/src/boringssl/crypto/bytestring/cbb.cc
Line | Count | Source |
1 | | // Copyright 2014 The BoringSSL Authors |
2 | | // |
3 | | // Licensed under the Apache License, Version 2.0 (the "License"); |
4 | | // you may not use this file except in compliance with the License. |
5 | | // You may obtain a copy of the License at |
6 | | // |
7 | | // https://www.apache.org/licenses/LICENSE-2.0 |
8 | | // |
9 | | // Unless required by applicable law or agreed to in writing, software |
10 | | // distributed under the License is distributed on an "AS IS" BASIS, |
11 | | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
12 | | // See the License for the specific language governing permissions and |
13 | | // limitations under the License. |
14 | | |
15 | | #include <openssl/bytestring.h> |
16 | | |
17 | | #include <assert.h> |
18 | | #include <limits.h> |
19 | | #include <string.h> |
20 | | |
21 | | #include <openssl/err.h> |
22 | | #include <openssl/mem.h> |
23 | | |
24 | | #include "../internal.h" |
25 | | #include "internal.h" |
26 | | |
27 | | |
28 | | using namespace bssl; |
29 | | |
30 | 16.6M | void CBB_zero(CBB *cbb) { OPENSSL_memset(cbb, 0, sizeof(CBB)); } |
31 | | |
32 | 2.10M | static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) { |
33 | 2.10M | cbb->is_child = 0; |
34 | 2.10M | cbb->child = nullptr; |
35 | 2.10M | cbb->u.base.buf = buf; |
36 | 2.10M | cbb->u.base.len = 0; |
37 | 2.10M | cbb->u.base.cap = cap; |
38 | 2.10M | cbb->u.base.can_resize = can_resize; |
39 | 2.10M | cbb->u.base.error = 0; |
40 | 2.10M | } |
41 | | |
42 | 1.97M | int CBB_init(CBB *cbb, size_t initial_capacity) { |
43 | 1.97M | CBB_zero(cbb); |
44 | | |
45 | 1.97M | uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(initial_capacity)); |
46 | 1.97M | if (initial_capacity > 0 && buf == nullptr) { |
47 | 0 | return 0; |
48 | 0 | } |
49 | | |
50 | 1.97M | cbb_init(cbb, buf, initial_capacity, /*can_resize=*/1); |
51 | 1.97M | return 1; |
52 | 1.97M | } |
53 | | |
54 | 134k | int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) { |
55 | 134k | CBB_zero(cbb); |
56 | 134k | cbb_init(cbb, buf, len, /*can_resize=*/0); |
57 | 134k | return 1; |
58 | 134k | } |
59 | | |
60 | 2.80M | void CBB_cleanup(CBB *cbb) { |
61 | | // Child |CBB|s are non-owning. They are implicitly discarded and should not |
62 | | // be used with |CBB_cleanup| or |ScopedCBB|. |
63 | 2.80M | assert(!cbb->is_child); |
64 | 2.80M | if (cbb->is_child) { |
65 | 0 | return; |
66 | 0 | } |
67 | | |
68 | 2.80M | if (cbb->u.base.can_resize) { |
69 | 2.70M | OPENSSL_free(cbb->u.base.buf); |
70 | 2.70M | } |
71 | 2.80M | } |
72 | | |
73 | | static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out, |
74 | 238M | size_t len) { |
75 | 238M | if (base == nullptr) { |
76 | 0 | return 0; |
77 | 0 | } |
78 | | |
79 | 238M | size_t newlen = base->len + len; |
80 | 238M | if (newlen < base->len) { |
81 | | // Overflow |
82 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); |
83 | 0 | goto err; |
84 | 0 | } |
85 | | |
86 | 238M | if (newlen > base->cap) { |
87 | 2.61M | if (!base->can_resize) { |
88 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); |
89 | 0 | goto err; |
90 | 0 | } |
91 | | |
92 | 2.61M | size_t newcap = base->cap * 2; |
93 | 2.61M | if (newcap < base->cap || newcap < newlen) { |
94 | 382k | newcap = newlen; |
95 | 382k | } |
96 | 2.61M | uint8_t *newbuf = |
97 | 2.61M | reinterpret_cast<uint8_t *>(OPENSSL_realloc(base->buf, newcap)); |
98 | 2.61M | if (newbuf == nullptr) { |
99 | 0 | goto err; |
100 | 0 | } |
101 | | |
102 | 2.61M | base->buf = newbuf; |
103 | 2.61M | base->cap = newcap; |
104 | 2.61M | } |
105 | | |
106 | 238M | if (out) { |
107 | 236M | *out = base->buf + base->len; |
108 | 236M | } |
109 | | |
110 | 238M | return 1; |
111 | | |
112 | 0 | err: |
113 | 0 | base->error = 1; |
114 | 0 | return 0; |
115 | 238M | } |
116 | | |
117 | | static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, |
118 | 238M | size_t len) { |
119 | 238M | if (!cbb_buffer_reserve(base, out, len)) { |
120 | 0 | return 0; |
121 | 0 | } |
122 | | // This will not overflow or |cbb_buffer_reserve| would have failed. |
123 | 238M | base->len += len; |
124 | 238M | return 1; |
125 | 238M | } |
126 | | |
127 | 1.60M | int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) { |
128 | 1.60M | if (cbb->is_child) { |
129 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
130 | 0 | return 0; |
131 | 0 | } |
132 | | |
133 | 1.60M | if (!CBB_flush(cbb)) { |
134 | 0 | return 0; |
135 | 0 | } |
136 | | |
137 | 1.60M | if (cbb->u.base.can_resize && (out_data == nullptr || out_len == nullptr)) { |
138 | | // |out_data| and |out_len| can only be NULL if the CBB is fixed. |
139 | 0 | return 0; |
140 | 0 | } |
141 | | |
142 | 1.60M | if (out_data != nullptr) { |
143 | 1.55M | *out_data = cbb->u.base.buf; |
144 | 1.55M | } |
145 | 1.60M | if (out_len != nullptr) { |
146 | 1.55M | *out_len = cbb->u.base.len; |
147 | 1.55M | } |
148 | 1.60M | cbb->u.base.buf = nullptr; |
149 | 1.60M | CBB_cleanup(cbb); |
150 | 1.60M | return 1; |
151 | 1.60M | } |
152 | | |
153 | 499M | static struct cbb_buffer_st *cbb_get_base(CBB *cbb) { |
154 | 499M | if (cbb->is_child) { |
155 | 124M | return cbb->u.child.base; |
156 | 124M | } |
157 | 375M | return &cbb->u.base; |
158 | 499M | } |
159 | | |
160 | 0 | static void cbb_on_error(CBB *cbb) { |
161 | | // Due to C's lack of destructors and |CBB|'s auto-flushing API, a failing |
162 | | // |CBB|-taking function may leave a dangling pointer to a child |CBB|. As a |
163 | | // result, the convention is callers may not write to |CBB|s that have failed. |
164 | | // But, as a safety measure, we lock the |CBB| into an error state. Once the |
165 | | // error bit is set, |cbb->child| will not be read. |
166 | | // |
167 | | // TODO(davidben): This still isn't quite ideal. A |CBB| function *outside* |
168 | | // this file may originate an error while the |CBB| points to a local child. |
169 | | // In that case we don't set the error bit and are reliant on the error |
170 | | // convention. Perhaps we allow |CBB_cleanup| on child |CBB|s and make every |
171 | | // child's |CBB_cleanup| set the error bit if unflushed. That will be |
172 | | // convenient for C++ callers, but very tedious for C callers. So C callers |
173 | | // perhaps should get a |CBB_on_error| function that can be, less tediously, |
174 | | // stuck in a |goto err| block. |
175 | 0 | cbb_get_base(cbb)->error = 1; |
176 | | |
177 | | // Clearing the pointer is not strictly necessary, but GCC's dangling pointer |
178 | | // warning does not know |cbb->child| will not be read once |error| is set |
179 | | // above. |
180 | 0 | cbb->child = nullptr; |
181 | 0 | } |
182 | | |
183 | | // CBB_flush recurses and then writes out any pending length prefix. The |
184 | | // current length of the underlying base is taken to be the length of the |
185 | | // length-prefixed data. |
186 | 263M | int CBB_flush(CBB *cbb) { |
187 | | // If |base| has hit an error, the buffer is in an undefined state, so |
188 | | // fail all following calls. In particular, |cbb->child| may point to invalid |
189 | | // memory. |
190 | 263M | struct cbb_buffer_st *base = cbb_get_base(cbb); |
191 | 263M | if (base == nullptr || base->error) { |
192 | 0 | return 0; |
193 | 0 | } |
194 | | |
195 | 263M | if (cbb->child == nullptr) { |
196 | | // Nothing to flush. |
197 | 250M | return 1; |
198 | 250M | } |
199 | | |
200 | 263M | assert(cbb->child->is_child); |
201 | 12.8M | struct cbb_child_st *child = &cbb->child->u.child; |
202 | 12.8M | assert(child->base == base); |
203 | 12.8M | size_t child_start = child->offset + child->pending_len_len; |
204 | | |
205 | 12.8M | size_t len; |
206 | 12.8M | if (!CBB_flush(cbb->child) || child_start < child->offset || |
207 | 12.8M | base->len < child_start) { |
208 | 0 | goto err; |
209 | 0 | } |
210 | | |
211 | 12.8M | len = base->len - child_start; |
212 | | |
213 | 12.8M | if (child->pending_is_asn1) { |
214 | | // For ASN.1 we assume that we'll only need a single byte for the length. |
215 | | // If that turned out to be incorrect, we have to move the contents along |
216 | | // in order to make space. |
217 | 10.7M | uint8_t len_len; |
218 | 10.7M | uint8_t initial_length_byte; |
219 | | |
220 | 10.7M | assert(child->pending_len_len == 1); |
221 | | |
222 | 10.7M | if (len > 0xfffffffe) { |
223 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); |
224 | | // Too large. |
225 | 0 | goto err; |
226 | 10.7M | } else if (len > 0xffffff) { |
227 | 0 | len_len = 5; |
228 | 0 | initial_length_byte = 0x80 | 4; |
229 | 10.7M | } else if (len > 0xffff) { |
230 | 11.5k | len_len = 4; |
231 | 11.5k | initial_length_byte = 0x80 | 3; |
232 | 10.7M | } else if (len > 0xff) { |
233 | 556k | len_len = 3; |
234 | 556k | initial_length_byte = 0x80 | 2; |
235 | 10.1M | } else if (len > 0x7f) { |
236 | 677k | len_len = 2; |
237 | 677k | initial_length_byte = 0x80 | 1; |
238 | 9.51M | } else { |
239 | 9.51M | len_len = 1; |
240 | 9.51M | initial_length_byte = (uint8_t)len; |
241 | 9.51M | len = 0; |
242 | 9.51M | } |
243 | | |
244 | 10.7M | if (len_len != 1) { |
245 | | // We need to move the contents along in order to make space. |
246 | 1.24M | size_t extra_bytes = len_len - 1; |
247 | 1.24M | if (!cbb_buffer_add(base, nullptr, extra_bytes)) { |
248 | 0 | goto err; |
249 | 0 | } |
250 | 1.24M | OPENSSL_memmove(base->buf + child_start + extra_bytes, |
251 | 1.24M | base->buf + child_start, len); |
252 | 1.24M | } |
253 | 10.7M | base->buf[child->offset++] = initial_length_byte; |
254 | 10.7M | child->pending_len_len = len_len - 1; |
255 | 10.7M | } |
256 | | |
257 | 18.3M | for (size_t i = child->pending_len_len - 1; i < child->pending_len_len; i--) { |
258 | 5.49M | base->buf[child->offset + i] = (uint8_t)len; |
259 | 5.49M | len >>= 8; |
260 | 5.49M | } |
261 | 12.8M | if (len != 0) { |
262 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW); |
263 | 0 | goto err; |
264 | 0 | } |
265 | | |
266 | 12.8M | child->base = nullptr; |
267 | 12.8M | cbb->child = nullptr; |
268 | | |
269 | 12.8M | return 1; |
270 | | |
271 | 0 | err: |
272 | 0 | cbb_on_error(cbb); |
273 | 0 | return 0; |
274 | 12.8M | } |
275 | | |
276 | 2.73M | uint8_t *CBB_data(const CBB *cbb) { |
277 | 2.73M | assert(cbb->child == nullptr); |
278 | 2.73M | if (cbb->is_child) { |
279 | 2.12M | return cbb->u.child.base->buf + cbb->u.child.offset + |
280 | 2.12M | cbb->u.child.pending_len_len; |
281 | 2.12M | } |
282 | 609k | return cbb->u.base.buf; |
283 | 2.73M | } |
284 | | |
285 | 5.89M | size_t CBB_len(const CBB *cbb) { |
286 | 5.89M | assert(cbb->child == nullptr); |
287 | 5.89M | if (cbb->is_child) { |
288 | 5.26M | assert(cbb->u.child.offset + cbb->u.child.pending_len_len <= |
289 | 5.26M | cbb->u.child.base->len); |
290 | 5.26M | return cbb->u.child.base->len - cbb->u.child.offset - |
291 | 5.26M | cbb->u.child.pending_len_len; |
292 | 5.26M | } |
293 | 629k | return cbb->u.base.len; |
294 | 5.89M | } |
295 | | |
296 | | static int cbb_add_child(CBB *cbb, CBB *out_child, uint8_t len_len, |
297 | 12.8M | int is_asn1) { |
298 | 12.8M | assert(cbb->child == nullptr); |
299 | 12.8M | assert(!is_asn1 || len_len == 1); |
300 | 12.8M | struct cbb_buffer_st *base = cbb_get_base(cbb); |
301 | 12.8M | size_t offset = base->len; |
302 | | |
303 | | // Reserve space for the length prefix. |
304 | 12.8M | uint8_t *prefix_bytes; |
305 | 12.8M | if (!cbb_buffer_add(base, &prefix_bytes, len_len)) { |
306 | 0 | return 0; |
307 | 0 | } |
308 | 12.8M | OPENSSL_memset(prefix_bytes, 0, len_len); |
309 | | |
310 | 12.8M | CBB_zero(out_child); |
311 | 12.8M | out_child->is_child = 1; |
312 | 12.8M | out_child->u.child.base = base; |
313 | 12.8M | out_child->u.child.offset = offset; |
314 | 12.8M | out_child->u.child.pending_len_len = len_len; |
315 | 12.8M | out_child->u.child.pending_is_asn1 = is_asn1; |
316 | 12.8M | cbb->child = out_child; |
317 | 12.8M | return 1; |
318 | 12.8M | } |
319 | | |
320 | | static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, |
321 | 2.09M | uint8_t len_len) { |
322 | 2.09M | if (!CBB_flush(cbb)) { |
323 | 0 | return 0; |
324 | 0 | } |
325 | | |
326 | 2.09M | return cbb_add_child(cbb, out_contents, len_len, /*is_asn1=*/0); |
327 | 2.09M | } |
328 | | |
329 | 782k | int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) { |
330 | 782k | return cbb_add_length_prefixed(cbb, out_contents, 1); |
331 | 782k | } |
332 | | |
333 | 1.02M | int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) { |
334 | 1.02M | return cbb_add_length_prefixed(cbb, out_contents, 2); |
335 | 1.02M | } |
336 | | |
337 | 283k | int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) { |
338 | 283k | return cbb_add_length_prefixed(cbb, out_contents, 3); |
339 | 283k | } |
340 | | |
341 | | // add_base128_integer encodes |v| as a big-endian base-128 integer where the |
342 | | // high bit of each byte indicates where there is more data. This is the |
343 | | // encoding used in DER for both high tag number form and OID components. |
344 | 40.8k | static int add_base128_integer(CBB *cbb, uint64_t v) { |
345 | 40.8k | unsigned len_len = 0; |
346 | 40.8k | uint64_t copy = v; |
347 | 113k | while (copy > 0) { |
348 | 72.5k | len_len++; |
349 | 72.5k | copy >>= 7; |
350 | 72.5k | } |
351 | 40.8k | if (len_len == 0) { |
352 | 7.95k | len_len = 1; // Zero is encoded with one byte. |
353 | 7.95k | } |
354 | 121k | for (unsigned i = len_len - 1; i < len_len; i--) { |
355 | 80.4k | uint8_t byte = (v >> (7 * i)) & 0x7f; |
356 | 80.4k | if (i != 0) { |
357 | | // The high bit denotes whether there is more data. |
358 | 39.5k | byte |= 0x80; |
359 | 39.5k | } |
360 | 80.4k | if (!CBB_add_u8(cbb, byte)) { |
361 | 0 | return 0; |
362 | 0 | } |
363 | 80.4k | } |
364 | 40.8k | return 1; |
365 | 40.8k | } |
366 | | |
367 | 10.7M | int CBB_add_asn1(CBB *cbb, CBB *out_contents, CBS_ASN1_TAG tag) { |
368 | 10.7M | if (!CBB_flush(cbb)) { |
369 | 0 | return 0; |
370 | 0 | } |
371 | | |
372 | | // Split the tag into leading bits and tag number. |
373 | 10.7M | uint8_t tag_bits = (tag >> CBS_ASN1_TAG_SHIFT) & 0xe0; |
374 | 10.7M | CBS_ASN1_TAG tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK; |
375 | 10.7M | if (tag_number >= 0x1f) { |
376 | | // Set all the bits in the tag number to signal high tag number form. |
377 | 9.24k | if (!CBB_add_u8(cbb, tag_bits | 0x1f) || |
378 | 9.24k | !add_base128_integer(cbb, tag_number)) { |
379 | 0 | return 0; |
380 | 0 | } |
381 | 10.7M | } else if (!CBB_add_u8(cbb, tag_bits | tag_number)) { |
382 | 0 | return 0; |
383 | 0 | } |
384 | | |
385 | | // Reserve one byte of length prefix. |CBB_flush| will finish it later. |
386 | 10.7M | return cbb_add_child(cbb, out_contents, /*len_len=*/1, /*is_asn1=*/1); |
387 | 10.7M | } |
388 | | |
389 | 6.95M | int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) { |
390 | 6.95M | uint8_t *out; |
391 | 6.95M | if (!CBB_add_space(cbb, &out, len)) { |
392 | 0 | return 0; |
393 | 0 | } |
394 | 6.95M | OPENSSL_memcpy(out, data, len); |
395 | 6.95M | return 1; |
396 | 6.95M | } |
397 | | |
398 | 551 | int CBB_add_zeros(CBB *cbb, size_t len) { |
399 | 551 | uint8_t *out; |
400 | 551 | if (!CBB_add_space(cbb, &out, len)) { |
401 | 0 | return 0; |
402 | 0 | } |
403 | 551 | OPENSSL_memset(out, 0, len); |
404 | 551 | return 1; |
405 | 551 | } |
406 | | |
407 | 224M | int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) { |
408 | 224M | if (!CBB_flush(cbb) || !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) { |
409 | 0 | return 0; |
410 | 0 | } |
411 | 224M | return 1; |
412 | 224M | } |
413 | | |
414 | 26.4k | int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len) { |
415 | 26.4k | if (!CBB_flush(cbb) || |
416 | 26.4k | !cbb_buffer_reserve(cbb_get_base(cbb), out_data, len)) { |
417 | 0 | return 0; |
418 | 0 | } |
419 | 26.4k | return 1; |
420 | 26.4k | } |
421 | | |
422 | 26.4k | int CBB_did_write(CBB *cbb, size_t len) { |
423 | 26.4k | struct cbb_buffer_st *base = cbb_get_base(cbb); |
424 | 26.4k | size_t newlen = base->len + len; |
425 | 26.4k | if (cbb->child != nullptr || newlen < base->len || newlen > base->cap) { |
426 | 0 | return 0; |
427 | 0 | } |
428 | 26.4k | base->len = newlen; |
429 | 26.4k | return 1; |
430 | 26.4k | } |
431 | | |
432 | 216M | static int cbb_add_u(CBB *cbb, uint64_t v, size_t len_len) { |
433 | 216M | uint8_t *buf; |
434 | 216M | if (!CBB_add_space(cbb, &buf, len_len)) { |
435 | 0 | return 0; |
436 | 0 | } |
437 | | |
438 | 917M | for (size_t i = len_len - 1; i < len_len; i--) { |
439 | 700M | buf[i] = v; |
440 | 700M | v >>= 8; |
441 | 700M | } |
442 | | |
443 | | // |v| must fit in |len_len| bytes. |
444 | 216M | if (v != 0) { |
445 | 0 | cbb_on_error(cbb); |
446 | 0 | return 0; |
447 | 0 | } |
448 | | |
449 | 216M | return 1; |
450 | 216M | } |
451 | | |
452 | 52.6M | int CBB_add_u8(CBB *cbb, uint8_t value) { return cbb_add_u(cbb, value, 1); } |
453 | | |
454 | 3.67M | int CBB_add_u16(CBB *cbb, uint16_t value) { return cbb_add_u(cbb, value, 2); } |
455 | | |
456 | 0 | int CBB_add_u16le(CBB *cbb, uint16_t value) { |
457 | 0 | return CBB_add_u16(cbb, CRYPTO_bswap2(value)); |
458 | 0 | } |
459 | | |
460 | 282k | int CBB_add_u24(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 3); } |
461 | | |
462 | 159M | int CBB_add_u32(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 4); } |
463 | | |
464 | 0 | int CBB_add_u32le(CBB *cbb, uint32_t value) { |
465 | 0 | return CBB_add_u32(cbb, CRYPTO_bswap4(value)); |
466 | 0 | } |
467 | | |
468 | 50.0k | int CBB_add_u64(CBB *cbb, uint64_t value) { return cbb_add_u(cbb, value, 8); } |
469 | | |
470 | 0 | int CBB_add_u64le(CBB *cbb, uint64_t value) { |
471 | 0 | return CBB_add_u64(cbb, CRYPTO_bswap8(value)); |
472 | 0 | } |
473 | | |
474 | 6 | void CBB_discard(CBB *cbb, size_t len) { |
475 | 6 | BSSL_CHECK(cbb->child == nullptr); |
476 | 6 | BSSL_CHECK(len <= CBB_len(cbb)); |
477 | 6 | struct cbb_buffer_st *base = cbb_get_base(cbb); |
478 | 6 | base->len -= len; |
479 | 6 | } |
480 | | |
481 | 2.03k | void CBB_discard_child(CBB *cbb) { |
482 | 2.03k | if (cbb->child == nullptr) { |
483 | 0 | return; |
484 | 0 | } |
485 | | |
486 | 2.03k | struct cbb_buffer_st *base = cbb_get_base(cbb); |
487 | 2.03k | assert(cbb->child->is_child); |
488 | 2.03k | base->len = cbb->child->u.child.offset; |
489 | | |
490 | 2.03k | cbb->child->u.child.base = nullptr; |
491 | 2.03k | cbb->child = nullptr; |
492 | 2.03k | } |
493 | | |
494 | | int CBB_add_asn1_element(CBB *cbb, CBS_ASN1_TAG tag, const uint8_t *data, |
495 | 2.61M | size_t data_len) { |
496 | 2.61M | CBB child; |
497 | 2.61M | if (!CBB_add_asn1(cbb, &child, tag) || |
498 | 2.61M | !CBB_add_bytes(&child, data, data_len) || // |
499 | 2.61M | !CBB_flush(cbb)) { |
500 | 0 | cbb_on_error(cbb); |
501 | 0 | return 0; |
502 | 0 | } |
503 | | |
504 | 2.61M | return 1; |
505 | 2.61M | } |
506 | | |
507 | 17.5k | int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) { |
508 | 17.5k | return CBB_add_asn1_uint64_with_tag(cbb, value, CBS_ASN1_INTEGER); |
509 | 17.5k | } |
510 | | |
511 | 17.5k | int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) { |
512 | 17.5k | CBB child; |
513 | 17.5k | int started = 0; |
514 | 17.5k | if (!CBB_add_asn1(cbb, &child, tag)) { |
515 | 0 | goto err; |
516 | 0 | } |
517 | | |
518 | 157k | for (size_t i = 0; i < 8; i++) { |
519 | 140k | uint8_t byte = (value >> 8 * (7 - i)) & 0xff; |
520 | 140k | if (!started) { |
521 | 129k | if (byte == 0) { |
522 | | // Don't encode leading zeros. |
523 | 113k | continue; |
524 | 113k | } |
525 | | // If the high bit is set, add a padding byte to make it |
526 | | // unsigned. |
527 | 15.5k | if ((byte & 0x80) && !CBB_add_u8(&child, 0)) { |
528 | 0 | goto err; |
529 | 0 | } |
530 | 15.5k | started = 1; |
531 | 15.5k | } |
532 | 26.3k | if (!CBB_add_u8(&child, byte)) { |
533 | 0 | goto err; |
534 | 0 | } |
535 | 26.3k | } |
536 | | |
537 | | // 0 is encoded as a single 0, not the empty string. |
538 | 17.5k | if (!started && !CBB_add_u8(&child, 0)) { |
539 | 0 | goto err; |
540 | 0 | } |
541 | | |
542 | 17.5k | return CBB_flush(cbb); |
543 | | |
544 | 0 | err: |
545 | 0 | cbb_on_error(cbb); |
546 | 0 | return 0; |
547 | 17.5k | } |
548 | | |
549 | 0 | int CBB_add_asn1_int64(CBB *cbb, int64_t value) { |
550 | 0 | return CBB_add_asn1_int64_with_tag(cbb, value, CBS_ASN1_INTEGER); |
551 | 0 | } |
552 | | |
553 | 0 | int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value, CBS_ASN1_TAG tag) { |
554 | 0 | if (value >= 0) { |
555 | 0 | return CBB_add_asn1_uint64_with_tag(cbb, (uint64_t)value, tag); |
556 | 0 | } |
557 | | |
558 | 0 | uint8_t bytes[sizeof(int64_t)]; |
559 | 0 | memcpy(bytes, &value, sizeof(value)); |
560 | 0 | int start = 7; |
561 | | // Skip leading sign-extension bytes unless they are necessary. |
562 | 0 | while (start > 0 && (bytes[start] == 0xff && (bytes[start - 1] & 0x80))) { |
563 | 0 | start--; |
564 | 0 | } |
565 | |
|
566 | 0 | CBB child; |
567 | 0 | if (!CBB_add_asn1(cbb, &child, tag)) { |
568 | 0 | goto err; |
569 | 0 | } |
570 | 0 | for (int i = start; i >= 0; i--) { |
571 | 0 | if (!CBB_add_u8(&child, bytes[i])) { |
572 | 0 | goto err; |
573 | 0 | } |
574 | 0 | } |
575 | 0 | return CBB_flush(cbb); |
576 | | |
577 | 0 | err: |
578 | 0 | cbb_on_error(cbb); |
579 | 0 | return 0; |
580 | 0 | } |
581 | | |
582 | 6.43k | int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) { |
583 | 6.43k | return CBB_add_asn1_element(cbb, CBS_ASN1_OCTETSTRING, data, data_len); |
584 | 6.43k | } |
585 | | |
586 | 451 | int CBB_add_asn1_bool(CBB *cbb, int value) { |
587 | 451 | CBB child; |
588 | 451 | if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) || |
589 | 451 | !CBB_add_u8(&child, value != 0 ? 0xff : 0) || !CBB_flush(cbb)) { |
590 | 0 | cbb_on_error(cbb); |
591 | 0 | return 0; |
592 | 0 | } |
593 | | |
594 | 451 | return 1; |
595 | 451 | } |
596 | | |
597 | | // parse_dotted_decimal parses one decimal component from |cbs|, where |cbs| is |
598 | | // an OID literal, e.g., "1.2.840.113554.4.1.72585". It consumes both the |
599 | | // component and the dot, so |cbs| may be passed into the function again for the |
600 | | // next value. |
601 | 41.4k | static int parse_dotted_decimal(CBS *cbs, uint64_t *out) { |
602 | 41.4k | if (!CBS_get_u64_decimal(cbs, out)) { |
603 | 975 | return 0; |
604 | 975 | } |
605 | | |
606 | | // The integer must have either ended at the end of the string, or a |
607 | | // non-terminal dot, which should be consumed. If the string ends with a dot, |
608 | | // this is not a valid OID string. |
609 | 40.4k | uint8_t dot; |
610 | 40.4k | return !CBS_get_u8(cbs, &dot) || (dot == '.' && CBS_len(cbs) > 0); |
611 | 41.4k | } |
612 | | |
613 | 9.01k | int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) { |
614 | 9.01k | if (!CBB_flush(cbb)) { |
615 | 0 | return 0; |
616 | 0 | } |
617 | | |
618 | 9.01k | CBS cbs; |
619 | 9.01k | CBS_init(&cbs, (const uint8_t *)text, len); |
620 | | |
621 | | // OIDs must have at least two components. |
622 | 9.01k | uint64_t a, b; |
623 | 9.01k | if (!parse_dotted_decimal(&cbs, &a) || !parse_dotted_decimal(&cbs, &b)) { |
624 | 1.01k | return 0; |
625 | 1.01k | } |
626 | | |
627 | | // The first component is encoded as 40 * |a| + |b|. This assumes that |a| is |
628 | | // 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39. |
629 | 8.00k | if (a > 2 || (a < 2 && b > 39) || b > UINT64_MAX - 80 || |
630 | 7.65k | !add_base128_integer(cbb, 40u * a + b)) { |
631 | 346 | return 0; |
632 | 346 | } |
633 | | |
634 | | // The remaining components are encoded unmodified. |
635 | 31.6k | while (CBS_len(&cbs) > 0) { |
636 | 24.0k | if (!parse_dotted_decimal(&cbs, &a) || !add_base128_integer(cbb, a)) { |
637 | 52 | return 0; |
638 | 52 | } |
639 | 24.0k | } |
640 | | |
641 | 7.60k | return 1; |
642 | 7.65k | } |
643 | | |
644 | | int CBB_add_asn1_relative_oid_from_text(CBB *cbb, const char *text, |
645 | 0 | size_t len) { |
646 | 0 | if (!CBB_flush(cbb)) { |
647 | 0 | return 0; |
648 | 0 | } |
649 | | |
650 | | // Relative OIDs must have at least one component. |
651 | 0 | if (!len) { |
652 | 0 | return 0; |
653 | 0 | } |
654 | | |
655 | 0 | CBS cbs; |
656 | 0 | CBS_init(&cbs, reinterpret_cast<const uint8_t *>(text), len); |
657 | |
|
658 | 0 | while (CBS_len(&cbs) > 0) { |
659 | 0 | uint64_t a; |
660 | 0 | if (!parse_dotted_decimal(&cbs, &a) || !add_base128_integer(cbb, a)) { |
661 | 0 | return 0; |
662 | 0 | } |
663 | 0 | } |
664 | | |
665 | 0 | return 1; |
666 | 0 | } |
667 | | |
668 | 0 | int CBB_add_asn1_oid_component(CBB *cbb, uint64_t value) { |
669 | 0 | if (!CBB_flush(cbb)) { |
670 | 0 | return 0; |
671 | 0 | } |
672 | | |
673 | 0 | return add_base128_integer(cbb, value); |
674 | 0 | } |
675 | | |
676 | 301k | static int compare_set_of_element(const void *a_ptr, const void *b_ptr) { |
677 | | // See X.690, section 11.6 for the ordering. They are sorted in ascending |
678 | | // order by their DER encoding. |
679 | 301k | const CBS *a = reinterpret_cast<const CBS *>(a_ptr), |
680 | 301k | *b = reinterpret_cast<const CBS *>(b_ptr); |
681 | 301k | size_t a_len = CBS_len(a), b_len = CBS_len(b); |
682 | 301k | size_t min_len = a_len < b_len ? a_len : b_len; |
683 | 301k | int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len); |
684 | 301k | if (ret != 0) { |
685 | 209k | return ret; |
686 | 209k | } |
687 | 91.9k | if (a_len == b_len) { |
688 | 91.9k | return 0; |
689 | 91.9k | } |
690 | | // If one is a prefix of the other, the shorter one sorts first. (This is not |
691 | | // actually reachable. No DER encoding is a prefix of another DER encoding.) |
692 | 0 | return a_len < b_len ? -1 : 1; |
693 | 91.9k | } |
694 | | |
695 | 1.82M | int CBB_flush_asn1_set_of(CBB *cbb) { |
696 | 1.82M | if (!CBB_flush(cbb)) { |
697 | 0 | return 0; |
698 | 0 | } |
699 | | |
700 | 1.82M | CBS cbs; |
701 | 1.82M | size_t num_children = 0; |
702 | 1.82M | CBS_init(&cbs, CBB_data(cbb), CBB_len(cbb)); |
703 | 3.87M | while (CBS_len(&cbs) != 0) { |
704 | 2.04M | if (!CBS_get_any_asn1_element(&cbs, nullptr, nullptr, nullptr)) { |
705 | 0 | OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
706 | 0 | return 0; |
707 | 0 | } |
708 | 2.04M | num_children++; |
709 | 2.04M | } |
710 | | |
711 | 1.82M | if (num_children < 2) { |
712 | 1.70M | return 1; // Nothing to do. This is the common case for X.509. |
713 | 1.70M | } |
714 | | |
715 | | // Parse out the children and sort. We alias them into a copy of so they |
716 | | // remain valid as we rewrite |cbb|. |
717 | 121k | int ret = 0; |
718 | 121k | size_t buf_len = CBB_len(cbb); |
719 | 121k | uint8_t *buf = |
720 | 121k | reinterpret_cast<uint8_t *>(OPENSSL_memdup(CBB_data(cbb), buf_len)); |
721 | 121k | CBS *children = |
722 | 121k | reinterpret_cast<CBS *>(OPENSSL_calloc(num_children, sizeof(CBS))); |
723 | 121k | uint8_t *out; |
724 | 121k | size_t offset = 0; |
725 | 121k | if (buf == nullptr || children == nullptr) { |
726 | 0 | goto err; |
727 | 0 | } |
728 | 121k | CBS_init(&cbs, buf, buf_len); |
729 | 472k | for (size_t i = 0; i < num_children; i++) { |
730 | 350k | if (!CBS_get_any_asn1_element(&cbs, &children[i], nullptr, nullptr)) { |
731 | 0 | goto err; |
732 | 0 | } |
733 | 350k | } |
734 | 121k | qsort(children, num_children, sizeof(CBS), compare_set_of_element); |
735 | | |
736 | | // Write the contents back in the new order. |
737 | 121k | out = (uint8_t *)CBB_data(cbb); |
738 | 472k | for (size_t i = 0; i < num_children; i++) { |
739 | 350k | OPENSSL_memcpy(out + offset, CBS_data(&children[i]), CBS_len(&children[i])); |
740 | 350k | offset += CBS_len(&children[i]); |
741 | 350k | } |
742 | 121k | assert(offset == buf_len); |
743 | | |
744 | 121k | ret = 1; |
745 | | |
746 | 121k | err: |
747 | 121k | OPENSSL_free(buf); |
748 | 121k | OPENSSL_free(children); |
749 | 121k | return ret; |
750 | 121k | } |
751 | | |
752 | 1.02M | bool bssl::CBBFinishArray(CBB *cbb, Array<uint8_t> *out) { |
753 | 1.02M | uint8_t *ptr; |
754 | 1.02M | size_t len; |
755 | 1.02M | if (!CBB_finish(cbb, &ptr, &len)) { |
756 | 0 | OPENSSL_PUT_ERROR(SSL, ERR_R_INTERNAL_ERROR); |
757 | 0 | return false; |
758 | 0 | } |
759 | 1.02M | out->Reset(ptr, len); |
760 | 1.02M | return true; |
761 | 1.02M | } |