2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
12 * The Original Code is the Netscape security libraries.
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
35 * Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
38 * $Id: secasn1d.c,v 1.16 2004/05/13 15:29:13 dmitch Exp $
44 #include <security_utilities/simulatecrash_assert.h>
47 #define DEBUG_DECASN1 0
49 #define DEBUG_DECASN1 1
54 #define dprintf(args...) printf(args)
56 #define dprintf(args...)
57 #endif /* DEBUG_DECASN1 */
68 duringConstructedString
,
73 afterConstructedString
,
87 } sec_asn1d_parse_place
;
90 #define DEBUG_ASN1D_STATES 1
91 /* tweakable by debugger, debug only */
93 #else /* DEBUG_ASN1D_STATES 0 */
94 #endif /* DEBUG_ASN1D_STATES */
96 #if DEBUG_ASN1D_STATES
97 static const char *place_names
[] = {
106 "duringConstructedString",
109 "duringSaveEncoding",
111 "afterConstructedString",
118 "beforeEndOfContents",
119 "duringEndOfContents",
120 "afterEndOfContents",
127 static const char * const class_names
[] = {
134 static const char * const method_names
[] = { "PRIMITIVE", "CONSTRUCTED" };
136 static const char * const type_names
[] = {
171 static const char * const flag_names
[] = { /* flags, right to left */
182 "", /* decoder ignores "MAY_STREAM", */
194 static int /* bool */
195 formatKind(unsigned long kind
, char * buf
)
198 unsigned long k
= kind
& SEC_ASN1_TAGNUM_MASK
;
199 unsigned long notag
= kind
& (SEC_ASN1_CHOICE
| SEC_ASN1_POINTER
|
200 SEC_ASN1_INLINE
| SEC_ASN1_ANY
| SEC_ASN1_SAVE
);
203 if ((kind
& SEC_ASN1_CLASS_MASK
) != SEC_ASN1_UNIVERSAL
) {
204 sprintf(buf
, " %s", class_names
[(kind
& SEC_ASN1_CLASS_MASK
) >> 6] );
207 if (kind
& SEC_ASN1_METHOD_MASK
) {
208 sprintf(buf
, " %s", method_names
[1]);
211 if ((kind
& SEC_ASN1_CLASS_MASK
) == SEC_ASN1_UNIVERSAL
) {
213 sprintf(buf
, " %s", type_names
[k
] );
214 if ((k
== SEC_ASN1_SET
|| k
== SEC_ASN1_SEQUENCE
) &&
215 (kind
& SEC_ASN1_GROUP
)) {
221 sprintf(buf
, " [%lu]", k
);
225 for (k
= kind
>> 8, i
= 0; k
; k
>>= 1, ++i
) {
227 sprintf(buf
, " %s", flag_names
[i
]);
234 #endif /* DEBUG_ASN1D_STATES */
241 } sec_asn1d_parse_status
;
245 unsigned long len
; /* only used for substrings */
246 struct subitem
*next
;
249 typedef struct sec_asn1d_state_struct
{
250 SEC_ASN1DecoderContext
*top
;
251 const SecAsn1Template
*theTemplate
;
254 void *our_mark
; /* free on completion */
256 struct sec_asn1d_state_struct
*parent
; /* aka prev */
257 struct sec_asn1d_state_struct
*child
; /* aka next */
259 sec_asn1d_parse_place place
;
262 * XXX explain the next fields as clearly as possible...
264 unsigned char found_tag_modifiers
;
265 unsigned char expect_tag_modifiers
;
266 unsigned long check_tag_mask
;
267 unsigned long found_tag_number
;
268 unsigned long expect_tag_number
;
269 unsigned long underlying_kind
;
271 unsigned long contents_length
;
272 unsigned long pending
;
273 unsigned long consumed
;
278 * Bit strings have their length adjusted -- the first octet of the
279 * contents contains a value between 0 and 7 which says how many bits
280 * at the end of the octets are not actually part of the bit string;
281 * when parsing bit strings we put that value here because we need it
282 * later, for adjustment of the length (when the whole string is done).
284 unsigned int bit_string_unused_bits
;
287 * The following are used for indefinite-length constructed strings.
289 struct subitem
*subitems_head
;
290 struct subitem
*subitems_tail
;
293 allocate
, /* when true, need to allocate the destination */
294 endofcontents
, /* this state ended up parsing end-of-contents octets */
295 explicit, /* we are handling an explicit header */
296 indefinite
, /* the current item has indefinite-length encoding */
297 missing
, /* an optional field that was not present */
298 optional
, /* the template says this field may be omitted */
299 substring
; /* this is a substring of a constructed string */
302 #define IS_HIGH_TAG_NUMBER(n) ((n) == SEC_ASN1_HIGH_TAG_NUMBER)
303 #define LAST_TAG_NUMBER_BYTE(b) (((b) & 0x80) == 0)
304 #define TAG_NUMBER_BITS 7
305 #define TAG_NUMBER_MASK 0x7f
307 #define LENGTH_IS_SHORT_FORM(b) (((b) & 0x80) == 0)
308 #define LONG_FORM_LENGTH(b) ((b) & 0x7f)
310 #define HIGH_BITS(field,cnt) ((field) >> ((sizeof(field) * 8) - (cnt)))
314 * An "outsider" will have an opaque pointer to this, created by calling
315 * SEC_ASN1DecoderStart(). It will be passed back in to all subsequent
316 * calls to SEC_ASN1DecoderUpdate(), and when done it is passed to
317 * SEC_ASN1DecoderFinish().
319 struct sec_DecoderContext_struct
{
320 PRArenaPool
*our_pool
; /* for our internal allocs */
321 PRArenaPool
*their_pool
; /* for destination structure allocs */
322 #ifdef SEC_ASN1D_FREE_ON_ERROR /*
323 * XXX see comment below (by same
324 * ifdef) that explains why this
325 * does not work (need more smarts
326 * in order to free back to mark)
329 * XXX how to make their_mark work in the case where they do NOT
330 * give us a pool pointer?
332 void *their_mark
; /* free on error */
335 sec_asn1d_state
*current
;
336 sec_asn1d_parse_status status
;
338 SEC_ASN1NotifyProc notify_proc
; /* call before/after handling field */
339 void *notify_arg
; /* argument to notify_proc */
340 PRBool during_notify
; /* true during call to notify_proc */
342 SEC_ASN1WriteProc filter_proc
; /* pass field bytes to this */
343 void *filter_arg
; /* argument to that function */
344 PRBool filter_only
; /* do not allocate/store fields */
349 * XXX this is a fairly generic function that may belong elsewhere
352 sec_asn1d_alloc (PRArenaPool
*poolp
, unsigned long len
)
358 * Allocate from the pool.
360 thing
= PORT_ArenaAlloc (poolp
, len
);
363 * Allocate generically.
365 thing
= PORT_Alloc (len
);
373 * XXX this is a fairly generic function that may belong elsewhere
376 sec_asn1d_zalloc (PRArenaPool
*poolp
, unsigned long len
)
380 thing
= sec_asn1d_alloc (poolp
, len
);
382 PORT_Memset (thing
, 0, len
);
387 static sec_asn1d_state
*
388 sec_asn1d_push_state (SEC_ASN1DecoderContext
*cx
,
389 const SecAsn1Template
*theTemplate
,
390 void *dest
, PRBool new_depth
)
392 sec_asn1d_state
*state
, *new_state
= NULL
;
396 PORT_Assert (state
== NULL
|| state
->child
== NULL
);
399 PORT_Assert (state
->our_mark
== NULL
);
400 state
->our_mark
= PORT_ArenaMark (cx
->our_pool
);
403 new_state
= (sec_asn1d_state
*)sec_asn1d_zalloc (cx
->our_pool
,
405 if (new_state
== NULL
) {
406 dprintf("decodeError: zalloc failure\n");
411 new_state
->parent
= state
;
412 new_state
->theTemplate
= theTemplate
;
413 new_state
->place
= notInUse
;
415 new_state
->dest
= (char *)dest
+ theTemplate
->offset
;
418 new_state
->depth
= state
->depth
;
420 if (++new_state
->depth
> SEC_ASN1D_MAX_DEPTH
) {
421 PORT_SetError (SEC_ERROR_BAD_DER
);
425 state
->child
= new_state
;
428 cx
->current
= new_state
;
432 cx
->status
= decodeError
;
434 PORT_ArenaRelease(cx
->our_pool
, state
->our_mark
);
435 state
->our_mark
= NULL
;
437 if (new_state
!= NULL
) {
438 PORT_Free(new_state
);
445 sec_asn1d_scrub_state (sec_asn1d_state
*state
)
448 * Some default "scrubbing".
449 * XXX right set of initializations?
451 state
->place
= beforeIdentifier
;
452 state
->endofcontents
= PR_FALSE
;
453 state
->indefinite
= PR_FALSE
;
454 state
->missing
= PR_FALSE
;
456 PORT_Assert (state
->consumed
== 0);
460 static sec_asn1d_state
*
461 sec_asn1d_get_enclosing_construct(sec_asn1d_state
*state
)
463 for (state
= state
->parent
; state
; state
= state
->parent
) {
464 sec_asn1d_parse_place place
= state
->place
;
465 if (place
!= afterImplicit
&&
466 place
!= afterPointer
&&
467 place
!= afterInline
&&
468 place
!= afterSaveEncoding
&&
469 place
!= duringSaveEncoding
&&
470 place
!= duringChoice
) {
472 /* we've walked up the stack to a state that represents
473 ** the enclosing construct.
483 sec_asn1d_parent_allows_EOC(sec_asn1d_state
*state
)
485 /* get state of enclosing construct. */
486 state
= sec_asn1d_get_enclosing_construct(state
);
488 sec_asn1d_parse_place place
= state
->place
;
489 /* Is it one of the types that permits an unexpected EOC? */
491 (place
== duringGroup
||
492 place
== duringConstructedString
||
493 state
->child
->optional
);
494 return (state
->indefinite
&& eoc_permitted
) ? PR_TRUE
: PR_FALSE
;
501 sec_asn1d_notify_before (SEC_ASN1DecoderContext
*cx
, void *dest
, int depth
)
503 if (cx
->notify_proc
== NULL
)
506 cx
->during_notify
= PR_TRUE
;
507 (* cx
->notify_proc
) (cx
->notify_arg
, PR_TRUE
, dest
, depth
);
508 cx
->during_notify
= PR_FALSE
;
513 sec_asn1d_notify_after (SEC_ASN1DecoderContext
*cx
, void *dest
, int depth
)
515 if (cx
->notify_proc
== NULL
)
518 cx
->during_notify
= PR_TRUE
;
519 (* cx
->notify_proc
) (cx
->notify_arg
, PR_FALSE
, dest
, depth
);
520 cx
->during_notify
= PR_FALSE
;
524 static sec_asn1d_state
*
525 sec_asn1d_init_state_based_on_template (sec_asn1d_state
*state
,
527 const char *buf
, /* for SEC_ASN1GetSubtemplate() */
532 PRBool
explicit, optional
, universal
;
533 unsigned char expect_tag_modifiers
;
534 unsigned long encode_kind
, under_kind
;
535 unsigned long check_tag_mask
, expect_tag_number
;
537 unsigned long dynamic
;
541 /* XXX Check that both of these tests are really needed/appropriate. */
542 if (state
== NULL
|| state
->top
->status
== decodeError
|| state
->theTemplate
== NULL
)
545 encode_kind
= state
->theTemplate
->kind
;
547 if (encode_kind
& SEC_ASN1_SAVE
) {
549 * This is a "magic" field that saves away all bytes, allowing
550 * the immediately following field to still be decoded from this
551 * same spot -- sort of a fork.
553 /* check that there are no extraneous bits */
554 PORT_Assert (encode_kind
== SEC_ASN1_SAVE
);
555 if (state
->top
->filter_only
) {
557 * If we are not storing, then we do not do the SAVE field
558 * at all. Just move ahead to the "real" field instead,
559 * doing the appropriate notify calls before and after.
561 sec_asn1d_notify_after (state
->top
, state
->dest
, state
->depth
);
563 * Since we are not storing, allow for our current dest value
564 * to be NULL. (This might not actually occur, but right now I
565 * cannot convince myself one way or the other.) If it is NULL,
566 * assume that our parent dest can help us out.
568 if (state
->dest
== NULL
)
569 state
->dest
= state
->parent
->dest
;
572 (char *)state
->dest
- state
->theTemplate
->offset
;
573 state
->theTemplate
++;
574 if (state
->dest
!= NULL
)
576 (char *)state
->dest
+ state
->theTemplate
->offset
;
577 sec_asn1d_notify_before (state
->top
, state
->dest
, state
->depth
);
578 encode_kind
= state
->theTemplate
->kind
;
579 PORT_Assert ((encode_kind
& SEC_ASN1_SAVE
) == 0);
581 sec_asn1d_scrub_state (state
);
582 state
->place
= duringSaveEncoding
;
583 state
= sec_asn1d_push_state (state
->top
, kSecAsn1AnyTemplate
,
584 state
->dest
, PR_FALSE
);
586 state
= sec_asn1d_init_state_based_on_template (state
,
587 buf
/* __APPLE__ */, len
/* __APPLE__ */);
593 universal
= ((encode_kind
& SEC_ASN1_CLASS_MASK
) == SEC_ASN1_UNIVERSAL
)
594 ? PR_TRUE
: PR_FALSE
;
596 explicit = (encode_kind
& SEC_ASN1_EXPLICIT
) ? PR_TRUE
: PR_FALSE
;
597 encode_kind
&= ~SEC_ASN1_EXPLICIT
;
599 optional
= (encode_kind
& SEC_ASN1_OPTIONAL
) ? PR_TRUE
: PR_FALSE
;
600 encode_kind
&= ~SEC_ASN1_OPTIONAL
;
603 dynamic
= (encode_kind
& SEC_ASN1_DYNAMIC
) ? PR_TRUE
: PR_FALSE
;
604 encode_kind
&= ~SEC_ASN1_DYNAMIC
;
607 PORT_Assert (!(explicit && universal
)); /* bad templates */
609 encode_kind
&= ~SEC_ASN1_DYNAMIC
;
610 encode_kind
&= ~SEC_ASN1_MAY_STREAM
;
612 if( encode_kind
& SEC_ASN1_CHOICE
) {
613 #if 0 /* XXX remove? */
614 sec_asn1d_state
*child
= sec_asn1d_push_state(state
->top
, state
->theTemplate
, state
->dest
, PR_FALSE
);
615 if( (sec_asn1d_state
*)NULL
== child
) {
616 return (sec_asn1d_state
*)NULL
;
619 child
->allocate
= state
->allocate
;
620 child
->place
= beforeChoice
;
623 state
->place
= beforeChoice
;
628 if ((encode_kind
& (SEC_ASN1_POINTER
| SEC_ASN1_INLINE
)) || (!universal
630 const SecAsn1Template
*subt
;
632 PRBool child_allocate
;
635 PORT_Assert ((encode_kind
& (SEC_ASN1_ANY
| SEC_ASN1_SKIP
)) == 0);
637 sec_asn1d_scrub_state (state
);
638 child_allocate
= PR_FALSE
;
640 if (encode_kind
& SEC_ASN1_POINTER
) {
642 * A POINTER means we need to allocate the destination for
643 * this field. But, since it may also be an optional field,
644 * we defer the allocation until later; we just record that
645 * it needs to be done.
647 * There are two possible scenarios here -- one is just a
648 * plain POINTER (kind of like INLINE, except with allocation)
649 * and the other is an implicitly-tagged POINTER. We don't
650 * need to do anything special here for the two cases, but
651 * since the template definition can be tricky, we do check
652 * that there are no extraneous bits set in encode_kind.
654 * XXX The same conditions which assert should set an error.
658 * "universal" means this entry is a standalone POINTER;
659 * there should be no other bits set in encode_kind.
661 PORT_Assert (encode_kind
== SEC_ASN1_POINTER
);
664 * If we get here we have an implicitly-tagged field
665 * that needs to be put into a POINTER. The subtemplate
666 * will determine how to decode the field, but encode_kind
667 * describes the (implicit) tag we are looking for.
668 * The non-tag bits of encode_kind will be ignored by
669 * the code below; none of them should be set, however,
670 * except for the POINTER bit itself -- so check that.
672 PORT_Assert ((encode_kind
& ~SEC_ASN1_TAG_MASK
)
673 == SEC_ASN1_POINTER
);
675 if (!state
->top
->filter_only
)
676 child_allocate
= PR_TRUE
;
678 state
->place
= afterPointer
;
681 if (encode_kind
& SEC_ASN1_INLINE
) {
682 /* check that there are no extraneous bits */
683 /* FIXME - why are optional and inline mutually
684 * exclusive? Delete this assert and see what happens...
685 PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional);
687 state
->place
= afterInline
;
689 state
->place
= afterImplicit
;
693 state
->optional
= optional
;
695 subDest
= state
->dest
;
696 #if defined(__APPLE__)
698 * We might be starting the processing of a group or a
699 * set, in which case state->dest is NULL. Get parent's dest,
700 * or grandparent's, etc... just for the use by
701 * SEC_ASN1GetSubtemplate (specifically, by dynamic
704 sec_asn1d_state
*tempState
= state
;
705 while(subDest
== NULL
) {
706 sec_asn1d_state
*parent
= tempState
->parent
;
708 /* Oh well. Not going to work for this template. */
711 subDest
= parent
->dest
;
714 #endif /* __APPLE__ */
715 subt
= SEC_ASN1GetSubtemplate (state
->theTemplate
, subDest
,
716 PR_FALSE
, buf
/* __APPLE__ */, len
/* __APPLE__ */);
717 state
= sec_asn1d_push_state (state
->top
, subt
, dest
, PR_FALSE
);
721 state
->allocate
= child_allocate
;
725 /* Dynamic: restart with new template */
729 state
= sec_asn1d_init_state_based_on_template (state
,
730 buf
/* __APPLE__ */, len
/* __APPLE__ */);
733 * If this field is optional, we need to record that on
734 * the pushed child so it won't fail if the field isn't
735 * found. I can't think of a way that this new state
736 * could already have optional set (which we would wipe
737 * out below if our local optional is not set) -- but
738 * just to be sure, assert that it isn't set.
740 PORT_Assert (!state
->optional
);
741 state
->optional
= optional
;
746 under_kind
= state
->theTemplate
->kind
;
747 under_kind
&= ~SEC_ASN1_MAY_STREAM
;
748 } else if (explicit) {
750 * For explicit, we only need to match the encoding tag next,
751 * then we will push another state to handle the entire inner
752 * part. In this case, there is no underlying kind which plays
753 * any part in the determination of the outer, explicit tag.
754 * So we just set under_kind to 0, which is not a valid tag,
755 * and the rest of the tag matching stuff should be okay.
760 * Nothing special; the underlying kind and the given encoding
761 * information are the same.
763 under_kind
= encode_kind
;
766 /* XXX is this the right set of bits to test here? */
767 PORT_Assert ((under_kind
& (SEC_ASN1_EXPLICIT
768 | SEC_ASN1_MAY_STREAM
769 | SEC_ASN1_INLINE
| SEC_ASN1_POINTER
)) == 0);
771 if (encode_kind
& (SEC_ASN1_ANY
| SEC_ASN1_SKIP
)) {
772 PORT_Assert (encode_kind
== under_kind
);
773 if (encode_kind
& SEC_ASN1_SKIP
) {
774 PORT_Assert (!optional
);
775 PORT_Assert (encode_kind
== SEC_ASN1_SKIP
);
779 expect_tag_modifiers
= 0;
780 expect_tag_number
= 0;
782 check_tag_mask
= SEC_ASN1_TAG_MASK
;
783 expect_tag_modifiers
= (unsigned char)encode_kind
& SEC_ASN1_TAG_MASK
784 & ~SEC_ASN1_TAGNUM_MASK
;
786 * XXX This assumes only single-octet identifiers. To handle
787 * the HIGH TAG form we would need to do some more work, especially
788 * in how to specify them in the template, because right now we
789 * do not provide a way to specify more *tag* bits in encode_kind.
791 expect_tag_number
= encode_kind
& SEC_ASN1_TAGNUM_MASK
;
793 switch (under_kind
& SEC_ASN1_TAGNUM_MASK
) {
796 * XXX A plain old SET (as opposed to a SET OF) is not
798 * If it ever is, remove this assert...
800 PORT_Assert ((under_kind
& SEC_ASN1_GROUP
) != 0);
802 case SEC_ASN1_SEQUENCE
:
803 expect_tag_modifiers
|= SEC_ASN1_CONSTRUCTED
;
805 case SEC_ASN1_BIT_STRING
:
806 case SEC_ASN1_BMP_STRING
:
807 case SEC_ASN1_GENERALIZED_TIME
:
808 case SEC_ASN1_IA5_STRING
:
809 case SEC_ASN1_OCTET_STRING
:
810 case SEC_ASN1_PRINTABLE_STRING
:
811 case SEC_ASN1_T61_STRING
:
812 case SEC_ASN1_UNIVERSAL_STRING
:
813 case SEC_ASN1_UTC_TIME
:
814 case SEC_ASN1_UTF8_STRING
:
815 case SEC_ASN1_VISIBLE_STRING
:
816 check_tag_mask
&= ~SEC_ASN1_CONSTRUCTED
;
821 state
->check_tag_mask
= check_tag_mask
;
822 state
->expect_tag_modifiers
= expect_tag_modifiers
;
823 state
->expect_tag_number
= expect_tag_number
;
824 state
->underlying_kind
= under_kind
;
825 state
->explicit = explicit;
826 state
->optional
= optional
;
827 sec_asn1d_scrub_state (state
);
834 sec_asn1d_parse_identifier (sec_asn1d_state
*state
,
835 const char *buf
, unsigned long len
)
838 unsigned char tag_number
;
840 PORT_Assert (state
->place
== beforeIdentifier
);
843 state
->top
->status
= needBytes
;
847 byte
= (unsigned char) *buf
;
848 #ifdef DEBUG_ASN1D_STATES
849 if (doDumpStates
> 0) {
851 formatKind(byte
, kindBuf
);
852 printf("Found tag %02x %s\n", byte
, kindBuf
);
855 tag_number
= byte
& SEC_ASN1_TAGNUM_MASK
;
857 if (IS_HIGH_TAG_NUMBER (tag_number
)) {
858 state
->place
= duringIdentifier
;
859 state
->found_tag_number
= 0;
861 * Actually, we have no idea how many bytes are pending, but we
862 * do know that it is at least 1. That is all we know; we have
863 * to look at each byte to know if there is another, etc.
867 if (byte
== 0 && sec_asn1d_parent_allows_EOC(state
)) {
869 * Our parent has indefinite-length encoding, and the
870 * entire tag found is 0, so it seems that we have hit the
871 * end-of-contents octets. To handle this, we just change
872 * our state to that which expects to get the bytes of the
873 * end-of-contents octets and let that code re-read this byte
874 * so that our categorization of field types is correct.
875 * After that, our parent will then deal with everything else.
877 state
->place
= duringEndOfContents
;
879 state
->found_tag_number
= 0;
880 state
->found_tag_modifiers
= 0;
882 * We might be an optional field that is, as we now find out,
883 * missing. Give our parent a clue that this happened.
886 state
->missing
= PR_TRUE
;
889 state
->place
= afterIdentifier
;
890 state
->found_tag_number
= tag_number
;
892 state
->found_tag_modifiers
= byte
& ~SEC_ASN1_TAGNUM_MASK
;
899 sec_asn1d_parse_more_identifier (sec_asn1d_state
*state
,
900 const char *buf
, unsigned long len
)
905 PORT_Assert (state
->pending
== 1);
906 PORT_Assert (state
->place
== duringIdentifier
);
909 state
->top
->status
= needBytes
;
915 while (len
&& state
->pending
) {
916 if (HIGH_BITS (state
->found_tag_number
, TAG_NUMBER_BITS
) != 0) {
918 * The given high tag number overflows our container;
919 * just give up. This is not likely to *ever* happen.
921 PORT_SetError (SEC_ERROR_BAD_DER
);
922 state
->top
->status
= decodeError
;
923 dprintf("decodeError: parse_more_id high bits oflow\n");
927 state
->found_tag_number
<<= TAG_NUMBER_BITS
;
929 byte
= (unsigned char) buf
[count
++];
930 state
->found_tag_number
|= (byte
& TAG_NUMBER_MASK
);
933 if (LAST_TAG_NUMBER_BYTE (byte
))
937 if (state
->pending
== 0)
938 state
->place
= afterIdentifier
;
945 sec_asn1d_confirm_identifier (sec_asn1d_state
*state
)
949 PORT_Assert (state
->place
== afterIdentifier
);
951 match
= (PRBool
)(((state
->found_tag_modifiers
& state
->check_tag_mask
)
952 == state
->expect_tag_modifiers
)
953 && ((state
->found_tag_number
& state
->check_tag_mask
)
954 == state
->expect_tag_number
));
956 state
->place
= beforeLength
;
958 if (state
->optional
) {
959 state
->missing
= PR_TRUE
;
960 state
->place
= afterEndOfContents
;
962 PORT_SetError (SEC_ERROR_BAD_DER
);
963 state
->top
->status
= decodeError
;
964 //dprintf("decodeError: sec_asn1d_confirm_identifier\n");
971 sec_asn1d_parse_length (sec_asn1d_state
*state
,
972 const char *buf
, unsigned long len
)
976 PORT_Assert (state
->place
== beforeLength
);
979 state
->top
->status
= needBytes
;
984 * The default/likely outcome. It may get adjusted below.
986 state
->place
= afterLength
;
988 byte
= (unsigned char) *buf
;
990 if (LENGTH_IS_SHORT_FORM (byte
)) {
991 state
->contents_length
= byte
;
993 state
->contents_length
= 0;
994 state
->pending
= LONG_FORM_LENGTH (byte
);
995 if (state
->pending
== 0) {
996 state
->indefinite
= PR_TRUE
;
998 state
->place
= duringLength
;
1002 /* If we're parsing an ANY, SKIP, or SAVE template, and
1003 ** the object being saved is definite length encoded and constructed,
1004 ** there's no point in decoding that construct's members.
1005 ** So, just forget it's constructed and treat it as primitive.
1006 ** (SAVE appears as an ANY at this point)
1008 if (!state
->indefinite
&&
1009 (state
->underlying_kind
& (SEC_ASN1_ANY
| SEC_ASN1_SKIP
))) {
1010 state
->found_tag_modifiers
&= ~SEC_ASN1_CONSTRUCTED
;
1017 static unsigned long
1018 sec_asn1d_parse_more_length (sec_asn1d_state
*state
,
1019 const char *buf
, unsigned long len
)
1023 PORT_Assert (state
->pending
> 0);
1024 PORT_Assert (state
->place
== duringLength
);
1027 state
->top
->status
= needBytes
;
1033 while (len
&& state
->pending
) {
1034 if (HIGH_BITS (state
->contents_length
, 9) != 0) {
1036 * The given full content length overflows our container;
1039 PORT_SetError (SEC_ERROR_BAD_DER
);
1040 state
->top
->status
= decodeError
;
1041 dprintf("decodeError: sec_asn1d_parse_more_length\n");
1045 state
->contents_length
<<= 8;
1046 state
->contents_length
|= (unsigned char) buf
[count
++];
1052 if (state
->pending
== 0)
1053 state
->place
= afterLength
;
1060 * Helper function for sec_asn1d_prepare_for_contents.
1061 * Checks that a value representing a number of bytes consumed can be
1062 * subtracted from a remaining length. If so, returns PR_TRUE.
1063 * Otherwise, sets the error SEC_ERROR_BAD_DER, indicates that there was a
1064 * decoding error in the given SEC_ASN1DecoderContext, and returns PR_FALSE.
1067 sec_asn1d_check_and_subtract_length (unsigned long *remaining
,
1068 unsigned long consumed
,
1069 SEC_ASN1DecoderContext
*cx
)
1071 PORT_Assert(remaining
);
1073 if (!remaining
|| !cx
) {
1074 PORT_SetError (SEC_ERROR_INVALID_ARGS
);
1076 cx
->status
= decodeError
;
1080 if (*remaining
< consumed
) {
1081 PORT_SetError (SEC_ERROR_BAD_DER
);
1082 cx
->status
= decodeError
;
1085 *remaining
-= consumed
;
1091 sec_asn1d_prepare_for_contents (sec_asn1d_state
*state
,
1093 const char *buf
, /* needed for SEC_ASN1GetSubtemplate */
1098 SecAsn1Item
*item
=NULL
;
1100 unsigned long alloc_len
;
1102 #ifdef DEBUG_ASN1D_STATES
1103 if (doDumpStates
> 0) {
1104 printf("Found Length %lu %s\n", state
->contents_length
,
1105 state
->indefinite
? "indefinite" : "");
1110 * The maximum length for a child element should be constrained to the
1111 * length remaining in the first definite length element in the ancestor
1112 * stack. If there is no definite length element in the ancestor stack,
1113 * there's nothing to constrain the length of the child, so there's no
1114 * further processing necessary.
1116 * It's necessary to walk the ancestor stack, because it's possible to have
1117 * definite length children that are part of an indefinite length element,
1118 * which is itself part of an indefinite length element, and which is
1119 * ultimately part of a definite length element. A simple example of this
1120 * would be the handling of constructed OCTET STRINGs in BER encoding.
1122 * This algorithm finds the first definite length element in the ancestor
1123 * stack, if any, and if so, ensures that the length of the child element
1124 * is consistent with the number of bytes remaining in the constraining
1125 * ancestor element (that is, after accounting for any other sibling
1126 * elements that may have been read).
1128 * It's slightly complicated by the need to account both for integer
1129 * underflow and overflow, as well as ensure that for indefinite length
1130 * encodings, there's also enough space for the End-of-Contents (EOC)
1131 * octets (Tag = 0x00, Length = 0x00, or two bytes).
1134 /* Determine the maximum length available for this element by finding the
1135 * first definite length ancestor, if any. */
1136 sec_asn1d_state
*parent
= sec_asn1d_get_enclosing_construct(state
);
1137 while (parent
&& parent
->indefinite
) {
1138 parent
= sec_asn1d_get_enclosing_construct(parent
);
1140 /* If parent is null, state is either the outermost state / at the top of
1141 * the stack, or the outermost state uses indefinite length encoding. In
1142 * these cases, there's nothing external to constrain this element, so
1143 * there's nothing to check. */
1145 unsigned long remaining
= parent
->pending
;
1148 if (!sec_asn1d_check_and_subtract_length(&remaining
, parent
->consumed
, state
->top
) ||
1149 /* If parent->indefinite is true, parent->contents_length is
1150 * zero and this is a no-op. */
1151 !sec_asn1d_check_and_subtract_length(&remaining
, parent
->contents_length
, state
->top
) ||
1152 /* If parent->indefinite is true, then ensure there is enough
1153 * space for an EOC tag of 2 bytes. */
1154 (parent
->indefinite
&& !sec_asn1d_check_and_subtract_length(&remaining
, 2, state
->top
))) {
1155 /* This element is larger than its enclosing element, which is
1159 } while ((parent
= sec_asn1d_get_enclosing_construct(parent
)) &&
1160 parent
->indefinite
);
1164 * XXX I cannot decide if this allocation should exclude the case
1165 * where state->endofcontents is true -- figure it out!
1167 if (state
->allocate
) {
1170 PORT_Assert (state
->dest
== NULL
);
1172 * We are handling a POINTER or a member of a GROUP, and need to
1173 * allocate for the data structure.
1175 dest
= sec_asn1d_zalloc (state
->top
->their_pool
,
1176 state
->theTemplate
->size
);
1178 dprintf("decodeError: sec_asn1d_prepare_for_contents zalloc\n");
1179 state
->top
->status
= decodeError
;
1182 /* FIXME _ we're losing the dest pointer after this! */
1183 state
->dest
= (char *)dest
+ state
->theTemplate
->offset
;
1186 * For a member of a GROUP, our parent will later put the
1187 * pointer wherever it belongs. But for a POINTER, we need
1188 * to record the destination now, in case notify or filter
1189 * procs need access to it -- they cannot find it otherwise,
1190 * until it is too late (for one-pass processing).
1192 if (state
->parent
->place
== afterPointer
) {
1195 placep
= state
->parent
->dest
;
1201 * Remember, length may be indefinite here! In that case,
1202 * both contents_length and pending will be zero.
1204 state
->pending
= state
->contents_length
;
1207 * An EXPLICIT is nothing but an outer header, which we have
1208 * already parsed and accepted. Now we need to do the inner
1209 * header and its contents.
1211 if (state
->explicit) {
1212 state
->place
= afterExplicit
;
1213 state
= sec_asn1d_push_state (state
->top
,
1214 SEC_ASN1GetSubtemplate(state
->theTemplate
,
1217 buf
/* __APPLE__ */,
1218 len
/* __APPLE__ */),
1219 state
->dest
, PR_TRUE
);
1221 state
= sec_asn1d_init_state_based_on_template (state
,
1222 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1228 * For GROUP (SET OF, SEQUENCE OF), even if we know the length here
1229 * we cannot tell how many items we will end up with ... so push a
1230 * state that can keep track of "children" (the individual members
1231 * of the group; we will allocate as we go and put them all together
1234 if (state
->underlying_kind
& SEC_ASN1_GROUP
) {
1235 /* XXX If this assertion holds (should be able to confirm it via
1236 * inspection, too) then move this code into the switch statement
1237 * below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
1239 PORT_Assert (state
->underlying_kind
== SEC_ASN1_SET_OF
1240 || state
->underlying_kind
== SEC_ASN1_SEQUENCE_OF
1241 || state
->underlying_kind
== (SEC_ASN1_SEQUENCE_OF
|SEC_ASN1_DYNAMIC
)
1242 || state
->underlying_kind
== (SEC_ASN1_SET_OF
|SEC_ASN1_DYNAMIC
)
1244 if (state
->contents_length
!= 0 || state
->indefinite
) {
1245 const SecAsn1Template
*subt
;
1247 state
->place
= duringGroup
;
1248 subt
= SEC_ASN1GetSubtemplate (state
->theTemplate
, state
->dest
,
1249 PR_FALSE
, buf
/* __APPLE__ */, len
/* __APPLE__ */);
1250 state
= sec_asn1d_push_state (state
->top
, subt
, NULL
, PR_TRUE
);
1251 if (state
!= NULL
) {
1252 if (!state
->top
->filter_only
)
1253 state
->allocate
= PR_TRUE
; /* XXX propogate this? */
1255 * Do the "before" field notification for next in group.
1257 sec_asn1d_notify_before (state
->top
, state
->dest
, state
->depth
);
1258 state
= sec_asn1d_init_state_based_on_template (state
,
1259 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1263 * A group of zero; we are done.
1264 * Set state to afterGroup and let that code plant the NULL.
1266 state
->place
= afterGroup
;
1272 switch (state
->underlying_kind
) {
1273 case SEC_ASN1_SEQUENCE
:
1275 * We need to push a child to handle the individual fields.
1277 state
->place
= duringSequence
;
1278 state
= sec_asn1d_push_state (state
->top
, state
->theTemplate
+ 1,
1279 state
->dest
, PR_TRUE
);
1280 if (state
!= NULL
) {
1282 * Do the "before" field notification.
1284 sec_asn1d_notify_before (state
->top
, state
->dest
, state
->depth
);
1285 state
= sec_asn1d_init_state_based_on_template (state
,
1286 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1291 case SEC_ASN1_SET
: /* XXX SET is not really implemented */
1293 * XXX A plain SET requires special handling; scanning of a
1294 * template to see where a field should go (because by definition,
1295 * they are not in any particular order, and you have to look at
1296 * each tag to disambiguate what the field is). We may never
1297 * implement this because in practice, it seems to be unused.
1299 dprintf("decodeError: prepare for contents SEC_ASN1_SET\n");
1301 PORT_SetError (SEC_ERROR_BAD_DER
); /* XXX */
1302 state
->top
->status
= decodeError
;
1307 * The NULL type, by definition, is "nothing", content length of zero.
1308 * An indefinite-length encoding is not alloweed.
1310 if (state
->contents_length
|| state
->indefinite
) {
1311 dprintf("decodeError: prepare for contents indefinite NULL\n");
1312 PORT_SetError (SEC_ERROR_BAD_DER
);
1313 state
->top
->status
= decodeError
;
1316 if (state
->dest
!= NULL
) {
1317 item
= (SecAsn1Item
*)(state
->dest
);
1321 state
->place
= afterEndOfContents
;
1324 case SEC_ASN1_BMP_STRING
:
1325 /* Error if length is not divisable by 2 */
1326 if (state
->contents_length
% 2) {
1327 dprintf("decodeError: prepare for contents odd length BMP_STRING\n");
1328 PORT_SetError (SEC_ERROR_BAD_DER
);
1329 state
->top
->status
= decodeError
;
1332 /* otherwise, handle as other string types */
1333 goto regular_string_type
;
1335 case SEC_ASN1_UNIVERSAL_STRING
:
1336 /* Error if length is not divisable by 4 */
1337 if (state
->contents_length
% 4) {
1338 dprintf("decodeError: prepare for contents odd length UNIV_STRING\n");
1339 PORT_SetError (SEC_ERROR_BAD_DER
);
1340 state
->top
->status
= decodeError
;
1343 /* otherwise, handle as other string types */
1344 goto regular_string_type
;
1348 case SEC_ASN1_ANY_CONTENTS
:
1350 * These are not (necessarily) strings, but they need nearly
1351 * identical handling (especially when we need to deal with
1352 * constructed sub-pieces), so we pretend they are.
1355 regular_string_type
:
1356 case SEC_ASN1_BIT_STRING
:
1357 case SEC_ASN1_IA5_STRING
:
1358 case SEC_ASN1_OCTET_STRING
:
1359 case SEC_ASN1_PRINTABLE_STRING
:
1360 case SEC_ASN1_T61_STRING
:
1361 case SEC_ASN1_UTC_TIME
:
1362 case SEC_ASN1_UTF8_STRING
:
1363 case SEC_ASN1_VISIBLE_STRING
:
1365 * We are allocating for a primitive or a constructed string.
1366 * If it is a constructed string, it may also be indefinite-length.
1367 * If it is primitive, the length can (legally) be zero.
1368 * Our first order of business is to allocate the memory for
1369 * the string, if we can (if we know the length).
1371 item
= (SecAsn1Item
*)(state
->dest
);
1374 * If the item is a definite-length constructed string, then
1375 * the contents_length is actually larger than what we need
1376 * (because it also counts each intermediate header which we
1377 * will be throwing away as we go), but it is a perfectly good
1378 * upper bound that we just allocate anyway, and then concat
1379 * as we go; we end up wasting a few extra bytes but save a
1382 alloc_len
= state
->contents_length
;
1383 poolp
= NULL
; /* quiet compiler warnings about unused... */
1385 if (item
== NULL
|| state
->top
->filter_only
) {
1391 } else if (state
->substring
) {
1393 * If we are a substring of a constructed string, then we may
1394 * not have to allocate anything (because our parent, the
1395 * actual constructed string, did it for us). If we are a
1396 * substring and we *do* have to allocate, that means our
1397 * parent is an indefinite-length, so we allocate from our pool;
1398 * later our parent will copy our string into the aggregated
1399 * whole and free our pool allocation.
1401 if (item
->Data
== NULL
) {
1402 PORT_Assert (item
->Length
== 0);
1403 poolp
= state
->top
->our_pool
;
1410 poolp
= state
->top
->their_pool
;
1413 if (alloc_len
|| ((! state
->indefinite
)
1414 && (state
->subitems_head
!= NULL
))) {
1415 struct subitem
*subitem
;
1418 PORT_Assert (item
!=NULL
);
1420 PORT_SetError (SEC_ERROR_BAD_DER
);
1421 state
->top
->status
= decodeError
;
1424 PORT_Assert (item
->Length
== 0 && item
->Data
== NULL
);
1426 * Check for and handle an ANY which has stashed aside the
1427 * header (identifier and length) bytes for us to include
1428 * in the saved contents.
1430 if (state
->subitems_head
!= NULL
) {
1431 PORT_Assert (state
->underlying_kind
== SEC_ASN1_ANY
);
1432 for (subitem
= state
->subitems_head
;
1433 subitem
!= NULL
; subitem
= subitem
->next
)
1434 alloc_len
+= subitem
->len
;
1438 item
->Data
= (unsigned char*)sec_asn1d_zalloc (poolp
, alloc_len
);
1440 if (item
== NULL
|| item
->Data
== NULL
) {
1441 dprintf("decodeError: prepare for contents zalloc\n");
1442 state
->top
->status
= decodeError
;
1447 for (subitem
= state
->subitems_head
;
1448 subitem
!= NULL
; subitem
= subitem
->next
) {
1449 PORT_Memcpy (item
->Data
+ len
, subitem
->data
, subitem
->len
);
1450 len
+= subitem
->len
;
1455 * Because we use arenas and have a mark set, we later free
1456 * everything we have allocated, so this does *not* present
1457 * a memory leak (it is just temporarily left dangling).
1459 state
->subitems_head
= state
->subitems_tail
= NULL
;
1462 if (state
->contents_length
== 0 && (! state
->indefinite
)) {
1464 * A zero-length simple or constructed string; we are done.
1466 state
->place
= afterEndOfContents
;
1467 } else if (state
->found_tag_modifiers
& SEC_ASN1_CONSTRUCTED
) {
1468 const SecAsn1Template
*sub
;
1470 switch (state
->underlying_kind
) {
1472 case SEC_ASN1_ANY_CONTENTS
:
1473 sub
= kSecAsn1AnyTemplate
;
1475 case SEC_ASN1_BIT_STRING
:
1476 sub
= kSecAsn1BitStringTemplate
;
1478 case SEC_ASN1_BMP_STRING
:
1479 sub
= kSecAsn1BMPStringTemplate
;
1481 case SEC_ASN1_GENERALIZED_TIME
:
1482 sub
= kSecAsn1GeneralizedTimeTemplate
;
1484 case SEC_ASN1_IA5_STRING
:
1485 sub
= kSecAsn1IA5StringTemplate
;
1487 case SEC_ASN1_OCTET_STRING
:
1488 sub
= kSecAsn1OctetStringTemplate
;
1490 case SEC_ASN1_PRINTABLE_STRING
:
1491 sub
= kSecAsn1PrintableStringTemplate
;
1493 case SEC_ASN1_T61_STRING
:
1494 sub
= kSecAsn1T61StringTemplate
;
1496 case SEC_ASN1_UNIVERSAL_STRING
:
1497 sub
= kSecAsn1UniversalStringTemplate
;
1499 case SEC_ASN1_UTC_TIME
:
1500 sub
= kSecAsn1UTCTimeTemplate
;
1502 case SEC_ASN1_UTF8_STRING
:
1503 sub
= kSecAsn1UTF8StringTemplate
;
1505 case SEC_ASN1_VISIBLE_STRING
:
1506 sub
= kSecAsn1VisibleStringTemplate
;
1509 sub
= kSecAsn1SkipTemplate
;
1511 default: /* redundant given outer switch cases, but */
1512 PORT_Assert(0); /* the compiler does not seem to know that, */
1513 sub
= NULL
; /* so just do enough to quiet it. */
1517 state
->place
= duringConstructedString
;
1518 state
= sec_asn1d_push_state (state
->top
, sub
, item
, PR_TRUE
);
1519 if (state
!= NULL
) {
1520 state
->substring
= PR_TRUE
; /* XXX propogate? */
1521 state
= sec_asn1d_init_state_based_on_template (state
,
1522 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1524 } else if (state
->indefinite
) {
1526 * An indefinite-length string *must* be constructed!
1528 dprintf("decodeError: prepare for contents indefinite not construncted\n");
1529 PORT_SetError (SEC_ERROR_BAD_DER
);
1530 state
->top
->status
= decodeError
;
1533 * A non-zero-length simple string.
1535 if (state
->underlying_kind
== SEC_ASN1_BIT_STRING
)
1536 state
->place
= beforeBitString
;
1538 state
->place
= duringLeaf
;
1545 * We are allocating for a simple leaf item.
1547 if (state
->contents_length
) {
1548 if (state
->dest
!= NULL
) {
1549 item
= (SecAsn1Item
*)(state
->dest
);
1551 if (state
->top
->filter_only
) {
1554 item
->Data
= (unsigned char*)
1555 sec_asn1d_zalloc (state
->top
->their_pool
,
1556 state
->contents_length
);
1557 if (item
->Data
== NULL
) {
1558 dprintf("decodeError: prepare for contents zalloc\n");
1559 state
->top
->status
= decodeError
;
1564 state
->place
= duringLeaf
;
1567 * An indefinite-length or zero-length item is not allowed.
1568 * (All legal cases of such were handled above.)
1570 dprintf("decodeError: prepare for contents indefinite zero len \n");
1571 PORT_SetError (SEC_ERROR_BAD_DER
);
1572 state
->top
->status
= decodeError
;
1579 sec_asn1d_free_child (sec_asn1d_state
*state
, PRBool error
)
1581 if (state
->child
!= NULL
) {
1582 PORT_Assert (error
|| state
->child
->consumed
== 0);
1583 PORT_Assert (state
->our_mark
!= NULL
);
1584 PORT_ArenaRelease (state
->top
->our_pool
, state
->our_mark
);
1585 if (error
&& state
->top
->their_pool
== NULL
) {
1587 * XXX We need to free anything allocated.
1588 * At this point, we failed in the middle of decoding. But we
1589 * can't free the data we previously allocated with PR_Malloc
1590 * unless we keep track of every pointer. So instead we have a
1591 * memory leak when decoding fails half-way, unless an arena is
1592 * used. See bug 95311 .
1595 state
->child
= NULL
;
1596 state
->our_mark
= NULL
;
1599 * It is important that we do not leave a mark unreleased/unmarked.
1600 * But I do not think we should ever have one set in this case, only
1601 * if we had a child (handled above). So check for that. If this
1602 * assertion should ever get hit, then we probably need to add code
1603 * here to release back to our_mark (and then set our_mark to NULL).
1605 PORT_Assert (state
->our_mark
== NULL
);
1607 state
->place
= beforeEndOfContents
;
1611 /* We have just saved an entire encoded ASN.1 object (type) for a SAVE
1612 ** template, and now in the next template, we are going to decode that
1613 ** saved data by calling SEC_ASN1DecoderUpdate recursively.
1614 ** If that recursive call fails with needBytes, it is a fatal error,
1615 ** because the encoded object should have been complete.
1616 ** If that recursive call fails with decodeError, it will have already
1617 ** cleaned up the state stack, so we must bail out quickly.
1619 ** These checks of the status returned by the recursive call are now
1620 ** done in the caller of this function, immediately after it returns.
1623 sec_asn1d_reuse_encoding (sec_asn1d_state
*state
)
1625 sec_asn1d_state
*child
;
1626 unsigned long consumed
;
1631 child
= state
->child
;
1632 PORT_Assert (child
!= NULL
);
1634 consumed
= child
->consumed
;
1635 child
->consumed
= 0;
1637 item
= (SecAsn1Item
*)(state
->dest
);
1638 PORT_Assert (item
!= NULL
);
1640 PORT_Assert (item
->Length
== consumed
);
1643 * Free any grandchild.
1645 sec_asn1d_free_child (child
, PR_FALSE
);
1648 * Notify after the SAVE field.
1650 sec_asn1d_notify_after (state
->top
, state
->dest
, state
->depth
);
1653 * Adjust to get new dest and move forward.
1655 dest
= (char *)state
->dest
- state
->theTemplate
->offset
;
1656 state
->theTemplate
++;
1657 child
->dest
= (char *)dest
+ state
->theTemplate
->offset
;
1658 child
->theTemplate
= state
->theTemplate
;
1661 * Notify before the "real" field.
1663 PORT_Assert (state
->depth
== child
->depth
);
1664 sec_asn1d_notify_before (state
->top
, child
->dest
, child
->depth
);
1667 * This will tell DecoderUpdate to return when it is done.
1669 state
->place
= afterSaveEncoding
;
1672 * We already have a child; "push" it by making it current.
1674 state
->top
->current
= child
;
1677 * And initialize it so it is ready to parse.
1679 (void) sec_asn1d_init_state_based_on_template(child
,
1680 (char *) item
->Data
/* __APPLE__ */,
1681 item
->Length
/* __APPLE__ */);
1684 * Now parse that out of our data.
1686 if (SEC_ASN1DecoderUpdate (state
->top
,
1687 (char *) item
->Data
, item
->Length
) != SECSuccess
)
1689 if (state
->top
->status
== needBytes
) {
1693 PORT_Assert (state
->top
->current
== state
);
1694 PORT_Assert (state
->child
== child
);
1697 * That should have consumed what we consumed before.
1699 PORT_Assert (consumed
== child
->consumed
);
1700 child
->consumed
= 0;
1705 state
->consumed
+= consumed
;
1706 child
->place
= notInUse
;
1707 state
->place
= afterEndOfContents
;
1711 static unsigned long
1712 sec_asn1d_parse_leaf (sec_asn1d_state
*state
,
1713 const char *buf
, unsigned long len
)
1716 unsigned long bufLen
;
1719 state
->top
->status
= needBytes
;
1723 if (state
->pending
< len
)
1724 len
= state
->pending
;
1728 item
= (SecAsn1Item
*)(state
->dest
);
1729 if (item
!= NULL
&& item
->Data
!= NULL
) {
1730 /* Strip leading zeroes when target is unsigned integer */
1731 if (state
->underlying_kind
== SEC_ASN1_INTEGER
&& /* INTEGER */
1732 item
->Length
== 0 && /* MSB */
1734 !(state
->underlying_kind
& SEC_ASN1_SIGNED_INT
))
1736 item
->type
== siUnsignedInteger
) /* unsigned */
1739 while (len
> 1 && buf
[0] == 0) { /* leading 0 */
1744 unsigned long offset
= item
->Length
;
1745 if (state
->underlying_kind
== SEC_ASN1_BIT_STRING
) {
1746 // The previous bit string must have no unused bits.
1747 if (item
->Length
& 0x7) {
1748 PORT_SetError (SEC_ERROR_BAD_DER
);
1749 state
->top
->status
= decodeError
;
1752 // If this is a bit string, the length is bits, not bytes.
1753 offset
= item
->Length
>> 3;
1755 if (state
->underlying_kind
== SEC_ASN1_BIT_STRING
) {
1756 // Protect against overflow during the bytes-to-bits conversion.
1757 if (len
>= (ULONG_MAX
>> 3) + 1) {
1758 PORT_SetError (SEC_ERROR_BAD_DER
);
1759 state
->top
->status
= decodeError
;
1762 unsigned long len_in_bits
= (len
<< 3) - state
->bit_string_unused_bits
;
1763 // Protect against overflow when computing the total length in bits.
1764 if (UINT_MAX
- item
->Length
< len_in_bits
) {
1765 PORT_SetError (SEC_ERROR_BAD_DER
);
1766 state
->top
->status
= decodeError
;
1769 item
->Length
+= len_in_bits
;
1771 if (UINT_MAX
- item
->Length
< len
) {
1772 PORT_SetError (SEC_ERROR_BAD_DER
);
1773 state
->top
->status
= decodeError
;
1776 item
->Length
+= len
;
1778 PORT_Memcpy (item
->Data
+ offset
, buf
, len
);
1780 state
->pending
-= bufLen
;
1781 if (state
->pending
== 0)
1782 state
->place
= beforeEndOfContents
;
1788 static unsigned long
1789 sec_asn1d_parse_bit_string (sec_asn1d_state
*state
,
1790 const char *buf
, unsigned long len
)
1794 /*PORT_Assert (state->pending > 0); */
1795 PORT_Assert (state
->place
== beforeBitString
);
1797 if ((state
->pending
== 0) || (state
->contents_length
== 1)) {
1798 if (state
->dest
!= NULL
) {
1799 SecAsn1Item
*item
= (SecAsn1Item
*)(state
->dest
);
1802 state
->place
= beforeEndOfContents
;
1804 if(state
->contents_length
== 1) {
1805 /* skip over (unused) remainder byte */
1814 state
->top
->status
= needBytes
;
1818 byte
= (unsigned char) *buf
;
1820 dprintf("decodeError: parse_bit_string remainder oflow\n");
1821 PORT_SetError (SEC_ERROR_BAD_DER
);
1822 state
->top
->status
= decodeError
;
1826 state
->bit_string_unused_bits
= byte
;
1827 state
->place
= duringBitString
;
1828 state
->pending
-= 1;
1834 static unsigned long
1835 sec_asn1d_parse_more_bit_string (sec_asn1d_state
*state
,
1836 const char *buf
, unsigned long len
)
1838 PORT_Assert (state
->place
== duringBitString
);
1839 if (state
->pending
== 0) {
1840 /* An empty bit string with some unused bits is invalid. */
1841 if (state
->bit_string_unused_bits
) {
1842 PORT_SetError (SEC_ERROR_BAD_DER
);
1843 state
->top
->status
= decodeError
;
1845 /* An empty bit string with no unused bits is OK. */
1846 state
->place
= beforeEndOfContents
;
1851 len
= sec_asn1d_parse_leaf (state
, buf
, len
);
1858 * XXX All callers should be looking at return value to detect
1859 * out-of-memory errors (and stop!).
1861 static struct subitem
*
1862 sec_asn1d_add_to_subitems (sec_asn1d_state
*state
,
1863 const void *data
, unsigned long len
,
1866 struct subitem
*thing
;
1868 thing
= (struct subitem
*)sec_asn1d_zalloc (state
->top
->our_pool
,
1869 sizeof (struct subitem
));
1870 if (thing
== NULL
) {
1871 dprintf("decodeError: zalloc\n");
1872 state
->top
->status
= decodeError
;
1878 copy
= sec_asn1d_alloc (state
->top
->our_pool
, len
);
1880 dprintf("decodeError: alloc\n");
1881 state
->top
->status
= decodeError
;
1882 if (!state
->top
->our_pool
) {
1887 PORT_Memcpy (copy
, data
, len
);
1895 if (state
->subitems_head
== NULL
) {
1896 PORT_Assert (state
->subitems_tail
== NULL
);
1897 state
->subitems_head
= state
->subitems_tail
= thing
;
1899 state
->subitems_tail
->next
= thing
;
1900 state
->subitems_tail
= thing
;
1908 sec_asn1d_record_any_header (sec_asn1d_state
*state
,
1914 item
= (SecAsn1Item
*)(state
->dest
);
1915 if (item
!= NULL
&& item
->Data
!= NULL
) {
1916 PORT_Assert (state
->substring
);
1917 PORT_Memcpy (item
->Data
+ item
->Length
, buf
, len
);
1918 item
->Length
+= len
;
1920 sec_asn1d_add_to_subitems (state
, buf
, len
, PR_TRUE
);
1926 * We are moving along through the substrings of a constructed string,
1927 * and have just finished parsing one -- we need to save our child data
1928 * (if the child was not already writing directly into the destination)
1929 * and then move forward by one.
1931 * We also have to detect when we are done:
1932 * - a definite-length encoding stops when our pending value hits 0
1933 * - an indefinite-length encoding stops when our child is empty
1934 * (which means it was the end-of-contents octets)
1937 sec_asn1d_next_substring (sec_asn1d_state
*state
)
1939 sec_asn1d_state
*child
;
1941 unsigned long child_consumed
;
1944 PORT_Assert (state
->place
== duringConstructedString
);
1945 PORT_Assert (state
->child
!= NULL
);
1947 child
= state
->child
;
1949 child_consumed
= child
->consumed
;
1950 child
->consumed
= 0;
1951 state
->consumed
+= child_consumed
;
1955 if (state
->pending
) {
1956 PORT_Assert (!state
->indefinite
);
1957 if( child_consumed
> state
->pending
) {
1958 dprintf("decodeError: next_substring consumed > pend\n");
1959 PORT_SetError (SEC_ERROR_BAD_DER
);
1960 state
->top
->status
= decodeError
;
1964 state
->pending
-= child_consumed
;
1965 if (state
->pending
== 0)
1968 PORT_Assert (state
->indefinite
);
1970 item
= (SecAsn1Item
*)(child
->dest
);
1972 * Iterate over ancestors to determine if any have definite length. If so,
1973 * space has already been allocated for the substrings and we don't need to
1974 * save them for concatenation.
1976 PRBool copying_in_place
= PR_FALSE
;
1977 sec_asn1d_state
*temp_state
= state
;
1978 while (temp_state
&& item
== temp_state
->dest
&& temp_state
->indefinite
) {
1979 sec_asn1d_state
*parent
= sec_asn1d_get_enclosing_construct(temp_state
);
1980 if (!parent
|| parent
->underlying_kind
!= temp_state
->underlying_kind
) {
1983 if (!parent
->indefinite
) {
1984 copying_in_place
= PR_TRUE
;
1987 temp_state
= parent
;
1989 if (item
!= NULL
&& item
->Data
!= NULL
&& !copying_in_place
) {
1991 * Save the string away for later concatenation.
1993 PORT_Assert (item
->Data
!= NULL
);
1994 sec_asn1d_add_to_subitems (state
, item
->Data
, item
->Length
, PR_FALSE
);
1996 * Clear the child item for the next round.
2003 * If our child was just our end-of-contents octets, we are done.
2005 if (child
->endofcontents
)
2010 * Stop or do the next one.
2013 child
->place
= notInUse
;
2014 state
->place
= afterConstructedString
;
2016 sec_asn1d_scrub_state (child
);
2017 state
->top
->current
= child
;
2023 * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
2026 sec_asn1d_next_in_group (sec_asn1d_state
*state
,
2027 const char *buf
, /* __APPLE__ */
2028 size_t len
/* __APPLE__ */)
2030 sec_asn1d_state
*child
;
2031 unsigned long child_consumed
;
2033 PORT_Assert (state
->place
== duringGroup
);
2034 PORT_Assert (state
->child
!= NULL
);
2036 child
= state
->child
;
2038 child_consumed
= child
->consumed
;
2039 child
->consumed
= 0;
2040 state
->consumed
+= child_consumed
;
2043 * If our child was just our end-of-contents octets, we are done.
2047 * Without the check for !child->indefinite, this path could
2048 * be taken erroneously if the child is indefinite!
2050 if(child
->endofcontents
&& !child
->indefinite
) {
2052 if (child
->endofcontents
) {
2053 #endif /* __APPLE__ */
2054 /* XXX I removed the PORT_Assert (child->dest == NULL) because there
2055 * was a bug in that a template that was a sequence of which also had
2056 * a child of a sequence of, in an indefinite group was not working
2057 * properly. This fix seems to work, (added the if statement below),
2058 * and nothing appears broken, but I am putting this note here just
2061 * XXX No matter how many times I read that comment,
2062 * I cannot figure out what case he was fixing. I believe what he
2063 * did was deliberate, so I am loathe to touch it. I need to
2064 * understand how it could ever be that child->dest != NULL but
2065 * child->endofcontents is true, and why it is important to check
2066 * that state->subitems_head is NULL. This really needs to be
2067 * figured out, as I am not sure if the following code should be
2068 * compensating for "offset", as is done a little farther below
2069 * in the more normal case.
2071 PORT_Assert (state
->indefinite
);
2072 PORT_Assert (state
->pending
== 0);
2073 if(child
->dest
&& !state
->subitems_head
) {
2074 sec_asn1d_add_to_subitems (state
, child
->dest
, 0, PR_FALSE
);
2078 child
->place
= notInUse
;
2079 state
->place
= afterGroup
;
2084 * Do the "after" field notification for next in group.
2086 sec_asn1d_notify_after (state
->top
, child
->dest
, child
->depth
);
2089 * Save it away (unless we are not storing).
2091 if (child
->dest
!= NULL
) {
2095 dest
= (char *)dest
- child
->theTemplate
->offset
;
2096 sec_asn1d_add_to_subitems (state
, dest
, 0, PR_FALSE
);
2101 * Account for those bytes; see if we are done.
2103 if (state
->pending
) {
2104 PORT_Assert (!state
->indefinite
);
2105 if( child_consumed
> state
->pending
) {
2106 dprintf("decodeError: next_in_group consumed > pend\n");
2107 PORT_SetError (SEC_ERROR_BAD_DER
);
2108 state
->top
->status
= decodeError
;
2112 state
->pending
-= child_consumed
;
2113 if (state
->pending
== 0) {
2114 child
->place
= notInUse
;
2115 state
->place
= afterGroup
;
2121 * Do the "before" field notification for next item in group.
2123 sec_asn1d_notify_before (state
->top
, child
->dest
, child
->depth
);
2126 * Now we do the next one.
2128 sec_asn1d_scrub_state (child
);
2130 /* Initialize child state from the template */
2131 sec_asn1d_init_state_based_on_template(child
, buf
/* __APPLE__ */, len
/* __APPLE__ */);
2133 state
->top
->current
= child
;
2138 * We are moving along through a sequence; move forward by one,
2139 * (detecting end-of-sequence when it happens).
2140 * XXX The handling of "missing" is ugly. Fix it.
2143 sec_asn1d_next_in_sequence (sec_asn1d_state
*state
,
2144 const char *buf
/* __APPLE__ */,
2145 size_t len
/*__APPLE__*/)
2147 sec_asn1d_state
*child
;
2148 unsigned long child_consumed
;
2149 PRBool child_missing
;
2151 PORT_Assert (state
->place
== duringSequence
);
2152 PORT_Assert (state
->child
!= NULL
);
2154 child
= state
->child
;
2157 * Do the "after" field notification.
2159 sec_asn1d_notify_after (state
->top
, child
->dest
, child
->depth
);
2161 child_missing
= (PRBool
) child
->missing
;
2162 child_consumed
= child
->consumed
;
2163 child
->consumed
= 0;
2166 * Take care of accounting.
2168 if (child_missing
) {
2169 PORT_Assert (child
->optional
);
2171 state
->consumed
+= child_consumed
;
2173 * Free any grandchild.
2175 sec_asn1d_free_child (child
, PR_FALSE
);
2176 if (state
->pending
) {
2177 PORT_Assert (!state
->indefinite
);
2178 if( child_consumed
> state
->pending
) {
2179 dprintf("decodeError: next_in_seq consumed > pend\n");
2180 PORT_SetError (SEC_ERROR_BAD_DER
);
2181 state
->top
->status
= decodeError
;
2184 state
->pending
-= child_consumed
;
2185 if (state
->pending
== 0) {
2186 child
->theTemplate
++;
2187 while (child
->theTemplate
->kind
!= 0) {
2188 if ((child
->theTemplate
->kind
& SEC_ASN1_OPTIONAL
) == 0) {
2189 dprintf("decodeError: next_in_seq child not opt\n");
2190 PORT_SetError (SEC_ERROR_BAD_DER
);
2191 state
->top
->status
= decodeError
;
2194 child
->theTemplate
++;
2196 child
->place
= notInUse
;
2197 state
->place
= afterEndOfContents
;
2206 child
->theTemplate
++;
2207 if (child
->theTemplate
->kind
== 0) {
2209 * We are done with this sequence.
2211 child
->place
= notInUse
;
2212 if (state
->pending
) {
2213 dprintf("decodeError: next_in_seq notInUse still pending\n");
2214 PORT_SetError (SEC_ERROR_BAD_DER
);
2215 state
->top
->status
= decodeError
;
2216 } else if (child_missing
) {
2218 * We got to the end, but have a child that started parsing
2219 * and ended up "missing". The only legitimate reason for
2220 * this is that we had one or more optional fields at the
2221 * end of our sequence, and we were encoded indefinite-length,
2222 * so when we went looking for those optional fields we
2223 * found our end-of-contents octets instead.
2224 * (Yes, this is ugly; dunno a better way to handle it.)
2225 * So, first confirm the situation, and then mark that we
2228 if (state
->indefinite
&& child
->endofcontents
) {
2229 PORT_Assert (child_consumed
== 2);
2230 if( child_consumed
!= 2 ) {
2231 dprintf("decodeError: next_in_seq indef len != 2\n");
2232 PORT_SetError (SEC_ERROR_BAD_DER
);
2233 state
->top
->status
= decodeError
;
2235 state
->consumed
+= child_consumed
;
2236 state
->place
= afterEndOfContents
;
2239 dprintf("decodeError: next_in_seq !indef, child missing\n");
2240 PORT_SetError (SEC_ERROR_BAD_DER
);
2241 state
->top
->status
= decodeError
;
2245 * We have to finish out, maybe reading end-of-contents octets;
2246 * let the normal logic do the right thing.
2248 state
->place
= beforeEndOfContents
;
2251 unsigned char child_found_tag_modifiers
= 0;
2252 unsigned long child_found_tag_number
= 0;
2255 * Reset state and push.
2257 if (state
->dest
!= NULL
)
2258 child
->dest
= (char *)state
->dest
+ child
->theTemplate
->offset
;
2261 * Do the "before" field notification.
2263 sec_asn1d_notify_before (state
->top
, child
->dest
, child
->depth
);
2265 if (child_missing
) { /* if previous child was missing, copy the tag data we already have */
2266 child_found_tag_modifiers
= child
->found_tag_modifiers
;
2267 child_found_tag_number
= child
->found_tag_number
;
2269 state
->top
->current
= child
;
2270 child
= sec_asn1d_init_state_based_on_template (child
,
2271 buf
/* __APPLE__ */,
2272 len
/* __APPLE__ */);
2273 if (child_missing
&& child
) {
2274 child
->place
= afterIdentifier
;
2275 child
->found_tag_modifiers
= child_found_tag_modifiers
;
2276 child
->found_tag_number
= child_found_tag_number
;
2277 child
->consumed
= child_consumed
;
2278 if (child
->underlying_kind
== SEC_ASN1_ANY
2279 && !child
->top
->filter_only
) {
2281 * If the new field is an ANY, and we are storing, then
2282 * we need to save the tag out. We would have done this
2283 * already in the normal case, but since we were looking
2284 * for an optional field, and we did not find it, we only
2285 * now realize we need to save the tag.
2287 unsigned char identifier
;
2290 * Check that we did not end up with a high tag; for that
2291 * we need to re-encode the tag into multiple bytes in order
2292 * to store it back to look like what we parsed originally.
2293 * In practice this does not happen, but for completeness
2294 * sake it should probably be made to work at some point.
2296 PORT_Assert (child_found_tag_number
< SEC_ASN1_HIGH_TAG_NUMBER
);
2297 identifier
= (unsigned char)(child_found_tag_modifiers
| child_found_tag_number
);
2298 sec_asn1d_record_any_header (child
, (char *) &identifier
, 1);
2306 sec_asn1d_concat_substrings (sec_asn1d_state
*state
)
2308 PORT_Assert (state
->place
== afterConstructedString
);
2310 if (state
->subitems_head
!= NULL
) {
2311 struct subitem
*substring
;
2312 unsigned long alloc_len
, item_len
;
2313 unsigned char *where
;
2315 PRBool is_bit_string
;
2318 is_bit_string
= (state
->underlying_kind
== SEC_ASN1_BIT_STRING
)
2319 ? PR_TRUE
: PR_FALSE
;
2321 substring
= state
->subitems_head
;
2322 while (substring
!= NULL
) {
2324 * All bit-string substrings except the last one should be
2325 * a clean multiple of 8 bits.
2327 if (is_bit_string
&& (substring
->next
!= NULL
)
2328 && (substring
->len
& 0x7)) {
2329 dprintf("decodeError: sec_asn1d_concat_substrings align\n");
2330 PORT_SetError (SEC_ERROR_BAD_DER
);
2331 state
->top
->status
= decodeError
;
2334 item_len
+= substring
->len
;
2335 substring
= substring
->next
;
2338 if (is_bit_string
) {
2339 #ifdef XP_WIN16 /* win16 compiler gets an internal error otherwise */
2340 alloc_len
= (((long)item_len
+ 7) / 8);
2342 alloc_len
= ((item_len
+ 7) >> 3);
2346 * Add 2 for the end-of-contents octets of an indefinite-length
2347 * ANY that is *not* also an INNER. Because we zero-allocate
2348 * below, all we need to do is increase the length here.
2350 if (state
->underlying_kind
== SEC_ASN1_ANY
&& state
->indefinite
)
2352 alloc_len
= item_len
;
2355 item
= (SecAsn1Item
*)(state
->dest
);
2356 PORT_Assert (item
!= NULL
);
2357 PORT_Assert (item
->Data
== NULL
);
2358 item
->Data
= (unsigned char*)sec_asn1d_zalloc (state
->top
->their_pool
,
2360 if (item
->Data
== NULL
) {
2361 dprintf("decodeError: zalloc\n");
2362 state
->top
->status
= decodeError
;
2365 item
->Length
= item_len
;
2368 substring
= state
->subitems_head
;
2369 while (substring
!= NULL
) {
2371 item_len
= (substring
->len
+ 7) >> 3;
2373 item_len
= substring
->len
;
2374 PORT_Memcpy (where
, substring
->data
, item_len
);
2376 substring
= substring
->next
;
2380 * Because we use arenas and have a mark set, we later free
2381 * everything we have allocated, so this does *not* present
2382 * a memory leak (it is just temporarily left dangling).
2384 state
->subitems_head
= state
->subitems_tail
= NULL
;
2387 state
->place
= afterEndOfContents
;
2392 sec_asn1d_concat_group (sec_asn1d_state
*state
)
2394 const void ***placep
;
2396 PORT_Assert (state
->place
== afterGroup
);
2398 placep
= (const void***)state
->dest
;
2399 PORT_Assert(state
->subitems_head
== NULL
|| placep
!= NULL
);
2400 if (placep
!= NULL
) {
2401 struct subitem
*item
;
2406 item
= state
->subitems_head
;
2407 while (item
!= NULL
) {
2408 PORT_Assert (item
->next
!= NULL
|| item
== state
->subitems_tail
);
2413 group
= (const void**)sec_asn1d_zalloc (state
->top
->their_pool
,
2414 (count
+ 1) * (sizeof(void *)));
2415 if (group
== NULL
) {
2416 dprintf("decodeError: zalloc\n");
2417 state
->top
->status
= decodeError
;
2423 item
= state
->subitems_head
;
2424 while (item
!= NULL
) {
2425 *group
++ = item
->data
;
2431 * Because we use arenas and have a mark set, we later free
2432 * everything we have allocated, so this does *not* present
2433 * a memory leak (it is just temporarily left dangling).
2435 state
->subitems_head
= state
->subitems_tail
= NULL
;
2438 state
->place
= afterEndOfContents
;
2442 * For those states that push a child to handle a subtemplate,
2443 * "absorb" that child (transfer necessary information).
2446 sec_asn1d_absorb_child (sec_asn1d_state
*state
)
2449 * There is absolutely supposed to be a child there.
2451 PORT_Assert (state
->child
!= NULL
);
2454 * Inherit the missing status of our child, and do the ugly
2455 * backing-up if necessary.
2457 state
->missing
= state
->child
->missing
;
2458 if (state
->missing
) {
2459 state
->found_tag_number
= state
->child
->found_tag_number
;
2460 state
->found_tag_modifiers
= state
->child
->found_tag_modifiers
;
2461 state
->endofcontents
= state
->child
->endofcontents
;
2465 * Add in number of bytes consumed by child.
2466 * (Only EXPLICIT should have already consumed bytes itself.)
2468 PORT_Assert (state
->place
== afterExplicit
|| state
->consumed
== 0);
2469 state
->consumed
+= state
->child
->consumed
;
2472 * Subtract from bytes pending; this only applies to a definite-length
2475 if (state
->pending
) {
2476 PORT_Assert (!state
->indefinite
);
2477 PORT_Assert (state
->place
== afterExplicit
);
2480 * If we had a definite-length explicit, then what the child
2481 * consumed should be what was left pending.
2483 if (state
->pending
!= state
->child
->consumed
) {
2484 if (state
->pending
< state
->child
->consumed
) {
2485 dprintf("decodeError: absorb_child pending < consumed\n");
2486 PORT_SetError (SEC_ERROR_BAD_DER
);
2487 state
->top
->status
= decodeError
;
2491 * Okay, this is a hack. It *should* be an error whether
2492 * pending is too big or too small, but it turns out that
2493 * we had a bug in our *old* DER encoder that ended up
2494 * counting an explicit header twice in the case where
2495 * the underlying type was an ANY. So, because we cannot
2496 * prevent receiving these (our own certificate server can
2497 * send them to us), we need to be lenient and accept them.
2498 * To do so, we need to pretend as if we read all of the
2499 * bytes that the header said we would find, even though
2500 * we actually came up short.
2502 state
->consumed
+= (state
->pending
- state
->child
->consumed
);
2508 * Indicate that we are done with child.
2510 state
->child
->consumed
= 0;
2513 * And move on to final state.
2514 * (Technically everybody could move to afterEndOfContents except
2515 * for an indefinite-length EXPLICIT; for simplicity though we assert
2516 * that but let the end-of-contents code do the real determination.)
2518 PORT_Assert (state
->place
== afterExplicit
|| (! state
->indefinite
));
2519 state
->place
= beforeEndOfContents
;
2524 sec_asn1d_prepare_for_end_of_contents (sec_asn1d_state
*state
)
2526 PORT_Assert (state
->place
== beforeEndOfContents
);
2528 if (state
->indefinite
) {
2529 state
->place
= duringEndOfContents
;
2532 state
->place
= afterEndOfContents
;
2537 static unsigned long
2538 sec_asn1d_parse_end_of_contents (sec_asn1d_state
*state
,
2539 const char *buf
, unsigned long len
)
2543 PORT_Assert (state
->pending
<= 2);
2544 PORT_Assert (state
->place
== duringEndOfContents
);
2547 state
->top
->status
= needBytes
;
2551 if (state
->pending
< len
)
2552 len
= state
->pending
;
2554 for (i
= 0; i
< len
; i
++) {
2557 * We expect to find only zeros; if not, just give up.
2559 dprintf("decodeError: end of contents non zero\n");
2560 PORT_SetError (SEC_ERROR_BAD_DER
);
2561 state
->top
->status
= decodeError
;
2566 state
->pending
-= len
;
2568 if (state
->pending
== 0) {
2569 state
->place
= afterEndOfContents
;
2570 state
->endofcontents
= PR_TRUE
;
2578 sec_asn1d_pop_state (sec_asn1d_state
*state
)
2580 #if 0 /* XXX I think this should always be handled explicitly by parent? */
2582 * Account for our child.
2584 if (state
->child
!= NULL
) {
2585 state
->consumed
+= state
->child
->consumed
;
2586 if (state
->pending
) {
2587 PORT_Assert (!state
->indefinite
);
2588 if( state
->child
->consumed
> state
->pending
) {
2589 dprintf("decodeError: pop_state pending < consumed\n");
2590 PORT_SetError (SEC_ERROR_BAD_DER
);
2591 state
->top
->status
= decodeError
;
2593 state
->pending
-= state
->child
->consumed
;
2596 state
->child
->consumed
= 0;
2603 sec_asn1d_free_child (state
, PR_FALSE
);
2606 * Just make my parent be the current state. It will then clean
2607 * up after me and free me (or reuse me).
2609 state
->top
->current
= state
->parent
;
2612 static sec_asn1d_state
*
2613 sec_asn1d_before_choice (sec_asn1d_state
*state
,
2614 const char *buf
/* __APPLE__ */,
2615 size_t len
/* __APPLE__ */)
2617 sec_asn1d_state
*child
;
2619 if( state
->allocate
) {
2622 dest
= sec_asn1d_zalloc(state
->top
->their_pool
,
2623 state
->theTemplate
->size
);
2624 if( (void *)NULL
== dest
) {
2625 dprintf("decodeError: zalloc\n");
2626 state
->top
->status
= decodeError
;
2627 return (sec_asn1d_state
*)NULL
;
2630 state
->dest
= (char *)dest
+ state
->theTemplate
->offset
;
2633 child
= sec_asn1d_push_state(state
->top
, state
->theTemplate
+ 1,
2634 (char *)state
->dest
- state
->theTemplate
->offset
,
2636 if( (sec_asn1d_state
*)NULL
== child
) {
2637 return (sec_asn1d_state
*)NULL
;
2640 sec_asn1d_scrub_state(child
);
2641 child
= sec_asn1d_init_state_based_on_template(child
,
2642 buf
/* __APPLE__ */, len
/* __APPLE__ */);
2643 if( (sec_asn1d_state
*)NULL
== child
) {
2644 return (sec_asn1d_state
*)NULL
;
2647 child
->optional
= PR_TRUE
;
2649 state
->place
= duringChoice
;
2654 static sec_asn1d_state
*
2655 sec_asn1d_during_choice (sec_asn1d_state
*state
,
2656 const char *buf
, /* __APPLE__ */
2657 size_t len
/* __APPLE__ */)
2659 sec_asn1d_state
*child
= state
->child
;
2661 PORT_Assert((sec_asn1d_state
*)NULL
!= child
);
2663 if( child
->missing
) {
2664 unsigned char child_found_tag_modifiers
= 0;
2665 unsigned long child_found_tag_number
= 0;
2668 state
->consumed
+= child
->consumed
;
2670 if (child
->endofcontents
) {
2671 /* This choice is probably the first item in a GROUP
2672 ** (e.g. SET_OF) that was indefinite-length encoded.
2673 ** We're actually at the end of that GROUP.
2674 ** We look up the stack to be sure that we find
2675 ** a state with indefinite length encoding before we
2676 ** find a state (like a SEQUENCE) that is definite.
2678 child
->place
= notInUse
;
2679 state
->place
= afterChoice
;
2680 state
->endofcontents
= PR_TRUE
; /* propagate this up */
2681 if (sec_asn1d_parent_allows_EOC(state
))
2683 dprintf("decodeError: during_choice child at EOC by parent does not allow EOC\n");
2684 PORT_SetError(SEC_ERROR_BAD_DER
);
2685 state
->top
->status
= decodeError
;
2689 dest
= (char *)child
->dest
- child
->theTemplate
->offset
;
2690 child
->theTemplate
++;
2692 if( 0 == child
->theTemplate
->kind
) {
2693 /* Ran out of choices */
2694 dprintf("decodeError: during_choice ran out of choice\n");
2695 PORT_SetError(SEC_ERROR_BAD_DER
);
2696 state
->top
->status
= decodeError
;
2697 return (sec_asn1d_state
*)NULL
;
2699 child
->dest
= (char *)dest
+ child
->theTemplate
->offset
;
2701 /* cargo'd from next_in_sequence innards */
2702 if( state
->pending
) {
2703 PORT_Assert(!state
->indefinite
);
2704 if( child
->consumed
> state
->pending
) {
2705 dprintf("decodeError: during_choice consumed > pending\n");
2706 PORT_SetError (SEC_ERROR_BAD_DER
);
2707 state
->top
->status
= decodeError
;
2710 state
->pending
-= child
->consumed
;
2711 if( 0 == state
->pending
) {
2712 /* XXX uh.. not sure if I should have stopped this
2713 * from happening before. */
2715 PORT_SetError(SEC_ERROR_BAD_DER
);
2716 dprintf("decodeError: during_choice !pending\n");
2717 state
->top
->status
= decodeError
;
2718 return (sec_asn1d_state
*)NULL
;
2722 child
->consumed
= 0;
2723 sec_asn1d_scrub_state(child
);
2725 /* move it on top again */
2726 state
->top
->current
= child
;
2728 child_found_tag_modifiers
= child
->found_tag_modifiers
;
2729 child_found_tag_number
= child
->found_tag_number
;
2731 child
= sec_asn1d_init_state_based_on_template(child
, buf
/* __APPLE__*/, len
/* __APPLE__ */);
2732 if( (sec_asn1d_state
*)NULL
== child
) {
2733 return (sec_asn1d_state
*)NULL
;
2736 /* copy our findings to the new top */
2737 child
->found_tag_modifiers
= child_found_tag_modifiers
;
2738 child
->found_tag_number
= child_found_tag_number
;
2740 child
->optional
= PR_TRUE
;
2741 child
->place
= afterIdentifier
;
2745 if( (void *)NULL
!= state
->dest
) {
2746 /* Store the enum */
2747 int *which
= (int *)state
->dest
;
2748 *which
= (int)child
->theTemplate
->size
;
2751 child
->place
= notInUse
;
2753 state
->place
= afterChoice
;
2758 sec_asn1d_after_choice (sec_asn1d_state
*state
)
2760 state
->consumed
+= state
->child
->consumed
;
2761 state
->child
->consumed
= 0;
2762 state
->place
= afterEndOfContents
;
2763 sec_asn1d_pop_state(state
);
2768 sec_asn1d_uinteger(SecAsn1Item
*src
)
2770 unsigned long value
;
2773 if (src
->Length
> 5 || (src
->Length
> 4 && src
->Data
[0] == 0))
2780 value
|= src
->Data
[--len
];
2787 SEC_ASN1DecodeInteger(SecAsn1Item
*src
, unsigned long *value
)
2793 PORT_SetError(SEC_ERROR_INVALID_ARGS
);
2797 if (src
->Length
> sizeof(unsigned long)) {
2798 PORT_SetError(SEC_ERROR_INVALID_ARGS
);
2802 if (src
->Data
== NULL
) {
2803 PORT_SetError(SEC_ERROR_INVALID_ARGS
);
2807 if (src
->Data
[0] & 0x80)
2808 v
= -1; /* signed and negative - start with all 1's */
2812 for (i
= 0; i
< src
->Length
; i
++) {
2813 /* shift in next byte */
2821 #ifdef DEBUG_ASN1D_STATES
2823 dump_states(SEC_ASN1DecoderContext
*cx
)
2825 sec_asn1d_state
*state
;
2828 for (state
= cx
->current
; state
->parent
; state
= state
->parent
) {
2832 for (; state
; state
= state
->child
) {
2834 for (i
= 0; i
< state
->depth
; i
++) {
2838 i
= formatKind(state
->theTemplate
->kind
, kindBuf
);
2839 printf("%s: tmpl %p, kind%s",
2840 (state
== cx
->current
) ? "STATE" : "State",
2843 printf(" %s", (state
->place
<= notInUse
)
2844 ? place_names
[ state
->place
]
2847 printf(", expect 0x%02lx",
2848 state
->expect_tag_number
| state
->expect_tag_modifiers
);
2850 printf("%s%s%s %lu\n",
2851 state
->indefinite
? ", indef" : "",
2852 state
->missing
? ", miss" : "",
2853 state
->endofcontents
? ", EOC" : "",
2860 #endif /* DEBUG_ASN1D_STATES */
2863 SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext
*cx
,
2864 const char *buf
, size_t len
)
2866 sec_asn1d_state
*state
= NULL
;
2867 unsigned long consumed
;
2868 SEC_ASN1EncodingPart what
;
2869 sec_asn1d_state
*stateEnd
= cx
->current
;
2871 if (cx
->status
== needBytes
)
2872 cx
->status
= keepGoing
;
2874 while (cx
->status
== keepGoing
) {
2875 state
= cx
->current
;
2876 what
= SEC_ASN1_Contents
;
2878 #if DEBUG_ASN1D_STATES
2879 if (doDumpStates
> 1) {
2880 printf("\nPLACE = %s, next byte = 0x%02x, %p[%lu]\n",
2881 (state
->place
<= notInUse
) ?
2882 place_names
[ state
->place
] : "(undefined)",
2883 (unsigned int)((unsigned char *)buf
)[ consumed
],
2887 #endif /* DEBUG_ASN1D_STATES */
2888 switch (state
->place
) {
2889 case beforeIdentifier
:
2890 consumed
= sec_asn1d_parse_identifier (state
, buf
, len
);
2891 what
= SEC_ASN1_Identifier
;
2893 case duringIdentifier
:
2894 consumed
= sec_asn1d_parse_more_identifier (state
, buf
, len
);
2895 what
= SEC_ASN1_Identifier
;
2897 case afterIdentifier
:
2898 sec_asn1d_confirm_identifier (state
);
2901 consumed
= sec_asn1d_parse_length (state
, buf
, len
);
2902 what
= SEC_ASN1_Length
;
2905 consumed
= sec_asn1d_parse_more_length (state
, buf
, len
);
2906 what
= SEC_ASN1_Length
;
2909 sec_asn1d_prepare_for_contents (state
, buf
, len
);
2911 case beforeBitString
:
2912 consumed
= sec_asn1d_parse_bit_string (state
, buf
, len
);
2914 case duringBitString
:
2915 consumed
= sec_asn1d_parse_more_bit_string (state
, buf
, len
);
2917 case duringConstructedString
:
2918 sec_asn1d_next_substring (state
);
2921 sec_asn1d_next_in_group (state
, buf
, len
);
2924 consumed
= sec_asn1d_parse_leaf (state
, buf
, len
);
2926 case duringSaveEncoding
:
2927 sec_asn1d_reuse_encoding (state
);
2928 if (cx
->status
== decodeError
) {
2929 /* recursive call has already popped all states from stack.
2930 ** Bail out quickly.
2934 if (cx
->status
== needBytes
) {
2935 /* recursive call wanted more data. Fatal. Clean up below. */
2936 PORT_SetError (SEC_ERROR_BAD_DER
);
2937 cx
->status
= decodeError
;
2940 case duringSequence
:
2941 sec_asn1d_next_in_sequence (state
, buf
, len
);
2943 case afterConstructedString
:
2944 sec_asn1d_concat_substrings (state
);
2950 sec_asn1d_absorb_child (state
);
2953 sec_asn1d_concat_group (state
);
2955 case afterSaveEncoding
:
2956 /* SEC_ASN1DecoderUpdate has called itself recursively to
2957 ** decode SAVEd encoded data, and now is done decoding that.
2958 ** Return to the calling copy of SEC_ASN1DecoderUpdate.
2961 case beforeEndOfContents
:
2962 sec_asn1d_prepare_for_end_of_contents (state
);
2964 case duringEndOfContents
:
2965 consumed
= sec_asn1d_parse_end_of_contents (state
, buf
, len
);
2966 what
= SEC_ASN1_EndOfContents
;
2968 case afterEndOfContents
:
2969 sec_asn1d_pop_state (state
);
2972 state
= sec_asn1d_before_choice(state
, buf
, len
);
2975 state
= sec_asn1d_during_choice(state
, buf
, len
);
2978 sec_asn1d_after_choice(state
);
2982 /* This is not an error, but rather a plain old BUG! */
2984 PORT_SetError (SEC_ERROR_BAD_DER
);
2985 dprintf("decodeError: decoder update bad state->place\n");
2986 cx
->status
= decodeError
;
2990 if (cx
->status
== decodeError
)
2993 /* We should not consume more than we have. */
2994 PORT_Assert (consumed
<= len
);
2995 if( consumed
> len
) {
2996 dprintf("decodeError: decoder update consumed > len\n");
2997 PORT_SetError (SEC_ERROR_BAD_DER
);
2998 cx
->status
= decodeError
;
3002 /* It might have changed, so we have to update our local copy. */
3003 state
= cx
->current
;
3005 /* If it is NULL, we have popped all the way to the top. */
3006 if (state
== NULL
) {
3007 PORT_Assert (consumed
== 0);
3009 /* XXX I want this here, but it seems that we have situations (like
3010 * downloading a pkcs7 cert chain from some issuers) that give us a
3011 * length which is greater than the entire encoding. So, we cannot
3012 * have this be an error.
3015 dprintf("decodeError: decoder update nonzero len\n");
3016 PORT_SetError (SEC_ERROR_BAD_DER
);
3017 cx
->status
= decodeError
;
3021 cx
->status
= allDone
;
3024 else if (state
->theTemplate
->kind
== SEC_ASN1_SKIP_REST
) {
3025 cx
->status
= allDone
;
3033 * The following check is specifically looking for an ANY
3034 * that is *not* also an INNER, because we need to save aside
3035 * all bytes in that case -- the contents parts will get
3036 * handled like all other contents, and the end-of-contents
3037 * bytes are added by the concat code, but the outer header
3038 * bytes need to get saved too, so we do them explicitly here.
3040 if (state
->underlying_kind
== SEC_ASN1_ANY
3041 && !cx
->filter_only
&& (what
== SEC_ASN1_Identifier
3042 || what
== SEC_ASN1_Length
)) {
3043 sec_asn1d_record_any_header (state
, buf
, consumed
);
3047 * We had some number of good, accepted bytes. If the caller
3048 * has registered to see them, pass them along.
3050 if (state
->top
->filter_proc
!= NULL
) {
3053 depth
= state
->depth
;
3054 if (what
== SEC_ASN1_EndOfContents
&& !state
->indefinite
) {
3055 PORT_Assert (state
->parent
!= NULL
3056 && state
->parent
->indefinite
);
3058 PORT_Assert (depth
== state
->parent
->depth
);
3060 (* state
->top
->filter_proc
) (state
->top
->filter_arg
,
3061 buf
, consumed
, depth
, what
);
3064 state
->consumed
+= consumed
;
3067 } /* main decode loop */
3069 if (cx
->status
== decodeError
) {
3070 while (state
!= NULL
&& stateEnd
->parent
!=state
) {
3071 sec_asn1d_free_child (state
, PR_TRUE
);
3072 state
= state
->parent
;
3074 #ifdef SEC_ASN1D_FREE_ON_ERROR /*
3075 * XXX This does not work because we can
3076 * end up leaving behind dangling pointers
3077 * to stuff that was allocated. In order
3078 * to make this really work (which would
3079 * be a good thing, I think), we need to
3080 * keep track of every place/pointer that
3081 * was allocated and make sure to NULL it
3082 * out before we then free back to the mark.
3084 if (cx
->their_pool
!= NULL
) {
3085 PORT_Assert (cx
->their_mark
!= NULL
);
3086 PORT_ArenaRelease (cx
->their_pool
, cx
->their_mark
);
3093 /* XXX This is what I want, but cannot have because it seems we
3094 * have situations (like when downloading a pkcs7 cert chain from
3095 * some issuers) that give us a total length which is greater than
3096 * the entire encoding. So, we have to allow allDone to have a
3097 * remaining length greater than zero. I wanted to catch internal
3098 * bugs with this, noticing when we do not have the right length.
3101 PORT_Assert (len
== 0
3102 && (cx
->status
== needBytes
|| cx
->status
== allDone
));
3104 PORT_Assert ((len
== 0 && cx
->status
== needBytes
)
3105 || cx
->status
== allDone
);
3112 SEC_ASN1DecoderFinish (SEC_ASN1DecoderContext
*cx
)
3116 if (cx
->status
== needBytes
) {
3119 * Special case: need more bytes, but this field and all
3120 * subsequent fields are optional. I'm surprised this case is
3121 * not handled in the original NSS code, and this workaround
3122 * is a bit of a hack...
3124 sec_asn1d_state
*state
= cx
->current
;
3125 assert(state
!= NULL
);
3126 if(state
->place
== beforeIdentifier
) {
3127 int allOptional
= 1;
3128 const SecAsn1Template
*templ
= state
->theTemplate
;
3129 while(templ
->kind
!= 0) {
3130 if(!(templ
->kind
& SEC_ASN1_OPTIONAL
)) {
3137 /* letting this one slide */
3141 PORT_SetError (SEC_ERROR_BAD_DER
);
3146 PORT_SetError (SEC_ERROR_BAD_DER
);
3150 PORT_SetError (SEC_ERROR_BAD_DER
);
3152 #endif /* __APPLE__ */
3158 * XXX anything else that needs to be finished?
3161 PORT_FreeArena (cx
->our_pool
, PR_FALSE
);
3167 SEC_ASN1DecoderContext
*
3168 SEC_ASN1DecoderStart (PRArenaPool
*their_pool
, void *dest
,
3169 const SecAsn1Template
*theTemplate
3172 /* only needed if first element will be SEC_ASN1_DYNAMIC */
3174 size_t len
/* __APPLE__ */
3178 PRArenaPool
*our_pool
;
3179 SEC_ASN1DecoderContext
*cx
;
3181 our_pool
= PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE
);
3182 if (our_pool
== NULL
)
3185 cx
= (SEC_ASN1DecoderContext
*)PORT_ArenaZAlloc (our_pool
, sizeof(*cx
));
3187 PORT_FreeArena (our_pool
, PR_FALSE
);
3191 cx
->our_pool
= our_pool
;
3192 if (their_pool
!= NULL
) {
3193 cx
->their_pool
= their_pool
;
3194 #ifdef SEC_ASN1D_FREE_ON_ERROR
3195 cx
->their_mark
= PORT_ArenaMark (their_pool
);
3199 cx
->status
= needBytes
;
3201 if (sec_asn1d_push_state(cx
, theTemplate
, dest
, PR_FALSE
) == NULL
3202 || sec_asn1d_init_state_based_on_template (cx
->current
,
3203 buf
/* __APPLE__ */, len
/* __APPLE__ */) == NULL
) {
3205 * Trouble initializing (probably due to failed allocations)
3206 * requires that we just give up.
3208 PORT_FreeArena (our_pool
, PR_FALSE
);
3217 SEC_ASN1DecoderSetFilterProc (SEC_ASN1DecoderContext
*cx
,
3218 SEC_ASN1WriteProc fn
, void *arg
,
3221 /* check that we are "between" fields here */
3222 PORT_Assert (cx
->during_notify
);
3224 cx
->filter_proc
= fn
;
3225 cx
->filter_arg
= arg
;
3226 cx
->filter_only
= only
;
3231 SEC_ASN1DecoderClearFilterProc (SEC_ASN1DecoderContext
*cx
)
3233 /* check that we are "between" fields here */
3234 PORT_Assert (cx
->during_notify
);
3236 cx
->filter_proc
= NULL
;
3237 cx
->filter_arg
= NULL
;
3238 cx
->filter_only
= PR_FALSE
;
3243 SEC_ASN1DecoderSetNotifyProc (SEC_ASN1DecoderContext
*cx
,
3244 SEC_ASN1NotifyProc fn
, void *arg
)
3246 cx
->notify_proc
= fn
;
3247 cx
->notify_arg
= arg
;
3252 SEC_ASN1DecoderClearNotifyProc (SEC_ASN1DecoderContext
*cx
)
3254 cx
->notify_proc
= NULL
;
3255 cx
->notify_arg
= NULL
; /* not necessary; just being clean */
3260 SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext
*cx
, int error
)
3263 PORT_SetError(error
);
3264 cx
->status
= decodeError
;
3269 SEC_ASN1Decode (PRArenaPool
*poolp
, void *dest
,
3270 const SecAsn1Template
*theTemplate
,
3271 const char *buf
, size_t len
)
3273 SEC_ASN1DecoderContext
*dcx
;
3276 dcx
= SEC_ASN1DecoderStart (poolp
, dest
, theTemplate
,
3277 buf
/* __APPLE__ */, len
/* __APPLE__ */);
3281 urv
= SEC_ASN1DecoderUpdate (dcx
, buf
, len
);
3282 frv
= SEC_ASN1DecoderFinish (dcx
);
3284 if (urv
!= SECSuccess
)
3292 SEC_ASN1DecodeItem (PRArenaPool
*poolp
, void *dest
,
3293 const SecAsn1Template
*theTemplate
,
3294 const SecAsn1Item
*item
)
3296 return SEC_ASN1Decode (poolp
, dest
, theTemplate
,
3297 (const char *) item
->Data
, item
->Length
);