... | ... |
@@ -92,24 +92,26 @@ int asn1_expect_objtype(fmap_t *map, void *asn1data, unsigned int *asn1len, stru |
92 | 92 |
return 0; |
93 | 93 |
} |
94 | 94 |
|
95 |
-int asn1_expect_obj(fmap_t *map, void *asn1data, unsigned int *asn1len, struct cli_asn1 *obj, uint8_t type, unsigned int size, const void *content) { |
|
96 |
- int ret = asn1_expect_objtype(map, asn1data, asn1len, obj, type); |
|
95 |
+int asn1_expect_obj(fmap_t *map, void **asn1data, unsigned int *asn1len, uint8_t type, unsigned int size, const void *content) { |
|
96 |
+ struct cli_asn1 obj; |
|
97 |
+ int ret = asn1_expect_objtype(map, *asn1data, asn1len, &obj, type); |
|
97 | 98 |
if(ret) |
98 | 99 |
return ret; |
99 |
- if(obj->size != size) { |
|
100 |
- cli_dbgmsg("asn1_expect_obj: expected size %u, got %u\n", size, obj->size); |
|
100 |
+ if(obj.size != size) { |
|
101 |
+ cli_dbgmsg("asn1_expect_obj: expected size %u, got %u\n", size, obj.size); |
|
101 | 102 |
return 1; |
102 | 103 |
} |
103 | 104 |
if(size) { |
104 |
- if(!fmap_need_ptr_once(map, obj->content, size)) { |
|
105 |
+ if(!fmap_need_ptr_once(map, obj.content, size)) { |
|
105 | 106 |
cli_dbgmsg("asn1_expect_obj: failed to read content\n"); |
106 | 107 |
return 1; |
107 | 108 |
} |
108 |
- if(memcmp(obj->content, content, size)) { |
|
109 |
+ if(memcmp(obj.content, content, size)) { |
|
109 | 110 |
cli_dbgmsg("asn1_expect_obj: content mismatch\n"); |
110 | 111 |
return 1; |
111 | 112 |
} |
112 | 113 |
} |
114 |
+ *asn1data = obj.next; |
|
113 | 115 |
return 0; |
114 | 116 |
} |
115 | 117 |
|
... | ... |
@@ -122,9 +124,9 @@ int asn1_expect_algo(fmap_t *map, void **asn1data, unsigned int *asn1len, unsign |
122 | 122 |
avail = obj.size; |
123 | 123 |
*asn1data = obj.next; |
124 | 124 |
|
125 |
- if((ret = asn1_expect_obj(map, obj.content, &avail, &obj, 0x06, algo_size, algo))) /* ALGO */ |
|
125 |
+ if((ret = asn1_expect_obj(map, &obj.content, &avail, 0x06, algo_size, algo))) /* ALGO */ |
|
126 | 126 |
return ret; |
127 |
- if(avail && (ret = asn1_expect_obj(map, obj.next, &avail, &obj, 0x05, 0, NULL))) /* NULL */ |
|
127 |
+ if(avail && (ret = asn1_expect_obj(map, &obj.content, &avail, 0x05, 0, NULL))) /* NULL */ |
|
128 | 128 |
return ret; |
129 | 129 |
if(avail) { |
130 | 130 |
cli_dbgmsg("asn1_expect_algo: extra data found in SEQUENCE\n"); |
... | ... |
@@ -163,7 +165,7 @@ static int asn1_expect_rsa(fmap_t *map, void **asn1data, unsigned int *asn1len, |
163 | 163 |
cli_dbgmsg("asn1_expect_rsa: OID mismatch\n"); |
164 | 164 |
return 1; |
165 | 165 |
} |
166 |
- if((ret = asn1_expect_obj(map, obj.next, &avail, &obj, 0x05, 0, NULL))) /* NULL */ |
|
166 |
+ if((ret = asn1_expect_obj(map, &obj.next, &avail, 0x05, 0, NULL))) /* NULL */ |
|
167 | 167 |
return ret; |
168 | 168 |
if(avail) { |
169 | 169 |
cli_dbgmsg("asn1_expect_rsa: extra data found in SEQUENCE\n"); |
... | ... |
@@ -459,7 +461,7 @@ int asn1_get_x509(fmap_t *map, void **asn1data, unsigned int *size, crtmgr *mast |
459 | 459 |
return 1; |
460 | 460 |
avail = obj.size; |
461 | 461 |
next = obj.next; |
462 |
- if(asn1_expect_obj(map, obj.content, &avail, &obj, 0x02, 1, "\x02")) /* version 3 only */ |
|
462 |
+ if(asn1_expect_obj(map, &obj.content, &avail, 0x02, 1, "\x02")) /* version 3 only */ |
|
463 | 463 |
return 1; |
464 | 464 |
if(avail) { |
465 | 465 |
cli_dbgmsg("asn1_get_x509: found unexpected extra data in version\n"); |
... | ... |
@@ -592,9 +594,9 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
592 | 592 |
break; |
593 | 593 |
} |
594 | 594 |
size = asn1.size; |
595 |
- if(asn1_expect_obj(map, asn1.content, &size, &asn1, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02")) /* OBJECT 1.2.840.113549.1.7.2 - contentType = signedData */ |
|
595 |
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02")) /* OBJECT 1.2.840.113549.1.7.2 - contentType = signedData */ |
|
596 | 596 |
break; |
597 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0xa0)) /* [0] - content */ |
|
597 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0xa0)) /* [0] - content */ |
|
598 | 598 |
break; |
599 | 599 |
if(size) { |
600 | 600 |
cli_dbgmsg("asn1_parse_mscat: found extra data in pkcs#7\n"); |
... | ... |
@@ -608,10 +610,10 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
608 | 608 |
break; |
609 | 609 |
} |
610 | 610 |
size = asn1.size; |
611 |
- if(asn1_expect_obj(map, asn1.content, &size, &asn1, 0x02, 1, "\x01")) /* INTEGER - VERSION 1 */ |
|
611 |
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x02, 1, "\x01")) /* INTEGER - VERSION 1 */ |
|
612 | 612 |
break; |
613 | 613 |
|
614 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0x31)) /* SET OF DigestAlgorithmIdentifier */ |
|
614 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0x31)) /* SET OF DigestAlgorithmIdentifier */ |
|
615 | 615 |
break; |
616 | 616 |
|
617 | 617 |
if(asn1_expect_algo(map, &asn1.content, &asn1.size, 5, "\x2b\x0e\x03\x02\x1a")) /* DigestAlgorithmIdentifier[0] == sha1 */ |
... | ... |
@@ -625,9 +627,9 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
625 | 625 |
break; |
626 | 626 |
/* Here there is either a PKCS #7 ContentType Object Identifier for Certificate Trust List (szOID_CTL) |
627 | 627 |
* or a single SPC_INDIRECT_DATA_OBJID */ |
628 |
- if(asn1_expect_obj(map, asn1.content, &asn1.size, &deep, 0x06, 9, "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01")) /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */ |
|
628 |
+ if(asn1_expect_obj(map, &asn1.content, &asn1.size, 0x06, 9, "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01")) /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */ |
|
629 | 629 |
break; |
630 |
- if(asn1_expect_objtype(map, deep.next, &asn1.size, &deep, 0xa0)) |
|
630 |
+ if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0xa0)) |
|
631 | 631 |
break; |
632 | 632 |
if(asn1.size) { |
633 | 633 |
cli_dbgmsg("asn1_parse_mscat: found extra data in szOID_CTL\n"); |
... | ... |
@@ -647,7 +649,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
647 | 647 |
dsize = deep.size; |
648 | 648 |
if(asn1_expect_objtype(map, deep.content, &dsize, &deep, 0x30)) |
649 | 649 |
break; |
650 |
- if(asn1_expect_obj(map, deep.content, &deep.size, &deeper, 0x06, 10, "\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x01")) /* szOID_CATALOG_LIST - 1.3.6.1.4.1.311.12.1.1 */ |
|
650 |
+ if(asn1_expect_obj(map, &deep.content, &deep.size, 0x06, 10, "\x2b\x06\x01\x04\x01\x82\x37\x0c\x01\x01")) /* szOID_CATALOG_LIST - 1.3.6.1.4.1.311.12.1.1 */ |
|
651 | 651 |
break; |
652 | 652 |
if(deep.size) { |
653 | 653 |
cli_dbgmsg("asn1_parse_mscat: found extra data in szOID_CATALOG_LIST content\n"); |
... | ... |
@@ -791,9 +793,9 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
791 | 791 |
break; |
792 | 792 |
} |
793 | 793 |
size = asn1.size; |
794 |
- if(asn1_expect_obj(map, asn1.content, &size, &asn1, 0x02, 1, "\x01")) /* Version = 1 */ |
|
794 |
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x02, 1, "\x01")) /* Version = 1 */ |
|
795 | 795 |
break; |
796 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0x30)) /* issuerAndSerialNumber */ |
|
796 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0x30)) /* issuerAndSerialNumber */ |
|
797 | 797 |
break; |
798 | 798 |
dsize = asn1.size; |
799 | 799 |
if(asn1_expect_objtype(map, asn1.content, &dsize, &deep, 0x30)) /* issuer */ |
... | ... |
@@ -864,7 +866,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
864 | 864 |
|
865 | 865 |
if(content == 0) { /* contentType */ |
866 | 866 |
/* FIXME CHECK THE ACTUAL CONTENT TYPE MATCHES */ |
867 |
- if(asn1_expect_obj(map, deeper.content, &deeper.size, &cobj, 0x06, 9, "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01")) { /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */ |
|
867 |
+ if(asn1_expect_obj(map, &deeper.content, &deeper.size, 0x06, 9, "\x2b\x06\x01\x04\x01\x82\x37\x0a\x01")) { /* szOID_CTL - 1.3.6.1.4.1.311.10.1 */ |
|
868 | 868 |
dsize = 1; |
869 | 869 |
break; |
870 | 870 |
} |
... | ... |
@@ -955,9 +957,9 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
955 | 955 |
|
956 | 956 |
size = asn1.size; |
957 | 957 |
/* 1.2.840.113549.1.9.6 - counterSignature */ |
958 |
- if(asn1_expect_obj(map, asn1.content, &size, &asn1, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x06")) |
|
958 |
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x09\x06")) |
|
959 | 959 |
break; |
960 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0x31)) |
|
960 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0x31)) |
|
961 | 961 |
break; |
962 | 962 |
if(size) { |
963 | 963 |
cli_dbgmsg("asn1_parse_mscat: extra data inside counterSignature\n"); |
... | ... |
@@ -973,10 +975,10 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
973 | 973 |
} |
974 | 974 |
|
975 | 975 |
size = asn1.size; |
976 |
- if(asn1_expect_obj(map, asn1.content, &size, &asn1, 0x02, 1, "\x01")) /* Version = 1*/ |
|
976 |
+ if(asn1_expect_obj(map, &asn1.content, &size, 0x02, 1, "\x01")) /* Version = 1*/ |
|
977 | 977 |
break; |
978 | 978 |
|
979 |
- if(asn1_expect_objtype(map, asn1.next, &size, &asn1, 0x30)) /* issuerAndSerialNumber */ |
|
979 |
+ if(asn1_expect_objtype(map, asn1.content, &size, &asn1, 0x30)) /* issuerAndSerialNumber */ |
|
980 | 980 |
break; |
981 | 981 |
|
982 | 982 |
if(asn1_expect_objtype(map, asn1.content, &asn1.size, &deep, 0x30)) /* issuer */ |
... | ... |
@@ -1015,7 +1017,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
1015 | 1015 |
cli_dbgmsg("asn1_parse_mscat: unknown digest oid in countersignature\n"); |
1016 | 1016 |
break; |
1017 | 1017 |
} |
1018 |
- if(asn1.size && asn1_expect_obj(map, deep.next, &asn1.size, &deep, 0x05, 0, NULL)) |
|
1018 |
+ if(asn1.size && asn1_expect_obj(map, &deep.next, &asn1.size, 0x05, 0, NULL)) |
|
1019 | 1019 |
break; |
1020 | 1020 |
if(asn1.size) { |
1021 | 1021 |
cli_dbgmsg("asn1_parse_mscat: extra data in countersignature oid\n"); |
... | ... |
@@ -1076,13 +1078,13 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
1076 | 1076 |
deep.size = deeper.size; |
1077 | 1077 |
switch(content) { |
1078 | 1078 |
case 0: /* contentType = pkcs7-data */ |
1079 |
- if(asn1_expect_obj(map, deeper.content, &deep.size, &deeper, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x01")) |
|
1079 |
+ if(asn1_expect_obj(map, &deeper.content, &deep.size, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x01")) |
|
1080 | 1080 |
deep.size = 1; |
1081 | 1081 |
else if(deep.size) |
1082 | 1082 |
cli_dbgmsg("asn1_parse_mscat: extra data in countersignature content-type\n"); |
1083 | 1083 |
break; |
1084 | 1084 |
case 1: /* messageDigest */ |
1085 |
- if(asn1_expect_obj(map, deeper.content, &deep.size, &deeper, 0x04, (hashtype == CLI_SHA1RSA) ? SHA1_HASH_SIZE : 16, md)) { |
|
1085 |
+ if(asn1_expect_obj(map, &deeper.content, &deep.size, 0x04, (hashtype == CLI_SHA1RSA) ? SHA1_HASH_SIZE : 16, md)) { |
|
1086 | 1086 |
deep.size = 1; |
1087 | 1087 |
cli_dbgmsg("asn1_parse_mscat: countersignature hash mismatch\n"); |
1088 | 1088 |
} else if(deep.size) |
... | ... |
@@ -1127,7 +1129,7 @@ int asn1_parse_mscat(FILE *f, crtmgr *cmgr) { |
1127 | 1127 |
cli_dbgmsg("asn1_parse_mscat: digestEncryptionAlgorithm in countersignature is not sha1\n"); |
1128 | 1128 |
break; |
1129 | 1129 |
} |
1130 |
- if(asn1.size && asn1_expect_obj(map, deep.next, &asn1.size, &deep, 0x05, 0, NULL)) |
|
1130 |
+ if(asn1.size && asn1_expect_obj(map, &deep.next, &asn1.size, 0x05, 0, NULL)) |
|
1131 | 1131 |
break; |
1132 | 1132 |
if(asn1.size) { |
1133 | 1133 |
cli_dbgmsg("asn1_parse_mscat: extra data in digestEncryptionAlgorithm in countersignature\n"); |
... | ... |
@@ -17,7 +17,7 @@ struct cli_asn1 { |
17 | 17 |
|
18 | 18 |
int asn1_get_obj(fmap_t *map, void *asn1data, unsigned int *asn1len, struct cli_asn1 *obj); |
19 | 19 |
int asn1_expect_objtype(fmap_t *map, void *asn1data, unsigned int *asn1len, struct cli_asn1 *obj, uint8_t type); |
20 |
-int asn1_expect_obj(fmap_t *map, void *asn1data, unsigned int *asn1len, struct cli_asn1 *obj, uint8_t type, unsigned int size, const void *content); |
|
20 |
+int asn1_expect_obj(fmap_t *map, void **asn1data, unsigned int *asn1len, uint8_t type, unsigned int size, const void *content); |
|
21 | 21 |
int asn1_expect_algo(fmap_t *map, void **asn1data, unsigned int *asn1len, unsigned int algo_size, const void *algo); |
22 | 22 |
int ms_asn1_get_sha1(fmap_t *map, void *asn1data, unsigned int avail, unsigned int emb, uint8_t sha1[SHA1_HASH_SIZE], unsigned int *len); |
23 | 23 |
int asn1_get_time(fmap_t *map, void **asn1data, unsigned int *size, time_t *time); |
... | ... |
@@ -2663,18 +2663,18 @@ int cli_scanpe(cli_ctx *ctx) { |
2663 | 2663 |
if(asn1_expect_objtype(map, hptr, &hlen, &asn1, 0x30)) /* SEQUENCE */ |
2664 | 2664 |
break; |
2665 | 2665 |
hlen = asn1.size; |
2666 |
- if(asn1_expect_obj(map, asn1.content, &hlen, &asn1, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02")) /* OBJECT 1.2.840.113549.1.7.2 - pkcs7 signedData */ |
|
2666 |
+ if(asn1_expect_obj(map, &asn1.content, &hlen, 0x06, 9, "\x2a\x86\x48\x86\xf7\x0d\x01\x07\x02")) /* OBJECT 1.2.840.113549.1.7.2 - pkcs7 signedData */ |
|
2667 | 2667 |
break; |
2668 |
- if(asn1_expect_objtype(map, asn1.next, &hlen, &asn1, 0xa0)) /* [0] */ |
|
2668 |
+ if(asn1_expect_objtype(map, asn1.content, &hlen, &asn1, 0xa0)) /* [0] */ |
|
2669 | 2669 |
break; |
2670 | 2670 |
hlen = asn1.size; |
2671 | 2671 |
if(asn1_expect_objtype(map, asn1.content, &hlen, &asn1, 0x30)) /* SEQUENCE */ |
2672 | 2672 |
break; |
2673 | 2673 |
hlen = asn1.size; |
2674 |
- if(asn1_expect_obj(map, asn1.content, &hlen, &asn1, 0x02, 1, "\x01")) /* INTEGER - VERSION 1 */ |
|
2674 |
+ if(asn1_expect_obj(map, &asn1.content, &hlen, 0x02, 1, "\x01")) /* INTEGER - VERSION 1 */ |
|
2675 | 2675 |
break; |
2676 | 2676 |
|
2677 |
- if(!asn1_expect_objtype(map, asn1.next, &hlen, &asn1, 0x31)) { /* SET OF DigestAlgorithmIdentifier */ |
|
2677 |
+ if(!asn1_expect_objtype(map, asn1.content, &hlen, &asn1, 0x31)) { /* SET OF DigestAlgorithmIdentifier */ |
|
2678 | 2678 |
success = 0; |
2679 | 2679 |
old_hlen = hlen; |
2680 | 2680 |
old_next = asn1.next; |