File Coverage

inc/matrixssl-3-9-3-open/crypto/keyformat/x509.c
Criterion Covered Total %
statement 1027 2577 39.8
branch 517 1872 27.6
condition n/a
subroutine n/a
pod n/a
total 1544 4449 34.7


line stmt bran cond sub pod time code
1             /**
2             * @file x509.c
3             * @version 950bba4 (HEAD -> master)
4             *
5             * X.509 Parser.
6             */
7             /*
8             * Copyright (c) 2013-2017 INSIDE Secure Corporation
9             * Copyright (c) PeerSec Networks, 2002-2011
10             * All Rights Reserved
11             *
12             * The latest version of this code is available at http://www.matrixssl.org
13             *
14             * This software is open source; you can redistribute it and/or modify
15             * it under the terms of the GNU General Public License as published by
16             * the Free Software Foundation; either version 2 of the License, or
17             * (at your option) any later version.
18             *
19             * This General Public License does NOT permit incorporating this software
20             * into proprietary programs. If you are unable to comply with the GPL, a
21             * commercial license for this software may be purchased from INSIDE at
22             * http://www.insidesecure.com/
23             *
24             * This program is distributed in WITHOUT ANY WARRANTY; without even the
25             * implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
26             * See the GNU General Public License for more details.
27             *
28             * You should have received a copy of the GNU General Public License
29             * along with this program; if not, write to the Free Software
30             * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
31             * http://www.gnu.org/copyleft/gpl.html
32             */
33             /******************************************************************************/
34              
35             #include "../cryptoImpl.h"
36              
37             #ifdef USE_X509
38              
39             /******************************************************************************/
40              
41             # ifdef POSIX
42             # include
43             # endif
44              
45             /******************************************************************************/
46              
47             # define MAX_CERTS_PER_FILE 16
48              
49             /* Maximum time length accepted.
50             Allows RFC 5280 format time + nanosecond fractional time + non-Zulu time. */
51             # define MAX_TIME_LEN 32
52              
53             # ifdef USE_CERT_PARSE
54             /*
55             Certificate extensions
56             */
57             # define IMPLICIT_ISSUER_ID 1
58             # define IMPLICIT_SUBJECT_ID 2
59             # define EXPLICIT_EXTENSION 3
60              
61             /*
62             Distinguished Name attributes
63             */
64             # define ATTRIB_COMMON_NAME 3
65             # define ATTRIB_SURNAME 4
66             # define ATTRIB_SERIALNUMBER 5
67             # define ATTRIB_COUNTRY_NAME 6
68             # define ATTRIB_LOCALITY 7
69             # define ATTRIB_STATE_PROVINCE 8
70             # define ATTRIB_STREET_ADDRESS 9
71             # define ATTRIB_ORGANIZATION 10
72             # define ATTRIB_ORG_UNIT 11
73             # define ATTRIB_TITLE 12
74             # define ATTRIB_POSTAL_ADDRESS 16
75             # define ATTRIB_TELEPHONE_NUMBER 20
76             # define ATTRIB_NAME 41
77             # define ATTRIB_GIVEN_NAME 42
78             # define ATTRIB_INITIALS 43
79             # define ATTRIB_GEN_QUALIFIER 44
80             # define ATTRIB_DN_QUALIFIER 46
81             # define ATTRIB_PSEUDONYM 65
82              
83             # define ATTRIB_DOMAIN_COMPONENT 25
84             # define ATTRIB_UID 26
85             # define ATTRIB_EMAIL 27
86              
87             /** Enumerate X.509 milestones for issuedBefore() api */
88             typedef enum
89             {
90             RFC_6818, /* January 2013 X.509 Updates Below */
91             RFC_5280, /* May 2008 X.509 Obsoletes Below */
92             RFC_3280, /* April 2002 X.509 Obsoletes Below */
93             RFC_2459, /* January 1999 X.509 First RFC */
94             X509_V3, /* 1996 X.509v3 Pre-RFC */
95             X509_V2, /* 1993 X.509v2 Pre-RFC */
96             X509_V1, /* 1988 X.509v1 Pre-RFC */
97             } rfc_e;
98              
99             # ifdef USE_CRYPTO_TRACE
100             # define OID_LIST(A, B) { { A, B }, #B, oid_ ## B }
101             # else
102             # define OID_LIST(A, B) { { A, B }, oid_ ## B }
103             # endif
104             static const struct
105             {
106             uint16_t oid[MAX_OID_LEN];
107             # ifdef USE_CRYPTO_TRACE
108             char name[32];
109             # endif
110             int id;
111             } oid_list[] = {
112             /* X.509 certificate extensions */
113             OID_LIST(id_ce, id_ce_authorityKeyIdentifier),
114             OID_LIST(id_ce, id_ce_subjectKeyIdentifier),
115             OID_LIST(id_ce, id_ce_keyUsage),
116             OID_LIST(id_ce, id_ce_certificatePolicies),
117             OID_LIST(id_ce, id_ce_policyMappings),
118             OID_LIST(id_ce, id_ce_subjectAltName),
119             OID_LIST(id_ce, id_ce_issuerAltName),
120             OID_LIST(id_ce, id_ce_subjectDirectoryAttributes),
121             OID_LIST(id_ce, id_ce_basicConstraints),
122             OID_LIST(id_ce, id_ce_nameConstraints),
123             OID_LIST(id_ce, id_ce_policyConstraints),
124             OID_LIST(id_ce, id_ce_extKeyUsage),
125             OID_LIST(id_ce, id_ce_cRLDistributionPoints),
126             OID_LIST(id_ce, id_ce_cRLNumber),
127             OID_LIST(id_ce, id_ce_issuingDistributionPoint),
128             OID_LIST(id_ce, id_ce_inhibitAnyPolicy),
129             OID_LIST(id_ce, id_ce_freshestCRL),
130             OID_LIST(id_pe, id_pe_authorityInfoAccess),
131             OID_LIST(id_pe, id_pe_subjectInfoAccess),
132             /* Extended Key Usage */
133             OID_LIST(id_ce_eku, id_ce_eku_anyExtendedKeyUsage),
134             OID_LIST(id_kp, id_kp_serverAuth),
135             OID_LIST(id_kp, id_kp_clientAuth),
136             OID_LIST(id_kp, id_kp_codeSigning),
137             OID_LIST(id_kp, id_kp_emailProtection),
138             OID_LIST(id_kp, id_kp_timeStamping),
139             OID_LIST(id_kp, id_kp_OCSPSigning),
140             /* policyIdentifiers */
141             OID_LIST(id_qt, id_qt_cps),
142             OID_LIST(id_qt, id_qt_unotice),
143             /* accessDescriptors */
144             OID_LIST(id_ad, id_ad_caIssuers),
145             OID_LIST(id_ad, id_ad_ocsp),
146             /* List terminator */
147             OID_LIST(0, 0),
148             };
149              
150             /*
151             Hybrid ASN.1/X.509 cert parsing helpers
152             */
153             static int32_t getExplicitVersion(const unsigned char **pp, psSize_t len,
154             int32_t expVal, int32_t *val);
155             static int32_t getTimeValidity(psPool_t *pool, const unsigned char **pp,
156             psSize_t len,
157             int32_t *notBeforeTimeType, int32_t *notAfterTimeType,
158             char **notBefore, char **notAfter);
159             static int32_t getImplicitBitString(psPool_t *pool, const unsigned char **pp,
160             psSize_t len, int32_t impVal, unsigned char **bitString,
161             psSize_t *bitLen);
162             static int32_t validateDateRange(psX509Cert_t *cert);
163             static int32_t issuedBefore(rfc_e rfc, const psX509Cert_t *cert);
164              
165             # ifdef USE_RSA
166             static int32_t x509ConfirmSignature(const unsigned char *sigHash,
167             const unsigned char *sigOut, psSize_t sigLen);
168             # endif
169              
170             # endif /* USE_CERT_PARSE */
171              
172             /******************************************************************************/
173             # ifdef MATRIX_USE_FILE_SYSTEM
174             /******************************************************************************/
175              
176             static int32_t pemCertFileBufToX509(psPool_t *pool, const unsigned char *fileBuf,
177             psSize_t fileBufLen, psList_t **x509certList);
178              
179             /******************************************************************************/
180             /*
181             Open a PEM X.509 certificate file and parse it
182              
183             Memory info:
184             Caller must free outcert with psX509FreeCert on function success
185             Caller does not have to free outcert on function failure
186             */
187 777           int32 psX509ParseCertFile(psPool_t *pool, char *fileName,
188             psX509Cert_t **outcert, int32 flags)
189             {
190             int32 fileBufLen, err;
191             unsigned char *fileBuf;
192             psList_t *fileList, *currentFile, *x509list, *frontX509;
193             psX509Cert_t *currentCert, *firstCert, *prevCert;
194 777           int32 numParsed = 0;
195              
196 777           *outcert = NULL;
197             /*
198             First test to see if there are multiple files being passed in.
199             Looking for a semi-colon delimiter
200             */
201 777 50         if ((err = psParseList(pool, fileName, ';', &fileList)) < 0)
202             {
203 0           return err;
204             }
205 777           currentFile = fileList;
206 777           firstCert = prevCert = NULL;
207              
208             /* Recurse each individual file */
209 1552 100         while (currentFile)
210             {
211 777 100         if ((err = psGetFileBuf(pool, (char *) currentFile->item, &fileBuf,
212             &fileBufLen)) < PS_SUCCESS)
213             {
214 1           psFreeList(fileList, pool);
215 1 50         if (firstCert)
216             {
217 0           psX509FreeCert(firstCert);
218             }
219 1           return err;
220             }
221              
222 776 100         if ((err = pemCertFileBufToX509(pool, fileBuf, fileBufLen, &x509list))
223             < PS_SUCCESS)
224             {
225 1           psFreeList(fileList, pool);
226 1           psFree(fileBuf, pool);
227 1 50         if (firstCert)
228             {
229 0           psX509FreeCert(firstCert);
230             }
231 1           return err;
232             }
233 775           psFree(fileBuf, pool);
234              
235 775           frontX509 = x509list;
236             /*
237             Recurse each individual cert buffer from within the file
238              
239             If partial parse of cert bundles is not allowed, the failure
240             to load any of the certificates causes the whole function
241             call to fail. If partial parse of cert bundles is allowed,
242             parse as many as we can and return the number of parsed certs.
243             */
244 2270 100         while (x509list != NULL)
245             {
246 1495           err = psX509ParseCert(pool, x509list->item, x509list->len,
247             ¤tCert, flags);
248 1495 50         if (err < 0)
249             {
250 0 0         if (!(flags & CERT_ALLOW_BUNDLE_PARTIAL_PARSE))
251             {
252 0           psX509FreeCert(currentCert);
253 0           psFreeList(fileList, pool);
254 0           psFreeList(frontX509, pool);
255 0 0         if (firstCert)
256             {
257 0           psX509FreeCert(firstCert);
258             }
259 0           return err;
260             }
261             }
262             else
263             {
264 1495           numParsed++;
265             }
266              
267 1495           x509list = x509list->next;
268 1495 100         if (firstCert == NULL)
269             {
270 775           firstCert = currentCert;
271             }
272             else
273             {
274 720           prevCert->next = currentCert;
275             }
276 1495           prevCert = currentCert;
277 1495           currentCert = currentCert->next;
278             }
279 775           currentFile = currentFile->next;
280 775           psFreeList(frontX509, pool);
281             }
282 775           psFreeList(fileList, pool);
283              
284 775           *outcert = firstCert;
285              
286 777           return numParsed;
287             }
288              
289             /******************************************************************************/
290             /*
291             */
292 776           static int32_t pemCertFileBufToX509(psPool_t *pool, const unsigned char *fileBuf,
293             psSize_t fileBufLen, psList_t **x509certList)
294             {
295             psList_t *front, *prev, *current;
296             unsigned char *start, *end, *endTmp;
297             const unsigned char *chFileBuf;
298             unsigned char l;
299              
300 776           *x509certList = NULL;
301 776           prev = NULL;
302 776 50         if (fileBuf == NULL)
303             {
304             psTraceCrypto("Bad parameters to pemCertFileBufToX509\n");
305 0           return PS_ARG_FAIL;
306             }
307 776           front = current = psMalloc(pool, sizeof(psList_t));
308 776 50         if (current == NULL)
309             {
310 0           psError("Memory allocation error first pemCertFileBufToX509\n");
311 0           return PS_MEM_FAIL;
312             }
313 776           l = strlen("CERTIFICATE-----");
314 776           memset(current, 0x0, sizeof(psList_t));
315 776           chFileBuf = fileBuf;
316 2271 100         while (fileBufLen > 0)
317             {
318 2991 100         if (
319 1495 50         ((start = (unsigned char *) strstr((char *) chFileBuf, "-----BEGIN")) != NULL) &&
320 1495 50         ((start = (unsigned char *) strstr((char *) chFileBuf, "CERTIFICATE-----")) != NULL) &&
321 1495 50         ((end = (unsigned char *) strstr((char *) start, "-----END")) != NULL) &&
322             ((endTmp = (unsigned char *) strstr((char *) end, "CERTIFICATE-----")) != NULL)
323             )
324             {
325 1495           start += l;
326 1495 100         if (current == NULL)
327             {
328 720           current = psMalloc(pool, sizeof(psList_t));
329 720 50         if (current == NULL)
330             {
331 0           psFreeList(front, pool);
332 0           psError("Memory allocation error: pemCertFileBufToX509\n");
333 0           return PS_MEM_FAIL;
334             }
335 720           memset(current, 0x0, sizeof(psList_t));
336 720           prev->next = current;
337             }
338 1495           current->len = (uint16_t) (end - start);
339 1495           end = endTmp + l;
340 2990 50         while (*end == '\x0d' || *end == '\x0a' || *end == '\x09'
    100          
    50          
341 1495 50         || *end == ' ')
342             {
343 1495           end++;
344             }
345             }
346             else
347             {
348 1           psFreeList(front, pool);
349             psTraceCrypto("File buffer does not look to be X.509 PEM format\n");
350 1           return PS_PARSE_FAIL;
351             }
352 1495           current->item = psMalloc(pool, current->len);
353 1495 50         if (current->item == NULL)
354             {
355 0           psFreeList(front, pool);
356 0           psError("Memory allocation error: pemCertFileBufToX509\n");
357 0           return PS_MEM_FAIL;
358             }
359 1495           memset(current->item, '\0', current->len);
360              
361 1495           fileBufLen -= (uint16_t) (end - fileBuf);
362 1495           fileBuf = end;
363              
364 1495 50         if (psBase64decode(start, current->len, current->item, ¤t->len) != 0)
365             {
366 0           psFreeList(front, pool);
367             psTraceCrypto("Unable to base64 decode certificate\n");
368 0           return PS_PARSE_FAIL;
369             }
370 1495           prev = current;
371 1495           current = current->next;
372 1495           chFileBuf = fileBuf;
373             }
374 775           *x509certList = front;
375 775           return PS_SUCCESS;
376             }
377             # endif /* MATRIX_USE_FILE_SYSTEM */
378             /******************************************************************************/
379              
380              
381             # ifdef USE_PKCS1_PSS
382             /*
383             RSASSA-PSS-params ::= SEQUENCE {
384             hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
385             maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
386             saltLength [2] INTEGER DEFAULT 20,
387             trailerField [3] TrailerField DEFAULT 1
388             }
389             Note, each of these is sequential, but optional.
390             */
391 0           static int32 getRsaPssParams(const unsigned char **pp, int32 size,
392             psX509Cert_t *cert, int32 secondPass)
393             {
394             const unsigned char *p, *end;
395             int32 oi, second, asnint;
396             psSize_t plen;
397              
398 0           p = *pp;
399             /* SEQUENCE has already been pulled off into size */
400 0           end = p + size;
401              
402             /* The signature algorithm appears twice in an X.509 cert and must be
403             identical. If secondPass is set we check for that */
404              
405 0 0         if ((uint32) (end - p) < 1)
406             {
407 0           goto L_PSS_DONE_OPTIONAL_PARAMS;
408             }
409 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
410             {
411 0           p++;
412 0 0         if (getAsnLength(&p, (uint32) (end - p), &plen) < 0 ||
    0          
413 0           (end - p) < plen)
414             {
415             psTraceCrypto("Error parsing rsapss hash alg len\n");
416 0           return PS_PARSE_FAIL;
417             }
418             /* hashAlgorithm is OID */
419 0 0         if (getAsnAlgorithmIdentifier(&p, (uint32) (end - p), &oi, &plen) < 0)
420             {
421             psTraceCrypto("Error parsing rsapss hash alg\n");
422 0           return PS_PARSE_FAIL;
423             }
424 0 0         if (secondPass)
425             {
426 0 0         if (oi != cert->pssHash)
427             {
428             psTraceCrypto("rsapss hash alg doesn't repeat\n");
429 0           return PS_PARSE_FAIL;
430             }
431             /* Convert to PKCS1_ ID for pssDecode on second pass */
432 0 0         if (oi == OID_SHA1_ALG)
433             {
434 0           second = PKCS1_SHA1_ID;
435             }
436 0 0         else if (oi == OID_SHA256_ALG)
437             {
438 0           second = PKCS1_SHA256_ID;
439             }
440 0 0         else if (oi == OID_MD5_ALG)
441             {
442 0           second = PKCS1_MD5_ID;
443             # ifdef USE_SHA384
444             }
445 0 0         else if (oi == OID_SHA384_ALG)
446             {
447 0           second = PKCS1_SHA384_ID;
448             # endif
449             # ifdef USE_SHA512
450             }
451 0 0         else if (oi == OID_SHA512_ALG)
452             {
453 0           second = PKCS1_SHA512_ID;
454             # endif
455             }
456             else
457             {
458             psTraceCrypto("Unsupported rsapss hash alg\n");
459 0           return PS_UNSUPPORTED_FAIL;
460             }
461 0           cert->pssHash = second;
462             }
463             else
464             {
465             /* first time, save the OID for compare */
466 0           cert->pssHash = oi;
467             }
468             }
469 0 0         if ((uint32) (end - p) < 1)
470             {
471 0           goto L_PSS_DONE_OPTIONAL_PARAMS;
472             }
473 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
474             {
475             /* maskGenAlgorthm is OID */
476 0           p++;
477 0 0         if (getAsnLength(&p, (uint32) (end - p), &plen) < 0 ||
    0          
478 0           (end - p) < plen)
479             {
480             psTraceCrypto("Error parsing mask gen alg len\n");
481 0           return PS_PARSE_FAIL;
482             }
483 0 0         if (getAsnAlgorithmIdentifier(&p, (uint32) (end - p), &oi, &plen) < 0)
484             {
485             psTraceCrypto("Error parsing mask gen alg\n");
486 0           return PS_PARSE_FAIL;
487             }
488 0 0         if (secondPass)
489             {
490 0 0         if (oi != cert->maskGen)
491             {
492             psTraceCrypto("rsapss mask gen alg doesn't repeat\n");
493 0           return PS_PARSE_FAIL;
494             }
495             }
496 0           cert->maskGen = oi;
497 0 0         if (cert->maskGen != OID_ID_MGF1)
498             {
499             psTraceCrypto("Unsupported RSASSA-PSS maskGenAlgorithm\n");
500 0           return PS_UNSUPPORTED_FAIL;
501             }
502             /* MaskGenAlgorithm ::= AlgorithmIdentifier {
503             {PKCS1MGFAlgorithms}
504             }
505             PKCS1MGFAlgorithms ALGORITHM-IDENTIFIER ::= {
506             { OID id-mgf1 PARAMETERS HashAlgorithm },
507             ... -- Allows for future expansion --
508             }
509              
510             The default mask generation function is MGF1 with SHA-1:
511              
512             mgf1SHA1 MaskGenAlgorithm ::= {
513             algorithm id-mgf1,
514             parameters HashAlgorithm : sha1
515             }
516             */
517 0 0         if (getAsnAlgorithmIdentifier(&p, (uint32) (end - p), &oi, &plen) < 0)
518             {
519             psTraceCrypto("Error parsing mask hash alg\n");
520 0           return PS_PARSE_FAIL;
521             }
522 0 0         if (secondPass)
523             {
524 0 0         if (oi != cert->maskHash)
525             {
526             psTraceCrypto("rsapss mask hash alg doesn't repeat\n");
527 0           return PS_PARSE_FAIL;
528             }
529             }
530 0           cert->maskHash = oi;
531             }
532 0 0         if ((uint32) (end - p) < 1)
533             {
534 0           goto L_PSS_DONE_OPTIONAL_PARAMS;
535             }
536 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))
537             {
538             /* saltLen */
539 0           p++;
540 0 0         if (getAsnLength(&p, (uint32) (end - p), &plen) < 0 ||
    0          
541 0           (end - p) < plen)
542             {
543             psTraceCrypto("Error parsing salt len length\n");
544 0           return PS_PARSE_FAIL;
545             }
546 0 0         if (getAsnInteger(&p, (uint32) (end - p), &asnint) < 0)
547             {
548             psTraceCrypto("Error parsing salt len\n");
549 0           return PS_PARSE_FAIL;
550             }
551 0 0         if (secondPass)
552             {
553 0 0         if (asnint != cert->saltLen)
554             {
555             psTraceCrypto("Error: salt len doesn't repeat\n");
556 0           return PS_PARSE_FAIL;
557             }
558             }
559 0           cert->saltLen = asnint;
560             }
561 0 0         if ((uint32) (end - p) < 1)
562             {
563 0           goto L_PSS_DONE_OPTIONAL_PARAMS;
564             }
565 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3))
566             {
567             /* It shall be 1 for this version of the document, which represents
568             the trailer field with hexadecimal value 0xBC */
569 0           p++;
570 0 0         if (getAsnLength(&p, (uint32) (end - p), &plen) < 0 ||
    0          
571 0           (end - p) < plen)
572             {
573             psTraceCrypto("Error parsing rsapss trailer len\n");
574 0           return PS_PARSE_FAIL;
575             }
576 0 0         if (getAsnInteger(&p, (uint32) (end - p), &asnint) < 0 ||
    0          
577 0           asnint != 0x01)
578             {
579             psTraceCrypto("Error parsing rsapss trailer\n");
580 0           return PS_PARSE_FAIL;
581             }
582             }
583 0 0         if (p != end)
584             {
585             psTraceCrypto("Unexpected PSS params\n");
586 0           return PS_PARSE_FAIL;
587             }
588             L_PSS_DONE_OPTIONAL_PARAMS:
589 0           *pp = (unsigned char *) p;
590 0           return PS_SUCCESS;
591             }
592             # endif /* USE_PKCS1_PSS */
593              
594             /******************************************************************************/
595             /*
596             Get the public key (SubjectPublicKeyInfo) in DER format from a psX509Cert_t.
597              
598             Precondition: the certificate must have been parsed with psX509ParseCert or
599             psX509ParseCertFile with the CERT_STORE_UNPARSED_BUFFER flag set.
600             */
601 0           PSPUBLIC int32 psX509GetCertPublicKeyDer(psX509Cert_t *cert,
602             unsigned char *der_out,
603             psSize_t *der_out_len)
604             {
605 0 0         if (!cert || !der_out || !der_out_len)
    0          
    0          
606             {
607 0           return PS_ARG_FAIL;
608             }
609 0 0         if (cert->publicKeyDerOffsetIntoUnparsedBin == 0
610 0 0         || cert->publicKeyDerLen == 0)
611             {
612             psTraceCrypto("No DER format public key stored in this cert. " \
613             "CERT_STORE_DN_BUFFER flag was not used when parsing?");
614 0           return PS_ARG_FAIL;
615             }
616              
617 0 0         if (*der_out_len < cert->publicKeyDerLen)
618             {
619             psTraceCrypto("Output buffer is too small");
620 0           *der_out_len = cert->publicKeyDerLen;
621 0           return PS_OUTPUT_LENGTH;
622             }
623              
624 0           memcpy(der_out,
625 0           cert->unparsedBin + cert->publicKeyDerOffsetIntoUnparsedBin,
626 0           cert->publicKeyDerLen);
627              
628 0           *der_out_len = cert->publicKeyDerLen;
629              
630 0           return PS_SUCCESS;
631             }
632              
633             /*
634             Parse a single, DER-encoded ASN.1 Certificate.
635              
636             Preconditions:
637             - *pp points to the first octet of a DER-encoded Certificate.
638             - the length of the DER-encoded Certificate is size octets.
639             - cert points to an allocated and zeroized psX509Cert_t struct.
640              
641             Postconditions:
642             - *pp == (pp_orig + size), where pp_orig is the original (input)
643             value of *pp.
644             - If return value is PS_SUCCESS, cert will contain a parsed
645             and usable certificate.
646             - If return value is < 0, cert->parseStatus will contain information
647             about the reason of the parse failure.
648              
649             @param[in] Pointer to a memory pool
650             @param[in,out] pp Pointer to a pointer pointing to the first octet
651             of a DER-encoded Certificate. After parsing has completed, the underlying
652             pointer will be updated to point to the octet after the final octet
653             of the Certificate.
654             @param[in] size Size of the DER buffer in bytes.
655             @param[in] cert An allocated psX509Cert_t struct to be filled.
656             with the parsed Certificate data.
657             @param[in] flags
658             */
659 2880           static int parse_single_cert(psPool_t *pool, const unsigned char **pp,
660             uint32 size, const unsigned char *far_end,
661             psX509Cert_t *cert, int32 flags)
662             {
663             # ifdef USE_CERT_PARSE
664             const unsigned char *tbsCertStart;
665             unsigned char sha1KeyHash[SHA1_HASH_SIZE];
666             psDigestContext_t hashCtx;
667             psSize_t certLen;
668             const unsigned char *p_subject_pubkey_info;
669             size_t subject_pubkey_info_header_len;
670             # endif /* USE_CERT_PARSE */
671             const unsigned char *certStart, *certEnd, *end, *p;
672             int32_t rc, func_rc;
673             uint32_t oneCertLen;
674             psSize_t len, plen;
675              
676             /*
677             Initialize the cert structure.*/
678 2880           cert->pool = pool;
679 2880           cert->parseStatus = PS_X509_PARSE_FAIL; /* Default to fail status */
680             # ifdef USE_CERT_PARSE
681 2880           cert->extensions.bc.cA = CA_UNDEFINED;
682             # endif /* USE_CERT_PARSE */
683              
684 2880           p = *pp;
685 2880           certStart = p;
686 2880           end = p + size;
687              
688 2880           func_rc = PS_SUCCESS;
689              
690 2880 100         if ((rc = getAsnSequence32(&p, (uint32_t) (far_end - p), &oneCertLen, 0))
691             < 0)
692             {
693             psTraceCrypto("Initial cert parse error\n");
694 1           func_rc = rc;
695 1           goto out;
696             }
697             /* The whole list of certs could be > 64K bytes, but we still
698             restrict individual certs to 64KB */
699 2879 50         if (oneCertLen > 0xFFFF)
700             {
701 0 0         psAssert(oneCertLen <= 0xFFFF);
702 0           func_rc = PS_FAILURE;
703 0           goto out;
704             }
705 2879           end = p + oneCertLen;
706              
707             /*
708             If the user has specified to keep the ASN.1 buffer in the X.509
709             structure, now is the time to account for it
710             */
711 2879 100         if (flags & CERT_STORE_UNPARSED_BUFFER)
712             {
713 258           cert->binLen = oneCertLen + (int32) (p - certStart);
714 258           cert->unparsedBin = psMalloc(pool, cert->binLen);
715 258 50         if (cert->unparsedBin == NULL)
716             {
717 0           psError("Memory allocation error in psX509ParseCert\n");
718 0           func_rc = PS_MEM_FAIL;
719 0           goto out;
720             }
721 258           memcpy(cert->unparsedBin, certStart, cert->binLen);
722             }
723              
724             # ifdef ENABLE_CA_CERT_HASH
725             /* We use the cert_sha1_hash type for the Trusted CA Indication so
726             run a SHA1 has over the entire Certificate DER encoding. */
727             psSha1PreInit(&hashCtx.sha1);
728             psSha1Init(&hashCtx.sha1);
729             psSha1Update(&hashCtx.sha1, certStart,
730             oneCertLen + (int32) (p - certStart));
731             psSha1Final(&hashCtx.sha1, cert->sha1CertHash);
732             # endif
733              
734             # ifdef USE_CERT_PARSE
735 2879           tbsCertStart = p;
736             # endif /* USE_CERT_PARSE */
737             /*
738             TBSCertificate ::= SEQUENCE {
739             version [0] EXPLICIT Version DEFAULT v1,
740             serialNumber CertificateSerialNumber,
741             signature AlgorithmIdentifier,
742             issuer Name,
743             validity Validity,
744             subject Name,
745             subjectPublicKeyInfo SubjectPublicKeyInfo,
746             issuerUniqueID [1] IMPLICIT UniqueIdentifier OPTIONAL,
747             -- If present, version shall be v2 or v3
748             subjectUniqueID [2] IMPLICIT UniqueIdentifier OPTIONAL,
749             -- If present, version shall be v2 or v3
750             extensions [3] EXPLICIT Extensions OPTIONAL
751             -- If present, version shall be v3 }
752             */
753 2879 50         if ((rc = getAsnSequence(&p, (uint32) (end - p), &len)) < 0)
754             {
755             psTraceCrypto("ASN sequence parse error\n");
756 0           func_rc = rc;
757 0           goto out;
758             }
759 2879           certEnd = p + len;
760             # ifdef USE_CERT_PARSE
761             /*
762             Start parsing TBSCertificate contents.
763             */
764 2879           certLen = certEnd - tbsCertStart;
765             /*
766             Version ::= INTEGER { v1(0), v2(1), v3(2) }
767             */
768 2879 50         if ((rc = getExplicitVersion(&p, (uint32) (end - p), 0, &cert->version))
769             < 0)
770             {
771             psTraceCrypto("ASN version parse error\n");
772 0           func_rc = rc;
773 0           goto out;
774             }
775 2879           switch (cert->version)
776             {
777             case 0:
778             case 1:
779             # ifndef ALLOW_VERSION_1_ROOT_CERT_PARSE
780             psTraceCrypto("ERROR: v1 and v2 certificate versions insecure\n");
781 0           cert->parseStatus = PS_X509_UNSUPPORTED_VERSION;
782 0           func_rc = PS_UNSUPPORTED_FAIL;
783 0           goto out;
784             # else
785             /* Allow locally stored, trusted version 1 and version 2 certificates
786             to be parsed. The SSL layer code will still reject non v3
787             certificates that arrive over-the-wire. */
788             /* Version 1 certificates do not have basic constraints to
789             specify a CA flag or path length. Here, the CA flag is implied
790             since v1 certs can only be loaded as root. We explicitly set
791             the pathLengthConstraint to allow up to 2 intermediate certs.
792             This can be adjusted to allow more or less intermediate certs. */
793             cert->extensions.bc.pathLenConstraint = 2;
794             break;
795             # endif /* ALLOW_VERSION_1_ROOT_CERT_PARSE */
796             case 2:
797             /* Typical case of v3 cert */
798 2879           break;
799             default:
800             psTraceIntCrypto("ERROR: unknown certificate version: %d\n",
801             cert->version);
802 0           cert->parseStatus = PS_X509_UNSUPPORTED_VERSION;
803 0           func_rc = PS_UNSUPPORTED_FAIL;
804 0           goto out;
805             }
806             /*
807             CertificateSerialNumber ::= INTEGER
808             There is a special return code for a missing serial number that
809             will get written to the parse warning flag
810             */
811 2879 50         if ((rc = getSerialNum(pool, &p, (uint32) (end - p), &cert->serialNumber,
812             &cert->serialNumberLen)) < 0)
813             {
814             psTraceCrypto("ASN serial number parse error\n");
815 0           func_rc = rc;
816 0           goto out;
817             }
818             /*
819             AlgorithmIdentifier ::= SEQUENCE {
820             algorithm OBJECT IDENTIFIER,
821             parameters ANY DEFINED BY algorithm OPTIONAL }
822             */
823 2879 50         if ((rc = getAsnAlgorithmIdentifier(&p, (uint32) (end - p),
824 2879           &cert->certAlgorithm, &plen)) < 0)
825             {
826             psTraceCrypto("Couldn't parse algorithm identifier for certAlgorithm\n");
827 0           cert->parseStatus = PS_X509_ALG_ID;
828 0           func_rc = rc;
829 0           goto out;
830             }
831 2879 50         if (plen != 0)
832             {
833             # ifdef USE_PKCS1_PSS
834 0 0         if (cert->certAlgorithm == OID_RSASSA_PSS)
835             {
836             /* RSASSA-PSS-params ::= SEQUENCE {
837             hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
838             maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
839             saltLength [2] INTEGER DEFAULT 20,
840             trailerField [3] TrailerField DEFAULT trailerFieldBC
841             }
842             */
843 0 0         if ((rc = getAsnSequence(&p, (uint32) (end - p), &len)) < 0)
844             {
845             psTraceCrypto("ASN sequence parse error\n");
846 0           func_rc = rc;
847 0           goto out;
848             }
849             /* Always set the defaults before parsing */
850 0           cert->pssHash = PKCS1_SHA1_ID;
851 0           cert->maskGen = OID_ID_MGF1;
852 0           cert->saltLen = SHA1_HASH_SIZE;
853             /* Something other than defaults to parse here? */
854 0 0         if (len > 0)
855             {
856 0 0         if ((rc = getRsaPssParams(&p, len, cert, 0)) < 0)
857             {
858 0           func_rc = rc;
859 0           goto out;
860             }
861             }
862             }
863             else
864             {
865             psTraceCrypto("Unsupported X.509 certAlgorithm\n");
866 0           func_rc = PS_UNSUPPORTED_FAIL;
867 0           goto out;
868             }
869             # else
870             psTraceCrypto("Unsupported X.509 certAlgorithm\n");
871             func_rc = PS_UNSUPPORTED_FAIL;
872             goto out;
873             # endif
874             }
875             /*
876             Name ::= CHOICE {
877             RDNSequence }
878              
879             RDNSequence ::= SEQUENCE OF RelativeDistinguishedName
880              
881             RelativeDistinguishedName ::= SET OF AttributeTypeAndValue
882              
883             AttributeTypeAndValue ::= SEQUENCE {
884             type AttributeType,
885             value AttributeValue }
886              
887             AttributeType ::= OBJECT IDENTIFIER
888              
889             AttributeValue ::= ANY DEFINED BY AttributeType
890             */
891 2879 50         if ((rc = psX509GetDNAttributes(pool, &p, (uint32) (end - p),
892             &cert->issuer, flags)) < 0)
893             {
894             psTraceCrypto("Couldn't parse issuer DN attributes\n");
895 0           cert->parseStatus = PS_X509_ISSUER_DN;
896 0           func_rc = rc;
897 0           goto out;
898             }
899             /*
900             Validity ::= SEQUENCE {
901             notBefore Time,
902             notAfter Time }
903             */
904 2879 50         if ((rc = getTimeValidity(pool, &p, (uint32) (end - p),
905 2879           &cert->notBeforeTimeType, &cert->notAfterTimeType,
906             &cert->notBefore, &cert->notAfter)) < 0)
907             {
908             psTraceCrypto("Couldn't parse validity\n");
909 0           func_rc = rc;
910 0           goto out;
911             }
912              
913             /* SECURITY - platforms without a date function will always succeed */
914 2879 50         if ((rc = validateDateRange(cert)) < 0)
915             {
916             psTraceCrypto("Validity date check failed\n");
917 0           cert->parseStatus = PS_X509_DATE;
918 0           func_rc = rc;
919 0           goto out;
920             }
921             /*
922             Subject DN
923             */
924 2879           cert->subjectKeyDerOffsetIntoUnparsedBin = (uint16_t) (p - certStart);
925 2879 50         if ((rc = psX509GetDNAttributes(pool, &p, (uint32) (end - p),
926             &cert->subject, flags)) < 0)
927             {
928             psTraceCrypto("Couldn't parse subject DN attributes\n");
929 0           cert->parseStatus = PS_X509_SUBJECT_DN;
930 0           func_rc = rc;
931 0           goto out;
932             }
933             /*
934             SubjectPublicKeyInfo ::= SEQUENCE {
935             algorithm AlgorithmIdentifier,
936             subjectPublicKey BIT STRING }
937             */
938 2879           p_subject_pubkey_info = p;
939              
940 2879           cert->publicKeyDerOffsetIntoUnparsedBin = (uint16_t) (p - certStart);
941              
942 2879 50         if ((rc = getAsnSequence(&p, (uint32) (end - p), &len)) < 0)
943             {
944             psTraceCrypto("Couldn't get ASN sequence for pubKeyAlgorithm\n");
945 0           func_rc = rc;
946 0           goto out;
947             }
948 2879           subject_pubkey_info_header_len = (p - p_subject_pubkey_info);
949 2879           cert->publicKeyDerLen = len + subject_pubkey_info_header_len;
950              
951 2879 50         if ((rc = getAsnAlgorithmIdentifier(&p, (uint32) (end - p),
952 2879           &cert->pubKeyAlgorithm, &plen)) < 0)
953             {
954             psTraceCrypto("Couldn't parse algorithm id for pubKeyAlgorithm\n");
955 0           func_rc = rc;
956 0           goto out;
957             }
958              
959             /* Populate with correct type based on pubKeyAlgorithm OID */
960 2879           switch (cert->pubKeyAlgorithm)
961             {
962             # ifdef USE_ECC
963             case OID_ECDSA_KEY_ALG:
964 105 50         if (plen == 0 || plen > (int32) (end - p))
    50          
965             {
966             psTraceCrypto("Bad params on EC OID\n");
967 0           func_rc = PS_PARSE_FAIL;
968 0           goto out;
969             }
970 105           psInitPubKey(pool, &cert->publicKey, PS_ECC);
971 105 50         if ((rc = getEcPubKey(pool, &p, (uint16_t) (end - p),
972             &cert->publicKey.key.ecc, sha1KeyHash)) < 0)
973             {
974 0 0         if (rc == PS_UNSUPPORTED_FAIL)
975             {
976 0           cert->parseStatus = PS_X509_UNSUPPORTED_ECC_CURVE;
977             }
978 0           func_rc = PS_PARSE_FAIL;
979 0           goto out;
980             }
981             /* keysize will be the size of the public ecc key (2 * privateLen) */
982 105           cert->publicKey.keysize = psEccSize(&cert->publicKey.key.ecc);
983 105 50         if (cert->publicKey.keysize < (MIN_ECC_BITS / 8))
984             {
985             psTraceIntCrypto("ECC key size < %d\n", MIN_ECC_BITS);
986 0           psClearPubKey(&cert->publicKey);
987 0           cert->parseStatus = PS_X509_WEAK_KEY;
988 0           func_rc = PS_PARSE_FAIL;
989 0           goto out;
990             }
991 105           break;
992             # endif
993             # ifdef USE_RSA
994             case OID_RSA_KEY_ALG:
995 2774 50         psAssert(plen == 0); /* No parameters on RSA pub key OID */
996 2774           psInitPubKey(pool, &cert->publicKey, PS_RSA);
997 2774 50         if ((rc = psRsaParseAsnPubKey(pool, &p, (uint16_t) (end - p),
998             &cert->publicKey.key.rsa, sha1KeyHash)) < 0)
999             {
1000             psTraceCrypto("Couldn't get RSA pub key from cert\n");
1001 0           cert->parseStatus = PS_X509_MISSING_RSA;
1002 0           func_rc = rc;
1003 0           goto out;
1004             }
1005 2774           cert->publicKey.keysize = psRsaSize(&cert->publicKey.key.rsa);
1006              
1007 2774 50         if (cert->publicKey.keysize < (MIN_RSA_BITS / 8))
1008             {
1009             psTraceIntCrypto("RSA key size < %d\n", MIN_RSA_BITS);
1010 0           psClearPubKey(&cert->publicKey);
1011 0           cert->parseStatus = PS_X509_WEAK_KEY;
1012 0           func_rc = PS_UNSUPPORTED_FAIL;
1013 0           goto out;
1014             }
1015              
1016 2774           break;
1017             # endif
1018             default:
1019             /* Note 645:RSA, 515:DSA, 518:ECDSA, 32969:GOST */
1020             psTraceIntCrypto(
1021             "Unsupported public key algorithm in cert parse: %d\n",
1022             cert->pubKeyAlgorithm);
1023 0           cert->parseStatus = PS_X509_UNSUPPORTED_KEY_ALG;
1024 0           func_rc = PS_UNSUPPORTED_FAIL;
1025 0           goto out;
1026             }
1027              
1028             # ifdef USE_OCSP
1029             /* A sha1 hash of the public key is useful for OCSP */
1030 2879           memcpy(cert->sha1KeyHash, sha1KeyHash, SHA1_HASH_SIZE);
1031             # endif
1032              
1033             /* As the next three values are optional, we can do a specific test here */
1034 2879 50         if (*p != (ASN_SEQUENCE | ASN_CONSTRUCTED))
1035             {
1036 2879 50         if (getImplicitBitString(pool, &p, (uint32) (end - p),
1037             IMPLICIT_ISSUER_ID, &cert->uniqueIssuerId,
1038 2879 50         &cert->uniqueIssuerIdLen) < 0 ||
1039 2879           getImplicitBitString(pool, &p, (uint32) (end - p),
1040             IMPLICIT_SUBJECT_ID, &cert->uniqueSubjectId,
1041 2879 50         &cert->uniqueSubjectIdLen) < 0 ||
1042 2879           getExplicitExtensions(pool, &p, (uint32) (end - p),
1043             EXPLICIT_EXTENSION, &cert->extensions, 0) < 0)
1044             {
1045             psTraceCrypto("There was an error parsing a certificate\n"
1046             "extension. This is likely caused by an\n"
1047             "extension format that is not currently\n"
1048             "recognized. Please email support\n"
1049             "to add support for the extension.\n");
1050 0           cert->parseStatus = PS_X509_UNSUPPORTED_EXT;
1051 0           func_rc = PS_PARSE_FAIL;
1052 0           goto out;
1053             }
1054             }
1055              
1056             /* This is the end of the cert. Do a check here to be certain */
1057 2879 50         if (certEnd != p)
1058             {
1059             psTraceCrypto("Error. Expecting end of cert\n");
1060 0           cert->parseStatus = PS_X509_EOF;
1061 0           func_rc = PS_LIMIT_FAIL;
1062 0           goto out;
1063             }
1064              
1065             /* Reject any cert without a distinguishedName or subjectAltName */
1066 2879 100         if (cert->subject.commonName == NULL &&
    50          
1067 0 0         cert->subject.country == NULL &&
1068 0 0         cert->subject.state == NULL &&
1069 0 0         cert->subject.organization == NULL &&
1070 0 0         cert->subject.orgUnit == NULL &&
1071 0 0         cert->subject.domainComponent == NULL &&
1072 0           cert->extensions.san == NULL)
1073             {
1074             psTraceCrypto("Error. Cert has no name information\n");
1075 0           cert->parseStatus = PS_X509_MISSING_NAME;
1076 0           func_rc = PS_PARSE_FAIL;
1077 0           goto out;
1078             }
1079             # else /* No TBSCertificate parsing. */
1080             p = certEnd;
1081             # endif /* USE_CERT_PARSE (end of TBSCertificate parsing) */
1082              
1083             /* Certificate signature info */
1084 2879 50         if ((rc = getAsnAlgorithmIdentifier(&p, (uint32) (end - p),
1085 2879           &cert->sigAlgorithm, &plen)) < 0)
1086             {
1087             psTraceCrypto("Couldn't get algorithm identifier for sigAlgorithm\n");
1088 0           func_rc = rc;
1089 0           goto out;
1090             }
1091              
1092 2879 50         if (plen != 0)
1093             {
1094             # ifdef USE_PKCS1_PSS
1095 0 0         if (cert->sigAlgorithm == OID_RSASSA_PSS)
1096             {
1097             /* RSASSA-PSS-params ::= SEQUENCE {
1098             hashAlgorithm [0] HashAlgorithm DEFAULT sha1,
1099             maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT mgf1SHA1,
1100             saltLength [2] INTEGER DEFAULT 20,
1101             trailerField [3] TrailerField DEFAULT trailerFieldBC
1102             }
1103             */
1104 0 0         if ((rc = getAsnSequence(&p, (uint32) (end - p), &len)) < 0)
1105             {
1106             psTraceCrypto("ASN sequence parse error\n");
1107 0           func_rc = rc;
1108 0           goto out;
1109             }
1110             /* Something other than defaults to parse here? */
1111 0 0         if (len > 0)
1112             {
1113 0 0         if ((rc = getRsaPssParams(&p, len, cert, 1)) < 0)
1114             {
1115 0           func_rc = rc;
1116 0           goto out;
1117             }
1118             }
1119             }
1120             else
1121             {
1122             psTraceCrypto("Unsupported X.509 sigAlgorithm\n");
1123 0           func_rc = PS_UNSUPPORTED_FAIL;
1124 0           goto out;
1125             }
1126             # else
1127             psTraceCrypto("Unsupported X.509 sigAlgorithm\n");
1128             func_rc = PS_UNSUPPORTED_FAIL;
1129             goto out;
1130             # endif /* USE_PKCS1_PSS */
1131             }
1132             # ifdef USE_CERT_PARSE
1133             /*
1134             https://tools.ietf.org/html/rfc5280#section-4.1.1.2
1135             This field MUST contain the same algorithm identifier as the
1136             signature field in the sequence tbsCertificate (Section 4.1.2.3).
1137             */
1138 2879 50         if (cert->certAlgorithm != cert->sigAlgorithm)
1139             {
1140             psTraceIntCrypto("Parse error: mismatched sig alg (tbs = %d ",
1141             cert->certAlgorithm);
1142             psTraceIntCrypto("sig = %d)\n", cert->sigAlgorithm);
1143 0           cert->parseStatus = PS_X509_SIG_MISMATCH;
1144 0           func_rc = PS_PARSE_FAIL;
1145 0           goto out;
1146             }
1147             /*
1148             Compute the hash of the cert here for CA validation
1149             */
1150 2879           switch (cert->certAlgorithm)
1151             {
1152             # ifdef ENABLE_MD5_SIGNED_CERTS
1153             # ifdef USE_MD2
1154             case OID_MD2_RSA_SIG:
1155             psMd2Init(&hashCtx.md2);
1156             psMd2Update(&hashCtx.md2, tbsCertStart, certLen);
1157             psMd2Final(&hashCtx.md2, cert->sigHash);
1158             break;
1159             # endif /* USE_MD2 */
1160             case OID_MD5_RSA_SIG:
1161             psMd5Init(&hashCtx.md5);
1162             psMd5Update(&hashCtx.md5, tbsCertStart, certLen);
1163             psMd5Final(&hashCtx.md5, cert->sigHash);
1164             break;
1165             # endif
1166             # ifdef ENABLE_SHA1_SIGNED_CERTS
1167             case OID_SHA1_RSA_SIG:
1168             case OID_SHA1_RSA_SIG2:
1169             # ifdef USE_ECC
1170             case OID_SHA1_ECDSA_SIG:
1171             # endif
1172 300           psSha1PreInit(&hashCtx.sha1);
1173 300           psSha1Init(&hashCtx.sha1);
1174 300           psSha1Update(&hashCtx.sha1, tbsCertStart, certLen);
1175 300           psSha1Final(&hashCtx.sha1, cert->sigHash);
1176 300           break;
1177             # endif
1178             # ifdef USE_SHA224
1179             case OID_SHA224_RSA_SIG:
1180             # ifdef USE_ECC
1181             case OID_SHA224_ECDSA_SIG:
1182             # endif
1183             psSha224PreInit(&hashCtx.sha256);
1184             psSha224Init(&hashCtx.sha256);
1185             psSha224Update(&hashCtx.sha256, tbsCertStart, certLen);
1186             psSha224Final(&hashCtx.sha256, cert->sigHash);
1187             break;
1188             # endif
1189             # ifdef USE_SHA256
1190             case OID_SHA256_RSA_SIG:
1191             # ifdef USE_ECC
1192             case OID_SHA256_ECDSA_SIG:
1193             # endif
1194 2454           psSha256PreInit(&hashCtx.sha256);
1195 2454           psSha256Init(&hashCtx.sha256);
1196 2454           psSha256Update(&hashCtx.sha256, tbsCertStart, certLen);
1197 2454           psSha256Final(&hashCtx.sha256, cert->sigHash);
1198 2454           break;
1199             # endif
1200             # ifdef USE_SHA384
1201             case OID_SHA384_RSA_SIG:
1202             # ifdef USE_ECC
1203             case OID_SHA384_ECDSA_SIG:
1204             # endif
1205 110           psSha384PreInit(&hashCtx.sha384);
1206 110           psSha384Init(&hashCtx.sha384);
1207 110           psSha384Update(&hashCtx.sha384, tbsCertStart, certLen);
1208 110           psSha384Final(&hashCtx.sha384, cert->sigHash);
1209 110           break;
1210             # endif
1211             # ifdef USE_SHA512
1212             case OID_SHA512_RSA_SIG:
1213             # ifdef USE_ECC
1214             case OID_SHA512_ECDSA_SIG:
1215             # endif
1216 15           psSha512PreInit(&hashCtx.sha512);
1217 15           psSha512Init(&hashCtx.sha512);
1218 15           psSha512Update(&hashCtx.sha512, tbsCertStart, certLen);
1219 15           psSha512Final(&hashCtx.sha512, cert->sigHash);
1220 15           break;
1221             # endif
1222             # ifdef USE_PKCS1_PSS
1223             case OID_RSASSA_PSS:
1224 0           switch (cert->pssHash)
1225             {
1226             # ifdef ENABLE_MD5_SIGNED_CERTS
1227             case PKCS1_MD5_ID:
1228             psMd5Init(&hashCtx.md5);
1229             psMd5Update(&hashCtx.md5, tbsCertStart, certLen);
1230             psMd5Final(&hashCtx.md5, cert->sigHash);
1231             break;
1232             # endif
1233             # ifdef ENABLE_SHA1_SIGNED_CERTS
1234             case PKCS1_SHA1_ID:
1235 0           psSha1PreInit(&hashCtx.sha1);
1236 0           psSha1Init(&hashCtx.sha1);
1237 0           psSha1Update(&hashCtx.sha1, tbsCertStart, certLen);
1238 0           psSha1Final(&hashCtx.sha1, cert->sigHash);
1239 0           break;
1240             # endif
1241             # ifdef USE_SHA224
1242             case PKCS1_SHA224_ID:
1243             psSha224PreInit(&hashCtx.sha256);
1244             psSha224Init(&hashCtx.sha256);
1245             psSha224Update(&hashCtx.sha256, tbsCertStart, certLen);
1246             psSha224Final(&hashCtx.sha256, cert->sigHash);
1247             break;
1248             # endif
1249             # ifdef USE_SHA256
1250             case PKCS1_SHA256_ID:
1251 0           psSha256PreInit(&hashCtx.sha256);
1252 0           psSha256Init(&hashCtx.sha256);
1253 0           psSha256Update(&hashCtx.sha256, tbsCertStart, certLen);
1254 0           psSha256Final(&hashCtx.sha256, cert->sigHash);
1255 0           break;
1256             # endif
1257             # ifdef USE_SHA384
1258             case PKCS1_SHA384_ID:
1259 0           psSha384PreInit(&hashCtx.sha384);
1260 0           psSha384Init(&hashCtx.sha384);
1261 0           psSha384Update(&hashCtx.sha384, tbsCertStart, certLen);
1262 0           psSha384Final(&hashCtx.sha384, cert->sigHash);
1263 0           break;
1264             # endif
1265             # ifdef USE_SHA512
1266             case PKCS1_SHA512_ID:
1267 0           psSha512PreInit(&hashCtx.sha512);
1268 0           psSha512Init(&hashCtx.sha512);
1269 0           psSha512Update(&hashCtx.sha512, tbsCertStart, certLen);
1270 0           psSha512Final(&hashCtx.sha512, cert->sigHash);
1271 0           break;
1272             # endif
1273             default:
1274             psTraceIntCrypto("Unsupported pssHash algorithm: %d\n",
1275             cert->pssHash);
1276 0           cert->parseStatus = PS_X509_UNSUPPORTED_SIG_ALG;
1277 0           func_rc = PS_UNSUPPORTED_FAIL;
1278 0           goto out;
1279             } /* switch pssHash */
1280 0           break;
1281             # endif /* USE_PKCS1_PSS */
1282              
1283             default:
1284             /* Note 1670:MD2 */
1285             psTraceIntCrypto("Unsupported cert algorithm: %d\n",
1286             cert->certAlgorithm);
1287 0           cert->parseStatus = PS_X509_UNSUPPORTED_SIG_ALG;
1288 0           func_rc = PS_UNSUPPORTED_FAIL;
1289 0           goto out;
1290              
1291             } /* switch certAlgorithm */
1292              
1293             /* 6 empty bytes is plenty enough to know if sigHash didn't calculate */
1294 2879 50         if (memcmp(cert->sigHash, "\0\0\0\0\0\0", 6) == 0)
1295             {
1296             psTraceIntCrypto("No library signature alg support for cert: %d\n",
1297             cert->certAlgorithm);
1298 0           cert->parseStatus = PS_X509_UNSUPPORTED_SIG_ALG;
1299 0           func_rc = PS_UNSUPPORTED_FAIL;
1300 0           goto out;
1301             }
1302             # endif /* USE_CERT_PARSE */
1303              
1304 2879 50         if ((rc = psX509GetSignature(pool, &p, (uint32) (end - p),
1305             &cert->signature, &cert->signatureLen)) < 0)
1306             {
1307             psTraceCrypto("Couldn't parse signature\n");
1308 0           cert->parseStatus = PS_X509_SIGNATURE;
1309 0           func_rc = rc;
1310 0           goto out;
1311             }
1312              
1313             # ifndef USE_CERT_PARSE
1314             /* Some APIs need certAlgorithm.*/
1315             cert->certAlgorithm = cert->sigAlgorithm;
1316             # endif /* !USE_CERT_PARSE */
1317              
1318             out:
1319 2880 100         if (func_rc == PS_SUCCESS)
1320             {
1321 2879           cert->parseStatus = PS_X509_PARSE_SUCCESS;
1322 2879 50         psAssert(p == end); /* Must have parsed everything. */
1323             }
1324 2880 50         psAssert(p <= end); /* Must not have parsed too much. */
1325              
1326 2880           *pp = end;
1327              
1328 2880           return func_rc;
1329             }
1330              
1331             /******************************************************************************/
1332             /*
1333             Parse an X509 v3 ASN.1 certificate stream
1334             http://tools.ietf.org/html/rfc3280
1335              
1336             flags
1337             CERT_STORE_UNPARSED_BUFFER
1338             CERT_STORE_DN_BUFFER
1339              
1340             Memory info:
1341             Caller must always free outcert with psX509FreeCert. Even on failure
1342             */
1343 2880           int32 psX509ParseCert(psPool_t *pool, const unsigned char *pp, uint32 size,
1344             psX509Cert_t **outcert, int32 flags)
1345             {
1346             psX509Cert_t *cert;
1347             const unsigned char *p, *far_end;
1348             int32_t parsing, rc;
1349 2880           int32_t numCerts = 0;
1350 2880           int32_t numParsedCerts = 0;
1351              
1352             /*
1353             Allocate the cert structure right away. User MUST always call
1354             psX509FreeCert regardless of whether this function succeeds.
1355             memset is important because the test for NULL is what is used
1356             to determine what to free.
1357              
1358             If the input stream consists of multiple certs, the rest of
1359             the psX509Cert_t structs will be allocated in parse_single_cert().
1360             */
1361 2880           *outcert = cert = psMalloc(pool, sizeof(psX509Cert_t));
1362 2880 50         if (cert == NULL)
1363             {
1364 0           psError("Memory allocation failure in psX509ParseCert\n");
1365 0           return PS_MEM_FAIL;
1366             }
1367 2880           memset(cert, 0x0, sizeof(psX509Cert_t));
1368              
1369             # ifdef ALWAYS_KEEP_CERT_DER
1370             flags |= CERT_STORE_UNPARSED_BUFFER;
1371             # endif /* ALWAYS_KEEP_CERT_DER */
1372              
1373 2880           p = pp;
1374 2880           far_end = p + size;
1375              
1376 2880           parsing = 1;
1377 5759 100         while (parsing)
1378             {
1379             /*
1380             Certificate ::= SEQUENCE {
1381             tbsCertificate TBSCertificate,
1382             signatureAlgorithm AlgorithmIdentifier,
1383             signatureValue BIT STRING }
1384             */
1385 2880           rc = parse_single_cert(pool, &p, size, far_end, cert, flags);
1386 2880 100         if (rc == PS_SUCCESS)
1387             {
1388 2879           numParsedCerts++;
1389             }
1390             else
1391             {
1392 1 50         psAssert(cert->parseStatus != PS_X509_PARSE_SUCCESS);
1393              
1394 1 50         if (!(flags & CERT_ALLOW_BUNDLE_PARTIAL_PARSE))
1395             {
1396 1           return rc;
1397             }
1398             }
1399              
1400 2879           numCerts++;
1401              
1402             /*
1403             Check whether we reached the end of the input DER stream.
1404              
1405             An additional sanity check is to ensure that there are least
1406             MIN_CERT_SIZE bytes left in the stream. We wish to avoid
1407             having to call parse_single_cert for any residual garbage
1408             in the stream.
1409             */
1410             #define MIN_CERT_SIZE 256
1411 2879 50         if ((p != far_end) && (p < (far_end + 1))
    0          
1412 0 0         && (far_end - p) > MIN_CERT_SIZE)
1413             {
1414 0 0         if (*p == 0x0 && *(p + 1) == 0x0)
    0          
1415             {
1416 0           parsing = 0; /* An indefinite length stream was passed in */
1417             /* caller will have to deal with skipping these because they
1418             would have read off the TL of this ASN.1 stream */
1419             }
1420             else
1421             {
1422 0           cert->next = psMalloc(pool, sizeof(psX509Cert_t));
1423 0 0         if (cert->next == NULL)
1424             {
1425 0           psError("Memory allocation error in psX509ParseCert\n");
1426 0           return PS_MEM_FAIL;
1427             }
1428 0           cert = cert->next;
1429 0           memset(cert, 0x0, sizeof(psX509Cert_t));
1430 0           cert->pool = pool;
1431             }
1432             }
1433             else
1434             {
1435 2879           parsing = 0;
1436             }
1437             }
1438              
1439 2879 50         if (numParsedCerts == 0)
1440 0           return PS_PARSE_FAIL;
1441              
1442 2879 50         if (flags & CERT_ALLOW_BUNDLE_PARTIAL_PARSE)
1443             {
1444             /*
1445             Return number of successfully parsed certs.
1446             Note: this flag is never set when called from the SSL layer.
1447             */
1448             psTraceIntCrypto("Parsed %d certs", numParsedCerts);
1449             psTraceIntCrypto(" from a total of %d certs\n", numCerts);
1450 0           return numParsedCerts;
1451             }
1452             else
1453             {
1454             /*
1455             Return length of parsed DER stream.
1456             Some functions in the SSL layer require this.
1457             */
1458 2880           return (int32) (p - pp);
1459             }
1460             }
1461              
1462             # ifdef USE_CERT_PARSE
1463 8640           static void freeOrgUnitList(x509OrgUnit_t *orgUnit, psPool_t *allocPool)
1464             {
1465             x509OrgUnit_t *ou;
1466              
1467 9446 100         while (orgUnit != NULL)
1468             {
1469 806           ou = orgUnit;
1470 806           orgUnit = ou->next;
1471 806           psFree(ou->name, allocPool);
1472 806           psFree(ou, allocPool);
1473             }
1474 8640           }
1475              
1476 8640           static void freeDomainComponentList(x509DomainComponent_t *domainComponent,
1477             psPool_t *allocPool)
1478             {
1479             x509DomainComponent_t *dc;
1480              
1481 8640 50         while (domainComponent != NULL)
1482             {
1483 0           dc = domainComponent;
1484 0           domainComponent = dc->next;
1485 0           psFree(dc->name, allocPool);
1486 0           psFree(dc, allocPool);
1487             }
1488 8640           }
1489              
1490 2880           void x509FreeExtensions(x509v3extensions_t *extensions)
1491             {
1492              
1493             x509GeneralName_t *active, *inc;
1494              
1495             # if defined(USE_FULL_CERT_PARSE) || defined(USE_CERT_GEN)
1496             x509PolicyQualifierInfo_t *qual_info, *qual_info_inc;
1497             x509PolicyInformation_t *pol_info, *pol_info_inc;
1498             x509policyMappings_t *pol_map, *pol_map_inc;
1499             x509authorityInfoAccess_t *authInfo, *authInfoInc;
1500             # endif /* USE_FULL_CERT_PARSE || USE_CERT_GEN */
1501              
1502 2880 50         if (extensions == NULL)
1503             {
1504 0           return;
1505             }
1506 2880 100         if (extensions->san)
1507             {
1508 31           active = extensions->san;
1509 67 100         while (active != NULL)
1510             {
1511 36           inc = active->next;
1512 36           psFree(active->data, extensions->pool);
1513 36           psFree(active, extensions->pool);
1514 36           active = inc;
1515             }
1516             }
1517             # if defined(USE_FULL_CERT_PARSE) || defined(USE_CERT_GEN)
1518 2880 100         if (extensions->issuerAltName)
1519             {
1520 10           active = extensions->issuerAltName;
1521 20 100         while (active != NULL)
1522             {
1523 10           inc = active->next;
1524 10           psFree(active->data, extensions->pool);
1525 10           psFree(active, extensions->pool);
1526 10           active = inc;
1527             }
1528             }
1529              
1530 2880 100         if (extensions->authorityInfoAccess)
1531             {
1532 12           authInfo = extensions->authorityInfoAccess;
1533 30 100         while (authInfo != NULL)
1534             {
1535 18           authInfoInc = authInfo->next;
1536 18           psFree(authInfo->ocsp, extensions->pool);
1537 18           psFree(authInfo->caIssuers, extensions->pool);
1538 18           psFree(authInfo, extensions->pool);
1539 18           authInfo = authInfoInc;
1540             }
1541             }
1542             # endif /* USE_FULL_CERT_PARSE || USE_CERT_GEN */
1543              
1544             # ifdef USE_CRL
1545 2880 50         if (extensions->crlNum)
1546             {
1547 0           psFree(extensions->crlNum, extensions->pool);
1548             }
1549 2880 100         if (extensions->crlDist)
1550             {
1551 82           active = extensions->crlDist;
1552 184 100         while (active != NULL)
1553             {
1554 102           inc = active->next;
1555 102           psFree(active->data, extensions->pool);
1556 102           psFree(active, extensions->pool);
1557 102           active = inc;
1558             }
1559             }
1560             # endif /* CRL */
1561              
1562             # ifdef USE_FULL_CERT_PARSE
1563 2880 50         if (extensions->nameConstraints.excluded)
1564             {
1565 0           active = extensions->nameConstraints.excluded;
1566 0 0         while (active != NULL)
1567             {
1568 0           inc = active->next;
1569 0           psFree(active->data, extensions->pool);
1570 0           psFree(active, extensions->pool);
1571 0           active = inc;
1572             }
1573             }
1574 2880 100         if (extensions->nameConstraints.permitted)
1575             {
1576 5           active = extensions->nameConstraints.permitted;
1577 45 100         while (active != NULL)
1578             {
1579 40           inc = active->next;
1580 40           psFree(active->data, extensions->pool);
1581 40           psFree(active, extensions->pool);
1582 40           active = inc;
1583             }
1584             }
1585             # endif /* USE_FULL_CERT_PARSE */
1586 2880 100         if (extensions->sk.id)
1587             {
1588 2864           psFree(extensions->sk.id, extensions->pool);
1589             }
1590 2880 100         if (extensions->ak.keyId)
1591             {
1592 2379           psFree(extensions->ak.keyId, extensions->pool);
1593             }
1594 2880 100         if (extensions->ak.serialNum)
1595             {
1596 50           psFree(extensions->ak.serialNum,
1597             extensions->pool);
1598             }
1599 2880           psX509FreeDNStruct(&extensions->ak.attribs, extensions->pool);
1600              
1601             # if defined(USE_FULL_CERT_PARSE) || defined(USE_CERT_GEN)
1602 2880           pol_info = extensions->certificatePolicy.policy;
1603 2968 100         while (pol_info != NULL)
1604             {
1605             /* Free PolicyInformation member variables. */
1606 88           pol_info_inc = pol_info->next;
1607 88           psFree(pol_info->policyOid, extensions->pool);
1608 88           qual_info = pol_info->qualifiers;
1609 199 100         while (qual_info != NULL)
1610             {
1611             /* Free QualifierInfo member variables. */
1612 111           qual_info_inc = qual_info->next;
1613 111           psFree(qual_info->cps, extensions->pool);
1614 111           psFree(qual_info->unoticeOrganization, extensions->pool);
1615 111           psFree(qual_info->unoticeExplicitText, extensions->pool);
1616 111           psFree(qual_info, extensions->pool);
1617 111           qual_info = qual_info_inc;
1618             }
1619 88           psFree(pol_info, extensions->pool);
1620 88           pol_info = pol_info_inc;
1621             }
1622              
1623 2880           pol_map = extensions->policyMappings;
1624 2885 100         while (pol_map != NULL)
1625             {
1626 5           pol_map_inc = pol_map->next;
1627 5           psFree(pol_map->issuerDomainPolicy, extensions->pool);
1628 5           psFree(pol_map->subjectDomainPolicy, extensions->pool);
1629 5           psFree(pol_map, extensions->pool);
1630 5           pol_map = pol_map_inc;
1631             }
1632              
1633 2880 50         if (extensions->netscapeComment)
1634             {
1635 0 0         if (extensions->netscapeComment->comment)
1636             {
1637 0           psFree(extensions->netscapeComment->comment, pool);
1638             }
1639 0           psFree(extensions->netscapeComment, pool);
1640             }
1641             # endif /* USE_FULL_CERT_PARSE || USE_CERT_GEN */
1642             }
1643              
1644 0           int32_t psX509GetNumOrganizationalUnits(const x509DNattributes_t *DN)
1645             {
1646             x509OrgUnit_t *ou;
1647 0           int32_t res = 0;
1648              
1649 0 0         if (DN == NULL)
1650             {
1651 0           return PS_ARG_FAIL;
1652             }
1653              
1654 0 0         if (DN->orgUnit == NULL)
1655             {
1656 0           return 0;
1657             }
1658              
1659 0           res = 1;
1660 0           ou = DN->orgUnit;
1661 0 0         while (ou->next != NULL)
1662             {
1663 0           ou = ou->next;
1664 0           res++;
1665             }
1666              
1667 0           return res;
1668             }
1669              
1670 0           x509OrgUnit_t *psX509GetOrganizationalUnit(const x509DNattributes_t *DN,
1671             int32_t index)
1672             {
1673             x509OrgUnit_t *ou;
1674             int32_t i;
1675              
1676 0 0         if (DN == NULL || DN->orgUnit == NULL || index < 0)
    0          
    0          
1677             {
1678 0           return NULL;
1679             }
1680              
1681             /*
1682             Note: the OU list is in reverse order. The last item
1683             (i.e the item with largest index) is at the list head.
1684             */
1685              
1686 0           i = psX509GetNumOrganizationalUnits(DN) - 1; /* Largest index. */
1687 0 0         if (i < 0)
1688             {
1689 0           return NULL;
1690             }
1691              
1692 0           ou = DN->orgUnit;
1693 0 0         if (i == index)
1694             {
1695 0           return ou;
1696             }
1697              
1698 0 0         while (ou->next != NULL)
1699             {
1700 0           ou = ou->next;
1701 0           i--;
1702 0 0         if (i < 0)
1703             {
1704 0           return NULL;
1705             }
1706 0 0         if (i == index)
1707             {
1708 0           return ou;
1709             }
1710             }
1711              
1712 0           return NULL;
1713             }
1714              
1715 0           int32_t psX509GetNumDomainComponents(const x509DNattributes_t *DN)
1716             {
1717             x509DomainComponent_t *dc;
1718 0           int32_t res = 0;
1719              
1720 0 0         if (DN == NULL)
1721             {
1722 0           return PS_ARG_FAIL;
1723             }
1724              
1725 0 0         if (DN->domainComponent == NULL)
1726             {
1727 0           return 0;
1728             }
1729              
1730 0           res = 1;
1731 0           dc = DN->domainComponent;
1732 0 0         while (dc->next != NULL)
1733             {
1734 0           dc = dc->next;
1735 0           res++;
1736             }
1737              
1738 0           return res;
1739             }
1740              
1741 0           x509DomainComponent_t *psX509GetDomainComponent(const x509DNattributes_t *DN,
1742             int32_t index)
1743             {
1744             x509DomainComponent_t *dc;
1745             int32_t i;
1746              
1747 0 0         if (DN == NULL || DN->domainComponent == NULL || index < 0)
    0          
    0          
1748             {
1749 0           return NULL;
1750             }
1751              
1752             /*
1753             Note: the DC list is in reverse order. The last item
1754             (i.e the item with largest index) is at the list head.
1755             */
1756              
1757 0           i = psX509GetNumDomainComponents(DN) - 1; /* Largest index. */
1758 0 0         if (i < 0)
1759             {
1760 0           return NULL;
1761             }
1762              
1763 0           dc = DN->domainComponent;
1764 0 0         if (i == index)
1765             {
1766 0           return dc;
1767             }
1768              
1769 0 0         while (dc->next != NULL)
1770             {
1771 0           dc = dc->next;
1772 0           i--;
1773 0 0         if (i < 0)
1774             {
1775 0           return NULL;
1776             }
1777 0 0         if (i == index)
1778             {
1779 0           return dc;
1780             }
1781             }
1782              
1783 0           return NULL;
1784             }
1785              
1786 0           int32_t psX509GetConcatenatedDomainComponent(const x509DNattributes_t *DN,
1787             char **out_str,
1788             size_t *out_str_len)
1789             {
1790             x509DomainComponent_t *dc;
1791 0           int32_t i = 0;
1792 0           psSize_t total_len = 0;
1793 0           int32_t num_dcs = 0;
1794 0           int32_t pos = 0;
1795              
1796 0 0         if (DN == NULL || out_str == NULL)
    0          
1797             {
1798 0           return PS_ARG_FAIL;
1799             }
1800              
1801 0           num_dcs = psX509GetNumDomainComponents(DN);
1802 0 0         if (num_dcs == 0)
1803             {
1804 0           *out_str = NULL;
1805 0           *out_str_len = 0;
1806 0           return PS_SUCCESS;
1807             }
1808              
1809 0 0         for (i = 0; i < num_dcs; i++)
1810             {
1811 0           dc = psX509GetDomainComponent(DN, i);
1812 0 0         if (dc == NULL)
1813             {
1814 0           return PS_FAILURE;
1815             }
1816 0           total_len += dc->len - DN_NUM_TERMINATING_NULLS;
1817             /* We will add a dot between the components. */
1818 0 0         if (i != (num_dcs - 1))
1819             {
1820 0           total_len += 1;
1821             }
1822             }
1823              
1824 0           total_len += DN_NUM_TERMINATING_NULLS;
1825              
1826 0           *out_str = psMalloc(NULL, total_len);
1827 0 0         if (*out_str == NULL)
1828             {
1829 0           return PS_MEM_FAIL;
1830             }
1831 0           memset(*out_str, 0, total_len);
1832              
1833             /* The top-level DC is usually listed first. So we start from the
1834             other end. */
1835 0           pos = 0;
1836 0 0         for (i = num_dcs - 1; i >= 0; i--)
1837             {
1838 0           dc = psX509GetDomainComponent(DN, i);
1839 0 0         if (dc == NULL)
1840             {
1841 0           psFree(*out_str, NULL);
1842 0           *out_str = NULL;
1843 0           return PS_FAILURE;
1844             }
1845 0           memcpy(*out_str + pos, dc->name,
1846 0           dc->len - DN_NUM_TERMINATING_NULLS);
1847 0           pos += dc->len - DN_NUM_TERMINATING_NULLS;
1848 0 0         if (i != 0)
1849             {
1850 0           (*out_str)[pos] = '.';
1851 0           pos++;
1852             }
1853             }
1854              
1855 0 0         if (pos != total_len - DN_NUM_TERMINATING_NULLS)
1856             {
1857 0           psFree(*out_str, NULL);
1858 0           *out_str = NULL;
1859 0           return PS_FAILURE;
1860             }
1861              
1862 0           *out_str_len = (size_t) total_len;
1863              
1864 0           return PS_SUCCESS;
1865             }
1866             # endif /* USE_CERT_PARSE */
1867             # ifdef USE_FULL_CERT_PARSE
1868             /** Long, ugly function that concatenates all the DN components
1869             to produce OpenSSL-style output.
1870              
1871             This function aims to produce output identical
1872             to X509_NAME_oneline(), which seems to be function used by
1873             the openssl x509 utility to print out DNs.
1874              
1875             The amount of code is rather large, so compile this only
1876             when USE_FULL_CERT_PARSE is defined.
1877              
1878             On success, the caller is responsible for freeing the
1879             returned string.
1880             */
1881 0           static int32_t concatenate_dn(psPool_t *pool,
1882             const x509DNattributes_t *dn,
1883             char **out_str,
1884             size_t *out_str_len)
1885             {
1886 0           size_t total_len = 0;
1887             char *str, *p;
1888 0           const char *country_prefix = "C=";
1889 0           const char *state_prefix = "ST=";
1890 0           const char *organization_prefix = "O=";
1891 0           const char *organizationalUnit_prefix = "OU=";
1892 0           const char *dnQualifier_prefix = "/dnQualifier=";
1893 0           const char *commonName_prefix = "CN=";
1894 0           const char *serialNumber_prefix = "/serialNumber=";
1895 0           const char *domainComponent_prefix = "DC=";
1896              
1897             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
1898 0           const char *locality_prefix = "L=";
1899 0           const char *title_prefix = "/title=";
1900 0           const char *surname_prefix = "SN=";
1901 0           const char *givenName_prefix = "GN=";
1902 0           const char *initials_prefix = "/initials=";
1903 0           const char *pseudonym_prefix = "/pseudonym=";
1904 0           const char *generationQualifier_prefix = "/generationQualifier=";
1905             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
1906             # ifdef USE_EXTRA_DN_ATTRIBUTES
1907             const char *streetAddress_prefix = "/street=";
1908             const char *postalAddress_prefix = "/postalAddress=";
1909             const char *telephoneNumber_prefix = "/telephoneNumber=";
1910             const char *uid_prefix = "/UID=";
1911             const char *name_prefix = "/name=";
1912             const char *email_prefix = "/emailAddress=";
1913             # endif /* USE_EXTRA_DN_ATTRIBUTES */
1914             int num_dcs;
1915 0           int first_len = 1;
1916 0           int first_field = 1;
1917             x509OrgUnit_t *orgUnit;
1918             int num_ous;
1919              
1920 0 0         psAssert(dn != NULL && out_str != NULL);
    0          
1921              
1922             # define INC_LEN(X) \
1923             if (dn->X ## Len > 0) { \
1924             if (!first_len && X ## _prefix[0] != '/') { \
1925             total_len += 2; \
1926             } \
1927             first_len = 0; \
1928             total_len += strlen(X ## _prefix) + \
1929             dn->X ## Len - \
1930             DN_NUM_TERMINATING_NULLS; \
1931             }
1932              
1933 0 0         INC_LEN(country);
    0          
    0          
1934 0 0         INC_LEN(state);
    0          
    0          
1935 0 0         INC_LEN(organization);
    0          
    0          
1936 0           num_ous = psX509GetNumOrganizationalUnits(dn);
1937 0 0         if (num_ous > 0)
1938             {
1939             int i;
1940 0 0         for (i = 0; i < num_ous; i++)
1941             {
1942 0           orgUnit = psX509GetOrganizationalUnit(dn, i);
1943 0 0         if (orgUnit == NULL)
1944             {
1945 0           return PS_FAILURE;
1946             }
1947 0 0         if (first_len)
1948             {
1949 0           first_len = 0;
1950             }
1951             else
1952             {
1953 0           total_len += 2;
1954             }
1955 0           total_len += strlen(organizationalUnit_prefix);
1956 0           total_len += orgUnit->len - DN_NUM_TERMINATING_NULLS;
1957             }
1958             }
1959 0 0         INC_LEN(dnQualifier);
    0          
    0          
1960 0 0         INC_LEN(commonName);
    0          
    0          
1961 0 0         INC_LEN(serialNumber);
    0          
    0          
1962              
1963             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
1964 0 0         INC_LEN(locality);
    0          
    0          
1965 0 0         INC_LEN(title);
    0          
    0          
1966 0 0         INC_LEN(surname);
    0          
    0          
1967 0 0         INC_LEN(givenName);
    0          
    0          
1968 0 0         INC_LEN(initials);
    0          
    0          
1969 0 0         INC_LEN(pseudonym);
    0          
    0          
1970 0 0         INC_LEN(generationQualifier);
    0          
    0          
1971             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
1972              
1973             # ifdef USE_EXTRA_DN_ATTRIBUTES
1974             INC_LEN(streetAddress);
1975             INC_LEN(postalAddress);
1976             INC_LEN(telephoneNumber);
1977             INC_LEN(uid);
1978             INC_LEN(name);
1979             INC_LEN(email);
1980             # endif /* USE_EXTRA_DN_ATTRIBUTES */
1981 0           num_dcs = psX509GetNumDomainComponents(dn);
1982 0 0         if (num_dcs > 0)
1983             {
1984             int i;
1985             x509DomainComponent_t *dc;
1986              
1987 0 0         for (i = 0; i < num_dcs; i++)
1988             {
1989 0           total_len += strlen(domainComponent_prefix);
1990 0 0         if (first_len)
1991             {
1992 0           first_len = 0;
1993             }
1994             else
1995             {
1996 0           total_len += 2;
1997             }
1998 0           dc = psX509GetDomainComponent(dn, i);
1999 0 0         if (dc == NULL)
2000             {
2001 0           return PS_FAILURE;
2002             }
2003 0           total_len += dc->len - DN_NUM_TERMINATING_NULLS;
2004             }
2005             }
2006              
2007             /*
2008             Sanity check.*/
2009 0 0         if (total_len > 100000)
2010             {
2011 0           return PS_ARG_FAIL;
2012             }
2013              
2014 0           str = psMalloc(pool, total_len + 1);
2015 0 0         if (str == NULL)
2016             {
2017 0           return PS_MEM_FAIL;
2018             }
2019 0           memset(str, 0, total_len + 1);
2020              
2021 0           p = str;
2022              
2023             /*
2024             We are going to imitate the OpenSSL output format.
2025             For common fields such as country (C) or state (ST), there is
2026             a 1-2 letter ID and the printout is e.g. "ST=[value]".
2027             For other fields, the prefix is "/field_name=[value]".
2028             Note that there is comma and a space ", " before fields with
2029             a 1-2 letter ID, but not before the "/field_name=" fields.
2030             Example:
2031              
2032             C=US, ST=Test State or Province, L=Test Locality, O=Organization Name,
2033             OU=First Organizational Unit Name, OU=Second Organizational Unit
2034             Name, OU=Third Organizational Unit Name, CN=Common Name
2035             /name=GivenName Surname, GN=Givenname, SN=Surname, DC=com,
2036             DC=insidesecure,
2037             DC=test/emailAddress=test@email.address/serialNumber=012bf123aa
2038             /street=MyStreetAddress99/title=Dr./postalAddress=12345
2039             /telephoneNumber=1111-2222-3333/pseudonym=myPseudonym
2040             /generationQualifier=III/initials=G.S.
2041             /dnQualifier=123456789/UID=root
2042             */
2043              
2044             # define PRINT_FIELD(field) \
2045             if (dn->field ## Len > 0) { \
2046             if (first_field) { \
2047             first_field = 0; \
2048             } else { \
2049             if (field ## _prefix[0] != '/') { \
2050             *p++ = ','; \
2051             *p++ = ' '; \
2052             } \
2053             } \
2054             memcpy(p, field ## _prefix, strlen(field ## _prefix)); \
2055             p += strlen(field ## _prefix); \
2056             memcpy(p, dn->field, \
2057             dn->field ## Len - DN_NUM_TERMINATING_NULLS); \
2058             p += dn->field ## Len - DN_NUM_TERMINATING_NULLS; \
2059             }
2060              
2061             /*
2062             The ifdefs are a bit messy, because we wish to use the same
2063             print order as OpenSSL. MatrixSSL divides the fields
2064             into ifdef-wrapped groups differently.
2065             */
2066 0 0         PRINT_FIELD(country);
    0          
    0          
2067 0 0         PRINT_FIELD(state);
    0          
    0          
2068             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
2069 0 0         PRINT_FIELD(locality);
    0          
    0          
2070             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
2071 0 0         PRINT_FIELD(organization);
    0          
    0          
2072 0           num_ous = psX509GetNumOrganizationalUnits(dn);
2073 0 0         if (num_ous > 0)
2074             {
2075             int i;
2076 0 0         for (i = 0; i < num_ous; i++)
2077             {
2078 0           orgUnit = psX509GetOrganizationalUnit(dn, i);
2079 0 0         if (orgUnit == NULL)
2080             {
2081 0           psFree(str, pool);
2082 0           return PS_FAILURE;
2083             }
2084 0 0         if (first_field)
2085             {
2086 0           first_field = 0;
2087             }
2088             else
2089             {
2090 0           *p++ = ',';
2091 0           } *p++ = ' ';
2092 0           memcpy(p, organizationalUnit_prefix,
2093             strlen(organizationalUnit_prefix));
2094 0           p += strlen(organizationalUnit_prefix);
2095 0           memcpy(p, orgUnit->name, orgUnit->len - DN_NUM_TERMINATING_NULLS);
2096 0           p += orgUnit->len - DN_NUM_TERMINATING_NULLS;
2097             }
2098             }
2099 0 0         PRINT_FIELD(commonName);
    0          
    0          
2100             # ifdef USE_EXTRA_DN_ATTRIBUTES
2101             PRINT_FIELD(name);
2102             # endif /* USE_EXTRA_DN_ATTRIBUTES */
2103             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
2104 0 0         PRINT_FIELD(givenName);
    0          
    0          
2105 0 0         PRINT_FIELD(surname);
    0          
    0          
2106             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
2107             # ifdef USE_EXTRA_DN_ATTRIBUTES
2108             /**/
2109             num_dcs = psX509GetNumDomainComponents(dn);
2110             if (num_dcs > 0)
2111             {
2112             int i;
2113             x509DomainComponent_t *dc;
2114              
2115             for (i = 0; i < num_dcs; i++)
2116             {
2117             if (first_field)
2118             {
2119             first_field = 0;
2120             }
2121             else
2122             {
2123             *p++ = ',';
2124             } *p++ = ' ';
2125             memcpy(p, domainComponent_prefix,
2126             strlen(domainComponent_prefix));
2127             p += strlen(domainComponent_prefix);
2128             dc = psX509GetDomainComponent(dn, i);
2129             if (dc == NULL)
2130             {
2131             psFree(str, pool);
2132             return PS_FAILURE;
2133             }
2134             memcpy(p, dc->name, dc->len - DN_NUM_TERMINATING_NULLS);
2135             p += dc->len - DN_NUM_TERMINATING_NULLS;
2136             }
2137             }
2138             PRINT_FIELD(email);
2139             # endif /* USE_EXTRA_DN_ATTRIBUTES */
2140 0 0         PRINT_FIELD(serialNumber);
    0          
    0          
2141             # ifdef USE_EXTRA_DN_ATTRIBUTES
2142             PRINT_FIELD(streetAddress);
2143             # endif /* USE_EXTRA_DN_ATTRIBUTES */
2144             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
2145 0 0         PRINT_FIELD(title);
    0          
    0          
2146             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
2147             # ifdef USE_EXTRA_DN_ATTRIBUTES
2148             PRINT_FIELD(postalAddress);
2149             PRINT_FIELD(telephoneNumber);
2150             # endif /* USE_EXTRA_DN_ATTRIBUTES */
2151             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
2152 0 0         PRINT_FIELD(pseudonym);
    0          
    0          
2153 0 0         PRINT_FIELD(generationQualifier);
    0          
    0          
2154 0 0         PRINT_FIELD(initials);
    0          
    0          
2155             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
2156 0 0         PRINT_FIELD(dnQualifier);
    0          
    0          
2157             # ifdef USE_EXTRA_DN_ATTRIBUTES
2158             PRINT_FIELD(uid);
2159             # endif /* USE_EXTRA_DN_ATTRIBUTES */
2160              
2161 0 0         psAssert(total_len == (p - str));
2162              
2163 0           *p++ = '\0';
2164 0           *out_str = str;
2165 0           *out_str_len = total_len;
2166              
2167 0           return PS_SUCCESS;
2168             }
2169              
2170 0           int32_t psX509GetOnelineDN(const x509DNattributes_t *DN,
2171             char **out_str,
2172             size_t *out_str_len)
2173             {
2174 0           return concatenate_dn(NULL, DN, out_str, out_str_len);
2175             }
2176              
2177             # endif /* USE_FULL_CERT_PARSE */
2178              
2179             /******************************************************************************/
2180             /*
2181             User must call after all calls to psX509ParseCert
2182             (we violate the coding standard a bit here for clarity)
2183             */
2184 2158           void psX509FreeCert(psX509Cert_t *cert)
2185             {
2186             psX509Cert_t *curr, *next;
2187             psPool_t *pool;
2188              
2189 2158           curr = cert;
2190 5038 100         while (curr)
2191             {
2192 2880           pool = curr->pool;
2193 2880 100         if (curr->unparsedBin)
2194             {
2195 258           psFree(curr->unparsedBin, pool);
2196             }
2197             # ifdef USE_CERT_PARSE
2198 2880           psX509FreeDNStruct(&curr->issuer, pool);
2199 2880           psX509FreeDNStruct(&curr->subject, pool);
2200 2880 100         if (curr->serialNumber)
2201             {
2202 2879           psFree(curr->serialNumber, pool);
2203             }
2204 2880 100         if (curr->notBefore)
2205             {
2206 2879           psFree(curr->notBefore, pool);
2207             }
2208 2880 100         if (curr->notAfter)
2209             {
2210 2879           psFree(curr->notAfter, pool);
2211             }
2212 2880 100         if (curr->signature)
2213             {
2214 2879           psFree(curr->signature, pool);
2215             }
2216 2880 50         if (curr->uniqueIssuerId)
2217             {
2218 0           psFree(curr->uniqueIssuerId, pool);
2219             }
2220 2880 50         if (curr->uniqueSubjectId)
2221             {
2222 0           psFree(curr->uniqueSubjectId, pool);
2223             }
2224              
2225              
2226 2880 100         if (curr->publicKey.type != PS_NOKEY)
2227             {
2228 2879           switch (curr->pubKeyAlgorithm)
2229             {
2230             # ifdef USE_RSA
2231             case OID_RSA_KEY_ALG:
2232 2774           psRsaClearKey(&curr->publicKey.key.rsa);
2233 2774           break;
2234             # endif
2235              
2236             # ifdef USE_ECC
2237             case OID_ECDSA_KEY_ALG:
2238 105           psEccClearKey(&curr->publicKey.key.ecc);
2239 105           break;
2240             # endif
2241              
2242             default:
2243 0           psAssert(0);
2244 0           break;
2245             }
2246 2879           curr->publicKey.type = PS_NOKEY;
2247             }
2248              
2249 2880           x509FreeExtensions(&curr->extensions);
2250             # endif /* USE_CERT_PARSE */
2251 2880           next = curr->next;
2252 2880           psFree(curr, pool);
2253 2880           curr = next;
2254             }
2255 2158           }
2256              
2257             /******************************************************************************/
2258             /*
2259             Currently just returning the raw BIT STRING and size in bytes
2260             */
2261             # define MIN_HASH_SIZE 16
2262 2879           int32_t psX509GetSignature(psPool_t *pool, const unsigned char **pp, psSize_t len,
2263             unsigned char **sig, psSize_t *sigLen)
2264             {
2265 2879           const unsigned char *p = *pp, *end;
2266             psSize_t llen;
2267              
2268 2879           end = p + len;
2269 5758 50         if (len < 1 || (*(p++) != ASN_BIT_STRING) ||
2270 5758 50         getAsnLength(&p, len - 1, &llen) < 0 ||
2271 2879 50         (uint32) (end - p) < llen ||
2272 2879           llen < (1 + MIN_HASH_SIZE))
2273             {
2274              
2275             psTraceCrypto("Initial parse error in getSignature\n");
2276 0           return PS_PARSE_FAIL;
2277             }
2278             /* We assume this ignore_bits byte is always 0. */
2279 2879 50         psAssert(*p == 0);
2280 2879           p++;
2281             /* Length was including the ignore_bits byte, subtract it */
2282 2879           *sigLen = llen - 1;
2283 2879           *sig = psMalloc(pool, *sigLen);
2284 2879 50         if (*sig == NULL)
2285             {
2286 0           psError("Memory allocation error in getSignature\n");
2287 0           return PS_MEM_FAIL;
2288             }
2289 2879           memcpy(*sig, p, *sigLen);
2290 2879           *pp = p + *sigLen;
2291 2879           return PS_SUCCESS;
2292             }
2293              
2294             # ifdef USE_CERT_PARSE
2295             /******************************************************************************/
2296             /*
2297             Validate the expected name against a subset of the GeneralName rules
2298             for DNS, Email and IP types.
2299             We assume the expected name is not maliciously entered. If it is, it may
2300             match an invalid GeneralName in a remote cert chain.
2301             Returns 0 on valid format, PS_FAILURE on invalid format of GeneralName
2302             */
2303 0           int32_t psX509ValidateGeneralName(const char *n)
2304             {
2305             const char *c;
2306             int atfound; /* Ampersand found */
2307             int notip; /* Not an ip address */
2308              
2309 0 0         if (n == NULL)
2310             {
2311 0           return 0;
2312             }
2313              
2314             /* Must be at least one character */
2315 0 0         if (*n == '\0')
2316             {
2317 0           return PS_FAILURE;
2318             }
2319              
2320 0           atfound = notip = 0;
2321 0 0         for (c = n; *c != '\0'; c++ )
2322             {
2323              
2324             /* Negative tests first in the loop */
2325             /* Can't have any combination of . and - and @ together */
2326 0 0         if (c != n)
2327             {
2328 0 0         if (*c == '.' && *(c - 1) == '.')
    0          
2329             {
2330 0           return PS_FAILURE;
2331             }
2332 0 0         if (*c == '.' && *(c - 1) == '-')
    0          
2333             {
2334 0           return PS_FAILURE;
2335             }
2336 0 0         if (*c == '.' && *(c - 1) == '@')
    0          
2337             {
2338 0           return PS_FAILURE;
2339             }
2340 0 0         if (*c == '-' && *(c - 1) == '.')
    0          
2341             {
2342 0           return PS_FAILURE;
2343             }
2344 0 0         if (*c == '-' && *(c - 1) == '-')
    0          
2345             {
2346 0           return PS_FAILURE;
2347             }
2348 0 0         if (*c == '-' && *(c - 1) == '@')
    0          
2349             {
2350 0           return PS_FAILURE;
2351             }
2352 0 0         if (*c == '@' && *(c - 1) == '.')
    0          
2353             {
2354 0           return PS_FAILURE;
2355             }
2356 0 0         if (*c == '@' && *(c - 1) == '-')
    0          
2357             {
2358 0           return PS_FAILURE;
2359             }
2360 0 0         if (*c == '@' && *(c - 1) == '@')
    0          
2361             {
2362 0           return PS_FAILURE;
2363             }
2364             }
2365              
2366             /* Note whether we have hit a non numeric name */
2367 0 0         if (*c != '.' && (*c < '0' || *c > '9'))
    0          
    0          
2368             {
2369 0           notip++;
2370             }
2371              
2372             /* Now positive tests */
2373             /* Cannot start or end with . or -, but can contain them */
2374 0 0         if (c != n && *(c + 1) != '\0' && (*c == '.' || *c == '-'))
    0          
    0          
    0          
2375             {
2376 0           continue;
2377             }
2378             /* Can contain at most one @ , and not at the start or end */
2379 0 0         if (*c == '@')
2380             {
2381 0           atfound++;
2382 0 0         if (c != n && *(c + 1) != '\0' && atfound == 1)
    0          
    0          
2383             {
2384 0           continue;
2385             }
2386             }
2387             /* Numbers allowed generally */
2388 0 0         if (*c >= '0' && *c <= '9')
    0          
2389             {
2390 0           continue;
2391             }
2392             /* Upper and lowercase characters allowed */
2393 0 0         if (*c >= 'A' && *c <= 'Z')
    0          
2394             {
2395 0           continue;
2396             }
2397 0 0         if (*c >= 'a' && *c <= 'z')
    0          
2398             {
2399 0           continue;
2400             }
2401              
2402             /* Everything else is a failure */
2403 0           return PS_FAILURE;
2404             }
2405             /* RFC 1034 states if it's not an IP, it can't start with a number,
2406             However, RFC 1123 updates this and does allow a number as the
2407             first character of a DNS name.
2408             See the X.509 RFC: http://tools.ietf.org/html/rfc5280#section-4.2.1.6 */
2409 0 0         if (atfound && (*n >= '0' && *n <= '9'))
    0          
    0          
2410             {
2411 0           return PS_FAILURE;
2412             }
2413              
2414             /* We could at this point store whether it is a DNS, Email or IP */
2415              
2416 0           return 0;
2417             }
2418              
2419             /******************************************************************************/
2420             /*
2421             Parses a sequence of GeneralName types*/
2422 183           static int32_t parseGeneralNames(psPool_t *pool, const unsigned char **buf,
2423             psSize_t len, const unsigned char *extEnd,
2424             x509GeneralName_t **name, int16_t limit)
2425             {
2426             psSize_t otherNameLen;
2427             const unsigned char *p, *c, *save, *end;
2428             x509GeneralName_t *activeName, *firstName, *prevName;
2429              
2430 183 100         if (*name == NULL)
2431             {
2432 128           firstName = NULL;
2433             }
2434             else
2435             {
2436 55           firstName = *name;
2437             }
2438 183           p = *buf;
2439 183           end = p + len;
2440              
2441             # define MIN_GENERALNAME_LEN 3 /* 1 tag, 1 length octet, 1 content octet.*/
2442 371 100         while (len > MIN_GENERALNAME_LEN)
2443             {
2444 188 100         if (firstName == NULL)
2445             {
2446 128           activeName = firstName = psMalloc(pool, sizeof(x509GeneralName_t));
2447 128 50         if (activeName == NULL)
2448             {
2449 0           return PS_MEM_FAIL;
2450             }
2451 128           memset(firstName, 0x0, sizeof(x509GeneralName_t));
2452 128           firstName->pool = pool;
2453 128           *name = firstName;
2454             }
2455             else
2456             {
2457             /*
2458             Find the end
2459             */
2460 60           prevName = firstName;
2461 60           activeName = firstName->next;
2462 165 100         while (activeName != NULL)
2463             {
2464 105           prevName = activeName;
2465 105           activeName = activeName->next;
2466             }
2467 60           prevName->next = psMalloc(pool, sizeof(x509GeneralName_t));
2468 60 50         if (prevName->next == NULL)
2469             {
2470 0           return PS_MEM_FAIL;
2471             }
2472 60           activeName = prevName->next;
2473 60           memset(activeName, 0x0, sizeof(x509GeneralName_t));
2474 60           activeName->pool = pool;
2475             }
2476 188           activeName->id = *p & 0xF;
2477 188           p++; len--;
2478 188           switch (activeName->id)
2479             {
2480             case GN_OTHER:
2481 0           strncpy((char *) activeName->name, "other",
2482             sizeof(activeName->name) - 1);
2483             /* OtherName ::= SEQUENCE {
2484             type-id OBJECT IDENTIFIER,
2485             value [0] EXPLICIT ANY DEFINED BY type-id }
2486             */
2487 0           save = p;
2488 0 0         if (getAsnLength(&p, (uint32) (extEnd - p), &otherNameLen) < 0 ||
    0          
2489 0 0         otherNameLen < 1 ||
2490 0           (uint32) (extEnd - p) < otherNameLen)
2491             {
2492             psTraceCrypto("ASN parse error SAN otherName\n");
2493 0           return PS_PARSE_FAIL;
2494             }
2495 0 0         if (*(p++) != ASN_OID
2496 0 0         || getAsnLength(&p, (int32) (extEnd - p), &activeName->oidLen) < 0
2497 0 0         || (uint32) (extEnd - p) < activeName->oidLen
2498 0 0         || activeName->oidLen > sizeof(activeName->oid))
2499             {
2500              
2501             psTraceCrypto("ASN parse error SAN otherName oid\n");
2502 0           return -1;
2503             }
2504             /* Note activeName->oidLen could be zero here */
2505 0           memcpy(activeName->oid, p, activeName->oidLen);
2506 0           p += activeName->oidLen;
2507             /* value looks like
2508             0xA0, , , ,
2509             We're supporting only string-type TYPE so just skipping it
2510             */
2511 0 0         if ((uint32) (extEnd - p) < 1 || *p != 0xA0)
    0          
2512             {
2513             psTraceCrypto("ASN parse error SAN otherName\n");
2514 0           return PS_PARSE_FAIL;
2515             }
2516 0           p++; /* Jump over A0 */
2517 0 0         if (getAsnLength(&p, (uint32) (extEnd - p), &otherNameLen) < 0 ||
    0          
2518 0 0         otherNameLen < 1 ||
2519 0           (uint32) (extEnd - p) < otherNameLen)
2520             {
2521             psTraceCrypto("ASN parse error SAN otherName value\n");
2522 0           return PS_PARSE_FAIL;
2523             }
2524 0 0         if ((uint32) (extEnd - p) < 1)
2525             {
2526             psTraceCrypto("ASN parse error SAN otherName len\n");
2527 0           return PS_PARSE_FAIL;
2528             }
2529             /* TODO - validate *p == STRING type? */
2530 0           p++; /* Jump over TYPE */
2531 0 0         if (len <= (p - save))
2532             {
2533             psTraceCrypto("ASN len error in parseGeneralNames\n");
2534 0           return PS_PARSE_FAIL;
2535             }
2536             else
2537             {
2538 0           len -= (p - save);
2539             }
2540 0           break;
2541             case GN_EMAIL:
2542 60           strncpy((char *) activeName->name, "email",
2543             sizeof(activeName->name) - 1);
2544 60           break;
2545             case GN_DNS:
2546 21           strncpy((char *) activeName->name, "DNS",
2547             sizeof(activeName->name) - 1);
2548 21           break;
2549             case GN_X400:
2550 0           strncpy((char *) activeName->name, "x400Address",
2551             sizeof(activeName->name) - 1);
2552 0           break;
2553             case GN_DIR:
2554 5           strncpy((char *) activeName->name, "directoryName",
2555             sizeof(activeName->name) - 1);
2556 5           break;
2557             case GN_EDI:
2558 0           strncpy((char *) activeName->name, "ediPartyName",
2559             sizeof(activeName->name) - 1);
2560 0           break;
2561             case GN_URI:
2562 102           strncpy((char *) activeName->name, "URI",
2563             sizeof(activeName->name) - 1);
2564 102           break;
2565             case GN_IP:
2566 0           strncpy((char *) activeName->name, "iPAddress",
2567             sizeof(activeName->name) - 1);
2568 0           break;
2569             case GN_REGID:
2570 0           strncpy((char *) activeName->name, "registeredID",
2571             sizeof(activeName->name) - 1);
2572 0           break;
2573             default:
2574 0           strncpy((char *) activeName->name, "unknown",
2575             sizeof(activeName->name) - 1);
2576 0           break;
2577             }
2578              
2579 188           save = p;
2580 188 50         if (getAsnLength(&p, (uint32) (extEnd - p), &activeName->dataLen) < 0 ||
    50          
2581 188 50         activeName->dataLen < 1 ||
2582 188           (uint32) (extEnd - p) < activeName->dataLen)
2583             {
2584             psTraceCrypto("ASN len error in parseGeneralNames\n");
2585 0           return PS_PARSE_FAIL;
2586             }
2587 188 50         if (len <= (p - save))
2588             {
2589             psTraceCrypto("ASN len error in parseGeneralNames\n");
2590 0           return PS_PARSE_FAIL;
2591             }
2592             else
2593             {
2594 188           len -= (p - save);
2595             }
2596 188 50         if (len < activeName->dataLen)
2597             {
2598             psTraceCrypto("ASN len error in parseGeneralNames\n");
2599 0           return PS_PARSE_FAIL;
2600             }
2601              
2602             /* Currently we validate that the IA5String fields are printable
2603             At a minimum, this prevents attacks with null terminators or
2604             invisible characters in the certificate.
2605             Additional validation of name format is done indirectly
2606             via byte comparison to the expected name in ValidateGeneralName
2607             or directly by the user in the certificate callback */
2608 188           switch (activeName->id)
2609             {
2610             case GN_EMAIL:
2611             case GN_DNS:
2612             case GN_URI:
2613 183           save = p + activeName->dataLen;
2614 7355 100         for (c = p; c < save; c++)
2615             {
2616 7172 50         if (*c < ' ' || *c > '~')
    50          
2617             {
2618             psTraceCrypto("ASN invalid GeneralName character\n");
2619 0           return PS_PARSE_FAIL;
2620             }
2621             }
2622 183           break;
2623             case GN_IP:
2624 0 0         if (activeName->dataLen < 4)
2625             {
2626             psTraceCrypto("Unknown GN_IP format\n");
2627 0           return PS_PARSE_FAIL;
2628             }
2629 0           break;
2630             default:
2631 5           break;
2632             }
2633              
2634 188           activeName->data = psMalloc(pool, activeName->dataLen + 1);
2635 188 50         if (activeName->data == NULL)
2636             {
2637 0           psError("Memory allocation error: activeName->data\n");
2638 0           return PS_MEM_FAIL;
2639             }
2640             /* This guarantees data is null terminated, even for non IA5Strings */
2641 188           memset(activeName->data, 0x0, activeName->dataLen + 1);
2642 188           memcpy(activeName->data, p, activeName->dataLen);
2643              
2644 188           p = p + activeName->dataLen;
2645 188           len -= activeName->dataLen;
2646              
2647 188 50         if (limit > 0)
2648             {
2649 0 0         if (--limit == 0)
2650             {
2651 0           *buf = end;
2652 0           return PS_SUCCESS;
2653             }
2654             }
2655             }
2656 183           *buf = p;
2657 183           return PS_SUCCESS;
2658             }
2659              
2660             /**
2661             Look up an OID in our known oid table.
2662             @param[in] oid Array of OID segments to look up in table.
2663             @param[in] oidlen Number of segments in 'oid'
2664             @return A valid OID enum on success, 0 on failure.
2665             */
2666 10735           static oid_e psFindOid(const uint32_t oid[MAX_OID_LEN], uint8_t oidlen)
2667             {
2668             int i, j;
2669              
2670 10735 50         psAssert(oidlen <= MAX_OID_LEN);
2671 89414 100         for (j = 0; oid_list[j].id != 0; j++)
2672             {
2673 242152 50         for (i = 0; i < oidlen; i++)
2674             {
2675 242152 100         if ((uint16_t) (oid[i] & 0xFFFF) != oid_list[j].oid[i])
2676             {
2677 78679           break;
2678             }
2679 163473 100         if ((i + 1) == oidlen)
2680             {
2681 9230           return oid_list[j].id;
2682             }
2683             }
2684             }
2685 1505           return 0;
2686             }
2687              
2688             # ifdef USE_CRYPTO_TRACE
2689             /**
2690             Print an OID in dot notation, with it's symbolic name, if found.
2691             @param[in] oid Array of OID segments print.
2692             @param[in] oidlen Number of segments in 'oid'
2693             @return void
2694             */
2695             static void psTraceOid(uint32_t oid[MAX_OID_LEN], uint8_t oidlen)
2696             {
2697             int i, j, found;
2698              
2699             for (i = 0; i < oidlen; i++)
2700             {
2701             if ((i + 1) < oidlen)
2702             {
2703             psTraceIntCrypto("%u.", oid[i]);
2704             }
2705             else
2706             {
2707             psTraceIntCrypto("%u", oid[i]);
2708             }
2709             }
2710             found = 0;
2711             for (j = 0; oid_list[j].oid[0] != 0 && !found; j++)
2712             {
2713             for (i = 0; i < oidlen; i++)
2714             {
2715             if ((uint8_t) (oid[i] & 0xFF) != oid_list[j].oid[i])
2716             {
2717             break;
2718             }
2719             if ((i + 1) == oidlen)
2720             {
2721             psTraceStrCrypto(" (%s)", oid_list[j].name);
2722             found++;
2723             }
2724             }
2725             }
2726             psTraceCrypto("\n");
2727             }
2728             # else
2729             # define psTraceOid(A, B)
2730             # endif
2731              
2732             /******************************************************************************/
2733             /*
2734             X509v3 extensions
2735             */
2736              
2737             # ifdef USE_FULL_CERT_PARSE
2738             static
2739 111           int32_t parsePolicyQualifierInfo(psPool_t *pool,
2740             const unsigned char *p,
2741             const unsigned char *extEnd,
2742             psSize_t fullExtLen,
2743             x509PolicyQualifierInfo_t *qualInfo,
2744             psSize_t *qual_info_len)
2745             {
2746 111           uint32_t oid[MAX_OID_LEN] = { 0 };
2747             uint8_t oidlen;
2748             oid_e noid;
2749             psSize_t len;
2750             const unsigned char *qualifierStart, *qualifierEnd;
2751             const unsigned char *noticeNumbersEnd;
2752             int i;
2753             int32_t noticeNumber;
2754              
2755 111           qualifierStart = p;
2756              
2757             /* Parse a PolicyQualifierInfo. */
2758 111 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
2759             {
2760             psTraceCrypto("Error parsing certificatePolicies extension\n");
2761 0           return PS_PARSE_FAIL;
2762             }
2763 111           *qual_info_len = len + (p - qualifierStart);
2764 111           qualifierEnd = qualifierStart + *qual_info_len;
2765              
2766             /* Parse policyQualifierId. */
2767 111 50         if (len < 1 || *p++ != ASN_OID)
    50          
2768             {
2769             psTraceCrypto("Malformed policy qualifier header\n");
2770 0           return PS_PARSE_FAIL;
2771             }
2772 111 50         if (getAsnLength(&p, fullExtLen, &len) < 0 ||
    50          
2773 111           fullExtLen < len)
2774             {
2775             psTraceCrypto("Malformed extension length\n");
2776 0           return PS_PARSE_FAIL;
2777             }
2778 111 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
2779             {
2780             psTraceCrypto("Malformed extension OID\n");
2781 0           return PS_PARSE_FAIL;
2782             }
2783             /* PolicyQualifierId ::= OBJECT IDENTIFIER ( id-qt-cps | id-qt-unotice )*/
2784 111           noid = psFindOid(oid, oidlen);
2785 111           p += len;
2786 111 100         if (noid == oid_id_qt_cps)
2787             {
2788 81 50         if (*p++ != ASN_IA5STRING)
2789             {
2790             psTraceCrypto("Malformed extension OID\n");
2791 0           return PS_PARSE_FAIL;
2792             }
2793 81 50         if (getAsnLength(&p, fullExtLen, &len) < 0 ||
    50          
2794 81           fullExtLen < len)
2795             {
2796             psTraceCrypto("Malformed extension length\n");
2797 0           return PS_PARSE_FAIL;
2798             }
2799 81           qualInfo->cps = psMalloc(pool, len + 1);
2800 81           qualInfo->cpsLen = len;
2801 81           memcpy(qualInfo->cps,
2802             p, len);
2803 81           qualInfo->cps[len] = 0; /* Store as C string. */
2804 81           p += len;
2805             }
2806 30 50         else if (noid == oid_id_qt_unotice)
2807             {
2808              
2809             /* UserNotice ::= SEQUENCE {
2810             noticeRef NoticeReference OPTIONAL,
2811             explicitText DisplayText OPTIONAL } */
2812 30 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
2813             {
2814             psTraceCrypto("Error parsing certificatePolicies extension\n");
2815 0           return PS_PARSE_FAIL;
2816             }
2817 30 50         if (len == 0 || p >= qualifierEnd)
    50          
2818             {
2819             /* No optional noticeRef or explicitText.
2820             Nothing left to parse. */
2821 0           return PS_SUCCESS;
2822             }
2823 30 50         if (*p == (ASN_SEQUENCE | ASN_CONSTRUCTED))
2824             {
2825             /* NoticeReference ::= SEQUENCE {
2826             organization DisplayText,
2827             noticeNumbers SEQUENCE OF INTEGER } */
2828 0 0         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
2829             {
2830             psTraceCrypto("Error parsing certificatePolicies extension\n");
2831 0           return PS_PARSE_FAIL;
2832             }
2833             /* Parse explicitText. */
2834 0 0         if (*p != ASN_UTF8STRING &&
    0          
2835 0 0         *p != ASN_VISIBLE_STRING &&
2836 0 0         *p != ASN_BMPSTRING &&
2837 0           *p != ASN_IA5STRING)
2838             {
2839             psTraceCrypto("Error parsing certificatePolicies extension."
2840             "Only UTF8String, IA5String, BMPString and "
2841             "VisibleString are supported in NoticeReferences.\n");
2842 0           return PS_PARSE_FAIL;
2843             }
2844 0           qualInfo->unoticeOrganizationEncoding = *p;
2845 0           p++;
2846             /* Parse organization. */
2847 0 0         if (getAsnLength(&p, fullExtLen, &len) < 0 ||
    0          
2848 0           fullExtLen < len)
2849             {
2850             psTraceCrypto("Malformed extension length\n");
2851 0           return PS_PARSE_FAIL;
2852             }
2853 0           qualInfo->unoticeOrganization = psMalloc(pool, len + 1);
2854 0 0         if (qualInfo->unoticeOrganization == NULL)
2855             {
2856 0           return PS_MEM_FAIL;
2857             }
2858 0           qualInfo->unoticeOrganizationLen = len;
2859 0           memcpy(qualInfo->unoticeOrganization, p, len);
2860 0           qualInfo->unoticeOrganization[len] = 0; /* Store as C string. */
2861 0           p += len;
2862             /* Parse noticeNumbers. */
2863 0 0         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
2864             {
2865             psTraceCrypto("Error parsing certificatePolicies extension\n");
2866 0           return PS_PARSE_FAIL;
2867             }
2868 0           noticeNumbersEnd = p + len;
2869 0           i = 0;
2870 0 0         while (p != noticeNumbersEnd)
2871             {
2872 0 0         if (i == MAX_UNOTICE_NUMBERS)
2873             {
2874             psTraceCrypto("Too many UserNoticeNumbers.\n");
2875 0           return PS_PARSE_FAIL;
2876             }
2877 0 0         if (getAsnInteger(&p, len, ¬iceNumber) < 0)
2878             {
2879             psTraceCrypto("Malformed extension length\n");
2880 0           return PS_PARSE_FAIL;
2881             }
2882 0           qualInfo->unoticeNumbers[i] = noticeNumber;
2883 0           i++;
2884             }
2885 0           qualInfo->unoticeNumbersLen = i;
2886             }
2887 30 50         if (p >= qualifierEnd)
2888             {
2889             /* The UserNotice contained noticeRef, but not explicitText. */
2890 0           return PS_SUCCESS;
2891             }
2892             /* Parse explicitText. */
2893 30 50         if (*p != ASN_UTF8STRING &&
    100          
2894 10 50         *p != ASN_VISIBLE_STRING &&
2895 0 0         *p != ASN_BMPSTRING &&
2896 0           *p != ASN_IA5STRING)
2897             {
2898             psTraceCrypto("Error parsing certificatePolicies extension."
2899             "Only UTF8String, IA5String, BMPString and "
2900             "VisibleString are supported in explicitText.\n");
2901 0           return PS_PARSE_FAIL;
2902             }
2903 30           qualInfo->unoticeExplicitTextEncoding = *p;
2904 30           p++;
2905 30 50         if (getAsnLength(&p, fullExtLen, &len) < 0 ||
    50          
2906 30           fullExtLen < len)
2907             {
2908             psTraceCrypto("Malformed extension length\n");
2909 0           return PS_PARSE_FAIL;
2910             }
2911 30           qualInfo->unoticeExplicitText = psMalloc(pool, len + 1);
2912 30 50         if (qualInfo->unoticeExplicitText == NULL)
2913             {
2914 0           return PS_MEM_FAIL;
2915             }
2916 30           qualInfo->unoticeExplicitTextLen = len;
2917 30           memcpy(qualInfo->unoticeExplicitText, p, len);
2918 30           qualInfo->unoticeExplicitText[len] = 0; /* Store as C string. */
2919 30           p += len;
2920             }
2921             else
2922             {
2923             psTraceCrypto("Unsupported policyQualifierId\n");
2924 0           return PS_PARSE_FAIL;
2925             }
2926              
2927 111           return PS_SUCCESS;
2928             }
2929              
2930             static
2931 88           int32_t parsePolicyInformation(psPool_t *pool,
2932             const unsigned char *p,
2933             const unsigned char *extEnd,
2934             psSize_t fullExtLen,
2935             x509PolicyInformation_t *polInfo,
2936             psSize_t *pol_info_len)
2937             {
2938 88           uint32_t oid[MAX_OID_LEN] = { 0 };
2939             uint8_t oidlen;
2940             psSize_t len;
2941             const unsigned char *qualifierEnd;
2942             const unsigned char *polInfoStart, *polInfoEnd;
2943             x509PolicyQualifierInfo_t *qualInfo;
2944             psSize_t qualInfoLen;
2945             int i;
2946              
2947 88           polInfoStart = p;
2948              
2949             /*
2950             PolicyInformation ::= SEQUENCE {
2951             policyIdentifier CertPolicyId,
2952             policyQualifiers SEQUENCE SIZE (1..MAX) OF
2953             PolicyQualifierInfo OPTIONAL }
2954             */
2955              
2956 88 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
2957             {
2958             psTraceCrypto("Error parsing certificatePolicies extension\n");
2959 0           return PS_PARSE_FAIL;
2960             }
2961 88           *pol_info_len = len + (p - polInfoStart);
2962 88           polInfoEnd = polInfoStart + *pol_info_len;
2963              
2964             /* Parse CertPolicyId. */
2965 88 50         if (*p++ != ASN_OID)
2966             {
2967             psTraceCrypto("Malformed extension header\n");
2968 0           return PS_PARSE_FAIL;
2969             }
2970 88 50         if (getAsnLength(&p, fullExtLen, &len) < 0 ||
    50          
2971 88           fullExtLen < len)
2972             {
2973             psTraceCrypto("Malformed extension length\n");
2974 0           return PS_PARSE_FAIL;
2975             }
2976 88 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
2977             {
2978             psTraceCrypto("Malformed extension OID\n");
2979 0           return PS_PARSE_FAIL;
2980             }
2981 88           p += len;
2982 88 50         if (oidlen == 0 || oidlen > MAX_OID_LEN)
    50          
2983             {
2984             psTraceCrypto("Malformed extension OID\n");
2985 0           return PS_PARSE_FAIL;
2986             }
2987              
2988             /* Store the policy ID. */
2989 88           polInfo->policyOid = psMalloc(pool, oidlen * sizeof(uint32_t));
2990 88 50         if (polInfo->policyOid == NULL)
2991             {
2992 0           return PS_MEM_FAIL;
2993             }
2994 755 100         for (i = 0; i < oidlen; i++)
2995             {
2996 667           polInfo->policyOid[i] = oid[i];
2997             }
2998 88           polInfo->policyOidLen = oidlen;
2999              
3000 88 100         if ((p >= polInfoEnd) ||
    50          
3001 81           (*p != (ASN_SEQUENCE | ASN_CONSTRUCTED)))
3002             {
3003             /* No optional PolicyQualifierInfos. */
3004 7           return PS_SUCCESS;
3005             }
3006              
3007             /* Parse policyQualifiers := SEQUENCE SIZE (1..MAX) OF
3008             PolicyQualifierInfo OPTIONAL*/
3009 81 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3010             {
3011             psTraceCrypto("Error parsing certificatePolicies extension\n");
3012 0           return PS_PARSE_FAIL;
3013             }
3014 81           qualifierEnd = p + len;
3015              
3016 81           polInfo->qualifiers = psMalloc(pool, sizeof(x509PolicyQualifierInfo_t));
3017 81 50         if (polInfo->qualifiers == NULL)
3018             {
3019 0           return PS_MEM_FAIL;
3020             }
3021 81           memset(polInfo->qualifiers, 0, sizeof(x509PolicyQualifierInfo_t));
3022 81           qualInfo = polInfo->qualifiers;
3023              
3024             /* Parse initial PolicyQualifierInfo. */
3025 81 50         if (parsePolicyQualifierInfo(pool,
3026             p,
3027             extEnd,
3028             fullExtLen,
3029             qualInfo,
3030             &qualInfoLen) < 0)
3031             {
3032 0           return PS_PARSE_FAIL;
3033             }
3034 81           p += qualInfoLen;
3035              
3036             /* More PolicyQualifierInfos? */
3037 111 100         while ((p < qualifierEnd)
3038 30 50         && (p < extEnd)
3039 30 50         && (*p == (ASN_SEQUENCE | ASN_CONSTRUCTED)))
3040             {
3041 30           qualInfo->next = psMalloc(pool, sizeof(x509PolicyQualifierInfo_t));
3042 30 50         if (qualInfo->next == NULL)
3043             {
3044 0           return PS_MEM_FAIL;
3045             }
3046 30           memset(qualInfo->next, 0, sizeof(x509PolicyQualifierInfo_t));
3047 30           qualInfo = qualInfo->next;
3048              
3049 30 50         if (parsePolicyQualifierInfo(pool,
3050             p,
3051             extEnd,
3052             fullExtLen,
3053             qualInfo,
3054             &qualInfoLen) < 0)
3055             {
3056 0           return PS_PARSE_FAIL;
3057             }
3058 30           p += qualInfoLen;
3059             }
3060              
3061 88           return PS_SUCCESS;
3062             }
3063              
3064             static
3065 0           int32_t parsePolicyConstraints(psPool_t *pool,
3066             const unsigned char *p,
3067             const unsigned char *extEnd,
3068             x509policyConstraints_t *policyConstraints,
3069             psSize_t *polConstraintsLen)
3070             {
3071             psSize_t len;
3072             const unsigned char *polConstraintsStart, *polConstraintsEnd;
3073             unsigned char tag;
3074 0           int num_ints = 0;
3075              
3076             /*
3077             PolicyConstraints ::= SEQUENCE {
3078             requireExplicitPolicy [0] SkipCerts OPTIONAL,
3079             inhibitPolicyMapping [1] SkipCerts OPTIONAL }
3080              
3081             SkipCerts ::= INTEGER (0..MAX)
3082             */
3083              
3084 0           polConstraintsStart = p;
3085              
3086 0 0         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3087             {
3088             psTraceCrypto("Error parsing policyConstraints extension\n");
3089 0           return PS_PARSE_FAIL;
3090             }
3091 0           polConstraintsEnd = p + len;
3092 0           *polConstraintsLen = (polConstraintsEnd - polConstraintsStart);
3093              
3094 0 0         if (len == 0)
3095             {
3096             /* Empty PolicyConstraints. This is allowed by RFC 5280:
3097             "The behavior of clients that encounter an empty policy
3098             constraints field is not addressed in this profile.*/
3099 0           return PS_SUCCESS;
3100             }
3101              
3102             /* Parse up to 2 SkipCerts INTEGERS with context-specific tags 0 and 1. */
3103 0 0         while ( num_ints < 2 && (*p == ASN_CONTEXT_SPECIFIC ||
    0          
    0          
3104 0           *p == (ASN_CONTEXT_SPECIFIC + 1)) )
3105             {
3106 0           tag = *p++;
3107 0 0         if (getAsnLength(&p, (uint32) (polConstraintsEnd - p), &len) < 0 ||
    0          
3108 0           (uint32) (polConstraintsEnd - p) < len)
3109             {
3110             psTraceCrypto("getAsnLength failure in policyConstraints parsing\n");
3111 0           return PS_PARSE_FAIL;
3112             }
3113             /* We only accept single-octet SkipCerts values. Should be enough
3114             for all reasonable applications. */
3115 0 0         if (len != 1)
3116             {
3117             psTraceCrypto("Too large SkipCerts value in PolicyConstraints.\n");
3118 0           return PS_PARSE_FAIL;
3119             }
3120 0 0         if (tag == ASN_CONTEXT_SPECIFIC)
3121             {
3122 0           policyConstraints->requireExplicitPolicy = (int32_t) *p;
3123             }
3124             else
3125             {
3126 0           policyConstraints->inhibitPolicyMappings = (int32_t) *p;
3127             }
3128 0           p += len;
3129 0           ++num_ints;
3130             }
3131              
3132 0 0         if (p != polConstraintsEnd)
3133             {
3134             psTraceCrypto("Error parsing policyConstraints extension\n");
3135 0           return PS_PARSE_FAIL;
3136             }
3137              
3138 0           return PS_SUCCESS;
3139             }
3140              
3141             static
3142 5           int32_t parsePolicyMappings(psPool_t *pool,
3143             const unsigned char *p,
3144             const unsigned char *extEnd,
3145             x509policyMappings_t *policyMappings,
3146             psSize_t *polMappingsLen)
3147             {
3148 5           uint32_t oid[MAX_OID_LEN] = { 0 };
3149             psSize_t len, oidlen;
3150             const unsigned char *polMappingsStart, *polMappingsEnd;
3151             x509policyMappings_t *pol_map;
3152             int i;
3153 5           int num_mappings = 0;
3154              
3155             /*
3156             PolicyMappings ::= SEQUENCE SIZE (1..MAX) OF SEQUENCE {
3157             issuerDomainPolicy CertPolicyId,
3158             subjectDomainPolicy CertPolicyId }
3159             */
3160              
3161 5           polMappingsStart = p;
3162              
3163 5 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3164             {
3165             psTraceCrypto("Error parsing policyMappings extension\n");
3166 0           return PS_PARSE_FAIL;
3167             }
3168 5           polMappingsEnd = p + len;
3169 5           *polMappingsLen = (polMappingsEnd - polMappingsStart);
3170              
3171 5           pol_map = policyMappings;
3172 10 100         while (p < polMappingsEnd &&
    50          
3173 5           *p == (ASN_SEQUENCE | ASN_CONSTRUCTED))
3174             {
3175              
3176 5 50         if (num_mappings > 0)
3177             {
3178 0           pol_map->next = psMalloc(pool, sizeof(x509policyMappings_t));
3179 0 0         if (pol_map->next == NULL)
3180             {
3181 0           return PS_MEM_FAIL;
3182             }
3183 0           memset(pol_map->next, 0, sizeof(x509policyMappings_t));
3184 0           pol_map = pol_map->next;
3185             }
3186              
3187 5 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3188             {
3189             psTraceCrypto("Error parsing policyMappings extension\n");
3190 0           return PS_PARSE_FAIL;
3191             }
3192              
3193             /* Parse issuerDomainPolicy OID. */
3194 5 50         if (*p++ != ASN_OID)
3195             {
3196             psTraceCrypto("Malformed extension header\n");
3197 0           return PS_PARSE_FAIL;
3198             }
3199              
3200 5 50         if (getAsnLength(&p, (uint32) (polMappingsEnd - p), &len) < 0 ||
    50          
3201 5           (uint32) (polMappingsEnd - p) < len)
3202             {
3203             psTraceCrypto("getAsnLength failure in policyMappings parsing\n");
3204 0           return PS_PARSE_FAIL;
3205             }
3206 5           memset(oid, 0, sizeof(oid));
3207 5 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
3208             {
3209             psTraceCrypto("Malformed extension OID\n");
3210 0           return PS_PARSE_FAIL;
3211             }
3212 5           p += len;
3213              
3214 5           pol_map->issuerDomainPolicy = psMalloc(pool,
3215             oidlen * sizeof(uint32_t));
3216 5           memset(pol_map->issuerDomainPolicy, 0, oidlen * sizeof(uint32_t));
3217              
3218 40 100         for (i = 0; i < oidlen; i++)
3219             {
3220 35           pol_map->issuerDomainPolicy[i] = oid[i];
3221             }
3222 5           pol_map->issuerDomainPolicyLen = oidlen;
3223              
3224             /* Parse subjectDomainPolicy OID. */
3225 5 50         if (*p++ != ASN_OID)
3226             {
3227             psTraceCrypto("Malformed extension header\n");
3228 0           return PS_PARSE_FAIL;
3229             }
3230              
3231 5 50         if (getAsnLength(&p, (uint32) (polMappingsEnd - p), &len) < 0 ||
    50          
3232 5           (uint32) (polMappingsEnd - p) < len)
3233             {
3234             psTraceCrypto("getAsnLength failure in policyMappings parsing\n");
3235 0           return PS_PARSE_FAIL;
3236             }
3237 5           memset(oid, 0, sizeof(oid));
3238 5 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
3239             {
3240             psTraceCrypto("Malformed extension OID\n");
3241 0           return PS_PARSE_FAIL;
3242             }
3243 5           p += len;
3244              
3245 5           pol_map->subjectDomainPolicy = psMalloc(pool,
3246             oidlen * sizeof(uint32_t));
3247 5           memset(pol_map->subjectDomainPolicy, 0, oidlen * sizeof(uint32_t));
3248              
3249 40 100         for (i = 0; i < oidlen; i++)
3250             {
3251 35           pol_map->subjectDomainPolicy[i] = oid[i];
3252             }
3253 5           pol_map->subjectDomainPolicyLen = oidlen;
3254              
3255 5           ++num_mappings;
3256             }
3257              
3258 5 50         if (p != polMappingsEnd)
3259             {
3260             psTraceCrypto("Error parsing policyMappings extension\n");
3261 0           return PS_PARSE_FAIL;
3262             }
3263              
3264 5           return PS_SUCCESS;
3265             }
3266              
3267             static
3268 12           int32_t parseAuthorityInfoAccess(psPool_t *pool,
3269             const unsigned char *p,
3270             const unsigned char *extEnd,
3271             x509authorityInfoAccess_t **authInfo,
3272             psSize_t *authInfoLen)
3273             {
3274             psSize_t len, oidlen, adLen;
3275             const unsigned char *authInfoStart, *authInfoEnd;
3276             x509authorityInfoAccess_t *pAuthInfo;
3277 12           uint32_t oid[MAX_OID_LEN] = { 0 };
3278             oid_e noid;
3279 12           int first_entry = 0;
3280              
3281 12           authInfoStart = p;
3282             /*
3283              
3284             id-pe-authorityInfoAccess OBJECT IDENTIFIER ::= { id-pe 1 }
3285              
3286             AuthorityInfoAccessSyntax ::=
3287             SEQUENCE SIZE (1..MAX) OF AccessDescription
3288              
3289             AccessDescription ::= SEQUENCE {
3290             accessMethod OBJECT IDENTIFIER,
3291             accessLocation GeneralName }
3292              
3293             id-ad OBJECT IDENTIFIER ::= { id-pkix 48 }
3294              
3295             id-ad-caIssuers OBJECT IDENTIFIER ::= { id-ad 2 }
3296              
3297             id-ad-ocsp OBJECT IDENTIFIER ::= { id-ad 1 }
3298             */
3299              
3300             /* AuthorityInfoAccessSyntax. */
3301 12 50         if (getAsnSequence(&p, (int32) (extEnd - p), &len) < 0)
3302             {
3303             psTraceCrypto("Error parsing authKeyId extension\n");
3304 0           return PS_PARSE_FAIL;
3305             }
3306              
3307 12           authInfoEnd = p + len;
3308 12           *authInfoLen = (authInfoEnd - authInfoStart);
3309              
3310 12 50         if (*authInfo == NULL)
3311             {
3312 12           *authInfo = psMalloc(pool, sizeof(x509authorityInfoAccess_t));
3313 12 50         if (*authInfo == NULL)
3314             {
3315 0           return PS_MEM_FAIL;
3316             }
3317 12           memset(*authInfo, 0, sizeof(x509authorityInfoAccess_t));
3318 12           first_entry = 1;
3319             }
3320              
3321 12           pAuthInfo = *authInfo;
3322              
3323 30 100         while (p < authInfoEnd &&
    50          
3324 18           *p == (ASN_SEQUENCE | ASN_CONSTRUCTED))
3325             {
3326              
3327             /* Find the end of the list. */
3328 18 50         while (pAuthInfo->next != NULL)
3329             {
3330 0           pAuthInfo = pAuthInfo->next;
3331             }
3332 18 100         if (!first_entry)
3333             {
3334             /* Malloc space for a new entry. */
3335 6           pAuthInfo->next = psMalloc(pool,
3336             sizeof(x509authorityInfoAccess_t));
3337 6 50         if (pAuthInfo->next == NULL)
3338             {
3339 0           return PS_MEM_FAIL;
3340             }
3341 6           memset(pAuthInfo->next, 0,
3342             sizeof(x509authorityInfoAccess_t));
3343 6           pAuthInfo = pAuthInfo->next;
3344             }
3345             else
3346             {
3347 12           first_entry = 0;
3348             }
3349              
3350             /* AccessDescription. */
3351 18 50         if (getAsnSequence(&p, (int32) (extEnd - p), &adLen) < 0)
3352             {
3353             psTraceCrypto("Error parsing authKeyId extension\n");
3354 0           return PS_PARSE_FAIL;
3355             }
3356             /* accessMethod. */
3357 18 50         if (*p++ != ASN_OID)
3358             {
3359             psTraceCrypto("Malformed extension header\n");
3360 0           return PS_PARSE_FAIL;
3361             }
3362 18 50         if (getAsnLength(&p, (uint32) (authInfoEnd - p), &len) < 0 ||
    50          
3363 18           (uint32) (authInfoEnd - p) < len)
3364             {
3365             psTraceCrypto("getAsnLength failure in authInfo parsing\n");
3366 0           return PS_PARSE_FAIL;
3367             }
3368 18           memset(oid, 0, sizeof(oid));
3369 18 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
3370             {
3371             psTraceCrypto("Malformed extension OID\n");
3372 0           return PS_PARSE_FAIL;
3373             }
3374 18           noid = psFindOid(oid, oidlen);
3375 18           p += len;
3376 18 100         if (noid != oid_id_ad_caIssuers &&
    50          
3377             noid != oid_id_ad_ocsp)
3378             {
3379             psTraceCrypto("Unsupported AccessDescription: "
3380             "only oid_ad_caIssuers and id_ad_ocsp "
3381             "are supported. \n");
3382 0           return PS_PARSE_FAIL;
3383             }
3384             /* accessLocation. */
3385 18 50         switch (*p++)
3386             {
3387             case (ASN_CONTEXT_SPECIFIC + 6):
3388             /* uniformResourceIdentifier [6] IA5String. */
3389 18 50         if (getAsnLength(&p, (uint32) (authInfoEnd - p), &len) < 0 ||
    50          
3390 18           (uint32) (authInfoEnd - p) < len)
3391             {
3392             psTraceCrypto("getAsnLength failure in authInfo parsing\n");
3393 0           return PS_PARSE_FAIL;
3394             }
3395 18 100         if (noid == oid_id_ad_ocsp)
3396             {
3397 12           pAuthInfo->ocsp = psMalloc(pool, len);
3398 12 50         if (pAuthInfo->ocsp == NULL)
3399             {
3400 0           return PS_MEM_FAIL;
3401             }
3402 12           memcpy(pAuthInfo->ocsp, p, len);
3403 12           pAuthInfo->ocspLen = len;
3404 12           p += len;
3405             }
3406             else /* oid_id_ad_caIssuers */
3407             {
3408 6           pAuthInfo->caIssuers = psMalloc(pool, len);
3409 6 50         if (pAuthInfo->caIssuers == NULL)
3410             {
3411 0           return PS_MEM_FAIL;
3412             }
3413 6           memcpy(pAuthInfo->caIssuers, p, len);
3414 6           pAuthInfo->caIssuersLen = len;
3415 6           p += len;
3416             }
3417 18           break;
3418             default:
3419             psTraceCrypto("Unsupported string type in AUTH_INFO ACC "
3420             "(only uniformResourceIdenfitier is "
3421             "supported). \n");
3422 0           return PS_PARSE_FAIL;
3423             }
3424             } /* Next AccessDescription, if any. */
3425              
3426 12           return PS_SUCCESS;
3427             }
3428             # endif /* USE_FULL_CERT_PARSE */
3429              
3430 2879           int32_t getExplicitExtensions(psPool_t *pool, const unsigned char **pp,
3431             psSize_t inlen, int32_t expVal,
3432             x509v3extensions_t *extensions, uint8_t known)
3433             {
3434 2879           const unsigned char *p = *pp, *end;
3435             const unsigned char *extEnd, *extStart, *save;
3436             unsigned char critical;
3437             psSize_t len, fullExtLen;
3438             uint32_t oid[MAX_OID_LEN];
3439             uint8_t oidlen;
3440             oid_e noid;
3441              
3442             # ifdef USE_FULL_CERT_PARSE
3443             psSize_t subExtLen;
3444             const unsigned char *subSave;
3445 2879           int32_t nc = 0;
3446             x509PolicyInformation_t *pPolicy;
3447             const unsigned char *policiesEnd;
3448             # endif /* USE_FULL_CERT_PARSE */
3449              
3450 2879           end = p + inlen;
3451 2879 50         if (inlen < 1)
3452             {
3453 0           return PS_ARG_FAIL;
3454             }
3455 2879           extensions->pool = pool;
3456 2879           extensions->bc.cA = CA_UNDEFINED;
3457              
3458 2879 50         if (known)
3459             {
3460 0           goto KNOWN_EXT;
3461             }
3462             /*
3463             Not treating this as an error because it is optional.
3464             */
3465 2879 50         if (*p != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | expVal))
3466             {
3467 0           return 0;
3468             }
3469 2879           p++;
3470 2879 50         if (getAsnLength(&p, (uint32) (end - p), &len) < 0 ||
    50          
3471 2879           (uint32) (end - p) < len)
3472             {
3473             psTraceCrypto("Initial getAsnLength failure in extension parse\n");
3474 0           return PS_PARSE_FAIL;
3475             }
3476             KNOWN_EXT:
3477             /*
3478             Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
3479              
3480             Extension ::= SEQUENCE {
3481             extnID OBJECT IDENTIFIER,
3482             extnValue OCTET STRING }
3483             */
3484 2879 50         if (getAsnSequence(&p, (uint32) (end - p), &len) < 0 ||
    50          
3485 2879           (uint32) (end - p) < len)
3486             {
3487             psTraceCrypto("Initial getAsnSequence failure in extension parse\n");
3488 0           return PS_PARSE_FAIL;
3489             }
3490 2879           extEnd = p + len;
3491 13442 100         while ((p != extEnd) && *p == (ASN_SEQUENCE | ASN_CONSTRUCTED))
    50          
3492             {
3493 10563 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &fullExtLen) < 0)
3494             {
3495             psTraceCrypto("getAsnSequence failure in extension parse\n");
3496 0           return PS_PARSE_FAIL;
3497             }
3498 10563           extStart = p;
3499             /*
3500             Conforming CAs MUST support key identifiers, basic constraints,
3501             key usage, and certificate policies extensions
3502             */
3503 10563 50         if (extEnd - p < 1 || *p++ != ASN_OID)
    50          
3504             {
3505             psTraceCrypto("Malformed extension header\n");
3506 0           return PS_PARSE_FAIL;
3507             }
3508 10563 50         if (getAsnLength(&p, (uint32) (extEnd - p), &len) < 0 ||
    50          
3509 10563           (uint32) (extEnd - p) < len)
3510             {
3511             psTraceCrypto("Malformed extension length\n");
3512 0           return PS_PARSE_FAIL;
3513             }
3514 10563 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
3515             {
3516             psTraceCrypto("Malformed extension OID\n");
3517 0           return PS_PARSE_FAIL;
3518             }
3519 10563           noid = psFindOid(oid, oidlen);
3520 10563           p += len;
3521             /*
3522             Possible boolean value here for 'critical' id. It's a failure if a
3523             critical extension is found that is not supported
3524             */
3525 10563           critical = 0;
3526 10563 50         if (extEnd - p < 1)
3527             {
3528             psTraceCrypto("Malformed extension length\n");
3529 0           return PS_PARSE_FAIL;
3530             }
3531 10563 100         if (*p == ASN_BOOLEAN)
3532             {
3533 1314           p++;
3534 1314 50         if (extEnd - p < 2)
3535             {
3536             psTraceCrypto("Error parsing critical id len for cert extension\n");
3537 0           return PS_PARSE_FAIL;
3538             }
3539 1314 50         if (*p != 1)
3540             {
3541             psTraceCrypto("Error parsing critical id for cert extension\n");
3542 0           return PS_PARSE_FAIL;
3543             }
3544 1314           p++;
3545 1314 50         if (*p > 0)
3546             {
3547             /* Officially DER TRUE must be 0xFF, openssl is more lax */
3548 1314           if (*p != 0xFF)
3549             {
3550             psTraceCrypto("Warning: DER BOOLEAN TRUE should be 0xFF\n");
3551             }
3552 1314           critical = 1;
3553             }
3554 1314           p++;
3555             }
3556 21126 50         if (extEnd - p < 1 || (*p++ != ASN_OCTET_STRING) ||
3557 21126 50         getAsnLength(&p, (uint32) (extEnd - p), &len) < 0 ||
3558 10563           (uint32) (extEnd - p) < len)
3559             {
3560             psTraceCrypto("Expecting OCTET STRING in ext parse\n");
3561 0           return PS_PARSE_FAIL;
3562             }
3563              
3564             /* Set bits 1..9 to indicate criticality of known extensions */
3565 10563 100         if (critical)
3566             {
3567 1314           extensions->critFlags |= EXT_CRIT_FLAG(noid);
3568             }
3569              
3570 10563           switch (noid)
3571             {
3572             /*
3573             BasicConstraints ::= SEQUENCE {
3574             cA BOOLEAN DEFAULT FALSE,
3575             pathLenConstraint INTEGER (0..MAX) OPTIONAL }
3576             */
3577             case OID_ENUM(id_ce_basicConstraints):
3578 2879 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3579             {
3580             psTraceCrypto("Error parsing BasicConstraints extension\n");
3581 0           return PS_PARSE_FAIL;
3582             }
3583             /*
3584             "This goes against PKIX guidelines but some CAs do it and some
3585             software requires this to avoid interpreting an end user
3586             certificate as a CA."
3587             - OpenSSL certificate configuration doc
3588              
3589             basicConstraints=CA:FALSE
3590             */
3591 2879 100         if (len == 0)
3592             {
3593 1405           extensions->bc.cA = CA_FALSE;
3594 1405           break;
3595             }
3596             /*
3597             Have seen some certs that don't include a cA bool.
3598             */
3599 1474 50         if (*p == ASN_BOOLEAN)
3600             {
3601 1474 50         if (extEnd - p < 3)
3602             {
3603             psTraceCrypto("Error parsing BC extension\n");
3604 0           return PS_PARSE_FAIL;
3605             }
3606 1474           p++;
3607 1474 50         if (*p++ != 1)
3608             {
3609             psTraceCrypto("Error parse BasicConstraints CA bool\n");
3610 0           return PS_PARSE_FAIL;
3611             }
3612             /* Officially DER TRUE must be 0xFF, openssl is more lax */
3613 1474 50         if (*p > 0 && *p != 0xFF)
3614             {
3615             psTraceCrypto("Warning: cA TRUE should be 0xFF\n");
3616             }
3617 1474 50         if (*p > 0)
3618             {
3619 1474           extensions->bc.cA = CA_TRUE;
3620             }
3621             else
3622             {
3623 0           extensions->bc.cA = CA_FALSE;
3624             }
3625 1474           p++;
3626             }
3627             else
3628             {
3629 0           extensions->bc.cA = CA_FALSE;
3630             }
3631             /*
3632             Now need to check if there is a path constraint. Only makes
3633             sense if cA is true. If it's missing, there is no limit to
3634             the cert path
3635             */
3636 1474 100         if (*p == ASN_INTEGER)
3637             {
3638 56 50         if (getAsnInteger(&p, (uint32) (extEnd - p),
3639 56           &(extensions->bc.pathLenConstraint)) < 0)
3640             {
3641             psTraceCrypto("Error parsing BasicConstraints pathLen\n");
3642 0           return PS_PARSE_FAIL;
3643             }
3644             }
3645             else
3646             {
3647 1418           extensions->bc.pathLenConstraint = -1;
3648             }
3649 1474           break;
3650              
3651             case OID_ENUM(id_ce_subjectAltName):
3652 31 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3653             {
3654             psTraceCrypto("Error parsing altSubjectName extension\n");
3655 0           return PS_PARSE_FAIL;
3656             }
3657             /* NOTE: The final limit parameter was introduced for this
3658             case because a well known search engine site sends back
3659             about 7 KB worth of subject alt names and that has created
3660             memory problems for a couple users. Set the -1 here to
3661             something reasonable (5) if you've found yourself here
3662             for this memory reason */
3663 31 50         if (parseGeneralNames(pool, &p, len, extEnd, &extensions->san,
3664             -1) < 0)
3665             {
3666             psTraceCrypto("Error parsing altSubjectName names\n");
3667 0           return PS_PARSE_FAIL;
3668             }
3669              
3670 31           break;
3671              
3672             case OID_ENUM(id_ce_keyUsage):
3673             /*
3674             KeyUsage ::= BIT STRING {
3675             digitalSignature (0),
3676             nonRepudiation (1),
3677             keyEncipherment (2),
3678             dataEncipherment (3),
3679             keyAgreement (4),
3680             keyCertSign (5),
3681             cRLSign (6),
3682             encipherOnly (7),
3683             decipherOnly (8) }
3684             */
3685 692 50         if (*p++ != ASN_BIT_STRING)
3686             {
3687             psTraceCrypto("Error parsing keyUsage extension\n");
3688 0           return PS_PARSE_FAIL;
3689             }
3690 692 50         if (getAsnLength(&p, (int32) (extEnd - p), &len) < 0 ||
    50          
3691 692           (uint32) (extEnd - p) < len)
3692             {
3693             psTraceCrypto("Malformed keyUsage extension\n");
3694 0           return PS_PARSE_FAIL;
3695             }
3696 692 50         if (len < 2)
3697             {
3698             psTraceCrypto("Malformed keyUsage extension\n");
3699 0           return PS_PARSE_FAIL;
3700             }
3701             /*
3702             If the lenth is <= 3, then there might be a
3703             KEY_USAGE_DECIPHER_ONLY (or maybe just some empty bytes).
3704             */
3705 692 50         if (len >= 3)
3706             {
3707 0 0         if (p[2] == (KEY_USAGE_DECIPHER_ONLY >> 8) && p[0] == 7)
    0          
3708             {
3709 0           extensions->keyUsageFlags |= KEY_USAGE_DECIPHER_ONLY;
3710             }
3711             }
3712 692           extensions->keyUsageFlags |= p[1];
3713 692           p = p + len;
3714 692           break;
3715              
3716             case OID_ENUM(id_ce_extKeyUsage):
3717 12 50         if (getAsnSequence(&p, (int32) (extEnd - p), &fullExtLen) < 0)
3718             {
3719             psTraceCrypto("Error parsing authKeyId extension\n");
3720 0           return PS_PARSE_FAIL;
3721             }
3722 12           save = p;
3723 55 100         while (fullExtLen > 0)
3724             {
3725 43 50         if (*p++ != ASN_OID)
3726             {
3727             psTraceCrypto("Malformed extension header\n");
3728 0           return PS_PARSE_FAIL;
3729             }
3730 43 50         if (getAsnLength(&p, fullExtLen, &len) < 0 ||
    50          
3731 43           fullExtLen < len)
3732             {
3733             psTraceCrypto("Malformed extension length\n");
3734 0           return PS_PARSE_FAIL;
3735             }
3736 43 50         if ((oidlen = asnParseOid(p, len, oid)) < 1)
3737             {
3738             psTraceCrypto("Malformed extension OID\n");
3739 0           return PS_PARSE_FAIL;
3740             }
3741 43           noid = psFindOid(oid, oidlen);
3742 43           p += len;
3743 43 50         if (fullExtLen < (uint32) (p - save))
3744             {
3745             psTraceCrypto("Inner OID parse fail EXTND_KEY_USAGE\n");
3746 0           return PS_PARSE_FAIL;
3747             }
3748 43           fullExtLen -= (p - save);
3749 43           save = p;
3750 43           switch (noid)
3751             {
3752             case OID_ENUM(id_kp_serverAuth):
3753 7           extensions->ekuFlags |= EXT_KEY_USAGE_TLS_SERVER_AUTH;
3754 7           break;
3755             case OID_ENUM(id_kp_clientAuth):
3756 11           extensions->ekuFlags |= EXT_KEY_USAGE_TLS_CLIENT_AUTH;
3757 11           break;
3758             case OID_ENUM(id_kp_codeSigning):
3759 5           extensions->ekuFlags |= EXT_KEY_USAGE_CODE_SIGNING;
3760 5           break;
3761             case OID_ENUM(id_kp_emailProtection):
3762 10           extensions->ekuFlags |= EXT_KEY_USAGE_EMAIL_PROTECTION;
3763 10           break;
3764             case OID_ENUM(id_kp_timeStamping):
3765 5           extensions->ekuFlags |= EXT_KEY_USAGE_TIME_STAMPING;
3766 5           break;
3767             case OID_ENUM(id_kp_OCSPSigning):
3768 5           extensions->ekuFlags |= EXT_KEY_USAGE_OCSP_SIGNING;
3769 5           break;
3770             case OID_ENUM(id_ce_eku_anyExtendedKeyUsage):
3771 0           extensions->ekuFlags |= EXT_KEY_USAGE_ANY;
3772 0           break;
3773             default:
3774             psTraceCrypto("WARNING: Unknown EXT_KEY_USAGE:");
3775             psTraceOid(oid, oidlen);
3776 0           break;
3777             } /* end switch */
3778             }
3779 12           break;
3780              
3781             # ifdef USE_FULL_CERT_PARSE
3782              
3783             case OID_ENUM(id_ce_nameConstraints):
3784 5 50         if (critical)
3785             {
3786             /* We're going to fail if critical since no real
3787             pattern matching is happening yet */
3788             psTraceCrypto("ERROR: critical nameConstraints unsupported\n");
3789 0           return PS_PARSE_FAIL;
3790             }
3791 5 50         if (getAsnSequence(&p, (int32) (extEnd - p), &fullExtLen) < 0)
3792             {
3793             psTraceCrypto("Error parsing authKeyId extension\n");
3794 0           return PS_PARSE_FAIL;
3795             }
3796 10 100         while (fullExtLen > 0)
3797             {
3798 5           save = p;
3799              
3800 5 50         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
3801             {
3802             /* permittedSubtrees */
3803 5           p++;
3804 5           nc = 0;
3805             }
3806 5 50         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
3807             {
3808             /* excludedSubtrees */
3809 0           p++;
3810 0           nc = 1;
3811             }
3812 5           subExtLen = 0;
3813 5 50         if (getAsnLength(&p, (uint32) (extEnd - p), &subExtLen) < 0 ||
    50          
3814 5 50         subExtLen < 1 || (uint32) (extEnd - p) < subExtLen)
3815             {
3816             psTraceCrypto("ASN get len error in nameConstraint\n");
3817 0           return PS_PARSE_FAIL;
3818             }
3819 5 50         if (fullExtLen < (subExtLen + (p - save)))
3820             {
3821             psTraceCrypto("fullExtLen parse fail nameConstraint\n");
3822 0           return PS_PARSE_FAIL;
3823             }
3824 5           fullExtLen -= subExtLen + (p - save);
3825 45 100         while (subExtLen > 0)
3826             {
3827 40           subSave = p;
3828 40 50         if (getAsnSequence(&p, (int32) (extEnd - p), &len) < 0)
3829             {
3830             psTraceCrypto("Error parsing nameConst ext\n");
3831 0           return PS_PARSE_FAIL;
3832             }
3833 40 50         if (subExtLen < (len + (p - subSave)))
3834             {
3835             psTraceCrypto("subExtLen fail nameConstraint\n");
3836 0           return PS_PARSE_FAIL;
3837             }
3838 40           subExtLen -= len + (p - subSave);
3839 40 50         if (nc == 0)
3840             {
3841 40 50         if (parseGeneralNames(pool, &p, len, extEnd,
3842             &extensions->nameConstraints.permitted, -1) < 0)
3843             {
3844             psTraceCrypto("Error parsing nameConstraint\n");
3845 0           return PS_PARSE_FAIL;
3846             }
3847             }
3848             else
3849             {
3850 0 0         if (parseGeneralNames(pool, &p, len, extEnd,
3851             &extensions->nameConstraints.excluded, -1) < 0)
3852             {
3853             psTraceCrypto("Error parsing nameConstraint\n");
3854 0           return PS_PARSE_FAIL;
3855             }
3856             }
3857             }
3858             }
3859 5           break;
3860              
3861             # ifdef USE_CRL
3862             case OID_ENUM(id_ce_cRLNumber):
3863             /* A required extension within a CRL. Our getSerialNum is
3864             the version of getInteger that allows very large
3865             numbers. Spec says this could be 20 octets long */
3866 0 0         if (getSerialNum(pool, &p, (int32) (extEnd - p),
3867             &(extensions->crlNum), &len) < 0)
3868             {
3869             psTraceCrypto("Error parsing ak.serialNum\n");
3870 0           return PS_PARSE_FAIL;
3871             }
3872 0           extensions->crlNumLen = len;
3873 0           break;
3874              
3875             case OID_ENUM(id_ce_issuingDistributionPoint):
3876             /* RFC 3280 - Although the extension is critical, conforming
3877             implementations are not required to support this extension. */
3878 0           p++;
3879 0           p = p + (fullExtLen - (p - extStart));
3880 0           break;
3881              
3882             case OID_ENUM(id_ce_cRLDistributionPoints):
3883 82 50         if (getAsnSequence(&p, (int32) (extEnd - p), &fullExtLen) < 0)
3884             {
3885             psTraceCrypto("Error parsing authKeyId extension\n");
3886 0           return PS_PARSE_FAIL;
3887             }
3888              
3889 184 100         while (fullExtLen > 0)
3890             {
3891 102           save = p;
3892 102 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
3893             {
3894             psTraceCrypto("getAsnSequence fail in crldist parse\n");
3895 0           return PS_PARSE_FAIL;
3896             }
3897 102 50         if (fullExtLen < (len + (p - save)))
3898             {
3899             psTraceCrypto("fullExtLen parse fail crldist\n");
3900 0           return PS_PARSE_FAIL;
3901             }
3902 102           fullExtLen -= len + (p - save);
3903             /* All memebers are optional */
3904 102 50         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
3905             {
3906             /* DistributionPointName */
3907 102           p++;
3908 102 50         if (getAsnLength(&p, (uint32) (extEnd - p), &len) < 0 ||
    50          
3909 102 50         len < 1 || (uint32) (extEnd - p) < len)
3910             {
3911             psTraceCrypto("ASN get len error in CRL extension\n");
3912 0           return PS_PARSE_FAIL;
3913             }
3914              
3915 102 50         if ((*p & 0xF) == 0) /* fullName (GeneralNames) */
3916             {
3917 102           p++;
3918 102 50         if (getAsnLength(&p, (uint32) (extEnd - p), &len) < 0
3919 102 50         || len < 1 || (uint32) (extEnd - p) < len)
    50          
3920             {
3921             psTraceCrypto("ASN get len error in CRL extension\n");
3922 0           return PS_PARSE_FAIL;
3923             }
3924 102 50         if (parseGeneralNames(pool, &p, len, extEnd,
3925             &extensions->crlDist, -1) > 0)
3926             {
3927             psTraceCrypto("dist gen name parse fail\n");
3928 0           return PS_PARSE_FAIL;
3929             }
3930             }
3931 0 0         else if ((*p & 0xF) == 1) /* RelativeDistName */
3932             {
3933 0           p++;
3934             /* RelativeDistName not parsed */
3935 0 0         if (getAsnLength(&p, (uint32) (extEnd - p), &len) < 0
3936 0 0         || len < 1 || (uint32) (extEnd - p) < len)
    0          
3937             {
3938             psTraceCrypto("ASN get len error in CRL extension\n");
3939 0           return PS_PARSE_FAIL;
3940             }
3941 0           p += len;
3942             }
3943             else
3944             {
3945             psTraceCrypto("DistributionPointName parse fail\n");
3946 0           return PS_PARSE_FAIL;
3947             }
3948             }
3949 102 50         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
3950             {
3951 0           p++;
3952             /* ReasonFlags not parsed */
3953 0 0         if (getAsnLength(&p, (uint32) (extEnd - p), &len) < 0 ||
    0          
3954 0 0         len < 1 || (uint32) (extEnd - p) < len)
3955             {
3956             psTraceCrypto("ASN get len error in CRL extension\n");
3957 0           return PS_PARSE_FAIL;
3958             }
3959 0           p += len;
3960             }
3961 102 50         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))
3962             {
3963 0           p++;
3964             /* General Names not parsed */
3965 0 0         if (getAsnLength(&p, (uint32) (extEnd - p), &len) < 0 ||
    0          
3966 0 0         len < 1 || (uint32) (extEnd - p) < len)
3967             {
3968             psTraceCrypto("ASN get len error in CRL extension\n");
3969 0           return PS_PARSE_FAIL;
3970             }
3971 0           p += len;
3972             }
3973             }
3974 82           break;
3975             case OID_ENUM(id_pe_authorityInfoAccess):
3976 12 50         if (parseAuthorityInfoAccess(pool, p,
3977             extEnd,
3978             &extensions->authorityInfoAccess,
3979             &len) < 0)
3980             {
3981 0           return PS_PARSE_FAIL;
3982             }
3983 12           p += len;
3984 12           break;
3985             # endif /* USE_CRL */
3986             # endif /* FULL_CERT_PARSE */
3987              
3988             case OID_ENUM(id_ce_authorityKeyIdentifier):
3989             /*
3990             AuthorityKeyIdentifier ::= SEQUENCE {
3991             keyIdentifier [0] KeyIdentifier OPTIONAL,
3992             authorityCertIssuer [1] GeneralNames OPTIONAL,
3993             authorityCertSerialNumber [2] CertificateSerialNumber OPTIONAL }
3994              
3995             KeyIdentifier ::= OCTET STRING
3996             */
3997 2379 50         if (getAsnSequence(&p, (int32) (extEnd - p), &len) < 0)
3998             {
3999             psTraceCrypto("Error parsing authKeyId extension\n");
4000 0           return PS_PARSE_FAIL;
4001             }
4002             /* Have seen a cert that has a zero length ext here. Let it pass. */
4003 2379 50         if (len == 0)
4004             {
4005 0           break;
4006             }
4007             /* All members are optional */
4008 2379 50         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 0))
4009             {
4010 2379           p++;
4011 2379 50         if (getAsnLength(&p, (int32) (extEnd - p),
4012 2379 50         &extensions->ak.keyLen) < 0 ||
4013 2379           (uint32) (extEnd - p) < extensions->ak.keyLen)
4014             {
4015             psTraceCrypto("Error keyLen in authKeyId extension\n");
4016 0           return PS_PARSE_FAIL;
4017             }
4018 2379           extensions->ak.keyId = psMalloc(pool, extensions->ak.keyLen);
4019 2379 50         if (extensions->ak.keyId == NULL)
4020             {
4021 0           psError("Mem allocation err: extensions->ak.keyId\n");
4022 0           return PS_MEM_FAIL;
4023             }
4024 2379           memcpy(extensions->ak.keyId, p, extensions->ak.keyLen);
4025 2379           p = p + extensions->ak.keyLen;
4026             }
4027 2379 100         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
4028             {
4029 50           p++;
4030 50 50         if (getAsnLength(&p, (int32) (extEnd - p), &len) < 0 ||
    50          
4031 50 50         len < 1 || (uint32) (extEnd - p) < len)
4032             {
4033             psTraceCrypto("ASN get len error in authKeyId extension\n");
4034 0           return PS_PARSE_FAIL;
4035             }
4036 50 50         if ((*p ^ ASN_CONTEXT_SPECIFIC ^ ASN_CONSTRUCTED) != 4)
4037             {
4038             /* We are just dealing with DN formats here */
4039             psTraceIntCrypto("Error auth key-id name type: %d\n",
4040             *p ^ ASN_CONTEXT_SPECIFIC ^ ASN_CONSTRUCTED);
4041 0           return PS_PARSE_FAIL;
4042             }
4043 50           p++;
4044 50 50         if (getAsnLength(&p, (int32) (extEnd - p), &len) < 0 ||
    50          
4045 50           (uint32) (extEnd - p) < len)
4046             {
4047             psTraceCrypto("ASN get len error2 in authKeyId extension\n");
4048 0           return PS_PARSE_FAIL;
4049             }
4050 50 50         if (psX509GetDNAttributes(pool, &p, (int32) (extEnd - p),
4051             &(extensions->ak.attribs), 0) < 0)
4052             {
4053             psTraceCrypto("Error parsing ak.attribs\n");
4054 0           return PS_PARSE_FAIL;
4055             }
4056             }
4057 2379 100         if ((*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 2)) ||
    50          
4058 2329           (*p == ASN_INTEGER))
4059             {
4060             /*
4061             Treat as a serial number (not a native INTEGER)
4062             */
4063 50 50         if (getSerialNum(pool, &p, (int32) (extEnd - p),
4064             &(extensions->ak.serialNum), &len) < 0)
4065             {
4066             psTraceCrypto("Error parsing ak.serialNum\n");
4067 0           return PS_PARSE_FAIL;
4068             }
4069 50           extensions->ak.serialNumLen = len;
4070             }
4071 2379           break;
4072              
4073             case OID_ENUM(id_ce_subjectKeyIdentifier):
4074             /*
4075             The value of the subject key identifier MUST be the value
4076             placed in the key identifier field of the Auth Key Identifier
4077             extension of certificates issued by the subject of
4078             this certificate.
4079             */
4080 2864 50         if (*p++ != ASN_OCTET_STRING || getAsnLength(&p,
    50          
4081 2864 50         (int32) (extEnd - p), &(extensions->sk.len)) < 0 ||
4082 2864           (uint32) (extEnd - p) < extensions->sk.len)
4083             {
4084             psTraceCrypto("Error parsing subjectKeyId extension\n");
4085 0           return PS_PARSE_FAIL;
4086             }
4087 2864           extensions->sk.id = psMalloc(pool, extensions->sk.len);
4088 2864 50         if (extensions->sk.id == NULL)
4089             {
4090 0           psError("Memory allocation error extensions->sk.id\n");
4091 0           return PS_MEM_FAIL;
4092             }
4093 2864           memcpy(extensions->sk.id, p, extensions->sk.len);
4094 2864           p = p + extensions->sk.len;
4095 2864           break;
4096             # ifdef USE_FULL_CERT_PARSE
4097              
4098             case OID_ENUM(id_ce_certificatePolicies):
4099             /*
4100             certificatePolicies ::= SEQUENCE SIZE (1..MAX) OF PolicyInformation
4101             */
4102             /* Parse certificatePolicies := SEQUENCE SIZE (1..MAX) OF
4103             PolicyInformation. */
4104 87 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
4105             {
4106             psTraceCrypto("Error parsing certificatePolicies extension\n");
4107 0           return PS_PARSE_FAIL;
4108             }
4109 87           policiesEnd = p + len;
4110             extensions->certificatePolicy.policy
4111 87           = psMalloc(pool, sizeof(x509PolicyInformation_t));
4112 87           memset(extensions->certificatePolicy.policy, 0,
4113             sizeof(x509PolicyInformation_t));
4114 87           pPolicy = extensions->certificatePolicy.policy;
4115              
4116             /* Parse a single PolicyInformation. */
4117 87 50         if (parsePolicyInformation(pool, p, extEnd, fullExtLen,
4118             pPolicy, &len) < 0)
4119             {
4120 0           return PS_PARSE_FAIL;
4121             }
4122 87           p += len;
4123              
4124             /* Parse further PolicyInformations, if present. */
4125 88 100         while ((p < policiesEnd)
4126 1 50         && (p < extEnd)
4127 1 50         && (*p == (ASN_SEQUENCE | ASN_CONSTRUCTED)))
4128             {
4129              
4130 1           pPolicy->next = psMalloc(pool, sizeof(x509PolicyInformation_t));
4131 1           memset(pPolicy->next, 0, sizeof(x509PolicyInformation_t));
4132 1           pPolicy = pPolicy->next;
4133 1 50         if (parsePolicyInformation(pool, p, extEnd, fullExtLen,
4134             pPolicy, &len) < 0)
4135             {
4136 0           return PS_PARSE_FAIL;
4137             }
4138 1           p += len;
4139             } /* End or PolicyInformation parsing. */
4140 87           break;
4141             case OID_ENUM(id_ce_policyConstraints):
4142 0 0         if (parsePolicyConstraints(pool, p,
4143             extEnd,
4144             &extensions->policyConstraints,
4145             &len) < 0)
4146             {
4147 0           return PS_PARSE_FAIL;
4148             }
4149 0           p += len;
4150 0           break;
4151             case OID_ENUM(id_ce_policyMappings):
4152 5           extensions->policyMappings = psMalloc(pool,
4153             sizeof(x509policyMappings_t));
4154 5           memset(extensions->policyMappings, 0, sizeof(x509policyMappings_t));
4155 5 50         if (parsePolicyMappings(pool, p,
4156             extEnd,
4157             extensions->policyMappings,
4158             &len) < 0)
4159             {
4160 0           return PS_PARSE_FAIL;
4161             }
4162              
4163 5           p += len;
4164 5           break;
4165             case OID_ENUM(id_ce_issuerAltName):
4166 10 50         if (getAsnSequence(&p, (uint32) (extEnd - p), &len) < 0)
4167             {
4168             psTraceCrypto("Error parsing issuerAltName extension\n");
4169 0           return PS_PARSE_FAIL;
4170             }
4171             /* NOTE: The final limit parameter was introduced for this
4172             case because a well known search engine site sends back
4173             about 7 KB worth of subject alt names and that has created
4174             memory problems for a couple users. Set the -1 here to
4175             something reasonable (5) if you've found yourself here
4176             for this memory reason */
4177 10 50         if (parseGeneralNames(pool, &p, len, extEnd, &extensions->issuerAltName,
4178             -1) < 0)
4179             {
4180             psTraceCrypto("Error parsing altSubjectName names\n");
4181 0           return PS_PARSE_FAIL;
4182             }
4183 10           break;
4184             # endif /* USE_FULL_CERT_PARSE */
4185             /* These extensions are known but not handled */
4186             case OID_ENUM(id_ce_subjectDirectoryAttributes):
4187             case OID_ENUM(id_ce_inhibitAnyPolicy):
4188             case OID_ENUM(id_ce_freshestCRL):
4189             case OID_ENUM(id_pe_subjectInfoAccess):
4190             default:
4191             /* Unsupported or skipping because USE_FULL_CERT_PARSE undefd */
4192 1505 50         if (critical)
4193             {
4194             psTraceCrypto("Unsupported critical ext encountered: ");
4195             psTraceOid(oid, oidlen);
4196             # ifndef ALLOW_UNKNOWN_CRITICAL_EXTENSIONS
4197 0           _psTrace("An unsupported critical extension was "
4198             "encountered. X.509 specifications say "
4199             "connections must be terminated in this case. "
4200             "Define ALLOW_UNKNOWN_CRITICAL_EXTENSIONS to "
4201             "bypass this rule if testing and email Inside "
4202             "support to inquire about this extension.\n");
4203 0           return PS_PARSE_FAIL;
4204             # else
4205             # ifdef WIN32
4206             # pragma message("IGNORING UNKNOWN CRITICAL EXTENSIONS IS A SECURITY RISK")
4207             # else
4208             # warning "IGNORING UNKNOWN CRITICAL EXTENSIONS IS A SECURITY RISK"
4209             # endif
4210             # endif
4211             }
4212 1505           p++;
4213             /*
4214             Skip over based on the length reported from the ASN_SEQUENCE
4215             surrounding the entire extension. It is not a guarantee that
4216             the value of the extension itself will contain it's own length.
4217             */
4218 1505           p = p + (fullExtLen - (p - extStart));
4219 1505           break;
4220             }
4221             }
4222 2879           *pp = p;
4223 2879           return 0;
4224             }
4225              
4226             /******************************************************************************/
4227             /*
4228             Although a certificate serial number is encoded as an integer type, that
4229             doesn't prevent it from being abused as containing a variable length
4230             binary value. Get it here.
4231             */
4232 2929           int32_t getSerialNum(psPool_t *pool, const unsigned char **pp, psSize_t len,
4233             unsigned char **sn, psSize_t *snLen)
4234             {
4235 2929           const unsigned char *p = *pp;
4236             psSize_t vlen;
4237              
4238 2929 100         if ((*p != (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 2)) &&
    50          
4239 2879           (*p != ASN_INTEGER))
4240             {
4241             psTraceCrypto("X.509 getSerialNum failed on first bytes\n");
4242 0           return PS_PARSE_FAIL;
4243             }
4244 2929           p++;
4245              
4246 2929 50         if (len < 1 || getAsnLength(&p, len - 1, &vlen) < 0 || (len - 1) < vlen)
    50          
    50          
4247             {
4248             psTraceCrypto("ASN getSerialNum failed\n");
4249 0           return PS_PARSE_FAIL;
4250             }
4251 2929           *snLen = vlen;
4252              
4253 2929 50         if (vlen > 0)
4254             {
4255 2929           *sn = psMalloc(pool, vlen);
4256 2929 50         if (*sn == NULL)
4257             {
4258 0           psError("Memory allocation failure in getSerialNum\n");
4259 0           return PS_MEM_FAIL;
4260             }
4261 2929           memcpy(*sn, p, vlen);
4262 2929           p += vlen;
4263             }
4264 2929           *pp = p;
4265 2929           return PS_SUCCESS;
4266             }
4267              
4268             /******************************************************************************/
4269             /**
4270             Explicit value encoding has an additional tag layer.
4271             */
4272 2879           static int32_t getExplicitVersion(const unsigned char **pp, psSize_t len,
4273             int32_t expVal, int32_t *val)
4274             {
4275 2879           const unsigned char *p = *pp;
4276             psSize_t exLen;
4277              
4278 2879 50         if (len < 1)
4279             {
4280             psTraceCrypto("Invalid length to getExplicitVersion\n");
4281 0           return PS_PARSE_FAIL;
4282             }
4283             /*
4284             This is an optional value, so don't error if not present. The default
4285             value is version 1
4286             */
4287 2879 50         if (*p != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | expVal))
4288             {
4289 0           *val = 0;
4290 0           return PS_SUCCESS;
4291             }
4292 2879           p++;
4293 2879 50         if (getAsnLength(&p, len - 1, &exLen) < 0 || (len - 1) < exLen)
    50          
4294             {
4295             psTraceCrypto("getAsnLength failure in getExplicitVersion\n");
4296 0           return PS_PARSE_FAIL;
4297             }
4298 2879 50         if (getAsnInteger(&p, exLen, val) < 0)
4299             {
4300             psTraceCrypto("getAsnInteger failure in getExplicitVersion\n");
4301 0           return PS_PARSE_FAIL;
4302             }
4303 2879           *pp = p;
4304 2879           return PS_SUCCESS;
4305             }
4306              
4307             /******************************************************************************/
4308             /**
4309             Tests if the certificate was issued before the given date.
4310             Because there is no actual issuance date in the certificate, we use the
4311             'notBefore' date (the initial date the certificate is valid) as the
4312             effective issuance date.
4313             @security This api is used to be more lenient on certificates that are still
4314             valid, but were created before certain more strict certificate rules
4315             were specified.
4316              
4317             @param[in] rfc The RFC to check against.
4318             @param[in] cert The cert to check the issuing date on.
4319             @return 1 if yes, 0 if no, -1 on parse error.
4320             */
4321 1148           static int32 issuedBefore(rfc_e rfc, const psX509Cert_t *cert)
4322             {
4323             unsigned char *c;
4324             unsigned int y;
4325             unsigned short m;
4326             psBrokenDownTime_t t;
4327             int32 err;
4328              
4329             /* Validate the 'not before' date */
4330 1148 50         if ((c = (unsigned char *) cert->notBefore) == NULL)
4331             {
4332 0           return PS_FAILURE;
4333             }
4334 1148 50         err = psBrokenDownTimeImport(
4335             &t, (const char *) c, strlen((const char *) c),
4336 1148           cert->notBeforeTimeType == ASN_UTCTIME ?
4337             PS_BROKENDOWN_TIME_IMPORT_2DIGIT_YEAR : 0);
4338              
4339 1148 50         if (err)
4340             {
4341 0           return err;
4342             }
4343              
4344             /* Get y and m from broken-down time. */
4345 1148           y = 1900 + (unsigned int) t.tm_year;
4346 1148           m = 1 + (unsigned short) t.tm_mon;
4347              
4348             /* Must have been issued at least when X509v3 was added */
4349 1148 50         if (y < 1996 || m < 1 || m > 12)
    50          
    50          
4350             {
4351 0           return -1;
4352             }
4353 1148           switch (rfc)
4354             {
4355             case RFC_6818:
4356 0 0         if (y < 2013) /* No month check needed for Jan */
4357             {
4358 0           return 1;
4359             }
4360 0           return 0;
4361             case RFC_5280:
4362 0 0         if (y < 2008 || (y == 2008 && m < 5))
    0          
    0          
4363             {
4364 0           return 1;
4365             }
4366 0           return 0;
4367             case RFC_3280:
4368 1148 50         if (y < 2002 || (y == 2002 && m < 4))
    50          
    0          
4369             {
4370 0           return 1;
4371             }
4372 1148           return 0;
4373             case RFC_2459:
4374 0 0         if (y < 1999) /* No month check needed for Jan */
4375             {
4376 0           return 1;
4377             }
4378 0           return 0;
4379             default:
4380 1148           return -1;
4381             }
4382             return -1;
4383             }
4384              
4385             /**
4386             Validate the dates in the cert to machine date.
4387             SECURITY - always succeeds on systems without date support
4388             Returns
4389             0 on parse success (FAIL_DATE_FLAG could be set)
4390             PS_FAILURE on parse error
4391             */
4392 2879           static int32 validateDateRange(psX509Cert_t *cert)
4393             {
4394             int32 err;
4395             psBrokenDownTime_t timeNow;
4396             psBrokenDownTime_t timeNowLinger;
4397             psBrokenDownTime_t beforeTime;
4398             psBrokenDownTime_t afterTime;
4399             psBrokenDownTime_t afterTimeLinger;
4400              
4401 2879 50         if (cert->notBefore == NULL || cert->notAfter == NULL)
    50          
4402             {
4403 0           return PS_FAIL;
4404             }
4405              
4406 2879           err = psGetBrokenDownGMTime(&timeNow, 0);
4407 2879 50         if (err != PS_SUCCESS)
4408             {
4409 0           return PS_FAIL;
4410             }
4411              
4412 2879           memcpy(&timeNowLinger, &timeNow, sizeof timeNowLinger);
4413 2879           err = psBrokenDownTimeAdd(&timeNowLinger, PS_X509_TIME_LINGER);
4414 2879 50         if (err != PS_SUCCESS)
4415             {
4416 0           return PS_FAIL;
4417             }
4418              
4419 2879 100         err = psBrokenDownTimeImport(
4420 5758           &beforeTime, cert->notBefore, strlen(cert->notBefore),
4421 2879           cert->notBeforeTimeType == ASN_UTCTIME ?
4422             PS_BROKENDOWN_TIME_IMPORT_2DIGIT_YEAR : 0);
4423 2879 50         if (err != PS_SUCCESS)
4424             {
4425 0           return PS_FAIL;
4426             }
4427              
4428 2879 100         err = psBrokenDownTimeImport(
4429 5758           &afterTime, cert->notAfter, strlen(cert->notAfter),
4430 2879           cert->notAfterTimeType == ASN_UTCTIME ?
4431             PS_BROKENDOWN_TIME_IMPORT_2DIGIT_YEAR : 0);
4432 2879 50         if (err != PS_SUCCESS)
4433             {
4434 0           return PS_FAIL;
4435             }
4436              
4437 2879           memcpy(&afterTimeLinger, &afterTime, sizeof afterTimeLinger);
4438 2879           err = psBrokenDownTimeAdd(&afterTimeLinger, PS_X509_TIME_LINGER);
4439 2879 50         if (err != PS_SUCCESS)
4440             {
4441 0           return PS_FAIL;
4442             }
4443              
4444 2879 50         if (psBrokenDownTimeCmp(&beforeTime, &timeNowLinger) > 0)
4445             {
4446             /* beforeTime is in future. */
4447 0           cert->authFailFlags |= PS_CERT_AUTH_FAIL_DATE_FLAG;
4448             }
4449 2879 100         else if (psBrokenDownTimeCmp(&timeNow, &afterTimeLinger) > 0)
4450             {
4451             /* afterTime is in past. */
4452 15           cert->authFailFlags |= PS_CERT_AUTH_FAIL_DATE_FLAG;
4453             }
4454 2879           return 0;
4455             }
4456              
4457              
4458             /******************************************************************************/
4459             /*
4460             Implementation specific date parser.
4461             */
4462 2879           static int32_t getTimeValidity(psPool_t *pool, const unsigned char **pp,
4463             psSize_t len, int32_t *notBeforeTimeType,
4464             int32_t *notAfterTimeType,
4465             char **notBefore, char **notAfter)
4466             {
4467 2879           const unsigned char *p = *pp, *end;
4468             psSize_t seqLen, timeLen;
4469              
4470 2879           end = p + len;
4471 5758 50         if (len < 1 || *(p++) != (ASN_SEQUENCE | ASN_CONSTRUCTED) ||
4472 5758 50         getAsnLength(&p, len - 1, &seqLen) < 0 ||
4473 2879           (uint32) (end - p) < seqLen)
4474             {
4475             psTraceCrypto("getTimeValidity failed on inital parse\n");
4476 0           return PS_PARSE_FAIL;
4477             }
4478             /*
4479             Have notBefore and notAfter times in UTCTime or GeneralizedTime formats
4480             */
4481 2879 50         if ((end - p) < 1 || ((*p != ASN_UTCTIME) && (*p != ASN_GENERALIZEDTIME)))
    100          
    50          
4482             {
4483             psTraceCrypto("Malformed validity\n");
4484 0           return PS_PARSE_FAIL;
4485             }
4486 2879           *notBeforeTimeType = *p;
4487 2879           p++;
4488             /*
4489             Allocate them as null terminated strings
4490             */
4491 2879 50         if (getAsnLength(&p, seqLen, &timeLen) < 0 || (uint32) (end - p) < timeLen)
    50          
4492             {
4493             psTraceCrypto("Malformed validity 2\n");
4494 0           return PS_PARSE_FAIL;
4495             }
4496 2879 50         if (timeLen > MAX_TIME_LEN)
4497             {
4498 0           return PS_PARSE_FAIL;
4499             }
4500 2879           *notBefore = psMalloc(pool, timeLen + 1);
4501 2879 50         if (*notBefore == NULL)
4502             {
4503 0           psError("Memory allocation error in getTimeValidity for notBefore\n");
4504 0           return PS_MEM_FAIL;
4505             }
4506 2879           memcpy(*notBefore, p, timeLen);
4507 2879           (*notBefore)[timeLen] = '\0';
4508 2879           p = p + timeLen;
4509 2879 50         if ((end - p) < 1 || ((*p != ASN_UTCTIME) && (*p != ASN_GENERALIZEDTIME)))
    100          
    50          
4510             {
4511             psTraceCrypto("Malformed validity 3\n");
4512 0           return PS_PARSE_FAIL;
4513             }
4514 2879           *notAfterTimeType = *p;
4515 2879           p++;
4516 2879 50         if (getAsnLength(&p, seqLen - timeLen, &timeLen) < 0 ||
    50          
4517 2879           (uint32) (end - p) < timeLen)
4518             {
4519             psTraceCrypto("Malformed validity 4\n");
4520 0           return PS_PARSE_FAIL;
4521             }
4522 2879 50         if (timeLen > MAX_TIME_LEN)
4523             {
4524 0           return PS_PARSE_FAIL;
4525             }
4526 2879           *notAfter = psMalloc(pool, timeLen + 1);
4527 2879 50         if (*notAfter == NULL)
4528             {
4529 0           psError("Memory allocation error in getTimeValidity for notAfter\n");
4530 0           return PS_MEM_FAIL;
4531             }
4532 2879           memcpy(*notAfter, p, timeLen);
4533 2879           (*notAfter)[timeLen] = '\0';
4534 2879           p = p + timeLen;
4535              
4536 2879           *pp = p;
4537 2879           return PS_SUCCESS;
4538             }
4539              
4540             /******************************************************************************/
4541             /*
4542             Could be optional. If the tag doesn't contain the value from the left
4543             of the IMPLICIT keyword we don't have a match and we don't incr the pointer.
4544             */
4545 5758           static int32_t getImplicitBitString(psPool_t *pool, const unsigned char **pp,
4546             psSize_t len, int32_t impVal, unsigned char **bitString,
4547             psSize_t *bitLen)
4548             {
4549 5758           const unsigned char *p = *pp;
4550             int32_t ignore_bits;
4551              
4552 5758 50         if (len < 1)
4553             {
4554             psTraceCrypto("Initial parse error in getImplicitBitString\n");
4555 0           return PS_PARSE_FAIL;
4556             }
4557             /*
4558             We don't treat this case as an error, because of the optional nature.
4559             */
4560 5758 50         if (*p != (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | impVal))
4561             {
4562 5758           return PS_SUCCESS;
4563             }
4564              
4565 0           p++;
4566 0 0         if (getAsnLength(&p, len, bitLen) < 0
4567 0 0         || *bitLen < 2)
4568             {
4569             psTraceCrypto("Malformed implicitBitString\n");
4570 0           return PS_PARSE_FAIL;
4571             }
4572 0           ignore_bits = *p++;
4573 0           (*bitLen)--;
4574 0 0         psAssert(ignore_bits == 0);
4575              
4576 0           *bitString = psMalloc(pool, *bitLen);
4577 0 0         if (*bitString == NULL)
4578             {
4579 0           psError("Memory allocation error in getImplicitBitString\n");
4580 0           return PS_MEM_FAIL;
4581             }
4582 0           memcpy(*bitString, p, *bitLen);
4583 0           *pp = p + *bitLen;
4584 5758           return PS_SUCCESS;
4585             }
4586              
4587              
4588             /******************************************************************************/
4589             /*
4590             Implementations of this specification MUST be prepared to receive
4591             the following standard attribute types in issuer names:
4592             country, organization, organizational-unit, distinguished name qualifier,
4593             state or province name, and common name
4594             */
4595 5808           int32_t psX509GetDNAttributes(psPool_t *pool, const unsigned char **pp,
4596             psSize_t len, x509DNattributes_t *attribs, uint32_t flags)
4597             {
4598 5808           const unsigned char *p = *pp;
4599             const unsigned char *dnEnd, *dnStart, *moreInSetPtr;
4600             x509OrgUnit_t *orgUnit;
4601             x509DomainComponent_t *domainComponent;
4602             int32 id, stringType, checkHiddenNull, moreInSet;
4603             psSize_t llen, setlen, arcLen;
4604             char *stringOut;
4605             uint32_t i;
4606              
4607             # ifdef USE_SHA1
4608             psSha1_t hash;
4609             # elif defined(USE_SHA256)
4610             psSha256_t hash;
4611             # else
4612             /* TODO can we avoid hash altogether? We do not free/finalize the hash ctx on error return below. */
4613             # error USE_SHA1 or USE_SHA256 must be defined
4614             # endif
4615              
4616 5808           dnStart = p;
4617 5808 50         if (getAsnSequence(&p, len, &llen) < 0)
4618             {
4619 0           return PS_PARSE_FAIL;
4620             }
4621 5808           dnEnd = p + llen;
4622              
4623             /*
4624             The possibility of a CERTIFICATE_REQUEST message. Set aside full DN
4625             */
4626 5808 100         if (flags & CERT_STORE_DN_BUFFER)
4627             {
4628 3438           attribs->dnencLen = (uint32) (dnEnd - dnStart);
4629 3438           attribs->dnenc = psMalloc(pool, attribs->dnencLen);
4630 3438 50         if (attribs->dnenc == NULL)
4631             {
4632 0           psError("Memory allocation error in getDNAttributes\n");
4633 0           return PS_MEM_FAIL;
4634             }
4635 3438           memcpy(attribs->dnenc, dnStart, attribs->dnencLen);
4636             }
4637 5808           moreInSet = 0;
4638 28643 100         while (p < dnEnd)
4639             {
4640 22835 50         if (getAsnSet(&p, (uint32) (dnEnd - p), &setlen) < 0)
4641             {
4642             psTraceCrypto("Malformed DN attributes\n");
4643 0           return PS_PARSE_FAIL;
4644             }
4645             /* 99.99% of certs have one attribute per SET but did come across
4646             one that nested a couple at this level so let's watch out for
4647             that with the "moreInSet" logic */
4648             MORE_IN_SET:
4649 22835           moreInSetPtr = p;
4650 22835 50         if (getAsnSequence(&p, (uint32) (dnEnd - p), &llen) < 0)
4651             {
4652             psTraceCrypto("Malformed DN attributes 2\n");
4653 0           return PS_PARSE_FAIL;
4654             }
4655 22835 50         if (moreInSet > 0)
4656             {
4657 0           moreInSet -= llen + (int32) (p - moreInSetPtr);
4658             }
4659             else
4660             {
4661 22835 50         if (setlen != llen + (int32) (p - moreInSetPtr))
4662             {
4663 0           moreInSet = setlen - (int32) (p - moreInSetPtr) - llen;
4664             }
4665             }
4666 45670 50         if (dnEnd <= p || (*(p++) != ASN_OID) ||
4667 45670 50         getAsnLength(&p, (uint32) (dnEnd - p), &arcLen) < 0 ||
4668 22835           (uint32) (dnEnd - p) < arcLen)
4669             {
4670             psTraceCrypto("Malformed DN attributes 3\n");
4671 0           return PS_PARSE_FAIL;
4672             }
4673             /*
4674             id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4}
4675             id-at-commonName OBJECT IDENTIFIER ::= {id-at 3}
4676             id-at-serialNumber OBJECT IDENTIFIER ::= {id-at 5}
4677             id-at-countryName OBJECT IDENTIFIER ::= {id-at 6}
4678             id-at-localityName OBJECT IDENTIFIER ::= {id-at 7}
4679             id-at-stateOrProvinceName OBJECT IDENTIFIER ::= {id-at 8}
4680             id-at-organizationName OBJECT IDENTIFIER ::= {id-at 10}
4681             id-at-organizationalUnitName OBJECT IDENTIFIER ::= {id-at 11}
4682             */
4683 22835           *pp = p;
4684             /*
4685             Currently we are skipping OIDs not of type {joint-iso-ccitt(2) ds(5) 4}
4686             (domainComponent is currently the only exception).
4687             However, we could be dealing with an OID we MUST support per RFC.
4688             */
4689 22835 50         if (dnEnd - p < 2)
4690             {
4691             psTraceCrypto("Malformed DN attributes 4\n");
4692 0           return PS_LIMIT_FAIL;
4693             }
4694              
4695             /*
4696             Check separately for domainComponent and uid, since those do not
4697             start with the 0x5504 (id-at) pattern the code below expects.
4698             */
4699             /*
4700             Note: According to RFC 5280, "... implementations of this
4701             specification MUST be prepared to receive the domainComponent
4702             attribute, as defined in [RFC4519]."
4703             */
4704 22835 50         if (arcLen == 10 &&
    0          
4705 0 0         *p == 0x09 &&
4706 0 0         *(p + 1) == 0x92 &&
4707 0 0         *(p + 2) == 0x26 &&
4708 0 0         *(p + 3) == 0x89 &&
4709 0 0         *(p + 4) == 0x93 &&
4710 0 0         *(p + 5) == 0xf2 &&
4711 0 0         *(p + 6) == 0x2c &&
4712 0 0         *(p + 7) == 0x64 &&
4713 0           *(p + 8) == 0x01)
4714             {
4715 0 0         if (*(p + 9) == 0x19)
4716             {
4717 0           p += 10;
4718 0           id = ATTRIB_DOMAIN_COMPONENT;
4719 0           goto oid_parsing_done;
4720             }
4721             # ifdef USE_EXTRA_DN_ATTRIBUTES
4722             else if (*(p + 9) == 0x01)
4723             {
4724             p += 10;
4725             id = ATTRIB_UID;
4726             goto oid_parsing_done;
4727             }
4728             # endif /* USE_EXTRA_DN_ATTRIBUTES */
4729             }
4730             # ifdef USE_EXTRA_DN_ATTRIBUTES
4731             if (arcLen == 9 &&
4732             *p == 0x2a &&
4733             *(p + 1) == 0x86 &&
4734             *(p + 2) == 0x48 &&
4735             *(p + 3) == 0x86 &&
4736             *(p + 4) == 0xf7 &&
4737             *(p + 5) == 0x0d &&
4738             *(p + 6) == 0x01 &&
4739             *(p + 7) == 0x09 &&
4740             *(p + 8) == 0x01)
4741             {
4742             p += 9;
4743             id = ATTRIB_EMAIL;
4744             goto oid_parsing_done;
4745             }
4746             # endif /* USE_EXTRA_DN_ATTRIBUTES */
4747              
4748             /* check id-at */
4749 22835 100         if ((*p++ != 85) || (*p++ != 4))
    50          
4750             {
4751             /* OIDs we are not parsing */
4752 20           p = *pp;
4753             /*
4754             Move past the OID and string type, get data size, and skip it.
4755             NOTE: Have had problems parsing older certs in this area.
4756             */
4757 20 50         if ((uint32) (dnEnd - p) < arcLen + 1)
4758             {
4759             psTraceCrypto("Malformed DN attributes 5\n");
4760 0           return PS_LIMIT_FAIL;
4761             }
4762 20           p += arcLen + 1;
4763 20 50         if (getAsnLength(&p, (uint32) (dnEnd - p), &llen) < 0 ||
    50          
4764 20           (uint32) (dnEnd - p) < llen)
4765             {
4766             psTraceCrypto("Malformed DN attributes 6\n");
4767 0           return PS_PARSE_FAIL;
4768             }
4769 20           p = p + llen;
4770 20           continue;
4771             }
4772             /* Next are the id of the attribute type and the ASN string type */
4773 22815 50         if (arcLen != 3 || dnEnd - p < 2)
    50          
4774             {
4775             psTraceCrypto("Malformed DN attributes 7\n");
4776 0           return PS_LIMIT_FAIL;
4777             }
4778 22815           id = (int32) * p++;
4779             oid_parsing_done:
4780             /* Done with OID parsing */
4781 22815           stringType = (int32) * p++;
4782              
4783 22815 50         if (getAsnLength(&p, (uint32) (dnEnd - p), &llen) < 0 ||
    50          
4784 22815           (uint32) (dnEnd - p) < llen)
4785             {
4786             psTraceCrypto("Malformed DN attributes 8\n");
4787 0           return PS_LIMIT_FAIL;
4788             }
4789             /*
4790             For the known 8-bit character string types, we flag that we want
4791             to test for a hidden null in the middle of the string to address the
4792             issue of www.goodguy.com\0badguy.com.
4793             For validation purposes, BMPSTRINGs are converted to UTF-8 format.
4794             */
4795 22815           checkHiddenNull = PS_FALSE;
4796 22815           switch (stringType)
4797             {
4798             case ASN_BMPSTRING:
4799             {
4800             /* MatrixSSL generally uses single byte character string
4801             formats. This function converts ASN_BMPSTRING to
4802             UTF-8 for further handling. */
4803 0           unsigned char *uc_stringOut = NULL;
4804             size_t length;
4805             int32 str_err;
4806 0           str_err = psToUtf8String(pool,
4807             (const unsigned char *) p,
4808             (size_t) llen,
4809             (psStringType_t) ASN_BMPSTRING,
4810             &uc_stringOut,
4811             &length,
4812             # if DN_NUM_TERMINATING_NULLS == 2
4813             PS_STRING_DUAL_NIL
4814             # elif DN_NUM_TERMINATING_NULLS == 1
4815             0
4816             # else
4817             # error "Unsupported value for DN_NUM_TERMINATING_NULLS."
4818             # endif
4819             );
4820 0 0         if (str_err != PS_SUCCESS)
4821             {
4822 0           return str_err;
4823             }
4824             /* Length checking. */
4825 0 0         if (length >= 0x7FFE)
4826             {
4827             /* Notice if length is too long to fit in 15 bits. */
4828 0           psFree(uc_stringOut, pool);
4829 0           return PS_LIMIT_FAIL;
4830             }
4831 0           stringOut = (char *) uc_stringOut;
4832 0           p = p + llen;
4833 0           llen = (uint16_t) length + DN_NUM_TERMINATING_NULLS;
4834 0           break;
4835             }
4836             case ASN_PRINTABLESTRING:
4837             case ASN_UTF8STRING:
4838             case ASN_IA5STRING:
4839             case ASN_T61STRING:
4840             /* coverity[unterminated_case] */
4841 22815           checkHiddenNull = PS_TRUE;
4842             /* fall through */
4843             case ASN_BIT_STRING:
4844 22815           stringOut = psMalloc(pool, llen + DN_NUM_TERMINATING_NULLS);
4845 22815 50         if (stringOut == NULL)
4846             {
4847 0           psError("Memory allocation error in getDNAttributes\n");
4848 0           return PS_MEM_FAIL;
4849             }
4850 22815           memcpy(stringOut, p, llen);
4851             /*
4852             Terminate with DN_NUM_TERMINATING_NULLS null chars to support
4853             standard string manipulations with any potential unicode types.
4854             */
4855 68445 100         for (i = 0; i < DN_NUM_TERMINATING_NULLS; i++)
4856             {
4857 45630           stringOut[llen + i] = '\0';
4858             }
4859              
4860 22815 50         if (checkHiddenNull)
4861             {
4862 22815 50         if ((uint32) strlen(stringOut) != llen)
4863             {
4864 0           psFree(stringOut, pool);
4865             psTraceCrypto("Malformed DN attributes 9\n");
4866 0           return PS_PARSE_FAIL;
4867             }
4868             }
4869              
4870 22815           p = p + llen;
4871 22815           llen += DN_NUM_TERMINATING_NULLS; /* Add null bytes for length assignments */
4872 22815           break;
4873             default:
4874             psTraceIntCrypto("Unsupported DN attrib type %d\n", stringType);
4875 0           return PS_UNSUPPORTED_FAIL;
4876             }
4877              
4878 22815           switch (id)
4879             {
4880             case ATTRIB_COUNTRY_NAME:
4881 5717 50         if (attribs->country)
4882             {
4883 0           psFree(attribs->country, pool);
4884             }
4885 5717           attribs->country = stringOut;
4886 5717           attribs->countryType = (short) stringType;
4887 5717           attribs->countryLen = (short) llen;
4888 5717           break;
4889             case ATTRIB_ORGANIZATION:
4890 5798 50         if (attribs->organization)
4891             {
4892 0           psFree(attribs->organization, pool);
4893             }
4894 5798           attribs->organization = stringOut;
4895 5798           attribs->organizationType = (short) stringType;
4896 5798           attribs->organizationLen = (short) llen;
4897 5798           break;
4898             case ATTRIB_ORG_UNIT:
4899 806           orgUnit = psMalloc(pool, sizeof(x509OrgUnit_t));
4900 806           orgUnit->name = stringOut;
4901 806           orgUnit->type = (short) stringType;
4902 806           orgUnit->len = llen;
4903             /* Push the org unit onto the front of the list */
4904 806           orgUnit->next = attribs->orgUnit;
4905 806           attribs->orgUnit = orgUnit;
4906 806           break;
4907             case ATTRIB_DN_QUALIFIER:
4908 0 0         if (attribs->dnQualifier)
4909             {
4910 0           psFree(attribs->dnQualifier, pool);
4911             }
4912 0           attribs->dnQualifier = stringOut;
4913 0           attribs->dnQualifierType = (short) stringType;
4914 0           attribs->dnQualifierLen = (short) llen;
4915 0           break;
4916             case ATTRIB_STATE_PROVINCE:
4917 4475 50         if (attribs->state)
4918             {
4919 0           psFree(attribs->state, pool);
4920             }
4921 4475           attribs->state = stringOut;
4922 4475           attribs->stateType = (short) stringType;
4923 4475           attribs->stateLen = (short) llen;
4924 4475           break;
4925             case ATTRIB_COMMON_NAME:
4926 5708 50         if (attribs->commonName)
4927             {
4928 0           psFree(attribs->commonName, pool);
4929             }
4930 5708           attribs->commonName = stringOut;
4931 5708           attribs->commonNameType = (short) stringType;
4932 5708           attribs->commonNameLen = (short) llen;
4933 5708           break;
4934             case ATTRIB_SERIALNUMBER:
4935 30 50         if (attribs->serialNumber)
4936             {
4937 0           psFree(attribs->serialNumber, pool);
4938             }
4939 30           attribs->serialNumber = stringOut;
4940 30           attribs->serialNumberType = (short) stringType;
4941 30           attribs->serialNumberLen = (short) llen;
4942 30           break;
4943             case ATTRIB_DOMAIN_COMPONENT:
4944 0           domainComponent = psMalloc(pool, sizeof(x509DomainComponent_t));
4945 0           domainComponent->name = stringOut;
4946 0           domainComponent->type = (short) stringType;
4947 0           domainComponent->len = llen;
4948             /* Push the org unit onto the front of the list */
4949 0           domainComponent->next = attribs->domainComponent;
4950 0           attribs->domainComponent = domainComponent;
4951 0           break;
4952             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
4953             case ATTRIB_LOCALITY:
4954 281 50         if (attribs->locality)
4955             {
4956 0           psFree(attribs->locality, pool);
4957             }
4958 281           attribs->locality = stringOut;
4959 281           attribs->localityType = (short) stringType;
4960 281           attribs->localityLen = (short) llen;
4961 281           break;
4962             case ATTRIB_TITLE:
4963 0 0         if (attribs->title)
4964             {
4965 0           psFree(attribs->title, pool);
4966             }
4967 0           attribs->title = stringOut;
4968 0           attribs->titleType = (short) stringType;
4969 0           attribs->titleLen = (short) llen;
4970 0           break;
4971             case ATTRIB_SURNAME:
4972 0 0         if (attribs->surname)
4973             {
4974 0           psFree(attribs->surname, pool);
4975             }
4976 0           attribs->surname = stringOut;
4977 0           attribs->surnameType = (short) stringType;
4978 0           attribs->surnameLen = (short) llen;
4979 0           break;
4980             case ATTRIB_GIVEN_NAME:
4981 0 0         if (attribs->givenName)
4982             {
4983 0           psFree(attribs->givenName, pool);
4984             }
4985 0           attribs->givenName = stringOut;
4986 0           attribs->givenNameType = (short) stringType;
4987 0           attribs->givenNameLen = (short) llen;
4988 0           break;
4989             case ATTRIB_INITIALS:
4990 0 0         if (attribs->initials)
4991             {
4992 0           psFree(attribs->initials, pool);
4993             }
4994 0           attribs->initials = stringOut;
4995 0           attribs->initialsType = (short) stringType;
4996 0           attribs->initialsLen = (short) llen;
4997 0           break;
4998             case ATTRIB_PSEUDONYM:
4999 0 0         if (attribs->pseudonym)
5000             {
5001 0           psFree(attribs->pseudonym, pool);
5002             }
5003 0           attribs->pseudonym = stringOut;
5004 0           attribs->pseudonymType = (short) stringType;
5005 0           attribs->pseudonymLen = (short) llen;
5006 0           break;
5007             case ATTRIB_GEN_QUALIFIER:
5008 0 0         if (attribs->generationQualifier)
5009             {
5010 0           psFree(attribs->generationQualifier, pool);
5011             }
5012 0           attribs->generationQualifier = stringOut;
5013 0           attribs->generationQualifierType = (short) stringType;
5014 0           attribs->generationQualifierLen = (short) llen;
5015 0           break;
5016             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
5017             # ifdef USE_EXTRA_DN_ATTRIBUTES
5018             case ATTRIB_STREET_ADDRESS:
5019             if (attribs->streetAddress)
5020             {
5021             psFree(attribs->streetAddress, pool);
5022             }
5023             attribs->streetAddress = stringOut;
5024             attribs->streetAddressType = (short) stringType;
5025             attribs->streetAddressLen = (short) llen;
5026             break;
5027             case ATTRIB_POSTAL_ADDRESS:
5028             if (attribs->postalAddress)
5029             {
5030             psFree(attribs->postalAddress, pool);
5031             }
5032             attribs->postalAddress = stringOut;
5033             attribs->postalAddressType = (short) stringType;
5034             attribs->postalAddressLen = (short) llen;
5035             break;
5036             case ATTRIB_TELEPHONE_NUMBER:
5037             if (attribs->telephoneNumber)
5038             {
5039             psFree(attribs->telephoneNumber, pool);
5040             }
5041             attribs->telephoneNumber = stringOut;
5042             attribs->telephoneNumberType = (short) stringType;
5043             attribs->telephoneNumberLen = (short) llen;
5044             break;
5045             case ATTRIB_UID:
5046             if (attribs->uid)
5047             {
5048             psFree(attribs->uid, pool);
5049             }
5050             attribs->uid = stringOut;
5051             attribs->uidType = (short) stringType;
5052             attribs->uidLen = (short) llen;
5053             break;
5054             case ATTRIB_NAME:
5055             if (attribs->name)
5056             {
5057             psFree(attribs->name, pool);
5058             }
5059             attribs->name = stringOut;
5060             attribs->nameType = (short) stringType;
5061             attribs->nameLen = (short) llen;
5062             break;
5063             case ATTRIB_EMAIL:
5064             if (attribs->email)
5065             {
5066             psFree(attribs->email, pool);
5067             }
5068             attribs->email = stringOut;
5069             attribs->emailType = (short) stringType;
5070             attribs->emailLen = (short) llen;
5071             break;
5072             # endif /* USE_EXTRA_DN_ATTRIBUTES */
5073             default:
5074             /* Not a MUST support, so just ignore unknown */
5075 0           psFree(stringOut, pool);
5076 0           stringOut = NULL;
5077 0           break;
5078             }
5079 22815 50         if (moreInSet)
5080             {
5081 0           goto MORE_IN_SET;
5082             }
5083             }
5084             /* Hash is used to quickly compare DNs */
5085             # ifdef USE_SHA1
5086 5808           psSha1PreInit(&hash);
5087 5808           psSha1Init(&hash);
5088 5808           psSha1Update(&hash, dnStart, (dnEnd - dnStart));
5089 5808           psSha1Final(&hash, (unsigned char *) attribs->hash);
5090             # else
5091             psSha256PreInit(&hash);
5092             psSha256Init(&hash);
5093             psSha256Update(&hash, dnStart, (dnEnd - dnStart));
5094             psSha256Final(&hash, (unsigned char *) attribs->hash);
5095             # endif
5096 5808           *pp = p;
5097 5808           return PS_SUCCESS;
5098             }
5099              
5100             /******************************************************************************/
5101             /*
5102             Free helper
5103             */
5104 8640           void psX509FreeDNStruct(x509DNattributes_t *dn, psPool_t *allocPool)
5105             {
5106 8640           psFree(dn->dnenc, allocPool);
5107              
5108 8640           psFree(dn->country, allocPool);
5109 8640           psFree(dn->organization, allocPool);
5110 8640           freeOrgUnitList(dn->orgUnit, allocPool);
5111 8640           psFree(dn->dnQualifier, allocPool);
5112 8640           psFree(dn->state, allocPool);
5113 8640           psFree(dn->commonName, allocPool);
5114 8640           psFree(dn->serialNumber, allocPool);
5115 8640           freeDomainComponentList(dn->domainComponent, allocPool);
5116             # ifdef USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD
5117 8640           psFree(dn->locality, allocPool);
5118 8640           psFree(dn->title, allocPool);
5119 8640           psFree(dn->surname, allocPool);
5120 8640           psFree(dn->givenName, allocPool);
5121 8640           psFree(dn->initials, allocPool);
5122 8640           psFree(dn->pseudonym, allocPool);
5123 8640           psFree(dn->generationQualifier, allocPool);
5124             # endif /* USE_EXTRA_DN_ATTRIBUTES_RFC5280_SHOULD */
5125             # ifdef USE_EXTRA_DN_ATTRIBUTES
5126             psFree(dn->streetAddress, allocPool);
5127             psFree(dn->postalAddress, allocPool);
5128             psFree(dn->telephoneNumber, allocPool);
5129             psFree(dn->uid, allocPool);
5130             psFree(dn->name, allocPool);
5131             psFree(dn->email, allocPool);
5132             # endif /* USE_EXTRA_DN_ATTRIBUTES */
5133 8640           }
5134              
5135              
5136             /******************************************************************************/
5137             /*
5138             Fundamental routine to test whether the supplied issuerCert issued
5139             the supplied subjectCert. There are currently two tests that are
5140             performed here:
5141             1. A strict SHA1 hash comparison of the Distinguished Name details
5142             2. A test of the public key cryptographic cert signature
5143              
5144             subjectCert may be a chain. Cert chains must always be passed with
5145             the child-most as the first in the list (the 'next' structure member
5146             points to the parent). The authentication of the entire chain
5147             will be tested before the issuerCert is used to authenticate the
5148             parent-most certificate
5149              
5150             issuerCert will always be a treated as a single certificate even if it
5151             is a chain
5152              
5153             If there is no issuerCert the parent-most subejct cert will always
5154             be tested as a self-signed CA certificate.
5155              
5156             So there are three uses:
5157             1. Test a cert was issued by another (single subjectCert, single issuerCert)
5158             1. Test a self signed cert (single cert to subjectCert, no issuerCert)
5159             2. Test a CA terminated chain (cert chain to subjectCert, no issuerCert)
5160              
5161             This function exits with a failure code on the first authentication
5162             that doesn't succeed. The 'authStatus' members may be examined for more
5163             information of where the authentication failed.
5164              
5165             The 'authStatus' member of the issuerCert will be set to PS_FALSE
5166             since it will not be authenticated.
5167              
5168             The 'authStatus' members of the subjectCert structures will always
5169             be reset to PS_FALSE when this routine is called and set to PS_TRUE
5170             when authenticated. Any error during the authentication will set the
5171             current subject cert 'authStatus' member to PS_CERT_AUTH_FAIL and the
5172             function will return with an error code.
5173              
5174             Return codes:
5175             PS_SUCCESS - yes
5176              
5177             PS_CERT_AUTH_FAIL - nope. these certs are not a match
5178             PS_UNSUPPORTED_FAIL - unrecognized cert format
5179             PS_ARG_FAIL - local, psRsaDecryptPub
5180             PS_LIMIT_FAIL - psRsaDecryptPub
5181             PS_FAILURE - internal psRsaDecryptPub failure
5182              
5183             There is nothing for the caller to free at the completion of this
5184             routine.
5185             */
5186 1295           int32 psX509AuthenticateCert(psPool_t *pool, psX509Cert_t *subjectCert,
5187             psX509Cert_t *issuerCert, psX509Cert_t **foundIssuer,
5188             void *hwCtx, void *poolUserPtr)
5189             {
5190             psX509Cert_t *ic, *sc;
5191             int32 sigType, rc;
5192             uint32 sigLen;
5193 1295           void *rsaData = NULL;
5194              
5195             # ifdef USE_ECC
5196             int32 sigStat;
5197             # endif /* USE_ECC */
5198             # ifdef USE_RSA
5199             unsigned char sigOut[10 + MAX_HASH_SIZE + 9]; /* Max size */
5200 1295           unsigned char *tempSig = NULL;
5201             # endif /* USE_RSA */
5202 1295           psPool_t *pkiPool = NULL;
5203             # ifdef USE_PKCS1_PSS
5204             psSize_t pssLen;
5205             # endif
5206              
5207 1295           rc = 0;
5208 1295           sigLen = 0;
5209 1295 50         if (subjectCert == NULL)
5210             {
5211             psTraceCrypto("No subject cert given to psX509AuthenticateCert\n");
5212 0           return PS_ARG_FAIL;
5213             }
5214              
5215             /*
5216             Determine what we've been passed
5217             */
5218 1295 100         if (issuerCert == NULL)
5219             {
5220             /* reset auth flags in subjectCert chain and find first sc and ic */
5221 1           sc = subjectCert;
5222 3 100         while (sc)
5223             {
5224 2           sc->authStatus = PS_FALSE;
5225 2           sc = sc->next;
5226             }
5227             /* Now see if this is a chain or just a single cert */
5228 1           sc = subjectCert;
5229 1 50         if (sc->next == NULL)
5230             {
5231 0           ic = sc; /* A single subject cert for self-signed test */
5232             }
5233             else
5234             {
5235 1           ic = sc->next;
5236             }
5237             }
5238             else
5239             {
5240 1294           issuerCert->authStatus = PS_FALSE;
5241 1294           ic = issuerCert; /* Easy case of single subject and single issuer */
5242 1294           sc = subjectCert;
5243             }
5244              
5245             /*
5246             Error on first problem seen and set the subject status to FAIL
5247             */
5248 2445 100         while (ic)
5249             {
5250             /*
5251             Certificate authority constraint only available in version 3 certs.
5252             Only parsing version 3 certs by default though.
5253             */
5254 1296 50         if ((ic->version > 1) && (ic->extensions.bc.cA != CA_TRUE))
    50          
5255             {
5256 0 0         if (sc != ic)
5257             {
5258             psTraceCrypto("Issuer does not have basicConstraint CA permissions\n");
5259 0           sc->authStatus = PS_CERT_AUTH_FAIL_BC;
5260 0           return PS_CERT_AUTH_FAIL_BC;
5261             }
5262             }
5263              
5264             /*
5265             Use sha1 hash of issuer fields computed at parse time to compare
5266             */
5267 1296 100         if (memcmp(sc->issuer.hash, ic->subject.hash, SHA1_HASH_SIZE) != 0)
5268             {
5269             /* #define ALLOW_INTERMEDIATES_AS_ROOTS */
5270             # ifdef ALLOW_INTERMEDIATES_AS_ROOTS
5271             /* In a typical deployment, we have this trust chain:
5272             leaf->intermediate->(root)
5273             Where leaf and intermediate are sent by the peer and root is loaded by the
5274             application as a trusted CA.
5275             In some cases, it may not be desireable to load the root cert as a CA and
5276             validate every certificate it has signed. This is usually due to a
5277             legacy v1 certificate or certificate using a weak cryptographic
5278             algorithm.
5279             Ideally, the certificate chain can be re-issued or cross-signed by a modern
5280             root certifiate. However, a workaround is to load the final intermediate
5281             certificate in the application as a trusted, non self-signed root.
5282             The peer sends the leaf->intermediate chain as before, but the application
5283             loads the intermediate, not the root as a trusted CA cert.
5284             Without special treatment, this arranement will fail validation because the
5285             intermediate has been issued by 'root', and that is what it wants to validate
5286             against. However, if we check to see if a copy of intermediate is itself in the
5287             issuer list, then we have validated to a trusted root and do not need
5288             to verify the signature on the intermediate.
5289             Note this implementation only allows the last cert in the chain sent by
5290             the client to be treated as root, for example in a chain with 2 intermediates:
5291             Peer sends l->i1->i2->(root)
5292             Valid CA to load: i2 or root
5293             Invalid CA to load: l or i1
5294             */
5295             if (sc->signatureLen == ic->signatureLen
5296             && memcmpct(sc->signature, ic->signature, sc->signatureLen) == 0)
5297             {
5298             /* Skip some of the signature and issuer checks */
5299             goto L_INTERMEDIATE_ROOT;
5300             }
5301             # endif
5302             if (sc == ic)
5303             {
5304             psTraceCrypto("Info: not a self-signed certificate\n");
5305             }
5306             else
5307             {
5308             psTraceCrypto("Issuer DN attributes do not match subject\n");
5309             }
5310 146           sc->authStatus = PS_CERT_AUTH_FAIL_DN;
5311 146           return PS_CERT_AUTH_FAIL_DN;
5312             }
5313              
5314             # ifdef USE_CRL
5315             /* This function operates on the global cache */
5316 1150           psCRL_determineRevokedStatus(sc);
5317             /* The only status that is going to make us terminate the connection
5318             immediately is if we find REVOKED_AND_AUTHENTICATED */
5319 1150 50         if (sc->revokedStatus == CRL_CHECK_REVOKED_AND_AUTHENTICATED)
5320             {
5321 0           sc->authStatus = PS_CERT_AUTH_FAIL_REVOKED;
5322 0           return PS_CERT_AUTH_FAIL_REVOKED;
5323             }
5324             # endif
5325              
5326             /*
5327             Signature confirmation
5328             The sigLen is the ASN.1 size in bytes for encoding the hash.
5329             The magic 10 is comprised of the SEQUENCE and ALGORITHM ID overhead.
5330             The magic 9, 8, or 5 is the OID length of the corresponding algorithm.
5331             */
5332 1150           switch (sc->sigAlgorithm)
5333             {
5334             # ifdef USE_RSA
5335             # ifdef ENABLE_MD5_SIGNED_CERTS
5336             # ifdef USE_MD2
5337             case OID_MD2_RSA_SIG:
5338             # endif
5339             case OID_MD5_RSA_SIG:
5340             sigType = RSA_TYPE_SIG;
5341             sigLen = 10 + MD5_HASH_SIZE + 8;
5342             break;
5343             # endif
5344             # ifdef ENABLE_SHA1_SIGNED_CERTS
5345             case OID_SHA1_RSA_SIG:
5346             case OID_SHA1_RSA_SIG2:
5347 0           sigLen = 10 + SHA1_HASH_SIZE + 5;
5348 0           sigType = RSA_TYPE_SIG;
5349 0           break;
5350             # endif
5351             # ifdef USE_SHA224
5352             case OID_SHA224_RSA_SIG:
5353             sigLen = 10 + SHA224_HASH_SIZE + 9;
5354             sigType = RSA_TYPE_SIG;
5355             break;
5356             # endif
5357             # ifdef USE_SHA256
5358             case OID_SHA256_RSA_SIG:
5359 1150           sigLen = 10 + SHA256_HASH_SIZE + 9;
5360 1150           sigType = RSA_TYPE_SIG;
5361 1150           break;
5362             # endif
5363             # ifdef USE_SHA384
5364             case OID_SHA384_RSA_SIG:
5365 0           sigLen = 10 + SHA384_HASH_SIZE + 9;
5366 0           sigType = RSA_TYPE_SIG;
5367 0           break;
5368             # endif
5369             # ifdef USE_SHA512
5370             case OID_SHA512_RSA_SIG:
5371 0           sigLen = 10 + SHA512_HASH_SIZE + 9;
5372 0           sigType = RSA_TYPE_SIG;
5373 0           break;
5374             # endif
5375             # endif /* USE_RSA */
5376             # ifdef USE_ECC
5377             # ifdef ENABLE_SHA1_SIGNED_CERTS
5378             case OID_SHA1_ECDSA_SIG:
5379 0           sigLen = SHA1_HASH_SIZE;
5380 0           sigType = ECDSA_TYPE_SIG;
5381 0           break;
5382             # endif
5383             # ifdef USE_SHA224
5384             case OID_SHA224_ECDSA_SIG:
5385             sigLen = SHA224_HASH_SIZE;
5386             sigType = ECDSA_TYPE_SIG;
5387             break;
5388             # endif
5389             # ifdef USE_SHA256
5390             case OID_SHA256_ECDSA_SIG:
5391 0           sigLen = SHA256_HASH_SIZE;
5392 0           sigType = ECDSA_TYPE_SIG;
5393 0           break;
5394             # endif
5395             # ifdef USE_SHA384
5396             case OID_SHA384_ECDSA_SIG:
5397 0           sigLen = SHA384_HASH_SIZE;
5398 0           sigType = ECDSA_TYPE_SIG;
5399 0           break;
5400             # endif
5401             # ifdef USE_SHA512
5402             case OID_SHA512_ECDSA_SIG:
5403 0           sigLen = SHA512_HASH_SIZE;
5404 0           sigType = ECDSA_TYPE_SIG;
5405 0           break;
5406             # endif
5407             # endif /* USE_ECC */
5408              
5409             # ifdef USE_PKCS1_PSS
5410             case OID_RSASSA_PSS:
5411 0           switch (sc->pssHash)
5412             {
5413             # ifdef ENABLE_MD5_SIGNED_CERTS
5414             case PKCS1_MD5_ID:
5415             sigLen = MD5_HASH_SIZE;
5416             break;
5417             # endif
5418             # ifdef ENABLE_SHA1_SIGNED_CERTS
5419             case PKCS1_SHA1_ID:
5420 0           sigLen = SHA1_HASH_SIZE;
5421 0           break;
5422             # endif
5423             # ifdef USE_SHA224
5424             case PKCS1_SHA224_ID:
5425             sigLen = SHA224_HASH_SIZE;
5426             break;
5427             # endif
5428             # ifdef USE_SHA256
5429             case PKCS1_SHA256_ID:
5430 0           sigLen = SHA256_HASH_SIZE;
5431 0           break;
5432             # endif
5433             # ifdef USE_SHA384
5434             case PKCS1_SHA384_ID:
5435 0           sigLen = SHA384_HASH_SIZE;
5436 0           break;
5437             # endif
5438             # ifdef USE_SHA512
5439             case PKCS1_SHA512_ID:
5440 0           sigLen = SHA512_HASH_SIZE;
5441 0           break;
5442             # endif
5443             default:
5444 0           return PS_UNSUPPORTED_FAIL;
5445             }
5446 0           sigType = RSAPSS_TYPE_SIG;
5447 0           break;
5448             # endif
5449             default:
5450 0           sigType = PS_UNSUPPORTED_FAIL;
5451 0           break;
5452             }
5453              
5454 1150 50         if (sigType == PS_UNSUPPORTED_FAIL)
5455             {
5456 0           sc->authStatus = PS_CERT_AUTH_FAIL_SIG;
5457             psTraceIntCrypto("Unsupported certificate signature algorithm %d\n",
5458             subjectCert->sigAlgorithm);
5459 0           return sigType;
5460             }
5461              
5462             # ifdef USE_RSA
5463             if (sigType == RSA_TYPE_SIG || sigType == RSAPSS_TYPE_SIG)
5464             {
5465             }
5466             /* Now do the signature validation */
5467 1150 50         if (sigType == RSA_TYPE_SIG)
5468             {
5469 1150 50         psAssert(sigLen <= sizeof(sigOut));
5470             /*
5471             psRsaDecryptPub destroys the 'in' parameter so let it be a tmp
5472             */
5473 1150           tempSig = psMalloc(pool, sc->signatureLen);
5474 1150 50         if (tempSig == NULL)
5475             {
5476 0           psError("Memory allocation error: psX509AuthenticateCert\n");
5477 0           return PS_MEM_FAIL;
5478             }
5479 1150           memcpy(tempSig, sc->signature, sc->signatureLen);
5480              
5481 1150 50         if ((rc = psRsaDecryptPub(pkiPool, &ic->publicKey.key.rsa,
5482 1150           tempSig, sc->signatureLen, sigOut, sigLen, rsaData)) < 0)
5483             {
5484              
5485             psTraceCrypto("Unable to RSA decrypt certificate signature\n");
5486 0           sc->authStatus = PS_CERT_AUTH_FAIL_SIG;
5487 0           psFree(tempSig, pool);
5488 0           return rc;
5489             }
5490 1150           psFree(tempSig, pool);
5491 1150           rc = x509ConfirmSignature(sc->sigHash, sigOut, sigLen);
5492             }
5493             # if defined(USE_PKCS1_PSS) && !defined(USE_PKCS1_PSS_VERIFY_ONLY)
5494 1150 50         if (sigType == RSAPSS_TYPE_SIG)
5495             {
5496 0           tempSig = psMalloc(pool, sc->signatureLen);
5497 0 0         if (tempSig == NULL)
5498             {
5499 0           psError("Memory allocation error: psX509AuthenticateCert\n");
5500 0           return PS_MEM_FAIL;
5501             }
5502 0           pssLen = sc->signatureLen;
5503 0 0         if ((rc = psRsaCrypt(pkiPool, &ic->publicKey.key.rsa,
5504 0           sc->signature, sc->signatureLen, tempSig, &pssLen,
5505             PS_PUBKEY, rsaData)) < 0)
5506             {
5507 0           psFree(tempSig, pool);
5508 0           return rc;
5509             }
5510              
5511 0 0         if (psPkcs1PssDecode(pkiPool, sc->sigHash, sigLen, tempSig,
5512 0           pssLen, sc->saltLen, sc->pssHash, ic->publicKey.keysize * 8,
5513             &rc) < 0)
5514             {
5515 0           psFree(tempSig, pool);
5516 0           return PS_FAILURE;
5517             }
5518 0           psFree(tempSig, pool);
5519              
5520 0 0         if (rc == 0)
5521             {
5522             /* This is an indication the hash did NOT match */
5523 0           rc = -1; /* The test below is looking for < 0 */
5524             }
5525             }
5526             # endif /* defined(USE_PKCS1_PSS) && !defined(USE_PKCS1_PSS_VERIFY_ONLY) */
5527             # endif /* USE_RSA */
5528              
5529             # ifdef USE_ECC
5530 1150 50         if (sigType == ECDSA_TYPE_SIG)
5531             {
5532 0 0         if ((rc = psEccDsaVerify(pkiPool,
5533 0           &ic->publicKey.key.ecc,
5534 0           sc->sigHash, sigLen,
5535 0           sc->signature, sc->signatureLen,
5536             &sigStat, rsaData)) != 0)
5537             {
5538             psTraceCrypto("Error validating ECDSA certificate signature\n");
5539 0           sc->authStatus = PS_CERT_AUTH_FAIL_SIG;
5540 0           return rc;
5541             }
5542 0 0         if (sigStat == -1)
5543             {
5544             /* No errors, but signature didn't pass */
5545             psTraceCrypto("ECDSA certificate signature failed\n");
5546 0           rc = -1;
5547             }
5548             }
5549             # endif /* USE_ECC */
5550              
5551             /*
5552             Test what happen in the signature test?
5553             */
5554 1150 50         if (rc < PS_SUCCESS)
5555             {
5556 0           sc->authStatus = PS_CERT_AUTH_FAIL_SIG;
5557 0           return rc;
5558             }
5559              
5560              
5561             /* X.509 extension tests. Problems below here will be collected
5562             in flags and given to the user */
5563              
5564             /* Verify subject key and auth key if either is non-zero */
5565 1150 50         if (sc->extensions.ak.keyLen > 0 || ic->extensions.sk.len > 0)
    0          
5566             {
5567 1150 50         if (ic->extensions.sk.len != sc->extensions.ak.keyLen)
5568             {
5569             /* The one exception to this test would be if this is a
5570             self-signed CA being authenticated with the exact same
5571             self-signed CA and that certificate does not popluate
5572             the Authority Key Identifier extension */
5573 0 0         if ((sc->signatureLen == ic->signatureLen) &&
    0          
5574 0           (memcmp(sc->signature, ic->signature, ic->signatureLen)
5575             == 0))
5576             {
5577 0 0         if (sc->extensions.ak.keyLen != 0)
5578             {
5579             psTraceCrypto("Subject/Issuer key id mismatch\n");
5580 0           sc->authStatus = PS_CERT_AUTH_FAIL_AUTHKEY;
5581             }
5582             }
5583             else
5584             {
5585             psTraceCrypto("Subject/Issuer key id mismatch\n");
5586 0           sc->authStatus = PS_CERT_AUTH_FAIL_AUTHKEY;
5587             }
5588             }
5589             else
5590             {
5591 1150 50         if (memcmp(ic->extensions.sk.id, sc->extensions.ak.keyId,
5592 1150           ic->extensions.sk.len) != 0)
5593             {
5594             psTraceCrypto("Subject/Issuer key id data mismatch\n");
5595 0           sc->authStatus = PS_CERT_AUTH_FAIL_AUTHKEY;
5596             }
5597             }
5598             }
5599              
5600             /* Ensure keyCertSign of KeyUsage. The second byte of the BIT STRING
5601             will always contain the relevant information. */
5602 1150 100         if ( !(ic->extensions.keyUsageFlags & KEY_USAGE_KEY_CERT_SIGN))
5603             {
5604             /* @security If keyUsageFlags is zero, it may not exist at all
5605             in the cert. This is allowed if the cert was issued before
5606             the RFC was updated to require this field for CA certificates.
5607             RFC3280 and above specify this as a MUST for CACerts. */
5608 1148 50         if (ic->extensions.keyUsageFlags == 0)
5609             {
5610 1148           rc = issuedBefore(RFC_3280, ic);
5611             }
5612             else
5613             {
5614 0           rc = 0; /* Awkward code to force the compare below */
5615             }
5616             /* Iff rc == 1 we won't error */
5617 1148 50         if (!rc)
5618             {
5619             psTraceCrypto("Issuer does not allow keyCertSign in keyUsage\n");
5620 1148           sc->authFailFlags |= PS_CERT_AUTH_FAIL_KEY_USAGE_FLAG;
5621 1148           sc->authStatus = PS_CERT_AUTH_FAIL_EXTENSION;
5622             }
5623 0 0         else if (rc < 0)
5624             {
5625             psTraceCrypto("Issue date check failed\n");
5626 0           return PS_PARSE_FAIL;
5627             }
5628             }
5629             # ifdef ALLOW_INTERMEDIATES_AS_ROOTS
5630             L_INTERMEDIATE_ROOT:
5631             # endif
5632             /* If date was out of range in parse, and we have no other auth errors,
5633             set it here. Other errors "take priority" in the return code, although
5634             all can be accessed with authFailFlags. */
5635 1150 100         if (sc->authStatus == PS_FALSE
5636 2 50         && sc->authFailFlags & PS_CERT_AUTH_FAIL_DATE_FLAG)
5637             {
5638 0           sc->authStatus = PS_CERT_AUTH_FAIL_EXTENSION;
5639             }
5640             /*
5641             Fall through to here only if passed all non-failure checks.
5642             */
5643 1150 100         if (sc->authStatus == PS_FALSE) /* Hasn't been touched */
5644             {
5645 2           sc->authStatus = PS_CERT_AUTH_PASS;
5646             }
5647             /*
5648             Loop control for finding next ic and sc.
5649             */
5650 1150 100         if (ic == sc)
5651             {
5652 1           *foundIssuer = ic;
5653 1           ic = NULL; /* Single self-signed test completed */
5654             }
5655 1149 100         else if (ic == issuerCert)
5656             {
5657 1148           *foundIssuer = ic;
5658 1148           ic = NULL; /* If issuerCert was used, that is always final test */
5659             }
5660             else
5661             {
5662 1           sc = ic;
5663 1           ic = sc->next;
5664 1 50         if (ic == NULL) /* Reached end of chain */
5665             {
5666 1           *foundIssuer = ic;
5667 1           ic = sc; /* Self-signed test on final subectCert chain */
5668             }
5669             }
5670              
5671             }
5672 1295           return PS_SUCCESS;
5673             }
5674              
5675             # ifdef USE_RSA
5676             /******************************************************************************/
5677             /*
5678             Do the signature validation for a subject certificate against a
5679             known CA certificate
5680             */
5681 1150           static int32_t x509ConfirmSignature(const unsigned char *sigHash,
5682             const unsigned char *sigOut, psSize_t sigLen)
5683             {
5684             const unsigned char *end;
5685 1150           const unsigned char *p = sigOut;
5686             unsigned char hash[MAX_HASH_SIZE];
5687             int32_t oi;
5688             psSize_t len, plen;
5689              
5690 1150           end = p + sigLen;
5691             /*
5692             DigestInfo ::= SEQUENCE {
5693             digestAlgorithm DigestAlgorithmIdentifier,
5694             digest Digest }
5695              
5696             DigestAlgorithmIdentifier ::= AlgorithmIdentifier
5697              
5698             Digest ::= OCTET STRING
5699             */
5700 1150 50         if (getAsnSequence(&p, (uint32) (end - p), &len) < 0)
5701             {
5702             psTraceCrypto("Initial parse error in x509ConfirmSignature\n");
5703 0           return PS_PARSE_FAIL;
5704             }
5705              
5706             /* Could be MD5 or SHA1 */
5707 1150 50         if (getAsnAlgorithmIdentifier(&p, (uint32) (end - p), &oi, &plen) < 0)
5708             {
5709             psTraceCrypto("Algorithm ID parse error in x509ConfirmSignature\n");
5710 0           return PS_PARSE_FAIL;
5711             }
5712 1150 50         psAssert(plen == 0);
5713 2300           if ((*p++ != ASN_OCTET_STRING) ||
5714 2300 50         getAsnLength(&p, (uint32) (end - p), &len) < 0 ||
5715 1150           (uint32) (end - p) < len)
5716             {
5717             psTraceCrypto("getAsnLength parse error in x509ConfirmSignature\n");
5718 0           return PS_PARSE_FAIL;
5719             }
5720 1150           memcpy(hash, p, len);
5721 1150           switch (oi)
5722             {
5723             # ifdef ENABLE_MD5_SIGNED_CERTS
5724             # ifdef USE_MD2
5725             case OID_MD2_ALG:
5726             # endif
5727             case OID_MD5_ALG:
5728             if (len != MD5_HASH_SIZE)
5729             {
5730             psTraceCrypto("MD5_HASH_SIZE error in x509ConfirmSignature\n");
5731             return PS_LIMIT_FAIL;
5732             }
5733             break;
5734             # endif
5735             # ifdef ENABLE_SHA1_SIGNED_CERTS
5736             case OID_SHA1_ALG:
5737 0 0         if (len != SHA1_HASH_SIZE)
5738             {
5739             psTraceCrypto("SHA1_HASH_SIZE error in x509ConfirmSignature\n");
5740 0           return PS_LIMIT_FAIL;
5741             }
5742 0           break;
5743             # endif
5744             # ifdef USE_SHA224
5745             case OID_SHA224_ALG:
5746             if (len != SHA224_HASH_SIZE)
5747             {
5748             psTraceCrypto("SHA224_HASH_SIZE error in x509ConfirmSignature\n");
5749             return PS_LIMIT_FAIL;
5750             }
5751             break;
5752             # endif
5753             # ifdef USE_SHA256
5754             case OID_SHA256_ALG:
5755 1150 50         if (len != SHA256_HASH_SIZE)
5756             {
5757             psTraceCrypto("SHA256_HASH_SIZE error in x509ConfirmSignature\n");
5758 0           return PS_LIMIT_FAIL;
5759             }
5760 1150           break;
5761             # endif
5762             # ifdef USE_SHA384
5763             case OID_SHA384_ALG:
5764 0 0         if (len != SHA384_HASH_SIZE)
5765             {
5766             psTraceCrypto("SHA384_HASH_SIZE error in x509ConfirmSignature\n");
5767 0           return PS_LIMIT_FAIL;
5768             }
5769 0           break;
5770             # endif
5771             # ifdef USE_SHA512
5772             case OID_SHA512_ALG:
5773 0 0         if (len != SHA512_HASH_SIZE)
5774             {
5775             psTraceCrypto("SHA512_HASH_SIZE error in x509ConfirmSignature\n");
5776 0           return PS_LIMIT_FAIL;
5777             }
5778 0           break;
5779             # endif
5780             default:
5781             psTraceCrypto("Unsupported alg ID error in x509ConfirmSignature\n");
5782 0           return PS_UNSUPPORTED_FAIL;
5783             }
5784             /* hash should match sigHash */
5785 1150 50         if (memcmpct(hash, sigHash, len) != 0)
5786             {
5787             psTraceCrypto("Signature failure in x509ConfirmSignature\n");
5788 0           return PS_SIGNATURE_MISMATCH;
5789             }
5790 1150           return PS_SUCCESS;
5791             }
5792             # endif /* USE_RSA */
5793              
5794             /******************************************************************************/
5795             # endif /* USE_CERT_PARSE */
5796              
5797             # ifdef USE_OCSP
5798              
5799             /******************************************************************************/
5800              
5801 0           static int32_t parse_nonce_ext(const unsigned char *p, size_t sz,
5802             psBuf_t *nonceExtension)
5803             {
5804             psParseBuf_t pb;
5805             psParseBuf_t extensions;
5806             psParseBuf_t extension;
5807              
5808 0           memset(nonceExtension, 0, sizeof(psBuf_t));
5809 0 0         if (psParseBufFromStaticData(&pb, p, sz) == PS_SUCCESS)
5810             {
5811 0 0         if (psParseBufTryReadTagSub(&pb, &extensions, 0xA1))
5812             {
5813 0 0         while (psParseBufTryReadSequenceSub(&extensions,
5814             &extension))
5815             {
5816             psParseBuf_t sub;
5817 0           psParseBufReadSequenceSub(&extension, &sub);
5818 0 0         if (psParseBufTrySkipBytes(
5819             &sub,
5820             (const unsigned char *)
5821             "\x06\x09\x2b\x06\x01\x05"
5822             "\x05\x07\x30\x01\x02", 11))
5823             {
5824 0           psParseBufReadTagRef(
5825             &sub, nonceExtension, 0x04);
5826             }
5827 0           psParseBufFinish(&sub);
5828 0 0         if (psParseBufFinish(&extension) != PS_SUCCESS)
5829             {
5830 0           break;
5831             }
5832             }
5833 0           psParseBufFinish(&extensions);
5834             }
5835             }
5836 0           return PS_SUCCESS; /* No parsing errors detected. */
5837             }
5838              
5839 0           static void parseSingleResponseRevocationTimeAndReason(
5840             const unsigned char *p,
5841             psSize_t glen,
5842             psOcspSingleResponse_t *res)
5843             {
5844             /* Note: res has to have been cleared before this function.
5845             The function does not fill-in the relevant fields if they are
5846             not found. */
5847              
5848             /* get revocation time ASN.1 (GeneralizedTime / 0x18) */
5849 0 0         if (glen >= sizeof(res->revocationTime) + 2 &&
    0          
5850 0 0         p[0] == 0x18 && p[1] == sizeof(res->revocationTime))
5851             {
5852 0           memcpy(res->revocationTime, p + 2,
5853             sizeof(res->revocationTime));
5854             /* revocationReason [0] EXPLICIT CRLReason OPTIONAL
5855             CRLReason ::= ENUMERATED [RFC 5280] */
5856 0 0         if (glen >= sizeof(res->revocationTime) + 0x5 &&
    0          
5857 0 0         p[17] == 0xa0 && /* [0] */
5858 0 0         p[18] == 0x03 && /* length */
5859 0 0         p[19] == 0x0a && /* ENUMERATED */
5860 0 0         p[20] == 0x01 && /* length */
5861 0 0         p[21] <= 10 && /* CRL reason code 0-10, excluding 7. */
5862 0           p[21] != 7)
5863             {
5864 0           res->revocationReason = p[21];
5865             }
5866             }
5867 0           }
5868              
5869 0           static int32_t parseSingleResponse(uint32_t len, const unsigned char **cp,
5870             const unsigned char *end, psOcspSingleResponse_t *res)
5871             {
5872             const unsigned char *p;
5873             psSize_t glen, plen;
5874             int32_t oi;
5875              
5876 0           p = *cp;
5877              
5878             /* SingleResponse ::= SEQUENCE {
5879             certID CertID,
5880             certStatus CertStatus,
5881             thisUpdate GeneralizedTime,
5882             nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL,
5883             singleExtensions [1] EXPLICIT Extensions OPTIONAL }
5884             */
5885 0 0         if (getAsnSequence(&p, (int32) (end - p), &glen) < 0)
5886             {
5887             psTraceCrypto("Initial parseSingleResponse parse failure\n");
5888 0           return PS_PARSE_FAIL;
5889             }
5890             /* CertID ::= SEQUENCE {
5891             hashAlgorithm AlgorithmIdentifier
5892             {DIGEST-ALGORITHM, {...}},
5893             issuerNameHash OCTET STRING, -- Hash of issuer's DN
5894             issuerKeyHash OCTET STRING, -- Hash of issuer's public key
5895             serialNumber CertificateSerialNumber }
5896             */
5897 0 0         if (getAsnSequence(&p, (int32) (end - p), &glen) < 0)
5898             {
5899             psTraceCrypto("Initial parseSingleResponse parse failure\n");
5900 0           return PS_PARSE_FAIL;
5901             }
5902 0 0         if (getAsnAlgorithmIdentifier(&p, (int32) (end - p), &oi, &plen) < 0)
5903             {
5904 0           return PS_FAILURE;
5905             }
5906 0 0         psAssert(plen == 0);
5907 0           res->certIdHashAlg = oi;
5908              
5909 0           if ((*p++ != ASN_OCTET_STRING) ||
5910 0 0         getAsnLength(&p, (int32) (end - p), &glen) < 0 ||
5911 0           (uint32) (end - p) < glen)
5912             {
5913 0           return PS_PARSE_FAIL;
5914             }
5915 0           res->certIdNameHash = p;
5916 0           p += glen;
5917              
5918 0           if ((*p++ != ASN_OCTET_STRING) ||
5919 0 0         getAsnLength(&p, (int32) (end - p), &glen) < 0 ||
5920 0           (uint32) (end - p) < glen)
5921             {
5922 0           return PS_PARSE_FAIL;
5923             }
5924 0           res->certIdKeyHash = p;
5925 0           p += glen;
5926              
5927             /* serialNumber CertificateSerialNumber
5928              
5929             CertificateSerialNumber ::= INTEGER
5930             */
5931 0 0         if ((*p != (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 2)) &&
    0          
5932 0           (*p != ASN_INTEGER))
5933             {
5934             psTraceCrypto("X.509 getSerialNum failed on first bytes\n");
5935 0           return PS_PARSE_FAIL;
5936             }
5937 0           p++;
5938              
5939 0 0         if (getAsnLength(&p, (int32) (end - p), &glen) < 0 ||
    0          
5940 0           (uint32) (end - p) < glen)
5941             {
5942             psTraceCrypto("ASN getSerialNum failed\n");
5943 0           return PS_PARSE_FAIL;
5944             }
5945 0           res->certIdSerialLen = glen;
5946 0           res->certIdSerial = p;
5947 0           p += glen;
5948              
5949             /* CertStatus ::= CHOICE {
5950             good [0] IMPLICIT NULL,
5951             revoked [1] IMPLICIT RevokedInfo,
5952             unknown [2] IMPLICIT UnknownInfo }
5953             */
5954 0           memset(res->revocationTime, 0, sizeof(res->revocationTime));
5955 0           res->revocationReason = 0;
5956 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 0))
5957             {
5958 0           res->certStatus = 0;
5959 0           p += 2;
5960             }
5961 0 0         else if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
5962             {
5963 0           res->certStatus = 1;
5964             psTraceCrypto("OCSP CertStatus is revoked.\n");
5965             /* RevokedInfo ::= SEQUENCE {
5966             revocationTime GeneralizedTime,
5967             revocationReason [0] EXPLICIT CRLReason OPTIONAL }
5968             */
5969 0           p += 1;
5970 0 0         if (getAsnLength(&p, (int32) (end - p), &glen) < 0)
5971             {
5972             psTraceCrypto("Initial parseSingleResponse parse failure\n");
5973 0           return PS_PARSE_FAIL;
5974             }
5975             /* subfunction for parsing RevokedInfo. */
5976 0           parseSingleResponseRevocationTimeAndReason(p, glen, res);
5977 0           p += glen;
5978             }
5979 0 0         else if (*p == (ASN_CONTEXT_SPECIFIC | ASN_PRIMITIVE | 2))
5980             {
5981 0           res->certStatus = 2;
5982 0           p += 2; /* TOOD: Untested parse. Might be CONSTRUCTED encoding */
5983             /* UnknownInfo ::= NULL */
5984             }
5985             else
5986             {
5987             psTraceCrypto("OCSP CertStatus parse fail\n");
5988 0           return PS_PARSE_FAIL;
5989             }
5990              
5991             /* thisUpdate GeneralizedTime, */
5992 0 0         if ((end - p) < 1 || (*p != ASN_GENERALIZEDTIME))
    0          
5993             {
5994             psTraceCrypto("Malformed thisUpdate OCSP\n");
5995 0           return PS_PARSE_FAIL;
5996             }
5997 0           p++;
5998 0 0         if (getAsnLength(&p, (uint32) (end - p), &glen) < 0 ||
    0          
5999 0           (uint32) (end - p) < glen)
6000             {
6001 0           return PS_PARSE_FAIL;
6002             }
6003 0           res->thisUpdateLen = glen;
6004 0           res->thisUpdate = p;
6005 0           p += glen;
6006              
6007             /* nextUpdate [0] EXPLICIT GeneralizedTime OPTIONAL, */
6008 0           res->nextUpdate = NULL;
6009 0           res->nextUpdateLen = 0;
6010 0 0         if ((uint32) (end - p) >= 2 &&
    0          
6011 0           *p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
6012             {
6013 0           p++;
6014 0 0         if (getAsnLength(&p, (uint32) (end - p), &glen) < 0 ||
    0          
6015 0           (uint32) (end - p) < glen)
6016             {
6017 0           return PS_PARSE_FAIL;
6018             }
6019 0 0         if (*p == ASN_GENERALIZEDTIME && glen > 2)
    0          
6020             {
6021 0           res->nextUpdate = p + 2;
6022 0           res->nextUpdateLen = glen - 2;
6023             }
6024 0           p += glen;
6025             }
6026              
6027             /* singleExtensions [1] EXPLICIT Extensions OPTIONAL */
6028 0 0         if ((uint32) (end - p) >= 2 &&
    0          
6029 0           *p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
6030             {
6031 0           p++;
6032 0 0         if (getAsnLength(&p, (uint32) (end - p), &glen) < 0 ||
    0          
6033 0           (uint32) (end - p) < glen)
6034             {
6035 0           return PS_PARSE_FAIL;
6036             }
6037             /* TODO */
6038 0           p += glen; /* SKIPPING */
6039             }
6040              
6041 0           *cp = (unsigned char *) p;
6042 0           return PS_SUCCESS;
6043             }
6044              
6045 0           static int32_t ocspParseBasicResponse(psPool_t *pool, uint32_t len,
6046             const unsigned char **cp, unsigned char *end,
6047             psOcspResponse_t *res)
6048             {
6049             const unsigned char *p, *seqend, *startRes, *endRes;
6050             psOcspSingleResponse_t *singleResponse;
6051             psSha1_t sha;
6052              
6053             # ifdef USE_SHA256
6054             psSha256_t sha2;
6055             # endif
6056             # ifdef USE_SHA384
6057             psSha384_t sha3;
6058             # endif
6059             # ifdef USE_SHA512
6060             psSha512_t sha512;
6061             # endif
6062             psSize_t glen, plen;
6063             uint32_t blen;
6064             int32_t version, oid;
6065             int32_t cert_res;
6066              
6067             /* id-pkix-ocsp-basic
6068              
6069             BasicOCSPResponse ::= SEQUENCE {
6070             tbsResponseData ResponseData,
6071             signatureAlgorithm AlgorithmIdentifier,
6072             signature BIT STRING,
6073             certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
6074             */
6075 0           p = *cp;
6076              
6077 0 0         if (getAsnSequence(&p, (uint32) (end - p), &glen) < 0)
6078             {
6079             psTraceCrypto("Initial parse error in ocspParseBasicResponse\n");
6080 0           return PS_PARSE_FAIL;
6081             }
6082             /*
6083             ResponseData ::= SEQUENCE {
6084             version [0] EXPLICIT Version DEFAULT v1,
6085             responderID ResponderID,
6086             producedAt GeneralizedTime,
6087             responses SEQUENCE OF SingleResponse,
6088             responseExtensions [1] EXPLICIT Extensions OPTIONAL }
6089             */
6090 0           startRes = p; /* A response signature will be over ResponseData */
6091 0 0         if (getAsnSequence(&p, (uint32) (end - p), &glen) < 0)
6092             {
6093             psTraceCrypto("Early ResponseData parse error in psOcspParseResponse\n");
6094 0           return PS_PARSE_FAIL;
6095             }
6096 0 0         if (getExplicitVersion(&p, (uint32) (end - p), 0, &version) < 0)
6097             {
6098             psTraceCrypto("Version parse error in ResponseData\n");
6099 0           return PS_PARSE_FAIL;
6100             }
6101 0           res->version = version;
6102 0 0         if (version != 0)
6103             {
6104             psTraceIntCrypto("WARNING: Unknown OCSP ResponseData version %d\n",
6105             version);
6106 0           return PS_VERSION_UNSUPPORTED;
6107             }
6108             /*
6109             ResponderID ::= CHOICE {
6110             byName [1] Name,
6111             byKey [2] KeyHash }
6112             */
6113              
6114 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
6115             {
6116             const unsigned char *p2;
6117 0           p++;
6118 0 0         if (getAsnLength32(&p, (uint32_t) (end - p), &blen, 0) < 0 ||
    0          
6119 0 0         (uint32_t) (end - p) < blen || blen == 0)
6120             {
6121             psTraceCrypto("Error parsing Name in ResponseData\n");
6122 0           return PS_PARSE_FAIL;
6123             }
6124 0           res->responderName = p;
6125 0           res->responderKeyHash = NULL;
6126 0           p2 = p;
6127 0           p += blen;
6128             /* Check contents of ASN Sequence containing Name. */
6129 0           if ((*p2++ != (ASN_CONSTRUCTED | ASN_SEQUENCE)) ||
6130 0 0         getAsnLength32(&p2, (int32) (end - p2), &blen, 0) < 0 ||
6131 0           p != p2 + blen)
6132             {
6133             psTraceCrypto("Error parsing Name in ResponseData\n");
6134 0           res->responderName = NULL;
6135 0           return PS_PARSE_FAIL;
6136             }
6137             }
6138 0 0         else if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2))
6139             {
6140 0           p++;
6141 0 0         if (getAsnLength32(&p, (uint32_t) (end - p), &blen, 0) < 0 ||
    0          
6142 0           (uint32_t) (end - p) < blen)
6143             {
6144             psTraceCrypto("Error parsing KeyHash in ResponseData\n");
6145 0           return PS_PARSE_FAIL;
6146             }
6147             /* KeyHash ::= OCTET STRING -- SHA-1 hash of responder's public key
6148             -- (i.e., the SHA-1 hash of the value of the
6149             -- BIT STRING subjectPublicKey [excluding
6150             -- the tag, length, and number of unused
6151             -- bits] in the responder's certificate) */
6152 0           if ((*p++ != ASN_OCTET_STRING) ||
6153 0 0         getAsnLength(&p, (int32) (end - p), &glen) < 0 ||
6154 0 0         (uint32) (end - p) < glen ||
6155 0           glen != SHA1_HASH_SIZE)
6156             {
6157              
6158             psTraceCrypto("Couldn't parse KeyHash in ResponseData\n");
6159 0           return PS_FAILURE;
6160             }
6161 0 0         psAssert(glen == SHA1_HASH_SIZE);
6162 0           res->responderName = NULL;
6163 0           res->responderKeyHash = p;
6164 0           p += SHA1_HASH_SIZE;
6165             }
6166             else
6167             {
6168             psTraceCrypto("ResponderID parse error in ResponseData\n");
6169 0           return PS_PARSE_FAIL;
6170             }
6171              
6172             /* producedAt GeneralizedTime, */
6173 0 0         if ((end - p) < 1 || (*p != ASN_GENERALIZEDTIME))
    0          
6174             {
6175             psTraceCrypto("Malformed thisUpdate CRL\n");
6176 0           return PS_PARSE_FAIL;
6177             }
6178 0           p++;
6179 0 0         if (getAsnLength(&p, (uint32) (end - p), &glen) < 0 ||
    0          
6180 0           (uint32) (end - p) < glen)
6181             {
6182             psTraceCrypto("Malformed producedAt in ResponseData\n");
6183 0           return PS_PARSE_FAIL;
6184             }
6185             /* Perform quick parsing on data. */
6186 0 0         if (psBrokenDownTimeImport(NULL, (const char *) p, glen, 0) < 0)
6187             {
6188 0           return PS_PARSE_FAIL;
6189             }
6190 0           res->timeProducedLen = glen;
6191 0           res->timeProduced = p;
6192 0           p += glen;
6193              
6194             /* responses SEQUENCE OF SingleResponse, */
6195 0 0         if (getAsnSequence(&p, (int32) (end - p), &glen) < 0)
6196             {
6197             psTraceCrypto("Initial SingleResponse parse failure\n");
6198 0           return PS_PARSE_FAIL;
6199             }
6200              
6201 0           seqend = p + glen;
6202              
6203 0           plen = 0; /* for MAX_OCSP_RESPONSES control */
6204 0 0         while (p < seqend)
6205             {
6206 0           singleResponse = &res->singleResponse[plen];
6207 0 0         if (parseSingleResponse(glen, &p, seqend, singleResponse) < 0)
6208             {
6209 0           return PS_PARSE_FAIL;
6210             }
6211 0           plen++;
6212 0 0         if (p < seqend)
6213             {
6214             /* Additional responses */
6215 0 0         if (plen == MAX_OCSP_RESPONSES)
6216             {
6217             psTraceCrypto("ERROR: Multiple OCSP SingleResponse items. ");
6218             psTraceCrypto("Increase MAX_OCSP_RESPONSES to support\n");
6219 0           return PS_PARSE_FAIL;
6220             }
6221             }
6222             }
6223             /* responseExtensions [1] EXPLICIT Extensions OPTIONAL } */
6224 0 0         if (*p == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1))
6225             {
6226 0 0         if (parse_nonce_ext(p, end - p, &res->nonce) != PS_SUCCESS)
6227             {
6228 0           return PS_PARSE_FAIL;
6229             }
6230 0           p++;
6231 0 0         if (getAsnLength(&p, (uint32) (end - p), &glen) < 0 ||
    0          
6232 0           (uint32) (end - p) < glen)
6233             {
6234 0           return PS_PARSE_FAIL;
6235             }
6236             /* TODO: */
6237 0           p += glen; /* SKIPPING */
6238             }
6239 0           endRes = p;
6240              
6241             /* ResponseData DONE. On to signature:
6242              
6243             signatureAlgorithm AlgorithmIdentifier
6244             signature BIT STRING,
6245              
6246             The value for signature SHALL be computed on the hash of the DER
6247             encoding of ResponseData. The responder MAY include certificates in
6248             the certs field of BasicOCSPResponse that help the OCSP client
6249             verify the responder's signature. If no certificates are included,
6250             then certs SHOULD be absent. */
6251 0 0         if (getAsnAlgorithmIdentifier(&p, (uint32) (end - p), &oid, &plen) < 0)
6252             {
6253             psTraceCrypto("Initial SingleResponse parse failure\n");
6254 0           return PS_PARSE_FAIL;
6255             }
6256 0 0         if (plen > 0)
6257             {
6258             psTraceCrypto("Algorithm parameters on ResponseData sigAlg\n");
6259 0           p += plen;
6260             }
6261 0           res->sigAlg = oid;
6262              
6263 0           switch (oid)
6264             {
6265             /* OSCP requires SHA1 so no wrapper here */
6266             case OID_SHA1_RSA_SIG:
6267             case OID_SHA1_RSA_SIG2:
6268             # ifdef USE_ECC
6269             case OID_SHA1_ECDSA_SIG:
6270             # endif
6271 0           res->hashLen = SHA1_HASH_SIZE;
6272 0           psSha1PreInit(&sha);
6273 0           psSha1Init(&sha);
6274 0           psSha1Update(&sha, startRes, (int32) (endRes - startRes));
6275 0           psSha1Final(&sha, res->hashResult);
6276 0           break;
6277             # ifdef USE_SHA224
6278             case OID_SHA224_RSA_SIG:
6279             # ifdef USE_ECC
6280             case OID_SHA224_ECDSA_SIG:
6281             # endif
6282             res->hashLen = SHA224_HASH_SIZE;
6283             psSha224PreInit(&sha2);
6284             psSha224Init(&sha2);
6285             psSha224Update(&sha2, startRes, (int32) (endRes - startRes));
6286             psSha224Final(&sha2, res->hashResult);
6287             break;
6288             # endif
6289             # ifdef USE_SHA256
6290             case OID_SHA256_RSA_SIG:
6291             # ifdef USE_ECC
6292             case OID_SHA256_ECDSA_SIG:
6293             # endif
6294 0           res->hashLen = SHA256_HASH_SIZE;
6295 0           psSha256PreInit(&sha2);
6296 0           psSha256Init(&sha2);
6297 0           psSha256Update(&sha2, startRes, (int32) (endRes - startRes));
6298 0           psSha256Final(&sha2, res->hashResult);
6299 0           break;
6300             # endif
6301             # ifdef USE_SHA384
6302             case OID_SHA384_RSA_SIG:
6303             # ifdef USE_ECC
6304             case OID_SHA384_ECDSA_SIG:
6305             # endif
6306 0           res->hashLen = SHA384_HASH_SIZE;
6307 0           psSha384PreInit(&sha3);
6308 0           psSha384Init(&sha3);
6309 0           psSha384Update(&sha3, startRes, (int32) (endRes - startRes));
6310 0           psSha384Final(&sha3, res->hashResult);
6311 0           break;
6312             # endif
6313             # ifdef USE_SHA512
6314             case OID_SHA512_RSA_SIG:
6315             # ifdef USE_ECC
6316             case OID_SHA512_ECDSA_SIG:
6317             # endif
6318 0           res->hashLen = SHA512_HASH_SIZE;
6319 0           psSha512PreInit(&sha512);
6320 0           psSha512Init(&sha512);
6321 0           psSha512Update(&sha512, startRes, (int32) (endRes - startRes));
6322 0           psSha512Final(&sha512, res->hashResult);
6323 0           break;
6324             # endif
6325             default:
6326             psTraceCrypto("No support for sigAlg in OCSP ResponseData\n");
6327 0           return PS_UNSUPPORTED_FAIL;
6328             }
6329              
6330 0 0         if (*p++ != ASN_BIT_STRING)
6331             {
6332             psTraceCrypto("Error parsing signature in ResponseData\n");
6333 0           return PS_PARSE_FAIL;
6334             }
6335 0 0         if (getAsnLength(&p, (int32) (end - p), &glen) < 0 ||
    0          
6336 0           (uint32) (end - p) < glen)
6337             {
6338             psTraceCrypto("Error parsing signature in ResponseData\n");
6339 0           return PS_PARSE_FAIL;
6340             }
6341 0 0         if (*p++ != 0)
6342             {
6343             psTraceCrypto("Error parsing ignore bits in ResponseData sig\n");
6344 0           return PS_PARSE_FAIL;
6345             }
6346 0           glen--; /* ignore bits above */
6347 0           res->sig = p;
6348 0           res->sigLen = glen;
6349 0           p += glen;
6350              
6351             /* certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL } */
6352 0 0         if (end != p)
6353             {
6354             /* The responder MAY include certificates in the certs field of
6355             BasicOCSPResponse that help the OCSP client verify the responder's
6356             signature. */
6357 0 0         if (*p != (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 0))
6358             {
6359             psTraceCrypto("Unexpected Certificage encoding in OCSPResponse\n");
6360 0           return PS_PARSE_FAIL;
6361             }
6362 0           p++;
6363 0 0         if (getAsnLength(&p, (uint32) (end - p), &glen) < 0 ||
    0          
6364 0           (uint32) (end - p) < glen)
6365             {
6366 0           return PS_PARSE_FAIL;
6367             }
6368             /* If here, this is the cert that issued the OCSPResponse. Will
6369             authenticate during psOcspResponseValidateOld */
6370 0 0         if (getAsnSequence(&p, (uint32) (end - p), &glen) < 0)
6371             {
6372             psTraceCrypto("\n");
6373 0           return PS_PARSE_FAIL;
6374             }
6375 0 0         psAssert(glen == (end - p));
6376             /* will handle multiple certs if needed.
6377             Store certificate for reference. */
6378 0           cert_res = psX509ParseCert(pool, p, glen, &res->OCSPResponseCert,
6379             CERT_STORE_UNPARSED_BUFFER);
6380 0 0         if (cert_res < 0)
6381             {
6382 0           psX509FreeCert(res->OCSPResponseCert);
6383 0           return PS_PARSE_FAIL;
6384             }
6385 0           p += cert_res;
6386             }
6387 0 0         psAssert(p == end);
6388              
6389 0           *cp = (unsigned char *) p;
6390 0           return PS_SUCCESS;
6391             }
6392              
6393 0           int32_t psOcspResponseGetStatus(int32_t rc)
6394             {
6395             /* Check if response code is within
6396             PS_OCSP_MALFORMED_REQUEST ... PS_OCSP_UNAUTHORIZED range. */
6397 0 0         if (rc >= PS_OCSP_MALFORMED_REQUEST && rc <= PS_OCSP_UNAUTHORIZED)
    0          
6398             {
6399 0           rc -= PS_OCSP_MALFORMED_REQUEST - 1;
6400             /* Return code 4 is not used. */
6401 0 0         if (rc != 4)
6402             {
6403 0           return rc;
6404             }
6405             }
6406              
6407 0 0         return rc == PS_SUCCESS ? 0 /* successful */ : PS_FAILURE /* other error */;
6408             }
6409              
6410 0           int32_t psOcspParseResponse(psPool_t *pool, int32_t len, unsigned char **cp,
6411             unsigned char *end, psOcspResponse_t *response)
6412             {
6413             const unsigned char *p;
6414             int32_t err;
6415             int32_t status, oi;
6416             psSize_t glen;
6417             uint32_t blen;
6418              
6419 0           p = *cp;
6420             /* psTraceBytes("OCSPResponse", p, len); */
6421             /*
6422             OCSPResponse ::= SEQUENCE {
6423             responseStatus OCSPResponseStatus,
6424             responseBytes [0] EXPLICIT ResponseBytes OPTIONAL }
6425             */
6426 0 0         if (getAsnSequence(&p, (uint32) (end - p), &glen) < 0)
6427             {
6428             psTraceCrypto("Initial parse error in psOcspParseResponse\n");
6429 0           return PS_PARSE_FAIL;
6430             }
6431 0 0         if (getAsnEnumerated(&p, (uint32) (end - p), &status) < 0)
6432             {
6433             psTraceCrypto("Enum parse error in psOcspParseResponse\n");
6434 0           return PS_PARSE_FAIL;
6435             }
6436             /*
6437             OCSPResponseStatus ::= ENUMERATED {
6438             successful (0), -- Response has valid confirmations
6439             malformedRequest (1), -- Illegal confirmation request
6440             internalError (2), -- Internal error in issuer
6441             tryLater (3), -- Try again later
6442             -- (4) is not used
6443             sigRequired (5), -- Must sign the request
6444             unauthorized (6) -- Request unauthorized
6445             }
6446             */
6447 0 0         if (status != 0)
6448             {
6449             /* Something other than success. List right above here */
6450             psTraceCrypto("OCSPResponse contains no valid confirmations\n");
6451 0 0         if (status <= 6 && status != 4)
    0          
6452             {
6453             /* Map status codes to return codes. */
6454 0           return status + (PS_OCSP_MALFORMED_REQUEST - 1);
6455             }
6456             /* Status code is outside valid range. */
6457 0           return PS_PARSE_FAIL;
6458             }
6459              
6460             /* responseBytes [0] EXPLICIT ResponseBytes OPTIONAL, */
6461 0 0         if (*p == (ASN_CONSTRUCTED | ASN_CONTEXT_SPECIFIC | 0))
6462             {
6463 0           p++;
6464 0 0         if (getAsnLength32(&p, (uint32_t) (end - p), &blen, 0) < 0 ||
    0          
6465 0           (uint32_t) (end - p) < blen)
6466             {
6467             psTraceCrypto("Error parsing UserKeyingMaterial\n");
6468 0           return PS_PARSE_FAIL;
6469             }
6470              
6471             /* ResponseBytes ::= SEQUENCE {
6472             responseType OBJECT IDENTIFIER,
6473             response OCTET STRING }
6474             */
6475 0 0         if (getAsnSequence(&p, (uint32) (end - p), &glen) < 0)
6476             {
6477             psTraceCrypto("ResponseBytes parse error in psOcspParseResponse\n");
6478 0           return PS_PARSE_FAIL;
6479             }
6480 0           response->responseType = p;
6481 0 0         if (getAsnOID(&p, (uint32) (end - p), &oi, 1, &glen) < 0)
6482             {
6483 0           response->responseType = NULL;
6484             psTraceCrypto("responseType parse error in psOcspParseResponse\n");
6485 0           return PS_PARSE_FAIL;
6486             }
6487 0           if ((*p++ != ASN_OCTET_STRING) ||
6488 0 0         getAsnLength32(&p, (int32) (end - p), &blen, 0) < 0 ||
6489 0           (uint32) (end - p) < blen)
6490             {
6491              
6492             psTraceCrypto("Couldn't parse response in psOcspParseResponse\n");
6493 0           return PS_PARSE_FAIL;
6494             }
6495 0 0         if (oi == OID_BASIC_OCSP_RESPONSE)
6496             {
6497             /* id-pkix-ocsp-basic
6498              
6499             BasicOCSPResponse ::= SEQUENCE {
6500             tbsResponseData ResponseData,
6501             signatureAlgorithm AlgorithmIdentifier,
6502             signature BIT STRING,
6503             certs [0] EXPLICIT SEQUENCE OF Certificate OPTIONAL }
6504             */
6505             /* Clear response except keep response type.
6506             Response type only remains valid as long as parsed response
6507             is valid. */
6508 0           const unsigned char *responseType = response->responseType;
6509 0           memset(response, 0, sizeof(*response));
6510 0           response->responseType = responseType;
6511 0           err = ocspParseBasicResponse(pool, blen, &p, end, response);
6512 0 0         if (err < 0)
6513             {
6514             psTraceCrypto("ocspParseBasicResponse failure\n");
6515 0           return err;
6516             }
6517             }
6518             else
6519             {
6520             psTraceCrypto("unsupported responseType in psOcspParseResponse\n");
6521 0           return PS_MESSAGE_UNSUPPORTED;
6522             }
6523             }
6524 0 0         psAssert(end == p);
6525 0           *cp = (unsigned char *) p;
6526 0           return PS_SUCCESS;
6527             }
6528              
6529             /* Check validity of OCSP response and obtain the date stamps from it.
6530              
6531             If time_now is not provided, the current time will be requested from
6532             the oeprating system.
6533             This function extracts data information from parsed OCSP response.
6534             Because the dates in psOcspResponse_t are references to memory containing
6535             binary OCSP response, that memory must not have been released before calling
6536             this function. time_linger is useful to deal with the fact that the
6537             peer and this host may have tiny difference in their clocks.
6538              
6539             @param response Pointer to OCSP response structure (from psOcspParseResponse)
6540             @param index The index of OCSP single response to handle (0 for the first).
6541             @param timeNow A pointer to structure filled in with psGetBrokenDownGMTime(),
6542             or gmtime(), structure initialized to all zero or NULL.
6543             @param producedAt If non-NULL Will be filled in with time the structure
6544             was produced.
6545             @param thisUpdate If non-NULL Will be filled in with time the OCSP
6546             information was updated (usually the same as producedAt).
6547             @param nextUpdate If non-NULL Will be filled in with time the OCSP
6548             information needs to be updated.
6549             @param time_linger Amout of flexibility in comparison of times.
6550             Recommended value: PS_OCSP_TIME_LINGER (120)
6551             @retval PS_SUCCESS If the dates were extracted from response and the
6552             response in comparison with timeNow is valid.
6553             @retval PS_TIMEOUT_FAIL The datas were extracted from response, but
6554             the response has timed out. (Or the response is too far in future.)
6555             @retval PS_PARSE_FAIL If error occurred parsing the data information in
6556             the request.
6557             */
6558 0           int32_t psOcspResponseCheckDates(psOcspResponse_t *response,
6559             int index,
6560             psBrokenDownTime_t *timeNow,
6561             psBrokenDownTime_t *producedAt,
6562             psBrokenDownTime_t *thisUpdate,
6563             psBrokenDownTime_t *nextUpdate,
6564             int time_linger)
6565             {
6566             psBrokenDownTime_t tmp, tmp2, tmp3, tmp4;
6567 0           unsigned char ok = 1;
6568             int32 err;
6569             psOcspSingleResponse_t *subjectResponse;
6570             psBrokenDownTime_t timeNowLinger;
6571              
6572 0 0         if (index >= MAX_OCSP_RESPONSES)
6573             {
6574 0           return PS_ARG_FAIL;
6575             }
6576              
6577 0 0         if (timeNow == NULL)
6578             {
6579 0           memset(&tmp, 0, sizeof tmp);
6580 0           timeNow = &tmp;
6581             }
6582              
6583 0 0         if (timeNow->tm_year == 0)
6584             {
6585             /* The structure appears not filled in, use psGetBrokenDownGMTime() to
6586             get the current time. */
6587 0           err = psGetBrokenDownGMTime(timeNow, 0);
6588 0 0         if (err != PS_SUCCESS)
6589             {
6590 0           return PS_FAIL;
6591             }
6592             }
6593 0           memcpy(&timeNowLinger, timeNow, sizeof timeNowLinger);
6594 0           err = psBrokenDownTimeAdd(&timeNowLinger, time_linger);
6595 0 0         if (err != PS_SUCCESS)
6596             {
6597 0           return PS_FAIL;
6598             }
6599              
6600 0 0         if (thisUpdate == NULL)
6601             {
6602 0           thisUpdate = &tmp2;
6603             }
6604              
6605 0 0         if (nextUpdate == NULL)
6606             {
6607 0           nextUpdate = &tmp3;
6608             }
6609              
6610 0 0         if (producedAt == NULL)
6611             {
6612 0           producedAt = &tmp4;
6613             }
6614              
6615 0           ok &= psBrokenDownTimeImport(producedAt,
6616 0           (const char *) response->timeProduced,
6617 0           response->timeProducedLen,
6618 0           0) == PS_SUCCESS;
6619              
6620 0           subjectResponse = &response->singleResponse[index];
6621              
6622 0 0         if (subjectResponse->thisUpdate)
6623             {
6624 0           ok &= psBrokenDownTimeImport(thisUpdate,
6625 0           (const char *) subjectResponse->thisUpdate,
6626 0           subjectResponse->thisUpdateLen,
6627 0           0) == PS_SUCCESS;
6628             }
6629             else
6630             {
6631 0           ok = 0;
6632             }
6633              
6634 0 0         if (subjectResponse->nextUpdate != NULL)
6635             {
6636             /* Next update provided, OCSP is valid until that time. */
6637 0           ok &= psBrokenDownTimeImport(nextUpdate,
6638 0           (const char *) subjectResponse->nextUpdate,
6639 0           subjectResponse->nextUpdateLen,
6640 0           0) == PS_SUCCESS;
6641             }
6642 0 0         else if (ok)
6643             {
6644             /* If there is no next update, the server supports
6645             continous updates and nextUpdate time is considered
6646             identical to the this update time. */
6647 0           ok &= psBrokenDownTimeImport(nextUpdate,
6648 0           (const char *) subjectResponse->thisUpdate,
6649 0           subjectResponse->thisUpdateLen,
6650 0           0) == PS_SUCCESS;
6651             }
6652              
6653 0 0         if (ok == 1)
6654             {
6655             /* Consider linger when comparing nextUpdateTime. */
6656             psBrokenDownTime_t nextUpdateTimeLinger;
6657 0           memcpy(&nextUpdateTimeLinger, nextUpdate, sizeof nextUpdateTimeLinger);
6658 0           err = psBrokenDownTimeAdd(&nextUpdateTimeLinger, time_linger);
6659 0 0         if (err != PS_SUCCESS)
6660             {
6661 0           return err;
6662             }
6663              
6664             /* Now check that current time considering linger is between
6665             thisUpdate and nextUpdate. */
6666              
6667 0 0         if (psBrokenDownTimeCmp(thisUpdate, &timeNowLinger) > 0)
6668             {
6669             /* thisUpdate is in future even considering linger => reject. */
6670 0           err = PS_TIMEOUT_FAIL;
6671             }
6672 0 0         else if (psBrokenDownTimeCmp(&nextUpdateTimeLinger, timeNow) < 0)
6673             {
6674             /* nextUpdate is in past even considering linger => reject. */
6675 0           err = PS_TIMEOUT_FAIL;
6676             }
6677             else
6678             {
6679             /* err has already been set to PS_SUCCESS */
6680             }
6681             }
6682             else
6683             {
6684 0           err = PS_PARSE_FAIL;
6685             }
6686 0           return err;
6687             }
6688              
6689              
6690             /* Diff the current time against the OCSP timestamp and confirm it's not
6691             longer than the user is willing to trust. */
6692 0           static int32_t checkOCSPtimestamp(psOcspResponse_t *response, int index)
6693             {
6694 0           return psOcspResponseCheckDates(response, index, NULL, NULL, NULL, NULL,
6695             PS_OCSP_TIME_LINGER);
6696             }
6697              
6698             /* Partial OCSP request parser: just locate nonceExtension if present. */
6699 0           static int32_t parseOcspReq(const void *data, size_t datalen,
6700             psBuf_t *nonceExtension)
6701             {
6702             psParseBuf_t pb;
6703             psParseBuf_t ocspRequest;
6704             psParseBuf_t tbsRequest;
6705             psParseBuf_t extensions;
6706             psParseBuf_t extension;
6707             psParseBuf_t requestList;
6708             psParseBuf_t request;
6709             psParseBuf_t requestCert;
6710             psParseBuf_t requestCertContent;
6711             int rc;
6712              
6713 0           rc = psParseBufFromStaticData(&pb, data, datalen);
6714 0 0         if (rc != PS_SUCCESS)
6715             {
6716 0           return rc;
6717             }
6718 0           psParseBufReadSequenceSub(&pb, &ocspRequest);
6719             /* Ensure subbuffer is advanced and main buffer is not. */
6720 0           psParseBufReadSequenceSub(&ocspRequest, &tbsRequest);
6721             /* Ignore version number (v1 == 0) if present. */
6722 0           psParseBufTrySkipBytes(&tbsRequest, (const unsigned char *)
6723             "\xA0\x03\x02\x01\x00", 5);
6724             /* Skip requestorName if present. */
6725 0           psParseBufTrySkipTag(&tbsRequest, 0xA1);
6726             /* Skip requestList (must be present with at least one request). */
6727 0           psParseBufReadSequenceSub(&tbsRequest, &requestList);
6728 0           psParseBufReadSequenceSub(&requestList, &request);
6729 0           psParseBufReadSequenceSub(&request, &requestCert);
6730 0           psParseBufReadSequenceSub(&requestCert, &requestCertContent);
6731 0           psParseBufFinish(&requestCertContent);
6732 0           psParseBufFinish(&requestCert);
6733 0           psParseBufFinish(&request);
6734 0           psParseBufFinish(&requestList);
6735 0 0         if (psParseBufTryReadTagSub(&tbsRequest, &extensions, 0xA2))
6736             {
6737 0 0         while (psParseBufTryReadSequenceSub(&extensions, &extension))
6738             {
6739             psParseBuf_t sub;
6740 0           psParseBufReadSequenceSub(&extension, &sub);
6741 0 0         if (psParseBufTrySkipBytes(
6742             &sub,
6743             (const unsigned char *)
6744             "\x06\x09\x2b\x06\x01\x05"
6745             "\x05\x07\x30\x01\x02", 11))
6746             {
6747 0           psParseBufReadTagRef(
6748             &sub, nonceExtension, 0x04);
6749             }
6750 0           psParseBufFinish(&sub);
6751 0 0         if (psParseBufFinish(&extension) != PS_SUCCESS)
6752             {
6753 0           break;
6754             }
6755             }
6756 0           psParseBufFinish(&extensions);
6757             }
6758 0           psParseBufFinish(&tbsRequest);
6759 0           return psParseBufFinish(&ocspRequest);
6760             }
6761              
6762             #define RESPONDER_NAME_MAX_LENGTH 1024
6763              
6764 0           static int32_t ocspMatchResponderCert(const psOcspResponse_t *response,
6765             const psX509Cert_t *curr)
6766             {
6767 0 0         if (response->responderKeyHash != NULL)
6768             {
6769             /* Match certificate using key hash. */
6770 0 0         if (memcmpct(response->responderKeyHash, curr->sha1KeyHash, 20) == 0)
6771             {
6772 0           return PS_SUCCESS;
6773             }
6774             }
6775 0 0         else if (response->responderName != NULL)
6776             {
6777             uint32_t len;
6778             /* Obtain the length of name tag including header.
6779             Note: responderName has already been validated during parsing,
6780             so getAsnTagLenUnsafe is ok.
6781             */
6782 0           len = getAsnTagLenUnsafe(response->responderName);
6783              
6784 0 0         if (len < 2 || len > RESPONDER_NAME_MAX_LENGTH)
    0          
6785             {
6786 0           return PS_FAILURE;
6787             }
6788              
6789             /* Match certificate using subject name. */
6790 0 0         if (curr->unparsedBin == NULL ||
    0          
6791 0           curr->binLen < curr->subjectKeyDerOffsetIntoUnparsedBin + len)
6792             {
6793 0           return PS_FAILURE;
6794             }
6795              
6796 0 0         if (memcmpct(curr->unparsedBin +
6797 0           curr->subjectKeyDerOffsetIntoUnparsedBin,
6798 0           response->responderName, len) == 0)
6799             {
6800 0           return PS_SUCCESS;
6801             }
6802             }
6803 0           return PS_FAILURE;
6804             }
6805              
6806 0           int32_t psOcspResponseValidate(psPool_t *pool, psX509Cert_t *trustedOCSP,
6807             psX509Cert_t *srvCerts, psOcspResponse_t *response,
6808             psValidateOCSPResponseOptions_t *vOpts
6809             )
6810             {
6811             static psValidateOCSPResponseOptions_t vOptsDefault;
6812             psX509Cert_t *curr, *issuer, *subject, *ocspResIssuer;
6813             psOcspSingleResponse_t *subjectResponse;
6814             unsigned char sigOut[MAX_HASH_SIZE];
6815             int32 sigOutLen, sigType, index;
6816 0           psPool_t *pkiPool = NULL;
6817              
6818 0           psBool_t knownFlag = PS_FALSE;
6819 0           psBool_t revocationFlag = PS_FALSE;
6820 0           psBuf_t nonceExtReq = { NULL };
6821              
6822             /* use default validation options if not specified. */
6823 0 0         if (vOpts == NULL)
6824             {
6825 0           vOpts = &vOptsDefault;
6826             }
6827              
6828             /* Find interesting options from request. */
6829 0 0         if (vOpts->request)
6830             {
6831 0           int rc = parseOcspReq(vOpts->request, vOpts->requestLen,
6832             &nonceExtReq);
6833 0 0         if (rc != PS_SUCCESS)
6834             {
6835 0           return PS_ARG_FAIL;
6836             }
6837             }
6838              
6839             /* Find the OCSP cert that signed the response. First place to look is
6840             within the OCSPResponse itself */
6841 0           issuer = NULL;
6842 0 0         if (response->OCSPResponseCert)
6843             {
6844             /* If there is a cert here it is something that has to be authenticated.
6845             We will either leave this case with a successful auth or failure */
6846 0           curr = response->OCSPResponseCert;
6847 0 0         while (curr != NULL)
6848             {
6849             /* The outer responderKeyHash should be matching one of the certs
6850             that was attached to the OCSPResonse itself */
6851 0 0         if (ocspMatchResponderCert(response, curr) == PS_SUCCESS)
6852             {
6853             /* Found it... but now we have to authenticate it against
6854             our known list of CAs. issuer in the context of this
6855             function is the OCSPResponse issuer but here we are looking
6856             for the CA of THAT cert so it's 'subject' in this area */
6857 0           subject = curr;
6858 0           ocspResIssuer = trustedOCSP; /* preloaded sslKeys->CA */
6859 0 0         while (ocspResIssuer)
6860             {
6861 0 0         if (memcmp(ocspResIssuer->subject.hash,
6862 0           subject->issuer.hash, 20) == 0)
6863             {
6864              
6865 0 0         if (psX509AuthenticateCert(pool, subject, ocspResIssuer,
6866             &ocspResIssuer, NULL, NULL) == 0)
6867             {
6868             /* OK, we held the CA that issued the OCSPResponse
6869             so we'll now trust that cert that was provided
6870             in the OCSPResponse */
6871 0           ocspResIssuer = NULL;
6872 0           issuer = subject;
6873             }
6874             else
6875             {
6876             /* Auth failure */
6877             psTraceCrypto("Attached OCSP cert didn't auth\n");
6878 0           return PS_FAILURE;
6879             }
6880             }
6881             else
6882             {
6883 0           ocspResIssuer = ocspResIssuer->next;
6884             }
6885             }
6886 0           curr = NULL;
6887             }
6888             else
6889             {
6890 0           curr = curr->next;
6891             }
6892             }
6893 0 0         if (issuer == NULL)
6894             {
6895             psTraceCrypto("Found no CA to authenticate attached OCSP cert\n");
6896 0           return PS_FAILURE; /* no preloaded CA to auth cert in response */
6897             }
6898             }
6899              
6900             /* Issuer will be NULL if there was no certificate attached to the
6901             OCSP response. Now look to the user loaded CA files */
6902 0 0         if (issuer == NULL)
6903             {
6904 0           curr = trustedOCSP;
6905 0 0         while (curr != NULL)
6906             {
6907             /* Currently looking for the subjectKey extension to match the
6908             public key hash from the response */
6909 0 0         if (ocspMatchResponderCert(response, curr) == PS_SUCCESS)
6910             {
6911 0           issuer = curr;
6912 0           curr = NULL;
6913             }
6914             else
6915             {
6916 0           curr = curr->next;
6917             }
6918             }
6919             }
6920              
6921             /* It is possible a certificate embedded in the server certificate
6922             chain was itself the OCSP responder */
6923 0 0         if (issuer == NULL)
6924             {
6925             /* Don't look at the first cert in the chain because that is the
6926             one we are trying to find the OCSP responder public key for */
6927 0           curr = srvCerts->next;
6928 0 0         while (curr != NULL)
6929             {
6930             /* Currently looking for the subjectKey extension to match the
6931             public key hash from the response */
6932 0 0         if (ocspMatchResponderCert(response, curr) == PS_SUCCESS)
6933             {
6934 0           issuer = curr;
6935 0           curr = NULL;
6936             }
6937             else
6938             {
6939 0           curr = curr->next;
6940             }
6941             }
6942             }
6943              
6944 0 0         if (issuer == NULL)
6945             {
6946             psTraceCrypto("Unable to locate OCSP responder CA for validation\n");
6947 0           return PS_FAILURE;
6948             }
6949              
6950             /* Now check to see that the response is vouching for the subject cert
6951             that we are interested in. The subject will always be the first
6952             cert in the server CERTIFICATE chain */
6953 0           subject = srvCerts;
6954              
6955             /* Now look to match this cert within the singleResponse members.
6956              
6957             There are three components to a CertID that should be used to validate
6958             we are looking at the correct OCSP response for the subjecct cert.
6959              
6960             It appears the only "unique" portion of our subject cert that
6961             went into the signature of this response is the serial number.
6962             The "issuer" information of the subject cert also went into the
6963             signature but that isn't exactly unique. Seems a bit odd that the
6964             combo of the issuer and the serial number are the only thing that tie
6965             this subject cert back to the response but serial numbers are the basis
6966             for CRL as well so it must be good enough */
6967 0           index = 0;
6968 0 0         while (index < MAX_OCSP_RESPONSES)
6969             {
6970 0           subjectResponse = &response->singleResponse[index];
6971 0 0         if ((subject->serialNumberLen == subjectResponse->certIdSerialLen) &&
    0          
6972 0           (memcmp(subject->serialNumber, subjectResponse->certIdSerial,
6973 0           subject->serialNumberLen) == 0))
6974             {
6975 0           break; /* got it */
6976             }
6977 0           index++;
6978             }
6979 0 0         if (index == MAX_OCSP_RESPONSES)
6980             {
6981             psTraceCrypto("Unable to locate our subject cert in OCSP response\n");
6982 0           return PS_FAILURE;
6983             }
6984 0 0         if (vOpts->index_p != NULL)
6985             {
6986 0           *(vOpts->index_p) = index; /* Write index of response. */
6987             }
6988              
6989             /* Obtain general revocation status. */
6990 0 0         if (subjectResponse->certStatus == 0)
6991             {
6992 0           knownFlag = PS_TRUE;
6993 0           revocationFlag = PS_FALSE;
6994             }
6995 0 0         else if (subjectResponse->certStatus == 1)
6996             {
6997 0           knownFlag = PS_TRUE;
6998 0           revocationFlag = PS_TRUE;
6999             /* certificate is revoked, but still check rest of the response. */
7000             }
7001              
7002             /* Is the response within the acceptable time window */
7003 0 0         if (checkOCSPtimestamp(response, index) != PS_SUCCESS)
7004             {
7005             psTraceCrypto("ERROR: OCSP response older than threshold\n");
7006 0           return PS_FAILURE;
7007             }
7008              
7009             /* Check if nonces match. */
7010 0 0         if (nonceExtReq.buf && vOpts->nonceMatch)
    0          
7011             {
7012 0 0         if (response->nonce.buf == NULL)
7013             {
7014             /* No nonce in response. */
7015 0           *(vOpts->nonceMatch) = PS_FALSE;
7016             }
7017             else
7018             {
7019             /* Compare nonces. */
7020 0           *(vOpts->nonceMatch) = psBufEq(&nonceExtReq, &response->nonce);
7021             }
7022             }
7023              
7024             # if 0
7025             /* The issuer here is pointing to the cert that signed the OCSPRespose
7026             and that is not necessarily the parent of the subject cert we
7027             are looking at. If we want to include this test, we'd need to
7028             find the issuer of the subject and look at the KeyHash as
7029             an additional verification */
7030              
7031             /* Issuer portion of the validation - the subject cert issuer key and name
7032             hash should match what the subjectResponse reports
7033              
7034             POSSIBLE PROBLEMS: Only supporting a SHA1 hash here. The MatrixSSL
7035             parser will only use SHA1 for the DN and key hash. Just warning on
7036             this for now. The signature validation will catch any key mismatch */
7037             if (subjectResponse->certIdHashAlg != OID_SHA1_ALG)
7038             {
7039             psTraceCrypto("WARNING: Non-SHA1 OCSP CertID. Issuer check bypassed\n");
7040             }
7041             else
7042             {
7043             if (memcmp(subjectResponse->certIdKeyHash, issuer->sha1KeyHash, 20)
7044             != 0)
7045             {
7046             psTraceCrypto("Failed OCP issuer key hash validation\n");
7047             return PS_FAILURE;
7048             }
7049             /* Either subject->issuer or issuer->subject would work for testing */
7050             if (memcmp(subjectResponse->certIdNameHash, issuer->subject.hash, 20)
7051             != 0)
7052             {
7053             psTraceCrypto("Failed OCP issuer name hash validation\n");
7054             return PS_FAILURE;
7055             }
7056             }
7057             # endif /* 0 */
7058              
7059             /* Finally do the sig validation */
7060 0           switch (response->sigAlg)
7061             {
7062             # ifdef USE_SHA224
7063             case OID_SHA224_RSA_SIG:
7064             sigOutLen = SHA224_HASH_SIZE;
7065             sigType = PS_RSA;
7066             break;
7067             case OID_SHA224_ECDSA_SIG:
7068             sigOutLen = SHA224_HASH_SIZE;
7069             sigType = PS_ECC;
7070             break;
7071             # endif
7072             # ifdef USE_SHA256
7073             case OID_SHA256_RSA_SIG:
7074 0           sigOutLen = SHA256_HASH_SIZE;
7075 0           sigType = PS_RSA;
7076 0           break;
7077             case OID_SHA256_ECDSA_SIG:
7078 0           sigOutLen = SHA256_HASH_SIZE;
7079 0           sigType = PS_ECC;
7080 0           break;
7081             # endif
7082             # ifdef USE_SHA384
7083             case OID_SHA384_RSA_SIG:
7084 0           sigOutLen = SHA384_HASH_SIZE;
7085 0           sigType = PS_RSA;
7086 0           break;
7087             case OID_SHA384_ECDSA_SIG:
7088 0           sigOutLen = SHA384_HASH_SIZE;
7089 0           sigType = PS_ECC;
7090 0           break;
7091             # endif
7092             # ifdef USE_SHA512
7093             case OID_SHA512_RSA_SIG:
7094 0           sigOutLen = SHA512_HASH_SIZE;
7095 0           sigType = PS_RSA;
7096 0           break;
7097             case OID_SHA512_ECDSA_SIG:
7098 0           sigOutLen = SHA512_HASH_SIZE;
7099 0           sigType = PS_ECC;
7100 0           break;
7101             # endif
7102             case OID_SHA1_RSA_SIG:
7103             case OID_SHA1_RSA_SIG2:
7104 0           sigOutLen = SHA1_HASH_SIZE;
7105 0           sigType = PS_RSA;
7106 0           break;
7107             case OID_SHA1_ECDSA_SIG:
7108 0           sigOutLen = SHA1_HASH_SIZE;
7109 0           sigType = PS_ECC;
7110 0           break;
7111             default:
7112             /* Should have been caught in parse phase */
7113 0           return PS_UNSUPPORTED_FAIL;
7114             }
7115              
7116             /* Finally test the signature */
7117 0 0         if (sigType == PS_RSA)
7118             {
7119 0 0         if (issuer->publicKey.type != PS_RSA)
7120             {
7121 0           return PS_FAILURE;
7122             }
7123 0 0         if (pubRsaDecryptSignedElement(pkiPool, &issuer->publicKey.key.rsa,
7124 0           (unsigned char *) response->sig, response->sigLen, sigOut,
7125             sigOutLen, NULL) < 0)
7126             {
7127             psTraceCrypto("Unable to decode signature in psOcspResponseValidateOld\n");
7128 0           return PS_FAILURE;
7129             }
7130 0 0         if (memcmp(response->hashResult, sigOut, sigOutLen) != 0)
7131             {
7132             psTraceCrypto("OCSP RSA signature validation failed\n");
7133 0           return PS_FAILURE;
7134             }
7135             }
7136             # ifdef USE_ECC
7137             else
7138             {
7139 0 0         if (issuer->publicKey.type != PS_ECC)
7140             {
7141 0           return PS_FAILURE;
7142             }
7143             /* ECDSA signature */
7144 0           index = 0;
7145 0 0         if (psEccDsaVerify(pkiPool, &issuer->publicKey.key.ecc,
7146 0           response->hashResult, sigOutLen, (unsigned char *) response->sig,
7147 0           response->sigLen, &index, NULL) < 0)
7148             {
7149             psTraceCrypto("ECC OCSP sig validation");
7150 0           return PS_FAILURE;
7151             }
7152 0 0         if (index != 1)
7153             {
7154             psTraceCrypto("OCSP ECDSA signature validation failed\n");
7155 0           return PS_FAILURE;
7156             }
7157             }
7158             # endif
7159              
7160 0 0         if (vOpts->knownFlag)
7161             {
7162 0           *(vOpts->knownFlag) = knownFlag;
7163             }
7164              
7165 0 0         if (knownFlag == PS_FALSE)
7166             {
7167             /* The certificate is not known. */
7168 0           return PS_FAILURE;
7169             }
7170             else
7171             {
7172 0 0         if (vOpts->revocationFlag)
7173             {
7174 0           *(vOpts->revocationFlag) = revocationFlag;
7175             }
7176              
7177 0 0         if (vOpts->revocationTime)
7178             {
7179 0           (void) psBrokenDownTimeImport(
7180             vOpts->revocationTime,
7181 0           (const char *) subjectResponse->revocationTime,
7182             sizeof(subjectResponse->revocationTime), 0);
7183             }
7184              
7185 0 0         if (vOpts->revocationReason)
7186             {
7187 0           *(vOpts->revocationReason) =
7188 0           subjectResponse->revocationReason;
7189             }
7190              
7191             /* Function fails if certificate was revoked. */
7192 0 0         if (revocationFlag)
7193             {
7194 0           return PS_CERT_AUTH_FAIL_REVOKED;
7195             }
7196             }
7197              
7198             /* Was able to successfully confirm OCSP signature for our subject */
7199 0           return PS_SUCCESS;
7200             }
7201              
7202 0           int32_t psOcspResponseValidateOld(psPool_t *pool, psX509Cert_t *trustedOCSP,
7203             psX509Cert_t *srvCerts,
7204             psOcspResponse_t *response)
7205             {
7206 0           return psOcspResponseValidate(pool, trustedOCSP, srvCerts, response, NULL);
7207             }
7208              
7209 0           void psOcspResponseUninit(psOcspResponse_t *res)
7210             {
7211 0           psX509FreeCert(res->OCSPResponseCert);
7212 0           memset(res, 0, sizeof(*res));
7213 0           }
7214              
7215              
7216             # endif /* USE_OCSP */
7217              
7218             #endif /* USE_X509 */
7219             /******************************************************************************/
7220