, byte tag)
  2503. {
  2504. int idx;
  2505. int len;
  2506. unsigned char* out;
  2507. if (s == NULL || s->data == NULL || s->length == 0)
  2508. return WOLFSSL_FATAL_ERROR;
  2509. len = SetHeader(tag, s->length, NULL, 0) + s->length;
  2510. if (pp == NULL)
  2511. return len;
  2512. if (*pp == NULL) {
  2513. out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
  2514. if (out == NULL)
  2515. return WOLFSSL_FATAL_ERROR;
  2516. }
  2517. else {
  2518. out = *pp;
  2519. }
  2520. idx = (int)SetHeader(tag, s->length, out, 0);
  2521. XMEMCPY(out + idx, s->data, s->length);
  2522. if (*pp == NULL)
  2523. *pp = out;
  2524. else
  2525. *pp += len;
  2526. return len;
  2527. }
  2528. int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
  2529. {
  2530. WOLFSSL_ENTER("wolfSSL_i2d_ASN1_GENERALSTRING");
  2531. return i2d_ASN1_STRING(s, pp, ASN_GENERALSTRING);
  2532. }
  2533. int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
  2534. {
  2535. WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OCTET_STRING");
  2536. return i2d_ASN1_STRING(s, pp, ASN_OCTET_STRING);
  2537. }
  2538. int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
  2539. {
  2540. WOLFSSL_ENTER("wolfSSL_i2d_ASN1_UTF8STRING");
  2541. return i2d_ASN1_STRING(s, pp, ASN_UTF8STRING);
  2542. }
  2543. int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
  2544. unsigned char **pp)
  2545. {
  2546. unsigned char* out;
  2547. if (s == NULL || s->data == NULL || s->length == 0)
  2548. return WOLFSSL_FATAL_ERROR;
  2549. if (pp == NULL)
  2550. return s->length;
  2551. if (*pp == NULL) {
  2552. out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1);
  2553. if (out == NULL)
  2554. return WOLFSSL_FATAL_ERROR;
  2555. }
  2556. else {
  2557. out = *pp;
  2558. }
  2559. XMEMCPY(out, s->data, s->length);
  2560. if (*pp == NULL)
  2561. *pp = out;
  2562. else
  2563. *pp += s->length;
  2564. return s->length;
  2565. }
  2566. static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out,
  2567. const byte** src, long len, byte expTag)
  2568. {
  2569. WOLFSSL_ASN1_STRING* ret = NULL;
  2570. word32 idx = 0;
  2571. byte tag = 0;
  2572. int length = 0;
  2573. WOLFSSL_ENTER("d2i_ASN1_STRING");
  2574. if (src == NULL || *src == NULL || len == 0)
  2575. return NULL;
  2576. if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
  2577. return NULL;
  2578. if (tag != expTag)
  2579. return NULL;
  2580. if (GetLength(*src, &idx, &length, (word32)len) < 0)
  2581. return NULL;
  2582. ret = wolfSSL_ASN1_STRING_new();
  2583. if (ret == NULL)
  2584. return NULL;
  2585. if (wolfSSL_ASN1_STRING_set(ret, *src + idx, length) != 1) {
  2586. wolfSSL_ASN1_STRING_free(ret);
  2587. return NULL;
  2588. }
  2589. if (out != NULL) {
  2590. if (*out != NULL)
  2591. wolfSSL_ASN1_STRING_free(*out);
  2592. *out = ret;
  2593. }
  2594. *src += idx + length;
  2595. return ret;
  2596. }
  2597. WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING** out,
  2598. const byte** src, long len)
  2599. {
  2600. WOLFSSL_ENTER("wolfSSL_d2i_ASN1_GENERALSTRING");
  2601. return d2i_ASN1_STRING(out, src, len, ASN_GENERALSTRING);
  2602. }
  2603. WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING** out,
  2604. const byte** src, long len)
  2605. {
  2606. WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OCTET_STRING");
  2607. return d2i_ASN1_STRING(out, src, len, ASN_OCTET_STRING);
  2608. }
  2609. WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING** out,
  2610. const byte** src, long len)
  2611. {
  2612. WOLFSSL_ENTER("wolfSSL_d2i_ASN1_UTF8STRING");
  2613. return d2i_ASN1_STRING(out, src, len, ASN_UTF8STRING);
  2614. }
  2615. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
  2616. #endif /* NO_ASN */
  2617. #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
  2618. /* Get the type of encoding.
  2619. *
  2620. * @param [in] asn1 ASN.1 STRING object.
  2621. * @return Encoding type on success.
  2622. * @return 0 when asn1 is NULL or no encoding set.
  2623. */
  2624. int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
  2625. {
  2626. int type = 0;
  2627. #ifdef WOLFSSL_DEBUG_OPENSSL
  2628. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
  2629. #endif
  2630. if (asn1 != NULL) {
  2631. type = asn1->type;
  2632. }
  2633. return type;
  2634. }
  2635. #ifndef NO_CERTS
  2636. /* Get the pointer that is the data.
  2637. *
  2638. * @param [in] asn ASN.1 STRING object.
  2639. * @return Buffer with string on success.
  2640. * @return NULL when asn is NULL or no data set.
  2641. */
  2642. const unsigned char* wolfSSL_ASN1_STRING_get0_data(
  2643. const WOLFSSL_ASN1_STRING* asn)
  2644. {
  2645. char* data = NULL;
  2646. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_get0_data");
  2647. if (asn != NULL) {
  2648. data = asn->data;
  2649. }
  2650. return (const unsigned char*)data;
  2651. }
  2652. /* Get the pointer that is the data.
  2653. *
  2654. * @param [in] asn ASN.1 STRING object.
  2655. * @return Buffer with string on success.
  2656. * @return NULL when asn is NULL or no data set.
  2657. */
  2658. unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
  2659. {
  2660. char* data = NULL;
  2661. #ifdef WOLFSSL_DEBUG_OPENSSL
  2662. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
  2663. #endif
  2664. if (asn != NULL) {
  2665. data = asn->data;
  2666. }
  2667. return (unsigned char*)data;
  2668. }
  2669. /* Get the length of the data.
  2670. *
  2671. * @param [in] asn ASN.1 STRING object.
  2672. * @return String length on success.
  2673. * @return 0 when asn is NULL or no data set.
  2674. */
  2675. int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn)
  2676. {
  2677. int len = 0;
  2678. #ifdef WOLFSSL_DEBUG_OPENSSL
  2679. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
  2680. #endif
  2681. if (asn) {
  2682. len = asn->length;
  2683. }
  2684. return len;
  2685. }
  2686. #endif /* !NO_CERTS */
  2687. /* Set the string data.
  2688. *
  2689. * When sz is less than 0, the string length will be calculated using XSTRLEN.
  2690. *
  2691. * @param [in, out] asn1 ASN.1 STRING object.
  2692. * @param [in] data String data to set.
  2693. * @param [in] sz Length of data to set in bytes.
  2694. * @return 1 on success.
  2695. * @return 0 when asn1 is NULL or data is NULL and sz is not zero.
  2696. * @return 0 when dynamic memory allocation fails.
  2697. */
  2698. int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int sz)
  2699. {
  2700. int ret = 1;
  2701. #ifdef WOLFSSL_DEBUG_OPENSSL
  2702. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
  2703. #endif
  2704. /* Validate parameters. */
  2705. if ((asn1 == NULL) || ((data == NULL) && (sz != 0))) {
  2706. ret = 0;
  2707. }
  2708. /* Calculate size from data if not passed in. */
  2709. if ((ret == 1) && (sz < 0)) {
  2710. sz = (int)XSTRLEN((const char*)data);
  2711. if (sz < 0) {
  2712. ret = 0;
  2713. }
  2714. }
  2715. if (ret == 1) {
  2716. /* Dispose of any existing dynamic data. */
  2717. if (asn1->isDynamic) {
  2718. XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
  2719. asn1->data = NULL;
  2720. }
  2721. /* Check string will fit - including NUL. */
  2722. if (sz + 1 > CTC_NAME_SIZE) {
  2723. /* Allocate new buffer. */
  2724. asn1->data = (char*)XMALLOC((size_t)(sz + 1), NULL,
  2725. DYNAMIC_TYPE_OPENSSL);
  2726. if (asn1->data == NULL) {
  2727. ret = 0;
  2728. }
  2729. else {
  2730. /* Ensure buffer will be freed. */
  2731. asn1->isDynamic = 1;
  2732. }
  2733. }
  2734. else {
  2735. /* Clear out fixed array and use it for data. */
  2736. XMEMSET(asn1->strData, 0, CTC_NAME_SIZE);
  2737. asn1->data = asn1->strData;
  2738. asn1->isDynamic = 0;
  2739. }
  2740. }
  2741. if (ret == 1) {
  2742. /* Check if there is a string to copy. */
  2743. if (data != NULL) {
  2744. /* Copy string and append NUL. */
  2745. XMEMCPY(asn1->data, data, (size_t)sz);
  2746. asn1->data[sz] = '\0';
  2747. }
  2748. /* Set size of string. */
  2749. asn1->length = sz;
  2750. }
  2751. return ret;
  2752. }
  2753. #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
  2754. #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
  2755. !defined(WOLFCRYPT_ONLY)
  2756. #ifndef NO_CERTS
  2757. /* Make a UTF8 canonical version of ASN.1 STRING object's data.
  2758. *
  2759. * @param [in, out] asn ASN.1 STRING to set.
  2760. */
  2761. static void wolfssl_asn1_string_canonicalize(WOLFSSL_ASN1_STRING* asn)
  2762. {
  2763. char* src = asn->data;
  2764. char* p = asn->data + asn->length - 1;
  2765. int len = asn->length;
  2766. int i;
  2767. /* Trim whitespace from the tail. */
  2768. for (; (len > 0) && (XISSPACE((unsigned char)*p)); len--) {
  2769. p--;
  2770. }
  2771. if (len > 0) {
  2772. /* Trim whitespace from the head. */
  2773. for (; XISSPACE((unsigned char)*src); len--) {
  2774. src++;
  2775. }
  2776. }
  2777. /* Output at the start. */
  2778. p = asn->data;
  2779. /* Process each character in string after trim. */
  2780. for (i = 0; i < len; p++, i++) {
  2781. /* Check for non-ascii character. */
  2782. if (!XISASCII(*src)) {
  2783. /* Keep non-ascii character as-is. */
  2784. *p = *src++;
  2785. }
  2786. /* Check for whitespace. */
  2787. else if (XISSPACE((unsigned char)*src)) {
  2788. /* Only use space character for whitespace. */
  2789. *p = 0x20;
  2790. /* Skip any succeeding whitespace characters. */
  2791. while (XISSPACE((unsigned char)*++src)) {
  2792. i++;
  2793. }
  2794. }
  2795. else {
  2796. /* Convert to lower case. */
  2797. *p = (char)XTOLOWER((unsigned char)*src++);
  2798. }
  2799. }
  2800. /* Set actual length after canonicalization. */
  2801. asn->length = (int)(p - asn->data);
  2802. }
  2803. /* Make a canonical version of ASN.1 STRING object in ASN.1 STRING object.
  2804. *
  2805. * @param [in, out] asn_out ASN.1 STRING object to set.
  2806. * @param [in] asn_in ASN.1 STRING object to get data from.
  2807. * @return 1 on success.
  2808. * @return BAD_FUNC_ARG when asn_out or asn_in is NULL.
  2809. * @return 0 when no data.
  2810. * @return 0 when dynamic memory allocation fails.
  2811. */
  2812. int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
  2813. const WOLFSSL_ASN1_STRING* asn_in)
  2814. {
  2815. int ret = 1;
  2816. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon");
  2817. /* Validate parameters. */
  2818. if ((asn_out == NULL) || (asn_in == NULL)) {
  2819. WOLFSSL_MSG("invalid function arguments");
  2820. ret = BAD_FUNC_ARG;
  2821. }
  2822. if (ret == 1) {
  2823. switch (asn_in->type) {
  2824. case WOLFSSL_MBSTRING_UTF8:
  2825. case WOLFSSL_V_ASN1_PRINTABLESTRING:
  2826. /* Set type to UTF8. */
  2827. asn_out->type = WOLFSSL_MBSTRING_UTF8;
  2828. /* Dispose of any dynamic data already in asn_out. */
  2829. if (asn_out->isDynamic) {
  2830. XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
  2831. asn_out->data = NULL;
  2832. }
  2833. /* Make ASN.1 STRING into UTF8 buffer. */
  2834. asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
  2835. (unsigned char**)&asn_out->data,
  2836. (WOLFSSL_ASN1_STRING*)asn_in);
  2837. /* Check for error from creating UTF8 string. */
  2838. if (asn_out->length < 0) {
  2839. ret = 0;
  2840. }
  2841. else {
  2842. /* Data now dynamic after converting to UTF8. */
  2843. asn_out->isDynamic = 1;
  2844. /* Canonicalize the data. */
  2845. wolfssl_asn1_string_canonicalize(asn_out);
  2846. if (asn_out->length == 0) {
  2847. /* Dispose of data if canonicalization removes all
  2848. * characters. */
  2849. XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
  2850. asn_out->data = NULL;
  2851. asn_out->isDynamic = 0;
  2852. }
  2853. }
  2854. break;
  2855. default:
  2856. /* Unrecognized format - just copy. */
  2857. WOLFSSL_MSG("just copy string");
  2858. ret = wolfSSL_ASN1_STRING_copy(asn_out, asn_in);
  2859. }
  2860. }
  2861. return ret;
  2862. }
  2863. #endif /* !NO_CERTS */
  2864. #endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && !WOLFCRYPT_ONLY */
  2865. #if defined(OPENSSL_EXTRA)
  2866. #if !defined(NO_ASN)
  2867. #ifndef NO_BIO
  2868. /* Returns boolean indicating character is unprintable.
  2869. *
  2870. * @param [in] c ASCII character.
  2871. * @return 1 when character is unprintable.
  2872. * @return 0 when character is printable.
  2873. */
  2874. static int wolfssl_unprintable_char(char c)
  2875. {
  2876. const unsigned char last_unprintable = 31;
  2877. const unsigned char LF = 10; /* Line Feed */
  2878. const unsigned char CR = 13; /* Carriage Return */
  2879. return (c <= last_unprintable) && (c != LF) && (c != CR);
  2880. }
  2881. /* Print ASN.1 STRING to BIO.
  2882. *
  2883. * TODO: Unprintable characters conversion is destructive.
  2884. *
  2885. * @param [in] bio BIO to print to.
  2886. * @param [in] str ASN.1 STRING to print.
  2887. * @return Length of string written on success.
  2888. * @return 0 when bio or str is NULL.
  2889. * @return 0 when writing to BIO fails.
  2890. */
  2891. int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str)
  2892. {
  2893. int len = 0;
  2894. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_print");
  2895. /* Validate parameters. */
  2896. if ((bio != NULL) && (str != NULL)) {
  2897. int i;
  2898. len = str->length;
  2899. /* Convert all unprintable characters to '.'. */
  2900. for (i = 0; i < len; i++) {
  2901. if (wolfssl_unprintable_char(str->data[i])) {
  2902. str->data[i] = '.';
  2903. }
  2904. }
  2905. /* Write string to BIO. */
  2906. if (wolfSSL_BIO_write(bio, str->data, len) != len) {
  2907. len = 0;
  2908. }
  2909. }
  2910. return len;
  2911. }
  2912. #endif /* !NO_BIO */
  2913. #endif /* !NO_ASN */
  2914. /* Get a string for the ASN.1 tag.
  2915. *
  2916. * @param [in] tag ASN.1 tag.
  2917. * @return A string.
  2918. */
  2919. const char* wolfSSL_ASN1_tag2str(int tag)
  2920. {
  2921. static const char *const tag_label[31] = {
  2922. "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL",
  2923. "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED",
  2924. "<ASN1 11>", "UTF8STRING", "<ASN1 13>", "<ASN1 14>", "<ASN1 15>",
  2925. "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
  2926. "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
  2927. "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING",
  2928. "<ASN1 29>", "BMPSTRING"
  2929. };
  2930. const char* str = "(unknown)";
  2931. /* Clear negative flag. */
  2932. if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) || (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
  2933. tag &= ~WOLFSSL_V_ASN1_NEG;
  2934. }
  2935. /* Check for known basic types. */
  2936. if ((tag >= 0) && (tag <= 30)) {
  2937. str = tag_label[tag];
  2938. }
  2939. return str;
  2940. }
  2941. #ifndef NO_BIO
  2942. /* Print out ASN.1 tag for the ASN.1 STRING to the BIO.
  2943. *
  2944. * @param [in] bio BIO to write to.
  2945. * @param [in] str ASN.1 STRING object.
  2946. * @return Number of characters written on success.
  2947. * @return 0 when BIO write fails.
  2948. */
  2949. static int wolfssl_string_print_type(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str)
  2950. {
  2951. int type_len;
  2952. const char *tag;
  2953. /* Get tag and string length. */
  2954. tag = wolfSSL_ASN1_tag2str(str->type);
  2955. type_len = (int)XSTRLEN(tag);
  2956. /* Write tag to BIO. */
  2957. if (wolfSSL_BIO_write(bio, tag, type_len) != type_len){
  2958. type_len = 0;
  2959. }
  2960. /* Write colon after tag string. */
  2961. else if (wolfSSL_BIO_write(bio, ":", 1) != 1) {
  2962. type_len = 0;
  2963. }
  2964. else {
  2965. /* Written colon - update count. */
  2966. type_len++;
  2967. }
  2968. return type_len;
  2969. }
  2970. /* Dump hex digit representation of each string character to BIO.
  2971. *
  2972. * TODO: Assumes length is only one byte ie less than 128 characters long.
  2973. *
  2974. * @param [in] bio BIO to write to.
  2975. * @param [in] str ASN.1 STRING object.
  2976. * @param [in] asDer Whether to write out as a DER encoding.
  2977. * @return Number of characters written to BIO on success.
  2978. * @return -1 when writing to BIO fails.
  2979. */
  2980. static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
  2981. WOLFSSL_ASN1_STRING *str, int asDer)
  2982. {
  2983. const char* hash="#";
  2984. char hex_tmp[4];
  2985. int str_len = 1;
  2986. /* Write out hash character to indicate hex string. */
  2987. if (wolfSSL_BIO_write(bio, hash, 1) != 1) {
  2988. str_len = WOLFSSL_FATAL_ERROR;
  2989. }
  2990. else {
  2991. /* Check if we are to write out DER header. */
  2992. if (asDer) {
  2993. /* Encode tag and length as hex into temporary. */
  2994. ByteToHexStr((byte)str->type, &hex_tmp[0]);
  2995. ByteToHexStr((byte)str->length, &hex_tmp[2]);
  2996. /* Update count of written characters: tag and length. */
  2997. str_len += 4;
  2998. /* Write out tag and length as hex digits. */
  2999. if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) {
  3000. str_len = WOLFSSL_FATAL_ERROR;
  3001. }
  3002. }
  3003. }
  3004. if (str_len != -1) {
  3005. char* p;
  3006. char* end;
  3007. /* Calculate end of string. */
  3008. end = str->data + str->length - 1;
  3009. for (p = str->data; p <= end; p++) {
  3010. /* Encode string character as hex into temporary. */
  3011. ByteToHexStr((byte)*p, hex_tmp);
  3012. /* Update count of written characters. */
  3013. str_len += 2;
  3014. /* Write out character as hex digites. */
  3015. if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) {
  3016. str_len = WOLFSSL_FATAL_ERROR;
  3017. break;
  3018. }
  3019. }
  3020. }
  3021. return str_len;
  3022. }
  3023. /* Check whether character needs to be escaped.
  3024. *
  3025. * @param [in] c Character to check for.
  3026. * @param [in] str String to check.
  3027. * @return 1 when character found.
  3028. * @return 0 when character not found.
  3029. */
  3030. static int wolfssl_check_esc_char(char c)
  3031. {
  3032. int ret = 0;
  3033. const char esc_ch[] = "+;<>\\";
  3034. const char* p = esc_ch;
  3035. /* Check if character matches any of those needing escaping. */
  3036. for (; (*p) != '\0'; p++) {
  3037. /* Check if character matches escape character. */
  3038. if (c == (*p)) {
  3039. ret = 1;
  3040. break;
  3041. }
  3042. }
  3043. return ret;
  3044. }
  3045. /* Print out string, with escaping for special characters, to BIO.
  3046. *
  3047. * @param [in] bio BIO to write to.
  3048. * @param [in] str ASN.1 STRING object.
  3049. * @return Number of characters written to BIO on success.
  3050. * @return -1 when writing to BIO fails.
  3051. */
  3052. static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
  3053. WOLFSSL_ASN1_STRING *str)
  3054. {
  3055. char* p;
  3056. int str_len = 0;
  3057. /* Write all of string character by character. */
  3058. for (p = str->data; (*p) != '\0'; p++) {
  3059. /* Check if character needs escaping. */
  3060. if (wolfssl_check_esc_char(*p)){
  3061. /* Update count of written characters. */
  3062. str_len++;
  3063. /* Write out escaping character. */
  3064. if (wolfSSL_BIO_write(bio,"\\", 1) != 1) {
  3065. str_len = WOLFSSL_FATAL_ERROR;
  3066. break;
  3067. }
  3068. }
  3069. /* Update count of written characters. */
  3070. str_len++;
  3071. /* Write out character. */
  3072. if (wolfSSL_BIO_write(bio, p, 1) != 1) {
  3073. str_len = WOLFSSL_FATAL_ERROR;
  3074. break;
  3075. }
  3076. }
  3077. return str_len;
  3078. }
  3079. /* Extended print ASN.1 STRING to BIO.
  3080. *
  3081. * @param [in] bio BIO to print to.
  3082. * @param [in] str ASN.1 STRING to print.
  3083. * @param [in] flags Flags describing output format.
  3084. * @return Length of string written on success.
  3085. * @return 0 when bio or str is NULL.
  3086. * @return 0 when writing to BIO fails.
  3087. */
  3088. int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
  3089. unsigned long flags)
  3090. {
  3091. int err = 0;
  3092. int str_len = -1;
  3093. int type_len = 0;
  3094. WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex");
  3095. /* Validate parameters. */
  3096. if ((bio == NULL) || (str == NULL)) {
  3097. err = 1;
  3098. }
  3099. /* Check if ASN.1 type is to be printed. */
  3100. if ((!err) && (flags & WOLFSSL_ASN1_STRFLGS_SHOW_TYPE)) {
  3101. /* Print type and colon to BIO. */
  3102. type_len = wolfssl_string_print_type(bio, str);
  3103. if (type_len == 0) {
  3104. err = 1;
  3105. }
  3106. }
  3107. if (!err) {
  3108. if (flags & WOLFSSL_ASN1_STRFLGS_DUMP_ALL) {
  3109. /* Dump hex. */
  3110. str_len = wolfssl_asn1_string_dump_hex(bio, str,
  3111. flags & WOLFSSL_ASN1_STRFLGS_DUMP_DER);
  3112. }
  3113. else if (flags & WOLFSSL_ASN1_STRFLGS_ESC_2253) {
  3114. /* Print out string with escaping. */
  3115. str_len = wolfssl_asn1_string_print_esc_2253(bio, str);
  3116. }
  3117. else {
  3118. /* Get number of characters to write. */
  3119. str_len = str->length;
  3120. /* Print out string as is. */
  3121. if (wolfSSL_BIO_write(bio, str->data, str_len) != str_len) {
  3122. err = 1;
  3123. }
  3124. }
  3125. }
  3126. if ((!err) && (str_len != -1)) {
  3127. /* Include any characters written for type. */
  3128. str_len += type_len;
  3129. }
  3130. else {
  3131. str_len = 0;
  3132. }
  3133. return str_len;
  3134. }
  3135. #endif /* !NO_BIO */
  3136. #endif /* OPENSSL_EXTRA */
  3137. /*******************************************************************************
  3138. * ASN1_GENERALIZEDTIME APIs
  3139. ******************************************************************************/
  3140. #ifdef OPENSSL_EXTRA
  3141. /* Free the static ASN.1 GENERALIZED TIME object.
  3142. *
  3143. * Not an OpenSSL compatibility API.
  3144. *
  3145. * @param [in] asn1Time ASN.1 GENERALIZED TIME object.
  3146. */
  3147. void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
  3148. {
  3149. WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free");
  3150. XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL);
  3151. }
  3152. #ifndef NO_BIO
  3153. /* Return the month as a string.
  3154. *
  3155. * Assumes n is '01'-'12'.
  3156. *
  3157. * @param [in] n The number of the month as a two characters (1 based).
  3158. * @return Month as a string.
  3159. */
  3160. static WC_INLINE const char* MonthStr(const char* n)
  3161. {
  3162. static const char monthStr[12][4] = {
  3163. "Jan", "Feb", "Mar", "Apr", "May", "Jun",
  3164. "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
  3165. const char* month = "BAD";
  3166. int i;
  3167. i = (n[0] - '0') * 10 + (n[1] - '0') - 1;
  3168. /* Convert string to number and index table. */
  3169. if ((i >= 0) && (i < 12)) {
  3170. month = monthStr[i];
  3171. }
  3172. return month;
  3173. }
  3174. /* Print an ASN.1 GENERALIZED TIME to a BIO.
  3175. *
  3176. * @param [in] bio BIO to write to.
  3177. * @param [in] asnTime ASN.1 GENERALIZED TIME object.
  3178. * @return 1 on success.
  3179. * @return 0 when ASN.1 GENERALIZED TIME type is invalid.
  3180. * @return 0 when writing to BIO fails.
  3181. * @return BAD_FUNC_ARG when bio or asnTime is NULL.
  3182. */
  3183. int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
  3184. const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime)
  3185. {
  3186. int ret = 1;
  3187. const char* p = NULL;
  3188. WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_print");
  3189. /* Validate parameters. */
  3190. if ((bio == NULL) || (asnTime == NULL)) {
  3191. ret = BAD_FUNC_ARG;
  3192. }
  3193. /* Check type is GENERALIZED TIME. */
  3194. if ((ret == 1) && (asnTime->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
  3195. WOLFSSL_MSG("Error, not GENERALIZED_TIME");
  3196. ret = 0;
  3197. }
  3198. if (ret == 1) {
  3199. /* Get the string. */
  3200. p = (const char *)(asnTime->data);
  3201. /* Print month as a 3 letter string. */
  3202. if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) != 3) {
  3203. ret = 0;
  3204. }
  3205. }
  3206. /* Print space separator. */
  3207. if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
  3208. ret = 0;
  3209. }
  3210. /* Print day. */
  3211. if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 6, 2) != 2)) {
  3212. ret = 0;
  3213. }
  3214. /* Print space separator. */
  3215. if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
  3216. ret = 0;
  3217. }
  3218. /* Print hour. */
  3219. if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 8, 2) != 2)) {
  3220. ret = 0;
  3221. }
  3222. /* Print time separator - colon. */
  3223. if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) {
  3224. ret = 0;
  3225. }
  3226. /* Print minutes. */
  3227. if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 10, 2) != 2)) {
  3228. ret = 0;
  3229. }
  3230. /* Print time separator - colon. */
  3231. if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) {
  3232. ret = 0;
  3233. }
  3234. /* Print seconds. */
  3235. if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 12, 2) != 2)) {
  3236. ret = 0;
  3237. }
  3238. /* Print space separator. */
  3239. if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
  3240. ret = 0;
  3241. }
  3242. /* Print year. */
  3243. if ((ret == 1) && (wolfSSL_BIO_write(bio, p, 4) != 4)) {
  3244. ret = 0;
  3245. }
  3246. return ret;
  3247. }
  3248. #endif /* !NO_BIO */
  3249. #endif /* OPENSSL_EXTRA */
  3250. /*******************************************************************************
  3251. * ASN1_TIME APIs
  3252. ******************************************************************************/
  3253. #ifndef NO_ASN_TIME
  3254. #ifdef OPENSSL_EXTRA
  3255. /* Allocate a new ASN.1 TIME object.
  3256. *
  3257. * @return New empty ASN.1 TIME object on success.
  3258. * @return NULL when dynamic memory allocation fails.
  3259. */
  3260. WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void)
  3261. {
  3262. WOLFSSL_ASN1_TIME* ret;
  3263. /* Allocate a new ASN.1 TYPE object. */
  3264. ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
  3265. DYNAMIC_TYPE_OPENSSL);
  3266. if (ret != NULL) {
  3267. /* Clear out fields. */
  3268. XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME));
  3269. }
  3270. return ret;
  3271. }
  3272. /* Dispose of ASN.1 TIME object.
  3273. *
  3274. * @param [in, out] t ASN.1 TIME object.
  3275. */
  3276. void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t)
  3277. {
  3278. /* Dispose of ASN.1 TIME object. */
  3279. XFREE(t, NULL, DYNAMIC_TYPE_OPENSSL);
  3280. }
  3281. #ifndef NO_WOLFSSL_STUB
  3282. /* Set the Unix time GMT into ASN.1 TIME object.
  3283. *
  3284. * Not implemented.
  3285. *
  3286. * @param [in, out] a ASN.1 TIME object.
  3287. * @param [in] t Unix time GMT.
  3288. * @return An ASN.1 TIME object.
  3289. */
  3290. WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *a, time_t t)
  3291. {
  3292. WOLFSSL_STUB("wolfSSL_ASN1_TIME_set");
  3293. (void)a;
  3294. (void)t;
  3295. return a;
  3296. }
  3297. #endif /* !NO_WOLFSSL_STUB */
  3298. /* Convert time to Unix time (GMT).
  3299. *
  3300. * @param [in] sec Second in minute. 0-59.
  3301. * @param [in] minute Minute in hour. 0-59.
  3302. * @param [in] hour Hour in day. 0-23.
  3303. * @param [in] mday Day of month. 1-31.
  3304. * @param [in] mon Month of year. 0-11
  3305. * @param [in] year Year including century. ie: 1991, 2023, 2048.
  3306. * @return Seconds since 00:00:00 01/01/1970 for the time passed in.
  3307. */
  3308. static long long wolfssl_time_to_unix_time(int sec, int minute, int hour,
  3309. int mday, int mon, int year)
  3310. {
  3311. /* Number of cumulative days from the previous months, starting from
  3312. * beginning of January. */
  3313. static const int monthDaysCumulative [12] = {
  3314. 0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
  3315. };
  3316. int leapDays = year;
  3317. /* Leap day at end of February. */
  3318. if (mon <= 1) {
  3319. --leapDays;
  3320. }
  3321. /* Calculate leap days. */
  3322. leapDays = leapDays / 4 - leapDays / 100 + leapDays / 400 - 1969 / 4 +
  3323. 1969 / 100 - 1969 / 400;
  3324. /* Calculate number of seconds. */
  3325. return ((((long long) (year - 1970) * 365 + leapDays +
  3326. monthDaysCumulative[mon] + mday - 1) * 24 + hour) * 60 + minute) *
  3327. 60 + sec;
  3328. }
  3329. /* Convert ASN.1 TIME object to Unix time (GMT).
  3330. *
  3331. * @param [in] t ASN.1 TIME object.
  3332. * @param [out] secs Number of seconds since 00:00:00 01/01/1970.
  3333. * @return 1 on success.
  3334. * @return 0 when conversion of time fails.
  3335. */
  3336. static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t,
  3337. long long* secs)
  3338. {
  3339. int ret = 1;
  3340. struct tm tm_s;
  3341. struct tm *tmGmt = &tm_s;
  3342. /* Convert ASN.1 TIME to broken-down time. NULL treated as current time. */
  3343. ret = wolfSSL_ASN1_TIME_to_tm(t, tmGmt);
  3344. if (ret != 1) {
  3345. WOLFSSL_MSG("Failed to convert from time to struct tm.");
  3346. }
  3347. else {
  3348. /* We use wolfssl_time_to_unix_time here instead of XMKTIME to avoid the
  3349. * Year 2038 problem on platforms where time_t is 32 bits. struct tm
  3350. * stores the year as years since 1900, so we add 1900 to the year. */
  3351. *secs = wolfssl_time_to_unix_time(tmGmt->tm_sec, tmGmt->tm_min,
  3352. tmGmt->tm_hour, tmGmt->tm_mday, tmGmt->tm_mon,
  3353. tmGmt->tm_year + 1900);
  3354. }
  3355. return ret;
  3356. }
  3357. /* Calculate difference in time of two ASN.1 TIME objects.
  3358. *
  3359. * @param [out] days Number of whole days between from and to.
  3360. * @param [out] secs Number of seconds less than a day between from and to.
  3361. * @param [in] from ASN.1 TIME object as start time.
  3362. * @param [in] to ASN.1 TIME object as end time.
  3363. * @return 1 on success.
  3364. * @return 0 when days or secs is NULL.
  3365. * @return 0 when conversion of time fails.
  3366. */
  3367. int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
  3368. const WOLFSSL_ASN1_TIME *to)
  3369. {
  3370. int ret = 1;
  3371. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff");
  3372. /* Validate parameters. */
  3373. if (days == NULL) {
  3374. WOLFSSL_MSG("days is NULL");
  3375. ret = 0;
  3376. }
  3377. if ((ret == 1) && (secs == NULL)) {
  3378. WOLFSSL_MSG("secs is NULL");
  3379. ret = 0;
  3380. }
  3381. if ((ret == 1) && ((from == NULL) && (to == NULL))) {
  3382. *days = 0;
  3383. *secs = 0;
  3384. }
  3385. else if (ret == 1) {
  3386. const long long SECS_PER_DAY = 24 * 60 * 60;
  3387. long long fromSecs;
  3388. long long toSecs = 0;
  3389. ret = wolfssl_asn1_time_to_secs(from, &fromSecs);
  3390. if (ret == 1) {
  3391. ret = wolfssl_asn1_time_to_secs(to, &toSecs);
  3392. }
  3393. if (ret == 1) {
  3394. long long diffSecs = toSecs - fromSecs;
  3395. *days = (int) (diffSecs / SECS_PER_DAY);
  3396. *secs = (int) (diffSecs - ((long long)*days * SECS_PER_DAY));
  3397. }
  3398. }
  3399. return ret;
  3400. }
  3401. /* Compare two ASN.1 TIME objects by comparing time value.
  3402. *
  3403. * @param [in] a First ASN.1 TIME object.
  3404. * @param [in] b Second ASN.1 TIME object.
  3405. * @return Negative value when a is less than b.
  3406. * @return 0 when a equals b.
  3407. * @return Positive value when a is greater than b.
  3408. * @return -2 when a or b is invalid.
  3409. */
  3410. int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
  3411. const WOLFSSL_ASN1_TIME *b)
  3412. {
  3413. int ret;
  3414. int days;
  3415. int secs;
  3416. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_compare");
  3417. /* Calculate difference in time between a and b. */
  3418. if (wolfSSL_ASN1_TIME_diff(&days, &secs, a, b) != 1) {
  3419. WOLFSSL_MSG("Failed to get time difference.");
  3420. ret = -2;
  3421. }
  3422. else if (days == 0 && secs == 0) {
  3423. /* a and b are the same time. */
  3424. ret = 0;
  3425. }
  3426. else if (days >= 0 && secs >= 0) {
  3427. /* a is before b. */
  3428. ret = -1;
  3429. }
  3430. /* Assume wolfSSL_ASN1_TIME_diff creates coherent values. */
  3431. else {
  3432. ret = 1;
  3433. }
  3434. WOLFSSL_LEAVE("wolfSSL_ASN1_TIME_compare", ret);
  3435. return ret;
  3436. }
  3437. #if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
  3438. /* Adjust the time into an ASN.1 TIME object.
  3439. *
  3440. * @param [in] a ASN.1 TIME object. May be NULL.
  3441. * @param [in] t Time to offset.
  3442. * @param [in] offset_day Number of days to offset. May be negative.
  3443. * @param [in] offset_sec Number of seconds to offset. May be negative.
  3444. * @return ASN.1 TIME object on success.
  3445. * @return NULL when formatting time fails.
  3446. * @return NULL when dynamic memory allocation fails.
  3447. */
  3448. WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* a, time_t t,
  3449. int offset_day, long offset_sec)
  3450. {
  3451. WOLFSSL_ASN1_TIME* ret = NULL;
  3452. const time_t sec_per_day = 24*60*60;
  3453. int time_get;
  3454. char time_str[MAX_TIME_STRING_SZ];
  3455. time_t offset_day_sec = offset_day * sec_per_day;
  3456. time_t t_adj = t + offset_day_sec + offset_sec;
  3457. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj");
  3458. /* Get time string as either UTC or GeneralizedTime. */
  3459. time_get = GetFormattedTime(&t_adj, (byte*)time_str, MAX_TIME_STRING_SZ);
  3460. if (time_get > 0) {
  3461. ret = a;
  3462. if (ret == NULL) {
  3463. ret = wolfSSL_ASN1_TIME_new();
  3464. }
  3465. /* Set the string into the ASN.1 TIME object. */
  3466. if ((wolfSSL_ASN1_TIME_set_string(ret, time_str) != 1) && (ret != a)) {
  3467. wolfSSL_ASN1_TIME_free(ret);
  3468. ret = NULL;
  3469. }
  3470. }
  3471. return ret;
  3472. }
  3473. #endif /* !USER_TIME && !TIME_OVERRIDES */
  3474. /* Get the length of the ASN.1 TIME data.
  3475. *
  3476. * Not an OpenSSL function - ASN1_TIME is not opaque.
  3477. *
  3478. * @param [in] t ASN.1 TIME object.
  3479. * @return Length of data on success.
  3480. * @return 0 when t is NULL or no time set.
  3481. */
  3482. int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t)
  3483. {
  3484. int len = 0;
  3485. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length");
  3486. if (t != NULL) {
  3487. len = t->length;
  3488. }
  3489. return len;
  3490. }
  3491. /* Get the data from the ASN.1 TIME object.
  3492. *
  3493. * Not an OpenSSL function - ASN1_TIME is not opaque.
  3494. *
  3495. * @param [in] t ASN.1 TIME object.
  3496. * @return Data buffer on success.
  3497. * @return NULL when t is NULL.
  3498. */
  3499. unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
  3500. {
  3501. unsigned char* data = NULL;
  3502. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data");
  3503. if (t != NULL) {
  3504. data = (unsigned char*)t->data;
  3505. }
  3506. return data;
  3507. }
  3508. /* Check format of string in ASN.1 TIME object.
  3509. *
  3510. * @param [in] a ASN.1 TIME object.
  3511. * @return 1 on success.
  3512. * @return 0 when format invalid.
  3513. */
  3514. int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
  3515. {
  3516. int ret = WOLFSSL_SUCCESS;
  3517. char buf[MAX_TIME_STRING_SZ];
  3518. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
  3519. /* If can convert to human readable then format good. */
  3520. if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
  3521. MAX_TIME_STRING_SZ) == NULL) {
  3522. ret = WOLFSSL_FAILURE;
  3523. }
  3524. return ret;
  3525. }
  3526. /* Set the time as a string into ASN.1 TIME object.
  3527. *
  3528. * When t is NULL, str is checked only.
  3529. *
  3530. * @param [in, out] t ASN.1 TIME object.
  3531. * @param [in] str Time as a string.
  3532. * @return 1 on success.
  3533. * @return 0 when str is NULL.
  3534. * @return 0 when str is not formatted correctly.
  3535. */
  3536. int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
  3537. {
  3538. int ret = WOLFSSL_SUCCESS;
  3539. int slen = 0;
  3540. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
  3541. if (str == NULL) {
  3542. WOLFSSL_MSG("Bad parameter");
  3543. ret = 0;
  3544. }
  3545. if (ret == WOLFSSL_SUCCESS) {
  3546. /* Get length of string including NUL terminator. */
  3547. slen = (int)XSTRLEN(str) + 1;
  3548. if (slen > CTC_DATE_SIZE) {
  3549. WOLFSSL_MSG("Date string too long");
  3550. ret = WOLFSSL_FAILURE;
  3551. }
  3552. }
  3553. if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
  3554. /* Copy in string including NUL terminator. */
  3555. XMEMCPY(t->data, str, (size_t)slen);
  3556. /* Do not include NUL terminator in length. */
  3557. t->length = slen - 1;
  3558. /* Set ASN.1 type based on string length. */
  3559. t->type = ((slen == ASN_UTC_TIME_SIZE) ? WOLFSSL_V_ASN1_UTCTIME :
  3560. WOLFSSL_V_ASN1_GENERALIZEDTIME);
  3561. }
  3562. return ret;
  3563. }
  3564. int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
  3565. {
  3566. int ret = WOLFSSL_SUCCESS;
  3567. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
  3568. if (t == NULL)
  3569. ret = WOLFSSL_FAILURE;
  3570. if (ret == WOLFSSL_SUCCESS)
  3571. ret = wolfSSL_ASN1_TIME_set_string(t, str);
  3572. if (ret == WOLFSSL_SUCCESS)
  3573. ret = wolfSSL_ASN1_TIME_check(t);
  3574. return ret;
  3575. }
  3576. /* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
  3577. *
  3578. * @param [in] t ASN.1 TIME object.
  3579. * @param [in, out] out ASN.1 GENERALIZED TIME object.
  3580. * @return ASN.1 GENERALIZED TIME object on success.
  3581. * @return NULL when t is NULL or t has wrong ASN.1 type.
  3582. * @return NULL when dynamic memory allocation fails.
  3583. */
  3584. WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
  3585. WOLFSSL_ASN1_TIME **out)
  3586. {
  3587. WOLFSSL_ASN1_TIME *ret = NULL;
  3588. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime");
  3589. /* Validate parameters. */
  3590. if (t == NULL) {
  3591. WOLFSSL_MSG("Invalid ASN_TIME value");
  3592. }
  3593. /* Ensure ASN.1 type is one that is supported. */
  3594. else if ((t->type != WOLFSSL_V_ASN1_UTCTIME) &&
  3595. (t->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
  3596. WOLFSSL_MSG("Invalid ASN_TIME type.");
  3597. }
  3598. /* Check for ASN.1 GENERALIZED TIME object being passed in. */
  3599. else if ((out != NULL) && (*out != NULL)) {
  3600. /* Copy into the passed in object. */
  3601. ret = *out;
  3602. }
  3603. else {
  3604. /* Create a new ASN.1 GENERALIZED TIME object. */
  3605. ret = wolfSSL_ASN1_TIME_new();
  3606. if (ret == NULL) {
  3607. WOLFSSL_MSG("memory alloc failed.");
  3608. }
  3609. }
  3610. if (ret != NULL) {
  3611. /* Set the ASN.1 type and length of string. */
  3612. ret->type = WOLFSSL_V_ASN1_GENERALIZEDTIME;
  3613. if (t->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
  3614. ret->length = ASN_GENERALIZED_TIME_SIZE;
  3615. /* Just copy as data already appropriately formatted. */
  3616. XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
  3617. }
  3618. else {
  3619. /* Convert UTC TIME to GENERALIZED TIME. */
  3620. ret->length = t->length + 2; /* Add two extra year digits */
  3621. if (t->data[0] >= '5') {
  3622. /* >= 50 is 1900s. */
  3623. ret->data[0] = '1'; ret->data[1] = '9';
  3624. }
  3625. else {
  3626. /* < 50 is 2000s. */
  3627. ret->data[0] = '2'; ret->data[1] = '0';
  3628. }
  3629. /* Append rest of the data as it is the same. */
  3630. XMEMCPY(&ret->data[2], t->data, t->length);
  3631. }
  3632. /* Check for pointer to return result through. */
  3633. if (out != NULL) {
  3634. *out = ret;
  3635. }
  3636. }
  3637. return ret;
  3638. }
  3639. #if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
  3640. WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
  3641. {
  3642. WOLFSSL_ASN1_TIME* ret = s;
  3643. WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_set");
  3644. if (ret == NULL) {
  3645. ret = wolfSSL_ASN1_TIME_new();
  3646. if (ret == NULL)
  3647. return NULL;
  3648. }
  3649. ret->length = GetFormattedTime(&t, ret->data, sizeof(ret->data));
  3650. if (ret->length + 1 != ASN_UTC_TIME_SIZE) {
  3651. /* Either snprintf error or t can't be represented in UTC format */
  3652. if (ret != s)
  3653. wolfSSL_ASN1_TIME_free(ret);
  3654. ret = NULL;
  3655. }
  3656. else {
  3657. ret->type = WOLFSSL_V_ASN1_UTCTIME;
  3658. }
  3659. return ret;
  3660. }
  3661. #endif /* !USER_TIME && !TIME_OVERRIDES */
  3662. #endif /* OPENSSL_EXTRA */
  3663. #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
  3664. /* Get string from ASN.1 TIME object.
  3665. *
  3666. * Not an OpenSSL compatibility API.
  3667. *
  3668. * @param [in] t ASN.1 TIME object.
  3669. * @param [in, out] buf Buffer to put string in.
  3670. * @param [in] len Length of buffer in bytes.
  3671. * @return buf on success.
  3672. * @return NULL when t or buf is NULL, or len is less than 5.
  3673. * @return NULL when ASN.1 TIME length is larger than len.
  3674. * @return NULL when internal time format not valid.
  3675. */
  3676. char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
  3677. {
  3678. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
  3679. /* Validate parameters. */
  3680. if ((t == NULL) || (buf == NULL) || (len < 5)) {
  3681. WOLFSSL_MSG("Bad argument");
  3682. buf = NULL;
  3683. }
  3684. /* Check internal length against passed in length. */
  3685. if ((buf != NULL) && (t->length > len)) {
  3686. WOLFSSL_MSG("Length of date is longer then buffer");
  3687. buf = NULL;
  3688. }
  3689. /* Get time as human readable string. */
  3690. if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len)) {
  3691. buf = NULL;
  3692. }
  3693. return buf;
  3694. }
  3695. /* Number of characters in a UTC TIME string. */
  3696. #define UTCTIME_LEN 13
  3697. /* Get year from UTC TIME string.
  3698. *
  3699. * @param [in] str UTC TIME string.
  3700. * @param [in] len Length of string in bytes.
  3701. * @param [out] year Year as extracted from string.
  3702. * @return 1 on success.
  3703. * @return 0 when length is too short for a UTC TIME.
  3704. * @return 0 when not ZULU time.
  3705. */
  3706. static int wolfssl_utctime_year(const unsigned char* str, int len, int* year)
  3707. {
  3708. int ret = 1;
  3709. /* Check minimal length for UTC TIME. */
  3710. if (len < UTCTIME_LEN) {
  3711. WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
  3712. ret = 0;
  3713. }
  3714. /* Only support ZULU time. */
  3715. if ((ret == 1) && (str[UTCTIME_LEN - 1] != 'Z')) {
  3716. WOLFSSL_MSG("Expecting UTC time.");
  3717. ret = 0;
  3718. }
  3719. if (ret == 1) {
  3720. int tm_year;
  3721. /* 2-digit year. */
  3722. tm_year = (str[0] - '0') * 10;
  3723. tm_year += str[1] - '0';
  3724. /* Check for year being in the 2000s. */
  3725. if (tm_year < 50) {
  3726. tm_year += 100;
  3727. }
  3728. *year = tm_year;
  3729. }
  3730. return ret;
  3731. }
  3732. /* Number of characters in a GENERALIZED TIME string. */
  3733. #define GENTIME_LEN 15
  3734. /* Get year from GENERALIZED TIME string.
  3735. *
  3736. * @param [in] str GENERALIZED TIME string.
  3737. * @param [in] len Length of string in bytes.
  3738. * @param [out] year Year as extracted from string.
  3739. * @return 1 on success.
  3740. * @return 0 when length is too short for a GENERALIZED TIME.
  3741. * @return 0 when not ZULU time.
  3742. */
  3743. static int wolfssl_gentime_year(const unsigned char* str, int len, int* year)
  3744. {
  3745. int ret = 1;
  3746. /* Check minimal length for GENERALIZED TIME. */
  3747. if (len < GENTIME_LEN) {
  3748. WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
  3749. ret = 0;
  3750. }
  3751. if ((ret == 1) && (str[GENTIME_LEN - 1] != 'Z')) {
  3752. WOLFSSL_MSG("Expecting Generalized time.");
  3753. ret = 0;
  3754. }
  3755. if (ret == 1) {
  3756. int tm_year;
  3757. /* 4-digit year. */
  3758. tm_year = (str[0] - '0') * 1000;
  3759. tm_year += (str[1] - '0') * 100;
  3760. tm_year += (str[2] - '0') * 10;
  3761. tm_year += str[3] - '0';
  3762. /* Only need value to be years since 1900. */
  3763. tm_year -= 1900;
  3764. *year = tm_year;
  3765. }
  3766. return ret;
  3767. }
  3768. /* Convert an ASN.1 TIME to a struct tm.
  3769. *
  3770. * @param [in] asnTime ASN.1 TIME object.
  3771. * @param [in] tm Broken-down time. Must be non-NULL.
  3772. * @return 1 on success.
  3773. * @return 0 when string format is invalid.
  3774. */
  3775. static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
  3776. struct tm* tm)
  3777. {
  3778. int ret = 1;
  3779. const unsigned char* asn1TimeBuf;
  3780. int asn1TimeBufLen;
  3781. int i = 0;
  3782. #ifdef XMKTIME
  3783. struct tm localTm;
  3784. XMEMSET(&localTm, 0, sizeof localTm);
  3785. #endif
  3786. /* Get the string buffer - fixed array, can't fail. */
  3787. asn1TimeBuf = wolfSSL_ASN1_TIME_get_data(asnTime);
  3788. /* Get the length of the string. */
  3789. asn1TimeBufLen = wolfSSL_ASN1_TIME_get_length(asnTime);
  3790. if (asn1TimeBufLen <= 0) {
  3791. WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer length.");
  3792. ret = 0;
  3793. }
  3794. if (ret == 1) {
  3795. /* Zero out values in broken-down time. */
  3796. XMEMSET(tm, 0, sizeof(struct tm));
  3797. if (asnTime->type == WOLFSSL_V_ASN1_UTCTIME) {
  3798. /* Get year from UTC TIME string. */
  3799. int tm_year;
  3800. if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen,
  3801. &tm_year)) == 1) {
  3802. tm->tm_year = tm_year;
  3803. /* Month starts after year - 2 characters. */
  3804. i = 2;
  3805. }
  3806. }
  3807. else if (asnTime->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
  3808. /* Get year from GENERALIZED TIME string. */
  3809. int tm_year;
  3810. if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen,
  3811. &tm_year)) == 1) {
  3812. tm->tm_year = tm_year;
  3813. /* Month starts after year - 4 characters. */
  3814. i = 4;
  3815. }
  3816. }
  3817. else {
  3818. /* No other time formats known. */
  3819. WOLFSSL_MSG("asnTime->type is invalid.");
  3820. ret = 0;
  3821. }
  3822. }
  3823. if (ret == 1) {
  3824. /* Fill in rest of broken-down time from string. */
  3825. /* January is 0 not 1 */
  3826. tm->tm_mon = (asn1TimeBuf[i] - '0') * 10; i++;
  3827. tm->tm_mon += (asn1TimeBuf[i] - '0') - 1; i++;
  3828. tm->tm_mday = (asn1TimeBuf[i] - '0') * 10; i++;
  3829. tm->tm_mday += (asn1TimeBuf[i] - '0'); i++;
  3830. tm->tm_hour = (asn1TimeBuf[i] - '0') * 10; i++;
  3831. tm->tm_hour += (asn1TimeBuf[i] - '0'); i++;
  3832. tm->tm_min = (asn1TimeBuf[i] - '0') * 10; i++;
  3833. tm->tm_min += (asn1TimeBuf[i] - '0'); i++;
  3834. tm->tm_sec = (asn1TimeBuf[i] - '0') * 10; i++;
  3835. tm->tm_sec += (asn1TimeBuf[i] - '0');
  3836. #ifdef XMKTIME
  3837. XMEMCPY(&localTm, tm, sizeof(struct tm));
  3838. /* Call XMKTIME on tm to get tm_wday and tm_yday fields populated.
  3839. Note that localTm is used here to avoid modifying other fields,
  3840. such as tm_isdst/tm_gmtoff. */
  3841. XMKTIME(&localTm);
  3842. tm->tm_wday = localTm.tm_wday;
  3843. tm->tm_yday = localTm.tm_yday;
  3844. #endif
  3845. }
  3846. return ret;
  3847. }
  3848. /* Get the current time into a broken-down time.
  3849. *
  3850. * @param [out] tm Broken-time time.
  3851. * @return 1 on success.
  3852. * @return 0 when tm is NULL.
  3853. * @return 0 when get current time fails.
  3854. * @return 0 when converting Unix time to broken-down time fails.
  3855. */
  3856. static int wolfssl_get_current_time_tm(struct tm* tm)
  3857. {
  3858. int ret = 1;
  3859. time_t currentTime;
  3860. struct tm *tmpTs;
  3861. #if defined(NEED_TMP_TIME)
  3862. /* for use with gmtime_r */
  3863. struct tm tmpTimeStorage;
  3864. tmpTs = &tmpTimeStorage;
  3865. #else
  3866. tmpTs = NULL;
  3867. #endif
  3868. (void)tmpTs;
  3869. /* Must have a pointer to return result into. */
  3870. if (tm == NULL) {
  3871. WOLFSSL_MSG("asnTime and tm are both NULL");
  3872. ret = 0;
  3873. }
  3874. if (ret == 1) {
  3875. /* Get current Unix Time GMT. */
  3876. currentTime = wc_Time(0);
  3877. if (currentTime <= 0) {
  3878. WOLFSSL_MSG("Failed to get current time.");
  3879. ret = 0;
  3880. }
  3881. }
  3882. if (ret == 1) {
  3883. /* Convert Unix Time GMT into broken-down time. */
  3884. tmpTs = XGMTIME(&currentTime, tmpTs);
  3885. if (tmpTs == NULL) {
  3886. WOLFSSL_MSG("Failed to convert current time to UTC.");
  3887. ret = 0;
  3888. }
  3889. }
  3890. if (ret == 1) {
  3891. /* Copy from the structure returned into parameter. */
  3892. XMEMCPY(tm, tmpTs, sizeof(*tm));
  3893. }
  3894. return ret;
  3895. }
  3896. /* Convert ASN.1 TIME object's time into broken-down representation.
  3897. *
  3898. * Internal time string is checked when tm is NULL.
  3899. *
  3900. * @param [in] asnTime ASN.1 TIME object.
  3901. * @param [out] tm Broken-down time.
  3902. * @return 1 on success.
  3903. * @return 0 when asnTime is NULL and tm is NULL.
  3904. * @return 0 getting current time fails.
  3905. * @return 0 when internal time string is invalid.
  3906. */
  3907. int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm)
  3908. {
  3909. int ret = 1;
  3910. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_tm");
  3911. /* If asnTime is NULL, then the current time is converted. */
  3912. if (asnTime == NULL) {
  3913. ret = wolfssl_get_current_time_tm(tm);
  3914. }
  3915. /* If tm is NULL this function performs a format check on asnTime only. */
  3916. else if (tm == NULL) {
  3917. ret = wolfSSL_ASN1_TIME_check(asnTime);
  3918. }
  3919. else {
  3920. /* Convert ASN.1 TIME to broken-down time. */
  3921. ret = wolfssl_asn1_time_to_tm(asnTime, tm);
  3922. }
  3923. return ret;
  3924. }
  3925. #ifndef NO_BIO
  3926. /* Print the ASN.1 TIME object as a string to BIO.
  3927. *
  3928. * @param [in] bio BIO to write to.
  3929. * @param [in] asnTime ASN.1 TIME object.
  3930. * @return 1 on success.
  3931. * @return 0 when bio or asnTime is NULL.
  3932. * @return 0 when creating human readable string fails.
  3933. * @return 0 when writing to BIO fails.
  3934. */
  3935. int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
  3936. {
  3937. int ret = 1;
  3938. WOLFSSL_ENTER("wolfSSL_ASN1_TIME_print");
  3939. /* Validate parameters. */
  3940. if ((bio == NULL) || (asnTime == NULL)) {
  3941. WOLFSSL_MSG("NULL function argument");
  3942. ret = 0;
  3943. }
  3944. if (ret == 1) {
  3945. char buf[MAX_TIME_STRING_SZ];
  3946. int len;
  3947. /* Create human readable string. */
  3948. if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf,
  3949. sizeof(buf)) == NULL) {
  3950. /* Write out something anyway but return error. */
  3951. XMEMSET(buf, 0, MAX_TIME_STRING_SZ);
  3952. XSTRNCPY(buf, "Bad time value", sizeof(buf)-1);
  3953. ret = 0;
  3954. }
  3955. /* Write out string. */
  3956. len = (int)XSTRLEN(buf);
  3957. if (wolfSSL_BIO_write(bio, buf, len) != len) {
  3958. WOLFSSL_MSG("Unable to write to bio");
  3959. ret = 0;
  3960. }
  3961. }
  3962. return ret;
  3963. }
  3964. #endif /* !NO_BIO */
  3965. #endif /* WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA */
  3966. #ifdef OPENSSL_EXTRA
  3967. #ifndef NO_BIO
  3968. /* Print the ASN.1 UTC TIME object as a string to BIO.
  3969. *
  3970. * @param [in] bio BIO to write to.
  3971. * @param [in] asnTime ASN.1 UTC TIME object.
  3972. * @return 1 on success.
  3973. * @return 0 when bio or asnTime is NULL.
  3974. * @return 0 when ASN.1 type is not UTC TIME.
  3975. * @return 0 when creating human readable string fails.
  3976. * @return 0 when writing to BIO fails.
  3977. */
  3978. int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
  3979. {
  3980. int ret = 1;
  3981. WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_print");
  3982. /* Validate parameters. */
  3983. if ((bio == NULL) || (a == NULL)) {
  3984. ret = 0;
  3985. }
  3986. /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */
  3987. if ((ret == 1) && (a->type != WOLFSSL_V_ASN1_UTCTIME)) {
  3988. WOLFSSL_MSG("Error, not UTC_TIME");
  3989. ret = 0;
  3990. }
  3991. if (ret == 1) {
  3992. /* Use generic time printing function to do work. */
  3993. ret = wolfSSL_ASN1_TIME_print(bio, a);
  3994. }
  3995. return ret;
  3996. }
  3997. #endif /* !NO_BIO */
  3998. #endif /* OPENSSL_EXTRA */
  3999. #endif /* !NO_ASN_TIME */
  4000. /*******************************************************************************
  4001. * ASN1_TYPE APIs
  4002. ******************************************************************************/
  4003. #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
  4004. /**
  4005. * Allocate a new ASN.1 TYPE object.
  4006. *
  4007. * @return New empty ASN.1 TYPE object on success.
  4008. * @return NULL when dynamic memory allocation fails.
  4009. */
  4010. WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
  4011. {
  4012. WOLFSSL_ASN1_TYPE* ret;
  4013. /* Allocate a new ASN.1 TYPE object. */
  4014. ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE), NULL,
  4015. DYNAMIC_TYPE_OPENSSL);
  4016. if (ret != NULL) {
  4017. /* Clear out fields. */
  4018. XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE));
  4019. }
  4020. return ret;
  4021. }
  4022. /* Free the ASN.1 TYPE object's value field.
  4023. *
  4024. * @param [in, out] at ASN.1 TYPE object.
  4025. */
  4026. static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
  4027. {
  4028. switch (at->type) {
  4029. case WOLFSSL_V_ASN1_NULL:
  4030. break;
  4031. case WOLFSSL_V_ASN1_OBJECT:
  4032. wolfSSL_ASN1_OBJECT_free(at->value.object);
  4033. break;
  4034. case WOLFSSL_V_ASN1_UTCTIME:
  4035. #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
  4036. wolfSSL_ASN1_TIME_free(at->value.utctime);
  4037. #endif
  4038. break;
  4039. case WOLFSSL_V_ASN1_GENERALIZEDTIME:
  4040. #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
  4041. wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
  4042. #endif
  4043. break;
  4044. case WOLFSSL_V_ASN1_UTF8STRING:
  4045. case WOLFSSL_V_ASN1_OCTET_STRING:
  4046. case WOLFSSL_V_ASN1_PRINTABLESTRING:
  4047. case WOLFSSL_V_ASN1_T61STRING:
  4048. case WOLFSSL_V_ASN1_IA5STRING:
  4049. case WOLFSSL_V_ASN1_UNIVERSALSTRING:
  4050. case WOLFSSL_V_ASN1_SEQUENCE:
  4051. wolfSSL_ASN1_STRING_free(at->value.asn1_string);
  4052. break;
  4053. default:
  4054. break;
  4055. }
  4056. }
  4057. /**
  4058. * Free ASN.1 TYPE object and its value.
  4059. *
  4060. * @param [in, out] at ASN.1 TYPE object.
  4061. */
  4062. void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
  4063. {
  4064. if (at != NULL) {
  4065. /* Dispose of value in ASN.1 TYPE object. */
  4066. wolfssl_asn1_type_free_value(at);
  4067. }
  4068. /* Dispose of ASN.1 TYPE object. */
  4069. XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
  4070. }
  4071. int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
  4072. {
  4073. int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
  4074. if (at == NULL)
  4075. return WOLFSSL_FATAL_ERROR;
  4076. switch (at->type) {
  4077. case WOLFSSL_V_ASN1_NULL:
  4078. break;
  4079. case WOLFSSL_V_ASN1_OBJECT:
  4080. ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp);
  4081. break;
  4082. case WOLFSSL_V_ASN1_UTF8STRING:
  4083. ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp);
  4084. break;
  4085. case WOLFSSL_V_ASN1_GENERALIZEDTIME:
  4086. ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp);
  4087. break;
  4088. case WOLFSSL_V_ASN1_SEQUENCE:
  4089. ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp);
  4090. break;
  4091. case WOLFSSL_V_ASN1_UTCTIME:
  4092. case WOLFSSL_V_ASN1_PRINTABLESTRING:
  4093. case WOLFSSL_V_ASN1_T61STRING:
  4094. case WOLFSSL_V_ASN1_IA5STRING:
  4095. case WOLFSSL_V_ASN1_UNIVERSALSTRING:
  4096. default:
  4097. WOLFSSL_MSG("asn1 i2d type not supported");
  4098. break;
  4099. }
  4100. return ret;
  4101. }
  4102. #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
  4103. #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS) || \
  4104. defined(WOLFSSL_WPAS_SMALL)
  4105. /**
  4106. * Set ASN.1 TYPE object with a type and value.
  4107. *
  4108. * Type of value for different types:
  4109. * WOLFSSL_V_ASN1_NULL : Value should be NULL.
  4110. * WOLFSSL_V_ASN1_OBJECT : WOLFSSL_ASN1_OBJECT.
  4111. * WOLFSSL_V_ASN1_UTCTIME : WOLFSSL_ASN1_TIME.
  4112. * WOLFSSL_V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
  4113. * WOLFSSL_V_ASN1_UTF8STRING : WOLFSSL_ASN1_STRING.
  4114. * WOLFSSL_V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
  4115. * WOLFSSL_V_ASN1_T61STRING : WOLFSSL_ASN1_STRING.
  4116. * WOLFSSL_V_ASN1_IA5STRING : WOLFSSL_ASN1_STRING.
  4117. * WOLFSSL_V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
  4118. * WOLFSSL_V_ASN1_SEQUENCE : WOLFSSL_ASN1_STRING.
  4119. *
  4120. * @param [in, out] a ASN.1 TYPE object to set.
  4121. * @param [in] type ASN.1 type of value.
  4122. * @param [in] value Value to store.
  4123. */
  4124. void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
  4125. {
  4126. if (a != NULL) {
  4127. switch (type) {
  4128. case WOLFSSL_V_ASN1_NULL:
  4129. if (value != NULL) {
  4130. WOLFSSL_MSG("NULL tag meant to be always empty!");
  4131. /* No way to return error - value will not be used. */
  4132. }
  4133. FALL_THROUGH;
  4134. case WOLFSSL_V_ASN1_OBJECT:
  4135. case WOLFSSL_V_ASN1_UTCTIME:
  4136. case WOLFSSL_V_ASN1_GENERALIZEDTIME:
  4137. case WOLFSSL_V_ASN1_UTF8STRING:
  4138. case WOLFSSL_V_ASN1_OCTET_STRING:
  4139. case WOLFSSL_V_ASN1_PRINTABLESTRING:
  4140. case WOLFSSL_V_ASN1_T61STRING:
  4141. case WOLFSSL_V_ASN1_IA5STRING:
  4142. case WOLFSSL_V_ASN1_UNIVERSALSTRING:
  4143. case WOLFSSL_V_ASN1_SEQUENCE:
  4144. /* Dispose of any value currently set. */
  4145. wolfssl_asn1_type_free_value(a);
  4146. /* Assign anonymously typed input to anonymously typed field. */
  4147. a->value.ptr = (char *)value;
  4148. /* Set the type required. */
  4149. a->type = type;
  4150. break;
  4151. default:
  4152. WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
  4153. /* No way to return error. */
  4154. }
  4155. }
  4156. }
  4157. int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
  4158. {
  4159. if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN || a->type == WOLFSSL_V_ASN1_NULL
  4160. || a->value.ptr != NULL))
  4161. return a->type;
  4162. return 0;
  4163. }
  4164. #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_WPAS */
  4165. #endif /* !NO_ASN */
  4166. #endif /* !WOLFSSL_SSL_ASN1_INCLUDED */