- Timestamp:
- Jun 22, 2021, 9:00:19 PM (3 years ago)
- Location:
- azure_iot_hub_f767zi/trunk/wolfssl-4.7.0
- Files:
-
- 1 edited
- 1 moved
Legend:
- Unmodified
- Added
- Removed
-
azure_iot_hub_f767zi/trunk/wolfssl-4.7.0/wolfcrypt/src/asn.c
r457 r464 20 20 */ 21 21 22 22 /* 23 24 DESCRIPTION 25 This library provides the interface to Abstract Syntax Notation One (ASN.1) objects. 26 ASN.1 is a standard interface description language for defining data structures 27 that can be serialized and deserialized in a cross-platform way. 28 29 */ 23 30 #ifdef HAVE_CONFIG_H 24 31 #include <config.h> … … 67 74 #include <wolfssl/wolfcrypt/des3.h> 68 75 #include <wolfssl/wolfcrypt/aes.h> 76 #include <wolfssl/wolfcrypt/rc2.h> 69 77 #include <wolfssl/wolfcrypt/wc_encrypt.h> 70 78 #include <wolfssl/wolfcrypt/logging.h> … … 114 122 #endif 115 123 124 #ifndef NO_DSA 125 #include <wolfssl/wolfcrypt/dsa.h> 126 #else 127 typedef void* DsaKey; 128 #endif 129 116 130 #ifdef WOLF_CRYPTO_CB 117 131 #include <wolfssl/wolfcrypt/cryptocb.h> … … 129 143 #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; } 130 144 131 #if defined(HAVE_SELFTEST) || ( !defined(NO_SKID) && \ 132 ( !defined(HAVE_FIPS) || \ 133 !defined(HAVE_FIPS_VERSION) )) 145 #if !defined(NO_SKID) && (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION)) 146 #if !defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST) && \ 147 (!defined(HAVE_SELFTEST_VERSION) || \ 148 HAVE_SELFTEST_VERSION < 2)) 134 149 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM 135 150 #define WOLFSSL_AES_KEY_SIZE_ENUM … … 141 156 }; 142 157 #endif 158 #endif /* HAVE_SELFTEST */ 143 159 #endif 144 160 #ifdef WOLFSSL_RENESAS_TSIP_TLS … … 456 472 457 473 if (*len > 0) { 474 475 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY 476 /* check for invalid padding on negative integer. 477 * c.f. X.690 (ISO/IEC 8825-2:2003 (E)) 10.4.6; RFC 5280 4.1 478 */ 479 if (*len > 1) { 480 if ((input[*inOutIdx] == 0xff) && (input[*inOutIdx + 1] & 0x80)) 481 return ASN_PARSE_E; 482 } 483 #endif 484 458 485 /* remove leading zero, unless there is only one 0x00 byte */ 459 486 if ((input[*inOutIdx] == 0x00) && (*len > 1)) { … … 461 488 (*len)--; 462 489 490 #ifndef WOLFSSL_ASN_INT_LEAD_0_ANY 463 491 if (*len > 0 && (input[*inOutIdx] & 0x80) == 0) 464 492 return ASN_PARSE_E; 493 #endif 465 494 } 466 495 } … … 502 531 #if !defined(NO_DSA) && !defined(NO_SHA) 503 532 static const char sigSha1wDsaName[] = "SHAwDSA"; 533 static const char sigSha256wDsaName[] = "SHA256wDSA"; 504 534 #endif /* NO_DSA */ 505 535 #ifndef NO_RSA … … 555 585 case CTC_SHAwDSA: 556 586 return sigSha1wDsaName; 587 case CTC_SHA256wDSA: 588 return sigSha256wDsaName; 557 589 #endif /* NO_DSA && NO_SHA */ 558 590 #ifndef NO_RSA … … 625 657 * returns the number of bytes added to the buffer. 626 658 */ 627 staticint SetASNInt(int len, byte firstByte, byte* output)659 int SetASNInt(int len, byte firstByte, byte* output) 628 660 { 629 661 word32 idx = 0; … … 668 700 leadingBit = mp_leading_bit(n); 669 701 length = mp_unsigned_bin_size(n); 702 if (maxSz >= 0 && (1 + length + (leadingBit ? 1 : 0)) > maxSz) 703 return BUFFER_E; 670 704 idx = SetASNInt(length, leadingBit ? 0x80 : 0x00, output); 671 705 if (maxSz >= 0 && (idx + length) > maxSz) … … 840 874 841 875 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED)) { 876 int ret; 877 842 878 *inOutIdx = ++idx; /* skip header */ 843 return GetMyVersion(input, inOutIdx, version, maxIdx); 879 ret = GetMyVersion(input, inOutIdx, version, maxIdx); 880 if (ret >= 0) { 881 /* check if version is expected value rfc 5280 4.1 {0, 1, 2} */ 882 if (*version > MAX_X509_VERSION || *version < MIN_X509_VERSION) { 883 WOLFSSL_MSG("Unexpected certificate version"); 884 ret = ASN_VERSION_E; 885 } 886 } 887 return ret; 844 888 } 845 889 … … 881 925 882 926 #if (!defined(WOLFSSL_KEY_GEN) && !defined(OPENSSL_EXTRA) && defined(RSA_LOW_MEM)) \ 883 || defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DSA) && defined(WOLFSSL_QT))884 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)927 || defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DSA)) 928 #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || !defined(NO_DSA) 885 929 static int SkipInt(const byte* input, word32* inOutIdx, word32 maxIdx) 886 930 { … … 900 944 #endif 901 945 902 staticint CheckBitString(const byte* input, word32* inOutIdx, int* len,946 int CheckBitString(const byte* input, word32* inOutIdx, int* len, 903 947 word32 maxIdx, int zeroBits, byte* unusedBits) 904 948 { … … 956 1000 (defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT)) || \ 957 1001 ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ 958 (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) 1002 (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA))) || \ 1003 (!defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN)) 959 1004 960 1005 /* Set the DER/BER encoding of the ASN.1 BIT_STRING header. … … 1158 1203 1159 1204 #ifdef WOLFSSL_SMALL_STACK 1160 indefItems = XMALLOC(sizeof(IndefItems), NULL, DYNAMIC_TYPE_TMP_BUFFER);1205 indefItems = (IndefItems *)XMALLOC(sizeof(IndefItems), NULL, DYNAMIC_TYPE_TMP_BUFFER); 1161 1206 if (indefItems == NULL) { 1162 1207 ret = MEMORY_E; … … 1357 1402 #endif 1358 1403 1359 #if defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN) 1360 1361 #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || \ 1362 defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) 1363 1364 #ifdef WOLFSSL_CERT_EXT 1404 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) 1365 1405 /* Set the DER/BER encoding of the ASN.1 BIT_STRING with a 16-bit value. 1366 1406 * … … 1395 1435 return idx; 1396 1436 } 1397 #endif /* WOLFSSL_CERT_EXT */ 1398 #endif /* !NO_RSA || HAVE_ECC || HAVE_ED25519 || defined(HAVE_ED448) */ 1399 #endif /* WOLFSSL_CERT_GEN || WOLFSSL_KEY_GEN */ 1400 1401 1437 #endif /* WOLFSSL_CERT_EXT || WOLFSSL_CERT_GEN */ 1402 1438 1403 1439 /* hashType */ … … 1443 1479 #if !defined(NO_DSA) && !defined(NO_SHA) 1444 1480 static const byte sigSha1wDsaOid[] = {42, 134, 72, 206, 56, 4, 3}; 1481 static const byte sigSha256wDsaOid[] = {96, 134, 72, 1, 101, 3, 4, 3, 2}; 1445 1482 #endif /* NO_DSA */ 1446 1483 #ifndef NO_RSA … … 1510 1547 static const byte keyEd448Oid[] = {43, 101, 113}; 1511 1548 #endif /* HAVE_ED448 */ 1512 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))1549 #ifndef NO_DH 1513 1550 static const byte keyDhOid[] = {42, 134, 72, 134, 247, 13, 1, 3, 1}; 1514 #endif /* ! NO_DH ...*/1551 #endif /* !NO_DH */ 1515 1552 1516 1553 /* curveType */ … … 1594 1631 /* ocspType */ 1595 1632 #ifdef HAVE_OCSP 1596 static const byte ocspBasicOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 1}; 1597 static const byte ocspNonceOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 2}; 1633 static const byte ocspBasicOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 1}; 1634 static const byte ocspNonceOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 2}; 1635 static const byte ocspNoCheckOid[] = {43, 6, 1, 5, 5, 7, 48, 1, 5}; 1598 1636 #endif /* HAVE_OCSP */ 1599 1637 … … 1633 1671 static const byte extExtKeyUsageTimestampOid[] = {43, 6, 1, 5, 5, 7, 3, 8}; 1634 1672 static const byte extExtKeyUsageOcspSignOid[] = {43, 6, 1, 5, 5, 7, 3, 9}; 1673 1674 #ifdef WOLFSSL_CERT_REQ 1675 /* csrAttrType */ 1676 static const byte attrChallengePasswordOid[] = {42, 134, 72, 134, 247, 13, 1, 9, 7}; 1677 static const byte attrSerialNumberOid[] = {85, 4, 5}; 1678 #endif 1635 1679 1636 1680 /* kdfType */ … … 1725 1769 oid = sigSha1wDsaOid; 1726 1770 *oidSz = sizeof(sigSha1wDsaOid); 1771 break; 1772 case CTC_SHA256wDSA: 1773 oid = sigSha256wDsaOid; 1774 *oidSz = sizeof(sigSha256wDsaOid); 1727 1775 break; 1728 1776 #endif /* NO_DSA */ … … 1858 1906 break; 1859 1907 #endif /* HAVE_ED448 */ 1860 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))1908 #ifndef NO_DH 1861 1909 case DHk: 1862 1910 oid = keyDhOid; 1863 1911 *oidSz = sizeof(keyDhOid); 1864 1912 break; 1865 #endif /* ! NO_DH && (WOLFSSL_QT || OPENSSL_ALL*/1913 #endif /* !NO_DH */ 1866 1914 default: 1867 1915 break; … … 2015 2063 break; 2016 2064 #endif 2065 #ifdef HAVE_OCSP 2066 case OCSP_NOCHECK_OID: 2067 oid = ocspNoCheckOid; 2068 *oidSz = sizeof(ocspNoCheckOid); 2069 break; 2070 #endif 2017 2071 } 2018 2072 break; … … 2255 2309 break; 2256 2310 #endif /* WOLFSSL_APACHE_HTTPD */ 2311 #ifdef WOLFSSL_CERT_REQ 2312 case oidCsrAttrType: 2313 switch (id) { 2314 case CHALLENGE_PASSWORD_OID: 2315 oid = attrChallengePasswordOid; 2316 *oidSz = sizeof(attrChallengePasswordOid); 2317 break; 2318 case SERIAL_NUMBER_OID: 2319 oid = attrSerialNumberOid; 2320 *oidSz = sizeof(attrSerialNumberOid); 2321 break; 2322 } 2323 break; 2324 #endif 2257 2325 case oidIgnoreType: 2258 2326 default: … … 2422 2490 int idx = 0; 2423 2491 2424 output[idx++] = ASN_OBJECT_ID; 2425 idx += SetLength(len, output + idx); 2492 if (output) 2493 output[idx++] = ASN_OBJECT_ID; 2494 else 2495 idx++; 2496 idx += SetLength(len, output ? output + idx : NULL); 2426 2497 2427 2498 return idx; … … 2570 2641 int version, length; 2571 2642 2572 if (inOutIdx == NULL ) {2643 if (inOutIdx == NULL || input == NULL || key == NULL) { 2573 2644 return BAD_FUNC_ARG; 2574 2645 } … … 2683 2754 if (length < 0) 2684 2755 return length; 2756 2757 if (length + inOutIdx > sz) 2758 return BUFFER_E; 2685 2759 2686 2760 XMEMMOVE(input, input + inOutIdx, length); … … 2831 2905 2832 2906 #if defined(HAVE_PKCS12) || !defined(NO_CHECK_PRIVATE_KEY) 2833 /* check that the private key is a pair for the public key in certificate2907 /* check that the private key is a pair for the public key 2834 2908 * return 1 (true) on match 2835 2909 * return 0 or negative value on failure/error 2836 2910 * 2837 * key : buffer holding DER format key 2838 * keySz : size of key buffer 2839 * der : a initialized and parsed DecodedCert holding a certificate */ 2840 int wc_CheckPrivateKey(byte* key, word32 keySz, DecodedCert* der) 2911 * privKey : buffer holding DER format private key 2912 * privKeySz : size of private key buffer 2913 * pubKey : buffer holding DER format public key 2914 * pubKeySz : size of public key buffer 2915 * ks : type of key */ 2916 int wc_CheckPrivateKey(const byte* privKey, word32 privKeySz, 2917 const byte* pubKey, word32 pubKeySz, enum Key_Sum ks) 2841 2918 { 2842 2919 int ret; 2843 (void)keySz; 2844 2845 if (key == NULL || der == NULL) { 2920 (void)privKeySz; 2921 (void)pubKeySz; 2922 (void)ks; 2923 2924 if (privKey == NULL || pubKey == NULL) { 2846 2925 return BAD_FUNC_ARG; 2847 2926 } … … 2849 2928 #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) 2850 2929 /* test if RSA key */ 2851 if ( der->keyOID== RSAk) {2930 if (ks == RSAk) { 2852 2931 #ifdef WOLFSSL_SMALL_STACK 2853 2932 RsaKey* a; … … 2884 2963 return ret; 2885 2964 } 2886 if ((ret = wc_RsaPrivateKeyDecode( key, &keyIdx, a, keySz)) == 0) {2965 if ((ret = wc_RsaPrivateKeyDecode(privKey, &keyIdx, a, privKeySz)) == 0) { 2887 2966 WOLFSSL_MSG("Checking RSA key pair"); 2888 2967 keyIdx = 0; /* reset to 0 for parsing public key */ 2889 2968 2890 if ((ret = wc_RsaPublicKeyDecode( der->publicKey, &keyIdx, b,2891 der->pubKeySize)) == 0) {2969 if ((ret = wc_RsaPublicKeyDecode(pubKey, &keyIdx, b, 2970 pubKeySz)) == 0) { 2892 2971 /* limit for user RSA crypto because of RsaKey 2893 2972 * dereference. */ … … 2918 2997 2919 2998 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) 2920 if ( der->keyOID== ECDSAk) {2999 if (ks == ECDSAk) { 2921 3000 #ifdef WOLFSSL_SMALL_STACK 2922 3001 ecc_key* key_pair; … … 2948 3027 } 2949 3028 2950 if ((ret = wc_EccPrivateKeyDecode( key, &keyIdx, key_pair,2951 keySz)) == 0) {3029 if ((ret = wc_EccPrivateKeyDecode(privKey, &keyIdx, key_pair, 3030 privKeySz)) == 0) { 2952 3031 WOLFSSL_MSG("Checking ECC key pair"); 2953 3032 … … 2957 3036 ret = wc_ecc_init(key_pair); 2958 3037 if (ret == 0) { 2959 ret = wc_ecc_import_private_key( (const byte*)privDer,2960 privSz, (const byte*)der->publicKey,2961 der->pubKeySize, key_pair);3038 ret = wc_ecc_import_private_key(privDer, 3039 privSz, pubKey, 3040 pubKeySz, key_pair); 2962 3041 } 2963 3042 … … 2983 3062 2984 3063 #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) 2985 if ( der->keyOID== ED25519k) {3064 if (ks == ED25519k) { 2986 3065 #ifdef WOLFSSL_SMALL_STACK 2987 3066 ed25519_key* key_pair; … … 3004 3083 return ret; 3005 3084 } 3006 if ((ret = wc_Ed25519PrivateKeyDecode( key, &keyIdx, key_pair,3007 keySz)) == 0) {3085 if ((ret = wc_Ed25519PrivateKeyDecode(privKey, &keyIdx, key_pair, 3086 privKeySz)) == 0) { 3008 3087 WOLFSSL_MSG("Checking ED25519 key pair"); 3009 3088 keyIdx = 0; 3010 if ((ret = wc_ed25519_import_public( der->publicKey, der->pubKeySize,3011 3089 if ((ret = wc_ed25519_import_public(pubKey, pubKeySz, 3090 key_pair)) == 0) { 3012 3091 /* public and private extracted successfully no check if is 3013 3092 * a pair and also do sanity checks on key. wc_ecc_check_key … … 3026 3105 3027 3106 #if defined(HAVE_ED448) && !defined(NO_ASN_CRYPT) 3028 if ( der->keyOID== ED448k) {3107 if (ks == ED448k) { 3029 3108 #ifdef WOLFSSL_SMALL_STACK 3030 3109 ed448_key* key_pair = NULL; … … 3047 3126 return ret; 3048 3127 } 3049 if ((ret = wc_Ed448PrivateKeyDecode( key, &keyIdx, key_pair,3050 keySz)) == 0) {3128 if ((ret = wc_Ed448PrivateKeyDecode(privKey, &keyIdx, key_pair, 3129 privKeySz)) == 0) { 3051 3130 WOLFSSL_MSG("Checking ED448 key pair"); 3052 3131 keyIdx = 0; 3053 if ((ret = wc_ed448_import_public( der->publicKey, der->pubKeySize,3054 3132 if ((ret = wc_ed448_import_public(pubKey, pubKeySz, 3133 key_pair)) == 0) { 3055 3134 /* public and private extracted successfully no check if is 3056 3135 * a pair and also do sanity checks on key. wc_ecc_check_key … … 3071 3150 } 3072 3151 3073 (void)keySz;3074 3075 3152 return ret; 3153 } 3154 3155 /* check that the private key is a pair for the public key in certificate 3156 * return 1 (true) on match 3157 * return 0 or negative value on failure/error 3158 * 3159 * key : buffer holding DER format key 3160 * keySz : size of key buffer 3161 * der : a initialized and parsed DecodedCert holding a certificate */ 3162 int wc_CheckPrivateKeyCert(const byte* key, word32 keySz, DecodedCert* der) 3163 { 3164 if (key == NULL || der == NULL) { 3165 return BAD_FUNC_ARG; 3166 } 3167 3168 return wc_CheckPrivateKey(key, keySz, der->publicKey, 3169 der->pubKeySize, (enum Key_Sum) der->keyOID); 3076 3170 } 3077 3171 … … 3110 3204 return 0; 3111 3205 #endif 3206 #ifdef WC_RC2 3207 case PBE_SHA1_40RC2_CBC: 3208 *id = PBE_SHA1_40RC2_CBC; 3209 *version = PKCS12v1; 3210 if (blockSz) *blockSz = RC2_BLOCK_SIZE; 3211 return 0; 3212 #endif 3112 3213 #endif /* !NO_SHA */ 3113 3214 default: … … 3197 3298 #if !defined(NO_RSA) && !defined(NO_ASN_CRYPT) 3198 3299 { 3199 RsaKey rsa; 3200 3201 wc_InitRsaKey(&rsa, heap); 3202 if (wc_RsaPrivateKeyDecode(key, &tmpIdx, &rsa, keySz) == 0) { 3300 RsaKey *rsa = (RsaKey *)XMALLOC(sizeof *rsa, heap, DYNAMIC_TYPE_TMP_BUFFER); 3301 if (rsa == NULL) 3302 return MEMORY_E; 3303 3304 wc_InitRsaKey(rsa, heap); 3305 if (wc_RsaPrivateKeyDecode(key, &tmpIdx, rsa, keySz) == 0) { 3203 3306 *algoID = RSAk; 3204 3307 } … … 3206 3309 WOLFSSL_MSG("Not RSA DER key"); 3207 3310 } 3208 wc_FreeRsaKey(&rsa); 3311 wc_FreeRsaKey(rsa); 3312 XFREE(rsa, heap, DYNAMIC_TYPE_TMP_BUFFER); 3209 3313 } 3210 3314 #endif /* !NO_RSA && !NO_ASN_CRYPT */ 3211 3315 #if defined(HAVE_ECC) && !defined(NO_ASN_CRYPT) 3212 3316 if (*algoID == 0) { 3213 ecc_key ecc; 3317 ecc_key *ecc = (ecc_key *)XMALLOC(sizeof *ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); 3318 if (ecc == NULL) 3319 return MEMORY_E; 3214 3320 3215 3321 tmpIdx = 0; 3216 wc_ecc_init_ex( &ecc, heap, INVALID_DEVID);3217 if (wc_EccPrivateKeyDecode(key, &tmpIdx, &ecc, keySz) == 0) {3322 wc_ecc_init_ex(ecc, heap, INVALID_DEVID); 3323 if (wc_EccPrivateKeyDecode(key, &tmpIdx, ecc, keySz) == 0) { 3218 3324 *algoID = ECDSAk; 3219 3325 3220 3326 /* now find oid */ 3221 if (wc_ecc_get_oid(ecc .dp->oidSum, curveOID, oidSz) < 0) {3327 if (wc_ecc_get_oid(ecc->dp->oidSum, curveOID, oidSz) < 0) { 3222 3328 WOLFSSL_MSG("Error getting ECC curve OID"); 3223 wc_ecc_free(&ecc); 3329 wc_ecc_free(ecc); 3330 XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); 3224 3331 return BAD_FUNC_ARG; 3225 3332 } … … 3228 3335 WOLFSSL_MSG("Not ECC DER key either"); 3229 3336 } 3230 wc_ecc_free(&ecc); 3337 wc_ecc_free(ecc); 3338 XFREE(ecc, heap, DYNAMIC_TYPE_TMP_BUFFER); 3231 3339 } 3232 3340 #endif /* HAVE_ECC && !NO_ASN_CRYPT */ 3233 3341 #if defined(HAVE_ED25519) && !defined(NO_ASN_CRYPT) 3234 3342 if (*algoID != RSAk && *algoID != ECDSAk) { 3235 ed25519_key ed25519; 3343 ed25519_key *ed25519 = (ed25519_key *)XMALLOC(sizeof *ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); 3344 if (ed25519 == NULL) 3345 return MEMORY_E; 3236 3346 3237 3347 tmpIdx = 0; 3238 if (wc_ed25519_init(&ed25519) == 0) { 3239 if (wc_Ed25519PrivateKeyDecode(key, &tmpIdx, &ed25519, keySz) 3240 == 0) { 3348 if (wc_ed25519_init(ed25519) == 0) { 3349 if (wc_Ed25519PrivateKeyDecode(key, &tmpIdx, ed25519, keySz) == 0) { 3241 3350 *algoID = ED25519k; 3242 3351 } … … 3244 3353 WOLFSSL_MSG("Not ED25519 DER key"); 3245 3354 } 3246 wc_ed25519_free( &ed25519);3355 wc_ed25519_free(ed25519); 3247 3356 } 3248 3357 else { 3249 3358 WOLFSSL_MSG("GetKeyOID wc_ed25519_init failed"); 3250 3359 } 3360 XFREE(ed25519, heap, DYNAMIC_TYPE_TMP_BUFFER); 3251 3361 } 3252 3362 #endif /* HAVE_ED25519 && !NO_ASN_CRYPT */ 3253 3363 #if defined(HAVE_ED448) && !defined(NO_ASN_CRYPT) 3254 3364 if (*algoID != RSAk && *algoID != ECDSAk && *algoID != ED25519k) { 3255 ed448_key ed448; 3365 ed448_key *ed448 = (ed448_key *)XMALLOC(sizeof *ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); 3366 if (ed448 == NULL) 3367 return MEMORY_E; 3256 3368 3257 3369 tmpIdx = 0; 3258 if (wc_ed448_init( &ed448) == 0) {3259 if (wc_Ed448PrivateKeyDecode(key, &tmpIdx, &ed448, keySz) == 0) {3370 if (wc_ed448_init(ed448) == 0) { 3371 if (wc_Ed448PrivateKeyDecode(key, &tmpIdx, ed448, keySz) == 0) { 3260 3372 *algoID = ED448k; 3261 3373 } … … 3263 3375 WOLFSSL_MSG("Not ED448 DER key"); 3264 3376 } 3265 wc_ed448_free( &ed448);3377 wc_ed448_free(ed448); 3266 3378 } 3267 3379 else { 3268 3380 WOLFSSL_MSG("GetKeyOID wc_ed448_init failed"); 3269 3381 } 3382 XFREE(ed448, heap, DYNAMIC_TYPE_TMP_BUFFER); 3270 3383 } 3271 3384 #endif /* HAVE_ED448 && !NO_ASN_CRYPT */ … … 3405 3518 ret = SetShortInt(out, &inOutIdx, itt, *outSz); 3406 3519 if (ret < 0) { 3520 #ifdef WOLFSSL_SMALL_STACK 3521 if (saltTmp != NULL) 3522 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3523 #endif 3407 3524 return ret; 3408 3525 } … … 3428 3545 if ((ret = wc_GetKeyOID(key, keySz, &curveOID, &oidSz, &algoID, heap))< 0) { 3429 3546 WOLFSSL_MSG("Error getting key OID"); 3547 #ifdef WOLFSSL_SMALL_STACK 3548 if (saltTmp != NULL) 3549 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3550 #endif 3430 3551 return ret; 3431 3552 } … … 3454 3575 *outSz = tmpSz + MAX_ALGO_SZ + MAX_LENGTH_SZ +MAX_LENGTH_SZ + MAX_SEQ_SZ 3455 3576 + MAX_LENGTH_SZ + MAX_SEQ_SZ + 3; 3577 #ifdef WOLFSSL_SMALL_STACK 3578 if (saltTmp != NULL) 3579 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3580 #endif 3456 3581 return LENGTH_ONLY_E; 3457 3582 } … … 3487 3612 if (saltTmp != NULL) 3488 3613 XFREE(saltTmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3489 XFREE( salt, heap, DYNAMIC_TYPE_TMP_BUFFER);3614 XFREE(tmp, heap, DYNAMIC_TYPE_TMP_BUFFER); 3490 3615 return MEMORY_E; 3491 3616 } … … 4390 4515 4391 4516 #ifndef NO_DH 4392 4517 /* Supports either: 4518 * - DH params G/P (PKCS#3 DH) file or 4519 * - DH key file (if WOLFSSL_DH_EXTRA enabled) */ 4520 /* The wc_DhParamsLoad function also loads DH params, but directly into buffers, not DhKey */ 4393 4521 int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz) 4394 4522 { 4395 4523 int ret = 0; 4396 4524 int length; 4397 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 4525 #ifdef WOLFSSL_DH_EXTRA 4526 #if !defined(HAVE_FIPS) || \ 4527 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4398 4528 word32 oid = 0, temp = 0; 4399 4529 #endif 4530 #endif 4400 4531 4401 4532 WOLFSSL_ENTER("wc_DhKeyDecode"); … … 4407 4538 return ASN_PARSE_E; 4408 4539 4409 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 4540 #ifdef WOLFSSL_DH_EXTRA 4541 #if !defined(HAVE_FIPS) || \ 4542 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4410 4543 temp = *inOutIdx; 4411 4544 #endif 4412 4545 #endif 4413 4546 /* Assume input started after 1.2.840.113549.1.3.1 dhKeyAgreement */ 4414 if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || 4415 GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4547 if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { 4416 4548 ret = ASN_DH_KEY_E; 4417 4549 } 4418 4419 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 4550 if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4551 mp_clear(&key->p); 4552 ret = ASN_DH_KEY_E; 4553 } 4554 4555 #ifdef WOLFSSL_DH_EXTRA 4556 #if !defined(HAVE_FIPS) || \ 4557 (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) 4420 4558 /* If ASN_DH_KEY_E: Check if input started at beginning of key */ 4421 4559 if (ret == ASN_DH_KEY_E) { 4422 /* rewind back to after the first sequence */4423 4560 *inOutIdx = temp; 4561 4562 /* the version (0) */ 4563 if (GetASNInt(input, inOutIdx, &length, inSz) < 0) { 4564 return ASN_PARSE_E; 4565 } 4566 *inOutIdx += length; 4567 4568 /* Size of dhKeyAgreement section */ 4424 4569 if (GetSequence(input, inOutIdx, &length, inSz) < 0) 4425 4570 return ASN_PARSE_E; … … 4433 4578 return ASN_PARSE_E; 4434 4579 4435 if (GetInt(&key->p, input, inOutIdx, inSz) < 0 || 4436 GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4580 if (GetInt(&key->p, input, inOutIdx, inSz) < 0) { 4581 return ASN_DH_KEY_E; 4582 } 4583 if (ret == 0 && GetInt(&key->g, input, inOutIdx, inSz) < 0) { 4584 mp_clear(&key->p); 4437 4585 return ASN_DH_KEY_E; 4438 4586 } … … 4454 4602 if (GetInt(&key->priv, input, inOutIdx, inSz) == 0) { 4455 4603 WOLFSSL_MSG("Found Private Key"); 4456 ret = 0; 4604 4605 /* Compute public */ 4606 ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub); 4457 4607 } 4458 4608 } else { … … 4462 4612 } 4463 4613 } 4464 #endif /* WOLFSSL_QT || OPENSSL_ALL */ 4465 4466 WOLFSSL_MSG("wc_DhKeyDecode Success"); 4614 #endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ 4615 #endif /* WOLFSSL_DH_EXTRA */ 4616 4617 WOLFSSL_LEAVE("wc_DhKeyDecode", ret); 4467 4618 4468 4619 return ret; 4469 4620 } 4470 4471 4621 4472 4622 int wc_DhParamsLoad(const byte* input, word32 inSz, byte* p, word32* pInOutSz, … … 4507 4657 return 0; 4508 4658 } 4509 #endif /* NO_DH */4659 #endif /* !NO_DH */ 4510 4660 4511 4661 … … 4663 4813 } 4664 4814 4665 #if !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) 4815 #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ 4816 defined(WOLFSSL_CERT_GEN)) 4666 4817 /* Write a public DSA key to output */ 4667 4818 int wc_SetDsaPublicKey(byte* output, DsaKey* key, … … 4852 5003 return wc_SetDsaPublicKey(output, key, inLen, 1); 4853 5004 } 4854 #endif /* !HAVE_SELFTEST && WOLFSSL_KEY_GEN*/5005 #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) */ 4855 5006 4856 5007 /* Convert private DsaKey key to DER format, write to output (inLen), … … 4999 5150 if (cert->altEmailNames) 5000 5151 FreeAltNames(cert->altEmailNames, cert->heap); 5152 if (cert->altDirNames) 5153 FreeAltNames(cert->altDirNames, cert->heap); 5001 5154 if (cert->permittedNames) 5002 5155 FreeNameSubtrees(cert->permittedNames, cert->heap); … … 5009 5162 XFREE(cert->hwSerialNum, cert->heap, DYNAMIC_TYPE_X509_EXT); 5010 5163 #endif /* WOLFSSL_SEP */ 5011 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5012 if (cert->issuerName.fullName != NULL) 5013 XFREE(cert->issuerName.fullName, cert->heap, DYNAMIC_TYPE_X509); 5014 if (cert->subjectName.fullName != NULL) 5015 XFREE(cert->subjectName.fullName, cert->heap, DYNAMIC_TYPE_X509); 5164 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5165 !defined(WOLFCRYPT_ONLY) 5166 if (cert->issuerName != NULL) 5167 wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->issuerName); 5168 if (cert->subjectName != NULL) 5169 wolfSSL_X509_NAME_free((WOLFSSL_X509_NAME*)cert->subjectName); 5016 5170 #endif /* OPENSSL_EXTRA */ 5017 5171 #ifdef WOLFSSL_RENESAS_TSIP_TLS … … 5101 5255 { 5102 5256 int length; 5103 #if !defined(NO_DSA) && defined(WOLFSSL_QT)5257 #ifndef NO_DSA 5104 5258 int tmpLen; 5105 5259 #endif 5106 #if defined(HAVE_ECC) || defined(HAVE_NTRU) 5260 #if defined(HAVE_ECC) || defined(HAVE_NTRU) || !defined(NO_DSA) 5107 5261 int tmpIdx = cert->srcIdx; 5108 5262 #endif … … 5111 5265 return ASN_PARSE_E; 5112 5266 5113 #if !defined(NO_DSA) && defined(WOLFSSL_QT)5267 #ifndef NO_DSA 5114 5268 tmpLen = length + 4; 5115 5269 #endif … … 5324 5478 } 5325 5479 #endif /* HAVE_ED448 */ 5326 #if !defined(NO_DSA) && defined(WOLFSSL_QT)5480 #ifndef NO_DSA 5327 5481 case DSAk: 5328 5482 { … … 5357 5511 return 0; 5358 5512 } 5359 #endif /* NO_DSA && QT*/5513 #endif /* NO_DSA */ 5360 5514 default: 5515 WOLFSSL_MSG("Unknown or not compiled in key OID"); 5361 5516 return ASN_UNKNOWN_OID_E; 5362 5517 } … … 5449 5604 {WOLFSSL_EMAIL_ADDR, NID_emailAddress}, 5450 5605 {NULL, -1}}; 5451 5452 5606 int i; 5453 5607 #ifdef HAVE_ECC 5608 char curveName[16]; /* Same as MAX_CURVE_NAME_SZ but can't include that 5609 * symbol in this file */ 5454 5610 int eccEnum; 5455 5611 #endif … … 5464 5620 if (XSTRNCMP(sn, "prime256v1", 10) == 0) 5465 5621 sn = "SECP256R1"; 5466 if (XSTRNCMP(sn, "secp384r1", 10) == 0) 5467 sn = "SECP384R1"; 5622 /* OpenSSL allows lowercase curve names */ 5623 for (i = 0; i < (int)(sizeof(curveName) - 1) && *sn; i++) { 5624 curveName[i] = (char)XTOUPPER(*sn++); 5625 } 5626 curveName[i] = '\0'; 5468 5627 /* find based on name and return NID */ 5469 for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++) { 5470 if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { 5628 for (i = 0; 5629 #ifndef WOLFSSL_ECC_CURVE_STATIC 5630 ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; 5631 #else 5632 ecc_sets[i].size != 0; 5633 #endif 5634 i++) { 5635 if (XSTRNCMP(curveName, ecc_sets[i].name, ECC_MAXNAME) == 0) { 5471 5636 eccEnum = ecc_sets[i].id; 5472 5637 /* Convert enum value in ecc_curve_id to OpenSSL NID */ … … 5484 5649 { 5485 5650 int ret; 5486 5487 #ifdef WOLF_CRYPTO_CB5488 /* try to use a registered crypto callback */5489 ret = wc_CryptoCb_Sha256Hash(NULL, data, len, hash);5490 if (ret != CRYPTOCB_UNAVAILABLE)5491 return ret;5492 /* fall-through when unavailable */5493 #endif5494 5651 5495 5652 #if defined(NO_SHA) && !defined(NO_SHA256) … … 5504 5661 } 5505 5662 5506 /* process NAME, either issuer or subject */ 5507 static int GetName(DecodedCert* cert, int nameType, int maxIdx) 5663 /* process NAME, either issuer or subject 5664 * returns 0 on success and negative values on fail */ 5665 int GetName(DecodedCert* cert, int nameType, int maxIdx) 5508 5666 { 5509 5667 int length; /* length of all distinguished names */ … … 5514 5672 word32 idx, localIdx = 0; 5515 5673 byte tag; 5516 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5517 DecodedName* dName = 5518 (nameType == ISSUER) ? &cert->issuerName : &cert->subjectName; 5519 int dcnum = 0; 5520 #ifdef OPENSSL_EXTRA 5521 int count = 0; 5522 #endif 5523 #endif /* OPENSSL_EXTRA */ 5674 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5675 !defined(WOLFCRYPT_ONLY) 5676 WOLFSSL_X509_NAME* dName; 5677 #endif /* OPENSSL_EXTRA */ 5524 5678 5525 5679 WOLFSSL_MSG("Getting Cert Name"); … … 5578 5732 } 5579 5733 #endif 5734 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5735 !defined(WOLFCRYPT_ONLY) 5736 dName = wolfSSL_X509_NAME_new(); 5737 if (dName == NULL) { 5738 return MEMORY_E; 5739 } 5740 #endif /* OPENSSL_EXTRA */ 5580 5741 5581 5742 while (cert->srcIdx < (word32)length) { … … 5588 5749 int strLen = 0; 5589 5750 byte id = 0; 5751 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ 5752 && !defined(WOLFCRYPT_ONLY) 5753 int nid = NID_undef; 5754 int enc; 5755 #endif /* OPENSSL_EXTRA */ 5590 5756 5591 5757 if (GetSet(cert->source, &cert->srcIdx, &dummy, maxIdx) < 0) { … … 5593 5759 } 5594 5760 5595 if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) 5761 if (GetSequence(cert->source, &cert->srcIdx, &dummy, maxIdx) <= 0) { 5762 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5763 !defined(WOLFCRYPT_ONLY) 5764 wolfSSL_X509_NAME_free(dName); 5765 #endif /* OPENSSL_EXTRA */ 5596 5766 return ASN_PARSE_E; 5767 } 5597 5768 5598 5769 ret = GetASNObjectId(cert->source, &cert->srcIdx, &oidSz, maxIdx); 5599 if (ret != 0) 5770 if (ret != 0) { 5771 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5772 !defined(WOLFCRYPT_ONLY) 5773 wolfSSL_X509_NAME_free(dName); 5774 #endif /* OPENSSL_EXTRA */ 5600 5775 return ret; 5776 } 5601 5777 5602 5778 /* make sure there is room for joint */ 5603 if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) 5779 if ((cert->srcIdx + sizeof(joint)) > (word32)maxIdx) { 5780 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5781 !defined(WOLFCRYPT_ONLY) 5782 wolfSSL_X509_NAME_free(dName); 5783 #endif /* OPENSSL_EXTRA */ 5604 5784 return ASN_PARSE_E; 5785 } 5605 5786 5606 5787 XMEMCPY(joint, &cert->source[cert->srcIdx], sizeof(joint)); … … 5612 5793 if (GetHeader(cert->source, &b, &cert->srcIdx, &strLen, 5613 5794 maxIdx, 1) < 0) { 5795 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5796 !defined(WOLFCRYPT_ONLY) 5797 wolfSSL_X509_NAME_free(dName); 5798 #endif /* OPENSSL_EXTRA */ 5614 5799 return ASN_PARSE_E; 5615 5800 } … … 5624 5809 copy = WOLFSSL_COMMON_NAME; 5625 5810 copyLen = sizeof(WOLFSSL_COMMON_NAME) - 1; 5626 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)5627 dName->cnIdx = cert->srcIdx;5628 dName->cnLen = strLen;5629 5811 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ 5812 && !defined(WOLFCRYPT_ONLY) 5813 nid = NID_commonName; 5814 #endif /* OPENSSL_EXTRA */ 5630 5815 } 5631 5816 else if (id == ASN_SUR_NAME) { … … 5639 5824 } 5640 5825 #endif /* WOLFSSL_CERT_GEN */ 5641 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5642 dName->snIdx = cert->srcIdx; 5643 dName->snLen = strLen; 5826 #if (defined(OPENSSL_EXTRA) || \ 5827 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5828 && !defined(WOLFCRYPT_ONLY) 5829 nid = NID_surname; 5644 5830 #endif /* OPENSSL_EXTRA */ 5645 5831 } … … 5654 5840 } 5655 5841 #endif /* WOLFSSL_CERT_GEN */ 5656 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5657 dName->cIdx = cert->srcIdx; 5658 dName->cLen = strLen; 5842 #if (defined(OPENSSL_EXTRA) || \ 5843 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5844 && !defined(WOLFCRYPT_ONLY) 5845 nid = NID_countryName; 5659 5846 #endif /* OPENSSL_EXTRA */ 5660 5847 } … … 5669 5856 } 5670 5857 #endif /* WOLFSSL_CERT_GEN */ 5671 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5672 dName->lIdx = cert->srcIdx; 5673 dName->lLen = strLen; 5858 #if (defined(OPENSSL_EXTRA) || \ 5859 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5860 && !defined(WOLFCRYPT_ONLY) 5861 nid = NID_localityName; 5674 5862 #endif /* OPENSSL_EXTRA */ 5675 5863 } … … 5684 5872 } 5685 5873 #endif /* WOLFSSL_CERT_GEN */ 5686 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5687 dName->stIdx = cert->srcIdx; 5688 dName->stLen = strLen; 5874 #if (defined(OPENSSL_EXTRA) || \ 5875 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5876 && !defined(WOLFCRYPT_ONLY) 5877 nid = NID_stateOrProvinceName; 5689 5878 #endif /* OPENSSL_EXTRA */ 5690 5879 } … … 5699 5888 } 5700 5889 #endif /* WOLFSSL_CERT_GEN */ 5701 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5702 dName->oIdx = cert->srcIdx; 5703 dName->oLen = strLen; 5890 #if (defined(OPENSSL_EXTRA) || \ 5891 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5892 && !defined(WOLFCRYPT_ONLY) 5893 nid = NID_organizationName; 5704 5894 #endif /* OPENSSL_EXTRA */ 5705 5895 } … … 5714 5904 } 5715 5905 #endif /* WOLFSSL_CERT_GEN */ 5716 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5717 dName->ouIdx = cert->srcIdx; 5718 dName->ouLen = strLen; 5906 #if (defined(OPENSSL_EXTRA) || \ 5907 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5908 && !defined(WOLFCRYPT_ONLY) 5909 nid = NID_organizationalUnitName; 5719 5910 #endif /* OPENSSL_EXTRA */ 5720 5911 } … … 5729 5920 } 5730 5921 #endif /* WOLFSSL_CERT_GEN */ 5731 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5732 dName->snIdx = cert->srcIdx; 5733 dName->snLen = strLen; 5922 #if (defined(OPENSSL_EXTRA) || \ 5923 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5924 && !defined(WOLFCRYPT_ONLY) 5925 nid = NID_serialNumber; 5734 5926 #endif /* OPENSSL_EXTRA */ 5735 5927 } … … 5745 5937 } 5746 5938 #endif /* WOLFSSL_CERT_GEN */ 5747 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)5748 dName->bcIdx = cert->srcIdx;5749 dName->bcLen = strLen;5939 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) \ 5940 && !defined(WOLFCRYPT_ONLY) 5941 nid = NID_businessCategory; 5750 5942 #endif /* OPENSSL_EXTRA */ 5751 5943 } … … 5764 5956 5765 5957 if (GetLength(cert->source, &cert->srcIdx, &strLen, 5766 maxIdx) < 0) 5958 maxIdx) < 0) { 5959 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 5960 !defined(WOLFCRYPT_ONLY) 5961 wolfSSL_X509_NAME_free(dName); 5962 #endif /* OPENSSL_EXTRA */ 5767 5963 return ASN_PARSE_E; 5964 } 5768 5965 5769 5966 /* Check for jurisdiction of incorporation country name */ … … 5778 5975 } 5779 5976 #endif /* WOLFSSL_CERT_GEN */ 5780 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5781 dName->jcIdx = cert->srcIdx; 5782 dName->jcLen = strLen; 5977 #if (defined(OPENSSL_EXTRA) || \ 5978 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5979 && !defined(WOLFCRYPT_ONLY) 5980 nid = NID_jurisdictionCountryName; 5783 5981 #endif /* OPENSSL_EXTRA */ 5784 5982 } … … 5795 5993 } 5796 5994 #endif /* WOLFSSL_CERT_GEN */ 5797 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5798 dName->jsIdx = cert->srcIdx; 5799 dName->jsLen = strLen; 5995 #if (defined(OPENSSL_EXTRA) || \ 5996 defined(OPENSSL_EXTRA_X509_SMALL)) \ 5997 && !defined(WOLFCRYPT_ONLY) 5998 nid = NID_jurisdictionStateOrProvinceName; 5800 5999 #endif /* OPENSSL_EXTRA */ 5801 6000 } … … 5825 6024 cert->srcIdx += oidSz + 1; 5826 6025 5827 if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) 6026 if (GetLength(cert->source, &cert->srcIdx, &strLen, maxIdx) < 0) { 6027 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6028 !defined(WOLFCRYPT_ONLY) 6029 wolfSSL_X509_NAME_free(dName); 6030 #endif /* OPENSSL_EXTRA */ 5828 6031 return ASN_PARSE_E; 6032 } 5829 6033 5830 6034 if (strLen > (int)(ASN_NAME_MAX - idx)) { … … 5849 6053 } 5850 6054 #endif /* WOLFSSL_CERT_GEN */ 5851 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5852 dName->emailIdx = cert->srcIdx; 5853 dName->emailLen = strLen; 6055 #if (defined(OPENSSL_EXTRA) || \ 6056 defined(OPENSSL_EXTRA_X509_SMALL)) \ 6057 && !defined(WOLFCRYPT_ONLY) 6058 nid = NID_emailAddress; 5854 6059 #endif /* OPENSSL_EXTRA */ 5855 6060 #ifndef IGNORE_NAME_CONSTRAINTS … … 5861 6066 if (emailName == NULL) { 5862 6067 WOLFSSL_MSG("\tOut of Memory"); 6068 #if (defined(OPENSSL_EXTRA) || \ 6069 defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6070 !defined(WOLFCRYPT_ONLY) 6071 wolfSSL_X509_NAME_free(dName); 6072 #endif /* OPENSSL_EXTRA */ 5863 6073 return MEMORY_E; 5864 6074 } … … 5869 6079 WOLFSSL_MSG("\tOut of Memory"); 5870 6080 XFREE(emailName, cert->heap, DYNAMIC_TYPE_ALTNAME); 6081 #if (defined(OPENSSL_EXTRA) || \ 6082 defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6083 !defined(WOLFCRYPT_ONLY) 6084 wolfSSL_X509_NAME_free(dName); 6085 #endif /* OPENSSL_EXTRA */ 5871 6086 return MEMORY_E; 5872 6087 } … … 5887 6102 copy = WOLFSSL_USER_ID; 5888 6103 copyLen = sizeof(WOLFSSL_USER_ID) - 1; 5889 #if defined(OPENSSL_EXTRA) || \5890 defined(OPENSSL_EXTRA_X509_SMALL) 5891 dName->uidIdx = cert->srcIdx;5892 dName->uidLen = strLen;6104 #if (defined(OPENSSL_EXTRA) || \ 6105 defined(OPENSSL_EXTRA_X509_SMALL)) \ 6106 && !defined(WOLFCRYPT_ONLY) 6107 nid = NID_userId; 5893 6108 #endif /* OPENSSL_EXTRA */ 5894 6109 break; … … 5897 6112 copy = WOLFSSL_DOMAIN_COMPONENT; 5898 6113 copyLen = sizeof(WOLFSSL_DOMAIN_COMPONENT) - 1; 5899 #if defined(OPENSSL_EXTRA) || \ 5900 defined(OPENSSL_EXTRA_X509_SMALL) 5901 dName->dcIdx[dcnum] = cert->srcIdx; 5902 dName->dcLen[dcnum] = strLen; 5903 dName->dcNum = dcnum + 1; 5904 dcnum++; 6114 #if (defined(OPENSSL_EXTRA) || \ 6115 defined(OPENSSL_EXTRA_X509_SMALL)) \ 6116 && !defined(WOLFCRYPT_ONLY) 6117 nid = NID_domainComponent; 5905 6118 #endif /* OPENSSL_EXTRA */ 5906 6119 break; … … 5908 6121 default: 5909 6122 WOLFSSL_MSG("Unknown pilot attribute type"); 6123 #if (defined(OPENSSL_EXTRA) || \ 6124 defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6125 !defined(WOLFCRYPT_ONLY) 6126 wolfSSL_X509_NAME_free(dName); 6127 #endif /* OPENSSL_EXTRA */ 5910 6128 return ASN_PARSE_E; 5911 6129 } … … 5922 6140 XMEMCPY(&full[idx], &cert->source[cert->srcIdx], strLen); 5923 6141 idx += strLen; 5924 5925 #ifdef OPENSSL_EXTRA 5926 if (count < DOMAIN_COMPONENT_MAX) { 5927 /* store order that DN was parsed */ 5928 dName->loc[count++] = id; 5929 } 5930 #endif 5931 } 6142 } 6143 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6144 !defined(WOLFCRYPT_ONLY) 6145 switch (b) { 6146 case CTC_UTF8: 6147 enc = MBSTRING_UTF8; 6148 break; 6149 case CTC_PRINTABLE: 6150 enc = V_ASN1_PRINTABLESTRING; 6151 break; 6152 default: 6153 WOLFSSL_MSG("Unknown encoding type, using UTF8 by default"); 6154 enc = MBSTRING_UTF8; 6155 } 6156 6157 if (nid != NID_undef) { 6158 if (wolfSSL_X509_NAME_add_entry_by_NID(dName, nid, enc, 6159 &cert->source[cert->srcIdx], strLen, -1, -1) != 6160 WOLFSSL_SUCCESS) { 6161 wolfSSL_X509_NAME_free(dName); 6162 return ASN_PARSE_E; 6163 } 6164 } 6165 #endif /* OPENSSL_EXTRA */ 5932 6166 cert->srcIdx += strLen; 5933 6167 } 5934 6168 full[idx++] = 0; 5935 #if defined(OPENSSL_EXTRA) 5936 /* store order that DN was parsed */ 5937 dName->locSz = count; 5938 #endif 5939 5940 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 5941 { 5942 int totalLen = 0; 5943 int i = 0; 5944 5945 if (dName->cnLen != 0) 5946 totalLen += dName->cnLen + 4; 5947 if (dName->snLen != 0) 5948 totalLen += dName->snLen + 4; 5949 if (dName->cLen != 0) 5950 totalLen += dName->cLen + 3; 5951 if (dName->lLen != 0) 5952 totalLen += dName->lLen + 3; 5953 if (dName->stLen != 0) 5954 totalLen += dName->stLen + 4; 5955 if (dName->oLen != 0) 5956 totalLen += dName->oLen + 3; 5957 if (dName->ouLen != 0) 5958 totalLen += dName->ouLen + 4; 5959 if (dName->emailLen != 0) 5960 totalLen += dName->emailLen + 14; 5961 if (dName->uidLen != 0) 5962 totalLen += dName->uidLen + 5; 5963 if (dName->serialLen != 0) 5964 totalLen += dName->serialLen + 14; 5965 if (dName->dcNum != 0){ 5966 for (i = 0;i < dName->dcNum;i++) 5967 totalLen += dName->dcLen[i] + 4; 5968 } 5969 5970 dName->fullName = (char*)XMALLOC(totalLen + 1, cert->heap, 5971 DYNAMIC_TYPE_X509); 5972 if (dName->fullName != NULL) { 5973 idx = 0; 5974 5975 if (dName->cnLen != 0) { 5976 dName->entryCount++; 5977 XMEMCPY(&dName->fullName[idx], WOLFSSL_COMMON_NAME, 4); 5978 dName->cnNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COMMON_NAME); 5979 idx += 4; 5980 XMEMCPY(&dName->fullName[idx], 5981 &cert->source[dName->cnIdx], dName->cnLen); 5982 dName->cnIdx = idx; 5983 idx += dName->cnLen; 5984 } 5985 if (dName->snLen != 0) { 5986 dName->entryCount++; 5987 XMEMCPY(&dName->fullName[idx], WOLFSSL_SUR_NAME, 4); 5988 dName->snNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SUR_NAME); 5989 idx += 4; 5990 XMEMCPY(&dName->fullName[idx], 5991 &cert->source[dName->snIdx], dName->snLen); 5992 dName->snIdx = idx; 5993 idx += dName->snLen; 5994 } 5995 if (dName->cLen != 0) { 5996 dName->entryCount++; 5997 XMEMCPY(&dName->fullName[idx], WOLFSSL_COUNTRY_NAME, 3); 5998 dName->cNid = wc_OBJ_sn2nid((const char *)WOLFSSL_COUNTRY_NAME); 5999 idx += 3; 6000 XMEMCPY(&dName->fullName[idx], 6001 &cert->source[dName->cIdx], dName->cLen); 6002 dName->cIdx = idx; 6003 idx += dName->cLen; 6004 } 6005 if (dName->lLen != 0) { 6006 dName->entryCount++; 6007 XMEMCPY(&dName->fullName[idx], WOLFSSL_LOCALITY_NAME, 3); 6008 dName->lNid = wc_OBJ_sn2nid((const char *)WOLFSSL_LOCALITY_NAME); 6009 idx += 3; 6010 XMEMCPY(&dName->fullName[idx], 6011 &cert->source[dName->lIdx], dName->lLen); 6012 dName->lIdx = idx; 6013 idx += dName->lLen; 6014 } 6015 if (dName->stLen != 0) { 6016 dName->entryCount++; 6017 XMEMCPY(&dName->fullName[idx], WOLFSSL_STATE_NAME, 4); 6018 dName->stNid = wc_OBJ_sn2nid((const char *)WOLFSSL_STATE_NAME); 6019 idx += 4; 6020 XMEMCPY(&dName->fullName[idx], 6021 &cert->source[dName->stIdx], dName->stLen); 6022 dName->stIdx = idx; 6023 idx += dName->stLen; 6024 } 6025 if (dName->oLen != 0) { 6026 dName->entryCount++; 6027 XMEMCPY(&dName->fullName[idx], WOLFSSL_ORG_NAME, 3); 6028 dName->oNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORG_NAME); 6029 idx += 3; 6030 XMEMCPY(&dName->fullName[idx], 6031 &cert->source[dName->oIdx], dName->oLen); 6032 dName->oIdx = idx; 6033 idx += dName->oLen; 6034 } 6035 if (dName->ouLen != 0) { 6036 dName->entryCount++; 6037 XMEMCPY(&dName->fullName[idx], WOLFSSL_ORGUNIT_NAME, 4); 6038 dName->ouNid = wc_OBJ_sn2nid((const char *)WOLFSSL_ORGUNIT_NAME); 6039 idx += 4; 6040 XMEMCPY(&dName->fullName[idx], 6041 &cert->source[dName->ouIdx], dName->ouLen); 6042 dName->ouIdx = idx; 6043 idx += dName->ouLen; 6044 } 6045 if (dName->emailLen != 0) { 6046 dName->entryCount++; 6047 XMEMCPY(&dName->fullName[idx], "/emailAddress=", 14); 6048 dName->emailNid = wc_OBJ_sn2nid((const char *)"/emailAddress="); 6049 idx += 14; 6050 XMEMCPY(&dName->fullName[idx], 6051 &cert->source[dName->emailIdx], dName->emailLen); 6052 dName->emailIdx = idx; 6053 idx += dName->emailLen; 6054 } 6055 for (i = 0;i < dName->dcNum;i++){ 6056 if (dName->dcLen[i] != 0) { 6057 dName->entryCount++; 6058 XMEMCPY(&dName->fullName[idx], WOLFSSL_DOMAIN_COMPONENT, 4); 6059 idx += 4; 6060 XMEMCPY(&dName->fullName[idx], 6061 &cert->source[dName->dcIdx[i]], dName->dcLen[i]); 6062 dName->dcIdx[i] = idx; 6063 idx += dName->dcLen[i]; 6064 } 6065 } 6066 if (dName->uidLen != 0) { 6067 dName->entryCount++; 6068 XMEMCPY(&dName->fullName[idx], "/UID=", 5); 6069 dName->uidNid = wc_OBJ_sn2nid((const char *)"/UID="); 6070 idx += 5; 6071 XMEMCPY(&dName->fullName[idx], 6072 &cert->source[dName->uidIdx], dName->uidLen); 6073 dName->uidIdx = idx; 6074 idx += dName->uidLen; 6075 } 6076 if (dName->serialLen != 0) { 6077 dName->entryCount++; 6078 XMEMCPY(&dName->fullName[idx], WOLFSSL_SERIAL_NUMBER, 14); 6079 dName->serialNid = wc_OBJ_sn2nid((const char *)WOLFSSL_SERIAL_NUMBER); 6080 idx += 14; 6081 XMEMCPY(&dName->fullName[idx], 6082 &cert->source[dName->serialIdx], dName->serialLen); 6083 dName->serialIdx = idx; 6084 idx += dName->serialLen; 6085 } 6086 dName->fullName[idx] = '\0'; 6087 dName->fullNameLen = totalLen; 6088 } 6089 } 6090 #endif /* OPENSSL_EXTRA */ 6091 6169 6170 6171 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 6172 !defined(WOLFCRYPT_ONLY) 6173 if (nameType == ISSUER) { 6174 cert->issuerName = dName; 6175 } 6176 else { 6177 cert->subjectName = dName; 6178 } 6179 #endif 6092 6180 return 0; 6093 6181 } … … 6113 6201 return 0; 6114 6202 } 6203 6204 #ifdef WOLFSSL_LINUXKM 6205 static WC_INLINE int GetTime_Long(long* value, const byte* date, int* idx) 6206 { 6207 int i = *idx; 6208 6209 if (date[i] < 0x30 || date[i] > 0x39 || date[i+1] < 0x30 || 6210 date[i+1] > 0x39) { 6211 return ASN_PARSE_E; 6212 } 6213 6214 *value += (long)btoi(date[i++]) * 10; 6215 *value += (long)btoi(date[i++]); 6216 6217 *idx = i; 6218 6219 return 0; 6220 } 6221 #endif 6115 6222 6116 6223 int ExtractDate(const unsigned char* date, unsigned char format, … … 6126 6233 } 6127 6234 else { /* format == GENERALIZED_TIME */ 6235 #ifdef WOLFSSL_LINUXKM 6236 if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; 6237 #else 6128 6238 if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; 6239 #endif 6129 6240 certTime->tm_year *= 100; 6130 6241 } 6131 6242 6243 #ifdef AVR 6244 /* Extract the time from the struct tm and adjust tm_year, tm_mon */ 6245 /* AVR libc stores these as uint8_t instead of int */ 6246 /* AVR time_t also offsets from midnight 1 Jan 2000 */ 6247 int tm_year = certTime->tm_year - 2000; 6248 int tm_mon = certTime->tm_mon - 1; 6249 int tm_mday = certTime->tm_mday; 6250 int tm_hour = certTime->tm_hour; 6251 int tm_min = certTime->tm_min; 6252 int tm_sec = certTime->tm_sec; 6253 6254 #ifdef WOLFSSL_LINUXKM 6255 if (GetTime_Long(&tm_year, date, idx) != 0) return 0; 6256 #else 6257 if (GetTime(&tm_year, date, idx) != 0) return 0; 6258 #endif 6259 if (GetTime(&tm_mon , date, idx) != 0) return 0; 6260 if (GetTime(&tm_mday, date, idx) != 0) return 0; 6261 if (GetTime(&tm_hour, date, idx) != 0) return 0; 6262 if (GetTime(&tm_min , date, idx) != 0) return 0; 6263 if (GetTime(&tm_sec , date, idx) != 0) return 0; 6264 6265 /* Re-populate certTime with computed values */ 6266 certTime->tm_year = tm_year; 6267 certTime->tm_mon = tm_mon; 6268 certTime->tm_mday = tm_mday; 6269 certTime->tm_hour = tm_hour; 6270 certTime->tm_min = tm_min; 6271 certTime->tm_sec = tm_sec; 6272 #else 6132 6273 /* adjust tm_year, tm_mon */ 6274 #ifdef WOLFSSL_LINUXKM 6275 if (GetTime_Long(&certTime->tm_year, date, idx) != 0) return 0; 6276 #else 6133 6277 if (GetTime(&certTime->tm_year, date, idx) != 0) return 0; 6278 #endif 6134 6279 certTime->tm_year -= 1900; 6135 6280 if (GetTime(&certTime->tm_mon , date, idx) != 0) return 0; … … 6139 6284 if (GetTime(&certTime->tm_min , date, idx) != 0) return 0; 6140 6285 if (GetTime(&certTime->tm_sec , date, idx) != 0) return 0; 6286 #endif 6141 6287 6142 6288 return 1; … … 6182 6328 6183 6329 XSNPRINTF(buf + idx, len - idx, "%2d %02d:%02d:%02d %d GMT", 6184 t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, t.tm_year + 1900);6330 t.tm_mday, t.tm_hour, t.tm_min, t.tm_sec, (int)t.tm_year + 1900); 6185 6331 6186 6332 return 1; … … 6199 6345 struct tm* ts = NULL; 6200 6346 struct tm* tmpTime = NULL; 6347 byte* data_ptr = buf; 6348 word32 data_len = 0; 6349 int year, mon, day, hour, mini, sec; 6201 6350 #if defined(NEED_TMP_TIME) 6202 6351 struct tm tmpTimeStorage; … … 6205 6354 (void)tmpTime; 6206 6355 #endif 6207 byte* data_ptr = buf;6208 word32 data_len = 0;6209 int year, mon, day, hour, mini, sec;6210 6356 6211 6357 WOLFSSL_ENTER("SetAsnTimeString"); … … 6320 6466 /* like atoi but only use first byte */ 6321 6467 /* Make sure before and after dates are valid */ 6322 int ValidateDate(const byte* date, byte format, int dateType)6468 int wc_ValidateDate(const byte* date, byte format, int dateType) 6323 6469 { 6324 6470 time_t ltime; … … 6592 6738 WOLFSSL_MSG("Got Cert Header"); 6593 6739 6594 /* Using the sigIndex as the upper bound because that's where the 6595 * actual certificate data ends. */ 6596 if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID, 6597 oidSigType, cert->sigIndex)) < 0) 6598 return ret; 6599 6600 WOLFSSL_MSG("Got Algo ID"); 6601 6602 if ( (ret = GetName(cert, ISSUER, cert->sigIndex)) < 0) 6603 return ret; 6604 6605 if ( (ret = GetValidity(cert, verify, cert->sigIndex)) < 0) 6606 *badDate = ret; 6740 #ifdef WOLFSSL_CERT_REQ 6741 if (!cert->isCSR) { 6742 #endif 6743 /* Using the sigIndex as the upper bound because that's where the 6744 * actual certificate data ends. */ 6745 if ( (ret = GetAlgoId(cert->source, &cert->srcIdx, &cert->signatureOID, 6746 oidSigType, cert->sigIndex)) < 0) 6747 return ret; 6748 6749 WOLFSSL_MSG("Got Algo ID"); 6750 6751 if ( (ret = GetName(cert, ISSUER, cert->sigIndex)) < 0) 6752 return ret; 6753 6754 if ( (ret = GetValidity(cert, verify, cert->sigIndex)) < 0) 6755 *badDate = ret; 6756 #ifdef WOLFSSL_CERT_REQ 6757 } 6758 #endif 6607 6759 6608 6760 if ( (ret = GetName(cert, SUBJECT, cert->sigIndex)) < 0) … … 6641 6793 int length; 6642 6794 int ret; 6795 6643 6796 ret = CheckBitString(cert->source, &cert->srcIdx, &length, cert->maxIdx, 1, 6644 6797 NULL); … … 6649 6802 cert->signature = &cert->source[cert->srcIdx]; 6650 6803 cert->srcIdx += cert->sigLength; 6804 6805 if (cert->srcIdx != cert->maxIdx) 6806 return ASN_PARSE_E; 6651 6807 6652 6808 return 0; … … 6903 7059 sigCtx->digest = NULL; 6904 7060 } 6905 #if ndef NO_RSA6906 if (sigCtx-> plain) {6907 XFREE(sigCtx-> plain, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE);6908 sigCtx-> plain= NULL;7061 #if !(defined(NO_RSA) && defined(NO_DSA)) 7062 if (sigCtx->sigCpy) { 7063 XFREE(sigCtx->sigCpy, sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); 7064 sigCtx->sigCpy = NULL; 6909 7065 } 6910 7066 #endif … … 6918 7074 break; 6919 7075 #endif /* !NO_RSA */ 7076 #ifndef NO_DSA 7077 case DSAk: 7078 wc_FreeDsaKey(sigCtx->key.dsa); 7079 XFREE(sigCtx->key.dsa, sigCtx->heap, DYNAMIC_TYPE_DSA); 7080 break; 7081 #endif 6920 7082 #ifdef HAVE_ECC 6921 7083 case ECDSAk: … … 6998 7160 case CTC_SHA256wRSA: 6999 7161 case CTC_SHA256wECDSA: 7162 case CTC_SHA256wDSA: 7000 7163 if ((ret = wc_Sha256Hash(buf, bufSz, digest)) == 0) { 7001 7164 *typeH = SHA256h; … … 7105 7268 sigCtx->key.rsa = (RsaKey*)XMALLOC(sizeof(RsaKey), 7106 7269 sigCtx->heap, DYNAMIC_TYPE_RSA); 7107 sigCtx-> plain= (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,7270 sigCtx->sigCpy = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, 7108 7271 sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); 7109 if (sigCtx->key.rsa == NULL || sigCtx-> plain== NULL) {7272 if (sigCtx->key.rsa == NULL || sigCtx->sigCpy == NULL) { 7110 7273 ERROR_OUT(MEMORY_E, exit_cs); 7111 7274 } … … 7123 7286 goto exit_cs; 7124 7287 } 7125 XMEMCPY(sigCtx-> plain, sig, sigSz);7288 XMEMCPY(sigCtx->sigCpy, sig, sigSz); 7126 7289 sigCtx->out = NULL; 7127 7290 … … 7132 7295 } 7133 7296 #endif /* !NO_RSA */ 7297 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 7298 case DSAk: 7299 { 7300 word32 idx = 0; 7301 7302 if (sigSz < DSA_SIG_SIZE) { 7303 WOLFSSL_MSG("Verify Signature is too small"); 7304 ERROR_OUT(BUFFER_E, exit_cs); 7305 } 7306 sigCtx->key.dsa = (DsaKey*)XMALLOC(sizeof(DsaKey), 7307 sigCtx->heap, DYNAMIC_TYPE_DSA); 7308 sigCtx->sigCpy = (byte*)XMALLOC(sigSz, 7309 sigCtx->heap, DYNAMIC_TYPE_SIGNATURE); 7310 if (sigCtx->key.dsa == NULL || sigCtx->sigCpy == NULL) { 7311 ERROR_OUT(MEMORY_E, exit_cs); 7312 } 7313 if ((ret = wc_InitDsaKey_h(sigCtx->key.dsa, sigCtx->heap)) != 0) { 7314 WOLFSSL_MSG("wc_InitDsaKey_h error"); 7315 goto exit_cs; 7316 } 7317 if ((ret = wc_DsaPublicKeyDecode(key, &idx, sigCtx->key.dsa, 7318 keySz)) != 0) { 7319 WOLFSSL_MSG("ASN Key decode error RSA"); 7320 goto exit_cs; 7321 } 7322 if (sigSz != DSA_SIG_SIZE) { 7323 #ifdef HAVE_ECC 7324 /* Try to parse it as the contents of a bitstring */ 7325 mp_int r, s; 7326 idx = 0; 7327 if (DecodeECC_DSA_Sig(sig + idx, sigSz - idx, 7328 &r, &s) != 0) { 7329 WOLFSSL_MSG("DSA Sig is in unrecognized or " 7330 "incorrect format"); 7331 ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); 7332 } 7333 if (mp_to_unsigned_bin_len(&r, sigCtx->sigCpy, 7334 DSA_HALF_SIZE) != MP_OKAY || 7335 mp_to_unsigned_bin_len(&s, 7336 sigCtx->sigCpy + DSA_HALF_SIZE, 7337 DSA_HALF_SIZE) != MP_OKAY) { 7338 WOLFSSL_MSG("DSA Sig is in unrecognized or " 7339 "incorrect format"); 7340 ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); 7341 } 7342 mp_free(&r); 7343 mp_free(&s); 7344 #else 7345 WOLFSSL_MSG("DSA Sig is in unrecognized or " 7346 "incorrect format"); 7347 ERROR_OUT(ASN_SIG_CONFIRM_E, exit_cs); 7348 #endif 7349 } 7350 else { 7351 XMEMCPY(sigCtx->sigCpy, sig, DSA_SIG_SIZE); 7352 } 7353 break; 7354 } 7355 #endif /* !NO_DSA && !HAVE_SELFTEST */ 7134 7356 #ifdef HAVE_ECC 7135 7357 case ECDSAk: … … 7239 7461 if (sigCtx->pkCbRsa) { 7240 7462 ret = sigCtx->pkCbRsa( 7241 sigCtx-> plain, sigSz, &sigCtx->out,7463 sigCtx->sigCpy, sigSz, &sigCtx->out, 7242 7464 key, keySz, 7243 7465 sigCtx->pkCtxRsa); … … 7249 7471 if (rsaKeyIdx != NULL) 7250 7472 { 7251 ret = tsip_tls_CertVerify(buf, bufSz, sigCtx-> plain,7473 ret = tsip_tls_CertVerify(buf, bufSz, sigCtx->sigCpy, 7252 7474 sigSz, 7253 7475 sigCtx->pubkey_n_start - sigCtx->certBegin, … … 7266 7488 } else 7267 7489 #endif 7268 ret = wc_RsaSSL_VerifyInline(sigCtx-> plain, sigSz,7490 ret = wc_RsaSSL_VerifyInline(sigCtx->sigCpy, sigSz, 7269 7491 &sigCtx->out, sigCtx->key.rsa); 7270 7492 } … … 7272 7494 } 7273 7495 #endif /* !NO_RSA */ 7496 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 7497 case DSAk: 7498 { 7499 ret = wc_DsaVerify(sigCtx->digest, sigCtx->sigCpy, 7500 sigCtx->key.dsa, &sigCtx->verify); 7501 break; 7502 } 7503 #endif /* !NO_DSA && !HAVE_SELFTEST */ 7274 7504 #if defined(HAVE_ECC) 7275 7505 case ECDSAk: … … 7370 7600 } 7371 7601 #endif /* NO_RSA */ 7602 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 7603 case DSAk: 7604 { 7605 if (sigCtx->verify == 1) { 7606 ret = 0; 7607 } 7608 else { 7609 WOLFSSL_MSG("DSA Verify didn't match"); 7610 ret = ASN_SIG_CONFIRM_E; 7611 } 7612 break; 7613 } 7614 #endif /* !NO_DSA && !HAVE_SELFTEST */ 7372 7615 #ifdef HAVE_ECC 7373 7616 case ECDSAk: … … 7547 7790 return 0; 7548 7791 } 7792 #ifndef WOLFSSL_NO_ASN_STRICT 7793 /* RFC 5280 section 4.2.1.10 7794 "Restrictions of the form directoryName MUST be 7795 applied to the subject field .... and to any names 7796 of type directoryName in the subjectAltName 7797 extension" 7798 */ 7799 if (cert->altDirNames != NULL) { 7800 DNS_entry* cur = cert->altDirNames; 7801 while (cur != NULL) { 7802 if (XMEMCMP(cur->name, base->name, base->nameSz) 7803 == 0) { 7804 WOLFSSL_MSG("DIR alt name constraint err"); 7805 return 0; 7806 } 7807 cur = cur->next; 7808 } 7809 } 7810 #endif /* !WOLFSSL_NO_ASN_STRICT */ 7549 7811 break; 7550 7812 } … … 7605 7867 base->nameSz) == 0) { 7606 7868 matchDir = 1; 7869 7870 #ifndef WOLFSSL_NO_ASN_STRICT 7871 /* RFC 5280 section 4.2.1.10 7872 "Restrictions of the form directoryName MUST be 7873 applied to the subject field .... and to any names 7874 of type directoryName in the subjectAltName 7875 extension" 7876 */ 7877 if (cert->altDirNames != NULL) { 7878 DNS_entry* cur = cert->altDirNames; 7879 while (cur != NULL) { 7880 if (XMEMCMP(cur->name, base->name, base->nameSz) 7881 != 0) { 7882 WOLFSSL_MSG("DIR alt name constraint err"); 7883 matchDir = 0; /* did not match */ 7884 } 7885 cur = cur->next; 7886 } 7887 } 7888 #endif /* !WOLFSSL_NO_ASN_STRICT */ 7607 7889 } 7608 7890 break; … … 7689 7971 } 7690 7972 #ifndef IGNORE_NAME_CONSTRAINTS 7973 else if (b == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | ASN_DIR_TYPE)) { 7974 DNS_entry* dirEntry; 7975 int strLen; 7976 word32 lenStartIdx = idx; 7977 7978 if (GetLength(input, &idx, &strLen, sz) < 0) { 7979 WOLFSSL_MSG("\tfail: str length"); 7980 return ASN_PARSE_E; 7981 } 7982 7983 if (GetSequence(input, &idx, &strLen, sz) < 0) { 7984 WOLFSSL_MSG("\tfail: seq length"); 7985 return ASN_PARSE_E; 7986 } 7987 length -= (idx - lenStartIdx); 7988 7989 dirEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), cert->heap, 7990 DYNAMIC_TYPE_ALTNAME); 7991 if (dirEntry == NULL) { 7992 WOLFSSL_MSG("\tOut of Memory"); 7993 return MEMORY_E; 7994 } 7995 7996 dirEntry->type = ASN_DIR_TYPE; 7997 dirEntry->name = (char*)XMALLOC(strLen + 1, cert->heap, 7998 DYNAMIC_TYPE_ALTNAME); 7999 if (dirEntry->name == NULL) { 8000 WOLFSSL_MSG("\tOut of Memory"); 8001 XFREE(dirEntry, cert->heap, DYNAMIC_TYPE_ALTNAME); 8002 return MEMORY_E; 8003 } 8004 dirEntry->len = strLen; 8005 XMEMCPY(dirEntry->name, &input[idx], strLen); 8006 dirEntry->name[strLen] = '\0'; 8007 8008 dirEntry->next = cert->altDirNames; 8009 cert->altDirNames = dirEntry; 8010 8011 length -= strLen; 8012 idx += strLen; 8013 } 7691 8014 else if (b == (ASN_CONTEXT_SPECIFIC | ASN_RFC822_TYPE)) { 7692 8015 DNS_entry* emailEntry; … … 7796 8119 idx += strLen; 7797 8120 } 7798 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) 8121 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) 7799 8122 else if (b == (ASN_CONTEXT_SPECIFIC | ASN_IP_TYPE)) { 7800 8123 DNS_entry* ipAddr; … … 8396 8719 } 8397 8720 8398 DecodeSubtree(input + idx, length, subtree, cert->heap); 8721 if (DecodeSubtree(input + idx, length, subtree, cert->heap) < 0) { 8722 WOLFSSL_MSG("\terror parsing subtree"); 8723 return ASN_PARSE_E; 8724 } 8399 8725 8400 8726 idx += length; … … 8405 8731 #endif /* IGNORE_NAME_CONSTRAINTS */ 8406 8732 8407 #if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || defined(OPENSSL_EXTRA) 8733 #if (defined(WOLFSSL_CERT_EXT) && !defined(WOLFSSL_SEP)) || \ 8734 defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8408 8735 8409 8736 /* Decode ITU-T X.690 OID format to a string representation … … 8597 8924 return BAD_FUNC_ARG; 8598 8925 8599 if (GetASNTag(input, &idx, &tag, sz) < 0) { 8600 return ASN_PARSE_E; 8601 } 8602 8603 if (tag != ASN_EXTENSIONS) { 8604 WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); 8605 return ASN_PARSE_E; 8606 } 8607 8608 if (GetLength(input, &idx, &length, sz) < 0) { 8609 WOLFSSL_MSG("\tfail: invalid length"); 8610 return ASN_PARSE_E; 8926 #ifdef WOLFSSL_CERT_REQ 8927 if (!cert->isCSR) 8928 #endif 8929 { /* Not included in CSR */ 8930 if (GetASNTag(input, &idx, &tag, sz) < 0) { 8931 return ASN_PARSE_E; 8932 } 8933 8934 if (tag != ASN_EXTENSIONS) { 8935 WOLFSSL_MSG("\tfail: should be an EXTENSIONS"); 8936 return ASN_PARSE_E; 8937 } 8938 8939 if (GetLength(input, &idx, &length, sz) < 0) { 8940 WOLFSSL_MSG("\tfail: invalid length"); 8941 return ASN_PARSE_E; 8942 } 8611 8943 } 8612 8944 … … 8807 9139 break; 8808 9140 #endif 8809 9141 #ifdef HAVE_OCSP 9142 case OCSP_NOCHECK_OID: 9143 VERIFY_AND_SET_OID(cert->ocspNoCheckSet); 9144 ret = GetASNNull(input, &idx, sz); 9145 length = 0; /* idx is already incremented, reset length to 0 */ 9146 if (ret != 0) 9147 return ASN_PARSE_E; 9148 break; 9149 #endif 8810 9150 default: 8811 9151 #ifndef WOLFSSL_NO_ASN_STRICT … … 8914 9254 * in certificate signature verification. 8915 9255 * Must use the signature OID from the signed part of the certificate. 9256 * Works also on certificate signing requests. 8916 9257 * 8917 9258 * This is only for minimizing dynamic memory usage during TLS certificate … … 8921 9262 */ 8922 9263 static int CheckCertSignature_ex(const byte* cert, word32 certSz, void* heap, 8923 void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID )9264 void* cm, const byte* pubKey, word32 pubKeySz, int pubKeyOID, int req) 8924 9265 { 8925 9266 #ifndef WOLFSSL_SMALL_STACK … … 8998 9339 8999 9340 /* signature */ 9000 if (GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0) 9341 if (!req && 9342 GetAlgoId(cert, &idx, &signatureOID, oidSigType, certSz) < 0) 9001 9343 ret = ASN_PARSE_E; 9002 9344 } … … 9004 9346 if (ret == 0) { 9005 9347 issuerIdx = idx; 9006 /* issuer */9348 /* issuer for cert or subject for csr */ 9007 9349 if (GetSequence(cert, &idx, &len, certSz) < 0) 9008 9350 ret = ASN_PARSE_E; … … 9012 9354 } 9013 9355 #ifndef NO_SKID 9014 if ( ret == 0) {9356 if (!req && ret == 0) { 9015 9357 idx += len; 9016 9358 … … 9019 9361 ret = ASN_PARSE_E; 9020 9362 } 9021 if ( ret == 0) {9363 if (!req && ret == 0) { 9022 9364 idx += len; 9023 9365 … … 9033 9375 ret = ASN_PARSE_E; 9034 9376 } 9035 if (re t == 0) {9377 if (req && ret == 0) { 9036 9378 idx += len; 9037 9379 9038 if ((idx + 1) > certSz) 9039 ret = BUFFER_E; 9040 } 9041 if (ret == 0) { 9042 /* issuerUniqueID - optional */ 9380 /* attributes */ 9381 if (GetASNHeader_ex(cert, 9382 ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &idx, 9383 &len, certSz, 1) < 0) 9384 ret = ASN_PARSE_E; 9385 } 9386 if (!req) { 9387 if (ret == 0) { 9388 idx += len; 9389 9390 if ((idx + 1) > certSz) 9391 ret = BUFFER_E; 9392 } 9393 if (ret == 0) { 9394 /* issuerUniqueID - optional */ 9395 localIdx = idx; 9396 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9397 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { 9398 idx++; 9399 if (GetLength(cert, &idx, &len, certSz) < 0) 9400 ret = ASN_PARSE_E; 9401 idx += len; 9402 } 9403 } 9404 } 9405 if (ret == 0) { 9406 if ((idx + 1) > certSz) 9407 ret = BUFFER_E; 9408 } 9409 if (ret == 0) { 9410 /* subjectUniqueID - optional */ 9411 localIdx = idx; 9412 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9413 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) { 9414 idx++; 9415 if (GetLength(cert, &idx, &len, certSz) < 0) 9416 ret = ASN_PARSE_E; 9417 idx += len; 9418 } 9419 } 9420 } 9421 9422 if (ret == 0) { 9423 if ((idx + 1) > certSz) 9424 ret = BUFFER_E; 9425 } 9426 /* extensions - optional */ 9043 9427 localIdx = idx; 9044 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9045 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 1)) { 9046 idx++; 9047 if (GetLength(cert, &idx, &len, certSz) < 0) 9428 if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9429 tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) { 9430 idx++; 9431 if (GetLength(cert, &idx, &extLen, certSz) < 0) 9432 ret = ASN_PARSE_E; 9433 if (ret == 0) { 9434 if (GetSequence(cert, &idx, &extLen, certSz) < 0) 9048 9435 ret = ASN_PARSE_E; 9049 idx += len; 9050 } 9051 } 9052 } 9053 if (ret == 0) { 9054 if ((idx + 1) > certSz) 9055 ret = BUFFER_E; 9056 } 9057 if (ret == 0) { 9058 /* subjectUniqueID - optional */ 9059 localIdx = idx; 9060 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0) { 9061 if (tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 2)) { 9062 idx++; 9063 if (GetLength(cert, &idx, &len, certSz) < 0) 9064 ret = ASN_PARSE_E; 9065 idx += len; 9066 } 9067 } 9068 } 9069 9070 if (ret == 0) { 9071 if ((idx + 1) > certSz) 9072 ret = BUFFER_E; 9073 } 9074 /* extensions - optional */ 9075 localIdx = idx; 9076 if (ret == 0 && GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9077 tag == (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | 3)) { 9078 idx++; 9079 if (GetLength(cert, &idx, &extLen, certSz) < 0) 9080 ret = ASN_PARSE_E; 9081 if (ret == 0) { 9082 if (GetSequence(cert, &idx, &extLen, certSz) < 0) 9083 ret = ASN_PARSE_E; 9084 } 9085 if (ret == 0) { 9086 extEndIdx = idx + extLen; 9087 9088 /* Check each extension for the ones we want. */ 9089 while (ret == 0 && idx < extEndIdx) { 9090 if (GetSequence(cert, &idx, &len, certSz) < 0) 9091 ret = ASN_PARSE_E; 9092 if (ret == 0) { 9093 extIdx = idx; 9094 if (GetObjectId(cert, &extIdx, &oid, oidCertExtType, 9095 certSz) < 0) { 9436 } 9437 if (ret == 0) { 9438 extEndIdx = idx + extLen; 9439 9440 /* Check each extension for the ones we want. */ 9441 while (ret == 0 && idx < extEndIdx) { 9442 if (GetSequence(cert, &idx, &len, certSz) < 0) 9096 9443 ret = ASN_PARSE_E; 9444 if (ret == 0) { 9445 extIdx = idx; 9446 if (GetObjectId(cert, &extIdx, &oid, oidCertExtType, 9447 certSz) < 0) { 9448 ret = ASN_PARSE_E; 9449 } 9450 9451 if (ret == 0) { 9452 if ((extIdx + 1) > certSz) 9453 ret = BUFFER_E; 9454 } 9097 9455 } 9098 9456 9099 9457 if (ret == 0) { 9100 if ((extIdx + 1) > certSz) 9101 ret = BUFFER_E; 9458 localIdx = extIdx; 9459 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9460 tag == ASN_BOOLEAN) { 9461 if (GetBoolean(cert, &extIdx, certSz) < 0) 9462 ret = ASN_PARSE_E; 9463 } 9102 9464 } 9103 } 9104 9105 if (ret == 0) { 9106 localIdx = extIdx; 9107 if (GetASNTag(cert, &localIdx, &tag, certSz) == 0 && 9108 tag == ASN_BOOLEAN) { 9109 if (GetBoolean(cert, &extIdx, certSz) < 0) 9465 if (ret == 0) { 9466 if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0) 9110 9467 ret = ASN_PARSE_E; 9111 9468 } 9112 } 9113 if (ret == 0) { 9114 if (GetOctetString(cert, &extIdx, &extLen, certSz) < 0) 9115 ret = ASN_PARSE_E; 9116 } 9117 9118 if (ret == 0) { 9119 switch (oid) { 9120 case AUTH_KEY_OID: 9121 if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) 9122 ret = ASN_PARSE_E; 9123 9124 if (ret == 0 && (extIdx + 1) >= certSz) 9125 ret = BUFFER_E; 9126 9127 if (ret == 0 && 9128 GetASNTag(cert, &extIdx, &tag, certSz) == 0 && 9129 tag == (ASN_CONTEXT_SPECIFIC | 0)) { 9130 if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) 9469 9470 if (ret == 0) { 9471 switch (oid) { 9472 case AUTH_KEY_OID: 9473 if (GetSequence(cert, &extIdx, &extLen, certSz) < 0) 9131 9474 ret = ASN_PARSE_E; 9132 if (ret == 0) { 9133 extAuthKeyIdSet = 1; 9134 if (extLen == KEYID_SIZE) 9135 XMEMCPY(hash, cert + extIdx, extLen); 9136 else { 9137 ret = CalcHashId(cert + extIdx, extLen, 9138 hash); 9475 9476 if (ret == 0 && (extIdx + 1) >= certSz) 9477 ret = BUFFER_E; 9478 9479 if (ret == 0 && 9480 GetASNTag(cert, &extIdx, &tag, certSz) == 0 && 9481 tag == (ASN_CONTEXT_SPECIFIC | 0)) { 9482 if (GetLength(cert, &extIdx, &extLen, certSz) <= 0) 9483 ret = ASN_PARSE_E; 9484 if (ret == 0) { 9485 extAuthKeyIdSet = 1; 9486 if (extLen == KEYID_SIZE) 9487 XMEMCPY(hash, cert + extIdx, extLen); 9488 else { 9489 ret = CalcHashId(cert + extIdx, extLen, 9490 hash); 9491 } 9139 9492 } 9140 9493 } 9494 break; 9495 9496 default: 9497 break; 9141 9498 } 9142 break;9143 9144 default:9145 break;9146 9499 } 9500 idx += len; 9147 9501 } 9148 idx += len; 9149 } 9150 } 9502 } 9503 } 9504 } 9505 else if (ret == 0) { 9506 idx += len; 9151 9507 } 9152 9508 … … 9175 9531 if (GetAlgoId(cert, &idx, &oid, oidSigType, certSz) < 0) 9176 9532 ret = ASN_PARSE_E; 9533 /* In CSR signature data is not present in body */ 9534 if (req) 9535 signatureOID = oid; 9177 9536 } 9178 9537 if (ret == 0) { … … 9219 9578 { 9220 9579 return CheckCertSignature_ex(cert, certSz, heap, NULL, 9221 pubKey, pubKeySz, pubKeyOID); 9222 } 9580 pubKey, pubKeySz, pubKeyOID, 0); 9581 } 9582 #ifdef WOLFSSL_CERT_REQ 9583 int CheckCSRSignaturePubKey(const byte* cert, word32 certSz, void* heap, 9584 const byte* pubKey, word32 pubKeySz, int pubKeyOID) 9585 { 9586 return CheckCertSignature_ex(cert, certSz, heap, NULL, 9587 pubKey, pubKeySz, pubKeyOID, 1); 9588 } 9589 #endif /* WOLFSSL_CERT_REQ */ 9223 9590 #endif /* OPENSSL_EXTRA */ 9224 9591 #ifdef WOLFSSL_SMALL_CERT_VERIFY … … 9227 9594 int CheckCertSignature(const byte* cert, word32 certSz, void* heap, void* cm) 9228 9595 { 9229 return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0 );9596 return CheckCertSignature_ex(cert, certSz, heap, cm, NULL, 0, 0, 0); 9230 9597 } 9231 9598 #endif /* WOLFSSL_SMALL_CERT_VERIFY */ … … 9237 9604 int checkPathLen = 0; 9238 9605 int decrementMaxPathLen = 0; 9239 word32 confirmOID ;9606 word32 confirmOID = 0; 9240 9607 #if defined(WOLFSSL_RENESAS_TSIP) 9241 9608 int idx = 0; 9242 9609 #endif 9243 9610 byte* tsip_encRsaKeyIdx; 9611 #ifdef WOLFSSL_CERT_REQ 9612 int len = 0; 9613 #endif 9244 9614 9245 9615 if (cert == NULL) { 9246 9616 return BAD_FUNC_ARG; 9247 9617 } 9618 9619 #ifdef WOLFSSL_CERT_REQ 9620 if (type == CERTREQ_TYPE) 9621 cert->isCSR = 1; 9622 #endif 9248 9623 9249 9624 if (cert->sigCtx.state == SIG_STATE_BEGIN) { … … 9259 9634 WOLFSSL_MSG("Parsed Past Key"); 9260 9635 9636 9637 #ifdef WOLFSSL_CERT_REQ 9638 /* Read attributes */ 9639 if (cert->isCSR) { 9640 if (GetASNHeader_ex(cert->source, 9641 ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED, &cert->srcIdx, 9642 &len, cert->maxIdx, 1) < 0) { 9643 WOLFSSL_MSG("GetASNHeader_ex error"); 9644 return ASN_PARSE_E; 9645 } 9646 9647 if (len) { 9648 word32 attrMaxIdx = cert->srcIdx + len; 9649 word32 oid; 9650 byte tag; 9651 9652 if (attrMaxIdx > cert->maxIdx) { 9653 WOLFSSL_MSG("Attribute length greater than CSR length"); 9654 return ASN_PARSE_E; 9655 } 9656 9657 while (cert->srcIdx < attrMaxIdx) { 9658 /* Attributes have the structure: 9659 * SEQ -> OID -> SET -> ATTRIBUTE */ 9660 if (GetSequence(cert->source, &cert->srcIdx, &len, 9661 attrMaxIdx) < 0) { 9662 WOLFSSL_MSG("attr GetSequence error"); 9663 return ASN_PARSE_E; 9664 } 9665 if (GetObjectId(cert->source, &cert->srcIdx, &oid, 9666 oidCsrAttrType, attrMaxIdx) < 0) { 9667 WOLFSSL_MSG("attr GetObjectId error"); 9668 return ASN_PARSE_E; 9669 } 9670 if (GetSet(cert->source, &cert->srcIdx, &len, 9671 attrMaxIdx) < 0) { 9672 WOLFSSL_MSG("attr GetSet error"); 9673 return ASN_PARSE_E; 9674 } 9675 switch (oid) { 9676 case CHALLENGE_PASSWORD_OID: 9677 if (GetHeader(cert->source, &tag, 9678 &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { 9679 WOLFSSL_MSG("attr GetHeader error"); 9680 return ASN_PARSE_E; 9681 } 9682 if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING && 9683 tag != ASN_IA5_STRING) { 9684 WOLFSSL_MSG("Unsupported attribute value format"); 9685 return ASN_PARSE_E; 9686 } 9687 cert->cPwd = (char*)cert->source + cert->srcIdx; 9688 cert->cPwdLen = len; 9689 cert->srcIdx += len; 9690 break; 9691 case SERIAL_NUMBER_OID: 9692 if (GetHeader(cert->source, &tag, 9693 &cert->srcIdx, &len, attrMaxIdx, 1) < 0) { 9694 WOLFSSL_MSG("attr GetHeader error"); 9695 return ASN_PARSE_E; 9696 } 9697 if (tag != ASN_PRINTABLE_STRING && tag != ASN_UTF8STRING && 9698 tag != ASN_IA5_STRING) { 9699 WOLFSSL_MSG("Unsupported attribute value format"); 9700 return ASN_PARSE_E; 9701 } 9702 cert->sNum = (char*)cert->source + cert->srcIdx; 9703 cert->sNumLen = len; 9704 cert->srcIdx += len; 9705 if (cert->sNumLen <= EXTERNAL_SERIAL_SIZE) { 9706 XMEMCPY(cert->serial, cert->sNum, cert->sNumLen); 9707 cert->serialSz = cert->sNumLen; 9708 } 9709 break; 9710 case EXTENSION_REQUEST_OID: 9711 /* save extensions */ 9712 cert->extensions = &cert->source[cert->srcIdx]; 9713 cert->extensionsSz = len; 9714 cert->extensionsIdx = cert->srcIdx; /* for potential later use */ 9715 9716 if ((ret = DecodeCertExtensions(cert)) < 0) { 9717 if (ret == ASN_CRIT_EXT_E) 9718 cert->criticalExt = ret; 9719 else 9720 return ret; 9721 } 9722 cert->srcIdx += len; 9723 break; 9724 default: 9725 WOLFSSL_MSG("Unsupported attribute type"); 9726 return ASN_PARSE_E; 9727 } 9728 } 9729 } 9730 } 9731 #endif 9732 9261 9733 if (cert->srcIdx < cert->sigIndex) { 9262 9734 #ifndef ALLOW_V1_EXTENSIONS … … 9279 9751 } 9280 9752 9753 #ifdef HAVE_OCSP 9754 /* trust for the lifetime of the responder's cert*/ 9755 if (cert->ocspNoCheckSet && verify == VERIFY_OCSP) 9756 verify = NO_VERIFY; 9757 #endif 9281 9758 /* advance past extensions */ 9282 9759 cert->srcIdx = cert->sigIndex; 9283 9760 } 9284 9761 9285 if ((ret = GetAlgoId(cert->source, &cert->srcIdx, &confirmOID, 9286 oidSigType, cert->maxIdx)) < 0) 9762 if ((ret = GetAlgoId(cert->source, &cert->srcIdx, 9763 #ifdef WOLFSSL_CERT_REQ 9764 !cert->isCSR ? &confirmOID : &cert->signatureOID, 9765 #else 9766 &confirmOID, 9767 #endif 9768 oidSigType, cert->maxIdx)) < 0) 9287 9769 return ret; 9288 9770 … … 9290 9772 return ret; 9291 9773 9292 if (confirmOID != cert->signatureOID) 9774 if (confirmOID != cert->signatureOID 9775 #ifdef WOLFSSL_CERT_REQ 9776 && !cert->isCSR 9777 #endif 9778 ) 9293 9779 return ASN_SIG_OID_E; 9294 9780 … … 9341 9827 cert->ca = GetCA(cm, cert->issuerHash); 9342 9828 #endif /* !NO_SKID */ 9829 9830 if (cert->ca) { 9831 WOLFSSL_MSG("CA found"); 9832 } 9343 9833 } 9344 9834 … … 9425 9915 } 9426 9916 } 9427 #ifdef HAVE_OCSP9428 if (verify != NO_VERIFY && type != CA_TYPE && 9429 type != TRUSTED_PEER_TYPE) {9430 if (cert->ca) {9431 /* Need the CA's public key hash for OCSP */9432 XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash,9433 KEYID_SIZE);9434 }9435 9436 } 9437 #endif /* HAVE_OCSP */9438 }9917 } 9918 9919 #ifdef HAVE_OCSP 9920 if (verify != NO_VERIFY && type != CA_TYPE && 9921 type != TRUSTED_PEER_TYPE) { 9922 if (cert->ca) { 9923 /* Need the CA's public key hash for OCSP */ 9924 XMEMCPY(cert->issuerKeyHash, cert->ca->subjectKeyHash, 9925 KEYID_SIZE); 9926 } 9927 } 9928 #endif /* HAVE_OCSP */ 9439 9929 } 9440 9930 #if defined(WOLFSSL_RENESAS_TSIP) … … 9799 10289 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) 9800 10290 9801 /* Max X509 header length indicates the max length + 2 ('\n', '\0') */9802 #define MAX_X509_HEADER_SZ (37 + 2) 9803 10291 /* Note: If items added make sure MAX_X509_HEADER_SZ is 10292 updated to reflect maximum length and pem_struct_min_sz 10293 to reflect minimum size */ 9804 10294 wcchar BEGIN_CERT = "-----BEGIN CERTIFICATE-----"; 9805 10295 wcchar END_CERT = "-----END CERTIFICATE-----"; … … 9844 10334 wcchar END_EDDSA_PRIV = "-----END EDDSA PRIVATE KEY-----"; 9845 10335 #endif 9846 #ifdef HAVE_CRL 9847 const char *const BEGIN_CRL = "-----BEGIN X509 CRL-----"; 9848 wcchar END_CRL = "-----END X509 CRL-----"; 9849 #endif 9850 10336 10337 const int pem_struct_min_sz = XSTR_SIZEOF("-----BEGIN X509 CRL-----" 10338 "-----END X509 CRL-----"); 9851 10339 9852 10340 static WC_INLINE char* SkipEndOfLineChars(char* line, const char* endOfLine) … … 9940 10428 ret = 0; 9941 10429 break; 9942 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))10430 #ifndef NO_DH 9943 10431 case DH_PRIVATEKEY_TYPE: 9944 10432 #endif … … 10374 10862 } else 10375 10863 #ifdef HAVE_CRL 10376 if ((type == CRL_TYPE) && (header != BEGIN_ CRL)) {10377 header = BEGIN_ CRL; footer = END_CRL;10864 if ((type == CRL_TYPE) && (header != BEGIN_X509_CRL)) { 10865 header = BEGIN_X509_CRL; footer = END_X509_CRL; 10378 10866 } else 10379 10867 #endif … … 10385 10873 if (!headerEnd) { 10386 10874 #ifdef OPENSSL_EXTRA 10387 char* beginEnd; 10388 int endLen; 10389 /* see if there is a -----BEGIN * PRIVATE KEY----- header */ 10390 headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); 10391 if (headerEnd) { 10392 beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); 10393 /* back up to BEGIN_PRIV_KEY_PREFIX */ 10394 headerEnd -= XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX); 10395 while (headerEnd > (char*)buff && 10396 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10397 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0) { 10398 headerEnd--; 10399 } 10400 if (headerEnd <= (char*)buff || 10401 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10402 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 || 10403 beginEnd - headerEnd > PEM_LINE_LEN) { 10404 WOLFSSL_MSG("Couldn't find PEM header"); 10405 return ASN_NO_PEM_HEADER; 10406 } 10407 /* headerEnd now points to beginning of header */ 10408 XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); 10409 beginBuf[beginEnd - headerEnd] = '\0'; 10410 /* look for matching footer */ 10411 footer = XSTRNSTR(beginEnd, 10412 beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX), 10413 (unsigned int)((char*)buff + sz - beginEnd)); 10414 if (!footer) { 10415 WOLFSSL_MSG("Couldn't find PEM footer"); 10416 return ASN_NO_PEM_HEADER; 10417 } 10418 footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); 10419 endLen = (unsigned int)(beginEnd - headerEnd - 10420 (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - 10421 XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); 10422 XMEMCPY(endBuf, footer, endLen); 10423 endBuf[endLen] = '\0'; 10424 10425 header = beginBuf; 10426 footer = endBuf; 10427 headerEnd = beginEnd; 10428 } else { 10875 if (type == PRIVATEKEY_TYPE) { 10876 char* beginEnd; 10877 int endLen; 10878 /* see if there is a -----BEGIN * PRIVATE KEY----- header */ 10879 headerEnd = XSTRNSTR((char*)buff, PRIV_KEY_SUFFIX, sz); 10880 if (headerEnd) { 10881 beginEnd = headerEnd + XSTR_SIZEOF(PRIV_KEY_SUFFIX); 10882 if (beginEnd >= (char*)buff + sz) { 10883 return BUFFER_E; 10884 } 10885 10886 /* back up to BEGIN_PRIV_KEY_PREFIX */ 10887 while (headerEnd > (char*)buff && 10888 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10889 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 && 10890 *headerEnd != '\n') { 10891 headerEnd--; 10892 } 10893 if (headerEnd <= (char*)buff || 10894 XSTRNCMP(headerEnd, BEGIN_PRIV_KEY_PREFIX, 10895 XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX)) != 0 || 10896 beginEnd - headerEnd > PEM_LINE_LEN) { 10897 WOLFSSL_MSG("Couldn't find PEM header"); 10898 return ASN_NO_PEM_HEADER; 10899 } 10900 10901 /* headerEnd now points to beginning of header */ 10902 XMEMCPY(beginBuf, headerEnd, beginEnd - headerEnd); 10903 beginBuf[beginEnd - headerEnd] = '\0'; 10904 /* look for matching footer */ 10905 footer = XSTRNSTR(beginEnd, 10906 beginBuf + XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX), 10907 (unsigned int)((char*)buff + sz - beginEnd)); 10908 if (!footer) { 10909 WOLFSSL_MSG("Couldn't find PEM footer"); 10910 return ASN_NO_PEM_HEADER; 10911 } 10912 10913 footer -= XSTR_SIZEOF(END_PRIV_KEY_PREFIX); 10914 if (footer > (char*)buff + sz - XSTR_SIZEOF(END_PRIV_KEY_PREFIX) 10915 || XSTRNCMP(footer, END_PRIV_KEY_PREFIX, 10916 XSTR_SIZEOF(END_PRIV_KEY_PREFIX)) != 0) { 10917 WOLFSSL_MSG("Unexpected footer for PEM"); 10918 return BUFFER_E; 10919 } 10920 10921 endLen = (unsigned int)(beginEnd - headerEnd - 10922 (XSTR_SIZEOF(BEGIN_PRIV_KEY_PREFIX) - 10923 XSTR_SIZEOF(END_PRIV_KEY_PREFIX))); 10924 XMEMCPY(endBuf, footer, endLen); 10925 endBuf[endLen] = '\0'; 10926 10927 header = beginBuf; 10928 footer = endBuf; 10929 headerEnd = beginEnd; 10930 } 10931 } 10932 10933 if (!headerEnd) { 10429 10934 WOLFSSL_MSG("Couldn't find PEM header"); 10430 10935 return ASN_NO_PEM_HEADER; … … 10583 11088 #ifndef NO_DES3 10584 11089 if (info->cipherType == WC_CIPHER_DES3) { 10585 padVal = der->buffer[der->length-1]; 10586 if (padVal <= DES_BLOCK_SIZE) { 10587 der->length -= padVal; 11090 /* Assuming there is padding: 11091 * (der->length > 0 && der->length > DES_BLOCK_SIZE && 11092 * (der->length % DES_BLOCK_SIZE) != 0) 11093 * and assuming the last value signifies the number of 11094 * padded bytes IE if last value is 0x08 then there are 11095 * 8 bytes of padding: 11096 * padVal = der->buffer[der->length-1]; 11097 * then strip this padding before proceeding: 11098 * der->length -= padVal; 11099 */ 11100 if (der->length > 0 && 11101 der->length > DES_BLOCK_SIZE && 11102 (der->length % DES_BLOCK_SIZE) != 0) { 11103 padVal = der->buffer[der->length-1]; 11104 if (padVal < DES_BLOCK_SIZE) { 11105 der->length -= padVal; 11106 } 10588 11107 } 10589 11108 } … … 10822 11341 10823 11342 if (ret == 0) { 10824 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) !=sz) {11343 if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { 10825 11344 ret = BUFFER_E; 10826 11345 } … … 10902 11421 } 10903 11422 if (ret == 0) { 10904 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) !=sz) {11423 if ((size_t)XFREAD(fileBuf, 1, sz, file) != (size_t)sz) { 10905 11424 ret = BUFFER_E; 10906 11425 } … … 11477 11996 #endif 11478 11997 11479 #if def HAVE_SELFTEST11998 #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) 11480 11999 /* older version of ecc.c can not handle dp being NULL */ 11481 12000 if (key != NULL && key->dp == NULL) { … … 11584 12103 } 11585 12104 11586 #if def HAVE_SELFTEST12105 #if defined(HAVE_SELFTEST) || defined(HAVE_FIPS) 11587 12106 /* older version of ecc.c can not handle dp being NULL */ 11588 12107 if (key != NULL && key->dp == NULL) { … … 11648 12167 if (idx != 0) { 11649 12168 #ifdef WOLFSSL_SMALL_STACK 11650 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12169 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11651 12170 #endif 11652 12171 return idx; … … 11658 12177 algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11659 12178 if (algo == NULL) { 11660 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12179 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11661 12180 return MEMORY_E; 11662 12181 } … … 11752 12271 if (idx != 0) { 11753 12272 #ifdef WOLFSSL_SMALL_STACK 11754 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12273 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11755 12274 #endif 11756 12275 return idx; … … 11762 12281 algo = (byte*)XMALLOC(MAX_ALGO_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11763 12282 if (algo == NULL) { 11764 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER);12283 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER); 11765 12284 return MEMORY_E; 11766 12285 } … … 11887 12406 11888 12407 #endif 11889 11890 11891 /* Set Date validity from now until now + daysValid11892 * return size in bytes written to output, 0 on error */11893 static int SetValidity(byte* output, int daysValid)11894 {11895 byte before[MAX_DATE_SIZE];11896 byte after[MAX_DATE_SIZE];11897 11898 int beforeSz;11899 int afterSz;11900 int seqSz;11901 11902 time_t now;11903 time_t then;11904 struct tm* tmpTime;11905 struct tm* expandedTime;11906 struct tm localTime;11907 11908 #if defined(NEED_TMP_TIME)11909 /* for use with gmtime_r */11910 struct tm tmpTimeStorage;11911 tmpTime = &tmpTimeStorage;11912 #else11913 tmpTime = NULL;11914 #endif11915 (void)tmpTime;11916 11917 now = XTIME(0);11918 11919 /* before now */11920 before[0] = ASN_GENERALIZED_TIME;11921 beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */11922 11923 /* subtract 1 day of seconds for more compliance */11924 then = now - 86400;11925 expandedTime = XGMTIME(&then, tmpTime);11926 if (expandedTime == NULL) {11927 WOLFSSL_MSG("XGMTIME failed");11928 return 0; /* error */11929 }11930 localTime = *expandedTime;11931 11932 /* adjust */11933 localTime.tm_year += 1900;11934 localTime.tm_mon += 1;11935 11936 SetTime(&localTime, before + beforeSz);11937 beforeSz += ASN_GEN_TIME_SZ;11938 11939 after[0] = ASN_GENERALIZED_TIME;11940 afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */11941 11942 /* add daysValid of seconds */11943 then = now + (daysValid * (time_t)86400);11944 expandedTime = XGMTIME(&then, tmpTime);11945 if (expandedTime == NULL) {11946 WOLFSSL_MSG("XGMTIME failed");11947 return 0; /* error */11948 }11949 localTime = *expandedTime;11950 11951 /* adjust */11952 localTime.tm_year += 1900;11953 localTime.tm_mon += 1;11954 11955 SetTime(&localTime, after + afterSz);11956 afterSz += ASN_GEN_TIME_SZ;11957 11958 /* headers and output */11959 seqSz = SetSequence(beforeSz + afterSz, output);11960 XMEMCPY(output + seqSz, before, beforeSz);11961 XMEMCPY(output + seqSz + beforeSz, after, afterSz);11962 11963 return seqSz + beforeSz + afterSz;11964 }11965 11966 12408 11967 12409 /* ASN Encoded Name field */ … … 11976 12418 11977 12419 /* Get Which Name from index */ 11978 static const char* GetOneName(CertName* name, int idx)12420 const char* GetOneCertName(CertName* name, int idx) 11979 12421 { 11980 12422 switch (idx) { … … 12065 12507 12066 12508 /* Get ASN Name from index */ 12067 static byte GetNameId(int idx)12509 byte GetCertNameId(int idx) 12068 12510 { 12069 12511 switch (idx) { … … 12106 12548 } 12107 12549 } 12550 12108 12551 12109 12552 /* … … 12528 12971 curName = names; 12529 12972 do { 12530 output[idx++] = ASN_CONTEXT_SPECIFIC | curName->type; 12973 output[idx] = ASN_CONTEXT_SPECIFIC | curName->type; 12974 if (curName->type == ASN_DIR_TYPE) { 12975 output[idx] |= ASN_CONSTRUCTED; 12976 } 12977 idx++; 12531 12978 idx += SetLength(curName->len, output + idx); 12532 12979 XMEMCPY(output + idx, curName->name, curName->len); … … 12574 13021 /* Restrict country code size */ 12575 13022 if (ASN_COUNTRY_NAME == type && strLen != CTC_COUNTRY_SIZE) { 13023 WOLFSSL_MSG("Country code size error"); 12576 13024 return ASN_COUNTRY_SIZE_E; 12577 13025 } … … 12671 13119 } 12672 13120 13121 13122 13123 13124 /* Guarded by either 13125 * A) WOLFSSL_WPAS_SMALL is on or 13126 * B) (OPENSSL_EXTRA or OPENSSL_EXTRA_X509_SMALL) + WOLFSSL_CERT_GEN + 13127 * (WOLFSSL_CERT_REQ or WOLFSSL_CERT_EXT or OPENSSL_EXTRA) has been 13128 * defined 13129 */ 13130 #if defined(WOLFSSL_WPAS_SMALL) || \ 13131 (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 13132 defined(WOLFSSL_CERT_GEN) && \ 13133 (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ 13134 defined(OPENSSL_EXTRA)) 13135 /* Converts from NID_* value to wolfSSL value if needed */ 13136 static int ConvertNIDToWolfSSL(int nid) 13137 { 13138 switch (nid) { 13139 case NID_commonName : return ASN_COMMON_NAME; 13140 case NID_surname : return ASN_SUR_NAME; 13141 case NID_countryName: return ASN_COUNTRY_NAME; 13142 case NID_localityName: return ASN_LOCALITY_NAME; 13143 case NID_stateOrProvinceName: return ASN_STATE_NAME; 13144 case NID_organizationName: return ASN_ORG_NAME; 13145 case NID_organizationalUnitName: return ASN_ORGUNIT_NAME; 13146 case NID_emailAddress: return ASN_EMAIL_NAME; 13147 case NID_serialNumber: return ASN_SERIAL_NUMBER; 13148 case NID_businessCategory: return ASN_BUS_CAT; 13149 case NID_domainComponent: return ASN_DOMAIN_COMPONENT; 13150 default: 13151 WOLFSSL_MSG("Attribute NID not found"); 13152 return -1; 13153 } 13154 } 13155 13156 13157 /* Converts the x509 name structure into DER format. 13158 * 13159 * out pointer to either a pre setup buffer or a pointer to null for 13160 * creating a dynamic buffer. In the case that a pre-existing buffer is 13161 * used out will be incremented the size of the DER buffer on success. 13162 * 13163 * returns the size of the buffer on success, or negative value with failure 13164 */ 13165 int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) 13166 { 13167 int totalBytes = 0, i, idx; 13168 byte temp[MAX_SEQ_SZ]; 13169 byte *output, *local = NULL; 13170 #ifdef WOLFSSL_SMALL_STACK 13171 EncodedName* names = NULL; 13172 #else 13173 EncodedName names[MAX_NAME_ENTRIES]; 13174 #endif 13175 13176 if (out == NULL || name == NULL) 13177 return BAD_FUNC_ARG; 13178 13179 #ifdef WOLFSSL_SMALL_STACK 13180 names = (EncodedName*)XMALLOC(sizeof(EncodedName) * MAX_NAME_ENTRIES, NULL, 13181 DYNAMIC_TYPE_TMP_BUFFER); 13182 if (names == NULL) 13183 return MEMORY_E; 13184 #endif 13185 13186 XMEMSET(names, 0, sizeof(EncodedName) * MAX_NAME_ENTRIES); 13187 13188 for (i = 0; i < MAX_NAME_ENTRIES; i++) { 13189 WOLFSSL_X509_NAME_ENTRY* entry; 13190 int ret; 13191 13192 entry = wolfSSL_X509_NAME_get_entry(name, i); 13193 if (entry != NULL && entry->set == 1) { 13194 const char* nameStr; 13195 int type; 13196 WOLFSSL_ASN1_STRING* data; 13197 13198 data = wolfSSL_X509_NAME_ENTRY_get_data(entry); 13199 if (data == NULL) { 13200 #ifdef WOLFSSL_SMALL_STACK 13201 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13202 #endif 13203 WOLFSSL_MSG("Error getting entry data"); 13204 return WOLFSSL_FATAL_ERROR; 13205 } 13206 13207 nameStr = (const char*)wolfSSL_ASN1_STRING_data(data); 13208 type = wolfSSL_ASN1_STRING_type(data); 13209 13210 switch (type) { 13211 case MBSTRING_UTF8: 13212 type = CTC_UTF8; 13213 break; 13214 case V_ASN1_PRINTABLESTRING: 13215 type = CTC_PRINTABLE; 13216 break; 13217 default: 13218 WOLFSSL_MSG("Unknown encoding type conversion UTF8 by default"); 13219 type = CTC_UTF8; 13220 } 13221 ret = wc_EncodeName(&names[i], nameStr, type, 13222 ConvertNIDToWolfSSL(entry->nid)); 13223 if (ret < 0) { 13224 #ifdef WOLFSSL_SMALL_STACK 13225 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13226 #endif 13227 WOLFSSL_MSG("EncodeName failed"); 13228 return WOLFSSL_FATAL_ERROR; 13229 } 13230 totalBytes += ret; 13231 } 13232 } 13233 13234 /* header */ 13235 idx = SetSequence(totalBytes, temp); 13236 if (totalBytes + idx > ASN_NAME_MAX) { 13237 #ifdef WOLFSSL_SMALL_STACK 13238 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13239 #endif 13240 WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX"); 13241 return BUFFER_E; 13242 } 13243 13244 /* check if using buffer passed in */ 13245 if (*out == NULL) { 13246 *out = local = (unsigned char*)XMALLOC(totalBytes + idx, NULL, 13247 DYNAMIC_TYPE_OPENSSL); 13248 if (*out == NULL) { 13249 return MEMORY_E; 13250 } 13251 } 13252 output = *out; 13253 13254 idx = SetSequence(totalBytes, output); 13255 totalBytes += idx; 13256 for (i = 0; i < MAX_NAME_ENTRIES; i++) { 13257 if (names[i].used) { 13258 XMEMCPY(output + idx, names[i].encoded, names[i].totalLen); 13259 idx += names[i].totalLen; 13260 } 13261 } 13262 13263 #ifdef WOLFSSL_SMALL_STACK 13264 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 13265 #endif 13266 13267 /* used existing buffer passed in, so increment pointer */ 13268 if (local == NULL) { 13269 *out += totalBytes; 13270 } 13271 return totalBytes; 13272 } 13273 #endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */ 13274 13275 12673 13276 /* encode CertName into output, return total bytes written */ 12674 13277 int SetName(byte* output, word32 outputSz, CertName* name) … … 12700 13303 for (i = 0; i < NAME_ENTRIES; i++) { 12701 13304 int ret; 12702 const char* nameStr = GetOne Name(name, i);13305 const char* nameStr = GetOneCertName(name, i); 12703 13306 12704 13307 ret = wc_EncodeName(&names[i], nameStr, GetNameType(name, i), 12705 Get NameId(i));13308 GetCertNameId(i)); 12706 13309 if (ret < 0) { 12707 13310 #ifdef WOLFSSL_SMALL_STACK 12708 13311 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12709 13312 #endif 12710 return BUFFER_E; 13313 WOLFSSL_MSG("EncodeName failed"); 13314 return BUFFER_E; 12711 13315 } 12712 13316 totalBytes += ret; … … 12722 13326 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12723 13327 #endif 13328 WOLFSSL_MSG("EncodeName on multiple attributes failed\n"); 12724 13329 return BUFFER_E; 12725 13330 } … … 12739 13344 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12740 13345 #endif 13346 WOLFSSL_MSG("Total Bytes is greater than ASN_NAME_MAX"); 12741 13347 return BUFFER_E; 12742 13348 } … … 12744 13350 for (i = 0; i < NAME_ENTRIES; i++) { 12745 13351 #ifdef WOLFSSL_MULTI_ATTRIB 12746 type = Get NameId(i);13352 type = GetCertNameId(i); 12747 13353 12748 13354 /* list all DC values before OUs */ … … 12755 13361 XFREE(names, NULL, DYNAMIC_TYPE_TMP_BUFFER); 12756 13362 #endif 13363 WOLFSSL_MSG("Not enough space left for DC value"); 12757 13364 return BUFFER_E; 12758 13365 } … … 12803 13410 } 12804 13411 13412 /* Set Date validity from now until now + daysValid 13413 * return size in bytes written to output, 0 on error */ 13414 static int SetValidity(byte* output, int daysValid) 13415 { 13416 byte before[MAX_DATE_SIZE]; 13417 byte after[MAX_DATE_SIZE]; 13418 13419 int beforeSz; 13420 int afterSz; 13421 int seqSz; 13422 13423 time_t now; 13424 time_t then; 13425 struct tm* tmpTime; 13426 struct tm* expandedTime; 13427 struct tm localTime; 13428 13429 #if defined(NEED_TMP_TIME) 13430 /* for use with gmtime_r */ 13431 struct tm tmpTimeStorage; 13432 tmpTime = &tmpTimeStorage; 13433 #else 13434 tmpTime = NULL; 13435 #endif 13436 (void)tmpTime; 13437 13438 now = XTIME(0); 13439 13440 /* before now */ 13441 before[0] = ASN_GENERALIZED_TIME; 13442 beforeSz = SetLength(ASN_GEN_TIME_SZ, before + 1) + 1; /* gen tag */ 13443 13444 /* subtract 1 day of seconds for more compliance */ 13445 then = now - 86400; 13446 expandedTime = XGMTIME(&then, tmpTime); 13447 if (expandedTime == NULL) { 13448 WOLFSSL_MSG("XGMTIME failed"); 13449 return 0; /* error */ 13450 } 13451 localTime = *expandedTime; 13452 13453 /* adjust */ 13454 localTime.tm_year += 1900; 13455 localTime.tm_mon += 1; 13456 13457 SetTime(&localTime, before + beforeSz); 13458 beforeSz += ASN_GEN_TIME_SZ; 13459 13460 after[0] = ASN_GENERALIZED_TIME; 13461 afterSz = SetLength(ASN_GEN_TIME_SZ, after + 1) + 1; /* gen tag */ 13462 13463 /* add daysValid of seconds */ 13464 then = now + (daysValid * (time_t)86400); 13465 expandedTime = XGMTIME(&then, tmpTime); 13466 if (expandedTime == NULL) { 13467 WOLFSSL_MSG("XGMTIME failed"); 13468 return 0; /* error */ 13469 } 13470 localTime = *expandedTime; 13471 13472 /* adjust */ 13473 localTime.tm_year += 1900; 13474 localTime.tm_mon += 1; 13475 13476 SetTime(&localTime, after + afterSz); 13477 afterSz += ASN_GEN_TIME_SZ; 13478 13479 /* headers and output */ 13480 seqSz = SetSequence(beforeSz + afterSz, output); 13481 XMEMCPY(output + seqSz, before, beforeSz); 13482 XMEMCPY(output + seqSz + beforeSz, after, afterSz); 13483 13484 return seqSz + beforeSz + afterSz; 13485 } 13486 12805 13487 /* encode info from cert into DER encoded format */ 12806 13488 static int EncodeCert(Cert* cert, DerCert* der, RsaKey* rsaKey, ecc_key* eccKey, 12807 WC_RNG* rng, const byte* ntruKey, word16 ntruSz, 13489 WC_RNG* rng, const byte* ntruKey, word16 ntruSz, DsaKey* dsaKey, 12808 13490 ed25519_key* ed25519Key, ed448_key* ed448Key) 12809 13491 { … … 12815 13497 /* make sure at least one key type is provided */ 12816 13498 if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && 12817 13499 dsaKey == NULL && ed448Key == NULL && ntruKey == NULL) { 12818 13500 return PUBLIC_KEY_E; 12819 13501 } … … 12863 13545 #endif 12864 13546 13547 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 13548 if (cert->keyType == DSA_KEY) { 13549 if (dsaKey == NULL) 13550 return PUBLIC_KEY_E; 13551 der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, 13552 sizeof(der->publicKey), 1); 13553 } 13554 #endif 13555 12865 13556 #ifdef HAVE_ED25519 12866 13557 if (cert->keyType == ED25519_KEY) { … … 12926 13617 12927 13618 /* subject name */ 12928 #if def WOLFSSL_CERT_EXT13619 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) 12929 13620 if (XSTRLEN((const char*)cert->sbjRaw) > 0) { 12930 13621 /* Use the raw subject */ … … 12954 13645 12955 13646 /* issuer name */ 12956 #if def WOLFSSL_CERT_EXT13647 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) 12957 13648 if (XSTRLEN((const char*)cert->issRaw) > 0) { 12958 13649 /* Use the raw issuer */ … … 12961 13652 der->issuerSz = min(sizeof(der->issuer), 12962 13653 (word32)XSTRLEN((const char*)cert->issRaw)); 13654 12963 13655 /* header */ 12964 13656 idx = SetSequence(der->issuerSz, der->issuer); … … 13337 14029 /* add signature to end of buffer, size of buffer assumed checked, return 13338 14030 new length */ 13339 staticint AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz,14031 int AddSignature(byte* buf, int bodySz, const byte* sig, int sigSz, 13340 14032 int sigAlgoType) 13341 14033 { … … 13366 14058 static int MakeAnyCert(Cert* cert, byte* derBuffer, word32 derSz, 13367 14059 RsaKey* rsaKey, ecc_key* eccKey, WC_RNG* rng, 13368 const byte* ntruKey, word16 ntruSz,14060 DsaKey* dsaKey, const byte* ntruKey, word16 ntruSz, 13369 14061 ed25519_key* ed25519Key, ed448_key* ed448Key) 13370 14062 { … … 13376 14068 #endif 13377 14069 13378 if (derBuffer == NULL) {14070 if (derBuffer == NULL) 13379 14071 return BAD_FUNC_ARG; 13380 } 13381 13382 cert->keyType = eccKey ? ECC_KEY : (rsaKey ? RSA_KEY : 13383 (ed25519Key ? ED25519_KEY : (ed448Key ? ED448_KEY : NTRU_KEY))); 14072 14073 if (eccKey) 14074 cert->keyType = ECC_KEY; 14075 else if (rsaKey) 14076 cert->keyType = RSA_KEY; 14077 else if (dsaKey) 14078 cert->keyType = DSA_KEY; 14079 else if (ed25519Key) 14080 cert->keyType = ED25519_KEY; 14081 else if (ed448Key) 14082 cert->keyType = ED448_KEY; 14083 else if (ntruKey) 14084 cert->keyType = NTRU_KEY; 14085 else 14086 return BAD_FUNC_ARG; 13384 14087 13385 14088 #ifdef WOLFSSL_SMALL_STACK … … 13389 14092 #endif 13390 14093 13391 ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, 14094 ret = EncodeCert(cert, der, rsaKey, eccKey, rng, ntruKey, ntruSz, dsaKey, 13392 14095 ed25519Key, ed448Key); 13393 14096 if (ret == 0) { … … 13411 14114 { 13412 14115 RsaKey* rsaKey = NULL; 14116 DsaKey* dsaKey = NULL; 13413 14117 ecc_key* eccKey = NULL; 13414 14118 ed25519_key* ed25519Key = NULL; … … 13417 14121 if (keyType == RSA_TYPE) 13418 14122 rsaKey = (RsaKey*)key; 14123 else if (keyType == DSA_TYPE) 14124 dsaKey = (DsaKey*)key; 13419 14125 else if (keyType == ECC_TYPE) 13420 14126 eccKey = (ecc_key*)key; … … 13424 14130 ed448Key = (ed448_key*)key; 13425 14131 13426 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0,13427 ed25519Key, ed448Key);14132 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, dsaKey, 14133 NULL, 0, ed25519Key, ed448Key); 13428 14134 } 13429 14135 /* Make an x509 Certificate v3 RSA or ECC from cert input, write to buffer */ … … 13431 14137 ecc_key* eccKey, WC_RNG* rng) 13432 14138 { 13433 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, 0,14139 return MakeAnyCert(cert, derBuffer, derSz, rsaKey, eccKey, rng, NULL, NULL, 0, 13434 14140 NULL, NULL); 13435 14141 } … … 13441 14147 const byte* ntruKey, word16 keySz, WC_RNG* rng) 13442 14148 { 13443 return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, ntruKey, keySz, NULL); 14149 return MakeAnyCert(cert, derBuffer, derSz, NULL, NULL, rng, NULL, 14150 ntruKey, keySz, NULL, NULL); 13444 14151 } 13445 14152 … … 13452 14159 int extSz) 13453 14160 { 13454 const byte cpOid[] =13455 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01,13456 0x09, 0x07 };13457 14161 const byte erOid[] = 13458 14162 { ASN_OBJECT_ID, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, … … 13474 14178 byte erSet[MAX_SET_SZ]; 13475 14179 13476 output[0] = 0xa0;14180 output[0] = ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED; 13477 14181 sz++; 13478 14182 … … 13485 14189 } 13486 14190 cpSetSz = SetSet(cpStrSz + pwSz, cpSet); 13487 cpSeqSz = SetSequence(sizeof(cpOid) + cpSetSz + cpStrSz + pwSz, cpSeq); 13488 cpSz = cpSeqSz + sizeof(cpOid) + cpSetSz + cpStrSz + pwSz; 14191 /* +2 for tag and length parts of the TLV triplet */ 14192 cpSeqSz = SetSequence(2 + sizeof(attrChallengePasswordOid) + cpSetSz + 14193 cpStrSz + pwSz, cpSeq); 14194 cpSz = cpSeqSz + 2 + sizeof(attrChallengePasswordOid) + cpSetSz + 14195 cpStrSz + pwSz; 13489 14196 } 13490 14197 … … 13501 14208 XMEMCPY(&output[sz], cpSeq, cpSeqSz); 13502 14209 sz += cpSeqSz; 13503 XMEMCPY(&output[sz], cpOid, sizeof(cpOid)); 13504 sz += sizeof(cpOid); 14210 sz += SetObjectId(sizeof(attrChallengePasswordOid), output + sz); 14211 XMEMCPY(&output[sz], attrChallengePasswordOid, 14212 sizeof(attrChallengePasswordOid)); 14213 sz += sizeof(attrChallengePasswordOid); 13505 14214 XMEMCPY(&output[sz], cpSet, cpSetSz); 13506 14215 sz += cpSetSz; … … 13527 14236 /* encode info from cert into DER encoded format */ 13528 14237 static int EncodeCertReq(Cert* cert, DerCert* der, RsaKey* rsaKey, 13529 ecc_key* eccKey, ed25519_key* ed25519Key,13530 ed 448_key* ed448Key)14238 DsaKey* dsaKey, ecc_key* eccKey, 14239 ed25519_key* ed25519Key, ed448_key* ed448Key) 13531 14240 { 13532 14241 (void)eccKey; … … 13538 14247 13539 14248 if (rsaKey == NULL && eccKey == NULL && ed25519Key == NULL && 13540 14249 dsaKey == NULL && ed448Key == NULL) { 13541 14250 return PUBLIC_KEY_E; 13542 14251 } … … 13549 14258 13550 14259 /* subject name */ 13551 der->subjectSz = SetName(der->subject, sizeof(der->subject), &cert->subject); 14260 #if defined(WOLFSSL_CERT_EXT) || defined(OPENSSL_EXTRA) 14261 if (XSTRLEN((const char*)cert->sbjRaw) > 0) { 14262 /* Use the raw subject */ 14263 int idx; 14264 14265 der->subjectSz = min(sizeof(der->subject), 14266 (word32)XSTRLEN((const char*)cert->sbjRaw)); 14267 /* header */ 14268 idx = SetSequence(der->subjectSz, der->subject); 14269 if (der->subjectSz + idx > (int)sizeof(der->subject)) { 14270 return SUBJECT_E; 14271 } 14272 14273 XMEMCPY((char*)der->subject + idx, (const char*)cert->sbjRaw, 14274 der->subjectSz); 14275 der->subjectSz += idx; 14276 } 14277 else 14278 #endif 14279 { 14280 der->subjectSz = SetName(der->subject, sizeof(der->subject), 14281 &cert->subject); 14282 } 13552 14283 if (der->subjectSz <= 0) 13553 14284 return SUBJECT_E; … … 13563 14294 #endif 13564 14295 14296 #if !defined(NO_DSA) && !defined(HAVE_SELFTEST) 14297 if (cert->keyType == DSA_KEY) { 14298 if (dsaKey == NULL) 14299 return PUBLIC_KEY_E; 14300 der->publicKeySz = wc_SetDsaPublicKey(der->publicKey, dsaKey, 14301 sizeof(der->publicKey), 1); 14302 } 14303 #endif 14304 13565 14305 #ifdef HAVE_ECC 13566 14306 if (cert->keyType == ECC_KEY) { 14307 if (eccKey == NULL) 14308 return PUBLIC_KEY_E; 13567 14309 der->publicKeySz = SetEccPublicKey(der->publicKey, eccKey, 1); 13568 14310 } … … 13600 14342 else 13601 14343 der->caSz = 0; 14344 14345 #ifdef WOLFSSL_ALT_NAMES 14346 /* Alternative Name */ 14347 if (cert->altNamesSz) { 14348 der->altNamesSz = SetAltNames(der->altNames, sizeof(der->altNames), 14349 cert->altNames, cert->altNamesSz); 14350 if (der->altNamesSz <= 0) 14351 return ALT_NAME_E; 14352 14353 der->extensionsSz += der->altNamesSz; 14354 } 14355 else 14356 der->altNamesSz = 0; 14357 #endif 13602 14358 13603 14359 #ifdef WOLFSSL_CERT_EXT … … 13661 14417 return EXTENSIONS_E; 13662 14418 } 14419 14420 #ifdef WOLFSSL_ALT_NAMES 14421 /* put Alternative Names */ 14422 if (der->altNamesSz) { 14423 ret = SetExtensions(der->extensions, sizeof(der->extensions), 14424 &der->extensionsSz, 14425 der->altNames, der->altNamesSz); 14426 if (ret <= 0) 14427 return EXTENSIONS_E; 14428 } 14429 #endif 13663 14430 13664 14431 #ifdef WOLFSSL_CERT_EXT … … 13751 14518 13752 14519 static int MakeCertReq(Cert* cert, byte* derBuffer, word32 derSz, 13753 RsaKey* rsaKey, ecc_key* eccKey, ed25519_key* ed25519Key,13754 ed 448_key* ed448Key)14520 RsaKey* rsaKey, DsaKey* dsaKey, ecc_key* eccKey, 14521 ed25519_key* ed25519Key, ed448_key* ed448Key) 13755 14522 { 13756 14523 int ret; … … 13761 14528 #endif 13762 14529 13763 cert->keyType = eccKey ? ECC_KEY : (ed25519Key ? ED25519_KEY : 13764 (ed448Key ? ED448_KEY: RSA_KEY)); 14530 if (eccKey) 14531 cert->keyType = ECC_KEY; 14532 else if (rsaKey) 14533 cert->keyType = RSA_KEY; 14534 else if (dsaKey) 14535 cert->keyType = DSA_KEY; 14536 else if (ed25519Key) 14537 cert->keyType = ED25519_KEY; 14538 else if (ed448Key) 14539 cert->keyType = ED448_KEY; 14540 else 14541 return BAD_FUNC_ARG; 13765 14542 13766 14543 #ifdef WOLFSSL_SMALL_STACK … … 13771 14548 #endif 13772 14549 13773 ret = EncodeCertReq(cert, der, rsaKey, eccKey, ed25519Key, ed448Key);14550 ret = EncodeCertReq(cert, der, rsaKey, dsaKey, eccKey, ed25519Key, ed448Key); 13774 14551 13775 14552 if (ret == 0) { … … 13791 14568 { 13792 14569 RsaKey* rsaKey = NULL; 14570 DsaKey* dsaKey = NULL; 13793 14571 ecc_key* eccKey = NULL; 13794 14572 ed25519_key* ed25519Key = NULL; … … 13797 14575 if (keyType == RSA_TYPE) 13798 14576 rsaKey = (RsaKey*)key; 14577 else if (keyType == DSA_TYPE) 14578 dsaKey = (DsaKey*)key; 13799 14579 else if (keyType == ECC_TYPE) 13800 14580 eccKey = (ecc_key*)key; … … 13804 14584 ed448Key = (ed448_key*)key; 13805 14585 13806 return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, ed25519Key,14586 return MakeCertReq(cert, derBuffer, derSz, rsaKey, dsaKey, eccKey, ed25519Key, 13807 14587 ed448Key); 13808 14588 } … … 13811 14591 RsaKey* rsaKey, ecc_key* eccKey) 13812 14592 { 13813 return MakeCertReq(cert, derBuffer, derSz, rsaKey, eccKey, NULL, NULL);14593 return MakeCertReq(cert, derBuffer, derSz, rsaKey, NULL, eccKey, NULL, NULL); 13814 14594 } 13815 14595 #endif /* WOLFSSL_CERT_REQ */ … … 14003 14783 /* ED448 public key */ 14004 14784 if (ed448Key != NULL) 14005 bufferSz = SetEd448PublicKey(buf fer, ed448Key, 0);14785 bufferSz = SetEd448PublicKey(buf, ed448Key, 0); 14006 14786 #endif 14007 14787 … … 14431 15211 { 14432 15212 int ret = 0; 14433 byte tag; 14434 14435 if (decoded->extensions) { 14436 int length; 14437 word32 maxExtensionsIdx; 14438 14439 decoded->srcIdx = decoded->extensionsIdx; 14440 if (GetASNTag(decoded->source, &decoded->srcIdx, &tag, decoded->maxIdx) 14441 != 0) { 14442 return ASN_PARSE_E; 14443 } 14444 14445 if (tag != ASN_EXTENSIONS) { 14446 ret = ASN_PARSE_E; 14447 } 14448 else if (GetLength(decoded->source, &decoded->srcIdx, &length, 14449 decoded->maxIdx) < 0) { 14450 ret = ASN_PARSE_E; 14451 } 14452 else if (GetSequence(decoded->source, &decoded->srcIdx, &length, 14453 decoded->maxIdx) < 0) { 14454 ret = ASN_PARSE_E; 14455 } 14456 else { 14457 maxExtensionsIdx = decoded->srcIdx + length; 14458 14459 while (decoded->srcIdx < maxExtensionsIdx) { 14460 word32 oid; 14461 word32 startIdx = decoded->srcIdx; 14462 word32 tmpIdx; 14463 14464 if (GetSequence(decoded->source, &decoded->srcIdx, &length, 14465 decoded->maxIdx) < 0) { 14466 ret = ASN_PARSE_E; 14467 break; 14468 } 14469 14470 tmpIdx = decoded->srcIdx; 14471 decoded->srcIdx = startIdx; 14472 14473 if (GetAlgoId(decoded->source, &decoded->srcIdx, &oid, 14474 oidCertExtType, decoded->maxIdx) < 0) { 14475 ret = ASN_PARSE_E; 14476 break; 14477 } 14478 14479 if (oid == ALT_NAMES_OID) { 14480 cert->altNamesSz = length + (tmpIdx - startIdx); 14481 14482 if (cert->altNamesSz < (int)sizeof(cert->altNames)) 14483 XMEMCPY(cert->altNames, &decoded->source[startIdx], 14484 cert->altNamesSz); 14485 else { 14486 cert->altNamesSz = 0; 14487 WOLFSSL_MSG("AltNames extensions too big"); 14488 ret = ALT_NAME_E; 14489 break; 14490 } 14491 } 14492 decoded->srcIdx = tmpIdx + length; 14493 } 15213 15214 cert->altNamesSz = 0; 15215 if (decoded->altNames) { 15216 ret = FlattenAltNames(cert->altNames, 15217 sizeof(cert->altNames), decoded->altNames); 15218 if (ret >= 0) { 15219 cert->altNamesSz = ret; 15220 ret = 0; 14494 15221 } 14495 15222 } … … 14878 15605 14879 15606 if (ret >= 0) { 14880 if ((((DecodedCert*)cert->decodedCert)-> issuerRaw) &&14881 (((DecodedCert*)cert->decodedCert)-> issuerRawLen <=15607 if ((((DecodedCert*)cert->decodedCert)->subjectRaw) && 15608 (((DecodedCert*)cert->decodedCert)->subjectRawLen <= 14882 15609 (int)sizeof(CertName))) { 15610 /* Copy the subject to the issuer field */ 14883 15611 XMEMCPY(cert->issRaw, 14884 ((DecodedCert*)cert->decodedCert)-> issuerRaw,14885 ((DecodedCert*)cert->decodedCert)-> issuerRawLen);15612 ((DecodedCert*)cert->decodedCert)->subjectRaw, 15613 ((DecodedCert*)cert->decodedCert)->subjectRawLen); 14886 15614 } 14887 15615 #ifndef WOLFSSL_CERT_GEN_CACHE … … 14902 15630 14903 15631 if (cert == NULL) { 14904 ret = BAD_FUNC_ARG;15632 ret = BAD_FUNC_ARG; 14905 15633 } 14906 15634 else { … … 15088 15816 return 0; 15089 15817 } 15090 #endif /* !NO_DH && WOLFSSL_QT || OPENSSL_ALL*/15818 #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */ 15091 15819 15092 15820 #ifdef HAVE_ECC … … 15113 15841 15114 15842 /* store r */ 15115 rSz = SetASNIntMP(r, -1, &out[idx]);15843 rSz = SetASNIntMP(r, *outLen - idx, &out[idx]); 15116 15844 if (rSz < 0) 15117 15845 return rSz; … … 15119 15847 15120 15848 /* store s */ 15121 sSz = SetASNIntMP(s, -1, &out[idx]);15849 sSz = SetASNIntMP(s, *outLen - idx, &out[idx]); 15122 15850 if (sSz < 0) 15123 15851 return sSz; … … 15129 15857 } 15130 15858 15131 15132 /* Der Decode ECC-DSA Signature, r & s stored as big ints */ 15133 int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) 15134 { 15859 /* determine if leading bit is set */ 15860 static int is_leading_bit_set(const byte* input, word32 sz) 15861 { 15862 byte c = 0; 15863 if (sz > 0) 15864 c = input[0]; 15865 return (c & 0x80) != 0; 15866 } 15867 static int trim_leading_zeros(const byte** input, word32 sz) 15868 { 15869 int i, leadingZeroCount = 0; 15870 const byte* tmp = *input; 15871 for (i=0; i<(int)sz; i++) { 15872 if (tmp[i] != 0) 15873 break; 15874 leadingZeroCount++; 15875 } 15876 /* catch all zero case */ 15877 if (sz > 0 && leadingZeroCount == (int)sz) { 15878 leadingZeroCount--; 15879 } 15880 *input += leadingZeroCount; 15881 sz -= leadingZeroCount; 15882 return sz; 15883 } 15884 15885 /* Der Encode r & s ints into out, outLen is (in/out) size */ 15886 /* All input/outputs are assumed to be big-endian */ 15887 int StoreECC_DSA_Sig_Bin(byte* out, word32* outLen, const byte* r, word32 rLen, 15888 const byte* s, word32 sLen) 15889 { 15890 int ret; 15891 word32 idx; 15892 word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */ 15893 int rAddLeadZero, sAddLeadZero; 15894 15895 if ((out == NULL) || (outLen == NULL) || (r == NULL) || (s == NULL)) 15896 return BAD_FUNC_ARG; 15897 15898 /* Trim leading zeros */ 15899 rLen = trim_leading_zeros(&r, rLen); 15900 sLen = trim_leading_zeros(&s, sLen); 15901 /* If the leading bit on the INTEGER is a 1, add a leading zero */ 15902 /* Add leading zero if MSB is set */ 15903 rAddLeadZero = is_leading_bit_set(r, rLen); 15904 sAddLeadZero = is_leading_bit_set(s, sLen); 15905 15906 if (*outLen < (rLen + rAddLeadZero + sLen + sAddLeadZero + 15907 headerSz + 2)) /* SEQ_TAG + LEN(ENUM) */ 15908 return BUFFER_E; 15909 15910 idx = SetSequence(rLen+rAddLeadZero + sLen+sAddLeadZero + headerSz, out); 15911 15912 /* store r */ 15913 ret = SetASNInt(rLen, rAddLeadZero ? 0x80 : 0x00, &out[idx]); 15914 if (ret < 0) 15915 return ret; 15916 idx += ret; 15917 XMEMCPY(&out[idx], r, rLen); 15918 idx += rLen; 15919 15920 /* store s */ 15921 ret = SetASNInt(sLen, sAddLeadZero ? 0x80 : 0x00, &out[idx]); 15922 if (ret < 0) 15923 return ret; 15924 idx += ret; 15925 XMEMCPY(&out[idx], s, sLen); 15926 idx += sLen; 15927 15928 *outLen = idx; 15929 15930 return 0; 15931 } 15932 15933 /* Der Decode ECC-DSA Signature with R/S as unsigned bin */ 15934 /* All input/outputs are assumed to be big-endian */ 15935 int DecodeECC_DSA_Sig_Bin(const byte* sig, word32 sigLen, byte* r, word32* rLen, 15936 byte* s, word32* sLen) 15937 { 15938 int ret; 15135 15939 word32 idx = 0; 15136 15940 int len = 0; … … 15152 15956 #endif 15153 15957 15958 ret = GetASNInt(sig, &idx, &len, sigLen); 15959 if (ret != 0) 15960 return ret; 15961 if (rLen) 15962 *rLen = len; 15963 if (r) 15964 XMEMCPY(r, (byte*)sig + idx, len); 15965 idx += len; 15966 15967 ret = GetASNInt(sig, &idx, &len, sigLen); 15968 if (ret != 0) 15969 return ret; 15970 if (sLen) 15971 *sLen = len; 15972 if (s) 15973 XMEMCPY(s, (byte*)sig + idx, len); 15974 15975 return ret; 15976 } 15977 #endif 15978 15979 #if defined(HAVE_ECC) || !defined(NO_DSA) 15980 int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s) 15981 { 15982 word32 idx = 0; 15983 int len = 0; 15984 15985 if (GetSequence(sig, &idx, &len, sigLen) < 0) { 15986 return ASN_ECC_KEY_E; 15987 } 15988 15989 #ifndef NO_STRICT_ECDSA_LEN 15990 /* enable strict length checking for signature */ 15991 if (sigLen != idx + (word32)len) { 15992 return ASN_ECC_KEY_E; 15993 } 15994 #else 15995 /* allow extra signature bytes at end */ 15996 if ((word32)len > (sigLen - idx)) { 15997 return ASN_ECC_KEY_E; 15998 } 15999 #endif 16000 15154 16001 if (GetInt(r, sig, &idx, sigLen) < 0) { 15155 16002 return ASN_ECC_KEY_E; … … 15157 16004 15158 16005 if (GetInt(s, sig, &idx, sigLen) < 0) { 16006 mp_clear(r); 15159 16007 return ASN_ECC_KEY_E; 15160 16008 } … … 15162 16010 return 0; 15163 16011 } 15164 15165 16012 #endif 16013 16014 #ifdef HAVE_ECC 15166 16015 int wc_EccPrivateKeyDecode(const byte* input, word32* inOutIdx, ecc_key* key, 15167 16016 word32 inSz) … … 15175 16024 #ifdef WOLFSSL_SMALL_STACK 15176 16025 byte* priv; 15177 byte* pub ;16026 byte* pub = NULL; 15178 16027 #else 15179 16028 byte priv[ECC_MAXSIZE+1]; … … 15203 16052 if (GetLength(input, inOutIdx, &length, inSz) < 0) 15204 16053 return ASN_PARSE_E; 15205 15206 if (length > ECC_MAXSIZE) 16054 privSz = length; 16055 16056 if (privSz > ECC_MAXSIZE) 15207 16057 return BUFFER_E; 15208 16058 15209 16059 #ifdef WOLFSSL_SMALL_STACK 15210 priv = (byte*)XMALLOC( ECC_MAXSIZE+1, key->heap, DYNAMIC_TYPE_TMP_BUFFER);16060 priv = (byte*)XMALLOC(privSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15211 16061 if (priv == NULL) 15212 16062 return MEMORY_E; 15213 15214 pub = (byte*)XMALLOC(2*(ECC_MAXSIZE+1), key->heap, DYNAMIC_TYPE_TMP_BUFFER);15215 if (pub == NULL) {15216 XFREE(priv, key->heap, DYNAMIC_TYPE_TMP_BUFFER);15217 return MEMORY_E;15218 }15219 16063 #endif 15220 16064 15221 16065 /* priv key */ 15222 privSz = length;15223 16066 XMEMCPY(priv, &input[*inOutIdx], privSz); 15224 16067 *inOutIdx += length; … … 15264 16107 /* pub key */ 15265 16108 pubSz = length; 15266 if (pubSz < 2*(ECC_MAXSIZE+1)) { 15267 XMEMCPY(pub, &input[*inOutIdx], pubSz); 15268 *inOutIdx += length; 15269 pubData = pub; 16109 if (pubSz > 2*(ECC_MAXSIZE+1)) 16110 ret = BUFFER_E; 16111 else { 16112 #ifdef WOLFSSL_SMALL_STACK 16113 pub = (byte*)XMALLOC(pubSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16114 if (pub == NULL) 16115 ret = MEMORY_E; 16116 else 16117 #endif 16118 { 16119 XMEMCPY(pub, &input[*inOutIdx], pubSz); 16120 *inOutIdx += length; 16121 pubData = pub; 16122 } 15270 16123 } 15271 else15272 ret = BUFFER_E;15273 16124 } 15274 16125 } … … 15370 16221 ecc_key* key, word32 inSz) 15371 16222 { 15372 int length;15373 16223 int ret; 16224 int version, length; 15374 16225 int curve_id = ECC_CURVE_DEF; 15375 16226 word32 oidSum, localIdx; 15376 byte tag ;16227 byte tag, isPrivFormat = 0; 15377 16228 15378 16229 if (input == NULL || inOutIdx == NULL || key == NULL || inSz == 0) … … 15382 16233 return ASN_PARSE_E; 15383 16234 15384 if (GetSequence(input, inOutIdx, &length, inSz) < 0) 15385 return ASN_PARSE_E; 15386 15387 ret = SkipObjectId(input, inOutIdx, inSz); 15388 if (ret != 0) 15389 return ret; 16235 /* Check if ECC private key is being used and skip private portion */ 16236 if (GetMyVersion(input, inOutIdx, &version, inSz) >= 0) { 16237 isPrivFormat = 1; 16238 16239 /* Type private key */ 16240 if (*inOutIdx >= inSz) 16241 return ASN_PARSE_E; 16242 tag = input[*inOutIdx]; 16243 *inOutIdx += 1; 16244 if (tag != 4 && tag != 6 && tag != 7) 16245 return ASN_PARSE_E; 16246 16247 /* Skip Private Key */ 16248 if (GetLength(input, inOutIdx, &length, inSz) < 0) 16249 return ASN_PARSE_E; 16250 if (length > ECC_MAXSIZE) 16251 return BUFFER_E; 16252 *inOutIdx += length; 16253 16254 /* Private Curve Header */ 16255 if (*inOutIdx >= inSz) 16256 return ASN_PARSE_E; 16257 tag = input[*inOutIdx]; 16258 *inOutIdx += 1; 16259 if (tag != ECC_PREFIX_0) 16260 return ASN_ECC_KEY_E; 16261 if (GetLength(input, inOutIdx, &length, inSz) <= 0) 16262 return ASN_PARSE_E; 16263 } 16264 /* Standard ECC public key */ 16265 else { 16266 if (GetSequence(input, inOutIdx, &length, inSz) < 0) 16267 return ASN_PARSE_E; 16268 16269 ret = SkipObjectId(input, inOutIdx, inSz); 16270 if (ret != 0) 16271 return ret; 16272 } 15390 16273 15391 16274 if (*inOutIdx >= inSz) { … … 15542 16425 15543 16426 /* get curve id */ 15544 curve_id = wc_ecc_get_oid(oidSum, NULL, 0); 15545 if (curve_id < 0) 16427 if ((ret = CheckCurve(oidSum)) < 0) 15546 16428 return ECC_CURVE_OID_E; 16429 else { 16430 curve_id = ret; 16431 } 16432 } 16433 16434 if (isPrivFormat) { 16435 /* Public Curve Header - skip */ 16436 if (*inOutIdx >= inSz) 16437 return ASN_PARSE_E; 16438 tag = input[*inOutIdx]; 16439 *inOutIdx += 1; 16440 if (tag != ECC_PREFIX_1) 16441 return ASN_ECC_KEY_E; 16442 if (GetLength(input, inOutIdx, &length, inSz) <= 0) 16443 return ASN_PARSE_E; 15547 16444 } 15548 16445 … … 15572 16469 byte ver[MAX_VERSION_SZ]; 15573 16470 byte seq[MAX_SEQ_SZ]; 15574 byte *prv = NULL, *pub = NULL;15575 16471 int ret, totalSz, curveSz, verSz; 15576 16472 int privHdrSz = ASN_ECC_HEADER_SZ; 15577 16473 int pubHdrSz = ASN_ECC_CONTEXT_SZ + ASN_ECC_HEADER_SZ; 16474 #ifdef WOLFSSL_NO_MALLOC 16475 byte prv[MAX_ECC_BYTES + ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; 16476 byte pub[(MAX_ECC_BYTES * 2) + 1 + ASN_ECC_CONTEXT_SZ + 16477 ASN_ECC_HEADER_SZ + MAX_SEQ_SZ]; 16478 #else 16479 byte *prv = NULL, *pub = NULL; 16480 #endif 15578 16481 15579 16482 word32 idx = 0, prvidx = 0, pubidx = 0, curveidx = 0; … … 15595 16498 /* private */ 15596 16499 privSz = key->dp->size; 16500 #ifndef WOLFSSL_NO_MALLOC 15597 16501 prv = (byte*)XMALLOC(privSz + privHdrSz + MAX_SEQ_SZ, 15598 16502 key->heap, DYNAMIC_TYPE_TMP_BUFFER); … … 15600 16504 return MEMORY_E; 15601 16505 } 16506 #else 16507 if (sizeof(prv) < privSz + privHdrSz + MAX_SEQ_SZ) { 16508 return BUFFER_E; 16509 } 16510 #endif 15602 16511 prvidx += SetOctetString8Bit(key->dp->size, &prv[prvidx]); 15603 16512 ret = wc_ecc_export_private_only(key, prv + prvidx, &privSz); 15604 16513 if (ret < 0) { 16514 #ifndef WOLFSSL_NO_MALLOC 15605 16515 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16516 #endif 15606 16517 return ret; 15607 16518 } … … 15612 16523 ret = wc_ecc_export_x963(key, NULL, &pubSz); 15613 16524 if (ret != LENGTH_ONLY_E) { 16525 #ifndef WOLFSSL_NO_MALLOC 15614 16526 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16527 #endif 15615 16528 return ret; 15616 16529 } 15617 16530 16531 #ifndef WOLFSSL_NO_MALLOC 15618 16532 pub = (byte*)XMALLOC(pubSz + pubHdrSz + MAX_SEQ_SZ, 15619 16533 key->heap, DYNAMIC_TYPE_TMP_BUFFER); … … 15622 16536 return MEMORY_E; 15623 16537 } 16538 #else 16539 if (sizeof(pub) < pubSz + pubHdrSz + MAX_SEQ_SZ) { 16540 return BUFFER_E; 16541 } 16542 #endif 15624 16543 15625 16544 pub[pubidx++] = ECC_PREFIX_1; … … 15633 16552 ret = wc_ecc_export_x963(key, pub + pubidx, &pubSz); 15634 16553 if (ret != 0) { 16554 #ifndef WOLFSSL_NO_MALLOC 15635 16555 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15636 16556 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16557 #endif 15637 16558 return ret; 15638 16559 } … … 15646 16567 totalSz = prvidx + pubidx + curveidx + verSz + seqSz; 15647 16568 if (totalSz > (int)inLen) { 16569 #ifndef WOLFSSL_NO_MALLOC 15648 16570 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15649 16571 if (pubIn) { 15650 16572 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15651 16573 } 16574 #endif 15652 16575 return BAD_FUNC_ARG; 15653 16576 } … … 15665 16588 XMEMCPY(output + idx, prv, prvidx); 15666 16589 idx += prvidx; 16590 #ifndef WOLFSSL_NO_MALLOC 15667 16591 XFREE(prv, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16592 #endif 15668 16593 15669 16594 /* curve */ … … 15675 16600 XMEMCPY(output + idx, pub, pubidx); 15676 16601 /* idx += pubidx; not used after write, if more data remove comment */ 16602 #ifndef WOLFSSL_NO_MALLOC 15677 16603 XFREE(pub, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16604 #endif 15678 16605 } 15679 16606 … … 15697 16624 15698 16625 #ifdef HAVE_PKCS8 15699 /* Write only private ecc key to unencrypted PKCS#8 format. 16626 /* Write only private ecc key or both private and public parts to unencrypted 16627 * PKCS#8 format. 15700 16628 * 15701 16629 * If output is NULL, places required PKCS#8 buffer size in outLen and … … 15703 16631 * 15704 16632 * return length on success else < 0 */ 15705 int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) 16633 static int eccToPKCS8(ecc_key* key, byte* output, word32* outLen, 16634 int includePublic) 15706 16635 { 15707 16636 int ret, tmpDerSz; … … 15710 16639 word32 pkcs8Sz = 0; 15711 16640 const byte* curveOID = NULL; 16641 #ifdef WOLFSSL_NO_MALLOC 16642 byte tmpDer[ECC_BUFSIZE]; 16643 #else 15712 16644 byte* tmpDer = NULL; 15713 15714 if (key == NULL || outLen == NULL) 16645 #endif 16646 16647 if (key == NULL || key->dp == NULL || outLen == NULL) 15715 16648 return BAD_FUNC_ARG; 15716 16649 … … 15721 16654 return ret; 15722 16655 16656 #ifndef WOLFSSL_NO_MALLOC 15723 16657 /* temp buffer for plain DER key */ 15724 16658 tmpDer = (byte*)XMALLOC(ECC_BUFSIZE, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 15725 16659 if (tmpDer == NULL) 15726 16660 return MEMORY_E; 15727 16661 #endif 15728 16662 XMEMSET(tmpDer, 0, ECC_BUFSIZE); 15729 16663 15730 tmpDerSz = wc_BuildEccKeyDer(key, tmpDer, ECC_BUFSIZE, 0);16664 tmpDerSz = wc_BuildEccKeyDer(key, tmpDer, ECC_BUFSIZE, includePublic); 15731 16665 if (tmpDerSz < 0) { 16666 #ifndef WOLFSSL_NO_MALLOC 15732 16667 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16668 #endif 15733 16669 return tmpDerSz; 15734 16670 } … … 15738 16674 curveOID, oidSz); 15739 16675 if (ret != LENGTH_ONLY_E) { 16676 #ifndef WOLFSSL_NO_MALLOC 15740 16677 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16678 #endif 15741 16679 return ret; 15742 16680 } 15743 16681 15744 16682 if (output == NULL) { 16683 #ifndef WOLFSSL_NO_MALLOC 15745 16684 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16685 #endif 15746 16686 *outLen = pkcs8Sz; 15747 16687 return LENGTH_ONLY_E; 15748 16688 15749 } else if (*outLen < pkcs8Sz) { 16689 } 16690 else if (*outLen < pkcs8Sz) { 16691 #ifndef WOLFSSL_NO_MALLOC 15750 16692 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16693 #endif 15751 16694 WOLFSSL_MSG("Input buffer too small for ECC PKCS#8 key"); 15752 16695 return BUFFER_E; … … 15756 16699 algoID, curveOID, oidSz); 15757 16700 if (ret < 0) { 16701 #ifndef WOLFSSL_NO_MALLOC 15758 16702 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16703 #endif 15759 16704 return ret; 15760 16705 } 15761 16706 16707 #ifndef WOLFSSL_NO_MALLOC 15762 16708 XFREE(tmpDer, key->heap, DYNAMIC_TYPE_TMP_BUFFER); 16709 #endif 15763 16710 15764 16711 *outLen = ret; 15765 16712 return ret; 16713 } 16714 16715 /* Write only private ecc key to unencrypted PKCS#8 format. 16716 * 16717 * return length on success else < 0 */ 16718 int wc_EccPrivateKeyToPKCS8(ecc_key* key, byte* output, word32* outLen) 16719 { 16720 return eccToPKCS8(key, output, outLen, 0); 16721 } 16722 16723 /* Write both private and public ecc keys to unencrypted PKCS#8 format. 16724 * 16725 * return length on success else < 0 */ 16726 int wc_EccKeyToPKCS8(ecc_key* key, byte* output, 16727 word32* outLen) 16728 { 16729 return eccToPKCS8(key, output, outLen, 1); 15766 16730 } 15767 16731 #endif /* HAVE_PKCS8 */ … … 16188 17152 16189 17153 16190 static int DecodeSingleResponse(byte* source, 16191 word32* ioIndex, OcspResponse* resp, word32 size) 16192 { 16193 word32 idx = *ioIndex, prevIndex, oid, localIdx; 16194 int length, wrapperSz; 16195 CertStatus* cs = resp->status; 17154 static int DecodeSingleResponse(byte* source, word32* ioIndex, word32 size, 17155 int wrapperSz, OcspEntry* single) 17156 { 17157 word32 idx = *ioIndex, prevIndex, oid, localIdx, certIdIdx; 17158 int length; 16196 17159 int ret; 16197 17160 byte tag; … … 16199 17162 WOLFSSL_ENTER("DecodeSingleResponse"); 16200 17163 16201 /* Outer wrapper of the SEQUENCE OF Single Responses. */16202 if (GetSequence(source, &idx, &wrapperSz, size) < 0)16203 return ASN_PARSE_E;16204 16205 17164 prevIndex = idx; 16206 16207 /* When making a request, we only request one status on one certificate16208 * at a time. There should only be one SingleResponse */16209 17165 16210 17166 /* Wrapper around the Single Response */ … … 16213 17169 16214 17170 /* Wrapper around the CertID */ 17171 certIdIdx = idx; 16215 17172 if (GetSequence(source, &idx, &length, size) < 0) 16216 17173 return ASN_PARSE_E; 16217 /* Skip the hash algorithm */ 16218 if (GetAlgoId(source, &idx, &oid, oidIgnoreType, size) < 0) 16219 return ASN_PARSE_E; 17174 single->rawCertId = source + certIdIdx; 17175 /* Hash algorithm */ 17176 ret = GetAlgoId(source, &idx, &oid, oidIgnoreType, size); 17177 if (ret < 0) 17178 return ret; 17179 single->hashAlgoOID = oid; 16220 17180 /* Save reference to the hash of CN */ 16221 17181 ret = GetOctetString(source, &idx, &length, size); 16222 17182 if (ret < 0) 16223 17183 return ret; 16224 resp->issuerHash = source + idx;17184 XMEMCPY(single->issuerHash, source + idx, length); 16225 17185 idx += length; 16226 17186 /* Save reference to the hash of the issuer public key */ … … 16228 17188 if (ret < 0) 16229 17189 return ret; 16230 resp->issuerKeyHash = source + idx;17190 XMEMCPY(single->issuerKeyHash, source + idx, length); 16231 17191 idx += length; 16232 17192 16233 17193 /* Get serial number */ 16234 if (GetSerialNumber(source, &idx, cs->serial, &cs->serialSz, size) < 0)17194 if (GetSerialNumber(source, &idx, single->status->serial, &single->status->serialSz, size) < 0) 16235 17195 return ASN_PARSE_E; 16236 16237 if ( idx >= size ) 17196 single->rawCertIdSize = idx - certIdIdx; 17197 17198 if (idx >= size) 16238 17199 return BUFFER_E; 16239 17200 … … 16242 17203 { 16243 17204 case (ASN_CONTEXT_SPECIFIC | CERT_GOOD): 16244 cs->status = CERT_GOOD;17205 single->status->status = CERT_GOOD; 16245 17206 idx++; 16246 17207 break; 16247 17208 case (ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | CERT_REVOKED): 16248 cs->status = CERT_REVOKED;17209 single->status->status = CERT_REVOKED; 16249 17210 if (GetLength(source, &idx, &length, size) < 0) 16250 17211 return ASN_PARSE_E; … … 16252 17213 break; 16253 17214 case (ASN_CONTEXT_SPECIFIC | CERT_UNKNOWN): 16254 cs->status = CERT_UNKNOWN;17215 single->status->status = CERT_UNKNOWN; 16255 17216 idx++; 16256 17217 break; … … 16260 17221 16261 17222 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 16262 cs->thisDateAsn = source + idx;17223 single->status->thisDateAsn = source + idx; 16263 17224 localIdx = 0; 16264 if (GetDateInfo( cs->thisDateAsn, &localIdx, NULL,16265 (byte*)& cs->thisDateParsed.type,16266 & cs->thisDateParsed.length, size) < 0)17225 if (GetDateInfo(single->status->thisDateAsn, &localIdx, NULL, 17226 (byte*)&single->status->thisDateParsed.type, 17227 &single->status->thisDateParsed.length, size) < 0) 16267 17228 return ASN_PARSE_E; 16268 XMEMCPY( cs->thisDateParsed.data,16269 cs->thisDateAsn + localIdx - cs->thisDateParsed.length,16270 cs->thisDateParsed.length);16271 #endif 16272 if (GetBasicDate(source, &idx, cs->thisDate,16273 & cs->thisDateFormat, size) < 0)17229 XMEMCPY(single->status->thisDateParsed.data, 17230 single->status->thisDateAsn + localIdx - single->status->thisDateParsed.length, 17231 single->status->thisDateParsed.length); 17232 #endif 17233 if (GetBasicDate(source, &idx, single->status->thisDate, 17234 &single->status->thisDateFormat, size) < 0) 16274 17235 return ASN_PARSE_E; 16275 17236 16276 17237 #ifndef NO_ASN_TIME 16277 17238 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK 16278 if (!XVALIDATE_DATE( cs->thisDate, cs->thisDateFormat, BEFORE))17239 if (!XVALIDATE_DATE(single->status->thisDate, single->status->thisDateFormat, BEFORE)) 16279 17240 return ASN_BEFORE_DATE_E; 16280 17241 #endif … … 16283 17244 /* The following items are optional. Only check for them if there is more 16284 17245 * unprocessed data in the singleResponse wrapper. */ 16285 16286 17246 localIdx = idx; 16287 17247 if (((int)(idx - prevIndex) < wrapperSz) && … … 16293 17253 return ASN_PARSE_E; 16294 17254 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 16295 cs->nextDateAsn = source + idx;17255 single->status->nextDateAsn = source + idx; 16296 17256 localIdx = 0; 16297 if (GetDateInfo( cs->nextDateAsn, &localIdx, NULL,16298 (byte*)& cs->nextDateParsed.type,16299 & cs->nextDateParsed.length, size) < 0)17257 if (GetDateInfo(single->status->nextDateAsn, &localIdx, NULL, 17258 (byte*)&single->status->nextDateParsed.type, 17259 &single->status->nextDateParsed.length, size) < 0) 16300 17260 return ASN_PARSE_E; 16301 XMEMCPY( cs->nextDateParsed.data,16302 cs->nextDateAsn + localIdx - cs->nextDateParsed.length,16303 cs->nextDateParsed.length);16304 #endif 16305 if (GetBasicDate(source, &idx, cs->nextDate,16306 & cs->nextDateFormat, size) < 0)17261 XMEMCPY(single->status->nextDateParsed.data, 17262 single->status->nextDateAsn + localIdx - single->status->nextDateParsed.length, 17263 single->status->nextDateParsed.length); 17264 #endif 17265 if (GetBasicDate(source, &idx, single->status->nextDate, 17266 &single->status->nextDateFormat, size) < 0) 16307 17267 return ASN_PARSE_E; 16308 17268 16309 17269 #ifndef NO_ASN_TIME 16310 17270 #ifndef WOLFSSL_NO_OCSP_DATE_CHECK 16311 if (!XVALIDATE_DATE( cs->nextDate, cs->nextDateFormat, AFTER))17271 if (!XVALIDATE_DATE(single->status->nextDate, single->status->nextDateFormat, AFTER)) 16312 17272 return ASN_AFTER_DATE_E; 16313 17273 #endif … … 16315 17275 } 16316 17276 17277 /* Skip the optional extensions in singleResponse. */ 16317 17278 localIdx = idx; 16318 17279 if (((int)(idx - prevIndex) < wrapperSz) && … … 16418 17379 int ret; 16419 17380 byte tag; 17381 int wrapperSz; 17382 OcspEntry* single; 16420 17383 16421 17384 WOLFSSL_ENTER("DecodeResponseData"); … … 16459 17422 return ASN_PARSE_E; 16460 17423 16461 if ((ret = DecodeSingleResponse(source, &idx, resp, size)) < 0) 16462 return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ 17424 /* Outer wrapper of the SEQUENCE OF Single Responses. */ 17425 if (GetSequence(source, &idx, &wrapperSz, size) < 0) 17426 return ASN_PARSE_E; 17427 17428 localIdx = idx; 17429 single = resp->single; 17430 17431 while (idx - localIdx < (word32)wrapperSz) { 17432 ret = DecodeSingleResponse(source, &idx, size, wrapperSz, single); 17433 if (ret < 0) 17434 return ret; /* ASN_PARSE_E, ASN_BEFORE_DATE_E, ASN_AFTER_DATE_E */ 17435 if (idx - localIdx < (word32)wrapperSz) { 17436 single->next = (OcspEntry*)XMALLOC(sizeof(OcspEntry), resp->heap, 17437 DYNAMIC_TYPE_OCSP_ENTRY); 17438 if (single->next == NULL) { 17439 return MEMORY_E; 17440 } 17441 single = single->next; 17442 XMEMSET(single, 0, sizeof(OcspEntry)); 17443 single->isDynamic = 1; 17444 } 17445 } 16463 17446 16464 17447 /* … … 16570 17553 if ((cert.extExtKeyUsage & EXTKEYUSE_OCSP_SIGN) == 0) { 16571 17554 if (XMEMCMP(cert.subjectHash, 16572 resp-> issuerHash, KEYID_SIZE) == 0) {17555 resp->single->issuerHash, OCSP_DIGEST_SIZE) == 0) { 16573 17556 WOLFSSL_MSG("\tOCSP Response signed by issuer"); 16574 17557 } … … 16605 17588 16606 17589 #ifndef NO_SKID 16607 ca = GetCA(cm, resp-> issuerKeyHash);17590 ca = GetCA(cm, resp->single->issuerKeyHash); 16608 17591 #else 16609 ca = GetCA(cm, resp-> issuerHash);17592 ca = GetCA(cm, resp->single->issuerHash); 16610 17593 #endif 16611 17594 … … 16632 17615 16633 17616 16634 void InitOcspResponse(OcspResponse* resp, CertStatus* status,16635 byte* source, word32 inSz)17617 void InitOcspResponse(OcspResponse* resp, OcspEntry* single, CertStatus* status, 17618 byte* source, word32 inSz, void* heap) 16636 17619 { 16637 17620 WOLFSSL_ENTER("InitOcspResponse"); 16638 17621 16639 17622 XMEMSET(status, 0, sizeof(CertStatus)); 17623 XMEMSET(single, 0, sizeof(OcspEntry)); 16640 17624 XMEMSET(resp, 0, sizeof(OcspResponse)); 16641 17625 17626 single->status = status; 16642 17627 resp->responseStatus = -1; 16643 resp->s tatus = status;17628 resp->single = single; 16644 17629 resp->source = source; 16645 17630 resp->maxIdx = inSz; 17631 resp->heap = heap; 17632 } 17633 17634 void FreeOcspResponse(OcspResponse* resp) 17635 { 17636 OcspEntry *single, *next; 17637 for (single = resp->single; single; single = next) { 17638 next = single->next; 17639 if (single->isDynamic) 17640 XFREE(single, resp->heap, DYNAMIC_TYPE_OCSP_ENTRY); 17641 } 16646 17642 } 16647 17643 … … 16917 17913 int CompareOcspReqResp(OcspRequest* req, OcspResponse* resp) 16918 17914 { 16919 int cmp; 17915 int cmp = -1; /* default as not matching, cmp gets set on each check */ 17916 OcspEntry *single, *next, *prev = NULL, *top; 16920 17917 16921 17918 WOLFSSL_ENTER("CompareOcspReqResp"); 16922 17919 16923 if (req == NULL) 16924 { 17920 if (req == NULL) { 16925 17921 WOLFSSL_MSG("\tReq missing"); 16926 17922 return -1; 16927 17923 } 16928 16929 if (resp == NULL) 16930 { 17924 if (resp == NULL || resp->single == NULL) { 16931 17925 WOLFSSL_MSG("\tResp missing"); 16932 17926 return 1; … … 16935 17929 /* Nonces are not critical. The responder may not necessarily add 16936 17930 * the nonce to the response. */ 16937 if (req->nonceSz 17931 if (req->nonceSz && resp->nonce != NULL 16938 17932 #ifndef WOLFSSL_FORCE_OCSP_NONCE_CHECK 16939 17933 && resp->nonceSz != 0 … … 16941 17935 ) { 16942 17936 cmp = req->nonceSz - resp->nonceSz; 16943 if (cmp != 0) 16944 { 17937 if (cmp != 0) { 16945 17938 WOLFSSL_MSG("\tnonceSz mismatch"); 16946 17939 return cmp; … … 16948 17941 16949 17942 cmp = XMEMCMP(req->nonce, resp->nonce, req->nonceSz); 16950 if (cmp != 0) 16951 { 17943 if (cmp != 0) { 16952 17944 WOLFSSL_MSG("\tnonce mismatch"); 16953 17945 return cmp; … … 16955 17947 } 16956 17948 16957 cmp = XMEMCMP(req->issuerHash, resp->issuerHash, KEYID_SIZE); 16958 if (cmp != 0) 16959 { 16960 WOLFSSL_MSG("\tissuerHash mismatch"); 16961 return cmp; 16962 } 16963 16964 cmp = XMEMCMP(req->issuerKeyHash, resp->issuerKeyHash, KEYID_SIZE); 16965 if (cmp != 0) 16966 { 16967 WOLFSSL_MSG("\tissuerKeyHash mismatch"); 16968 return cmp; 16969 } 16970 16971 cmp = req->serialSz - resp->status->serialSz; 16972 if (cmp != 0) 16973 { 16974 WOLFSSL_MSG("\tserialSz mismatch"); 16975 return cmp; 16976 } 16977 16978 cmp = XMEMCMP(req->serial, resp->status->serial, req->serialSz); 16979 if (cmp != 0) 16980 { 16981 WOLFSSL_MSG("\tserial mismatch"); 17949 /* match based on found status and return */ 17950 for (single = resp->single; single; single = next) { 17951 cmp = req->serialSz - single->status->serialSz; 17952 if (cmp == 0) { 17953 if ((XMEMCMP(req->serial, single->status->serial, req->serialSz) == 0) 17954 && (XMEMCMP(req->issuerHash, single->issuerHash, OCSP_DIGEST_SIZE) == 0) 17955 && (XMEMCMP(req->issuerKeyHash, single->issuerKeyHash, OCSP_DIGEST_SIZE) == 0)) { 17956 /* match found */ 17957 if (resp->single != single && prev) { 17958 /* move to top of list */ 17959 top = resp->single; 17960 resp->single = single; 17961 prev->next = single->next; 17962 single->next = top; 17963 } 17964 break; 17965 } 17966 } 17967 next = single->next; 17968 prev = single; 17969 } 17970 17971 if (cmp != 0) { 17972 WOLFSSL_MSG("\trequest and response mismatch"); 16982 17973 return cmp; 16983 17974 } … … 17352 18343 17353 18344 17354 /* p rase crl buffer into decoded state, 0 on success */18345 /* parse crl buffer into decoded state, 0 on success */ 17355 18346 int ParseCRL(DecodedCRL* dcrl, const byte* buff, word32 sz, void* cm) 17356 18347 { … … 17380 18371 dcrl->sigIndex = len + idx; 17381 18372 17382 if (ParseCRL_CertList(dcrl, buff, &idx, idx + len) < 0)18373 if (ParseCRL_CertList(dcrl, buff, &idx, dcrl->sigIndex) < 0) 17383 18374 return ASN_PARSE_E; 17384 18375 17385 if (ParseCRL_Extensions(dcrl, buff, &idx, idx + len) < 0)18376 if (ParseCRL_Extensions(dcrl, buff, &idx, dcrl->sigIndex) < 0) 17386 18377 return ASN_PARSE_E; 17387 18378 … … 17516 18507 17517 18508 18509 18510 #ifdef HAVE_SMIME 18511 18512 /***************************************************************************** 18513 * wc_MIME_parse_headers - Reads the char array in and parses out MIME headers 18514 * and parameters into headers. Will continue until in has no more content. 18515 * 18516 * RETURNS: 18517 * returns zero on success, non-zero on error. 18518 */ 18519 int wc_MIME_parse_headers(char* in, int inLen, MimeHdr** headers) 18520 { 18521 MimeHdr* nextHdr = NULL; 18522 MimeHdr* curHdr = NULL; 18523 MimeParam* nextParam = NULL; 18524 size_t start = 0; 18525 size_t end = 0; 18526 char* nameAttr = NULL; 18527 char* bodyVal = NULL; 18528 MimeTypes mimeType = MIME_HDR; 18529 MimeStatus mimeStatus = MIME_NAMEATTR; 18530 int ret = -1; 18531 size_t pos = 0; 18532 size_t lineLen = 0; 18533 char* curLine = NULL; 18534 char* ptr = NULL; 18535 18536 if (in == NULL || inLen <= 0 || in[inLen] != '\0' || headers == NULL) { 18537 ret = BAD_FUNC_ARG; 18538 goto error; 18539 } 18540 nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, DYNAMIC_TYPE_PKCS7); 18541 nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL, 18542 DYNAMIC_TYPE_PKCS7); 18543 if (nextHdr == NULL || nextParam == NULL) { 18544 ret = MEMORY_E; 18545 goto error; 18546 } 18547 XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); 18548 XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); 18549 18550 curLine = XSTRTOK(in, "\r\n", &ptr); 18551 if (curLine == NULL) { 18552 ret = ASN_PARSE_E; 18553 goto error; 18554 } 18555 18556 while (curLine != NULL) { 18557 /* Leftover from previous line, add params to previous header. */ 18558 if (curLine[0] == ' ' && curHdr) { 18559 mimeType = MIME_PARAM; 18560 } 18561 else { 18562 mimeType = MIME_HDR; 18563 } 18564 start = end = 0; 18565 lineLen = XSTRLEN(curLine); 18566 18567 for (pos = 0; pos < lineLen; pos++) { 18568 char cur = curLine[pos]; 18569 18570 if (mimeStatus == MIME_NAMEATTR && ((cur == ':' && 18571 mimeType == MIME_HDR) || (cur == '=' && 18572 mimeType == MIME_PARAM))) { 18573 mimeStatus = MIME_BODYVAL; 18574 end = pos-1; 18575 ret = wc_MIME_header_strip(curLine, &nameAttr, start, end); 18576 if (ret) { 18577 goto error; 18578 } 18579 start = pos+1; 18580 } 18581 else if (mimeStatus == MIME_BODYVAL && cur == ';') { 18582 end = pos-1; 18583 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); 18584 if (ret) { 18585 goto error; 18586 } 18587 if (mimeType == MIME_HDR) { 18588 nextHdr->name = nameAttr; 18589 nextHdr->body = bodyVal; 18590 nextHdr->next = curHdr; 18591 curHdr = nextHdr; 18592 nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, 18593 DYNAMIC_TYPE_PKCS7); 18594 if (nextHdr == NULL) { 18595 ret = MEMORY_E; 18596 goto error; 18597 } 18598 XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); 18599 } 18600 else { 18601 nextParam->attribute = nameAttr; 18602 nextParam->value = bodyVal; 18603 nextParam->next = curHdr->params; 18604 curHdr->params = nextParam; 18605 nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL, 18606 DYNAMIC_TYPE_PKCS7); 18607 if (nextParam == NULL) { 18608 ret = MEMORY_E; 18609 goto error; 18610 } 18611 XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); 18612 } 18613 mimeType = MIME_PARAM; 18614 mimeStatus = MIME_NAMEATTR; 18615 start = pos+1; 18616 } 18617 } 18618 18619 end = lineLen-1; 18620 /* Omit newline characters. */ 18621 while ((curLine[end] == '\r' || curLine[end] == '\n') && end > 0) { 18622 end--; 18623 } 18624 if (end >= start && mimeStatus == MIME_BODYVAL) { 18625 ret = wc_MIME_header_strip(curLine, &bodyVal, start, end); 18626 if (ret) { 18627 goto error; 18628 } 18629 if (mimeType == MIME_HDR) { 18630 nextHdr->name = nameAttr; 18631 nextHdr->body = bodyVal; 18632 nextHdr->next = curHdr; 18633 curHdr = nextHdr; 18634 nextHdr = (MimeHdr*)XMALLOC(sizeof(MimeHdr), NULL, 18635 DYNAMIC_TYPE_PKCS7); 18636 if (nextHdr == NULL) { 18637 ret = MEMORY_E; 18638 goto error; 18639 } 18640 XMEMSET(nextHdr, 0, (word32)sizeof(MimeHdr)); 18641 } else { 18642 nextParam->attribute = nameAttr; 18643 nextParam->value = bodyVal; 18644 nextParam->next = curHdr->params; 18645 curHdr->params = nextParam; 18646 nextParam = (MimeParam*)XMALLOC(sizeof(MimeParam), NULL, 18647 DYNAMIC_TYPE_PKCS7); 18648 if (nextParam == NULL) { 18649 ret = MEMORY_E; 18650 goto error; 18651 } 18652 XMEMSET(nextParam, 0, (word32)sizeof(MimeParam)); 18653 } 18654 } 18655 18656 curLine = XSTRTOK(NULL, "\r\n", &ptr); 18657 mimeStatus = MIME_NAMEATTR; 18658 } 18659 18660 *headers = curHdr; 18661 XFREE(nextHdr, NULL, DYNAMIC_TYPE_PKCS7); 18662 XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); 18663 18664 return 0; 18665 18666 error: 18667 wc_MIME_free_hdrs(curHdr); 18668 wc_MIME_free_hdrs(nextHdr); 18669 XFREE(nameAttr, NULL, DYNAMIC_TYPE_PKCS7); 18670 XFREE(bodyVal, NULL, DYNAMIC_TYPE_PKCS7); 18671 XFREE(nextParam, NULL, DYNAMIC_TYPE_PKCS7); 18672 18673 return ret; 18674 } 18675 18676 /***************************************************************************** 18677 * wc_MIME_header_strip - Reads the string in from indices start to end, strips 18678 * out disallowed/separator characters and places the rest into *out. 18679 * 18680 * RETURNS: 18681 * returns zero on success, non-zero on error. 18682 */ 18683 int wc_MIME_header_strip(char* in, char** out, size_t start, size_t end) 18684 { 18685 size_t inPos = start; 18686 size_t outPos = 0; 18687 size_t inLen = 0; 18688 18689 if (end < start || in == NULL || out == NULL) { 18690 return BAD_FUNC_ARG; 18691 } 18692 18693 inLen = XSTRLEN(in); 18694 if (start > inLen || end > inLen) { 18695 return BAD_FUNC_ARG; 18696 } 18697 18698 *out = (char*)XMALLOC(((end-start)+2)*sizeof(char), NULL, 18699 DYNAMIC_TYPE_PKCS7); 18700 if (*out == NULL) { 18701 return MEMORY_E; 18702 } 18703 18704 while (inPos <= end) { 18705 if (in[inPos] >= MIME_HEADER_ASCII_MIN && in[inPos] <= 18706 MIME_HEADER_ASCII_MAX && in[inPos] != ';' && in[inPos] != '\"') { 18707 (*out)[outPos] = in[inPos]; 18708 outPos++; 18709 } 18710 inPos++; 18711 } 18712 (*out)[outPos] = '\0'; 18713 18714 return 0; 18715 } 18716 18717 /***************************************************************************** 18718 * wc_MIME_find_header_name - Searches through all given headers until a header with 18719 * a name matching the provided name is found. 18720 * 18721 * RETURNS: 18722 * returns a pointer to the found header, if no match was found, returns NULL. 18723 */ 18724 MimeHdr* wc_MIME_find_header_name(const char* name, MimeHdr* header) 18725 { 18726 size_t len = XSTRLEN(name); 18727 18728 while (header) { 18729 if (!XSTRNCMP(name, header->name, len)) { 18730 return header; 18731 } 18732 header = header->next; 18733 } 18734 18735 return header; 18736 } 18737 18738 /***************************************************************************** 18739 * wc_MIME_find_param_attr - Searches through all parameters until a parameter 18740 * with a attribute matching the provided attribute is found. 18741 * 18742 * RETURNS: 18743 * returns a pointer to the found parameter, if no match was found, 18744 * returns NULL. 18745 */ 18746 MimeParam* wc_MIME_find_param_attr(const char* attribute, 18747 MimeParam* param) 18748 { 18749 size_t len = XSTRLEN(attribute); 18750 18751 while (param) { 18752 if (!XSTRNCMP(attribute, param->attribute, len)) { 18753 return param; 18754 } 18755 param = param->next; 18756 } 18757 18758 return param; 18759 } 18760 18761 /***************************************************************************** 18762 * wc_MIME_free_hdrs - Frees all MIME headers, parameters and strings starting from 18763 * the provided header pointer. 18764 * 18765 * RETURNS: 18766 * returns zero on success, non-zero on error. 18767 */ 18768 int wc_MIME_free_hdrs(MimeHdr* head) 18769 { 18770 MimeHdr* curHdr = NULL; 18771 MimeParam* curParam = NULL; 18772 18773 while (head) { 18774 while (head->params) { 18775 curParam = head->params; 18776 head->params = head->params->next; 18777 XFREE(curParam->attribute, NULL, DYNAMIC_TYPE_PKCS7); 18778 XFREE(curParam->value, NULL, DYNAMIC_TYPE_PKCS7); 18779 XFREE(curParam, NULL, DYNAMIC_TYPE_PKCS7); 18780 } 18781 curHdr = head; 18782 head = head->next; 18783 XFREE(curHdr->name, NULL, DYNAMIC_TYPE_PKCS7); 18784 XFREE(curHdr->body, NULL, DYNAMIC_TYPE_PKCS7); 18785 XFREE(curHdr, NULL, DYNAMIC_TYPE_PKCS7); 18786 } 18787 18788 return 0; 18789 } 18790 18791 #endif /* HAVE_SMIME */ 18792 18793 17518 18794 #undef ERROR_OUT 17519 18795
Note:
See TracChangeset
for help on using the changeset viewer.