/src/boringssl/crypto/asn1/asn1_lib.cc

Source
// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     https://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

#include <openssl/asn1.h>

#include <limits.h>
#include <string.h>

#include <openssl/bytestring.h>
#include <openssl/err.h>
#include <openssl/mem.h>

#include "../internal.h"
#include "../mem_internal.h"
#include "internal.h"


using namespace bssl;

// Cross-module errors from crypto/x509/i2d_pr.c.
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE)

// Cross-module errors from crypto/x509/algorithm.c.
OPENSSL_DECLARE_ERROR_REASON(ASN1, CONTEXT_NOT_INITIALISED)
OPENSSL_DECLARE_ERROR_REASON(ASN1, DIGEST_AND_KEY_TYPE_NOT_SUPPORTED)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_MESSAGE_DIGEST_ALGORITHM)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_SIGNATURE_ALGORITHM)
OPENSSL_DECLARE_ERROR_REASON(ASN1, WRONG_PUBLIC_KEY_TYPE)
// Cross-module errors from crypto/x509/asn1_gen.c. TODO(davidben): Remove
// these once asn1_gen.c is gone.
OPENSSL_DECLARE_ERROR_REASON(ASN1, DEPTH_EXCEEDED)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BITSTRING_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BOOLEAN)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_HEX)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_IMPLICIT_TAG)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_INTEGER)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NESTED_TAGGING)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NULL_VALUE)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_OBJECT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_TIME_VALUE)
OPENSSL_DECLARE_ERROR_REASON(ASN1, INTEGER_NOT_ASCII_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_MODIFIER)
OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_NUMBER)
OPENSSL_DECLARE_ERROR_REASON(ASN1, LIST_ERROR)
OPENSSL_DECLARE_ERROR_REASON(ASN1, MISSING_VALUE)
OPENSSL_DECLARE_ERROR_REASON(ASN1, NOT_ASCII_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, OBJECT_NOT_ASCII_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, SEQUENCE_OR_SET_NEEDS_CONFIG)
OPENSSL_DECLARE_ERROR_REASON(ASN1, TIME_NOT_ASCII_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_FORMAT)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_TAG)
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_TYPE)

// Limit |ASN1_STRING|s to 64 MiB of data. Most of this module, as well as
// downstream code, does not correctly handle overflow. We cap string fields
// more tightly than strictly necessary to fit in |int|. This is not expected to
// impact real world uses of this field.
//
// In particular, this limit is small enough that the bit count of a BIT STRING
// comfortably fits in an |int|, with room for arithmetic.
#define ASN1_STRING_MAX (64 * 1024 * 1024)

static void asn1_put_length(unsigned char **pp, int length);

int ASN1_get_object(const unsigned char **inp, long *out_len, int *out_tag,
                    int *out_class, long in_len) {
  if (in_len < 0) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
    return 0x80;
  }

  CBS_ASN1_TAG tag;
  CBS cbs, body;
  CBS_init(&cbs, *inp, (size_t)in_len);
  if (!CBS_get_any_asn1(&cbs, &body, &tag) ||
      // Bound the length to comfortably fit in an int. Lengths in this
      // module often switch between int and long without overflow checks.
      CBS_len(&body) > INT_MAX / 2) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
    return 0x80;
  }

  // Convert between tag representations.
  int tag_class = (tag & CBS_ASN1_CLASS_MASK) >> CBS_ASN1_TAG_SHIFT;
  int constructed = (tag & CBS_ASN1_CONSTRUCTED) >> CBS_ASN1_TAG_SHIFT;
  int tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK;

  // To avoid ambiguity with V_ASN1_NEG, impose a limit on universal tags.
  if (tag_class == V_ASN1_UNIVERSAL && tag_number > V_ASN1_MAX_UNIVERSAL) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
    return 0x80;
  }

  *inp = CBS_data(&body);
  *out_len = CBS_len(&body);
  *out_tag = tag_number;
  *out_class = tag_class;
  return constructed;
}

// class 0 is constructed constructed == 2 for indefinite length constructed
void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
                     int xclass) {
  unsigned char *p = *pp;
  int i, ttag;

  i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
  i |= (xclass & V_ASN1_PRIVATE);
  if (tag < 31) {
    *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
  } else {
    *(p++) = i | V_ASN1_PRIMITIVE_TAG;
    for (i = 0, ttag = tag; ttag > 0; i++) {
      ttag >>= 7;
    }
    ttag = i;
    while (i-- > 0) {
      p[i] = tag & 0x7f;
      if (i != (ttag - 1)) {
        p[i] |= 0x80;
      }
      tag >>= 7;
    }
    p += ttag;
  }
  if (constructed == 2) {
    *(p++) = 0x80;
  } else {
    asn1_put_length(&p, length);
  }
  *pp = p;
}

int ASN1_put_eoc(unsigned char **pp) {
  // This function is no longer used in the library, but some external code
  // uses it.
  unsigned char *p = *pp;
  *p++ = 0;
  *p++ = 0;
  *pp = p;
  return 2;
}

static void asn1_put_length(unsigned char **pp, int length) {
  unsigned char *p = *pp;
  int i, l;
  if (length <= 127) {
    *(p++) = (unsigned char)length;
  } else {
    l = length;
    for (i = 0; l > 0; i++) {
      l >>= 8;
    }
    *(p++) = i | 0x80;
    l = i;
    while (i-- > 0) {
      p[i] = length & 0xff;
      length >>= 8;
    }
    p += l;
  }
  *pp = p;
}

int ASN1_object_size(int constructed, int length, int tag) {
  int ret = 1;
  if (length < 0) {
    return -1;
  }
  if (tag >= 31) {
    while (tag > 0) {
      tag >>= 7;
      ret++;
    }
  }
  if (constructed == 2) {
    ret += 3;
  } else {
    ret++;
    if (length > 127) {
      int tmplen = length;
      while (tmplen > 0) {
        tmplen >>= 8;
        ret++;
      }
    }
  }
  if (ret >= INT_MAX - length) {
    return -1;
  }
  return ret + length;
}

int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) {
  if (str == nullptr) {
    return 0;
  }
  if (dst == str) {
    return 1;
  }
  if (!ASN1_STRING_set(dst, str->data, str->length)) {
    return 0;
  }
  dst->type = str->type;
  dst->flags = str->flags;
  return 1;
}

ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) {
  ASN1_STRING *ret;
  if (!str) {
    return nullptr;
  }
  ret = ASN1_STRING_new();
  if (!ret) {
    return nullptr;
  }
  if (!ASN1_STRING_copy(ret, str)) {
    ASN1_STRING_free(ret);
    return nullptr;
  }
  return ret;
}

int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) {
  const char *data = reinterpret_cast<const char *>(_data);
  size_t len;
  if (len_s < 0) {
    if (data == nullptr) {
      return 0;
    }
    len = strlen(data);
  } else {
    len = (size_t)len_s;
  }

  static_assert(ASN1_STRING_MAX < INT_MAX, "len will not overflow int");
  if (len > ASN1_STRING_MAX) {
    OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
    return 0;
  }

  if (str->length <= (int)len || str->data == nullptr) {
    unsigned char *c = str->data;
    if (c == nullptr) {
      str->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
    } else {
      str->data = reinterpret_cast<uint8_t *>(OPENSSL_realloc(c, len + 1));
    }

    if (str->data == nullptr) {
      str->data = c;
      return 0;
    }
  }
  str->length = (int)len;
  if (data != nullptr) {
    OPENSSL_memcpy(str->data, data, len);
    // Historically, OpenSSL would NUL-terminate most (but not all)
    // |ASN1_STRING|s, in case anyone accidentally passed |str->data| into a
    // function expecting a C string. We retain this behavior for compatibility,
    // but code must not rely on this. See CVE-2021-3712.
    str->data[len] = '\0';
  }
  return 1;
}

void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) {
  OPENSSL_free(str->data);
  str->data = reinterpret_cast<uint8_t *>(data);
  str->length = len;
}

ASN1_STRING *ASN1_STRING_new() {
  return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
}

ASN1_STRING *ASN1_STRING_type_new(int type) {
  ASN1_STRING *ret = New<ASN1_STRING>();
  if (ret == nullptr) {
    return nullptr;
  }
  ret->length = 0;
  ret->type = type;
  ret->data = nullptr;
  ret->flags = 0;
  return ret;
}

void bssl::asn1_string_init(ASN1_STRING *str, int type) {
  OPENSSL_memset(str, 0, sizeof(ASN1_STRING));
  str->type = type;
}

void bssl::asn1_string_cleanup(ASN1_STRING *str) {
  OPENSSL_free(str->data);
  str->data = nullptr;
}

void ASN1_STRING_free(ASN1_STRING *str) {
  if (str == nullptr) {
    return;
  }
  asn1_string_cleanup(str);
  Delete(str);
}

int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) {
  // Capture padding bits and implicit truncation in BIT STRINGs.
  int a_length = a->length, b_length = b->length;
  uint8_t a_padding = 0, b_padding = 0;
  if (a->type == V_ASN1_BIT_STRING) {
    a_length = asn1_bit_string_length(a, &a_padding);
  }
  if (b->type == V_ASN1_BIT_STRING) {
    b_length = asn1_bit_string_length(b, &b_padding);
  }

  if (a_length < b_length) {
    return -1;
  }
  if (a_length > b_length) {
    return 1;
  }
  // In a BIT STRING, the number of bits is 8 * length - padding. Invert this
  // comparison so we compare by lengths.
  if (a_padding > b_padding) {
    return -1;
  }
  if (a_padding < b_padding) {
    return 1;
  }

  int ret = OPENSSL_memcmp(a->data, b->data, a_length);
  if (ret != 0) {
    return ret;
  }

  // Comparing the type first is more natural, but this matches OpenSSL.
  if (a->type < b->type) {
    return -1;
  }
  if (a->type > b->type) {
    return 1;
  }
  return 0;
}

int ASN1_STRING_length(const ASN1_STRING *str) { return str->length; }

int ASN1_STRING_type(const ASN1_STRING *str) { return str->type; }

unsigned char *ASN1_STRING_data(ASN1_STRING *str) { return str->data; }

const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *str) {
  return str->data;
}

int bssl::asn1_parse_octet_string(CBS *cbs, ASN1_STRING *out,
                                  CBS_ASN1_TAG tag) {
  tag = tag == 0 ? CBS_ASN1_OCTETSTRING : tag;
  CBS child;
  if (!CBS_get_asn1(cbs, &child, tag)) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
    return 0;
  }
  if (!ASN1_STRING_set(out, CBS_data(&child), CBS_len(&child))) {
    return 0;
  }
  out->type = V_ASN1_OCTET_STRING;
  return 1;
}

int bssl::asn1_marshal_octet_string(CBB *out, const ASN1_STRING *in,
                                    CBS_ASN1_TAG tag) {
  tag = tag == 0 ? CBS_ASN1_OCTETSTRING : tag;
  return CBB_add_asn1_element(out, tag, ASN1_STRING_get0_data(in),
                              ASN1_STRING_length(in));
}

static int asn1_parse_character_string(CBS *cbs, ASN1_STRING *out,
                                       CBS_ASN1_TAG tag, int str_type,
                                       int (*get_char)(CBS *cbs, uint32_t *),
                                       int bad_char_err) {
  CBS child;
  if (!CBS_get_asn1(cbs, &child, tag)) {
    OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
    return 0;
  }
  CBS copy = child;
  while (CBS_len(&copy) != 0) {
    uint32_t c;
    if (!get_char(&copy, &c)) {
      OPENSSL_PUT_ERROR(ASN1, bad_char_err);
      return 0;
    }
  }
  if (!ASN1_STRING_set(out, CBS_data(&child), CBS_len(&child))) {
    return 0;
  }
  out->type = str_type;
  return 1;
}

int bssl::asn1_parse_bmp_string(CBS *cbs, ASN1_BMPSTRING *out,
                                CBS_ASN1_TAG tag) {
  tag = tag == 0 ? CBS_ASN1_BMPSTRING : tag;
  return asn1_parse_character_string(cbs, out, tag, V_ASN1_BMPSTRING,
                                     &CBS_get_ucs2_be,
                                     ASN1_R_INVALID_BMPSTRING);
}

int bssl::asn1_parse_universal_string(CBS *cbs, ASN1_UNIVERSALSTRING *out,
                                      CBS_ASN1_TAG tag) {
  tag = tag == 0 ? CBS_ASN1_UNIVERSALSTRING : tag;
  return asn1_parse_character_string(cbs, out, tag, V_ASN1_UNIVERSALSTRING,
                                     &CBS_get_utf32_be,
                                     ASN1_R_INVALID_UNIVERSALSTRING);
}

int bssl::asn1_parse_utf8_string(CBS *cbs, ASN1_UNIVERSALSTRING *out,
                                 CBS_ASN1_TAG tag) {
  tag = tag == 0 ? CBS_ASN1_UTF8STRING : tag;
  return asn1_parse_character_string(cbs, out, tag, V_ASN1_UTF8STRING,
                                     &CBS_get_utf8, ASN1_R_INVALID_UTF8STRING);
}

Coverage Report

Created: 2026-03-19 06:22

Line	Count	Source
1		// Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2		//
3		// Licensed under the Apache License, Version 2.0 (the "License");
4		// you may not use this file except in compliance with the License.
5		// You may obtain a copy of the License at
6		//
7		// https://www.apache.org/licenses/LICENSE-2.0
8		//
9		// Unless required by applicable law or agreed to in writing, software
10		// distributed under the License is distributed on an "AS IS" BASIS,
11		// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12		// See the License for the specific language governing permissions and
13		// limitations under the License.
14
15		#include <openssl/asn1.h>
16
17		#include <limits.h>
18		#include <string.h>
19
20		#include <openssl/bytestring.h>
21		#include <openssl/err.h>
22		#include <openssl/mem.h>
23
24		#include "../internal.h"
25		#include "../mem_internal.h"
26		#include "internal.h"
27
28
29		using namespace bssl;
30
31		// Cross-module errors from crypto/x509/i2d_pr.c.
32		OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE)
33
34		// Cross-module errors from crypto/x509/algorithm.c.
35		OPENSSL_DECLARE_ERROR_REASON(ASN1, CONTEXT_NOT_INITIALISED)
36		OPENSSL_DECLARE_ERROR_REASON(ASN1, DIGEST_AND_KEY_TYPE_NOT_SUPPORTED)
37		OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_MESSAGE_DIGEST_ALGORITHM)
38		OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_SIGNATURE_ALGORITHM)
39		OPENSSL_DECLARE_ERROR_REASON(ASN1, WRONG_PUBLIC_KEY_TYPE)
40		// Cross-module errors from crypto/x509/asn1_gen.c. TODO(davidben): Remove
41		// these once asn1_gen.c is gone.
42		OPENSSL_DECLARE_ERROR_REASON(ASN1, DEPTH_EXCEEDED)
43		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BITSTRING_FORMAT)
44		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BOOLEAN)
45		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_FORMAT)
46		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_HEX)
47		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_IMPLICIT_TAG)
48		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_INTEGER)
49		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NESTED_TAGGING)
50		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NULL_VALUE)
51		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_OBJECT)
52		OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_TIME_VALUE)
53		OPENSSL_DECLARE_ERROR_REASON(ASN1, INTEGER_NOT_ASCII_FORMAT)
54		OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_MODIFIER)
55		OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_NUMBER)
56		OPENSSL_DECLARE_ERROR_REASON(ASN1, LIST_ERROR)
57		OPENSSL_DECLARE_ERROR_REASON(ASN1, MISSING_VALUE)
58		OPENSSL_DECLARE_ERROR_REASON(ASN1, NOT_ASCII_FORMAT)
59		OPENSSL_DECLARE_ERROR_REASON(ASN1, OBJECT_NOT_ASCII_FORMAT)
60		OPENSSL_DECLARE_ERROR_REASON(ASN1, SEQUENCE_OR_SET_NEEDS_CONFIG)
61		OPENSSL_DECLARE_ERROR_REASON(ASN1, TIME_NOT_ASCII_FORMAT)
62		OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_FORMAT)
63		OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_TAG)
64		OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_TYPE)
65
66		// Limit \|ASN1_STRING\|s to 64 MiB of data. Most of this module, as well as
67		// downstream code, does not correctly handle overflow. We cap string fields
68		// more tightly than strictly necessary to fit in \|int\|. This is not expected to
69		// impact real world uses of this field.
70		//
71		// In particular, this limit is small enough that the bit count of a BIT STRING
72		// comfortably fits in an \|int\|, with room for arithmetic.
73	2.37M	#define ASN1_STRING_MAX (64 * 1024 * 1024)
74
75		static void asn1_put_length(unsigned char **pp, int length);
76
77		int ASN1_get_object(const unsigned char *inp, long out_len, int *out_tag,
78	1.26M	int *out_class, long in_len) {
79	1.26M	if (in_len < 0) {
80	0	OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
81	0	return 0x80;
82	0	}
83
84	1.26M	CBS_ASN1_TAG tag;
85	1.26M	CBS cbs, body;
86	1.26M	CBS_init(&cbs, *inp, (size_t)in_len);
87	1.26M	if (!CBS_get_any_asn1(&cbs, &body, &tag) \|\|
88		// Bound the length to comfortably fit in an int. Lengths in this
89		// module often switch between int and long without overflow checks.
90	1.26M	CBS_len(&body) > INT_MAX / 2) {
91	4.35k	OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
92	4.35k	return 0x80;
93	4.35k	}
94
95		// Convert between tag representations.
96	1.26M	int tag_class = (tag & CBS_ASN1_CLASS_MASK) >> CBS_ASN1_TAG_SHIFT;
97	1.26M	int constructed = (tag & CBS_ASN1_CONSTRUCTED) >> CBS_ASN1_TAG_SHIFT;
98	1.26M	int tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK;
99
100		// To avoid ambiguity with V_ASN1_NEG, impose a limit on universal tags.
101	1.26M	if (tag_class == V_ASN1_UNIVERSAL && tag_number > V_ASN1_MAX_UNIVERSAL) {
102	118	OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
103	118	return 0x80;
104	118	}
105
106	1.26M	*inp = CBS_data(&body);
107	1.26M	*out_len = CBS_len(&body);
108	1.26M	*out_tag = tag_number;
109	1.26M	*out_class = tag_class;
110	1.26M	return constructed;
111	1.26M	}
112
113		// class 0 is constructed constructed == 2 for indefinite length constructed
114		void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
115	540k	int xclass) {
116	540k	unsigned char p = pp;
117	540k	int i, ttag;
118
119	540k	i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
120	540k	i \|= (xclass & V_ASN1_PRIVATE);
121	540k	if (tag < 31) {
122	540k	*(p++) = i \| (tag & V_ASN1_PRIMITIVE_TAG);
123	540k	} else {
124	0	*(p++) = i \| V_ASN1_PRIMITIVE_TAG;
125	0	for (i = 0, ttag = tag; ttag > 0; i++) {
126	0	ttag >>= 7;
127	0	}
128	0	ttag = i;
129	0	while (i-- > 0) {
130	0	p[i] = tag & 0x7f;
131	0	if (i != (ttag - 1)) {
132	0	p[i] \|= 0x80;
133	0	}
134	0	tag >>= 7;
135	0	}
136	0	p += ttag;
137	0	}
138	540k	if (constructed == 2) {
139	0	*(p++) = 0x80;
140	540k	} else {
141	540k	asn1_put_length(&p, length);
142	540k	}
143	540k	*pp = p;
144	540k	}
145
146	0	int ASN1_put_eoc(unsigned char **pp) {
147		// This function is no longer used in the library, but some external code
148		// uses it.
149	0	unsigned char p = pp;
150	0	*p++ = 0;
151	0	*p++ = 0;
152	0	*pp = p;
153	0	return 2;
154	0	}
155
156	540k	static void asn1_put_length(unsigned char **pp, int length) {
157	540k	unsigned char p = pp;
158	540k	int i, l;
159	540k	if (length <= 127) {
160	387k	*(p++) = (unsigned char)length;
161	387k	} else {
162	153k	l = length;
163	455k	for (i = 0; l > 0; i++) {
164	302k	l >>= 8;
165	302k	}
166	153k	*(p++) = i \| 0x80;
167	153k	l = i;
168	455k	while (i-- > 0) {
169	302k	p[i] = length & 0xff;
170	302k	length >>= 8;
171	302k	}
172	153k	p += l;
173	153k	}
174	540k	*pp = p;
175	540k	}
176
177	2.28M	int ASN1_object_size(int constructed, int length, int tag) {
178	2.28M	int ret = 1;
179	2.28M	if (length < 0) {
180	0	return -1;
181	0	}
182	2.28M	if (tag >= 31) {
183	0	while (tag > 0) {
184	0	tag >>= 7;
185	0	ret++;
186	0	}
187	0	}
188	2.28M	if (constructed == 2) {
189	0	ret += 3;
190	2.28M	} else {
191	2.28M	ret++;
192	2.28M	if (length > 127) {
193	748k	int tmplen = length;
194	2.23M	while (tmplen > 0) {
195	1.48M	tmplen >>= 8;
196	1.48M	ret++;
197	1.48M	}
198	748k	}
199	2.28M	}
200	2.28M	if (ret >= INT_MAX - length) {
201	0	return -1;
202	0	}
203	2.28M	return ret + length;
204	2.28M	}
205
206	64	int ASN1_STRING_copy(ASN1_STRING dst, const ASN1_STRING str) {
207	64	if (str == nullptr) {
208	0	return 0;
209	0	}
210	64	if (dst == str) {
211	0	return 1;
212	0	}
213	64	if (!ASN1_STRING_set(dst, str->data, str->length)) {
214	0	return 0;
215	0	}
216	64	dst->type = str->type;
217	64	dst->flags = str->flags;
218	64	return 1;
219	64	}
220
221	64	ASN1_STRING ASN1_STRING_dup(const ASN1_STRING str) {
222	64	ASN1_STRING *ret;
223	64	if (!str) {
224	0	return nullptr;
225	0	}
226	64	ret = ASN1_STRING_new();
227	64	if (!ret) {
228	0	return nullptr;
229	0	}
230	64	if (!ASN1_STRING_copy(ret, str)) {
231	0	ASN1_STRING_free(ret);
232	0	return nullptr;
233	0	}
234	64	return ret;
235	64	}
236
237	2.37M	int ASN1_STRING_set(ASN1_STRING str, const void _data, ossl_ssize_t len_s) {
238	2.37M	const char data = reinterpret_cast<const char >(_data);
239	2.37M	size_t len;
240	2.37M	if (len_s < 0) {
241	0	if (data == nullptr) {
242	0	return 0;
243	0	}
244	0	len = strlen(data);
245	2.37M	} else {
246	2.37M	len = (size_t)len_s;
247	2.37M	}
248
249	2.37M	static_assert(ASN1_STRING_MAX < INT_MAX, "len will not overflow int");
250	2.37M	if (len > ASN1_STRING_MAX) {
251	0	OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
252	0	return 0;
253	0	}
254
255	2.37M	if (str->length <= (int)len \|\| str->data == nullptr) {
256	2.37M	unsigned char *c = str->data;
257	2.37M	if (c == nullptr) {
258	2.37M	str->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
259	2.37M	} else {
260	0	str->data = reinterpret_cast<uint8_t *>(OPENSSL_realloc(c, len + 1));
261	0	}
262
263	2.37M	if (str->data == nullptr) {
264	0	str->data = c;
265	0	return 0;
266	0	}
267	2.37M	}
268	2.37M	str->length = (int)len;
269	2.37M	if (data != nullptr) {
270	2.36M	OPENSSL_memcpy(str->data, data, len);
271		// Historically, OpenSSL would NUL-terminate most (but not all)
272		// \|ASN1_STRING\|s, in case anyone accidentally passed \|str->data\| into a
273		// function expecting a C string. We retain this behavior for compatibility,
274		// but code must not rely on this. See CVE-2021-3712.
275	2.36M	str->data[len] = '\0';
276	2.36M	}
277	2.37M	return 1;
278	2.37M	}
279
280	182k	void ASN1_STRING_set0(ASN1_STRING str, void data, int len) {
281	182k	OPENSSL_free(str->data);
282	182k	str->data = reinterpret_cast<uint8_t *>(data);
283	182k	str->length = len;
284	182k	}
285
286	352k	ASN1_STRING *ASN1_STRING_new() {
287	352k	return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
288	352k	}
289
290	1.05M	ASN1_STRING *ASN1_STRING_type_new(int type) {
291	1.05M	ASN1_STRING *ret = New<ASN1_STRING>();
292	1.05M	if (ret == nullptr) {
293	0	return nullptr;
294	0	}
295	1.05M	ret->length = 0;
296	1.05M	ret->type = type;
297	1.05M	ret->data = nullptr;
298	1.05M	ret->flags = 0;
299	1.05M	return ret;
300	1.05M	}
301
302	1.66M	void bssl::asn1_string_init(ASN1_STRING *str, int type) {
303	1.66M	OPENSSL_memset(str, 0, sizeof(ASN1_STRING));
304	1.66M	str->type = type;
305	1.66M	}
306
307	2.72M	void bssl::asn1_string_cleanup(ASN1_STRING *str) {
308	2.72M	OPENSSL_free(str->data);
309	2.72M	str->data = nullptr;
310	2.72M	}
311
312	2.13M	void ASN1_STRING_free(ASN1_STRING *str) {
313	2.13M	if (str == nullptr) {
314	1.07M	return;
315	1.07M	}
316	1.05M	asn1_string_cleanup(str);
317	1.05M	Delete(str);
318	1.05M	}
319
320	47	int ASN1_STRING_cmp(const ASN1_STRING a, const ASN1_STRING b) {
321		// Capture padding bits and implicit truncation in BIT STRINGs.
322	47	int a_length = a->length, b_length = b->length;
323	47	uint8_t a_padding = 0, b_padding = 0;
324	47	if (a->type == V_ASN1_BIT_STRING) {
325	0	a_length = asn1_bit_string_length(a, &a_padding);
326	0	}
327	47	if (b->type == V_ASN1_BIT_STRING) {
328	0	b_length = asn1_bit_string_length(b, &b_padding);
329	0	}
330
331	47	if (a_length < b_length) {
332	5	return -1;
333	5	}
334	42	if (a_length > b_length) {
335	6	return 1;
336	6	}
337		// In a BIT STRING, the number of bits is 8 * length - padding. Invert this
338		// comparison so we compare by lengths.
339	36	if (a_padding > b_padding) {
340	0	return -1;
341	0	}
342	36	if (a_padding < b_padding) {
343	0	return 1;
344	0	}
345
346	36	int ret = OPENSSL_memcmp(a->data, b->data, a_length);
347	36	if (ret != 0) {
348	25	return ret;
349	25	}
350
351		// Comparing the type first is more natural, but this matches OpenSSL.
352	11	if (a->type < b->type) {
353	0	return -1;
354	0	}
355	11	if (a->type > b->type) {
356	0	return 1;
357	0	}
358	11	return 0;
359	11	}
360
361	759k	int ASN1_STRING_length(const ASN1_STRING *str) { return str->length; }
362
363	0	int ASN1_STRING_type(const ASN1_STRING *str) { return str->type; }
364
365	0	unsigned char ASN1_STRING_data(ASN1_STRING str) { return str->data; }
366
367	759k	const unsigned char ASN1_STRING_get0_data(const ASN1_STRING str) {
368	759k	return str->data;
369	759k	}
370
371		int bssl::asn1_parse_octet_string(CBS cbs, ASN1_STRING out,
372	1.01M	CBS_ASN1_TAG tag) {
373	1.01M	tag = tag == 0 ? CBS_ASN1_OCTETSTRING : tag;
374	1.01M	CBS child;
375	1.01M	if (!CBS_get_asn1(cbs, &child, tag)) {
376	1.22k	OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
377	1.22k	return 0;
378	1.22k	}
379	1.01M	if (!ASN1_STRING_set(out, CBS_data(&child), CBS_len(&child))) {
380	0	return 0;
381	0	}
382	1.01M	out->type = V_ASN1_OCTET_STRING;
383	1.01M	return 1;
384	1.01M	}
385
386		int bssl::asn1_marshal_octet_string(CBB out, const ASN1_STRING in,
387	650k	CBS_ASN1_TAG tag) {
388	650k	tag = tag == 0 ? CBS_ASN1_OCTETSTRING : tag;
389	650k	return CBB_add_asn1_element(out, tag, ASN1_STRING_get0_data(in),
390	650k	ASN1_STRING_length(in));
391	650k	}
392
393		static int asn1_parse_character_string(CBS cbs, ASN1_STRING out,
394		CBS_ASN1_TAG tag, int str_type,
395		int (get_char)(CBS cbs, uint32_t *),
396	285k	int bad_char_err) {
397	285k	CBS child;
398	285k	if (!CBS_get_asn1(cbs, &child, tag)) {
399	31	OPENSSL_PUT_ERROR(ASN1, ASN1_R_DECODE_ERROR);
400	31	return 0;
401	31	}
402	285k	CBS copy = child;
403	11.5M	while (CBS_len(&copy) != 0) {
404	11.2M	uint32_t c;
405	11.2M	if (!get_char(&copy, &c)) {
406	1.46k	OPENSSL_PUT_ERROR(ASN1, bad_char_err);
407	1.46k	return 0;
408	1.46k	}
409	11.2M	}
410	284k	if (!ASN1_STRING_set(out, CBS_data(&child), CBS_len(&child))) {
411	0	return 0;
412	0	}
413	284k	out->type = str_type;
414	284k	return 1;
415	284k	}
416
417		int bssl::asn1_parse_bmp_string(CBS cbs, ASN1_BMPSTRING out,
418	9.43k	CBS_ASN1_TAG tag) {
419	9.43k	tag = tag == 0 ? CBS_ASN1_BMPSTRING : tag;
420	9.43k	return asn1_parse_character_string(cbs, out, tag, V_ASN1_BMPSTRING,
421	9.43k	&CBS_get_ucs2_be,
422	9.43k	ASN1_R_INVALID_BMPSTRING);
423	9.43k	}
424
425		int bssl::asn1_parse_universal_string(CBS cbs, ASN1_UNIVERSALSTRING out,
426	6.88k	CBS_ASN1_TAG tag) {
427	6.88k	tag = tag == 0 ? CBS_ASN1_UNIVERSALSTRING : tag;
428	6.88k	return asn1_parse_character_string(cbs, out, tag, V_ASN1_UNIVERSALSTRING,
429	6.88k	&CBS_get_utf32_be,
430	6.88k	ASN1_R_INVALID_UNIVERSALSTRING);
431	6.88k	}
432
433		int bssl::asn1_parse_utf8_string(CBS cbs, ASN1_UNIVERSALSTRING out,
434	269k	CBS_ASN1_TAG tag) {
435	269k	tag = tag == 0 ? CBS_ASN1_UTF8STRING : tag;
436	269k	return asn1_parse_character_string(cbs, out, tag, V_ASN1_UTF8STRING,
437	269k	&CBS_get_utf8, ASN1_R_INVALID_UTF8STRING);
438	269k	}