void *X509V3_EXT_d2i(X509_EXTENSION *ext)
{
const X509V3_EXT_METHOD *method;
const unsigned char *p;
ASN1_STRING *extvalue;
int extlen;
if ((method = X509V3_EXT_get(ext)) == NULL)
return NULL;
extvalue = X509_EXTENSION_get_data(ext);
p = ASN1_STRING_get0_data(extvalue);
extlen = ASN1_STRING_length(extvalue);
if (method->it)
return ASN1_item_d2i(NULL, &p, extlen, ASN1_ITEM_ptr(method->it));
return method->d2i(NULL, &p, extlen);
}
STACK_OF(X509_EXTENSION) *
X509_REQ_get_extensions(X509_REQ *req)
{
X509_ATTRIBUTE *attr;
ASN1_TYPE *ext = NULL;
int idx, *pnid;
const unsigned char *p;
if ((req == NULL) || (req->req_info == NULL) || !ext_nids)
return (NULL);
for (pnid = ext_nids; *pnid != NID_undef; pnid++) {
idx = X509_REQ_get_attr_by_NID(req, *pnid, -1);
if (idx == -1)
continue;
attr = X509_REQ_get_attr(req, idx);
if (attr->single)
ext = attr->value.single;
else if (sk_ASN1_TYPE_num(attr->value.set))
ext = sk_ASN1_TYPE_value(attr->value.set, 0);
break;
}
if (!ext || (ext->type != V_ASN1_SEQUENCE))
return NULL;
p = ext->value.sequence->data;
return (STACK_OF(X509_EXTENSION) *)ASN1_item_d2i(NULL, &p,
ext->value.sequence->length, ASN1_ITEM_rptr(X509_EXTENSIONS));
}
void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
{
unsigned char *out;
const unsigned char *p;
void *ret;
int outlen;
if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0)) {
PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
return NULL;
}
p = out;
#ifdef DEBUG_DECRYPT
{
FILE *op;
char fname[30];
static int fnm = 1;
sprintf(fname, "DER%d", fnm++);
op = fopen(fname, "wb");
fwrite (p, 1, outlen, op);
fclose(op);
}
#endif
ret = ASN1_item_d2i(NULL, &p, outlen, it);
if (zbuf) OPENSSL_cleanse(out, outlen);
if(!ret) PKCS12err(PKCS12_F_PKCS12_ITEM_DECRYPT_D2I,PKCS12_R_DECODE_ERROR);
OPENSSL_free(out);
return ret;
}
int FuzzerTestOneInput(const uint8_t *buf, size_t len) {
for (int n = 0; item_type[n] != NULL; ++n) {
const uint8_t *b = buf;
ASN1_VALUE *o = ASN1_item_d2i(NULL, &b, len, item_type[n]);
ASN1_item_free(o, item_type[n]);
}
return 0;
}
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
{
const unsigned char *p;
void *ret;
p = oct->data;
if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
ASN1err(ASN1_F_ASN1_ITEM_UNPACK,ASN1_R_DECODE_ERROR);
return ret;
}
void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it)
{
const unsigned char *p;
void *ret;
p = oct->data;
if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it)))
OPENSSL_PUT_ERROR(ASN1, ASN1_item_unpack, ASN1_R_DECODE_ERROR);
return ret;
}
EXPORT_C void *X509V3_EXT_d2i(X509_EXTENSION *ext)
{
X509V3_EXT_METHOD *method;
const unsigned char *p;
if(!(method = X509V3_EXT_get(ext))) return NULL;
p = ext->value->data;
if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it));
return method->d2i(NULL, &p, ext->value->length);
}
void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
{
BUF_MEM *b = NULL;
const unsigned char *p;
void *ret=NULL;
int len;
len = asn1_d2i_read_bio(in, &b);
if(len < 0) goto err;
p=(const unsigned char *)b->data;
ret=ASN1_item_d2i(x,&p,len, it);
err:
if (b != NULL) BUF_MEM_free(b);
return(ret);
}
void *ASN1_item_dup(const ASN1_ITEM *it, void *x)
{
unsigned char *b = NULL, *p;
long i;
void *ret;
if (x == NULL) return(NULL);
i=ASN1_item_i2d(x,&b,it);
if (b == NULL)
{ ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); }
p= b;
ret=ASN1_item_d2i(NULL,&p,i, it);
OPENSSL_free(b);
return(ret);
}
int protocol_checkcert(void *peer, X509 * cert)
{
struct in_network net;
int i, j;
const unsigned char *p;
void *ext_str = NULL;
const STACK_OF(X509_EXTENSION) * exts = cert->cert_info->extensions;
X509_EXTENSION *ext;
X509V3_EXT_METHOD *method;
STACK_OF(GENERAL_SUBTREE) * trees;
GENERAL_SUBTREE *tree;
for (i = 0; i < sk_X509_EXTENSION_num(exts); i++)
{
ext = sk_X509_EXTENSION_value(exts, i);
if ((method = X509V3_EXT_get(ext))
&& method->ext_nid == NID_name_constraints)
{
p = ext->value->data;
if (method->it)
ext_str = ASN1_item_d2i(NULL, &p, ext->value->length,
ASN1_ITEM_ptr(method->it));
else
ext_str = method->d2i(NULL, &p, ext->value->length);
trees = ((NAME_CONSTRAINTS *) ext_str)->permittedSubtrees;
for (j = 0; j < sk_GENERAL_SUBTREE_num(trees); j++)
{
tree = sk_GENERAL_SUBTREE_value(trees, j);
if (tree->base->type == GEN_IPADD)
p = tree->base->d.ip->data;
if (tree->base->d.ip->length == 8)
{
net.addr.s_addr = *((uint32_t *) p);
net.netmask.s_addr = *((uint32_t *) & p[4]);
printf("%s/", inet_ntoa(net.addr));
printf("%s\n", inet_ntoa(net.netmask));
}
//else if(len == 32) //IPv6
// See openssl/crypto/x509v3/v3_ncons.c:static int print_nc_ipadd()
//else //DNS
// GENERAL_NAME_print(bp, tree->base);
}
}
}
return 0;
}
/*
* Internal static function for decoding of the publication reference.
*/
static int decodePubReference(GTPublicationsFile *pubfile)
{
const unsigned char *p;
assert(pubfile->pub_reference == NULL);
p = pubfile->data + pubfile->pub_reference_begin;
ERR_clear_error();
pubfile->pub_reference = (GTReferences*) ASN1_item_d2i(NULL, &p,
pubfile->signature_block_begin - pubfile->pub_reference_begin,
ASN1_ITEM_rptr(GTReferences));
if (pubfile->pub_reference == NULL) {
return GT_isMallocFailure() ? GT_OUT_OF_MEMORY : GT_INVALID_FORMAT;
}
return GT_OK;
}
int OCSP_REQ_CTX_nbio_d2i(OCSP_REQ_CTX *rctx,
ASN1_VALUE **pval, const ASN1_ITEM *it)
{
int rv, len;
const unsigned char *p;
rv = OCSP_REQ_CTX_nbio(rctx);
if (rv != 1)
return rv;
len = BIO_get_mem_data(rctx->mem, &p);
*pval = ASN1_item_d2i(NULL, &p, len, it);
if (*pval == NULL) {
rctx->state = OHS_ERROR;
return 0;
}
return 1;
}
/* Match a hostname against the contents of a dNSName field of the
subjectAltName extension, if present. This is the preferred place for a
certificate to store its domain name, as opposed to in the commonName field.
It has the advantage that multiple names can be stored, so that one
certificate can match both "example.com" and "www.example.com".
If num_checked is not NULL, the number of dNSName fields that were checked
before returning will be stored in it. This is so you can distinguish between
the check failing because there were names but none matched, or because there
were no names to match. */
static int cert_match_dnsname(X509 *cert, const char *hostname,
unsigned int *num_checked)
{
X509_EXTENSION *ext;
STACK_OF(GENERAL_NAME) *gen_names;
const X509V3_EXT_METHOD *method;
unsigned char *data;
int i;
if (num_checked != NULL)
*num_checked = 0;
i = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
if (i < 0)
return 0;
/* If there's more than one subjectAltName extension, forget it. */
if (X509_get_ext_by_NID(cert, NID_subject_alt_name, i) >= 0)
return 0;
ext = X509_get_ext(cert, i);
/* See the function X509V3_EXT_print in the OpenSSL source for this method
of getting a string value from an extension. */
method = X509V3_EXT_get(ext);
if (method == NULL)
return 0;
/* We must copy this address into a temporary variable because ASN1_item_d2i
increments it. We don't want it to corrupt ext->value->data. */
data = ext->value->data;
/* Here we rely on the fact that the internal representation (the "i" in
"i2d") for NID_subject_alt_name is STACK_OF(GENERAL_NAME). Converting it
to a stack of CONF_VALUE with a i2v method is not satisfactory, because a
CONF_VALUE doesn't contain the length of the value so you can't know the
presence of null bytes. */
#if (OPENSSL_VERSION_NUMBER > 0x00907000L)
if (method->it != NULL) {
gen_names = (STACK_OF(GENERAL_NAME) *) ASN1_item_d2i(NULL,
(const unsigned char **) &data,
ext->value->length, ASN1_ITEM_ptr(method->it));
} else {
static void *pkcs12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
const uint8_t *pass_raw,
size_t pass_raw_len,
ASN1_OCTET_STRING *oct) {
uint8_t *out;
const uint8_t *p;
void *ret;
size_t out_len;
if (!pbe_crypt(algor, pass_raw, pass_raw_len, oct->data, oct->length,
&out, &out_len, 0 /* decrypt */)) {
OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_decrypt_d2i, PKCS8_R_CRYPT_ERROR);
return NULL;
}
p = out;
ret = ASN1_item_d2i(NULL, &p, out_len, it);
OPENSSL_cleanse(out, out_len);
if (!ret) {
OPENSSL_PUT_ERROR(PKCS8, pkcs12_item_decrypt_d2i, PKCS8_R_DECODE_ERROR);
}
OPENSSL_free(out);
return ret;
}
void *
PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it,
const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf)
{
unsigned char *out;
const unsigned char *p;
void *ret;
int outlen;
if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length,
&out, &outlen, 0)) {
PKCS12error(PKCS12_R_PKCS12_PBE_CRYPT_ERROR);
return NULL;
}
p = out;
ret = ASN1_item_d2i(NULL, &p, outlen, it);
if (zbuf)
explicit_bzero(out, outlen);
if (!ret)
PKCS12error(PKCS12_R_DECODE_ERROR);
free(out);
return ret;
}
BASIC_CONSTRAINTS *
d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, const unsigned char **in, long len)
{
return (BASIC_CONSTRAINTS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&BASIC_CONSTRAINTS_it);
}
X509 *
d2i_X509(X509 **a, const unsigned char **in, long len)
{
return (X509 *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&X509_it);
}
char* CERTIFICATE_FILE_CLASS::derDecode(unsigned char **buf_ptrptr, long length)
// DESCRIPTION : Determine the type of the DER data and decode it.
// PRECONDITIONS :
// POSTCONDITIONS :
// EXCEPTIONS :
// NOTES : Returns a pointer to a new'd DVT_STATUS, which must be deleted by the caller
//<<===========================================================================
{
DVT_STATUS status = MSG_ERROR;
unsigned char *p;
STACK_OF(ASN1_TYPE) *inkey_ptr = NULL;
EVP_PKEY *pkey_ptr = NULL;
X509 *cert_ptr = NULL;
int count = 0;
// try to determine the contents of the file [this is adapted from d2i_AutoPrivateKey()]
p = *buf_ptrptr;
inkey_ptr = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE,
ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL);
if (inkey_ptr == NULL)
{
// probably not a DER file
status = MSG_NO_VALUE;
goto end;
}
switch (sk_ASN1_TYPE_num(inkey_ptr))
{
case 3:
// certificate file
p = *buf_ptrptr;
cert_ptr = (X509*)ASN1_item_d2i(NULL, &p, length, ASN1_ITEM_rptr(X509));
if (cert_ptr == NULL)
{
openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding certificate in DER file");
status = MSG_ERROR;
goto end;
}
else
{
// save the certificate
if (!push(cert_ptr))
{
status = MSG_ERROR;
goto end;
}
count++;
}
break;
case 6:
// DSA private key file
p = *buf_ptrptr;
pkey_ptr = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, length);
if (pkey_ptr == NULL)
{
openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file");
status = MSG_ERROR;
goto end;
}
else
{
// save the private key
if (!push(pkey_ptr))
{
status = MSG_ERROR;
goto end;
}
count++;
}
break;
case 9:
// RSA private key file
p = *buf_ptrptr;
pkey_ptr = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, length);
if (pkey_ptr == NULL)
{
openSslM_ptr->printError(loggerM_ptr, LOG_ERROR, "decoding private key in DER file");
status = MSG_ERROR;
goto end;
}
else
{
// save the private key
if (!push(pkey_ptr))
{
status = MSG_ERROR;
goto end;
}
count++;
}
break;
default:
// unknown data
status = MSG_NO_VALUE;
goto end;
}
if (count == 0)
{
status = MSG_NO_VALUE;
}
else
{
status = MSG_OK;
}
end:
if (inkey_ptr != NULL) sk_ASN1_TYPE_pop_free(inkey_ptr, ASN1_TYPE_free);
if (pkey_ptr != NULL) EVP_PKEY_free(pkey_ptr);
if (cert_ptr != NULL) X509_free(cert_ptr);
return (char*)(new DVT_STATUS(status));
}
/**
Search for a hostname match in the SubjectAlternativeNames.
*/
uint32_t
check_san (SSL *ssl, const char *hostname)
{
X509 *cert;
int extcount, ok = 0;
/* What an OpenSSL mess ... */
if (NULL == (cert = SSL_get_peer_certificate(ssl)))
{
die ("Getting certificate failed");
}
if ((extcount = X509_get_ext_count(cert)) > 0)
{
int i;
for (i = 0; i < extcount; ++i)
{
const char *extstr;
X509_EXTENSION *ext;
ext = X509_get_ext(cert, i);
extstr = OBJ_nid2sn(OBJ_obj2nid(X509_EXTENSION_get_object(ext)));
if (!strcmp(extstr, "subjectAltName"))
{
int j;
void *extvalstr;
const unsigned char *tmp;
STACK_OF(CONF_VALUE) *val;
CONF_VALUE *nval;
#if OPENSSL_VERSION_NUMBER >= 0x10000000L
const
#endif
X509V3_EXT_METHOD *method;
if (!(method = X509V3_EXT_get(ext)))
{
break;
}
tmp = ext->value->data;
if (method->it)
{
extvalstr = ASN1_item_d2i(NULL, &tmp, ext->value->length,
ASN1_ITEM_ptr(method->it));
} else {
extvalstr = method->d2i(NULL, &tmp, ext->value->length);
}
if (!extvalstr)
{
break;
}
if (method->i2v)
{
val = method->i2v(method, extvalstr, NULL);
for (j = 0; j < sk_CONF_VALUE_num(val); ++j)
{
nval = sk_CONF_VALUE_value(val, j);
if ((!strcasecmp(nval->name, "DNS") &&
!strcasecmp(nval->value, hostname) ) ||
(!strcasecmp(nval->name, "iPAddress") &&
!strcasecmp(nval->value, hostname)))
{
verb ("V: subjectAltName matched: %s, type: %s", nval->value, nval->name); // We matched this; so it's safe to print
ok = 1;
break;
}
// Attempt to match subjectAltName DNS names
if (!strcasecmp(nval->name, "DNS"))
{
ok = check_wildcard_match_rfc2595(hostname, nval->value);
if (ok)
{
break;
}
}
verb_debug ("V: subjectAltName found but not matched: %s, type: %s",
nval->value, sanitize_string(nval->name));
}
}
} else {
verb_debug ("V: found non subjectAltName extension");
}
if (ok)
{
break;
}
}
} else {
verb_debug ("V: no X509_EXTENSION field(s) found");
}
X509_free(cert);
return ok;
}
X509_ATTRIBUTE *
d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a, const unsigned char **in, long len)
{
return (X509_ATTRIBUTE *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&X509_ATTRIBUTE_it);
}
X509_REVOKED *
d2i_X509_REVOKED(X509_REVOKED **a, const unsigned char **in, long len)
{
return (X509_REVOKED *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&X509_REVOKED_it);
}
PKCS12_SAFEBAG *
d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, const unsigned char **in, long len)
{
return (PKCS12_SAFEBAG *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_SAFEBAG_it);
}
PKCS12_BAGS *
d2i_PKCS12_BAGS(PKCS12_BAGS **a, const unsigned char **in, long len)
{
return (PKCS12_BAGS *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_BAGS_it);
}
X509_CRL_INFO *
d2i_X509_CRL_INFO(X509_CRL_INFO **a, const unsigned char **in, long len)
{
return (X509_CRL_INFO *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&X509_CRL_INFO_it);
}
PROXY_POLICY *
d2i_PROXY_POLICY(PROXY_POLICY **a, const unsigned char **in, long len)
{
return (PROXY_POLICY *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PROXY_POLICY_it);
}
PROXY_CERT_INFO_EXTENSION *
d2i_PROXY_CERT_INFO_EXTENSION(PROXY_CERT_INFO_EXTENSION **a, const unsigned char **in, long len)
{
return (PROXY_CERT_INFO_EXTENSION *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PROXY_CERT_INFO_EXTENSION_it);
}
OTHERNAME *
d2i_OTHERNAME(OTHERNAME **a, const unsigned char **in, long len)
{
return (OTHERNAME *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&OTHERNAME_it);
}
GENERAL_NAMES *
d2i_GENERAL_NAMES(GENERAL_NAMES **a, const unsigned char **in, long len)
{
return (GENERAL_NAMES *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&GENERAL_NAMES_it);
}
PKCS12_MAC_DATA *
d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, const unsigned char **in, long len)
{
return (PKCS12_MAC_DATA *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&PKCS12_MAC_DATA_it);
}
NETSCAPE_SPKAC *
d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a, const unsigned char **in, long len)
{
return (NETSCAPE_SPKAC *)ASN1_item_d2i((ASN1_VALUE **)a, in, len,
&NETSCAPE_SPKAC_it);
}
