/src/openssl/crypto/punycode.c

Source (jump to first uncovered line)
/*
 * Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stddef.h>
#include <stdio.h>
#include <openssl/e_os2.h>
#include "crypto/punycode.h"
#include "internal/common.h" /* for HAS_PREFIX */
#include "internal/packet.h" /* for WPACKET */

static const unsigned int base = 36;
static const unsigned int tmin = 1;
static const unsigned int tmax = 26;
static const unsigned int skew = 38;
static const unsigned int damp = 700;
static const unsigned int initial_bias = 72;
static const unsigned int initial_n = 0x80;
static const unsigned int maxint = 0xFFFFFFFF;
static const char delimiter = '-';

#define LABEL_BUF_SIZE 512

/*-
 * Pseudocode:
 *
 * function adapt(delta,numpoints,firsttime):
 *  if firsttime then let delta = delta div damp
 *  else let delta = delta div 2
 *  let delta = delta + (delta div numpoints)
 *  let k = 0
 *  while delta > ((base - tmin) * tmax) div 2 do begin
 *    let delta = delta div (base - tmin)
 *    let k = k + base
 *  end
 *  return k + (((base - tmin + 1) * delta) div (delta + skew))
 */

static int adapt(unsigned int delta, unsigned int numpoints,
                 unsigned int firsttime)
{
    unsigned int k = 0;

    delta = (firsttime) ? delta / damp : delta / 2;
    delta = delta + delta / numpoints;

    while (delta > ((base - tmin) * tmax) / 2) {
        delta = delta / (base - tmin);
        k = k + base;
    }

    return k + (((base - tmin + 1) * delta) / (delta + skew));
}

static ossl_inline int is_basic(unsigned int a)
{
    return (a < 0x80) ? 1 : 0;
}

/*-
 * code points    digit-values
 * ------------   ----------------------
 * 41..5A (A-Z) =  0 to 25, respectively
 * 61..7A (a-z) =  0 to 25, respectively
 * 30..39 (0-9) = 26 to 35, respectively
 */
static ossl_inline int digit_decoded(const unsigned char a)
{
    if (a >= 0x41 && a <= 0x5A)
        return a - 0x41;

    if (a >= 0x61 && a <= 0x7A)
        return a - 0x61;

    if (a >= 0x30 && a <= 0x39)
        return a - 0x30 + 26;

    return -1;
}

/*-
 * Pseudocode:
 *
 * function ossl_punycode_decode
 *  let n = initial_n
 *  let i = 0
 *  let bias = initial_bias
 *  let output = an empty string indexed from 0
 *  consume all code points before the last delimiter (if there is one)
 *    and copy them to output, fail on any non-basic code point
 *  if more than zero code points were consumed then consume one more
 *    (which will be the last delimiter)
 *  while the input is not exhausted do begin
 *    let oldi = i
 *    let w = 1
 *    for k = base to infinity in steps of base do begin
 *      consume a code point, or fail if there was none to consume
 *      let digit = the code point's digit-value, fail if it has none
 *      let i = i + digit * w, fail on overflow
 *      let t = tmin if k <= bias {+ tmin}, or
 *              tmax if k >= bias + tmax, or k - bias otherwise
 *      if digit < t then break
 *      let w = w * (base - t), fail on overflow
 *    end
 *    let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?)
 *    let n = n + i div (length(output) + 1), fail on overflow
 *    let i = i mod (length(output) + 1)
 *    {if n is a basic code point then fail}
 *    insert n into output at position i
 *    increment i
 *  end
 */

int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
                         unsigned int *pDecoded, unsigned int *pout_length)
{
    unsigned int n = initial_n;
    unsigned int i = 0;
    unsigned int bias = initial_bias;
    unsigned int processed_in = 0;
    unsigned int written_out = 0;
    unsigned int max_out = *pout_length;
    unsigned int basic_count = 0;
    unsigned int loop;

    if (enc_len >= UINT_MAX)
        return 0;
    for (loop = 0; loop < (unsigned int)enc_len; loop++) {
        if (pEncoded[loop] == delimiter)
            basic_count = loop;
    }

    if (basic_count > 0) {
        if (basic_count > max_out)
            return 0;

        for (loop = 0; loop < basic_count; loop++) {
            if (is_basic(pEncoded[loop]) == 0)
                return 0;

            pDecoded[loop] = pEncoded[loop];
            written_out++;
        }
        processed_in = basic_count + 1;
    }

    for (loop = processed_in; loop < (unsigned int)enc_len;) {
        unsigned int oldi = i;
        unsigned int w = 1;
        unsigned int k, t;
        int digit;

        for (k = base;; k += base) {
            if (loop >= enc_len)
                return 0;

            digit = digit_decoded(pEncoded[loop]);
            loop++;

            if (digit < 0)
                return 0;
            if ((unsigned int)digit > (maxint - i) / w)
                return 0;

            i = i + digit * w;
            t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax : k - bias;

            if ((unsigned int)digit < t)
                break;

            if (w > maxint / (base - t))
                return 0;
            w = w * (base - t);
        }

        bias = adapt(i - oldi, written_out + 1, (oldi == 0));
        if (i / (written_out + 1) > maxint - n)
            return 0;
        n = n + i / (written_out + 1);
        i %= (written_out + 1);

        if (written_out >= max_out)
            return 0;

        memmove(pDecoded + i + 1, pDecoded + i,
                (written_out - i) * sizeof(*pDecoded));
        pDecoded[i] = n;
        i++;
        written_out++;
    }

    *pout_length = written_out;
    return 1;
}

/*
 * Encode a code point using UTF-8
 * return number of bytes on success, 0 on failure
 * (also produces U+FFFD, which uses 3 bytes on failure)
 */
static int codepoint2utf8(unsigned char *out, unsigned long utf)
{
    if (utf <= 0x7F) {
        /* Plain ASCII */
        out[0] = (unsigned char)utf;
        out[1] = 0;
        return 1;
    } else if (utf <= 0x07FF) {
        /* 2-byte unicode */
        out[0] = (unsigned char)(((utf >> 6) & 0x1F) | 0xC0);
        out[1] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80);
        out[2] = 0;
        return 2;
    } else if (utf <= 0xFFFF) {
        /* 3-byte unicode */
        out[0] = (unsigned char)(((utf >> 12) & 0x0F) | 0xE0);
        out[1] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80);
        out[2] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80);
        out[3] = 0;
        return 3;
    } else if (utf <= 0x10FFFF) {
        /* 4-byte unicode */
        out[0] = (unsigned char)(((utf >> 18) & 0x07) | 0xF0);
        out[1] = (unsigned char)(((utf >> 12) & 0x3F) | 0x80);
        out[2] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80);
        out[3] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80);
        out[4] = 0;
        return 4;
    } else {
        /* error - use replacement character */
        out[0] = (unsigned char)0xEF;
        out[1] = (unsigned char)0xBF;
        out[2] = (unsigned char)0xBD;
        out[3] = 0;
        return 0;
    }
}

/*-
 * Return values:
 * 1 - ok
 * 0 - ok but buf was too short
 * -1 - bad string passed or other error
 */

int ossl_a2ulabel(const char *in, char *out, size_t outlen)
{
    /*-
     * Domain name has some parts consisting of ASCII chars joined with dot.
     * If a part is shorter than 5 chars, it becomes U-label as is.
     * If it does not start with xn--,    it becomes U-label as is.
     * Otherwise we try to decode it.
     */
    const char *inptr = in;
    int result = 1;
    unsigned int i;
    unsigned int buf[LABEL_BUF_SIZE];      /* It's a hostname */
    WPACKET pkt;

    /* Internal API, so should not fail */
    if (!ossl_assert(out != NULL))
        return -1;

    if (!WPACKET_init_static_len(&pkt, (unsigned char *)out, outlen, 0))
        return -1;

    while (1) {
        char *tmpptr = strchr(inptr, '.');
        size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);

        if (!HAS_PREFIX(inptr, "xn--")) {
            if (!WPACKET_memcpy(&pkt, inptr, delta))
                result = 0;
        } else {
            unsigned int bufsize = LABEL_BUF_SIZE;

            if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) {
                result = -1;
                goto end;
            }

            for (i = 0; i < bufsize; i++) {
                unsigned char seed[6];
                size_t utfsize = codepoint2utf8(seed, buf[i]);

                if (utfsize == 0) {
                    result = -1;
                    goto end;
                }

                if (!WPACKET_memcpy(&pkt, seed, utfsize))
                    result = 0;
            }
        }

        if (tmpptr == NULL)
            break;

        if (!WPACKET_put_bytes_u8(&pkt, '.'))
            result = 0;

        inptr = tmpptr + 1;
    }

    if (!WPACKET_put_bytes_u8(&pkt, '\0'))
        result = 0;
 end:
    WPACKET_cleanup(&pkt);
    return result;
}

Coverage Report

Created: 2025-08-28 07:07

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2019-2023 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stddef.h>
11		#include <stdio.h>
12		#include <openssl/e_os2.h>
13		#include "crypto/punycode.h"
14		#include "internal/common.h" /* for HAS_PREFIX */
15		#include "internal/packet.h" /* for WPACKET */
16
17		static const unsigned int base = 36;
18		static const unsigned int tmin = 1;
19		static const unsigned int tmax = 26;
20		static const unsigned int skew = 38;
21		static const unsigned int damp = 700;
22		static const unsigned int initial_bias = 72;
23		static const unsigned int initial_n = 0x80;
24		static const unsigned int maxint = 0xFFFFFFFF;
25		static const char delimiter = '-';
26
27	19.3k	#define LABEL_BUF_SIZE 512
28
29		/*-
30		* Pseudocode:
31		*
32		* function adapt(delta,numpoints,firsttime):
33		* if firsttime then let delta = delta div damp
34		* else let delta = delta div 2
35		* let delta = delta + (delta div numpoints)
36		* let k = 0
37		* while delta > ((base - tmin) * tmax) div 2 do begin
38		* let delta = delta div (base - tmin)
39		* let k = k + base
40		* end
41		* return k + (((base - tmin + 1) * delta) div (delta + skew))
42		*/
43
44		static int adapt(unsigned int delta, unsigned int numpoints,
45		unsigned int firsttime)
46	79.3k	{
47	79.3k	unsigned int k = 0;
48
49	79.3k	delta = (firsttime) ? delta / damp : delta / 2;
50	79.3k	delta = delta + delta / numpoints;
51
52	142k	while (delta > ((base - tmin) * tmax) / 2) {
53	62.9k	delta = delta / (base - tmin);
54	62.9k	k = k + base;
55	62.9k	}
56
57	79.3k	return k + (((base - tmin + 1) * delta) / (delta + skew));
58	79.3k	}
59
60		static ossl_inline int is_basic(unsigned int a)
61	30.1k	{
62	30.1k	return (a < 0x80) ? 1 : 0;
63	30.1k	}
64
65		/*-
66		* code points digit-values
67		* ------------ ----------------------
68		* 41..5A (A-Z) = 0 to 25, respectively
69		* 61..7A (a-z) = 0 to 25, respectively
70		* 30..39 (0-9) = 26 to 35, respectively
71		*/
72		static ossl_inline int digit_decoded(const unsigned char a)
73	182k	{
74	182k	if (a >= 0x41 && a <= 0x5A)
75	43.6k	return a - 0x41;
76
77	138k	if (a >= 0x61 && a <= 0x7A)
78	94.8k	return a - 0x61;
79
80	43.7k	if (a >= 0x30 && a <= 0x39)
81	43.3k	return a - 0x30 + 26;
82
83	458	return -1;
84	43.7k	}
85
86		/*-
87		* Pseudocode:
88		*
89		* function ossl_punycode_decode
90		* let n = initial_n
91		* let i = 0
92		* let bias = initial_bias
93		* let output = an empty string indexed from 0
94		* consume all code points before the last delimiter (if there is one)
95		* and copy them to output, fail on any non-basic code point
96		* if more than zero code points were consumed then consume one more
97		* (which will be the last delimiter)
98		* while the input is not exhausted do begin
99		* let oldi = i
100		* let w = 1
101		* for k = base to infinity in steps of base do begin
102		* consume a code point, or fail if there was none to consume
103		* let digit = the code point's digit-value, fail if it has none
104		* let i = i + digit * w, fail on overflow
105		* let t = tmin if k <= bias {+ tmin}, or
106		* tmax if k >= bias + tmax, or k - bias otherwise
107		* if digit < t then break
108		* let w = w * (base - t), fail on overflow
109		* end
110		* let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?)
111		* let n = n + i div (length(output) + 1), fail on overflow
112		* let i = i mod (length(output) + 1)
113		* {if n is a basic code point then fail}
114		* insert n into output at position i
115		* increment i
116		* end
117		*/
118
119		int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
120		unsigned int pDecoded, unsigned int pout_length)
121	5.05k	{
122	5.05k	unsigned int n = initial_n;
123	5.05k	unsigned int i = 0;
124	5.05k	unsigned int bias = initial_bias;
125	5.05k	unsigned int processed_in = 0;
126	5.05k	unsigned int written_out = 0;
127	5.05k	unsigned int max_out = *pout_length;
128	5.05k	unsigned int basic_count = 0;
129	5.05k	unsigned int loop;
130
131	5.05k	if (enc_len >= UINT_MAX)
132	0	return 0;
133	27.3M	for (loop = 0; loop < (unsigned int)enc_len; loop++) {
134	27.3M	if (pEncoded[loop] == delimiter)
135	1.47M	basic_count = loop;
136	27.3M	}
137
138	5.05k	if (basic_count > 0) {
139	1.96k	if (basic_count > max_out)
140	134	return 0;
141
142	7.61k	for (loop = 0; loop < basic_count; loop++) {
143	5.79k	if (is_basic(pEncoded[loop]) == 0)
144	15	return 0;
145
146	5.77k	pDecoded[loop] = pEncoded[loop];
147	5.77k	written_out++;
148	5.77k	}
149	1.81k	processed_in = basic_count + 1;
150	1.81k	}
151
152	25.6k	for (loop = processed_in; loop < (unsigned int)enc_len;) {
153	20.9k	unsigned int oldi = i;
154	20.9k	unsigned int w = 1;
155	20.9k	unsigned int k, t;
156	20.9k	int digit;
157
158	54.3k	for (k = base;; k += base) {
159	54.3k	if (loop >= enc_len)
160	75	return 0;
161
162	54.2k	digit = digit_decoded(pEncoded[loop]);
163	54.2k	loop++;
164
165	54.2k	if (digit < 0)
166	95	return 0;
167	54.2k	if ((unsigned int)digit > (maxint - i) / w)
168	11	return 0;
169
170	54.1k	i = i + digit * w;
171	54.1k	t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax : k - bias;
172
173	54.1k	if ((unsigned int)digit < t)
174	20.8k	break;
175
176	33.3k	if (w > maxint / (base - t))
177	0	return 0;
178	33.3k	w = w * (base - t);
179	33.3k	}
180
181	20.8k	bias = adapt(i - oldi, written_out + 1, (oldi == 0));
182	20.8k	if (i / (written_out + 1) > maxint - n)
183	9	return 0;
184	20.7k	n = n + i / (written_out + 1);
185	20.7k	i %= (written_out + 1);
186
187	20.7k	if (written_out >= max_out)
188	68	return 0;
189
190	20.7k	memmove(pDecoded + i + 1, pDecoded + i,
191	20.7k	(written_out - i) * sizeof(*pDecoded));
192	20.7k	pDecoded[i] = n;
193	20.7k	i++;
194	20.7k	written_out++;
195	20.7k	}
196
197	4.65k	*pout_length = written_out;
198	4.65k	return 1;
199	4.90k	}
200
201		/*
202		* Encode a code point using UTF-8
203		* return number of bytes on success, 0 on failure
204		* (also produces U+FFFD, which uses 3 bytes on failure)
205		*/
206		static int codepoint2utf8(unsigned char *out, unsigned long utf)
207	62.5k	{
208	62.5k	if (utf <= 0x7F) {
209		/* Plain ASCII */
210	23.6k	out[0] = (unsigned char)utf;
211	23.6k	out[1] = 0;
212	23.6k	return 1;
213	38.9k	} else if (utf <= 0x07FF) {
214		/* 2-byte unicode */
215	25.7k	out[0] = (unsigned char)(((utf >> 6) & 0x1F) \| 0xC0);
216	25.7k	out[1] = (unsigned char)(((utf >> 0) & 0x3F) \| 0x80);
217	25.7k	out[2] = 0;
218	25.7k	return 2;
219	25.7k	} else if (utf <= 0xFFFF) {
220		/* 3-byte unicode */
221	10.3k	out[0] = (unsigned char)(((utf >> 12) & 0x0F) \| 0xE0);
222	10.3k	out[1] = (unsigned char)(((utf >> 6) & 0x3F) \| 0x80);
223	10.3k	out[2] = (unsigned char)(((utf >> 0) & 0x3F) \| 0x80);
224	10.3k	out[3] = 0;
225	10.3k	return 3;
226	10.3k	} else if (utf <= 0x10FFFF) {
227		/* 4-byte unicode */
228	2.46k	out[0] = (unsigned char)(((utf >> 18) & 0x07) \| 0xF0);
229	2.46k	out[1] = (unsigned char)(((utf >> 12) & 0x3F) \| 0x80);
230	2.46k	out[2] = (unsigned char)(((utf >> 6) & 0x3F) \| 0x80);
231	2.46k	out[3] = (unsigned char)(((utf >> 0) & 0x3F) \| 0x80);
232	2.46k	out[4] = 0;
233	2.46k	return 4;
234	2.46k	} else {
235		/* error - use replacement character */
236	281	out[0] = (unsigned char)0xEF;
237	281	out[1] = (unsigned char)0xBF;
238	281	out[2] = (unsigned char)0xBD;
239	281	out[3] = 0;
240	281	return 0;
241	281	}
242	62.5k	}
243
244		/*-
245		* Return values:
246		* 1 - ok
247		* 0 - ok but buf was too short
248		* -1 - bad string passed or other error
249		*/
250
251		int ossl_a2ulabel(const char in, char out, size_t outlen)
252	3.18k	{
253		/*-
254		* Domain name has some parts consisting of ASCII chars joined with dot.
255		* If a part is shorter than 5 chars, it becomes U-label as is.
256		* If it does not start with xn--, it becomes U-label as is.
257		* Otherwise we try to decode it.
258		*/
259	3.18k	const char *inptr = in;
260	3.18k	int result = 1;
261	3.18k	unsigned int i;
262	3.18k	unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */
263	3.18k	WPACKET pkt;
264
265		/* Internal API, so should not fail */
266	3.18k	if (!ossl_assert(out != NULL))
267	0	return -1;
268
269	3.18k	if (!WPACKET_init_static_len(&pkt, (unsigned char *)out, outlen, 0))
270	0	return -1;
271
272	50.9k	while (1) {
273	50.9k	char *tmpptr = strchr(inptr, '.');
274	50.9k	size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
275
276	50.9k	if (!HAS_PREFIX(inptr, "xn--")) {
277	31.6k	if (!WPACKET_memcpy(&pkt, inptr, delta))
278	18.9k	result = 0;
279	31.6k	} else {
280	19.3k	unsigned int bufsize = LABEL_BUF_SIZE;
281
282	19.3k	if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) {
283	264	result = -1;
284	264	goto end;
285	264	}
286
287	81.3k	for (i = 0; i < bufsize; i++) {
288	62.5k	unsigned char seed[6];
289	62.5k	size_t utfsize = codepoint2utf8(seed, buf[i]);
290
291	62.5k	if (utfsize == 0) {
292	281	result = -1;
293	281	goto end;
294	281	}
295
296	62.2k	if (!WPACKET_memcpy(&pkt, seed, utfsize))
297	57.8k	result = 0;
298	62.2k	}
299	19.1k	}
300
301	50.4k	if (tmpptr == NULL)
302	2.64k	break;
303
304	47.8k	if (!WPACKET_put_bytes_u8(&pkt, '.'))
305	45.5k	result = 0;
306
307	47.8k	inptr = tmpptr + 1;
308	47.8k	}
309
310	2.64k	if (!WPACKET_put_bytes_u8(&pkt, '\0'))
311	499	result = 0;
312	3.18k	end:
313	3.18k	WPACKET_cleanup(&pkt);
314	3.18k	return result;
315	2.64k	}