/src/openssl31/crypto/punycode.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2019-2022 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stddef.h> |
11 | | #include <string.h> |
12 | | #include <stdio.h> |
13 | | #include <openssl/e_os2.h> |
14 | | #include "crypto/punycode.h" |
15 | | #include "internal/cryptlib.h" |
16 | | #include "internal/packet.h" /* for WPACKET */ |
17 | | |
18 | | static const unsigned int base = 36; |
19 | | static const unsigned int tmin = 1; |
20 | | static const unsigned int tmax = 26; |
21 | | static const unsigned int skew = 38; |
22 | | static const unsigned int damp = 700; |
23 | | static const unsigned int initial_bias = 72; |
24 | | static const unsigned int initial_n = 0x80; |
25 | | static const unsigned int maxint = 0xFFFFFFFF; |
26 | | static const char delimiter = '-'; |
27 | | |
28 | 2.70k | #define LABEL_BUF_SIZE 512 |
29 | | |
30 | | /*- |
31 | | * Pseudocode: |
32 | | * |
33 | | * function adapt(delta,numpoints,firsttime): |
34 | | * if firsttime then let delta = delta div damp |
35 | | * else let delta = delta div 2 |
36 | | * let delta = delta + (delta div numpoints) |
37 | | * let k = 0 |
38 | | * while delta > ((base - tmin) * tmax) div 2 do begin |
39 | | * let delta = delta div (base - tmin) |
40 | | * let k = k + base |
41 | | * end |
42 | | * return k + (((base - tmin + 1) * delta) div (delta + skew)) |
43 | | */ |
44 | | |
45 | | static int adapt(unsigned int delta, unsigned int numpoints, |
46 | | unsigned int firsttime) |
47 | 49.6k | { |
48 | 49.6k | unsigned int k = 0; |
49 | | |
50 | 49.6k | delta = (firsttime) ? delta / damp : delta / 2; |
51 | 49.6k | delta = delta + delta / numpoints; |
52 | | |
53 | 109k | while (delta > ((base - tmin) * tmax) / 2) { |
54 | 59.7k | delta = delta / (base - tmin); |
55 | 59.7k | k = k + base; |
56 | 59.7k | } |
57 | | |
58 | 49.6k | return k + (((base - tmin + 1) * delta) / (delta + skew)); |
59 | 49.6k | } |
60 | | |
61 | | static ossl_inline int is_basic(unsigned int a) |
62 | 26.2k | { |
63 | 26.2k | return (a < 0x80) ? 1 : 0; |
64 | 26.2k | } |
65 | | |
66 | | /*- |
67 | | * code points digit-values |
68 | | * ------------ ---------------------- |
69 | | * 41..5A (A-Z) = 0 to 25, respectively |
70 | | * 61..7A (a-z) = 0 to 25, respectively |
71 | | * 30..39 (0-9) = 26 to 35, respectively |
72 | | */ |
73 | | static ossl_inline int digit_decoded(const unsigned char a) |
74 | 141k | { |
75 | 141k | if (a >= 0x41 && a <= 0x5A) |
76 | 18.4k | return a - 0x41; |
77 | | |
78 | 122k | if (a >= 0x61 && a <= 0x7A) |
79 | 86.2k | return a - 0x61; |
80 | | |
81 | 36.6k | if (a >= 0x30 && a <= 0x39) |
82 | 36.3k | return a - 0x30 + 26; |
83 | | |
84 | 295 | return -1; |
85 | 36.6k | } |
86 | | |
87 | | /*- |
88 | | * Pseudocode: |
89 | | * |
90 | | * function ossl_punycode_decode |
91 | | * let n = initial_n |
92 | | * let i = 0 |
93 | | * let bias = initial_bias |
94 | | * let output = an empty string indexed from 0 |
95 | | * consume all code points before the last delimiter (if there is one) |
96 | | * and copy them to output, fail on any non-basic code point |
97 | | * if more than zero code points were consumed then consume one more |
98 | | * (which will be the last delimiter) |
99 | | * while the input is not exhausted do begin |
100 | | * let oldi = i |
101 | | * let w = 1 |
102 | | * for k = base to infinity in steps of base do begin |
103 | | * consume a code point, or fail if there was none to consume |
104 | | * let digit = the code point's digit-value, fail if it has none |
105 | | * let i = i + digit * w, fail on overflow |
106 | | * let t = tmin if k <= bias {+ tmin}, or |
107 | | * tmax if k >= bias + tmax, or k - bias otherwise |
108 | | * if digit < t then break |
109 | | * let w = w * (base - t), fail on overflow |
110 | | * end |
111 | | * let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?) |
112 | | * let n = n + i div (length(output) + 1), fail on overflow |
113 | | * let i = i mod (length(output) + 1) |
114 | | * {if n is a basic code point then fail} |
115 | | * insert n into output at position i |
116 | | * increment i |
117 | | * end |
118 | | */ |
119 | | |
120 | | int ossl_punycode_decode(const char *pEncoded, const size_t enc_len, |
121 | | unsigned int *pDecoded, unsigned int *pout_length) |
122 | 12.7k | { |
123 | 12.7k | unsigned int n = initial_n; |
124 | 12.7k | unsigned int i = 0; |
125 | 12.7k | unsigned int bias = initial_bias; |
126 | 12.7k | size_t processed_in = 0, written_out = 0; |
127 | 12.7k | unsigned int max_out = *pout_length; |
128 | 12.7k | unsigned int basic_count = 0; |
129 | 12.7k | unsigned int loop; |
130 | | |
131 | 82.8M | for (loop = 0; loop < enc_len; loop++) { |
132 | 82.8M | if (pEncoded[loop] == delimiter) |
133 | 5.96M | basic_count = loop; |
134 | 82.8M | } |
135 | | |
136 | 12.7k | if (basic_count > 0) { |
137 | 5.46k | if (basic_count > max_out) |
138 | 404 | return 0; |
139 | | |
140 | 31.2k | for (loop = 0; loop < basic_count; loop++) { |
141 | 26.2k | if (is_basic(pEncoded[loop]) == 0) |
142 | 39 | return 0; |
143 | | |
144 | 26.1k | pDecoded[loop] = pEncoded[loop]; |
145 | 26.1k | written_out++; |
146 | 26.1k | } |
147 | 5.01k | processed_in = basic_count + 1; |
148 | 5.01k | } |
149 | | |
150 | 61.6k | for (loop = processed_in; loop < enc_len;) { |
151 | 50.2k | unsigned int oldi = i; |
152 | 50.2k | unsigned int w = 1; |
153 | 50.2k | unsigned int k, t; |
154 | 50.2k | int digit; |
155 | | |
156 | 141k | for (k = base;; k += base) { |
157 | 141k | if (loop >= enc_len) |
158 | 234 | return 0; |
159 | | |
160 | 141k | digit = digit_decoded(pEncoded[loop]); |
161 | 141k | loop++; |
162 | | |
163 | 141k | if (digit < 0) |
164 | 295 | return 0; |
165 | 141k | if ((unsigned int)digit > (maxint - i) / w) |
166 | 32 | return 0; |
167 | | |
168 | 141k | i = i + digit * w; |
169 | 141k | t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax : k - bias; |
170 | | |
171 | 141k | if ((unsigned int)digit < t) |
172 | 49.6k | break; |
173 | | |
174 | 91.3k | if (w > maxint / (base - t)) |
175 | 0 | return 0; |
176 | 91.3k | w = w * (base - t); |
177 | 91.3k | } |
178 | | |
179 | 49.6k | bias = adapt(i - oldi, written_out + 1, (oldi == 0)); |
180 | 49.6k | if (i / (written_out + 1) > maxint - n) |
181 | 96 | return 0; |
182 | 49.5k | n = n + i / (written_out + 1); |
183 | 49.5k | i %= (written_out + 1); |
184 | | |
185 | 49.5k | if (written_out >= max_out) |
186 | 199 | return 0; |
187 | | |
188 | 49.3k | memmove(pDecoded + i + 1, pDecoded + i, |
189 | 49.3k | (written_out - i) * sizeof(*pDecoded)); |
190 | 49.3k | pDecoded[i] = n; |
191 | 49.3k | i++; |
192 | 49.3k | written_out++; |
193 | 49.3k | } |
194 | | |
195 | 11.4k | *pout_length = written_out; |
196 | 11.4k | return 1; |
197 | 12.2k | } |
198 | | |
199 | | /* |
200 | | * Encode a code point using UTF-8 |
201 | | * return number of bytes on success, 0 on failure |
202 | | * (also produces U+FFFD, which uses 3 bytes on failure) |
203 | | */ |
204 | | static int codepoint2utf8(unsigned char *out, unsigned long utf) |
205 | 47.4k | { |
206 | 47.4k | if (utf <= 0x7F) { |
207 | | /* Plain ASCII */ |
208 | 22.3k | out[0] = (unsigned char)utf; |
209 | 22.3k | out[1] = 0; |
210 | 22.3k | return 1; |
211 | 25.1k | } else if (utf <= 0x07FF) { |
212 | | /* 2-byte unicode */ |
213 | 12.8k | out[0] = (unsigned char)(((utf >> 6) & 0x1F) | 0xC0); |
214 | 12.8k | out[1] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80); |
215 | 12.8k | out[2] = 0; |
216 | 12.8k | return 2; |
217 | 12.8k | } else if (utf <= 0xFFFF) { |
218 | | /* 3-byte unicode */ |
219 | 10.4k | out[0] = (unsigned char)(((utf >> 12) & 0x0F) | 0xE0); |
220 | 10.4k | out[1] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80); |
221 | 10.4k | out[2] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80); |
222 | 10.4k | out[3] = 0; |
223 | 10.4k | return 3; |
224 | 10.4k | } else if (utf <= 0x10FFFF) { |
225 | | /* 4-byte unicode */ |
226 | 1.59k | out[0] = (unsigned char)(((utf >> 18) & 0x07) | 0xF0); |
227 | 1.59k | out[1] = (unsigned char)(((utf >> 12) & 0x3F) | 0x80); |
228 | 1.59k | out[2] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80); |
229 | 1.59k | out[3] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80); |
230 | 1.59k | out[4] = 0; |
231 | 1.59k | return 4; |
232 | 1.59k | } else { |
233 | | /* error - use replacement character */ |
234 | 173 | out[0] = (unsigned char)0xEF; |
235 | 173 | out[1] = (unsigned char)0xBF; |
236 | 173 | out[2] = (unsigned char)0xBD; |
237 | 173 | out[3] = 0; |
238 | 173 | return 0; |
239 | 173 | } |
240 | 47.4k | } |
241 | | |
242 | | /*- |
243 | | * Return values: |
244 | | * 1 - ok |
245 | | * 0 - ok but buf was too short |
246 | | * -1 - bad string passed or other error |
247 | | */ |
248 | | |
249 | | int ossl_a2ulabel(const char *in, char *out, size_t outlen) |
250 | 669 | { |
251 | | /*- |
252 | | * Domain name has some parts consisting of ASCII chars joined with dot. |
253 | | * If a part is shorter than 5 chars, it becomes U-label as is. |
254 | | * If it does not start with xn--, it becomes U-label as is. |
255 | | * Otherwise we try to decode it. |
256 | | */ |
257 | 669 | const char *inptr = in; |
258 | 669 | int result = 1; |
259 | 669 | unsigned int i; |
260 | 669 | unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */ |
261 | 669 | WPACKET pkt; |
262 | | |
263 | | /* Internal API, so should not fail */ |
264 | 669 | if (!ossl_assert(out != NULL)) |
265 | 0 | return -1; |
266 | | |
267 | 669 | if (!WPACKET_init_static_len(&pkt, (unsigned char *)out, outlen, 0)) |
268 | 0 | return -1; |
269 | | |
270 | 5.17k | while (1) { |
271 | 5.17k | char *tmpptr = strchr(inptr, '.'); |
272 | 5.17k | size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr); |
273 | | |
274 | 5.17k | if (strncmp(inptr, "xn--", 4) != 0) { |
275 | 2.46k | if (!WPACKET_memcpy(&pkt, inptr, delta)) |
276 | 939 | result = 0; |
277 | 2.70k | } else { |
278 | 2.70k | unsigned int bufsize = LABEL_BUF_SIZE; |
279 | | |
280 | 2.70k | if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) { |
281 | 59 | result = -1; |
282 | 59 | goto end; |
283 | 59 | } |
284 | | |
285 | 13.8k | for (i = 0; i < bufsize; i++) { |
286 | 11.2k | unsigned char seed[6]; |
287 | 11.2k | size_t utfsize = codepoint2utf8(seed, buf[i]); |
288 | | |
289 | 11.2k | if (utfsize == 0) { |
290 | 60 | result = -1; |
291 | 60 | goto end; |
292 | 60 | } |
293 | | |
294 | 11.2k | if (!WPACKET_memcpy(&pkt, seed, utfsize)) |
295 | 10.3k | result = 0; |
296 | 11.2k | } |
297 | 2.64k | } |
298 | | |
299 | 5.05k | if (tmpptr == NULL) |
300 | 550 | break; |
301 | | |
302 | 4.50k | if (!WPACKET_put_bytes_u8(&pkt, '.')) |
303 | 4.09k | result = 0; |
304 | | |
305 | 4.50k | inptr = tmpptr + 1; |
306 | 4.50k | } |
307 | | |
308 | 550 | if (!WPACKET_put_bytes_u8(&pkt, '\0')) |
309 | 102 | result = 0; |
310 | 669 | end: |
311 | 669 | WPACKET_cleanup(&pkt); |
312 | 669 | return result; |
313 | 550 | } |
314 | | |
315 | | /*- |
316 | | * a MUST be A-label |
317 | | * u MUST be U-label |
318 | | * Returns 0 if compared values are equal |
319 | | * 1 if not |
320 | | * -1 in case of errors |
321 | | */ |
322 | | |
323 | | int ossl_a2ucompare(const char *a, const char *u) |
324 | 0 | { |
325 | 0 | char a_ulabel[LABEL_BUF_SIZE + 1]; |
326 | 0 | size_t a_size = sizeof(a_ulabel); |
327 | |
|
328 | 0 | if (ossl_a2ulabel(a, a_ulabel, a_size) <= 0) |
329 | 0 | return -1; |
330 | | |
331 | 0 | return strcmp(a_ulabel, u) != 0; |
332 | 0 | } |