Skip to content

openssl compat: fix ASN1_STRING_{length,get0_data} for ASN1_INTEGER #10089

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
douzzer merged 2 commits into from
Mar 31, 2026
+76 −0
Merged

openssl compat: fix ASN1_STRING_{length,get0_data} for ASN1_INTEGER #10089

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0f30790
openssl compat: fix ASN1_STRING_{length,get0_data} for ASN1_INTEGER
julek-wolfssl Mar 27, 2026
22717a4
Address copilot feedback
lealem47 Mar 27, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 54 additions & 0 deletions src/ssl_asn1.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1000,6 +1000,60 @@ void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in)
XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL);
}

/* Get the length of the raw integer value bytes, stripping the DER tag/length
* header if present. Required for OpenSSL compatibility where ASN1_INTEGER is
* typedef'd to ASN1_STRING and callers use ASN1_STRING_length() on integers.
*
* @param [in] ai ASN.1 INTEGER object.
Comment thread
lealem47 marked this conversation as resolved.
* @return Length of the raw integer value on success.
* @return 0 when ai is NULL or data is invalid.
*/
int wolfSSL_ASN1_INTEGER_get_length(const WOLFSSL_ASN1_INTEGER* ai)
{
if (ai == NULL || ai->data == NULL || ai->length <= 0) {
return 0;
}
if (ai->data[0] == ASN_INTEGER) {
word32 idx = 1;
int len = 0;
if (GetLength(ai->data, &idx, &len, (word32)ai->length) > 0 &&
idx + (word32)len == (word32)ai->length) {
return len;
Comment thread
lealem47 marked this conversation as resolved.
}
}
/* WOLFSSL_QT / WOLFSSL_HAPROXY format: raw bytes without DER header,
* or data that coincidentally starts with 0x02 but whose header+value
* boundaries do not span exactly ai->length. */
return ai->length;
}

/* Get a pointer to the raw integer value bytes, skipping the DER tag/length
* header if present. Required for OpenSSL compatibility where ASN1_INTEGER is
* typedef'd to ASN1_STRING and callers use ASN1_STRING_get0_data() on integers.
*
* @param [in] ai ASN.1 INTEGER object.
* @return Pointer to the raw integer value bytes on success.
* @return NULL when ai is NULL or data is invalid.
*/
const unsigned char* wolfSSL_ASN1_INTEGER_get0_data(const WOLFSSL_ASN1_INTEGER* ai)
{
if (ai == NULL || ai->data == NULL || ai->length <= 0) {
return NULL;
}
if (ai->data[0] == ASN_INTEGER) {
word32 idx = 1;
int len = 0;
if (GetLength(ai->data, &idx, &len, (word32)ai->length) > 0 &&
idx + (word32)len == (word32)ai->length) {
return ai->data + idx;
Comment thread
lealem47 marked this conversation as resolved.
}
}
/* WOLFSSL_QT / WOLFSSL_HAPROXY format: raw bytes without DER header,
* or data that coincidentally starts with 0x02 but whose header+value
* boundaries do not span exactly ai->length. */
return ai->data;
}

#if defined(OPENSSL_EXTRA)
/* Reset the data of ASN.1 INTEGER object back to empty fixed array.
*
Expand Down
19 changes: 19 additions & 0 deletions wolfssl/openssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1022,8 +1022,27 @@ wolfSSL_X509_STORE_set_verify_cb((WOLFSSL_X509_STORE *)(s), (WOLFSSL_X509_STORE_
#define ASN1_STRING_cmp wolfSSL_ASN1_STRING_cmp
#define ASN1_OCTET_STRING_cmp wolfSSL_ASN1_STRING_cmp
#define ASN1_STRING_data wolfSSL_ASN1_STRING_data
/* In OpenSSL, ASN1_INTEGER is a typedef alias of ASN1_STRING (same struct),
* so ASN1_STRING_length/get0_data work on ASN1_INTEGER* as well.
* In wolfSSL they are distinct structs, so dispatch by type using _Generic. */
#if !defined(__cplusplus) && defined(__STDC_VERSION__) && \
__STDC_VERSION__ >= 201112L
Comment thread
lealem47 marked this conversation as resolved.
#define ASN1_STRING_length(x) \
_Generic((x), \
WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get_length, \
const WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get_length, \
default: wolfSSL_ASN1_STRING_length \
)(x)
#define ASN1_STRING_get0_data(x) \
_Generic((x), \
WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get0_data, \
const WOLFSSL_ASN1_INTEGER*: wolfSSL_ASN1_INTEGER_get0_data, \
default: wolfSSL_ASN1_STRING_get0_data \
)(x)
#else
#define ASN1_STRING_get0_data wolfSSL_ASN1_STRING_get0_data
#define ASN1_STRING_length wolfSSL_ASN1_STRING_length
#endif
#define ASN1_STRING_to_UTF8 wolfSSL_ASN1_STRING_to_UTF8
#define ASN1_UNIVERSALSTRING_to_string wolfSSL_ASN1_UNIVERSALSTRING_to_string
#define ASN1_STRING_print_ex wolfSSL_ASN1_STRING_print_ex
Expand Down
3 changes: 3 additions & 0 deletions wolfssl/ssl.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2356,6 +2356,9 @@ WOLFSSL_API unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn);
WOLFSSL_API const unsigned char* wolfSSL_ASN1_STRING_get0_data(
const WOLFSSL_ASN1_STRING* asn);
WOLFSSL_API int wolfSSL_ASN1_STRING_length(const WOLFSSL_ASN1_STRING* asn);
WOLFSSL_API int wolfSSL_ASN1_INTEGER_get_length(const WOLFSSL_ASN1_INTEGER* ai);
WOLFSSL_API const unsigned char* wolfSSL_ASN1_INTEGER_get0_data(
const WOLFSSL_ASN1_INTEGER* ai);
WOLFSSL_API int wolfSSL_ASN1_STRING_copy(WOLFSSL_ASN1_STRING* dst,
const WOLFSSL_ASN1_STRING* src);
WOLFSSL_API int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx);
Expand Down
Loading