diff options
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_decode.c | 99 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_decode.h | 37 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_encode.c | 145 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_encode.h | 69 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_get.c | 115 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_get.h | 45 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.c | 1477 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_decode.h | 175 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.c | 529 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_k_encode.h | 201 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_make.c | 93 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_make.h | 65 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_misc.c | 7 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1_misc.h | 7 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1buf.c | 177 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1buf.h | 103 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/asn1glue.h | 5 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/krb5_decode.c | 569 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/krb5_encode.c | 287 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/krbasn1.h | 49 | ||||
| -rw-r--r-- | src/lib/krb5/asn.1/ldap_key_seq.c | 337 |
21 files changed, 2306 insertions, 2285 deletions
diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c index dffd93b44..62c042706 100644 --- a/src/lib/krb5/asn.1/asn1_decode.c +++ b/src/lib/krb5/asn.1/asn1_decode.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_decode.c - * + * * Copyright 1994, 2003 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -42,17 +43,17 @@ asn1_error_code retval;\ taginfo tinfo -#define asn1class (tinfo.asn1class) -#define construction (tinfo.construction) -#define tagnum (tinfo.tagnum) -#define length (tinfo.length) +#define asn1class (tinfo.asn1class) +#define construction (tinfo.construction) +#define tagnum (tinfo.tagnum) +#define length (tinfo.length) #define tag(type)\ retval = asn1_get_tag_2(buf,&tinfo);\ if (retval) return retval;\ if (asn1class != UNIVERSAL || construction != PRIMITIVE || tagnum != type)\ return ASN1_BAD_ID - + #define cleanup()\ return 0 @@ -66,16 +67,16 @@ asn1_error_code asn1_decode_integer(asn1buf *buf, long int *val) tag(ASN1_INTEGER); for (i = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (!i) { - n = (0x80 & o) ? -1 : 0; /* grab sign bit */ - if (n < 0 && length > sizeof (long)) - return ASN1_OVERFLOW; - else if (length > sizeof (long) + 1) /* allow extra octet for positive */ - return ASN1_OVERFLOW; - } - n = (n << 8) | o; + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (!i) { + n = (0x80 & o) ? -1 : 0; /* grab sign bit */ + if (n < 0 && length > sizeof (long)) + return ASN1_OVERFLOW; + else if (length > sizeof (long) + 1) /* allow extra octet for positive */ + return ASN1_OVERFLOW; + } + n = (n << 8) | o; } *val = n; cleanup(); @@ -91,15 +92,15 @@ asn1_error_code asn1_decode_unsigned_integer(asn1buf *buf, long unsigned int *va tag(ASN1_INTEGER); for (i = 0, n = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (!i) { - if (0x80 & o) - return ASN1_OVERFLOW; - else if (length > sizeof (long) + 1) - return ASN1_OVERFLOW; - } - n = (n << 8) | o; + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (!i) { + if (0x80 & o) + return ASN1_OVERFLOW; + else if (length > sizeof (long) + 1) + return ASN1_OVERFLOW; + } + n = (n << 8) | o; } *val = n; cleanup(); @@ -127,23 +128,23 @@ asn1_error_code asn1_decode_maybe_unsigned(asn1buf *buf, unsigned long *val) n = 0; bitsremain = ~0UL; for (i = 0; i < length; i++) { - /* Accounts for u_long width not being a multiple of 8. */ - if (bitsremain < 0xff) return ASN1_OVERFLOW; - retval = asn1buf_remove_octet(buf, &o); - if (retval) return retval; - if (bitsremain == ~0UL) { - if (i == 0) - n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */ - /* - * Skip leading zero or 0xFF octets to humor non-compliant encoders. - */ - if (n == 0 && o == 0) - continue; - if (n == ~0UL && o == 0xff) - continue; - } - n = (n << 8) | o; - bitsremain >>= 8; + /* Accounts for u_long width not being a multiple of 8. */ + if (bitsremain < 0xff) return ASN1_OVERFLOW; + retval = asn1buf_remove_octet(buf, &o); + if (retval) return retval; + if (bitsremain == ~0UL) { + if (i == 0) + n = (o & 0x80) ? ~0UL : 0UL; /* grab sign bit */ + /* + * Skip leading zero or 0xFF octets to humor non-compliant encoders. + */ + if (n == 0 && o == 0) + continue; + if (n == ~0UL && o == 0xff) + continue; + } + n = (n << 8) | o; + bitsremain >>= 8; } *val = n; cleanup(); @@ -232,17 +233,17 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, time_t *val) retval = asn1buf_remove_charstring(buf,15,&s); /* Time encoding: YYYYMMDDhhmmssZ */ if (s[14] != 'Z') { - free(s); - return ASN1_BAD_FORMAT; + free(s); + return ASN1_BAD_FORMAT; } if (s[0] == '1' && !memcmp("19700101000000Z", s, 15)) { - t = 0; - free(s); - goto done; + t = 0; + free(s); + goto done; } #define c2i(c) ((c)-'0') ts.tm_year = 1000*c2i(s[0]) + 100*c2i(s[1]) + 10*c2i(s[2]) + c2i(s[3]) - - 1900; + - 1900; ts.tm_mon = 10*c2i(s[4]) + c2i(s[5]) - 1; ts.tm_mday = 10*c2i(s[6]) + c2i(s[7]); ts.tm_hour = 10*c2i(s[8]) + c2i(s[9]); diff --git a/src/lib/krb5/asn.1/asn1_decode.h b/src/lib/krb5/asn.1/asn1_decode.h index cafbf3fd3..373826ceb 100644 --- a/src/lib/krb5/asn.1/asn1_decode.h +++ b/src/lib/krb5/asn.1/asn1_decode.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_decode.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -56,37 +57,37 @@ modifies *buf, *len effects Decodes the octet string in *buf into *val. Returns ENOMEM if memory is exhausted. - Returns asn1 errors. */ + Returns asn1 errors. */ asn1_error_code asn1_decode_integer - (asn1buf *buf, long *val); + (asn1buf *buf, long *val); asn1_error_code asn1_decode_unsigned_integer - (asn1buf *buf, unsigned long *val); + (asn1buf *buf, unsigned long *val); asn1_error_code asn1_decode_maybe_unsigned - (asn1buf *buf, unsigned long *val); + (asn1buf *buf, unsigned long *val); asn1_error_code asn1_decode_null - (asn1buf *buf); + (asn1buf *buf); asn1_error_code asn1_decode_oid - (asn1buf *buf, unsigned int *retlen, asn1_octet **val); + (asn1buf *buf, unsigned int *retlen, asn1_octet **val); asn1_error_code asn1_decode_octetstring - (asn1buf *buf, unsigned int *retlen, asn1_octet **val); + (asn1buf *buf, unsigned int *retlen, asn1_octet **val); asn1_error_code asn1_decode_generalstring - (asn1buf *buf, unsigned int *retlen, char **val); + (asn1buf *buf, unsigned int *retlen, char **val); asn1_error_code asn1_decode_charstring - (asn1buf *buf, unsigned int *retlen, char **val); + (asn1buf *buf, unsigned int *retlen, char **val); /* Note: A charstring is a special hack to account for the fact that krb5 structures store some OCTET STRING values in krb5_octet - arrays and others in krb5_data structures - (which use char arrays). - From the ASN.1 point of view, the two string types are the same, - only the receptacles differ. */ + arrays and others in krb5_data structures + (which use char arrays). + From the ASN.1 point of view, the two string types are the same, + only the receptacles differ. */ asn1_error_code asn1_decode_printablestring - (asn1buf *buf, int *retlen, char **val); + (asn1buf *buf, int *retlen, char **val); asn1_error_code asn1_decode_ia5string - (asn1buf *buf, int *retlen, char **val); + (asn1buf *buf, int *retlen, char **val); asn1_error_code asn1_decode_generaltime - (asn1buf *buf, time_t *val); + (asn1buf *buf, time_t *val); #endif diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index add932ecb..d55e1832f 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_encode.c - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -30,30 +31,30 @@ #include "asn1_make.h" static asn1_error_code asn1_encode_integer_internal(asn1buf *buf, long val, - unsigned int *retlen) + unsigned int *retlen) { asn1_error_code retval; unsigned int length = 0; long valcopy; int digit; - + valcopy = val; do { - digit = (int) (valcopy&0xFF); - retval = asn1buf_insert_octet(buf,(asn1_octet) digit); - if (retval) return retval; - length++; - valcopy = valcopy >> 8; + digit = (int) (valcopy&0xFF); + retval = asn1buf_insert_octet(buf,(asn1_octet) digit); + if (retval) return retval; + length++; + valcopy = valcopy >> 8; } while (valcopy != 0 && valcopy != ~0); if ((val > 0) && ((digit&0x80) == 0x80)) { /* make sure the high bit is */ - retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ - if (retval) return retval; - length++; + retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ + if (retval) return retval; + length++; } else if ((val < 0) && ((digit&0x80) != 0x80)) { - retval = asn1buf_insert_octet(buf,0xFF); - if (retval) return retval; - length++; + retval = asn1buf_insert_octet(buf,0xFF); + if (retval) return retval; + length++; } @@ -62,7 +63,7 @@ static asn1_error_code asn1_encode_integer_internal(asn1buf *buf, long val, } asn1_error_code asn1_encode_integer(asn1buf * buf, long val, - unsigned int *retlen) + unsigned int *retlen) { asn1_error_code retval; unsigned int length = 0; @@ -71,7 +72,7 @@ asn1_error_code asn1_encode_integer(asn1buf * buf, long val, if (retval) return retval; length = partlen; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); if (retval) return retval; length += partlen; @@ -81,7 +82,7 @@ asn1_error_code asn1_encode_integer(asn1buf * buf, long val, asn1_error_code asn1_encode_enumerated(asn1buf * buf, long val, - unsigned int *retlen) + unsigned int *retlen) { asn1_error_code retval; unsigned int length = 0; @@ -90,7 +91,7 @@ asn1_encode_enumerated(asn1buf * buf, long val, if (retval) return retval; length = partlen; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_ENUMERATED,length, &partlen); + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_ENUMERATED,length, &partlen); if (retval) return retval; length += partlen; @@ -99,30 +100,30 @@ asn1_encode_enumerated(asn1buf * buf, long val, } asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, unsigned long val, - unsigned int *retlen) + unsigned int *retlen) { asn1_error_code retval; unsigned int length = 0; unsigned int partlen; unsigned long valcopy; int digit; - + valcopy = val; do { - digit = (int) (valcopy&0xFF); - retval = asn1buf_insert_octet(buf,(asn1_octet) digit); - if (retval) return retval; - length++; - valcopy = valcopy >> 8; + digit = (int) (valcopy&0xFF); + retval = asn1buf_insert_octet(buf,(asn1_octet) digit); + if (retval) return retval; + length++; + valcopy = valcopy >> 8; } while (valcopy != 0 && valcopy != ~0); - if (digit&0x80) { /* make sure the high bit is */ - retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ - if (retval) return retval; - length++; + if (digit&0x80) { /* make sure the high bit is */ + retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ + if (retval) return retval; + length++; } - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_INTEGER,length, &partlen); if (retval) return retval; length += partlen; @@ -131,8 +132,8 @@ asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, unsigned long val, } asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, - const asn1_octet *val, - unsigned int *retlen) + const asn1_octet *val, + unsigned int *retlen) { asn1_error_code retval; unsigned int length; @@ -140,7 +141,7 @@ asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, retval = asn1buf_insert_octetstring(buf, len, val); if (retval) return retval; retval = asn1_make_tag(buf, UNIVERSAL, PRIMITIVE, ASN1_OBJECTIDENTIFIER, - len, &length); + len, &length); if (retval) return retval; *retlen = len + length; @@ -148,8 +149,8 @@ asn1_error_code asn1_encode_oid(asn1buf *buf, unsigned int len, } asn1_error_code asn1_encode_octetstring(asn1buf *buf, unsigned int len, - const asn1_octet *val, - unsigned int *retlen) + const asn1_octet *val, + unsigned int *retlen) { asn1_error_code retval; unsigned int length; @@ -164,7 +165,7 @@ asn1_error_code asn1_encode_octetstring(asn1buf *buf, unsigned int len, } asn1_error_code asn1_encode_charstring(asn1buf *buf, unsigned int len, - const char *val, unsigned int *retlen) + const char *val, unsigned int *retlen) { asn1_error_code retval; unsigned int length; @@ -181,7 +182,7 @@ asn1_error_code asn1_encode_charstring(asn1buf *buf, unsigned int len, asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen) { asn1_error_code retval; - + retval = asn1buf_insert_octet(buf,0x00); if (retval) return retval; retval = asn1buf_insert_octet(buf,0x05); @@ -192,14 +193,14 @@ asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen) } asn1_error_code asn1_encode_printablestring(asn1buf *buf, unsigned int len, - const char *val, int *retlen) + const char *val, int *retlen) { asn1_error_code retval; unsigned int length; retval = asn1buf_insert_charstring(buf,len,val); if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_PRINTABLESTRING,len, &length); + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_PRINTABLESTRING,len, &length); if (retval) return retval; *retlen = len + length; @@ -207,14 +208,14 @@ asn1_error_code asn1_encode_printablestring(asn1buf *buf, unsigned int len, } asn1_error_code asn1_encode_ia5string(asn1buf *buf, unsigned int len, - const char *val, int *retlen) + const char *val, int *retlen) { asn1_error_code retval; unsigned int length; retval = asn1buf_insert_charstring(buf,len,val); if (retval) return retval; - retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_IA5STRING,len, &length); + retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_IA5STRING,len, &length); if (retval) return retval; *retlen = len + length; @@ -222,7 +223,7 @@ asn1_error_code asn1_encode_ia5string(asn1buf *buf, unsigned int len, } asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, - unsigned int *retlen) + unsigned int *retlen) { asn1_error_code retval; struct tm *gtime, gtimebuf; @@ -234,40 +235,40 @@ asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, * Time encoding: YYYYMMDDhhmmssZ */ if (gmt_time == 0) { - sp = "19700101000000Z"; + sp = "19700101000000Z"; } else { - /* - * Sanity check this just to be paranoid, as gmtime can return NULL, - * and some bogus implementations might overrun on the sprintf. - */ + /* + * Sanity check this just to be paranoid, as gmtime can return NULL, + * and some bogus implementations might overrun on the sprintf. + */ #ifdef HAVE_GMTIME_R # ifdef GMTIME_R_RETURNS_INT - if (gmtime_r(&gmt_time, >imebuf) != 0) - return ASN1_BAD_GMTIME; + if (gmtime_r(&gmt_time, >imebuf) != 0) + return ASN1_BAD_GMTIME; # else - if (gmtime_r(&gmt_time, >imebuf) == NULL) - return ASN1_BAD_GMTIME; + if (gmtime_r(&gmt_time, >imebuf) == NULL) + return ASN1_BAD_GMTIME; # endif #else - gtime = gmtime(&gmt_time); - if (gtime == NULL) - return ASN1_BAD_GMTIME; - memcpy(>imebuf, gtime, sizeof(gtimebuf)); + gtime = gmtime(&gmt_time); + if (gtime == NULL) + return ASN1_BAD_GMTIME; + memcpy(>imebuf, gtime, sizeof(gtimebuf)); #endif - gtime = >imebuf; - - if (gtime->tm_year > 8099 || gtime->tm_mon > 11 || - gtime->tm_mday > 31 || gtime->tm_hour > 23 || - gtime->tm_min > 59 || gtime->tm_sec > 59) - return ASN1_BAD_GMTIME; - if (snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", - 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, - gtime->tm_hour, gtime->tm_min, gtime->tm_sec) - >= sizeof(s)) - /* Shouldn't be possible given above tests. */ - return ASN1_BAD_GMTIME; - sp = s; + gtime = >imebuf; + + if (gtime->tm_year > 8099 || gtime->tm_mon > 11 || + gtime->tm_mday > 31 || gtime->tm_hour > 23 || + gtime->tm_min > 59 || gtime->tm_sec > 59) + return ASN1_BAD_GMTIME; + if (snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", + 1900+gtime->tm_year, gtime->tm_mon+1, gtime->tm_mday, + gtime->tm_hour, gtime->tm_min, gtime->tm_sec) + >= sizeof(s)) + /* Shouldn't be possible given above tests. */ + return ASN1_BAD_GMTIME; + sp = s; } retval = asn1buf_insert_charstring(buf,15,sp); @@ -283,8 +284,8 @@ asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, } asn1_error_code asn1_encode_generalstring(asn1buf *buf, unsigned int len, - const char *val, - unsigned int *retlen) + const char *val, + unsigned int *retlen) { asn1_error_code retval; unsigned int length; @@ -292,7 +293,7 @@ asn1_error_code asn1_encode_generalstring(asn1buf *buf, unsigned int len, retval = asn1buf_insert_charstring(buf,len,val); if (retval) return retval; retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_GENERALSTRING,len, - &length); + &length); if (retval) return retval; *retlen = len + length; diff --git a/src/lib/krb5/asn.1/asn1_encode.h b/src/lib/krb5/asn.1/asn1_encode.h index 79eee48d5..c75f4e879 100644 --- a/src/lib/krb5/asn.1/asn1_encode.h +++ b/src/lib/krb5/asn.1/asn1_encode.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_encode.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -50,10 +51,10 @@ */ asn1_error_code asn1_encode_integer - (asn1buf *buf, long val, unsigned int *retlen); + (asn1buf *buf, long val, unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ @@ -62,81 +63,81 @@ asn1_error_code asn1_encode_enumerated (asn1buf *buf, long val, unsigned int *retlen); asn1_error_code asn1_encode_unsigned_integer - (asn1buf *buf, unsigned long val, - unsigned int *retlen); + (asn1buf *buf, unsigned long val, + unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_octetstring - (asn1buf *buf, - unsigned int len, const asn1_octet *val, - unsigned int *retlen); + (asn1buf *buf, + unsigned int len, const asn1_octet *val, + unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_oid - (asn1buf *buf, - unsigned int len, const asn1_octet *val, - unsigned int *retlen); + (asn1buf *buf, + unsigned int len, const asn1_octet *val, + unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_charstring - (asn1buf *buf, - unsigned int len, const char *val, - unsigned int *retlen); + (asn1buf *buf, + unsigned int len, const char *val, + unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_null - (asn1buf *buf, int *retlen); + (asn1buf *buf, int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of NULL into *buf and returns + effects Inserts the encoding of NULL into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_printablestring - (asn1buf *buf, - unsigned int len, const char *val, - int *retlen); + (asn1buf *buf, + unsigned int len, const char *val, + int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_ia5string - (asn1buf *buf, - unsigned int len, const char *val, - int *retlen); + (asn1buf *buf, + unsigned int len, const char *val, + int *retlen); /* requires *buf is allocated modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ asn1_error_code asn1_encode_generaltime - (asn1buf *buf, time_t val, unsigned int *retlen); + (asn1buf *buf, time_t val, unsigned int *retlen); /* requires *buf is allocated modifies *buf, *retlen effects Inserts the encoding of val into *buf and returns @@ -146,12 +147,12 @@ asn1_error_code asn1_encode_generaltime Note: The encoding of GeneralizedTime is YYYYMMDDhhmmZ */ asn1_error_code asn1_encode_generalstring - (asn1buf *buf, - unsigned int len, const char *val, - unsigned int *retlen); + (asn1buf *buf, + unsigned int len, const char *val, + unsigned int *retlen); /* requires *buf is allocated, val has a length of len characters modifies *buf, *retlen - effects Inserts the encoding of val into *buf and returns + effects Inserts the encoding of val into *buf and returns the length of the encoding in *retlen. Returns ENOMEM to signal an unsuccesful attempt to expand the buffer. */ diff --git a/src/lib/krb5/asn.1/asn1_get.c b/src/lib/krb5/asn.1/asn1_get.c index 66fd1b6cb..d3706fbd6 100644 --- a/src/lib/krb5/asn.1/asn1_get.c +++ b/src/lib/krb5/asn.1/asn1_get.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_get.c - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -32,70 +33,70 @@ asn1_get_tag_2(asn1buf *buf, taginfo *t) asn1_error_code retval; if (buf == NULL || buf->base == NULL || - buf->bound - buf->next + 1 <= 0) { - t->tagnum = ASN1_TAGNUM_CEILING; /* emphatically not an EOC tag */ - t->asn1class = UNIVERSAL; - t->construction = PRIMITIVE; - t->length = 0; - t->indef = 0; - return 0; + buf->bound - buf->next + 1 <= 0) { + t->tagnum = ASN1_TAGNUM_CEILING; /* emphatically not an EOC tag */ + t->asn1class = UNIVERSAL; + t->construction = PRIMITIVE; + t->length = 0; + t->indef = 0; + return 0; } { - /* asn1_get_id(buf, t) */ - asn1_tagnum tn=0; - asn1_octet o; + /* asn1_get_id(buf, t) */ + asn1_tagnum tn=0; + asn1_octet o; #define ASN1_CLASS_MASK 0xC0 #define ASN1_CONSTRUCTION_MASK 0x20 #define ASN1_TAG_NUMBER_MASK 0x1F - retval = asn1buf_remove_octet(buf,&o); - if (retval) - return retval; + retval = asn1buf_remove_octet(buf,&o); + if (retval) + return retval; - t->asn1class = (asn1_class)(o&ASN1_CLASS_MASK); - t->construction = (asn1_construction)(o&ASN1_CONSTRUCTION_MASK); - if ((o&ASN1_TAG_NUMBER_MASK) != ASN1_TAG_NUMBER_MASK) { - /* low-tag-number form */ - t->tagnum = (asn1_tagnum)(o&ASN1_TAG_NUMBER_MASK); - } else { - /* high-tag-number form */ - do { - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - tn = (tn<<7) + (asn1_tagnum)(o&0x7F); - } while (o&0x80); - t->tagnum = tn; - } + t->asn1class = (asn1_class)(o&ASN1_CLASS_MASK); + t->construction = (asn1_construction)(o&ASN1_CONSTRUCTION_MASK); + if ((o&ASN1_TAG_NUMBER_MASK) != ASN1_TAG_NUMBER_MASK) { + /* low-tag-number form */ + t->tagnum = (asn1_tagnum)(o&ASN1_TAG_NUMBER_MASK); + } else { + /* high-tag-number form */ + do { + retval = asn1buf_remove_octet(buf,&o); + if (retval) return retval; + tn = (tn<<7) + (asn1_tagnum)(o&0x7F); + } while (o&0x80); + t->tagnum = tn; + } } { - /* asn1_get_length(buf, t) */ - asn1_octet o; + /* asn1_get_length(buf, t) */ + asn1_octet o; + + t->indef = 0; + retval = asn1buf_remove_octet(buf,&o); + if (retval) return retval; + if ((o&0x80) == 0) { + t->length = (int)(o&0x7F); + } else { + int num; + int len=0; - t->indef = 0; - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - if ((o&0x80) == 0) { - t->length = (int)(o&0x7F); - } else { - int num; - int len=0; - - for (num = (int)(o&0x7F); num>0; num--) { - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - len = (len<<8) + (int)o; - } - if (len < 0) - return ASN1_OVERRUN; - if (!len) - t->indef = 1; - t->length = len; - } + for (num = (int)(o&0x7F); num>0; num--) { + retval = asn1buf_remove_octet(buf,&o); + if (retval) return retval; + len = (len<<8) + (int)o; + } + if (len < 0) + return ASN1_OVERRUN; + if (!len) + t->indef = 1; + t->length = len; + } } if (t->indef && t->construction != CONSTRUCTED) - return ASN1_MISMATCH_INDEF; + return ASN1_MISMATCH_INDEF; return 0; } @@ -106,13 +107,13 @@ asn1_error_code asn1_get_sequence(asn1buf *buf, unsigned int *retlen, int *indef retval = asn1_get_tag_2(buf, &t); if (retval) - return retval; + return retval; if (t.asn1class != UNIVERSAL || t.construction != CONSTRUCTED || - t.tagnum != ASN1_SEQUENCE) - return ASN1_BAD_ID; + t.tagnum != ASN1_SEQUENCE) + return ASN1_BAD_ID; if (retlen) - *retlen = t.length; + *retlen = t.length; if (indef) - *indef = t.indef; + *indef = t.indef; return 0; } diff --git a/src/lib/krb5/asn.1/asn1_get.h b/src/lib/krb5/asn.1/asn1_get.h index 1b7801462..ecafa2aec 100644 --- a/src/lib/krb5/asn.1/asn1_get.h +++ b/src/lib/krb5/asn.1/asn1_get.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_get.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -35,9 +36,9 @@ typedef struct { #if 1 /* Smaller run-time storage, and on x86 the compiler can use - byte loads, stores, and compares, but on other platforms the - compiler may need to load and widen before comparing... see - how this works out. */ + byte loads, stores, and compares, but on other platforms the + compiler may need to load and widen before comparing... see + how this works out. */ unsigned int asn1class : 8, construction : 8; #else asn1_class asn1class; @@ -52,33 +53,33 @@ asn1_error_code asn1_get_tag_2 (asn1buf *buf, taginfo *tinfo); #if 0 asn1_error_code asn1_get_tag_indef - (asn1buf *buf, - asn1_class *Class, - asn1_construction *construction, - asn1_tagnum *tagnum, - unsigned int *retlen, int *indef); + (asn1buf *buf, + asn1_class *Class, + asn1_construction *construction, + asn1_tagnum *tagnum, + unsigned int *retlen, int *indef); asn1_error_code asn1_get_tag - (asn1buf *buf, - asn1_class *Class, - asn1_construction *construction, - asn1_tagnum *tagnum, - unsigned int *retlen); + (asn1buf *buf, + asn1_class *Class, + asn1_construction *construction, + asn1_tagnum *tagnum, + unsigned int *retlen); /* requires *buf is allocated effects Decodes the tag in *buf. If class != NULL, returns the class in *Class. Similarly, the construction, - tag number, and length are returned in *construction, - *tagnum, and *retlen, respectively. - If *buf is empty to begin with, - *tagnum is set to ASN1_TAGNUM_CEILING. - Returns ASN1_OVERRUN if *buf is exhausted during the parse. */ + tag number, and length are returned in *construction, + *tagnum, and *retlen, respectively. + If *buf is empty to begin with, + *tagnum is set to ASN1_TAGNUM_CEILING. + Returns ASN1_OVERRUN if *buf is exhausted during the parse. */ #endif asn1_error_code asn1_get_sequence - (asn1buf *buf, unsigned int *retlen, int *indef); + (asn1buf *buf, unsigned int *retlen, int *indef); /* requires *buf is allocated effects Decodes a tag from *buf and returns ASN1_BAD_ID if it doesn't have a sequence ID. If retlen != NULL, the - associated length is returned in *retlen. */ + associated length is returned in *retlen. */ #endif diff --git a/src/lib/krb5/asn.1/asn1_k_decode.c b/src/lib/krb5/asn.1/asn1_k_decode.c index 4290561d7..e47ca6f0c 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.c +++ b/src/lib/krb5/asn.1/asn1_k_decode.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_decode.c - * + * * Copyright 1994, 2007, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -30,26 +31,26 @@ #include "asn1_misc.h" /* Declare useful decoder variables. */ -#define setup() \ - asn1_error_code retval; \ - asn1_class asn1class; \ - asn1_construction construction; \ - asn1_tagnum tagnum; \ +#define setup() \ + asn1_error_code retval; \ + asn1_class asn1class; \ + asn1_construction construction; \ + asn1_tagnum tagnum; \ unsigned int length, taglen #define unused_var(x) if (0) { x = 0; x = x - x; } /* This is used for prefetch of next tag in sequence. */ -#define next_tag() \ -{ taginfo t2; \ - retval = asn1_get_tag_2(&subbuf, &t2); \ - if (retval) return retval; \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t2.asn1class; \ - construction = t2.construction; \ - tagnum = t2.tagnum; \ - taglen = t2.length; \ - indef = t2.indef; \ +#define next_tag() \ +{ taginfo t2; \ + retval = asn1_get_tag_2(&subbuf, &t2); \ + if (retval) return retval; \ + /* Copy out to match previous functionality, until better integrated. */ \ + asn1class = t2.asn1class; \ + construction = t2.construction; \ + tagnum = t2.tagnum; \ + taglen = t2.length; \ + indef = t2.indef; \ } static asn1_error_code @@ -60,36 +61,36 @@ asn1_get_eoc_tag (asn1buf *buf) retval = asn1_get_tag_2(buf, &t); if (retval) - return retval; + return retval; if (t.asn1class != UNIVERSAL || t.tagnum || t.indef) - return ASN1_MISSING_EOC; + return ASN1_MISSING_EOC; return 0; } /* Force check for EOC tag. */ -#define get_eoc() \ - { \ - retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) return retval; \ +#define get_eoc() \ + { \ + retval = asn1_get_eoc_tag(&subbuf); \ + if (retval) return retval; \ } -#define alloc_field(var, type) \ - var = (type*)calloc(1, sizeof(type)); \ +#define alloc_field(var, type) \ + var = (type*)calloc(1, sizeof(type)); \ if ((var) == NULL) return ENOMEM /* Fetch an expected APPLICATION class tag and verify. */ -#define apptag(tagexpect) \ - { \ - taginfo t1; \ - retval = asn1_get_tag_2(buf, &t1); \ - if (retval) return retval; \ - if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \ - t1.tagnum != (tagexpect)) return ASN1_BAD_ID; \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t1.asn1class; \ - construction = t1.construction; \ - tagnum = t1.tagnum; \ - applen = t1.length; \ +#define apptag(tagexpect) \ + { \ + taginfo t1; \ + retval = asn1_get_tag_2(buf, &t1); \ + if (retval) return retval; \ + if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED || \ + t1.tagnum != (tagexpect)) return ASN1_BAD_ID; \ + /* Copy out to match previous functionality, until better integrated. */ \ + asn1class = t1.asn1class; \ + construction = t1.construction; \ + tagnum = t1.tagnum; \ + applen = t1.length; \ } /**** normal fields ****/ @@ -101,10 +102,10 @@ asn1_get_eoc_tag (asn1buf *buf) * get_eoc() assumes that any values fetched by this macro are * enclosed in a context-specific tag. */ -#define get_field_body(var, decoder) \ - retval = decoder(&subbuf, &(var)); \ - if (retval) return retval; \ - if (!taglen && indef) { get_eoc(); } \ +#define get_field_body(var, decoder) \ + retval = decoder(&subbuf, &(var)); \ + if (retval) return retval; \ + if (!taglen && indef) { get_eoc(); } \ next_tag() /* @@ -123,11 +124,11 @@ asn1_get_eoc_tag (asn1buf *buf) * that context-specific tags are monotonically increasing in its * verification of tag numbers. */ -#define get_field(var, tagexpect, decoder) \ - error_if_bad_tag(tagexpect); \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - return ASN1_BAD_ID; \ +#define get_field(var, tagexpect, decoder) \ + error_if_bad_tag(tagexpect); \ + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + && (tagnum || taglen || asn1class != UNIVERSAL)) \ + return ASN1_BAD_ID; \ get_field_body(var,decoder) /* @@ -138,59 +139,59 @@ asn1_get_eoc_tag (asn1buf *buf) * distinguish between absent optional values and present optional * values that happen to have the value of OPTVAL. */ -#define opt_field(var, tagexpect, decoder, optvalue) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - return ASN1_BAD_ID; \ - if (tagnum == (tagexpect)) { \ - get_field_body(var, decoder); \ - } else var = optvalue; \ +#define opt_field(var, tagexpect, decoder, optvalue) \ + if (asn1buf_remains(&subbuf, seqindef)) { \ + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + && (tagnum || taglen || asn1class != UNIVERSAL)) \ + return ASN1_BAD_ID; \ + if (tagnum == (tagexpect)) { \ + get_field_body(var, decoder); \ + } else var = optvalue; \ } - + /**** fields w/ length ****/ /* similar to get_field_body */ -#define get_lenfield_body(len, var, decoder) \ - retval = decoder(&subbuf, &(len), &(var)); \ - if (retval) return retval; \ - if (!taglen && indef) { get_eoc(); } \ +#define get_lenfield_body(len, var, decoder) \ + retval = decoder(&subbuf, &(len), &(var)); \ + if (retval) return retval; \ + if (!taglen && indef) { get_eoc(); } \ next_tag() /* similar to get_field_body */ -#define get_lenfield(len, var, tagexpect, decoder) \ - error_if_bad_tag(tagexpect); \ - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - && (tagnum || taglen || asn1class != UNIVERSAL)) \ - return ASN1_BAD_ID; \ +#define get_lenfield(len, var, tagexpect, decoder) \ + error_if_bad_tag(tagexpect); \ + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + && (tagnum || taglen || asn1class != UNIVERSAL)) \ + return ASN1_BAD_ID; \ get_lenfield_body(len, var, decoder) /* similar to opt_field */ -#define opt_lenfield(len, var, tagexpect, decoder) \ - if (tagnum == (tagexpect)) { \ - get_lenfield_body(len, var, decoder); \ +#define opt_lenfield(len, var, tagexpect, decoder) \ + if (tagnum == (tagexpect)) { \ + get_lenfield_body(len, var, decoder); \ } else { len = 0; var = 0; } /* * Deal with implicitly tagged fields */ -#define get_implicit_octet_string(len, var, tagexpect) \ - if (tagnum != (tagexpect)) return ASN1_MISSING_FIELD; \ +#define get_implicit_octet_string(len, var, tagexpect) \ + if (tagnum != (tagexpect)) return ASN1_MISSING_FIELD; \ if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - return ASN1_BAD_ID; \ - retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ - if (retval) return retval; \ - (len) = taglen; \ + return ASN1_BAD_ID; \ + retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ + if (retval) return retval; \ + (len) = taglen; \ next_tag() -#define opt_implicit_octet_string(len, var, tagexpect) \ - if (tagnum == (tagexpect)) { \ +#define opt_implicit_octet_string(len, var, tagexpect) \ + if (tagnum == (tagexpect)) { \ if (asn1class != CONTEXT_SPECIFIC || construction != PRIMITIVE) \ - return ASN1_BAD_ID; \ + return ASN1_BAD_ID; \ retval = asn1buf_remove_octetstring(&subbuf, taglen, &(var)); \ - if (retval) return retval; \ - (len) = taglen; \ - next_tag(); \ + if (retval) return retval; \ + (len) = taglen; \ + next_tag(); \ } else { (len) = 0; (var) = NULL; } /* @@ -200,14 +201,14 @@ asn1_get_eoc_tag (asn1buf *buf) * to be called in an inner block that ends with a call to * end_structure(). */ -#define begin_structure() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) return retval; \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ - if (retval) return retval; \ +#define begin_structure() \ + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + retval = asn1_get_sequence(buf, &length, &seqindef); \ + if (retval) return retval; \ + retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ + if (retval) return retval; \ next_tag() /* @@ -215,19 +216,19 @@ asn1_get_eoc_tag (asn1buf *buf) * It is the same as begin_structure() except next_tag() * is not called. */ -#define begin_structure_no_tag() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - retval = asn1_get_sequence(buf, &length, &seqindef); \ - if (retval) return retval; \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ +#define begin_structure_no_tag() \ + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + retval = asn1_get_sequence(buf, &length, &seqindef); \ + if (retval) return retval; \ + retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ if (retval) return retval /* skip trailing garbage */ -#define end_structure() \ - retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \ - length, indef, seqindef); \ +#define end_structure() \ + retval = asn1buf_sync(buf, &subbuf, asn1class, tagnum, \ + length, indef, seqindef); \ if (retval) return retval /* @@ -237,28 +238,28 @@ asn1_get_eoc_tag (asn1buf *buf) * to be called in an inner block that ends with a call to * end_choice(). */ -#define begin_choice() \ - asn1buf subbuf; \ - int seqindef; \ - int indef; \ - taginfo t; \ - retval = asn1_get_tag_2(buf, &t); \ - if (retval) return retval; \ +#define begin_choice() \ + asn1buf subbuf; \ + int seqindef; \ + int indef; \ + taginfo t; \ + retval = asn1_get_tag_2(buf, &t); \ + if (retval) return retval; \ tagnum = t.tagnum; \ taglen = t.length; \ indef = t.indef; \ length = t.length; \ seqindef = t.indef; \ - asn1class = t.asn1class; \ - construction = t.construction; \ - retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ + asn1class = t.asn1class; \ + construction = t.construction; \ + retval = asn1buf_imbed(&subbuf, buf, length, seqindef); \ if (retval) return retval /* skip trailing garbage */ -#define end_choice() \ - length -= t.length; \ - retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \ - length, t.indef, seqindef); \ +#define end_choice() \ + length -= t.length; \ + retval = asn1buf_sync(buf, &subbuf, t.asn1class, t.tagnum, \ + length, t.indef, seqindef); \ if (retval) return retval /* @@ -268,12 +269,12 @@ asn1_get_eoc_tag (asn1buf *buf) * meant to be called in an inner block that ends with a call to * end_sequence_of(). */ -#define sequence_of(buf) \ - unsigned int length, taglen; \ - asn1_class asn1class; \ - asn1_construction construction; \ - asn1_tagnum tagnum; \ - int indef; \ +#define sequence_of(buf) \ + unsigned int length, taglen; \ + asn1_class asn1class; \ + asn1_construction construction; \ + asn1_tagnum tagnum; \ + int indef; \ sequence_of_common(buf) /* @@ -283,7 +284,7 @@ asn1_get_eoc_tag (asn1buf *buf) * sequence structure and thus declares variables of different names * than does sequence_of() to avoid shadowing. */ -#define sequence_of_no_tagvars(buf) \ +#define sequence_of_no_tagvars(buf) \ sequence_of_common(buf) /* @@ -293,13 +294,13 @@ asn1_get_eoc_tag (asn1buf *buf) * and imbeds an inner buffer seqbuf. Unlike begin_structure(), it * does not prefetch the next tag. */ -#define sequence_of_common(buf) \ - int size = 0; \ - asn1buf seqbuf; \ - int seqofindef; \ - retval = asn1_get_sequence(buf, &length, &seqofindef); \ - if (retval) return retval; \ - retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \ +#define sequence_of_common(buf) \ + int size = 0; \ + asn1buf seqbuf; \ + int seqofindef; \ + retval = asn1_get_sequence(buf, &length, &seqofindef); \ + if (retval) return retval; \ + retval = asn1buf_imbed(&seqbuf, buf, length, seqofindef); \ if (retval) return retval /* @@ -308,20 +309,20 @@ asn1_get_eoc_tag (asn1buf *buf) * Attempts to fetch an EOC tag, if any, and to sync over trailing * garbage, if any. */ -#define end_sequence_of(buf) \ - { \ - taginfo t4; \ - retval = asn1_get_tag_2(&seqbuf, &t4); \ - if (retval) return retval; \ - /* Copy out to match previous functionality, until better integrated. */ \ - asn1class = t4.asn1class; \ - construction = t4.construction; \ - tagnum = t4.tagnum; \ - taglen = t4.length; \ - indef = t4.indef; \ - } \ - retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \ - length, indef, seqofindef); \ +#define end_sequence_of(buf) \ + { \ + taginfo t4; \ + retval = asn1_get_tag_2(&seqbuf, &t4); \ + if (retval) return retval; \ + /* Copy out to match previous functionality, until better integrated. */ \ + asn1class = t4.asn1class; \ + construction = t4.construction; \ + tagnum = t4.tagnum; \ + taglen = t4.length; \ + indef = t4.indef; \ + } \ + retval = asn1buf_sync(buf, &seqbuf, asn1class, tagnum, \ + length, indef, seqofindef); \ if (retval) return retval; /* @@ -332,33 +333,33 @@ asn1_get_eoc_tag (asn1buf *buf) */ static asn1_error_code end_sequence_of_no_tagvars_helper(asn1buf *buf, asn1buf *seqbufp, - int seqofindef) + int seqofindef) { taginfo t; asn1_error_code retval; retval = asn1_get_tag_2(seqbufp, &t); if (retval) - return retval; + return retval; retval = asn1buf_sync(buf, seqbufp, t.asn1class, t.tagnum, - t.length, t.indef, seqofindef); + t.length, t.indef, seqofindef); return retval; } #define end_sequence_of_no_tagvars(buf) \ end_sequence_of_no_tagvars_helper(buf, &seqbuf, seqofindef) -#define cleanup() \ +#define cleanup() \ return 0 /* scalars */ asn1_error_code asn1_decode_kerberos_time(asn1buf *buf, krb5_timestamp *val) { - time_t t; + time_t t; asn1_error_code retval; - + retval = asn1_decode_generaltime(buf,&t); if (retval) - return retval; + return retval; *val = t; return 0; @@ -410,10 +411,10 @@ asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val) { asn1_error_code retval; unsigned long n; - + retval = asn1_decode_unsigned_integer(buf,&n); if (retval) return retval; - + *val = (krb5_msgtype) n; return 0; } @@ -423,39 +424,39 @@ asn1_error_code asn1_decode_msgtype(asn1buf *buf, krb5_msgtype *val) asn1_error_code asn1_decode_realm(asn1buf *buf, krb5_principal *val) { return asn1_decode_generalstring(buf, - &((*val)->realm.length), - &((*val)->realm.data)); + &((*val)->realm.length), + &((*val)->realm.data)); } asn1_error_code asn1_decode_principal_name(asn1buf *buf, krb5_principal *val) { setup(); { begin_structure(); - get_field((*val)->type,0,asn1_decode_int32); - - { sequence_of_no_tagvars(&subbuf); - while (asn1buf_remains(&seqbuf,seqofindef) > 0) { - size++; - if ((*val)->data == NULL) - (*val)->data = (krb5_data*)malloc(size*sizeof(krb5_data)); - else - (*val)->data = (krb5_data*)realloc((*val)->data, - size*sizeof(krb5_data)); - if ((*val)->data == NULL) return ENOMEM; - retval = asn1_decode_generalstring(&seqbuf, - &((*val)->data[size-1].length), - &((*val)->data[size-1].data)); - if (retval) return retval; - } - (*val)->length = size; - end_sequence_of_no_tagvars(&subbuf); - } - if (indef) { - get_eoc(); - } - next_tag(); - end_structure(); - (*val)->magic = KV5M_PRINCIPAL; + get_field((*val)->type,0,asn1_decode_int32); + + { sequence_of_no_tagvars(&subbuf); + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + size++; + if ((*val)->data == NULL) + (*val)->data = (krb5_data*)malloc(size*sizeof(krb5_data)); + else + (*val)->data = (krb5_data*)realloc((*val)->data, + size*sizeof(krb5_data)); + if ((*val)->data == NULL) return ENOMEM; + retval = asn1_decode_generalstring(&seqbuf, + &((*val)->data[size-1].length), + &((*val)->data[size-1].data)); + if (retval) return retval; + } + (*val)->length = size; + end_sequence_of_no_tagvars(&subbuf); + } + if (indef) { + get_eoc(); + } + next_tag(); + end_structure(); + (*val)->magic = KV5M_PRINCIPAL; } cleanup(); } @@ -464,10 +465,10 @@ asn1_error_code asn1_decode_checksum(asn1buf *buf, krb5_checksum *val) { setup(); { begin_structure(); - get_field(val->checksum_type,0,asn1_decode_cksumtype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_CHECKSUM; + get_field(val->checksum_type,0,asn1_decode_cksumtype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_CHECKSUM; } cleanup(); } @@ -476,10 +477,10 @@ asn1_error_code asn1_decode_encryption_key(asn1buf *buf, krb5_keyblock *val) { setup(); { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_KEYBLOCK; + get_field(val->enctype,0,asn1_decode_enctype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_KEYBLOCK; } cleanup(); } @@ -488,11 +489,11 @@ asn1_error_code asn1_decode_encrypted_data(asn1buf *buf, krb5_enc_data *val) { setup(); { begin_structure(); - get_field(val->enctype,0,asn1_decode_enctype); - opt_field(val->kvno,1,asn1_decode_kvno,0); - get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_DATA; + get_field(val->enctype,0,asn1_decode_enctype); + opt_field(val->kvno,1,asn1_decode_kvno,0); + get_lenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_DATA; } cleanup(); } @@ -509,8 +510,8 @@ asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val) retval = asn1_get_tag_2(buf, &t); if (retval) return retval; if (t.asn1class != UNIVERSAL || t.construction != PRIMITIVE || - t.tagnum != ASN1_BITSTRING) - return ASN1_BAD_ID; + t.tagnum != ASN1_BITSTRING) + return ASN1_BAD_ID; length = t.length; retval = asn1buf_remove_octet(buf,&unused); /* # of padding bits */ @@ -521,19 +522,19 @@ asn1_error_code asn1_decode_krb5_flags(asn1buf *buf, krb5_flags *val) length--; for (i = 0; i < length; i++) { - retval = asn1buf_remove_octet(buf,&o); - if (retval) return retval; - /* ignore bits past number 31 */ - if (i < 4) - f = (f<<8) | ((krb5_flags)o&0xFF); + retval = asn1buf_remove_octet(buf,&o); + if (retval) return retval; + /* ignore bits past number 31 */ + if (i < 4) + f = (f<<8) | ((krb5_flags)o&0xFF); } if (length <= 4) { - /* Mask out unused bits, but only if necessary. */ - f &= ~(krb5_flags)0 << unused; + /* Mask out unused bits, but only if necessary. */ + f &= ~(krb5_flags)0 << unused; } /* left-justify */ if (length < 4) - f <<= (4 - length) * 8; + f <<= (4 - length) * 8; *val = f; return 0; } @@ -551,10 +552,10 @@ asn1_error_code asn1_decode_transited_encoding(asn1buf *buf, krb5_transited *val { setup(); { begin_structure(); - get_field(val->tr_type,0,asn1_decode_octet); - get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_TRANSITED; + get_field(val->tr_type,0,asn1_decode_octet); + get_lenfield(val->tr_contents.length,val->tr_contents.data,1,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_TRANSITED; } cleanup(); } @@ -563,23 +564,23 @@ asn1_error_code asn1_decode_enc_kdc_rep_part(asn1buf *buf, krb5_enc_kdc_rep_part { setup(); { begin_structure(); - alloc_field(val->session,krb5_keyblock); - get_field(*(val->session),0,asn1_decode_encryption_key); - get_field(val->last_req,1,asn1_decode_last_req); - get_field(val->nonce,2,asn1_decode_int32); - opt_field(val->key_exp,3,asn1_decode_kerberos_time,0); - get_field(val->flags,4,asn1_decode_ticket_flags); - get_field(val->times.authtime,5,asn1_decode_kerberos_time); - /* Set to authtime if missing */ - opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime); - get_field(val->times.endtime,7,asn1_decode_kerberos_time); - opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0); - alloc_field(val->server,krb5_principal_data); - get_field(val->server,9,asn1_decode_realm); - get_field(val->server,10,asn1_decode_principal_name); - opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); - end_structure(); - val->magic = KV5M_ENC_KDC_REP_PART; + alloc_field(val->session,krb5_keyblock); + get_field(*(val->session),0,asn1_decode_encryption_key); + get_field(val->last_req,1,asn1_decode_last_req); + get_field(val->nonce,2,asn1_decode_int32); + opt_field(val->key_exp,3,asn1_decode_kerberos_time,0); + get_field(val->flags,4,asn1_decode_ticket_flags); + get_field(val->times.authtime,5,asn1_decode_kerberos_time); + /* Set to authtime if missing */ + opt_field(val->times.starttime,6,asn1_decode_kerberos_time,val->times.authtime); + get_field(val->times.endtime,7,asn1_decode_kerberos_time); + opt_field(val->times.renew_till,8,asn1_decode_kerberos_time,0); + alloc_field(val->server,krb5_principal_data); + get_field(val->server,9,asn1_decode_realm); + get_field(val->server,10,asn1_decode_principal_name); + opt_field(val->caddrs,11,asn1_decode_host_addresses,NULL); + end_structure(); + val->magic = KV5M_ENC_KDC_REP_PART; } cleanup(); } @@ -590,20 +591,20 @@ asn1_error_code asn1_decode_ticket(asn1buf *buf, krb5_ticket *val) unsigned int applen; apptag(1); { begin_structure(); - { krb5_kvno vno; - get_field(vno,0,asn1_decode_kvno); - if (vno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - alloc_field(val->server,krb5_principal_data); - get_field(val->server,1,asn1_decode_realm); - get_field(val->server,2,asn1_decode_principal_name); - get_field(val->enc_part,3,asn1_decode_encrypted_data); - end_structure(); - val->magic = KV5M_TICKET; + { krb5_kvno vno; + get_field(vno,0,asn1_decode_kvno); + if (vno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + alloc_field(val->server,krb5_principal_data); + get_field(val->server,1,asn1_decode_realm); + get_field(val->server,2,asn1_decode_principal_name); + get_field(val->enc_part,3,asn1_decode_encrypted_data); + end_structure(); + val->magic = KV5M_TICKET; } if (!applen) { - taginfo t; - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; + taginfo t; + retval = asn1_get_tag_2(buf, &t); + if (retval) return retval; } cleanup(); } @@ -612,14 +613,14 @@ asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val) { setup(); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,1,asn1_decode_kvno); - if (kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - get_field(val->msg_type,2,asn1_decode_msgtype); - opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL); - get_field(*val,4,asn1_decode_kdc_req_body); - end_structure(); - val->magic = KV5M_KDC_REQ; + { krb5_kvno kvno; + get_field(kvno,1,asn1_decode_kvno); + if (kvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + get_field(val->msg_type,2,asn1_decode_msgtype); + opt_field(val->padata,3,asn1_decode_sequence_of_pa_data,NULL); + get_field(*val,4,asn1_decode_kdc_req_body); + end_structure(); + val->magic = KV5M_KDC_REQ; } cleanup(); } @@ -627,48 +628,48 @@ asn1_error_code asn1_decode_kdc_req(asn1buf *buf, krb5_kdc_req *val) asn1_error_code asn1_decode_kdc_req_body(asn1buf *buf, krb5_kdc_req *val) { setup(); - { - krb5_principal psave; - begin_structure(); - get_field(val->kdc_options,0,asn1_decode_kdc_options); - if (tagnum == 1) { alloc_field(val->client,krb5_principal_data); } - opt_field(val->client,1,asn1_decode_principal_name,NULL); - alloc_field(val->server,krb5_principal_data); - get_field(val->server,2,asn1_decode_realm); - if (val->client != NULL) { - retval = asn1_krb5_realm_copy(val->client,val->server); - if (retval) return retval; } - - /* If opt_field server is missing, memory reference to server is - lost and results in memory leak */ - psave = val->server; - opt_field(val->server,3,asn1_decode_principal_name,NULL); - if (val->server == NULL) { - if (psave->realm.data) { - free(psave->realm.data); - psave->realm.data = NULL; - psave->realm.length=0; - } - free(psave); - } - opt_field(val->from,4,asn1_decode_kerberos_time,0); - get_field(val->till,5,asn1_decode_kerberos_time); - opt_field(val->rtime,6,asn1_decode_kerberos_time,0); - get_field(val->nonce,7,asn1_decode_int32); - get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype); - opt_field(val->addresses,9,asn1_decode_host_addresses,0); - if (tagnum == 10) { - get_field(val->authorization_data,10,asn1_decode_encrypted_data); } - else { - val->authorization_data.magic = KV5M_ENC_DATA; - val->authorization_data.enctype = 0; - val->authorization_data.kvno = 0; - val->authorization_data.ciphertext.data = NULL; - val->authorization_data.ciphertext.length = 0; - } - opt_field(val->second_ticket,11,asn1_decode_sequence_of_ticket,NULL); - end_structure(); - val->magic = KV5M_KDC_REQ; + { + krb5_principal psave; + begin_structure(); + get_field(val->kdc_options,0,asn1_decode_kdc_options); + if (tagnum == 1) { alloc_field(val->client,krb5_principal_data); } + opt_field(val->client,1,asn1_decode_principal_name,NULL); + alloc_field(val->server,krb5_principal_data); + get_field(val->server,2,asn1_decode_realm); + if (val->client != NULL) { + retval = asn1_krb5_realm_copy(val->client,val->server); + if (retval) return retval; } + + /* If opt_field server is missing, memory reference to server is + lost and results in memory leak */ + psave = val->server; + opt_field(val->server,3,asn1_decode_principal_name,NULL); + if (val->server == NULL) { + if (psave->realm.data) { + free(psave->realm.data); + psave->realm.data = NULL; + psave->realm.length=0; + } + free(psave); + } + opt_field(val->from,4,asn1_decode_kerberos_time,0); + get_field(val->till,5,asn1_decode_kerberos_time); + opt_field(val->rtime,6,asn1_decode_kerberos_time,0); + get_field(val->nonce,7,asn1_decode_int32); + get_lenfield(val->nktypes,val->ktype,8,asn1_decode_sequence_of_enctype); + opt_field(val->addresses,9,asn1_decode_host_addresses,0); + if (tagnum == 10) { + get_field(val->authorization_data,10,asn1_decode_encrypted_data); } + else { + val->authorization_data.magic = KV5M_ENC_DATA; + val->authorization_data.enctype = 0; + val->authorization_data.kvno = 0; + val->authorization_data.ciphertext.data = NULL; + val->authorization_data.ciphertext.length = 0; + } + opt_field(val->second_ticket,11,asn1_decode_sequence_of_ticket,NULL); + end_structure(); + val->magic = KV5M_KDC_REQ; } cleanup(); } @@ -677,18 +678,18 @@ asn1_error_code asn1_decode_krb_safe_body(asn1buf *buf, krb5_safe *val) { setup(); { begin_structure(); - get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring); - opt_field(val->timestamp,1,asn1_decode_kerberos_time,0); - opt_field(val->usec,2,asn1_decode_int32,0); - opt_field(val->seq_number,3,asn1_decode_seqnum,0); - alloc_field(val->s_address,krb5_address); - get_field(*(val->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { - alloc_field(val->r_address,krb5_address); - get_field(*(val->r_address),5,asn1_decode_host_address); - } else val->r_address = NULL; - end_structure(); - val->magic = KV5M_SAFE; + get_lenfield(val->user_data.length,val->user_data.data,0,asn1_decode_charstring); + opt_field(val->timestamp,1,asn1_decode_kerberos_time,0); + opt_field(val->usec,2,asn1_decode_int32,0); + opt_field(val->seq_number,3,asn1_decode_seqnum,0); + alloc_field(val->s_address,krb5_address); + get_field(*(val->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { + alloc_field(val->r_address,krb5_address); + get_field(*(val->r_address),5,asn1_decode_host_address); + } else val->r_address = NULL; + end_structure(); + val->magic = KV5M_SAFE; } cleanup(); } @@ -697,10 +698,10 @@ asn1_error_code asn1_decode_host_address(asn1buf *buf, krb5_address *val) { setup(); { begin_structure(); - get_field(val->addrtype,0,asn1_decode_addrtype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_ADDRESS; + get_field(val->addrtype,0,asn1_decode_addrtype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_ADDRESS; } cleanup(); } @@ -709,19 +710,19 @@ asn1_error_code asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val) { setup(); { begin_structure(); - { krb5_kvno pvno; - get_field(pvno,0,asn1_decode_kvno); - if (pvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } - get_field(val->msg_type,1,asn1_decode_msgtype); - opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL); - alloc_field(val->client,krb5_principal_data); - get_field(val->client,3,asn1_decode_realm); - get_field(val->client,4,asn1_decode_principal_name); - alloc_field(val->ticket,krb5_ticket); - get_field(*(val->ticket),5,asn1_decode_ticket); - get_field(val->enc_part,6,asn1_decode_encrypted_data); - end_structure(); - val->magic = KV5M_KDC_REP; + { krb5_kvno pvno; + get_field(pvno,0,asn1_decode_kvno); + if (pvno != KVNO) return KRB5KDC_ERR_BAD_PVNO; } + get_field(val->msg_type,1,asn1_decode_msgtype); + opt_field(val->padata,2,asn1_decode_sequence_of_pa_data,NULL); + alloc_field(val->client,krb5_principal_data); + get_field(val->client,3,asn1_decode_realm); + get_field(val->client,4,asn1_decode_principal_name); + alloc_field(val->ticket,krb5_ticket); + get_field(*(val->ticket),5,asn1_decode_ticket); + get_field(val->enc_part,6,asn1_decode_encrypted_data); + end_structure(); + val->magic = KV5M_KDC_REP; } cleanup(); } @@ -731,7 +732,7 @@ asn1_error_code asn1_decode_kdc_rep(asn1buf *buf, krb5_kdc_rep *val) #define get_element(element,decoder)\ retval = decoder(&seqbuf,element);\ if (retval) return retval - + static void * array_expand (void *array, int n_elts, size_t elt_size) { @@ -739,14 +740,14 @@ array_expand (void *array, int n_elts, size_t elt_size) size_t new_size; if (n_elts <= 0) - return NULL; + return NULL; if (n_elts > SIZE_MAX / elt_size) - return NULL; + return NULL; new_size = n_elts * elt_size; if (new_size == 0) - return NULL; + return NULL; if (new_size / elt_size != n_elts) - return NULL; + return NULL; new_array = realloc(array, new_size); return new_array; } @@ -768,7 +769,7 @@ if (*(array) == NULL) return ENOMEM;\ array_append(val,size,elt,type);\ }\ if (*val == NULL)\ - *val = (type **)malloc(sizeof(type*));\ + *val = (type **)malloc(sizeof(type*));\ (*val)[size] = NULL;\ end_sequence_of(buf);\ }\ @@ -784,10 +785,10 @@ asn1_error_code asn1_decode_authdata_elt(asn1buf *buf, krb5_authdata *val) { setup(); { begin_structure(); - get_field(val->ad_type,0,asn1_decode_authdatatype); - get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_AUTHDATA; + get_field(val->ad_type,0,asn1_decode_authdatatype); + get_lenfield(val->length,val->contents,1,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_AUTHDATA; } cleanup(); } @@ -811,24 +812,24 @@ asn1_error_code asn1_decode_krb_cred_info(asn1buf *buf, krb5_cred_info *val) { setup(); { begin_structure(); - alloc_field(val->session,krb5_keyblock); - get_field(*(val->session),0,asn1_decode_encryption_key); - if (tagnum == 1) { - alloc_field(val->client,krb5_principal_data); - opt_field(val->client,1,asn1_decode_realm,NULL); - opt_field(val->client,2,asn1_decode_principal_name,NULL); } - opt_field(val->flags,3,asn1_decode_ticket_flags,0); - opt_field(val->times.authtime,4,asn1_decode_kerberos_time,0); - opt_field(val->times.starttime,5,asn1_decode_kerberos_time,0); - opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0); - opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0); - if (tagnum == 8) { - alloc_field(val->server,krb5_principal_data); - opt_field(val->server,8,asn1_decode_realm,NULL); - opt_field(val->server,9,asn1_decode_principal_name,NULL); } - opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL); - end_structure(); - val->magic = KV5M_CRED_INFO; + alloc_field(val->session,krb5_keyblock); + get_field(*(val->session),0,asn1_decode_encryption_key); + if (tagnum == 1) { + alloc_field(val->client,krb5_principal_data); + opt_field(val->client,1,asn1_decode_realm,NULL); + opt_field(val->client,2,asn1_decode_principal_name,NULL); } + opt_field(val->flags,3,asn1_decode_ticket_flags,0); + opt_field(val->times.authtime,4,asn1_decode_kerberos_time,0); + opt_field(val->times.starttime,5,asn1_decode_kerberos_time,0); + opt_field(val->times.endtime,6,asn1_decode_kerberos_time,0); + opt_field(val->times.renew_till,7,asn1_decode_kerberos_time,0); + if (tagnum == 8) { + alloc_field(val->server,krb5_principal_data); + opt_field(val->server,8,asn1_decode_realm,NULL); + opt_field(val->server,9,asn1_decode_principal_name,NULL); } + opt_field(val->caddrs,10,asn1_decode_host_addresses,NULL); + end_structure(); + val->magic = KV5M_CRED_INFO; } cleanup(); } @@ -842,10 +843,10 @@ asn1_error_code asn1_decode_pa_data(asn1buf *buf, krb5_pa_data *val) { setup(); { begin_structure(); - get_field(val->pa_type,1,asn1_decode_int32); - get_lenfield(val->length,val->contents,2,asn1_decode_octetstring); - end_structure(); - val->magic = KV5M_PA_DATA; + get_field(val->pa_type,1,asn1_decode_int32); + get_lenfield(val->length,val->contents,2,asn1_decode_octetstring); + end_structure(); + val->magic = KV5M_PA_DATA; } cleanup(); } @@ -859,14 +860,14 @@ asn1_error_code asn1_decode_last_req_entry(asn1buf *buf, krb5_last_req_entry *va { setup(); { begin_structure(); - get_field(val->lr_type,0,asn1_decode_int32); - get_field(val->value,1,asn1_decode_kerberos_time); - end_structure(); - val->magic = KV5M_LAST_REQ_ENTRY; + get_field(val->lr_type,0,asn1_decode_int32); + get_field(val->value,1,asn1_decode_kerberos_time); + end_structure(); + val->magic = KV5M_LAST_REQ_ENTRY; #ifdef KRB5_GENEROUS_LR_TYPE - /* If we are only a single byte wide and negative - fill in the - other bits */ - if ((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U; + /* If we are only a single byte wide and negative - fill in the + other bits */ + if ((val->lr_type & 0xffffff80U) == 0x80) val->lr_type |= 0xffffff00U; #endif } cleanup(); @@ -876,18 +877,18 @@ asn1_error_code asn1_decode_sequence_of_enctype(asn1buf *buf, int *num, krb5_enc { asn1_error_code retval; { sequence_of(buf); - while (asn1buf_remains(&seqbuf,seqofindef) > 0) { - size++; - if (*val == NULL) - *val = (krb5_enctype*)malloc(size*sizeof(krb5_enctype)); - else - *val = (krb5_enctype*)realloc(*val,size*sizeof(krb5_enctype)); - if (*val == NULL) return ENOMEM; - retval = asn1_decode_enctype(&seqbuf,&((*val)[size-1])); - if (retval) return retval; - } - *num = size; - end_sequence_of(buf); + while (asn1buf_remains(&seqbuf,seqofindef) > 0) { + size++; + if (*val == NULL) + *val = (krb5_enctype*)malloc(size*sizeof(krb5_enctype)); + else + *val = (krb5_enctype*)realloc(*val,size*sizeof(krb5_enctype)); + if (*val == NULL) return ENOMEM; + retval = asn1_decode_enctype(&seqbuf,&((*val)[size-1])); + if (retval) return retval; + } + *num = size; + end_sequence_of(buf); } cleanup(); } @@ -901,26 +902,26 @@ static asn1_error_code asn1_decode_etype_info2_entry(asn1buf *buf, krb5_etype_in { setup(); { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - char *salt; - get_lenfield(val->length,salt,1,asn1_decode_generalstring); - val->salt = (krb5_octet *) salt; - } else { - val->length = KRB5_ETYPE_NO_SALT; - val->salt = 0; - } - if ( tagnum ==2) { - krb5_octet *params ; - get_lenfield( val->s2kparams.length, params, - 2, asn1_decode_octetstring); - val->s2kparams.data = ( char *) params; - } else { - val->s2kparams.data = NULL; - val->s2kparams.length = 0; - } - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { + char *salt; + get_lenfield(val->length,salt,1,asn1_decode_generalstring); + val->salt = (krb5_octet *) salt; + } else { + val->length = KRB5_ETYPE_NO_SALT; + val->salt = 0; + } + if ( tagnum ==2) { + krb5_octet *params ; + get_lenfield( val->s2kparams.length, params, + 2, asn1_decode_octetstring); + val->s2kparams.data = ( char *) params; + } else { + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + } + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; } cleanup(); } @@ -929,24 +930,24 @@ static asn1_error_code asn1_decode_etype_info2_entry_1_3(asn1buf *buf, krb5_etyp { setup(); { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else { - val->length = KRB5_ETYPE_NO_SALT; - val->salt = 0; - } - if ( tagnum ==2) { - krb5_octet *params ; - get_lenfield( val->s2kparams.length, params, - 2, asn1_decode_octetstring); - val->s2kparams.data = ( char *) params; - } else { - val->s2kparams.data = NULL; - val->s2kparams.length = 0; - } - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { + get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); + } else { + val->length = KRB5_ETYPE_NO_SALT; + val->salt = 0; + } + if ( tagnum ==2) { + krb5_octet *params ; + get_lenfield( val->s2kparams.length, params, + 2, asn1_decode_octetstring); + val->s2kparams.data = ( char *) params; + } else { + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + } + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; } cleanup(); } @@ -956,18 +957,18 @@ static asn1_error_code asn1_decode_etype_info_entry(asn1buf *buf, krb5_etype_inf { setup(); { begin_structure(); - get_field(val->etype,0,asn1_decode_enctype); - if (tagnum == 1) { - get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); - } else { - val->length = KRB5_ETYPE_NO_SALT; - val->salt = 0; - } - val->s2kparams.data = NULL; - val->s2kparams.length = 0; - - end_structure(); - val->magic = KV5M_ETYPE_INFO_ENTRY; + get_field(val->etype,0,asn1_decode_enctype); + if (tagnum == 1) { + get_lenfield(val->length,val->salt,1,asn1_decode_octetstring); + } else { + val->length = KRB5_ETYPE_NO_SALT; + val->salt = 0; + } + val->s2kparams.data = NULL; + val->s2kparams.length = 0; + + end_structure(); + val->magic = KV5M_ETYPE_INFO_ENTRY; } cleanup(); } @@ -978,14 +979,14 @@ asn1_error_code asn1_decode_etype_info(asn1buf *buf, krb5_etype_info_entry ***va } asn1_error_code asn1_decode_etype_info2(asn1buf *buf, krb5_etype_info_entry ***val , - krb5_boolean v1_3_behavior) + krb5_boolean v1_3_behavior) { if (v1_3_behavior) { - decode_array_body(krb5_etype_info_entry, - asn1_decode_etype_info2_entry_1_3); + decode_array_body(krb5_etype_info_entry, + asn1_decode_etype_info2_entry_1_3); } else { - decode_array_body(krb5_etype_info_entry, - asn1_decode_etype_info2_entry); + decode_array_body(krb5_etype_info_entry, + asn1_decode_etype_info2_entry); } } @@ -993,16 +994,16 @@ asn1_error_code asn1_decode_passwdsequence(asn1buf *buf, passwd_phrase_element * { setup(); { begin_structure(); - alloc_field(val->passwd,krb5_data); - get_lenfield(val->passwd->length,val->passwd->data, - 0,asn1_decode_charstring); - val->passwd->magic = KV5M_DATA; - alloc_field(val->phrase,krb5_data); - get_lenfield(val->phrase->length,val->phrase->data, - 1,asn1_decode_charstring); - val->phrase->magic = KV5M_DATA; - end_structure(); - val->magic = KV5M_PASSWD_PHRASE_ELEMENT; + alloc_field(val->passwd,krb5_data); + get_lenfield(val->passwd->length,val->passwd->data, + 0,asn1_decode_charstring); + val->passwd->magic = KV5M_DATA; + alloc_field(val->phrase,krb5_data); + get_lenfield(val->phrase->length,val->phrase->data, + 1,asn1_decode_charstring); + val->phrase->magic = KV5M_DATA; + end_structure(); + val->magic = KV5M_PASSWD_PHRASE_ELEMENT; } cleanup(); } @@ -1025,18 +1026,18 @@ asn1_error_code asn1_decode_sam_challenge(asn1buf *buf, krb5_sam_challenge *val) { setup(); { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_type_name,2,asn1_decode_charstring); - opt_string(val->sam_track_id,3,asn1_decode_charstring); - opt_string(val->sam_challenge_label,4,asn1_decode_charstring); - opt_string(val->sam_challenge,5,asn1_decode_charstring); - opt_string(val->sam_response_prompt,6,asn1_decode_charstring); - opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); - opt_field(val->sam_nonce,8,asn1_decode_int32,0); - opt_cksum(val->sam_cksum,9,asn1_decode_checksum); - end_structure(); - val->magic = KV5M_SAM_CHALLENGE; + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_type_name,2,asn1_decode_charstring); + opt_string(val->sam_track_id,3,asn1_decode_charstring); + opt_string(val->sam_challenge_label,4,asn1_decode_charstring); + opt_string(val->sam_challenge,5,asn1_decode_charstring); + opt_string(val->sam_response_prompt,6,asn1_decode_charstring); + opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); + opt_field(val->sam_nonce,8,asn1_decode_int32,0); + opt_cksum(val->sam_cksum,9,asn1_decode_checksum); + end_structure(); + val->magic = KV5M_SAM_CHALLENGE; } cleanup(); } @@ -1044,25 +1045,25 @@ asn1_error_code asn1_decode_sam_challenge_2(asn1buf *buf, krb5_sam_challenge_2 * { setup(); { char *save, *end; - size_t alloclen; - begin_structure(); - if (tagnum != 0) return ASN1_MISSING_FIELD; - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - return ASN1_BAD_ID; - save = subbuf.next; - { sequence_of_no_tagvars(&subbuf); - unused_var(size); - end_sequence_of_no_tagvars(&subbuf); - } - end = subbuf.next; - alloclen = end - save; - if ((val->sam_challenge_2_body.data = (char *) malloc(alloclen)) == NULL) - return ENOMEM; - val->sam_challenge_2_body.length = alloclen; - memcpy(val->sam_challenge_2_body.data, save, alloclen); - next_tag(); - get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum); - end_structure(); + size_t alloclen; + begin_structure(); + if (tagnum != 0) return ASN1_MISSING_FIELD; + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) + return ASN1_BAD_ID; + save = subbuf.next; + { sequence_of_no_tagvars(&subbuf); + unused_var(size); + end_sequence_of_no_tagvars(&subbuf); + } + end = subbuf.next; + alloclen = end - save; + if ((val->sam_challenge_2_body.data = (char *) malloc(alloclen)) == NULL) + return ENOMEM; + val->sam_challenge_2_body.length = alloclen; + memcpy(val->sam_challenge_2_body.data, save, alloclen); + next_tag(); + get_field(val->sam_cksum, 1, asn1_decode_sequence_of_checksum); + end_structure(); } cleanup(); } @@ -1070,18 +1071,18 @@ asn1_error_code asn1_decode_sam_challenge_2_body(asn1buf *buf, krb5_sam_challeng { setup(); { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_type_name,2,asn1_decode_charstring); - opt_string(val->sam_track_id,3,asn1_decode_charstring); - opt_string(val->sam_challenge_label,4,asn1_decode_charstring); - opt_string(val->sam_challenge,5,asn1_decode_charstring); - opt_string(val->sam_response_prompt,6,asn1_decode_charstring); - opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); - get_field(val->sam_nonce,8,asn1_decode_int32); - get_field(val->sam_etype, 9, asn1_decode_int32); - end_structure(); - val->magic = KV5M_SAM_CHALLENGE; + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_type_name,2,asn1_decode_charstring); + opt_string(val->sam_track_id,3,asn1_decode_charstring); + opt_string(val->sam_challenge_label,4,asn1_decode_charstring); + opt_string(val->sam_challenge,5,asn1_decode_charstring); + opt_string(val->sam_response_prompt,6,asn1_decode_charstring); + opt_string(val->sam_pk_for_sad,7,asn1_decode_charstring); + get_field(val->sam_nonce,8,asn1_decode_int32); + get_field(val->sam_etype, 9, asn1_decode_int32); + end_structure(); + val->magic = KV5M_SAM_CHALLENGE; } cleanup(); } @@ -1089,10 +1090,10 @@ asn1_error_code asn1_decode_enc_sam_key(asn1buf *buf, krb5_sam_key *val) { setup(); { begin_structure(); - /* alloc_field(val->sam_key,krb5_keyblock); */ - get_field(val->sam_key,0,asn1_decode_encryption_key); - end_structure(); - val->magic = KV5M_SAM_KEY; + /* alloc_field(val->sam_key,krb5_keyblock); */ + get_field(val->sam_key,0,asn1_decode_encryption_key); + end_structure(); + val->magic = KV5M_SAM_KEY; } cleanup(); } @@ -1101,12 +1102,12 @@ asn1_error_code asn1_decode_enc_sam_response_enc(asn1buf *buf, krb5_enc_sam_resp { setup(); { begin_structure(); - opt_field(val->sam_nonce,0,asn1_decode_int32,0); - opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); - opt_field(val->sam_usec,2,asn1_decode_int32,0); - opt_string(val->sam_sad,3,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_SAM_RESPONSE_ENC; + opt_field(val->sam_nonce,0,asn1_decode_int32,0); + opt_field(val->sam_timestamp,1,asn1_decode_kerberos_time,0); + opt_field(val->sam_usec,2,asn1_decode_int32,0); + opt_string(val->sam_sad,3,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_SAM_RESPONSE_ENC; } cleanup(); } @@ -1115,10 +1116,10 @@ asn1_error_code asn1_decode_enc_sam_response_enc_2(asn1buf *buf, krb5_enc_sam_re { setup(); { begin_structure(); - get_field(val->sam_nonce,0,asn1_decode_int32); - opt_string(val->sam_sad,1,asn1_decode_charstring); - end_structure(); - val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2; + get_field(val->sam_nonce,0,asn1_decode_int32); + opt_string(val->sam_sad,1,asn1_decode_charstring); + end_structure(); + val->magic = KV5M_ENC_SAM_RESPONSE_ENC_2; } cleanup(); } @@ -1138,15 +1139,15 @@ asn1_error_code asn1_decode_sam_response(asn1buf *buf, krb5_sam_response *val) { setup(); { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_track_id,2,asn1_decode_charstring); - opt_encfield(val->sam_enc_key,3,asn1_decode_encrypted_data); - get_field(val->sam_enc_nonce_or_ts,4,asn1_decode_encrypted_data); - opt_field(val->sam_nonce,5,asn1_decode_int32,0); - opt_field(val->sam_patimestamp,6,asn1_decode_kerberos_time,0); - end_structure(); - val->magic = KV5M_SAM_RESPONSE; + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_track_id,2,asn1_decode_charstring); + opt_encfield(val->sam_enc_key,3,asn1_decode_encrypted_data); + get_field(val->sam_enc_nonce_or_ts,4,asn1_decode_encrypted_data); + opt_field(val->sam_nonce,5,asn1_decode_int32,0); + opt_field(val->sam_patimestamp,6,asn1_decode_kerberos_time,0); + end_structure(); + val->magic = KV5M_SAM_RESPONSE; } cleanup(); } @@ -1155,13 +1156,13 @@ asn1_error_code asn1_decode_sam_response_2(asn1buf *buf, krb5_sam_response_2 *va { setup(); { begin_structure(); - get_field(val->sam_type,0,asn1_decode_int32); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - opt_string(val->sam_track_id,2,asn1_decode_charstring); - get_field(val->sam_enc_nonce_or_sad,3,asn1_decode_encrypted_data); - get_field(val->sam_nonce,4,asn1_decode_int32); - end_structure(); - val->magic = KV5M_SAM_RESPONSE; + get_field(val->sam_type,0,asn1_decode_int32); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + opt_string(val->sam_track_id,2,asn1_decode_charstring); + get_field(val->sam_enc_nonce_or_sad,3,asn1_decode_encrypted_data); + get_field(val->sam_nonce,4,asn1_decode_int32); + end_structure(); + val->magic = KV5M_SAM_RESPONSE; } cleanup(); } @@ -1171,16 +1172,16 @@ asn1_error_code asn1_decode_predicted_sam_response(asn1buf *buf, krb5_predicted_ { setup(); { begin_structure(); - get_field(val->sam_key,0,asn1_decode_encryption_key); - get_field(val->sam_flags,1,asn1_decode_sam_flags); - get_field(val->stime,2,asn1_decode_kerberos_time); - get_field(val->susec,3,asn1_decode_int32); - alloc_field(val->client,krb5_principal_data); - get_field(val->client,4,asn1_decode_realm); - get_field(val->client,5,asn1_decode_principal_name); - opt_string(val->msd,6,asn1_decode_charstring); /* should be octet */ - end_structure(); - val->magic = KV5M_PREDICTED_SAM_RESPONSE; + get_field(val->sam_key,0,asn1_decode_encryption_key); + get_field(val->sam_flags,1,asn1_decode_sam_flags); + get_field(val->stime,2,asn1_decode_kerberos_time); + get_field(val->susec,3,asn1_decode_int32); + alloc_field(val->client,krb5_principal_data); + get_field(val->client,4,asn1_decode_realm); + get_field(val->client,5,asn1_decode_principal_name); + opt_string(val->msd,6,asn1_decode_charstring); /* should be octet */ + end_structure(); + val->magic = KV5M_PREDICTED_SAM_RESPONSE; } cleanup(); } @@ -1192,11 +1193,11 @@ asn1_error_code asn1_decode_external_principal_identifier(asn1buf *buf, krb5_ext { setup(); { - begin_structure(); - opt_implicit_octet_string(val->subjectName.length, val->subjectName.data, 0); - opt_implicit_octet_string(val->issuerAndSerialNumber.length, val->issuerAndSerialNumber.data, 1); - opt_implicit_octet_string(val->subjectKeyIdentifier.length, val->subjectKeyIdentifier.data, 2); - end_structure(); + begin_structure(); + opt_implicit_octet_string(val->subjectName.length, val->subjectName.data, 0); + opt_implicit_octet_string(val->issuerAndSerialNumber.length, val->issuerAndSerialNumber.data, 1); + opt_implicit_octet_string(val->subjectKeyIdentifier.length, val->subjectKeyIdentifier.data, 2); + end_structure(); } cleanup(); } @@ -1210,60 +1211,60 @@ asn1_error_code asn1_decode_pa_pk_as_req(asn1buf *buf, krb5_pa_pk_as_req *val) { setup(); { - begin_structure(); - get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); - opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_external_principal_identifier, NULL); - opt_implicit_octet_string(val->kdcPkId.length, val->kdcPkId.data, 2); - end_structure(); + begin_structure(); + get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); + opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_external_principal_identifier, NULL); + opt_implicit_octet_string(val->kdcPkId.length, val->kdcPkId.data, 2); + end_structure(); } cleanup(); } -#if 0 /* XXX This needs to be tested!!! XXX */ +#if 0 /* XXX This needs to be tested!!! XXX */ asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val) { setup(); - { - char *start, *end; - size_t alloclen; - - begin_explicit_choice(); - if (t.tagnum == choice_trusted_cas_principalName) { - val->choice = choice_trusted_cas_principalName; - } else if (t.tagnum == choice_trusted_cas_caName) { - val->choice = choice_trusted_cas_caName; - start = subbuf.next; - { - sequence_of_no_tagvars(&subbuf); - unused_var(size); - end_sequence_of_no_tagvars(&subbuf); - } - end = subbuf.next; - alloclen = end - start; - val->u.caName.data = malloc(alloclen); - if (val->u.caName.data == NULL) - return ENOMEM; - memcpy(val->u.caName.data, start, alloclen); - val->u.caName.length = alloclen; - next_tag(); - } else if (t.tagnum == choice_trusted_cas_issuerAndSerial) { - val->choice = choice_trusted_cas_issuerAndSerial; - start = subbuf.next; - { - sequence_of_no_tagvars(&subbuf); - unused_var(size); - end_sequence_of_no_tagvars(&subbuf); - } - end = subbuf.next; - alloclen = end - start; - val->u.issuerAndSerial.data = malloc(alloclen); - if (val->u.issuerAndSerial.data == NULL) - return ENOMEM; - memcpy(val->u.issuerAndSerial.data, start, alloclen); - val->u.issuerAndSerial.length = alloclen; - next_tag(); - } else return ASN1_BAD_ID; - end_explicit_choice(); + { + char *start, *end; + size_t alloclen; + + begin_explicit_choice(); + if (t.tagnum == choice_trusted_cas_principalName) { + val->choice = choice_trusted_cas_principalName; + } else if (t.tagnum == choice_trusted_cas_caName) { + val->choice = choice_trusted_cas_caName; + start = subbuf.next; + { + sequence_of_no_tagvars(&subbuf); + unused_var(size); + end_sequence_of_no_tagvars(&subbuf); + } + end = subbuf.next; + alloclen = end - start; + val->u.caName.data = malloc(alloclen); + if (val->u.caName.data == NULL) + return ENOMEM; + memcpy(val->u.caName.data, start, alloclen); + val->u.caName.length = alloclen; + next_tag(); + } else if (t.tagnum == choice_trusted_cas_issuerAndSerial) { + val->choice = choice_trusted_cas_issuerAndSerial; + start = subbuf.next; + { + sequence_of_no_tagvars(&subbuf); + unused_var(size); + end_sequence_of_no_tagvars(&subbuf); + } + end = subbuf.next; + alloclen = end - start; + val->u.issuerAndSerial.data = malloc(alloclen); + if (val->u.issuerAndSerial.data == NULL) + return ENOMEM; + memcpy(val->u.issuerAndSerial.data, start, alloclen); + val->u.issuerAndSerial.length = alloclen; + next_tag(); + } else return ASN1_BAD_ID; + end_explicit_choice(); } cleanup(); } @@ -1272,18 +1273,18 @@ asn1_error_code asn1_decode_trusted_ca(asn1buf *buf, krb5_trusted_ca *val) { setup(); { begin_choice(); - if (tagnum == choice_trusted_cas_principalName) { - val->choice = choice_trusted_cas_principalName; - asn1_decode_krb5_principal_name(&subbuf, &(val->u.principalName)); - } else if (tagnum == choice_trusted_cas_caName) { - val->choice = choice_trusted_cas_caName; - get_implicit_octet_string(val->u.caName.length, val->u.caName.data, choice_trusted_cas_caName); - } else if (tagnum == choice_trusted_cas_issuerAndSerial) { - val->choice = choice_trusted_cas_issuerAndSerial; - get_implicit_octet_string(val->u.issuerAndSerial.length, val->u.issuerAndSerial.data, - choice_trusted_cas_issuerAndSerial); - } else return ASN1_BAD_ID; - end_choice(); + if (tagnum == choice_trusted_cas_principalName) { + val->choice = choice_trusted_cas_principalName; + asn1_decode_krb5_principal_name(&subbuf, &(val->u.principalName)); + } else if (tagnum == choice_trusted_cas_caName) { + val->choice = choice_trusted_cas_caName; + get_implicit_octet_string(val->u.caName.length, val->u.caName.data, choice_trusted_cas_caName); + } else if (tagnum == choice_trusted_cas_issuerAndSerial) { + val->choice = choice_trusted_cas_issuerAndSerial; + get_implicit_octet_string(val->u.issuerAndSerial.length, val->u.issuerAndSerial.data, + choice_trusted_cas_issuerAndSerial); + } else return ASN1_BAD_ID; + end_choice(); } cleanup(); } @@ -1298,11 +1299,11 @@ asn1_error_code asn1_decode_pa_pk_as_req_draft9(asn1buf *buf, krb5_pa_pk_as_req_ { setup(); { begin_structure(); - get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); - opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_trusted_ca, NULL); - opt_lenfield(val->kdcCert.length, val->kdcCert.data, 2, asn1_decode_octetstring); - opt_lenfield(val->encryptionCert.length, val->encryptionCert.data, 2, asn1_decode_octetstring); - end_structure(); + get_implicit_octet_string(val->signedAuthPack.length, val->signedAuthPack.data, 0); + opt_field(val->trustedCertifiers, 1, asn1_decode_sequence_of_trusted_ca, NULL); + opt_lenfield(val->kdcCert.length, val->kdcCert.data, 2, asn1_decode_octetstring); + opt_lenfield(val->encryptionCert.length, val->encryptionCert.data, 2, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1311,10 +1312,10 @@ asn1_error_code asn1_decode_dh_rep_info(asn1buf *buf, krb5_dh_rep_info *val) { setup(); { begin_structure(); - get_implicit_octet_string(val->dhSignedData.length, val->dhSignedData.data, 0); + get_implicit_octet_string(val->dhSignedData.length, val->dhSignedData.data, 0); - opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, asn1_decode_octetstring); - end_structure(); + opt_lenfield(val->serverDHNonce.length, val->serverDHNonce.data, 1, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1323,11 +1324,11 @@ asn1_error_code asn1_decode_pk_authenticator(asn1buf *buf, krb5_pk_authenticator { setup(); { begin_structure(); - get_field(val->cusec, 0, asn1_decode_int32); - get_field(val->ctime, 1, asn1_decode_kerberos_time); - get_field(val->nonce, 2, asn1_decode_int32); - opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring); - end_structure(); + get_field(val->cusec, 0, asn1_decode_int32); + get_field(val->ctime, 1, asn1_decode_kerberos_time); + get_field(val->nonce, 2, asn1_decode_int32); + opt_lenfield(val->paChecksum.length, val->paChecksum.contents, 3, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1336,13 +1337,13 @@ asn1_error_code asn1_decode_pk_authenticator_draft9(asn1buf *buf, krb5_pk_authen { setup(); { begin_structure(); - alloc_field(val->kdcName,krb5_principal_data); - get_field(val->kdcName, 0, asn1_decode_principal_name); - get_field(val->kdcName, 1, asn1_decode_realm); - get_field(val->cusec, 2, asn1_decode_int32); - get_field(val->ctime, 3, asn1_decode_kerberos_time); - get_field(val->nonce, 4, asn1_decode_int32); - end_structure(); + alloc_field(val->kdcName,krb5_principal_data); + get_field(val->kdcName, 0, asn1_decode_principal_name); + get_field(val->kdcName, 1, asn1_decode_realm); + get_field(val->cusec, 2, asn1_decode_int32); + get_field(val->ctime, 3, asn1_decode_kerberos_time); + get_field(val->nonce, 4, asn1_decode_int32); + end_structure(); } cleanup(); } @@ -1351,39 +1352,39 @@ asn1_error_code asn1_decode_algorithm_identifier(asn1buf *buf, krb5_algorithm_i setup(); { begin_structure_no_tag(); - /* - * Forbid indefinite encoding because we don't read enough tag - * information from the trailing octets ("ANY DEFINED BY") to - * synchronize EOC tags, etc. - */ - if (seqindef) return ASN1_BAD_FORMAT; - /* - * Set up tag variables because we don't actually call anything - * that fetches tag info for us; it's all buried in the decoder - * primitives. - */ - tagnum = ASN1_TAGNUM_CEILING; - asn1class = UNIVERSAL; - construction = PRIMITIVE; - taglen = 0; - indef = 0; - retval = asn1_decode_oid(&subbuf, &val->algorithm.length, - &val->algorithm.data); - if (retval) return retval; - val->parameters.length = 0; - val->parameters.data = NULL; - - if (length > subbuf.next - subbuf.base) { - unsigned int size = length - (subbuf.next - subbuf.base); - retval = asn1buf_remove_octetstring(&subbuf, size, - &val->parameters.data); - if (retval) return retval; - val->parameters.length = size; - } - - end_structure(); + /* + * Forbid indefinite encoding because we don't read enough tag + * information from the trailing octets ("ANY DEFINED BY") to + * synchronize EOC tags, etc. + */ + if (seqindef) return ASN1_BAD_FORMAT; + /* + * Set up tag variables because we don't actually call anything + * that fetches tag info for us; it's all buried in the decoder + * primitives. + */ + tagnum = ASN1_TAGNUM_CEILING; + asn1class = UNIVERSAL; + construction = PRIMITIVE; + taglen = 0; + indef = 0; + retval = asn1_decode_oid(&subbuf, &val->algorithm.length, + &val->algorithm.data); + if (retval) return retval; + val->parameters.length = 0; + val->parameters.data = NULL; + + if (length > subbuf.next - subbuf.base) { + unsigned int size = length - (subbuf.next - subbuf.base); + retval = asn1buf_remove_octetstring(&subbuf, size, + &val->parameters.data); + if (retval) return retval; + val->parameters.length = size; + } + + end_structure(); } - cleanup(); + cleanup(); } asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info *val) @@ -1392,35 +1393,35 @@ asn1_error_code asn1_decode_subject_pk_info(asn1buf *buf, krb5_subject_pk_info * setup(); { begin_structure_no_tag(); - retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm); - if (retval) return retval; - - /* SubjectPublicKey encoded as a BIT STRING */ - next_tag(); - if (asn1class != UNIVERSAL || construction != PRIMITIVE || - tagnum != ASN1_BITSTRING) - return ASN1_BAD_ID; - - retval = asn1buf_remove_octet(&subbuf, &unused); - if (retval) return retval; - - /* Number of unused bits must be between 0 and 7. */ - /* What to do if unused is not zero? */ - if (unused > 7) return ASN1_BAD_FORMAT; - taglen--; - - val->subjectPublicKey.length = 0; - val->subjectPublicKey.data = NULL; - retval = asn1buf_remove_octetstring(&subbuf, taglen, - &val->subjectPublicKey.data); - if (retval) return retval; - val->subjectPublicKey.length = taglen; - /* - * We didn't call any macro that does next_tag(); do so now to - * preload tag of any trailing encodings. - */ - next_tag(); - end_structure(); + retval = asn1_decode_algorithm_identifier(&subbuf, &val->algorithm); + if (retval) return retval; + + /* SubjectPublicKey encoded as a BIT STRING */ + next_tag(); + if (asn1class != UNIVERSAL || construction != PRIMITIVE || + tagnum != ASN1_BITSTRING) + return ASN1_BAD_ID; + + retval = asn1buf_remove_octet(&subbuf, &unused); + if (retval) return retval; + + /* Number of unused bits must be between 0 and 7. */ + /* What to do if unused is not zero? */ + if (unused > 7) return ASN1_BAD_FORMAT; + taglen--; + + val->subjectPublicKey.length = 0; + val->subjectPublicKey.data = NULL; + retval = asn1buf_remove_octetstring(&subbuf, taglen, + &val->subjectPublicKey.data); + if (retval) return retval; + val->subjectPublicKey.length = taglen; + /* + * We didn't call any macro that does next_tag(); do so now to + * preload tag of any trailing encodings. + */ + next_tag(); + end_structure(); } cleanup(); } @@ -1434,13 +1435,13 @@ asn1_error_code asn1_decode_kdc_dh_key_info (asn1buf *buf, krb5_kdc_dh_key_info { setup(); { begin_structure(); - retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); - if (retval) return retval; - val->subjectPublicKey.length = taglen; - next_tag(); - get_field(val->nonce, 1, asn1_decode_int32); - opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0); - end_structure(); + retval = asn1buf_remove_octetstring(&subbuf, taglen, &val->subjectPublicKey.data); + if (retval) return retval; + val->subjectPublicKey.length = taglen; + next_tag(); + get_field(val->nonce, 1, asn1_decode_int32); + opt_field(val->dhKeyExpiration, 2, asn1_decode_kerberos_time, 0); + end_structure(); } cleanup(); } @@ -1449,9 +1450,9 @@ asn1_error_code asn1_decode_reply_key_pack (asn1buf *buf, krb5_reply_key_pack *v { setup(); { begin_structure(); - get_field(val->replyKey, 0, asn1_decode_encryption_key); - get_field(val->asChecksum, 1, asn1_decode_checksum); - end_structure(); + get_field(val->replyKey, 0, asn1_decode_encryption_key); + get_field(val->asChecksum, 1, asn1_decode_checksum); + end_structure(); } cleanup(); } @@ -1460,9 +1461,9 @@ asn1_error_code asn1_decode_reply_key_pack_draft9 (asn1buf *buf, krb5_reply_key_ { setup(); { begin_structure(); - get_field(val->replyKey, 0, asn1_decode_encryption_key); - get_field(val->nonce, 1, asn1_decode_int32); - end_structure(); + get_field(val->replyKey, 0, asn1_decode_encryption_key); + get_field(val->nonce, 1, asn1_decode_int32); + end_structure(); } cleanup(); } @@ -1472,9 +1473,9 @@ asn1_error_code asn1_decode_krb5_principal_name (asn1buf *buf, krb5_principal *v { setup(); { begin_structure(); - get_field(*val, 0, asn1_decode_realm); - get_field(*val, 1, asn1_decode_principal_name); - end_structure(); + get_field(*val, 0, asn1_decode_realm); + get_field(*val, 1, asn1_decode_principal_name); + end_structure(); } cleanup(); } @@ -1483,30 +1484,30 @@ asn1_error_code asn1_decode_auth_pack(asn1buf *buf, krb5_auth_pack *val) { setup(); { begin_structure(); - get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator); - if (tagnum == 1) { alloc_field(val->clientPublicValue, krb5_subject_pk_info); } - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - && (tagnum || taglen || asn1class != UNIVERSAL)) - return ASN1_BAD_ID; - if (tagnum == 1) { - retval = asn1_decode_subject_pk_info(&subbuf, - val->clientPublicValue); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->clientPublicValue = NULL; - } - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if (tagnum == 2) { - asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->supportedCMSTypes = NULL; - } - opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring); - end_structure(); + get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator); + if (tagnum == 1) { alloc_field(val->clientPublicValue, krb5_subject_pk_info); } + /* can't call opt_field because it does decoder(&subbuf, &(val)); */ + if (asn1buf_remains(&subbuf, seqindef)) { + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) + && (tagnum || taglen || asn1class != UNIVERSAL)) + return ASN1_BAD_ID; + if (tagnum == 1) { + retval = asn1_decode_subject_pk_info(&subbuf, + val->clientPublicValue); + if (!taglen && indef) { get_eoc(); } + next_tag(); + } else val->clientPublicValue = NULL; + } + /* can't call opt_field because it does decoder(&subbuf, &(val)); */ + if (asn1buf_remains(&subbuf, seqindef)) { + if (tagnum == 2) { + asn1_decode_sequence_of_algorithm_identifier(&subbuf, &val->supportedCMSTypes); + if (!taglen && indef) { get_eoc(); } + next_tag(); + } else val->supportedCMSTypes = NULL; + } + opt_lenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_decode_octetstring); + end_structure(); } cleanup(); } @@ -1515,23 +1516,23 @@ asn1_error_code asn1_decode_auth_pack_draft9(asn1buf *buf, krb5_auth_pack_draft9 { setup(); { begin_structure(); - get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9); - if (tagnum == 1) { - alloc_field(val->clientPublicValue, krb5_subject_pk_info); - /* can't call opt_field because it does decoder(&subbuf, &(val)); */ - if (asn1buf_remains(&subbuf, seqindef)) { - if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) - && (tagnum || taglen || asn1class != UNIVERSAL)) - return ASN1_BAD_ID; - if (tagnum == 1) { - retval = asn1_decode_subject_pk_info(&subbuf, - val->clientPublicValue); - if (!taglen && indef) { get_eoc(); } - next_tag(); - } else val->clientPublicValue = NULL; - } - } - end_structure(); + get_field(val->pkAuthenticator, 0, asn1_decode_pk_authenticator_draft9); + if (tagnum == 1) { + alloc_field(val->clientPublicValue, krb5_subject_pk_info); + /* can't call opt_field because it does decoder(&subbuf, &(val)); */ + if (asn1buf_remains(&subbuf, seqindef)) { + if ((asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) + && (tagnum || taglen || asn1class != UNIVERSAL)) + return ASN1_BAD_ID; + if (tagnum == 1) { + retval = asn1_decode_subject_pk_info(&subbuf, + val->clientPublicValue); + if (!taglen && indef) { get_eoc(); } + next_tag(); + } else val->clientPublicValue = NULL; + } + } + end_structure(); } cleanup(); } @@ -1540,17 +1541,17 @@ asn1_error_code asn1_decode_pa_pk_as_rep(asn1buf *buf, krb5_pa_pk_as_rep *val) { setup(); { begin_choice(); - if (tagnum == choice_pa_pk_as_rep_dhInfo) { - val->choice = choice_pa_pk_as_rep_dhInfo; - get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info); - } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) { - val->choice = choice_pa_pk_as_rep_encKeyPack; - get_implicit_octet_string(val->u.encKeyPack.length, val->u.encKeyPack.data, - choice_pa_pk_as_rep_encKeyPack); - } else { - val->choice = choice_pa_pk_as_rep_UNKNOWN; - } - end_choice(); + if (tagnum == choice_pa_pk_as_rep_dhInfo) { + val->choice = choice_pa_pk_as_rep_dhInfo; + get_field_body(val->u.dh_Info, asn1_decode_dh_rep_info); + } else if (tagnum == choice_pa_pk_as_rep_encKeyPack) { + val->choice = choice_pa_pk_as_rep_encKeyPack; + get_implicit_octet_string(val->u.encKeyPack.length, val->u.encKeyPack.data, + choice_pa_pk_as_rep_encKeyPack); + } else { + val->choice = choice_pa_pk_as_rep_UNKNOWN; + } + end_choice(); } cleanup(); } @@ -1559,18 +1560,18 @@ asn1_error_code asn1_decode_pa_pk_as_rep_draft9(asn1buf *buf, krb5_pa_pk_as_rep_ { setup(); { begin_structure(); - if (tagnum == choice_pa_pk_as_rep_draft9_dhSignedData) { - val->choice = choice_pa_pk_as_rep_draft9_dhSignedData; - get_lenfield(val->u.dhSignedData.length, val->u.dhSignedData.data, - choice_pa_pk_as_rep_draft9_dhSignedData, asn1_decode_octetstring); - } else if (tagnum == choice_pa_pk_as_rep_draft9_encKeyPack) { - val->choice = choice_pa_pk_as_rep_draft9_encKeyPack; - get_lenfield(val->u.encKeyPack.length, val->u.encKeyPack.data, - choice_pa_pk_as_rep_draft9_encKeyPack, asn1_decode_octetstring); - } else { - val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; - } - end_structure(); + if (tagnum == choice_pa_pk_as_rep_draft9_dhSignedData) { + val->choice = choice_pa_pk_as_rep_draft9_dhSignedData; + get_lenfield(val->u.dhSignedData.length, val->u.dhSignedData.data, + choice_pa_pk_as_rep_draft9_dhSignedData, asn1_decode_octetstring); + } else if (tagnum == choice_pa_pk_as_rep_draft9_encKeyPack) { + val->choice = choice_pa_pk_as_rep_draft9_encKeyPack; + get_lenfield(val->u.encKeyPack.length, val->u.encKeyPack.data, + choice_pa_pk_as_rep_draft9_encKeyPack, asn1_decode_octetstring); + } else { + val->choice = choice_pa_pk_as_rep_draft9_UNKNOWN; + } + end_structure(); } cleanup(); } @@ -1580,13 +1581,13 @@ asn1_error_code asn1_decode_sequence_of_typed_data(asn1buf *buf, krb5_typed_data decode_array_body(krb5_typed_data,asn1_decode_typed_data); } -asn1_error_code asn1_decode_typed_data(asn1buf *buf, krb5_typed_data *val) +asn1_error_code asn1_decode_typed_data(asn1buf *buf, krb5_typed_data *val) { setup(); { begin_structure(); - get_field(val->type,0,asn1_decode_int32); - get_lenfield(val->length,val->data,1,asn1_decode_octetstring); - end_structure(); + get_field(val->type,0,asn1_decode_int32); + get_lenfield(val->length,val->data,1,asn1_decode_octetstring); + end_structure(); } cleanup(); } diff --git a/src/lib/krb5/asn.1/asn1_k_decode.h b/src/lib/krb5/asn.1/asn1_k_decode.h index 72c4e293c..8541a822d 100644 --- a/src/lib/krb5/asn.1/asn1_k_decode.h +++ b/src/lib/krb5/asn.1/asn1_k_decode.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_decode.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -34,161 +35,161 @@ /* asn1_error_code asn1_decode_scalar_type(asn1buf *buf, krb5_scalar *val); */ /* requires *buf is allocated, *buf's current position points to the beginning of an encoding (<id> <len> <contents>), - *val is allocated + *val is allocated effects Decodes the encoding in *buf, returning the result in *val. Returns ASN1_BAD_ID if the encoded id does not - indicate the proper type. + indicate the proper type. Returns ASN1_OVERRUN if the encoded length exceeds - the bounds of *buf */ + the bounds of *buf */ /* asn1_error_code asn1_decode_structure_type(asn1buf *buf, krb5_structure *val); */ /* requires *buf is allocated, *buf's current position points to the beginning of an encoding (<id> <len> <contents>), - *val is allocated - Assumes that *val is a freshly-allocated structure (i.e. - does not attempt to clean up or free *val). + *val is allocated + Assumes that *val is a freshly-allocated structure (i.e. + does not attempt to clean up or free *val). effects Decodes the encoding in *buf, returning the result in *val. Returns ASN1_BAD_ID if the encoded id does not - indicate the proper type. + indicate the proper type. Returns ASN1_OVERRUN if the encoded length exceeds - the bounds of *buf */ + the bounds of *buf */ /* asn1_error_code asn1_decode_array_type(asn1buf *buf, krb5_scalar ***val); */ /* requires *buf is allocated, *buf's current position points to the beginning of an encoding (<id> <len> <contents>) - Assumes that *val is empty (i.e. does not attempt to - clean up or free *val). + Assumes that *val is empty (i.e. does not attempt to + clean up or free *val). effects Decodes the encoding in *buf, returning the result in *val. Returns ASN1_BAD_ID if the encoded id does not - indicate the proper type. + indicate the proper type. Returns ASN1_OVERRUN if the encoded length exceeds - the bounds of *buf */ + the bounds of *buf */ /* scalars */ asn1_error_code asn1_decode_int - (asn1buf *buf, int *val); + (asn1buf *buf, int *val); asn1_error_code asn1_decode_int32 - (asn1buf *buf, krb5_int32 *val); + (asn1buf *buf, krb5_int32 *val); asn1_error_code asn1_decode_kvno - (asn1buf *buf, krb5_kvno *val); + (asn1buf *buf, krb5_kvno *val); asn1_error_code asn1_decode_enctype - (asn1buf *buf, krb5_enctype *val); + (asn1buf *buf, krb5_enctype *val); asn1_error_code asn1_decode_msgtype - (asn1buf *buf, krb5_msgtype *val); + (asn1buf *buf, krb5_msgtype *val); asn1_error_code asn1_decode_cksumtype - (asn1buf *buf, krb5_cksumtype *val); + (asn1buf *buf, krb5_cksumtype *val); asn1_error_code asn1_decode_octet - (asn1buf *buf, krb5_octet *val); + (asn1buf *buf, krb5_octet *val); asn1_error_code asn1_decode_addrtype - (asn1buf *buf, krb5_addrtype *val); + (asn1buf *buf, krb5_addrtype *val); asn1_error_code asn1_decode_authdatatype - (asn1buf *buf, krb5_authdatatype *val); + (asn1buf *buf, krb5_authdatatype *val); asn1_error_code asn1_decode_ui_2 - (asn1buf *buf, krb5_ui_2 *val); + (asn1buf *buf, krb5_ui_2 *val); asn1_error_code asn1_decode_ui_4 - (asn1buf *buf, krb5_ui_4 *val); + (asn1buf *buf, krb5_ui_4 *val); asn1_error_code asn1_decode_seqnum - (asn1buf *buf, krb5_ui_4 *val); + (asn1buf *buf, krb5_ui_4 *val); asn1_error_code asn1_decode_kerberos_time - (asn1buf *buf, krb5_timestamp *val); + (asn1buf *buf, krb5_timestamp *val); asn1_error_code asn1_decode_sam_flags - (asn1buf *buf, krb5_flags *val); + (asn1buf *buf, krb5_flags *val); /* structures */ asn1_error_code asn1_decode_realm - (asn1buf *buf, krb5_principal *val); + (asn1buf *buf, krb5_principal *val); asn1_error_code asn1_decode_principal_name - (asn1buf *buf, krb5_principal *val); + (asn1buf *buf, krb5_principal *val); asn1_error_code asn1_decode_checksum - (asn1buf *buf, krb5_checksum *val); + (asn1buf *buf, krb5_checksum *val); asn1_error_code asn1_decode_encryption_key - (asn1buf *buf, krb5_keyblock *val); + (asn1buf *buf, krb5_keyblock *val); asn1_error_code asn1_decode_encrypted_data - (asn1buf *buf, krb5_enc_data *val); + (asn1buf *buf, krb5_enc_data *val); asn1_error_code asn1_decode_ticket_flags - (asn1buf *buf, krb5_flags *val); + (asn1buf *buf, krb5_flags *val); asn1_error_code asn1_decode_transited_encoding - (asn1buf *buf, krb5_transited *val); + (asn1buf *buf, krb5_transited *val); asn1_error_code asn1_decode_enc_kdc_rep_part - (asn1buf *buf, krb5_enc_kdc_rep_part *val); + (asn1buf *buf, krb5_enc_kdc_rep_part *val); asn1_error_code asn1_decode_krb5_flags - (asn1buf *buf, krb5_flags *val); + (asn1buf *buf, krb5_flags *val); asn1_error_code asn1_decode_ap_options - (asn1buf *buf, krb5_flags *val); + (asn1buf *buf, krb5_flags *val); asn1_error_code asn1_decode_kdc_options - (asn1buf *buf, krb5_flags *val); + (asn1buf *buf, krb5_flags *val); asn1_error_code asn1_decode_ticket - (asn1buf *buf, krb5_ticket *val); + (asn1buf *buf, krb5_ticket *val); asn1_error_code asn1_decode_kdc_req - (asn1buf *buf, krb5_kdc_req *val); + (asn1buf *buf, krb5_kdc_req *val); asn1_error_code asn1_decode_kdc_req_body - (asn1buf *buf, krb5_kdc_req *val); + (asn1buf *buf, krb5_kdc_req *val); asn1_error_code asn1_decode_krb_safe_body - (asn1buf *buf, krb5_safe *val); + (asn1buf *buf, krb5_safe *val); asn1_error_code asn1_decode_host_address - (asn1buf *buf, krb5_address *val); + (asn1buf *buf, krb5_address *val); asn1_error_code asn1_decode_kdc_rep - (asn1buf *buf, krb5_kdc_rep *val); + (asn1buf *buf, krb5_kdc_rep *val); asn1_error_code asn1_decode_last_req_entry - (asn1buf *buf, krb5_last_req_entry *val); + (asn1buf *buf, krb5_last_req_entry *val); asn1_error_code asn1_decode_authdata_elt - (asn1buf *buf, krb5_authdata *val); + (asn1buf *buf, krb5_authdata *val); asn1_error_code asn1_decode_krb_cred_info - (asn1buf *buf, krb5_cred_info *val); + (asn1buf *buf, krb5_cred_info *val); asn1_error_code asn1_decode_pa_data - (asn1buf *buf, krb5_pa_data *val); + (asn1buf *buf, krb5_pa_data *val); asn1_error_code asn1_decode_passwdsequence - (asn1buf *buf, passwd_phrase_element *val); + (asn1buf *buf, passwd_phrase_element *val); asn1_error_code asn1_decode_sam_challenge - (asn1buf *buf, krb5_sam_challenge *val); + (asn1buf *buf, krb5_sam_challenge *val); asn1_error_code asn1_decode_sam_challenge_2 - (asn1buf *buf, krb5_sam_challenge_2 *val); + (asn1buf *buf, krb5_sam_challenge_2 *val); asn1_error_code asn1_decode_sam_challenge_2_body - (asn1buf *buf, krb5_sam_challenge_2_body *val); + (asn1buf *buf, krb5_sam_challenge_2_body *val); asn1_error_code asn1_decode_enc_sam_key - (asn1buf *buf, krb5_sam_key *val); + (asn1buf *buf, krb5_sam_key *val); asn1_error_code asn1_decode_enc_sam_response_enc - (asn1buf *buf, krb5_enc_sam_response_enc *val); + (asn1buf *buf, krb5_enc_sam_response_enc *val); asn1_error_code asn1_decode_enc_sam_response_enc_2 - (asn1buf *buf, krb5_enc_sam_response_enc_2 *val); + (asn1buf *buf, krb5_enc_sam_response_enc_2 *val); asn1_error_code asn1_decode_sam_response - (asn1buf *buf, krb5_sam_response *val); + (asn1buf *buf, krb5_sam_response *val); asn1_error_code asn1_decode_sam_response_2 - (asn1buf *buf, krb5_sam_response_2 *val); + (asn1buf *buf, krb5_sam_response_2 *val); asn1_error_code asn1_decode_predicted_sam_response - (asn1buf *buf, krb5_predicted_sam_response *val); + (asn1buf *buf, krb5_predicted_sam_response *val); asn1_error_code asn1_decode_external_principal_identifier - (asn1buf *buf, krb5_external_principal_identifier *val); + (asn1buf *buf, krb5_external_principal_identifier *val); asn1_error_code asn1_decode_pa_pk_as_req - (asn1buf *buf, krb5_pa_pk_as_req *val); + (asn1buf *buf, krb5_pa_pk_as_req *val); asn1_error_code asn1_decode_trusted_ca - (asn1buf *buf, krb5_trusted_ca *val); + (asn1buf *buf, krb5_trusted_ca *val); asn1_error_code asn1_decode_pa_pk_as_req_draft9 - (asn1buf *buf, krb5_pa_pk_as_req_draft9 *val); + (asn1buf *buf, krb5_pa_pk_as_req_draft9 *val); asn1_error_code asn1_decode_dh_rep_info - (asn1buf *buf, krb5_dh_rep_info *val); + (asn1buf *buf, krb5_dh_rep_info *val); asn1_error_code asn1_decode_pk_authenticator - (asn1buf *buf, krb5_pk_authenticator *val); + (asn1buf *buf, krb5_pk_authenticator *val); asn1_error_code asn1_decode_pk_authenticator_draft9 - (asn1buf *buf, krb5_pk_authenticator_draft9 *val); + (asn1buf *buf, krb5_pk_authenticator_draft9 *val); asn1_error_code asn1_decode_subject_pk_info - (asn1buf *buf, krb5_subject_pk_info *val); + (asn1buf *buf, krb5_subject_pk_info *val); asn1_error_code asn1_decode_algorithm_identifier - (asn1buf *buf, krb5_algorithm_identifier *val); + (asn1buf *buf, krb5_algorithm_identifier *val); asn1_error_code asn1_decode_auth_pack - (asn1buf *buf, krb5_auth_pack *val); + (asn1buf *buf, krb5_auth_pack *val); asn1_error_code asn1_decode_auth_pack_draft9 - (asn1buf *buf, krb5_auth_pack_draft9 *val); + (asn1buf *buf, krb5_auth_pack_draft9 *val); asn1_error_code asn1_decode_pa_pk_as_rep - (asn1buf *buf, krb5_pa_pk_as_rep *val); + (asn1buf *buf, krb5_pa_pk_as_rep *val); asn1_error_code asn1_decode_pa_pk_as_rep_draft9 - (asn1buf *buf, krb5_pa_pk_as_rep_draft9 *val); + (asn1buf *buf, krb5_pa_pk_as_rep_draft9 *val); asn1_error_code asn1_decode_kdc_dh_key_info (asn1buf *buf, krb5_kdc_dh_key_info *val); asn1_error_code asn1_decode_krb5_principal_name - (asn1buf *buf, krb5_principal *val); + (asn1buf *buf, krb5_principal *val); asn1_error_code asn1_decode_reply_key_pack (asn1buf *buf, krb5_reply_key_pack *val); asn1_error_code asn1_decode_reply_key_pack_draft9 @@ -200,36 +201,36 @@ asn1_error_code asn1_decode_typed_data /* arrays */ asn1_error_code asn1_decode_authorization_data - (asn1buf *buf, krb5_authdata ***val); + (asn1buf *buf, krb5_authdata ***val); asn1_error_code asn1_decode_host_addresses - (asn1buf *buf, krb5_address ***val); + (asn1buf *buf, krb5_address ***val); asn1_error_code asn1_decode_sequence_of_ticket - (asn1buf *buf, krb5_ticket ***val); + (asn1buf *buf, krb5_ticket ***val); asn1_error_code asn1_decode_sequence_of_krb_cred_info - (asn1buf *buf, krb5_cred_info ***val); + (asn1buf *buf, krb5_cred_info ***val); asn1_error_code asn1_decode_sequence_of_pa_data - (asn1buf *buf, krb5_pa_data ***val); + (asn1buf *buf, krb5_pa_data ***val); asn1_error_code asn1_decode_last_req - (asn1buf *buf, krb5_last_req_entry ***val); + (asn1buf *buf, krb5_last_req_entry ***val); asn1_error_code asn1_decode_sequence_of_enctype - (asn1buf *buf, int *num, krb5_enctype **val); + (asn1buf *buf, int *num, krb5_enctype **val); asn1_error_code asn1_decode_sequence_of_checksum - (asn1buf *buf, krb5_checksum ***val); + (asn1buf *buf, krb5_checksum ***val); asn1_error_code asn1_decode_sequence_of_passwdsequence - (asn1buf *buf, passwd_phrase_element ***val); + (asn1buf *buf, passwd_phrase_element ***val); asn1_error_code asn1_decode_etype_info - (asn1buf *buf, krb5_etype_info_entry ***val); + (asn1buf *buf, krb5_etype_info_entry ***val); asn1_error_code asn1_decode_etype_info2 - (asn1buf *buf, krb5_etype_info_entry ***val, krb5_boolean v1_3_behavior); + (asn1buf *buf, krb5_etype_info_entry ***val, krb5_boolean v1_3_behavior); asn1_error_code asn1_decode_sequence_of_external_principal_identifier - (asn1buf *buf, krb5_external_principal_identifier ***val); + (asn1buf *buf, krb5_external_principal_identifier ***val); asn1_error_code asn1_decode_sequence_of_trusted_ca - (asn1buf *buf, krb5_trusted_ca ***val); + (asn1buf *buf, krb5_trusted_ca ***val); asn1_error_code asn1_decode_sequence_of_algorithm_identifier - (asn1buf *buf, krb5_algorithm_identifier ***val); + (asn1buf *buf, krb5_algorithm_identifier ***val); #endif diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index 0ad6fd3cf..e2577d8f7 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_encode.c - * + * * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -48,7 +49,7 @@ asn1_addfield(rep->field_i, i, asn1_type); /* for string fields (these encoders take an additional argument, - the length of the string) */ + the length of the string) */ addlenfield(rep->field_length, rep->field, i-1, asn1_type); /* if you really have to do things yourself... */ @@ -56,7 +57,7 @@ if (retval) return retval; sum += length; retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, tag_number, length, - &length); + &length); if (retval) return retval; sum += length; @@ -76,7 +77,7 @@ #define asn1_setup()\ asn1_error_code retval;\ unsigned int length, sum=0 - + /* asn1_addfield -- add a field, or component, to the encoding */ #define asn1_addfield(value,tag,encoder)\ { retval = encoder(buf,value,&length);\ @@ -177,10 +178,10 @@ asn1_error_code asn1_encode_ui_4(asn1buf *buf, const krb5_ui_4 val, unsigned int asn1_error_code asn1_encode_realm(asn1buf *buf, const krb5_principal val, unsigned int *retlen) { if (val == NULL || - (val->realm.length && val->realm.data == NULL)) - return ASN1_MISSING_FIELD; + (val->realm.length && val->realm.data == NULL)) + return ASN1_MISSING_FIELD; return asn1_encode_generalstring(buf,val->realm.length,val->realm.data, - retlen); + retlen); } asn1_error_code asn1_encode_principal_name(asn1buf *buf, const krb5_principal val, unsigned int *retlen) @@ -191,15 +192,15 @@ asn1_error_code asn1_encode_principal_name(asn1buf *buf, const krb5_principal va if (val == NULL || val->data == NULL) return ASN1_MISSING_FIELD; for (n = (int) ((val->length)-1); n >= 0; n--) { - if (val->data[n].length && - val->data[n].data == NULL) - return ASN1_MISSING_FIELD; - retval = asn1_encode_generalstring(buf, - (val->data)[n].length, - (val->data)[n].data, - &length); - if (retval) return retval; - sum += length; + if (val->data[n].length && + val->data[n].data == NULL) + return ASN1_MISSING_FIELD; + retval = asn1_encode_generalstring(buf, + (val->data)[n].length, + (val->data)[n].data, + &length); + if (retval) return retval; + sum += length; } asn1_makeseq(); retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,1,sum,&length); @@ -240,9 +241,9 @@ asn1_error_code asn1_encode_host_addresses(asn1buf *buf, const krb5_address **va for (i=0; val[i] != NULL; i++); /* go to end of array */ for (i--; i>=0; i--) { - retval = asn1_encode_host_address(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_host_address(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -254,13 +255,13 @@ asn1_error_code asn1_encode_encrypted_data(asn1buf *buf, const krb5_enc_data *va asn1_setup(); if (val == NULL || - (val->ciphertext.length && val->ciphertext.data == NULL)) - return ASN1_MISSING_FIELD; + (val->ciphertext.length && val->ciphertext.data == NULL)) + return ASN1_MISSING_FIELD; asn1_addlenfield(val->ciphertext.length,val->ciphertext.data,2,asn1_encode_charstring); /* krb5_kvno should be int */ if (val->kvno) - asn1_addfield((int) val->kvno,1,asn1_encode_integer); + asn1_addfield((int) val->kvno,1,asn1_encode_integer); asn1_addfield(val->enctype,0,asn1_encode_integer); asn1_makeseq(); @@ -275,16 +276,16 @@ asn1_error_code asn1_encode_krb5_flags(asn1buf *buf, const krb5_flags val, unsig int i; for (i=0; i<4; i++) { - retval = asn1buf_insert_octet(buf,(asn1_octet) (valcopy&0xFF)); - if (retval) return retval; - valcopy >>= 8; + retval = asn1buf_insert_octet(buf,(asn1_octet) (valcopy&0xFF)); + if (retval) return retval; + valcopy >>= 8; } - retval = asn1buf_insert_octet(buf,0); /* 0 padding bits */ + retval = asn1buf_insert_octet(buf,0); /* 0 padding bits */ if (retval) return retval; sum = 5; retval = asn1_make_tag(buf,UNIVERSAL,PRIMITIVE,ASN1_BITSTRING,sum, - &length); + &length); if (retval) return retval; sum += length; @@ -311,14 +312,14 @@ asn1_error_code asn1_encode_authorization_data(asn1buf *buf, const krb5_authdata { asn1_setup(); int i; - + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - + for (i=0; val[i] != NULL; i++); /* get to the end of the array */ for (i--; i>=0; i--) { - retval = asn1_encode_krb5_authdata_elt(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_krb5_authdata_elt(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -330,12 +331,12 @@ asn1_error_code asn1_encode_krb5_authdata_elt(asn1buf *buf, const krb5_authdata asn1_setup(); if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; + (val->length && val->contents == NULL)) + return ASN1_MISSING_FIELD; - /* ad-data[1] OCTET STRING */ + /* ad-data[1] OCTET STRING */ asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); - /* ad-type[0] INTEGER */ + /* ad-type[0] INTEGER */ asn1_addfield(val->ad_type,0,asn1_encode_integer); /* SEQUENCE */ asn1_makeseq(); @@ -354,9 +355,9 @@ asn1_error_code asn1_encode_kdc_rep(int msg_type, asn1buf *buf, const krb5_kdc_r asn1_addfield(val->client,4,asn1_encode_principal_name); asn1_addfield(val->client,3,asn1_encode_realm); if (val->padata != NULL && val->padata[0] != NULL) - asn1_addfield((const krb5_pa_data**)val->padata,2,asn1_encode_sequence_of_pa_data); + asn1_addfield((const krb5_pa_data**)val->padata,2,asn1_encode_sequence_of_pa_data); if (msg_type != KRB5_AS_REP && msg_type != KRB5_TGS_REP) - return KRB5_BADMSGTYPE; + return KRB5_BADMSGTYPE; asn1_addfield(msg_type,1,asn1_encode_integer); asn1_addfield(KVNO,0,asn1_encode_integer); asn1_makeseq(); @@ -370,44 +371,44 @@ asn1_error_code asn1_encode_enc_kdc_rep_part(asn1buf *buf, const krb5_enc_kdc_re if (val == NULL) return ASN1_MISSING_FIELD; - /* caddr[11] HostAddresses OPTIONAL */ + /* caddr[11] HostAddresses OPTIONAL */ if (val->caddrs != NULL && val->caddrs[0] != NULL) - asn1_addfield((const krb5_address**)(val->caddrs),11,asn1_encode_host_addresses); + asn1_addfield((const krb5_address**)(val->caddrs),11,asn1_encode_host_addresses); - /* sname[10] PrincipalName */ + /* sname[10] PrincipalName */ asn1_addfield(val->server,10,asn1_encode_principal_name); - /* srealm[9] Realm */ + /* srealm[9] Realm */ asn1_addfield(val->server,9,asn1_encode_realm); - /* renew-till[8] KerberosTime OPTIONAL */ + /* renew-till[8] KerberosTime OPTIONAL */ if (val->flags & TKT_FLG_RENEWABLE) - asn1_addfield(val->times.renew_till,8,asn1_encode_kerberos_time); + asn1_addfield(val->times.renew_till,8,asn1_encode_kerberos_time); - /* endtime[7] KerberosTime */ + /* endtime[7] KerberosTime */ asn1_addfield(val->times.endtime,7,asn1_encode_kerberos_time); - /* starttime[6] KerberosTime OPTIONAL */ + /* starttime[6] KerberosTime OPTIONAL */ if (val->times.starttime) - asn1_addfield(val->times.starttime,6,asn1_encode_kerberos_time); + asn1_addfield(val->times.starttime,6,asn1_encode_kerberos_time); - /* authtime[5] KerberosTime */ + /* authtime[5] KerberosTime */ asn1_addfield(val->times.authtime,5,asn1_encode_kerberos_time); - /* flags[4] TicketFlags */ + /* flags[4] TicketFlags */ asn1_addfield(val->flags,4,asn1_encode_ticket_flags); - /* key-expiration[3] KerberosTime OPTIONAL */ + /* key-expiration[3] KerberosTime OPTIONAL */ if (val->key_exp) - asn1_addfield(val->key_exp,3,asn1_encode_kerberos_time); + asn1_addfield(val->key_exp,3,asn1_encode_kerberos_time); - /* nonce[2] INTEGER */ + /* nonce[2] INTEGER */ asn1_addfield(val->nonce,2,asn1_encode_integer); - /* last-req[1] LastReq */ + /* last-req[1] LastReq */ asn1_addfield((const krb5_last_req_entry**)val->last_req,1,asn1_encode_last_req); - /* key[0] EncryptionKey */ + /* key[0] EncryptionKey */ asn1_addfield(val->session,0,asn1_encode_encryption_key); /* EncKDCRepPart ::= SEQUENCE */ @@ -425,9 +426,9 @@ asn1_error_code asn1_encode_sequence_of_checksum(asn1buf *buf, const krb5_checks for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_checksum(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_checksum(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -437,61 +438,61 @@ asn1_error_code asn1_encode_sequence_of_checksum(asn1buf *buf, const krb5_checks asn1_error_code asn1_encode_kdc_req_body(asn1buf *buf, const krb5_kdc_req *rep, unsigned int *retlen) { asn1_setup(); - + if (rep == NULL) return ASN1_MISSING_FIELD; - /* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL */ + /* additional-tickets[11] SEQUENCE OF Ticket OPTIONAL */ if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) - asn1_addfield((const krb5_ticket**)rep->second_ticket, - 11,asn1_encode_sequence_of_ticket); + asn1_addfield((const krb5_ticket**)rep->second_ticket, + 11,asn1_encode_sequence_of_ticket); - /* enc-authorization-data[10] EncryptedData OPTIONAL, */ - /* -- Encrypted AuthorizationData encoding */ + /* enc-authorization-data[10] EncryptedData OPTIONAL, */ + /* -- Encrypted AuthorizationData encoding */ if (rep->authorization_data.ciphertext.data != NULL) - asn1_addfield(&(rep->authorization_data),10,asn1_encode_encrypted_data); + asn1_addfield(&(rep->authorization_data),10,asn1_encode_encrypted_data); - /* addresses[9] HostAddresses OPTIONAL, */ + /* addresses[9] HostAddresses OPTIONAL, */ if (rep->addresses != NULL && rep->addresses[0] != NULL) - asn1_addfield((const krb5_address**)rep->addresses,9,asn1_encode_host_addresses); + asn1_addfield((const krb5_address**)rep->addresses,9,asn1_encode_host_addresses); - /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ - /* -- in preference order */ + /* etype[8] SEQUENCE OF INTEGER, -- EncryptionType, */ + /* -- in preference order */ asn1_addlenfield(rep->nktypes,rep->ktype,8,asn1_encode_sequence_of_enctype); - /* nonce[7] INTEGER, */ + /* nonce[7] INTEGER, */ asn1_addfield(rep->nonce,7,asn1_encode_integer); - /* rtime[6] KerberosTime OPTIONAL, */ + /* rtime[6] KerberosTime OPTIONAL, */ if (rep->rtime) - asn1_addfield(rep->rtime,6,asn1_encode_kerberos_time); + asn1_addfield(rep->rtime,6,asn1_encode_kerberos_time); - /* till[5] KerberosTime, */ + /* till[5] KerberosTime, */ asn1_addfield(rep->till,5,asn1_encode_kerberos_time); - /* from[4] KerberosTime OPTIONAL, */ + /* from[4] KerberosTime OPTIONAL, */ if (rep->from) - asn1_addfield(rep->from,4,asn1_encode_kerberos_time); + asn1_addfield(rep->from,4,asn1_encode_kerberos_time); - /* sname[3] PrincipalName OPTIONAL, */ + /* sname[3] PrincipalName OPTIONAL, */ if (rep->server != NULL) - asn1_addfield(rep->server,3,asn1_encode_principal_name); + asn1_addfield(rep->server,3,asn1_encode_principal_name); - /* realm[2] Realm, -- Server's realm */ - /* -- Also client's in AS-REQ */ + /* realm[2] Realm, -- Server's realm */ + /* -- Also client's in AS-REQ */ if (rep->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) { - if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) { - asn1_addfield(rep->second_ticket[0]->server,2,asn1_encode_realm) - } else return ASN1_MISSING_FIELD; + if (rep->second_ticket != NULL && rep->second_ticket[0] != NULL) { + asn1_addfield(rep->second_ticket[0]->server,2,asn1_encode_realm) + } else return ASN1_MISSING_FIELD; } else if (rep->server != NULL) { - asn1_addfield(rep->server,2,asn1_encode_realm); + asn1_addfield(rep->server,2,asn1_encode_realm); } else return ASN1_MISSING_FIELD; - /* cname[1] PrincipalName OPTIONAL, */ - /* -- Used only in AS-REQ */ + /* cname[1] PrincipalName OPTIONAL, */ + /* -- Used only in AS-REQ */ if (rep->client != NULL) - asn1_addfield(rep->client,1,asn1_encode_principal_name); + asn1_addfield(rep->client,1,asn1_encode_principal_name); - /* kdc-options[0] KDCOptions, */ + /* kdc-options[0] KDCOptions, */ asn1_addfield(rep->kdc_options,0,asn1_encode_kdc_options); /* KDC-REQ-BODY ::= SEQUENCE */ @@ -505,8 +506,8 @@ asn1_error_code asn1_encode_encryption_key(asn1buf *buf, const krb5_keyblock *va asn1_setup(); if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; + (val->length && val->contents == NULL)) + return ASN1_MISSING_FIELD; asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); asn1_addfield(val->enctype,0,asn1_encode_integer); @@ -520,8 +521,8 @@ asn1_error_code asn1_encode_checksum(asn1buf *buf, const krb5_checksum *val, uns asn1_setup(); if (val == NULL || - (val->length && val->contents == NULL)) - return ASN1_MISSING_FIELD; + (val->length && val->contents == NULL)) + return ASN1_MISSING_FIELD; asn1_addlenfield(val->length,val->contents,1,asn1_encode_octetstring); asn1_addfield(val->checksum_type,0,asn1_encode_integer); @@ -535,11 +536,11 @@ asn1_error_code asn1_encode_transited_encoding(asn1buf *buf, const krb5_transite asn1_setup(); if (val == NULL || - (val->tr_contents.length != 0 && val->tr_contents.data == NULL)) - return ASN1_MISSING_FIELD; + (val->tr_contents.length != 0 && val->tr_contents.data == NULL)) + return ASN1_MISSING_FIELD; asn1_addlenfield(val->tr_contents.length,val->tr_contents.data, - 1,asn1_encode_charstring); + 1,asn1_encode_charstring); asn1_addfield(val->tr_type,0,asn1_encode_integer); asn1_makeseq(); @@ -555,9 +556,9 @@ asn1_error_code asn1_encode_last_req(asn1buf *buf, const krb5_last_req_entry **v for (i=0; val[i] != NULL; i++); /* go to end of array */ for (i--; i>=0; i--) { - retval = asn1_encode_last_req_entry(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_last_req_entry(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -586,9 +587,9 @@ asn1_error_code asn1_encode_sequence_of_pa_data(asn1buf *buf, const krb5_pa_data for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_pa_data(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_pa_data(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -600,7 +601,7 @@ asn1_error_code asn1_encode_pa_data(asn1buf *buf, const krb5_pa_data *val, unsig asn1_setup(); if (val == NULL || (val->length != 0 && val->contents == NULL)) - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; asn1_addlenfield(val->length,val->contents,2,asn1_encode_octetstring); asn1_addfield(val->pa_type,1,asn1_encode_integer); @@ -618,9 +619,9 @@ asn1_error_code asn1_encode_sequence_of_ticket(asn1buf *buf, const krb5_ticket * for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_ticket(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_ticket(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -651,9 +652,9 @@ asn1_error_code asn1_encode_sequence_of_enctype(asn1buf *buf, const int len, con if (val == NULL) return ASN1_MISSING_FIELD; for (i=len-1; i>=0; i--) { - retval = asn1_encode_integer(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_integer(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -668,9 +669,9 @@ asn1_error_code asn1_encode_kdc_req(int msg_type, asn1buf *buf, const krb5_kdc_r asn1_addfield(val,4,asn1_encode_kdc_req_body); if (val->padata != NULL && val->padata[0] != NULL) - asn1_addfield((const krb5_pa_data**)val->padata,3,asn1_encode_sequence_of_pa_data); + asn1_addfield((const krb5_pa_data**)val->padata,3,asn1_encode_sequence_of_pa_data); if (msg_type != KRB5_AS_REQ && msg_type != KRB5_TGS_REQ) - return KRB5_BADMSGTYPE; + return KRB5_BADMSGTYPE; asn1_addfield(msg_type,2,asn1_encode_integer); asn1_addfield(KVNO,1,asn1_encode_integer); asn1_makeseq(); @@ -685,18 +686,18 @@ asn1_error_code asn1_encode_krb_safe_body(asn1buf *buf, const krb5_safe *val, un if (val == NULL) return ASN1_MISSING_FIELD; if (val->r_address != NULL) - asn1_addfield(val->r_address,5,asn1_encode_host_address); + asn1_addfield(val->r_address,5,asn1_encode_host_address); asn1_addfield(val->s_address,4,asn1_encode_host_address); if (val->seq_number) - asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer); + asn1_addfield(val->seq_number,3,asn1_encode_unsigned_integer); if (val->timestamp) { - asn1_addfield(val->usec,2,asn1_encode_integer); - asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time); + asn1_addfield(val->usec,2,asn1_encode_integer); + asn1_addfield(val->timestamp,1,asn1_encode_kerberos_time); } if (val->user_data.length && val->user_data.data == NULL) - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; asn1_addlenfield(val->user_data.length,val->user_data.data,0,asn1_encode_charstring) - ; + ; asn1_makeseq(); asn1_cleanup(); @@ -711,9 +712,9 @@ asn1_error_code asn1_encode_sequence_of_krb_cred_info(asn1buf *buf, const krb5_c for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_krb_cred_info(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_krb_cred_info(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -727,24 +728,24 @@ asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *va if (val == NULL) return ASN1_MISSING_FIELD; if (val->caddrs != NULL && val->caddrs[0] != NULL) - asn1_addfield((const krb5_address**)val->caddrs,10,asn1_encode_host_addresses); + asn1_addfield((const krb5_address**)val->caddrs,10,asn1_encode_host_addresses); if (val->server != NULL) { - asn1_addfield(val->server,9,asn1_encode_principal_name); - asn1_addfield(val->server,8,asn1_encode_realm); + asn1_addfield(val->server,9,asn1_encode_principal_name); + asn1_addfield(val->server,8,asn1_encode_realm); } if (val->times.renew_till) - asn1_addfield(val->times.renew_till,7,asn1_encode_kerberos_time); + asn1_addfield(val->times.renew_till,7,asn1_encode_kerberos_time); if (val->times.endtime) - asn1_addfield(val->times.endtime,6,asn1_encode_kerberos_time); + asn1_addfield(val->times.endtime,6,asn1_encode_kerberos_time); if (val->times.starttime) - asn1_addfield(val->times.starttime,5,asn1_encode_kerberos_time); + asn1_addfield(val->times.starttime,5,asn1_encode_kerberos_time); if (val->times.authtime) - asn1_addfield(val->times.authtime,4,asn1_encode_kerberos_time); + asn1_addfield(val->times.authtime,4,asn1_encode_kerberos_time); if (val->flags) - asn1_addfield(val->flags,3,asn1_encode_ticket_flags); + asn1_addfield(val->flags,3,asn1_encode_ticket_flags); if (val->client != NULL) { - asn1_addfield(val->client,2,asn1_encode_principal_name); - asn1_addfield(val->client,1,asn1_encode_realm); + asn1_addfield(val->client,2,asn1_encode_principal_name); + asn1_addfield(val->client,1,asn1_encode_realm); } asn1_addfield(val->session,0,asn1_encode_encryption_key); @@ -754,25 +755,25 @@ asn1_error_code asn1_encode_krb_cred_info(asn1buf *buf, const krb5_cred_info *va } asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info_entry *val, - unsigned int *retlen, int etype_info2) + unsigned int *retlen, int etype_info2) { asn1_setup(); assert(val->s2kparams.data == NULL || etype_info2); if (val == NULL || (val->length > 0 && val->length != KRB5_ETYPE_NO_SALT && - val->salt == NULL)) - return ASN1_MISSING_FIELD; + val->salt == NULL)) + return ASN1_MISSING_FIELD; if (val->s2kparams.data != NULL) - asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, - asn1_encode_octetstring); + asn1_addlenfield(val->s2kparams.length, val->s2kparams.data, 2, + asn1_encode_octetstring); if (val->length >= 0 && val->length != KRB5_ETYPE_NO_SALT) { - if (etype_info2) { - asn1_addlenfield(val->length,val->salt,1, - asn1_encode_generalstring); - } else { - asn1_addlenfield(val->length,val->salt,1, - asn1_encode_octetstring); - } + if (etype_info2) { + asn1_addlenfield(val->length,val->salt,1, + asn1_encode_generalstring); + } else { + asn1_addlenfield(val->length,val->salt,1, + asn1_encode_octetstring); + } } asn1_addfield(val->etype,0,asn1_encode_integer); asn1_makeseq(); @@ -781,18 +782,18 @@ asn1_error_code asn1_encode_etype_info_entry(asn1buf *buf, const krb5_etype_info } asn1_error_code asn1_encode_etype_info(asn1buf *buf, const krb5_etype_info_entry **val, - unsigned int *retlen, int etype_info2) + unsigned int *retlen, int etype_info2) { asn1_setup(); int i; - + if (val == NULL) return ASN1_MISSING_FIELD; - + for (i=0; val[i] != NULL; i++); /* get to the end of the array */ for (i--; i>=0; i--) { - retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2); - if (retval) return retval; - sum += length; + retval = asn1_encode_etype_info_entry(buf,val[i],&length, etype_info2); + if (retval) return retval; + sum += length; } asn1_makeseq(); asn1_cleanup(); @@ -802,14 +803,14 @@ asn1_error_code asn1_encode_sequence_of_passwdsequence(asn1buf *buf, const passw { asn1_setup(); int i; - + if (val == NULL || val[0] == NULL) return ASN1_MISSING_FIELD; - + for (i=0; val[i] != NULL; i++); /* get to the end of the array */ for (i--; i>=0; i--) { - retval = asn1_encode_passwdsequence(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_passwdsequence(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); asn1_cleanup(); @@ -829,7 +830,7 @@ asn1_error_code asn1_encode_sam_flags(asn1buf *buf, const krb5_flags val, unsign return asn1_encode_krb5_flags(buf,val,retlen); } -#define add_optstring(val,n,fn) \ +#define add_optstring(val,n,fn) \ if ((val).length > 0) {asn1_addlenfield((val).length,(val).data,n,fn);} asn1_error_code asn1_encode_sam_challenge(asn1buf *buf, const krb5_sam_challenge *val, unsigned int *retlen) @@ -837,10 +838,10 @@ asn1_error_code asn1_encode_sam_challenge(asn1buf *buf, const krb5_sam_challenge asn1_setup(); /* possibly wrong */ if (val->sam_cksum.length) - asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); + asn1_addfield(&(val->sam_cksum),9,asn1_encode_checksum); if (val->sam_nonce) - asn1_addfield(val->sam_nonce,8,asn1_encode_integer); + asn1_addfield(val->sam_nonce,8,asn1_encode_integer); add_optstring(val->sam_pk_for_sad,7,asn1_encode_charstring); add_optstring(val->sam_response_prompt,6,asn1_encode_charstring); @@ -860,24 +861,24 @@ asn1_error_code asn1_encode_sam_challenge_2(asn1buf *buf, const krb5_sam_challen { asn1_setup(); if ( (!val) || (!val->sam_cksum) || (!val->sam_cksum[0])) - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; asn1_addfield((const krb5_checksum **) val->sam_cksum, 1, asn1_encode_sequence_of_checksum); retval = asn1buf_insert_octetstring(buf, val->sam_challenge_2_body.length, - (unsigned char *)val->sam_challenge_2_body.data); + (unsigned char *)val->sam_challenge_2_body.data); if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } sum += val->sam_challenge_2_body.length; retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, - val->sam_challenge_2_body.length, &length); + val->sam_challenge_2_body.length, &length); if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } sum += length; - + asn1_makeseq(); asn1_cleanup(); } @@ -942,12 +943,12 @@ asn1_error_code asn1_encode_sam_response(asn1buf *buf, const krb5_sam_response * asn1_setup(); if (val->sam_patimestamp) - asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); + asn1_addfield(val->sam_patimestamp,6,asn1_encode_kerberos_time); if (val->sam_nonce) - asn1_addfield(val->sam_nonce,5,asn1_encode_integer); + asn1_addfield(val->sam_nonce,5,asn1_encode_integer); asn1_addfield(&(val->sam_enc_nonce_or_ts),4,asn1_encode_encrypted_data); if (val->sam_enc_key.ciphertext.length) - asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); + asn1_addfield(&(val->sam_enc_key),3,asn1_encode_encrypted_data); add_optstring(val->sam_track_id,2,asn1_encode_charstring); asn1_addfield(val->sam_flags,1,asn1_encode_sam_flags); asn1_addfield(val->sam_type,0,asn1_encode_integer); @@ -997,10 +998,10 @@ asn1_error_code asn1_encode_krb_saved_safe_body(asn1buf *buf, const krb5_data *b asn1_error_code retval; retval = asn1buf_insert_octetstring(buf, body->length, - (krb5_octet *)body->data); + (krb5_octet *)body->data); if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } *retlen = body->length; return 0; @@ -1043,24 +1044,24 @@ asn1_error_code asn1_encode_algorithm_identifier(asn1buf *buf, const krb5_algori asn1_setup(); if (val->parameters.length != 0) { - retval = asn1buf_insert_octetstring(buf, val->parameters.length, - val->parameters.data); - if (retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += val->parameters.length; + retval = asn1buf_insert_octetstring(buf, val->parameters.length, + val->parameters.data); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += val->parameters.length; } - - retval = asn1_encode_oid(buf, val->algorithm.length, - val->algorithm.data, - &length); - + + retval = asn1_encode_oid(buf, val->algorithm.length, + val->algorithm.data, + &length); + if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } - sum += length; + sum += length; asn1_makeseq(); asn1_cleanup(); @@ -1073,34 +1074,34 @@ asn1_error_code asn1_encode_subject_pk_info(asn1buf *buf, const krb5_subject_pk_ asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,ASN1_BITSTRING); if (val->algorithm.parameters.length != 0) { - retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length, - val->algorithm.parameters.data); - if (retval) { - asn1buf_destroy(&buf); - return retval; - } - sum += val->algorithm.parameters.length; + retval = asn1buf_insert_octetstring(buf, val->algorithm.parameters.length, + val->algorithm.parameters.data); + if (retval) { + asn1buf_destroy(&buf); + return retval; + } + sum += val->algorithm.parameters.length; } - - retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, - val->algorithm.algorithm.data, - &length); - + + retval = asn1_encode_oid(buf, val->algorithm.algorithm.length, + val->algorithm.algorithm.data, + &length); + if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } - sum += length; - - retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE, - val->algorithm.parameters.length + length, - &length); + sum += length; + + retval = asn1_make_etag(buf, UNIVERSAL, ASN1_SEQUENCE, + val->algorithm.parameters.length + length, + &length); if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } - sum += length; + sum += length; asn1_makeseq(); asn1_cleanup(); @@ -1115,9 +1116,9 @@ asn1_error_code asn1_encode_sequence_of_algorithm_identifier(asn1buf *buf, const for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_algorithm_identifier(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_algorithm_identifier(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -1129,11 +1130,11 @@ asn1_error_code asn1_encode_auth_pack(asn1buf *buf, const krb5_auth_pack *val, u asn1_setup(); if (val->clientDHNonce.length != 0) - asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring); + asn1_addlenfield(val->clientDHNonce.length, val->clientDHNonce.data, 3, asn1_encode_octetstring); if (val->supportedCMSTypes != NULL) - asn1_addfield((const krb5_algorithm_identifier **)val->supportedCMSTypes,2,asn1_encode_sequence_of_algorithm_identifier); + asn1_addfield((const krb5_algorithm_identifier **)val->supportedCMSTypes,2,asn1_encode_sequence_of_algorithm_identifier); if (val->clientPublicValue != NULL) - asn1_addfield(val->clientPublicValue,1,asn1_encode_subject_pk_info); + asn1_addfield(val->clientPublicValue,1,asn1_encode_subject_pk_info); asn1_addfield(&(val->pkAuthenticator),0,asn1_encode_pk_authenticator); asn1_makeseq(); @@ -1145,7 +1146,7 @@ asn1_error_code asn1_encode_auth_pack_draft9(asn1buf *buf, const krb5_auth_pack_ asn1_setup(); if (val->clientPublicValue != NULL) - asn1_addfield(val->clientPublicValue, 1, asn1_encode_subject_pk_info); + asn1_addfield(val->clientPublicValue, 1, asn1_encode_subject_pk_info); asn1_addfield(&(val->pkAuthenticator), 0, asn1_encode_pk_authenticator_draft9); asn1_makeseq(); @@ -1158,16 +1159,16 @@ asn1_error_code asn1_encode_external_principal_identifier(asn1buf *buf, const kr /* Verify there is something to encode */ if (val->subjectKeyIdentifier.length == 0 && val->issuerAndSerialNumber.length == 0 && val->subjectName.length == 0) - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; - if (val->subjectKeyIdentifier.length != 0) - asn1_insert_implicit_octetstring(val->subjectKeyIdentifier.length,val->subjectKeyIdentifier.data,2); + if (val->subjectKeyIdentifier.length != 0) + asn1_insert_implicit_octetstring(val->subjectKeyIdentifier.length,val->subjectKeyIdentifier.data,2); - if (val->issuerAndSerialNumber.length != 0) - asn1_insert_implicit_octetstring(val->issuerAndSerialNumber.length,val->issuerAndSerialNumber.data,1); + if (val->issuerAndSerialNumber.length != 0) + asn1_insert_implicit_octetstring(val->issuerAndSerialNumber.length,val->issuerAndSerialNumber.data,1); - if (val->subjectName.length != 0) - asn1_insert_implicit_octetstring(val->subjectName.length,val->subjectName.data,0); + if (val->subjectName.length != 0) + asn1_insert_implicit_octetstring(val->subjectName.length,val->subjectName.data,0); asn1_makeseq(); asn1_cleanup(); @@ -1182,9 +1183,9 @@ asn1_error_code asn1_encode_sequence_of_external_principal_identifier(asn1buf *b for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_external_principal_identifier(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_external_principal_identifier(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); @@ -1195,11 +1196,11 @@ asn1_error_code asn1_encode_pa_pk_as_req(asn1buf *buf, const krb5_pa_pk_as_req * { asn1_setup(); - if (val->kdcPkId.length != 0) - asn1_insert_implicit_octetstring(val->kdcPkId.length,val->kdcPkId.data,2); + if (val->kdcPkId.length != 0) + asn1_insert_implicit_octetstring(val->kdcPkId.length,val->kdcPkId.data,2); if (val->trustedCertifiers != NULL) - asn1_addfield((const krb5_external_principal_identifier **)val->trustedCertifiers,1,asn1_encode_sequence_of_external_principal_identifier); + asn1_addfield((const krb5_external_principal_identifier **)val->trustedCertifiers,1,asn1_encode_sequence_of_external_principal_identifier); asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0); @@ -1213,16 +1214,16 @@ asn1_error_code asn1_encode_trusted_ca(asn1buf *buf, const krb5_trusted_ca *val, switch (val->choice) { case choice_trusted_cas_issuerAndSerial: - asn1_insert_implicit_octetstring(val->u.issuerAndSerial.length,val->u.issuerAndSerial.data,2); - break; + asn1_insert_implicit_octetstring(val->u.issuerAndSerial.length,val->u.issuerAndSerial.data,2); + break; case choice_trusted_cas_caName: - asn1_insert_implicit_octetstring(val->u.caName.length,val->u.caName.data,1); - break; + asn1_insert_implicit_octetstring(val->u.caName.length,val->u.caName.data,1); + break; case choice_trusted_cas_principalName: - asn1_addfield_implicit(val->u.principalName,0,asn1_encode_principal_name); - break; + asn1_addfield_implicit(val->u.principalName,0,asn1_encode_principal_name); + break; default: - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; } asn1_cleanup(); @@ -1237,9 +1238,9 @@ asn1_error_code asn1_encode_sequence_of_trusted_ca(asn1buf *buf, const krb5_trus for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_trusted_ca(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_trusted_ca(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); asn1_cleanup(); @@ -1250,13 +1251,13 @@ asn1_error_code asn1_encode_pa_pk_as_req_draft9(asn1buf *buf, const krb5_pa_pk_a asn1_setup(); if (val->encryptionCert.length != 0) - asn1_insert_implicit_octetstring(val->encryptionCert.length,val->encryptionCert.data,3); + asn1_insert_implicit_octetstring(val->encryptionCert.length,val->encryptionCert.data,3); - if (val->kdcCert.length != 0) - asn1_insert_implicit_octetstring(val->kdcCert.length,val->kdcCert.data,2); + if (val->kdcCert.length != 0) + asn1_insert_implicit_octetstring(val->kdcCert.length,val->kdcCert.data,2); if (val->trustedCertifiers != NULL) - asn1_addfield((const krb5_trusted_ca **)val->trustedCertifiers,1,asn1_encode_sequence_of_trusted_ca); + asn1_addfield((const krb5_trusted_ca **)val->trustedCertifiers,1,asn1_encode_sequence_of_trusted_ca); asn1_insert_implicit_octetstring(val->signedAuthPack.length,val->signedAuthPack.data,0); @@ -1269,8 +1270,8 @@ asn1_error_code asn1_encode_dh_rep_info(asn1buf *buf, const krb5_dh_rep_info *va asn1_setup(); if (val->serverDHNonce.length != 0) - asn1_insert_implicit_octetstring(val->serverDHNonce.length,val->serverDHNonce.data,1); - + asn1_insert_implicit_octetstring(val->serverDHNonce.length,val->serverDHNonce.data,1); + asn1_insert_implicit_octetstring(val->dhSignedData.length,val->dhSignedData.data,0); asn1_makeseq(); @@ -1281,19 +1282,19 @@ asn1_error_code asn1_encode_kdc_dh_key_info(asn1buf *buf, const krb5_kdc_dh_key_ { asn1_setup(); - if (val->dhKeyExpiration != 0) - asn1_addfield(val->dhKeyExpiration, 2, asn1_encode_kerberos_time); + if (val->dhKeyExpiration != 0) + asn1_addfield(val->dhKeyExpiration, 2, asn1_encode_kerberos_time); asn1_addfield(val->nonce, 1, asn1_encode_integer); asn1_insert_implicit_bitstring(val->subjectPublicKey.length,val->subjectPublicKey.data,3); - retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, - val->subjectPublicKey.length + 1 + length, - &length); + retval = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, + val->subjectPublicKey.length + 1 + length, + &length); if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } - sum += length; + sum += length; asn1_makeseq(); asn1_cleanup(); @@ -1328,13 +1329,13 @@ asn1_error_code asn1_encode_pa_pk_as_rep(asn1buf *buf, const krb5_pa_pk_as_rep * switch (val->choice) { case choice_pa_pk_as_rep_dhInfo: - asn1_addfield(&(val->u.dh_Info), choice_pa_pk_as_rep_dhInfo, asn1_encode_dh_rep_info); - break; + asn1_addfield(&(val->u.dh_Info), choice_pa_pk_as_rep_dhInfo, asn1_encode_dh_rep_info); + break; case choice_pa_pk_as_rep_encKeyPack: - asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); - break; + asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); + break; default: - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; } asn1_cleanup(); @@ -1347,13 +1348,13 @@ asn1_error_code asn1_encode_pa_pk_as_rep_draft9(asn1buf *buf, const krb5_pa_pk_a switch (val->choice) { case choice_pa_pk_as_rep_draft9_dhSignedData: - asn1_insert_implicit_octetstring(val->u.dhSignedData.length,val->u.dhSignedData.data,0); - break; + asn1_insert_implicit_octetstring(val->u.dhSignedData.length,val->u.dhSignedData.data,0); + break; case choice_pa_pk_as_rep_encKeyPack: - asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); - break; + asn1_insert_implicit_octetstring(val->u.encKeyPack.length,val->u.encKeyPack.data,1); + break; default: - return ASN1_MISSING_FIELD; + return ASN1_MISSING_FIELD; } asn1_cleanup(); @@ -1364,8 +1365,8 @@ asn1_error_code asn1_encode_td_trusted_certifiers(asn1buf *buf, const krb5_exter asn1_setup(); retval = asn1_encode_sequence_of_external_principal_identifier(buf, val, &length); if (retval) { - asn1buf_destroy(&buf); - return retval; + asn1buf_destroy(&buf); + return retval; } asn1_cleanup(); } @@ -1379,9 +1380,9 @@ asn1_error_code asn1_encode_sequence_of_typed_data(asn1buf *buf, const krb5_type for (i=0; val[i] != NULL; i++); for (i--; i>=0; i--) { - retval = asn1_encode_typed_data(buf,val[i],&length); - if (retval) return retval; - sum += length; + retval = asn1_encode_typed_data(buf,val[i],&length); + if (retval) return retval; + sum += length; } asn1_makeseq(); diff --git a/src/lib/krb5/asn.1/asn1_k_encode.h b/src/lib/krb5/asn.1/asn1_k_encode.h index b5f24c42b..7ec2b0632 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.h +++ b/src/lib/krb5/asn.1/asn1_k_encode.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_k_encode.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -77,263 +78,263 @@ **** for simple val's **** asn1_error_code asn1_encode_asn1_type(asn1buf *buf, const krb5_type val, - int *retlen); + int *retlen); requires *buf is allocated effects Inserts the encoding of val into *buf and returns the length of this encoding in *retlen. - Returns ASN1_MISSING_FIELD if a required field is empty in val. - Returns ENOMEM if memory runs out. + Returns ASN1_MISSING_FIELD if a required field is empty in val. + Returns ENOMEM if memory runs out. **** for struct val's **** asn1_error_code asn1_encode_asn1_type(asn1buf *buf, const krb5_type *val, - int *retlen); + int *retlen); requires *buf is allocated effects Inserts the encoding of *val into *buf and returns the length of this encoding in *retlen. - Returns ASN1_MISSING_FIELD if a required field is empty in val. - Returns ENOMEM if memory runs out. + Returns ASN1_MISSING_FIELD if a required field is empty in val. + Returns ENOMEM if memory runs out. **** for array val's **** asn1_error_code asn1_encode_asn1_type(asn1buf *buf, const krb5_type **val, - int *retlen); + int *retlen); requires *buf is allocated, **val != NULL, *val[0] != NULL, **val is a NULL-terminated array of pointers to krb5_type effects Inserts the encoding of **val into *buf and returns the length of this encoding in *retlen. - Returns ASN1_MISSING_FIELD if a required field is empty in val. - Returns ENOMEM if memory runs out. + Returns ASN1_MISSING_FIELD if a required field is empty in val. + Returns ENOMEM if memory runs out. */ asn1_error_code asn1_encode_ui_4 (asn1buf *buf, - const krb5_ui_4 val, - unsigned int *retlen); + const krb5_ui_4 val, + unsigned int *retlen); asn1_error_code asn1_encode_msgtype (asn1buf *buf, - const /*krb5_msgtype*/int val, - unsigned int *retlen); + const /*krb5_msgtype*/int val, + unsigned int *retlen); asn1_error_code asn1_encode_realm - (asn1buf *buf, const krb5_principal val, unsigned int *retlen); + (asn1buf *buf, const krb5_principal val, unsigned int *retlen); asn1_error_code asn1_encode_principal_name - (asn1buf *buf, const krb5_principal val, unsigned int *retlen); + (asn1buf *buf, const krb5_principal val, unsigned int *retlen); asn1_error_code asn1_encode_encrypted_data - (asn1buf *buf, const krb5_enc_data *val, unsigned int *retlen); + (asn1buf *buf, const krb5_enc_data *val, unsigned int *retlen); asn1_error_code asn1_encode_krb5_flags - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); + (asn1buf *buf, const krb5_flags val, unsigned int *retlen); asn1_error_code asn1_encode_ap_options - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); + (asn1buf *buf, const krb5_flags val, unsigned int *retlen); asn1_error_code asn1_encode_ticket_flags - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); + (asn1buf *buf, const krb5_flags val, unsigned int *retlen); asn1_error_code asn1_encode_kdc_options - (asn1buf *buf, const krb5_flags val, unsigned int *retlen); + (asn1buf *buf, const krb5_flags val, unsigned int *retlen); asn1_error_code asn1_encode_authorization_data - (asn1buf *buf, const krb5_authdata **val, unsigned int *retlen); + (asn1buf *buf, const krb5_authdata **val, unsigned int *retlen); asn1_error_code asn1_encode_krb5_authdata_elt - (asn1buf *buf, const krb5_authdata *val, unsigned int *retlen); + (asn1buf *buf, const krb5_authdata *val, unsigned int *retlen); asn1_error_code asn1_encode_kdc_rep - (int msg_type, asn1buf *buf, const krb5_kdc_rep *val, - unsigned int *retlen); + (int msg_type, asn1buf *buf, const krb5_kdc_rep *val, + unsigned int *retlen); asn1_error_code asn1_encode_enc_kdc_rep_part - (asn1buf *buf, const krb5_enc_kdc_rep_part *val, - unsigned int *retlen); + (asn1buf *buf, const krb5_enc_kdc_rep_part *val, + unsigned int *retlen); asn1_error_code asn1_encode_ticket - (asn1buf *buf, const krb5_ticket *val, unsigned int *retlen); + (asn1buf *buf, const krb5_ticket *val, unsigned int *retlen); asn1_error_code asn1_encode_encryption_key - (asn1buf *buf, const krb5_keyblock *val, unsigned int *retlen); + (asn1buf *buf, const krb5_keyblock *val, unsigned int *retlen); asn1_error_code asn1_encode_kerberos_time - (asn1buf *buf, const krb5_timestamp val, unsigned int *retlen); + (asn1buf *buf, const krb5_timestamp val, unsigned int *retlen); asn1_error_code asn1_encode_checksum - (asn1buf *buf, const krb5_checksum *val, unsigned int *retlen); + (asn1buf *buf, const krb5_checksum *val, unsigned int *retlen); asn1_error_code asn1_encode_host_address - (asn1buf *buf, const krb5_address *val, unsigned int *retlen); + (asn1buf *buf, const krb5_address *val, unsigned int *retlen); asn1_error_code asn1_encode_host_addresses - (asn1buf *buf, const krb5_address **val, unsigned int *retlen); + (asn1buf *buf, const krb5_address **val, unsigned int *retlen); asn1_error_code asn1_encode_transited_encoding - (asn1buf *buf, const krb5_transited *val, unsigned int *retlen); + (asn1buf *buf, const krb5_transited *val, unsigned int *retlen); asn1_error_code asn1_encode_last_req - (asn1buf *buf, const krb5_last_req_entry **val, - unsigned int *retlen); + (asn1buf *buf, const krb5_last_req_entry **val, + unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_pa_data - (asn1buf *buf, const krb5_pa_data **val, unsigned int *retlen); + (asn1buf *buf, const krb5_pa_data **val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_ticket - (asn1buf *buf, const krb5_ticket **val, unsigned int *retlen); + (asn1buf *buf, const krb5_ticket **val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_enctype - (asn1buf *buf, - const int len, const krb5_enctype *val, - unsigned int *retlen); + (asn1buf *buf, + const int len, const krb5_enctype *val, + unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_checksum - (asn1buf *buf, const krb5_checksum **val, unsigned int *retlen); + (asn1buf *buf, const krb5_checksum **val, unsigned int *retlen); asn1_error_code asn1_encode_kdc_req - (int msg_type, - asn1buf *buf, - const krb5_kdc_req *val, - unsigned int *retlen); + (int msg_type, + asn1buf *buf, + const krb5_kdc_req *val, + unsigned int *retlen); asn1_error_code asn1_encode_kdc_req_body - (asn1buf *buf, const krb5_kdc_req *val, unsigned int *retlen); + (asn1buf *buf, const krb5_kdc_req *val, unsigned int *retlen); asn1_error_code asn1_encode_krb_safe_body - (asn1buf *buf, const krb5_safe *val, unsigned int *retlen); + (asn1buf *buf, const krb5_safe *val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_krb_cred_info - (asn1buf *buf, const krb5_cred_info **val, unsigned int *retlen); + (asn1buf *buf, const krb5_cred_info **val, unsigned int *retlen); asn1_error_code asn1_encode_krb_cred_info - (asn1buf *buf, const krb5_cred_info *val, unsigned int *retlen); + (asn1buf *buf, const krb5_cred_info *val, unsigned int *retlen); asn1_error_code asn1_encode_last_req_entry - (asn1buf *buf, const krb5_last_req_entry *val, - unsigned int *retlen); + (asn1buf *buf, const krb5_last_req_entry *val, + unsigned int *retlen); asn1_error_code asn1_encode_pa_data - (asn1buf *buf, const krb5_pa_data *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pa_data *val, unsigned int *retlen); asn1_error_code asn1_encode_alt_method - (asn1buf *buf, const krb5_alt_method *val, - unsigned int *retlen); + (asn1buf *buf, const krb5_alt_method *val, + unsigned int *retlen); asn1_error_code asn1_encode_etype_info_entry - (asn1buf *buf, const krb5_etype_info_entry *val, - unsigned int *retlen, int etype_info2); + (asn1buf *buf, const krb5_etype_info_entry *val, + unsigned int *retlen, int etype_info2); asn1_error_code asn1_encode_etype_info - (asn1buf *buf, const krb5_etype_info_entry **val, - unsigned int *retlen, int etype_info2); + (asn1buf *buf, const krb5_etype_info_entry **val, + unsigned int *retlen, int etype_info2); asn1_error_code asn1_encode_passwdsequence - (asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen); + (asn1buf *buf, const passwd_phrase_element *val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_passwdsequence - (asn1buf *buf, const passwd_phrase_element **val, - unsigned int *retlen); + (asn1buf *buf, const passwd_phrase_element **val, + unsigned int *retlen); asn1_error_code asn1_encode_sam_flags - (asn1buf * buf, const krb5_flags val, unsigned int *retlen); + (asn1buf * buf, const krb5_flags val, unsigned int *retlen); asn1_error_code asn1_encode_sam_challenge - (asn1buf *buf, const krb5_sam_challenge * val, unsigned int *retlen); + (asn1buf *buf, const krb5_sam_challenge * val, unsigned int *retlen); asn1_error_code asn1_encode_sam_challenge_2 - (asn1buf *buf, const krb5_sam_challenge_2 * val, unsigned int *retlen); + (asn1buf *buf, const krb5_sam_challenge_2 * val, unsigned int *retlen); asn1_error_code asn1_encode_sam_challenge_2_body - (asn1buf *buf, const krb5_sam_challenge_2_body * val, - unsigned int *retlen); + (asn1buf *buf, const krb5_sam_challenge_2_body * val, + unsigned int *retlen); asn1_error_code asn1_encode_sam_key - (asn1buf *buf, const krb5_sam_key *val, unsigned int *retlen); + (asn1buf *buf, const krb5_sam_key *val, unsigned int *retlen); asn1_error_code asn1_encode_enc_sam_response_enc - (asn1buf *buf, const krb5_enc_sam_response_enc *val, - unsigned int *retlen); + (asn1buf *buf, const krb5_enc_sam_response_enc *val, + unsigned int *retlen); asn1_error_code asn1_encode_enc_sam_response_enc_2 - (asn1buf *buf, const krb5_enc_sam_response_enc_2 *val, - unsigned int *retlen); + (asn1buf *buf, const krb5_enc_sam_response_enc_2 *val, + unsigned int *retlen); asn1_error_code asn1_encode_sam_response - (asn1buf *buf, const krb5_sam_response *val, unsigned int *retlen); + (asn1buf *buf, const krb5_sam_response *val, unsigned int *retlen); asn1_error_code asn1_encode_sam_response_2 - (asn1buf *buf, const krb5_sam_response_2 *val, unsigned int *retlen); + (asn1buf *buf, const krb5_sam_response_2 *val, unsigned int *retlen); asn1_error_code asn1_encode_predicted_sam_response - (asn1buf *buf, const krb5_predicted_sam_response *val, - unsigned int *retlen); + (asn1buf *buf, const krb5_predicted_sam_response *val, + unsigned int *retlen); asn1_error_code asn1_encode_krb_saved_safe_body - (asn1buf *buf, const krb5_data *body, unsigned int *retlen); + (asn1buf *buf, const krb5_data *body, unsigned int *retlen); /* PKINIT */ asn1_error_code asn1_encode_pk_authenticator - (asn1buf *buf, const krb5_pk_authenticator *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pk_authenticator *val, unsigned int *retlen); asn1_error_code asn1_encode_pk_authenticator_draft9 - (asn1buf *buf, const krb5_pk_authenticator_draft9 *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pk_authenticator_draft9 *val, unsigned int *retlen); asn1_error_code asn1_encode_algorithm_identifier - (asn1buf *buf, const krb5_algorithm_identifier *val, unsigned int *retlen); + (asn1buf *buf, const krb5_algorithm_identifier *val, unsigned int *retlen); asn1_error_code asn1_encode_subject_pk_info - (asn1buf *buf, const krb5_subject_pk_info *val, unsigned int *retlen); + (asn1buf *buf, const krb5_subject_pk_info *val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_algorithm_identifier - (asn1buf *buf, const krb5_algorithm_identifier **val, unsigned int *retlen); + (asn1buf *buf, const krb5_algorithm_identifier **val, unsigned int *retlen); asn1_error_code asn1_encode_auth_pack - (asn1buf *buf, const krb5_auth_pack *val, unsigned int *retlen); + (asn1buf *buf, const krb5_auth_pack *val, unsigned int *retlen); asn1_error_code asn1_encode_auth_pack_draft9 - (asn1buf *buf, const krb5_auth_pack_draft9 *val, unsigned int *retlen); + (asn1buf *buf, const krb5_auth_pack_draft9 *val, unsigned int *retlen); asn1_error_code asn1_encode_external_principal_identifier - (asn1buf *buf, const krb5_external_principal_identifier *val, unsigned int *retlen); + (asn1buf *buf, const krb5_external_principal_identifier *val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_external_principal_identifier - (asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen); + (asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen); asn1_error_code asn1_encode_pa_pk_as_req - (asn1buf *buf, const krb5_pa_pk_as_req *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pa_pk_as_req *val, unsigned int *retlen); asn1_error_code asn1_encode_trusted_ca - (asn1buf *buf, const krb5_trusted_ca *val, unsigned int *retlen); + (asn1buf *buf, const krb5_trusted_ca *val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_trusted_ca - (asn1buf *buf, const krb5_trusted_ca **val, unsigned int *retlen); + (asn1buf *buf, const krb5_trusted_ca **val, unsigned int *retlen); asn1_error_code asn1_encode_pa_pk_as_req_draft9 - (asn1buf *buf, const krb5_pa_pk_as_req_draft9 *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pa_pk_as_req_draft9 *val, unsigned int *retlen); asn1_error_code asn1_encode_dh_rep_info - (asn1buf *buf, const krb5_dh_rep_info *val, unsigned int *retlen); + (asn1buf *buf, const krb5_dh_rep_info *val, unsigned int *retlen); asn1_error_code asn1_encode_kdc_dh_key_info - (asn1buf *buf, const krb5_kdc_dh_key_info *val, unsigned int *retlen); + (asn1buf *buf, const krb5_kdc_dh_key_info *val, unsigned int *retlen); asn1_error_code asn1_encode_reply_key_pack - (asn1buf *buf, const krb5_reply_key_pack *val, unsigned int *retlen); + (asn1buf *buf, const krb5_reply_key_pack *val, unsigned int *retlen); asn1_error_code asn1_encode_reply_key_pack_draft9 - (asn1buf *buf, const krb5_reply_key_pack_draft9 *val, unsigned int *retlen); + (asn1buf *buf, const krb5_reply_key_pack_draft9 *val, unsigned int *retlen); asn1_error_code asn1_encode_pa_pk_as_rep - (asn1buf *buf, const krb5_pa_pk_as_rep *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pa_pk_as_rep *val, unsigned int *retlen); asn1_error_code asn1_encode_pa_pk_as_rep_draft9 - (asn1buf *buf, const krb5_pa_pk_as_rep_draft9 *val, unsigned int *retlen); + (asn1buf *buf, const krb5_pa_pk_as_rep_draft9 *val, unsigned int *retlen); asn1_error_code asn1_encode_td_trusted_certifiers - (asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen); + (asn1buf *buf, const krb5_external_principal_identifier **val, unsigned int *retlen); asn1_error_code asn1_encode_typed_data - (asn1buf *buf, const krb5_typed_data *val, unsigned int *retlen); + (asn1buf *buf, const krb5_typed_data *val, unsigned int *retlen); asn1_error_code asn1_encode_sequence_of_typed_data - (asn1buf *buf, const krb5_typed_data **val, unsigned int *retlen); + (asn1buf *buf, const krb5_typed_data **val, unsigned int *retlen); #endif diff --git a/src/lib/krb5/asn.1/asn1_make.c b/src/lib/krb5/asn.1/asn1_make.c index 5c13c035a..c4f740c7f 100644 --- a/src/lib/krb5/asn.1/asn1_make.c +++ b/src/lib/krb5/asn.1/asn1_make.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_make.c - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -27,17 +28,17 @@ #include "asn1_make.h" asn1_error_code asn1_make_etag(asn1buf *buf, asn1_class asn1class, - asn1_tagnum tagnum, unsigned int in_len, - unsigned int *retlen) + asn1_tagnum tagnum, unsigned int in_len, + unsigned int *retlen) { return asn1_make_tag(buf,asn1class,CONSTRUCTED,tagnum,in_len,retlen); } asn1_error_code asn1_make_tag(asn1buf *buf, asn1_class asn1class, - asn1_construction construction, - asn1_tagnum tagnum, unsigned int in_len, - unsigned int *retlen) + asn1_construction construction, + asn1_tagnum tagnum, unsigned int in_len, + unsigned int *retlen) { asn1_error_code retval; unsigned int sumlen=0, length; @@ -60,57 +61,57 @@ asn1_error_code asn1_make_length(asn1buf *buf, const unsigned int in_len, unsign asn1_error_code retval; if (in_len < 128) { - retval = asn1buf_insert_octet(buf, (asn1_octet)(in_len&0x7F)); - if (retval) return retval; - *retlen = 1; + retval = asn1buf_insert_octet(buf, (asn1_octet)(in_len&0x7F)); + if (retval) return retval; + *retlen = 1; } else { - int in_copy=in_len, length=0; - - while (in_copy != 0) { - retval = asn1buf_insert_octet(buf, (asn1_octet)(in_copy&0xFF)); - if (retval) return retval; - in_copy = in_copy >> 8; - length++; - } - retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(length&0x7F))); - if (retval) return retval; - length++; - *retlen = length; + int in_copy=in_len, length=0; + + while (in_copy != 0) { + retval = asn1buf_insert_octet(buf, (asn1_octet)(in_copy&0xFF)); + if (retval) return retval; + in_copy = in_copy >> 8; + length++; + } + retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(length&0x7F))); + if (retval) return retval; + length++; + *retlen = length; } return 0; } asn1_error_code asn1_make_id(asn1buf *buf, asn1_class asn1class, - asn1_construction construction, - asn1_tagnum tagnum, unsigned int *retlen) + asn1_construction construction, + asn1_tagnum tagnum, unsigned int *retlen) { asn1_error_code retval; if (tagnum < 31) { - retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | - (asn1_octet)tagnum)); - if (retval) return retval; - *retlen = 1; + retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | + (asn1_octet)tagnum)); + if (retval) return retval; + *retlen = 1; } else { - asn1_tagnum tagcopy = tagnum; - int length = 0; - - retval = asn1buf_insert_octet(buf, (asn1_octet)(tagcopy&0x7F)); - if (retval) return retval; - tagcopy >>= 7; - length++; - - for (; tagcopy != 0; tagcopy >>= 7) { - retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(tagcopy&0x7F))); - if (retval) return retval; - length++; - } - - retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | 0x1F)); - if (retval) return retval; - length++; - *retlen = length; + asn1_tagnum tagcopy = tagnum; + int length = 0; + + retval = asn1buf_insert_octet(buf, (asn1_octet)(tagcopy&0x7F)); + if (retval) return retval; + tagcopy >>= 7; + length++; + + for (; tagcopy != 0; tagcopy >>= 7) { + retval = asn1buf_insert_octet(buf, (asn1_octet) (0x80 | (asn1_octet)(tagcopy&0x7F))); + if (retval) return retval; + length++; + } + + retval = asn1buf_insert_octet(buf, (asn1_octet) (asn1class | construction | 0x1F)); + if (retval) return retval; + length++; + *retlen = length; } return 0; diff --git a/src/lib/krb5/asn.1/asn1_make.h b/src/lib/krb5/asn.1/asn1_make.h index de13d7b52..c866572b2 100644 --- a/src/lib/krb5/asn.1/asn1_make.h +++ b/src/lib/krb5/asn.1/asn1_make.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_make.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -47,38 +48,38 @@ */ asn1_error_code asn1_make_etag - (asn1buf *buf, - asn1_class asn1class, - asn1_tagnum tagnum, - unsigned int in_len, - unsigned int *retlen); + (asn1buf *buf, + asn1_class asn1class, + asn1_tagnum tagnum, + unsigned int in_len, + unsigned int *retlen); /* requires *buf is allocated, in_len is the length of an ASN.1 encoding which has just been inserted in *buf modifies *buf, *retlen effects Inserts an explicit tag with class = asn1class, id# = tag length = in_len into *buf. - Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. */ + Returns the length of this encoding in *retlen. + Returns ENOMEM if memory runs out. */ asn1_error_code asn1_make_tag - (asn1buf *buf, asn1_class asn1class, - asn1_construction construction, - asn1_tagnum tagnum, - unsigned int in_len, - unsigned int *retlen); + (asn1buf *buf, asn1_class asn1class, + asn1_construction construction, + asn1_tagnum tagnum, + unsigned int in_len, + unsigned int *retlen); /* requires *buf is allocated, in_len is the length of an ASN.1 encoding which has just been inserted in *buf modifies *buf, *retlen effects Inserts the encoding of a tag with class = asn1class, primitive/constructed staus = construction, - id# = tag and length = in_len into *buf. - Returns the length of this encoding in *retlen. - Returns ENOMEM if memory runs out. - Returns ASN1_OVERFLOW if tagnum exceeds the limits of - the implementation. */ + id# = tag and length = in_len into *buf. + Returns the length of this encoding in *retlen. + Returns ENOMEM if memory runs out. + Returns ASN1_OVERFLOW if tagnum exceeds the limits of + the implementation. */ asn1_error_code asn1_make_sequence - (asn1buf *buf, const unsigned int seq_len, unsigned int *len); + (asn1buf *buf, const unsigned int seq_len, unsigned int *len); /* requires *buf is allocated, seq_len is the length of a series of sequence components which have just been inserted in *buf modifies *buf, *retlen @@ -87,8 +88,8 @@ asn1_error_code asn1_make_sequence Returns ENOMEM if memory runs out. */ asn1_error_code asn1_make_set - (asn1buf *buf, const unsigned int set_len, - unsigned int *retlen); + (asn1buf *buf, const unsigned int set_len, + unsigned int *retlen); /* requires *buf is allocated, seq_len is the length of a series of sequence components which have just been inserted in *buf modifies *buf, *retlen @@ -97,9 +98,9 @@ asn1_error_code asn1_make_set Returns ENOMEM if memory runs out. */ asn1_error_code asn1_make_string - (asn1buf *buf, - const unsigned int len, const char *string, - int *retlen); + (asn1buf *buf, + const unsigned int len, const char *string, + int *retlen); /* requires *buf is allocated, len is the length of *string effects Inserts the encoding of *string (a series of octets) in *buf. Returns the length of this encoding in *retlen. @@ -111,8 +112,8 @@ asn1_error_code asn1_make_string /* "helper" procedure for asn1_make_tag */ asn1_error_code asn1_make_length - (asn1buf *buf, const unsigned int in_len, - unsigned int *retlen); + (asn1buf *buf, const unsigned int in_len, + unsigned int *retlen); /* requires *buf is allocated, in_len is the length of an ASN.1 encoding which has just been inserted in *buf modifies *buf, *retlen @@ -120,11 +121,11 @@ asn1_error_code asn1_make_length /* "helper" procedure for asn1_make_tag */ asn1_error_code asn1_make_id - (asn1buf *buf, - asn1_class asn1class, - asn1_construction construction, - asn1_tagnum tagnum, - unsigned int *retlen); + (asn1buf *buf, + asn1_class asn1class, + asn1_construction construction, + asn1_tagnum tagnum, + unsigned int *retlen); /* requires *buf is allocated, asn1class and tagnum are appropriate for the ASN.1 encoding which has just been inserted in *buf modifies *buf, *retlen diff --git a/src/lib/krb5/asn.1/asn1_misc.c b/src/lib/krb5/asn.1/asn1_misc.c index 54ed273ce..c357f60c2 100644 --- a/src/lib/krb5/asn.1/asn1_misc.c +++ b/src/lib/krb5/asn.1/asn1_misc.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_misc.c - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -32,6 +33,6 @@ asn1_error_code asn1_krb5_realm_copy(krb5_principal target, krb5_principal sourc target->realm.data = (char*)malloc(target->realm.length); /* copy realm */ if (target->realm.data == NULL) return ENOMEM; memcpy(target->realm.data,source->realm.data, /* to client */ - target->realm.length); + target->realm.length); return 0; } diff --git a/src/lib/krb5/asn.1/asn1_misc.h b/src/lib/krb5/asn.1/asn1_misc.h index 31b30dac2..ca9d57999 100644 --- a/src/lib/krb5/asn.1/asn1_misc.h +++ b/src/lib/krb5/asn.1/asn1_misc.h @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/asn1_misc.h - * + * * Copyright 1994 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -31,7 +32,7 @@ #include "krbasn1.h" asn1_error_code asn1_krb5_realm_copy - (krb5_principal target, krb5_principal source); + (krb5_principal target, krb5_principal source); /* requires target, source, and source->realm are allocated effects Copies source->realm into target->realm. Returns ENOMEM if memory is exhausted. */ diff --git a/src/lib/krb5/asn.1/asn1buf.c b/src/lib/krb5/asn.1/asn1buf.c index 5320e184e..49ef84fbb 100644 --- a/src/lib/krb5/asn.1/asn1buf.c +++ b/src/lib/krb5/asn.1/asn1buf.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* Coding Buffer Implementation */ /* @@ -47,7 +48,7 @@ next >= base next <= bound+2 (i.e. next should be able to step just past the bound, but no further. (The bound should move out in response - to being crossed by next.)) */ + to being crossed by next.)) */ #define ASN1BUF_OMIT_INLINE_FUNCS #include "asn1buf.h" @@ -55,7 +56,7 @@ #include <stdio.h> #include "asn1_get.h" -#define asn1_is_eoc(class, num, indef) \ +#define asn1_is_eoc(class, num, indef) \ ((class) == UNIVERSAL && !(num) && !(indef)) asn1_error_code asn1buf_create(asn1buf **buf) @@ -80,30 +81,30 @@ asn1_error_code asn1buf_imbed(asn1buf *subbuf, const asn1buf *buf, const unsigne { subbuf->base = subbuf->next = buf->next; if (!indef) { - subbuf->bound = subbuf->base + length - 1; - if (subbuf->bound > buf->bound) - return ASN1_OVERRUN; + subbuf->bound = subbuf->base + length - 1; + if (subbuf->bound > buf->bound) + return ASN1_OVERRUN; } else /* constructed indefinite */ - subbuf->bound = buf->bound; + subbuf->bound = buf->bound; return 0; } asn1_error_code asn1buf_sync(asn1buf *buf, asn1buf *subbuf, - asn1_class asn1class, asn1_tagnum lasttag, - unsigned int length, int indef, int seqindef) + asn1_class asn1class, asn1_tagnum lasttag, + unsigned int length, int indef, int seqindef) { asn1_error_code retval; if (!seqindef) { - /* sequence was encoded as definite length */ - buf->next = subbuf->bound + 1; + /* sequence was encoded as definite length */ + buf->next = subbuf->bound + 1; } else if (!asn1_is_eoc(asn1class, lasttag, indef)) { - retval = asn1buf_skiptail(subbuf, length, indef); - if (retval) - return retval; + retval = asn1buf_skiptail(subbuf, length, indef); + if (retval) + return retval; } else { - /* We have just read the EOC octets. */ - buf->next = subbuf->next; + /* We have just read the EOC octets. */ + buf->next = subbuf->next; } return 0; } @@ -116,26 +117,26 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const nestlevel = 1 + indef; if (!indef) { - if (length <= buf->bound - buf->next + 1) - buf->next += length; - else - return ASN1_OVERRUN; + if (length <= buf->bound - buf->next + 1) + buf->next += length; + else + return ASN1_OVERRUN; } while (nestlevel > 0) { - if (buf->bound - buf->next + 1 <= 0) - return ASN1_OVERRUN; - retval = asn1_get_tag_2(buf, &t); - if (retval) return retval; - if (!t.indef) { - if (t.length <= buf->bound - buf->next + 1) - buf->next += t.length; - else - return ASN1_OVERRUN; - } - if (t.indef) - nestlevel++; - if (asn1_is_eoc(t.asn1class, t.tagnum, t.indef)) - nestlevel--; /* got an EOC encoding */ + if (buf->bound - buf->next + 1 <= 0) + return ASN1_OVERRUN; + retval = asn1_get_tag_2(buf, &t); + if (retval) return retval; + if (!t.indef) { + if (t.length <= buf->bound - buf->next + 1) + buf->next += t.length; + else + return ASN1_OVERRUN; + } + if (t.indef) + nestlevel++; + if (asn1_is_eoc(t.asn1class, t.tagnum, t.indef)) + nestlevel--; /* got an EOC encoding */ } return 0; } @@ -143,9 +144,9 @@ asn1_error_code asn1buf_skiptail(asn1buf *buf, const unsigned int length, const asn1_error_code asn1buf_destroy(asn1buf **buf) { if (*buf != NULL) { - free((*buf)->base); - free(*buf); - *buf = NULL; + free((*buf)->base); + free(*buf); + *buf = NULL; } return 0; } @@ -172,7 +173,7 @@ asn1_error_code asn1buf_insert_octetstring(asn1buf *buf, const unsigned int len, retval = asn1buf_ensure_space(buf,len); if (retval) return retval; for (length=1; length<=len; length++,(buf->next)++) - *(buf->next) = (char)(s[len-length]); + *(buf->next) = (char)(s[len-length]); return 0; } @@ -184,7 +185,7 @@ asn1_error_code asn1buf_insert_charstring(asn1buf *buf, const unsigned int len, retval = asn1buf_ensure_space(buf,len); if (retval) return retval; for (length=1; length<=len; length++,(buf->next)++) - *(buf->next) = (char)(s[len-length]); + *(buf->next) = (char)(s[len-length]); return 0; } @@ -202,14 +203,14 @@ asn1_error_code asn1buf_remove_octetstring(asn1buf *buf, const unsigned int len, if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; if (len == 0) { - *s = 0; - return 0; + *s = 0; + return 0; } *s = (asn1_octet*)malloc(len*sizeof(asn1_octet)); if (*s == NULL) - return ENOMEM; + return ENOMEM; for (i=0; i<len; i++) - (*s)[i] = (asn1_octet)(buf->next)[i]; + (*s)[i] = (asn1_octet)(buf->next)[i]; buf->next += len; return 0; } @@ -220,13 +221,13 @@ asn1_error_code asn1buf_remove_charstring(asn1buf *buf, const unsigned int len, if (len > buf->bound + 1 - buf->next) return ASN1_OVERRUN; if (len == 0) { - *s = 0; - return 0; + *s = 0; + return 0; } *s = (char*)malloc(len*sizeof(char)); if (*s == NULL) return ENOMEM; for (i=0; i<len; i++) - (*s)[i] = (char)(buf->next)[i]; + (*s)[i] = (char)(buf->next)[i]; buf->next += len; return 0; } @@ -241,7 +242,7 @@ int asn1buf_remains(asn1buf *buf, int indef) * Two 0 octets means the end of an indefinite encoding. */ if (indef && remain >= 2 && !*(buf->next) && !*(buf->next + 1)) - return 0; + return 0; else return remain; } @@ -256,12 +257,12 @@ asn1_error_code asn12krb5_buf(const asn1buf *buf, krb5_data **code) (*code)->length = asn1buf_len(buf); (*code)->data = (char*)malloc((((*code)->length)+1)*sizeof(char)); if ((*code)->data == NULL) { - free(*code); - *code = NULL; - return ENOMEM; + free(*code); + *code = NULL; + return ENOMEM; } for (i=0; i < (*code)->length; i++) - ((*code)->data)[i] = (buf->base)[((*code)->length)-i-1]; + ((*code)->data)[i] = (buf->base)[((*code)->length)-i-1]; ((*code)->data)[(*code)->length] = '\0'; return 0; } @@ -275,21 +276,21 @@ asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) { free(*s); if (buf == NULL) { - *s = malloc(sizeof("<NULL>")); - if (*s == NULL) return ENOMEM; - strcpy(*s,"<NULL>"); + *s = malloc(sizeof("<NULL>")); + if (*s == NULL) return ENOMEM; + strcpy(*s,"<NULL>"); } else if (buf->base == NULL) { - *s = malloc(sizeof("<EMPTY>")); - if (*s == NULL) return ENOMEM; - strcpy(*s,"<EMPTY>"); + *s = malloc(sizeof("<EMPTY>")); + if (*s == NULL) return ENOMEM; + strcpy(*s,"<EMPTY>"); } else { - unsigned int length = asn1buf_len(buf); - unsigned int i; + unsigned int length = asn1buf_len(buf); + unsigned int i; - *s = calloc(length+1, sizeof(char)); - if (*s == NULL) return ENOMEM; - (*s)[length] = '\0'; - for (i=0; i<length; i++) ; + *s = calloc(length+1, sizeof(char)); + if (*s == NULL) return ENOMEM; + (*s)[length] = '\0'; + for (i=0; i<length; i++) ; /* OLDDECLARG( (*s)[i] = , (buf->base)[length-i-1]) */ } return 0; @@ -297,32 +298,32 @@ asn1_error_code asn1buf_unparse(const asn1buf *buf, char **s) asn1_error_code asn1buf_hex_unparse(const asn1buf *buf, char **s) { -#define hexchar(d) ((d)<=9 ? ('0'+(d)) : \ - ((d)<=15 ? ('A'+(d)-10) : \ - 'X')) +#define hexchar(d) ((d)<=9 ? ('0'+(d)) : \ + ((d)<=15 ? ('A'+(d)-10) : \ + 'X')) free(*s); if (buf == NULL) { - *s = malloc(sizeof("<NULL>")); - if (*s == NULL) return ENOMEM; - strcpy(*s,"<NULL>"); + *s = malloc(sizeof("<NULL>")); + if (*s == NULL) return ENOMEM; + strcpy(*s,"<NULL>"); } else if (buf->base == NULL) { - *s = malloc(sizeof("<EMPTY>")); - if (*s == NULL) return ENOMEM; - strcpy(*s,"<EMPTY>"); + *s = malloc(sizeof("<EMPTY>")); + if (*s == NULL) return ENOMEM; + strcpy(*s,"<EMPTY>"); } else { - unsigned int length = asn1buf_len(buf); - int i; - - *s = malloc(3*length); - if (*s == NULL) return ENOMEM; - for (i = length-1; i >= 0; i--) { - (*s)[3*(length-i-1)] = hexchar(((buf->base)[i]&0xF0)>>4); - (*s)[3*(length-i-1)+1] = hexchar((buf->base)[i]&0x0F); - (*s)[3*(length-i-1)+2] = ' '; - } - (*s)[3*length-1] = '\0'; + unsigned int length = asn1buf_len(buf); + int i; + + *s = malloc(3*length); + if (*s == NULL) return ENOMEM; + for (i = length-1; i >= 0; i--) { + (*s)[3*(length-i-1)] = hexchar(((buf->base)[i]&0xF0)>>4); + (*s)[3*(length-i-1)+1] = hexchar((buf->base)[i]&0x0F); + (*s)[3*(length-i-1)+2] = ' '; + } + (*s)[3*length-1] = '\0'; } return 0; } @@ -349,8 +350,8 @@ asn1_error_code asn1buf_ensure_space(asn1buf *buf, const unsigned int amount) { int avail = asn1buf_free(buf); if (avail < amount) { - asn1_error_code retval = asn1buf_expand(buf, amount-avail); - if (retval) return retval; + asn1_error_code retval = asn1buf_expand(buf, amount-avail); + if (retval) return retval; } return 0; } @@ -364,13 +365,13 @@ asn1_error_code asn1buf_expand(asn1buf *buf, unsigned int inc) else bound_offset = buf->bound - buf->base; if (inc < STANDARD_INCREMENT) - inc = STANDARD_INCREMENT; + inc = STANDARD_INCREMENT; if (buf->base == NULL) - buf->base = malloc((asn1buf_size(buf)+inc) * sizeof(asn1_octet)); + buf->base = malloc((asn1buf_size(buf)+inc) * sizeof(asn1_octet)); else - buf->base = realloc(buf->base, - (asn1buf_size(buf)+inc) * sizeof(asn1_octet)); + buf->base = realloc(buf->base, + (asn1buf_size(buf)+inc) * sizeof(asn1_octet)); if (buf->base == NULL) return ENOMEM; buf->bound = (buf->base) + bound_offset + inc; buf->next = (buf->base) + next_offset; diff --git a/src/lib/krb5/asn.1/asn1buf.h b/src/lib/krb5/asn.1/asn1buf.h index 66daaba69..c49207648 100644 --- a/src/lib/krb5/asn.1/asn1buf.h +++ b/src/lib/krb5/asn.1/asn1buf.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* Coding Buffer Specifications */ #ifndef __ASN1BUF_H__ #define __ASN1BUF_H__ @@ -13,17 +14,17 @@ typedef struct code_buffer_rep { /**************** Private Procedures ****************/ int asn1buf_size - (const asn1buf *buf); + (const asn1buf *buf); /* requires *buf has been created and not destroyed - effects Returns the total size - (in octets) of buf's octet buffer. */ + effects Returns the total size + (in octets) of buf's octet buffer. */ #define asn1buf_size(buf) \ (((buf) == NULL || (buf)->base == NULL) \ ? 0 \ : ((buf)->bound - (buf)->base + 1)) unsigned int asn1buf_free - (const asn1buf *buf); + (const asn1buf *buf); /* requires *buf is allocated effects Returns the number of unused, allocated octets in *buf. */ #define asn1buf_free(buf) \ @@ -33,7 +34,7 @@ unsigned int asn1buf_free asn1_error_code asn1buf_ensure_space - (asn1buf *buf, const unsigned int amount); + (asn1buf *buf, const unsigned int amount); /* requires *buf is allocated modifies *buf effects If buf has less than amount octets of free space, then it is @@ -48,23 +49,23 @@ asn1_error_code asn1buf_ensure_space asn1_error_code asn1buf_expand - (asn1buf *buf, unsigned int inc); + (asn1buf *buf, unsigned int inc); /* requires *buf is allocated modifies *buf effects Expands *buf by allocating space for inc more octets. Returns ENOMEM if memory is exhausted. */ int asn1buf_len - (const asn1buf *buf); + (const asn1buf *buf); /* requires *buf is allocated effects Returns the length of the encoding in *buf. */ -#define asn1buf_len(buf) ((buf)->next - (buf)->base) +#define asn1buf_len(buf) ((buf)->next - (buf)->base) /****** End of private procedures *****/ - + /* - Overview - + Overview + The coding buffer is an array of char (to match a krb5_data structure) with 3 reference pointers: 1) base - The bottom of the octet array. Used for memory management @@ -72,12 +73,12 @@ int asn1buf_len 2) next - Points to the next available octet position in the array. During encoding, this is the next free position, and it advances as octets are added to the array. - During decoding, this is the next unread position, and it + During decoding, this is the next unread position, and it advances as octets are read from the array. 3) bound - Points to the top of the array. Used for bounds-checking. - + All pointers to encoding buffers should be initalized to NULL. - + Operations asn1buf_create @@ -100,51 +101,51 @@ int asn1buf_len */ asn1_error_code asn1buf_create - (asn1buf **buf); + (asn1buf **buf); /* effects Creates a new encoding buffer pointed to by *buf. Returns ENOMEM if the buffer can't be created. */ asn1_error_code asn1buf_wrap_data - (asn1buf *buf, const krb5_data *code); + (asn1buf *buf, const krb5_data *code); /* requires *buf has already been allocated effects Turns *buf into a "wrapper" for *code. i.e. *buf is set up such that its bottom is the beginning of *code, and its top - is the top of *code. - Returns ASN1_MISSING_FIELD if code is empty. */ + is the top of *code. + Returns ASN1_MISSING_FIELD if code is empty. */ asn1_error_code asn1buf_imbed - (asn1buf *subbuf, const asn1buf *buf, - const unsigned int length, - const int indef); + (asn1buf *subbuf, const asn1buf *buf, + const unsigned int length, + const int indef); /* requires *subbuf and *buf are allocated effects *subbuf becomes a sub-buffer of *buf. *subbuf begins at *buf's current position and is length octets long. (Unless this would exceed the bounds of *buf -- in - that case, ASN1_OVERRUN is returned) *subbuf's current - position starts at the beginning of *subbuf. */ + that case, ASN1_OVERRUN is returned) *subbuf's current + position starts at the beginning of *subbuf. */ asn1_error_code asn1buf_sync - (asn1buf *buf, asn1buf *subbuf, asn1_class Class, - asn1_tagnum lasttag, - unsigned int length, int indef, - int seqindef); + (asn1buf *buf, asn1buf *subbuf, asn1_class Class, + asn1_tagnum lasttag, + unsigned int length, int indef, + int seqindef); /* requires *subbuf is a sub-buffer of *buf, as created by asn1buf_imbed. lasttag is the last tagnumber read. effects Synchronizes *buf's current position to match that of *subbuf. */ asn1_error_code asn1buf_skiptail - (asn1buf *buf, const unsigned int length, - const int indef); + (asn1buf *buf, const unsigned int length, + const int indef); /* requires *buf is a subbuffer used in a decoding of a constructed indefinite sequence. effects skips trailing fields. */ asn1_error_code asn1buf_destroy - (asn1buf **buf); + (asn1buf **buf); /* effects Deallocates **buf, sets *buf to NULL. */ asn1_error_code asn1buf_insert_octet - (asn1buf *buf, const int o); + (asn1buf *buf, const int o); /* requires *buf is allocated effects Inserts o into the buffer *buf, expanding the buffer if necessary. Returns ENOMEM memory is exhausted. */ @@ -162,70 +163,70 @@ extern __inline__ asn1_error_code asn1buf_insert_octet(asn1buf *buf, const int o #endif asn1_error_code asn1buf_insert_octetstring - (asn1buf *buf, const unsigned int len, const asn1_octet *s); + (asn1buf *buf, const unsigned int len, const asn1_octet *s); /* requires *buf is allocated modifies *buf effects Inserts the contents of s (an octet array of length len) into the buffer *buf, expanding the buffer if necessary. - Returns ENOMEM if memory is exhausted. */ + Returns ENOMEM if memory is exhausted. */ asn1_error_code asn1buf_insert_charstring - (asn1buf *buf, const unsigned int len, const char *s); + (asn1buf *buf, const unsigned int len, const char *s); /* requires *buf is allocated modifies *buf effects Inserts the contents of s (a character array of length len) into the buffer *buf, expanding the buffer if necessary. - Returns ENOMEM if memory is exhausted. */ + Returns ENOMEM if memory is exhausted. */ asn1_error_code asn1buf_remove_octet - (asn1buf *buf, asn1_octet *o); + (asn1buf *buf, asn1_octet *o); /* requires *buf is allocated effects Returns *buf's current octet in *o and advances to the next octet. - Returns ASN1_OVERRUN if *buf has already been exhausted. */ + Returns ASN1_OVERRUN if *buf has already been exhausted. */ #define asn1buf_remove_octet(buf,o) \ (((buf)->next > (buf)->bound) \ ? ASN1_OVERRUN \ : ((*(o) = (asn1_octet)(*(((buf)->next)++))),0)) asn1_error_code asn1buf_remove_octetstring - (asn1buf *buf, const unsigned int len, asn1_octet **s); + (asn1buf *buf, const unsigned int len, asn1_octet **s); /* requires *buf is allocated effects Removes the next len octets of *buf and returns them in **s. - Returns ASN1_OVERRUN if there are fewer than len unread octets - left in *buf. - Returns ENOMEM if *s could not be allocated. */ + Returns ASN1_OVERRUN if there are fewer than len unread octets + left in *buf. + Returns ENOMEM if *s could not be allocated. */ asn1_error_code asn1buf_remove_charstring - (asn1buf *buf, const unsigned int len, - char **s); + (asn1buf *buf, const unsigned int len, + char **s); /* requires *buf is allocated effects Removes the next len octets of *buf and returns them in **s. - Returns ASN1_OVERRUN if there are fewer than len unread octets - left in *buf. - Returns ENOMEM if *s could not be allocated. */ + Returns ASN1_OVERRUN if there are fewer than len unread octets + left in *buf. + Returns ENOMEM if *s could not be allocated. */ asn1_error_code asn1buf_unparse - (const asn1buf *buf, char **s); + (const asn1buf *buf, char **s); /* modifies *s effects Returns a human-readable representation of *buf in *s, where each octet in *buf is represented by a character in *s. */ asn1_error_code asn1buf_hex_unparse - (const asn1buf *buf, char **s); + (const asn1buf *buf, char **s); /* modifies *s effects Returns a human-readable representation of *buf in *s, where each octet in *buf is represented by a 2-digit - hexadecimal number in *s. */ + hexadecimal number in *s. */ asn1_error_code asn12krb5_buf - (const asn1buf *buf, krb5_data **code); + (const asn1buf *buf, krb5_data **code); /* modifies *code effects Instantiates **code with the krb5_data representation of **buf. */ int asn1buf_remains - (asn1buf *buf, int indef); + (asn1buf *buf, int indef); /* requires *buf is a buffer containing an asn.1 structure or array modifies *buf effects Returns the number of unprocessed octets remaining in *buf. */ diff --git a/src/lib/krb5/asn.1/asn1glue.h b/src/lib/krb5/asn.1/asn1glue.h index fa3c95675..48cdc7429 100644 --- a/src/lib/krb5/asn.1/asn1glue.h +++ b/src/lib/krb5/asn.1/asn1glue.h @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * lib/krb5/asn.1/asn1glue.h * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -22,7 +23,7 @@ * M.I.T. makes no representations about the suitability of * this software for any purpose. It is provided "as is" without express * or implied warranty. - * + * * * Header file for some glue functions (macros, mostly) */ diff --git a/src/lib/krb5/asn.1/krb5_decode.c b/src/lib/krb5/asn.1/krb5_decode.c index 22e42a336..ca0eb9e37 100644 --- a/src/lib/krb5/asn.1/krb5_decode.c +++ b/src/lib/krb5/asn.1/krb5_decode.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/krb5_decode.c - * + * * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -64,17 +65,17 @@ if ((var) == NULL) clean_return(ENOMEM) /* process encoding header ***************************************/ /* decode tag and check that it == [APPLICATION tagnum] */ -#define check_apptag(tagexpect) \ -{ \ - taginfo t1; \ - retval = asn1_get_tag_2(&buf, &t1); \ - if (retval) clean_return (retval); \ - if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (t1.tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE); \ - asn1class = t1.asn1class; \ - construction = t1.construction; \ - tagnum = t1.tagnum; \ +#define check_apptag(tagexpect) \ +{ \ + taginfo t1; \ + retval = asn1_get_tag_2(&buf, &t1); \ + if (retval) clean_return (retval); \ + if (t1.asn1class != APPLICATION || t1.construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + if (t1.tagnum != (tagexpect)) clean_return(KRB5_BADMSGTYPE); \ + asn1class = t1.asn1class; \ + construction = t1.construction; \ + tagnum = t1.tagnum; \ } @@ -82,15 +83,15 @@ if ((var) == NULL) clean_return(ENOMEM) /* process a structure *******************************************/ /* decode an explicit tag and place the number in tagnum */ -#define next_tag() \ -{ taginfo t2; \ - retval = asn1_get_tag_2(&subbuf, &t2); \ - if (retval) clean_return(retval); \ - asn1class = t2.asn1class; \ - construction = t2.construction; \ - tagnum = t2.tagnum; \ - indef = t2.indef; \ - taglen = t2.length; \ +#define next_tag() \ +{ taginfo t2; \ + retval = asn1_get_tag_2(&subbuf, &t2); \ + if (retval) clean_return(retval); \ + asn1class = t2.asn1class; \ + construction = t2.construction; \ + tagnum = t2.tagnum; \ + indef = t2.indef; \ + taglen = t2.length; \ } static asn1_error_code @@ -101,16 +102,16 @@ asn1_get_eoc_tag (asn1buf *buf) retval = asn1_get_tag_2(buf, &t); if (retval) - return retval; + return retval; if (t.asn1class != UNIVERSAL || t.tagnum || t.indef) - return ASN1_MISSING_EOC; + return ASN1_MISSING_EOC; return 0; } -#define get_eoc() \ -{ \ - retval = asn1_get_eoc_tag(&subbuf); \ - if (retval) return retval; \ +#define get_eoc() \ +{ \ + retval = asn1_get_eoc_tag(&subbuf); \ + if (retval) return retval; \ } /* decode sequence header and initialize tagnum with the first field */ @@ -157,13 +158,13 @@ if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ get_field_body(var,decoder) /* decode (or skip, if not present) an optional field */ -#define opt_field(var,tagexpect,decoder) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_field_body(var,decoder); \ - } \ +#define opt_field(var,tagexpect,decoder) \ + if (asn1buf_remains(&subbuf, seqindef)) { \ + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + if (tagnum == (tagexpect)) { \ + get_field_body(var,decoder); \ + } \ } /* field w/ accompanying length *********/ @@ -181,15 +182,15 @@ if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED)\ get_lenfield_body(len,var,decoder) /* decode an optional field w/ length */ -#define opt_lenfield(len,var,tagexpect,decoder) \ - if (asn1buf_remains(&subbuf, seqindef)) { \ - if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ - clean_return(ASN1_BAD_ID); \ - if (tagnum == (tagexpect)) { \ - get_lenfield_body(len,var,decoder); \ - } \ +#define opt_lenfield(len,var,tagexpect,decoder) \ + if (asn1buf_remains(&subbuf, seqindef)) { \ + if (asn1class != CONTEXT_SPECIFIC || construction != CONSTRUCTED) \ + clean_return(ASN1_BAD_ID); \ + if (tagnum == (tagexpect)) { \ + get_lenfield_body(len,var,decoder); \ + } \ } - + /* clean up ******************************************************/ /* finish up */ @@ -198,8 +199,8 @@ get_lenfield_body(len,var,decoder) return 0; \ error_out: \ if (rep && *rep) { \ - cleanup_routine(*rep); \ - *rep = NULL; \ + cleanup_routine(*rep); \ + *rep = NULL; \ } \ return retval; @@ -207,7 +208,7 @@ error_out: \ return 0; \ error_out: \ return retval; - + #define cleanup_manual()\ return 0; @@ -224,32 +225,32 @@ krb5_error_code decode_krb5_authenticator(const krb5_data *code, krb5_authentica check_apptag(2); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - alloc_field((*rep)->client,krb5_principal_data); - get_field((*rep)->client,1,asn1_decode_realm); - get_field((*rep)->client,2,asn1_decode_principal_name); - if (tagnum == 3) { - alloc_field((*rep)->checksum,krb5_checksum); - get_field(*((*rep)->checksum),3,asn1_decode_checksum); } - get_field((*rep)->cusec,4,asn1_decode_int32); - get_field((*rep)->ctime,5,asn1_decode_kerberos_time); - if (tagnum == 6) { alloc_field((*rep)->subkey,krb5_keyblock); } - opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,7,asn1_decode_seqnum); - opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data); - (*rep)->magic = KV5M_AUTHENTICATOR; - end_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + alloc_field((*rep)->client,krb5_principal_data); + get_field((*rep)->client,1,asn1_decode_realm); + get_field((*rep)->client,2,asn1_decode_principal_name); + if (tagnum == 3) { + alloc_field((*rep)->checksum,krb5_checksum); + get_field(*((*rep)->checksum),3,asn1_decode_checksum); } + get_field((*rep)->cusec,4,asn1_decode_int32); + get_field((*rep)->ctime,5,asn1_decode_kerberos_time); + if (tagnum == 6) { alloc_field((*rep)->subkey,krb5_keyblock); } + opt_field(*((*rep)->subkey),6,asn1_decode_encryption_key); + opt_field((*rep)->seq_number,7,asn1_decode_seqnum); + opt_field((*rep)->authorization_data,8,asn1_decode_authorization_data); + (*rep)->magic = KV5M_AUTHENTICATOR; + end_structure(); } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,subkey); - free_field(*rep,checksum); - free_field(*rep,client); - free(*rep); - *rep = NULL; + free_field(*rep,subkey); + free_field(*rep,checksum); + free_field(*rep,client); + free(*rep); + *rep = NULL; } return retval; } @@ -266,26 +267,26 @@ krb5_error_code decode_krb5_ticket(const krb5_data *code, krb5_ticket **rep) setup(); alloc_field(*rep,krb5_ticket); clear_field(rep,server); - + check_apptag(1); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); - } - alloc_field((*rep)->server,krb5_principal_data); - get_field((*rep)->server,1,asn1_decode_realm); - get_field((*rep)->server,2,asn1_decode_principal_name); - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_TICKET; - end_structure(); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); + } + alloc_field((*rep)->server,krb5_principal_data); + get_field((*rep)->server,1,asn1_decode_realm); + get_field((*rep)->server,2,asn1_decode_principal_name); + get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); + (*rep)->magic = KV5M_TICKET; + end_structure(); } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,server); - free(*rep); - *rep = NULL; + free_field(*rep,server); + free(*rep); + *rep = NULL; } return retval; } @@ -296,10 +297,10 @@ krb5_error_code decode_krb5_encryption_key(const krb5_data *code, krb5_keyblock alloc_field(*rep,krb5_keyblock); { begin_structure(); - get_field((*rep)->enctype,0,asn1_decode_enctype); - get_lenfield((*rep)->length,(*rep)->contents,1,asn1_decode_octetstring); - end_structure(); - (*rep)->magic = KV5M_KEYBLOCK; + get_field((*rep)->enctype,0,asn1_decode_enctype); + get_lenfield((*rep)->length,(*rep)->contents,1,asn1_decode_octetstring); + end_structure(); + (*rep)->magic = KV5M_KEYBLOCK; } cleanup(free); } @@ -313,32 +314,32 @@ krb5_error_code decode_krb5_enc_tkt_part(const krb5_data *code, krb5_enc_tkt_par check_apptag(3); { begin_structure(); - get_field((*rep)->flags,0,asn1_decode_ticket_flags); - alloc_field((*rep)->session,krb5_keyblock); - get_field(*((*rep)->session),1,asn1_decode_encryption_key); - alloc_field((*rep)->client,krb5_principal_data); - get_field((*rep)->client,2,asn1_decode_realm); - get_field((*rep)->client,3,asn1_decode_principal_name); - get_field((*rep)->transited,4,asn1_decode_transited_encoding); - get_field((*rep)->times.authtime,5,asn1_decode_kerberos_time); - if (tagnum == 6) - { get_field((*rep)->times.starttime,6,asn1_decode_kerberos_time); } - else - (*rep)->times.starttime=(*rep)->times.authtime; - get_field((*rep)->times.endtime,7,asn1_decode_kerberos_time); - opt_field((*rep)->times.renew_till,8,asn1_decode_kerberos_time); - opt_field((*rep)->caddrs,9,asn1_decode_host_addresses); - opt_field((*rep)->authorization_data,10,asn1_decode_authorization_data); - (*rep)->magic = KV5M_ENC_TKT_PART; - end_structure(); + get_field((*rep)->flags,0,asn1_decode_ticket_flags); + alloc_field((*rep)->session,krb5_keyblock); + get_field(*((*rep)->session),1,asn1_decode_encryption_key); + alloc_field((*rep)->client,krb5_principal_data); + get_field((*rep)->client,2,asn1_decode_realm); + get_field((*rep)->client,3,asn1_decode_principal_name); + get_field((*rep)->transited,4,asn1_decode_transited_encoding); + get_field((*rep)->times.authtime,5,asn1_decode_kerberos_time); + if (tagnum == 6) + { get_field((*rep)->times.starttime,6,asn1_decode_kerberos_time); } + else + (*rep)->times.starttime=(*rep)->times.authtime; + get_field((*rep)->times.endtime,7,asn1_decode_kerberos_time); + opt_field((*rep)->times.renew_till,8,asn1_decode_kerberos_time); + opt_field((*rep)->caddrs,9,asn1_decode_host_addresses); + opt_field((*rep)->authorization_data,10,asn1_decode_authorization_data); + (*rep)->magic = KV5M_ENC_TKT_PART; + end_structure(); } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,session); - free_field(*rep,client); - free(*rep); - *rep = NULL; + free_field(*rep,session); + free_field(*rep,client); + free(*rep); + *rep = NULL; } return retval; } @@ -372,7 +373,7 @@ krb5_error_code decode_krb5_as_rep(const krb5_data *code, krb5_kdc_rep **rep) if (retval) clean_return(retval); #ifdef KRB5_MSGTYPE_STRICT if ((*rep)->msg_type != KRB5_AS_REP) - clean_return(KRB5_BADMSGTYPE); + clean_return(KRB5_BADMSGTYPE); #endif cleanup(free); @@ -401,28 +402,28 @@ krb5_error_code decode_krb5_ap_req(const krb5_data *code, krb5_ap_req **rep) check_apptag(14); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_AP_REQ) clean_return(KRB5_BADMSGTYPE); #endif - } - get_field((*rep)->ap_options,2,asn1_decode_ap_options); - alloc_field((*rep)->ticket,krb5_ticket); - get_field(*((*rep)->ticket),3,asn1_decode_ticket); - get_field((*rep)->authenticator,4,asn1_decode_encrypted_data); - end_structure(); - (*rep)->magic = KV5M_AP_REQ; + } + get_field((*rep)->ap_options,2,asn1_decode_ap_options); + alloc_field((*rep)->ticket,krb5_ticket); + get_field(*((*rep)->ticket),3,asn1_decode_ticket); + get_field((*rep)->authenticator,4,asn1_decode_encrypted_data); + end_structure(); + (*rep)->magic = KV5M_AP_REQ; } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,ticket); - free(*rep); - *rep = NULL; + free_field(*rep,ticket); + free(*rep); + *rep = NULL; } return retval; } @@ -434,18 +435,18 @@ krb5_error_code decode_krb5_ap_rep(const krb5_data *code, krb5_ap_rep **rep) check_apptag(15); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_AP_REP) clean_return(KRB5_BADMSGTYPE); #endif - } - get_field((*rep)->enc_part,2,asn1_decode_encrypted_data); - end_structure(); - (*rep)->magic = KV5M_AP_REP; + } + get_field((*rep)->enc_part,2,asn1_decode_encrypted_data); + end_structure(); + (*rep)->magic = KV5M_AP_REP; } cleanup(free); } @@ -458,20 +459,20 @@ krb5_error_code decode_krb5_ap_rep_enc_part(const krb5_data *code, krb5_ap_rep_e check_apptag(27); { begin_structure(); - get_field((*rep)->ctime,0,asn1_decode_kerberos_time); - get_field((*rep)->cusec,1,asn1_decode_int32); - if (tagnum == 2) { alloc_field((*rep)->subkey,krb5_keyblock); } - opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key); - opt_field((*rep)->seq_number,3,asn1_decode_seqnum); - end_structure(); - (*rep)->magic = KV5M_AP_REP_ENC_PART; + get_field((*rep)->ctime,0,asn1_decode_kerberos_time); + get_field((*rep)->cusec,1,asn1_decode_int32); + if (tagnum == 2) { alloc_field((*rep)->subkey,krb5_keyblock); } + opt_field(*((*rep)->subkey),2,asn1_decode_encryption_key); + opt_field((*rep)->seq_number,3,asn1_decode_seqnum); + end_structure(); + (*rep)->magic = KV5M_AP_REP_ENC_PART; } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,subkey); - free(*rep); - *rep = NULL; + free_field(*rep,subkey); + free(*rep); + *rep = NULL; } return retval; } @@ -487,7 +488,7 @@ krb5_error_code decode_krb5_as_req(const krb5_data *code, krb5_kdc_req **rep) #ifdef KRB5_MSGTYPE_STRICT if ((*rep)->msg_type != KRB5_AS_REQ) clean_return(KRB5_BADMSGTYPE); #endif - + cleanup(free); } @@ -502,7 +503,7 @@ krb5_error_code decode_krb5_tgs_req(const krb5_data *code, krb5_kdc_req **rep) #ifdef KRB5_MSGTYPE_STRICT if ((*rep)->msg_type != KRB5_TGS_REQ) clean_return(KRB5_BADMSGTYPE); #endif - + cleanup(free); } @@ -544,41 +545,41 @@ krb5_error_code decode_krb5_safe_with_body( check_apptag(20); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_SAFE) clean_return(KRB5_BADMSGTYPE); #endif - } - /* - * Gross kludge to extract pointer to encoded safe-body. Relies - * on tag prefetch done by next_tag(). Don't handle indefinite - * encoding, as it's too much work. - */ - if (!indef) { - tmpbody.length = taglen; - tmpbody.data = subbuf.next; - } else { - tmpbody.length = 0; - tmpbody.data = NULL; - } - get_field(**rep,2,asn1_decode_krb_safe_body); - alloc_field((*rep)->checksum,krb5_checksum); - get_field(*((*rep)->checksum),3,asn1_decode_checksum); - (*rep)->magic = KV5M_SAFE; - end_structure(); + } + /* + * Gross kludge to extract pointer to encoded safe-body. Relies + * on tag prefetch done by next_tag(). Don't handle indefinite + * encoding, as it's too much work. + */ + if (!indef) { + tmpbody.length = taglen; + tmpbody.data = subbuf.next; + } else { + tmpbody.length = 0; + tmpbody.data = NULL; + } + get_field(**rep,2,asn1_decode_krb_safe_body); + alloc_field((*rep)->checksum,krb5_checksum); + get_field(*((*rep)->checksum),3,asn1_decode_checksum); + (*rep)->magic = KV5M_SAFE; + end_structure(); } if (body != NULL) - *body = tmpbody; + *body = tmpbody; cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,checksum); - free(*rep); - *rep = NULL; + free_field(*rep,checksum); + free(*rep); + *rep = NULL; } return retval; } @@ -595,18 +596,18 @@ krb5_error_code decode_krb5_priv(const krb5_data *code, krb5_priv **rep) check_apptag(21); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_PRIV) clean_return(KRB5_BADMSGTYPE); #endif - } - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_PRIV; - end_structure(); + } + get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); + (*rep)->magic = KV5M_PRIV; + end_structure(); } cleanup(free); } @@ -620,24 +621,24 @@ krb5_error_code decode_krb5_enc_priv_part(const krb5_data *code, krb5_priv_enc_p check_apptag(28); { begin_structure(); - get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring); - opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time); - opt_field((*rep)->usec,2,asn1_decode_int32); - opt_field((*rep)->seq_number,3,asn1_decode_seqnum); - alloc_field((*rep)->s_address,krb5_address); - get_field(*((*rep)->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } - opt_field(*((*rep)->r_address),5,asn1_decode_host_address); - (*rep)->magic = KV5M_PRIV_ENC_PART; - end_structure(); + get_lenfield((*rep)->user_data.length,(*rep)->user_data.data,0,asn1_decode_charstring); + opt_field((*rep)->timestamp,1,asn1_decode_kerberos_time); + opt_field((*rep)->usec,2,asn1_decode_int32); + opt_field((*rep)->seq_number,3,asn1_decode_seqnum); + alloc_field((*rep)->s_address,krb5_address); + get_field(*((*rep)->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } + opt_field(*((*rep)->r_address),5,asn1_decode_host_address); + (*rep)->magic = KV5M_PRIV_ENC_PART; + end_structure(); } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,r_address); - free_field(*rep,s_address); - free(*rep); - *rep = NULL; + free_field(*rep,r_address); + free_field(*rep,s_address); + free(*rep); + *rep = NULL; } return retval; } @@ -649,19 +650,19 @@ krb5_error_code decode_krb5_cred(const krb5_data *code, krb5_cred **rep) check_apptag(22); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_CRED) clean_return(KRB5_BADMSGTYPE); #endif - } - get_field((*rep)->tickets,2,asn1_decode_sequence_of_ticket); - get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); - (*rep)->magic = KV5M_CRED; - end_structure(); + } + get_field((*rep)->tickets,2,asn1_decode_sequence_of_ticket); + get_field((*rep)->enc_part,3,asn1_decode_encrypted_data); + (*rep)->magic = KV5M_CRED; + end_structure(); } cleanup(free); } @@ -675,24 +676,24 @@ krb5_error_code decode_krb5_enc_cred_part(const krb5_data *code, krb5_cred_enc_p check_apptag(29); { begin_structure(); - get_field((*rep)->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); - opt_field((*rep)->nonce,1,asn1_decode_int32); - opt_field((*rep)->timestamp,2,asn1_decode_kerberos_time); - opt_field((*rep)->usec,3,asn1_decode_int32); - if (tagnum == 4) { alloc_field((*rep)->s_address,krb5_address); } - opt_field(*((*rep)->s_address),4,asn1_decode_host_address); - if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } - opt_field(*((*rep)->r_address),5,asn1_decode_host_address); - (*rep)->magic = KV5M_CRED_ENC_PART; - end_structure(); + get_field((*rep)->ticket_info,0,asn1_decode_sequence_of_krb_cred_info); + opt_field((*rep)->nonce,1,asn1_decode_int32); + opt_field((*rep)->timestamp,2,asn1_decode_kerberos_time); + opt_field((*rep)->usec,3,asn1_decode_int32); + if (tagnum == 4) { alloc_field((*rep)->s_address,krb5_address); } + opt_field(*((*rep)->s_address),4,asn1_decode_host_address); + if (tagnum == 5) { alloc_field((*rep)->r_address,krb5_address); } + opt_field(*((*rep)->r_address),5,asn1_decode_host_address); + (*rep)->magic = KV5M_CRED_ENC_PART; + end_structure(); } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,r_address); - free_field(*rep,s_address); - free(*rep); - *rep = NULL; + free_field(*rep,r_address); + free_field(*rep,s_address); + free(*rep); + *rep = NULL; } return retval; } @@ -704,41 +705,41 @@ krb5_error_code decode_krb5_error(const krb5_data *code, krb5_error **rep) alloc_field(*rep,krb5_error); clear_field(rep,server); clear_field(rep,client); - + check_apptag(30); { begin_structure(); - { krb5_kvno kvno; - get_field(kvno,0,asn1_decode_kvno); - if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } - { krb5_msgtype msg_type; - get_field(msg_type,1,asn1_decode_msgtype); + { krb5_kvno kvno; + get_field(kvno,0,asn1_decode_kvno); + if (kvno != KVNO) clean_return(KRB5KDC_ERR_BAD_PVNO); } + { krb5_msgtype msg_type; + get_field(msg_type,1,asn1_decode_msgtype); #ifdef KRB5_MSGTYPE_STRICT - if (msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE); + if (msg_type != KRB5_ERROR) clean_return(KRB5_BADMSGTYPE); #endif - } - opt_field((*rep)->ctime,2,asn1_decode_kerberos_time); - opt_field((*rep)->cusec,3,asn1_decode_int32); - get_field((*rep)->stime,4,asn1_decode_kerberos_time); - get_field((*rep)->susec,5,asn1_decode_int32); - get_field((*rep)->error,6,asn1_decode_ui_4); - if (tagnum == 7) { alloc_field((*rep)->client,krb5_principal_data); } - opt_field((*rep)->client,7,asn1_decode_realm); - opt_field((*rep)->client,8,asn1_decode_principal_name); - alloc_field((*rep)->server,krb5_principal_data); - get_field((*rep)->server,9,asn1_decode_realm); - get_field((*rep)->server,10,asn1_decode_principal_name); - opt_lenfield((*rep)->text.length,(*rep)->text.data,11,asn1_decode_generalstring); - opt_lenfield((*rep)->e_data.length,(*rep)->e_data.data,12,asn1_decode_charstring); - (*rep)->magic = KV5M_ERROR; - end_structure(); + } + opt_field((*rep)->ctime,2,asn1_decode_kerberos_time); + opt_field((*rep)->cusec,3,asn1_decode_int32); + get_field((*rep)->stime,4,asn1_decode_kerberos_time); + get_field((*rep)->susec,5,asn1_decode_int32); + get_field((*rep)->error,6,asn1_decode_ui_4); + if (tagnum == 7) { alloc_field((*rep)->client,krb5_principal_data); } + opt_field((*rep)->client,7,asn1_decode_realm); + opt_field((*rep)->client,8,asn1_decode_principal_name); + alloc_field((*rep)->server,krb5_principal_data); + get_field((*rep)->server,9,asn1_decode_realm); + get_field((*rep)->server,10,asn1_decode_principal_name); + opt_lenfield((*rep)->text.length,(*rep)->text.data,11,asn1_decode_generalstring); + opt_lenfield((*rep)->e_data.length,(*rep)->e_data.data,12,asn1_decode_charstring); + (*rep)->magic = KV5M_ERROR; + end_structure(); } cleanup_manual(); error_out: if (rep && *rep) { - free_field(*rep,server); - free_field(*rep,client); - free(*rep); - *rep = NULL; + free_field(*rep,server); + free_field(*rep,client); + free(*rep); + *rep = NULL; } return retval; } @@ -749,7 +750,7 @@ krb5_error_code decode_krb5_authdata(const krb5_data *code, krb5_authdata ***rep *rep = 0; retval = asn1_decode_authorization_data(&buf,rep); if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here... */ + cleanup_none(); /* we're not allocating anything here... */ } krb5_error_code decode_krb5_pwd_sequence(const krb5_data *code, passwd_phrase_element **rep) @@ -766,10 +767,10 @@ krb5_error_code decode_krb5_pwd_data(const krb5_data *code, krb5_pwd_data **rep) setup(); alloc_field(*rep,krb5_pwd_data); { begin_structure(); - get_field((*rep)->sequence_count,0,asn1_decode_int); - get_field((*rep)->element,1,asn1_decode_sequence_of_passwdsequence); - (*rep)->magic = KV5M_PWD_DATA; - end_structure (); } + get_field((*rep)->sequence_count,0,asn1_decode_int); + get_field((*rep)->element,1,asn1_decode_sequence_of_passwdsequence); + (*rep)->magic = KV5M_PWD_DATA; + end_structure (); } cleanup(free); } @@ -779,7 +780,7 @@ krb5_error_code decode_krb5_padata_sequence(const krb5_data *code, krb5_pa_data *rep = 0; retval = asn1_decode_sequence_of_pa_data(&buf,rep); if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ + cleanup_none(); /* we're not allocating anything here */ } krb5_error_code decode_krb5_alt_method(const krb5_data *code, krb5_alt_method **rep) @@ -787,15 +788,15 @@ krb5_error_code decode_krb5_alt_method(const krb5_data *code, krb5_alt_method ** setup(); alloc_field(*rep,krb5_alt_method); { begin_structure(); - get_field((*rep)->method,0,asn1_decode_int32); - if (tagnum == 1) { - get_lenfield((*rep)->length,(*rep)->data,1,asn1_decode_octetstring); - } else { - (*rep)->length = 0; - (*rep)->data = 0; - } - (*rep)->magic = KV5M_ALT_METHOD; - end_structure(); + get_field((*rep)->method,0,asn1_decode_int32); + if (tagnum == 1) { + get_lenfield((*rep)->length,(*rep)->data,1,asn1_decode_octetstring); + } else { + (*rep)->length = 0; + (*rep)->data = 0; + } + (*rep)->magic = KV5M_ALT_METHOD; + end_structure(); } cleanup(free); } @@ -806,7 +807,7 @@ krb5_error_code decode_krb5_etype_info(const krb5_data *code, krb5_etype_info_en *rep = 0; retval = asn1_decode_etype_info(&buf,rep); if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ + cleanup_none(); /* we're not allocating anything here */ } krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_entry ***rep) @@ -815,12 +816,12 @@ krb5_error_code decode_krb5_etype_info2(const krb5_data *code, krb5_etype_info_e *rep = 0; retval = asn1_decode_etype_info2(&buf,rep, 0); if (retval == ASN1_BAD_ID) { - retval = asn1buf_wrap_data(&buf,code); - if (retval) clean_return(retval); - retval = asn1_decode_etype_info2(&buf, rep, 1); + retval = asn1buf_wrap_data(&buf,code); + if (retval) clean_return(retval); + retval = asn1_decode_etype_info2(&buf, rep, 1); } if (retval) clean_return(retval); - cleanup_none(); /* we're not allocating anything here */ + cleanup_none(); /* we're not allocating anything here */ } @@ -840,12 +841,12 @@ krb5_error_code decode_krb5_pa_enc_ts(const krb5_data *code, krb5_pa_enc_ts **re setup(); alloc_field(*rep,krb5_pa_enc_ts); { begin_structure(); - get_field((*rep)->patimestamp,0,asn1_decode_kerberos_time); - if (tagnum == 1) { - get_field((*rep)->pausec,1,asn1_decode_int32); - } else - (*rep)->pausec = 0; - end_structure (); } + get_field((*rep)->patimestamp,0,asn1_decode_kerberos_time); + if (tagnum == 1) { + get_field((*rep)->pausec,1,asn1_decode_int32); + } else + (*rep)->pausec = 0; + end_structure (); } cleanup(free); } @@ -939,7 +940,7 @@ krb5_error_code decode_krb5_sam_response_2(const krb5_data *code, krb5_sam_respo krb5_error_code decode_krb5_predicted_sam_response(const krb5_data *code, krb5_predicted_sam_response **rep) { - setup_buf_only(); /* preallocated */ + setup_buf_only(); /* preallocated */ alloc_field(*rep,krb5_predicted_sam_response); retval = asn1_decode_predicted_sam_response(&buf,*rep); @@ -1026,7 +1027,7 @@ krb5_error_code decode_krb5_kdc_dh_key_info(const krb5_data *code, krb5_kdc_dh_k cleanup(free); } -krb5_error_code decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **rep) +krb5_error_code decode_krb5_principal_name(const krb5_data *code, krb5_principal_data **rep) { setup_buf_only(); alloc_field(*rep, krb5_principal_data); @@ -1044,15 +1045,15 @@ krb5_error_code decode_krb5_reply_key_pack(const krb5_data *code, krb5_reply_key retval = asn1_decode_reply_key_pack(&buf, *rep); if (retval) - goto error_out; + goto error_out; cleanup_manual(); error_out: if (rep && *rep) { - free((*rep)->replyKey.contents); - free((*rep)->asChecksum.contents); - free(*rep); - *rep = NULL; + free((*rep)->replyKey.contents); + free((*rep)->asChecksum.contents); + free(*rep); + *rep = NULL; } return retval; } diff --git a/src/lib/krb5/asn.1/krb5_encode.c b/src/lib/krb5/asn.1/krb5_encode.c index d61201787..7efbbae9f 100644 --- a/src/lib/krb5/asn.1/krb5_encode.c +++ b/src/lib/krb5/asn.1/krb5_encode.c @@ -1,6 +1,7 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* * src/lib/krb5/asn.1/krb5_encode.c - * + * * Copyright 1994, 2008 by the Massachusetts Institute of Technology. * All Rights Reserved. * @@ -8,7 +9,7 @@ * require a specific license from the United States Government. * It is the responsibility of any person or organization contemplating * export to obtain such a license before exporting. - * + * * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and * distribute this software and its documentation for any purpose and * without fee is hereby granted, provided that the above copyright @@ -51,7 +52,7 @@ krb5_addfield(rep->field_i, i, asn1_type); /* for string fields (these encoders take an additional argument, - the length of the string) */ + the length of the string) */ addlenfield(rep->field_length, rep->field, i-1, asn1_type); /* if you really have to do things yourself... */ @@ -59,8 +60,8 @@ if (retval) return retval; sum += length; retval = asn1_make_etag(buf, - [UNIVERSAL/APPLICATION/CONTEXT_SPECIFIC/PRIVATE], - tag_number, length, &length); + [UNIVERSAL/APPLICATION/CONTEXT_SPECIFIC/PRIVATE], + tag_number, length, &length); if (retval) return retval; sum += length; @@ -88,7 +89,7 @@ \ retval = asn1buf_create(&buf);\ if (retval) return retval - + /* krb5_addfield -- add a field, or component, to the encoding */ #define krb5_addfield(value,tag,encoder)\ { retval = encoder(buf,value,&length);\ @@ -147,48 +148,48 @@ krb5_error_code encode_krb5_authenticator(const krb5_authenticator *rep, krb5_da { krb5_setup(); - /* authorization-data[8] AuthorizationData OPTIONAL */ + /* authorization-data[8] AuthorizationData OPTIONAL */ if (rep->authorization_data != NULL && - rep->authorization_data[0] != NULL) { - retval = asn1_encode_authorization_data(buf, (const krb5_authdata **) - rep->authorization_data, - &length); - if (retval) { - asn1buf_destroy(&buf); - return retval; } - sum += length; - retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,8,length,&length); - if (retval) { - asn1buf_destroy(&buf); - return retval; } - sum += length; + rep->authorization_data[0] != NULL) { + retval = asn1_encode_authorization_data(buf, (const krb5_authdata **) + rep->authorization_data, + &length); + if (retval) { + asn1buf_destroy(&buf); + return retval; } + sum += length; + retval = asn1_make_etag(buf,CONTEXT_SPECIFIC,8,length,&length); + if (retval) { + asn1buf_destroy(&buf); + return retval; } + sum += length; } - /* seq-number[7] INTEGER OPTIONAL */ + /* seq-number[7] INTEGER OPTIONAL */ if (rep->seq_number != 0) - krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer); + krb5_addfield(rep->seq_number,7,asn1_encode_unsigned_integer); - /* subkey[6] EncryptionKey OPTIONAL */ + /* subkey[6] EncryptionKey OPTIONAL */ if (rep->subkey != NULL) - krb5_addfield(rep->subkey,6,asn1_encode_encryption_key); + krb5_addfield(rep->subkey,6,asn1_encode_encryption_key); - /* ctime[5] KerberosTime */ + /* ctime[5] KerberosTime */ krb5_addfield(rep->ctime,5,asn1_encode_kerberos_time); - /* cusec[4] INTEGER */ + /* cusec[4] INTEGER */ krb5_addfield(rep->cusec,4,asn1_encode_integer); - /* cksum[3] Checksum OPTIONAL */ + /* cksum[3] Checksum OPTIONAL */ if (rep->checksum != NULL) - krb5_addfield(rep->checksum,3,asn1_encode_checksum); + krb5_addfield(rep->checksum,3,asn1_encode_checksum); - /* cname[2] PrincipalName */ + /* cname[2] PrincipalName */ krb5_addfield(rep->client,2,asn1_encode_principal_name); - /* crealm[1] Realm */ + /* crealm[1] Realm */ krb5_addfield(rep->client,1,asn1_encode_realm); - /* authenticator-vno[0] INTEGER */ + /* authenticator-vno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* Authenticator ::= [APPLICATION 2] SEQUENCE */ @@ -202,16 +203,16 @@ krb5_error_code encode_krb5_ticket(const krb5_ticket *rep, krb5_data **code) { krb5_setup(); - /* enc-part[3] EncryptedData */ + /* enc-part[3] EncryptedData */ krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - /* sname [2] PrincipalName */ + /* sname [2] PrincipalName */ krb5_addfield(rep->server,2,asn1_encode_principal_name); - /* realm [1] Realm */ + /* realm [1] Realm */ krb5_addfield(rep->server,1,asn1_encode_realm); - /* tkt-vno [0] INTEGER */ + /* tkt-vno [0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* Ticket ::= [APPLICATION 1] SEQUENCE */ @@ -225,10 +226,10 @@ krb5_error_code encode_krb5_encryption_key(const krb5_keyblock *rep, krb5_data * { krb5_setup(); - /* keyvalue[1] OCTET STRING */ + /* keyvalue[1] OCTET STRING */ krb5_addlenfield(rep->length,rep->contents,1,asn1_encode_octetstring); - /* enctype[0] INTEGER */ + /* enctype[0] INTEGER */ krb5_addfield(rep->enctype,0,asn1_encode_integer); /* EncryptionKey ::= SEQUENCE */ @@ -241,43 +242,43 @@ krb5_error_code encode_krb5_enc_tkt_part(const krb5_enc_tkt_part *rep, krb5_data { krb5_setup(); - /* authorization-data[10] AuthorizationData OPTIONAL */ + /* authorization-data[10] AuthorizationData OPTIONAL */ if (rep->authorization_data != NULL && - rep->authorization_data[0] != NULL) - krb5_addfield((const krb5_authdata**)rep->authorization_data, - 10,asn1_encode_authorization_data); + rep->authorization_data[0] != NULL) + krb5_addfield((const krb5_authdata**)rep->authorization_data, + 10,asn1_encode_authorization_data); - /* caddr[9] HostAddresses OPTIONAL */ + /* caddr[9] HostAddresses OPTIONAL */ if (rep->caddrs != NULL && rep->caddrs[0] != NULL) - krb5_addfield((const krb5_address**)rep->caddrs,9,asn1_encode_host_addresses); + krb5_addfield((const krb5_address**)rep->caddrs,9,asn1_encode_host_addresses); - /* renew-till[8] KerberosTime OPTIONAL */ + /* renew-till[8] KerberosTime OPTIONAL */ if (rep->times.renew_till) - krb5_addfield(rep->times.renew_till,8,asn1_encode_kerberos_time); + krb5_addfield(rep->times.renew_till,8,asn1_encode_kerberos_time); - /* endtime[7] KerberosTime */ + /* endtime[7] KerberosTime */ krb5_addfield(rep->times.endtime,7,asn1_encode_kerberos_time); - /* starttime[6] KerberosTime OPTIONAL */ + /* starttime[6] KerberosTime OPTIONAL */ if (rep->times.starttime) - krb5_addfield(rep->times.starttime,6,asn1_encode_kerberos_time); + krb5_addfield(rep->times.starttime,6,asn1_encode_kerberos_time); - /* authtime[5] KerberosTime */ + /* authtime[5] KerberosTime */ krb5_addfield(rep->times.authtime,5,asn1_encode_kerberos_time); - /* transited[4] TransitedEncoding */ + /* transited[4] TransitedEncoding */ krb5_addfield(&(rep->transited),4,asn1_encode_transited_encoding); - /* cname[3] PrincipalName */ + /* cname[3] PrincipalName */ krb5_addfield(rep->client,3,asn1_encode_principal_name); - /* crealm[2] Realm */ + /* crealm[2] Realm */ krb5_addfield(rep->client,2,asn1_encode_realm); - /* key[1] EncryptionKey */ + /* key[1] EncryptionKey */ krb5_addfield(rep->session,1,asn1_encode_encryption_key); - /* flags[0] TicketFlags */ + /* flags[0] TicketFlags */ krb5_addfield(rep->flags,0,asn1_encode_ticket_flags); /* EncTicketPart ::= [APPLICATION 3] SEQUENCE */ @@ -313,7 +314,7 @@ krb5_error_code encode_krb5_enc_kdc_rep_part(const krb5_enc_kdc_rep_part *rep, k krb5_cleanup(); } -/* yes, the translation is identical to that used for KDC__REP */ +/* yes, the translation is identical to that used for KDC__REP */ krb5_error_code encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code) { krb5_setup(); @@ -328,7 +329,7 @@ krb5_error_code encode_krb5_as_rep(const krb5_kdc_rep *rep, krb5_data **code) krb5_cleanup(); } -/* yes, the translation is identical to that used for KDC__REP */ +/* yes, the translation is identical to that used for KDC__REP */ krb5_error_code encode_krb5_tgs_rep(const krb5_kdc_rep *rep, krb5_data **code) { krb5_setup(); @@ -347,22 +348,22 @@ krb5_error_code encode_krb5_ap_req(const krb5_ap_req *rep, krb5_data **code) { krb5_setup(); - /* authenticator[4] EncryptedData */ + /* authenticator[4] EncryptedData */ krb5_addfield(&(rep->authenticator),4,asn1_encode_encrypted_data); - /* ticket[3] Ticket */ + /* ticket[3] Ticket */ krb5_addfield(rep->ticket,3,asn1_encode_ticket); - /* ap-options[2] APOptions */ + /* ap-options[2] APOptions */ krb5_addfield(rep->ap_options,2,asn1_encode_ap_options); - /* msg-type[1] INTEGER */ + /* msg-type[1] INTEGER */ krb5_addfield(ASN1_KRB_AP_REQ,1,asn1_encode_integer); - /* pvno[0] INTEGER */ + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); - /* AP-REQ ::= [APPLICATION 14] SEQUENCE */ + /* AP-REQ ::= [APPLICATION 14] SEQUENCE */ krb5_makeseq(); krb5_apptag(14); @@ -373,19 +374,19 @@ krb5_error_code encode_krb5_ap_rep(const krb5_ap_rep *rep, krb5_data **code) { krb5_setup(); - /* enc-part[2] EncryptedData */ + /* enc-part[2] EncryptedData */ krb5_addfield(&(rep->enc_part),2,asn1_encode_encrypted_data); - - /* msg-type[1] INTEGER */ + + /* msg-type[1] INTEGER */ krb5_addfield(ASN1_KRB_AP_REP,1,asn1_encode_integer); - - /* pvno[0] INTEGER */ + + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); - - /* AP-REP ::= [APPLICATION 15] SEQUENCE */ + + /* AP-REP ::= [APPLICATION 15] SEQUENCE */ krb5_makeseq(); krb5_apptag(15); - + krb5_cleanup(); } @@ -394,18 +395,18 @@ krb5_error_code encode_krb5_ap_rep_enc_part(const krb5_ap_rep_enc_part *rep, krb { krb5_setup(); - /* seq-number[3] INTEGER OPTIONAL */ + /* seq-number[3] INTEGER OPTIONAL */ if (rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); + krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); - /* subkey[2] EncryptionKey OPTIONAL */ + /* subkey[2] EncryptionKey OPTIONAL */ if (rep->subkey != NULL) - krb5_addfield(rep->subkey,2,asn1_encode_encryption_key); + krb5_addfield(rep->subkey,2,asn1_encode_encryption_key); - /* cusec[1] INTEGER */ + /* cusec[1] INTEGER */ krb5_addfield(rep->cusec,1,asn1_encode_integer); - /* ctime[0] KerberosTime */ + /* ctime[0] KerberosTime */ krb5_addfield(rep->ctime,0,asn1_encode_kerberos_time); /* EncAPRepPart ::= [APPLICATION 27] SEQUENCE */ @@ -459,16 +460,16 @@ krb5_error_code encode_krb5_safe(const krb5_safe *rep, krb5_data **code) { krb5_setup(); - /* cksum[3] Checksum */ + /* cksum[3] Checksum */ krb5_addfield(rep->checksum,3,asn1_encode_checksum); - /* safe-body[2] KRB-SAFE-BODY */ + /* safe-body[2] KRB-SAFE-BODY */ krb5_addfield(rep,2,asn1_encode_krb_safe_body); - /* msg-type[1] INTEGER */ + /* msg-type[1] INTEGER */ krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); - /* pvno[0] INTEGER */ + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ @@ -492,20 +493,20 @@ krb5_error_code encode_krb5_safe_with_body( krb5_setup(); if (body == NULL) { - asn1buf_destroy(&buf); - return ASN1_MISSING_FIELD; + asn1buf_destroy(&buf); + return ASN1_MISSING_FIELD; } - /* cksum[3] Checksum */ + /* cksum[3] Checksum */ krb5_addfield(rep->checksum,3,asn1_encode_checksum); - /* safe-body[2] KRB-SAFE-BODY */ + /* safe-body[2] KRB-SAFE-BODY */ krb5_addfield(body,2,asn1_encode_krb_saved_safe_body); - /* msg-type[1] INTEGER */ + /* msg-type[1] INTEGER */ krb5_addfield(ASN1_KRB_SAFE,1,asn1_encode_integer); - /* pvno[0] INTEGER */ + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* KRB-SAFE ::= [APPLICATION 20] SEQUENCE */ @@ -519,13 +520,13 @@ krb5_error_code encode_krb5_priv(const krb5_priv *rep, krb5_data **code) { krb5_setup(); - /* enc-part[3] EncryptedData */ + /* enc-part[3] EncryptedData */ krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - /* msg-type[1] INTEGER */ + /* msg-type[1] INTEGER */ krb5_addfield(ASN1_KRB_PRIV,1,asn1_encode_integer); - /* pvno[0] INTEGER */ + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* KRB-PRIV ::= [APPLICATION 21] SEQUENCE */ @@ -539,25 +540,25 @@ krb5_error_code encode_krb5_enc_priv_part(const krb5_priv_enc_part *rep, krb5_da { krb5_setup(); - /* r-address[5] HostAddress OPTIONAL -- recip's addr */ + /* r-address[5] HostAddress OPTIONAL -- recip's addr */ if (rep->r_address) - krb5_addfield(rep->r_address,5,asn1_encode_host_address); + krb5_addfield(rep->r_address,5,asn1_encode_host_address); - /* s-address[4] HostAddress -- sender's addr */ + /* s-address[4] HostAddress -- sender's addr */ krb5_addfield(rep->s_address,4,asn1_encode_host_address); - /* seq-number[3] INTEGER OPTIONAL */ + /* seq-number[3] INTEGER OPTIONAL */ if (rep->seq_number) - krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); + krb5_addfield(rep->seq_number,3,asn1_encode_unsigned_integer); - /* usec[2] INTEGER OPTIONAL */ + /* usec[2] INTEGER OPTIONAL */ if (rep->timestamp) { - krb5_addfield(rep->usec,2,asn1_encode_integer); - /* timestamp[1] KerberosTime OPTIONAL */ - krb5_addfield(rep->timestamp,1,asn1_encode_kerberos_time); + krb5_addfield(rep->usec,2,asn1_encode_integer); + /* timestamp[1] KerberosTime OPTIONAL */ + krb5_addfield(rep->timestamp,1,asn1_encode_kerberos_time); } - /* user-data[0] OCTET STRING */ + /* user-data[0] OCTET STRING */ krb5_addlenfield(rep->user_data.length,rep->user_data.data,0,asn1_encode_charstring); /* EncKrbPrivPart ::= [APPLICATION 28] SEQUENCE */ @@ -571,16 +572,16 @@ krb5_error_code encode_krb5_cred(const krb5_cred *rep, krb5_data **code) { krb5_setup(); - /* enc-part[3] EncryptedData */ + /* enc-part[3] EncryptedData */ krb5_addfield(&(rep->enc_part),3,asn1_encode_encrypted_data); - /* tickets[2] SEQUENCE OF Ticket */ + /* tickets[2] SEQUENCE OF Ticket */ krb5_addfield((const krb5_ticket**)rep->tickets,2,asn1_encode_sequence_of_ticket); - /* msg-type[1] INTEGER, -- KRB_CRED */ + /* msg-type[1] INTEGER, -- KRB_CRED */ krb5_addfield(ASN1_KRB_CRED,1,asn1_encode_integer); - /* pvno[0] INTEGER */ + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* KRB-CRED ::= [APPLICATION 22] SEQUENCE */ @@ -594,28 +595,28 @@ krb5_error_code encode_krb5_enc_cred_part(const krb5_cred_enc_part *rep, krb5_da { krb5_setup(); - /* r-address[5] HostAddress OPTIONAL */ + /* r-address[5] HostAddress OPTIONAL */ if (rep->r_address != NULL) - krb5_addfield(rep->r_address,5,asn1_encode_host_address); + krb5_addfield(rep->r_address,5,asn1_encode_host_address); - /* s-address[4] HostAddress OPTIONAL */ + /* s-address[4] HostAddress OPTIONAL */ if (rep->s_address != NULL) - krb5_addfield(rep->s_address,4,asn1_encode_host_address); + krb5_addfield(rep->s_address,4,asn1_encode_host_address); - /* usec[3] INTEGER OPTIONAL */ + /* usec[3] INTEGER OPTIONAL */ if (rep->timestamp) { - krb5_addfield(rep->usec,3,asn1_encode_integer); - /* timestamp[2] KerberosTime OPTIONAL */ - krb5_addfield(rep->timestamp,2,asn1_encode_kerberos_time); + krb5_addfield(rep->usec,3,asn1_encode_integer); + /* timestamp[2] KerberosTime OPTIONAL */ + krb5_addfield(rep->timestamp,2,asn1_encode_kerberos_time); } - /* nonce[1] INTEGER OPTIONAL */ + /* nonce[1] INTEGER OPTIONAL */ if (rep->nonce) - krb5_addfield(rep->nonce,1,asn1_encode_integer); + krb5_addfield(rep->nonce,1,asn1_encode_integer); - /* ticket-info[0] SEQUENCE OF KrbCredInfo */ + /* ticket-info[0] SEQUENCE OF KrbCredInfo */ krb5_addfield((const krb5_cred_info**)rep->ticket_info, - 0,asn1_encode_sequence_of_krb_cred_info); + 0,asn1_encode_sequence_of_krb_cred_info); /* EncKrbCredPart ::= [APPLICATION 29] SEQUENCE */ krb5_makeseq(); @@ -628,48 +629,48 @@ krb5_error_code encode_krb5_error(const krb5_error *rep, krb5_data **code) { krb5_setup(); - /* e-data[12] OCTET STRING OPTIONAL */ + /* e-data[12] OCTET STRING OPTIONAL */ if (rep->e_data.data != NULL && rep->e_data.length > 0) - krb5_addlenfield(rep->e_data.length,rep->e_data.data,12,asn1_encode_charstring); + krb5_addlenfield(rep->e_data.length,rep->e_data.data,12,asn1_encode_charstring); - /* e-text[11] GeneralString OPTIONAL */ + /* e-text[11] GeneralString OPTIONAL */ if (rep->text.data != NULL && rep->text.length > 0) - krb5_addlenfield(rep->text.length,rep->text.data,11,asn1_encode_generalstring); + krb5_addlenfield(rep->text.length,rep->text.data,11,asn1_encode_generalstring); - /* sname[10] PrincipalName -- Correct name */ + /* sname[10] PrincipalName -- Correct name */ krb5_addfield(rep->server,10,asn1_encode_principal_name); - /* realm[9] Realm -- Correct realm */ + /* realm[9] Realm -- Correct realm */ krb5_addfield(rep->server,9,asn1_encode_realm); - /* cname[8] PrincipalName OPTIONAL */ + /* cname[8] PrincipalName OPTIONAL */ if (rep->client != NULL) { - krb5_addfield(rep->client,8,asn1_encode_principal_name); - /* crealm[7] Realm OPTIONAL */ - krb5_addfield(rep->client,7,asn1_encode_realm); + krb5_addfield(rep->client,8,asn1_encode_principal_name); + /* crealm[7] Realm OPTIONAL */ + krb5_addfield(rep->client,7,asn1_encode_realm); } - /* error-code[6] INTEGER */ + /* error-code[6] INTEGER */ krb5_addfield(rep->error,6,asn1_encode_ui_4); - /* susec[5] INTEGER */ + /* susec[5] INTEGER */ krb5_addfield(rep->susec,5,asn1_encode_integer); - /* stime[4] KerberosTime */ + /* stime[4] KerberosTime */ krb5_addfield(rep->stime,4,asn1_encode_kerberos_time); - /* cusec[3] INTEGER OPTIONAL */ + /* cusec[3] INTEGER OPTIONAL */ if (rep->cusec) - krb5_addfield(rep->cusec,3,asn1_encode_integer); + krb5_addfield(rep->cusec,3,asn1_encode_integer); - /* ctime[2] KerberosTime OPTIONAL */ + /* ctime[2] KerberosTime OPTIONAL */ if (rep->ctime) - krb5_addfield(rep->ctime,2,asn1_encode_kerberos_time); + krb5_addfield(rep->ctime,2,asn1_encode_kerberos_time); - /* msg-type[1] INTEGER */ + /* msg-type[1] INTEGER */ krb5_addfield(ASN1_KRB_ERROR,1,asn1_encode_integer); - /* pvno[0] INTEGER */ + /* pvno[0] INTEGER */ krb5_addfield(KVNO,0,asn1_encode_integer); /* KRB-ERROR ::= [APPLICATION 30] SEQUENCE */ @@ -684,14 +685,14 @@ krb5_error_code encode_krb5_authdata(const krb5_authdata **rep, krb5_data **code asn1_error_code retval; asn1buf *buf=NULL; unsigned int length; - + if (rep == NULL) return ASN1_MISSING_FIELD; retval = asn1buf_create(&buf); if (retval) return retval; retval = asn1_encode_authorization_data(buf,(const krb5_authdata**)rep, - &length); + &length); if (retval) return retval; krb5_cleanup(); @@ -702,7 +703,7 @@ krb5_error_code encode_krb5_authdata_elt(const krb5_authdata *rep, krb5_data **c asn1_error_code retval; asn1buf *buf=NULL; unsigned int length; - + if (rep == NULL) return ASN1_MISSING_FIELD; retval = asn1buf_create(&buf); @@ -718,11 +719,11 @@ krb5_error_code encode_krb5_alt_method(const krb5_alt_method *rep, krb5_data **c { krb5_setup(); - /* method-data[1] OctetString OPTIONAL */ + /* method-data[1] OctetString OPTIONAL */ if (rep->data != NULL && rep->length > 0) - krb5_addlenfield(rep->length,rep->data,1,asn1_encode_octetstring); + krb5_addlenfield(rep->length,rep->data,1,asn1_encode_octetstring); - /* method-type[0] Integer */ + /* method-type[0] Integer */ krb5_addfield(rep->method,0,asn1_encode_integer); krb5_makeseq(); @@ -747,7 +748,7 @@ krb5_error_code encode_krb5_etype_info2(const krb5_etype_info_entry **rep, krb5_ sum += length; krb5_cleanup(); } - + krb5_error_code encode_krb5_enc_data(const krb5_enc_data *rep, krb5_data **code) { @@ -766,7 +767,7 @@ krb5_error_code encode_krb5_pa_enc_ts(const krb5_pa_enc_ts *rep, krb5_data **cod /* pausec[1] INTEGER OPTIONAL */ if (rep->pausec) - krb5_addfield(rep->pausec,1,asn1_encode_integer); + krb5_addfield(rep->pausec,1,asn1_encode_integer); /* patimestamp[0] KerberosTime, -- client's time */ krb5_addfield(rep->patimestamp,0,asn1_encode_kerberos_time); @@ -889,7 +890,7 @@ krb5_error_code encode_krb5_predicted_sam_response(const krb5_predicted_sam_resp } krb5_error_code encode_krb5_setpw_req(const krb5_principal target, - char *password, krb5_data **code) + char *password, krb5_data **code) { /* Macros really want us to have a variable called rep which we do not need*/ const char *rep = "dummy string"; diff --git a/src/lib/krb5/asn.1/krbasn1.h b/src/lib/krb5/asn.1/krbasn1.h index 7a45298ad..cc41dfdce 100644 --- a/src/lib/krb5/asn.1/krbasn1.h +++ b/src/lib/krb5/asn.1/krbasn1.h @@ -1,10 +1,11 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ #ifndef __KRBASN1_H__ #define __KRBASN1_H__ #include "k5-int.h" #include <stdio.h> #include <errno.h> -#include <limits.h> /* For INT_MAX */ +#include <limits.h> /* For INT_MAX */ #ifdef HAVE_STDLIB_H #include <stdlib.h> #endif @@ -42,7 +43,7 @@ typedef krb5_error_code asn1_error_code; typedef enum { PRIMITIVE = 0x00, CONSTRUCTED = 0x20 } asn1_construction; typedef enum { UNIVERSAL = 0x00, APPLICATION = 0x40, - CONTEXT_SPECIFIC = 0x80, PRIVATE = 0xC0 } asn1_class; + CONTEXT_SPECIFIC = 0x80, PRIVATE = 0xC0 } asn1_class; typedef int asn1_tagnum; #define ASN1_TAGNUM_CEILING INT_MAX @@ -52,30 +53,30 @@ typedef int asn1_tagnum; #define KVNO 5 /* Universal Tag Numbers */ -#define ASN1_INTEGER 2 -#define ASN1_BITSTRING 3 -#define ASN1_OCTETSTRING 4 -#define ASN1_NULL 5 -#define ASN1_OBJECTIDENTIFIER 6 +#define ASN1_INTEGER 2 +#define ASN1_BITSTRING 3 +#define ASN1_OCTETSTRING 4 +#define ASN1_NULL 5 +#define ASN1_OBJECTIDENTIFIER 6 #define ASN1_ENUMERATED 10 -#define ASN1_SEQUENCE 16 -#define ASN1_SET 17 -#define ASN1_PRINTABLESTRING 19 -#define ASN1_IA5STRING 22 -#define ASN1_UTCTIME 23 -#define ASN1_GENERALTIME 24 -#define ASN1_GENERALSTRING 27 +#define ASN1_SEQUENCE 16 +#define ASN1_SET 17 +#define ASN1_PRINTABLESTRING 19 +#define ASN1_IA5STRING 22 +#define ASN1_UTCTIME 23 +#define ASN1_GENERALTIME 24 +#define ASN1_GENERALSTRING 27 /* Kerberos Message Types */ -#define ASN1_KRB_AS_REQ 10 -#define ASN1_KRB_AS_REP 11 -#define ASN1_KRB_TGS_REQ 12 -#define ASN1_KRB_TGS_REP 13 -#define ASN1_KRB_AP_REQ 14 -#define ASN1_KRB_AP_REP 15 -#define ASN1_KRB_SAFE 20 -#define ASN1_KRB_PRIV 21 -#define ASN1_KRB_CRED 22 -#define ASN1_KRB_ERROR 30 +#define ASN1_KRB_AS_REQ 10 +#define ASN1_KRB_AS_REP 11 +#define ASN1_KRB_TGS_REQ 12 +#define ASN1_KRB_TGS_REP 13 +#define ASN1_KRB_AP_REQ 14 +#define ASN1_KRB_AP_REP 15 +#define ASN1_KRB_SAFE 20 +#define ASN1_KRB_PRIV 21 +#define ASN1_KRB_CRED 22 +#define ASN1_KRB_ERROR 30 #endif diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index e18739cb5..7f0355d9f 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -1,3 +1,4 @@ +/* -*- mode: c; indent-tabs-mode: nil -*- */ /* ... copyright ... */ /* Novell key-format scheme: @@ -44,80 +45,80 @@ #define asn1_encode_sequence_of_keys krb5int_ldap_encode_sequence_of_keys #define asn1_decode_sequence_of_keys krb5int_ldap_decode_sequence_of_keys -#define cleanup(err) \ - { \ - ret = err; \ - goto last; \ - } +#define cleanup(err) \ + { \ + ret = err; \ + goto last; \ + } -#define checkerr \ - if (ret != 0) \ - goto last +#define checkerr \ + if (ret != 0) \ + goto last /************************************************************************/ -/* Encode the Principal's keys */ +/* Encode the Principal's keys */ /************************************************************************/ static asn1_error_code asn1_encode_key(asn1buf *buf, - krb5_key_data key_data, - unsigned int *retlen) + krb5_key_data key_data, + unsigned int *retlen) { asn1_error_code ret = 0; unsigned int length, sum = 0; /* Encode the key type and value. */ { - unsigned int key_len = 0; - /* key value */ - ret = asn1_encode_octetstring (buf, - key_data.key_data_length[0], - key_data.key_data_contents[0], - &length); checkerr; - key_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); checkerr; - key_len += length; - /* key type */ - ret = asn1_encode_integer (buf, key_data.key_data_type[0], &length); - checkerr; - key_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; - key_len += length; - - ret = asn1_make_sequence(buf, key_len, &length); checkerr; - key_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, key_len, &length); checkerr; - key_len += length; - - sum += key_len; + unsigned int key_len = 0; + /* key value */ + ret = asn1_encode_octetstring (buf, + key_data.key_data_length[0], + key_data.key_data_contents[0], + &length); checkerr; + key_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); checkerr; + key_len += length; + /* key type */ + ret = asn1_encode_integer (buf, key_data.key_data_type[0], &length); + checkerr; + key_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; + key_len += length; + + ret = asn1_make_sequence(buf, key_len, &length); checkerr; + key_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, key_len, &length); checkerr; + key_len += length; + + sum += key_len; } /* Encode the salt type and value (optional) */ if (key_data.key_data_ver > 1) { - unsigned int salt_len = 0; - /* salt value (optional) */ - if (key_data.key_data_length[1] > 0) { - ret = asn1_encode_octetstring (buf, - key_data.key_data_length[1], - key_data.key_data_contents[1], - &length); checkerr; - salt_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); - checkerr; - salt_len += length; - } - /* salt type */ - ret = asn1_encode_integer (buf, key_data.key_data_type[1], &length); - checkerr; - salt_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; - salt_len += length; - - ret = asn1_make_sequence(buf, salt_len, &length); checkerr; - salt_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, salt_len, &length); checkerr; - salt_len += length; - - sum += salt_len; + unsigned int salt_len = 0; + /* salt value (optional) */ + if (key_data.key_data_length[1] > 0) { + ret = asn1_encode_octetstring (buf, + key_data.key_data_length[1], + key_data.key_data_contents[1], + &length); checkerr; + salt_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 1, length, &length); + checkerr; + salt_len += length; + } + /* salt type */ + ret = asn1_encode_integer (buf, key_data.key_data_type[1], &length); + checkerr; + salt_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, length, &length); checkerr; + salt_len += length; + + ret = asn1_make_sequence(buf, salt_len, &length); checkerr; + salt_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 0, salt_len, &length); checkerr; + salt_len += length; + + sum += salt_len; } ret = asn1_make_sequence(buf, sum, &length); checkerr; @@ -133,9 +134,9 @@ last: /* asn1_error_code asn1_encode_sequence_of_keys (krb5_key_data *key_data, */ krb5_error_code asn1_encode_sequence_of_keys (krb5_key_data *key_data, - krb5_int16 n_key_data, - krb5_int32 mkvno, /* Master key version number */ - krb5_data **code) + krb5_int16 n_key_data, + krb5_int32 mkvno, /* Master key version number */ + krb5_data **code) { asn1_error_code ret = 0; asn1buf *buf = NULL; @@ -152,24 +153,24 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, /* Sequence of keys */ { - int i; - unsigned int seq_len = 0; - - for (i = n_key_data - 1; i >= 0; i--) { - ret = asn1_encode_key (buf, key_data[i], &length); checkerr; - seq_len += length; - } - ret = asn1_make_sequence(buf, seq_len, &length); checkerr; - seq_len += length; - ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 4, seq_len, &length); checkerr; - seq_len += length; - - sum += seq_len; + int i; + unsigned int seq_len = 0; + + for (i = n_key_data - 1; i >= 0; i--) { + ret = asn1_encode_key (buf, key_data[i], &length); checkerr; + seq_len += length; + } + ret = asn1_make_sequence(buf, seq_len, &length); checkerr; + seq_len += length; + ret = asn1_make_etag(buf, CONTEXT_SPECIFIC, 4, seq_len, &length); checkerr; + seq_len += length; + + sum += seq_len; } /* mkvno */ if (mkvno < 0) - cleanup (ASN1_BAD_FORMAT); + cleanup (ASN1_BAD_FORMAT); tmp_ul = (unsigned long)mkvno; ret = asn1_encode_unsigned_integer (buf, tmp_ul, &length); checkerr; sum += length; @@ -178,7 +179,7 @@ asn1_encode_sequence_of_keys (krb5_key_data *key_data, /* kvno (assuming all keys in array have same version) */ if (key_data[0].key_data_kvno < 0) - cleanup (ASN1_BAD_FORMAT); + cleanup (ASN1_BAD_FORMAT); tmp_ul = (unsigned long)key_data[0].key_data_kvno; ret = asn1_encode_unsigned_integer (buf, tmp_ul, &length); checkerr; @@ -208,7 +209,7 @@ last: asn1buf_destroy (&buf); if (ret != 0 && *code != NULL) { - free ((*code)->data); + free ((*code)->data); free (*code); } @@ -216,14 +217,14 @@ last: } /************************************************************************/ -/* Decode the Principal's keys */ +/* Decode the Principal's keys */ /************************************************************************/ -#define safe_syncbuf(outer,inner,buflen) \ - if (! ((inner)->next == (inner)->bound + 1 && \ - (inner)->next == (outer)->next + buflen)) \ - cleanup (ASN1_BAD_LENGTH); \ - asn1buf_sync((outer), (inner), 0, 0, 0, 0, 0); +#define safe_syncbuf(outer,inner,buflen) \ + if (! ((inner)->next == (inner)->bound + 1 && \ + (inner)->next == (outer)->next + buflen)) \ + cleanup (ASN1_BAD_LENGTH); \ + asn1buf_sync((outer), (inner), 0, 0, 0, 0, 0); static asn1_error_code decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val) @@ -237,7 +238,7 @@ decode_tagged_integer (asn1buf *buf, asn1_tagnum expectedtag, long *val) ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr; ret = asn1_get_tag_2(&tmp, &t); checkerr; if (t.tagnum != expectedtag) - cleanup (ASN1_MISSING_FIELD); + cleanup (ASN1_MISSING_FIELD); buflen = t.length; ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; @@ -263,7 +264,7 @@ decode_tagged_unsigned_integer (asn1buf *buf, int expectedtag, unsigned long *va ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr; ret = asn1_get_tag_2(&tmp, &t); checkerr; if (t.tagnum != expectedtag) - cleanup (ASN1_MISSING_FIELD); + cleanup (ASN1_MISSING_FIELD); buflen = t.length; ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; @@ -279,7 +280,7 @@ last: static asn1_error_code decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, int *len, - asn1_octet **val) + asn1_octet **val) { int buflen; asn1_error_code ret = 0; @@ -292,7 +293,7 @@ decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, int *len, ret = asn1buf_imbed(&tmp, buf, 0, 1); checkerr; ret = asn1_get_tag_2(&tmp, &t); checkerr; if (t.tagnum != expectedtag) - cleanup (ASN1_MISSING_FIELD); + cleanup (ASN1_MISSING_FIELD); buflen = t.length; ret = asn1buf_imbed(&subbuf, &tmp, t.length, 0); checkerr; @@ -303,7 +304,7 @@ decode_tagged_octetstring (asn1buf *buf, asn1_tagnum expectedtag, int *len, last: if (ret != 0) - free (*val); + free (*val); return ret; } @@ -325,75 +326,75 @@ static asn1_error_code asn1_decode_key(asn1buf *buf, krb5_key_data *key) asn1_get_tag_2(&subbuf, &t); /* Salt */ if (t.tagnum == 0) { - int salt_buflen; - asn1buf slt; - unsigned long keytype; - int keylen; - - key->key_data_ver = 2; - asn1_get_sequence(&subbuf, &length, &seqindef); - salt_buflen = length; - asn1buf_imbed(&slt, &subbuf, length, seqindef); - - ret = decode_tagged_integer (&slt, 0, &keytype); - key->key_data_type[1] = keytype; /* XXX range check?? */ - checkerr; - - if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */ - ret = decode_tagged_octetstring (&slt, 1, &keylen, - &key->key_data_contents[1]); - checkerr; - } else - keylen = 0; - safe_syncbuf (&subbuf, &slt, salt_buflen); - key->key_data_length[1] = keylen; /* XXX range check?? */ - - ret = asn1_get_tag_2(&subbuf, &t); checkerr; + int salt_buflen; + asn1buf slt; + unsigned long keytype; + int keylen; + + key->key_data_ver = 2; + asn1_get_sequence(&subbuf, &length, &seqindef); + salt_buflen = length; + asn1buf_imbed(&slt, &subbuf, length, seqindef); + + ret = decode_tagged_integer (&slt, 0, &keytype); + key->key_data_type[1] = keytype; /* XXX range check?? */ + checkerr; + + if (asn1buf_remains(&slt, 0) != 0) { /* Salt value is optional */ + ret = decode_tagged_octetstring (&slt, 1, &keylen, + &key->key_data_contents[1]); + checkerr; + } else + keylen = 0; + safe_syncbuf (&subbuf, &slt, salt_buflen); + key->key_data_length[1] = keylen; /* XXX range check?? */ + + ret = asn1_get_tag_2(&subbuf, &t); checkerr; } else - key->key_data_ver = 1; + key->key_data_ver = 1; /* Key */ { - int key_buflen; - asn1buf kbuf; - long lval; - int ival; + int key_buflen; + asn1buf kbuf; + long lval; + int ival; - if (t.tagnum != 1) - cleanup (ASN1_MISSING_FIELD); + if (t.tagnum != 1) + cleanup (ASN1_MISSING_FIELD); - ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; - key_buflen = length; - ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr; + ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; + key_buflen = length; + ret = asn1buf_imbed(&kbuf, &subbuf, length, seqindef); checkerr; - ret = decode_tagged_integer (&kbuf, 0, &lval); - checkerr; - key->key_data_type[0] = lval; /* XXX range check? */ + ret = decode_tagged_integer (&kbuf, 0, &lval); + checkerr; + key->key_data_type[0] = lval; /* XXX range check? */ - ret = decode_tagged_octetstring (&kbuf, 1, &ival, - &key->key_data_contents[0]); checkerr; - key->key_data_length[0] = ival; /* XXX range check? */ + ret = decode_tagged_octetstring (&kbuf, 1, &ival, + &key->key_data_contents[0]); checkerr; + key->key_data_length[0] = ival; /* XXX range check? */ - safe_syncbuf (&subbuf, &kbuf, key_buflen); + safe_syncbuf (&subbuf, &kbuf, key_buflen); } safe_syncbuf (buf, &subbuf, full_buflen); last: if (ret != 0) { - free (key->key_data_contents[0]); - key->key_data_contents[0] = NULL; - free (key->key_data_contents[1]); - key->key_data_contents[1] = NULL; + free (key->key_data_contents[0]); + key->key_data_contents[0] = NULL; + free (key->key_data_contents[1]); + key->key_data_contents[1] = NULL; } return ret; } /* asn1_error_code asn1_decode_sequence_of_keys (krb5_data *in, */ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, - krb5_key_data **out, - krb5_int16 *n_key_data, - int *mkvno) + krb5_key_data **out, + krb5_int16 *n_key_data, + int *mkvno) { asn1_error_code ret; asn1buf buf, subbuf; @@ -413,47 +414,47 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, /* attribute-major-vno */ ret = decode_tagged_integer (&subbuf, 0, &lval); checkerr; - maj = lval; /* XXX range check? */ + maj = lval; /* XXX range check? */ /* attribute-minor-vno */ ret = decode_tagged_integer (&subbuf, 1, &lval); checkerr; - min = lval; /* XXX range check? */ + min = lval; /* XXX range check? */ if (maj != 1 || min != 1) - cleanup (ASN1_BAD_FORMAT); + cleanup (ASN1_BAD_FORMAT); /* kvno (assuming all keys in array have same version) */ ret = decode_tagged_integer (&subbuf, 2, &lval); checkerr; - kvno = lval; /* XXX range check? */ + kvno = lval; /* XXX range check? */ /* mkvno (optional) */ ret = decode_tagged_integer (&subbuf, 3, &lval); checkerr; - *mkvno = lval; /* XXX range check? */ + *mkvno = lval; /* XXX range check? */ ret = asn1_get_tag_2(&subbuf, &t); checkerr; /* Sequence of keys */ { - int i, seq_buflen; - asn1buf keyseq; - if (t.tagnum != 4) - cleanup (ASN1_MISSING_FIELD); - ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; - seq_buflen = length; - ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr; - for (i = 1, *out = NULL; ; i++) { - krb5_key_data *tmp; - tmp = (krb5_key_data *) realloc (*out, i * sizeof (krb5_key_data)); - if (tmp == NULL) - cleanup (ENOMEM); - *out = tmp; - (*out)[i - 1].key_data_kvno = kvno; - ret = asn1_decode_key(&keyseq, &(*out)[i - 1]); checkerr; - (*n_key_data)++; - if (asn1buf_remains(&keyseq, 0) == 0) - break; /* Not freeing the last key structure */ - } - safe_syncbuf (&subbuf, &keyseq, seq_buflen); + int i, seq_buflen; + asn1buf keyseq; + if (t.tagnum != 4) + cleanup (ASN1_MISSING_FIELD); + ret = asn1_get_sequence(&subbuf, &length, &seqindef); checkerr; + seq_buflen = length; + ret = asn1buf_imbed(&keyseq, &subbuf, length, seqindef); checkerr; + for (i = 1, *out = NULL; ; i++) { + krb5_key_data *tmp; + tmp = (krb5_key_data *) realloc (*out, i * sizeof (krb5_key_data)); + if (tmp == NULL) + cleanup (ENOMEM); + *out = tmp; + (*out)[i - 1].key_data_kvno = kvno; + ret = asn1_decode_key(&keyseq, &(*out)[i - 1]); checkerr; + (*n_key_data)++; + if (asn1buf_remains(&keyseq, 0) == 0) + break; /* Not freeing the last key structure */ + } + safe_syncbuf (&subbuf, &keyseq, seq_buflen); } /* @@ -463,13 +464,13 @@ krb5_error_code asn1_decode_sequence_of_keys (krb5_data *in, last: if (ret != 0) { - int i; - for (i = 0; i < *n_key_data; i++) { - free ((*out)[i].key_data_contents[0]); - free ((*out)[i].key_data_contents[1]); - } - free (*out); - *out = NULL; + int i; + for (i = 0; i < *n_key_data; i++) { + free ((*out)[i].key_data_contents[0]); + free ((*out)[i].key_data_contents[1]); + } + free (*out); + *out = NULL; } return ret; |