feedc0de/wolfssl
1
0
Fork 0
forked from wolfSSL/wolfssl
Code Pull Requests Activity

Merge pull request #6048 from SparkiDev/asn1_template_def

Browse Source 
ASN: make template default for configure
This commit is contained in:
David Garske
2023-02-07 14:15:57 -08:00
committed by GitHub
parent 299bee96d2 bd155389e2
commit ee12a5f0c6
2 changed files with 42 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
configure.ac
View File

@ -3915,12 +3915,6 @@ AC_ARG_ENABLE([asn],
[ ENABLED_ASN=yes ] [ ENABLED_ASN=yes ]
) )
if test "$ENABLED_ASN" = "template"
then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
ENABLED_ASN=yes
fi
if test "$ENABLED_ASN" = "no" if test "$ENABLED_ASN" = "no"
then then
AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT" AM_CFLAGS="$AM_CFLAGS -DNO_ASN -DNO_ASN_CRYPT"
@ -3931,6 +3925,17 @@ then
AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT" AM_CFLAGS="$AM_CFLAGS -DNO_BIG_INT"
fi fi
else else
if test "$ENABLED_ASN" = "template"; then
ENABLED_ASN="yes"
fi
if test "$ENABLED_ASN" = "yes"; then
AM_CFLAGS="$AM_CFLAGS -DWOLFSSL_ASN_TEMPLATE"
else
if test "$ENABLED_ASN" != "original"; then
AC_MSG_ERROR([Invalid asn option. Valid are: template or original. Seen: $ENABLED_ASN.])
fi
fi
# turn off ASN if leanpsk on # turn off ASN if leanpsk on
if test "$ENABLED_LEANPSK" = "yes" if test "$ENABLED_LEANPSK" = "yes"
then then

49
wolfcrypt/src/asn.c
View File

@ -8518,18 +8518,18 @@ exit_dc:
/* pbes2ParamsASN longer than pkcs8DecASN_Length/pbes1ParamsASN_Length. */ /* pbes2ParamsASN longer than pkcs8DecASN_Length/pbes1ParamsASN_Length. */
DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length); DECL_ASNGETDATA(dataASN, pbes2ParamsASN_Length);
int ret = 0; int ret = 0;
int id; int id = 0;
int version; int version;
word32 idx = 0; word32 idx = 0;
word32 pIdx = 0; word32 pIdx = 0;
word32 iterations; word32 iterations;
word32 keySz = 0; word32 keySz = 0;
word32 saltSz; word32 saltSz = 0;
word32 shaOid = 0; word32 shaOid = 0;
byte* salt = NULL; byte* salt = NULL;
byte* key = NULL; byte* key = NULL;
byte cbcIv[MAX_IV_SIZE]; byte cbcIv[MAX_IV_SIZE];
byte* params; byte* params = NULL;
WOLFSSL_ENTER("DecryptContent"); WOLFSSL_ENTER("DecryptContent");
@ -8927,7 +8927,7 @@ int EncryptContent(byte* input, word32 inputSz, byte* out, word32* outSz,
int id; int id;
int blockSz = 0; int blockSz = 0;
byte* pkcs8; byte* pkcs8;
word32 pkcs8Sz; word32 pkcs8Sz = 0;
byte cbcIv[MAX_IV_SIZE]; byte cbcIv[MAX_IV_SIZE];
(void)heap; (void)heap;
@ -9774,6 +9774,9 @@ int wc_DhKeyDecode(const byte* input, word32* inOutIdx, DhKey* key, word32 inSz)
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
} }
if ((ret == 0) && mp_iszero(&key->pub)) {
ret = mp_exptmod(&key->g, &key->priv, &key->p, &key->pub);
}
} }
#endif #endif
} }
@ -14740,6 +14743,7 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
DECL_ASNSETDATA(dataASN, digestInfoASN_Length); DECL_ASNSETDATA(dataASN, digestInfoASN_Length);
int ret = 0; int ret = 0;
int sz; int sz;
unsigned char dgst[WC_MAX_DIGEST_SIZE];
CALLOC_ASNSETDATA(dataASN, digestInfoASN_Length, ret, NULL); CALLOC_ASNSETDATA(dataASN, digestInfoASN_Length, ret, NULL);
@ -14747,6 +14751,10 @@ word32 wc_EncodeSignature(byte* out, const byte* digest, word32 digSz,
/* Set hash OID and type. */ /* Set hash OID and type. */
SetASN_OID(&dataASN[DIGESTINFOASN_IDX_DIGALGO_OID], hashOID, oidHashType); SetASN_OID(&dataASN[DIGESTINFOASN_IDX_DIGALGO_OID], hashOID, oidHashType);
/* Set digest. */ /* Set digest. */
if (digest == out) {
XMEMCPY(dgst, digest, digSz);
digest = dgst;
}
SetASN_Buffer(&dataASN[DIGESTINFOASN_IDX_DIGEST], digest, digSz); SetASN_Buffer(&dataASN[DIGESTINFOASN_IDX_DIGEST], digest, digSz);
/* Calculate size of encoding. */ /* Calculate size of encoding. */
@ -16511,7 +16519,6 @@ static int DecodeSEP(ASNGetData* dataASN, DecodedCert* cert)
} }
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifdef WOLFSSL_FPKI
static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid) static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
{ {
DNS_entry* entry = NULL; DNS_entry* entry = NULL;
@ -16520,10 +16527,12 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
const char* buf = NULL; const char* buf = NULL;
switch (oid) { switch (oid) {
#ifdef WOLFSSL_FPKI
case FASCN_OID: case FASCN_OID:
bufLen = dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.length; bufLen = dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.length;
buf = (const char*)dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.data; buf = (const char*)dataASN[OTHERNAMEASN_IDX_FASCN].data.ref.data;
break; break;
#endif /* WOLFSSL_FPKI */
case UPN_OID: case UPN_OID:
bufLen = dataASN[OTHERNAMEASN_IDX_UPN].data.ref.length; bufLen = dataASN[OTHERNAMEASN_IDX_UPN].data.ref.length;
buf = (const char*)dataASN[OTHERNAMEASN_IDX_UPN].data.ref.data; buf = (const char*)dataASN[OTHERNAMEASN_IDX_UPN].data.ref.data;
@ -16537,13 +16546,14 @@ static int DecodeOtherHelper(ASNGetData* dataASN, DecodedCert* cert, int oid)
if (ret == 0) { if (ret == 0) {
ret = SetDNSEntry(cert, buf, bufLen, ASN_OTHER_TYPE, &entry); ret = SetDNSEntry(cert, buf, bufLen, ASN_OTHER_TYPE, &entry);
if (ret == 0) { if (ret == 0) {
#ifdef WOLFSSL_FPKI
entry->oidSum = oid; entry->oidSum = oid;
#endif
AddDNSEntryToList(&cert->altNames, entry); AddDNSEntryToList(&cert->altNames, entry);
} }
} }
return ret; return ret;
} }
#endif /* WOLFSSL_FPKI */
/* Decode data with OtherName format from after implicit SEQUENCE. /* Decode data with OtherName format from after implicit SEQUENCE.
* *
@ -16587,15 +16597,14 @@ static int DecodeOtherName(DecodedCert* cert, const byte* input,
#endif /* WOLFSSL_SEP */ #endif /* WOLFSSL_SEP */
#ifdef WOLFSSL_FPKI #ifdef WOLFSSL_FPKI
case FASCN_OID: case FASCN_OID:
#endif /* WOLFSSL_FPKI */
case UPN_OID: case UPN_OID:
ret = DecodeOtherHelper(dataASN, cert, ret = DecodeOtherHelper(dataASN, cert,
dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum); dataASN[OTHERNAMEASN_IDX_TYPEID].data.oid.sum);
break; break;
#endif /* WOLFSSL_FPKI */
default: default:
WOLFSSL_MSG("\tunsupported OID"); WOLFSSL_MSG("\tunsupported OID skipping");
WOLFSSL_ERROR_VERBOSE(ASN_PARSE_E); break;
ret = ASN_PARSE_E;
} }
} }
@ -17861,8 +17870,9 @@ static int DecodeAuthInfo(const byte* input, int sz, DecodedCert* cert)
GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC], GetASN_GetConstRef(&dataASN[ACCESSDESCASN_IDX_LOC],
&cert->extAuthInfo, &sz32); &cert->extAuthInfo, &sz32);
cert->extAuthInfoSz = sz32; cert->extAuthInfoSz = sz32;
#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
count++; count++;
#if !defined(OPENSSL_ALL) || !defined(WOLFSSL_QT) #else
break; break;
#endif #endif
} }
@ -26617,7 +26627,7 @@ static int EncodeExtensions(Cert* cert, byte* output, word32 maxSz,
CERTEXTSASN_IDX_BC_PATHLEN); CERTEXTSASN_IDX_BC_PATHLEN);
} }
#ifdef WOLFSSL_ALT_NAMES #ifdef WOLFSSL_ALT_NAMES
if (!forRequest && cert->altNamesSz > 0) { if (cert->altNamesSz > 0) {
/* Set Subject Alternative Name OID and data. */ /* Set Subject Alternative Name OID and data. */
SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAN_OID], SetASN_Buffer(&dataASN[CERTEXTSASN_IDX_SAN_OID],
sanOID, sizeof(sanOID)); sanOID, sizeof(sanOID));
@ -30945,18 +30955,20 @@ int DecodeECC_DSA_Sig(const byte* sig, word32 sigLen, mp_int* r, mp_int* s)
GetASN_MP(&dataASN[DSASIGASN_IDX_S], s); GetASN_MP(&dataASN[DSASIGASN_IDX_S], s);
/* Decode the DSA signature. */ /* Decode the DSA signature. */
ret = GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 1, sig, &idx, ret = GetASN_Items(dsaSigASN, dataASN, dsaSigASN_Length, 0, sig, &idx,
sigLen); sigLen);
#ifndef NO_STRICT_ECDSA_LEN #ifndef NO_STRICT_ECDSA_LEN
/* sanity check that the index has been advanced all the way to the end of /* sanity check that the index has been advanced all the way to the end of
* the buffer */ * the buffer */
if ((ret == 0) && (idx != sigLen)) { if ((ret == 0) && (idx != sigLen)) {
mp_clear(r);
mp_clear(s);
ret = ASN_ECC_KEY_E; ret = ASN_ECC_KEY_E;
} }
#endif #endif
if (ret != 0) {
mp_clear(r);
mp_clear(s);
}
return ret; return ret;
#endif /* WOLFSSL_ASN_TEMPLATE */ #endif /* WOLFSSL_ASN_TEMPLATE */
} }
@ -35920,13 +35932,14 @@ end:
dcrl->issuer = (byte*)GetNameFromDer((byte*)GetASNItem_Addr( dcrl->issuer = (byte*)GetNameFromDer((byte*)GetASNItem_Addr(
dataASN[CRLASN_IDX_TBS_ISSUER], buff), dataASN[CRLASN_IDX_TBS_ISSUER], buff),
(int)dcrl->issuerSz); (int)dcrl->issuerSz);
#endif
/* Calculate the Hash id from the issuer name. */ /* Calculate the Hash id from the issuer name. */
ret = CalcHashId(GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], buff), ret = CalcHashId(GetASNItem_Addr(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
dcrl->issuerSz, dcrl->issuerHash); GetASNItem_Length(dataASN[CRLASN_IDX_TBS_ISSUER], buff),
dcrl->issuerHash);
if (ret < 0) { if (ret < 0) {
ret = ASN_PARSE_E; ret = ASN_PARSE_E;
} }
#endif
} }
if ((ret == 0) && (dataASN[CRLASN_IDX_TBS_REVOKEDCERTS].tag != 0)) { if ((ret == 0) && (dataASN[CRLASN_IDX_TBS_REVOKEDCERTS].tag != 0)) {