2 * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
3 * (Royal Institute of Technology, Stockholm, Sweden).
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * 3. Neither the name of the Institute nor the names of its contributors
18 * may be used to endorse or promote products derived from this software
19 * without specific prior written permission.
21 * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24 * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
41 * All decoding functions take a pointer `p' to first position in
42 * which to read, from the left, `len' which means the maximum number
43 * of characters we are able to read, `ret' were the value will be
44 * returned and `size' where the number of used bytes is stored.
45 * Either 0 or an error code is returned.
49 der_get_unsigned (const unsigned char *p
, size_t len
,
50 unsigned *ret
, size_t *size
)
55 if (len
== sizeof(unsigned) + 1 && p
[0] == 0)
57 else if (len
> sizeof(unsigned))
61 val
= val
* 256 + *p
++;
63 if(size
) *size
= oldlen
;
68 der_get_integer (const unsigned char *p
, size_t len
,
69 int *ret
, size_t *size
)
74 if (len
> sizeof(int))
78 val
= (signed char)*p
++;
80 val
= val
* 256 + *p
++;
83 if(size
) *size
= oldlen
;
88 der_get_length (const unsigned char *p
, size_t len
,
89 size_t *val
, size_t *size
)
106 *val
= ASN1_INDEFINITE
;
113 e
= der_get_unsigned (p
, v
, &tmp
, &l
);
116 if(size
) *size
= l
+ 1;
122 der_get_boolean(const unsigned char *p
, size_t len
, int *data
, size_t *size
)
135 der_get_general_string (const unsigned char *p
, size_t len
,
136 heim_general_string
*str
, size_t *size
)
138 const unsigned char *p1
;
141 p1
= memchr(p
, 0, len
);
144 * Allow trailing NULs. We allow this since MIT Kerberos sends
145 * an strings in the NEED_PREAUTH case that includes a
148 while (p1
- p
< len
&& *p1
== '\0')
151 return ASN1_BAD_CHARACTER
;
154 return ASN1_BAD_LENGTH
;
156 s
= malloc (len
+ 1);
162 if(size
) *size
= len
;
167 der_get_utf8string (const unsigned char *p
, size_t len
,
168 heim_utf8_string
*str
, size_t *size
)
170 return der_get_general_string(p
, len
, str
, size
);
174 der_get_printable_string (const unsigned char *p
, size_t len
,
175 heim_printable_string
*str
, size_t *size
)
177 return der_get_general_string(p
, len
, str
, size
);
181 der_get_ia5_string (const unsigned char *p
, size_t len
,
182 heim_ia5_string
*str
, size_t *size
)
184 return der_get_general_string(p
, len
, str
, size
);
188 der_get_bmp_string (const unsigned char *p
, size_t len
,
189 heim_bmp_string
*data
, size_t *size
)
194 return ASN1_BAD_FORMAT
;
195 data
->length
= len
/ 2;
196 if (data
->length
> UINT_MAX
/sizeof(data
->data
[0]))
198 data
->data
= malloc(data
->length
* sizeof(data
->data
[0]));
199 if (data
->data
== NULL
&& data
->length
!= 0)
202 for (i
= 0; i
< data
->length
; i
++) {
203 data
->data
[i
] = (p
[0] << 8) | p
[1];
206 if (size
) *size
= len
;
212 der_get_universal_string (const unsigned char *p
, size_t len
,
213 heim_universal_string
*data
, size_t *size
)
218 return ASN1_BAD_FORMAT
;
219 data
->length
= len
/ 4;
220 if (data
->length
> UINT_MAX
/sizeof(data
->data
[0]))
222 data
->data
= malloc(data
->length
* sizeof(data
->data
[0]));
223 if (data
->data
== NULL
&& data
->length
!= 0)
226 for (i
= 0; i
< data
->length
; i
++) {
227 data
->data
[i
] = (p
[0] << 24) | (p
[1] << 16) | (p
[2] << 8) | p
[3];
230 if (size
) *size
= len
;
235 der_get_visible_string (const unsigned char *p
, size_t len
,
236 heim_visible_string
*str
, size_t *size
)
238 return der_get_general_string(p
, len
, str
, size
);
242 der_get_octet_string (const unsigned char *p
, size_t len
,
243 heim_octet_string
*data
, size_t *size
)
246 data
->data
= malloc(len
);
247 if (data
->data
== NULL
&& data
->length
!= 0)
249 memcpy (data
->data
, p
, len
);
250 if(size
) *size
= len
;
255 der_get_heim_integer (const unsigned char *p
, size_t len
,
256 heim_integer
*data
, size_t *size
)
278 data
->data
= malloc(data
->length
);
279 if (data
->data
== NULL
) {
285 q
= &((unsigned char*)data
->data
)[data
->length
- 1];
286 p
+= data
->length
- 1;
287 while (q
>= (unsigned char*)data
->data
) {
302 data
->data
= malloc(data
->length
);
303 if (data
->data
== NULL
&& data
->length
!= 0) {
309 memcpy(data
->data
, p
, data
->length
);
317 generalizedtime2time (const char *s
, time_t *t
)
321 memset(&tm
, 0, sizeof(tm
));
322 if (sscanf (s
, "%04d%02d%02d%02d%02d%02dZ",
323 &tm
.tm_year
, &tm
.tm_mon
, &tm
.tm_mday
, &tm
.tm_hour
,
324 &tm
.tm_min
, &tm
.tm_sec
) != 6) {
325 if (sscanf (s
, "%02d%02d%02d%02d%02d%02dZ",
326 &tm
.tm_year
, &tm
.tm_mon
, &tm
.tm_mday
, &tm
.tm_hour
,
327 &tm
.tm_min
, &tm
.tm_sec
) != 6)
328 return ASN1_BAD_TIMEFORMAT
;
336 *t
= _der_timegm (&tm
);
341 der_get_time (const unsigned char *p
, size_t len
,
342 time_t *data
, size_t *size
)
347 if (len
> len
+ 1 || len
== 0)
348 return ASN1_BAD_LENGTH
;
350 times
= malloc(len
+ 1);
353 memcpy(times
, p
, len
);
355 e
= generalizedtime2time(times
, data
);
357 if(size
) *size
= len
;
362 der_get_generalized_time (const unsigned char *p
, size_t len
,
363 time_t *data
, size_t *size
)
365 return der_get_time(p
, len
, data
, size
);
369 der_get_utctime (const unsigned char *p
, size_t len
,
370 time_t *data
, size_t *size
)
372 return der_get_time(p
, len
, data
, size
);
376 der_get_oid (const unsigned char *p
, size_t len
,
377 heim_oid
*data
, size_t *size
)
386 return ASN1_BAD_LENGTH
;
388 if (len
+ 1 > UINT_MAX
/sizeof(data
->components
[0]))
391 data
->components
= malloc((len
+ 1) * sizeof(data
->components
[0]));
392 if (data
->components
== NULL
)
394 data
->components
[0] = (*p
) / 40;
395 data
->components
[1] = (*p
) % 40;
398 for (n
= 2; len
> 0; ++n
) {
403 u1
= u
* 128 + (*p
++ % 128);
404 /* check that we don't overflow the element */
410 } while (len
> 0 && p
[-1] & 0x80);
411 data
->components
[n
] = u
;
413 if (n
> 2 && p
[-1] & 0x80) {
424 der_get_tag (const unsigned char *p
, size_t len
,
425 Der_class
*class, Der_type
*type
,
426 unsigned int *tag
, size_t *size
)
431 *class = (Der_class
)(((*p
) >> 6) & 0x03);
432 *type
= (Der_type
)(((*p
) >> 5) & 0x01);
436 unsigned int continuation
;
442 continuation
= *p
& 128;
443 tag1
= *tag
* 128 + (*p
% 128);
444 /* check that we don't overflow the tag */
446 return ASN1_OVERFLOW
;
449 } while(continuation
);
451 if(size
) *size
= ret
;
456 der_match_tag (const unsigned char *p
, size_t len
,
457 Der_class
class, Der_type type
,
458 unsigned int tag
, size_t *size
)
463 unsigned int thistag
;
466 e
= der_get_tag (p
, len
, &thisclass
, &thistype
, &thistag
, &l
);
468 if (class != thisclass
|| type
!= thistype
)
471 return ASN1_MISPLACED_FIELD
;
473 return ASN1_MISSING_FIELD
;
479 der_match_tag_and_length (const unsigned char *p
, size_t len
,
480 Der_class
class, Der_type type
, unsigned int tag
,
481 size_t *length_ret
, size_t *size
)
486 e
= der_match_tag (p
, len
, class, type
, tag
, &l
);
491 e
= der_get_length (p
, len
, length_ret
, &l
);
496 if(size
) *size
= ret
;
501 * Old versions of DCE was based on a very early beta of the MIT code,
502 * which used MAVROS for ASN.1 encoding. MAVROS had the interesting
503 * feature that it encoded data in the forward direction, which has
504 * it's problems, since you have no idea how long the data will be
505 * until after you're done. MAVROS solved this by reserving one byte
506 * for length, and later, if the actual length was longer, it reverted
507 * to indefinite, BER style, lengths. The version of MAVROS used by
508 * the DCE people could apparently generate correct X.509 DER encodings, and
509 * did this by making space for the length after encoding, but
510 * unfortunately this feature wasn't used with Kerberos.
514 _heim_fix_dce(size_t reallen
, size_t *len
)
516 if(reallen
== ASN1_INDEFINITE
)
525 der_get_bit_string (const unsigned char *p
, size_t len
,
526 heim_bit_string
*data
, size_t *size
)
531 return ASN1_BAD_FORMAT
;
532 if (len
- 1 == 0 && p
[0] != 0)
533 return ASN1_BAD_FORMAT
;
534 /* check if any of the three upper bits are set
535 * any of them will cause a interger overrun */
536 if ((len
- 1) >> (sizeof(len
) * 8 - 3))
538 data
->length
= (len
- 1) * 8;
539 data
->data
= malloc(len
- 1);
540 if (data
->data
== NULL
&& (len
- 1) != 0)
542 memcpy (data
->data
, p
+ 1, len
- 1);
543 data
->length
-= p
[0];
544 if(size
) *size
= len
;