Coverage Report

Created: 2024-11-21 07:03

/src/boringssl/crypto/bytestring/cbb.c
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (c) 2014, Google Inc.
2
 *
3
 * Permission to use, copy, modify, and/or distribute this software for any
4
 * purpose with or without fee is hereby granted, provided that the above
5
 * copyright notice and this permission notice appear in all copies.
6
 *
7
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15
#include <openssl/bytestring.h>
16
17
#include <assert.h>
18
#include <limits.h>
19
#include <string.h>
20
21
#include <openssl/mem.h>
22
#include <openssl/err.h>
23
24
#include "../internal.h"
25
26
27
1.05k
void CBB_zero(CBB *cbb) {
28
1.05k
  OPENSSL_memset(cbb, 0, sizeof(CBB));
29
1.05k
}
30
31
685
static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) {
32
685
  cbb->is_child = 0;
33
685
  cbb->child = NULL;
34
685
  cbb->u.base.buf = buf;
35
685
  cbb->u.base.len = 0;
36
685
  cbb->u.base.cap = cap;
37
685
  cbb->u.base.can_resize = can_resize;
38
685
  cbb->u.base.error = 0;
39
685
}
40
41
685
int CBB_init(CBB *cbb, size_t initial_capacity) {
42
685
  CBB_zero(cbb);
43
44
685
  uint8_t *buf = OPENSSL_malloc(initial_capacity);
45
685
  if (initial_capacity > 0 && buf == NULL) {
46
0
    return 0;
47
0
  }
48
49
685
  cbb_init(cbb, buf, initial_capacity, /*can_resize=*/1);
50
685
  return 1;
51
685
}
52
53
0
int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {
54
0
  CBB_zero(cbb);
55
0
  cbb_init(cbb, buf, len, /*can_resize=*/0);
56
0
  return 1;
57
0
}
58
59
685
void CBB_cleanup(CBB *cbb) {
60
  // Child |CBB|s are non-owning. They are implicitly discarded and should not
61
  // be used with |CBB_cleanup| or |ScopedCBB|.
62
685
  assert(!cbb->is_child);
63
685
  if (cbb->is_child) {
64
0
    return;
65
0
  }
66
67
685
  if (cbb->u.base.can_resize) {
68
685
    OPENSSL_free(cbb->u.base.buf);
69
685
  }
70
685
}
71
72
static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out,
73
184k
                              size_t len) {
74
184k
  if (base == NULL) {
75
0
    return 0;
76
0
  }
77
78
184k
  size_t newlen = base->len + len;
79
184k
  if (newlen < base->len) {
80
    // Overflow
81
0
    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
82
0
    goto err;
83
0
  }
84
85
184k
  if (newlen > base->cap) {
86
2.37k
    if (!base->can_resize) {
87
0
      OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
88
0
      goto err;
89
0
    }
90
91
2.37k
    size_t newcap = base->cap * 2;
92
2.37k
    if (newcap < base->cap || newcap < newlen) {
93
260
      newcap = newlen;
94
260
    }
95
2.37k
    uint8_t *newbuf = OPENSSL_realloc(base->buf, newcap);
96
2.37k
    if (newbuf == NULL) {
97
0
      goto err;
98
0
    }
99
100
2.37k
    base->buf = newbuf;
101
2.37k
    base->cap = newcap;
102
2.37k
  }
103
104
184k
  if (out) {
105
184k
    *out = base->buf + base->len;
106
184k
  }
107
108
184k
  return 1;
109
110
0
err:
111
0
  base->error = 1;
112
0
  return 0;
113
184k
}
114
115
static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out,
116
184k
                          size_t len) {
117
184k
  if (!cbb_buffer_reserve(base, out, len)) {
118
0
    return 0;
119
0
  }
120
  // This will not overflow or |cbb_buffer_reserve| would have failed.
121
184k
  base->len += len;
122
184k
  return 1;
123
184k
}
124
125
685
int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) {
126
685
  if (cbb->is_child) {
127
0
    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
128
0
    return 0;
129
0
  }
130
131
685
  if (!CBB_flush(cbb)) {
132
0
    return 0;
133
0
  }
134
135
685
  if (cbb->u.base.can_resize && (out_data == NULL || out_len == NULL)) {
136
    // |out_data| and |out_len| can only be NULL if the CBB is fixed.
137
0
    return 0;
138
0
  }
139
140
685
  if (out_data != NULL) {
141
685
    *out_data = cbb->u.base.buf;
142
685
  }
143
685
  if (out_len != NULL) {
144
685
    *out_len = cbb->u.base.len;
145
685
  }
146
685
  cbb->u.base.buf = NULL;
147
685
  CBB_cleanup(cbb);
148
685
  return 1;
149
685
}
150
151
370k
static struct cbb_buffer_st *cbb_get_base(CBB *cbb) {
152
370k
  if (cbb->is_child) {
153
2.24k
    return cbb->u.child.base;
154
2.24k
  }
155
368k
  return &cbb->u.base;
156
370k
}
157
158
0
static void cbb_on_error(CBB *cbb) {
159
  // Due to C's lack of destructors and |CBB|'s auto-flushing API, a failing
160
  // |CBB|-taking function may leave a dangling pointer to a child |CBB|. As a
161
  // result, the convention is callers may not write to |CBB|s that have failed.
162
  // But, as a safety measure, we lock the |CBB| into an error state. Once the
163
  // error bit is set, |cbb->child| will not be read.
164
  //
165
  // TODO(davidben): This still isn't quite ideal. A |CBB| function *outside*
166
  // this file may originate an error while the |CBB| points to a local child.
167
  // In that case we don't set the error bit and are reliant on the error
168
  // convention. Perhaps we allow |CBB_cleanup| on child |CBB|s and make every
169
  // child's |CBB_cleanup| set the error bit if unflushed. That will be
170
  // convenient for C++ callers, but very tedious for C callers. So C callers
171
  // perhaps should get a |CBB_on_error| function that can be, less tediously,
172
  // stuck in a |goto err| block.
173
0
  cbb_get_base(cbb)->error = 1;
174
175
  // Clearing the pointer is not strictly necessary, but GCC's dangling pointer
176
  // warning does not know |cbb->child| will not be read once |error| is set
177
  // above.
178
0
  cbb->child = NULL;
179
0
}
180
181
// CBB_flush recurses and then writes out any pending length prefix. The
182
// current length of the underlying base is taken to be the length of the
183
// length-prefixed data.
184
186k
int CBB_flush(CBB *cbb) {
185
  // If |base| has hit an error, the buffer is in an undefined state, so
186
  // fail all following calls. In particular, |cbb->child| may point to invalid
187
  // memory.
188
186k
  struct cbb_buffer_st *base = cbb_get_base(cbb);
189
186k
  if (base == NULL || base->error) {
190
0
    return 0;
191
0
  }
192
193
186k
  if (cbb->child == NULL) {
194
    // Nothing to flush.
195
185k
    return 1;
196
185k
  }
197
198
366
  assert(cbb->child->is_child);
199
366
  struct cbb_child_st *child = &cbb->child->u.child;
200
366
  assert(child->base == base);
201
366
  size_t child_start = child->offset + child->pending_len_len;
202
203
366
  if (!CBB_flush(cbb->child) ||
204
366
      child_start < child->offset ||
205
366
      base->len < child_start) {
206
0
    goto err;
207
0
  }
208
209
366
  size_t len = base->len - child_start;
210
211
366
  if (child->pending_is_asn1) {
212
    // For ASN.1 we assume that we'll only need a single byte for the length.
213
    // If that turned out to be incorrect, we have to move the contents along
214
    // in order to make space.
215
366
    uint8_t len_len;
216
366
    uint8_t initial_length_byte;
217
218
366
    assert (child->pending_len_len == 1);
219
220
366
    if (len > 0xfffffffe) {
221
0
      OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
222
      // Too large.
223
0
      goto err;
224
366
    } else if (len > 0xffffff) {
225
0
      len_len = 5;
226
0
      initial_length_byte = 0x80 | 4;
227
366
    } else if (len > 0xffff) {
228
0
      len_len = 4;
229
0
      initial_length_byte = 0x80 | 3;
230
366
    } else if (len > 0xff) {
231
150
      len_len = 3;
232
150
      initial_length_byte = 0x80 | 2;
233
216
    } else if (len > 0x7f) {
234
18
      len_len = 2;
235
18
      initial_length_byte = 0x80 | 1;
236
198
    } else {
237
198
      len_len = 1;
238
198
      initial_length_byte = (uint8_t)len;
239
198
      len = 0;
240
198
    }
241
242
366
    if (len_len != 1) {
243
      // We need to move the contents along in order to make space.
244
168
      size_t extra_bytes = len_len - 1;
245
168
      if (!cbb_buffer_add(base, NULL, extra_bytes)) {
246
0
        goto err;
247
0
      }
248
168
      OPENSSL_memmove(base->buf + child_start + extra_bytes,
249
168
                      base->buf + child_start, len);
250
168
    }
251
366
    base->buf[child->offset++] = initial_length_byte;
252
366
    child->pending_len_len = len_len - 1;
253
366
  }
254
255
684
  for (size_t i = child->pending_len_len - 1; i < child->pending_len_len; i--) {
256
318
    base->buf[child->offset + i] = (uint8_t)len;
257
318
    len >>= 8;
258
318
  }
259
366
  if (len != 0) {
260
0
    OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
261
0
    goto err;
262
0
  }
263
264
366
  child->base = NULL;
265
366
  cbb->child = NULL;
266
267
366
  return 1;
268
269
0
err:
270
0
  cbb_on_error(cbb);
271
0
  return 0;
272
366
}
273
274
0
const uint8_t *CBB_data(const CBB *cbb) {
275
0
  assert(cbb->child == NULL);
276
0
  if (cbb->is_child) {
277
0
    return cbb->u.child.base->buf + cbb->u.child.offset +
278
0
           cbb->u.child.pending_len_len;
279
0
  }
280
0
  return cbb->u.base.buf;
281
0
}
282
283
0
size_t CBB_len(const CBB *cbb) {
284
0
  assert(cbb->child == NULL);
285
0
  if (cbb->is_child) {
286
0
    assert(cbb->u.child.offset + cbb->u.child.pending_len_len <=
287
0
           cbb->u.child.base->len);
288
0
    return cbb->u.child.base->len - cbb->u.child.offset -
289
0
           cbb->u.child.pending_len_len;
290
0
  }
291
0
  return cbb->u.base.len;
292
0
}
293
294
static int cbb_add_child(CBB *cbb, CBB *out_child, uint8_t len_len,
295
366
                         int is_asn1) {
296
366
  assert(cbb->child == NULL);
297
366
  assert(!is_asn1 || len_len == 1);
298
366
  struct cbb_buffer_st *base = cbb_get_base(cbb);
299
366
  size_t offset = base->len;
300
301
  // Reserve space for the length prefix.
302
366
  uint8_t *prefix_bytes;
303
366
  if (!cbb_buffer_add(base, &prefix_bytes, len_len)) {
304
0
    return 0;
305
0
  }
306
366
  OPENSSL_memset(prefix_bytes, 0, len_len);
307
308
366
  CBB_zero(out_child);
309
366
  out_child->is_child = 1;
310
366
  out_child->u.child.base = base;
311
366
  out_child->u.child.offset = offset;
312
366
  out_child->u.child.pending_len_len = len_len;
313
366
  out_child->u.child.pending_is_asn1 = is_asn1;
314
366
  cbb->child = out_child;
315
366
  return 1;
316
366
}
317
318
static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
319
0
                                   uint8_t len_len) {
320
0
  if (!CBB_flush(cbb)) {
321
0
    return 0;
322
0
  }
323
324
0
  return cbb_add_child(cbb, out_contents, len_len, /*is_asn1=*/0);
325
0
}
326
327
0
int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) {
328
0
  return cbb_add_length_prefixed(cbb, out_contents, 1);
329
0
}
330
331
0
int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) {
332
0
  return cbb_add_length_prefixed(cbb, out_contents, 2);
333
0
}
334
335
0
int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) {
336
0
  return cbb_add_length_prefixed(cbb, out_contents, 3);
337
0
}
338
339
// add_base128_integer encodes |v| as a big-endian base-128 integer where the
340
// high bit of each byte indicates where there is more data. This is the
341
// encoding used in DER for both high tag number form and OID components.
342
0
static int add_base128_integer(CBB *cbb, uint64_t v) {
343
0
  unsigned len_len = 0;
344
0
  uint64_t copy = v;
345
0
  while (copy > 0) {
346
0
    len_len++;
347
0
    copy >>= 7;
348
0
  }
349
0
  if (len_len == 0) {
350
0
    len_len = 1;  // Zero is encoded with one byte.
351
0
  }
352
0
  for (unsigned i = len_len - 1; i < len_len; i--) {
353
0
    uint8_t byte = (v >> (7 * i)) & 0x7f;
354
0
    if (i != 0) {
355
      // The high bit denotes whether there is more data.
356
0
      byte |= 0x80;
357
0
    }
358
0
    if (!CBB_add_u8(cbb, byte)) {
359
0
      return 0;
360
0
    }
361
0
  }
362
0
  return 1;
363
0
}
364
365
366
int CBB_add_asn1(CBB *cbb, CBB *out_contents, CBS_ASN1_TAG tag) {
366
366
  if (!CBB_flush(cbb)) {
367
0
    return 0;
368
0
  }
369
370
  // Split the tag into leading bits and tag number.
371
366
  uint8_t tag_bits = (tag >> CBS_ASN1_TAG_SHIFT) & 0xe0;
372
366
  CBS_ASN1_TAG tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK;
373
366
  if (tag_number >= 0x1f) {
374
    // Set all the bits in the tag number to signal high tag number form.
375
0
    if (!CBB_add_u8(cbb, tag_bits | 0x1f) ||
376
0
        !add_base128_integer(cbb, tag_number)) {
377
0
      return 0;
378
0
    }
379
366
  } else if (!CBB_add_u8(cbb, tag_bits | tag_number)) {
380
0
    return 0;
381
0
  }
382
383
  // Reserve one byte of length prefix. |CBB_flush| will finish it later.
384
366
  return cbb_add_child(cbb, out_contents, /*len_len=*/1, /*is_asn1=*/1);
385
366
}
386
387
0
int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) {
388
0
  uint8_t *out;
389
0
  if (!CBB_add_space(cbb, &out, len)) {
390
0
    return 0;
391
0
  }
392
0
  OPENSSL_memcpy(out, data, len);
393
0
  return 1;
394
0
}
395
396
0
int CBB_add_zeros(CBB *cbb, size_t len) {
397
0
  uint8_t *out;
398
0
  if (!CBB_add_space(cbb, &out, len)) {
399
0
    return 0;
400
0
  }
401
0
  OPENSSL_memset(out, 0, len);
402
0
  return 1;
403
0
}
404
405
184k
int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) {
406
184k
  if (!CBB_flush(cbb) ||
407
184k
      !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) {
408
0
    return 0;
409
0
  }
410
184k
  return 1;
411
184k
}
412
413
0
int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len) {
414
0
  if (!CBB_flush(cbb) ||
415
0
      !cbb_buffer_reserve(cbb_get_base(cbb), out_data, len)) {
416
0
    return 0;
417
0
  }
418
0
  return 1;
419
0
}
420
421
0
int CBB_did_write(CBB *cbb, size_t len) {
422
0
  struct cbb_buffer_st *base = cbb_get_base(cbb);
423
0
  size_t newlen = base->len + len;
424
0
  if (cbb->child != NULL ||
425
0
      newlen < base->len ||
426
0
      newlen > base->cap) {
427
0
    return 0;
428
0
  }
429
0
  base->len = newlen;
430
0
  return 1;
431
0
}
432
433
184k
static int cbb_add_u(CBB *cbb, uint64_t v, size_t len_len) {
434
184k
  uint8_t *buf;
435
184k
  if (!CBB_add_space(cbb, &buf, len_len)) {
436
0
    return 0;
437
0
  }
438
439
368k
  for (size_t i = len_len - 1; i < len_len; i--) {
440
184k
    buf[i] = v;
441
184k
    v >>= 8;
442
184k
  }
443
444
  // |v| must fit in |len_len| bytes.
445
184k
  if (v != 0) {
446
0
    cbb_on_error(cbb);
447
0
    return 0;
448
0
  }
449
450
184k
  return 1;
451
184k
}
452
453
184k
int CBB_add_u8(CBB *cbb, uint8_t value) {
454
184k
  return cbb_add_u(cbb, value, 1);
455
184k
}
456
457
0
int CBB_add_u16(CBB *cbb, uint16_t value) {
458
0
  return cbb_add_u(cbb, value, 2);
459
0
}
460
461
0
int CBB_add_u16le(CBB *cbb, uint16_t value) {
462
0
  return CBB_add_u16(cbb, CRYPTO_bswap2(value));
463
0
}
464
465
0
int CBB_add_u24(CBB *cbb, uint32_t value) {
466
0
  return cbb_add_u(cbb, value, 3);
467
0
}
468
469
0
int CBB_add_u32(CBB *cbb, uint32_t value) {
470
0
  return cbb_add_u(cbb, value, 4);
471
0
}
472
473
0
int CBB_add_u32le(CBB *cbb, uint32_t value) {
474
0
  return CBB_add_u32(cbb, CRYPTO_bswap4(value));
475
0
}
476
477
0
int CBB_add_u64(CBB *cbb, uint64_t value) {
478
0
  return cbb_add_u(cbb, value, 8);
479
0
}
480
481
0
int CBB_add_u64le(CBB *cbb, uint64_t value) {
482
0
  return CBB_add_u64(cbb, CRYPTO_bswap8(value));
483
0
}
484
485
0
void CBB_discard_child(CBB *cbb) {
486
0
  if (cbb->child == NULL) {
487
0
    return;
488
0
  }
489
490
0
  struct cbb_buffer_st *base = cbb_get_base(cbb);
491
0
  assert(cbb->child->is_child);
492
0
  base->len = cbb->child->u.child.offset;
493
494
0
  cbb->child->u.child.base = NULL;
495
0
  cbb->child = NULL;
496
0
}
497
498
0
int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
499
0
  return CBB_add_asn1_uint64_with_tag(cbb, value, CBS_ASN1_INTEGER);
500
0
}
501
502
0
int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) {
503
0
  CBB child;
504
0
  if (!CBB_add_asn1(cbb, &child, tag)) {
505
0
    goto err;
506
0
  }
507
508
0
  int started = 0;
509
0
  for (size_t i = 0; i < 8; i++) {
510
0
    uint8_t byte = (value >> 8*(7-i)) & 0xff;
511
0
    if (!started) {
512
0
      if (byte == 0) {
513
        // Don't encode leading zeros.
514
0
        continue;
515
0
      }
516
      // If the high bit is set, add a padding byte to make it
517
      // unsigned.
518
0
      if ((byte & 0x80) && !CBB_add_u8(&child, 0)) {
519
0
        goto err;
520
0
      }
521
0
      started = 1;
522
0
    }
523
0
    if (!CBB_add_u8(&child, byte)) {
524
0
      goto err;
525
0
    }
526
0
  }
527
528
  // 0 is encoded as a single 0, not the empty string.
529
0
  if (!started && !CBB_add_u8(&child, 0)) {
530
0
    goto err;
531
0
  }
532
533
0
  return CBB_flush(cbb);
534
535
0
err:
536
0
  cbb_on_error(cbb);
537
0
  return 0;
538
0
}
539
540
0
int CBB_add_asn1_int64(CBB *cbb, int64_t value) {
541
0
  return CBB_add_asn1_int64_with_tag(cbb, value, CBS_ASN1_INTEGER);
542
0
}
543
544
0
int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value, CBS_ASN1_TAG tag) {
545
0
  if (value >= 0) {
546
0
    return CBB_add_asn1_uint64_with_tag(cbb, (uint64_t)value, tag);
547
0
  }
548
549
0
  uint8_t bytes[sizeof(int64_t)];
550
0
  memcpy(bytes, &value, sizeof(value));
551
0
  int start = 7;
552
  // Skip leading sign-extension bytes unless they are necessary.
553
0
  while (start > 0 && (bytes[start] == 0xff && (bytes[start - 1] & 0x80))) {
554
0
    start--;
555
0
  }
556
557
0
  CBB child;
558
0
  if (!CBB_add_asn1(cbb, &child, tag)) {
559
0
    goto err;
560
0
  }
561
0
  for (int i = start; i >= 0; i--) {
562
0
    if (!CBB_add_u8(&child, bytes[i])) {
563
0
      goto err;
564
0
    }
565
0
  }
566
0
  return CBB_flush(cbb);
567
568
0
err:
569
0
  cbb_on_error(cbb);
570
0
  return 0;
571
0
}
572
573
0
int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
574
0
  CBB child;
575
0
  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_OCTETSTRING) ||
576
0
      !CBB_add_bytes(&child, data, data_len) ||
577
0
      !CBB_flush(cbb)) {
578
0
    cbb_on_error(cbb);
579
0
    return 0;
580
0
  }
581
582
0
  return 1;
583
0
}
584
585
0
int CBB_add_asn1_bool(CBB *cbb, int value) {
586
0
  CBB child;
587
0
  if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) ||
588
0
      !CBB_add_u8(&child, value != 0 ? 0xff : 0) ||
589
0
      !CBB_flush(cbb)) {
590
0
    cbb_on_error(cbb);
591
0
    return 0;
592
0
  }
593
594
0
  return 1;
595
0
}
596
597
// parse_dotted_decimal parses one decimal component from |cbs|, where |cbs| is
598
// an OID literal, e.g., "1.2.840.113554.4.1.72585". It consumes both the
599
// component and the dot, so |cbs| may be passed into the function again for the
600
// next value.
601
0
static int parse_dotted_decimal(CBS *cbs, uint64_t *out) {
602
0
  if (!CBS_get_u64_decimal(cbs, out)) {
603
0
    return 0;
604
0
  }
605
606
  // The integer must have either ended at the end of the string, or a
607
  // non-terminal dot, which should be consumed. If the string ends with a dot,
608
  // this is not a valid OID string.
609
0
  uint8_t dot;
610
0
  return !CBS_get_u8(cbs, &dot) || (dot == '.' && CBS_len(cbs) > 0);
611
0
}
612
613
0
int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) {
614
0
  if (!CBB_flush(cbb)) {
615
0
    return 0;
616
0
  }
617
618
0
  CBS cbs;
619
0
  CBS_init(&cbs, (const uint8_t *)text, len);
620
621
  // OIDs must have at least two components.
622
0
  uint64_t a, b;
623
0
  if (!parse_dotted_decimal(&cbs, &a) ||
624
0
      !parse_dotted_decimal(&cbs, &b)) {
625
0
    return 0;
626
0
  }
627
628
  // The first component is encoded as 40 * |a| + |b|. This assumes that |a| is
629
  // 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39.
630
0
  if (a > 2 ||
631
0
      (a < 2 && b > 39) ||
632
0
      b > UINT64_MAX - 80 ||
633
0
      !add_base128_integer(cbb, 40u * a + b)) {
634
0
    return 0;
635
0
  }
636
637
  // The remaining components are encoded unmodified.
638
0
  while (CBS_len(&cbs) > 0) {
639
0
    if (!parse_dotted_decimal(&cbs, &a) ||
640
0
        !add_base128_integer(cbb, a)) {
641
0
      return 0;
642
0
    }
643
0
  }
644
645
0
  return 1;
646
0
}
647
648
0
static int compare_set_of_element(const void *a_ptr, const void *b_ptr) {
649
  // See X.690, section 11.6 for the ordering. They are sorted in ascending
650
  // order by their DER encoding.
651
0
  const CBS *a = a_ptr, *b = b_ptr;
652
0
  size_t a_len = CBS_len(a), b_len = CBS_len(b);
653
0
  size_t min_len = a_len < b_len ? a_len : b_len;
654
0
  int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len);
655
0
  if (ret != 0) {
656
0
    return ret;
657
0
  }
658
0
  if (a_len == b_len) {
659
0
    return 0;
660
0
  }
661
  // If one is a prefix of the other, the shorter one sorts first. (This is not
662
  // actually reachable. No DER encoding is a prefix of another DER encoding.)
663
0
  return a_len < b_len ? -1 : 1;
664
0
}
665
666
0
int CBB_flush_asn1_set_of(CBB *cbb) {
667
0
  if (!CBB_flush(cbb)) {
668
0
    return 0;
669
0
  }
670
671
0
  CBS cbs;
672
0
  size_t num_children = 0;
673
0
  CBS_init(&cbs, CBB_data(cbb), CBB_len(cbb));
674
0
  while (CBS_len(&cbs) != 0) {
675
0
    if (!CBS_get_any_asn1_element(&cbs, NULL, NULL, NULL)) {
676
0
      OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
677
0
      return 0;
678
0
    }
679
0
    num_children++;
680
0
  }
681
682
0
  if (num_children < 2) {
683
0
    return 1;  // Nothing to do. This is the common case for X.509.
684
0
  }
685
686
  // Parse out the children and sort. We alias them into a copy of so they
687
  // remain valid as we rewrite |cbb|.
688
0
  int ret = 0;
689
0
  size_t buf_len = CBB_len(cbb);
690
0
  uint8_t *buf = OPENSSL_memdup(CBB_data(cbb), buf_len);
691
0
  CBS *children = OPENSSL_calloc(num_children, sizeof(CBS));
692
0
  if (buf == NULL || children == NULL) {
693
0
    goto err;
694
0
  }
695
0
  CBS_init(&cbs, buf, buf_len);
696
0
  for (size_t i = 0; i < num_children; i++) {
697
0
    if (!CBS_get_any_asn1_element(&cbs, &children[i], NULL, NULL)) {
698
0
      goto err;
699
0
    }
700
0
  }
701
0
  qsort(children, num_children, sizeof(CBS), compare_set_of_element);
702
703
  // Write the contents back in the new order.
704
0
  uint8_t *out = (uint8_t *)CBB_data(cbb);
705
0
  size_t offset = 0;
706
0
  for (size_t i = 0; i < num_children; i++) {
707
0
    OPENSSL_memcpy(out + offset, CBS_data(&children[i]), CBS_len(&children[i]));
708
0
    offset += CBS_len(&children[i]);
709
0
  }
710
0
  assert(offset == buf_len);
711
712
0
  ret = 1;
713
714
0
err:
715
0
  OPENSSL_free(buf);
716
0
  OPENSSL_free(children);
717
0
  return ret;
718
0
}