/src/openssl/crypto/asn1/a_d2i_fp.c

Source (jump to first uncovered line)
/* crypto/asn1/a_d2i_fp.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
 * This package is an SSL implementation written
 * by Eric Young (eay@cryptsoft.com).
 * The implementation was written so as to conform with Netscapes SSL.
 *
 * This library is free for commercial and non-commercial use as long as
 * the following conditions are aheared to.  The following conditions
 * apply to all code found in this distribution, be it the RC4, RSA,
 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
 * included with this distribution is covered by the same copyright terms
 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
 *
 * Copyright remains Eric Young's, and as such any Copyright notices in
 * the code are not to be removed.
 * If this package is used in a product, Eric Young should be given attribution
 * as the author of the parts of the library used.
 * This can be in the form of a textual message at program startup or
 * in documentation (online or textual) provided with the package.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *    "This product includes cryptographic software written by
 *     Eric Young (eay@cryptsoft.com)"
 *    The word 'cryptographic' can be left out if the rouines from the library
 *    being used are not cryptographic related :-).
 * 4. If you include any Windows specific code (or a derivative thereof) from
 *    the apps directory (application code) you must include an acknowledgement:
 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
 *
 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 *
 * The licence and distribution terms for any publically available version or
 * derivative of this code cannot be changed.  i.e. this code cannot simply be
 * copied and put under another distribution licence
 * [including the GNU Public Licence.]
 */

#include <stdio.h>
#include <limits.h>
#include "cryptlib.h"
#include <openssl/buffer.h>
#include <openssl/asn1_mac.h>

static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);

#ifndef NO_OLD_ASN1
# ifndef OPENSSL_NO_FP_API

void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
{
    BIO *b;
    void *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
        return (NULL);
    }
    BIO_set_fp(b, in, BIO_NOCLOSE);
    ret = ASN1_d2i_bio(xnew, d2i, b, x);
    BIO_free(b);
    return (ret);
}
# endif

void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
{
    BUF_MEM *b = NULL;
    const unsigned char *p;
    void *ret = NULL;
    int len;

    len = asn1_d2i_read_bio(in, &b);
    if (len < 0)
        goto err;

    p = (unsigned char *)b->data;
    ret = d2i(x, &p, len);
 err:
    if (b != NULL)
        BUF_MEM_free(b);
    return (ret);
}

#endif

void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
{
    BUF_MEM *b = NULL;
    const unsigned char *p;
    void *ret = NULL;
    int len;

    len = asn1_d2i_read_bio(in, &b);
    if (len < 0)
        goto err;

    p = (const unsigned char *)b->data;
    ret = ASN1_item_d2i(x, &p, len, it);
 err:
    if (b != NULL)
        BUF_MEM_free(b);
    return (ret);
}

#ifndef OPENSSL_NO_FP_API
void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
{
    BIO *b;
    char *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
        return (NULL);
    }
    BIO_set_fp(b, in, BIO_NOCLOSE);
    ret = ASN1_item_d2i_bio(it, b, x);
    BIO_free(b);
    return (ret);
}
#endif

#define HEADER_SIZE   8
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
    BUF_MEM *b;
    unsigned char *p;
    int i;
    ASN1_const_CTX c;
    size_t want = HEADER_SIZE;
    int eos = 0;
    size_t off = 0;
    size_t len = 0;

    b = BUF_MEM_new();
    if (b == NULL) {
        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
        return -1;
    }

    ERR_clear_error();
    for (;;) {
        if (want >= (len - off)) {
            want -= (len - off);

            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                goto err;
            }
            i = BIO_read(in, &(b->data[len]), want);
            if ((i < 0) && ((len - off) == 0)) {
                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
                goto err;
            }
            if (i > 0) {
                if (len + i < len) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                    goto err;
                }
                len += i;
            }
        }
        /* else data already loaded */

        p = (unsigned char *)&(b->data[off]);
        c.p = p;
        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
                                len - off);
        if (c.inf & 0x80) {
            unsigned long e;

            e = ERR_GET_REASON(ERR_peek_error());
            if (e != ASN1_R_TOO_LONG)
                goto err;
            else
                ERR_clear_error(); /* clear error */
        }
        i = c.p - p;            /* header length */
        off += i;               /* end of data */

        if (c.inf & 1) {
            /* no data body so go round again */
            eos++;
            if (eos < 0) {
                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
                goto err;
            }
            want = HEADER_SIZE;
        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
            /* eos value, so go back and read another header */
            eos--;
            if (eos <= 0)
                break;
            else
                want = HEADER_SIZE;
        } else {
            /* suck in c.slen bytes of data */
            want = c.slen;
            if (want > (len - off)) {
                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;

                want -= (len - off);
                if (want > INT_MAX /* BIO_read takes an int length */  ||
                    len + want < len) {
                    ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                    goto err;
                }
                while (want > 0) {
                    /*
                     * Read content in chunks of increasing size
                     * so we can return an error for EOF without
                     * having to allocate the entire content length
                     * in one go.
                     */
                    size_t chunk = want > chunk_max ? chunk_max : want;

                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
                        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
                        goto err;
                    }
                    want -= chunk;
                    while (chunk > 0) {
                        i = BIO_read(in, &(b->data[len]), chunk);
                        if (i <= 0) {
                            ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
                                    ASN1_R_NOT_ENOUGH_DATA);
                            goto err;
                        }
                    /*
                     * This can't overflow because |len+want| didn't
                     * overflow.
                     */
                        len += i;
                        chunk -= i;
                    }
                    if (chunk_max < INT_MAX/2)
                        chunk_max *= 2;
                }
            }
            if (off + c.slen < off) {
                ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
                goto err;
            }
            off += c.slen;
            if (eos <= 0) {
                break;
            } else
                want = HEADER_SIZE;
        }
    }

    if (off > INT_MAX) {
        ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
        goto err;
    }

    *pb = b;
    return off;
 err:
    if (b != NULL)
        BUF_MEM_free(b);
    return -1;
}

Coverage Report

Created: 2022-11-30 06:20

Line	Count	Source (jump to first uncovered line)
1		/* crypto/asn1/a_d2i_fp.c */
2		/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3		* All rights reserved.
4		*
5		* This package is an SSL implementation written
6		* by Eric Young (eay@cryptsoft.com).
7		* The implementation was written so as to conform with Netscapes SSL.
8		*
9		* This library is free for commercial and non-commercial use as long as
10		* the following conditions are aheared to. The following conditions
11		* apply to all code found in this distribution, be it the RC4, RSA,
12		* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13		* included with this distribution is covered by the same copyright terms
14		* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15		*
16		* Copyright remains Eric Young's, and as such any Copyright notices in
17		* the code are not to be removed.
18		* If this package is used in a product, Eric Young should be given attribution
19		* as the author of the parts of the library used.
20		* This can be in the form of a textual message at program startup or
21		* in documentation (online or textual) provided with the package.
22		*
23		* Redistribution and use in source and binary forms, with or without
24		* modification, are permitted provided that the following conditions
25		* are met:
26		* 1. Redistributions of source code must retain the copyright
27		* notice, this list of conditions and the following disclaimer.
28		* 2. Redistributions in binary form must reproduce the above copyright
29		* notice, this list of conditions and the following disclaimer in the
30		* documentation and/or other materials provided with the distribution.
31		* 3. All advertising materials mentioning features or use of this software
32		* must display the following acknowledgement:
33		* "This product includes cryptographic software written by
34		* Eric Young (eay@cryptsoft.com)"
35		* The word 'cryptographic' can be left out if the rouines from the library
36		* being used are not cryptographic related :-).
37		* 4. If you include any Windows specific code (or a derivative thereof) from
38		* the apps directory (application code) you must include an acknowledgement:
39		* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40		*
41		* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42		* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43		* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44		* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45		* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46		* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47		* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48		* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50		* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51		* SUCH DAMAGE.
52		*
53		* The licence and distribution terms for any publically available version or
54		* derivative of this code cannot be changed. i.e. this code cannot simply be
55		* copied and put under another distribution licence
56		* [including the GNU Public Licence.]
57		*/
58
59		#include <stdio.h>
60		#include <limits.h>
61		#include "cryptlib.h"
62		#include <openssl/buffer.h>
63		#include <openssl/asn1_mac.h>
64
65		static int asn1_d2i_read_bio(BIO in, BUF_MEM *pb);
66
67		#ifndef NO_OLD_ASN1
68		# ifndef OPENSSL_NO_FP_API
69
70		void ASN1_d2i_fp(void (xnew) (void), d2i_of_void d2i, FILE in, void *x)
71	0	{
72	0	BIO *b;
73	0	void *ret;
74
75	0	if ((b = BIO_new(BIO_s_file())) == NULL) {
76	0	ASN1err(ASN1_F_ASN1_D2I_FP, ERR_R_BUF_LIB);
77	0	return (NULL);
78	0	}
79	0	BIO_set_fp(b, in, BIO_NOCLOSE);
80	0	ret = ASN1_d2i_bio(xnew, d2i, b, x);
81	0	BIO_free(b);
82	0	return (ret);
83	0	}
84		# endif
85
86		void ASN1_d2i_bio(void (xnew) (void), d2i_of_void d2i, BIO in, void *x)
87	0	{
88	0	BUF_MEM *b = NULL;
89	0	const unsigned char *p;
90	0	void *ret = NULL;
91	0	int len;
92
93	0	len = asn1_d2i_read_bio(in, &b);
94	0	if (len < 0)
95	0	goto err;
96
97	0	p = (unsigned char *)b->data;
98	0	ret = d2i(x, &p, len);
99	0	err:
100	0	if (b != NULL)
101	0	BUF_MEM_free(b);
102	0	return (ret);
103	0	}
104
105		#endif
106
107		void ASN1_item_d2i_bio(const ASN1_ITEM it, BIO in, void x)
108	0	{
109	0	BUF_MEM *b = NULL;
110	0	const unsigned char *p;
111	0	void *ret = NULL;
112	0	int len;
113
114	0	len = asn1_d2i_read_bio(in, &b);
115	0	if (len < 0)
116	0	goto err;
117
118	0	p = (const unsigned char *)b->data;
119	0	ret = ASN1_item_d2i(x, &p, len, it);
120	0	err:
121	0	if (b != NULL)
122	0	BUF_MEM_free(b);
123	0	return (ret);
124	0	}
125
126		#ifndef OPENSSL_NO_FP_API
127		void ASN1_item_d2i_fp(const ASN1_ITEM it, FILE in, void x)
128	0	{
129	0	BIO *b;
130	0	char *ret;
131
132	0	if ((b = BIO_new(BIO_s_file())) == NULL) {
133	0	ASN1err(ASN1_F_ASN1_ITEM_D2I_FP, ERR_R_BUF_LIB);
134	0	return (NULL);
135	0	}
136	0	BIO_set_fp(b, in, BIO_NOCLOSE);
137	0	ret = ASN1_item_d2i_bio(it, b, x);
138	0	BIO_free(b);
139	0	return (ret);
140	0	}
141		#endif
142
143	0	#define HEADER_SIZE 8
144	0	#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
145		static int asn1_d2i_read_bio(BIO in, BUF_MEM *pb)
146	0	{
147	0	BUF_MEM *b;
148	0	unsigned char *p;
149	0	int i;
150	0	ASN1_const_CTX c;
151	0	size_t want = HEADER_SIZE;
152	0	int eos = 0;
153	0	size_t off = 0;
154	0	size_t len = 0;
155
156	0	b = BUF_MEM_new();
157	0	if (b == NULL) {
158	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
159	0	return -1;
160	0	}
161
162	0	ERR_clear_error();
163	0	for (;;) {
164	0	if (want >= (len - off)) {
165	0	want -= (len - off);
166
167	0	if (len + want < len \|\| !BUF_MEM_grow_clean(b, len + want)) {
168	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
169	0	goto err;
170	0	}
171	0	i = BIO_read(in, &(b->data[len]), want);
172	0	if ((i < 0) && ((len - off) == 0)) {
173	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA);
174	0	goto err;
175	0	}
176	0	if (i > 0) {
177	0	if (len + i < len) {
178	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
179	0	goto err;
180	0	}
181	0	len += i;
182	0	}
183	0	}
184		/* else data already loaded */
185
186	0	p = (unsigned char *)&(b->data[off]);
187	0	c.p = p;
188	0	c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
189	0	len - off);
190	0	if (c.inf & 0x80) {
191	0	unsigned long e;
192
193	0	e = ERR_GET_REASON(ERR_peek_error());
194	0	if (e != ASN1_R_TOO_LONG)
195	0	goto err;
196	0	else
197	0	ERR_clear_error(); /* clear error */
198	0	}
199	0	i = c.p - p; /* header length */
200	0	off += i; /* end of data */
201
202	0	if (c.inf & 1) {
203		/* no data body so go round again */
204	0	eos++;
205	0	if (eos < 0) {
206	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_HEADER_TOO_LONG);
207	0	goto err;
208	0	}
209	0	want = HEADER_SIZE;
210	0	} else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
211		/* eos value, so go back and read another header */
212	0	eos--;
213	0	if (eos <= 0)
214	0	break;
215	0	else
216	0	want = HEADER_SIZE;
217	0	} else {
218		/* suck in c.slen bytes of data */
219	0	want = c.slen;
220	0	if (want > (len - off)) {
221	0	size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
222
223	0	want -= (len - off);
224	0	if (want > INT_MAX /* BIO_read takes an int length */ \|\|
225	0	len + want < len) {
226	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
227	0	goto err;
228	0	}
229	0	while (want > 0) {
230		/*
231		* Read content in chunks of increasing size
232		* so we can return an error for EOF without
233		* having to allocate the entire content length
234		* in one go.
235		*/
236	0	size_t chunk = want > chunk_max ? chunk_max : want;
237
238	0	if (!BUF_MEM_grow_clean(b, len + chunk)) {
239	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ERR_R_MALLOC_FAILURE);
240	0	goto err;
241	0	}
242	0	want -= chunk;
243	0	while (chunk > 0) {
244	0	i = BIO_read(in, &(b->data[len]), chunk);
245	0	if (i <= 0) {
246	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO,
247	0	ASN1_R_NOT_ENOUGH_DATA);
248	0	goto err;
249	0	}
250		/*
251		* This can't overflow because \|len+want\| didn't
252		* overflow.
253		*/
254	0	len += i;
255	0	chunk -= i;
256	0	}
257	0	if (chunk_max < INT_MAX/2)
258	0	chunk_max *= 2;
259	0	}
260	0	}
261	0	if (off + c.slen < off) {
262	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
263	0	goto err;
264	0	}
265	0	off += c.slen;
266	0	if (eos <= 0) {
267	0	break;
268	0	} else
269	0	want = HEADER_SIZE;
270	0	}
271	0	}
272
273	0	if (off > INT_MAX) {
274	0	ASN1err(ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_TOO_LONG);
275	0	goto err;
276	0	}
277
278	0	*pb = b;
279	0	return off;
280	0	err:
281	0	if (b != NULL)
282	0	BUF_MEM_free(b);
283	0	return -1;
284	0	}