use asn1_decode_simple_ber if available

author: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-03-04 14:59:58 +0100
committer: Nikos Mavrogiannopoulos <nmav@redhat.com> 2015-03-04 15:10:59 +0100
commit: 67e28a7b18f5363c6d1ad45fbb23f3d5bc1d5a50 (patch)
tree: 0072fdad168230cc1cc54347302d24ae5f8f73c9
parent: e4e43b88970a56bf5ac43ef2f6143c520c24925e (diff)
download: gnutls-67e28a7b18f5363c6d1ad45fbb23f3d5bc1d5a50.tar.gz
10 files changed, 43 insertions, 23 deletions
diff --git a/lib/gnutls_pubkey.c b/lib/gnutls_pubkey.c
index d0cb93717d..0bc3613673 100644
--- a/lib/gnutls_pubkey.c
+++ b/lib/gnutls_pubkey.c
@@ -1453,7 +1453,7 @@ gnutls_pubkey_import_ecc_x962(gnutls_pubkey_t key,
 	}
 
 	ret = _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
-					 ecpoint->data, ecpoint->size, &raw_point);
+					 ecpoint->data, ecpoint->size, &raw_point, 0);
 	if (ret < 0) {
 		gnutls_assert();
 		goto cleanup;
diff --git a/lib/tpm.c b/lib/tpm.c
index 60c8d64e10..f085c93d09 100644
--- a/lib/tpm.c
+++ b/lib/tpm.c
@@ -380,7 +380,7 @@ static int load_key(TSS_HCONTEXT tpm_ctx, TSS_HKEY srk,
 
 		ret =
 		    _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING,
-					       asn1.data, asn1.size, &td);
+					       asn1.data, asn1.size, &td, 0);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
diff --git a/lib/x509/common.c b/lib/x509/common.c
index b497e7a4c4..d92290a2ac 100644
--- a/lib/x509/common.c
+++ b/lib/x509/common.c
@@ -485,7 +485,7 @@ _gnutls_x509_dn_to_string(const char *oid, void *value,
 	} else {
 		ret =
 		    _gnutls_x509_decode_string(oentry->etype, value,
-					       value_size, &tmp);
+					       value_size, &tmp, 0);
 		if (ret < 0) {
 			/* we failed decoding -> handle it as unknown OID */
 			goto unknown_oid;
@@ -968,15 +968,21 @@ _gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
 int
 _gnutls_x509_decode_string(unsigned int etype,
 			   const uint8_t * der, size_t der_size,
-			   gnutls_datum_t * output)
+			   gnutls_datum_t * output, unsigned allow_ber)
 {
 	int ret;
-	const uint8_t *str;
+	uint8_t *str;
 	unsigned int str_size, len;
 	gnutls_datum_t td;
 
-	ret =
-	    asn1_decode_simple_der(etype, der, der_size, &str, &str_size);
+#ifdef HAVE_ASN1_DECODE_SIMPLE_BER
+	if (allow_ber)
+		ret =
+		    asn1_decode_simple_ber(etype, der, der_size, &str, &str_size, NULL);
+	else
+#endif
+		ret =
+		    asn1_decode_simple_der(etype, der, der_size, (const uint8_t**)&str, &str_size);
 	if (ret != ASN1_SUCCESS) {
 		gnutls_assert();
 		ret = _gnutls_asn2err(ret);
@@ -991,6 +997,11 @@ _gnutls_x509_decode_string(unsigned int etype,
 	memcpy(td.data, str, str_size);
 	td.data[str_size] = 0;
 
+#ifdef HAVE_ASN1_DECODE_SIMPLE_BER
+	if (allow_ber)
+		free(str);
+#endif
+
 	ret = make_printable_string(etype, &td, output);
 	if (ret == GNUTLS_E_INVALID_REQUEST) {	/* unsupported etype */
 		output->data = td.data;
@@ -1085,7 +1096,7 @@ _gnutls_x509_read_value(ASN1_TYPE c, const char *root,
  */
 int
 _gnutls_x509_read_string(ASN1_TYPE c, const char *root,
-			 gnutls_datum_t * ret, unsigned int etype)
+			 gnutls_datum_t * ret, unsigned int etype, unsigned int allow_ber)
 {
 	int len = 0, result;
 	size_t slen;
@@ -1123,7 +1134,7 @@ _gnutls_x509_read_string(ASN1_TYPE c, const char *root,
 	 */
 	slen = (size_t) len;
 
-	result = _gnutls_x509_decode_string(etype, tmp, slen, ret);
+	result = _gnutls_x509_decode_string(etype, tmp, slen, ret, allow_ber);
 	if (result < 0) {
 		gnutls_assert();
 		goto cleanup;
diff --git a/lib/x509/common.h b/lib/x509/common.h
index e7431e8c01..388831bf3b 100644
--- a/lib/x509/common.h
+++ b/lib/x509/common.h
@@ -79,7 +79,8 @@ int _gnutls_x509_set_time(ASN1_TYPE c2, const char *where, time_t tim,
 
 int _gnutls_x509_decode_string(unsigned int etype,
 			       const uint8_t * der, size_t der_size,
-			       gnutls_datum_t * output);
+			       gnutls_datum_t * output,
+			       unsigned allow_ber);
 
 int _gnutls_x509_encode_string(unsigned int etype,
 			       const void *input_data, size_t input_size,
@@ -118,7 +119,8 @@ int _gnutls_x509_export_int_named2(ASN1_TYPE asn1_data, const char *name,
 int _gnutls_x509_read_value(ASN1_TYPE c, const char *root,
 			    gnutls_datum_t * ret);
 int _gnutls_x509_read_string(ASN1_TYPE c, const char *root,
-			     gnutls_datum_t * ret, unsigned int etype);
+			     gnutls_datum_t * ret, unsigned int etype,
+			     unsigned allow_ber);
 int _gnutls_x509_write_value(ASN1_TYPE c, const char *root,
 			     const gnutls_datum_t * data);
 
diff --git a/lib/x509/dn.c b/lib/x509/dn.c
index 07d890361d..140071a1db 100644
--- a/lib/x509/dn.c
+++ b/lib/x509/dn.c
@@ -645,7 +645,7 @@ _gnutls_x509_decode_and_read_attribute(ASN1_TYPE asn1_struct,
 	if (octet_string)
 		result =
 		    _gnutls_x509_read_string(asn1_struct, tmpbuffer, value,
-					     ASN1_ETYPE_OCTET_STRING);
+					     ASN1_ETYPE_OCTET_STRING, 0);
 	else
 		result =
 		    _gnutls_x509_read_value(asn1_struct, tmpbuffer, value);
diff --git a/lib/x509/ocsp.c b/lib/x509/ocsp.c
index e28bccca4e..aa4784d32e 100644
--- a/lib/x509/ocsp.c
+++ b/lib/x509/ocsp.c
@@ -854,7 +854,7 @@ gnutls_ocsp_req_get_nonce(gnutls_ocsp_req_t req,
 
 	ret =
 	    _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data,
-				       (size_t) tmp.size, nonce);
+				       (size_t) tmp.size, nonce, 0);
 	if (ret < 0) {
 		gnutls_assert();
 		gnutls_free(tmp.data);
@@ -1675,7 +1675,7 @@ gnutls_ocsp_resp_get_nonce(gnutls_ocsp_resp_t resp,
 
 	ret =
 	    _gnutls_x509_decode_string(ASN1_ETYPE_OCTET_STRING, tmp.data,
-				       (size_t) tmp.size, nonce);
+				       (size_t) tmp.size, nonce, 0);
 	if (ret < 0) {
 		gnutls_assert();
 		gnutls_free(tmp.data);
diff --git a/lib/x509/pkcs12.c b/lib/x509/pkcs12.c
index 6391a40017..04019f3847 100644
--- a/lib/x509/pkcs12.c
+++ b/lib/x509/pkcs12.c
@@ -70,7 +70,7 @@ _decode_pkcs12_auth_safe(ASN1_TYPE pkcs12, ASN1_TYPE * authen_safe,
 
 	result =
 	    _gnutls_x509_read_string(pkcs12, "authSafe.content",
-				     &auth_safe, ASN1_ETYPE_OCTET_STRING);
+				     &auth_safe, ASN1_ETYPE_OCTET_STRING, 1);
 	if (result < 0) {
 		gnutls_assert();
 		goto cleanup;
@@ -488,7 +488,7 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content,
 					    _gnutls_x509_decode_string
 					    (ASN1_ETYPE_OCTET_STRING,
 					     attr_val.data, attr_val.size,
-					     &t);
+					     &t, 1);
 					_gnutls_free_datum(&attr_val);
 					if (result < 0) {
 						gnutls_assert();
@@ -509,7 +509,7 @@ _pkcs12_decode_safe_contents(const gnutls_datum_t * content,
 					    _gnutls_x509_decode_string
 					    (ASN1_ETYPE_BMP_STRING,
 					     attr_val.data, attr_val.size,
-					     &t);
+					     &t, 1);
 					_gnutls_free_datum(&attr_val);
 					if (result < 0) {
 						gnutls_assert();
@@ -562,7 +562,7 @@ _parse_safe_contents(ASN1_TYPE sc, const char *sc_name,
 
 	result =
 	    _gnutls_x509_read_string(sc, sc_name, &content,
-				     ASN1_ETYPE_OCTET_STRING);
+				     ASN1_ETYPE_OCTET_STRING, 1);
 	if (result < 0) {
 		gnutls_assert();
 		goto cleanup;
diff --git a/lib/x509/pkcs12_bag.c b/lib/x509/pkcs12_bag.c
index c285ef5339..d7100a7b10 100644
--- a/lib/x509/pkcs12_bag.c
+++ b/lib/x509/pkcs12_bag.c
@@ -186,7 +186,7 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
 
 		ret =
 		    _gnutls_x509_read_string(c2, "certValue", out,
-					     ASN1_ETYPE_OCTET_STRING);
+					     ASN1_ETYPE_OCTET_STRING, 1);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
@@ -211,7 +211,7 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
 
 		ret =
 		    _gnutls_x509_read_string(c2, "crlValue", out,
-					     ASN1_ETYPE_OCTET_STRING);
+					     ASN1_ETYPE_OCTET_STRING, 1);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
@@ -236,7 +236,7 @@ _pkcs12_decode_crt_bag(gnutls_pkcs12_bag_type_t type,
 
 		ret =
 		    _gnutls_x509_read_string(c2, "secretValue", out,
-					     ASN1_ETYPE_OCTET_STRING);
+					     ASN1_ETYPE_OCTET_STRING, 1);
 		if (ret < 0) {
 			gnutls_assert();
 			goto cleanup;
diff --git a/lib/x509/x509_ext.c b/lib/x509/x509_ext.c
index 2bfe26c12a..058a2a4595 100644
--- a/lib/x509/x509_ext.c
+++ b/lib/x509/x509_ext.c
@@ -1853,7 +1853,7 @@ int gnutls_x509_ext_import_policies(const gnutls_datum_t * ext,
 
 				ret =
 				    _gnutls_x509_read_string(c2, tmpstr, &td,
-							     ASN1_ETYPE_IA5_STRING);
+							     ASN1_ETYPE_IA5_STRING, 0);
 				if (ret < 0) {
 					gnutls_assert();
 					goto full_cleanup;
@@ -3154,7 +3154,7 @@ int gnutls_x509_othername_to_virtual(const char *oid,
 		case GNUTLS_SAN_OTHERNAME_XMPP:
 			ret = _gnutls_x509_decode_string
 				    (ASN1_ETYPE_UTF8_STRING, othername->data,
-				     othername->size, virt);
+				     othername->size, virt, 0);
 			if (ret < 0) {
 				gnutls_assert();
 				return ret;
diff --git a/m4/hooks.m4 b/m4/hooks.m4
index b347616f68..ce756eeca8 100644
--- a/m4/hooks.m4
+++ b/m4/hooks.m4
@@ -124,6 +124,13 @@ AC_MSG_ERROR([[
     GNUTLS_REQUIRES_PRIVATE="${GNUTLS_REQUIRES_PRIVATE}, libtasn1"
   fi
 
+  oldlibs="$LIBS"
+  LIBS="$LIBS $LIBTASN1_LIBS"
+  oldcflags="$CFLAGS"
+  CFLAGS="$CFLAGS $LIBTASN1_CFLAGS"
+  AC_CHECK_FUNC(asn1_decode_simple_ber,
+                [AC_DEFINE(HAVE_ASN1_DECODE_SIMPLE_BER, 1, [Have this function])], [])
+
   AC_MSG_CHECKING([whether C99 macros are supported])
   AC_TRY_COMPILE(,
   [
author	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-03-04 14:59:58 +0100
committer	Nikos Mavrogiannopoulos <nmav@redhat.com>	2015-03-04 15:10:59 +0100
commit	67e28a7b18f5363c6d1ad45fbb23f3d5bc1d5a50 (patch)
tree	0072fdad168230cc1cc54347302d24ae5f8f73c9
parent	e4e43b88970a56bf5ac43ef2f6143c520c24925e (diff)
download	gnutls-67e28a7b18f5363c6d1ad45fbb23f3d5bc1d5a50.tar.gz