/src/openssl31/crypto/asn1/a_d2i_fp.c

Source (jump to first uncovered line)
/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <limits.h>
#include "internal/cryptlib.h"
#include "internal/numbers.h"
#include <openssl/buffer.h>
#include <openssl/asn1.h>
#include "internal/asn1.h"
#include "crypto/asn1.h"

#ifndef NO_OLD_ASN1
# ifndef OPENSSL_NO_STDIO

void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
{
    BIO *b;
    void *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
        return NULL;
    }
    BIO_set_fp(b, in, BIO_NOCLOSE);
    ret = ASN1_d2i_bio(xnew, d2i, b, x);
    BIO_free(b);
    return ret;
}
# endif

void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
{
    BUF_MEM *b = NULL;
    const unsigned char *p;
    void *ret = NULL;
    int len;

    len = asn1_d2i_read_bio(in, &b);
    if (len < 0)
        goto err;

    p = (unsigned char *)b->data;
    ret = d2i(x, &p, len);
 err:
    BUF_MEM_free(b);
    return ret;
}

#endif

void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x,
                           OSSL_LIB_CTX *libctx, const char *propq)
{
    BUF_MEM *b = NULL;
    const unsigned char *p;
    void *ret = NULL;
    int len;

    if (in == NULL)
        return NULL;
    len = asn1_d2i_read_bio(in, &b);
    if (len < 0)
        goto err;

    p = (const unsigned char *)b->data;
    ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq);
 err:
    BUF_MEM_free(b);
    return ret;
}

void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
{
    return ASN1_item_d2i_bio_ex(it, in, x, NULL, NULL);
}

#ifndef OPENSSL_NO_STDIO
void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x,
                          OSSL_LIB_CTX *libctx, const char *propq)
{
    BIO *b;
    char *ret;

    if ((b = BIO_new(BIO_s_file())) == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
        return NULL;
    }
    BIO_set_fp(b, in, BIO_NOCLOSE);
    ret = ASN1_item_d2i_bio_ex(it, b, x, libctx, propq);
    BIO_free(b);
    return ret;
}

void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
{
    return ASN1_item_d2i_fp_ex(it, in, x, NULL, NULL);
}
#endif

#define HEADER_SIZE   8
#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
{
    BUF_MEM *b;
    unsigned char *p;
    int i;
    size_t want = HEADER_SIZE;
    uint32_t eos = 0;
    size_t off = 0;
    size_t len = 0;
    size_t diff;

    const unsigned char *q;
    long slen;
    int inf, tag, xclass;

    b = BUF_MEM_new();
    if (b == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        return -1;
    }

    ERR_set_mark();
    for (;;) {
        diff = len - off;
        if (want >= diff) {
            want -= diff;

            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
                ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
                goto err;
            }
            i = BIO_read(in, &(b->data[len]), want);
            if (i < 0 && diff == 0) {
                ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
                goto err;
            }
            if (i > 0) {
                if (len + i < len) {
                    ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
                    goto err;
                }
                len += i;
                if ((size_t)i < want)
                    continue;

            }
        }
        /* else data already loaded */

        p = (unsigned char *)&(b->data[off]);
        q = p;
        diff = len - off;
        if (diff == 0)
            goto err;
        inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff);
        if (inf & 0x80) {
            unsigned long e;

            e = ERR_GET_REASON(ERR_peek_last_error());
            if (e != ASN1_R_TOO_LONG)
                goto err;
            ERR_pop_to_mark();
        }
        i = q - p;            /* header length */
        off += i;               /* end of data */

        if (inf & 1) {
            /* no data body so go round again */
            if (eos == UINT32_MAX) {
                ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG);
                goto err;
            }
            eos++;
            want = HEADER_SIZE;
        } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
            /* eos value, so go back and read another header */
            eos--;
            if (eos == 0)
                break;
            else
                want = HEADER_SIZE;
        } else {
            /* suck in slen bytes of data */
            want = slen;
            if (want > (len - off)) {
                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;

                want -= (len - off);
                if (want > INT_MAX /* BIO_read takes an int length */  ||
                    len + want < len) {
                    ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
                    goto err;
                }
                while (want > 0) {
                    /*
                     * Read content in chunks of increasing size
                     * so we can return an error for EOF without
                     * having to allocate the entire content length
                     * in one go.
                     */
                    size_t chunk = want > chunk_max ? chunk_max : want;

                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
                        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
                        goto err;
                    }
                    want -= chunk;
                    while (chunk > 0) {
                        i = BIO_read(in, &(b->data[len]), chunk);
                        if (i <= 0) {
                            ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
                            goto err;
                        }
                    /*
                     * This can't overflow because |len+want| didn't
                     * overflow.
                     */
                        len += i;
                        chunk -= i;
                    }
                    if (chunk_max < INT_MAX/2)
                        chunk_max *= 2;
                }
            }
            if (off + slen < off) {
                ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
                goto err;
            }
            off += slen;
            if (eos == 0) {
                break;
            } else
                want = HEADER_SIZE;
        }
    }

    if (off > INT_MAX) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
        goto err;
    }

    *pb = b;
    return off;
 err:
    ERR_clear_last_mark();
    BUF_MEM_free(b);
    return -1;
}

Coverage Report

Created: 2024-07-27 06:39

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include <limits.h>
12		#include "internal/cryptlib.h"
13		#include "internal/numbers.h"
14		#include <openssl/buffer.h>
15		#include <openssl/asn1.h>
16		#include "internal/asn1.h"
17		#include "crypto/asn1.h"
18
19		#ifndef NO_OLD_ASN1
20		# ifndef OPENSSL_NO_STDIO
21
22		void ASN1_d2i_fp(void (xnew) (void), d2i_of_void d2i, FILE in, void *x)
23	0	{
24	0	BIO *b;
25	0	void *ret;
26
27	0	if ((b = BIO_new(BIO_s_file())) == NULL) {
28	0	ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
29	0	return NULL;
30	0	}
31	0	BIO_set_fp(b, in, BIO_NOCLOSE);
32	0	ret = ASN1_d2i_bio(xnew, d2i, b, x);
33	0	BIO_free(b);
34	0	return ret;
35	0	}
36		# endif
37
38		void ASN1_d2i_bio(void (xnew) (void), d2i_of_void d2i, BIO in, void *x)
39	0	{
40	0	BUF_MEM *b = NULL;
41	0	const unsigned char *p;
42	0	void *ret = NULL;
43	0	int len;
44
45	0	len = asn1_d2i_read_bio(in, &b);
46	0	if (len < 0)
47	0	goto err;
48
49	0	p = (unsigned char *)b->data;
50	0	ret = d2i(x, &p, len);
51	0	err:
52	0	BUF_MEM_free(b);
53	0	return ret;
54	0	}
55
56		#endif
57
58		void ASN1_item_d2i_bio_ex(const ASN1_ITEM it, BIO in, void x,
59		OSSL_LIB_CTX libctx, const char propq)
60	80.5k	{
61	80.5k	BUF_MEM *b = NULL;
62	80.5k	const unsigned char *p;
63	80.5k	void *ret = NULL;
64	80.5k	int len;
65
66	80.5k	if (in == NULL)
67	0	return NULL;
68	80.5k	len = asn1_d2i_read_bio(in, &b);
69	80.5k	if (len < 0)
70	4.99k	goto err;
71
72	75.5k	p = (const unsigned char *)b->data;
73	75.5k	ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq);
74	80.5k	err:
75	80.5k	BUF_MEM_free(b);
76	80.5k	return ret;
77	75.5k	}
78
79		void ASN1_item_d2i_bio(const ASN1_ITEM it, BIO in, void x)
80	0	{
81	0	return ASN1_item_d2i_bio_ex(it, in, x, NULL, NULL);
82	0	}
83
84		#ifndef OPENSSL_NO_STDIO
85		void ASN1_item_d2i_fp_ex(const ASN1_ITEM it, FILE in, void x,
86		OSSL_LIB_CTX libctx, const char propq)
87	0	{
88	0	BIO *b;
89	0	char *ret;
90
91	0	if ((b = BIO_new(BIO_s_file())) == NULL) {
92	0	ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
93	0	return NULL;
94	0	}
95	0	BIO_set_fp(b, in, BIO_NOCLOSE);
96	0	ret = ASN1_item_d2i_bio_ex(it, b, x, libctx, propq);
97	0	BIO_free(b);
98	0	return ret;
99	0	}
100
101		void ASN1_item_d2i_fp(const ASN1_ITEM it, FILE in, void x)
102	0	{
103	0	return ASN1_item_d2i_fp_ex(it, in, x, NULL, NULL);
104	0	}
105		#endif
106
107	1.15G	#define HEADER_SIZE 8
108	59.3M	#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
109		int asn1_d2i_read_bio(BIO in, BUF_MEM *pb)
110	3.07M	{
111	3.07M	BUF_MEM *b;
112	3.07M	unsigned char *p;
113	3.07M	int i;
114	3.07M	size_t want = HEADER_SIZE;
115	3.07M	uint32_t eos = 0;
116	3.07M	size_t off = 0;
117	3.07M	size_t len = 0;
118	3.07M	size_t diff;
119
120	3.07M	const unsigned char *q;
121	3.07M	long slen;
122	3.07M	int inf, tag, xclass;
123
124	3.07M	b = BUF_MEM_new();
125	3.07M	if (b == NULL) {
126	0	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
127	0	return -1;
128	0	}
129
130	3.07M	ERR_set_mark();
131	1.15G	for (;;) {
132	1.15G	diff = len - off;
133	1.15G	if (want >= diff) {
134	1.15G	want -= diff;
135
136	1.15G	if (len + want < len \|\| !BUF_MEM_grow_clean(b, len + want)) {
137	0	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
138	0	goto err;
139	0	}
140	1.15G	i = BIO_read(in, &(b->data[len]), want);
141	1.15G	if (i < 0 && diff == 0) {
142	712	ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
143	712	goto err;
144	712	}
145	1.15G	if (i > 0) {
146	1.15G	if (len + i < len) {
147	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
148	0	goto err;
149	0	}
150	1.15G	len += i;
151	1.15G	if ((size_t)i < want)
152	1.04M	continue;
153
154	1.15G	}
155	1.15G	}
156		/* else data already loaded */
157
158	1.15G	p = (unsigned char *)&(b->data[off]);
159	1.15G	q = p;
160	1.15G	diff = len - off;
161	1.15G	if (diff == 0)
162	120k	goto err;
163	1.15G	inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff);
164	1.15G	if (inf & 0x80) {
165	59.4M	unsigned long e;
166
167	59.4M	e = ERR_GET_REASON(ERR_peek_last_error());
168	59.4M	if (e != ASN1_R_TOO_LONG)
169	136k	goto err;
170	59.3M	ERR_pop_to_mark();
171	59.3M	}
172	1.15G	i = q - p; /* header length */
173	1.15G	off += i; /* end of data */
174
175	1.15G	if (inf & 1) {
176		/* no data body so go round again */
177	260M	if (eos == UINT32_MAX) {
178	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG);
179	0	goto err;
180	0	}
181	260M	eos++;
182	260M	want = HEADER_SIZE;
183	892M	} else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
184		/* eos value, so go back and read another header */
185	85.9M	eos--;
186	85.9M	if (eos == 0)
187	1.44M	break;
188	84.5M	else
189	84.5M	want = HEADER_SIZE;
190	806M	} else {
191		/* suck in slen bytes of data */
192	806M	want = slen;
193	806M	if (want > (len - off)) {
194	59.3M	size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
195
196	59.3M	want -= (len - off);
197	59.3M	if (want > INT_MAX /* BIO_read takes an int length */ \|\|
198	59.3M	len + want < len) {
199	8.44k	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
200	8.44k	goto err;
201	8.44k	}
202	118M	while (want > 0) {
203		/*
204		* Read content in chunks of increasing size
205		* so we can return an error for EOF without
206		* having to allocate the entire content length
207		* in one go.
208		*/
209	59.4M	size_t chunk = want > chunk_max ? chunk_max : want;
210
211	59.4M	if (!BUF_MEM_grow_clean(b, len + chunk)) {
212	0	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
213	0	goto err;
214	0	}
215	59.4M	want -= chunk;
216	118M	while (chunk > 0) {
217	59.5M	i = BIO_read(in, &(b->data[len]), chunk);
218	59.5M	if (i <= 0) {
219	134k	ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
220	134k	goto err;
221	134k	}
222		/*
223		* This can't overflow because \|len+want\| didn't
224		* overflow.
225		*/
226	59.4M	len += i;
227	59.4M	chunk -= i;
228	59.4M	}
229	59.3M	if (chunk_max < INT_MAX/2)
230	59.3M	chunk_max *= 2;
231	59.3M	}
232	59.3M	}
233	806M	if (off + slen < off) {
234	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
235	0	goto err;
236	0	}
237	806M	off += slen;
238	806M	if (eos == 0) {
239	1.23M	break;
240	1.23M	} else
241	805M	want = HEADER_SIZE;
242	806M	}
243	1.15G	}
244
245	2.67M	if (off > INT_MAX) {
246	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
247	0	goto err;
248	0	}
249
250	2.67M	*pb = b;
251	2.67M	return off;
252	400k	err:
253	400k	ERR_clear_last_mark();
254	400k	BUF_MEM_free(b);
255	400k	return -1;
256	2.67M	}