• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include <limits.h>
12 #include "internal/cryptlib.h"
13 #include "internal/numbers.h"
14 #include <openssl/buffer.h>
15 #include <openssl/asn1.h>
16 #include "internal/asn1.h"
17 #include "crypto/asn1.h"
18 
19 #ifndef NO_OLD_ASN1
20 # ifndef OPENSSL_NO_STDIO
21 
ASN1_d2i_fp(void * (* xnew)(void),d2i_of_void * d2i,FILE * in,void ** x)22 void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
23 {
24     BIO *b;
25     void *ret;
26 
27     if ((b = BIO_new(BIO_s_file())) == NULL) {
28         ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
29         return NULL;
30     }
31     BIO_set_fp(b, in, BIO_NOCLOSE);
32     ret = ASN1_d2i_bio(xnew, d2i, b, x);
33     BIO_free(b);
34     return ret;
35 }
36 # endif
37 
ASN1_d2i_bio(void * (* xnew)(void),d2i_of_void * d2i,BIO * in,void ** x)38 void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
39 {
40     BUF_MEM *b = NULL;
41     const unsigned char *p;
42     void *ret = NULL;
43     int len;
44 
45     len = asn1_d2i_read_bio(in, &b);
46     if (len < 0)
47         goto err;
48 
49     p = (unsigned char *)b->data;
50     ret = d2i(x, &p, len);
51  err:
52     BUF_MEM_free(b);
53     return ret;
54 }
55 
56 #endif
57 
ASN1_item_d2i_bio_ex(const ASN1_ITEM * it,BIO * in,void * x,OSSL_LIB_CTX * libctx,const char * propq)58 void *ASN1_item_d2i_bio_ex(const ASN1_ITEM *it, BIO *in, void *x,
59                            OSSL_LIB_CTX *libctx, const char *propq)
60 {
61     BUF_MEM *b = NULL;
62     const unsigned char *p;
63     void *ret = NULL;
64     int len;
65 
66     if (in == NULL)
67         return NULL;
68     len = asn1_d2i_read_bio(in, &b);
69     if (len < 0)
70         goto err;
71 
72     p = (const unsigned char *)b->data;
73     ret = ASN1_item_d2i_ex(x, &p, len, it, libctx, propq);
74  err:
75     BUF_MEM_free(b);
76     return ret;
77 }
78 
ASN1_item_d2i_bio(const ASN1_ITEM * it,BIO * in,void * x)79 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
80 {
81     return ASN1_item_d2i_bio_ex(it, in, x, NULL, NULL);
82 }
83 
84 #ifndef OPENSSL_NO_STDIO
ASN1_item_d2i_fp_ex(const ASN1_ITEM * it,FILE * in,void * x,OSSL_LIB_CTX * libctx,const char * propq)85 void *ASN1_item_d2i_fp_ex(const ASN1_ITEM *it, FILE *in, void *x,
86                           OSSL_LIB_CTX *libctx, const char *propq)
87 {
88     BIO *b;
89     char *ret;
90 
91     if ((b = BIO_new(BIO_s_file())) == NULL) {
92         ERR_raise(ERR_LIB_ASN1, ERR_R_BUF_LIB);
93         return NULL;
94     }
95     BIO_set_fp(b, in, BIO_NOCLOSE);
96     ret = ASN1_item_d2i_bio_ex(it, b, x, libctx, propq);
97     BIO_free(b);
98     return ret;
99 }
100 
ASN1_item_d2i_fp(const ASN1_ITEM * it,FILE * in,void * x)101 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
102 {
103     return ASN1_item_d2i_fp_ex(it, in, x, NULL, NULL);
104 }
105 #endif
106 
107 #define HEADER_SIZE   8
108 #define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
asn1_d2i_read_bio(BIO * in,BUF_MEM ** pb)109 int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
110 {
111     BUF_MEM *b;
112     unsigned char *p;
113     int i;
114     size_t want = HEADER_SIZE;
115     uint32_t eos = 0;
116     size_t off = 0;
117     size_t len = 0;
118     size_t diff;
119 
120     const unsigned char *q;
121     long slen;
122     int inf, tag, xclass;
123 
124     b = BUF_MEM_new();
125     if (b == NULL) {
126         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
127         return -1;
128     }
129 
130     ERR_set_mark();
131     for (;;) {
132         diff = len - off;
133         if (want >= diff) {
134             want -= diff;
135 
136             if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
137                 ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
138                 goto err;
139             }
140             i = BIO_read(in, &(b->data[len]), want);
141             if (i < 0 && diff == 0) {
142                 ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
143                 goto err;
144             }
145             if (i > 0) {
146                 if (len + i < len) {
147                     ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
148                     goto err;
149                 }
150                 len += i;
151             }
152         }
153         /* else data already loaded */
154 
155         p = (unsigned char *)&(b->data[off]);
156         q = p;
157         diff = len - off;
158         if (diff == 0)
159             goto err;
160         inf = ASN1_get_object(&q, &slen, &tag, &xclass, diff);
161         if (inf & 0x80) {
162             unsigned long e;
163 
164             e = ERR_GET_REASON(ERR_peek_last_error());
165             if (e != ASN1_R_TOO_LONG)
166                 goto err;
167             ERR_pop_to_mark();
168         }
169         i = q - p;            /* header length */
170         off += i;               /* end of data */
171 
172         if (inf & 1) {
173             /* no data body so go round again */
174             if (eos == UINT32_MAX) {
175                 ERR_raise(ERR_LIB_ASN1, ASN1_R_HEADER_TOO_LONG);
176                 goto err;
177             }
178             eos++;
179             want = HEADER_SIZE;
180         } else if (eos && (slen == 0) && (tag == V_ASN1_EOC)) {
181             /* eos value, so go back and read another header */
182             eos--;
183             if (eos == 0)
184                 break;
185             else
186                 want = HEADER_SIZE;
187         } else {
188             /* suck in slen bytes of data */
189             want = slen;
190             if (want > (len - off)) {
191                 size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
192 
193                 want -= (len - off);
194                 if (want > INT_MAX /* BIO_read takes an int length */  ||
195                     len + want < len) {
196                     ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
197                     goto err;
198                 }
199                 while (want > 0) {
200                     /*
201                      * Read content in chunks of increasing size
202                      * so we can return an error for EOF without
203                      * having to allocate the entire content length
204                      * in one go.
205                      */
206                     size_t chunk = want > chunk_max ? chunk_max : want;
207 
208                     if (!BUF_MEM_grow_clean(b, len + chunk)) {
209                         ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
210                         goto err;
211                     }
212                     want -= chunk;
213                     while (chunk > 0) {
214                         i = BIO_read(in, &(b->data[len]), chunk);
215                         if (i <= 0) {
216                             ERR_raise(ERR_LIB_ASN1, ASN1_R_NOT_ENOUGH_DATA);
217                             goto err;
218                         }
219                     /*
220                      * This can't overflow because |len+want| didn't
221                      * overflow.
222                      */
223                         len += i;
224                         chunk -= i;
225                     }
226                     if (chunk_max < INT_MAX/2)
227                         chunk_max *= 2;
228                 }
229             }
230             if (off + slen < off) {
231                 ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
232                 goto err;
233             }
234             off += slen;
235             if (eos == 0) {
236                 break;
237             } else
238                 want = HEADER_SIZE;
239         }
240     }
241 
242     if (off > INT_MAX) {
243         ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LONG);
244         goto err;
245     }
246 
247     *pb = b;
248     return off;
249  err:
250     ERR_clear_last_mark();
251     BUF_MEM_free(b);
252     return -1;
253 }
254