From c71abc3fd3ec0670d79405550e174349db373f93 Mon Sep 17 00:00:00 2001 From: Sam Berry Date: Fri, 19 Jul 2024 15:11:10 +0100 Subject: [PATCH] Move mbedtls_oid_from_numeric_string to x509_create.c This commit moves the mbedtls_oid_from_numeric_string function definition from oid.c to x509_create.c Signed-off-by: Sam Berry --- library/x509_create.c | 129 ++++++++++++++++++++++++ tf-psa-crypto/drivers/builtin/src/oid.c | 125 ----------------------- 2 files changed, 129 insertions(+), 125 deletions(-) diff --git a/library/x509_create.c b/library/x509_create.c index 839b5df226..e428461a2a 100644 --- a/library/x509_create.c +++ b/library/x509_create.c @@ -278,6 +278,135 @@ error: return MBEDTLS_ERR_X509_INVALID_NAME; } +#if defined(MBEDTLS_OID_C) + +/* Return the OID for the given x.y.z.... style numeric string */ +int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, + const char *oid_str, size_t size) +{ + int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + const char *str_ptr = oid_str; + const char *str_bound = oid_str + size; + unsigned int val = 0; + unsigned int component1, component2; + size_t encoded_len; + unsigned char *resized_mem; + + /* Count the number of dots to get a worst-case allocation size. */ + size_t num_dots = 0; + for (size_t i = 0; i < size; i++) { + if (oid_str[i] == '.') { + num_dots++; + } + } + /* Allocate maximum possible required memory: + * There are (num_dots + 1) integer components, but the first 2 share the + * same subidentifier, so we only need num_dots subidentifiers maximum. */ + if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { + return MBEDTLS_ERR_ASN1_INVALID_DATA; + } + /* Each byte can store 7 bits, calculate number of bytes for a + * subidentifier: + * + * bytes = ceil(subidentifer_size * 8 / 7) + */ + size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) + + 1; + size_t max_possible_bytes = num_dots * bytes_per_subidentifier; + oid->p = mbedtls_calloc(max_possible_bytes, 1); + if (oid->p == NULL) { + return MBEDTLS_ERR_ASN1_ALLOC_FAILED; + } + unsigned char *out_ptr = oid->p; + unsigned char *out_bound = oid->p + max_possible_bytes; + + ret = oid_parse_number(&component1, &str_ptr, str_bound); + if (ret != 0) { + goto error; + } + if (component1 > 2) { + /* First component can't be > 2 */ + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + if (str_ptr >= str_bound || *str_ptr != '.') { + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + str_ptr++; + + ret = oid_parse_number(&component2, &str_ptr, str_bound); + if (ret != 0) { + goto error; + } + if ((component1 < 2) && (component2 > 39)) { + /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + if (str_ptr < str_bound) { + if (*str_ptr == '.') { + str_ptr++; + } else { + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + } + + if (component2 > (UINT_MAX - (component1 * 40))) { + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, + (component1 * 40) + component2); + if (ret != 0) { + goto error; + } + + while (str_ptr < str_bound) { + ret = oid_parse_number(&val, &str_ptr, str_bound); + if (ret != 0) { + goto error; + } + if (str_ptr < str_bound) { + if (*str_ptr == '.') { + str_ptr++; + } else { + ret = MBEDTLS_ERR_ASN1_INVALID_DATA; + goto error; + } + } + + ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); + if (ret != 0) { + goto error; + } + } + + encoded_len = (size_t) (out_ptr - oid->p); + resized_mem = mbedtls_calloc(encoded_len, 1); + if (resized_mem == NULL) { + ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; + goto error; + } + memcpy(resized_mem, oid->p, encoded_len); + mbedtls_free(oid->p); + oid->p = resized_mem; + oid->len = encoded_len; + + oid->tag = MBEDTLS_ASN1_OID; + + return 0; + +error: + mbedtls_free(oid->p); + oid->p = NULL; + oid->len = 0; + return ret; +} + +#endif /* MBEDTLS_OID_C */ + int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name) { int ret = MBEDTLS_ERR_X509_INVALID_NAME; diff --git a/tf-psa-crypto/drivers/builtin/src/oid.c b/tf-psa-crypto/drivers/builtin/src/oid.c index 565fac6061..e54a8b1132 100644 --- a/tf-psa-crypto/drivers/builtin/src/oid.c +++ b/tf-psa-crypto/drivers/builtin/src/oid.c @@ -969,129 +969,4 @@ static int oid_subidentifier_encode_into(unsigned char **p, return 0; } -/* Return the OID for the given x.y.z.... style numeric string */ -int mbedtls_oid_from_numeric_string(mbedtls_asn1_buf *oid, - const char *oid_str, size_t size) -{ - int ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - const char *str_ptr = oid_str; - const char *str_bound = oid_str + size; - unsigned int val = 0; - unsigned int component1, component2; - size_t encoded_len; - unsigned char *resized_mem; - - /* Count the number of dots to get a worst-case allocation size. */ - size_t num_dots = 0; - for (size_t i = 0; i < size; i++) { - if (oid_str[i] == '.') { - num_dots++; - } - } - /* Allocate maximum possible required memory: - * There are (num_dots + 1) integer components, but the first 2 share the - * same subidentifier, so we only need num_dots subidentifiers maximum. */ - if (num_dots == 0 || (num_dots > MBEDTLS_OID_MAX_COMPONENTS - 1)) { - return MBEDTLS_ERR_ASN1_INVALID_DATA; - } - /* Each byte can store 7 bits, calculate number of bytes for a - * subidentifier: - * - * bytes = ceil(subidentifer_size * 8 / 7) - */ - size_t bytes_per_subidentifier = (((sizeof(unsigned int) * 8) - 1) / 7) - + 1; - size_t max_possible_bytes = num_dots * bytes_per_subidentifier; - oid->p = mbedtls_calloc(max_possible_bytes, 1); - if (oid->p == NULL) { - return MBEDTLS_ERR_ASN1_ALLOC_FAILED; - } - unsigned char *out_ptr = oid->p; - unsigned char *out_bound = oid->p + max_possible_bytes; - - ret = oid_parse_number(&component1, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if (component1 > 2) { - /* First component can't be > 2 */ - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - if (str_ptr >= str_bound || *str_ptr != '.') { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - str_ptr++; - - ret = oid_parse_number(&component2, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if ((component1 < 2) && (component2 > 39)) { - /* Root nodes 0 and 1 may have up to 40 children, numbered 0-39 */ - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - if (str_ptr < str_bound) { - if (*str_ptr == '.') { - str_ptr++; - } else { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - } - - if (component2 > (UINT_MAX - (component1 * 40))) { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, - (component1 * 40) + component2); - if (ret != 0) { - goto error; - } - - while (str_ptr < str_bound) { - ret = oid_parse_number(&val, &str_ptr, str_bound); - if (ret != 0) { - goto error; - } - if (str_ptr < str_bound) { - if (*str_ptr == '.') { - str_ptr++; - } else { - ret = MBEDTLS_ERR_ASN1_INVALID_DATA; - goto error; - } - } - - ret = oid_subidentifier_encode_into(&out_ptr, out_bound, val); - if (ret != 0) { - goto error; - } - } - - encoded_len = (size_t) (out_ptr - oid->p); - resized_mem = mbedtls_calloc(encoded_len, 1); - if (resized_mem == NULL) { - ret = MBEDTLS_ERR_ASN1_ALLOC_FAILED; - goto error; - } - memcpy(resized_mem, oid->p, encoded_len); - mbedtls_free(oid->p); - oid->p = resized_mem; - oid->len = encoded_len; - - oid->tag = MBEDTLS_ASN1_OID; - - return 0; - -error: - mbedtls_free(oid->p); - oid->p = NULL; - oid->len = 0; - return ret; -} - #endif /* MBEDTLS_OID_C */