/* * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * 3. Neither the name of the Institute nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include "der_locl.h" /* * All decoding functions take a pointer `p' to first position in * which to read, from the left, `len' which means the maximum number * of characters we are able to read, `ret' were the value will be * returned and `size' where the number of used bytes is stored. * Either 0 or an error code is returned. */ int ASN1CALL der_get_unsigned (const unsigned char *p, size_t len, unsigned *ret, size_t *size) { unsigned val = 0; size_t oldlen = len; if (len == sizeof(val) + 1 && p[0] == 0) ; else if (len > sizeof(val)) return ASN1_OVERRUN; while (len--) val = val * 256 + *p++; *ret = val; if(size) *size = oldlen; return 0; } int ASN1CALL der_get_unsigned64 (const unsigned char *p, size_t len, uint64_t *ret, size_t *size) { uint64_t val = 0; size_t oldlen = len; if (len == sizeof(val) + 1 && p[0] == 0) ; else if (len > sizeof(val)) return ASN1_OVERRUN; while (len--) val = val * 256 + *p++; *ret = val; if(size) *size = oldlen; return 0; } int ASN1CALL der_get_integer (const unsigned char *p, size_t len, int *ret, size_t *size) { int val = 0; size_t oldlen = len; if (len == sizeof(val) + 1 && (p[0] == 0 || p[0] == 0xff)) ; else if (len > sizeof(val)) return ASN1_OVERRUN; /* We assume we're on a twos-complement platform */ if (len > 0) { val = (signed char)*p++; while (--len) val = val * 256 + *p++; } *ret = val; if(size) *size = oldlen; return 0; } int ASN1CALL der_get_integer64 (const unsigned char *p, size_t len, int64_t *ret, size_t *size) { int64_t val = 0; size_t oldlen = len; if (len > sizeof(val)) return ASN1_OVERRUN; /* We assume we're on a twos-complement platform */ if (len > 0) { val = (signed char)*p++; while (--len) val = val * 256 + *p++; } *ret = val; if(size) *size = oldlen; return 0; } int ASN1CALL der_get_length (const unsigned char *p, size_t len, size_t *val, size_t *size) { size_t v; if (len <= 0) return ASN1_OVERRUN; --len; v = *p++; if (v < 128) { *val = v; if(size) *size = 1; } else { int e; size_t l; unsigned tmp; if(v == 0x80){ *val = ASN1_INDEFINITE; if(size) *size = 1; return 0; } v &= 0x7F; if (len < v) return ASN1_OVERRUN; e = der_get_unsigned (p, v, &tmp, &l); if(e) return e; *val = tmp; if(size) *size = l + 1; } return 0; } int ASN1CALL der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size) { if(len < 1) return ASN1_OVERRUN; if(*p != 0) *data = 1; else *data = 0; *size = 1; return 0; } int ASN1CALL der_get_general_string (const unsigned char *p, size_t len, heim_general_string *str, size_t *size) { const unsigned char *p1; char *s; assert(p != NULL); if (size) *size = 0; p1 = memchr(p, 0, len); if (p1 != NULL) { /* * Allow trailing NULs. We allow this since MIT Kerberos sends * an strings in the NEED_PREAUTH case that includes a * trailing NUL. */ while ((size_t)(p1 - p) < len && *p1 == '\0') p1++; if ((size_t)(p1 - p) != len) { *str = NULL; return ASN1_BAD_CHARACTER; } } if (len == SIZE_MAX) { *str = NULL; return ASN1_BAD_LENGTH; } *str = s = malloc (len + 1); if (s == NULL) return ENOMEM; memcpy (s, p, len); s[len] = '\0'; if(size) *size = len; return 0; } int ASN1CALL der_get_utf8string (const unsigned char *p, size_t len, heim_utf8_string *str, size_t *size) { return der_get_general_string(p, len, str, size); } #define gen_data_zero(_data) \ do { (_data)->length = 0; (_data)->data = NULL; } while(0) int ASN1CALL der_get_printable_string(const unsigned char *p, size_t len, heim_printable_string *str, size_t *size) { assert(p != NULL); if (size) *size = 0; if (len == SIZE_MAX) { gen_data_zero(str); return ASN1_BAD_LENGTH; } str->length = len; str->data = malloc(len + 1); if (str->data == NULL) { gen_data_zero(str); return ENOMEM; } memcpy(str->data, p, len); ((char *)str->data)[len] = '\0'; if(size) *size = len; return 0; } int ASN1CALL der_get_ia5_string(const unsigned char *p, size_t len, heim_ia5_string *str, size_t *size) { return der_get_printable_string(p, len, str, size); } int ASN1CALL der_get_bmp_string (const unsigned char *p, size_t len, heim_bmp_string *data, size_t *size) { size_t i; assert(p != NULL); if (size) *size = 0; if (len & 1) { gen_data_zero(data); return ASN1_BAD_FORMAT; } data->length = len / 2; if (data->length > UINT_MAX/sizeof(data->data[0])) { gen_data_zero(data); return ERANGE; } data->data = malloc(data->length * sizeof(data->data[0])); if (data->data == NULL && data->length != 0) { gen_data_zero(data); return ENOMEM; } for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 8) | p[1]; p += 2; /* check for NUL in the middle of the string */ if (data->data[i] == 0 && i != (data->length - 1)) { free(data->data); gen_data_zero(data); return ASN1_BAD_CHARACTER; } } if (size) *size = len; return 0; } int ASN1CALL der_get_universal_string (const unsigned char *p, size_t len, heim_universal_string *data, size_t *size) { size_t i; assert(p != NULL); if (size) *size = 0; if (len & 3) { gen_data_zero(data); return ASN1_BAD_FORMAT; } data->length = len / 4; if (data->length > UINT_MAX/sizeof(data->data[0])) { gen_data_zero(data); return ERANGE; } data->data = malloc(data->length * sizeof(data->data[0])); if (data->data == NULL && data->length != 0) { gen_data_zero(data); return ENOMEM; } for (i = 0; i < data->length; i++) { data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3]; p += 4; /* check for NUL in the middle of the string */ if (data->data[i] == 0 && i != (data->length - 1)) { free(data->data); gen_data_zero(data); return ASN1_BAD_CHARACTER; } } if (size) *size = len; return 0; } int ASN1CALL der_get_visible_string (const unsigned char *p, size_t len, heim_visible_string *str, size_t *size) { return der_get_general_string(p, len, str, size); } int ASN1CALL der_get_octet_string (const unsigned char *p, size_t len, heim_octet_string *data, size_t *size) { assert(p != NULL); if (size) *size = 0; if (len == 0) data->data = malloc(1); else data->data = malloc(len); if (data->data == NULL) { data->length = 0; return ENOMEM; } data->length = len; memcpy (data->data, p, len); if (size) *size = len; return 0; } int ASN1CALL der_get_octet_string_ber (const unsigned char *p, size_t len, heim_octet_string *data, size_t *size) { int e; Der_type type; Der_class cls; unsigned int tag, depth = 0; size_t l, datalen, oldlen = len; assert(p != NULL); if (size) *size = 0; data->length = 0; data->data = NULL; while (len) { e = der_get_tag (p, len, &cls, &type, &tag, &l); if (e) goto out; if (cls != ASN1_C_UNIV) { e = ASN1_BAD_ID; goto out; } if (type == PRIM && tag == UT_EndOfContent) { if (depth == 0) break; depth--; } if (tag != UT_OctetString) { e = ASN1_BAD_ID; goto out; } p += l; len -= l; e = der_get_length (p, len, &datalen, &l); if (e) goto out; p += l; len -= l; if (datalen > len) return ASN1_OVERRUN; if (type == PRIM && datalen) { void *ptr; ptr = realloc(data->data, data->length + datalen); if (ptr == NULL) { e = ENOMEM; goto out; } data->data = ptr; memcpy(((unsigned char *)data->data) + data->length, p, datalen); data->length += datalen; } else if (type != PRIM) depth++; p += datalen; len -= datalen; } if (depth != 0) return ASN1_INDEF_OVERRUN; if(size) *size = oldlen - len; return 0; out: free(data->data); data->data = NULL; data->length = 0; return e; } int ASN1CALL der_get_heim_integer (const unsigned char *p, size_t len, heim_integer *data, size_t *size) { data->length = 0; data->negative = 0; data->data = NULL; if (size) *size = 0; if (len == 0) return 0; assert(p != NULL); if (p[0] & 0x80) { unsigned char *q; int carry = 1; /* * A negative number. It's going to be a twos complement byte array. * We're going to leave the positive value in `data->data', but set the * `data->negative' flag. That means we need to negate the * twos-complement integer received. */ data->negative = 1; data->length = len; if (p[0] == 0xff) { if (data->length == 1) { /* One byte of all ones == -1 */ q = data->data = malloc(1); *q = 1; data->length = 1; if (size) *size = 1; return 0; } p++; data->length--; /* * We could check if the next byte's high bit is set, which would * be an error ("illegal padding" in OpenSSL). However, this would * mean failing to accept certificates made by certain CAs that * would read 8 bytes of RNG into a buffer, slap on length 8, then * slap on the tag [UNIVERSAL INTEGER], and make that the * serialNumber field's encoding, which then fails to parse in * around 1 in 256 certificates. * * So let's not. * * if (p[0] & 0x80) * return ASN1_PARSE_ERROR; // or a new error code */ } data->data = malloc(data->length); if (data->data == NULL) { data->length = 0; if (size) *size = 0; return ENOMEM; } /* * Note that if `data->length' were zero, this would be UB because we * underflow if data->length is zero even though we wouldn't actually * dereference the byte before data->data. Thus we check above for * that. */ q = &((unsigned char*)data->data)[data->length - 1]; p += data->length - 1; while (q >= (unsigned char*)data->data) { /* *p XOR 0xff -> ~*p; we're dealing with twos complement */ *q = *p ^ 0xff; if (carry) carry = !++*q; p--; q--; } } else { data->negative = 0; data->length = len; if (p[0] == 0) { p++; data->length--; } data->data = malloc(data->length); if (data->data == NULL && data->length != 0) { data->length = 0; if (size) *size = 0; return ENOMEM; } memcpy(data->data, p, data->length); } if (size) *size = len; return 0; } static int generalizedtime2time (const char *s, time_t *t) { struct tm tm; memset(&tm, 0, sizeof(tm)); if (sscanf (s, "%04d%02d%02d%02d%02d%02dZ", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) { if (sscanf (s, "%02d%02d%02d%02d%02d%02dZ", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) != 6) return ASN1_BAD_TIMEFORMAT; if (tm.tm_year < 50) tm.tm_year += 2000; else tm.tm_year += 1900; } tm.tm_year -= 1900; tm.tm_mon -= 1; *t = _der_timegm (&tm); return 0; } static int ASN1CALL der_get_time (const unsigned char *p, size_t len, time_t *data, size_t *size) { char *times; int e; assert(p != NULL); if (size) *size = 0; if (len == SIZE_MAX || len == 0) return ASN1_BAD_LENGTH; times = malloc(len + 1); if (times == NULL) return ENOMEM; memcpy(times, p, len); times[len] = '\0'; e = generalizedtime2time(times, data); free (times); if(size) *size = len; return e; } int ASN1CALL der_get_generalized_time (const unsigned char *p, size_t len, time_t *data, size_t *size) { return der_get_time(p, len, data, size); } int ASN1CALL der_get_utctime (const unsigned char *p, size_t len, time_t *data, size_t *size) { return der_get_time(p, len, data, size); } int ASN1CALL der_get_oid (const unsigned char *p, size_t len, heim_oid *data, size_t *size) { size_t n; size_t oldlen = len; assert(p != NULL); if (size) *size = 0; if (len < 1) return ASN1_OVERRUN; if (len == SIZE_MAX) return ASN1_BAD_LENGTH; if (len + 1 > UINT_MAX/sizeof(data->components[0])) return ERANGE; data->components = malloc((len + 1) * sizeof(data->components[0])); if (data->components == NULL) { data->length = 0; return ENOMEM; } data->components[0] = (*p) / 40; data->components[1] = (*p) % 40; --len; ++p; for (n = 2; len > 0; ++n) { unsigned u = 0, u1; do { --len; u1 = u * 128 + (*p++ % 128); /* check that we don't overflow the element */ if (u1 < u) { der_free_oid(data); return ASN1_OVERRUN; } u = u1; } while (len > 0 && p[-1] & 0x80); data->components[n] = u; } if (n > 2 && p[-1] & 0x80) { der_free_oid (data); return ASN1_OVERRUN; } data->length = n; if (size) *size = oldlen; return 0; } int ASN1CALL der_get_tag (const unsigned char *p, size_t len, Der_class *cls, Der_type *type, unsigned int *tag, size_t *size) { size_t ret = 0; if (size) *size = 0; if (len < 1) return ASN1_MISSING_FIELD; assert(p != NULL); *cls = (Der_class)(((*p) >> 6) & 0x03); *type = (Der_type)(((*p) >> 5) & 0x01); *tag = (*p) & 0x1f; p++; len--; ret++; if(*tag == 0x1f) { unsigned int continuation; unsigned int tag1; *tag = 0; do { if(len < 1) return ASN1_OVERRUN; continuation = *p & 128; tag1 = *tag * 128 + (*p % 128); /* check that we don't overflow the tag */ if (tag1 < *tag) return ASN1_OVERFLOW; *tag = tag1; p++; len--; ret++; } while(continuation); } if(size) *size = ret; return 0; } int ASN1CALL der_match_tag (const unsigned char *p, size_t len, Der_class cls, Der_type type, unsigned int tag, size_t *size) { Der_type thistype; int e; e = der_match_tag2(p, len, cls, &thistype, tag, size); if (e) return e; if (thistype != type) return ASN1_BAD_ID; return 0; } int ASN1CALL der_match_tag2 (const unsigned char *p, size_t len, Der_class cls, Der_type *type, unsigned int tag, size_t *size) { size_t l; Der_class thisclass; unsigned int thistag; int e; if (size) *size = 0; e = der_get_tag(p, len, &thisclass, type, &thistag, &l); if (e) return e; /* * We do depend on ASN1_BAD_ID being returned in places where we're * essentially implementing an application-level CHOICE where we try to * decode one way then the other. In Heimdal this happens only in lib/hdb/ * where we try to decode a blob as an hdb_entry, then as an * hdb_entry_alias. Applications should really not depend on this. */ if (cls != thisclass && (cls == ASN1_C_APPL || thisclass == ASN1_C_APPL)) return ASN1_BAD_ID; if (cls != thisclass || tag != thistag) return ASN1_MISSING_FIELD; if (size) *size = l; return 0; } /* * Returns 0 if the encoded data at `p' of length `len' starts with the tag of * class `cls`, type `type', and tag value `tag', and puts the length of the * payload (i.e., the length of V in TLV, not the length of TLV) in * `*length_ret', and the size of the whole thing (the TLV) in `*size' if * `size' is not NULL. * * Else returns an error. */ int ASN1CALL der_match_tag_and_length (const unsigned char *p, size_t len, Der_class cls, Der_type *type, unsigned int tag, size_t *length_ret, size_t *size) { size_t l, ret = 0; int e; e = der_match_tag2 (p, len, cls, type, tag, &l); if (e) return e; p += l; len -= l; ret += l; e = der_get_length (p, len, length_ret, &l); if (e) return e; if(size) *size = ret + l; return 0; } /* * Old versions of DCE was based on a very early beta of the MIT code, * which used MAVROS for ASN.1 encoding. MAVROS had the interesting * feature that it encoded data in the forward direction, which has * it's problems, since you have no idea how long the data will be * until after you're done. MAVROS solved this by reserving one byte * for length, and later, if the actual length was longer, it reverted * to indefinite, BER style, lengths. The version of MAVROS used by * the DCE people could apparently generate correct X.509 DER encodings, and * did this by making space for the length after encoding, but * unfortunately this feature wasn't used with Kerberos. */ int _heim_fix_dce(size_t reallen, size_t *len) { if(reallen == ASN1_INDEFINITE) return 1; if(*len < reallen) return -1; *len = reallen; return 0; } int ASN1CALL der_get_bit_string (const unsigned char *p, size_t len, heim_bit_string *data, size_t *size) { assert(p != NULL); if (size) *size = 0; if (len < 1) return ASN1_OVERRUN; if (p[0] > 7) return ASN1_BAD_FORMAT; if (len - 1 == 0 && p[0] != 0) return ASN1_BAD_FORMAT; /* check if any of the three upper bits are set * any of them will cause a interger overrun */ if ((len - 1) >> (sizeof(len) * 8 - 3)) return ASN1_OVERRUN; /* * If there is data to copy, do that now. */ if (len - 1 > 0) { data->length = (len - 1) * 8; data->data = malloc(len - 1); if (data->data == NULL) { data->length = 0; return ENOMEM; } memcpy (data->data, p + 1, len - 1); data->length -= p[0]; } else { data->data = NULL; data->length = 0; } if(size) *size = len; return 0; }