line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
/** |
2
|
|
|
|
|
|
|
* @file asn1.c |
3
|
|
|
|
|
|
|
* @version 950bba4 (HEAD -> master) |
4
|
|
|
|
|
|
|
* |
5
|
|
|
|
|
|
|
* DER/BER coding. |
6
|
|
|
|
|
|
|
*/ |
7
|
|
|
|
|
|
|
/* |
8
|
|
|
|
|
|
|
* Copyright (c) 2013-2017 INSIDE Secure Corporation |
9
|
|
|
|
|
|
|
* Copyright (c) PeerSec Networks, 2002-2011 |
10
|
|
|
|
|
|
|
* All Rights Reserved |
11
|
|
|
|
|
|
|
* |
12
|
|
|
|
|
|
|
* The latest version of this code is available at http://www.matrixssl.org |
13
|
|
|
|
|
|
|
* |
14
|
|
|
|
|
|
|
* This software is open source; you can redistribute it and/or modify |
15
|
|
|
|
|
|
|
* it under the terms of the GNU General Public License as published by |
16
|
|
|
|
|
|
|
* the Free Software Foundation; either version 2 of the License, or |
17
|
|
|
|
|
|
|
* (at your option) any later version. |
18
|
|
|
|
|
|
|
* |
19
|
|
|
|
|
|
|
* This General Public License does NOT permit incorporating this software |
20
|
|
|
|
|
|
|
* into proprietary programs. If you are unable to comply with the GPL, a |
21
|
|
|
|
|
|
|
* commercial license for this software may be purchased from INSIDE at |
22
|
|
|
|
|
|
|
* http://www.insidesecure.com/ |
23
|
|
|
|
|
|
|
* |
24
|
|
|
|
|
|
|
* This program is distributed in WITHOUT ANY WARRANTY; without even the |
25
|
|
|
|
|
|
|
* implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |
26
|
|
|
|
|
|
|
* See the GNU General Public License for more details. |
27
|
|
|
|
|
|
|
* |
28
|
|
|
|
|
|
|
* You should have received a copy of the GNU General Public License |
29
|
|
|
|
|
|
|
* along with this program; if not, write to the Free Software |
30
|
|
|
|
|
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
31
|
|
|
|
|
|
|
* http://www.gnu.org/copyleft/gpl.html |
32
|
|
|
|
|
|
|
*/ |
33
|
|
|
|
|
|
|
/******************************************************************************/ |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
#include "../cryptoImpl.h" |
36
|
|
|
|
|
|
|
|
37
|
|
|
|
|
|
|
/* Compute tag length when it is known that p points to valid ASN.1 DER |
38
|
|
|
|
|
|
|
encoding, no larger than 16 megabytes. */ |
39
|
0
|
|
|
|
|
|
uint32_t getAsnTagLenUnsafe(const unsigned char *p) |
40
|
|
|
|
|
|
|
{ |
41
|
|
|
|
|
|
|
uint32_t len; |
42
|
|
|
|
|
|
|
|
43
|
|
|
|
|
|
|
/* Return 0 for uninitialized data or NULL. */ |
44
|
0
|
0
|
|
|
|
|
if (p == NULL || *p == 0) |
|
|
0
|
|
|
|
|
|
45
|
|
|
|
|
|
|
{ |
46
|
0
|
|
|
|
|
|
return 0; |
47
|
|
|
|
|
|
|
} |
48
|
0
|
|
|
|
|
|
len = p[1]; |
49
|
0
|
0
|
|
|
|
|
if (len >= 0x80) |
50
|
|
|
|
|
|
|
{ |
51
|
0
|
|
|
|
|
|
unsigned char lenbytes[3] = { 0, 0, 0 }; /* Size up-to 16 Mbytes. */ |
52
|
0
|
|
|
|
|
|
len -= 0x80; /* Compute number of bytes in encoding. */ |
53
|
0
|
0
|
|
|
|
|
if (len == 0 || len >= 4) |
|
|
0
|
|
|
|
|
|
54
|
|
|
|
|
|
|
{ |
55
|
|
|
|
|
|
|
/* Although the function is "Unsafe", check for too long |
56
|
|
|
|
|
|
|
length encoding, because in future some parser may accept |
57
|
|
|
|
|
|
|
input > 4 gigabytes. */ |
58
|
0
|
|
|
|
|
|
return 0; /* Too large length. */ |
59
|
|
|
|
|
|
|
} |
60
|
|
|
|
|
|
|
/* Note: */ |
61
|
0
|
|
|
|
|
|
memcpy(lenbytes + 3 - len, p + 2, len); |
62
|
0
|
|
|
|
|
|
len = |
63
|
0
|
|
|
|
|
|
len + 2 + |
64
|
0
|
|
|
|
|
|
((lenbytes[0] << 16) | |
65
|
0
|
|
|
|
|
|
(lenbytes[1] << 8) | |
66
|
0
|
|
|
|
|
|
(lenbytes[2] << 0)); |
67
|
|
|
|
|
|
|
} |
68
|
|
|
|
|
|
|
else |
69
|
|
|
|
|
|
|
{ |
70
|
0
|
|
|
|
|
|
len += 2; /* Tag and length byte. */ |
71
|
|
|
|
|
|
|
} |
72
|
0
|
|
|
|
|
|
return len; |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
/******************************************************************************/ |
76
|
|
|
|
|
|
|
/* |
77
|
|
|
|
|
|
|
On success, p will be updated to point to first character of value and |
78
|
|
|
|
|
|
|
len will contain number of bytes in value. |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
Indefinite length formats return ASN_UNKNOWN_LEN and *len will simply |
81
|
|
|
|
|
|
|
be updated with the overall remaining length |
82
|
|
|
|
|
|
|
*/ |
83
|
106888
|
|
|
|
|
|
int32_t getAsnLength(const unsigned char **pp, psSize_t size, psSize_t *len) |
84
|
|
|
|
|
|
|
{ |
85
|
106888
|
|
|
|
|
|
uint32_t len32 = 0; |
86
|
|
|
|
|
|
|
int32_t rc; |
87
|
|
|
|
|
|
|
|
88
|
106888
|
50
|
|
|
|
|
if ((rc = getAsnLength32(pp, size, &len32, 0)) < 0) |
89
|
|
|
|
|
|
|
{ |
90
|
0
|
|
|
|
|
|
return rc; |
91
|
|
|
|
|
|
|
} |
92
|
106888
|
|
|
|
|
|
*len = (uint16_t) (len32 & 0xFFFF); |
93
|
106888
|
|
|
|
|
|
return PS_SUCCESS; |
94
|
|
|
|
|
|
|
} |
95
|
|
|
|
|
|
|
|
96
|
217756
|
|
|
|
|
|
int32_t getAsnLength32(const unsigned char **pp, uint32_t size, uint32_t *len, |
97
|
|
|
|
|
|
|
uint32_t indefinite) |
98
|
|
|
|
|
|
|
{ |
99
|
|
|
|
|
|
|
const unsigned char *c, *end; |
100
|
|
|
|
|
|
|
uint32_t l; |
101
|
|
|
|
|
|
|
|
102
|
217756
|
|
|
|
|
|
c = *pp; |
103
|
217756
|
|
|
|
|
|
end = c + size; |
104
|
217756
|
|
|
|
|
|
*len = 0; |
105
|
217756
|
50
|
|
|
|
|
if (end - c < 1) |
106
|
|
|
|
|
|
|
{ |
107
|
|
|
|
|
|
|
psTraceCrypto("getAsnLength called on empty buffer\n"); |
108
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
109
|
|
|
|
|
|
|
} |
110
|
|
|
|
|
|
|
/* |
111
|
|
|
|
|
|
|
If the high bit is set, the lower 7 bits represent the number of |
112
|
|
|
|
|
|
|
bytes that follow defining length |
113
|
|
|
|
|
|
|
If the high bit is not set, the lower 7 represent the actual length |
114
|
|
|
|
|
|
|
*/ |
115
|
217756
|
|
|
|
|
|
l = *c & 0x7F; |
116
|
217756
|
100
|
|
|
|
|
if (*c & 0x80) |
117
|
|
|
|
|
|
|
{ |
118
|
|
|
|
|
|
|
/* Point c at first length byte */ |
119
|
23610
|
|
|
|
|
|
c++; |
120
|
|
|
|
|
|
|
/* Ensure we have that many bytes left in the buffer. */ |
121
|
23610
|
50
|
|
|
|
|
if (end - c < l) |
122
|
|
|
|
|
|
|
{ |
123
|
|
|
|
|
|
|
psTraceCrypto("Malformed stream in getAsnLength\n"); |
124
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
125
|
|
|
|
|
|
|
} |
126
|
|
|
|
|
|
|
|
127
|
23610
|
|
|
|
|
|
switch (l) |
128
|
|
|
|
|
|
|
{ |
129
|
|
|
|
|
|
|
case 4: |
130
|
0
|
|
|
|
|
|
l = *c << 24; c++; |
131
|
0
|
|
|
|
|
|
l |= *c << 16; c++; |
132
|
0
|
|
|
|
|
|
l |= *c << 8; c++; |
133
|
0
|
|
|
|
|
|
l |= *c; c++; |
134
|
0
|
|
|
|
|
|
break; |
135
|
|
|
|
|
|
|
case 3: |
136
|
0
|
|
|
|
|
|
l = *c << 16; c++; |
137
|
0
|
|
|
|
|
|
l |= *c << 8; c++; |
138
|
0
|
|
|
|
|
|
l |= *c; c++; |
139
|
0
|
|
|
|
|
|
break; |
140
|
|
|
|
|
|
|
case 2: |
141
|
21239
|
|
|
|
|
|
l = *c << 8; c++; |
142
|
21239
|
|
|
|
|
|
l |= *c; c++; |
143
|
21239
|
|
|
|
|
|
break; |
144
|
|
|
|
|
|
|
case 1: |
145
|
2371
|
|
|
|
|
|
l = *c; c++; |
146
|
2371
|
|
|
|
|
|
break; |
147
|
|
|
|
|
|
|
/* |
148
|
|
|
|
|
|
|
If the length byte has high bit only set, it's an indefinite |
149
|
|
|
|
|
|
|
length. If allowed, return the number of bytes remaining in buffer. |
150
|
|
|
|
|
|
|
*/ |
151
|
|
|
|
|
|
|
case 0: |
152
|
0
|
0
|
|
|
|
|
if (indefinite) |
153
|
|
|
|
|
|
|
{ |
154
|
0
|
|
|
|
|
|
*pp = c; |
155
|
0
|
|
|
|
|
|
*len = size - 1; |
156
|
0
|
|
|
|
|
|
return ASN_UNKNOWN_LEN; |
157
|
|
|
|
|
|
|
} |
158
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
159
|
|
|
|
|
|
|
|
160
|
|
|
|
|
|
|
/* Make sure there aren't more than 4 bytes of length specifier. */ |
161
|
|
|
|
|
|
|
default: |
162
|
|
|
|
|
|
|
psTraceCrypto("Malformed stream in getAsnLength\n"); |
163
|
23610
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
164
|
|
|
|
|
|
|
} |
165
|
|
|
|
|
|
|
} |
166
|
|
|
|
|
|
|
else |
167
|
|
|
|
|
|
|
{ |
168
|
194146
|
|
|
|
|
|
c++; |
169
|
|
|
|
|
|
|
} |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
/* Stream parsers will not require the entire data to be present */ |
172
|
217756
|
50
|
|
|
|
|
if (!indefinite && (end - c < l)) |
|
|
50
|
|
|
|
|
|
173
|
|
|
|
|
|
|
{ |
174
|
|
|
|
|
|
|
psTraceCrypto("getAsnLength longer than remaining buffer.\n"); |
175
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
176
|
|
|
|
|
|
|
} |
177
|
|
|
|
|
|
|
|
178
|
217756
|
|
|
|
|
|
*pp = c; |
179
|
217756
|
|
|
|
|
|
*len = l; |
180
|
217756
|
|
|
|
|
|
return PS_SUCCESS; |
181
|
|
|
|
|
|
|
} |
182
|
|
|
|
|
|
|
|
183
|
|
|
|
|
|
|
/******************************************************************************/ |
184
|
|
|
|
|
|
|
/* |
185
|
|
|
|
|
|
|
Callback to extract a sequence length from the DER stream |
186
|
|
|
|
|
|
|
Verifies that 'len' bytes are >= 'seqlen' |
187
|
|
|
|
|
|
|
Move pp to the first character in the sequence |
188
|
|
|
|
|
|
|
*/ |
189
|
|
|
|
|
|
|
/* #define DISABLE_STRICT_ASN_LENGTH_CHECK */ |
190
|
73428
|
|
|
|
|
|
int32_t getAsnSequence32(const unsigned char **pp, uint32_t size, |
191
|
|
|
|
|
|
|
uint32_t *len, uint32_t indefinite) |
192
|
|
|
|
|
|
|
{ |
193
|
73428
|
|
|
|
|
|
const unsigned char *p = *pp; |
194
|
|
|
|
|
|
|
int32_t rc; |
195
|
|
|
|
|
|
|
|
196
|
73428
|
|
|
|
|
|
rc = PS_PARSE_FAIL; |
197
|
73428
|
50
|
|
|
|
|
if (size < 1 || *(p++) != (ASN_SEQUENCE | ASN_CONSTRUCTED) || |
|
|
100
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
198
|
73417
|
|
|
|
|
|
((rc = getAsnLength32(&p, size - 1, len, indefinite)) < 0)) |
199
|
|
|
|
|
|
|
{ |
200
|
|
|
|
|
|
|
psTraceCrypto("ASN getSequence failed\n"); |
201
|
11
|
|
|
|
|
|
return rc; |
202
|
|
|
|
|
|
|
} |
203
|
|
|
|
|
|
|
#ifndef DISABLE_STRICT_ASN_LENGTH_CHECK |
204
|
|
|
|
|
|
|
/* The (p - *pp) is taking the length encoding bytes into account */ |
205
|
73417
|
50
|
|
|
|
|
if (!indefinite && (size - ((uint32_t) (p - *pp))) < *len) |
|
|
50
|
|
|
|
|
|
206
|
|
|
|
|
|
|
{ |
207
|
|
|
|
|
|
|
/* It isn't cool but some encodings have an outer length layer that |
208
|
|
|
|
|
|
|
is smaller than the inner. Normally you'll want this check but if |
209
|
|
|
|
|
|
|
you're hitting this case, you could try skipping it to see if there |
210
|
|
|
|
|
|
|
is an error in the encoding */ |
211
|
|
|
|
|
|
|
psTraceCrypto("ASN_SEQUENCE parse found length greater than total\n"); |
212
|
|
|
|
|
|
|
psTraceCrypto("Could try enabling DISABLE_STRICT_ASN_LENGTH_CHECK\n"); |
213
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
214
|
|
|
|
|
|
|
} |
215
|
|
|
|
|
|
|
#endif |
216
|
73417
|
|
|
|
|
|
*pp = p; |
217
|
73428
|
|
|
|
|
|
return rc; |
218
|
|
|
|
|
|
|
} |
219
|
|
|
|
|
|
|
|
220
|
59446
|
|
|
|
|
|
int32_t getAsnSequence(const unsigned char **pp, psSize_t size, psSize_t *len) |
221
|
|
|
|
|
|
|
{ |
222
|
59446
|
|
|
|
|
|
uint32_t len32 = 0; |
223
|
|
|
|
|
|
|
int32_t rc; |
224
|
|
|
|
|
|
|
|
225
|
59446
|
100
|
|
|
|
|
if ((rc = getAsnSequence32(pp, size, &len32, 0)) < 0) |
226
|
|
|
|
|
|
|
{ |
227
|
8
|
|
|
|
|
|
return rc; |
228
|
|
|
|
|
|
|
} |
229
|
59438
|
|
|
|
|
|
*len = (uint16_t) (len32 & 0xFFFF); |
230
|
59446
|
|
|
|
|
|
return PS_SUCCESS; |
231
|
|
|
|
|
|
|
} |
232
|
|
|
|
|
|
|
|
233
|
|
|
|
|
|
|
/******************************************************************************/ |
234
|
|
|
|
|
|
|
/* |
235
|
|
|
|
|
|
|
Extract a set length from the DER stream. Will also test that there |
236
|
|
|
|
|
|
|
is enough data available to hold it all. Returns LIMIT_FAIL if not. |
237
|
|
|
|
|
|
|
*/ |
238
|
22835
|
|
|
|
|
|
int32_t getAsnSet32(const unsigned char **pp, uint32_t size, uint32_t *len, |
239
|
|
|
|
|
|
|
uint32_t indefinite) |
240
|
|
|
|
|
|
|
{ |
241
|
22835
|
|
|
|
|
|
const unsigned char *p = *pp; |
242
|
|
|
|
|
|
|
int32_t rc; |
243
|
|
|
|
|
|
|
|
244
|
22835
|
|
|
|
|
|
rc = PS_PARSE_FAIL; |
245
|
22835
|
50
|
|
|
|
|
if (size < 1 || *(p++) != (ASN_SET | ASN_CONSTRUCTED) || |
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
246
|
22835
|
|
|
|
|
|
((rc = getAsnLength32(&p, size - 1, len, indefinite)) < 0)) |
247
|
|
|
|
|
|
|
{ |
248
|
|
|
|
|
|
|
psTraceCrypto("ASN getSet failed\n"); |
249
|
0
|
|
|
|
|
|
return rc; |
250
|
|
|
|
|
|
|
} |
251
|
|
|
|
|
|
|
/* Account for overhead needed to get the length */ |
252
|
22835
|
50
|
|
|
|
|
if (size < ((uint32_t) (p - *pp) + *len)) |
253
|
|
|
|
|
|
|
{ |
254
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
255
|
|
|
|
|
|
|
} |
256
|
22835
|
|
|
|
|
|
*pp = p; |
257
|
22835
|
|
|
|
|
|
return rc; |
258
|
|
|
|
|
|
|
} |
259
|
|
|
|
|
|
|
|
260
|
22835
|
|
|
|
|
|
int32_t getAsnSet(const unsigned char **pp, psSize_t size, psSize_t *len) |
261
|
|
|
|
|
|
|
{ |
262
|
22835
|
|
|
|
|
|
uint32_t len32 = 0; |
263
|
|
|
|
|
|
|
int32_t rc; |
264
|
|
|
|
|
|
|
|
265
|
22835
|
50
|
|
|
|
|
if ((rc = getAsnSet32(pp, size, &len32, 0)) < 0) |
266
|
|
|
|
|
|
|
{ |
267
|
0
|
|
|
|
|
|
return rc; |
268
|
|
|
|
|
|
|
} |
269
|
22835
|
|
|
|
|
|
*len = (uint16_t) (len32 & 0xFFFF); |
270
|
22835
|
|
|
|
|
|
return PS_SUCCESS; |
271
|
|
|
|
|
|
|
} |
272
|
|
|
|
|
|
|
/******************************************************************************/ |
273
|
|
|
|
|
|
|
/* |
274
|
|
|
|
|
|
|
Get an enumerated value |
275
|
|
|
|
|
|
|
*/ |
276
|
0
|
|
|
|
|
|
int32_t getAsnEnumerated(const unsigned char **pp, uint32_t len, int32_t *val) |
277
|
|
|
|
|
|
|
{ |
278
|
0
|
|
|
|
|
|
const unsigned char *p = *pp, *end; |
279
|
|
|
|
|
|
|
uint32_t ui, slen; |
280
|
|
|
|
|
|
|
int32_t rc; |
281
|
|
|
|
|
|
|
uint32_t vlen; |
282
|
|
|
|
|
|
|
|
283
|
0
|
|
|
|
|
|
rc = PS_PARSE_FAIL; |
284
|
0
|
|
|
|
|
|
end = p + len; |
285
|
0
|
0
|
|
|
|
|
if (len < 1 || *(p++) != ASN_ENUMERATED || |
|
|
0
|
|
|
|
|
|
|
|
0
|
|
|
|
|
|
286
|
0
|
|
|
|
|
|
((rc = getAsnLength32(&p, len - 1, &vlen, 0)) < 0)) |
287
|
|
|
|
|
|
|
{ |
288
|
|
|
|
|
|
|
psTraceCrypto("ASN getInteger failed from the start\n"); |
289
|
0
|
|
|
|
|
|
return rc; |
290
|
|
|
|
|
|
|
} |
291
|
|
|
|
|
|
|
/* |
292
|
|
|
|
|
|
|
This check prevents us from having a big positive integer where the |
293
|
|
|
|
|
|
|
high bit is set because it will be encoded as 5 bytes (with leading |
294
|
|
|
|
|
|
|
blank byte). If that is required, a getUnsigned routine should be used |
295
|
|
|
|
|
|
|
*/ |
296
|
0
|
0
|
|
|
|
|
if (vlen > sizeof(int32_t) || (uint32_t) (end - p) < vlen) |
|
|
0
|
|
|
|
|
|
297
|
|
|
|
|
|
|
{ |
298
|
|
|
|
|
|
|
psTraceCrypto("ASN getInteger had limit failure\n"); |
299
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
300
|
|
|
|
|
|
|
} |
301
|
0
|
|
|
|
|
|
ui = 0; |
302
|
|
|
|
|
|
|
/* |
303
|
|
|
|
|
|
|
If high bit is set, it's a negative integer, so perform the two's compliment |
304
|
|
|
|
|
|
|
Otherwise do a standard big endian read (most likely case for RSA) |
305
|
|
|
|
|
|
|
*/ |
306
|
0
|
0
|
|
|
|
|
if (*p & 0x80) |
307
|
|
|
|
|
|
|
{ |
308
|
0
|
0
|
|
|
|
|
while (vlen > 0) |
309
|
|
|
|
|
|
|
{ |
310
|
0
|
|
|
|
|
|
ui = (ui << 8) | (*p ^ 0xFF); |
311
|
0
|
|
|
|
|
|
p++; |
312
|
0
|
|
|
|
|
|
vlen--; |
313
|
|
|
|
|
|
|
} |
314
|
0
|
|
|
|
|
|
slen = ui; |
315
|
0
|
|
|
|
|
|
slen++; |
316
|
0
|
|
|
|
|
|
slen = -slen; |
317
|
0
|
|
|
|
|
|
*val = slen; |
318
|
|
|
|
|
|
|
} |
319
|
|
|
|
|
|
|
else |
320
|
|
|
|
|
|
|
{ |
321
|
0
|
0
|
|
|
|
|
while (vlen > 0) |
322
|
|
|
|
|
|
|
{ |
323
|
0
|
|
|
|
|
|
ui = (ui << 8) | *p; |
324
|
0
|
|
|
|
|
|
p++; |
325
|
0
|
|
|
|
|
|
vlen--; |
326
|
|
|
|
|
|
|
} |
327
|
0
|
|
|
|
|
|
*val = ui; |
328
|
|
|
|
|
|
|
} |
329
|
0
|
|
|
|
|
|
*pp = p; |
330
|
0
|
|
|
|
|
|
return PS_SUCCESS; |
331
|
|
|
|
|
|
|
} |
332
|
|
|
|
|
|
|
|
333
|
|
|
|
|
|
|
/******************************************************************************/ |
334
|
|
|
|
|
|
|
/* |
335
|
|
|
|
|
|
|
Get an integer |
336
|
|
|
|
|
|
|
*/ |
337
|
3516
|
|
|
|
|
|
int32_t getAsnInteger(const unsigned char **pp, uint32_t len, int32_t *val) |
338
|
|
|
|
|
|
|
{ |
339
|
3516
|
|
|
|
|
|
const unsigned char *p = *pp, *end; |
340
|
|
|
|
|
|
|
uint32_t ui, slen; |
341
|
|
|
|
|
|
|
int32_t rc; |
342
|
|
|
|
|
|
|
uint32_t vlen; |
343
|
|
|
|
|
|
|
|
344
|
3516
|
|
|
|
|
|
rc = PS_PARSE_FAIL; |
345
|
3516
|
|
|
|
|
|
end = p + len; |
346
|
3516
|
50
|
|
|
|
|
if (len < 1 || *(p++) != ASN_INTEGER || |
|
|
50
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
347
|
3516
|
|
|
|
|
|
((rc = getAsnLength32(&p, len - 1, &vlen, 0)) < 0)) |
348
|
|
|
|
|
|
|
{ |
349
|
|
|
|
|
|
|
psTraceCrypto("ASN getInteger failed from the start\n"); |
350
|
0
|
|
|
|
|
|
return rc; |
351
|
|
|
|
|
|
|
} |
352
|
|
|
|
|
|
|
/* |
353
|
|
|
|
|
|
|
This check prevents us from having a big positive integer where the |
354
|
|
|
|
|
|
|
high bit is set because it will be encoded as 5 bytes (with leading |
355
|
|
|
|
|
|
|
blank byte). If that is required, a getUnsigned routine should be used |
356
|
|
|
|
|
|
|
*/ |
357
|
3516
|
50
|
|
|
|
|
if (vlen > sizeof(int32_t) || (uint32_t) (end - p) < vlen) |
|
|
50
|
|
|
|
|
|
358
|
|
|
|
|
|
|
{ |
359
|
|
|
|
|
|
|
psTraceCrypto("ASN getInteger had limit failure\n"); |
360
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
361
|
|
|
|
|
|
|
} |
362
|
3516
|
|
|
|
|
|
ui = 0; |
363
|
|
|
|
|
|
|
/* |
364
|
|
|
|
|
|
|
If high bit is set, it's a negative integer, so perform the two's compliment |
365
|
|
|
|
|
|
|
Otherwise do a standard big endian read (most likely case for RSA) |
366
|
|
|
|
|
|
|
*/ |
367
|
3516
|
50
|
|
|
|
|
if (*p & 0x80) |
368
|
|
|
|
|
|
|
{ |
369
|
0
|
0
|
|
|
|
|
while (vlen > 0) |
370
|
|
|
|
|
|
|
{ |
371
|
0
|
|
|
|
|
|
ui = (ui << 8) | (*p ^ 0xFF); |
372
|
0
|
|
|
|
|
|
p++; |
373
|
0
|
|
|
|
|
|
vlen--; |
374
|
|
|
|
|
|
|
} |
375
|
0
|
|
|
|
|
|
slen = ui; |
376
|
0
|
|
|
|
|
|
slen++; |
377
|
0
|
|
|
|
|
|
slen = -slen; |
378
|
0
|
|
|
|
|
|
*val = slen; |
379
|
|
|
|
|
|
|
} |
380
|
|
|
|
|
|
|
else |
381
|
|
|
|
|
|
|
{ |
382
|
7066
|
100
|
|
|
|
|
while (vlen > 0) |
383
|
|
|
|
|
|
|
{ |
384
|
3550
|
|
|
|
|
|
ui = (ui << 8) | *p; |
385
|
3550
|
|
|
|
|
|
p++; |
386
|
3550
|
|
|
|
|
|
vlen--; |
387
|
|
|
|
|
|
|
} |
388
|
3516
|
|
|
|
|
|
*val = ui; |
389
|
|
|
|
|
|
|
} |
390
|
3516
|
|
|
|
|
|
*pp = p; |
391
|
3516
|
|
|
|
|
|
return PS_SUCCESS; |
392
|
|
|
|
|
|
|
} |
393
|
|
|
|
|
|
|
|
394
|
|
|
|
|
|
|
/******************************************************************************/ |
395
|
|
|
|
|
|
|
/* |
396
|
|
|
|
|
|
|
Implementation specific OID parser |
397
|
|
|
|
|
|
|
*/ |
398
|
11102
|
|
|
|
|
|
int32_t getAsnAlgorithmIdentifier(const unsigned char **pp, uint32_t len, |
399
|
|
|
|
|
|
|
int32_t *oi, psSize_t *paramLen) |
400
|
|
|
|
|
|
|
{ |
401
|
11102
|
|
|
|
|
|
const unsigned char *p = *pp, *end; |
402
|
|
|
|
|
|
|
int32_t rc; |
403
|
|
|
|
|
|
|
uint32_t llen; |
404
|
|
|
|
|
|
|
|
405
|
11102
|
|
|
|
|
|
rc = PS_PARSE_FAIL; |
406
|
11102
|
|
|
|
|
|
end = p + len; |
407
|
11102
|
50
|
|
|
|
|
if (len < 1 || (rc = getAsnSequence32(&p, len, &llen, 0)) < 0) |
|
|
100
|
|
|
|
|
|
408
|
|
|
|
|
|
|
{ |
409
|
|
|
|
|
|
|
psTraceCrypto("getAsnAlgorithmIdentifier failed on inital parse\n"); |
410
|
2
|
|
|
|
|
|
return rc; |
411
|
|
|
|
|
|
|
} |
412
|
|
|
|
|
|
|
/* Always checks for parameter length */ |
413
|
11100
|
50
|
|
|
|
|
if (end - p < 1) |
414
|
|
|
|
|
|
|
{ |
415
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
416
|
|
|
|
|
|
|
} |
417
|
11100
|
|
|
|
|
|
rc = getAsnOID(&p, llen, oi, 1, paramLen); |
418
|
11100
|
|
|
|
|
|
*pp = p; |
419
|
11102
|
|
|
|
|
|
return rc; |
420
|
|
|
|
|
|
|
} |
421
|
|
|
|
|
|
|
|
422
|
|
|
|
|
|
|
/******************************************************************************/ |
423
|
|
|
|
|
|
|
/** |
424
|
|
|
|
|
|
|
Parse ASN.1 DER encoded OBJECT bytes into an OID array. |
425
|
|
|
|
|
|
|
@param[in] der Pointer to start of OBJECT encoding. |
426
|
|
|
|
|
|
|
@param[in] derlen Number of bytes pointed to by 'der'. |
427
|
|
|
|
|
|
|
@param[out] oid Caller allocated array to receive OID, of |
428
|
|
|
|
|
|
|
at least MAX_OID_LEN elements. |
429
|
|
|
|
|
|
|
@return Number of OID elements written to 'oid', 0 on error. |
430
|
|
|
|
|
|
|
*/ |
431
|
10833
|
|
|
|
|
|
uint8_t asnParseOid(const unsigned char *der, psSize_t derlen, |
432
|
|
|
|
|
|
|
uint32_t oid[MAX_OID_LEN]) |
433
|
|
|
|
|
|
|
{ |
434
|
|
|
|
|
|
|
const unsigned char *end; |
435
|
|
|
|
|
|
|
uint8_t n, sanity; |
436
|
|
|
|
|
|
|
|
437
|
10833
|
50
|
|
|
|
|
if (derlen < 1) |
438
|
|
|
|
|
|
|
{ |
439
|
0
|
|
|
|
|
|
return 0; |
440
|
|
|
|
|
|
|
} |
441
|
10833
|
|
|
|
|
|
end = der + derlen; |
442
|
|
|
|
|
|
|
/* First two OID elements are single octet, base 40 for some reason */ |
443
|
10833
|
|
|
|
|
|
oid[0] = *der / 40; |
444
|
10833
|
|
|
|
|
|
oid[1] = *der % 40; |
445
|
10833
|
|
|
|
|
|
der++; |
446
|
|
|
|
|
|
|
/* Zero the remainder of OID and leave n == 2 */ |
447
|
151662
|
100
|
|
|
|
|
for (n = MAX_OID_LEN - 1; n > 2; n--) |
448
|
|
|
|
|
|
|
{ |
449
|
140829
|
|
|
|
|
|
oid[n] = 0; |
450
|
|
|
|
|
|
|
} |
451
|
38367
|
100
|
|
|
|
|
while (der < end && n < MAX_OID_LEN) |
|
|
50
|
|
|
|
|
|
452
|
|
|
|
|
|
|
{ |
453
|
|
|
|
|
|
|
/* If the high bit is 0, it's short form variable length quantity */ |
454
|
27534
|
100
|
|
|
|
|
if (!(*der & 0x80)) |
455
|
|
|
|
|
|
|
{ |
456
|
24567
|
|
|
|
|
|
oid[n++] = *der++; |
457
|
|
|
|
|
|
|
} |
458
|
|
|
|
|
|
|
else |
459
|
|
|
|
|
|
|
{ |
460
|
2967
|
|
|
|
|
|
sanity = 0; |
461
|
|
|
|
|
|
|
/* Long form. High bit means another (lower) 7 bits following */ |
462
|
|
|
|
|
|
|
do |
463
|
|
|
|
|
|
|
{ |
464
|
7373
|
|
|
|
|
|
oid[n] |= (*der & 0x7F); |
465
|
|
|
|
|
|
|
/* A clear high bit ends the byte sequence */ |
466
|
7373
|
100
|
|
|
|
|
if (!(*der & 0x80)) |
467
|
|
|
|
|
|
|
{ |
468
|
2967
|
|
|
|
|
|
break; |
469
|
|
|
|
|
|
|
} |
470
|
|
|
|
|
|
|
/* Allow a maximum of 4 x 7 bit shifts (28 bits) */ |
471
|
4406
|
50
|
|
|
|
|
if (++sanity > 4) |
472
|
|
|
|
|
|
|
{ |
473
|
0
|
|
|
|
|
|
return 0; |
474
|
|
|
|
|
|
|
} |
475
|
|
|
|
|
|
|
/* Make room for the next 7 bits */ |
476
|
4406
|
|
|
|
|
|
oid[n] <<= 7; |
477
|
4406
|
|
|
|
|
|
der++; |
478
|
|
|
|
|
|
|
} |
479
|
4406
|
50
|
|
|
|
|
while (der < end); |
480
|
2967
|
|
|
|
|
|
der++; |
481
|
2967
|
|
|
|
|
|
n++; |
482
|
|
|
|
|
|
|
} |
483
|
|
|
|
|
|
|
} |
484
|
10833
|
50
|
|
|
|
|
if (n < MAX_OID_LEN) |
485
|
|
|
|
|
|
|
{ |
486
|
10833
|
|
|
|
|
|
return n; |
487
|
|
|
|
|
|
|
} |
488
|
0
|
|
|
|
|
|
return 0; |
489
|
|
|
|
|
|
|
} |
490
|
|
|
|
|
|
|
|
491
|
|
|
|
|
|
|
#ifndef MATRIXSSL_NO_OID_DATABASE |
492
|
|
|
|
|
|
|
|
493
|
|
|
|
|
|
|
/* This function uses computed OID sums as base and adds suitable number of |
494
|
|
|
|
|
|
|
multiples of OID_COLLISION in case the first known oid with the number |
495
|
|
|
|
|
|
|
did not match. If function fails the value will be >= 32768. */ |
496
|
11100
|
|
|
|
|
|
static void checkAsnOidDatabase(int32_t *oi, |
497
|
|
|
|
|
|
|
const unsigned char *oidStart, |
498
|
|
|
|
|
|
|
uint32_t oidLen) |
499
|
|
|
|
|
|
|
{ |
500
|
|
|
|
|
|
|
/* The values are represented as C strings, although they contain |
501
|
|
|
|
|
|
|
binary data. Therefore the type needs to be const char *. */ |
502
|
|
|
|
|
|
|
const char *oid_hex; |
503
|
|
|
|
|
|
|
|
504
|
|
|
|
|
|
|
/* Loop until match is found, adding multiples of OID_COLLISION in case of |
505
|
|
|
|
|
|
|
mismatch. */ |
506
|
|
|
|
|
|
|
while (1) |
507
|
|
|
|
|
|
|
{ |
508
|
16648
|
|
|
|
|
|
switch (*oi) |
509
|
|
|
|
|
|
|
{ |
510
|
10
|
|
|
|
|
|
case OID_SHA1_ALG: oid_hex = OID_SHA1_ALG_HEX; break; |
511
|
0
|
|
|
|
|
|
case OID_SHA224_ALG: oid_hex = OID_SHA224_ALG_HEX; break; |
512
|
2207
|
|
|
|
|
|
case OID_SHA256_ALG: oid_hex = OID_SHA256_ALG_HEX; break; |
513
|
0
|
|
|
|
|
|
case OID_SHA384_ALG: oid_hex = OID_SHA384_ALG_HEX; break; |
514
|
0
|
|
|
|
|
|
case OID_SHA512_ALG: oid_hex = OID_SHA512_ALG_HEX; break; |
515
|
0
|
|
|
|
|
|
case OID_MD2_ALG: oid_hex = OID_MD2_ALG_HEX; break; |
516
|
600
|
|
|
|
|
|
case OID_MD5_ALG: oid_hex = OID_MD5_ALG_HEX; break; |
517
|
0
|
|
|
|
|
|
case OID_MD2_RSA_SIG: oid_hex = OID_MD2_RSA_SIG_HEX; break; |
518
|
0
|
|
|
|
|
|
case OID_MD5_RSA_SIG: oid_hex = OID_MD5_RSA_SIG_HEX; break; |
519
|
600
|
|
|
|
|
|
case OID_SHA1_RSA_SIG: oid_hex = OID_SHA1_RSA_SIG_HEX; break; |
520
|
0
|
|
|
|
|
|
case OID_SHA1_RSA_SIG2: oid_hex = OID_SHA1_RSA_SIG2_HEX; break; |
521
|
0
|
|
|
|
|
|
case OID_ID_MGF1: oid_hex = OID_ID_MGF1_HEX; break; |
522
|
0
|
|
|
|
|
|
case OID_RSASSA_PSS: oid_hex = OID_RSASSA_PSS_HEX; break; |
523
|
0
|
|
|
|
|
|
case OID_SHA224_RSA_SIG: oid_hex = OID_SHA224_RSA_SIG_HEX; break; |
524
|
4858
|
|
|
|
|
|
case OID_SHA256_RSA_SIG: oid_hex = OID_SHA256_RSA_SIG_HEX; break; |
525
|
60
|
|
|
|
|
|
case OID_SHA384_RSA_SIG: oid_hex = OID_SHA384_RSA_SIG_HEX; break; |
526
|
30
|
|
|
|
|
|
case OID_SHA512_RSA_SIG: oid_hex = OID_SHA512_RSA_SIG_HEX; break; |
527
|
0
|
|
|
|
|
|
case OID_SHA1_DSA_SIG: oid_hex = OID_SHA1_DSA_SIG_HEX; break; |
528
|
0
|
|
|
|
|
|
case OID_SHA1_ECDSA_SIG: oid_hex = OID_SHA1_ECDSA_SIG_HEX; break; |
529
|
0
|
|
|
|
|
|
case OID_SHA224_ECDSA_SIG: oid_hex = OID_SHA224_ECDSA_SIG_HEX; break; |
530
|
50
|
|
|
|
|
|
case OID_SHA256_ECDSA_SIG: oid_hex = OID_SHA256_ECDSA_SIG_HEX; break; |
531
|
160
|
|
|
|
|
|
case OID_SHA384_ECDSA_SIG: oid_hex = OID_SHA384_ECDSA_SIG_HEX; break; |
532
|
0
|
|
|
|
|
|
case OID_SHA512_ECDSA_SIG: oid_hex = OID_SHA512_ECDSA_SIG_HEX; break; |
533
|
2912
|
|
|
|
|
|
case OID_RSA_KEY_ALG: oid_hex = OID_RSA_KEY_ALG_HEX; break; |
534
|
0
|
|
|
|
|
|
case OID_DSA_KEY_ALG: oid_hex = OID_DSA_KEY_ALG_HEX; break; |
535
|
105
|
|
|
|
|
|
case OID_ECDSA_KEY_ALG: oid_hex = OID_ECDSA_KEY_ALG_HEX; break; |
536
|
0
|
|
|
|
|
|
case OID_DES_EDE3_CBC: oid_hex = OID_DES_EDE3_CBC_HEX; break; |
537
|
0
|
|
|
|
|
|
case OID_AES_128_CBC: oid_hex = OID_AES_128_CBC_HEX; break; |
538
|
0
|
|
|
|
|
|
case OID_AES_128_WRAP: oid_hex = OID_AES_128_WRAP_HEX; break; |
539
|
0
|
|
|
|
|
|
case OID_AES_128_GCM: oid_hex = OID_AES_128_GCM_HEX; break; |
540
|
0
|
|
|
|
|
|
case OID_AES_192_CBC: oid_hex = OID_AES_192_CBC_HEX; break; |
541
|
0
|
|
|
|
|
|
case OID_AES_192_WRAP: oid_hex = OID_AES_192_WRAP_HEX; break; |
542
|
0
|
|
|
|
|
|
case OID_AES_192_GCM: oid_hex = OID_AES_192_GCM_HEX; break; |
543
|
0
|
|
|
|
|
|
case OID_AES_256_CBC: oid_hex = OID_AES_256_CBC_HEX; break; |
544
|
0
|
|
|
|
|
|
case OID_AES_256_WRAP: oid_hex = OID_AES_256_WRAP_HEX; break; |
545
|
0
|
|
|
|
|
|
case OID_AES_256_GCM: oid_hex = OID_AES_256_GCM_HEX; break; |
546
|
0
|
|
|
|
|
|
case OID_AES_CMAC: oid_hex = OID_AES_CMAC_HEX; break; |
547
|
0
|
|
|
|
|
|
case OID_AES_CBC_CMAC_128: oid_hex = OID_AES_CBC_CMAC_128_HEX; break; |
548
|
0
|
|
|
|
|
|
case OID_AES_CBC_CMAC_192: oid_hex = OID_AES_CBC_CMAC_192_HEX; break; |
549
|
0
|
|
|
|
|
|
case OID_AES_CBC_CMAC_256: oid_hex = OID_AES_CBC_CMAC_256_HEX; break; |
550
|
0
|
|
|
|
|
|
case OID_AUTH_ENC_256_SUM: oid_hex = OID_AUTH_ENC_256_SUM_HEX; break; |
551
|
0
|
|
|
|
|
|
case OID_PKCS_PBKDF2: oid_hex = OID_PKCS_PBKDF2_HEX; break; |
552
|
0
|
|
|
|
|
|
case OID_PKCS_PBES2: oid_hex = OID_PKCS_PBES2_HEX; break; |
553
|
30
|
|
|
|
|
|
case OID_PKCS_PBESHA128RC4: oid_hex = OID_PKCS_PBESHA128RC4_HEX; break; |
554
|
0
|
|
|
|
|
|
case OID_PKCS_PBESHA40RC4: oid_hex = OID_PKCS_PBESHA40RC4_HEX; break; |
555
|
10
|
|
|
|
|
|
case OID_PKCS_PBESHA3DES3: oid_hex = OID_PKCS_PBESHA3DES3_HEX; break; |
556
|
0
|
|
|
|
|
|
case OID_PKCS_PBESHA2DES3: oid_hex = OID_PKCS_PBESHA2DES3_HEX; break; |
557
|
0
|
|
|
|
|
|
case OID_PKCS_PBESHA128RC2: oid_hex = OID_PKCS_PBESHA128RC2_HEX; break; |
558
|
14
|
|
|
|
|
|
case OID_PKCS_PBESHA40RC2: oid_hex = OID_PKCS_PBESHA40RC2_HEX; break; |
559
|
0
|
|
|
|
|
|
case OID_PKCS12_BAG_TYPE_KEY: oid_hex = OID_PKCS12_BAG_TYPE_KEY_HEX; break; |
560
|
10
|
|
|
|
|
|
case OID_PKCS12_BAG_TYPE_SHROUD: oid_hex = OID_PKCS12_BAG_TYPE_SHROUD_HEX; break; |
561
|
11
|
|
|
|
|
|
case OID_PKCS12_BAG_TYPE_CERT: oid_hex = OID_PKCS12_BAG_TYPE_CERT_HEX; break; |
562
|
0
|
|
|
|
|
|
case OID_PKCS12_BAG_TYPE_CRL: oid_hex = OID_PKCS12_BAG_TYPE_CRL_HEX; break; |
563
|
0
|
|
|
|
|
|
case OID_PKCS12_BAG_TYPE_SECRET: oid_hex = OID_PKCS12_BAG_TYPE_SECRET_HEX; break; |
564
|
0
|
|
|
|
|
|
case OID_PKCS12_BAG_TYPE_SAFE: oid_hex = OID_PKCS12_BAG_TYPE_SAFE_HEX; break; |
565
|
11
|
|
|
|
|
|
case OID_PKCS9_CERT_TYPE_X509: oid_hex = OID_PKCS9_CERT_TYPE_X509_HEX; break; |
566
|
0
|
|
|
|
|
|
case OID_PKCS9_CERT_TYPE_SDSI: oid_hex = OID_PKCS9_CERT_TYPE_SDSI_HEX; break; |
567
|
38
|
|
|
|
|
|
case OID_PKCS7_DATA: oid_hex = OID_PKCS7_DATA_HEX; break; |
568
|
0
|
|
|
|
|
|
case OID_PKCS7_SIGNED_DATA: oid_hex = OID_PKCS7_SIGNED_DATA_HEX; break; |
569
|
0
|
|
|
|
|
|
case OID_PKCS7_ENVELOPED_DATA: oid_hex = OID_PKCS7_ENVELOPED_DATA_HEX; break; |
570
|
0
|
|
|
|
|
|
case OID_PKCS7_SIGNED_ENVELOPED_DATA: oid_hex = OID_PKCS7_SIGNED_ENVELOPED_DATA_HEX; break; |
571
|
4858
|
|
|
|
|
|
case OID_PKCS7_DIGESTED_DATA: oid_hex = OID_PKCS7_DIGESTED_DATA_HEX; break; |
572
|
74
|
|
|
|
|
|
case OID_PKCS7_ENCRYPTED_DATA: oid_hex = OID_PKCS7_ENCRYPTED_DATA_HEX; break; |
573
|
0
|
|
|
|
|
|
case OID_OCSP: oid_hex = OID_OCSP_HEX; break; |
574
|
0
|
|
|
|
|
|
case OID_BASIC_OCSP_RESPONSE: oid_hex = OID_BASIC_OCSP_RESPONSE_HEX; break; |
575
|
0
|
|
|
|
|
|
case OID_ECKA_EG_X963KDF_SHA256: oid_hex = OID_ECKA_EG_X963KDF_SHA256_HEX; break; |
576
|
0
|
|
|
|
|
|
case OID_ECKA_EG_X963KDF_SHA384: oid_hex = OID_ECKA_EG_X963KDF_SHA384_HEX; break; |
577
|
0
|
|
|
|
|
|
case OID_ECKA_EG_X963KDF_SHA512: oid_hex = OID_ECKA_EG_X963KDF_SHA512_HEX; break; |
578
|
0
|
|
|
|
|
|
case OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME: oid_hex = OID_DHSINGLEPASS_STDDH_SHA1KDF_SCHEME_HEX; break; |
579
|
0
|
|
|
|
|
|
case OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME: oid_hex = OID_DHSINGLEPASS_COFACTORDH_SHA1KDF_SCHEME_HEX; break; |
580
|
0
|
|
|
|
|
|
case OID_MQVSINGLEPASS_SHA1KDF_SCHEME: oid_hex = OID_MQVSINGLEPASS_SHA1KDF_SCHEME_HEX; break; |
581
|
0
|
|
|
|
|
|
case OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME: oid_hex = OID_DHSINGLEPASS_STDDH_SHA256KDF_SCHEME_HEX; break; |
582
|
0
|
|
|
|
|
|
case OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME: oid_hex = OID_DHSINGLEPASS_STDDH_SHA384KDF_SCHEME_HEX; break; |
583
|
0
|
|
|
|
|
|
case OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME: oid_hex = OID_DHSINGLEPASS_STDDH_SHA512KDF_SCHEME_HEX; break; |
584
|
|
|
|
|
|
|
default: |
585
|
|
|
|
|
|
|
/* No possible matches: bitwise-add not found constant to OID. */ |
586
|
0
|
|
|
|
|
|
*oi |= OID_NOT_FOUND; |
587
|
0
|
|
|
|
|
|
return; |
588
|
|
|
|
|
|
|
} |
589
|
|
|
|
|
|
|
/* Ignore tag, but use length byte and data from binary oid. */ |
590
|
16648
|
100
|
|
|
|
|
if (oidLen == oid_hex[1] && !memcmp(oidStart, &oid_hex[2], oidLen)) |
|
|
100
|
|
|
|
|
|
591
|
|
|
|
|
|
|
{ |
592
|
11100
|
|
|
|
|
|
return; /* Success */ |
593
|
|
|
|
|
|
|
} |
594
|
5548
|
|
|
|
|
|
*oi += OID_COLLISION; |
595
|
5548
|
|
|
|
|
|
} |
596
|
|
|
|
|
|
|
} |
597
|
|
|
|
|
|
|
#endif /* MATRIXSSL_NO_OID_DATABASE */ |
598
|
|
|
|
|
|
|
|
599
|
|
|
|
|
|
|
/******************************************************************************/ |
600
|
|
|
|
|
|
|
|
601
|
11100
|
|
|
|
|
|
int32_t getAsnOID(const unsigned char **pp, uint32_t len, int32_t *oi, |
602
|
|
|
|
|
|
|
uint8_t checkForParams, psSize_t *paramLen) |
603
|
|
|
|
|
|
|
{ |
604
|
11100
|
|
|
|
|
|
const unsigned char *p = *pp, *end; |
605
|
|
|
|
|
|
|
int32_t plen, rc; |
606
|
|
|
|
|
|
|
uint32_t arcLen; |
607
|
|
|
|
|
|
|
const unsigned char *oidStart; |
608
|
|
|
|
|
|
|
uint32_t oidLen; |
609
|
|
|
|
|
|
|
|
610
|
11100
|
|
|
|
|
|
rc = PS_PARSE_FAIL; |
611
|
11100
|
|
|
|
|
|
end = p + len; |
612
|
11100
|
|
|
|
|
|
plen = end - p; |
613
|
11100
|
50
|
|
|
|
|
if (*(p++) != ASN_OID || (rc = getAsnLength32(&p, (uint32_t) (end - p), &arcLen, 0)) |
|
|
50
|
|
|
|
|
|
614
|
|
|
|
|
|
|
< 0) |
615
|
|
|
|
|
|
|
{ |
616
|
|
|
|
|
|
|
psTraceCrypto("Malformed algorithmId 2\n"); |
617
|
0
|
|
|
|
|
|
return rc; |
618
|
|
|
|
|
|
|
} |
619
|
11100
|
50
|
|
|
|
|
if (end - p < arcLen) |
620
|
|
|
|
|
|
|
{ |
621
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
622
|
|
|
|
|
|
|
} |
623
|
11100
|
50
|
|
|
|
|
if (end - p < 2) |
624
|
|
|
|
|
|
|
{ |
625
|
|
|
|
|
|
|
psTraceCrypto("Malformed algorithmId 3\n"); |
626
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
627
|
|
|
|
|
|
|
} |
628
|
11100
|
|
|
|
|
|
*oi = 0; |
629
|
11100
|
|
|
|
|
|
oidStart = p; |
630
|
11100
|
|
|
|
|
|
oidLen = arcLen; |
631
|
110617
|
100
|
|
|
|
|
while (arcLen > 0) |
632
|
|
|
|
|
|
|
{ |
633
|
99517
|
|
|
|
|
|
*oi += *p; |
634
|
99517
|
|
|
|
|
|
p++; |
635
|
99517
|
|
|
|
|
|
arcLen--; |
636
|
|
|
|
|
|
|
} |
637
|
|
|
|
|
|
|
|
638
|
|
|
|
|
|
|
#ifndef MATRIXSSL_NO_OID_DATABASE |
639
|
11100
|
|
|
|
|
|
checkAsnOidDatabase(oi, oidStart, oidLen); |
640
|
|
|
|
|
|
|
#endif /* MATRIXSSL_NO_OID_DATABASE */ |
641
|
|
|
|
|
|
|
|
642
|
11100
|
50
|
|
|
|
|
if (checkForParams) |
643
|
|
|
|
|
|
|
{ |
644
|
11100
|
|
|
|
|
|
plen -= (end - p); |
645
|
11100
|
|
|
|
|
|
*paramLen = len - plen; |
646
|
11100
|
100
|
|
|
|
|
if (*p != ASN_NULL) |
647
|
|
|
|
|
|
|
{ |
648
|
423
|
|
|
|
|
|
*pp = p; |
649
|
|
|
|
|
|
|
/* paramLen tells whether params exist or completely missing (0) */ |
650
|
423
|
|
|
|
|
|
if (*paramLen > 0) |
651
|
|
|
|
|
|
|
{ |
652
|
|
|
|
|
|
|
/* psTraceIntCrypto("OID %d has parameters to process\n", *oi); */ |
653
|
|
|
|
|
|
|
} |
654
|
423
|
|
|
|
|
|
return PS_SUCCESS; |
655
|
|
|
|
|
|
|
} |
656
|
|
|
|
|
|
|
/* NULL parameter case. Somewhat common. Skip it for the caller */ |
657
|
10677
|
50
|
|
|
|
|
if (end - p < 2) |
658
|
|
|
|
|
|
|
{ |
659
|
|
|
|
|
|
|
psTraceCrypto("Malformed algorithmId 4\n"); |
660
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
661
|
|
|
|
|
|
|
} |
662
|
10677
|
50
|
|
|
|
|
if (*paramLen < 2) |
663
|
|
|
|
|
|
|
{ |
664
|
|
|
|
|
|
|
psTraceCrypto("Malformed algorithmId 5\n"); |
665
|
0
|
|
|
|
|
|
return PS_LIMIT_FAIL; |
666
|
|
|
|
|
|
|
} |
667
|
10677
|
|
|
|
|
|
*paramLen -= 2; /* 1 for the OID tag and 1 for the NULL */ |
668
|
10677
|
|
|
|
|
|
*pp = p + 2; |
669
|
|
|
|
|
|
|
} |
670
|
|
|
|
|
|
|
else |
671
|
|
|
|
|
|
|
{ |
672
|
0
|
|
|
|
|
|
*paramLen = 0; |
673
|
0
|
|
|
|
|
|
*pp = p; |
674
|
|
|
|
|
|
|
} |
675
|
11100
|
|
|
|
|
|
return PS_SUCCESS; |
676
|
|
|
|
|
|
|
} |
677
|
|
|
|
|
|
|
|
678
|
|
|
|
|
|
|
/******************************************************************************/ |
679
|
|
|
|
|
|
|
|