Coverage Report

Created: 2024-11-21 07:03

/src/boringssl/crypto/bytestring/cbs.c
Line
Count
Source (jump to first uncovered line)
1
/* Copyright (c) 2014, Google Inc.
2
 *
3
 * Permission to use, copy, modify, and/or distribute this software for any
4
 * purpose with or without fee is hereby granted, provided that the above
5
 * copyright notice and this permission notice appear in all copies.
6
 *
7
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10
 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12
 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13
 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15
#include <openssl/asn1.h>
16
#include <openssl/bytestring.h>
17
#include <openssl/mem.h>
18
19
#include <assert.h>
20
#include <ctype.h>
21
#include <inttypes.h>
22
#include <string.h>
23
24
#include "../asn1/internal.h"
25
#include "../internal.h"
26
#include "internal.h"
27
28
29
1.06k
static int cbs_get(CBS *cbs, const uint8_t **p, size_t n) {
30
1.06k
  if (cbs->len < n) {
31
9
    return 0;
32
9
  }
33
34
1.05k
  *p = cbs->data;
35
1.05k
  cbs->data += n;
36
1.05k
  cbs->len -= n;
37
1.05k
  return 1;
38
1.06k
}
39
40
183
int CBS_skip(CBS *cbs, size_t len) {
41
183
  const uint8_t *dummy;
42
183
  return cbs_get(cbs, &dummy, len);
43
183
}
44
45
0
int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) {
46
0
  OPENSSL_free(*out_ptr);
47
0
  *out_ptr = NULL;
48
0
  *out_len = 0;
49
50
0
  if (cbs->len == 0) {
51
0
    return 1;
52
0
  }
53
0
  *out_ptr = OPENSSL_memdup(cbs->data, cbs->len);
54
0
  if (*out_ptr == NULL) {
55
0
    return 0;
56
0
  }
57
0
  *out_len = cbs->len;
58
0
  return 1;
59
0
}
60
61
0
int CBS_strdup(const CBS *cbs, char **out_ptr) {
62
0
  if (*out_ptr != NULL) {
63
0
    OPENSSL_free(*out_ptr);
64
0
  }
65
0
  *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len);
66
0
  return (*out_ptr != NULL);
67
0
}
68
69
0
int CBS_contains_zero_byte(const CBS *cbs) {
70
0
  return OPENSSL_memchr(cbs->data, 0, cbs->len) != NULL;
71
0
}
72
73
0
int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
74
0
  if (len != cbs->len) {
75
0
    return 0;
76
0
  }
77
0
  return CRYPTO_memcmp(cbs->data, data, len) == 0;
78
0
}
79
80
84
static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) {
81
84
  uint64_t result = 0;
82
84
  const uint8_t *data;
83
84
84
  if (!cbs_get(cbs, &data, len)) {
85
0
    return 0;
86
0
  }
87
243
  for (size_t i = 0; i < len; i++) {
88
159
    result <<= 8;
89
159
    result |= data[i];
90
159
  }
91
84
  *out = result;
92
84
  return 1;
93
84
}
94
95
610
int CBS_get_u8(CBS *cbs, uint8_t *out) {
96
610
  const uint8_t *v;
97
610
  if (!cbs_get(cbs, &v, 1)) {
98
9
    return 0;
99
9
  }
100
601
  *out = *v;
101
601
  return 1;
102
610
}
103
104
0
int CBS_get_u16(CBS *cbs, uint16_t *out) {
105
0
  uint64_t v;
106
0
  if (!cbs_get_u(cbs, &v, 2)) {
107
0
    return 0;
108
0
  }
109
0
  *out = v;
110
0
  return 1;
111
0
}
112
113
0
int CBS_get_u16le(CBS *cbs, uint16_t *out) {
114
0
  if (!CBS_get_u16(cbs, out)) {
115
0
    return 0;
116
0
  }
117
0
  *out = CRYPTO_bswap2(*out);
118
0
  return 1;
119
0
}
120
121
0
int CBS_get_u24(CBS *cbs, uint32_t *out) {
122
0
  uint64_t v;
123
0
  if (!cbs_get_u(cbs, &v, 3)) {
124
0
    return 0;
125
0
  }
126
0
  *out = (uint32_t)v;
127
0
  return 1;
128
0
}
129
130
0
int CBS_get_u32(CBS *cbs, uint32_t *out) {
131
0
  uint64_t v;
132
0
  if (!cbs_get_u(cbs, &v, 4)) {
133
0
    return 0;
134
0
  }
135
0
  *out = (uint32_t)v;
136
0
  return 1;
137
0
}
138
139
0
int CBS_get_u32le(CBS *cbs, uint32_t *out) {
140
0
  if (!CBS_get_u32(cbs, out)) {
141
0
    return 0;
142
0
  }
143
0
  *out = CRYPTO_bswap4(*out);
144
0
  return 1;
145
0
}
146
147
0
int CBS_get_u64(CBS *cbs, uint64_t *out) {
148
0
  return cbs_get_u(cbs, out, 8);
149
0
}
150
151
0
int CBS_get_u64le(CBS *cbs, uint64_t *out) {
152
0
  if (!cbs_get_u(cbs, out, 8)) {
153
0
    return 0;
154
0
  }
155
0
  *out = CRYPTO_bswap8(*out);
156
0
  return 1;
157
0
}
158
159
0
int CBS_get_last_u8(CBS *cbs, uint8_t *out) {
160
0
  if (cbs->len == 0) {
161
0
    return 0;
162
0
  }
163
0
  *out = cbs->data[cbs->len - 1];
164
0
  cbs->len--;
165
0
  return 1;
166
0
}
167
168
183
int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) {
169
183
  const uint8_t *v;
170
183
  if (!cbs_get(cbs, &v, len)) {
171
0
    return 0;
172
0
  }
173
183
  CBS_init(out, v, len);
174
183
  return 1;
175
183
}
176
177
0
int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
178
0
  const uint8_t *v;
179
0
  if (!cbs_get(cbs, &v, len)) {
180
0
    return 0;
181
0
  }
182
0
  OPENSSL_memcpy(out, v, len);
183
0
  return 1;
184
0
}
185
186
0
static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) {
187
0
  uint64_t len;
188
0
  if (!cbs_get_u(cbs, &len, len_len)) {
189
0
    return 0;
190
0
  }
191
  // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on
192
  // 32-bit systems.
193
0
  assert(len_len <= 3);
194
0
  return CBS_get_bytes(cbs, out, len);
195
0
}
196
197
0
int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) {
198
0
  return cbs_get_length_prefixed(cbs, out, 1);
199
0
}
200
201
0
int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) {
202
0
  return cbs_get_length_prefixed(cbs, out, 2);
203
0
}
204
205
0
int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) {
206
0
  return cbs_get_length_prefixed(cbs, out, 3);
207
0
}
208
209
0
int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) {
210
0
  const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs));
211
0
  if (split == NULL) {
212
0
    return 0;
213
0
  }
214
0
  return CBS_get_bytes(cbs, out, split - CBS_data(cbs));
215
0
}
216
217
0
int CBS_get_u64_decimal(CBS *cbs, uint64_t *out) {
218
0
  uint64_t v = 0;
219
0
  int seen_digit = 0;
220
0
  while (CBS_len(cbs) != 0) {
221
0
    uint8_t c = CBS_data(cbs)[0];
222
0
    if (!OPENSSL_isdigit(c)) {
223
0
      break;
224
0
    }
225
0
    CBS_skip(cbs, 1);
226
0
    if (// Forbid stray leading zeros.
227
0
        (v == 0 && seen_digit) ||
228
        // Check for overflow.
229
0
        v > UINT64_MAX / 10 ||  //
230
0
        v * 10 > UINT64_MAX - (c - '0')) {
231
0
      return 0;
232
0
    }
233
0
    v = v * 10 + (c - '0');
234
0
    seen_digit = 1;
235
0
  }
236
237
0
  *out = v;
238
0
  return seen_digit;
239
0
}
240
241
// parse_base128_integer reads a big-endian base-128 integer from |cbs| and sets
242
// |*out| to the result. This is the encoding used in DER for both high tag
243
// number form and OID components.
244
0
static int parse_base128_integer(CBS *cbs, uint64_t *out) {
245
0
  uint64_t v = 0;
246
0
  uint8_t b;
247
0
  do {
248
0
    if (!CBS_get_u8(cbs, &b)) {
249
0
      return 0;
250
0
    }
251
0
    if ((v >> (64 - 7)) != 0) {
252
      // The value is too large.
253
0
      return 0;
254
0
    }
255
0
    if (v == 0 && b == 0x80) {
256
      // The value must be minimally encoded.
257
0
      return 0;
258
0
    }
259
0
    v = (v << 7) | (b & 0x7f);
260
261
    // Values end at an octet with the high bit cleared.
262
0
  } while (b & 0x80);
263
264
0
  *out = v;
265
0
  return 1;
266
0
}
267
268
183
static int parse_asn1_tag(CBS *cbs, CBS_ASN1_TAG *out) {
269
183
  uint8_t tag_byte;
270
183
  if (!CBS_get_u8(cbs, &tag_byte)) {
271
0
    return 0;
272
0
  }
273
274
  // ITU-T X.690 section 8.1.2.3 specifies the format for identifiers with a tag
275
  // number no greater than 30.
276
  //
277
  // If the number portion is 31 (0x1f, the largest value that fits in the
278
  // allotted bits), then the tag is more than one byte long and the
279
  // continuation bytes contain the tag number.
280
183
  CBS_ASN1_TAG tag = ((CBS_ASN1_TAG)tag_byte & 0xe0) << CBS_ASN1_TAG_SHIFT;
281
183
  CBS_ASN1_TAG tag_number = tag_byte & 0x1f;
282
183
  if (tag_number == 0x1f) {
283
0
    uint64_t v;
284
0
    if (!parse_base128_integer(cbs, &v) ||
285
        // Check the tag number is within our supported bounds.
286
0
        v > CBS_ASN1_TAG_NUMBER_MASK ||
287
        // Small tag numbers should have used low tag number form, even in BER.
288
0
        v < 0x1f) {
289
0
      return 0;
290
0
    }
291
0
    tag_number = (CBS_ASN1_TAG)v;
292
0
  }
293
294
183
  tag |= tag_number;
295
296
  // Tag [UNIVERSAL 0] is reserved for use by the encoding. Reject it here to
297
  // avoid some ambiguity around ANY values and BER indefinite-length EOCs. See
298
  // https://crbug.com/boringssl/455.
299
183
  if ((tag & ~CBS_ASN1_CONSTRUCTED) == 0) {
300
0
    return 0;
301
0
  }
302
303
183
  *out = tag;
304
183
  return 1;
305
183
}
306
307
static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
308
                                    size_t *out_header_len, int *out_ber_found,
309
183
                                    int *out_indefinite, int ber_ok) {
310
183
  CBS header = *cbs;
311
183
  CBS throwaway;
312
313
183
  if (out == NULL) {
314
0
    out = &throwaway;
315
0
  }
316
183
  if (ber_ok) {
317
0
    *out_ber_found = 0;
318
0
    *out_indefinite = 0;
319
183
  } else {
320
183
    assert(out_ber_found == NULL);
321
183
    assert(out_indefinite == NULL);
322
183
  }
323
324
183
  CBS_ASN1_TAG tag;
325
183
  if (!parse_asn1_tag(&header, &tag)) {
326
0
    return 0;
327
0
  }
328
183
  if (out_tag != NULL) {
329
183
    *out_tag = tag;
330
183
  }
331
332
183
  uint8_t length_byte;
333
183
  if (!CBS_get_u8(&header, &length_byte)) {
334
0
    return 0;
335
0
  }
336
337
183
  size_t header_len = CBS_len(cbs) - CBS_len(&header);
338
339
183
  size_t len;
340
  // The format for the length encoding is specified in ITU-T X.690 section
341
  // 8.1.3.
342
183
  if ((length_byte & 0x80) == 0) {
343
    // Short form length.
344
99
    len = ((size_t) length_byte) + header_len;
345
99
    if (out_header_len != NULL) {
346
99
      *out_header_len = header_len;
347
99
    }
348
99
  } else {
349
    // The high bit indicate that this is the long form, while the next 7 bits
350
    // encode the number of subsequent octets used to encode the length (ITU-T
351
    // X.690 clause 8.1.3.5.b).
352
84
    const size_t num_bytes = length_byte & 0x7f;
353
84
    uint64_t len64;
354
355
84
    if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
356
      // indefinite length
357
0
      if (out_header_len != NULL) {
358
0
        *out_header_len = header_len;
359
0
      }
360
0
      *out_ber_found = 1;
361
0
      *out_indefinite = 1;
362
0
      return CBS_get_bytes(cbs, out, header_len);
363
0
    }
364
365
    // ITU-T X.690 clause 8.1.3.5.c specifies that the value 0xff shall not be
366
    // used as the first byte of the length. If this parser encounters that
367
    // value, num_bytes will be parsed as 127, which will fail this check.
368
84
    if (num_bytes == 0 || num_bytes > 4) {
369
0
      return 0;
370
0
    }
371
84
    if (!cbs_get_u(&header, &len64, num_bytes)) {
372
0
      return 0;
373
0
    }
374
    // ITU-T X.690 section 10.1 (DER length forms) requires encoding the
375
    // length with the minimum number of octets. BER could, technically, have
376
    // 125 superfluous zero bytes. We do not attempt to handle that and still
377
    // require that the length fit in a |uint32_t| for BER.
378
84
    if (len64 < 128) {
379
      // Length should have used short-form encoding.
380
0
      if (ber_ok) {
381
0
        *out_ber_found = 1;
382
0
      } else {
383
0
        return 0;
384
0
      }
385
0
    }
386
84
    if ((len64 >> ((num_bytes - 1) * 8)) == 0) {
387
      // Length should have been at least one byte shorter.
388
0
      if (ber_ok) {
389
0
        *out_ber_found = 1;
390
0
      } else {
391
0
        return 0;
392
0
      }
393
0
    }
394
84
    len = len64;
395
84
    if (len + header_len + num_bytes < len) {
396
      // Overflow.
397
0
      return 0;
398
0
    }
399
84
    len += header_len + num_bytes;
400
84
    if (out_header_len != NULL) {
401
84
      *out_header_len = header_len + num_bytes;
402
84
    }
403
84
  }
404
405
183
  return CBS_get_bytes(cbs, out, len);
406
183
}
407
408
0
int CBS_get_any_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag) {
409
0
  size_t header_len;
410
0
  if (!CBS_get_any_asn1_element(cbs, out, out_tag, &header_len)) {
411
0
    return 0;
412
0
  }
413
414
0
  if (!CBS_skip(out, header_len)) {
415
0
    assert(0);
416
0
    return 0;
417
0
  }
418
419
0
  return 1;
420
0
}
421
422
int CBS_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
423
183
                                    size_t *out_header_len) {
424
183
  return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, NULL, NULL,
425
183
                                  /*ber_ok=*/0);
426
183
}
427
428
int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
429
                                 size_t *out_header_len, int *out_ber_found,
430
0
                                 int *out_indefinite) {
431
0
  int ber_found_temp;
432
0
  return cbs_get_any_asn1_element(
433
0
      cbs, out, out_tag, out_header_len,
434
0
      out_ber_found ? out_ber_found : &ber_found_temp, out_indefinite,
435
0
      /*ber_ok=*/1);
436
0
}
437
438
static int cbs_get_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value,
439
183
                        int skip_header) {
440
183
  size_t header_len;
441
183
  CBS_ASN1_TAG tag;
442
183
  CBS throwaway;
443
444
183
  if (out == NULL) {
445
0
    out = &throwaway;
446
0
  }
447
448
183
  if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
449
183
      tag != tag_value) {
450
0
    return 0;
451
0
  }
452
453
183
  if (skip_header && !CBS_skip(out, header_len)) {
454
0
    assert(0);
455
0
    return 0;
456
0
  }
457
458
183
  return 1;
459
183
}
460
461
183
int CBS_get_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value) {
462
183
  return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
463
183
}
464
465
0
int CBS_get_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value) {
466
0
  return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
467
0
}
468
469
0
int CBS_peek_asn1_tag(const CBS *cbs, CBS_ASN1_TAG tag_value) {
470
0
  CBS copy = *cbs;
471
0
  CBS_ASN1_TAG actual_tag;
472
0
  return parse_asn1_tag(&copy, &actual_tag) && tag_value == actual_tag;
473
0
}
474
475
0
int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
476
0
  CBS bytes;
477
0
  if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) ||
478
0
      !CBS_is_unsigned_asn1_integer(&bytes)) {
479
0
    return 0;
480
0
  }
481
482
0
  *out = 0;
483
0
  const uint8_t *data = CBS_data(&bytes);
484
0
  size_t len = CBS_len(&bytes);
485
0
  for (size_t i = 0; i < len; i++) {
486
0
    if ((*out >> 56) != 0) {
487
      // Too large to represent as a uint64_t.
488
0
      return 0;
489
0
    }
490
0
    *out <<= 8;
491
0
    *out |= data[i];
492
0
  }
493
494
0
  return 1;
495
0
}
496
497
0
int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
498
0
  int is_negative;
499
0
  CBS bytes;
500
0
  if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) ||
501
0
      !CBS_is_valid_asn1_integer(&bytes, &is_negative)) {
502
0
    return 0;
503
0
  }
504
0
  const uint8_t *data = CBS_data(&bytes);
505
0
  const size_t len = CBS_len(&bytes);
506
0
  if (len > sizeof(int64_t)) {
507
0
    return 0;
508
0
  }
509
0
  uint8_t sign_extend[sizeof(int64_t)];
510
0
  OPENSSL_memset(sign_extend, is_negative ? 0xff : 0, sizeof(sign_extend));
511
0
  OPENSSL_memcpy(sign_extend + sizeof(int64_t) - len, data, len);
512
0
  *out = CRYPTO_load_u64_be(sign_extend);
513
0
  return 1;
514
0
}
515
516
0
int CBS_get_asn1_bool(CBS *cbs, int *out) {
517
0
  CBS bytes;
518
0
  if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) ||
519
0
      CBS_len(&bytes) != 1) {
520
0
    return 0;
521
0
  }
522
523
0
  const uint8_t value = *CBS_data(&bytes);
524
0
  if (value != 0 && value != 0xff) {
525
0
    return 0;
526
0
  }
527
528
0
  *out = !!value;
529
0
  return 1;
530
0
}
531
532
0
int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, CBS_ASN1_TAG tag) {
533
0
  int present = 0;
534
535
0
  if (CBS_peek_asn1_tag(cbs, tag)) {
536
0
    if (!CBS_get_asn1(cbs, out, tag)) {
537
0
      return 0;
538
0
    }
539
0
    present = 1;
540
0
  }
541
542
0
  if (out_present != NULL) {
543
0
    *out_present = present;
544
0
  }
545
546
0
  return 1;
547
0
}
548
549
int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
550
0
                                       CBS_ASN1_TAG tag) {
551
0
  CBS child;
552
0
  int present;
553
0
  if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
554
0
    return 0;
555
0
  }
556
0
  if (present) {
557
0
    assert(out);
558
0
    if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
559
0
        CBS_len(&child) != 0) {
560
0
      return 0;
561
0
    }
562
0
  } else {
563
0
    CBS_init(out, NULL, 0);
564
0
  }
565
0
  if (out_present) {
566
0
    *out_present = present;
567
0
  }
568
0
  return 1;
569
0
}
570
571
int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, CBS_ASN1_TAG tag,
572
0
                                 uint64_t default_value) {
573
0
  CBS child;
574
0
  int present;
575
0
  if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
576
0
    return 0;
577
0
  }
578
0
  if (present) {
579
0
    if (!CBS_get_asn1_uint64(&child, out) ||
580
0
        CBS_len(&child) != 0) {
581
0
      return 0;
582
0
    }
583
0
  } else {
584
0
    *out = default_value;
585
0
  }
586
0
  return 1;
587
0
}
588
589
int CBS_get_optional_asn1_bool(CBS *cbs, int *out, CBS_ASN1_TAG tag,
590
0
                               int default_value) {
591
0
  CBS child, child2;
592
0
  int present;
593
0
  if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
594
0
    return 0;
595
0
  }
596
0
  if (present) {
597
0
    uint8_t boolean;
598
599
0
    if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
600
0
        CBS_len(&child2) != 1 ||
601
0
        CBS_len(&child) != 0) {
602
0
      return 0;
603
0
    }
604
605
0
    boolean = CBS_data(&child2)[0];
606
0
    if (boolean == 0) {
607
0
      *out = 0;
608
0
    } else if (boolean == 0xff) {
609
0
      *out = 1;
610
0
    } else {
611
0
      return 0;
612
0
    }
613
0
  } else {
614
0
    *out = default_value;
615
0
  }
616
0
  return 1;
617
0
}
618
619
0
int CBS_is_valid_asn1_bitstring(const CBS *cbs) {
620
0
  CBS in = *cbs;
621
0
  uint8_t num_unused_bits;
622
0
  if (!CBS_get_u8(&in, &num_unused_bits) ||
623
0
      num_unused_bits > 7) {
624
0
    return 0;
625
0
  }
626
627
0
  if (num_unused_bits == 0) {
628
0
    return 1;
629
0
  }
630
631
  // All num_unused_bits bits must exist and be zeros.
632
0
  uint8_t last;
633
0
  if (!CBS_get_last_u8(&in, &last) ||
634
0
      (last & ((1 << num_unused_bits) - 1)) != 0) {
635
0
    return 0;
636
0
  }
637
638
0
  return 1;
639
0
}
640
641
0
int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit) {
642
0
  if (!CBS_is_valid_asn1_bitstring(cbs)) {
643
0
    return 0;
644
0
  }
645
646
0
  const unsigned byte_num = (bit >> 3) + 1;
647
0
  const unsigned bit_num = 7 - (bit & 7);
648
649
  // Unused bits are zero, and this function does not distinguish between
650
  // missing and unset bits. Thus it is sufficient to do a byte-level length
651
  // check.
652
0
  return byte_num < CBS_len(cbs) &&
653
0
         (CBS_data(cbs)[byte_num] & (1 << bit_num)) != 0;
654
0
}
655
656
122
int CBS_is_valid_asn1_integer(const CBS *cbs, int *out_is_negative) {
657
122
  CBS copy = *cbs;
658
122
  uint8_t first_byte, second_byte;
659
122
  if (!CBS_get_u8(&copy, &first_byte)) {
660
0
    return 0;  // INTEGERs may not be empty.
661
0
  }
662
122
  if (out_is_negative != NULL) {
663
122
    *out_is_negative = (first_byte & 0x80) != 0;
664
122
  }
665
122
  if (!CBS_get_u8(&copy, &second_byte)) {
666
9
    return 1;  // One byte INTEGERs are always minimal.
667
9
  }
668
113
  if ((first_byte == 0x00 && (second_byte & 0x80) == 0) ||
669
113
      (first_byte == 0xff && (second_byte & 0x80) != 0)) {
670
0
    return 0;  // The value is minimal iff the first 9 bits are not all equal.
671
0
  }
672
113
  return 1;
673
113
}
674
675
0
int CBS_is_unsigned_asn1_integer(const CBS *cbs) {
676
0
  int is_negative;
677
0
  return CBS_is_valid_asn1_integer(cbs, &is_negative) && !is_negative;
678
0
}
679
680
0
static int add_decimal(CBB *out, uint64_t v) {
681
0
  char buf[DECIMAL_SIZE(uint64_t) + 1];
682
0
  snprintf(buf, sizeof(buf), "%" PRIu64, v);
683
0
  return CBB_add_bytes(out, (const uint8_t *)buf, strlen(buf));
684
0
}
685
686
0
int CBS_is_valid_asn1_oid(const CBS *cbs) {
687
0
  if (CBS_len(cbs) == 0) {
688
0
    return 0;  // OID encodings cannot be empty.
689
0
  }
690
691
0
  CBS copy = *cbs;
692
0
  uint8_t v, prev = 0;
693
0
  while (CBS_get_u8(&copy, &v)) {
694
    // OID encodings are a sequence of minimally-encoded base-128 integers (see
695
    // |parse_base128_integer|). If |prev|'s MSB was clear, it was the last byte
696
    // of an integer (or |v| is the first byte). |v| is then the first byte of
697
    // the next integer. If first byte of an integer is 0x80, it is not
698
    // minimally-encoded.
699
0
    if ((prev & 0x80) == 0 && v == 0x80) {
700
0
      return 0;
701
0
    }
702
0
    prev = v;
703
0
  }
704
705
  // The last byte should must end an integer encoding.
706
0
  return (prev & 0x80) == 0;
707
0
}
708
709
0
char *CBS_asn1_oid_to_text(const CBS *cbs) {
710
0
  CBB cbb;
711
0
  if (!CBB_init(&cbb, 32)) {
712
0
    goto err;
713
0
  }
714
715
0
  CBS copy = *cbs;
716
  // The first component is 40 * value1 + value2, where value1 is 0, 1, or 2.
717
0
  uint64_t v;
718
0
  if (!parse_base128_integer(&copy, &v)) {
719
0
    goto err;
720
0
  }
721
722
0
  if (v >= 80) {
723
0
    if (!CBB_add_bytes(&cbb, (const uint8_t *)"2.", 2) ||
724
0
        !add_decimal(&cbb, v - 80)) {
725
0
      goto err;
726
0
    }
727
0
  } else if (!add_decimal(&cbb, v / 40) ||
728
0
             !CBB_add_u8(&cbb, '.') ||
729
0
             !add_decimal(&cbb, v % 40)) {
730
0
    goto err;
731
0
  }
732
733
0
  while (CBS_len(&copy) != 0) {
734
0
    if (!parse_base128_integer(&copy, &v) ||
735
0
        !CBB_add_u8(&cbb, '.') ||
736
0
        !add_decimal(&cbb, v)) {
737
0
      goto err;
738
0
    }
739
0
  }
740
741
0
  uint8_t *txt;
742
0
  size_t txt_len;
743
0
  if (!CBB_add_u8(&cbb, '\0') ||
744
0
      !CBB_finish(&cbb, &txt, &txt_len)) {
745
0
    goto err;
746
0
  }
747
748
0
  return (char *)txt;
749
750
0
err:
751
0
  CBB_cleanup(&cbb);
752
0
  return NULL;
753
0
}
754
755
0
static int cbs_get_two_digits(CBS *cbs, int *out) {
756
0
  uint8_t first_digit, second_digit;
757
0
  if (!CBS_get_u8(cbs, &first_digit)) {
758
0
    return 0;
759
0
  }
760
0
  if (!OPENSSL_isdigit(first_digit)) {
761
0
    return 0;
762
0
  }
763
0
  if (!CBS_get_u8(cbs, &second_digit)) {
764
0
    return 0;
765
0
  }
766
0
  if (!OPENSSL_isdigit(second_digit)) {
767
0
    return 0;
768
0
  }
769
0
  *out = (first_digit - '0') * 10 + (second_digit - '0');
770
0
  return 1;
771
0
}
772
773
0
static int is_valid_day(int year, int month, int day) {
774
0
  if (day < 1) {
775
0
    return 0;
776
0
  }
777
0
  switch (month) {
778
0
    case 1:
779
0
    case 3:
780
0
    case 5:
781
0
    case 7:
782
0
    case 8:
783
0
    case 10:
784
0
    case 12:
785
0
      return day <= 31;
786
0
    case 4:
787
0
    case 6:
788
0
    case 9:
789
0
    case 11:
790
0
      return day <= 30;
791
0
    case 2:
792
0
      if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) {
793
0
        return day <= 29;
794
0
      } else {
795
0
        return day <= 28;
796
0
      }
797
0
    default:
798
0
      return 0;
799
0
  }
800
0
}
801
802
static int CBS_parse_rfc5280_time_internal(const CBS *cbs, int is_gentime,
803
                                           int allow_timezone_offset,
804
0
                                           struct tm *out_tm) {
805
0
  int year, month, day, hour, min, sec, tmp;
806
0
  CBS copy = *cbs;
807
0
  uint8_t tz;
808
809
0
  if (is_gentime) {
810
0
    if (!cbs_get_two_digits(&copy, &tmp)) {
811
0
      return 0;
812
0
    }
813
0
    year = tmp * 100;
814
0
    if (!cbs_get_two_digits(&copy, &tmp)) {
815
0
      return 0;
816
0
    }
817
0
      year += tmp;
818
0
  } else {
819
0
    year = 1900;
820
0
    if (!cbs_get_two_digits(&copy, &tmp)) {
821
0
      return 0;
822
0
    }
823
0
    year += tmp;
824
0
    if (year < 1950) {
825
0
      year += 100;
826
0
    }
827
0
    if (year >= 2050) {
828
0
      return 0;  // A Generalized time must be used.
829
0
    }
830
0
  }
831
0
  if (!cbs_get_two_digits(&copy, &month) || month < 1 ||
832
0
      month > 12 ||  // Reject invalid months.
833
0
      !cbs_get_two_digits(&copy, &day) ||
834
0
      !is_valid_day(year, month, day) ||  // Reject invalid days.
835
0
      !cbs_get_two_digits(&copy, &hour) ||
836
0
      hour > 23 ||  // Reject invalid hours.
837
0
      !cbs_get_two_digits(&copy, &min) ||
838
0
      min > 59 ||  // Reject invalid minutes.
839
0
      !cbs_get_two_digits(&copy, &sec) || sec > 59 || !CBS_get_u8(&copy, &tz)) {
840
0
    return 0;
841
0
  }
842
843
0
  int offset_sign = 0;
844
0
  switch (tz) {
845
0
    case 'Z':
846
0
      break;  // We correctly have 'Z' on the end as per spec.
847
0
    case '+':
848
0
      offset_sign = 1;
849
0
      break;  // Should not be allowed per RFC 5280.
850
0
    case '-':
851
0
      offset_sign = -1;
852
0
      break;  // Should not be allowed per RFC 5280.
853
0
    default:
854
0
      return 0;  // Reject anything else after the time.
855
0
  }
856
857
  // If allow_timezone_offset is non-zero, allow for a four digit timezone
858
  // offset to be specified even though this is not allowed by RFC 5280. We are
859
  // permissive of this for UTCTimes due to the unfortunate existence of
860
  // artisinally rolled long lived certificates that were baked into places that
861
  // are now difficult to change. These certificates were generated with the
862
  // 'openssl' command that permissively allowed the creation of certificates
863
  // with notBefore and notAfter times specified as strings for direct
864
  // certificate inclusion on the command line. For context see cl/237068815.
865
  //
866
  // TODO(bbe): This has been expunged from public web-pki as the ecosystem has
867
  // managed to encourage CA compliance with standards. We should find a way to
868
  // get rid of this or make it off by default.
869
0
  int offset_seconds = 0;
870
0
  if (offset_sign != 0) {
871
0
    if (!allow_timezone_offset) {
872
0
      return 0;
873
0
    }
874
0
    int offset_hours, offset_minutes;
875
0
    if (!cbs_get_two_digits(&copy, &offset_hours) ||
876
0
        offset_hours > 23 ||  // Reject invalid hours.
877
0
        !cbs_get_two_digits(&copy, &offset_minutes) ||
878
0
        offset_minutes > 59) {  // Reject invalid minutes.
879
0
      return 0;
880
0
    }
881
0
    offset_seconds = offset_sign * (offset_hours * 3600 + offset_minutes * 60);
882
0
  }
883
884
0
  if (CBS_len(&copy) != 0) {
885
0
    return 0;  // Reject invalid lengths.
886
0
  }
887
888
0
  if (out_tm != NULL) {
889
    // Fill in the tm fields corresponding to what we validated.
890
0
    out_tm->tm_year = year - 1900;
891
0
    out_tm->tm_mon = month - 1;
892
0
    out_tm->tm_mday = day;
893
0
    out_tm->tm_hour = hour;
894
0
    out_tm->tm_min = min;
895
0
    out_tm->tm_sec = sec;
896
0
    if (offset_seconds && !OPENSSL_gmtime_adj(out_tm, 0, offset_seconds)) {
897
0
      return 0;
898
0
    }
899
0
  }
900
0
  return 1;
901
0
}
902
903
int CBS_parse_generalized_time(const CBS *cbs, struct tm *out_tm,
904
0
                               int allow_timezone_offset) {
905
0
  return CBS_parse_rfc5280_time_internal(cbs, 1, allow_timezone_offset, out_tm);
906
0
}
907
908
int CBS_parse_utc_time(const CBS *cbs, struct tm *out_tm,
909
0
                       int allow_timezone_offset) {
910
0
  return CBS_parse_rfc5280_time_internal(cbs, 0, allow_timezone_offset, out_tm);
911
0
}