1 // Copyright 2014 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <openssl/bytestring.h>
16
17 #include <assert.h>
18 #include <limits.h>
19 #include <string.h>
20
21 #include <openssl/err.h>
22 #include <openssl/mem.h>
23
24 #include "../internal.h"
25
26
CBB_zero(CBB * cbb)27 void CBB_zero(CBB *cbb) { OPENSSL_memset(cbb, 0, sizeof(CBB)); }
28
cbb_init(CBB * cbb,uint8_t * buf,size_t cap,int can_resize)29 static void cbb_init(CBB *cbb, uint8_t *buf, size_t cap, int can_resize) {
30 cbb->is_child = 0;
31 cbb->child = NULL;
32 cbb->u.base.buf = buf;
33 cbb->u.base.len = 0;
34 cbb->u.base.cap = cap;
35 cbb->u.base.can_resize = can_resize;
36 cbb->u.base.error = 0;
37 }
38
CBB_init(CBB * cbb,size_t initial_capacity)39 int CBB_init(CBB *cbb, size_t initial_capacity) {
40 CBB_zero(cbb);
41
42 uint8_t *buf = reinterpret_cast<uint8_t *>(OPENSSL_malloc(initial_capacity));
43 if (initial_capacity > 0 && buf == NULL) {
44 return 0;
45 }
46
47 cbb_init(cbb, buf, initial_capacity, /*can_resize=*/1);
48 return 1;
49 }
50
CBB_init_fixed(CBB * cbb,uint8_t * buf,size_t len)51 int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len) {
52 CBB_zero(cbb);
53 cbb_init(cbb, buf, len, /*can_resize=*/0);
54 return 1;
55 }
56
CBB_cleanup(CBB * cbb)57 void CBB_cleanup(CBB *cbb) {
58 // Child |CBB|s are non-owning. They are implicitly discarded and should not
59 // be used with |CBB_cleanup| or |ScopedCBB|.
60 assert(!cbb->is_child);
61 if (cbb->is_child) {
62 return;
63 }
64
65 if (cbb->u.base.can_resize) {
66 OPENSSL_free(cbb->u.base.buf);
67 }
68 }
69
cbb_buffer_reserve(struct cbb_buffer_st * base,uint8_t ** out,size_t len)70 static int cbb_buffer_reserve(struct cbb_buffer_st *base, uint8_t **out,
71 size_t len) {
72 if (base == NULL) {
73 return 0;
74 }
75
76 size_t newlen = base->len + len;
77 if (newlen < base->len) {
78 // Overflow
79 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
80 goto err;
81 }
82
83 if (newlen > base->cap) {
84 if (!base->can_resize) {
85 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
86 goto err;
87 }
88
89 size_t newcap = base->cap * 2;
90 if (newcap < base->cap || newcap < newlen) {
91 newcap = newlen;
92 }
93 uint8_t *newbuf =
94 reinterpret_cast<uint8_t *>(OPENSSL_realloc(base->buf, newcap));
95 if (newbuf == NULL) {
96 goto err;
97 }
98
99 base->buf = newbuf;
100 base->cap = newcap;
101 }
102
103 if (out) {
104 *out = base->buf + base->len;
105 }
106
107 return 1;
108
109 err:
110 base->error = 1;
111 return 0;
112 }
113
cbb_buffer_add(struct cbb_buffer_st * base,uint8_t ** out,size_t len)114 static int cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out,
115 size_t len) {
116 if (!cbb_buffer_reserve(base, out, len)) {
117 return 0;
118 }
119 // This will not overflow or |cbb_buffer_reserve| would have failed.
120 base->len += len;
121 return 1;
122 }
123
CBB_finish(CBB * cbb,uint8_t ** out_data,size_t * out_len)124 int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len) {
125 if (cbb->is_child) {
126 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
127 return 0;
128 }
129
130 if (!CBB_flush(cbb)) {
131 return 0;
132 }
133
134 if (cbb->u.base.can_resize && (out_data == NULL || out_len == NULL)) {
135 // |out_data| and |out_len| can only be NULL if the CBB is fixed.
136 return 0;
137 }
138
139 if (out_data != NULL) {
140 *out_data = cbb->u.base.buf;
141 }
142 if (out_len != NULL) {
143 *out_len = cbb->u.base.len;
144 }
145 cbb->u.base.buf = NULL;
146 CBB_cleanup(cbb);
147 return 1;
148 }
149
cbb_get_base(CBB * cbb)150 static struct cbb_buffer_st *cbb_get_base(CBB *cbb) {
151 if (cbb->is_child) {
152 return cbb->u.child.base;
153 }
154 return &cbb->u.base;
155 }
156
cbb_on_error(CBB * cbb)157 static void cbb_on_error(CBB *cbb) {
158 // Due to C's lack of destructors and |CBB|'s auto-flushing API, a failing
159 // |CBB|-taking function may leave a dangling pointer to a child |CBB|. As a
160 // result, the convention is callers may not write to |CBB|s that have failed.
161 // But, as a safety measure, we lock the |CBB| into an error state. Once the
162 // error bit is set, |cbb->child| will not be read.
163 //
164 // TODO(davidben): This still isn't quite ideal. A |CBB| function *outside*
165 // this file may originate an error while the |CBB| points to a local child.
166 // In that case we don't set the error bit and are reliant on the error
167 // convention. Perhaps we allow |CBB_cleanup| on child |CBB|s and make every
168 // child's |CBB_cleanup| set the error bit if unflushed. That will be
169 // convenient for C++ callers, but very tedious for C callers. So C callers
170 // perhaps should get a |CBB_on_error| function that can be, less tediously,
171 // stuck in a |goto err| block.
172 cbb_get_base(cbb)->error = 1;
173
174 // Clearing the pointer is not strictly necessary, but GCC's dangling pointer
175 // warning does not know |cbb->child| will not be read once |error| is set
176 // above.
177 cbb->child = NULL;
178 }
179
180 // CBB_flush recurses and then writes out any pending length prefix. The
181 // current length of the underlying base is taken to be the length of the
182 // length-prefixed data.
CBB_flush(CBB * cbb)183 int CBB_flush(CBB *cbb) {
184 // If |base| has hit an error, the buffer is in an undefined state, so
185 // fail all following calls. In particular, |cbb->child| may point to invalid
186 // memory.
187 struct cbb_buffer_st *base = cbb_get_base(cbb);
188 if (base == NULL || base->error) {
189 return 0;
190 }
191
192 if (cbb->child == NULL) {
193 // Nothing to flush.
194 return 1;
195 }
196
197 assert(cbb->child->is_child);
198 struct cbb_child_st *child = &cbb->child->u.child;
199 assert(child->base == base);
200 size_t child_start = child->offset + child->pending_len_len;
201
202 size_t len;
203 if (!CBB_flush(cbb->child) || child_start < child->offset ||
204 base->len < child_start) {
205 goto err;
206 }
207
208 len = base->len - child_start;
209
210 if (child->pending_is_asn1) {
211 // For ASN.1 we assume that we'll only need a single byte for the length.
212 // If that turned out to be incorrect, we have to move the contents along
213 // in order to make space.
214 uint8_t len_len;
215 uint8_t initial_length_byte;
216
217 assert(child->pending_len_len == 1);
218
219 if (len > 0xfffffffe) {
220 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
221 // Too large.
222 goto err;
223 } else if (len > 0xffffff) {
224 len_len = 5;
225 initial_length_byte = 0x80 | 4;
226 } else if (len > 0xffff) {
227 len_len = 4;
228 initial_length_byte = 0x80 | 3;
229 } else if (len > 0xff) {
230 len_len = 3;
231 initial_length_byte = 0x80 | 2;
232 } else if (len > 0x7f) {
233 len_len = 2;
234 initial_length_byte = 0x80 | 1;
235 } else {
236 len_len = 1;
237 initial_length_byte = (uint8_t)len;
238 len = 0;
239 }
240
241 if (len_len != 1) {
242 // We need to move the contents along in order to make space.
243 size_t extra_bytes = len_len - 1;
244 if (!cbb_buffer_add(base, NULL, extra_bytes)) {
245 goto err;
246 }
247 OPENSSL_memmove(base->buf + child_start + extra_bytes,
248 base->buf + child_start, len);
249 }
250 base->buf[child->offset++] = initial_length_byte;
251 child->pending_len_len = len_len - 1;
252 }
253
254 for (size_t i = child->pending_len_len - 1; i < child->pending_len_len; i--) {
255 base->buf[child->offset + i] = (uint8_t)len;
256 len >>= 8;
257 }
258 if (len != 0) {
259 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_OVERFLOW);
260 goto err;
261 }
262
263 child->base = NULL;
264 cbb->child = NULL;
265
266 return 1;
267
268 err:
269 cbb_on_error(cbb);
270 return 0;
271 }
272
CBB_data(const CBB * cbb)273 const uint8_t *CBB_data(const CBB *cbb) {
274 assert(cbb->child == NULL);
275 if (cbb->is_child) {
276 return cbb->u.child.base->buf + cbb->u.child.offset +
277 cbb->u.child.pending_len_len;
278 }
279 return cbb->u.base.buf;
280 }
281
CBB_len(const CBB * cbb)282 size_t CBB_len(const CBB *cbb) {
283 assert(cbb->child == NULL);
284 if (cbb->is_child) {
285 assert(cbb->u.child.offset + cbb->u.child.pending_len_len <=
286 cbb->u.child.base->len);
287 return cbb->u.child.base->len - cbb->u.child.offset -
288 cbb->u.child.pending_len_len;
289 }
290 return cbb->u.base.len;
291 }
292
cbb_add_child(CBB * cbb,CBB * out_child,uint8_t len_len,int is_asn1)293 static int cbb_add_child(CBB *cbb, CBB *out_child, uint8_t len_len,
294 int is_asn1) {
295 assert(cbb->child == NULL);
296 assert(!is_asn1 || len_len == 1);
297 struct cbb_buffer_st *base = cbb_get_base(cbb);
298 size_t offset = base->len;
299
300 // Reserve space for the length prefix.
301 uint8_t *prefix_bytes;
302 if (!cbb_buffer_add(base, &prefix_bytes, len_len)) {
303 return 0;
304 }
305 OPENSSL_memset(prefix_bytes, 0, len_len);
306
307 CBB_zero(out_child);
308 out_child->is_child = 1;
309 out_child->u.child.base = base;
310 out_child->u.child.offset = offset;
311 out_child->u.child.pending_len_len = len_len;
312 out_child->u.child.pending_is_asn1 = is_asn1;
313 cbb->child = out_child;
314 return 1;
315 }
316
cbb_add_length_prefixed(CBB * cbb,CBB * out_contents,uint8_t len_len)317 static int cbb_add_length_prefixed(CBB *cbb, CBB *out_contents,
318 uint8_t len_len) {
319 if (!CBB_flush(cbb)) {
320 return 0;
321 }
322
323 return cbb_add_child(cbb, out_contents, len_len, /*is_asn1=*/0);
324 }
325
CBB_add_u8_length_prefixed(CBB * cbb,CBB * out_contents)326 int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents) {
327 return cbb_add_length_prefixed(cbb, out_contents, 1);
328 }
329
CBB_add_u16_length_prefixed(CBB * cbb,CBB * out_contents)330 int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents) {
331 return cbb_add_length_prefixed(cbb, out_contents, 2);
332 }
333
CBB_add_u24_length_prefixed(CBB * cbb,CBB * out_contents)334 int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents) {
335 return cbb_add_length_prefixed(cbb, out_contents, 3);
336 }
337
338 // add_base128_integer encodes |v| as a big-endian base-128 integer where the
339 // high bit of each byte indicates where there is more data. This is the
340 // encoding used in DER for both high tag number form and OID components.
add_base128_integer(CBB * cbb,uint64_t v)341 static int add_base128_integer(CBB *cbb, uint64_t v) {
342 unsigned len_len = 0;
343 uint64_t copy = v;
344 while (copy > 0) {
345 len_len++;
346 copy >>= 7;
347 }
348 if (len_len == 0) {
349 len_len = 1; // Zero is encoded with one byte.
350 }
351 for (unsigned i = len_len - 1; i < len_len; i--) {
352 uint8_t byte = (v >> (7 * i)) & 0x7f;
353 if (i != 0) {
354 // The high bit denotes whether there is more data.
355 byte |= 0x80;
356 }
357 if (!CBB_add_u8(cbb, byte)) {
358 return 0;
359 }
360 }
361 return 1;
362 }
363
CBB_add_asn1(CBB * cbb,CBB * out_contents,CBS_ASN1_TAG tag)364 int CBB_add_asn1(CBB *cbb, CBB *out_contents, CBS_ASN1_TAG tag) {
365 if (!CBB_flush(cbb)) {
366 return 0;
367 }
368
369 // Split the tag into leading bits and tag number.
370 uint8_t tag_bits = (tag >> CBS_ASN1_TAG_SHIFT) & 0xe0;
371 CBS_ASN1_TAG tag_number = tag & CBS_ASN1_TAG_NUMBER_MASK;
372 if (tag_number >= 0x1f) {
373 // Set all the bits in the tag number to signal high tag number form.
374 if (!CBB_add_u8(cbb, tag_bits | 0x1f) ||
375 !add_base128_integer(cbb, tag_number)) {
376 return 0;
377 }
378 } else if (!CBB_add_u8(cbb, tag_bits | tag_number)) {
379 return 0;
380 }
381
382 // Reserve one byte of length prefix. |CBB_flush| will finish it later.
383 return cbb_add_child(cbb, out_contents, /*len_len=*/1, /*is_asn1=*/1);
384 }
385
CBB_add_bytes(CBB * cbb,const uint8_t * data,size_t len)386 int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len) {
387 uint8_t *out;
388 if (!CBB_add_space(cbb, &out, len)) {
389 return 0;
390 }
391 OPENSSL_memcpy(out, data, len);
392 return 1;
393 }
394
CBB_add_zeros(CBB * cbb,size_t len)395 int CBB_add_zeros(CBB *cbb, size_t len) {
396 uint8_t *out;
397 if (!CBB_add_space(cbb, &out, len)) {
398 return 0;
399 }
400 OPENSSL_memset(out, 0, len);
401 return 1;
402 }
403
CBB_add_space(CBB * cbb,uint8_t ** out_data,size_t len)404 int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len) {
405 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb_get_base(cbb), out_data, len)) {
406 return 0;
407 }
408 return 1;
409 }
410
CBB_reserve(CBB * cbb,uint8_t ** out_data,size_t len)411 int CBB_reserve(CBB *cbb, uint8_t **out_data, size_t len) {
412 if (!CBB_flush(cbb) ||
413 !cbb_buffer_reserve(cbb_get_base(cbb), out_data, len)) {
414 return 0;
415 }
416 return 1;
417 }
418
CBB_did_write(CBB * cbb,size_t len)419 int CBB_did_write(CBB *cbb, size_t len) {
420 struct cbb_buffer_st *base = cbb_get_base(cbb);
421 size_t newlen = base->len + len;
422 if (cbb->child != NULL || newlen < base->len || newlen > base->cap) {
423 return 0;
424 }
425 base->len = newlen;
426 return 1;
427 }
428
cbb_add_u(CBB * cbb,uint64_t v,size_t len_len)429 static int cbb_add_u(CBB *cbb, uint64_t v, size_t len_len) {
430 uint8_t *buf;
431 if (!CBB_add_space(cbb, &buf, len_len)) {
432 return 0;
433 }
434
435 for (size_t i = len_len - 1; i < len_len; i--) {
436 buf[i] = v;
437 v >>= 8;
438 }
439
440 // |v| must fit in |len_len| bytes.
441 if (v != 0) {
442 cbb_on_error(cbb);
443 return 0;
444 }
445
446 return 1;
447 }
448
CBB_add_u8(CBB * cbb,uint8_t value)449 int CBB_add_u8(CBB *cbb, uint8_t value) { return cbb_add_u(cbb, value, 1); }
450
CBB_add_u16(CBB * cbb,uint16_t value)451 int CBB_add_u16(CBB *cbb, uint16_t value) { return cbb_add_u(cbb, value, 2); }
452
CBB_add_u16le(CBB * cbb,uint16_t value)453 int CBB_add_u16le(CBB *cbb, uint16_t value) {
454 return CBB_add_u16(cbb, CRYPTO_bswap2(value));
455 }
456
CBB_add_u24(CBB * cbb,uint32_t value)457 int CBB_add_u24(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 3); }
458
CBB_add_u32(CBB * cbb,uint32_t value)459 int CBB_add_u32(CBB *cbb, uint32_t value) { return cbb_add_u(cbb, value, 4); }
460
CBB_add_u32le(CBB * cbb,uint32_t value)461 int CBB_add_u32le(CBB *cbb, uint32_t value) {
462 return CBB_add_u32(cbb, CRYPTO_bswap4(value));
463 }
464
CBB_add_u64(CBB * cbb,uint64_t value)465 int CBB_add_u64(CBB *cbb, uint64_t value) { return cbb_add_u(cbb, value, 8); }
466
CBB_add_u64le(CBB * cbb,uint64_t value)467 int CBB_add_u64le(CBB *cbb, uint64_t value) {
468 return CBB_add_u64(cbb, CRYPTO_bswap8(value));
469 }
470
CBB_discard(CBB * cbb,size_t len)471 void CBB_discard(CBB *cbb, size_t len) {
472 BSSL_CHECK(cbb->child == nullptr);
473 BSSL_CHECK(len <= CBB_len(cbb));
474 struct cbb_buffer_st *base = cbb_get_base(cbb);
475 base->len -= len;
476 }
477
CBB_discard_child(CBB * cbb)478 void CBB_discard_child(CBB *cbb) {
479 if (cbb->child == NULL) {
480 return;
481 }
482
483 struct cbb_buffer_st *base = cbb_get_base(cbb);
484 assert(cbb->child->is_child);
485 base->len = cbb->child->u.child.offset;
486
487 cbb->child->u.child.base = NULL;
488 cbb->child = NULL;
489 }
490
CBB_add_asn1_element(CBB * cbb,CBS_ASN1_TAG tag,const uint8_t * data,size_t data_len)491 int CBB_add_asn1_element(CBB *cbb, CBS_ASN1_TAG tag, const uint8_t *data,
492 size_t data_len) {
493 CBB child;
494 if (!CBB_add_asn1(cbb, &child, tag) ||
495 !CBB_add_bytes(&child, data, data_len) || //
496 !CBB_flush(cbb)) {
497 cbb_on_error(cbb);
498 return 0;
499 }
500
501 return 1;
502 }
503
CBB_add_asn1_uint64(CBB * cbb,uint64_t value)504 int CBB_add_asn1_uint64(CBB *cbb, uint64_t value) {
505 return CBB_add_asn1_uint64_with_tag(cbb, value, CBS_ASN1_INTEGER);
506 }
507
CBB_add_asn1_uint64_with_tag(CBB * cbb,uint64_t value,CBS_ASN1_TAG tag)508 int CBB_add_asn1_uint64_with_tag(CBB *cbb, uint64_t value, CBS_ASN1_TAG tag) {
509 CBB child;
510 int started = 0;
511 if (!CBB_add_asn1(cbb, &child, tag)) {
512 goto err;
513 }
514
515 for (size_t i = 0; i < 8; i++) {
516 uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
517 if (!started) {
518 if (byte == 0) {
519 // Don't encode leading zeros.
520 continue;
521 }
522 // If the high bit is set, add a padding byte to make it
523 // unsigned.
524 if ((byte & 0x80) && !CBB_add_u8(&child, 0)) {
525 goto err;
526 }
527 started = 1;
528 }
529 if (!CBB_add_u8(&child, byte)) {
530 goto err;
531 }
532 }
533
534 // 0 is encoded as a single 0, not the empty string.
535 if (!started && !CBB_add_u8(&child, 0)) {
536 goto err;
537 }
538
539 return CBB_flush(cbb);
540
541 err:
542 cbb_on_error(cbb);
543 return 0;
544 }
545
CBB_add_asn1_int64(CBB * cbb,int64_t value)546 int CBB_add_asn1_int64(CBB *cbb, int64_t value) {
547 return CBB_add_asn1_int64_with_tag(cbb, value, CBS_ASN1_INTEGER);
548 }
549
CBB_add_asn1_int64_with_tag(CBB * cbb,int64_t value,CBS_ASN1_TAG tag)550 int CBB_add_asn1_int64_with_tag(CBB *cbb, int64_t value, CBS_ASN1_TAG tag) {
551 if (value >= 0) {
552 return CBB_add_asn1_uint64_with_tag(cbb, (uint64_t)value, tag);
553 }
554
555 uint8_t bytes[sizeof(int64_t)];
556 memcpy(bytes, &value, sizeof(value));
557 int start = 7;
558 // Skip leading sign-extension bytes unless they are necessary.
559 while (start > 0 && (bytes[start] == 0xff && (bytes[start - 1] & 0x80))) {
560 start--;
561 }
562
563 CBB child;
564 if (!CBB_add_asn1(cbb, &child, tag)) {
565 goto err;
566 }
567 for (int i = start; i >= 0; i--) {
568 if (!CBB_add_u8(&child, bytes[i])) {
569 goto err;
570 }
571 }
572 return CBB_flush(cbb);
573
574 err:
575 cbb_on_error(cbb);
576 return 0;
577 }
578
CBB_add_asn1_octet_string(CBB * cbb,const uint8_t * data,size_t data_len)579 int CBB_add_asn1_octet_string(CBB *cbb, const uint8_t *data, size_t data_len) {
580 return CBB_add_asn1_element(cbb, CBS_ASN1_OCTETSTRING, data, data_len);
581 }
582
CBB_add_asn1_bool(CBB * cbb,int value)583 int CBB_add_asn1_bool(CBB *cbb, int value) {
584 CBB child;
585 if (!CBB_add_asn1(cbb, &child, CBS_ASN1_BOOLEAN) ||
586 !CBB_add_u8(&child, value != 0 ? 0xff : 0) || !CBB_flush(cbb)) {
587 cbb_on_error(cbb);
588 return 0;
589 }
590
591 return 1;
592 }
593
594 // parse_dotted_decimal parses one decimal component from |cbs|, where |cbs| is
595 // an OID literal, e.g., "1.2.840.113554.4.1.72585". It consumes both the
596 // component and the dot, so |cbs| may be passed into the function again for the
597 // next value.
parse_dotted_decimal(CBS * cbs,uint64_t * out)598 static int parse_dotted_decimal(CBS *cbs, uint64_t *out) {
599 if (!CBS_get_u64_decimal(cbs, out)) {
600 return 0;
601 }
602
603 // The integer must have either ended at the end of the string, or a
604 // non-terminal dot, which should be consumed. If the string ends with a dot,
605 // this is not a valid OID string.
606 uint8_t dot;
607 return !CBS_get_u8(cbs, &dot) || (dot == '.' && CBS_len(cbs) > 0);
608 }
609
CBB_add_asn1_oid_from_text(CBB * cbb,const char * text,size_t len)610 int CBB_add_asn1_oid_from_text(CBB *cbb, const char *text, size_t len) {
611 if (!CBB_flush(cbb)) {
612 return 0;
613 }
614
615 CBS cbs;
616 CBS_init(&cbs, (const uint8_t *)text, len);
617
618 // OIDs must have at least two components.
619 uint64_t a, b;
620 if (!parse_dotted_decimal(&cbs, &a) || !parse_dotted_decimal(&cbs, &b)) {
621 return 0;
622 }
623
624 // The first component is encoded as 40 * |a| + |b|. This assumes that |a| is
625 // 0, 1, or 2 and that, when it is 0 or 1, |b| is at most 39.
626 if (a > 2 || (a < 2 && b > 39) || b > UINT64_MAX - 80 ||
627 !add_base128_integer(cbb, 40u * a + b)) {
628 return 0;
629 }
630
631 // The remaining components are encoded unmodified.
632 while (CBS_len(&cbs) > 0) {
633 if (!parse_dotted_decimal(&cbs, &a) || !add_base128_integer(cbb, a)) {
634 return 0;
635 }
636 }
637
638 return 1;
639 }
640
compare_set_of_element(const void * a_ptr,const void * b_ptr)641 static int compare_set_of_element(const void *a_ptr, const void *b_ptr) {
642 // See X.690, section 11.6 for the ordering. They are sorted in ascending
643 // order by their DER encoding.
644 const CBS *a = reinterpret_cast<const CBS *>(a_ptr),
645 *b = reinterpret_cast<const CBS *>(b_ptr);
646 size_t a_len = CBS_len(a), b_len = CBS_len(b);
647 size_t min_len = a_len < b_len ? a_len : b_len;
648 int ret = OPENSSL_memcmp(CBS_data(a), CBS_data(b), min_len);
649 if (ret != 0) {
650 return ret;
651 }
652 if (a_len == b_len) {
653 return 0;
654 }
655 // If one is a prefix of the other, the shorter one sorts first. (This is not
656 // actually reachable. No DER encoding is a prefix of another DER encoding.)
657 return a_len < b_len ? -1 : 1;
658 }
659
CBB_flush_asn1_set_of(CBB * cbb)660 int CBB_flush_asn1_set_of(CBB *cbb) {
661 if (!CBB_flush(cbb)) {
662 return 0;
663 }
664
665 CBS cbs;
666 size_t num_children = 0;
667 CBS_init(&cbs, CBB_data(cbb), CBB_len(cbb));
668 while (CBS_len(&cbs) != 0) {
669 if (!CBS_get_any_asn1_element(&cbs, NULL, NULL, NULL)) {
670 OPENSSL_PUT_ERROR(CRYPTO, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED);
671 return 0;
672 }
673 num_children++;
674 }
675
676 if (num_children < 2) {
677 return 1; // Nothing to do. This is the common case for X.509.
678 }
679
680 // Parse out the children and sort. We alias them into a copy of so they
681 // remain valid as we rewrite |cbb|.
682 int ret = 0;
683 size_t buf_len = CBB_len(cbb);
684 uint8_t *buf =
685 reinterpret_cast<uint8_t *>(OPENSSL_memdup(CBB_data(cbb), buf_len));
686 CBS *children =
687 reinterpret_cast<CBS *>(OPENSSL_calloc(num_children, sizeof(CBS)));
688 uint8_t *out;
689 size_t offset = 0;
690 if (buf == NULL || children == NULL) {
691 goto err;
692 }
693 CBS_init(&cbs, buf, buf_len);
694 for (size_t i = 0; i < num_children; i++) {
695 if (!CBS_get_any_asn1_element(&cbs, &children[i], NULL, NULL)) {
696 goto err;
697 }
698 }
699 qsort(children, num_children, sizeof(CBS), compare_set_of_element);
700
701 // Write the contents back in the new order.
702 out = (uint8_t *)CBB_data(cbb);
703 for (size_t i = 0; i < num_children; i++) {
704 OPENSSL_memcpy(out + offset, CBS_data(&children[i]), CBS_len(&children[i]));
705 offset += CBS_len(&children[i]);
706 }
707 assert(offset == buf_len);
708
709 ret = 1;
710
711 err:
712 OPENSSL_free(buf);
713 OPENSSL_free(children);
714 return ret;
715 }
716