2fc4f362cd
This reverts commit 66801feb17. This
turned out to break a lot more than expected. Hopefully we can reland it
soon, but we need to fix up some consumers first.
Note due to work that went in later, this is not a trivial revert and
should be re-reviewed.
Change-Id: I6474b67cce9a8aa03f722f37ad45914b76466bea
Reviewed-on: https://boringssl-review.googlesource.com/23644
Commit-Queue: Adam Langley <agl@google.com>
Reviewed-by: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
569 lines
13 KiB
C
569 lines
13 KiB
C
/* Copyright (c) 2014, Google Inc.
|
|
*
|
|
* Permission to use, copy, modify, and/or distribute this software for any
|
|
* purpose with or without fee is hereby granted, provided that the above
|
|
* copyright notice and this permission notice appear in all copies.
|
|
*
|
|
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
|
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
|
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
|
|
* SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
|
|
* OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
|
|
* CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
|
|
|
|
#include <openssl/bytestring.h>
|
|
|
|
#include <assert.h>
|
|
#include <limits.h>
|
|
#include <string.h>
|
|
|
|
#include <openssl/mem.h>
|
|
|
|
#include "../internal.h"
|
|
|
|
|
|
void CBB_zero(CBB *cbb) {
|
|
OPENSSL_memset(cbb, 0, sizeof(CBB));
|
|
}
|
|
|
|
static int cbb_init(CBB *cbb, uint8_t *buf, size_t cap) {
|
|
// This assumes that |cbb| has already been zeroed.
|
|
struct cbb_buffer_st *base;
|
|
|
|
base = OPENSSL_malloc(sizeof(struct cbb_buffer_st));
|
|
if (base == NULL) {
|
|
return 0;
|
|
}
|
|
|
|
base->buf = buf;
|
|
base->len = 0;
|
|
base->cap = cap;
|
|
base->can_resize = 1;
|
|
base->error = 0;
|
|
|
|
cbb->base = base;
|
|
cbb->is_top_level = 1;
|
|
return 1;
|
|
}
|
|
|
|
int CBB_init(CBB *cbb, size_t initial_capacity) {
|
|
CBB_zero(cbb);
|
|
|
|
uint8_t *buf = OPENSSL_malloc(initial_capacity);
|
|
if (initial_capacity > 0 && buf == NULL) {
|
|
return 0;
|
|
}
|
|
|
|
if (!cbb_init(cbb, buf, initial_capacity)) {
|
|
OPENSSL_free(buf);
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {
|
|
CBB_zero(cbb);
|
|
|
|
if (!cbb_init(cbb, buf, len)) {
|
|
return 0;
|
|
}
|
|
|
|
cbb->base->can_resize = 0;
|
|
return 1;
|
|
}
|
|
|
|
void CBB_cleanup(CBB *cbb) {
|
|
if (cbb->base) {
|
|
// Only top-level |CBB|s are cleaned up. Child |CBB|s are non-owning. They
|
|
// are implicitly discarded when the parent is flushed or cleaned up.
|
|
assert(cbb->is_top_level);
|
|
|
|
if (cbb->base->can_resize) {
|
|
OPENSSL_free(cbb->base->buf);
|
|
}
|
|
OPENSSL_free(cbb->base);
|
|
}
|
|
cbb->base = NULL;
|
|
}
|
|
|
|
static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out,
|
|
size_t len) {
|
|
size_t newlen;
|
|
|
|
if (base == NULL) {
|
|
return 0;
|
|
}
|
|
|
|
newlen = base->len + len;
|
|
if (newlen < base->len) {
|
|
// Overflow
|
|
goto err;
|
|
}
|
|
|
|
if (newlen > base->cap) {
|
|
size_t newcap = base->cap * 2;
|
|
uint8_t *newbuf;
|
|
|
|
if (!base->can_resize) {
|
|
goto err;
|
|
}
|
|
|
|
if (newcap < base->cap || newcap < newlen) {
|
|
newcap = newlen;
|
|
}
|
|
newbuf = OPENSSL_realloc(base->buf, newcap);
|
|
if (newbuf == NULL) {
|
|
goto err;
|
|
}
|
|
|
|
base->buf = newbuf;
|
|
base->cap = newcap;
|
|
}
|
|
|
|
if (out) {
|
|
*out = base->buf + base->len;
|
|
}
|
|
|
|
return 1;
|
|
|
|
err:
|
|
base->error = 1;
|
|
return 0;
|
|
}
|
|
|
|
static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out,
|
|
size_t len) {
|
|
if (!cbb_buffer_reserve(base, out, len)) {
|
|
return 0;
|
|
}
|
|
// This will not overflow or |cbb_buffer_reserve| would have failed.
|
|
base->len += len;
|
|
return 1;
|
|
}
|
|
|
|
static int cbb_buffer_add_u(struct cbb_buffer_st *base, uint32_t v,
|
|
size_t len_len) {
|
|
if (len_len == 0) {
|
|
return 1;
|
|
}
|
|
|
|
uint8_t *buf;
|
|
if (!cbb_buffer_add(base, &buf, len_len)) {
|
|
return 0;
|
|
}
|
|
|
|
for (size_t i = len_len - 1; i < len_len; i--) {
|
|
buf[i] = v;
|
|
v >>= 8;
|
|
}
|
|
|
|
if (v != 0) {
|
|
base->error = 1;
|
|
return 0;
|
|
}
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) {
|
|
if (!cbb->is_top_level) {
|
|
return 0;
|
|
}
|
|
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
if (cbb->base->can_resize && (out_data == NULL || out_len == NULL)) {
|
|
// |out_data| and |out_len| can only be NULL if the CBB is fixed.
|
|
return 0;
|
|
}
|
|
|
|
if (out_data != NULL) {
|
|
*out_data = cbb->base->buf;
|
|
}
|
|
if (out_len != NULL) {
|
|
*out_len = cbb->base->len;
|
|
}
|
|
cbb->base->buf = NULL;
|
|
CBB_cleanup(cbb);
|
|
return 1;
|
|
}
|
|
|
|
// CBB_flush recurses and then writes out any pending length prefix. The
|
|
// current length of the underlying base is taken to be the length of the
|
|
// length-prefixed data.
|
|
int CBB_flush(CBB *cbb) {
|
|
size_t child_start, i, len;
|
|
|
|
// If |cbb->base| has hit an error, the buffer is in an undefined state, so
|
|
// fail all following calls. In particular, |cbb->child| may point to invalid
|
|
// memory.
|
|
if (cbb->base == NULL || cbb->base->error) {
|
|
return 0;
|
|
}
|
|
|
|
if (cbb->child == NULL || cbb->child->pending_len_len == 0) {
|
|
return 1;
|
|
}
|
|
|
|
child_start = cbb->child->offset + cbb->child->pending_len_len;
|
|
|
|
if (!CBB_flush(cbb->child) ||
|
|
child_start < cbb->child->offset ||
|
|
cbb->base->len < child_start) {
|
|
goto err;
|
|
}
|
|
|
|
len = cbb->base->len - child_start;
|
|
|
|
if (cbb->child->pending_is_asn1) {
|
|
// For ASN.1 we assume that we'll only need a single byte for the length.
|
|
// If that turned out to be incorrect, we have to move the contents along
|
|
// in order to make space.
|
|
uint8_t len_len;
|
|
uint8_t initial_length_byte;
|
|
|
|
assert (cbb->child->pending_len_len == 1);
|
|
|
|
if (len > 0xfffffffe) {
|
|
// Too large.
|
|
goto err;
|
|
} else if (len > 0xffffff) {
|
|
len_len = 5;
|
|
initial_length_byte = 0x80 | 4;
|
|
} else if (len > 0xffff) {
|
|
len_len = 4;
|
|
initial_length_byte = 0x80 | 3;
|
|
} else if (len > 0xff) {
|
|
len_len = 3;
|
|
initial_length_byte = 0x80 | 2;
|
|
} else if (len > 0x7f) {
|
|
len_len = 2;
|
|
initial_length_byte = 0x80 | 1;
|
|
} else {
|
|
len_len = 1;
|
|
initial_length_byte = (uint8_t)len;
|
|
len = 0;
|
|
}
|
|
|
|
if (len_len != 1) {
|
|
// We need to move the contents along in order to make space.
|
|
size_t extra_bytes = len_len - 1;
|
|
if (!cbb_buffer_add(cbb->base, NULL, extra_bytes)) {
|
|
goto err;
|
|
}
|
|
OPENSSL_memmove(cbb->base->buf + child_start + extra_bytes,
|
|
cbb->base->buf + child_start, len);
|
|
}
|
|
cbb->base->buf[cbb->child->offset++] = initial_length_byte;
|
|
cbb->child->pending_len_len = len_len - 1;
|
|
}
|
|
|
|
for (i = cbb->child->pending_len_len - 1; i < cbb->child->pending_len_len;
|
|
i--) {
|
|
cbb->base->buf[cbb->child->offset + i] = (uint8_t)len;
|
|
len >>= 8;
|
|
}
|
|
if (len != 0) {
|
|
goto err;
|
|
}
|
|
|
|
cbb->child->base = NULL;
|
|
cbb->child = NULL;
|
|
|
|
return 1;
|
|
|
|
err:
|
|
cbb->base->error = 1;
|
|
return 0;
|
|
}
|
|
|
|
const uint8_t *CBB_data(const CBB *cbb) {
|
|
assert(cbb->child == NULL);
|
|
return cbb->base->buf + cbb->offset + cbb->pending_len_len;
|
|
}
|
|
|
|
size_t CBB_len(const CBB *cbb) {
|
|
assert(cbb->child == NULL);
|
|
assert(cbb->offset + cbb->pending_len_len <= cbb->base->len);
|
|
|
|
return cbb->base->len - cbb->offset - cbb->pending_len_len;
|
|
}
|
|
|
|
static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
|
|
uint8_t len_len) {
|
|
uint8_t *prefix_bytes;
|
|
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
size_t offset = cbb->base->len;
|
|
if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len)) {
|
|
return 0;
|
|
}
|
|
|
|
OPENSSL_memset(prefix_bytes, 0, len_len);
|
|
OPENSSL_memset(out_contents, 0, sizeof(CBB));
|
|
out_contents->base = cbb->base;
|
|
cbb->child = out_contents;
|
|
cbb->child->offset = offset;
|
|
cbb->child->pending_len_len = len_len;
|
|
cbb->child->pending_is_asn1 = 0;
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) {
|
|
return cbb_add_length_prefixed(cbb, out_contents, 1);
|
|
}
|
|
|
|
int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) {
|
|
return cbb_add_length_prefixed(cbb, out_contents, 2);
|
|
}
|
|
|
|
int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) {
|
|
return cbb_add_length_prefixed(cbb, out_contents, 3);
|
|
}
|
|
|
|
// add_base128_integer encodes |v| as a big-endian base-128 integer where the
|
|
// high bit of each byte indicates where there is more data. This is the
|
|
// encoding used in DER for both high tag number form and OID components.
|
|
static int add_base128_integer(CBB *cbb, uint64_t v) {
|
|
unsigned len_len = 0;
|
|
uint64_t copy = v;
|
|
while (copy > 0) {
|
|
len_len++;
|
|
copy >>= 7;
|
|
}
|
|
if (len_len == 0) {
|
|
len_len = 1; // Zero is encoded with one byte.
|
|
}
|
|
for (unsigned i = len_len - 1; i < len_len; i--) {
|
|
uint8_t byte = (v >> (7 * i)) & 0x7f;
|
|
if (i != 0) {
|
|
// The high bit denotes whether there is more data.
|
|
byte |= 0x80;
|
|
}
|
|
if (!CBB_add_u8(cbb, byte)) {
|
|
return 0;
|
|
}
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned tag) {
|
|
if (tag > 0xff ||
|
|
(tag & 0x1f) == 0x1f) {
|
|
// Long form identifier octets are not supported. Further, all current valid
|
|
// tag serializations are 8 bits.
|
|
cbb->base->error = 1;
|
|
return 0;
|
|
}
|
|
|
|
if (!CBB_flush(cbb) ||
|
|
// |tag|'s representation matches the DER encoding.
|
|
!CBB_add_u8(cbb, (uint8_t)tag)) {
|
|
return 0;
|
|
}
|
|
|
|
size_t offset = cbb->base->len;
|
|
if (!CBB_add_u8(cbb, 0)) {
|
|
return 0;
|
|
}
|
|
|
|
OPENSSL_memset(out_contents, 0, sizeof(CBB));
|
|
out_contents->base = cbb->base;
|
|
cbb->child = out_contents;
|
|
cbb->child->offset = offset;
|
|
cbb->child->pending_len_len = 1;
|
|
cbb->child->pending_is_asn1 = 1;
|
|
|
|
return 1;
|
|
}
|
|
|
|
int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) {
|
|
uint8_t *dest;
|
|
|
|
if (!CBB_flush(cbb) ||
|
|
!cbb_buffer_add(cbb->base, &dest, len)) {
|
|
return 0;
|
|
}
|
|
OPENSSL_memcpy(dest, data, len);
|
|
return 1;
|
|
}
|
|
|
|
int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) {
|
|
if (!CBB_flush(cbb) ||
|
|
!cbb_buffer_add(cbb->base, out_data, len)) {
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len) {
|
|
if (!CBB_flush(cbb) ||
|
|
!cbb_buffer_reserve(cbb->base, out_data, len)) {
|
|
return 0;
|
|
}
|
|
return 1;
|
|
}
|
|
|
|
int CBB_did_write(CBB *cbb, size_t len) {
|
|
size_t newlen = cbb->base->len + len;
|
|
if (cbb->child != NULL ||
|
|
newlen < cbb->base->len ||
|
|
newlen > cbb->base->cap) {
|
|
return 0;
|
|
}
|
|
cbb->base->len = newlen;
|
|
return 1;
|
|
}
|
|
|
|
int CBB_add_u8(CBB *cbb, uint8_t value) {
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
return cbb_buffer_add_u(cbb->base, value, 1);
|
|
}
|
|
|
|
int CBB_add_u16(CBB *cbb, uint16_t value) {
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
return cbb_buffer_add_u(cbb->base, value, 2);
|
|
}
|
|
|
|
int CBB_add_u24(CBB *cbb, uint32_t value) {
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
return cbb_buffer_add_u(cbb->base, value, 3);
|
|
}
|
|
|
|
int CBB_add_u32(CBB *cbb, uint32_t value) {
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
return cbb_buffer_add_u(cbb->base, value, 4);
|
|
}
|
|
|
|
void CBB_discard_child(CBB *cbb) {
|
|
if (cbb->child == NULL) {
|
|
return;
|
|
}
|
|
|
|
cbb->base->len = cbb->child->offset;
|
|
|
|
cbb->child->base = NULL;
|
|
cbb->child = NULL;
|
|
}
|
|
|
|
int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
|
|
CBB child;
|
|
int started = 0;
|
|
|
|
if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER)) {
|
|
return 0;
|
|
}
|
|
|
|
for (size_t i = 0; i < 8; i++) {
|
|
uint8_t byte = (value >> 8*(7-i)) & 0xff;
|
|
if (!started) {
|
|
if (byte == 0) {
|
|
// Don't encode leading zeros.
|
|
continue;
|
|
}
|
|
// If the high bit is set, add a padding byte to make it
|
|
// unsigned.
|
|
if ((byte & 0x80) && !CBB_add_u8(&child, 0)) {
|
|
return 0;
|
|
}
|
|
started = 1;
|
|
}
|
|
if (!CBB_add_u8(&child, byte)) {
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
// 0 is encoded as a single 0, not the empty string.
|
|
if (!started && !CBB_add_u8(&child, 0)) {
|
|
return 0;
|
|
}
|
|
|
|
return CBB_flush(cbb);
|
|
}
|
|
|
|
// parse_dotted_decimal parses one decimal component from |cbs|, where |cbs| is
|
|
// an OID literal, e.g., "1.2.840.113554.4.1.72585". It consumes both the
|
|
// component and the dot, so |cbs| may be passed into the function again for the
|
|
// next value.
|
|
static int parse_dotted_decimal(CBS *cbs, uint64_t *out) {
|
|
*out = 0;
|
|
int seen_digit = 0;
|
|
for (;;) {
|
|
// Valid terminators for a component are the end of the string or a
|
|
// non-terminal dot. If the string ends with a dot, this is not a valid OID
|
|
// string.
|
|
uint8_t u;
|
|
if (!CBS_get_u8(cbs, &u) ||
|
|
(u == '.' && CBS_len(cbs) > 0)) {
|
|
break;
|
|
}
|
|
if (u < '0' || u > '9' ||
|
|
// Forbid stray leading zeros.
|
|
(seen_digit && *out == 0) ||
|
|
// Check for overflow.
|
|
*out > UINT64_MAX / 10 ||
|
|
*out * 10 > UINT64_MAX - (u - '0')) {
|
|
return 0;
|
|
}
|
|
*out = *out * 10 + (u - '0');
|
|
seen_digit = 1;
|
|
}
|
|
// The empty string is not a legal OID component.
|
|
return seen_digit;
|
|
}
|
|
|
|
int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) {
|
|
if (!CBB_flush(cbb)) {
|
|
return 0;
|
|
}
|
|
|
|
CBS cbs;
|
|
CBS_init(&cbs, (const uint8_t *)text, len);
|
|
|
|
// OIDs must have at least two components.
|
|
uint64_t a, b;
|
|
if (!parse_dotted_decimal(&cbs, &a) ||
|
|
!parse_dotted_decimal(&cbs, &b)) {
|
|
return 0;
|
|
}
|
|
|
|
// The first component is encoded as 40 * |a| + |b|. This assumes that |a| is
|
|
// 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39.
|
|
if (a > 2 ||
|
|
(a < 2 && b > 39) ||
|
|
b > UINT64_MAX - 80 ||
|
|
!add_base128_integer(cbb, 40u * a + b)) {
|
|
return 0;
|
|
}
|
|
|
|
// The remaining components are encoded unmodified.
|
|
while (CBS_len(&cbs) > 0) {
|
|
if (!parse_dotted_decimal(&cbs, &a) ||
|
|
!add_base128_integer(cbb, a)) {
|
|
return 0;
|
|
}
|
|
}
|
|
|
|
return 1;
|
|
}
|