1 /* Copyright (c) 2014, Google Inc.
2 *
3 * Permission to use, copy, modify, and/or distribute this software for any
4 * purpose with or without fee is hereby granted, provided that the above
5 * copyright notice and this permission notice appear in all copies.
6 *
7 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14
15 #include <openssl/asn1.h>
16 #include <openssl/bytestring.h>
17 #include <openssl/mem.h>
18
19 #include <assert.h>
20 #include <ctype.h>
21 #include <inttypes.h>
22 #include <string.h>
23
24 #include "../asn1/internal.h"
25 #include "../internal.h"
26 #include "internal.h"
27
28
cbs_get(CBS * cbs,const uint8_t ** p,size_t n)29 static int cbs_get(CBS *cbs, const uint8_t **p, size_t n) {
30 if (cbs->len < n) {
31 return 0;
32 }
33
34 *p = cbs->data;
35 cbs->data += n;
36 cbs->len -= n;
37 return 1;
38 }
39
CBS_skip(CBS * cbs,size_t len)40 int CBS_skip(CBS *cbs, size_t len) {
41 const uint8_t *dummy;
42 return cbs_get(cbs, &dummy, len);
43 }
44
CBS_stow(const CBS * cbs,uint8_t ** out_ptr,size_t * out_len)45 int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len) {
46 OPENSSL_free(*out_ptr);
47 *out_ptr = NULL;
48 *out_len = 0;
49
50 if (cbs->len == 0) {
51 return 1;
52 }
53 *out_ptr = OPENSSL_memdup(cbs->data, cbs->len);
54 if (*out_ptr == NULL) {
55 return 0;
56 }
57 *out_len = cbs->len;
58 return 1;
59 }
60
CBS_strdup(const CBS * cbs,char ** out_ptr)61 int CBS_strdup(const CBS *cbs, char **out_ptr) {
62 if (*out_ptr != NULL) {
63 OPENSSL_free(*out_ptr);
64 }
65 *out_ptr = OPENSSL_strndup((const char*)cbs->data, cbs->len);
66 return (*out_ptr != NULL);
67 }
68
CBS_contains_zero_byte(const CBS * cbs)69 int CBS_contains_zero_byte(const CBS *cbs) {
70 return OPENSSL_memchr(cbs->data, 0, cbs->len) != NULL;
71 }
72
CBS_mem_equal(const CBS * cbs,const uint8_t * data,size_t len)73 int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len) {
74 if (len != cbs->len) {
75 return 0;
76 }
77 return CRYPTO_memcmp(cbs->data, data, len) == 0;
78 }
79
cbs_get_u(CBS * cbs,uint64_t * out,size_t len)80 static int cbs_get_u(CBS *cbs, uint64_t *out, size_t len) {
81 uint64_t result = 0;
82 const uint8_t *data;
83
84 if (!cbs_get(cbs, &data, len)) {
85 return 0;
86 }
87 for (size_t i = 0; i < len; i++) {
88 result <<= 8;
89 result |= data[i];
90 }
91 *out = result;
92 return 1;
93 }
94
CBS_get_u8(CBS * cbs,uint8_t * out)95 int CBS_get_u8(CBS *cbs, uint8_t *out) {
96 const uint8_t *v;
97 if (!cbs_get(cbs, &v, 1)) {
98 return 0;
99 }
100 *out = *v;
101 return 1;
102 }
103
CBS_get_u16(CBS * cbs,uint16_t * out)104 int CBS_get_u16(CBS *cbs, uint16_t *out) {
105 uint64_t v;
106 if (!cbs_get_u(cbs, &v, 2)) {
107 return 0;
108 }
109 *out = v;
110 return 1;
111 }
112
CBS_get_u16le(CBS * cbs,uint16_t * out)113 int CBS_get_u16le(CBS *cbs, uint16_t *out) {
114 if (!CBS_get_u16(cbs, out)) {
115 return 0;
116 }
117 *out = CRYPTO_bswap2(*out);
118 return 1;
119 }
120
CBS_get_u24(CBS * cbs,uint32_t * out)121 int CBS_get_u24(CBS *cbs, uint32_t *out) {
122 uint64_t v;
123 if (!cbs_get_u(cbs, &v, 3)) {
124 return 0;
125 }
126 *out = (uint32_t)v;
127 return 1;
128 }
129
CBS_get_u32(CBS * cbs,uint32_t * out)130 int CBS_get_u32(CBS *cbs, uint32_t *out) {
131 uint64_t v;
132 if (!cbs_get_u(cbs, &v, 4)) {
133 return 0;
134 }
135 *out = (uint32_t)v;
136 return 1;
137 }
138
CBS_get_u32le(CBS * cbs,uint32_t * out)139 int CBS_get_u32le(CBS *cbs, uint32_t *out) {
140 if (!CBS_get_u32(cbs, out)) {
141 return 0;
142 }
143 *out = CRYPTO_bswap4(*out);
144 return 1;
145 }
146
CBS_get_u64(CBS * cbs,uint64_t * out)147 int CBS_get_u64(CBS *cbs, uint64_t *out) {
148 return cbs_get_u(cbs, out, 8);
149 }
150
CBS_get_u64le(CBS * cbs,uint64_t * out)151 int CBS_get_u64le(CBS *cbs, uint64_t *out) {
152 if (!cbs_get_u(cbs, out, 8)) {
153 return 0;
154 }
155 *out = CRYPTO_bswap8(*out);
156 return 1;
157 }
158
CBS_get_last_u8(CBS * cbs,uint8_t * out)159 int CBS_get_last_u8(CBS *cbs, uint8_t *out) {
160 if (cbs->len == 0) {
161 return 0;
162 }
163 *out = cbs->data[cbs->len - 1];
164 cbs->len--;
165 return 1;
166 }
167
CBS_get_bytes(CBS * cbs,CBS * out,size_t len)168 int CBS_get_bytes(CBS *cbs, CBS *out, size_t len) {
169 const uint8_t *v;
170 if (!cbs_get(cbs, &v, len)) {
171 return 0;
172 }
173 CBS_init(out, v, len);
174 return 1;
175 }
176
CBS_copy_bytes(CBS * cbs,uint8_t * out,size_t len)177 int CBS_copy_bytes(CBS *cbs, uint8_t *out, size_t len) {
178 const uint8_t *v;
179 if (!cbs_get(cbs, &v, len)) {
180 return 0;
181 }
182 OPENSSL_memcpy(out, v, len);
183 return 1;
184 }
185
cbs_get_length_prefixed(CBS * cbs,CBS * out,size_t len_len)186 static int cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len) {
187 uint64_t len;
188 if (!cbs_get_u(cbs, &len, len_len)) {
189 return 0;
190 }
191 // If |len_len| <= 3 then we know that |len| will fit into a |size_t|, even on
192 // 32-bit systems.
193 assert(len_len <= 3);
194 return CBS_get_bytes(cbs, out, len);
195 }
196
CBS_get_u8_length_prefixed(CBS * cbs,CBS * out)197 int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out) {
198 return cbs_get_length_prefixed(cbs, out, 1);
199 }
200
CBS_get_u16_length_prefixed(CBS * cbs,CBS * out)201 int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out) {
202 return cbs_get_length_prefixed(cbs, out, 2);
203 }
204
CBS_get_u24_length_prefixed(CBS * cbs,CBS * out)205 int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out) {
206 return cbs_get_length_prefixed(cbs, out, 3);
207 }
208
CBS_get_until_first(CBS * cbs,CBS * out,uint8_t c)209 int CBS_get_until_first(CBS *cbs, CBS *out, uint8_t c) {
210 const uint8_t *split = OPENSSL_memchr(CBS_data(cbs), c, CBS_len(cbs));
211 if (split == NULL) {
212 return 0;
213 }
214 return CBS_get_bytes(cbs, out, split - CBS_data(cbs));
215 }
216
CBS_get_u64_decimal(CBS * cbs,uint64_t * out)217 int CBS_get_u64_decimal(CBS *cbs, uint64_t *out) {
218 uint64_t v = 0;
219 int seen_digit = 0;
220 while (CBS_len(cbs) != 0) {
221 uint8_t c = CBS_data(cbs)[0];
222 if (!OPENSSL_isdigit(c)) {
223 break;
224 }
225 CBS_skip(cbs, 1);
226 if (// Forbid stray leading zeros.
227 (v == 0 && seen_digit) ||
228 // Check for overflow.
229 v > UINT64_MAX / 10 || //
230 v * 10 > UINT64_MAX - (c - '0')) {
231 return 0;
232 }
233 v = v * 10 + (c - '0');
234 seen_digit = 1;
235 }
236
237 *out = v;
238 return seen_digit;
239 }
240
241 // parse_base128_integer reads a big-endian base-128 integer from |cbs| and sets
242 // |*out| to the result. This is the encoding used in DER for both high tag
243 // number form and OID components.
parse_base128_integer(CBS * cbs,uint64_t * out)244 static int parse_base128_integer(CBS *cbs, uint64_t *out) {
245 uint64_t v = 0;
246 uint8_t b;
247 do {
248 if (!CBS_get_u8(cbs, &b)) {
249 return 0;
250 }
251 if ((v >> (64 - 7)) != 0) {
252 // The value is too large.
253 return 0;
254 }
255 if (v == 0 && b == 0x80) {
256 // The value must be minimally encoded.
257 return 0;
258 }
259 v = (v << 7) | (b & 0x7f);
260
261 // Values end at an octet with the high bit cleared.
262 } while (b & 0x80);
263
264 *out = v;
265 return 1;
266 }
267
parse_asn1_tag(CBS * cbs,CBS_ASN1_TAG * out)268 static int parse_asn1_tag(CBS *cbs, CBS_ASN1_TAG *out) {
269 uint8_t tag_byte;
270 if (!CBS_get_u8(cbs, &tag_byte)) {
271 return 0;
272 }
273
274 // ITU-T X.690 section 8.1.2.3 specifies the format for identifiers with a tag
275 // number no greater than 30.
276 //
277 // If the number portion is 31 (0x1f, the largest value that fits in the
278 // allotted bits), then the tag is more than one byte long and the
279 // continuation bytes contain the tag number.
280 CBS_ASN1_TAG tag = ((CBS_ASN1_TAG)tag_byte & 0xe0) << CBS_ASN1_TAG_SHIFT;
281 CBS_ASN1_TAG tag_number = tag_byte & 0x1f;
282 if (tag_number == 0x1f) {
283 uint64_t v;
284 if (!parse_base128_integer(cbs, &v) ||
285 // Check the tag number is within our supported bounds.
286 v > CBS_ASN1_TAG_NUMBER_MASK ||
287 // Small tag numbers should have used low tag number form, even in BER.
288 v < 0x1f) {
289 return 0;
290 }
291 tag_number = (CBS_ASN1_TAG)v;
292 }
293
294 tag |= tag_number;
295
296 // Tag [UNIVERSAL 0] is reserved for use by the encoding. Reject it here to
297 // avoid some ambiguity around ANY values and BER indefinite-length EOCs. See
298 // https://crbug.com/boringssl/455.
299 if ((tag & ~CBS_ASN1_CONSTRUCTED) == 0) {
300 return 0;
301 }
302
303 *out = tag;
304 return 1;
305 }
306
cbs_get_any_asn1_element(CBS * cbs,CBS * out,CBS_ASN1_TAG * out_tag,size_t * out_header_len,int * out_ber_found,int * out_indefinite,int ber_ok)307 static int cbs_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
308 size_t *out_header_len, int *out_ber_found,
309 int *out_indefinite, int ber_ok) {
310 CBS header = *cbs;
311 CBS throwaway;
312
313 if (out == NULL) {
314 out = &throwaway;
315 }
316 if (ber_ok) {
317 *out_ber_found = 0;
318 *out_indefinite = 0;
319 } else {
320 assert(out_ber_found == NULL);
321 assert(out_indefinite == NULL);
322 }
323
324 CBS_ASN1_TAG tag;
325 if (!parse_asn1_tag(&header, &tag)) {
326 return 0;
327 }
328 if (out_tag != NULL) {
329 *out_tag = tag;
330 }
331
332 uint8_t length_byte;
333 if (!CBS_get_u8(&header, &length_byte)) {
334 return 0;
335 }
336
337 size_t header_len = CBS_len(cbs) - CBS_len(&header);
338
339 size_t len;
340 // The format for the length encoding is specified in ITU-T X.690 section
341 // 8.1.3.
342 if ((length_byte & 0x80) == 0) {
343 // Short form length.
344 len = ((size_t) length_byte) + header_len;
345 if (out_header_len != NULL) {
346 *out_header_len = header_len;
347 }
348 } else {
349 // The high bit indicate that this is the long form, while the next 7 bits
350 // encode the number of subsequent octets used to encode the length (ITU-T
351 // X.690 clause 8.1.3.5.b).
352 const size_t num_bytes = length_byte & 0x7f;
353 uint64_t len64;
354
355 if (ber_ok && (tag & CBS_ASN1_CONSTRUCTED) != 0 && num_bytes == 0) {
356 // indefinite length
357 if (out_header_len != NULL) {
358 *out_header_len = header_len;
359 }
360 *out_ber_found = 1;
361 *out_indefinite = 1;
362 return CBS_get_bytes(cbs, out, header_len);
363 }
364
365 // ITU-T X.690 clause 8.1.3.5.c specifies that the value 0xff shall not be
366 // used as the first byte of the length. If this parser encounters that
367 // value, num_bytes will be parsed as 127, which will fail this check.
368 if (num_bytes == 0 || num_bytes > 4) {
369 return 0;
370 }
371 if (!cbs_get_u(&header, &len64, num_bytes)) {
372 return 0;
373 }
374 // ITU-T X.690 section 10.1 (DER length forms) requires encoding the
375 // length with the minimum number of octets. BER could, technically, have
376 // 125 superfluous zero bytes. We do not attempt to handle that and still
377 // require that the length fit in a |uint32_t| for BER.
378 if (len64 < 128) {
379 // Length should have used short-form encoding.
380 if (ber_ok) {
381 *out_ber_found = 1;
382 } else {
383 return 0;
384 }
385 }
386 if ((len64 >> ((num_bytes - 1) * 8)) == 0) {
387 // Length should have been at least one byte shorter.
388 if (ber_ok) {
389 *out_ber_found = 1;
390 } else {
391 return 0;
392 }
393 }
394 len = len64;
395 if (len + header_len + num_bytes < len) {
396 // Overflow.
397 return 0;
398 }
399 len += header_len + num_bytes;
400 if (out_header_len != NULL) {
401 *out_header_len = header_len + num_bytes;
402 }
403 }
404
405 return CBS_get_bytes(cbs, out, len);
406 }
407
CBS_get_any_asn1(CBS * cbs,CBS * out,CBS_ASN1_TAG * out_tag)408 int CBS_get_any_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag) {
409 size_t header_len;
410 if (!CBS_get_any_asn1_element(cbs, out, out_tag, &header_len)) {
411 return 0;
412 }
413
414 if (!CBS_skip(out, header_len)) {
415 assert(0);
416 return 0;
417 }
418
419 return 1;
420 }
421
CBS_get_any_asn1_element(CBS * cbs,CBS * out,CBS_ASN1_TAG * out_tag,size_t * out_header_len)422 int CBS_get_any_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
423 size_t *out_header_len) {
424 return cbs_get_any_asn1_element(cbs, out, out_tag, out_header_len, NULL, NULL,
425 /*ber_ok=*/0);
426 }
427
CBS_get_any_ber_asn1_element(CBS * cbs,CBS * out,CBS_ASN1_TAG * out_tag,size_t * out_header_len,int * out_ber_found,int * out_indefinite)428 int CBS_get_any_ber_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG *out_tag,
429 size_t *out_header_len, int *out_ber_found,
430 int *out_indefinite) {
431 int ber_found_temp;
432 return cbs_get_any_asn1_element(
433 cbs, out, out_tag, out_header_len,
434 out_ber_found ? out_ber_found : &ber_found_temp, out_indefinite,
435 /*ber_ok=*/1);
436 }
437
cbs_get_asn1(CBS * cbs,CBS * out,CBS_ASN1_TAG tag_value,int skip_header)438 static int cbs_get_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value,
439 int skip_header) {
440 size_t header_len;
441 CBS_ASN1_TAG tag;
442 CBS throwaway;
443
444 if (out == NULL) {
445 out = &throwaway;
446 }
447
448 if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
449 tag != tag_value) {
450 return 0;
451 }
452
453 if (skip_header && !CBS_skip(out, header_len)) {
454 assert(0);
455 return 0;
456 }
457
458 return 1;
459 }
460
CBS_get_asn1(CBS * cbs,CBS * out,CBS_ASN1_TAG tag_value)461 int CBS_get_asn1(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value) {
462 return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
463 }
464
CBS_get_asn1_element(CBS * cbs,CBS * out,CBS_ASN1_TAG tag_value)465 int CBS_get_asn1_element(CBS *cbs, CBS *out, CBS_ASN1_TAG tag_value) {
466 return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
467 }
468
CBS_peek_asn1_tag(const CBS * cbs,CBS_ASN1_TAG tag_value)469 int CBS_peek_asn1_tag(const CBS *cbs, CBS_ASN1_TAG tag_value) {
470 CBS copy = *cbs;
471 CBS_ASN1_TAG actual_tag;
472 return parse_asn1_tag(©, &actual_tag) && tag_value == actual_tag;
473 }
474
CBS_get_asn1_uint64(CBS * cbs,uint64_t * out)475 int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out) {
476 CBS bytes;
477 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) ||
478 !CBS_is_unsigned_asn1_integer(&bytes)) {
479 return 0;
480 }
481
482 *out = 0;
483 const uint8_t *data = CBS_data(&bytes);
484 size_t len = CBS_len(&bytes);
485 for (size_t i = 0; i < len; i++) {
486 if ((*out >> 56) != 0) {
487 // Too large to represent as a uint64_t.
488 return 0;
489 }
490 *out <<= 8;
491 *out |= data[i];
492 }
493
494 return 1;
495 }
496
CBS_get_asn1_int64(CBS * cbs,int64_t * out)497 int CBS_get_asn1_int64(CBS *cbs, int64_t *out) {
498 int is_negative;
499 CBS bytes;
500 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER) ||
501 !CBS_is_valid_asn1_integer(&bytes, &is_negative)) {
502 return 0;
503 }
504 const uint8_t *data = CBS_data(&bytes);
505 const size_t len = CBS_len(&bytes);
506 if (len > sizeof(int64_t)) {
507 return 0;
508 }
509 uint8_t sign_extend[sizeof(int64_t)];
510 memset(sign_extend, is_negative ? 0xff : 0, sizeof(sign_extend));
511 for (size_t i = 0; i < len; i++) {
512 sign_extend[i] = data[len - i - 1];
513 }
514 memcpy(out, sign_extend, sizeof(sign_extend));
515 return 1;
516 }
517
CBS_get_asn1_bool(CBS * cbs,int * out)518 int CBS_get_asn1_bool(CBS *cbs, int *out) {
519 CBS bytes;
520 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_BOOLEAN) ||
521 CBS_len(&bytes) != 1) {
522 return 0;
523 }
524
525 const uint8_t value = *CBS_data(&bytes);
526 if (value != 0 && value != 0xff) {
527 return 0;
528 }
529
530 *out = !!value;
531 return 1;
532 }
533
CBS_get_optional_asn1(CBS * cbs,CBS * out,int * out_present,CBS_ASN1_TAG tag)534 int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, CBS_ASN1_TAG tag) {
535 int present = 0;
536
537 if (CBS_peek_asn1_tag(cbs, tag)) {
538 if (!CBS_get_asn1(cbs, out, tag)) {
539 return 0;
540 }
541 present = 1;
542 }
543
544 if (out_present != NULL) {
545 *out_present = present;
546 }
547
548 return 1;
549 }
550
CBS_get_optional_asn1_octet_string(CBS * cbs,CBS * out,int * out_present,CBS_ASN1_TAG tag)551 int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
552 CBS_ASN1_TAG tag) {
553 CBS child;
554 int present;
555 if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
556 return 0;
557 }
558 if (present) {
559 assert(out);
560 if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
561 CBS_len(&child) != 0) {
562 return 0;
563 }
564 } else {
565 CBS_init(out, NULL, 0);
566 }
567 if (out_present) {
568 *out_present = present;
569 }
570 return 1;
571 }
572
CBS_get_optional_asn1_uint64(CBS * cbs,uint64_t * out,CBS_ASN1_TAG tag,uint64_t default_value)573 int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, CBS_ASN1_TAG tag,
574 uint64_t default_value) {
575 CBS child;
576 int present;
577 if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
578 return 0;
579 }
580 if (present) {
581 if (!CBS_get_asn1_uint64(&child, out) ||
582 CBS_len(&child) != 0) {
583 return 0;
584 }
585 } else {
586 *out = default_value;
587 }
588 return 1;
589 }
590
CBS_get_optional_asn1_bool(CBS * cbs,int * out,CBS_ASN1_TAG tag,int default_value)591 int CBS_get_optional_asn1_bool(CBS *cbs, int *out, CBS_ASN1_TAG tag,
592 int default_value) {
593 CBS child, child2;
594 int present;
595 if (!CBS_get_optional_asn1(cbs, &child, &present, tag)) {
596 return 0;
597 }
598 if (present) {
599 uint8_t boolean;
600
601 if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
602 CBS_len(&child2) != 1 ||
603 CBS_len(&child) != 0) {
604 return 0;
605 }
606
607 boolean = CBS_data(&child2)[0];
608 if (boolean == 0) {
609 *out = 0;
610 } else if (boolean == 0xff) {
611 *out = 1;
612 } else {
613 return 0;
614 }
615 } else {
616 *out = default_value;
617 }
618 return 1;
619 }
620
CBS_is_valid_asn1_bitstring(const CBS * cbs)621 int CBS_is_valid_asn1_bitstring(const CBS *cbs) {
622 CBS in = *cbs;
623 uint8_t num_unused_bits;
624 if (!CBS_get_u8(&in, &num_unused_bits) ||
625 num_unused_bits > 7) {
626 return 0;
627 }
628
629 if (num_unused_bits == 0) {
630 return 1;
631 }
632
633 // All num_unused_bits bits must exist and be zeros.
634 uint8_t last;
635 if (!CBS_get_last_u8(&in, &last) ||
636 (last & ((1 << num_unused_bits) - 1)) != 0) {
637 return 0;
638 }
639
640 return 1;
641 }
642
CBS_asn1_bitstring_has_bit(const CBS * cbs,unsigned bit)643 int CBS_asn1_bitstring_has_bit(const CBS *cbs, unsigned bit) {
644 if (!CBS_is_valid_asn1_bitstring(cbs)) {
645 return 0;
646 }
647
648 const unsigned byte_num = (bit >> 3) + 1;
649 const unsigned bit_num = 7 - (bit & 7);
650
651 // Unused bits are zero, and this function does not distinguish between
652 // missing and unset bits. Thus it is sufficient to do a byte-level length
653 // check.
654 return byte_num < CBS_len(cbs) &&
655 (CBS_data(cbs)[byte_num] & (1 << bit_num)) != 0;
656 }
657
CBS_is_valid_asn1_integer(const CBS * cbs,int * out_is_negative)658 int CBS_is_valid_asn1_integer(const CBS *cbs, int *out_is_negative) {
659 CBS copy = *cbs;
660 uint8_t first_byte, second_byte;
661 if (!CBS_get_u8(©, &first_byte)) {
662 return 0; // INTEGERs may not be empty.
663 }
664 if (out_is_negative != NULL) {
665 *out_is_negative = (first_byte & 0x80) != 0;
666 }
667 if (!CBS_get_u8(©, &second_byte)) {
668 return 1; // One byte INTEGERs are always minimal.
669 }
670 if ((first_byte == 0x00 && (second_byte & 0x80) == 0) ||
671 (first_byte == 0xff && (second_byte & 0x80) != 0)) {
672 return 0; // The value is minimal iff the first 9 bits are not all equal.
673 }
674 return 1;
675 }
676
CBS_is_unsigned_asn1_integer(const CBS * cbs)677 int CBS_is_unsigned_asn1_integer(const CBS *cbs) {
678 int is_negative;
679 return CBS_is_valid_asn1_integer(cbs, &is_negative) && !is_negative;
680 }
681
add_decimal(CBB * out,uint64_t v)682 static int add_decimal(CBB *out, uint64_t v) {
683 char buf[DECIMAL_SIZE(uint64_t) + 1];
684 snprintf(buf, sizeof(buf), "%" PRIu64, v);
685 return CBB_add_bytes(out, (const uint8_t *)buf, strlen(buf));
686 }
687
CBS_is_valid_asn1_oid(const CBS * cbs)688 int CBS_is_valid_asn1_oid(const CBS *cbs) {
689 if (CBS_len(cbs) == 0) {
690 return 0; // OID encodings cannot be empty.
691 }
692
693 CBS copy = *cbs;
694 uint8_t v, prev = 0;
695 while (CBS_get_u8(©, &v)) {
696 // OID encodings are a sequence of minimally-encoded base-128 integers (see
697 // |parse_base128_integer|). If |prev|'s MSB was clear, it was the last byte
698 // of an integer (or |v| is the first byte). |v| is then the first byte of
699 // the next integer. If first byte of an integer is 0x80, it is not
700 // minimally-encoded.
701 if ((prev & 0x80) == 0 && v == 0x80) {
702 return 0;
703 }
704 prev = v;
705 }
706
707 // The last byte should must end an integer encoding.
708 return (prev & 0x80) == 0;
709 }
710
CBS_asn1_oid_to_text(const CBS * cbs)711 char *CBS_asn1_oid_to_text(const CBS *cbs) {
712 CBB cbb;
713 if (!CBB_init(&cbb, 32)) {
714 goto err;
715 }
716
717 CBS copy = *cbs;
718 // The first component is 40 * value1 + value2, where value1 is 0, 1, or 2.
719 uint64_t v;
720 if (!parse_base128_integer(©, &v)) {
721 goto err;
722 }
723
724 if (v >= 80) {
725 if (!CBB_add_bytes(&cbb, (const uint8_t *)"2.", 2) ||
726 !add_decimal(&cbb, v - 80)) {
727 goto err;
728 }
729 } else if (!add_decimal(&cbb, v / 40) ||
730 !CBB_add_u8(&cbb, '.') ||
731 !add_decimal(&cbb, v % 40)) {
732 goto err;
733 }
734
735 while (CBS_len(©) != 0) {
736 if (!parse_base128_integer(©, &v) ||
737 !CBB_add_u8(&cbb, '.') ||
738 !add_decimal(&cbb, v)) {
739 goto err;
740 }
741 }
742
743 uint8_t *txt;
744 size_t txt_len;
745 if (!CBB_add_u8(&cbb, '\0') ||
746 !CBB_finish(&cbb, &txt, &txt_len)) {
747 goto err;
748 }
749
750 return (char *)txt;
751
752 err:
753 CBB_cleanup(&cbb);
754 return NULL;
755 }
756
cbs_get_two_digits(CBS * cbs,int * out)757 static int cbs_get_two_digits(CBS *cbs, int *out) {
758 uint8_t first_digit, second_digit;
759 if (!CBS_get_u8(cbs, &first_digit)) {
760 return 0;
761 }
762 if (!OPENSSL_isdigit(first_digit)) {
763 return 0;
764 }
765 if (!CBS_get_u8(cbs, &second_digit)) {
766 return 0;
767 }
768 if (!OPENSSL_isdigit(second_digit)) {
769 return 0;
770 }
771 *out = (first_digit - '0') * 10 + (second_digit - '0');
772 return 1;
773 }
774
is_valid_day(int year,int month,int day)775 static int is_valid_day(int year, int month, int day) {
776 if (day < 1) {
777 return 0;
778 }
779 switch (month) {
780 case 1:
781 case 3:
782 case 5:
783 case 7:
784 case 8:
785 case 10:
786 case 12:
787 return day <= 31;
788 case 4:
789 case 6:
790 case 9:
791 case 11:
792 return day <= 30;
793 case 2:
794 if ((year % 4 == 0 && year % 100 != 0) || year % 400 == 0) {
795 return day <= 29;
796 } else {
797 return day <= 28;
798 }
799 default:
800 return 0;
801 }
802 }
803
CBS_parse_rfc5280_time_internal(const CBS * cbs,int is_gentime,int allow_timezone_offset,struct tm * out_tm)804 static int CBS_parse_rfc5280_time_internal(const CBS *cbs, int is_gentime,
805 int allow_timezone_offset,
806 struct tm *out_tm) {
807 int year, month, day, hour, min, sec, tmp;
808 CBS copy = *cbs;
809 uint8_t tz;
810
811 if (is_gentime) {
812 if (!cbs_get_two_digits(©, &tmp)) {
813 return 0;
814 }
815 year = tmp * 100;
816 if (!cbs_get_two_digits(©, &tmp)) {
817 return 0;
818 }
819 year += tmp;
820 } else {
821 year = 1900;
822 if (!cbs_get_two_digits(©, &tmp)) {
823 return 0;
824 }
825 year += tmp;
826 if (year < 1950) {
827 year += 100;
828 }
829 if (year >= 2050) {
830 return 0; // A Generalized time must be used.
831 }
832 }
833 if (!cbs_get_two_digits(©, &month) || month < 1 ||
834 month > 12 || // Reject invalid months.
835 !cbs_get_two_digits(©, &day) ||
836 !is_valid_day(year, month, day) || // Reject invalid days.
837 !cbs_get_two_digits(©, &hour) ||
838 hour > 23 || // Reject invalid hours.
839 !cbs_get_two_digits(©, &min) ||
840 min > 59 || // Reject invalid minutes.
841 !cbs_get_two_digits(©, &sec) || sec > 59 || !CBS_get_u8(©, &tz)) {
842 return 0;
843 }
844
845 int offset_sign = 0;
846 switch (tz) {
847 case 'Z':
848 break; // We correctly have 'Z' on the end as per spec.
849 case '+':
850 offset_sign = 1;
851 break; // Should not be allowed per RFC 5280.
852 case '-':
853 offset_sign = -1;
854 break; // Should not be allowed per RFC 5280.
855 default:
856 return 0; // Reject anything else after the time.
857 }
858
859 // If allow_timezone_offset is non-zero, allow for a four digit timezone
860 // offset to be specified even though this is not allowed by RFC 5280. We are
861 // permissive of this for UTCTimes due to the unfortunate existence of
862 // artisinally rolled long lived certificates that were baked into places that
863 // are now difficult to change. These certificates were generated with the
864 // 'openssl' command that permissively allowed the creation of certificates
865 // with notBefore and notAfter times specified as strings for direct
866 // certificate inclusion on the command line. For context see cl/237068815.
867 //
868 // TODO(bbe): This has been expunged from public web-pki as the ecosystem has
869 // managed to encourage CA compliance with standards. We should find a way to
870 // get rid of this or make it off by default.
871 int offset_seconds = 0;
872 if (offset_sign != 0) {
873 if (!allow_timezone_offset) {
874 return 0;
875 }
876 int offset_hours, offset_minutes;
877 if (!cbs_get_two_digits(©, &offset_hours) ||
878 offset_hours > 23 || // Reject invalid hours.
879 !cbs_get_two_digits(©, &offset_minutes) ||
880 offset_minutes > 59) { // Reject invalid minutes.
881 return 0;
882 }
883 offset_seconds = offset_sign * (offset_hours * 3600 + offset_minutes * 60);
884 }
885
886 if (CBS_len(©) != 0) {
887 return 0; // Reject invalid lengths.
888 }
889
890 if (out_tm != NULL) {
891 // Fill in the tm fields corresponding to what we validated.
892 out_tm->tm_year = year - 1900;
893 out_tm->tm_mon = month - 1;
894 out_tm->tm_mday = day;
895 out_tm->tm_hour = hour;
896 out_tm->tm_min = min;
897 out_tm->tm_sec = sec;
898 if (offset_seconds && !OPENSSL_gmtime_adj(out_tm, 0, offset_seconds)) {
899 return 0;
900 }
901 }
902 return 1;
903 }
904
CBS_parse_generalized_time(const CBS * cbs,struct tm * out_tm,int allow_timezone_offset)905 int CBS_parse_generalized_time(const CBS *cbs, struct tm *out_tm,
906 int allow_timezone_offset) {
907 return CBS_parse_rfc5280_time_internal(cbs, 1, allow_timezone_offset, out_tm);
908 }
909
CBS_parse_utc_time(const CBS * cbs,struct tm * out_tm,int allow_timezone_offset)910 int CBS_parse_utc_time(const CBS *cbs, struct tm *out_tm,
911 int allow_timezone_offset) {
912 return CBS_parse_rfc5280_time_internal(cbs, 0, allow_timezone_offset, out_tm);
913 }
914