From 17585adb23c120ae10a410c8f77207a53208c59d Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Sat, 11 Feb 2012 23:25:19 +0000 Subject: [PATCH] Style and naming changes to ASN.1 encoder Make style changes in preparation for the table-driven decoder. No functional changes. git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@25691 dc483132-0cff-0310-8789-dd5450dbe970 --- src/lib/krb5/asn.1/asn1_encode.c | 426 ++++++++++++++--------------- src/lib/krb5/asn.1/asn1_encode.h | 279 +++++++------------ src/lib/krb5/asn.1/asn1_k_encode.c | 258 +++++++++-------- src/lib/krb5/asn.1/ldap_key_seq.c | 4 +- 4 files changed, 444 insertions(+), 523 deletions(-) diff --git a/src/lib/krb5/asn.1/asn1_encode.c b/src/lib/krb5/asn.1/asn1_encode.c index 1aaf1e581..42fefeaec 100644 --- a/src/lib/krb5/asn.1/asn1_encode.c +++ b/src/lib/krb5/asn.1/asn1_encode.c @@ -24,94 +24,101 @@ * or implied warranty. */ -/* ASN.1 primitive encoders */ - #include "asn1_encode.h" +/**** Functions for encoding primitive types ****/ + asn1_error_code -asn1_encode_boolean(asn1buf *buf, asn1_intmax val, size_t *retlen) +k5_asn1_encode_bool(asn1buf *buf, asn1_intmax val, size_t *len_out) { asn1_octet bval = val ? 0xFF : 0x00; - *retlen = 1; + *len_out = 1; return asn1buf_insert_octet(buf, bval); } asn1_error_code -asn1_encode_integer(asn1buf *buf, asn1_intmax val, size_t *retlen) +k5_asn1_encode_int(asn1buf *buf, asn1_intmax val, size_t *len_out) { - asn1_error_code retval; - size_t length = 0; + asn1_error_code ret; + size_t len = 0; long valcopy; int digit; valcopy = val; do { - digit = (int) (valcopy&0xFF); - retval = asn1buf_insert_octet(buf,(asn1_octet) digit); - if (retval) return retval; - length++; + digit = valcopy & 0xFF; + ret = asn1buf_insert_octet(buf, digit); + if (ret) + return ret; + len++; valcopy = valcopy >> 8; } while (valcopy != 0 && valcopy != ~0); - if ((val > 0) && ((digit&0x80) == 0x80)) { /* make sure the high bit is */ - retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ - if (retval) return retval; - length++; - } else if ((val < 0) && ((digit&0x80) != 0x80)) { - retval = asn1buf_insert_octet(buf,0xFF); - if (retval) return retval; - length++; + if (val > 0 && (digit & 0x80) == 0x80) { /* make sure the high bit is */ + ret = asn1buf_insert_octet(buf, 0); /* of the proper signed-ness */ + if (ret) + return ret; + len++; + } else if (val < 0 && (digit & 0x80) != 0x80) { + ret = asn1buf_insert_octet(buf, 0xFF); + if (ret) + return ret; + len++; } - *retlen = length; + *len_out = len; return 0; } asn1_error_code -asn1_encode_unsigned_integer(asn1buf *buf, asn1_uintmax val, size_t *retlen) +k5_asn1_encode_uint(asn1buf *buf, asn1_uintmax val, size_t *len_out) { - asn1_error_code retval; - size_t length = 0; - unsigned long valcopy; + asn1_error_code ret; + size_t len = 0; + asn1_uintmax valcopy; int digit; valcopy = val; do { - digit = (int) (valcopy&0xFF); - retval = asn1buf_insert_octet(buf,(asn1_octet) digit); - if (retval) return retval; - length++; + digit = valcopy & 0xFF; + ret = asn1buf_insert_octet(buf, digit); + if (ret) + return ret; + len++; valcopy = valcopy >> 8; } while (valcopy != 0); - if (digit&0x80) { /* make sure the high bit is */ - retval = asn1buf_insert_octet(buf,0); /* of the proper signed-ness */ - if (retval) return retval; - length++; + if (digit & 0x80) { /* make sure the high bit is */ + ret = asn1buf_insert_octet(buf, 0); /* of the proper signed-ness */ + if (ret) + return ret; + len++; } - *retlen = length; + *len_out = len; return 0; } asn1_error_code -asn1_encode_bytestring(asn1buf *buf, unsigned char *const *val, size_t len, - size_t *retlen) +k5_asn1_encode_bytestring(asn1buf *buf, unsigned char *const *val, size_t len, + size_t *len_out) { - if (len > 0 && val == NULL) return ASN1_MISSING_FIELD; - *retlen = len; + if (len > 0 && val == NULL) + return ASN1_MISSING_FIELD; + *len_out = len; return asn1buf_insert_octetstring(buf, len, *val); } asn1_error_code -asn1_encode_generaltime(asn1buf *buf, time_t val, size_t *retlen) +k5_asn1_encode_generaltime(asn1buf *buf, time_t val, size_t *len_out) { struct tm *gtime, gtimebuf; char s[16]; unsigned char *sp; time_t gmt_time = val; + int len; /* * Time encoding: YYYYMMDDhhmmssZ @@ -119,26 +126,24 @@ asn1_encode_generaltime(asn1buf *buf, time_t val, size_t *retlen) if (gmt_time == 0) { sp = (unsigned char *)"19700101000000Z"; } else { - int len; - /* * Sanity check this just to be paranoid, as gmtime can return NULL, * and some bogus implementations might overrun on the sprintf. */ #ifdef HAVE_GMTIME_R -# ifdef GMTIME_R_RETURNS_INT +#ifdef GMTIME_R_RETURNS_INT if (gmtime_r(&gmt_time, >imebuf) != 0) return ASN1_BAD_GMTIME; -# else +#else if (gmtime_r(&gmt_time, >imebuf) == NULL) return ASN1_BAD_GMTIME; -# endif -#else +#endif +#else /* HAVE_GMTIME_R */ gtime = gmtime(&gmt_time); if (gtime == NULL) return ASN1_BAD_GMTIME; memcpy(>imebuf, gtime, sizeof(gtimebuf)); -#endif +#endif /* HAVE_GMTIME_R */ gtime = >imebuf; if (gtime->tm_year > 8099 || gtime->tm_mon > 11 || @@ -146,7 +151,7 @@ asn1_encode_generaltime(asn1buf *buf, time_t val, size_t *retlen) gtime->tm_min > 59 || gtime->tm_sec > 59) return ASN1_BAD_GMTIME; len = snprintf(s, sizeof(s), "%04d%02d%02d%02d%02d%02dZ", - 1900+gtime->tm_year, gtime->tm_mon+1, + 1900 + gtime->tm_year, gtime->tm_mon + 1, gtime->tm_mday, gtime->tm_hour, gtime->tm_min, gtime->tm_sec); if (SNPRINTF_OVERFLOW(len, sizeof(s))) @@ -155,21 +160,24 @@ asn1_encode_generaltime(asn1buf *buf, time_t val, size_t *retlen) sp = (unsigned char *)s; } - return asn1_encode_bytestring(buf, &sp, 15, retlen); + return k5_asn1_encode_bytestring(buf, &sp, 15, len_out); } asn1_error_code -asn1_encode_bitstring(asn1buf *buf, unsigned char *const *val, size_t len, - size_t *retlen) +k5_asn1_encode_bitstring(asn1buf *buf, unsigned char *const *val, size_t len, + size_t *len_out) { - asn1_error_code retval; + asn1_error_code ret; - retval = asn1buf_insert_octetstring(buf, len, *val); - if (retval) return retval; - *retlen = len + 1; + ret = asn1buf_insert_octetstring(buf, len, *val); + if (ret) + return ret; + *len_out = len + 1; return asn1buf_insert_octet(buf, '\0'); } +/* Encode a DER tag into buf with the tag and length parameters in t. Place + * the length of the encoded tag in *retlen. */ static asn1_error_code make_tag(asn1buf *buf, const taginfo *t, size_t *retlen) { @@ -235,24 +243,10 @@ make_tag(asn1buf *buf, const taginfo *t, size_t *retlen) return 0; } -/* - * ASN.1 constructed type encoder engine - * - * Two entry points here: - * - * krb5int_asn1_encode_type: Incrementally adds the contents-only encoding of - * an object to an already-initialized asn1buf, and returns its tag - * information. - * - * krb5int_asn1_do_full_encode: Returns a completed encoding, in the - * correct byte order, in an allocated krb5_data. - */ - #ifdef POINTERS_ARE_ALL_THE_SAME -#define LOADPTR(PTR,TYPE) \ - (*(const void *const *)(PTR)) +#define LOADPTR(PTR, TYPE) (*(const void *const *)(PTR)) #else -#define LOADPTR(PTR,PTRINFO) \ +#define LOADPTR(PTR, PTRINFO) \ (assert((PTRINFO)->loadptr != NULL), (PTRINFO)->loadptr(PTR)) #endif @@ -271,7 +265,7 @@ get_nullterm_sequence_len(const void *valp, const struct atype_info *seq) ptr = a->tinfo; while (1) { - eltptr = (const char *) valp + i * seq->size; + eltptr = (const char *)valp + i * seq->size; elt = LOADPTR(eltptr, ptr); if (elt == NULL) break; @@ -281,16 +275,18 @@ get_nullterm_sequence_len(const void *valp, const struct atype_info *seq) } static asn1_error_code encode_sequence_of(asn1buf *buf, size_t seqlen, const void *val, - const struct atype_info *eltinfo, size_t *retlen); + const struct atype_info *eltinfo, size_t *len_out); static asn1_error_code encode_nullterm_sequence_of(asn1buf *buf, const void *val, const struct atype_info *type, - int can_be_empty, size_t *retlen) + int can_be_empty, size_t *len_out) { - size_t length = get_nullterm_sequence_len(val, type); - if (!can_be_empty && length == 0) return ASN1_MISSING_FIELD; - return encode_sequence_of(buf, length, val, type, retlen); + size_t len = get_nullterm_sequence_len(val, type); + + if (!can_be_empty && len == 0) + return ASN1_MISSING_FIELD; + return encode_sequence_of(buf, len, val, type, len_out); } static asn1_intmax @@ -319,7 +315,7 @@ load_uint(const void *val, size_t size) static asn1_error_code load_count(const void *val, const struct counted_info *counted, - size_t *retcount) + size_t *count_out) { const void *countptr = (const char *)val + counted->lenoff; @@ -328,12 +324,12 @@ load_count(const void *val, const struct counted_info *counted, asn1_intmax xlen = load_int(countptr, counted->lensize); if (xlen < 0 || (asn1_uintmax)xlen > SIZE_MAX) return EINVAL; - *retcount = xlen; + *count_out = xlen; } else { asn1_uintmax xlen = load_uint(countptr, counted->lensize); if ((size_t)xlen != xlen || xlen > SIZE_MAX) return EINVAL; - *retcount = xlen; + *count_out = xlen; } return 0; } @@ -341,38 +337,39 @@ load_count(const void *val, const struct counted_info *counted, /* Split a DER encoding into tag and contents. Insert the contents into buf, * then return the length of the contents and the tag. */ static asn1_error_code -split_der(asn1buf *buf, unsigned char *const *der, size_t len, taginfo *rettag) +split_der(asn1buf *buf, unsigned char *const *der, size_t len, + taginfo *tag_out) { asn1buf der_buf; krb5_data der_data = make_data(*der, len); - asn1_error_code retval; - - retval = asn1buf_wrap_data(&der_buf, &der_data); - if (retval) - return retval; - retval = asn1_get_tag_2(&der_buf, rettag); - if (retval) - return retval; - if ((size_t)asn1buf_remains(&der_buf, 0) != rettag->length) + asn1_error_code ret; + + ret = asn1buf_wrap_data(&der_buf, &der_data); + if (ret) + return ret; + ret = asn1_get_tag_2(&der_buf, tag_out); + if (ret) + return ret; + if ((size_t)asn1buf_remains(&der_buf, 0) != tag_out->length) return EINVAL; - return asn1buf_insert_bytestring(buf, rettag->length, - *der + len - rettag->length); + return asn1buf_insert_bytestring(buf, tag_out->length, + *der + len - tag_out->length); } static asn1_error_code encode_sequence(asn1buf *buf, const void *val, const struct seq_info *seq, - size_t *retlen); + size_t *len_out); static asn1_error_code encode_cntype(asn1buf *buf, const void *val, size_t len, - const struct cntype_info *c, taginfo *rettag); + const struct cntype_info *c, taginfo *tag_out); /* Encode a value (contents only, no outer tag) according to a type, and return * its encoded tag information. */ -asn1_error_code -krb5int_asn1_encode_type(asn1buf *buf, const void *val, - const struct atype_info *a, taginfo *rettag) +static asn1_error_code +encode_atype(asn1buf *buf, const void *val, const struct atype_info *a, + taginfo *tag_out) { - asn1_error_code retval; + asn1_error_code ret; if (val == NULL) return ASN1_MISSING_FIELD; @@ -381,95 +378,94 @@ krb5int_asn1_encode_type(asn1buf *buf, const void *val, case atype_fn: { const struct fn_info *fn = a->tinfo; assert(fn->enc != NULL); - return fn->enc(buf, val, rettag); + return fn->enc(buf, val, tag_out); } case atype_sequence: assert(a->tinfo != NULL); - retval = encode_sequence(buf, val, a->tinfo, &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = CONSTRUCTED; - rettag->tagnum = ASN1_SEQUENCE; + ret = encode_sequence(buf, val, a->tinfo, &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = CONSTRUCTED; + tag_out->tagnum = ASN1_SEQUENCE; break; case atype_ptr: { const struct ptr_info *ptr = a->tinfo; assert(ptr->basetype != NULL); - return krb5int_asn1_encode_type(buf, LOADPTR(val, ptr), ptr->basetype, - rettag); + return encode_atype(buf, LOADPTR(val, ptr), ptr->basetype, tag_out); } case atype_offset: { const struct offset_info *off = a->tinfo; assert(off->basetype != NULL); - return krb5int_asn1_encode_type(buf, (const char *)val + off->dataoff, - off->basetype, rettag); + return encode_atype(buf, (const char *)val + off->dataoff, + off->basetype, tag_out); } case atype_counted: { const struct counted_info *counted = a->tinfo; const void *dataptr = (const char *)val + counted->dataoff; size_t count; assert(counted->basetype != NULL); - retval = load_count(val, counted, &count); - if (retval) - return retval; - return encode_cntype(buf, dataptr, count, counted->basetype, rettag); + ret = load_count(val, counted, &count); + if (ret) + return ret; + return encode_cntype(buf, dataptr, count, counted->basetype, tag_out); } case atype_nullterm_sequence_of: case atype_nonempty_nullterm_sequence_of: assert(a->tinfo != NULL); - retval = encode_nullterm_sequence_of(buf, val, a->tinfo, - a->type == - atype_nullterm_sequence_of, - &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = CONSTRUCTED; - rettag->tagnum = ASN1_SEQUENCE; + ret = encode_nullterm_sequence_of(buf, val, a->tinfo, + a->type == + atype_nullterm_sequence_of, + &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = CONSTRUCTED; + tag_out->tagnum = ASN1_SEQUENCE; break; case atype_tagged_thing: { const struct tagged_info *tag = a->tinfo; - retval = krb5int_asn1_encode_type(buf, val, tag->basetype, rettag); - if (retval) - return retval; + ret = encode_atype(buf, val, tag->basetype, tag_out); + if (ret) + return ret; if (!tag->implicit) { size_t tlen; - retval = make_tag(buf, rettag, &tlen); - if (retval) - return retval; - rettag->length += tlen; - rettag->construction = tag->construction; + ret = make_tag(buf, tag_out, &tlen); + if (ret) + return ret; + tag_out->length += tlen; + tag_out->construction = tag->construction; } - rettag->asn1class = tag->tagtype; - rettag->tagnum = tag->tagval; + tag_out->asn1class = tag->tagtype; + tag_out->tagnum = tag->tagval; break; } case atype_int: - retval = asn1_encode_integer(buf, load_int(val, a->size), - &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = PRIMITIVE; - rettag->tagnum = ASN1_INTEGER; + ret = k5_asn1_encode_int(buf, load_int(val, a->size), + &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = PRIMITIVE; + tag_out->tagnum = ASN1_INTEGER; break; case atype_uint: - retval = asn1_encode_unsigned_integer(buf, load_uint(val, a->size), - &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = PRIMITIVE; - rettag->tagnum = ASN1_INTEGER; + ret = k5_asn1_encode_uint(buf, load_uint(val, a->size), + &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = PRIMITIVE; + tag_out->tagnum = ASN1_INTEGER; break; case atype_int_immediate: { const int *iptr = a->tinfo; - retval = asn1_encode_integer(buf, *iptr, &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = PRIMITIVE; - rettag->tagnum = ASN1_INTEGER; + ret = k5_asn1_encode_int(buf, *iptr, &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = PRIMITIVE; + tag_out->tagnum = ASN1_INTEGER; break; } default: @@ -482,20 +478,20 @@ krb5int_asn1_encode_type(asn1buf *buf, const void *val, } static asn1_error_code -encode_type_and_tag(asn1buf *buf, const void *val, const struct atype_info *a, - size_t *retlen) +encode_atype_and_tag(asn1buf *buf, const void *val, const struct atype_info *a, + size_t *len_out) { taginfo t; - asn1_error_code retval; + asn1_error_code ret; size_t tlen; - retval = krb5int_asn1_encode_type(buf, val, a, &t); - if (retval) - return retval; - retval = make_tag(buf, &t, &tlen); - if (retval) - return retval; - *retlen = t.length + tlen; + ret = encode_atype(buf, val, a, &t); + if (ret) + return ret; + ret = make_tag(buf, &t, &tlen); + if (ret) + return ret; + *len_out = t.length + tlen; return 0; } @@ -506,44 +502,43 @@ encode_type_and_tag(asn1buf *buf, const void *val, const struct atype_info *a, */ static asn1_error_code encode_cntype(asn1buf *buf, const void *val, size_t count, - const struct cntype_info *c, taginfo *rettag) + const struct cntype_info *c, taginfo *tag_out) { - asn1_error_code retval; + asn1_error_code ret; switch (c->type) { case cntype_string: { const struct string_info *string = c->tinfo; assert(string->enc != NULL); - retval = string->enc(buf, val, count, &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = PRIMITIVE; - rettag->tagnum = string->tagval; + ret = string->enc(buf, val, count, &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = PRIMITIVE; + tag_out->tagnum = string->tagval; break; } case cntype_der: - return split_der(buf, val, count, rettag); + return split_der(buf, val, count, tag_out); case cntype_seqof: { const struct atype_info *a = c->tinfo; const struct ptr_info *ptr = a->tinfo; assert(a->type == atype_ptr); val = LOADPTR(val, ptr); - retval = encode_sequence_of(buf, count, val, ptr->basetype, - &rettag->length); - if (retval) - return retval; - rettag->asn1class = UNIVERSAL; - rettag->construction = CONSTRUCTED; - rettag->tagnum = ASN1_SEQUENCE; + ret = encode_sequence_of(buf, count, val, ptr->basetype, + &tag_out->length); + if (ret) + return ret; + tag_out->asn1class = UNIVERSAL; + tag_out->construction = CONSTRUCTED; + tag_out->tagnum = ASN1_SEQUENCE; break; } case cntype_choice: { const struct choice_info *choice = c->tinfo; if (count >= choice->n_options) return ASN1_MISSING_FIELD; - return krb5int_asn1_encode_type(buf, val, choice->options[count], - rettag); + return encode_atype(buf, val, choice->options[count], tag_out); } default: @@ -557,11 +552,11 @@ encode_cntype(asn1buf *buf, const void *val, size_t count, static asn1_error_code encode_sequence(asn1buf *buf, const void *val, const struct seq_info *seq, - size_t *retlen) + size_t *len_out) { - asn1_error_code retval; + asn1_error_code ret; unsigned int not_present; - size_t i, length, sum = 0; + size_t i, len, sum = 0; const struct atype_info *a; /* If any fields might be optional, get a bitmask of fields not present. */ @@ -570,63 +565,66 @@ encode_sequence(asn1buf *buf, const void *val, const struct seq_info *seq, a = seq->fields[i - 1]; if ((1u << (i - 1)) & not_present) continue; - retval = encode_type_and_tag(buf, val, a, &length); - if (retval) - return retval; - sum += length; + ret = encode_atype_and_tag(buf, val, a, &len); + if (ret) + return ret; + sum += len; } - *retlen = sum; + *len_out = sum; return 0; } static asn1_error_code encode_sequence_of(asn1buf *buf, size_t seqlen, const void *val, - const struct atype_info *eltinfo, size_t *retlen) + const struct atype_info *eltinfo, size_t *len_out) { - asn1_error_code retval; - size_t sum = 0, i, length; + asn1_error_code ret; + size_t sum = 0, i, len; + const void *eltptr; + assert(eltinfo->size != 0); for (i = seqlen; i > 0; i--) { - const void *eltptr; - const struct atype_info *a = eltinfo; - - assert(eltinfo->size != 0); eltptr = (const char *)val + (i - 1) * eltinfo->size; - retval = encode_type_and_tag(buf, eltptr, a, &length); - if (retval) - return retval; - sum += length; + ret = encode_atype_and_tag(buf, eltptr, eltinfo, &len); + if (ret) + return ret; + sum += len; } - *retlen = sum; + *len_out = sum; return 0; } +asn1_error_code +k5_asn1_encode_atype(asn1buf *buf, const void *val, const struct atype_info *a, + taginfo *tag_out) +{ + return encode_atype(buf, val, a, tag_out); +} + krb5_error_code -krb5int_asn1_do_full_encode(const void *rep, krb5_data **code, - const struct atype_info *a) +k5_asn1_full_encode(const void *rep, const struct atype_info *a, + krb5_data **code_out) { - size_t length; - asn1_error_code retval; + size_t len; + asn1_error_code ret; asn1buf *buf = NULL; krb5_data *d; - *code = NULL; + *code_out = NULL; if (rep == NULL) return ASN1_MISSING_FIELD; - - retval = asn1buf_create(&buf); - if (retval) - return retval; - - retval = encode_type_and_tag(buf, rep, a, &length); - if (retval) + ret = asn1buf_create(&buf); + if (ret) + return ret; + ret = encode_atype_and_tag(buf, rep, a, &len); + if (ret) goto cleanup; - retval = asn12krb5_buf(buf, &d); - if (retval) + ret = asn12krb5_buf(buf, &d); + if (ret) goto cleanup; - *code = d; + *code_out = d; cleanup: asn1buf_destroy(&buf); - return retval; + return ret; } diff --git a/src/lib/krb5/asn.1/asn1_encode.h b/src/lib/krb5/asn.1/asn1_encode.h index afae9db2d..ba6151d12 100644 --- a/src/lib/krb5/asn.1/asn1_encode.h +++ b/src/lib/krb5/asn.1/asn1_encode.h @@ -33,89 +33,22 @@ #include "asn1_get.h" #include -/* - * Overview - * - * Each of these procedures inserts the encoding of an ASN.1 - * primitive in a coding buffer. - * - * Operations - * - * asn1_encode_boolean - * asn1_encode_integer - * asn1_encode_unsigned_integer - * asn1_encode_bytestring - * asn1_encode_generaltime - * asn1_encode_bitstring - */ - -asn1_error_code asn1_encode_boolean(asn1buf *buf, asn1_intmax val, - size_t *retlen); -asn1_error_code asn1_encode_integer(asn1buf *buf, asn1_intmax val, - size_t *retlen); -/* - * requires *buf is allocated - * modifies *buf, *retlen - * effects Inserts the encoding of val into *buf and returns - * the length of the encoding in *retlen. - * Returns ENOMEM to signal an unsuccesful attempt - * to expand the buffer. - */ - -asn1_error_code asn1_encode_unsigned_integer(asn1buf *buf, asn1_uintmax val, - size_t *retlen); -/* - * requires *buf is allocated - * modifies *buf, *retlen - * effects Inserts the encoding of val into *buf and returns - * the length of the encoding in *retlen. - * Returns ENOMEM to signal an unsuccesful attempt - * to expand the buffer. - */ - -asn1_error_code asn1_encode_bytestring(asn1buf *buf, unsigned char *const *val, - size_t len, size_t *retlen); -/* - * requires *buf is allocated - * modifies *buf, *retlen - * effects Inserts the encoding of val into *buf and returns - * the length of the encoding in *retlen. - * Returns ENOMEM to signal an unsuccesful attempt - * to expand the buffer. - */ - -asn1_error_code asn1_encode_null(asn1buf *buf, int *retlen); -/* - * requires *buf is allocated - * modifies *buf, *retlen - * effects Inserts the encoding of NULL into *buf and returns - * the length of the encoding in *retlen. - * Returns ENOMEM to signal an unsuccesful attempt - * to expand the buffer. - */ - -asn1_error_code asn1_encode_generaltime(asn1buf *buf, time_t val, - size_t *retlen); -/* - * requires *buf is allocated - * modifies *buf, *retlen - * effects Inserts the encoding of val into *buf and returns - * the length of the encoding in *retlen. - * Returns ENOMEM to signal an unsuccesful attempt - * to expand the buffer. - * Note: The encoding of GeneralizedTime is YYYYMMDDhhmmZ - */ - -asn1_error_code asn1_encode_bitstring(asn1buf *buf, unsigned char *const *val, - size_t len, size_t *retlen); -/* - * requires *buf is allocated, *val has a length of len characters - * modifies *buf, *retlen - * effects Inserts the encoding of val into *buf and returns - * the length of the encoding in *retlen. - * Returns ENOMEM to signal an unsuccesful attempt - * to expand the buffer. - */ +/* These functions are referenced by encoder structures. They handle the + * encoding of primitive ASN.1 types. */ +asn1_error_code k5_asn1_encode_bool(asn1buf *buf, asn1_intmax val, + size_t *len_out); +asn1_error_code k5_asn1_encode_int(asn1buf *buf, asn1_intmax val, + size_t *len_out); +asn1_error_code k5_asn1_encode_uint(asn1buf *buf, asn1_uintmax val, + size_t *len_out); +asn1_error_code k5_asn1_encode_bytestring(asn1buf *buf, + unsigned char *const *val, + size_t len, size_t *len_out); +asn1_error_code k5_asn1_encode_bitstring(asn1buf *buf, + unsigned char *const *val, + size_t len, size_t *len_out); +asn1_error_code k5_asn1_encode_generaltime(asn1buf *buf, time_t val, + size_t *len_out); /* * An atype_info structure specifies how to encode a pointer to a C @@ -133,16 +66,11 @@ asn1_error_code asn1_encode_bitstring(asn1buf *buf, unsigned char *const *val, */ enum atype_type { - /* - * For bounds checking only. By starting with values above 1, we - * guarantee that zero-initialized storage will be recognized as - * invalid. - */ + /* For bounds checking only. By starting with 2, we guarantee that + * zero-initialized storage will be recognized as invalid. */ atype_min = 1, - /* - * Encoder function to be called with address of . tinfo is a - * struct fn_info *. - */ + /* Encoder function to be called with address of . tinfo is a + * struct fn_info *. */ atype_fn, /* Pointer to actual thing to be encoded. tinfo is a struct ptr_info *. */ atype_ptr, @@ -152,16 +80,16 @@ enum atype_type { /* * Actual thing to be encoded is an object at an offset from the original * pointer, combined with an integer at a different offset, in a manner - * specified by a cntype_info base type. tinfo is a struct counted_info *. + * specified by a cntype_info structure. tinfo is a struct counted_info *. */ atype_counted, /* Sequence. tinfo is a struct seq_info *. */ atype_sequence, /* - * Sequence-of, with pointer to base type descriptor, represented - * as a null-terminated array of pointers (and thus the "base" - * type descriptor is actually an atype_ptr node). tinfo is a - * struct atype_info * giving the base type. + * Sequence-of, with pointer to base type descriptor, represented as a + * null-terminated array of pointers (and thus the "base" type descriptor + * is actually an atype_ptr node). tinfo is a struct atype_info * giving + * the base type. */ atype_nullterm_sequence_of, atype_nonempty_nullterm_sequence_of, @@ -255,11 +183,21 @@ struct choice_info { size_t n_options; }; +struct seq_info { + /* If present, returns a bitmask indicating which fields are present. The + * bit (1 << N) corresponds to index N in the fields array. */ + unsigned int (*optional)(const void *); + /* Indicates an array of sequence field descriptors. */ + const struct atype_info **fields; + size_t n_fields; + /* Currently all sequences are assumed to be extensible. */ +}; + /* * The various DEF*TYPE macros must: * - * + Define a type named aux_typedefname_##DESCNAME, for use in any - * types derived from the type being defined. + * + Define a type named aux_type_##DESCNAME, for use in any types derived from + * the type being defined. * * + Define an atype_info struct named k5_atype_##DESCNAME * @@ -276,18 +214,18 @@ struct choice_info { */ /* Define a type using an encoder function. */ -#define DEFFNTYPE(DESCNAME, CTYPENAME, ENCFN) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ - static const struct fn_info aux_info_##DESCNAME = { \ - ENCFN \ - }; \ - const struct atype_info k5_atype_##DESCNAME = { \ - atype_fn, sizeof(CTYPENAME), &aux_info_##DESCNAME \ +#define DEFFNTYPE(DESCNAME, CTYPENAME, ENCFN) \ + typedef CTYPENAME aux_type_##DESCNAME; \ + static const struct fn_info aux_info_##DESCNAME = { \ + ENCFN \ + }; \ + const struct atype_info k5_atype_##DESCNAME = { \ + atype_fn, sizeof(CTYPENAME), &aux_info_##DESCNAME \ } /* A sequence, defined by the indicated series of types, and an optional * function indicating which fields are not present. */ #define DEFSEQTYPE(DESCNAME, CTYPENAME, FIELDS, OPT) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ + typedef CTYPENAME aux_type_##DESCNAME; \ static const struct seq_info aux_seqinfo_##DESCNAME = { \ OPT, FIELDS, sizeof(FIELDS)/sizeof(FIELDS[0]) \ }; \ @@ -296,17 +234,17 @@ struct choice_info { } /* Integer types. */ #define DEFINTTYPE(DESCNAME, CTYPENAME) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ + typedef CTYPENAME aux_type_##DESCNAME; \ const struct atype_info k5_atype_##DESCNAME = { \ atype_int, sizeof(CTYPENAME), NULL \ } #define DEFUINTTYPE(DESCNAME, CTYPENAME) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ + typedef CTYPENAME aux_type_##DESCNAME; \ const struct atype_info k5_atype_##DESCNAME = { \ atype_uint, sizeof(CTYPENAME), NULL \ } #define DEFINT_IMMEDIATE(DESCNAME, VAL) \ - typedef int aux_typedefname_##DESCNAME; \ + typedef int aux_type_##DESCNAME; \ static const int aux_int_##DESCNAME = VAL; \ const struct atype_info k5_atype_##DESCNAME = { \ atype_int_immediate, 0, &aux_int_##DESCNAME \ @@ -314,48 +252,44 @@ struct choice_info { /* Pointers to other types, to be encoded as those other types. */ #ifdef POINTERS_ARE_ALL_THE_SAME -#define DEFPTRTYPE(DESCNAME,BASEDESCNAME) \ - typedef aux_typedefname_##BASEDESCNAME * aux_typedefname_##DESCNAME; \ - static const struct ptr_info aux_info_##DESCNAME = { \ - NULL, &k5_atype_##BASEDESCNAME \ - }; \ - const struct atype_info k5_atype_##DESCNAME = { \ - atype_ptr, sizeof(aux_typedefname_##DESCNAME), \ - &aux_info_##DESCNAME \ +#define DEFPTRTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_type_##BASEDESCNAME *aux_type_##DESCNAME; \ + static const struct ptr_info aux_info_##DESCNAME = { \ + NULL, &k5_atype_##BASEDESCNAME \ + }; \ + const struct atype_info k5_atype_##DESCNAME = { \ + atype_ptr, sizeof(aux_type_##DESCNAME), \ + &aux_info_##DESCNAME \ } #else -#define DEFPTRTYPE(DESCNAME,BASEDESCNAME) \ - typedef aux_typedefname_##BASEDESCNAME * aux_typedefname_##DESCNAME; \ - static const void * \ - loadptr_for_##BASEDESCNAME##_from_##DESCNAME(const void *p) \ - { \ - const aux_typedefname_##DESCNAME *inptr = p; \ - const aux_typedefname_##BASEDESCNAME *retptr; \ - retptr = *inptr; \ - return retptr; \ - } \ - static const struct ptr_info aux_info_##DESCNAME = { \ - loadptr_for_##BASEDESCNAME##_from_##DESCNAME, \ - &k5_atype_##BASEDESCNAME \ - }; \ - const struct atype_info k5_atype_##DESCNAME = { \ - atype_ptr, sizeof(aux_typedefname_##DESCNAME), \ - &aux_info_##DESCNAME \ +#define DEFPTRTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_type_##BASEDESCNAME *aux_type_##DESCNAME; \ + static const void * \ + aux_loadptr_##DESCNAME(const void *p) \ + { \ + return *(aux_type_##DESCNAME *)p; \ + } \ + static const struct ptr_info aux_info_##DESCNAME = { \ + aux_loadptr_##DESCNAME, &k5_atype_##BASEDESCNAME \ + }; \ + const struct atype_info k5_atype_##DESCNAME = { \ + atype_ptr, sizeof(aux_type_##DESCNAME), \ + &aux_info_##DESCNAME \ } #endif -#define DEFOFFSETTYPE(DESCNAME, STYPE, FIELDNAME, BASEDESC) \ - typedef STYPE aux_typedefname_##DESCNAME; \ - static const struct offset_info aux_info_##DESCNAME = { \ - OFFOF(STYPE, FIELDNAME, aux_typedefname_##BASEDESC), \ - &k5_atype_##BASEDESC \ - }; \ - const struct atype_info k5_atype_##DESCNAME = { \ - atype_offset, sizeof(aux_typedefname_##DESCNAME), \ - &aux_info_##DESCNAME \ +#define DEFOFFSETTYPE(DESCNAME, STYPE, FIELDNAME, BASEDESC) \ + typedef STYPE aux_type_##DESCNAME; \ + static const struct offset_info aux_info_##DESCNAME = { \ + OFFOF(STYPE, FIELDNAME, aux_type_##BASEDESC), \ + &k5_atype_##BASEDESC \ + }; \ + const struct atype_info k5_atype_##DESCNAME = { \ + atype_offset, sizeof(aux_type_##DESCNAME), \ + &aux_info_##DESCNAME \ } #define DEFCOUNTEDTYPE_base(DESCNAME, STYPE, DATAFIELD, COUNTFIELD, SIGNED, \ CDESC) \ - typedef STYPE aux_typedefname_##DESCNAME; \ + typedef STYPE aux_type_##DESCNAME; \ const struct counted_info aux_info_##DESCNAME = { \ OFFOF(STYPE, DATAFIELD, aux_ptrtype_##CDESC), \ OFFOF(STYPE, COUNTFIELD, aux_counttype_##CDESC), \ @@ -384,28 +318,28 @@ struct choice_info { * and use that type for the structure field. */ #define DEFNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME) \ - typedef aux_typedefname_##BASEDESCNAME aux_typedefname_##DESCNAME; \ + typedef aux_type_##BASEDESCNAME aux_type_##DESCNAME; \ const struct atype_info k5_atype_##DESCNAME = { \ - atype_nullterm_sequence_of, sizeof(aux_typedefname_##DESCNAME), \ + atype_nullterm_sequence_of, sizeof(aux_type_##DESCNAME), \ &k5_atype_##BASEDESCNAME \ } -#define DEFNONEMPTYNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME) \ - typedef aux_typedefname_##BASEDESCNAME aux_typedefname_##DESCNAME; \ - const struct atype_info k5_atype_##DESCNAME = { \ - atype_nonempty_nullterm_sequence_of, \ - sizeof(aux_typedefname_##DESCNAME), \ - &k5_atype_##BASEDESCNAME \ +#define DEFNONEMPTYNULLTERMSEQOFTYPE(DESCNAME,BASEDESCNAME) \ + typedef aux_type_##BASEDESCNAME aux_type_##DESCNAME; \ + const struct atype_info k5_atype_##DESCNAME = { \ + atype_nonempty_nullterm_sequence_of, \ + sizeof(aux_type_##DESCNAME), \ + &k5_atype_##BASEDESCNAME \ } /* Objects with an explicit or implicit tag. (Implicit tags will ignore the * construction field.) */ #define DEFTAGGEDTYPE(DESCNAME, CLASS, CONSTRUCTION, TAG, IMPLICIT, BASEDESC) \ - typedef aux_typedefname_##BASEDESC aux_typedefname_##DESCNAME; \ + typedef aux_type_##BASEDESC aux_type_##DESCNAME; \ static const struct tagged_info aux_info_##DESCNAME = { \ TAG, CLASS, CONSTRUCTION, IMPLICIT, &k5_atype_##BASEDESC \ }; \ const struct atype_info k5_atype_##DESCNAME = { \ - atype_tagged_thing, sizeof(aux_typedefname_##DESCNAME), \ + atype_tagged_thing, sizeof(aux_type_##DESCNAME), \ &aux_info_##DESCNAME \ } /* Objects with an explicit APPLICATION tag added. */ @@ -464,7 +398,7 @@ struct choice_info { } #define DEFCOUNTEDSEQOFTYPE(DESCNAME, LTYPE, BASEDESC) \ - typedef aux_typedefname_##BASEDESC aux_ptrtype_##DESCNAME; \ + typedef aux_type_##BASEDESC aux_ptrtype_##DESCNAME; \ typedef LTYPE aux_counttype_##DESCNAME; \ const struct cntype_info k5_cntype_##DESCNAME = { \ cntype_seqof, &k5_atype_##BASEDESC \ @@ -492,35 +426,26 @@ struct choice_info { * type.) */ #define IMPORT_TYPE(DESCNAME, CTYPENAME) \ - typedef CTYPENAME aux_typedefname_##DESCNAME; \ + typedef CTYPENAME aux_type_##DESCNAME; \ extern const struct atype_info k5_atype_##DESCNAME /* Partially encode the contents of a type and return its tag information. - * Used only by asn1_encode_kdc_req_body. */ + * Used only by kdc_req_body. */ asn1_error_code -krb5int_asn1_encode_type(asn1buf *buf, const void *val, - const struct atype_info *a, taginfo *rettag); - -struct seq_info { - /* If present, returns a bitmask indicating which fields are present. The - * bit (1 << N) corresponds to index N in the fields array. */ - unsigned int (*optional)(const void *); - /* Indicates an array of sequence field descriptors. */ - const struct atype_info **fields; - size_t n_fields; - /* Currently all sequences are assumed to be extensible. */ -}; +k5_asn1_encode_atype(asn1buf *buf, const void *val, const struct atype_info *a, + taginfo *tag_out); +/* Returns a completed encoding, with tag and in the correct byte order, in an + * allocated krb5_data. */ extern krb5_error_code -krb5int_asn1_do_full_encode(const void *rep, krb5_data **code, - const struct atype_info *a); +k5_asn1_full_encode(const void *rep, const struct atype_info *a, + krb5_data **code_out); -#define MAKE_FULL_ENCODER(FNAME, DESC) \ - krb5_error_code FNAME(const aux_typedefname_##DESC *rep, \ - krb5_data **code) \ +#define MAKE_ENCODER(FNAME, DESC) \ + krb5_error_code \ + FNAME(const aux_type_##DESC *rep, krb5_data **code_out) \ { \ - return krb5int_asn1_do_full_encode(rep, code, \ - &k5_atype_##DESC); \ + return k5_asn1_full_encode(rep, &k5_atype_##DESC, code_out); \ } \ extern int dummy /* gobble semicolon */ diff --git a/src/lib/krb5/asn.1/asn1_k_encode.c b/src/lib/krb5/asn.1/asn1_k_encode.c index db2afb817..3dc9c74e3 100644 --- a/src/lib/krb5/asn.1/asn1_k_encode.c +++ b/src/lib/krb5/asn.1/asn1_k_encode.c @@ -41,16 +41,16 @@ DEFCOUNTEDDERTYPE(der, char *, unsigned int); DEFCOUNTEDTYPE(der_data, krb5_data, data, length, der); DEFCOUNTEDSTRINGTYPE(octetstring, unsigned char *, unsigned int, - asn1_encode_bytestring, ASN1_OCTETSTRING); + k5_asn1_encode_bytestring, ASN1_OCTETSTRING); DEFCOUNTEDSTRINGTYPE(s_octetstring, char *, unsigned int, - asn1_encode_bytestring, ASN1_OCTETSTRING); + k5_asn1_encode_bytestring, ASN1_OCTETSTRING); DEFCOUNTEDTYPE(ostring_data, krb5_data, data, length, s_octetstring); DEFPTRTYPE(ostring_data_ptr, ostring_data); DEFCOUNTEDSTRINGTYPE(generalstring, char *, unsigned int, - asn1_encode_bytestring, ASN1_GENERALSTRING); + k5_asn1_encode_bytestring, ASN1_GENERALSTRING); DEFCOUNTEDSTRINGTYPE(u_generalstring, unsigned char *, unsigned int, - asn1_encode_bytestring, ASN1_GENERALSTRING); + k5_asn1_encode_bytestring, ASN1_GENERALSTRING); DEFCOUNTEDTYPE(gstring_data, krb5_data, data, length, generalstring); DEFPTRTYPE(gstring_data_ptr, gstring_data); DEFCOUNTEDSEQOFTYPE(cseqof_gstring_data, krb5_int32, gstring_data_ptr); @@ -69,14 +69,14 @@ DEFSEQTYPE(principal_data, krb5_principal_data, princname_fields, NULL); DEFPTRTYPE(principal, principal_data); static asn1_error_code -encode_kerberos_time(asn1buf *buf, const void *val, taginfo *rettag) +encode_kerberos_time(asn1buf *buf, const void *p, taginfo *rettag) { /* Range checking for time_t vs krb5_timestamp? */ - time_t tval = *(krb5_timestamp *)val; + time_t val = *(krb5_timestamp *)p; rettag->asn1class = UNIVERSAL; rettag->construction = PRIMITIVE; rettag->tagnum = ASN1_GENERALTIME; - return asn1_encode_generaltime(buf, tval, &rettag->length); + return k5_asn1_encode_generaltime(buf, val, &rettag->length); } DEFFNTYPE(kerberos_time, krb5_timestamp, encode_kerberos_time); @@ -115,14 +115,14 @@ DEFSEQTYPE(encrypted_data, krb5_enc_data, encrypted_data_fields, * as a 32-bit integer in host order. */ static asn1_error_code -encode_krb5_flags(asn1buf *buf, const void *val, taginfo *rettag) +encode_krb5_flags(asn1buf *buf, const void *p, taginfo *rettag) { unsigned char cbuf[4], *cptr = cbuf; - store_32_be((krb5_ui_4)*(const krb5_flags *)val, cbuf); + store_32_be((krb5_ui_4)*(const krb5_flags *)p, cbuf); rettag->asn1class = UNIVERSAL; rettag->construction = PRIMITIVE; rettag->tagnum = ASN1_BITSTRING; - return asn1_encode_bitstring(buf, &cptr, 4, &rettag->length); + return k5_asn1_encode_bitstring(buf, &cptr, 4, &rettag->length); } DEFFNTYPE(krb5_flags, krb5_flags, encode_krb5_flags); @@ -248,23 +248,23 @@ typedef struct kdc_req_hack { krb5_kdc_req v; krb5_data *server_realm; } kdc_req_hack; -DEFFIELD(kdc_req_0, kdc_req_hack, v.kdc_options, 0, krb5_flags); -DEFFIELD(kdc_req_1, kdc_req_hack, v.client, 1, principal); -DEFFIELD(kdc_req_2, kdc_req_hack, server_realm, 2, gstring_data_ptr); -DEFFIELD(kdc_req_3, kdc_req_hack, v.server, 3, principal); -DEFFIELD(kdc_req_4, kdc_req_hack, v.from, 4, kerberos_time); -DEFFIELD(kdc_req_5, kdc_req_hack, v.till, 5, kerberos_time); -DEFFIELD(kdc_req_6, kdc_req_hack, v.rtime, 6, kerberos_time); -DEFFIELD(kdc_req_7, kdc_req_hack, v.nonce, 7, int32); -DEFCNFIELD(kdc_req_8, kdc_req_hack, v.ktype, v.nktypes, 8, cseqof_int32); -DEFFIELD(kdc_req_9, kdc_req_hack, v.addresses, 9, ptr_seqof_host_addresses); -DEFFIELD(kdc_req_10, kdc_req_hack, v.authorization_data, 10, encrypted_data); -DEFFIELD(kdc_req_11, kdc_req_hack, v.second_ticket, 11, ptr_seqof_ticket); +DEFFIELD(req_body_0, kdc_req_hack, v.kdc_options, 0, krb5_flags); +DEFFIELD(req_body_1, kdc_req_hack, v.client, 1, principal); +DEFFIELD(req_body_2, kdc_req_hack, server_realm, 2, gstring_data_ptr); +DEFFIELD(req_body_3, kdc_req_hack, v.server, 3, principal); +DEFFIELD(req_body_4, kdc_req_hack, v.from, 4, kerberos_time); +DEFFIELD(req_body_5, kdc_req_hack, v.till, 5, kerberos_time); +DEFFIELD(req_body_6, kdc_req_hack, v.rtime, 6, kerberos_time); +DEFFIELD(req_body_7, kdc_req_hack, v.nonce, 7, int32); +DEFCNFIELD(req_body_8, kdc_req_hack, v.ktype, v.nktypes, 8, cseqof_int32); +DEFFIELD(req_body_9, kdc_req_hack, v.addresses, 9, ptr_seqof_host_addresses); +DEFFIELD(req_body_10, kdc_req_hack, v.authorization_data, 10, encrypted_data); +DEFFIELD(req_body_11, kdc_req_hack, v.second_ticket, 11, ptr_seqof_ticket); static const struct atype_info *kdc_req_hack_fields[] = { - &k5_atype_kdc_req_0, &k5_atype_kdc_req_1, &k5_atype_kdc_req_2, - &k5_atype_kdc_req_3, &k5_atype_kdc_req_4, &k5_atype_kdc_req_5, - &k5_atype_kdc_req_6, &k5_atype_kdc_req_7, &k5_atype_kdc_req_8, - &k5_atype_kdc_req_9, &k5_atype_kdc_req_10, &k5_atype_kdc_req_11 + &k5_atype_req_body_0, &k5_atype_req_body_1, &k5_atype_req_body_2, + &k5_atype_req_body_3, &k5_atype_req_body_4, &k5_atype_req_body_5, + &k5_atype_req_body_6, &k5_atype_req_body_7, &k5_atype_req_body_8, + &k5_atype_req_body_9, &k5_atype_req_body_10, &k5_atype_req_body_11 }; static unsigned int optional_kdc_req_hack(const void *p) @@ -291,22 +291,23 @@ optional_kdc_req_hack(const void *p) DEFSEQTYPE(kdc_req_body_hack, kdc_req_hack, kdc_req_hack_fields, optional_kdc_req_hack); static asn1_error_code -asn1_encode_kdc_req_body(asn1buf *buf, const void *ptr, taginfo *rettag) +encode_kdc_req_body(asn1buf *buf, const void *p, taginfo *tag_out) { - const krb5_kdc_req *val = ptr; - kdc_req_hack val2; - val2.v = *val; + const krb5_kdc_req *val = p; + kdc_req_hack h; + h.v = *val; if (val->kdc_options & KDC_OPT_ENC_TKT_IN_SKEY) { - if (val->second_ticket != NULL && val->second_ticket[0] != NULL) { - val2.server_realm = &val->second_ticket[0]->server->realm; - } else return ASN1_MISSING_FIELD; - } else if (val->server != NULL) { - val2.server_realm = &val->server->realm; - } else return ASN1_MISSING_FIELD; - return krb5int_asn1_encode_type(buf, &val2, &k5_atype_kdc_req_body_hack, - rettag); + if (val->second_ticket != NULL && val->second_ticket[0] != NULL) + h.server_realm = &val->second_ticket[0]->server->realm; + else + return ASN1_MISSING_FIELD; + } else if (val->server != NULL) + h.server_realm = &val->server->realm; + else + return ASN1_MISSING_FIELD; + return k5_asn1_encode_atype(buf, &h, &k5_atype_kdc_req_body_hack, tag_out); } -DEFFNTYPE(kdc_req_body, krb5_kdc_req, asn1_encode_kdc_req_body); +DEFFNTYPE(kdc_req_body, krb5_kdc_req, encode_kdc_req_body); /* end ugly hack */ DEFFIELD(transited_0, krb5_transited, tr_type, 0, octet); @@ -322,7 +323,7 @@ DEFFIELD(safe_body_2, krb5_safe, usec, 2, int32); DEFFIELD(safe_body_3, krb5_safe, seq_number, 3, uint); DEFFIELD(safe_body_4, krb5_safe, s_address, 4, address_ptr); DEFFIELD(safe_body_5, krb5_safe, r_address, 5, address_ptr); -static const struct atype_info *krb_safe_body_fields[] = { +static const struct atype_info *safe_body_fields[] = { &k5_atype_safe_body_0, &k5_atype_safe_body_1, &k5_atype_safe_body_2, &k5_atype_safe_body_3, &k5_atype_safe_body_4, &k5_atype_safe_body_5 }; @@ -339,8 +340,7 @@ optional_krb_safe_body(const void *p) not_present |= (1u << 5); return not_present; } -DEFSEQTYPE(krb_safe_body, krb5_safe, krb_safe_body_fields, - optional_krb_safe_body); +DEFSEQTYPE(safe_body, krb5_safe, safe_body_fields, optional_krb_safe_body); DEFFIELD(cred_info_0, krb5_cred_info, session, 0, ptr_encryption_key); DEFFIELD(cred_info_1, krb5_cred_info, client, 1, realm_of_principal); @@ -530,7 +530,7 @@ DEFFIELD(authenticator_6, krb5_authenticator, subkey, 6, ptr_encryption_key); DEFFIELD(authenticator_7, krb5_authenticator, seq_number, 7, uint); DEFFIELD(authenticator_8, krb5_authenticator, authorization_data, 8, auth_data_ptr); -static const struct atype_info *krb5_authenticator_fields[] = { +static const struct atype_info *authenticator_fields[] = { &k5_atype_authenticator_0, &k5_atype_authenticator_1, &k5_atype_authenticator_2, &k5_atype_authenticator_3, &k5_atype_authenticator_4, &k5_atype_authenticator_5, @@ -538,7 +538,7 @@ static const struct atype_info *krb5_authenticator_fields[] = { &k5_atype_authenticator_8 }; static unsigned int -optional_krb5_authenticator(const void *p) +optional_authenticator(const void *p) { const krb5_authenticator *val = p; unsigned int not_present = 0; @@ -552,9 +552,9 @@ optional_krb5_authenticator(const void *p) not_present |= (1u << 3); return not_present; } -DEFSEQTYPE(untagged_krb5_authenticator, krb5_authenticator, - krb5_authenticator_fields, optional_krb5_authenticator); -DEFAPPTAGGEDTYPE(krb5_authenticator, 2, untagged_krb5_authenticator); +DEFSEQTYPE(untagged_authenticator, krb5_authenticator, authenticator_fields, + optional_authenticator); +DEFAPPTAGGEDTYPE(authenticator, 2, untagged_authenticator); DEFFIELD(enc_tkt_0, krb5_enc_tkt_part, flags, 0, krb5_flags); DEFFIELD(enc_tkt_1, krb5_enc_tkt_part, session, 1, ptr_encryption_key); @@ -716,30 +716,30 @@ DEFAPPTAGGEDTYPE(tgs_req, 12, untagged_tgs_req); DEFINT_IMMEDIATE(safe_msg_type, ASN1_KRB_SAFE); DEFCTAGGEDTYPE(safe_0, 0, krb5_version); DEFCTAGGEDTYPE(safe_1, 1, safe_msg_type); -DEFCTAGGEDTYPE(safe_2, 2, krb_safe_body); +DEFCTAGGEDTYPE(safe_2, 2, safe_body); DEFFIELD(safe_3, krb5_safe, checksum, 3, checksum_ptr); -static const struct atype_info *krb5_safe_fields[] = { +static const struct atype_info *safe_fields[] = { &k5_atype_safe_0, &k5_atype_safe_1, &k5_atype_safe_2, &k5_atype_safe_3 }; -DEFSEQTYPE(untagged_krb5_safe, krb5_safe, krb5_safe_fields, NULL); -DEFAPPTAGGEDTYPE(krb5_safe, 20, untagged_krb5_safe); +DEFSEQTYPE(untagged_safe, krb5_safe, safe_fields, NULL); +DEFAPPTAGGEDTYPE(safe, 20, untagged_safe); /* Hack to encode a KRB-SAFE with a pre-specified body encoding. The integer- * immediate fields are borrowed from krb5_safe_fields above. */ -DEFPTRTYPE(krb_saved_safe_body_ptr, der_data); -DEFOFFSETTYPE(krb5_safe_checksum_only, krb5_safe, checksum, checksum_ptr); -DEFPTRTYPE(krb5_safe_checksum_only_ptr, krb5_safe_checksum_only); +DEFPTRTYPE(saved_safe_body_ptr, der_data); +DEFOFFSETTYPE(safe_checksum_only, krb5_safe, checksum, checksum_ptr); +DEFPTRTYPE(safe_checksum_only_ptr, safe_checksum_only); DEFFIELD(safe_with_body_2, struct krb5_safe_with_body, body, 2, - krb_saved_safe_body_ptr); + saved_safe_body_ptr); DEFFIELD(safe_with_body_3, struct krb5_safe_with_body, safe, 3, - krb5_safe_checksum_only_ptr); -static const struct atype_info *krb5_safe_with_body_fields[] = { + safe_checksum_only_ptr); +static const struct atype_info *safe_with_body_fields[] = { &k5_atype_safe_0, &k5_atype_safe_1, &k5_atype_safe_with_body_2, &k5_atype_safe_with_body_3 }; -DEFSEQTYPE(untagged_krb5_safe_with_body, struct krb5_safe_with_body, - krb5_safe_with_body_fields, NULL); -DEFAPPTAGGEDTYPE(krb5_safe_with_body, 20, untagged_krb5_safe_with_body); +DEFSEQTYPE(untagged_safe_with_body, struct krb5_safe_with_body, + safe_with_body_fields, NULL); +DEFAPPTAGGEDTYPE(safe_with_body, 20, untagged_safe_with_body); /* Third tag is [3] instead of [2]. */ DEFINT_IMMEDIATE(priv_msg_type, ASN1_KRB_PRIV); @@ -750,7 +750,7 @@ static const struct atype_info *priv_fields[] = { &k5_atype_priv_0, &k5_atype_priv_1, &k5_atype_priv_3 }; DEFSEQTYPE(untagged_priv, krb5_priv, priv_fields, NULL); -DEFAPPTAGGEDTYPE(krb5_priv, 21, untagged_priv); +DEFAPPTAGGEDTYPE(priv, 21, untagged_priv); DEFFIELD(priv_enc_part_0, krb5_priv_enc_part, user_data, 0, ostring_data); DEFFIELD(priv_enc_part_1, krb5_priv_enc_part, timestamp, 1, kerberos_time); @@ -1137,22 +1137,22 @@ DEFSEQTYPE(iakerb_finished, krb5_iakerb_finished, iakerb_finished_fields, /* Exported complete encoders -- these produce a krb5_data with the encoding in the correct byte order. */ -MAKE_FULL_ENCODER(encode_krb5_authenticator, krb5_authenticator); -MAKE_FULL_ENCODER(encode_krb5_ticket, ticket); -MAKE_FULL_ENCODER(encode_krb5_encryption_key, encryption_key); -MAKE_FULL_ENCODER(encode_krb5_enc_tkt_part, enc_tkt_part); +MAKE_ENCODER(encode_krb5_authenticator, authenticator); +MAKE_ENCODER(encode_krb5_ticket, ticket); +MAKE_ENCODER(encode_krb5_encryption_key, encryption_key); +MAKE_ENCODER(encode_krb5_enc_tkt_part, enc_tkt_part); /* XXX We currently (for backwards compatibility) encode both EncASRepPart and EncTGSRepPart with application tag 26. */ -MAKE_FULL_ENCODER(encode_krb5_enc_kdc_rep_part, enc_tgs_rep_part); -MAKE_FULL_ENCODER(encode_krb5_as_rep, as_rep); -MAKE_FULL_ENCODER(encode_krb5_tgs_rep, tgs_rep); -MAKE_FULL_ENCODER(encode_krb5_ap_req, ap_req); -MAKE_FULL_ENCODER(encode_krb5_ap_rep, ap_rep); -MAKE_FULL_ENCODER(encode_krb5_ap_rep_enc_part, ap_rep_enc_part); -MAKE_FULL_ENCODER(encode_krb5_as_req, as_req); -MAKE_FULL_ENCODER(encode_krb5_tgs_req, tgs_req); -MAKE_FULL_ENCODER(encode_krb5_kdc_req_body, kdc_req_body); -MAKE_FULL_ENCODER(encode_krb5_safe, krb5_safe); +MAKE_ENCODER(encode_krb5_enc_kdc_rep_part, enc_tgs_rep_part); +MAKE_ENCODER(encode_krb5_as_rep, as_rep); +MAKE_ENCODER(encode_krb5_tgs_rep, tgs_rep); +MAKE_ENCODER(encode_krb5_ap_req, ap_req); +MAKE_ENCODER(encode_krb5_ap_rep, ap_rep); +MAKE_ENCODER(encode_krb5_ap_rep_enc_part, ap_rep_enc_part); +MAKE_ENCODER(encode_krb5_as_req, as_req); +MAKE_ENCODER(encode_krb5_tgs_req, tgs_req); +MAKE_ENCODER(encode_krb5_kdc_req_body, kdc_req_body); +MAKE_ENCODER(encode_krb5_safe, safe); /* * encode_krb5_safe_with_body @@ -1160,44 +1160,42 @@ MAKE_FULL_ENCODER(encode_krb5_safe, krb5_safe); * Like encode_krb5_safe(), except takes a saved KRB-SAFE-BODY * encoding to avoid problems with re-encoding. */ -MAKE_FULL_ENCODER(encode_krb5_safe_with_body, krb5_safe_with_body); - -MAKE_FULL_ENCODER(encode_krb5_priv, krb5_priv); -MAKE_FULL_ENCODER(encode_krb5_enc_priv_part, priv_enc_part); -MAKE_FULL_ENCODER(encode_krb5_checksum, checksum); - -MAKE_FULL_ENCODER(encode_krb5_cred, krb5_cred); -MAKE_FULL_ENCODER(encode_krb5_enc_cred_part, enc_cred_part); -MAKE_FULL_ENCODER(encode_krb5_error, krb5_error); -MAKE_FULL_ENCODER(encode_krb5_authdata, auth_data); -MAKE_FULL_ENCODER(encode_krb5_etype_info, etype_info); -MAKE_FULL_ENCODER(encode_krb5_etype_info2, etype_info2); -MAKE_FULL_ENCODER(encode_krb5_enc_data, encrypted_data); -MAKE_FULL_ENCODER(encode_krb5_pa_enc_ts, pa_enc_ts); -MAKE_FULL_ENCODER(encode_krb5_padata_sequence, seqof_pa_data); +MAKE_ENCODER(encode_krb5_safe_with_body, safe_with_body); + +MAKE_ENCODER(encode_krb5_priv, priv); +MAKE_ENCODER(encode_krb5_enc_priv_part, priv_enc_part); +MAKE_ENCODER(encode_krb5_checksum, checksum); + +MAKE_ENCODER(encode_krb5_cred, krb5_cred); +MAKE_ENCODER(encode_krb5_enc_cred_part, enc_cred_part); +MAKE_ENCODER(encode_krb5_error, krb5_error); +MAKE_ENCODER(encode_krb5_authdata, auth_data); +MAKE_ENCODER(encode_krb5_etype_info, etype_info); +MAKE_ENCODER(encode_krb5_etype_info2, etype_info2); +MAKE_ENCODER(encode_krb5_enc_data, encrypted_data); +MAKE_ENCODER(encode_krb5_pa_enc_ts, pa_enc_ts); +MAKE_ENCODER(encode_krb5_padata_sequence, seqof_pa_data); /* sam preauth additions */ -MAKE_FULL_ENCODER(encode_krb5_sam_challenge_2, sam_challenge_2); -MAKE_FULL_ENCODER(encode_krb5_sam_challenge_2_body, - sam_challenge_2_body); -MAKE_FULL_ENCODER(encode_krb5_enc_sam_response_enc_2, - enc_sam_response_enc_2); -MAKE_FULL_ENCODER(encode_krb5_sam_response_2, sam_response_2); -MAKE_FULL_ENCODER(encode_krb5_setpw_req, setpw_req); -MAKE_FULL_ENCODER(encode_krb5_pa_for_user, pa_for_user); -MAKE_FULL_ENCODER(encode_krb5_s4u_userid, s4u_userid); -MAKE_FULL_ENCODER(encode_krb5_pa_s4u_x509_user, pa_s4u_x509_user); -MAKE_FULL_ENCODER(encode_krb5_etype_list, etype_list); - -MAKE_FULL_ENCODER(encode_krb5_pa_fx_fast_request, pa_fx_fast_request); -MAKE_FULL_ENCODER( encode_krb5_fast_req, fast_req); -MAKE_FULL_ENCODER( encode_krb5_pa_fx_fast_reply, pa_fx_fast_reply); -MAKE_FULL_ENCODER(encode_krb5_fast_response, fast_response); - -MAKE_FULL_ENCODER(encode_krb5_ad_kdcissued, ad_kdc_issued); -MAKE_FULL_ENCODER(encode_krb5_ad_signedpath_data, ad_signedpath_data); -MAKE_FULL_ENCODER(encode_krb5_ad_signedpath, ad_signedpath); -MAKE_FULL_ENCODER(encode_krb5_iakerb_header, iakerb_header); -MAKE_FULL_ENCODER(encode_krb5_iakerb_finished, iakerb_finished); +MAKE_ENCODER(encode_krb5_sam_challenge_2, sam_challenge_2); +MAKE_ENCODER(encode_krb5_sam_challenge_2_body, sam_challenge_2_body); +MAKE_ENCODER(encode_krb5_enc_sam_response_enc_2, enc_sam_response_enc_2); +MAKE_ENCODER(encode_krb5_sam_response_2, sam_response_2); +MAKE_ENCODER(encode_krb5_setpw_req, setpw_req); +MAKE_ENCODER(encode_krb5_pa_for_user, pa_for_user); +MAKE_ENCODER(encode_krb5_s4u_userid, s4u_userid); +MAKE_ENCODER(encode_krb5_pa_s4u_x509_user, pa_s4u_x509_user); +MAKE_ENCODER(encode_krb5_etype_list, etype_list); + +MAKE_ENCODER(encode_krb5_pa_fx_fast_request, pa_fx_fast_request); +MAKE_ENCODER(encode_krb5_fast_req, fast_req); +MAKE_ENCODER(encode_krb5_pa_fx_fast_reply, pa_fx_fast_reply); +MAKE_ENCODER(encode_krb5_fast_response, fast_response); + +MAKE_ENCODER(encode_krb5_ad_kdcissued, ad_kdc_issued); +MAKE_ENCODER(encode_krb5_ad_signedpath_data, ad_signedpath_data); +MAKE_ENCODER(encode_krb5_ad_signedpath, ad_signedpath); +MAKE_ENCODER(encode_krb5_iakerb_header, iakerb_header); +MAKE_ENCODER(encode_krb5_iakerb_finished, iakerb_finished); /* * PKINIT @@ -1206,7 +1204,7 @@ MAKE_FULL_ENCODER(encode_krb5_iakerb_finished, iakerb_finished); #ifndef DISABLE_PKINIT DEFCOUNTEDSTRINGTYPE(object_identifier, char *, unsigned int, - asn1_encode_bytestring, ASN1_OBJECTIDENTIFIER); + k5_asn1_encode_bytestring, ASN1_OBJECTIDENTIFIER); DEFCOUNTEDTYPE(oid_data, krb5_data, data, length, object_identifier); DEFPTRTYPE(oid_data_ptr, oid_data); @@ -1275,8 +1273,8 @@ static const struct atype_info *pkinit_supp_pub_info_fields[] = { DEFSEQTYPE(pkinit_supp_pub_info, krb5_pkinit_supp_pub_info, pkinit_supp_pub_info_fields, NULL); -MAKE_FULL_ENCODER(encode_krb5_pkinit_supp_pub_info, pkinit_supp_pub_info); -MAKE_FULL_ENCODER(encode_krb5_sp80056a_other_info, sp80056a_other_info); +MAKE_ENCODER(encode_krb5_pkinit_supp_pub_info, pkinit_supp_pub_info); +MAKE_ENCODER(encode_krb5_sp80056a_other_info, sp80056a_other_info); /* A krb5_checksum encoded as an OCTET STRING, for PKAuthenticator. */ DEFCOUNTEDTYPE(ostring_checksum, krb5_checksum, contents, length, octetstring); @@ -1306,8 +1304,8 @@ static const struct atype_info *pk_authenticator_draft9_fields[] = { DEFSEQTYPE(pk_authenticator_draft9, krb5_pk_authenticator_draft9, pk_authenticator_draft9_fields, NULL); -DEFCOUNTEDSTRINGTYPE(s_bitstring, char *, unsigned int, asn1_encode_bitstring, - ASN1_BITSTRING); +DEFCOUNTEDSTRINGTYPE(s_bitstring, char *, unsigned int, + k5_asn1_encode_bitstring, ASN1_BITSTRING); DEFCOUNTEDTYPE(bitstring_data, krb5_data, data, length, s_bitstring); /* RFC 3280. No context tags. */ @@ -1535,18 +1533,18 @@ DEFCHOICETYPE(pa_pk_as_rep_draft9_choice, DEFCOUNTEDTYPE_SIGNED(pa_pk_as_rep_draft9, krb5_pa_pk_as_rep_draft9, u, choice, pa_pk_as_rep_draft9_choice); -MAKE_FULL_ENCODER(encode_krb5_pa_pk_as_req, pa_pk_as_req); -MAKE_FULL_ENCODER(encode_krb5_pa_pk_as_req_draft9, pa_pk_as_req_draft9); -MAKE_FULL_ENCODER(encode_krb5_pa_pk_as_rep, pa_pk_as_rep); -MAKE_FULL_ENCODER(encode_krb5_pa_pk_as_rep_draft9, pa_pk_as_rep_draft9); -MAKE_FULL_ENCODER(encode_krb5_auth_pack, auth_pack); -MAKE_FULL_ENCODER(encode_krb5_auth_pack_draft9, auth_pack_draft9); -MAKE_FULL_ENCODER(encode_krb5_kdc_dh_key_info, kdc_dh_key_info); -MAKE_FULL_ENCODER(encode_krb5_reply_key_pack, reply_key_pack); -MAKE_FULL_ENCODER(encode_krb5_reply_key_pack_draft9, reply_key_pack_draft9); -MAKE_FULL_ENCODER(encode_krb5_td_trusted_certifiers, - seqof_external_principal_identifier); -MAKE_FULL_ENCODER(encode_krb5_td_dh_parameters, seqof_algorithm_identifier); +MAKE_ENCODER(encode_krb5_pa_pk_as_req, pa_pk_as_req); +MAKE_ENCODER(encode_krb5_pa_pk_as_req_draft9, pa_pk_as_req_draft9); +MAKE_ENCODER(encode_krb5_pa_pk_as_rep, pa_pk_as_rep); +MAKE_ENCODER(encode_krb5_pa_pk_as_rep_draft9, pa_pk_as_rep_draft9); +MAKE_ENCODER(encode_krb5_auth_pack, auth_pack); +MAKE_ENCODER(encode_krb5_auth_pack_draft9, auth_pack_draft9); +MAKE_ENCODER(encode_krb5_kdc_dh_key_info, kdc_dh_key_info); +MAKE_ENCODER(encode_krb5_reply_key_pack, reply_key_pack); +MAKE_ENCODER(encode_krb5_reply_key_pack_draft9, reply_key_pack_draft9); +MAKE_ENCODER(encode_krb5_td_trusted_certifiers, + seqof_external_principal_identifier); +MAKE_ENCODER(encode_krb5_td_dh_parameters, seqof_algorithm_identifier); #else /* DISABLE_PKINIT */ @@ -1577,4 +1575,4 @@ DEFSEQTYPE(typed_data, krb5_pa_data, typed_data_fields, NULL); DEFPTRTYPE(typed_data_ptr, typed_data); DEFNULLTERMSEQOFTYPE(seqof_typed_data, typed_data_ptr); -MAKE_FULL_ENCODER(encode_krb5_typed_data, seqof_typed_data); +MAKE_ENCODER(encode_krb5_typed_data, seqof_typed_data); diff --git a/src/lib/krb5/asn.1/ldap_key_seq.c b/src/lib/krb5/asn.1/ldap_key_seq.c index cdcd4c7a1..2c34091e4 100644 --- a/src/lib/krb5/asn.1/ldap_key_seq.c +++ b/src/lib/krb5/asn.1/ldap_key_seq.c @@ -55,7 +55,7 @@ IMPORT_TYPE(int32, krb5_int32); DEFINTTYPE(int16, krb5_int16); DEFCOUNTEDSTRINGTYPE(ui2_octetstring, unsigned char *, krb5_ui_2, - asn1_encode_bytestring, ASN1_OCTETSTRING); + k5_asn1_encode_bytestring, ASN1_OCTETSTRING); DEFFIELD(krbsalt_0, krb5_key_data, key_data_type[1], 0, int16); DEFCNFIELD(krbsalt_1, krb5_key_data, key_data_contents[1], key_data_length[1], @@ -112,7 +112,7 @@ static const struct atype_info *ldap_key_seq_fields[] = { DEFSEQTYPE(ldap_key_seq, ldap_seqof_key_data, ldap_key_seq_fields, NULL); /* Export a function to do the whole encoding. */ -MAKE_FULL_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq); +MAKE_ENCODER(krb5int_ldap_encode_sequence_of_keys, ldap_key_seq); /************************************************************************/ /* Decode the Principal's keys */ -- 2.26.2