1 // Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <openssl/asn1.h>
16
17 #include <limits.h>
18 #include <string.h>
19
20 #include <openssl/bytestring.h>
21 #include <openssl/err.h>
22 #include <openssl/mem.h>
23
24 #include "../internal.h"
25 #include "internal.h"
26
27
28 // Cross-module errors from crypto/x509/i2d_pr.c.
29 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE)
30
31 // Cross-module errors from crypto/x509/algorithm.c.
32 OPENSSL_DECLARE_ERROR_REASON(ASN1, CONTEXT_NOT_INITIALISED)
33 OPENSSL_DECLARE_ERROR_REASON(ASN1, DIGEST_AND_KEY_TYPE_NOT_SUPPORTED)
34 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_MESSAGE_DIGEST_ALGORITHM)
35 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_SIGNATURE_ALGORITHM)
36 OPENSSL_DECLARE_ERROR_REASON(ASN1, WRONG_PUBLIC_KEY_TYPE)
37 // Cross-module errors from crypto/x509/asn1_gen.c. TODO(davidben): Remove
38 // these once asn1_gen.c is gone.
39 OPENSSL_DECLARE_ERROR_REASON(ASN1, DEPTH_EXCEEDED)
40 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BITSTRING_FORMAT)
41 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_BOOLEAN)
42 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_FORMAT)
43 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_HEX)
44 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_IMPLICIT_TAG)
45 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_INTEGER)
46 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NESTED_TAGGING)
47 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_NULL_VALUE)
48 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_OBJECT)
49 OPENSSL_DECLARE_ERROR_REASON(ASN1, ILLEGAL_TIME_VALUE)
50 OPENSSL_DECLARE_ERROR_REASON(ASN1, INTEGER_NOT_ASCII_FORMAT)
51 OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_MODIFIER)
52 OPENSSL_DECLARE_ERROR_REASON(ASN1, INVALID_NUMBER)
53 OPENSSL_DECLARE_ERROR_REASON(ASN1, LIST_ERROR)
54 OPENSSL_DECLARE_ERROR_REASON(ASN1, MISSING_VALUE)
55 OPENSSL_DECLARE_ERROR_REASON(ASN1, NOT_ASCII_FORMAT)
56 OPENSSL_DECLARE_ERROR_REASON(ASN1, OBJECT_NOT_ASCII_FORMAT)
57 OPENSSL_DECLARE_ERROR_REASON(ASN1, SEQUENCE_OR_SET_NEEDS_CONFIG)
58 OPENSSL_DECLARE_ERROR_REASON(ASN1, TIME_NOT_ASCII_FORMAT)
59 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_FORMAT)
60 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_TAG)
61 OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_TYPE)
62
63 // Limit |ASN1_STRING|s to 64 MiB of data. Most of this module, as well as
64 // downstream code, does not correctly handle overflow. We cap string fields
65 // more tightly than strictly necessary to fit in |int|. This is not expected to
66 // impact real world uses of this field.
67 //
68 // In particular, this limit is small enough that the bit count of a BIT STRING
69 // comfortably fits in an |int|, with room for arithmetic.
70 #define ASN1_STRING_MAX (64 * 1024 * 1024)
71
72 static void asn1_put_length(unsigned char **pp, int length);
73
ASN1_get_object(const unsigned char ** inp,long * out_len,int * out_tag,int * out_class,long in_len)74 int ASN1_get_object(const unsigned char **inp, long *out_len, int *out_tag,
75 int *out_class, long in_len) {
76 if (in_len < 0) {
77 OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
78 return 0x80;
79 }
80
81 CBS_ASN1_TAG tag;
82 CBS cbs, body;
83 CBS_init(&cbs, *inp, (size_t)in_len);
84 if (!CBS_get_any_asn1(&cbs, &body, &tag) ||
85 // Bound the length to comfortably fit in an int. Lengths in this
86 // module often switch between int and long without overflow checks.
87 CBS_len(&body) > INT_MAX / 2) {
88 OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
89 return 0x80;
90 }
91
92 // Convert between tag representations.
93 int tag_class = (tag & CBS_ASN1_CLASS_MASK) >> CBS_ASN1_TAG_SHIFT;
94 int constructed = (tag & CBS_ASN1_CONSTRUCTED) >> CBS_ASN1_TAG_SHIFT;
95 int tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK;
96
97 // To avoid ambiguity with V_ASN1_NEG, impose a limit on universal tags.
98 if (tag_class == V_ASN1_UNIVERSAL && tag_number > V_ASN1_MAX_UNIVERSAL) {
99 OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
100 return 0x80;
101 }
102
103 *inp = CBS_data(&body);
104 *out_len = CBS_len(&body);
105 *out_tag = tag_number;
106 *out_class = tag_class;
107 return constructed;
108 }
109
110 // class 0 is constructed constructed == 2 for indefinite length constructed
ASN1_put_object(unsigned char ** pp,int constructed,int length,int tag,int xclass)111 void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag,
112 int xclass) {
113 unsigned char *p = *pp;
114 int i, ttag;
115
116 i = (constructed) ? V_ASN1_CONSTRUCTED : 0;
117 i |= (xclass & V_ASN1_PRIVATE);
118 if (tag < 31) {
119 *(p++) = i | (tag & V_ASN1_PRIMITIVE_TAG);
120 } else {
121 *(p++) = i | V_ASN1_PRIMITIVE_TAG;
122 for (i = 0, ttag = tag; ttag > 0; i++) {
123 ttag >>= 7;
124 }
125 ttag = i;
126 while (i-- > 0) {
127 p[i] = tag & 0x7f;
128 if (i != (ttag - 1)) {
129 p[i] |= 0x80;
130 }
131 tag >>= 7;
132 }
133 p += ttag;
134 }
135 if (constructed == 2) {
136 *(p++) = 0x80;
137 } else {
138 asn1_put_length(&p, length);
139 }
140 *pp = p;
141 }
142
ASN1_put_eoc(unsigned char ** pp)143 int ASN1_put_eoc(unsigned char **pp) {
144 // This function is no longer used in the library, but some external code
145 // uses it.
146 unsigned char *p = *pp;
147 *p++ = 0;
148 *p++ = 0;
149 *pp = p;
150 return 2;
151 }
152
asn1_put_length(unsigned char ** pp,int length)153 static void asn1_put_length(unsigned char **pp, int length) {
154 unsigned char *p = *pp;
155 int i, l;
156 if (length <= 127) {
157 *(p++) = (unsigned char)length;
158 } else {
159 l = length;
160 for (i = 0; l > 0; i++) {
161 l >>= 8;
162 }
163 *(p++) = i | 0x80;
164 l = i;
165 while (i-- > 0) {
166 p[i] = length & 0xff;
167 length >>= 8;
168 }
169 p += l;
170 }
171 *pp = p;
172 }
173
ASN1_object_size(int constructed,int length,int tag)174 int ASN1_object_size(int constructed, int length, int tag) {
175 int ret = 1;
176 if (length < 0) {
177 return -1;
178 }
179 if (tag >= 31) {
180 while (tag > 0) {
181 tag >>= 7;
182 ret++;
183 }
184 }
185 if (constructed == 2) {
186 ret += 3;
187 } else {
188 ret++;
189 if (length > 127) {
190 int tmplen = length;
191 while (tmplen > 0) {
192 tmplen >>= 8;
193 ret++;
194 }
195 }
196 }
197 if (ret >= INT_MAX - length) {
198 return -1;
199 }
200 return ret + length;
201 }
202
ASN1_STRING_copy(ASN1_STRING * dst,const ASN1_STRING * str)203 int ASN1_STRING_copy(ASN1_STRING *dst, const ASN1_STRING *str) {
204 if (str == NULL) {
205 return 0;
206 }
207 if (!ASN1_STRING_set(dst, str->data, str->length)) {
208 return 0;
209 }
210 dst->type = str->type;
211 dst->flags = str->flags;
212 return 1;
213 }
214
ASN1_STRING_dup(const ASN1_STRING * str)215 ASN1_STRING *ASN1_STRING_dup(const ASN1_STRING *str) {
216 ASN1_STRING *ret;
217 if (!str) {
218 return NULL;
219 }
220 ret = ASN1_STRING_new();
221 if (!ret) {
222 return NULL;
223 }
224 if (!ASN1_STRING_copy(ret, str)) {
225 ASN1_STRING_free(ret);
226 return NULL;
227 }
228 return ret;
229 }
230
ASN1_STRING_set(ASN1_STRING * str,const void * _data,ossl_ssize_t len_s)231 int ASN1_STRING_set(ASN1_STRING *str, const void *_data, ossl_ssize_t len_s) {
232 const char *data = reinterpret_cast<const char *>(_data);
233 size_t len;
234 if (len_s < 0) {
235 if (data == NULL) {
236 return 0;
237 }
238 len = strlen(data);
239 } else {
240 len = (size_t)len_s;
241 }
242
243 static_assert(ASN1_STRING_MAX < INT_MAX, "len will not overflow int");
244 if (len > ASN1_STRING_MAX) {
245 OPENSSL_PUT_ERROR(ASN1, ERR_R_OVERFLOW);
246 return 0;
247 }
248
249 if (str->length <= (int)len || str->data == NULL) {
250 unsigned char *c = str->data;
251 if (c == NULL) {
252 str->data = reinterpret_cast<uint8_t *>(OPENSSL_malloc(len + 1));
253 } else {
254 str->data = reinterpret_cast<uint8_t *>(OPENSSL_realloc(c, len + 1));
255 }
256
257 if (str->data == NULL) {
258 str->data = c;
259 return 0;
260 }
261 }
262 str->length = (int)len;
263 if (data != NULL) {
264 OPENSSL_memcpy(str->data, data, len);
265 // Historically, OpenSSL would NUL-terminate most (but not all)
266 // |ASN1_STRING|s, in case anyone accidentally passed |str->data| into a
267 // function expecting a C string. We retain this behavior for compatibility,
268 // but code must not rely on this. See CVE-2021-3712.
269 str->data[len] = '\0';
270 }
271 return 1;
272 }
273
ASN1_STRING_set0(ASN1_STRING * str,void * data,int len)274 void ASN1_STRING_set0(ASN1_STRING *str, void *data, int len) {
275 OPENSSL_free(str->data);
276 str->data = reinterpret_cast<uint8_t *>(data);
277 str->length = len;
278 }
279
ASN1_STRING_new(void)280 ASN1_STRING *ASN1_STRING_new(void) {
281 return (ASN1_STRING_type_new(V_ASN1_OCTET_STRING));
282 }
283
ASN1_STRING_type_new(int type)284 ASN1_STRING *ASN1_STRING_type_new(int type) {
285 ASN1_STRING *ret;
286
287 ret = (ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING));
288 if (ret == NULL) {
289 return NULL;
290 }
291 ret->length = 0;
292 ret->type = type;
293 ret->data = NULL;
294 ret->flags = 0;
295 return ret;
296 }
297
ASN1_STRING_free(ASN1_STRING * str)298 void ASN1_STRING_free(ASN1_STRING *str) {
299 if (str == NULL) {
300 return;
301 }
302 OPENSSL_free(str->data);
303 OPENSSL_free(str);
304 }
305
ASN1_STRING_cmp(const ASN1_STRING * a,const ASN1_STRING * b)306 int ASN1_STRING_cmp(const ASN1_STRING *a, const ASN1_STRING *b) {
307 // Capture padding bits and implicit truncation in BIT STRINGs.
308 int a_length = a->length, b_length = b->length;
309 uint8_t a_padding = 0, b_padding = 0;
310 if (a->type == V_ASN1_BIT_STRING) {
311 a_length = asn1_bit_string_length(a, &a_padding);
312 }
313 if (b->type == V_ASN1_BIT_STRING) {
314 b_length = asn1_bit_string_length(b, &b_padding);
315 }
316
317 if (a_length < b_length) {
318 return -1;
319 }
320 if (a_length > b_length) {
321 return 1;
322 }
323 // In a BIT STRING, the number of bits is 8 * length - padding. Invert this
324 // comparison so we compare by lengths.
325 if (a_padding > b_padding) {
326 return -1;
327 }
328 if (a_padding < b_padding) {
329 return 1;
330 }
331
332 int ret = OPENSSL_memcmp(a->data, b->data, a_length);
333 if (ret != 0) {
334 return ret;
335 }
336
337 // Comparing the type first is more natural, but this matches OpenSSL.
338 if (a->type < b->type) {
339 return -1;
340 }
341 if (a->type > b->type) {
342 return 1;
343 }
344 return 0;
345 }
346
ASN1_STRING_length(const ASN1_STRING * str)347 int ASN1_STRING_length(const ASN1_STRING *str) { return str->length; }
348
ASN1_STRING_type(const ASN1_STRING * str)349 int ASN1_STRING_type(const ASN1_STRING *str) { return str->type; }
350
ASN1_STRING_data(ASN1_STRING * str)351 unsigned char *ASN1_STRING_data(ASN1_STRING *str) { return str->data; }
352
ASN1_STRING_get0_data(const ASN1_STRING * str)353 const unsigned char *ASN1_STRING_get0_data(const ASN1_STRING *str) {
354 return str->data;
355 }
356