luna - wolfssl/src/ssl

   1/* ssl_asn1.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
  23
  24#include <wolfssl/internal.h>
  25#ifndef WC_NO_RNG
  26    #include <wolfssl/wolfcrypt/random.h>
  27#endif
  28
  29#if !defined(WOLFSSL_SSL_ASN1_INCLUDED)
  30    #ifndef WOLFSSL_IGNORE_FILE_WARN
  31        #warning ssl_asn1.c does not need to be compiled separately from ssl.c
  32    #endif
  33#else
  34
  35/*******************************************************************************
  36 * ASN1_item APIs
  37 ******************************************************************************/
  38
  39#ifndef NO_ASN
  40
  41#ifdef OPENSSL_EXTRA
  42
  43#ifdef OPENSSL_ALL
  44
  45/* Provides access to the member of the obj offset by offset */
  46#define asn1Mem(obj, offset) (*(void**)(((byte*)(obj)) + (offset)))
  47#define asn1Type(obj, offset) (*(int*)(((byte*)(obj)) + (offset)))
  48
  49static void* asn1_new_tpl(const WOLFSSL_ASN1_TEMPLATE *mem)
  50{
  51    if (mem->sequence)
  52        return wolfSSL_sk_new_null();
  53    else
  54        return mem->new_func();
  55}
  56
  57static void* asn1_item_alloc(const WOLFSSL_ASN1_ITEM* item)
  58{
  59    void* ret = NULL;
  60
  61    /* allocation */
  62    switch (item->type) {
  63        case WOLFSSL_ASN1_SEQUENCE:
  64        case WOLFSSL_ASN1_CHOICE:
  65            ret = (void *)XMALLOC(item->size, NULL, DYNAMIC_TYPE_OPENSSL);
  66            if (ret != NULL)
  67                XMEMSET(ret, 0, item->size);
  68            break;
  69        case WOLFSSL_ASN1_OBJECT_TYPE:
  70            if (item->mcount != 1 || item->members->offset) {
  71                WOLFSSL_MSG("incorrect member count or offset");
  72                return NULL;
  73            }
  74            ret = asn1_new_tpl(item->members);
  75            break;
  76        default:
  77            WOLFSSL_MSG("ASN1 type not implemented");
  78            return NULL;
  79    }
  80
  81    return ret;
  82}
  83
  84static int asn1_item_init(void* obj, const WOLFSSL_ASN1_ITEM* item)
  85{
  86    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
  87    size_t i;
  88    int ret = 0;
  89
  90    switch (item->type) {
  91        case WOLFSSL_ASN1_SEQUENCE:
  92            for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
  93                asn1Mem(obj, mem->offset) = asn1_new_tpl(mem);
  94                if (asn1Mem(obj, mem->offset) == NULL) {
  95                    ret = WOLFSSL_FATAL_ERROR;
  96                    break;
  97                }
  98            }
  99            break;
 100        case WOLFSSL_ASN1_OBJECT_TYPE:
 101            /* Initialized by new_func. Nothing to do. */
 102            break;
 103        case WOLFSSL_ASN1_CHOICE:
 104            asn1Type(obj, item->toffset) = -1;
 105            /* We don't know what to initialize. Nothing to do. */
 106            break;
 107        default:
 108            WOLFSSL_MSG("ASN1 type not implemented");
 109            ret = WOLFSSL_FATAL_ERROR;
 110            break;
 111    }
 112
 113    return ret;
 114}
 115
 116/* Create a new ASN1 item based on a template.
 117 *
 118 * @param [in] item  Info about ASN1 items.
 119 * @return  A new ASN1 item on success.
 120 * @return  NULL when item is NULL, dynamic memory allocation fails or ASN1
 121 *          item type not supported.
 122 */
 123void* wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM* item)
 124{
 125    void* ret = NULL;
 126
 127    WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
 128
 129    if (item == NULL)
 130        return NULL;
 131
 132    /* allocation */
 133    ret = asn1_item_alloc(item);
 134    if (ret == NULL)
 135        return NULL;
 136
 137    /* initialization */
 138    if (asn1_item_init(ret, item) != 0) {
 139        wolfSSL_ASN1_item_free(ret, item);
 140        ret = NULL;
 141    }
 142
 143    return ret;
 144}
 145
 146static void asn1_free_tpl(void *obj, const WOLFSSL_ASN1_TEMPLATE *mem)
 147{
 148    if (obj != NULL) {
 149        if (mem->sequence)
 150            wolfSSL_sk_pop_free((WOLFSSL_STACK *)obj, mem->free_func);
 151        else
 152            mem->free_func(obj);
 153    }
 154}
 155
 156/* Dispose of ASN1 item based on a template.
 157 *
 158 * @param [in, out] val  ASN item to free.
 159 * @param [in,      item Info about ASN1 items.
 160 */
 161void wolfSSL_ASN1_item_free(void *obj, const WOLFSSL_ASN1_ITEM *item)
 162{
 163    const WOLFSSL_ASN1_TEMPLATE *mem = NULL;
 164    size_t i;
 165
 166    WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
 167
 168    if (obj != NULL) {
 169        switch (item->type) {
 170            case WOLFSSL_ASN1_SEQUENCE:
 171                for (mem = item->members, i = 0; i < item->mcount; mem++, i++)
 172                    asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
 173                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
 174                break;
 175            case WOLFSSL_ASN1_CHOICE:
 176                if (asn1Type(obj, item->toffset) < 0)
 177                    break; /* type not set */
 178                for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
 179                    if (asn1Type(obj, item->toffset) == mem->tag) {
 180                        asn1_free_tpl(asn1Mem(obj, mem->offset), mem);
 181                        break;
 182                    }
 183                }
 184                XFREE(obj, NULL, DYNAMIC_TYPE_OPENSSL);
 185                break;
 186            case WOLFSSL_ASN1_OBJECT_TYPE:
 187                asn1_free_tpl(obj, item->members);
 188                break;
 189            default:
 190                WOLFSSL_MSG("ASN1 type not implemented");
 191                break;
 192        }
 193    }
 194}
 195
 196static int i2d_asn1_items(const void* obj, byte** buf,
 197        const WOLFSSL_ASN1_TEMPLATE* mem)
 198{
 199    int len = 0;
 200    int ret = 0;
 201    if (mem->sequence) {
 202        const WOLFSSL_STACK* sk = (WOLFSSL_STACK *)asn1Mem(obj, mem->offset);
 203        int ski; /* stack index */
 204        int innerLen = 0;
 205        /* Figure out the inner length first */
 206        for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
 207            ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), NULL);
 208            if (ret <= 0)
 209                break;
 210            innerLen += ret;
 211        }
 212        if (ret <= 0)
 213            return 0;
 214        if (buf != NULL && *buf != NULL) {
 215            /* Now write it out */
 216            int writeLen = 0;
 217            *buf += SetSequence((word32)innerLen, *buf);
 218            for (ski = 0; ski < wolfSSL_sk_num(sk); ski++) {
 219                ret = mem->i2d_func(wolfSSL_sk_value(sk, ski), buf);
 220                if (ret <= 0)
 221                    break;
 222                writeLen += ret;
 223            }
 224            if (ret <= 0 || writeLen != innerLen)
 225                return 0;
 226        }
 227        len = (int)SetSequence((word32)innerLen, NULL) + innerLen;
 228    }
 229    else {
 230        ret = mem->i2d_func(asn1Mem(obj, mem->offset),
 231                buf != NULL && *buf != NULL ? buf : NULL);
 232        if (ret <= 0)
 233            return 0;
 234        len = ret;
 235    }
 236    return len;
 237}
 238
 239/* Encode members of an ASN.1 SEQUENCE as DER.
 240 *
 241 * @param [in]      src      ASN1 items to encode.
 242 * @param [in, out] buf      Buffer to encode into. May be NULL.
 243 * @param [in]      members  ASN1 template members.
 244 * @param [in]      mcount   Count of template members.
 245 * @return  Length of DER encoding on success.
 246 * @return  0 on failure.
 247 */
 248static int wolfssl_i2d_asn1_items(const void* obj, byte* buf,
 249    const WOLFSSL_ASN1_TEMPLATE* members, size_t mcount)
 250{
 251    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
 252    int len = 0;
 253    int ret;
 254    size_t i;
 255
 256    WOLFSSL_ENTER("wolfssl_i2d_asn1_items");
 257
 258    for (mem = members, i = 0; i < mcount; mem++, i++) {
 259        byte* tmp = buf;
 260        if (mem->ex && mem->tag >= 0) {
 261            /* Figure out the inner length */
 262            int innerLen = 0;
 263            int hdrLen = 0;
 264            ret = i2d_asn1_items(obj, NULL, mem);
 265            if (ret <= 0) {
 266                len = 0;
 267                break;
 268            }
 269            innerLen = ret;
 270            hdrLen = SetExplicit((byte)mem->tag, (word32)innerLen, buf, 0);
 271            len += hdrLen;
 272            if (buf != NULL)
 273                buf += hdrLen;
 274        }
 275
 276        ret = i2d_asn1_items(obj, &buf, mem);
 277        if (ret <= 0) {
 278            len = 0;
 279            break;
 280        }
 281
 282        if (buf != NULL && tmp != NULL && !mem->ex && mem->tag >= 0) {
 283            byte imp[ASN_TAG_SZ + MAX_LENGTH_SZ];
 284            /* Encode the implicit tag; There's other stuff in the upper bits
 285             * of the integer tag, so strip out everything else for value. */
 286            SetImplicit(tmp[0], (byte)(mem->tag), 0, imp, 0);
 287            tmp[0] = imp[0];
 288        }
 289        len += ret;
 290    }
 291
 292    WOLFSSL_LEAVE("wolfssl_i2d_asn1_items", len);
 293
 294    return len;
 295}
 296
 297/* Encode sequence and items under it.
 298 *
 299 * @param [in]      src  ASN1 items to encode.
 300 * @param [in, out] buf  Buffer to encode into. May be NULL.
 301 * @param [in]      tpl  Template of ASN1 items.
 302 * @return  Length of DER encoding on success.
 303 * @return  0 on failure.
 304 */
 305static int i2d_ASN_SEQUENCE(const void* obj, byte* buf,
 306    const WOLFSSL_ASN1_ITEM* item)
 307{
 308    word32 seq_len;
 309    word32 len = 0;
 310
 311    seq_len = (word32)wolfssl_i2d_asn1_items(obj, NULL, item->members,
 312        item->mcount);
 313    if (seq_len != 0) {
 314        len = SetSequence(seq_len, buf);
 315        if (buf != NULL) {
 316            if (wolfssl_i2d_asn1_items(obj, buf + len, item->members,
 317                    item->mcount) > 0)
 318                len += seq_len; /* success */
 319            else
 320                len = 0; /* error */
 321        }
 322        else
 323            len += seq_len;
 324    }
 325
 326    return (int)len;
 327}
 328
 329static int i2d_ASN_CHOICE(const void* obj, byte* buf,
 330        const WOLFSSL_ASN1_ITEM* item)
 331{
 332    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
 333    size_t i;
 334
 335    if (asn1Type(obj, item->toffset) < 0)
 336        return 0; /* type not set */
 337    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
 338        if (asn1Type(obj, item->toffset) == mem->tag) {
 339            return wolfssl_i2d_asn1_items(obj, buf, mem, 1);
 340        }
 341    }
 342    return 0;
 343}
 344
 345static int i2d_ASN_OBJECT_TYPE(const void* obj, byte* buf,
 346        const WOLFSSL_ASN1_ITEM* item)
 347{
 348    /* To be able to use wolfssl_i2d_asn1_items without any modifications,
 349     * pass in a pointer to obj so that asn1Mem uses the correct pointer. */
 350    const void ** obj_pp = &obj;
 351    return wolfssl_i2d_asn1_items(obj_pp, buf, item->members, item->mcount);
 352}
 353
 354/* Encode ASN1 template item.
 355 *
 356 * @param [in]      src  ASN1 items to encode.
 357 * @param [in, out] buf  Buffer to encode into. May be NULL.
 358 * @param [in]      tpl  Template of ASN1 items.
 359 * @return  Length of DER encoding on success.
 360 * @return  0 on failure.
 361 */
 362static int wolfssl_asn1_item_encode(const void* obj, byte* buf,
 363    const WOLFSSL_ASN1_ITEM* item)
 364{
 365    int len;
 366
 367    switch (item->type) {
 368        case WOLFSSL_ASN1_SEQUENCE:
 369            len = i2d_ASN_SEQUENCE(obj, buf, item);
 370            break;
 371        case WOLFSSL_ASN1_OBJECT_TYPE:
 372            len = i2d_ASN_OBJECT_TYPE(obj, buf, item);
 373            break;
 374        case WOLFSSL_ASN1_CHOICE:
 375            len = i2d_ASN_CHOICE(obj, buf, item);
 376            break;
 377        default:
 378            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
 379            len = 0;
 380    }
 381
 382    return len;
 383}
 384
 385/* Encode ASN1 template.
 386 *
 387 * @param [in]      src   ASN1 items to encode.
 388 * @param [in, out] dest  Pointer to buffer to encode into. May be NULL.
 389 * @param [in]      tpl   Template of ASN1 items.
 390 * @return  Length of DER encoding on success.
 391 * @return  WOLFSSL_FATAL_ERROR on failure.
 392 */
 393int wolfSSL_ASN1_item_i2d(const void* obj, byte** dest,
 394    const WOLFSSL_ASN1_ITEM* item)
 395{
 396    int ret = 1;
 397    int len = 0;
 398
 399    WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
 400
 401    /* Validate parameters. */
 402    if ((obj == NULL) || (item == NULL)) {
 403        ret = 0;
 404    }
 405
 406    if ((ret == 1) && ((len = wolfssl_asn1_item_encode(obj, NULL, item)) == 0))
 407        ret = 0;
 408
 409    if ((ret == 1) && (dest != NULL)) {
 410        byte* buf = NULL;
 411        if (*dest == NULL) {
 412            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
 413            if (buf == NULL)
 414                ret = 0;
 415        }
 416        else
 417            buf = *dest;
 418
 419        if (ret == 1) {
 420            len = wolfssl_asn1_item_encode(obj, buf, item);
 421            if (len <= 0)
 422                ret = 0;
 423        }
 424
 425        if (ret == 1) {
 426            if (*dest == NULL)
 427                *dest = buf;
 428            else
 429                *dest += len;
 430        }
 431        if (ret == 0 && *dest == NULL)
 432            XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
 433    }
 434
 435    if (ret == 0) {
 436        len = WOLFSSL_FATAL_ERROR;
 437    }
 438    WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
 439    return len;
 440}
 441
 442static void* d2i_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
 443        long* len)
 444{
 445    void* ret;
 446    const byte* tmp = *src;
 447    ret = mem->d2i_func(NULL, &tmp, *len);
 448    if (ret == NULL) {
 449        WOLFSSL_MSG("d2i error");
 450        return NULL;
 451    }
 452    if (tmp <= *src) {
 453        WOLFSSL_MSG("ptr not advanced");
 454        mem->free_func(ret); /* never a stack so we can call this directly */
 455        return NULL;
 456    }
 457    *len -= (long)(tmp - *src);
 458    *src = tmp;
 459    return ret;
 460}
 461
 462static void* d2i_generic_obj(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
 463        long* len)
 464{
 465    void* ret = NULL;
 466    if (mem->sequence) {
 467        long skl = 0;
 468        int slen = 0;
 469        WOLFSSL_STACK* sk = NULL;
 470        word32 idx = 0;
 471        const byte* tmp = *src;
 472        if (GetSequence(tmp, &idx, &slen, (word32)*len) < 0)
 473            goto error;
 474        skl = (long)slen;
 475        tmp += idx;
 476        ret = sk = wolfSSL_sk_new_null();
 477        while (skl > 0) {
 478            void* new_obj = d2i_obj(mem, &tmp, &skl);
 479            if (new_obj == NULL) {
 480                WOLFSSL_MSG("d2i_obj failed");
 481                goto error;
 482            }
 483            if (wolfSSL_sk_insert(sk, new_obj, -1) <= 0) {
 484                mem->free_func(new_obj);
 485                WOLFSSL_MSG("push failed");
 486                goto error;
 487            }
 488        }
 489        if (skl != 0) {
 490            WOLFSSL_MSG("l not zero after sequence");
 491            goto error;
 492        }
 493        *len -= (long)slen;
 494        *src = tmp;
 495    }
 496    else {
 497        ret = d2i_obj(mem, src, len);
 498    }
 499    return ret;
 500error:
 501    asn1_free_tpl(ret, mem);
 502    return NULL;
 503}
 504
 505static int d2i_handle_tags(const WOLFSSL_ASN1_TEMPLATE* mem, const byte** src,
 506        long* len, byte** impBuf, int* asnLen)
 507{
 508    if (mem->tag >= 0) {
 509        byte tag = 0;
 510        word32 idx = 0;
 511        if (mem->ex) {
 512            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
 513                    (byte)(ASN_CONTEXT_SPECIFIC | ASN_CONSTRUCTED | mem->tag)
 514                        != tag ||
 515                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
 516                WOLFSSL_MSG("asn tag error");
 517                return WOLFSSL_FATAL_ERROR;
 518            }
 519            *len -= idx;
 520            *src += idx;
 521        }
 522        else {
 523            /* Underlying d2i functions won't be able to handle the implicit
 524             * tag so we substitute it for the expected tag. */
 525            if (mem->first_byte == 0) {
 526                WOLFSSL_MSG("first byte not set");
 527                return WOLFSSL_FATAL_ERROR;
 528            }
 529            if (GetASNTag(*src, &idx, &tag, (word32)*len) < 0 ||
 530                    (byte)mem->tag != (tag & ASN_TYPE_MASK) ||
 531                    GetLength(*src, &idx, asnLen, (word32)*len) < 0) {
 532                WOLFSSL_MSG("asn tag error");
 533                return WOLFSSL_FATAL_ERROR;
 534            }
 535            *asnLen += idx; /* total buffer length */
 536            *impBuf = (byte*)XMALLOC(*asnLen, NULL,
 537                    DYNAMIC_TYPE_TMP_BUFFER);
 538            if (*impBuf == NULL) {
 539                WOLFSSL_MSG("malloc error");
 540                return WOLFSSL_FATAL_ERROR;
 541            }
 542            XMEMCPY(*impBuf, *src, *asnLen);
 543            (*impBuf)[0] = mem->first_byte;
 544        }
 545    }
 546    return 0;
 547}
 548
 549static void* d2i_generic(const WOLFSSL_ASN1_TEMPLATE* mem,
 550        const byte** src, long* len)
 551{
 552    int asnLen = -1;
 553    const byte *tmp = NULL;
 554    void* ret = NULL;
 555    byte* impBuf = NULL;
 556    long l;
 557
 558    if (*len <= 0) {
 559        WOLFSSL_MSG("buffer too short");
 560        return NULL;
 561    }
 562
 563    if (d2i_handle_tags(mem, src, len, &impBuf, &asnLen) != 0) {
 564        WOLFSSL_MSG("tags error");
 565        goto error;
 566    }
 567
 568    if (impBuf != NULL)
 569        tmp = impBuf;
 570    else
 571        tmp = *src;
 572    l = (long)(asnLen >= 0 ? asnLen : *len);
 573    ret = d2i_generic_obj(mem, &tmp, &l);
 574    if (l < 0) {
 575        WOLFSSL_MSG("ptr advanced too far");
 576        goto error;
 577    }
 578    if (impBuf != NULL) {
 579        tmp = *src + (tmp - impBuf); /* for the next calculation */
 580        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 581        impBuf = NULL;
 582    }
 583    if (asnLen >= 0 && (int)(tmp - *src) != asnLen) {
 584        WOLFSSL_MSG("ptr not advanced enough");
 585        goto error;
 586    }
 587    *len -= (long)(tmp - *src);
 588    *src = tmp;
 589    return ret;
 590error:
 591    asn1_free_tpl(ret, mem);
 592    if (impBuf != NULL)
 593        XFREE(impBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
 594    return NULL;
 595}
 596
 597static int d2i_ASN_SEQUENCE(void* obj, const byte **src, long len,
 598        const WOLFSSL_ASN1_ITEM* item)
 599{
 600    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
 601    int err;
 602    word32 idx = 0;
 603    int slen = 0;
 604    size_t i;
 605    const byte* s = *src;
 606
 607    err = GetSequence(s, &idx, &slen, (word32)len);
 608    if (err <= 0) {
 609        WOLFSSL_MSG("GetSequence error");
 610        return WOLFSSL_FATAL_ERROR;
 611    }
 612    s += idx;
 613    len -= idx;
 614
 615    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
 616        asn1Mem(obj, mem->offset) = d2i_generic(mem, &s, &len);
 617        if (asn1Mem(obj, mem->offset) == NULL) {
 618            WOLFSSL_MSG("d2i error");
 619            return WOLFSSL_FATAL_ERROR;
 620        }
 621    }
 622    *src = s;
 623    return 0;
 624}
 625
 626static int d2i_ASN_CHOICE(void* obj, const byte **src, long len,
 627        const WOLFSSL_ASN1_ITEM* item)
 628{
 629    const WOLFSSL_ASN1_TEMPLATE* mem = NULL;
 630    size_t i;
 631
 632    for (mem = item->members, i = 0; i < item->mcount; mem++, i++) {
 633        asn1Mem(obj, mem->offset) = d2i_generic(mem, src, &len);
 634        if (asn1Mem(obj, mem->offset) != NULL) {
 635            asn1Type(obj, item->toffset) = mem->tag;
 636            return 0;
 637        }
 638    }
 639    WOLFSSL_MSG("der does not decode with any CHOICE");
 640    return WOLFSSL_FATAL_ERROR;
 641}
 642
 643static void* d2i_ASN_OBJECT_TYPE(const byte **src, long len,
 644        const WOLFSSL_ASN1_ITEM* item)
 645{
 646    return d2i_generic(item->members, src, &len);
 647}
 648
 649void* wolfSSL_ASN1_item_d2i(void** dst, const byte **src, long len,
 650        const WOLFSSL_ASN1_ITEM* item)
 651{
 652    void* obj = NULL;
 653    int err = 0;
 654    const byte *tmp;
 655
 656    WOLFSSL_ENTER("wolfSSL_ASN1_item_d2i");
 657
 658    if (src == NULL || *src == NULL || len <= 0 || item == NULL) {
 659        WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", 0);
 660        return NULL;
 661    }
 662
 663    tmp = *src;
 664
 665    /* Create an empty object. */
 666
 667    switch (item->type) {
 668        case WOLFSSL_ASN1_SEQUENCE:
 669        case WOLFSSL_ASN1_CHOICE:
 670            obj = asn1_item_alloc(item);
 671            if (obj == NULL)
 672                return NULL;
 673            break;
 674        case WOLFSSL_ASN1_OBJECT_TYPE:
 675            /* allocated later */
 676            break;
 677        default:
 678            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
 679            return NULL;
 680    }
 681
 682    switch (item->type) {
 683        case WOLFSSL_ASN1_SEQUENCE:
 684            err = d2i_ASN_SEQUENCE(obj, &tmp, len, item);
 685            break;
 686        case WOLFSSL_ASN1_CHOICE:
 687            err = d2i_ASN_CHOICE(obj, &tmp, len, item);
 688            break;
 689        case WOLFSSL_ASN1_OBJECT_TYPE:
 690            obj = d2i_ASN_OBJECT_TYPE(&tmp, len, item);
 691            if (obj == NULL)
 692                err = WOLFSSL_FATAL_ERROR;
 693            break;
 694        default:
 695            WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_d2i");
 696            err = WOLFSSL_FATAL_ERROR;
 697            break;
 698    }
 699
 700    if (err == 0)
 701        *src = tmp;
 702    else {
 703        wolfSSL_ASN1_item_free(obj, item);
 704        obj = NULL;
 705    }
 706
 707    if (dst != NULL && obj != NULL) {
 708        if (*dst != NULL)
 709            wolfSSL_ASN1_item_free(*dst, item);
 710        *dst = obj;
 711    }
 712
 713    WOLFSSL_LEAVE("wolfSSL_ASN1_item_d2i", obj != NULL);
 714    return obj;
 715}
 716
 717#endif /* OPENSSL_ALL */
 718
 719#endif /* OPENSSL_EXTRA */
 720
 721/*******************************************************************************
 722 * ASN1_BIT_STRING APIs
 723 ******************************************************************************/
 724
 725#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
 726    defined(WOLFSSL_WPAS_SMALL)
 727/* Create a new ASN.1 BIT_STRING object.
 728 *
 729 * @return  ASN.1 BIT_STRING object on success.
 730 * @return  NULL when dynamic memory allocation fails.
 731 */
 732WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void)
 733{
 734    WOLFSSL_ASN1_BIT_STRING* bitStr;
 735
 736    bitStr = (WOLFSSL_ASN1_BIT_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_BIT_STRING),
 737        NULL, DYNAMIC_TYPE_OPENSSL);
 738    if (bitStr) {
 739        XMEMSET(bitStr, 0, sizeof(WOLFSSL_ASN1_BIT_STRING));
 740    }
 741
 742    return bitStr;
 743}
 744
 745/* Dispose of ASN.1 BIT_STRING object.
 746 *
 747 * Do not use bitStr after calling this function.
 748 *
 749 * @param [in, out] bitStr  ASN.1 BIT_STRING to free. May be NULL.
 750 */
 751void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* bitStr)
 752{
 753    if (bitStr != NULL) {
 754        /* Dispose of any data allocated in BIT_STRING. */
 755        XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
 756    }
 757    /* Dispose of the ASN.1 BIT_STRING object. */
 758    XFREE(bitStr, NULL, DYNAMIC_TYPE_OPENSSL);
 759}
 760
 761/* Get the value of the bit from the ASN.1 BIT_STRING at specified index.
 762 *
 763 * A NULL object a value of 0 for the bit at all indices.
 764 * A negative index has a value of 0 for the bit.
 765 *
 766 * @param [in] bitStr  ASN.1 BIT_STRING object.
 767 * @param [in] i       Index of bit.
 768 * @return  Value of bit.
 769 */
 770int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* bitStr,
 771    int i)
 772{
 773    int bit = 0;
 774
 775    /* Check for data and whether index is in range. */
 776    if ((bitStr != NULL) && (bitStr->data != NULL) && (i >= 0) &&
 777            (bitStr->length > (i / 8))) {
 778        bit = (bitStr->data[i / 8] & (1 << (7 - (i % 8)))) ? 1 : 0;
 779    }
 780
 781    return bit;
 782}
 783
 784/* Grow data to require length.
 785 *
 786 * @param [in] bitStr  ASN.1 BIT_STRING object.
 787 * @param [in] len     Length, in bytes, of data required.
 788 * @return  1 on success.
 789 * @return  0 when dynamic memory allocation fails.
 790 */
 791static int wolfssl_asn1_bit_string_grow(WOLFSSL_ASN1_BIT_STRING* bitStr,
 792    int len)
 793{
 794    int ret = 1;
 795    byte* tmp;
 796
 797#ifdef WOLFSSL_NO_REALLOC
 798    tmp = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
 799    if (tmp != NULL && bitStr->data != NULL) {
 800       XMEMCPY(tmp, bitStr->data, bitStr->length);
 801       XFREE(bitStr->data, NULL, DYNAMIC_TYPE_OPENSSL);
 802       bitStr->data = NULL;
 803    }
 804#else
 805    /* Realloc to length required. */
 806    tmp = (byte*)XREALLOC(bitStr->data, (size_t)len, NULL,
 807        DYNAMIC_TYPE_OPENSSL);
 808#endif
 809    if (tmp == NULL) {
 810        ret = 0;
 811    }
 812    else {
 813        /* Clear out new, top bytes. */
 814        if (len > bitStr->length)
 815            XMEMSET(tmp + bitStr->length, 0, (size_t)(len - bitStr->length));
 816        bitStr->data = tmp;
 817        bitStr->length = len;
 818    }
 819
 820    return ret;
 821}
 822
 823/* Set the value of a bit in the ASN.1 BIT_STRING at specified index.
 824 *
 825 * @param [in] bitStr  ASN.1 BIT_STRING object.
 826 * @param [in] idx     Index of bit to set.
 827 * @param [in] val     Value of bit to set. Valid values: 0 or 1.
 828 * @return  1 on success.
 829 * @return  0 when bitStr is NULL, idx is negative, val is not 0 or 1, or
 830 *          dynamic memory allocation fails.
 831 */
 832int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* bitStr, int idx,
 833    int val)
 834{
 835    int ret = 1;
 836    int i = 0;
 837
 838    /* Validate parameters. */
 839    if ((bitStr == NULL) || (idx < 0) || ((val != 0) && (val != 1))) {
 840        ret = 0;
 841    }
 842
 843    if (ret == 1) {
 844        i = idx / 8;
 845
 846        /* Check if we need to extend data range. */
 847        if ((i >= bitStr->length) && (val != 0)) {
 848            /* Realloc data to handle having bit set at index. */
 849            ret = wolfssl_asn1_bit_string_grow(bitStr, i + 1);
 850        }
 851    }
 852    if ((ret == 1) && (i < bitStr->length)) {
 853        /* Bit on at index. */
 854        byte bit = 1 << (7 - (idx % 8));
 855
 856        /* Clear bit and set to value. */
 857        bitStr->data[i] &= ~bit;
 858        bitStr->data[i] |= bit & (byte)(0 - val);
 859    }
 860
 861    return ret;
 862}
 863
 864/* Serialize object to DER encoding
 865 *
 866 * @param bstr Object to serialize
 867 * @param pp  Output
 868 * @return Length on success
 869 *         Negative number on failure
 870 */
 871int wolfSSL_i2d_ASN1_BIT_STRING(const WOLFSSL_ASN1_BIT_STRING* bstr,
 872        unsigned char** pp)
 873{
 874    int len;
 875    unsigned char* buf;
 876
 877    if (bstr == NULL || (bstr->data == NULL && bstr->length != 0))
 878        return WOLFSSL_FATAL_ERROR;
 879
 880    len = (int)SetBitString((word32)bstr->length, 0, NULL) + bstr->length;
 881    if (pp != NULL) {
 882        word32 idx;
 883
 884        if (*pp != NULL)
 885            buf = *pp;
 886        else {
 887            buf = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_ASN1);
 888            if (buf == NULL)
 889                return WOLFSSL_FATAL_ERROR;
 890        }
 891
 892        idx = SetBitString((word32)bstr->length, 0, buf);
 893        if (bstr->length > 0)
 894            XMEMCPY(buf + idx, bstr->data, (size_t)bstr->length);
 895
 896        if (*pp != NULL)
 897            *pp += len;
 898        else
 899            *pp = buf;
 900    }
 901
 902    return len;
 903}
 904
 905WOLFSSL_ASN1_BIT_STRING* wolfSSL_d2i_ASN1_BIT_STRING(
 906        WOLFSSL_ASN1_BIT_STRING** out, const byte** src, long len)
 907{
 908    WOLFSSL_ASN1_BIT_STRING* ret = NULL;
 909#ifdef WOLFSSL_ASN_TEMPLATE
 910    word32 idx = 0;
 911    byte tag = 0;
 912    int length = 0;
 913
 914    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_BIT_STRING");
 915
 916    if (src == NULL || *src == NULL || len == 0)
 917        return NULL;
 918
 919    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
 920        return NULL;
 921    if (tag != ASN_BIT_STRING)
 922        return NULL;
 923    if (GetLength(*src, &idx, &length, (word32)len) < 0)
 924        return NULL;
 925    if (GetASN_BitString(*src, idx, length) != 0)
 926        return NULL;
 927    idx++; /* step over unused bits */
 928    length--;
 929
 930    ret = wolfSSL_ASN1_BIT_STRING_new();
 931    if (ret == NULL)
 932        return NULL;
 933
 934    if (wolfssl_asn1_bit_string_grow(ret, length) != 1) {
 935        wolfSSL_ASN1_BIT_STRING_free(ret);
 936        return NULL;
 937    }
 938
 939    XMEMCPY(ret->data, *src + idx, length);
 940    *src += idx + (word32)length;
 941
 942    if (out != NULL) {
 943        if (*out != NULL)
 944            wolfSSL_ASN1_BIT_STRING_free(*out);
 945        *out = ret;
 946    }
 947#else
 948    WOLFSSL_MSG("d2i_ASN1_BIT_STRING needs --enable-asn=template");
 949    (void)out;
 950    (void)src;
 951    (void)len;
 952#endif
 953    return ret;
 954}
 955
 956#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
 957
 958/*******************************************************************************
 959 * ASN1_INTEGER APIs
 960 ******************************************************************************/
 961
 962#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
 963/* Create a new empty ASN.1 INTEGER object.
 964 *
 965 * @return  ASN.1 INTEGER object on success.
 966 * @return  NULL when dynamic memory allocation fails.
 967 */
 968WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void)
 969{
 970    WOLFSSL_ASN1_INTEGER* a;
 971
 972    /* Allocate a new ASN.1 INTEGER object. */
 973    a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
 974        DYNAMIC_TYPE_OPENSSL);
 975    if (a != NULL) {
 976        XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER));
 977        /* Use fixed buffer field for data. */
 978        a->data      = a->intData;
 979        a->isDynamic = 0;
 980        /* Maximum supported by fixed buffer. */
 981        a->dataMax   = WOLFSSL_ASN1_INTEGER_MAX;
 982        /* No value set - no data. */
 983        a->length    = 0;
 984    }
 985
 986    return a;
 987}
 988
 989/* Free the ASN.1 INTEGER object and any dynamically allocated data.
 990 *
 991 * @param [in, out] in  ASN.1 INTEGER object.
 992 */
 993void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in)
 994{
 995    if ((in != NULL) && (in->isDynamic)) {
 996        /* Dispose of any data allocated in INTEGER. */
 997        XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL);
 998    }
 999    /* Dispose of the ASN.1 INTEGER object. */
1000    XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL);
1001}
1002
1003/* Get the length of the raw integer value bytes, stripping the DER tag/length
1004 * header if present. Required for OpenSSL compatibility where ASN1_INTEGER is
1005 * typedef'd to ASN1_STRING and callers use ASN1_STRING_length() on integers.
1006 *
1007 * @param [in] ai  ASN.1 INTEGER object.
1008 * @return  Length of the raw integer value on success.
1009 * @return  0 when ai is NULL or data is invalid.
1010 */
1011int wolfSSL_ASN1_INTEGER_get_length(const WOLFSSL_ASN1_INTEGER* ai)
1012{
1013    if (ai == NULL || ai->data == NULL || ai->length <= 0) {
1014        return 0;
1015    }
1016    if (ai->data[0] == ASN_INTEGER) {
1017        word32 idx = 1;
1018        int len = 0;
1019        if (GetLength(ai->data, &idx, &len, (word32)ai->length) >= 0 &&
1020                idx + (word32)len == (word32)ai->length) {
1021            return len;
1022        }
1023    }
1024    /* WOLFSSL_QT / WOLFSSL_HAPROXY format: raw bytes without DER header,
1025     * or data that coincidentally starts with 0x02 but whose header+value
1026     * boundaries do not span exactly ai->length. */
1027    return ai->length;
1028}
1029
1030/* Get a pointer to the raw integer value bytes, skipping the DER tag/length
1031 * header if present. Required for OpenSSL compatibility where ASN1_INTEGER is
1032 * typedef'd to ASN1_STRING and callers use ASN1_STRING_get0_data() on integers.
1033 *
1034 * @param [in] ai  ASN.1 INTEGER object.
1035 * @return  Pointer to the raw integer value bytes on success.
1036 * @return  NULL when ai is NULL or data is invalid.
1037 */
1038const unsigned char* wolfSSL_ASN1_INTEGER_get0_data(const WOLFSSL_ASN1_INTEGER* ai)
1039{
1040    if (ai == NULL || ai->data == NULL || ai->length <= 0) {
1041        return NULL;
1042    }
1043    if (ai->data[0] == ASN_INTEGER) {
1044        word32 idx = 1;
1045        int len = 0;
1046        if (GetLength(ai->data, &idx, &len, (word32)ai->length) >= 0 &&
1047                idx + (word32)len == (word32)ai->length) {
1048            return ai->data + idx;
1049        }
1050    }
1051    /* WOLFSSL_QT / WOLFSSL_HAPROXY format: raw bytes without DER header,
1052     * or data that coincidentally starts with 0x02 but whose header+value
1053     * boundaries do not span exactly ai->length. */
1054    return ai->data;
1055}
1056
1057#if defined(OPENSSL_EXTRA)
1058/* Reset the data of ASN.1 INTEGER object back to empty fixed array.
1059 *
1060 * @param [in] a  ASN.1 INTEGER object.
1061 */
1062static void wolfssl_asn1_integer_reset_data(WOLFSSL_ASN1_INTEGER* a)
1063{
1064    /* Don't use dynamic buffer anymore. */
1065    if (a->isDynamic) {
1066        /* Cache pointer to allocated data. */
1067        unsigned char* data = a->data;
1068        /* No longer dynamic. */
1069        a->isDynamic = 0;
1070        /* Point data at fixed array. */
1071        a->data = a->intData;
1072        /* Set maximum length to fixed array size. */
1073        a->dataMax = (unsigned int)sizeof(a->intData);
1074        /* Dispose of dynamically allocated data. */
1075        XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL);
1076    }
1077    /* Clear out data from fixed array. */
1078    XMEMSET(a->intData, 0, sizeof(a->intData));
1079    /* No data, no length. */
1080    a->length = 0;
1081    /* No data, not negative. */
1082    a->negative = 0;
1083    /* Set type to positive INTEGER. */
1084    a->type = WOLFSSL_V_ASN1_INTEGER;
1085}
1086#endif /* OPENSSL_EXTRA */
1087
1088/* Setup ASN.1 INTEGER object to handle data of required length.
1089 *
1090 * @param [in, out] a    ASN.1 INTEGER object.
1091 * @param [in]      len  Required length in bytes.
1092 * @return  1 on success.
1093 * @return  0 on dynamic memory allocation failure.
1094 */
1095static int wolfssl_asn1_integer_require_len(WOLFSSL_ASN1_INTEGER* a, int len,
1096    int keepOldData)
1097{
1098    int ret = 1;
1099    byte* data;
1100    byte* oldData = a->intData;
1101
1102    if (a->isDynamic && (len > (int)a->dataMax)) {
1103        oldData = a->data;
1104        a->isDynamic = 0;
1105        a->data = a->intData;
1106        a->dataMax = (unsigned int)sizeof(a->intData);
1107    }
1108    if ((!a->isDynamic) && (len > (int)a->dataMax)) {
1109        /* Create a new buffer to hold large integer value. */
1110        data = (byte*)XMALLOC((size_t)len, NULL, DYNAMIC_TYPE_OPENSSL);
1111        if (data == NULL) {
1112            ret = 0;
1113        }
1114        else {
1115            /* Indicate data is dynamic and copy data over. */
1116            a->isDynamic = 1;
1117            a->data = data;
1118            a->dataMax = (word32)len;
1119        }
1120    }
1121    if (keepOldData) {
1122         if (oldData != a->data) {
1123             /* Copy old data into new buffer. */
1124             XMEMCPY(a->data, oldData, (size_t)a->length);
1125         }
1126    } else {
1127        a->length = 0;
1128    }
1129    if (oldData != a->intData) {
1130         /* Dispose of the old dynamic data. */
1131         XFREE(oldData, NULL, DYNAMIC_TYPE_OPENSSL);
1132    }
1133
1134    return ret;
1135}
1136
1137/* Duplicate the ASN.1 INTEGER object into a newly allocated one.
1138 *
1139 * @param [in] src  ASN.1 INTEGER object to copy.
1140 * @return  ASN.1 INTEGER object on success.
1141 * @return  NULL when src is NULL or dynamic memory allocation fails.
1142 */
1143WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
1144{
1145    WOLFSSL_ASN1_INTEGER* dst = NULL;
1146
1147    WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup");
1148
1149    /* Check for object to duplicate. */
1150    if (src != NULL) {
1151        /* Create a new ASN.1 INTEGER object to be copied into. */
1152        dst = wolfSSL_ASN1_INTEGER_new();
1153    }
1154    /* Check for object to copy into. */
1155    if (dst != NULL) {
1156        /* Copy simple fields. */
1157        dst->length   = src->length;
1158        dst->negative = src->negative;
1159        dst->type     = src->type;
1160
1161        if (!src->isDynamic) {
1162            /* Copy over data from/to fixed buffer. */
1163            XMEMCPY(dst->intData, src->intData, WOLFSSL_ASN1_INTEGER_MAX);
1164        }
1165        else if (wolfssl_asn1_integer_require_len(dst, src->length, 0) == 0) {
1166            wolfSSL_ASN1_INTEGER_free(dst);
1167            dst = NULL;
1168        }
1169        else {
1170            XMEMCPY(dst->data, src->data, (size_t)src->length);
1171        }
1172    }
1173
1174    return dst;
1175}
1176#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
1177
1178#if defined(OPENSSL_EXTRA)
1179
1180/* Compare values in two ASN.1 INTEGER objects.
1181 *
1182 * @param [in] a  First ASN.1 INTEGER object.
1183 * @param [in] b  Second ASN.1 INTEGER object.
1184 * @return Negative value when a is less than b.
1185 * @return 0 when a equals b.
1186 * @return Positive value when a is greater than b.
1187 * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
1188 */
1189int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
1190    const WOLFSSL_ASN1_INTEGER* b)
1191{
1192    int ret = 0;
1193
1194    WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_cmp");
1195
1196    /* Validate parameters. */
1197    if ((a == NULL) || (b == NULL)) {
1198        WOLFSSL_MSG("Bad parameter.");
1199        ret = WOLFSSL_FATAL_ERROR;
1200    }
1201    /* Negative value < Positive value */
1202    else if (a->negative && !b->negative) {
1203        ret = -2; /* avoid collision with WOLFSSL_FATAL_ERROR */
1204    }
1205    /* Positive value > Negative value */
1206    else if (!a->negative && b->negative) {
1207        ret = 1;
1208    }
1209    else {
1210        /* Check for difference in length. */
1211        if (a->length != b->length) {
1212            ret = a->length - b->length;
1213        }
1214        else {
1215            /* Compare data given they are the same length. */
1216            ret = XMEMCMP(a->data, b->data, (size_t)a->length);
1217        }
1218        /* Reverse comparison result when both negative. */
1219        if (a->negative) {
1220            ret = -ret;
1221        }
1222    }
1223
1224    WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_cmp", ret);
1225
1226    return ret;
1227}
1228
1229
1230/* Calculate 2's complement of DER encoding.
1231 *
1232 * @param [in]  data    Array that is number.
1233 * @param [in]  length  Number of bytes in array.
1234 * @return  0 on success.
1235 * @return  -1 when get length from DER header failed.
1236 */
1237static void wolfssl_twos_compl(byte* data, int length)
1238{
1239    int i;
1240
1241    /* Invert bits - 1's complement. */
1242    for (i = 0; i < length; ++i) {
1243        data[i] = ~data[i];
1244    }
1245    /* 2's complement - add 1. */
1246    for (i = length - 1; (++data[i]) == 0; --i) {
1247        /* Do nothing. */
1248    }
1249}
1250
1251/* Calculate 2's complement of DER encoding.
1252 *
1253 * @param [in|out] data Array that is number.
1254 * @param [in]  length  Number of bytes in array.
1255 * @param [out] neg     When NULL, 2's complement data.
1256 *                      When not NULL, check for negative first and return.
1257 * @return  0 on success.
1258 * @return  -1 when get length from DER header failed.
1259 */
1260static int wolfssl_asn1_int_twos_compl(byte* data, int length, byte* neg)
1261{
1262    int ret = 0;
1263    word32 idx = 1;     /* Skip tag. */
1264    int len;
1265
1266    /* Get length from DER header. */
1267    if (GetLength(data, &idx, &len, (word32)length) < 0) {
1268        ret = WOLFSSL_FATAL_ERROR;
1269    }
1270    else {
1271        if (neg != NULL) {
1272            *neg = data[idx] & 0x80;
1273        }
1274        if ((neg == NULL) || (*neg != 0)) {
1275            wolfssl_twos_compl(data + idx, length - (int)idx);
1276        }
1277    }
1278
1279    return ret;
1280}
1281
1282/* Encode ASN.1 INTEGER as DER without tag.
1283 *
1284 * When out points to NULL, a new buffer is allocated and returned.
1285 *
1286 * @param [in]      a    ASN.1 INTEGER object.
1287 * @param [in, out] out  Pointer to buffer to hold encoding. May point to NULL.
1288 * @return  Length of encoding on success.
1289 * @return  -1 when a is NULL or no data, out is NULL, dynamic memory allocation
1290 *          fails or encoding length fails.
1291 */
1292int wolfSSL_i2d_ASN1_INTEGER(const WOLFSSL_ASN1_INTEGER* a, unsigned char** pp)
1293{
1294    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_INTEGER");
1295
1296    /* Validate parameters. */
1297    if (a == NULL || a->data == NULL || a->length <= 0) {
1298        WOLFSSL_MSG("Bad parameter.");
1299        return WOLFSSL_FATAL_ERROR;
1300    }
1301
1302    if (pp != NULL) {
1303        byte* buf;
1304
1305        if (*pp != NULL)
1306            buf = *pp;
1307        else {
1308            buf = (byte*)XMALLOC((size_t)a->length, NULL, DYNAMIC_TYPE_ASN1);
1309            if (buf == NULL)
1310                return WOLFSSL_FATAL_ERROR;
1311        }
1312
1313        /* Copy the data (including tag and length) into output buffer. */
1314        XMEMCPY(buf, a->data, (size_t)a->length);
1315        /* Only magnitude of the number stored (i.e. the sign isn't encoded).
1316         * The "negative" field is 1 if the value must be interpreted as
1317         * negative and we need to output the 2's complement of the value in
1318         * the DER output.
1319         */
1320        if (a->negative &&
1321                wolfssl_asn1_int_twos_compl(buf, a->length, NULL) != 0) {
1322            if (*pp == NULL)
1323                XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
1324            return WOLFSSL_FATAL_ERROR;
1325        }
1326
1327        if (*pp != NULL)
1328            *pp += a->length;
1329        else
1330            *pp = buf;
1331    }
1332
1333    return a->length;
1334}
1335
1336/* Decode DER encoding of ASN.1 INTEGER.
1337 *
1338 * @param [out]     a     ASN.1 INTEGER object. May be NULL.
1339 * @param [in, out] in    Pointer to buffer containing DER encoding.
1340 * @param [in]      inSz  Length of data in buffer.
1341 * @return  ASN.1 INTEGER object on success.
1342 * @return  NULL when in or *in is NULL, inSz is less than or equal to 2 or
1343 *          parsing DER failed.
1344 */
1345WOLFSSL_ASN1_INTEGER* wolfSSL_d2i_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER** a,
1346    const unsigned char** in, long inSz)
1347{
1348    WOLFSSL_ASN1_INTEGER* ret = NULL;
1349    int err = 0;
1350    word32 idx = 1;
1351    int len = 0;
1352
1353    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_INTEGER");
1354
1355    /* Validate parameters. */
1356    if ((in == NULL) || (*in == NULL) || (inSz <= 2)) {
1357        WOLFSSL_MSG("Bad parameter");
1358        err = 1;
1359    }
1360
1361    /* Check that the tag is correct. */
1362    if ((!err) && (*in)[0] != ASN_INTEGER) {
1363        WOLFSSL_MSG("Tag doesn't indicate integer type.");
1364        err = 1;
1365    }
1366    /* Check that length and use this instead of inSz. */
1367    if ((!err) && (GetLength(*in, &idx, &len, (word32)inSz) <= 0)) {
1368        WOLFSSL_MSG("ASN.1 length not valid.");
1369        err = 1;
1370    }
1371    /* Allocate a new ASN.1 INTEGER object. */
1372    if ((!err) && ((ret = wolfSSL_ASN1_INTEGER_new()) == NULL)) {
1373        err = 1;
1374    }
1375    if ((!err) && (wolfssl_asn1_integer_require_len(ret, (int)idx + len, 0) !=
1376            1)) {
1377        err = 1;
1378    }
1379    if (!err) {
1380        /* Set type. */
1381        ret->type = WOLFSSL_V_ASN1_INTEGER;
1382
1383        /* Copy DER encoding and length. */
1384        XMEMCPY(ret->data, *in, (size_t)(idx + (word32)len));
1385        ret->length = (int)idx + len;
1386        /* Do 2's complement if number is negative. */
1387        if (wolfssl_asn1_int_twos_compl(ret->data, ret->length, &ret->negative)
1388                != 0) {
1389            err = 1;
1390        }
1391    }
1392    if ((!err) && ret->negative) {
1393        /* Update type if number was negative. */
1394        ret->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
1395    }
1396
1397    if (err) {
1398        /* Dispose of dynamically allocated data on error. */
1399        wolfSSL_ASN1_INTEGER_free(ret);
1400        ret = NULL;
1401    }
1402    else {
1403        if (a != NULL) {
1404            /* Return ASN.1 INTEGER through a. */
1405            *a = ret;
1406        }
1407        *in += ret->length;
1408    }
1409
1410    return ret;
1411}
1412
1413#ifndef NO_BIO
1414
1415/* Get length of leading hexadecimal characters.
1416 *
1417 * Looks for continuation character before carriage returns and line feeds.
1418 *
1419 * @param [in]  str   String with input.
1420 * @param [in]  len   Length of string.
1421 * @param [out] cont  Line continuation character at end of line before
1422 *                    carriage returns and line feeds.
1423 * @return  Number of leading hexadecimal characters in string.
1424 */
1425static int wolfssl_a2i_asn1_integer_clear_to_eol(char* str, int len, int* cont)
1426{
1427    byte num;
1428    word32 nLen;
1429    int i;
1430
1431    /* Strip off trailing carriage returns and line feeds. */
1432    while ((len > 0) && ((str[len - 1] == '\n') || (str[len - 1] == '\r'))) {
1433        len--;
1434    }
1435    /* Check for line continuation character. */
1436    if ((len > 0) && (str[len - 1] == '\\')) {
1437        *cont = 1;
1438        len--;
1439    }
1440    else {
1441        *cont = 0;
1442    }
1443
1444    /* Find end of hexadecimal characters. */
1445    nLen = 1;
1446    for (i = 0; i < len; i++) {
1447        /* Check if character is a hexadecimal character. */
1448        if (Base16_Decode((const byte*)str + i, 1, &num, &nLen) ==
1449            WC_NO_ERR_TRACE(ASN_INPUT_E))
1450        {
1451            /* Found end of hexadecimal characters, return count. */
1452            len = i;
1453            break;
1454        }
1455    }
1456
1457    return len;
1458}
1459
1460/* Read number from BIO as a string.
1461 *
1462 * Line continuation character at end of line means next line must be read.
1463 *
1464 * @param [in]      bio   BIO to read from.
1465 * @param [in]      asn1  ASN.1 INTEGER object to put number into.
1466 * @param [in, out] buf   Buffer to use when reading.
1467 * @param [in]      size  Length of buffer in bytes.
1468 * @return  1 on success.
1469 * @return  0 on failure.
1470 */
1471int wolfSSL_a2i_ASN1_INTEGER(WOLFSSL_BIO *bio, WOLFSSL_ASN1_INTEGER *asn1,
1472    char *buf, int size)
1473{
1474    int ret = 1;
1475    int readNextLine = 1;
1476    int len;
1477    word32 outLen = 0;
1478    const int hdrSz = 1 + MAX_LENGTH_SZ;
1479
1480    WOLFSSL_ENTER("wolfSSL_a2i_ASN1_INTEGER");
1481
1482    if ((bio == NULL) || (asn1 == NULL) || (buf == NULL) || (size <= 0)) {
1483        WOLFSSL_MSG("Bad parameter");
1484        ret = 0;
1485    }
1486
1487    while ((ret == 1) && readNextLine) {
1488        int lineLen;
1489
1490        /* Assume we won't be reading any more. */
1491        readNextLine = 0;
1492
1493        /* Read a line. */
1494        lineLen = wolfSSL_BIO_gets(bio, buf, size);
1495        if (lineLen <= 0) {
1496            WOLFSSL_MSG("wolfSSL_BIO_gets error");
1497            ret = 0;
1498        }
1499
1500        if (ret == 1) {
1501            /* Find length of hexadecimal digits in string. */
1502            lineLen = wolfssl_a2i_asn1_integer_clear_to_eol(buf, lineLen,
1503                &readNextLine);
1504            /* Check we have a valid hexadecimal string to process. */
1505            if ((lineLen == 0) || ((lineLen % 2) != 0)) {
1506                WOLFSSL_MSG("Invalid line length");
1507                ret = 0;
1508            }
1509        }
1510        if (ret == 1) {
1511            /* Calculate length of complete number so far. */
1512            len = asn1->length + (lineLen / 2);
1513            /* Make sure enough space for number and maximum header. */
1514            if (wolfssl_asn1_integer_require_len(asn1, len + hdrSz, outLen != 0)
1515                    != 1) {
1516                ret = 0;
1517            }
1518        }
1519        if (ret == 1) {
1520            /* Decode string and append to data. */
1521            outLen = (word32)(lineLen / 2);
1522            (void)Base16_Decode((byte*)buf, (word32)lineLen,
1523                asn1->data + asn1->length, &outLen);
1524            /* Update length of data. */
1525            asn1->length += (int)outLen;
1526        }
1527    }
1528
1529    if (ret == 1) {
1530        int idx;
1531
1532        /* Get ASN.1 header length. */
1533        idx = SetASNInt(asn1->length, asn1->data[0], NULL);
1534        /* Move data to be after ASN.1 header. */
1535        XMEMMOVE(asn1->data + idx, asn1->data, (size_t)asn1->length);
1536        /* Encode ASN.1 header. */
1537        SetASNInt(asn1->length, asn1->data[idx], asn1->data);
1538        /* Update length of data. */
1539        asn1->length += idx;
1540    }
1541
1542    return ret;
1543}
1544
1545/* Write out number in ASN.1 INTEGER object to BIO as string.
1546 *
1547 * @param [in] bp  BIO to write to.
1548 * @param [in] a   ASN.1 INTEGER object.
1549 * @return  Number of characters written on success.
1550 * @return  0 when bp or a is NULL.
1551 * @return  0 DER header in data is invalid.
1552 */
1553int wolfSSL_i2a_ASN1_INTEGER(WOLFSSL_BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
1554{
1555    int err = 0;
1556    word32 idx = 1;     /* Skip ASN.1 INTEGER tag byte. */
1557    int len = 0;
1558    byte buf[WOLFSSL_ASN1_INTEGER_MAX * 2 + 1];
1559    word32 bufLen;
1560
1561    WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER");
1562
1563    /* Validate parameters. */
1564    if ((bp == NULL) || (a == NULL)) {
1565         err = 1;
1566    }
1567
1568    if (!err) {
1569        /* Read DER length - must be at least 1 byte. */
1570        if (GetLength(a->data, &idx, &len, (word32)a->length) <= 0) {
1571            err = 1;
1572        }
1573    }
1574
1575    /* Keep encoding and writing while no error and bytes in data. */
1576    while ((!err) && (idx < (word32)a->length)) {
1577        /* Number of bytes left to encode. */
1578        int encLen = a->length - (int)idx;
1579        /* Reduce to maximum buffer size if necessary. */
1580        if (encLen > (int)sizeof(buf) / 2) {
1581            encLen = (int)sizeof(buf) / 2;
1582        }
1583
1584        /* Encode bytes from data into buffer. */
1585        bufLen = (int)sizeof(buf);
1586        (void)Base16_Encode(a->data + idx, (word32)encLen, buf, &bufLen);
1587        /* Update index to next bytes to encoded. */
1588        idx += (word32)encLen;
1589
1590        /* Write out characters but not NUL char. */
1591        if (wolfSSL_BIO_write(bp, buf, (int)bufLen - 1) != (int)(bufLen - 1)) {
1592            err = 1;
1593        }
1594    }
1595
1596    if (err) {
1597        /* Return 0 on error. */
1598        len = 0;
1599    }
1600    /* Return total number of characters written. */
1601    return len * 2;
1602}
1603#endif /* !NO_BIO */
1604
1605#ifndef NO_ASN
1606/* Determine if a pad byte is required and its value for a number.
1607 *
1608 * Assumes values pointed to by pad and padVal are both 0.
1609 *
1610 * @param [in]       data    Number encoded as big-endian bytes.
1611 * @param [in]       len     Length of number in bytes.
1612 * @param [in, out]  neg     Indicates number is negative.
1613 * @param [out]      pad     Number of padding bytes required.
1614 * @param [out]      padVal  Padding byte to prepend.
1615 */
1616static void wolfssl_asn1_integer_pad(unsigned char* data, int len,
1617    unsigned char* neg, char* pad, unsigned char* padVal)
1618{
1619    /* Check for empty data. */
1620    if (len == 0) {
1621        *pad = 1;
1622        *padVal = 0x00;
1623        *neg = 0;
1624    }
1625    else {
1626        /* Get first, most significant, byte of encoded number. */
1627        unsigned char firstByte = data[0];
1628
1629        /* 0 can't be negative. */
1630        if ((len == 1) && (firstByte == 0x00)) {
1631            *neg = 0;
1632        }
1633        /* Positive value must not have top bit of first byte set. */
1634        if ((!*neg) && (firstByte >= 0x80)) {
1635            *pad = 1;
1636            *padVal = 0x00;
1637        }
1638        /* Negative numbers are two's complemented.
1639         * Two's complement value must have top bit set.
1640         */
1641        else if (*neg && (firstByte > 0x80)) {
1642            *pad = 1;
1643            *padVal = 0xff;
1644        }
1645        /* Checking for: 0x80[00]*
1646         * when negative that when two's complemented will be: 0x80[00]*
1647         * and therefore doesn't require pad byte.
1648         */
1649        else if (*neg && (firstByte == 0x80)) {
1650            int i;
1651            /* Check rest of bytes. */
1652            for (i = 1; i < len; i++) {
1653                if (data[i] != 0x00) {
1654                    /* Not 0x80[00]* */
1655                    *pad = 1;
1656                    *padVal = 0xff;
1657                    break;
1658                }
1659            }
1660        }
1661    }
1662}
1663
1664/* Convert ASN.1 INTEGER object into content octets.
1665 *
1666 * TODO: compatibility with OpenSSL? OpenSSL assumes data not DER encoded.
1667 *
1668 * When pp points to a buffer, on success pp will point to after the encoded
1669 * data.
1670 *
1671 * @param [in]      a   ASN.1 INTEGER object.
1672 * @param [in, out] pp  Pointer to buffer. May be NULL. Cannot point to NULL.
1673 * @return  Length of encoding on success.
1674 * @return  0 when a is NULL, pp points to NULL or DER length encoding invalid.
1675 */
1676int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp)
1677{
1678    int err = 0;
1679    int len = 0;
1680    char pad = 0;
1681    unsigned char padVal = 0;
1682    word32 idx = 1;
1683
1684    WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER");
1685
1686    /* Validate parameters. */
1687    if ((a == NULL) || ((pp != NULL) && (*pp == NULL))) {
1688        err = 1;
1689    }
1690
1691    /* Get length from DER encoding. */
1692    if ((!err) && (GetLength_ex(a->data, &idx, &len, a->dataMax, 0) < 0)) {
1693        err = 1;
1694    }
1695
1696    if (!err) {
1697        /* Determine pad length and value. */
1698        wolfssl_asn1_integer_pad(a->data + idx, len, &a->negative, &pad,
1699            &padVal);
1700        /* Total encoded length is number length plus one when padding. */
1701        len += (int)pad;
1702    }
1703
1704    /* Check buffer supplied to write into. */
1705    if ((!err) && (pp != NULL)) {
1706        /* Put in any pad byte. */
1707        if (pad) {
1708            (*pp)[0] = padVal;
1709        }
1710        /* Copy remaining bytes into output buffer. */
1711        XMEMCPY(*pp + pad, a->data + idx, (size_t)(len - pad));
1712        /* Two's complement copied bytes when negative. */
1713        if (a->negative) {
1714            wolfssl_twos_compl(*pp + pad, len - pad);
1715        }
1716        /* Move pointer past encoded data. */
1717        *pp += len;
1718    }
1719
1720    return len;
1721}
1722
1723/* Make a big number with the value in the ASN.1 INTEGER object.
1724 *
1725 * A new big number object is allocated when bn is NULL.
1726 *
1727 * @param [in] ai  ASN.1 INTEGER object.
1728 * @param [in] bn  Big number object. May be NULL.
1729 * @return  Big number object on success.
1730 * @return  NULL when ai is NULL or converting from binary fails.
1731 */
1732WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
1733    WOLFSSL_BIGNUM *bn)
1734{
1735    int err = 0;
1736    word32 idx = 1;
1737    int len = 0;
1738    WOLFSSL_BIGNUM* ret = NULL;
1739
1740    WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN");
1741
1742    /* Validate parameters. */
1743    if (ai == NULL) {
1744        err = 1;
1745    }
1746
1747    if (!err) {
1748        /* Get the length of ASN.1 INTEGER number. */
1749        if ((ai->data[0] != ASN_INTEGER) || (GetLength(ai->data, &idx, &len,
1750                (word32)ai->length) <= 0)) {
1751        #if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY)
1752            idx = 0;
1753            len = ai->length;
1754        #else
1755            WOLFSSL_MSG("Data in WOLFSSL_ASN1_INTEGER not DER encoded");
1756            err = 1;
1757        #endif
1758        }
1759    }
1760    if (!err) {
1761        /* Convert binary to big number. */
1762        ret = wolfSSL_BN_bin2bn(ai->data + idx, len, bn);
1763        if (ret != NULL) {
1764            /* Handle negative. */
1765            (void)wolfssl_bn_set_neg(ret, ai->negative);
1766        }
1767    }
1768
1769    return ret;
1770}
1771#endif /* !NO_ASN */
1772
1773/* Create an ASN.1 INTEGER object from big number.
1774 *
1775 * Allocates a new ASN.1 INTEGER object when ai is NULL.
1776 *
1777 * @param [in] bn  Big number to encode.
1778 * @param [in] ai  ASN.1 INTEGER object. May be NULL.
1779 * @return  ASN.1 INTEGER object on success.
1780 * @return  NULL when dynamic memory allocation fails.
1781 */
1782WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn,
1783    WOLFSSL_ASN1_INTEGER *ai)
1784{
1785    int err = 0;
1786    WOLFSSL_ASN1_INTEGER* a = NULL;
1787    int len = 0;
1788    int numBits = 0;
1789    byte firstByte = 0;
1790
1791    WOLFSSL_ENTER("wolfSSL_BN_to_ASN1_INTEGER");
1792
1793    /* Validate parameters. */
1794    if (bn == NULL) {
1795        err = 1;
1796    }
1797    /* Use ASN.1 INTEGER object if provided. */
1798    else if (ai != NULL) {
1799        a = ai;
1800    }
1801    /* Create an ASN.1 INTEGER object to return. */
1802    else {
1803        a = wolfSSL_ASN1_INTEGER_new();
1804        if (a == NULL) {
1805            err = 1;
1806        }
1807    }
1808
1809    /* Check we have an ASN.1 INTEGER object to set. */
1810    if (!err) {
1811        int length;
1812
1813        /* Set type and negative. */
1814        a->type = WOLFSSL_V_ASN1_INTEGER;
1815        if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
1816            a->negative = 1;
1817            a->type |= WOLFSSL_V_ASN1_NEG_INTEGER;
1818        }
1819
1820        /* Get length in bytes of encoded number. */
1821        len = wolfSSL_BN_num_bytes(bn);
1822        if (len == 0) {
1823            len = 1;
1824        }
1825        /* Get length in bits of encoded number. */
1826        numBits = wolfSSL_BN_num_bits(bn);
1827        /* Leading zero required if most-significant byte has top bit set. */
1828        if ((numBits > 0) && (numBits % 8) == 0) {
1829            firstByte = 0x80;
1830        }
1831        /* Get length of header based on length of number. */
1832        length = SetASNInt(len, firstByte, NULL);
1833        /* Add number of bytes to encode number. */
1834        length += len;
1835
1836        /* Update data field to handle length. */
1837        if (wolfssl_asn1_integer_require_len(a, length, 0) != 1) {
1838            err = 1;
1839        }
1840    }
1841    if (!err) {
1842        /* Write ASN.1 header. */
1843        int idx = SetASNInt(len, firstByte, a->data);
1844
1845        /* Populate data. */
1846        if (numBits == 0) {
1847            a->data[idx] = 0;
1848        }
1849        else {
1850            /* Add encoded number. */
1851            len = wolfSSL_BN_bn2bin(bn, a->data + idx);
1852            if (len < 0) {
1853                err = 1;
1854            }
1855        }
1856
1857        /* Set length to encoded length. */
1858        a->length = idx + len;
1859    }
1860
1861    if (err) {
1862        /* Can't use ASN.1 INTEGER object. */
1863        if (a != ai) {
1864            wolfSSL_ASN1_INTEGER_free(a);
1865        }
1866        a = NULL;
1867    }
1868    return a;
1869}
1870
1871/* Get the value of the ASN.1 INTEGER as a long.
1872 *
1873 * Returning 0 on NULL and -1 on error is consistent with OpenSSL.
1874 *
1875 * @param [in] a  ASN.1 INTEGER object.
1876 * @return  Value as a long.
1877 * @return  0 when a is NULL.
1878 * @return  -1 when a big number operation fails.
1879 */
1880long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* a)
1881{
1882    long ret = 1;
1883    WOLFSSL_BIGNUM* bn = NULL;
1884
1885    WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_get");
1886
1887    /* Validate parameter. */
1888    if (a == NULL) {
1889        ret = 0;
1890    }
1891
1892    if (ret > 0) {
1893        /* Create a big number from the DER encoding. */
1894        bn = wolfSSL_ASN1_INTEGER_to_BN(a, NULL);
1895        if (bn == NULL) {
1896            ret = WOLFSSL_FATAL_ERROR;
1897        }
1898    }
1899    if (ret > 0) {
1900        /* Get the big number as a word. */
1901        ret = (long)wolfSSL_BN_get_word(bn);
1902        /* Negate number of ASN.1 INTEGER was negative. */
1903        if (a->negative == 1) {
1904            ret = -ret;
1905        }
1906    }
1907
1908    /* Dispose of big number as no longer needed. */
1909    if (bn != NULL) {
1910        wolfSSL_BN_free(bn);
1911    }
1912
1913    WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_get", (int)ret);
1914
1915    return ret;
1916}
1917
1918
1919/* Sets the value of the ASN.1 INTEGER object to the long value.
1920 *
1921 * @param [in, out] a  ASN.1 INTEGER object.
1922 * @param [in]      v  Value to set.
1923 * @return  1 on success.
1924 * @return  0 when a is NULL.
1925 */
1926int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
1927{
1928    int ret = 1;
1929
1930    /* Validate parameters. */
1931    if (a == NULL) {
1932        ret = 0;
1933    }
1934    if (ret == 1) {
1935        byte j;
1936        unsigned int i = 0;
1937        byte tmp[sizeof(long)];
1938        byte pad = 0;
1939
1940        wolfssl_asn1_integer_reset_data(a);
1941
1942        /* Check for negative. */
1943        if (v < 0) {
1944            /* Set negative and 2's complement the value. */
1945            a->negative = 1;
1946            a->type |= WOLFSSL_V_ASN1_NEG;
1947            v = -v;
1948        }
1949
1950        /* Put value into temporary buffer - at least one byte encoded. */
1951        tmp[0] = (byte)(v & 0xff);
1952        v >>= 8;
1953        for (j = 1; j < (byte)sizeof(long); j++) {
1954            if (v == 0) {
1955                break;
1956            }
1957            tmp[j] = (byte)(v & 0xff);
1958            v >>= 8;
1959        }
1960        /* Pad with 0x00 to indicate positive number when top bit set. */
1961        if ((!a->negative) && (tmp[j-1] & 0x80)) {
1962            pad = 1;
1963        }
1964
1965        /* Set tag. */
1966        a->data[i++] = ASN_INTEGER;
1967        /* Set length of encoded value. */
1968        a->data[i++] = pad + j;
1969        /* Set length of DER encoding. +2 for tag and length */
1970        a->length = 2 + pad + j;
1971
1972        /* Add pad byte if required. */
1973        if (pad == 1) {
1974            a->data[i++] = 0;
1975        }
1976        /* Copy in data. */
1977        for (; j > 0; j--) {
1978            a->data[i++] = tmp[j-1];
1979        }
1980    }
1981
1982    return ret;
1983}
1984
1985#endif /* OPENSSL_EXTRA */
1986
1987/*******************************************************************************
1988 * ASN1_OBJECT APIs
1989 ******************************************************************************/
1990
1991#if !defined(NO_ASN)
1992#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
1993/* Create a new ASN.1 OBJECT_ID object.
1994 *
1995 * @return  ASN.1 OBJECT_ID object on success.
1996 * @return  NULL when dynamic memory allocation fails.
1997 */
1998WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
1999{
2000    WOLFSSL_ASN1_OBJECT* obj;
2001
2002    /* Allocate memory for new ASN.1 OBJECT. */
2003    obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,
2004        DYNAMIC_TYPE_ASN1);
2005    if (obj != NULL) {
2006        XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
2007        /* Setup pointers. */
2008        obj->d.ia5 = &(obj->d.ia5_internal);
2009    #if defined(OPENSSL_ALL)
2010        obj->d.iPAddress = &(obj->d.iPAddress_internal);
2011    #endif
2012        /* Object was allocated. */
2013        obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
2014    }
2015
2016    return obj;
2017}
2018
2019/* Dispose of any ASN.1 OBJECT_ID dynamically allocated data.
2020 *
2021 * Do not use obj after calling this function.
2022 *
2023 * @param [in, out] obj  ASN.1 OBJECT_ID object.
2024 */
2025void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
2026{
2027    if (obj != NULL) {
2028        /* Check for dynamically allocated copy of encoded data. */
2029        if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) {
2030        #ifdef WOLFSSL_DEBUG_OPENSSL
2031            WOLFSSL_MSG("Freeing ASN1 data");
2032        #endif
2033            XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
2034            obj->obj = NULL;
2035        }
2036    #if defined(OPENSSL_EXTRA)
2037        /* Check for path length ASN.1 INTEGER - X.509 extension. */
2038        if (obj->pathlen != NULL) {
2039            wolfSSL_ASN1_INTEGER_free(obj->pathlen);
2040            obj->pathlen = NULL;
2041        }
2042    #endif
2043        /* Check whether object was dynamically allocated. */
2044        if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
2045    #ifdef WOLFSSL_DEBUG_OPENSSL
2046            WOLFSSL_MSG("Freeing ASN1 OBJECT");
2047    #endif
2048            XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
2049        }
2050    }
2051}
2052
2053/* Duplicate the ASN.1 OBJECT_ID object.
2054 *
2055 * @param [in] obj  ASN.1 OBJECT_ID object to copy.
2056 * @return  New ASN.1 OBJECT_ID object on success.
2057 * @return  NULL when obj is NULL or dynamic memory allocation fails.
2058 */
2059WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_dup(WOLFSSL_ASN1_OBJECT* obj)
2060{
2061    WOLFSSL_ASN1_OBJECT* dupl = NULL;
2062
2063    WOLFSSL_ENTER("wolfSSL_ASN1_OBJECT_dup");
2064
2065    /* Validate parameter. */
2066    if (obj == NULL) {
2067        WOLFSSL_MSG("Bad parameter");
2068    }
2069    /* Create a new ASN.1 OBJECT_ID object to return. */
2070    else if ((dupl = wolfSSL_ASN1_OBJECT_new()) == NULL) {
2071        WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
2072    }
2073    if (dupl != NULL) {
2074        /* Copy short name. */
2075        XMEMCPY(dupl->sName, obj->sName, WOLFSSL_MAX_SNAME);
2076        /* Copy simple fields. */
2077        dupl->type  = obj->type;
2078        dupl->grp   = obj->grp;
2079        dupl->nid   = obj->nid;
2080        dupl->objSz = obj->objSz;
2081    #ifdef OPENSSL_EXTRA
2082        dupl->ca    = obj->ca;
2083        if (obj->pathlen != NULL) {
2084            dupl->pathlen = wolfSSL_ASN1_INTEGER_dup(obj->pathlen);
2085            if (dupl->pathlen == NULL) {
2086                WOLFSSL_MSG("ASN1 pathlen alloc error");
2087                wolfSSL_ASN1_OBJECT_free(dupl);
2088                dupl = NULL;
2089            }
2090        }
2091    #endif
2092        /* Check for encoding. */
2093        if (dupl != NULL && obj->obj) {
2094            /* Allocate memory for ASN.1 OBJECT_ID DER encoding. */
2095            dupl->obj = (const unsigned char*)XMALLOC(obj->objSz, NULL,
2096                DYNAMIC_TYPE_ASN1);
2097            if (dupl->obj == NULL) {
2098                WOLFSSL_MSG("ASN1 obj malloc error");
2099                wolfSSL_ASN1_OBJECT_free(dupl);
2100                dupl = NULL;
2101            }
2102            else {
2103                /* Encoding buffer was dynamically allocated. */
2104                dupl->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
2105                /* Copy DER encoding. */
2106                XMEMCPY((byte*)dupl->obj, obj->obj, obj->objSz);
2107            }
2108        }
2109    }
2110
2111    return dupl;
2112}
2113#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
2114#endif /* !NO_ASN */
2115
2116#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
2117
2118/**
2119 * Parse DER encoding and return header information.
2120 *
2121 * *in is moved to the value of the ASN1 object
2122 *
2123 * @param [in, out] in     Pointer to BER encoded data.
2124 * @param [out]     len    Length of parsed ASN1 object
2125 * @param [out]     tag    Tag value of parsed ASN1 object
2126 * @param [out]     cls    Class of parsed ASN1 object
2127 * @param [in]      inLen  Length of *in buffer
2128 * @return int  Depends on which bits are set in the returned int:
2129 *              0x80 an error occurred during parsing.
2130 *              0x20 parsed object is constructed.
2131 *              0x01 the parsed object length is indefinite.
2132 */
2133int wolfSSL_ASN1_get_object(const unsigned char **in, long *len, int *tag,
2134    int *cls, long inLen)
2135{
2136    int err = 0;
2137    word32 inOutIdx = 0;
2138    int l = 0;
2139    byte t = 0;
2140    int ret = 0x80;
2141
2142    WOLFSSL_ENTER("wolfSSL_ASN1_get_object");
2143
2144    if ((in == NULL) || (*in == NULL) || (len == NULL) || (tag == NULL) ||
2145            (cls == NULL) || (inLen <= 0)) {
2146        WOLFSSL_MSG("Bad parameter");
2147        err = 1;
2148    }
2149    if (!err) {
2150        /* Length at least 1, parameters valid - cannot fail to get tag. */
2151        err = GetASNTag(*in, &inOutIdx, &t, (word32)inLen);
2152        if (!err){
2153            /* Get length in DER encoding. */
2154            if (GetLength_ex(*in, &inOutIdx, &l, (word32)inLen, 0) < 0) {
2155                WOLFSSL_MSG("GetLength error");
2156                err = 1;
2157            }
2158        }
2159    }
2160    if (!err) {
2161        /* Return header information. */
2162        *tag = t & ASN_TYPE_MASK;  /* Tag number is 5 lsb */
2163        *cls = t & ASN_CLASS_MASK; /* Class is 2 msb */
2164        *len = l;
2165        ret = t & ASN_CONSTRUCTED;
2166
2167        if (l > (int)(inLen - inOutIdx)) {
2168            /* Still return other values but indicate error in msb */
2169            ret |= 0x80;
2170        }
2171
2172        /* Move pointer to after DER header. */
2173        *in += inOutIdx;
2174    }
2175
2176    return ret;
2177}
2178
2179int wolfssl_asn1_obj_set(WOLFSSL_ASN1_OBJECT* obj, const byte* der, word32 len,
2180        int addHdr)
2181{
2182    word32 idx = 0;
2183
2184    if (obj == NULL || der == NULL || len == 0)
2185        return WOLFSSL_FAILURE;
2186
2187    if (addHdr)
2188        idx = SetHeader(ASN_OBJECT_ID, (word32)len, NULL, 0);
2189
2190    if (obj->obj != NULL) {
2191        XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
2192        obj->obj = NULL;
2193        obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
2194    }
2195
2196    obj->obj =(unsigned char*)XMALLOC(idx + len, obj->heap, DYNAMIC_TYPE_ASN1);
2197    if (obj->obj == NULL)
2198        return WOLFSSL_FAILURE;
2199
2200    if (addHdr)
2201        SetHeader(ASN_OBJECT_ID, (word32)len, (byte*)obj->obj, 0);
2202
2203    XMEMCPY((byte*)obj->obj + idx, der, len);
2204    obj->objSz = (unsigned int)(idx + len);
2205    obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
2206    return WOLFSSL_SUCCESS;
2207}
2208
2209/* Creates and ASN.1 OBJECT_ID object from DER encoding.
2210 *
2211 * @param [out]     a       Pointer to return new ASN.1 OBJECT_ID through.
2212 * @param [in, out] der     Pointer to buffer holding DER encoding.
2213 * @param [in]      length  Length of DER encoding in bytes.
2214 * @return  New ASN.1 OBJECT_ID object on success.
2215 * @return  NULL when der or *der is NULL or length is less than or equal zero.
2216 * @return  NULL when not an OBJECT_ID or decoding fails.
2217 * @return  NULL when dynamic memory allocation fails.
2218 */
2219WOLFSSL_ASN1_OBJECT *wolfSSL_d2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
2220    const unsigned char **der, long length)
2221{
2222    WOLFSSL_ASN1_OBJECT* ret = NULL;
2223    int len = 0;
2224    word32 idx = 0;
2225
2226    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OBJECT");
2227
2228    /* Validate parameters. */
2229    if ((der == NULL) || (*der == NULL) || (length <= 0)) {
2230        WOLFSSL_MSG("Bad parameter");
2231        return NULL;
2232    }
2233
2234    if (GetASNHeader(*der, ASN_OBJECT_ID, &idx, &len, (word32)length) < 0) {
2235        WOLFSSL_MSG("error getting tag");
2236        return NULL;
2237    }
2238
2239    if (len <= 0) {
2240        WOLFSSL_MSG("zero length");
2241        return NULL;
2242    }
2243
2244    ret = wolfSSL_ASN1_OBJECT_new();
2245    if (ret == NULL) {
2246        WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
2247        return NULL;
2248    }
2249
2250    if (wolfssl_asn1_obj_set(ret, *der, idx + len, 0) != WOLFSSL_SUCCESS) {
2251        wolfSSL_ASN1_OBJECT_free(ret);
2252        return NULL;
2253    }
2254
2255    *der += idx + len;
2256    if (a != NULL) {
2257        if (*a != NULL)
2258            wolfSSL_ASN1_OBJECT_free(*a);
2259        *a = ret;
2260    }
2261
2262    return ret;
2263}
2264
2265/* Write out DER encoding of ASN.1 OBJECT_ID.
2266 *
2267 * When pp is NULL, length is returned.
2268 * When pp points to NULL, a new buffer is allocated and returned through pp.
2269 * When pp points to a buffer, it is moved on past encoded data on success.
2270 *
2271 * @param [in]      a   ASN.1 OBJECT_ID object.
2272 * @param [in, out] pp  Pointer to buffer to write to. May be NULL.
2273 * @return  Length of encoding on success.
2274 * @return  0 when a or encoding buffer is NULL.
2275 * @return  0 when dynamic memory allocation fails.
2276 */
2277int wolfSSL_i2d_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT *a, unsigned char **pp)
2278{
2279    int len = 0;
2280
2281    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OBJECT");
2282
2283    /* Validate parameters */
2284    if ((a == NULL) || (a->obj == NULL)) {
2285        WOLFSSL_MSG("Bad parameters");
2286    }
2287    /* Only return length when no pointer supplied. */
2288    else if (pp == NULL) {
2289        len = (int)a->objSz;
2290    }
2291    else {
2292        byte *p = NULL;
2293
2294        /* Check if we have a buffer to encode into. */
2295        if (*pp == NULL) {
2296            /* Allocate a new buffer to return. */
2297            p = (byte*)XMALLOC(a->objSz, NULL, DYNAMIC_TYPE_OPENSSL);
2298            if (p == NULL) {
2299                WOLFSSL_MSG("Bad malloc");
2300            }
2301            else {
2302                /* Return allocated buffer. */
2303                *pp = p;
2304            }
2305        }
2306
2307        /* Check we have a buffer to encode into. */
2308        if (*pp != NULL) {
2309            /* Copy in DER encoding. */
2310            XMEMCPY(*pp, a->obj, a->objSz);
2311            /* Move on pointer if user supplied. */
2312            if (p == NULL) {
2313                *pp += a->objSz;
2314            }
2315            /* Return length of DER encoding. */
2316            len = (int)a->objSz;
2317        }
2318    }
2319
2320    return len;
2321}
2322
2323/* Create an ASN.1 OBJECT_ID object from the content octets.
2324 *
2325 * @param [out]     a    Pointer to return ASN.1 OBJECT_ID object.
2326 * @param [in, out] pp   Pointer to buffer holding content octets.
2327 * @param [in]      len  Length of content octets in bytes.
2328 * @return  New ASN.1 OBJECT_ID object on success.
2329 * @return  NULL when pp or *pp is NULL or length is less than or equal zero.
2330 * @return  NULL when dynamic memory allocation fails.
2331 */
2332WOLFSSL_ASN1_OBJECT *wolfSSL_c2i_ASN1_OBJECT(WOLFSSL_ASN1_OBJECT **a,
2333        const unsigned char **pp, long len)
2334{
2335    WOLFSSL_ASN1_OBJECT* ret = NULL;
2336
2337    WOLFSSL_ENTER("wolfSSL_c2i_ASN1_OBJECT");
2338
2339    /* Validate parameters. */
2340    if ((pp == NULL) || (*pp == NULL) || (len <= 0)) {
2341        WOLFSSL_MSG("Bad parameter");
2342        return NULL;
2343    }
2344
2345    /* Create a new ASN.1 OBJECT_ID object. */
2346    ret = wolfSSL_ASN1_OBJECT_new();
2347    if (ret == NULL) {
2348        WOLFSSL_MSG("wolfSSL_ASN1_OBJECT_new error");
2349        return NULL;
2350    }
2351
2352    if (wolfssl_asn1_obj_set(ret, *pp, (word32)len, 1) != WOLFSSL_SUCCESS) {
2353        WOLFSSL_MSG("wolfssl_asn1_obj_set error");
2354        wolfSSL_ASN1_OBJECT_free(ret);
2355        return NULL;
2356    }
2357
2358    /* Move pointer to after data copied out. */
2359    *pp += len;
2360    /* Return ASN.1 OBJECT_ID object through a if required. */
2361    if (a != NULL) {
2362        if (*a != NULL)
2363            wolfSSL_ASN1_OBJECT_free(*a);
2364        *a = ret;
2365    }
2366
2367    return ret;
2368}
2369
2370#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
2371
2372#ifdef OPENSSL_EXTRA
2373
2374/* Write at most buf_len bytes of textual representation of ASN.1 OBJECT_ID.
2375 *
2376 * @param [in, out] buf      Buffer to write to.
2377 * @param [in]      buf_len  Length of buffer in bytes.
2378 * @param [in]      a        ASN.1 OBJECT_ID object.
2379 * @return  Number of bytes written on success.
2380 * @return  0 on failure.
2381 */
2382int wolfSSL_i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
2383{
2384    WOLFSSL_ENTER("wolfSSL_i2t_ASN1_OBJECT");
2385
2386    return wolfSSL_OBJ_obj2txt(buf, buf_len, a, 0);
2387}
2388
2389#ifndef NO_BIO
2390/* Write out the text encoding of the ASN.1 OBJECT_ID.
2391 *
2392 * @param [in] bp  BIO to write to.
2393 * @param [in] a   ASN.1 OBJECT_ID object.
2394 * @return  Number of bytes written on success.
2395 * @return  0 on failure.
2396 */
2397int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp, WOLFSSL_ASN1_OBJECT *a)
2398{
2399    int length = 0;
2400    int cLen = 0;
2401    word32 idx = 0;
2402    const char null_str[] = "NULL";
2403    const char invalid_str[] = "<INVALID>";
2404    char buf[80];
2405
2406    WOLFSSL_ENTER("wolfSSL_i2a_ASN1_OBJECT");
2407
2408    /* Validate parameters. */
2409    if (bp == NULL) {
2410        /* Do nothing. */
2411    }
2412    /* NULL object is written as "NULL". */
2413    else if (a == NULL) {
2414        /* Write "NULL" - as done in OpenSSL. */
2415        length = wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str));
2416    }
2417    /* Try getting text version and write it out. */
2418    else if ((length = wolfSSL_i2t_ASN1_OBJECT(buf, sizeof(buf), a)) > 0) {
2419        length = wolfSSL_BIO_write(bp, buf, length);
2420    }
2421    /* Look for DER header. */
2422    else if ((a->obj == NULL) || (a->obj[idx++] != ASN_OBJECT_ID)) {
2423        WOLFSSL_MSG("Bad ASN1 Object");
2424    }
2425    /* Get length from DER header. */
2426    else if (GetLength((const byte*)a->obj, &idx, &cLen, a->objSz) < 0) {
2427        length = 0;
2428    }
2429    else {
2430        /* Write out "<INVALID>" and dump content. */
2431        length = wolfSSL_BIO_write(bp, invalid_str, (int)XSTRLEN(invalid_str));
2432        length += wolfSSL_BIO_dump(bp, (const char*)(a->obj + idx), cLen);
2433    }
2434
2435    return length;
2436}
2437#endif /* !NO_BIO */
2438
2439#endif /* OPENSSL_EXTRA */
2440
2441/*******************************************************************************
2442 * ASN1_SK_OBJECT APIs
2443 ******************************************************************************/
2444
2445#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && !defined(NO_ASN)
2446/* Create a new WOLFSSL_ASN1_OBJECT stack.
2447 *
2448 * @return  New WOLFSSL_ASN1_OBJECT stack on success.
2449 * @return  NULL when dynamic memory allocation fails.
2450 */
2451WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void)
2452{
2453    WOLFSSL_ENTER("wolfSSL_sk_new_asn1_obj");
2454
2455    return wolfssl_sk_new_type(STACK_TYPE_OBJ);
2456}
2457
2458/* Dispose of WOLFSL_ASN1_OBJECT stack.
2459 *
2460 * @param [in, out] sk  Stack to free nodes in.
2461 */
2462void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
2463{
2464    /* Dispose of stack. */
2465    wolfSSL_sk_free(sk);
2466}
2467
2468/* Dispose of all ASN.1 OBJECT_ID objects in ASN1_OBJECT stack.
2469 *
2470 * This is different then wolfSSL_ASN1_OBJECT_free in that it allows for
2471 * choosing the function to use when freeing an ASN1_OBJECT stack.
2472 *
2473 * @param [in, out] sk  ASN.1 OBJECT_ID stack to free.
2474 * @param [in]      f   Free function to apply to each ASN.1 OBJECT_ID object.
2475 */
2476void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
2477    void (*f) (WOLFSSL_ASN1_OBJECT*))
2478{
2479    WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_pop_free");
2480    wolfSSL_sk_pop_free(sk, (wolfSSL_sk_freefunc)f);
2481}
2482
2483/* Push a WOLFSSL_ASN1_OBJECT onto stack.
2484 *
2485 * @param [in, out] sk   ASN.1 OBJECT_ID stack.
2486 * @param [in]      obj  ASN.1 OBJECT_ID object to push on. Cannot be NULL.
2487 * @return  1 on success.
2488 * @return  0 when sk or obj is NULL.
2489 * @return  0 when dynamic memory allocation fails.
2490 */
2491int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
2492    WOLFSSL_ASN1_OBJECT* obj)
2493{
2494    WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
2495
2496    return wolfSSL_sk_push(sk, obj);
2497}
2498
2499/* Pop off a WOLFSSL_ASN1_OBJECT from the stack.
2500 *
2501 * @param [in, out] sk  ASN.1 OBJECT_ID stack.
2502 * @return  ASN.1 OBJECT_ID object on success.
2503 * @return  NULL when stack is NULL or no nodes left in stack.
2504 */
2505WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
2506    WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
2507{
2508    return (WOLFSSL_ASN1_OBJECT*)wolfssl_sk_pop_type(sk, STACK_TYPE_OBJ);
2509}
2510
2511#endif /* (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) && !NO_ASN */
2512
2513/*******************************************************************************
2514 * ASN1_STRING APIs
2515 ******************************************************************************/
2516
2517#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
2518
2519/* Create a new ASN.1 STRING object.
2520 *
2521 * @return  New ASN.1 STRING object on success.
2522 * @return  NULL when dynamic memory allocation fails.
2523 */
2524WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void)
2525{
2526    WOLFSSL_ASN1_STRING* asn1;
2527
2528#ifdef WOLFSSL_DEBUG_OPENSSL
2529    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
2530#endif
2531
2532    asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
2533        DYNAMIC_TYPE_OPENSSL);
2534    if (asn1 != NULL) {
2535        XMEMSET(asn1, 0, sizeof(WOLFSSL_ASN1_STRING));
2536    }
2537
2538    return asn1;
2539}
2540
2541/* Create a new ASN.1 STRING object.
2542 *
2543 * @param [in] type  Encoding type.
2544 * @return  New ASN.1 STRING object on success.
2545 * @return  NULL when dynamic memory allocation fails.
2546 */
2547WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type)
2548{
2549    WOLFSSL_ASN1_STRING* asn1;
2550
2551#ifdef WOLFSSL_DEBUG_OPENSSL
2552    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
2553#endif
2554
2555    asn1 = wolfSSL_ASN1_STRING_new();
2556    if (asn1 != NULL) {
2557        asn1->type = type;
2558    }
2559
2560    return asn1;
2561}
2562
2563/* Dispose of ASN.1 STRING object.
2564 *
2565 * @param [in, out] asn1  ASN.1 STRING object.
2566 */
2567void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
2568{
2569#ifdef WOLFSSL_DEBUG_OPENSSL
2570    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
2571#endif
2572
2573    /* Check we have an object to free. */
2574    if (asn1 != NULL) {
2575        /* Dispose of dynamic data. */
2576        if ((asn1->length > 0) && asn1->isDynamic) {
2577            XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
2578        }
2579    }
2580    /* Dispose of ASN.1 STRING object. */
2581    XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL);
2582}
2583
2584/* Copy an ASN.1 STRING object from src into dest.
2585 *
2586 * @param [in, out] dest  ASN.1 STRING object to copy into.
2587 * @param [in]      src   ASN.1 STRING object to copy from.
2588 */
2589int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dest,
2590    const WOLFSSL_ASN1_STRING* src)
2591{
2592    int ret = 1;
2593
2594    /* Validate parameters. */
2595    if ((src == NULL) || (dest == NULL)) {
2596        ret = 0;
2597    }
2598    /* Set the DER encoding. */
2599    if ((ret == 1) && (wolfSSL_ASN1_STRING_set(dest, src->data, src->length) !=
2600            1)) {
2601        ret = 0;
2602    }
2603    if (ret == 1) {
2604        /* Copy simple fields. */
2605        dest->type  = src->type;
2606        dest->flags = src->flags;
2607    }
2608
2609    return ret;
2610}
2611
2612/* Duplicate an ASN.1 STRING object.
2613 *
2614 * @param [in] asn1  ASN.1 STRING object to duplicate.
2615 * @return  New ASN.1 STRING object on success.
2616 * @return  NULL when asn1 is NULL or dynamic memory allocation fails.
2617 */
2618WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_dup(WOLFSSL_ASN1_STRING* asn1)
2619{
2620    WOLFSSL_ASN1_STRING* dupl = NULL;
2621
2622    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_dup");
2623
2624    /* Check we have an object to duplicate. */
2625    if (asn1 == NULL) {
2626        WOLFSSL_MSG("Bad parameter");
2627    }
2628    else {
2629        /* Create a new ASN.1 STRING object. */
2630        dupl = wolfSSL_ASN1_STRING_new();
2631        if (dupl == NULL) {
2632            WOLFSSL_MSG("wolfSSL_ASN1_STRING_new error");
2633        }
2634    }
2635
2636    if (dupl != NULL) {
2637        /* Copy the contents. */
2638        if (wolfSSL_ASN1_STRING_copy(dupl, asn1) != 1) {
2639            WOLFSSL_MSG("wolfSSL_ASN1_STRING_copy error");
2640            /* Dispose of duplicate and return NULL. */
2641            wolfSSL_ASN1_STRING_free(dupl);
2642            dupl = NULL;
2643        }
2644    }
2645
2646    return dupl;
2647}
2648
2649/* Compare two ASN.1 STRING objects.
2650 *
2651 * Compares type when data the same.
2652 *
2653 * @param [in] a  First ASN.1 STRING object.
2654 * @param [in] b  Second ASN.1 STRING object.
2655 * @return Negative value when a is less than b.
2656 * @return 0 when a equals b.
2657 * @return Positive value when a is greater than b.
2658 * @return WOLFSSL_FATAL_ERROR when a or b is NULL.
2659 */
2660int wolfSSL_ASN1_STRING_cmp(const WOLFSSL_ASN1_STRING *a,
2661    const WOLFSSL_ASN1_STRING *b)
2662{
2663    int ret;
2664    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_cmp");
2665
2666    /* Validate parameters. */
2667    if ((a == NULL) || (b == NULL)) {
2668        ret = WOLFSSL_FATAL_ERROR;
2669    }
2670    /* Compare length of data. */
2671    else if (a->length != b->length) {
2672        ret = a->length - b->length;
2673    }
2674    /* Compare data. */
2675    else if ((ret = XMEMCMP(a->data, b->data, (size_t)a->length)) == 0) {
2676        /* Compare ASN.1 types - wolfSSL_ASN1_STRING_type_new(). */
2677        ret = a->type - b->type;
2678    }
2679
2680    return ret;
2681}
2682
2683#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
2684
2685#if defined(OPENSSL_EXTRA)
2686#if !defined(NO_CERTS)
2687#ifndef NO_WOLFSSL_STUB
2688WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn,
2689    const unsigned char **in, long len)
2690{
2691    WOLFSSL_STUB("d2i_DISPLAYTEXT");
2692    (void)asn;
2693    (void)in;
2694    (void)len;
2695    return NULL;
2696}
2697#endif
2698#endif /* !NO_CERTS */
2699#endif /* OPENSSL_EXTRA */
2700
2701#ifndef NO_ASN
2702#if defined(OPENSSL_EXTRA)
2703/* Convert ASN.1 STRING that is UniversalString type to PrintableString type.
2704 *
2705 * @param [in, out] s  ASN.1 STRING object to convert.
2706 * @return  1 on success.
2707 * @return  0 when s is NULL.
2708 * @return  0 when type is not UniversalString or string is not of that format.
2709 */
2710int wolfSSL_ASN1_UNIVERSALSTRING_to_string(WOLFSSL_ASN1_STRING *s)
2711{
2712    int ret = 1;
2713    char* p;
2714
2715    WOLFSSL_ENTER("wolfSSL_ASN1_UNIVERSALSTRING_to_string");
2716
2717    /* Validate parameter. */
2718    if (s == NULL) {
2719        WOLFSSL_MSG("Bad parameter");
2720        ret = 0;
2721    }
2722
2723    /* Check type of ASN.1 STRING. */
2724    if ((ret == 1) && (s->type != WOLFSSL_V_ASN1_UNIVERSALSTRING)) {
2725        WOLFSSL_MSG("Input is not a universal string");
2726        ret = 0;
2727    }
2728
2729    /* Check length is indicative of UNIVERSAL_STRING. */
2730    if ((ret == 1) && ((s->length % 4) != 0)) {
2731        WOLFSSL_MSG("Input string must be divisible by 4");
2732        ret = 0;
2733    }
2734
2735    if (ret == 1) {
2736        /* Ensure each UniversalString character looks right. */
2737        for (p = s->data; p < s->data + s->length; p += 4)
2738            if ((p[0] != '\0') || (p[1] != '\0') || (p[2] != '\0'))
2739                break;
2740        /* Check whether we failed loop early. */
2741        if (p != s->data + s->length) {
2742            WOLFSSL_MSG("Wrong string format");
2743            ret = 0;
2744        }
2745    }
2746
2747    if (ret == 1) {
2748        char* copy;
2749
2750        /* Strip first three bytes of each four byte character. */
2751        for (copy = p = s->data; p < s->data + s->length; p += 4) {
2752            *copy++ = p[3];
2753        }
2754        /* Place NUL on end. */
2755        *copy = '\0';
2756        /* Update length and type. */
2757        s->length /= 4;
2758        s->type = WOLFSSL_V_ASN1_PRINTABLESTRING;
2759    }
2760
2761    return ret;
2762}
2763#endif /* OPENSSL_EXTRA */
2764
2765#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
2766/* Convert ASN.1 STRING to UTF8 encoding.
2767 *
2768 * Assumes stored encoding is UTF8.
2769 * Returned buffer should be freed using OPENSSL_free().
2770 *
2771 * @param [out] out   Pointer to return allocated string.
2772 * @param [in]  asn1  ASN.1 STRING object.
2773 * @return  Length of string, excluding NUL, on success.
2774 * @return  -1 when out or asn1 is NULL.
2775 * @return  -1 when no data to return.
2776 * @return  -1 dynamic memory allocation fails.
2777 */
2778int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *asn1)
2779{
2780    unsigned char* buf = NULL;
2781    unsigned char* data = NULL;
2782    int len = -1;
2783
2784    /* Validate parameters. */
2785    if ((out != NULL) && (asn1 != NULL)) {
2786        /* Get data and length. */
2787        data = wolfSSL_ASN1_STRING_data(asn1);
2788        len = wolfSSL_ASN1_STRING_length(asn1);
2789        /* Check data and length are usable. */
2790        if ((data == NULL) || (len < 0)) {
2791            len = WOLFSSL_FATAL_ERROR;
2792        }
2793    }
2794    if (len != -1) {
2795        /* Allocate buffer to hold string and NUL. */
2796        buf = (unsigned char*)XMALLOC((size_t)(len + 1), NULL,
2797            DYNAMIC_TYPE_OPENSSL);
2798        if (buf == NULL) {
2799            len = WOLFSSL_FATAL_ERROR;
2800        }
2801    }
2802    if (len != -1) {
2803        /* Copy in string - NUL always put on end of stored string. */
2804        XMEMCPY(buf, data, (size_t)(len + 1));
2805        /* Return buffer. */
2806        *out = buf;
2807    }
2808
2809    return len;
2810}
2811#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
2812
2813#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
2814
2815/* Encode ASN.1 STRING data as hex digits separated by colon.
2816 *
2817 * Assumes length is greater than 0.
2818 *
2819 * @param [in] s  ASN.1 STRING object.
2820 * @return  Buffer containing string representation on success.
2821 * @return  NULL when dynamic memory allocation fails.
2822 * @return  NULL when encoding a character as hex fails.
2823 */
2824static char* wolfssl_asn1_string_to_hex_chars(const WOLFSSL_ASN1_STRING *s)
2825{
2826    char* tmp;
2827    int tmpSz = s->length * 3;
2828
2829    tmp = (char*)XMALLOC((size_t)tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2830    if (tmp == NULL) {
2831        WOLFSSL_MSG("Memory Error");
2832    }
2833    else {
2834        int i;
2835        unsigned char* str = (unsigned char*)s->data;
2836
2837        /* Put out all but last character as a hex digit with ':'. */
2838        for (i = 0; i < s->length; i++) {
2839            /* Put in hex digit string at end of tmp. */
2840            ByteToHexStr(str[i], tmp + i * 3);
2841            /* Check not last character. */
2842            if (i < s->length - 1) {
2843                /* Put in separator: ':'. */
2844                tmp[i * 3 + 2] = ':';
2845            }
2846            /* Last character. */
2847            else {
2848                /* Put in NUL to terminate string. */
2849                tmp[i * 3 + 2] = '\0';
2850            }
2851        }
2852    }
2853
2854    return tmp;
2855}
2856
2857/* Create a string encoding of ASN.1 STRING object.
2858 *
2859 * @param [in] method  Method table. Unused.
2860 * @param [in] s       ASN.1 STRING object.
2861 * @return  Buffer containing string representation on success.
2862 * @return  NULL when s or data is NULL.
2863 * @return  NULL when dynamic memory allocation fails.
2864 * @return  NULL when encoding a character as hex fails.
2865 */
2866char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
2867    const WOLFSSL_ASN1_STRING *s)
2868{
2869    char* ret = NULL;
2870
2871    WOLFSSL_ENTER("wolfSSL_i2s_ASN1_STRING");
2872    (void)method;
2873
2874    /* Validate parameters. */
2875    if ((s == NULL) || (s->data == NULL)) {
2876        WOLFSSL_MSG("Bad Function Argument");
2877    }
2878    /* Handle 0 length data separately. */
2879    else if (s->length == 0) {
2880        ret = (char *)XMALLOC(1, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2881        if (ret != NULL) {
2882            ret[0] = '\0';
2883        }
2884    }
2885    else {
2886        /* Convert unreadable strings to hexadecimal. */
2887        ret = wolfssl_asn1_string_to_hex_chars(s);
2888    }
2889
2890    return ret;
2891}
2892
2893static int i2d_ASN1_STRING(WOLFSSL_ASN1_STRING* s,
2894        unsigned char **pp, byte tag)
2895{
2896    int idx;
2897    int len;
2898    unsigned char* out;
2899
2900    if (s == NULL || s->data == NULL || s->length == 0)
2901        return WOLFSSL_FATAL_ERROR;
2902
2903    len = SetHeader(tag, s->length, NULL, 0) + s->length;
2904
2905    if (pp == NULL)
2906        return len;
2907
2908    if (*pp == NULL) {
2909        out = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
2910        if (out == NULL)
2911            return WOLFSSL_FATAL_ERROR;
2912    }
2913    else {
2914        out = *pp;
2915    }
2916
2917    idx = (int)SetHeader(tag, s->length, out, 0);
2918    XMEMCPY(out + idx, s->data, s->length);
2919    if (*pp == NULL)
2920        *pp = out;
2921    else
2922        *pp += len;
2923
2924    return len;
2925}
2926
2927int wolfSSL_i2d_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
2928{
2929    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_GENERALSTRING");
2930
2931    return i2d_ASN1_STRING(s, pp, ASN_GENERALSTRING);
2932}
2933
2934int wolfSSL_i2d_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
2935{
2936    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_OCTET_STRING");
2937
2938    return i2d_ASN1_STRING(s, pp, ASN_OCTET_STRING);
2939}
2940
2941int wolfSSL_i2d_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING* s, unsigned char **pp)
2942{
2943    WOLFSSL_ENTER("wolfSSL_i2d_ASN1_UTF8STRING");
2944
2945    return i2d_ASN1_STRING(s, pp, ASN_UTF8STRING);
2946}
2947
2948int wolfSSL_i2d_ASN1_SEQUENCE(WOLFSSL_ASN1_STRING* s,
2949        unsigned char **pp)
2950{
2951    unsigned char* out;
2952
2953    if (s == NULL || s->data == NULL || s->length == 0)
2954        return WOLFSSL_FATAL_ERROR;
2955
2956    if (pp == NULL)
2957        return s->length;
2958
2959    if (*pp == NULL) {
2960        out = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_ASN1);
2961        if (out == NULL)
2962            return WOLFSSL_FATAL_ERROR;
2963    }
2964    else {
2965        out = *pp;
2966    }
2967
2968    XMEMCPY(out, s->data, s->length);
2969    if (*pp == NULL)
2970        *pp = out;
2971    else
2972        *pp += s->length;
2973
2974    return s->length;
2975}
2976
2977static WOLFSSL_ASN1_STRING* d2i_ASN1_STRING(WOLFSSL_ASN1_STRING** out,
2978        const byte** src, long len, byte expTag)
2979{
2980    WOLFSSL_ASN1_STRING* ret = NULL;
2981    word32 idx = 0;
2982    byte tag = 0;
2983    int length = 0;
2984
2985    WOLFSSL_ENTER("d2i_ASN1_STRING");
2986
2987    if (src == NULL || *src == NULL || len == 0)
2988        return NULL;
2989
2990    if (GetASNTag(*src, &idx, &tag, (word32)len) < 0)
2991        return NULL;
2992    if (tag != expTag)
2993        return NULL;
2994    if (GetLength(*src, &idx, &length, (word32)len) < 0)
2995        return NULL;
2996
2997    ret = wolfSSL_ASN1_STRING_new();
2998    if (ret == NULL)
2999        return NULL;
3000
3001    if (wolfSSL_ASN1_STRING_set(ret, *src + idx, length) != 1) {
3002        wolfSSL_ASN1_STRING_free(ret);
3003        return NULL;
3004    }
3005
3006    if (out != NULL) {
3007        if (*out != NULL)
3008            wolfSSL_ASN1_STRING_free(*out);
3009        *out = ret;
3010    }
3011    *src += idx + length;
3012
3013    return ret;
3014}
3015
3016WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_GENERALSTRING(WOLFSSL_ASN1_STRING** out,
3017        const byte** src, long len)
3018{
3019    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_GENERALSTRING");
3020
3021    return d2i_ASN1_STRING(out, src, len, ASN_GENERALSTRING);
3022}
3023
3024WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_OCTET_STRING(WOLFSSL_ASN1_STRING** out,
3025        const byte** src, long len)
3026{
3027    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_OCTET_STRING");
3028
3029    return d2i_ASN1_STRING(out, src, len, ASN_OCTET_STRING);
3030}
3031
3032WOLFSSL_ASN1_STRING* wolfSSL_d2i_ASN1_UTF8STRING(WOLFSSL_ASN1_STRING** out,
3033        const byte** src, long len)
3034{
3035    WOLFSSL_ENTER("wolfSSL_d2i_ASN1_UTF8STRING");
3036
3037    return d2i_ASN1_STRING(out, src, len, ASN_UTF8STRING);
3038}
3039
3040#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
3041#endif /* NO_ASN */
3042
3043#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3044/* Get the type of encoding.
3045 *
3046 * @param [in] asn1  ASN.1 STRING object.
3047 * @return  Encoding type on success.
3048 * @return  0 when asn1 is NULL or no encoding set.
3049 */
3050int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
3051{
3052    int type = 0;
3053
3054#ifdef WOLFSSL_DEBUG_OPENSSL
3055    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
3056#endif
3057
3058    if (asn1 != NULL) {
3059        type = asn1->type;
3060    }
3061
3062    return type;
3063}
3064
3065#ifndef NO_CERTS
3066/* Get the pointer that is the data.
3067 *
3068 * @param [in] asn  ASN.1 STRING object.
3069 * @return  Buffer with string on success.
3070 * @return  NULL when asn is NULL or no data set.
3071 */
3072const unsigned char* wolfSSL_ASN1_STRING_get0_data(
3073    const WOLFSSL_ASN1_STRING* asn)
3074{
3075    char* data = NULL;
3076
3077    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_get0_data");
3078
3079    if (asn != NULL) {
3080        data = asn->data;
3081    }
3082
3083    return (const unsigned char*)data;
3084}
3085
3086/* Get the pointer that is the data.
3087 *
3088 * @param [in] asn  ASN.1 STRING object.
3089 * @return  Buffer with string on success.
3090 * @return  NULL when asn is NULL or no data set.
3091 */
3092unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
3093{
3094    char* data = NULL;
3095
3096#ifdef WOLFSSL_DEBUG_OPENSSL
3097    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
3098#endif
3099
3100    if (asn != NULL) {
3101        data = asn->data;
3102    }
3103
3104    return (unsigned char*)data;
3105}
3106
3107/* Get the length of the data.
3108 *
3109 * @param [in] asn  ASN.1 STRING object.
3110 * @return  String length on success.
3111 * @return  0 when asn is NULL or no data set.
3112 */
3113int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn)
3114{
3115    int len = 0;
3116
3117#ifdef WOLFSSL_DEBUG_OPENSSL
3118    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
3119#endif
3120
3121    if (asn) {
3122        len = asn->length;
3123    }
3124
3125    return len;
3126}
3127#endif /* !NO_CERTS */
3128
3129/* Set the string data.
3130 *
3131 * When sz is less than 0, the string length will be calculated using XSTRLEN.
3132 *
3133 * @param [in, out] asn1    ASN.1 STRING object.
3134 * @param [in]      data    String data to set.
3135 * @param [in]      sz      Length of data to set in bytes.
3136 * @return  1 on success.
3137 * @return  0 when asn1 is NULL or data is NULL and sz is not zero.
3138 * @return  0 when dynamic memory allocation fails.
3139 */
3140int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, int sz)
3141{
3142    int ret = 1;
3143
3144#ifdef WOLFSSL_DEBUG_OPENSSL
3145    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
3146#endif
3147
3148    /* Validate parameters. */
3149    if ((asn1 == NULL) || ((data == NULL) && (sz != 0))) {
3150        ret = 0;
3151    }
3152
3153    /* Calculate size from data if not passed in. */
3154    if ((ret == 1) && (sz < 0)) {
3155        sz = (int)XSTRLEN((const char*)data);
3156        if (sz < 0) {
3157            ret = 0;
3158        }
3159    }
3160
3161    if (ret == 1) {
3162        /* Dispose of any existing dynamic data. */
3163        if (asn1->isDynamic) {
3164            XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
3165            asn1->data = NULL;
3166        }
3167
3168        /* Check string will fit - including NUL. */
3169        if (sz + 1 > CTC_NAME_SIZE) {
3170            /* Allocate new buffer. */
3171            asn1->data = (char*)XMALLOC((size_t)(sz + 1), NULL,
3172                DYNAMIC_TYPE_OPENSSL);
3173            if (asn1->data == NULL) {
3174                ret = 0;
3175            }
3176            else {
3177                /* Ensure buffer will be freed. */
3178                asn1->isDynamic = 1;
3179            }
3180        }
3181        else {
3182            /* Clear out fixed array and use it for data. */
3183            XMEMSET(asn1->strData, 0, CTC_NAME_SIZE);
3184            asn1->data = asn1->strData;
3185            asn1->isDynamic = 0;
3186        }
3187    }
3188    if (ret == 1) {
3189        /* Check if there is a string to copy. */
3190        if (data != NULL) {
3191            /* Copy string and append NUL. */
3192            XMEMCPY(asn1->data, data, (size_t)sz);
3193            asn1->data[sz] = '\0';
3194        }
3195        /* Set size of string. */
3196        asn1->length = sz;
3197    }
3198
3199    return ret;
3200}
3201#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
3202
3203#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
3204    !defined(WOLFCRYPT_ONLY)
3205#ifndef NO_CERTS
3206
3207/* Make a UTF8 canonical version of ASN.1 STRING object's data.
3208 *
3209 * @param [in, out] asn  ASN.1 STRING to set.
3210 */
3211static void wolfssl_asn1_string_canonicalize(WOLFSSL_ASN1_STRING* asn)
3212{
3213    char* src = asn->data;
3214    char* p = asn->data + asn->length - 1;
3215    int len = asn->length;
3216    int i;
3217
3218    /* Trim whitespace from the tail. */
3219    for (; (len > 0) && (XISSPACE((unsigned char)*p)); len--) {
3220        p--;
3221    }
3222    if (len > 0) {
3223        /* Trim whitespace from the head. */
3224        for (; XISSPACE((unsigned char)*src); len--) {
3225            src++;
3226        }
3227    }
3228
3229    /* Output at the start. */
3230    p = asn->data;
3231    /* Process each character in string after trim. */
3232    for (i = 0; i < len; p++, i++) {
3233        /* Check for non-ascii character. */
3234        if (!XISASCII(*src)) {
3235            /* Keep non-ascii character as-is. */
3236            *p = *src++;
3237        }
3238        /* Check for whitespace. */
3239        else if (XISSPACE((unsigned char)*src)) {
3240            /* Only use space character for whitespace. */
3241            *p = 0x20;
3242            /* Skip any succeeding whitespace characters. */
3243            while (XISSPACE((unsigned char)*++src)) {
3244                i++;
3245            }
3246        }
3247        else {
3248            /* Convert to lower case. */
3249            *p = (char)XTOLOWER((unsigned char)*src++);
3250        }
3251    }
3252    /* Set actual length after canonicalization. */
3253    asn->length = (int)(p - asn->data);
3254}
3255
3256/* Make a canonical version of ASN.1 STRING object in ASN.1 STRING object.
3257 *
3258 * @param [in, out] asn_out  ASN.1 STRING object to set.
3259 * @param [in]      asn_in   ASN.1 STRING object to get data from.
3260 * @return  1 on success.
3261 * @return  BAD_FUNC_ARG when asn_out or asn_in is NULL.
3262 * @return  0 when no data.
3263 * @return  0 when dynamic memory allocation fails.
3264 */
3265int wolfSSL_ASN1_STRING_canon(WOLFSSL_ASN1_STRING* asn_out,
3266    const WOLFSSL_ASN1_STRING* asn_in)
3267{
3268    int ret = 1;
3269
3270    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_canon");
3271
3272    /* Validate parameters. */
3273    if ((asn_out == NULL) || (asn_in == NULL)) {
3274        WOLFSSL_MSG("invalid function arguments");
3275        ret = BAD_FUNC_ARG;
3276    }
3277
3278    if (ret == 1) {
3279        switch (asn_in->type) {
3280            case WOLFSSL_MBSTRING_UTF8:
3281            case WOLFSSL_V_ASN1_PRINTABLESTRING:
3282                /* Set type to UTF8. */
3283                asn_out->type = WOLFSSL_MBSTRING_UTF8;
3284                /* Dispose of any dynamic data already in asn_out. */
3285                if (asn_out->isDynamic) {
3286                    XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
3287                    asn_out->data = NULL;
3288                }
3289                /* Make ASN.1 STRING into UTF8 buffer. */
3290                asn_out->length = wolfSSL_ASN1_STRING_to_UTF8(
3291                    (unsigned char**)&asn_out->data,
3292                    (WOLFSSL_ASN1_STRING*)asn_in);
3293                /* Check for error from creating UTF8 string. */
3294                if (asn_out->length < 0) {
3295                    ret = 0;
3296                }
3297                else {
3298                    /* Data now dynamic after converting to UTF8. */
3299                    asn_out->isDynamic = 1;
3300                    /* Canonicalize the data. */
3301                    wolfssl_asn1_string_canonicalize(asn_out);
3302                    if (asn_out->length == 0) {
3303                        /* Dispose of data if canonicalization removes all
3304                         * characters. */
3305                        XFREE(asn_out->data, NULL, DYNAMIC_TYPE_OPENSSL);
3306                        asn_out->data = NULL;
3307                        asn_out->isDynamic = 0;
3308                    }
3309                }
3310                break;
3311            default:
3312                /* Unrecognized format - just copy. */
3313                WOLFSSL_MSG("just copy string");
3314                ret = wolfSSL_ASN1_STRING_copy(asn_out, asn_in);
3315        }
3316    }
3317
3318    return ret;
3319}
3320
3321#endif /* !NO_CERTS */
3322#endif /* (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) && !WOLFCRYPT_ONLY */
3323
3324#if defined(OPENSSL_EXTRA)
3325
3326#if !defined(NO_ASN)
3327#ifndef NO_BIO
3328/* Returns boolean indicating character is unprintable.
3329 *
3330 * @param [in] c  ASCII character.
3331 * @return  1 when character is unprintable.
3332 * @return  0 when character is printable.
3333 */
3334static int wolfssl_unprintable_char(char c)
3335{
3336    const unsigned char last_unprintable = 31;
3337    const unsigned char LF = 10;               /* Line Feed */
3338    const unsigned char CR = 13;               /* Carriage Return */
3339
3340    return (c <= last_unprintable) && (c != LF) && (c != CR);
3341}
3342
3343/* Print ASN.1 STRING to BIO.
3344 *
3345 * TODO: Unprintable characters conversion is destructive.
3346 *
3347 * @param [in] bio  BIO to print to.
3348 * @param [in] str  ASN.1 STRING to print.
3349 * @return  Length of string written on success.
3350 * @return  0 when bio or str is NULL.
3351 * @return  0 when writing to BIO fails.
3352 */
3353int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str)
3354{
3355    int len = 0;
3356
3357    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_print");
3358
3359    /* Validate parameters. */
3360    if ((bio != NULL) && (str != NULL)) {
3361        int i;
3362
3363        len = str->length;
3364        /* Convert all unprintable characters to '.'. */
3365        for (i = 0; i < len; i++) {
3366            if (wolfssl_unprintable_char(str->data[i])) {
3367                str->data[i] = '.';
3368            }
3369        }
3370        /* Write string to BIO. */
3371        if (wolfSSL_BIO_write(bio, str->data, len) != len) {
3372            len = 0;
3373        }
3374    }
3375
3376    return len;
3377}
3378#endif /* !NO_BIO */
3379#endif /* !NO_ASN */
3380
3381/* Get a string for the ASN.1 tag.
3382 *
3383 * @param [in] tag  ASN.1 tag.
3384 * @return  A string.
3385 */
3386const char* wolfSSL_ASN1_tag2str(int tag)
3387{
3388    static const char *const tag_label[31] = {
3389        "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL",
3390        "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED",
3391        "<ASN1 11>", "UTF8STRING", "<ASN1 13>", "<ASN1 14>", "<ASN1 15>",
3392        "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
3393        "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
3394        "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING",
3395        "<ASN1 29>", "BMPSTRING"
3396    };
3397    const char* str = "(unknown)";
3398
3399    /* Clear negative flag. */
3400    if ((tag == WOLFSSL_V_ASN1_NEG_INTEGER) ||
3401            (tag == WOLFSSL_V_ASN1_NEG_ENUMERATED)) {
3402        tag &= ~WOLFSSL_V_ASN1_NEG;
3403    }
3404    /* Check for known basic types. */
3405    if ((tag >= 0) && (tag <= 30)) {
3406        str = tag_label[tag];
3407    }
3408
3409    return str;
3410}
3411
3412#ifndef NO_BIO
3413
3414/* Print out ASN.1 tag for the ASN.1 STRING to the BIO.
3415 *
3416 * @param [in] bio  BIO to write to.
3417 * @param [in] str  ASN.1 STRING object.
3418 * @return  Number of characters written on success.
3419 * @return  0 when BIO write fails.
3420 */
3421static int wolfssl_string_print_type(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str)
3422{
3423    int type_len;
3424    const char *tag;
3425
3426    /* Get tag and string length. */
3427    tag = wolfSSL_ASN1_tag2str(str->type);
3428    type_len = (int)XSTRLEN(tag);
3429    /* Write tag to BIO. */
3430    if (wolfSSL_BIO_write(bio, tag, type_len) != type_len){
3431        type_len = 0;
3432    }
3433    /* Write colon after tag string. */
3434    else if (wolfSSL_BIO_write(bio, ":", 1) != 1) {
3435        type_len = 0;
3436    }
3437    else {
3438        /* Written colon - update count. */
3439        type_len++;
3440    }
3441
3442    return type_len;
3443}
3444
3445/* Dump hex digit representation of each string character to BIO.
3446 *
3447 * TODO: Assumes length is only one byte ie less than 128 characters long.
3448 *
3449 * @param [in] bio    BIO to write to.
3450 * @param [in] str    ASN.1 STRING object.
3451 * @param [in] asDer  Whether to write out as a DER encoding.
3452 * @return  Number of characters written to BIO on success.
3453 * @return  -1 when writing to BIO fails.
3454 */
3455static int wolfssl_asn1_string_dump_hex(WOLFSSL_BIO *bio,
3456    WOLFSSL_ASN1_STRING *str, int asDer)
3457{
3458    const char* hash="#";
3459    char hex_tmp[4];
3460    int str_len = 1;
3461
3462    /* Write out hash character to indicate hex string. */
3463    if (wolfSSL_BIO_write(bio, hash, 1) != 1) {
3464        str_len = WOLFSSL_FATAL_ERROR;
3465    }
3466    else {
3467        /* Check if we are to write out DER header. */
3468        if (asDer) {
3469            /* Encode tag and length as hex into temporary. */
3470            ByteToHexStr((byte)str->type, &hex_tmp[0]);
3471            ByteToHexStr((byte)str->length, &hex_tmp[2]);
3472            /* Update count of written characters: tag and length. */
3473            str_len += 4;
3474            /* Write out tag and length as hex digits. */
3475            if (wolfSSL_BIO_write(bio, hex_tmp, 4) != 4) {
3476                str_len = WOLFSSL_FATAL_ERROR;
3477            }
3478        }
3479    }
3480
3481    if (str_len != -1) {
3482        char* p;
3483        char* end;
3484
3485        /* Calculate end of string. */
3486        end = str->data + str->length - 1;
3487        for (p = str->data; p <= end; p++) {
3488            /* Encode string character as hex into temporary. */
3489            ByteToHexStr((byte)*p, hex_tmp);
3490            /* Update count of written characters. */
3491            str_len += 2;
3492            /* Write out character as hex digites. */
3493            if (wolfSSL_BIO_write(bio, hex_tmp, 2) != 2) {
3494                str_len = WOLFSSL_FATAL_ERROR;
3495                break;
3496            }
3497        }
3498    }
3499
3500    return str_len;
3501}
3502
3503/* Check whether character needs to be escaped.
3504 *
3505 * @param [in] c    Character to check for.
3506 * @param [in] str  String to check.
3507 * @return  1 when character found.
3508 * @return  0 when character not found.
3509 */
3510static int wolfssl_check_esc_char(char c)
3511{
3512    int ret = 0;
3513    const char esc_ch[] = "+;<>\\";
3514    const char* p = esc_ch;
3515
3516    /* Check if character matches any of those needing escaping. */
3517    for (; (*p) != '\0'; p++) {
3518        /* Check if character matches escape character. */
3519        if (c == (*p)) {
3520            ret = 1;
3521            break;
3522        }
3523    }
3524
3525    return ret;
3526}
3527
3528/* Print out string, with escaping for special characters, to BIO.
3529 *
3530 * @param [in] bio  BIO to write to.
3531 * @param [in] str  ASN.1 STRING object.
3532 * @return  Number of characters written to BIO on success.
3533 * @return  -1 when writing to BIO fails.
3534 */
3535static int wolfssl_asn1_string_print_esc_2253(WOLFSSL_BIO *bio,
3536    WOLFSSL_ASN1_STRING *str)
3537{
3538    char* p;
3539    int str_len = 0;
3540
3541    /* Write all of string character by character. */
3542    for (p = str->data; (*p) != '\0'; p++) {
3543        /* Check if character needs escaping. */
3544        if (wolfssl_check_esc_char(*p)){
3545            /* Update count of written characters. */
3546            str_len++;
3547            /* Write out escaping character. */
3548            if (wolfSSL_BIO_write(bio,"\\", 1) != 1) {
3549                str_len = WOLFSSL_FATAL_ERROR;
3550                break;
3551            }
3552        }
3553        /* Update count of written characters. */
3554        str_len++;
3555        /* Write out character. */
3556        if (wolfSSL_BIO_write(bio, p, 1) != 1) {
3557            str_len = WOLFSSL_FATAL_ERROR;
3558            break;
3559        }
3560    }
3561
3562    return str_len;
3563}
3564
3565/* Extended print ASN.1 STRING to BIO.
3566 *
3567 * @param [in] bio    BIO to print to.
3568 * @param [in] str    ASN.1 STRING to print.
3569 * @param [in] flags  Flags describing output format.
3570 * @return  Length of string written on success.
3571 * @return  0 when bio or str is NULL.
3572 * @return  0 when writing to BIO fails.
3573 */
3574int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *bio, WOLFSSL_ASN1_STRING *str,
3575    unsigned long flags)
3576{
3577    int err = 0;
3578    int str_len = -1;
3579    int type_len = 0;
3580
3581    WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex");
3582
3583    /* Validate parameters. */
3584    if ((bio == NULL) || (str == NULL)) {
3585        err = 1;
3586    }
3587    /* Check if ASN.1 type is to be printed. */
3588    if ((!err) && (flags & WOLFSSL_ASN1_STRFLGS_SHOW_TYPE)) {
3589        /* Print type and colon to BIO. */
3590        type_len = wolfssl_string_print_type(bio, str);
3591        if (type_len == 0) {
3592            err = 1;
3593        }
3594    }
3595
3596    if (!err) {
3597        if (flags & WOLFSSL_ASN1_STRFLGS_DUMP_ALL) {
3598            /* Dump hex. */
3599            str_len = wolfssl_asn1_string_dump_hex(bio, str,
3600                flags & WOLFSSL_ASN1_STRFLGS_DUMP_DER);
3601        }
3602        else if (flags & WOLFSSL_ASN1_STRFLGS_ESC_2253) {
3603            /* Print out string with escaping. */
3604            str_len = wolfssl_asn1_string_print_esc_2253(bio, str);
3605        }
3606        else {
3607            /* Get number of characters to write. */
3608            str_len = str->length;
3609            /* Print out string as is. */
3610            if (wolfSSL_BIO_write(bio, str->data, str_len) != str_len) {
3611                err = 1;
3612            }
3613        }
3614    }
3615
3616    if ((!err) && (str_len >= 0)) {
3617        /* Include any characters written for type. */
3618        str_len += type_len;
3619    }
3620    else {
3621        str_len = 0;
3622    }
3623
3624    return str_len;
3625}
3626
3627#endif /* !NO_BIO */
3628
3629#endif /* OPENSSL_EXTRA */
3630
3631/*******************************************************************************
3632 * ASN1_GENERALIZEDTIME APIs
3633 ******************************************************************************/
3634
3635#ifdef OPENSSL_EXTRA
3636
3637/* Free the static ASN.1 GENERALIZED TIME object.
3638 *
3639 * Not an OpenSSL compatibility API.
3640 *
3641 * @param [in] asn1Time  ASN.1 GENERALIZED TIME object.
3642 */
3643void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
3644{
3645    WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free");
3646    XFREE(asn1Time, NULL, DYNAMIC_TYPE_OPENSSL);
3647}
3648
3649#ifndef NO_BIO
3650/* Return the month as a string.
3651 *
3652 * Assumes n is '01'-'12'.
3653 *
3654 * @param [in] n  The number of the month as a two characters (1 based).
3655 * @return  Month as a string.
3656 */
3657static WC_INLINE const char* MonthStr(const char* n)
3658{
3659    static const char monthStr[12][4] = {
3660            "Jan", "Feb", "Mar", "Apr", "May", "Jun",
3661            "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
3662    const char* month = "BAD";
3663    int i;
3664
3665    i = (n[0] - '0') * 10 + (n[1] - '0') - 1;
3666    /* Convert string to number and index table. */
3667    if ((i >= 0) && (i < 12)) {
3668        month = monthStr[i];
3669    }
3670
3671    return month;
3672}
3673
3674/* Print an ASN.1 GENERALIZED TIME to a BIO.
3675 *
3676 * @param [in] bio      BIO to write to.
3677 * @param [in] asnTime  ASN.1 GENERALIZED TIME object.
3678 * @return  1 on success.
3679 * @return  0 when ASN.1 GENERALIZED TIME type is invalid.
3680 * @return  0 when writing to BIO fails.
3681 * @return  BAD_FUNC_ARG when bio or asnTime is NULL.
3682 */
3683int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
3684    const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime)
3685{
3686    int ret = 1;
3687    const char* p = NULL;
3688    WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_print");
3689
3690    /* Validate parameters. */
3691    if ((bio == NULL) || (asnTime == NULL)) {
3692        ret = BAD_FUNC_ARG;
3693    }
3694    /* Check type is GENERALIZED TIME. */
3695    if ((ret == 1) && (asnTime->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
3696        WOLFSSL_MSG("Error, not GENERALIZED_TIME");
3697        ret = 0;
3698    }
3699    if (ret == 1) {
3700        /* Get the string. */
3701        p = (const char *)(asnTime->data);
3702
3703        /* Print month as a 3 letter string. */
3704        if (wolfSSL_BIO_write(bio, MonthStr(p + 4), 3) != 3) {
3705            ret = 0;
3706        }
3707    }
3708    /* Print space separator. */
3709    if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
3710        ret = 0;
3711    }
3712
3713    /* Print day. */
3714    if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 6, 2) != 2)) {
3715        ret = 0;
3716    }
3717    /* Print space separator. */
3718    if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
3719        ret = 0;
3720    }
3721
3722    /* Print hour. */
3723    if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 8, 2) != 2)) {
3724        ret = 0;
3725    }
3726    /* Print time separator - colon. */
3727    if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) {
3728        ret = 0;
3729    }
3730
3731    /* Print minutes. */
3732    if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 10, 2) != 2)) {
3733        ret = 0;
3734    }
3735    /* Print time separator - colon. */
3736    if ((ret == 1) && (wolfSSL_BIO_write(bio, ":", 1) != 1)) {
3737        ret = 0;
3738    }
3739
3740    /* Print seconds. */
3741    if ((ret == 1) && (wolfSSL_BIO_write(bio, p + 12, 2) != 2)) {
3742        ret = 0;
3743    }
3744    /* Print space separator. */
3745    if ((ret == 1) && (wolfSSL_BIO_write(bio, " ", 1) != 1)) {
3746        ret = 0;
3747    }
3748    /* Print year. */
3749    if ((ret == 1) && (wolfSSL_BIO_write(bio, p, 4) != 4)) {
3750        ret = 0;
3751    }
3752
3753    return ret;
3754}
3755#endif /* !NO_BIO */
3756
3757#endif /* OPENSSL_EXTRA */
3758
3759/*******************************************************************************
3760 * ASN1_TIME APIs
3761 ******************************************************************************/
3762
3763#ifndef NO_ASN_TIME
3764
3765#ifdef OPENSSL_EXTRA
3766/* Allocate a new ASN.1 TIME object.
3767 *
3768 * @return  New empty ASN.1 TIME object on success.
3769 * @return  NULL when dynamic memory allocation fails.
3770 */
3771WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void)
3772{
3773    WOLFSSL_ASN1_TIME* ret;
3774
3775    /* Allocate a new ASN.1 TYPE object. */
3776    ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL,
3777        DYNAMIC_TYPE_OPENSSL);
3778    if (ret != NULL) {
3779        /* Clear out fields. */
3780        XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME));
3781    }
3782
3783    return ret;
3784}
3785
3786/* Dispose of ASN.1 TIME object.
3787 *
3788 * @param [in, out] t  ASN.1 TIME object.
3789 */
3790void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t)
3791{
3792    /* Dispose of ASN.1 TIME object. */
3793    XFREE(t, NULL, DYNAMIC_TYPE_OPENSSL);
3794}
3795
3796#ifndef NO_WOLFSSL_STUB
3797/* Set the Unix time GMT into ASN.1 TIME object.
3798 *
3799 * Not implemented.
3800 *
3801 * @param [in, out] a   ASN.1 TIME object.
3802 * @param [in]      t   Unix time GMT.
3803 * @return  An ASN.1 TIME object.
3804 */
3805WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *a, time_t t)
3806{
3807    WOLFSSL_STUB("wolfSSL_ASN1_TIME_set");
3808    (void)a;
3809    (void)t;
3810    return a;
3811}
3812#endif /* !NO_WOLFSSL_STUB */
3813
3814/* Convert time to Unix time (GMT).
3815 *
3816 * @param [in] sec     Second in minute. 0-59.
3817 * @param [in] minute  Minute in hour. 0-59.
3818 * @param [in] hour    Hour in day. 0-23.
3819 * @param [in] mday    Day of month. 1-31.
3820 * @param [in] mon     Month of year. 0-11
3821 * @param [in] year    Year including century. ie: 1991, 2023, 2048.
3822 * @return  Seconds since 00:00:00 01/01/1970 for the time passed in.
3823 */
3824static long long wolfssl_time_to_unix_time(int sec, int minute, int hour,
3825    int mday, int mon, int year)
3826{
3827    /* Number of cumulative days from the previous months, starting from
3828     * beginning of January. */
3829    static const int monthDaysCumulative [12] = {
3830        0, 31, 59, 90, 120, 151, 181, 212, 243, 273, 304, 334
3831    };
3832    int leapDays = year;
3833
3834    /* Leap day at end of February. */
3835    if (mon <= 1) {
3836        --leapDays;
3837    }
3838    /* Calculate leap days. */
3839    leapDays = leapDays / 4 - leapDays / 100 + leapDays / 400 - 1969 / 4 +
3840               1969 / 100 - 1969 / 400;
3841
3842    /* Calculate number of seconds. */
3843    return ((((long long) (year - 1970) * 365 + leapDays +
3844           monthDaysCumulative[mon] + mday - 1) * 24 + hour) * 60 + minute) *
3845           60 + sec;
3846}
3847
3848/* Convert ASN.1 TIME object to Unix time (GMT).
3849 *
3850 * @param [in]  t     ASN.1 TIME object.
3851 * @param [out] secs  Number of seconds since 00:00:00 01/01/1970.
3852 * @return  1 on success.
3853 * @return  0 when conversion of time fails.
3854 */
3855static int wolfssl_asn1_time_to_secs(const WOLFSSL_ASN1_TIME* t,
3856    long long* secs)
3857{
3858    int ret = 1;
3859    struct tm tm_s;
3860    struct tm *tmGmt = &tm_s;
3861
3862    /* Convert ASN.1 TIME to broken-down time. NULL treated as current time. */
3863    ret = wolfSSL_ASN1_TIME_to_tm(t, tmGmt);
3864    if (ret != 1) {
3865        WOLFSSL_MSG("Failed to convert from time to struct tm.");
3866    }
3867    else {
3868        /* We use wolfssl_time_to_unix_time here instead of XMKTIME to avoid the
3869         * Year 2038 problem on platforms where time_t is 32 bits. struct tm
3870         * stores the year as years since 1900, so we add 1900 to the year. */
3871        *secs = wolfssl_time_to_unix_time(tmGmt->tm_sec, tmGmt->tm_min,
3872            tmGmt->tm_hour, tmGmt->tm_mday, tmGmt->tm_mon,
3873            tmGmt->tm_year + 1900);
3874    }
3875
3876    return ret;
3877}
3878
3879/* Calculate difference in time of two ASN.1 TIME objects.
3880 *
3881 * @param [out] days  Number of whole days between from and to.
3882 * @param [out] secs  Number of seconds less than a day between from and to.
3883 * @param [in]  from  ASN.1 TIME object as start time.
3884 * @param [in]  to    ASN.1 TIME object as end time.
3885 * @return  1 on success.
3886 * @return  0 when conversion of time fails.
3887 */
3888int wolfSSL_ASN1_TIME_diff(int *days, int *secs, const WOLFSSL_ASN1_TIME *from,
3889    const WOLFSSL_ASN1_TIME *to)
3890{
3891    int ret = 1;
3892
3893    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_diff");
3894
3895    if ((from == NULL) && (to == NULL)) {
3896        if (days != NULL) {
3897            *days = 0;
3898        }
3899        if (secs != NULL) {
3900            *secs = 0;
3901        }
3902    }
3903    else {
3904        const long long SECS_PER_DAY = 24 * 60 * 60;
3905        long long fromSecs;
3906        long long toSecs = 0;
3907
3908        ret = wolfssl_asn1_time_to_secs(from, &fromSecs);
3909        if (ret == 1) {
3910            ret = wolfssl_asn1_time_to_secs(to, &toSecs);
3911        }
3912        if (ret == 1) {
3913            long long diffSecs = toSecs - fromSecs;
3914            if (days != NULL) {
3915                *days = (int) (diffSecs / SECS_PER_DAY);
3916            }
3917            if (secs != NULL) {
3918                *secs = (int) (diffSecs -
3919                        ((long long)(diffSecs / SECS_PER_DAY) * SECS_PER_DAY));
3920            }
3921        }
3922    }
3923
3924    return ret;
3925}
3926
3927/* Compare two ASN.1 TIME objects by comparing time value.
3928 *
3929 * @param [in] a  First ASN.1 TIME object.
3930 * @param [in] b  Second ASN.1 TIME object.
3931 * @return Negative value when a is less than b.
3932 * @return 0 when a equals b.
3933 * @return Positive value when a is greater than b.
3934 * @return -2 when a or b is invalid.
3935 */
3936int wolfSSL_ASN1_TIME_compare(const WOLFSSL_ASN1_TIME *a,
3937    const WOLFSSL_ASN1_TIME *b)
3938{
3939    int ret;
3940    int days;
3941    int secs;
3942
3943    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_compare");
3944
3945    /* Calculate difference in time between a and b. */
3946    if (wolfSSL_ASN1_TIME_diff(&days, &secs, a, b) != 1) {
3947        WOLFSSL_MSG("Failed to get time difference.");
3948        ret = -2;
3949    }
3950    else if (days == 0 && secs == 0) {
3951        /* a and b are the same time. */
3952        ret = 0;
3953    }
3954    else if (days >= 0 && secs >= 0) {
3955        /* a is before b. */
3956        ret = -1;
3957    }
3958    /* Assume wolfSSL_ASN1_TIME_diff creates coherent values. */
3959    else {
3960        ret = 1;
3961    }
3962
3963    WOLFSSL_LEAVE("wolfSSL_ASN1_TIME_compare", ret);
3964
3965    return ret;
3966}
3967
3968#if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
3969/* Adjust the time into an ASN.1 TIME object.
3970 *
3971 * @param [in] a           ASN.1 TIME object. May be NULL.
3972 * @param [in] t           Time to offset.
3973 * @param [in] offset_day  Number of days to offset. May be negative.
3974 * @param [in] offset_sec  Number of seconds to offset. May be negative.
3975 * @return  ASN.1 TIME object on success.
3976 * @return  NULL when formatting time fails.
3977 * @return  NULL when dynamic memory allocation fails.
3978 */
3979WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME* a, time_t t,
3980    int offset_day, long offset_sec)
3981{
3982    WOLFSSL_ASN1_TIME* ret = NULL;
3983    const time_t sec_per_day = 24*60*60;
3984    int time_get;
3985    char time_str[MAX_TIME_STRING_SZ];
3986    time_t offset_day_sec = offset_day * sec_per_day;
3987    time_t t_adj          = t + offset_day_sec + offset_sec;
3988
3989    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj");
3990
3991    /* Get time string as either UTC or GeneralizedTime. */
3992    time_get = GetFormattedTime(&t_adj, (byte*)time_str, MAX_TIME_STRING_SZ);
3993    if (time_get > 0) {
3994        ret = a;
3995        if (ret == NULL) {
3996            ret = wolfSSL_ASN1_TIME_new();
3997        }
3998        /* Set the string into the ASN.1 TIME object. */
3999        if ((wolfSSL_ASN1_TIME_set_string(ret, time_str) != 1) && (ret != a)) {
4000            wolfSSL_ASN1_TIME_free(ret);
4001            ret = NULL;
4002        }
4003    }
4004
4005    return ret;
4006}
4007#endif /* !USER_TIME && !TIME_OVERRIDES */
4008
4009/* Get the length of the ASN.1 TIME data.
4010 *
4011 * Not an OpenSSL function - ASN1_TIME is not opaque.
4012 *
4013 * @param [in] t  ASN.1 TIME object.
4014 * @return  Length of data on success.
4015 * @return  0 when t is NULL or no time set.
4016 */
4017int wolfSSL_ASN1_TIME_get_length(const WOLFSSL_ASN1_TIME *t)
4018{
4019    int len = 0;
4020
4021    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length");
4022
4023    if (t != NULL) {
4024        len = t->length;
4025    }
4026
4027    return len;
4028}
4029
4030/* Get the data from the ASN.1 TIME object.
4031 *
4032 * Not an OpenSSL function - ASN1_TIME is not opaque.
4033 *
4034 * @param [in] t  ASN.1 TIME object.
4035 * @return  Data buffer on success.
4036 * @return  NULL when t is NULL.
4037 */
4038unsigned char* wolfSSL_ASN1_TIME_get_data(const WOLFSSL_ASN1_TIME *t)
4039{
4040    unsigned char* data = NULL;
4041
4042    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data");
4043
4044    if (t != NULL) {
4045        data = (unsigned char*)t->data;
4046    }
4047
4048    return data;
4049}
4050
4051/* Check format of string in ASN.1 TIME object.
4052 *
4053 * @param [in] a  ASN.1 TIME object.
4054 * @return  1 on success.
4055 * @return  0 when format invalid.
4056 */
4057int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
4058{
4059    int ret = WOLFSSL_SUCCESS;
4060    char buf[MAX_TIME_STRING_SZ];
4061
4062    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
4063
4064    /* If can convert to human readable then format good. */
4065    if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
4066            MAX_TIME_STRING_SZ) == NULL) {
4067        ret = WOLFSSL_FAILURE;
4068    }
4069
4070    return ret;
4071}
4072
4073/* Set the time as a string into ASN.1 TIME object.
4074 *
4075 * When t is NULL, str is checked only.
4076 *
4077 * @param [in, out] t    ASN.1 TIME object.
4078 * @param [in]      str  Time as a string.
4079 * @return  1 on success.
4080 * @return  0 when str is NULL.
4081 * @return  0 when str is not formatted correctly.
4082 */
4083int wolfSSL_ASN1_TIME_set_string(WOLFSSL_ASN1_TIME *t, const char *str)
4084{
4085    int ret = WOLFSSL_SUCCESS;
4086    int slen = 0;
4087
4088    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string");
4089
4090    if (str == NULL) {
4091        WOLFSSL_MSG("Bad parameter");
4092        ret = 0;
4093    }
4094    if (ret == WOLFSSL_SUCCESS) {
4095        /* Get length of string including NUL terminator. */
4096        slen = (int)XSTRLEN(str) + 1;
4097        if (slen > CTC_DATE_SIZE) {
4098            WOLFSSL_MSG("Date string too long");
4099            ret = WOLFSSL_FAILURE;
4100        }
4101    }
4102    if ((ret == WOLFSSL_SUCCESS) && (t != NULL)) {
4103        /* Copy in string including NUL terminator. */
4104        XMEMCPY(t->data, str, (size_t)slen);
4105        /* Do not include NUL terminator in length. */
4106        t->length = slen - 1;
4107        /* Set ASN.1 type based on string length. */
4108        t->type = ((slen == ASN_UTC_TIME_SIZE) ? WOLFSSL_V_ASN1_UTCTIME :
4109            WOLFSSL_V_ASN1_GENERALIZEDTIME);
4110    }
4111
4112    return ret;
4113}
4114
4115int wolfSSL_ASN1_TIME_set_string_X509(WOLFSSL_ASN1_TIME *t, const char *str)
4116{
4117    int ret = WOLFSSL_SUCCESS;
4118
4119    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_set_string_X509");
4120
4121    if (t == NULL)
4122        ret = WOLFSSL_FAILURE;
4123    if (ret == WOLFSSL_SUCCESS)
4124        ret = wolfSSL_ASN1_TIME_set_string(t, str);
4125    if (ret == WOLFSSL_SUCCESS)
4126        ret = wolfSSL_ASN1_TIME_check(t);
4127    return ret;
4128}
4129
4130/* Convert ASN.1 TIME object to ASN.1 GENERALIZED TIME object.
4131 *
4132 * @param [in]      t    ASN.1 TIME object.
4133 * @param [in, out] out  ASN.1 GENERALIZED TIME object.
4134 * @return  ASN.1 GENERALIZED TIME object on success.
4135 * @return  NULL when t is NULL or t has wrong ASN.1 type.
4136 * @return  NULL when dynamic memory allocation fails.
4137 */
4138WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
4139    WOLFSSL_ASN1_TIME **out)
4140{
4141    WOLFSSL_ASN1_TIME *ret = NULL;
4142
4143    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime");
4144
4145    /* Validate parameters. */
4146    if (t == NULL) {
4147        WOLFSSL_MSG("Invalid ASN_TIME value");
4148    }
4149    /* Ensure ASN.1 type is one that is supported. */
4150    else if ((t->type != WOLFSSL_V_ASN1_UTCTIME) &&
4151             (t->type != WOLFSSL_V_ASN1_GENERALIZEDTIME)) {
4152        WOLFSSL_MSG("Invalid ASN_TIME type.");
4153    }
4154    /* Check for ASN.1 GENERALIZED TIME object being passed in. */
4155    else if ((out != NULL) && (*out != NULL)) {
4156        /* Copy into the passed in object. */
4157        ret = *out;
4158    }
4159    else {
4160        /* Create a new ASN.1 GENERALIZED TIME object. */
4161        ret = wolfSSL_ASN1_TIME_new();
4162        if (ret == NULL) {
4163            WOLFSSL_MSG("memory alloc failed.");
4164        }
4165    }
4166
4167    if (ret != NULL) {
4168        /* Set the ASN.1 type and length of string. */
4169        ret->type = WOLFSSL_V_ASN1_GENERALIZEDTIME;
4170
4171        if (t->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
4172            ret->length = ASN_GENERALIZED_TIME_SIZE;
4173
4174            /* Just copy as data already appropriately formatted. */
4175            XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
4176        }
4177        else {
4178            /* Convert UTC TIME to GENERALIZED TIME. */
4179            ret->length = t->length + 2; /* Add two extra year digits */
4180
4181            if (t->data[0] >= '5') {
4182                /* >= 50 is 1900s.  */
4183                ret->data[0] = '1'; ret->data[1] = '9';
4184            }
4185            else {
4186                /* < 50 is 2000s.  */
4187                ret->data[0] = '2'; ret->data[1] = '0';
4188            }
4189            /* Append rest of the data as it is the same. */
4190            XMEMCPY(&ret->data[2], t->data, t->length);
4191        }
4192
4193        /* Check for pointer to return result through. */
4194        if (out != NULL) {
4195            *out = ret;
4196        }
4197    }
4198
4199    return ret;
4200}
4201
4202#if !defined(USER_TIME) && !defined(TIME_OVERRIDES)
4203WOLFSSL_ASN1_TIME* wolfSSL_ASN1_UTCTIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
4204{
4205    WOLFSSL_ASN1_TIME* ret = s;
4206
4207    WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_set");
4208
4209    if (ret == NULL) {
4210        ret = wolfSSL_ASN1_TIME_new();
4211        if (ret == NULL)
4212            return NULL;
4213    }
4214
4215    ret->length = GetFormattedTime(&t, ret->data, sizeof(ret->data));
4216    if (ret->length + 1 != ASN_UTC_TIME_SIZE) {
4217        /* Either snprintf error or t can't be represented in UTC format */
4218        if (ret != s)
4219            wolfSSL_ASN1_TIME_free(ret);
4220        ret = NULL;
4221    }
4222    else {
4223        ret->type = WOLFSSL_V_ASN1_UTCTIME;
4224    }
4225
4226    return ret;
4227}
4228#endif /* !USER_TIME && !TIME_OVERRIDES */
4229#endif /* OPENSSL_EXTRA */
4230
4231#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
4232/* Get string from ASN.1 TIME object.
4233 *
4234 * Not an OpenSSL compatibility API.
4235 *
4236 * @param [in]      t    ASN.1 TIME object.
4237 * @param [in, out] buf  Buffer to put string in.
4238 * @param [in]      len  Length of buffer in bytes.
4239 * @return  buf on success.
4240 * @return  NULL when t or buf is NULL, or len is less than 5.
4241 * @return  NULL when ASN.1 TIME length is larger than len.
4242 * @return  NULL when internal time format not valid.
4243 */
4244char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
4245{
4246    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
4247
4248    /* Validate parameters. */
4249    if ((t == NULL) || (buf == NULL) || (len < 5)) {
4250        WOLFSSL_MSG("Bad argument");
4251        buf = NULL;
4252    }
4253
4254    /* Check internal length against passed in length. */
4255    if ((buf != NULL) && (t->length > len)) {
4256        WOLFSSL_MSG("Length of date is longer then buffer");
4257        buf = NULL;
4258    }
4259
4260    /* Get time as human readable string. */
4261    if ((buf != NULL) && !GetTimeString(t->data, t->type, buf, len,
4262           t->length)) {
4263        buf = NULL;
4264    }
4265
4266    return buf;
4267}
4268
4269/* Number of characters in a UTC TIME string. */
4270#define UTCTIME_LEN     13
4271
4272/* Get year from UTC TIME string.
4273 *
4274 * @param [in]  str   UTC TIME string.
4275 * @param [in]  len   Length of string in bytes.
4276 * @param [out] year  Year as extracted from string.
4277 * @return  1 on success.
4278 * @return  0 when length is too short for a UTC TIME.
4279 * @return  0 when not ZULU time.
4280 */
4281static int wolfssl_utctime_year(const unsigned char* str, int len, int* year)
4282{
4283    int ret = 1;
4284
4285    /* Check minimal length for UTC TIME. */
4286    if (len < UTCTIME_LEN) {
4287        WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
4288        ret = 0;
4289    }
4290    /* Only support ZULU time. */
4291    if ((ret == 1) && (str[UTCTIME_LEN - 1] != 'Z')) {
4292        WOLFSSL_MSG("Expecting UTC time.");
4293        ret = 0;
4294    }
4295
4296    if (ret == 1) {
4297        if ((str[0] < '0') || (str[0] > '9') ||
4298            (str[1] < '0') || (str[1] > '9')) {
4299            WOLFSSL_MSG("Invalid characters in UTC year.");
4300            ret = 0;
4301        }
4302    }
4303
4304    if (ret == 1) {
4305        int tm_year;
4306        /* 2-digit year. */
4307        tm_year =  (str[0] - '0') * 10;
4308        tm_year +=  str[1] - '0';
4309        /* Check for year being in the 2000s. */
4310        if (tm_year < 50) {
4311            tm_year += 100;
4312        }
4313        *year = tm_year;
4314    }
4315
4316    return ret;
4317}
4318
4319/* Number of characters in a GENERALIZED TIME string. */
4320#define GENTIME_LEN     15
4321
4322/* Get year from GENERALIZED TIME string.
4323 *
4324 * @param [in]  str   GENERALIZED TIME string.
4325 * @param [in]  len   Length of string in bytes.
4326 * @param [out] year  Year as extracted from string.
4327 * @return  1 on success.
4328 * @return  0 when length is too short for a GENERALIZED TIME.
4329 * @return  0 when not ZULU time.
4330 */
4331static int wolfssl_gentime_year(const unsigned char* str, int len, int* year)
4332{
4333    int ret = 1;
4334
4335    /* Check minimal length for GENERALIZED TIME. */
4336    if (len < GENTIME_LEN) {
4337        WOLFSSL_MSG("WOLFSSL_ASN1_TIME buffer length is invalid.");
4338        ret = 0;
4339    }
4340    if ((ret == 1) && (str[GENTIME_LEN - 1] != 'Z')) {
4341        WOLFSSL_MSG("Expecting Generalized time.");
4342        ret = 0;
4343    }
4344
4345    if (ret == 1) {
4346        if ((str[0] < '0') || (str[0] > '9') ||
4347            (str[1] < '0') || (str[1] > '9') ||
4348            (str[2] < '0') || (str[2] > '9') ||
4349            (str[3] < '0') || (str[3] > '9')) {
4350            WOLFSSL_MSG("Invalid characters in generalized year.");
4351            ret = 0;
4352        }
4353    }
4354
4355    if (ret == 1) {
4356        int tm_year;
4357        /* 4-digit year. */
4358        tm_year =  (str[0] - '0') * 1000;
4359        tm_year += (str[1] - '0') * 100;
4360        tm_year += (str[2] - '0') * 10;
4361        tm_year +=  str[3] - '0';
4362        /* Only need value to be years since 1900. */
4363        tm_year -= 1900;
4364        *year = tm_year;
4365    }
4366
4367    return ret;
4368}
4369
4370/* Convert an ASN.1 TIME to a struct tm.
4371 *
4372 * @param [in] asnTime  ASN.1 TIME object.
4373 * @param [in] tm       Broken-down time. Must be non-NULL.
4374 * @return  1 on success.
4375 * @return  0 when string format is invalid.
4376 */
4377static int wolfssl_asn1_time_to_tm(const WOLFSSL_ASN1_TIME* asnTime,
4378    struct tm* tm)
4379{
4380    int ret = 1;
4381    const unsigned char* asn1TimeBuf;
4382    int asn1TimeBufLen;
4383    int i = 0;
4384    /* Parse into a local struct so the caller's tm is only written on
4385     * success. Avoids leaving a partially-populated struct behind when
4386     * the input fails validation. */
4387    struct tm localTm;
4388
4389    XMEMSET(&localTm, 0, sizeof(localTm));
4390
4391    /* Get the string buffer - fixed array, can't fail. */
4392    asn1TimeBuf = wolfSSL_ASN1_TIME_get_data(asnTime);
4393    /* Get the length of the string. */
4394    asn1TimeBufLen = wolfSSL_ASN1_TIME_get_length(asnTime);
4395    if (asn1TimeBufLen <= 0) {
4396        WOLFSSL_MSG("Failed to get WOLFSSL_ASN1_TIME buffer length.");
4397        ret = 0;
4398    }
4399    if (ret == 1) {
4400        if (asnTime->type == WOLFSSL_V_ASN1_UTCTIME) {
4401            /* Get year from UTC TIME string. */
4402            int tm_year;
4403            if ((ret = wolfssl_utctime_year(asn1TimeBuf, asn1TimeBufLen,
4404                    &tm_year)) == 1) {
4405                localTm.tm_year = tm_year;
4406                /* Month starts after year - 2 characters. */
4407                i = 2;
4408            }
4409        }
4410        else if (asnTime->type == WOLFSSL_V_ASN1_GENERALIZEDTIME) {
4411            /* Get year from GENERALIZED TIME string. */
4412            int tm_year;
4413            if ((ret = wolfssl_gentime_year(asn1TimeBuf, asn1TimeBufLen,
4414                    &tm_year)) == 1) {
4415                localTm.tm_year = tm_year;
4416                /* Month starts after year - 4 characters. */
4417                i = 4;
4418            }
4419        }
4420        else {
4421            /* No other time formats known. */
4422            WOLFSSL_MSG("asnTime->type is invalid.");
4423            ret = 0;
4424        }
4425    }
4426
4427    if (ret == 1) {
4428        int j;
4429        /* Validate 10 digits: MMDDHHMMSS. Length was already checked
4430         * (>= UTCTIME_LEN or >= GENTIME_LEN), so i+10 is in range. */
4431        for (j = i; j < i + 10; j++) {
4432            if (asn1TimeBuf[j] < '0' || asn1TimeBuf[j] > '9') {
4433                WOLFSSL_MSG("Non-digit in ASN.1 TIME.");
4434                ret = 0;
4435                break;
4436            }
4437        }
4438    }
4439
4440    if (ret == 1) {
4441        /* Fill in rest of broken-down time from string. */
4442        /* January is 0 not 1 */
4443        localTm.tm_mon   = (asn1TimeBuf[i] - '0') * 10; i++;
4444        localTm.tm_mon  += (asn1TimeBuf[i] - '0') - 1;  i++;
4445        localTm.tm_mday  = (asn1TimeBuf[i] - '0') * 10; i++;
4446        localTm.tm_mday += (asn1TimeBuf[i] - '0');      i++;
4447        localTm.tm_hour  = (asn1TimeBuf[i] - '0') * 10; i++;
4448        localTm.tm_hour += (asn1TimeBuf[i] - '0');      i++;
4449        localTm.tm_min   = (asn1TimeBuf[i] - '0') * 10; i++;
4450        localTm.tm_min  += (asn1TimeBuf[i] - '0');      i++;
4451        localTm.tm_sec   = (asn1TimeBuf[i] - '0') * 10; i++;
4452        localTm.tm_sec  += (asn1TimeBuf[i] - '0');
4453    }
4454
4455    if (ret == 1) {
4456        /* Range-check broken-down fields. ValidateGmtime returns 0 on
4457         * success. */
4458        if (ValidateGmtime(&localTm)) {
4459            WOLFSSL_MSG("Out-of-range field in ASN.1 TIME.");
4460            ret = 0;
4461        }
4462    }
4463
4464    if (ret == 1) {
4465        /* Publish to caller. */
4466        XMEMCPY(tm, &localTm, sizeof(*tm));
4467    #ifdef XMKTIME
4468        /* XMKTIME may set tm_isdst/tm_gmtoff on localTm; call after the
4469         * copy so those fields stay zero in the caller's tm. */
4470        XMKTIME(&localTm);
4471        tm->tm_wday = localTm.tm_wday;
4472        tm->tm_yday = localTm.tm_yday;
4473    #endif
4474    }
4475
4476    return ret;
4477}
4478
4479/* Get the current time into a broken-down time.
4480 *
4481 * @param [out] tm  Broken-time time.
4482 * @return  1 on success.
4483 * @return  0 when tm is NULL.
4484 * @return  0 when get current time fails.
4485 * @return  0 when converting Unix time to broken-down time fails.
4486 */
4487static int wolfssl_get_current_time_tm(struct tm* tm)
4488{
4489    int ret = 1;
4490    time_t currentTime;
4491    struct tm *tmpTs;
4492#if defined(NEED_TMP_TIME)
4493    /* for use with gmtime_r */
4494    struct tm tmpTimeStorage;
4495    tmpTs = &tmpTimeStorage;
4496#else
4497    tmpTs = NULL;
4498#endif
4499    (void)tmpTs;
4500
4501    /* Must have a pointer to return result into. */
4502    if (tm == NULL) {
4503        WOLFSSL_MSG("asnTime and tm are both NULL");
4504        ret = 0;
4505    }
4506    if (ret == 1) {
4507        /* Get current Unix Time GMT. */
4508        currentTime = wc_Time(0);
4509        if (currentTime <= 0) {
4510            WOLFSSL_MSG("Failed to get current time.");
4511            ret = 0;
4512        }
4513    }
4514    if (ret == 1) {
4515        /* Convert Unix Time GMT into broken-down time. */
4516        tmpTs = XGMTIME(&currentTime, tmpTs);
4517        if (tmpTs == NULL) {
4518            WOLFSSL_MSG("Failed to convert current time to UTC.");
4519            ret = 0;
4520        }
4521    }
4522    if (ret == 1) {
4523        /* Copy from the structure returned into parameter. */
4524        XMEMCPY(tm, tmpTs, sizeof(*tm));
4525    }
4526
4527    return ret;
4528}
4529
4530/* Convert ASN.1 TIME object's time into broken-down representation.
4531 *
4532 * Internal time string is checked when tm is NULL.
4533 *
4534 * @param [in]  asnTime  ASN.1 TIME object.
4535 * @param [out] tm       Broken-down time.
4536 * @return  1 on success.
4537 * @return  0 when asnTime is NULL and tm is NULL.
4538 * @return  0 getting current time fails.
4539 * @return  0 when internal time string is invalid.
4540 */
4541int wolfSSL_ASN1_TIME_to_tm(const WOLFSSL_ASN1_TIME* asnTime, struct tm* tm)
4542{
4543    int ret = 1;
4544
4545    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_tm");
4546
4547    /* If asnTime is NULL, then the current time is converted. */
4548    if (asnTime == NULL) {
4549        ret = wolfssl_get_current_time_tm(tm);
4550    }
4551    /* If tm is NULL this function performs a format check on asnTime only. */
4552    else if (tm == NULL) {
4553        ret = wolfSSL_ASN1_TIME_check(asnTime);
4554    }
4555    else {
4556        /* Convert ASN.1 TIME to broken-down time. */
4557        ret = wolfssl_asn1_time_to_tm(asnTime, tm);
4558    }
4559
4560    return ret;
4561}
4562
4563#ifndef NO_BIO
4564/* Print the ASN.1 TIME object as a string to BIO.
4565 *
4566 * @param [in] bio      BIO to write to.
4567 * @param [in] asnTime  ASN.1 TIME object.
4568 * @return  1 on success.
4569 * @return  0 when bio or asnTime is NULL.
4570 * @return  0 when creating human readable string fails.
4571 * @return  0 when writing to BIO fails.
4572 */
4573int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
4574{
4575    int  ret = 1;
4576
4577    WOLFSSL_ENTER("wolfSSL_ASN1_TIME_print");
4578
4579    /* Validate parameters. */
4580    if ((bio == NULL) || (asnTime == NULL)) {
4581        WOLFSSL_MSG("NULL function argument");
4582        ret = 0;
4583    }
4584
4585    if (ret == 1) {
4586        char buf[MAX_TIME_STRING_SZ];
4587        int len;
4588
4589        /* Create human readable string. */
4590        if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf,
4591                sizeof(buf)) == NULL) {
4592            /* Write out something anyway but return error. */
4593            XMEMSET(buf, 0, MAX_TIME_STRING_SZ);
4594            XSTRNCPY(buf, "Bad time value", sizeof(buf)-1);
4595            ret = 0;
4596        }
4597
4598        /* Write out string. */
4599        len = (int)XSTRLEN(buf);
4600        if (wolfSSL_BIO_write(bio, buf, len) != len) {
4601            WOLFSSL_MSG("Unable to write to bio");
4602            ret = 0;
4603        }
4604    }
4605
4606    return ret;
4607}
4608#endif /* !NO_BIO */
4609
4610#endif /* WOLFSSL_MYSQL_COMPATIBLE || OPENSSL_EXTRA */
4611
4612#ifdef OPENSSL_EXTRA
4613
4614#ifndef NO_BIO
4615/* Print the ASN.1 UTC TIME object as a string to BIO.
4616 *
4617 * @param [in] bio      BIO to write to.
4618 * @param [in] asnTime  ASN.1 UTC TIME object.
4619 * @return  1 on success.
4620 * @return  0 when bio or asnTime is NULL.
4621 * @return  0 when ASN.1 type is not UTC TIME.
4622 * @return  0 when creating human readable string fails.
4623 * @return  0 when writing to BIO fails.
4624 */
4625int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
4626{
4627    int ret = 1;
4628
4629    WOLFSSL_ENTER("wolfSSL_ASN1_UTCTIME_print");
4630
4631    /* Validate parameters. */
4632    if ((bio == NULL) || (a == NULL)) {
4633        ret = 0;
4634    }
4635    /* Validate ASN.1 UTC TIME object is of type UTC_TIME. */
4636    if ((ret == 1) && (a->type != WOLFSSL_V_ASN1_UTCTIME)) {
4637        WOLFSSL_MSG("Error, not UTC_TIME");
4638        ret = 0;
4639    }
4640
4641    if (ret == 1) {
4642        /* Use generic time printing function to do work. */
4643        ret = wolfSSL_ASN1_TIME_print(bio, a);
4644    }
4645
4646    return ret;
4647}
4648#endif /* !NO_BIO */
4649
4650#endif /* OPENSSL_EXTRA */
4651
4652#endif /* !NO_ASN_TIME */
4653
4654/*******************************************************************************
4655 * ASN1_TYPE APIs
4656 ******************************************************************************/
4657
4658#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
4659    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
4660
4661/**
4662 * Allocate a new ASN.1 TYPE object.
4663 *
4664 * @return  New empty ASN.1 TYPE object on success.
4665 * @return  NULL when dynamic memory allocation fails.
4666 */
4667WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
4668{
4669    WOLFSSL_ASN1_TYPE* ret;
4670
4671    /* Allocate a new ASN.1 TYPE object. */
4672    ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE), NULL,
4673        DYNAMIC_TYPE_OPENSSL);
4674    if (ret != NULL) {
4675        /* Clear out fields. */
4676        XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE));
4677    }
4678
4679    return ret;
4680}
4681
4682/* Free the ASN.1 TYPE object's value field.
4683 *
4684 * @param [in, out] at  ASN.1 TYPE object.
4685 */
4686static void wolfssl_asn1_type_free_value(WOLFSSL_ASN1_TYPE* at)
4687{
4688    switch (at->type) {
4689        case WOLFSSL_V_ASN1_NULL:
4690            break;
4691        case WOLFSSL_V_ASN1_OBJECT:
4692            wolfSSL_ASN1_OBJECT_free(at->value.object);
4693            break;
4694        case WOLFSSL_V_ASN1_UTCTIME:
4695        #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
4696            wolfSSL_ASN1_TIME_free(at->value.utctime);
4697        #endif
4698            break;
4699        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
4700        #if !defined(NO_ASN_TIME) && defined(OPENSSL_EXTRA)
4701            wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
4702        #endif
4703            break;
4704        case WOLFSSL_V_ASN1_UTF8STRING:
4705        case WOLFSSL_V_ASN1_OCTET_STRING:
4706        case WOLFSSL_V_ASN1_PRINTABLESTRING:
4707        case WOLFSSL_V_ASN1_T61STRING:
4708        case WOLFSSL_V_ASN1_IA5STRING:
4709        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
4710        case WOLFSSL_V_ASN1_SEQUENCE:
4711            wolfSSL_ASN1_STRING_free(at->value.asn1_string);
4712            break;
4713        default:
4714            break;
4715    }
4716}
4717
4718/**
4719 * Free ASN.1 TYPE object and its value.
4720 *
4721 * @param [in, out] at  ASN.1 TYPE object.
4722 */
4723void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
4724{
4725    if (at != NULL) {
4726        /* Dispose of value in ASN.1 TYPE object. */
4727        wolfssl_asn1_type_free_value(at);
4728    }
4729    /* Dispose of ASN.1 TYPE object. */
4730    XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
4731}
4732
4733#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
4734          WOLFSSL_WPAS_SMALL */
4735
4736#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)
4737
4738int wolfSSL_i2d_ASN1_TYPE(WOLFSSL_ASN1_TYPE* at, unsigned char** pp)
4739{
4740    int ret = WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR);
4741
4742    if (at == NULL)
4743        return WOLFSSL_FATAL_ERROR;
4744
4745    switch (at->type) {
4746        case WOLFSSL_V_ASN1_NULL:
4747            break;
4748        case WOLFSSL_V_ASN1_OBJECT:
4749            ret = wolfSSL_i2d_ASN1_OBJECT(at->value.object, pp);
4750            break;
4751        case WOLFSSL_V_ASN1_UTF8STRING:
4752            ret = wolfSSL_i2d_ASN1_UTF8STRING(at->value.utf8string, pp);
4753            break;
4754        case WOLFSSL_V_ASN1_GENERALIZEDTIME:
4755            ret = wolfSSL_i2d_ASN1_GENERALSTRING(at->value.utf8string, pp);
4756            break;
4757        case WOLFSSL_V_ASN1_SEQUENCE:
4758            ret = wolfSSL_i2d_ASN1_SEQUENCE(at->value.sequence, pp);
4759            break;
4760        case WOLFSSL_V_ASN1_UTCTIME:
4761        case WOLFSSL_V_ASN1_PRINTABLESTRING:
4762        case WOLFSSL_V_ASN1_T61STRING:
4763        case WOLFSSL_V_ASN1_IA5STRING:
4764        case WOLFSSL_V_ASN1_UNIVERSALSTRING:
4765        default:
4766            WOLFSSL_MSG("asn1 i2d type not supported");
4767            break;
4768    }
4769
4770    return ret;
4771}
4772
4773#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */
4774
4775#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
4776    defined(OPENSSL_EXTRA_X509_SMALL) || defined(WOLFSSL_WPAS_SMALL)
4777/**
4778 * Set ASN.1 TYPE object with a type and value.
4779 *
4780 * Type of value for different types:
4781 *   WOLFSSL_V_ASN1_NULL            : Value should be NULL.
4782 *   WOLFSSL_V_ASN1_OBJECT          : WOLFSSL_ASN1_OBJECT.
4783 *   WOLFSSL_V_ASN1_UTCTIME         : WOLFSSL_ASN1_TIME.
4784 *   WOLFSSL_V_ASN1_GENERALIZEDTIME : WOLFSSL_ASN1_TIME.
4785 *   WOLFSSL_V_ASN1_UTF8STRING      : WOLFSSL_ASN1_STRING.
4786 *   WOLFSSL_V_ASN1_PRINTABLESTRING : WOLFSSL_ASN1_STRING.
4787 *   WOLFSSL_V_ASN1_T61STRING       : WOLFSSL_ASN1_STRING.
4788 *   WOLFSSL_V_ASN1_IA5STRING       : WOLFSSL_ASN1_STRING.
4789 *   WOLFSSL_V_ASN1_UNINVERSALSTRING: WOLFSSL_ASN1_STRING.
4790 *   WOLFSSL_V_ASN1_SEQUENCE        : WOLFSSL_ASN1_STRING.
4791 *
4792 * @param [in, out] a      ASN.1 TYPE object to set.
4793 * @param [in]      type   ASN.1 type of value.
4794 * @param [in]      value  Value to store.
4795 */
4796void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
4797{
4798    if (a != NULL) {
4799        switch (type) {
4800            case WOLFSSL_V_ASN1_NULL:
4801                if (value != NULL) {
4802                    WOLFSSL_MSG("NULL tag meant to be always empty!");
4803                    /* No way to return error - value will not be used. */
4804                }
4805                FALL_THROUGH;
4806            case WOLFSSL_V_ASN1_OBJECT:
4807            case WOLFSSL_V_ASN1_UTCTIME:
4808            case WOLFSSL_V_ASN1_GENERALIZEDTIME:
4809            case WOLFSSL_V_ASN1_UTF8STRING:
4810            case WOLFSSL_V_ASN1_OCTET_STRING:
4811            case WOLFSSL_V_ASN1_PRINTABLESTRING:
4812            case WOLFSSL_V_ASN1_T61STRING:
4813            case WOLFSSL_V_ASN1_IA5STRING:
4814            case WOLFSSL_V_ASN1_UNIVERSALSTRING:
4815            case WOLFSSL_V_ASN1_SEQUENCE:
4816                /* Dispose of any value currently set. */
4817                wolfssl_asn1_type_free_value(a);
4818                /* Assign anonymously typed input to anonymously typed field. */
4819                a->value.ptr = (char *)value;
4820                /* Set the type required. */
4821                a->type = type;
4822                break;
4823            default:
4824                WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
4825                /* No way to return error. */
4826        }
4827    }
4828}
4829
4830int wolfSSL_ASN1_TYPE_get(const WOLFSSL_ASN1_TYPE *a)
4831{
4832    if (a != NULL && (a->type == WOLFSSL_V_ASN1_BOOLEAN ||
4833                      a->type == WOLFSSL_V_ASN1_NULL    ||
4834                      a->value.ptr != NULL)) {
4835        return a->type;
4836    }
4837    return 0;
4838}
4839
4840#endif /* OPENSSL_ALL || OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL ||
4841          WOLFSSL_WPAS_SMALL */
4842
4843#endif /* !NO_ASN */
4844
4845#endif /* !WOLFSSL_SSL_ASN1_INCLUDED */