1 | /*
|
---|
2 | * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
|
---|
3 | *
|
---|
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use
|
---|
5 | * this file except in compliance with the License. You can obtain a copy
|
---|
6 | * in the file LICENSE in the source distribution or at
|
---|
7 | * https://www.openssl.org/source/license.html
|
---|
8 | */
|
---|
9 |
|
---|
10 | #include <stdio.h>
|
---|
11 | #include <limits.h>
|
---|
12 | #include "crypto/ctype.h"
|
---|
13 | #include "internal/cryptlib.h"
|
---|
14 | #include <openssl/buffer.h>
|
---|
15 | #include <openssl/asn1.h>
|
---|
16 | #include <openssl/objects.h>
|
---|
17 | #include <openssl/bn.h>
|
---|
18 | #include "crypto/asn1.h"
|
---|
19 | #include "asn1_local.h"
|
---|
20 |
|
---|
21 | int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
|
---|
22 | {
|
---|
23 | unsigned char *p, *allocated = NULL;
|
---|
24 | int objsize;
|
---|
25 |
|
---|
26 | if ((a == NULL) || (a->data == NULL))
|
---|
27 | return 0;
|
---|
28 |
|
---|
29 | objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
|
---|
30 | if (pp == NULL || objsize == -1)
|
---|
31 | return objsize;
|
---|
32 |
|
---|
33 | if (*pp == NULL) {
|
---|
34 | if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
|
---|
35 | ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
---|
36 | return 0;
|
---|
37 | }
|
---|
38 | } else {
|
---|
39 | p = *pp;
|
---|
40 | }
|
---|
41 |
|
---|
42 | ASN1_put_object(&p, 0, a->length, V_ASN1_OBJECT, V_ASN1_UNIVERSAL);
|
---|
43 | memcpy(p, a->data, a->length);
|
---|
44 |
|
---|
45 | /*
|
---|
46 | * If a new buffer was allocated, just return it back.
|
---|
47 | * If not, return the incremented buffer pointer.
|
---|
48 | */
|
---|
49 | *pp = allocated != NULL ? allocated : p + a->length;
|
---|
50 | return objsize;
|
---|
51 | }
|
---|
52 |
|
---|
53 | int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num)
|
---|
54 | {
|
---|
55 | int i, first, len = 0, c, use_bn;
|
---|
56 | char ftmp[24], *tmp = ftmp;
|
---|
57 | int tmpsize = sizeof(ftmp);
|
---|
58 | const char *p;
|
---|
59 | unsigned long l;
|
---|
60 | BIGNUM *bl = NULL;
|
---|
61 |
|
---|
62 | if (num == 0)
|
---|
63 | return 0;
|
---|
64 | else if (num == -1)
|
---|
65 | num = strlen(buf);
|
---|
66 |
|
---|
67 | p = buf;
|
---|
68 | c = *(p++);
|
---|
69 | num--;
|
---|
70 | if ((c >= '0') && (c <= '2')) {
|
---|
71 | first = c - '0';
|
---|
72 | } else {
|
---|
73 | ERR_raise(ERR_LIB_ASN1, ASN1_R_FIRST_NUM_TOO_LARGE);
|
---|
74 | goto err;
|
---|
75 | }
|
---|
76 |
|
---|
77 | if (num <= 0) {
|
---|
78 | ERR_raise(ERR_LIB_ASN1, ASN1_R_MISSING_SECOND_NUMBER);
|
---|
79 | goto err;
|
---|
80 | }
|
---|
81 | c = *(p++);
|
---|
82 | num--;
|
---|
83 | for (;;) {
|
---|
84 | if (num <= 0)
|
---|
85 | break;
|
---|
86 | if ((c != '.') && (c != ' ')) {
|
---|
87 | ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_SEPARATOR);
|
---|
88 | goto err;
|
---|
89 | }
|
---|
90 | l = 0;
|
---|
91 | use_bn = 0;
|
---|
92 | for (;;) {
|
---|
93 | if (num <= 0)
|
---|
94 | break;
|
---|
95 | num--;
|
---|
96 | c = *(p++);
|
---|
97 | if ((c == ' ') || (c == '.'))
|
---|
98 | break;
|
---|
99 | if (!ossl_isdigit(c)) {
|
---|
100 | ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_DIGIT);
|
---|
101 | goto err;
|
---|
102 | }
|
---|
103 | if (!use_bn && l >= ((ULONG_MAX - 80) / 10L)) {
|
---|
104 | use_bn = 1;
|
---|
105 | if (bl == NULL)
|
---|
106 | bl = BN_new();
|
---|
107 | if (bl == NULL || !BN_set_word(bl, l))
|
---|
108 | goto err;
|
---|
109 | }
|
---|
110 | if (use_bn) {
|
---|
111 | if (!BN_mul_word(bl, 10L)
|
---|
112 | || !BN_add_word(bl, c - '0'))
|
---|
113 | goto err;
|
---|
114 | } else
|
---|
115 | l = l * 10L + (long)(c - '0');
|
---|
116 | }
|
---|
117 | if (len == 0) {
|
---|
118 | if ((first < 2) && (l >= 40)) {
|
---|
119 | ERR_raise(ERR_LIB_ASN1, ASN1_R_SECOND_NUMBER_TOO_LARGE);
|
---|
120 | goto err;
|
---|
121 | }
|
---|
122 | if (use_bn) {
|
---|
123 | if (!BN_add_word(bl, first * 40))
|
---|
124 | goto err;
|
---|
125 | } else
|
---|
126 | l += (long)first *40;
|
---|
127 | }
|
---|
128 | i = 0;
|
---|
129 | if (use_bn) {
|
---|
130 | int blsize;
|
---|
131 | blsize = BN_num_bits(bl);
|
---|
132 | blsize = (blsize + 6) / 7;
|
---|
133 | if (blsize > tmpsize) {
|
---|
134 | if (tmp != ftmp)
|
---|
135 | OPENSSL_free(tmp);
|
---|
136 | tmpsize = blsize + 32;
|
---|
137 | tmp = OPENSSL_malloc(tmpsize);
|
---|
138 | if (tmp == NULL) {
|
---|
139 | ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
---|
140 | goto err;
|
---|
141 | }
|
---|
142 | }
|
---|
143 | while (blsize--) {
|
---|
144 | BN_ULONG t = BN_div_word(bl, 0x80L);
|
---|
145 | if (t == (BN_ULONG)-1)
|
---|
146 | goto err;
|
---|
147 | tmp[i++] = (unsigned char)t;
|
---|
148 | }
|
---|
149 | } else {
|
---|
150 |
|
---|
151 | for (;;) {
|
---|
152 | tmp[i++] = (unsigned char)l & 0x7f;
|
---|
153 | l >>= 7L;
|
---|
154 | if (l == 0L)
|
---|
155 | break;
|
---|
156 | }
|
---|
157 |
|
---|
158 | }
|
---|
159 | if (out != NULL) {
|
---|
160 | if (len + i > olen) {
|
---|
161 | ERR_raise(ERR_LIB_ASN1, ASN1_R_BUFFER_TOO_SMALL);
|
---|
162 | goto err;
|
---|
163 | }
|
---|
164 | while (--i > 0)
|
---|
165 | out[len++] = tmp[i] | 0x80;
|
---|
166 | out[len++] = tmp[0];
|
---|
167 | } else
|
---|
168 | len += i;
|
---|
169 | }
|
---|
170 | if (tmp != ftmp)
|
---|
171 | OPENSSL_free(tmp);
|
---|
172 | BN_free(bl);
|
---|
173 | return len;
|
---|
174 | err:
|
---|
175 | if (tmp != ftmp)
|
---|
176 | OPENSSL_free(tmp);
|
---|
177 | BN_free(bl);
|
---|
178 | return 0;
|
---|
179 | }
|
---|
180 |
|
---|
181 | int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
|
---|
182 | {
|
---|
183 | return OBJ_obj2txt(buf, buf_len, a, 0);
|
---|
184 | }
|
---|
185 |
|
---|
186 | int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
|
---|
187 | {
|
---|
188 | char buf[80], *p = buf;
|
---|
189 | int i;
|
---|
190 |
|
---|
191 | if ((a == NULL) || (a->data == NULL))
|
---|
192 | return BIO_write(bp, "NULL", 4);
|
---|
193 | i = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
|
---|
194 | if (i > (int)(sizeof(buf) - 1)) {
|
---|
195 | if (i > INT_MAX - 1) { /* catch an integer overflow */
|
---|
196 | ERR_raise(ERR_LIB_ASN1, ASN1_R_LENGTH_TOO_LONG);
|
---|
197 | return -1;
|
---|
198 | }
|
---|
199 | if ((p = OPENSSL_malloc(i + 1)) == NULL) {
|
---|
200 | ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
---|
201 | return -1;
|
---|
202 | }
|
---|
203 | i2t_ASN1_OBJECT(p, i + 1, a);
|
---|
204 | }
|
---|
205 | if (i <= 0) {
|
---|
206 | i = BIO_write(bp, "<INVALID>", 9);
|
---|
207 | i += BIO_dump(bp, (const char *)a->data, a->length);
|
---|
208 | return i;
|
---|
209 | }
|
---|
210 | BIO_write(bp, p, i);
|
---|
211 | if (p != buf)
|
---|
212 | OPENSSL_free(p);
|
---|
213 | return i;
|
---|
214 | }
|
---|
215 |
|
---|
216 | ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
|
---|
217 | long length)
|
---|
218 | {
|
---|
219 | const unsigned char *p;
|
---|
220 | long len;
|
---|
221 | int tag, xclass;
|
---|
222 | int inf, i;
|
---|
223 | ASN1_OBJECT *ret = NULL;
|
---|
224 | p = *pp;
|
---|
225 | inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
|
---|
226 | if (inf & 0x80) {
|
---|
227 | i = ASN1_R_BAD_OBJECT_HEADER;
|
---|
228 | goto err;
|
---|
229 | }
|
---|
230 |
|
---|
231 | if (tag != V_ASN1_OBJECT) {
|
---|
232 | i = ASN1_R_EXPECTING_AN_OBJECT;
|
---|
233 | goto err;
|
---|
234 | }
|
---|
235 | ret = ossl_c2i_ASN1_OBJECT(a, &p, len);
|
---|
236 | if (ret)
|
---|
237 | *pp = p;
|
---|
238 | return ret;
|
---|
239 | err:
|
---|
240 | ERR_raise(ERR_LIB_ASN1, i);
|
---|
241 | return NULL;
|
---|
242 | }
|
---|
243 |
|
---|
244 | ASN1_OBJECT *ossl_c2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,
|
---|
245 | long len)
|
---|
246 | {
|
---|
247 | ASN1_OBJECT *ret = NULL, tobj;
|
---|
248 | const unsigned char *p;
|
---|
249 | unsigned char *data;
|
---|
250 | int i, length;
|
---|
251 |
|
---|
252 | /*
|
---|
253 | * Sanity check OID encoding. Need at least one content octet. MSB must
|
---|
254 | * be clear in the last octet. can't have leading 0x80 in subidentifiers,
|
---|
255 | * see: X.690 8.19.2
|
---|
256 | */
|
---|
257 | if (len <= 0 || len > INT_MAX || pp == NULL || (p = *pp) == NULL ||
|
---|
258 | p[len - 1] & 0x80) {
|
---|
259 | ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING);
|
---|
260 | return NULL;
|
---|
261 | }
|
---|
262 | /* Now 0 < len <= INT_MAX, so the cast is safe. */
|
---|
263 | length = (int)len;
|
---|
264 | /*
|
---|
265 | * Try to lookup OID in table: these are all valid encodings so if we get
|
---|
266 | * a match we know the OID is valid.
|
---|
267 | */
|
---|
268 | tobj.nid = NID_undef;
|
---|
269 | tobj.data = p;
|
---|
270 | tobj.length = length;
|
---|
271 | tobj.flags = 0;
|
---|
272 | i = OBJ_obj2nid(&tobj);
|
---|
273 | if (i != NID_undef) {
|
---|
274 | /*
|
---|
275 | * Return shared registered OID object: this improves efficiency
|
---|
276 | * because we don't have to return a dynamically allocated OID
|
---|
277 | * and NID lookups can use the cached value.
|
---|
278 | */
|
---|
279 | ret = OBJ_nid2obj(i);
|
---|
280 | if (a) {
|
---|
281 | ASN1_OBJECT_free(*a);
|
---|
282 | *a = ret;
|
---|
283 | }
|
---|
284 | *pp += len;
|
---|
285 | return ret;
|
---|
286 | }
|
---|
287 | for (i = 0; i < length; i++, p++) {
|
---|
288 | if (*p == 0x80 && (!i || !(p[-1] & 0x80))) {
|
---|
289 | ERR_raise(ERR_LIB_ASN1, ASN1_R_INVALID_OBJECT_ENCODING);
|
---|
290 | return NULL;
|
---|
291 | }
|
---|
292 | }
|
---|
293 |
|
---|
294 | if ((a == NULL) || ((*a) == NULL) ||
|
---|
295 | !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) {
|
---|
296 | if ((ret = ASN1_OBJECT_new()) == NULL)
|
---|
297 | return NULL;
|
---|
298 | } else {
|
---|
299 | ret = (*a);
|
---|
300 | }
|
---|
301 |
|
---|
302 | p = *pp;
|
---|
303 | /* detach data from object */
|
---|
304 | data = (unsigned char *)ret->data;
|
---|
305 | ret->data = NULL;
|
---|
306 | /* once detached we can change it */
|
---|
307 | if ((data == NULL) || (ret->length < length)) {
|
---|
308 | ret->length = 0;
|
---|
309 | OPENSSL_free(data);
|
---|
310 | data = OPENSSL_malloc(length);
|
---|
311 | if (data == NULL) {
|
---|
312 | i = ERR_R_MALLOC_FAILURE;
|
---|
313 | goto err;
|
---|
314 | }
|
---|
315 | ret->flags |= ASN1_OBJECT_FLAG_DYNAMIC_DATA;
|
---|
316 | }
|
---|
317 | memcpy(data, p, length);
|
---|
318 | /* If there are dynamic strings, free them here, and clear the flag */
|
---|
319 | if ((ret->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) != 0) {
|
---|
320 | OPENSSL_free((char *)ret->sn);
|
---|
321 | OPENSSL_free((char *)ret->ln);
|
---|
322 | ret->flags &= ~ASN1_OBJECT_FLAG_DYNAMIC_STRINGS;
|
---|
323 | }
|
---|
324 | /* reattach data to object, after which it remains const */
|
---|
325 | ret->data = data;
|
---|
326 | ret->length = length;
|
---|
327 | ret->sn = NULL;
|
---|
328 | ret->ln = NULL;
|
---|
329 | /* ret->flags=ASN1_OBJECT_FLAG_DYNAMIC; we know it is dynamic */
|
---|
330 | p += length;
|
---|
331 |
|
---|
332 | if (a != NULL)
|
---|
333 | (*a) = ret;
|
---|
334 | *pp = p;
|
---|
335 | return ret;
|
---|
336 | err:
|
---|
337 | ERR_raise(ERR_LIB_ASN1, i);
|
---|
338 | if ((a == NULL) || (*a != ret))
|
---|
339 | ASN1_OBJECT_free(ret);
|
---|
340 | return NULL;
|
---|
341 | }
|
---|
342 |
|
---|
343 | ASN1_OBJECT *ASN1_OBJECT_new(void)
|
---|
344 | {
|
---|
345 | ASN1_OBJECT *ret;
|
---|
346 |
|
---|
347 | ret = OPENSSL_zalloc(sizeof(*ret));
|
---|
348 | if (ret == NULL) {
|
---|
349 | ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
|
---|
350 | return NULL;
|
---|
351 | }
|
---|
352 | ret->flags = ASN1_OBJECT_FLAG_DYNAMIC;
|
---|
353 | return ret;
|
---|
354 | }
|
---|
355 |
|
---|
356 | void ASN1_OBJECT_free(ASN1_OBJECT *a)
|
---|
357 | {
|
---|
358 | if (a == NULL)
|
---|
359 | return;
|
---|
360 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) {
|
---|
361 | #ifndef CONST_STRICT
|
---|
362 | /*
|
---|
363 | * Disable purely for compile-time strict const checking. Doing this
|
---|
364 | * on a "real" compile will cause memory leaks
|
---|
365 | */
|
---|
366 | OPENSSL_free((void*)a->sn);
|
---|
367 | OPENSSL_free((void*)a->ln);
|
---|
368 | #endif
|
---|
369 | a->sn = a->ln = NULL;
|
---|
370 | }
|
---|
371 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) {
|
---|
372 | OPENSSL_free((void*)a->data);
|
---|
373 | a->data = NULL;
|
---|
374 | a->length = 0;
|
---|
375 | }
|
---|
376 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC)
|
---|
377 | OPENSSL_free(a);
|
---|
378 | }
|
---|
379 |
|
---|
380 | ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len,
|
---|
381 | const char *sn, const char *ln)
|
---|
382 | {
|
---|
383 | ASN1_OBJECT o;
|
---|
384 |
|
---|
385 | o.sn = sn;
|
---|
386 | o.ln = ln;
|
---|
387 | o.data = data;
|
---|
388 | o.nid = nid;
|
---|
389 | o.length = len;
|
---|
390 | o.flags = ASN1_OBJECT_FLAG_DYNAMIC | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS |
|
---|
391 | ASN1_OBJECT_FLAG_DYNAMIC_DATA;
|
---|
392 | return OBJ_dup(&o);
|
---|
393 | }
|
---|