]> git.saurik.com Git - apple/security.git/blob - OSX/libsecurity_asn1/lib/secasn1d.c
Security-57337.40.85.tar.gz
[apple/security.git] / OSX / libsecurity_asn1 / lib / secasn1d.c
1 /*
2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
6 *
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
11 *
12 * The Original Code is the Netscape security libraries.
13 *
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
17 * Rights Reserved.
18 *
19 * Contributor(s):
20 *
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
31 * GPL.
32 */
33
34 /*
35 * Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
36 * Encoding Rules).
37 *
38 * $Id: secasn1d.c,v 1.16 2004/05/13 15:29:13 dmitch Exp $
39 */
40 #include <limits.h>
41
42 #include "secasn1.h"
43 #include "secerr.h"
44 #include "assert.h"
45
46 #ifdef NDEBUG
47 #define DEBUG_DECASN1 0
48 #else
49 #define DEBUG_DECASN1 1
50 #endif
51
52 #if DEBUG_DECASN1
53 #include <stdio.h>
54 #define dprintf(args...) printf(args)
55 #else
56 #define dprintf(args...)
57 #endif /* DEBUG_DECASN1 */
58
59 typedef enum {
60 beforeIdentifier,
61 duringIdentifier,
62 afterIdentifier,
63 beforeLength,
64 duringLength,
65 afterLength,
66 beforeBitString,
67 duringBitString,
68 duringConstructedString,
69 duringGroup,
70 duringLeaf,
71 duringSaveEncoding,
72 duringSequence,
73 afterConstructedString,
74 afterGroup,
75 afterExplicit,
76 afterImplicit,
77 afterInline,
78 afterPointer,
79 afterSaveEncoding,
80 beforeEndOfContents,
81 duringEndOfContents,
82 afterEndOfContents,
83 beforeChoice,
84 duringChoice,
85 afterChoice,
86 notInUse
87 } sec_asn1d_parse_place;
88
89 #ifndef NDEBUG
90 #define DEBUG_ASN1D_STATES 1
91 /* tweakable by debugger, debug only */
92 int doDumpStates = 0;
93 #else /* DEBUG_ASN1D_STATES 0 */
94 #endif /* DEBUG_ASN1D_STATES */
95
96 #if DEBUG_ASN1D_STATES
97 static const char *place_names[] = {
98 "beforeIdentifier",
99 "duringIdentifier",
100 "afterIdentifier",
101 "beforeLength",
102 "duringLength",
103 "afterLength",
104 "beforeBitString",
105 "duringBitString",
106 "duringConstructedString",
107 "duringGroup",
108 "duringLeaf",
109 "duringSaveEncoding",
110 "duringSequence",
111 "afterConstructedString",
112 "afterGroup",
113 "afterExplicit",
114 "afterImplicit",
115 "afterInline",
116 "afterPointer",
117 "afterSaveEncoding",
118 "beforeEndOfContents",
119 "duringEndOfContents",
120 "afterEndOfContents",
121 "beforeChoice",
122 "duringChoice",
123 "afterChoice",
124 "notInUse"
125 };
126
127 static const char * const class_names[] = {
128 "UNIVERSAL",
129 "APPLICATION",
130 "CONTEXT_SPECIFIC",
131 "PRIVATE"
132 };
133
134 static const char * const method_names[] = { "PRIMITIVE", "CONSTRUCTED" };
135
136 static const char * const type_names[] = {
137 "END_OF_CONTENTS",
138 "BOOLEAN",
139 "INTEGER",
140 "BIT_STRING",
141 "OCTET_STRING",
142 "NULL",
143 "OBJECT_ID",
144 "OBJECT_DESCRIPTOR",
145 "(type 08)",
146 "REAL",
147 "ENUMERATED",
148 "EMBEDDED",
149 "UTF8_STRING",
150 "(type 0d)",
151 "(type 0e)",
152 "(type 0f)",
153 "SEQUENCE",
154 "SET",
155 "NUMERIC_STRING",
156 "PRINTABLE_STRING",
157 "T61_STRING",
158 "VIDEOTEXT_STRING",
159 "IA5_STRING",
160 "UTC_TIME",
161 "GENERALIZED_TIME",
162 "GRAPHIC_STRING",
163 "VISIBLE_STRING",
164 "GENERAL_STRING",
165 "UNIVERSAL_STRING",
166 "(type 1d)",
167 "BMP_STRING",
168 "HIGH_TAG_VALUE"
169 };
170
171 static const char * const flag_names[] = { /* flags, right to left */
172 "OPTIONAL",
173 "EXPLICIT",
174 "ANY",
175 "INLINE",
176 "POINTER",
177 "GROUP",
178 "DYNAMIC",
179 "SKIP",
180 "INNER",
181 "SAVE",
182 "", /* decoder ignores "MAY_STREAM", */
183 "SKIP_REST",
184 "CHOICE",
185 "NO_STREAM",
186 "DEBUG_BREAK",
187 "unknown 08",
188 "unknown 10",
189 "unknown 20",
190 "unknown 40",
191 "unknown 80"
192 };
193
194 static int /* bool */
195 formatKind(unsigned long kind, char * buf)
196 {
197 int i;
198 unsigned long k = kind & SEC_ASN1_TAGNUM_MASK;
199 unsigned long notag = kind & (SEC_ASN1_CHOICE | SEC_ASN1_POINTER |
200 SEC_ASN1_INLINE | SEC_ASN1_ANY | SEC_ASN1_SAVE);
201
202 buf[0] = 0;
203 if ((kind & SEC_ASN1_CLASS_MASK) != SEC_ASN1_UNIVERSAL) {
204 sprintf(buf, " %s", class_names[(kind & SEC_ASN1_CLASS_MASK) >> 6] );
205 buf += strlen(buf);
206 }
207 if (kind & SEC_ASN1_METHOD_MASK) {
208 sprintf(buf, " %s", method_names[1]);
209 buf += strlen(buf);
210 }
211 if ((kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL) {
212 if (k || !notag) {
213 sprintf(buf, " %s", type_names[k] );
214 if ((k == SEC_ASN1_SET || k == SEC_ASN1_SEQUENCE) &&
215 (kind & SEC_ASN1_GROUP)) {
216 buf += strlen(buf);
217 sprintf(buf, "_OF");
218 }
219 }
220 } else {
221 sprintf(buf, " [%lu]", k);
222 }
223 buf += strlen(buf);
224
225 for (k = kind >> 8, i = 0; k; k >>= 1, ++i) {
226 if (k & 1) {
227 sprintf(buf, " %s", flag_names[i]);
228 buf += strlen(buf);
229 }
230 }
231 return notag != 0;
232 }
233
234 #endif /* DEBUG_ASN1D_STATES */
235
236 typedef enum {
237 allDone,
238 decodeError,
239 keepGoing,
240 needBytes
241 } sec_asn1d_parse_status;
242
243 struct subitem {
244 const void *data;
245 unsigned long len; /* only used for substrings */
246 struct subitem *next;
247 };
248
249 typedef struct sec_asn1d_state_struct {
250 SEC_ASN1DecoderContext *top;
251 const SecAsn1Template *theTemplate;
252 void *dest;
253
254 void *our_mark; /* free on completion */
255
256 struct sec_asn1d_state_struct *parent; /* aka prev */
257 struct sec_asn1d_state_struct *child; /* aka next */
258
259 sec_asn1d_parse_place place;
260
261 /*
262 * XXX explain the next fields as clearly as possible...
263 */
264 unsigned char found_tag_modifiers;
265 unsigned char expect_tag_modifiers;
266 unsigned long check_tag_mask;
267 unsigned long found_tag_number;
268 unsigned long expect_tag_number;
269 unsigned long underlying_kind;
270
271 unsigned long contents_length;
272 unsigned long pending;
273 unsigned long consumed;
274
275 int depth;
276
277 /*
278 * Bit strings have their length adjusted -- the first octet of the
279 * contents contains a value between 0 and 7 which says how many bits
280 * at the end of the octets are not actually part of the bit string;
281 * when parsing bit strings we put that value here because we need it
282 * later, for adjustment of the length (when the whole string is done).
283 */
284 unsigned int bit_string_unused_bits;
285
286 /*
287 * The following are used for indefinite-length constructed strings.
288 */
289 struct subitem *subitems_head;
290 struct subitem *subitems_tail;
291
292 PRPackedBool
293 allocate, /* when true, need to allocate the destination */
294 endofcontents, /* this state ended up parsing end-of-contents octets */
295 explicit, /* we are handling an explicit header */
296 indefinite, /* the current item has indefinite-length encoding */
297 missing, /* an optional field that was not present */
298 optional, /* the template says this field may be omitted */
299 substring; /* this is a substring of a constructed string */
300 } sec_asn1d_state;
301
302 #define IS_HIGH_TAG_NUMBER(n) ((n) == SEC_ASN1_HIGH_TAG_NUMBER)
303 #define LAST_TAG_NUMBER_BYTE(b) (((b) & 0x80) == 0)
304 #define TAG_NUMBER_BITS 7
305 #define TAG_NUMBER_MASK 0x7f
306
307 #define LENGTH_IS_SHORT_FORM(b) (((b) & 0x80) == 0)
308 #define LONG_FORM_LENGTH(b) ((b) & 0x7f)
309
310 #define HIGH_BITS(field,cnt) ((field) >> ((sizeof(field) * 8) - (cnt)))
311
312
313 /*
314 * An "outsider" will have an opaque pointer to this, created by calling
315 * SEC_ASN1DecoderStart(). It will be passed back in to all subsequent
316 * calls to SEC_ASN1DecoderUpdate(), and when done it is passed to
317 * SEC_ASN1DecoderFinish().
318 */
319 struct sec_DecoderContext_struct {
320 PRArenaPool *our_pool; /* for our internal allocs */
321 PRArenaPool *their_pool; /* for destination structure allocs */
322 #ifdef SEC_ASN1D_FREE_ON_ERROR /*
323 * XXX see comment below (by same
324 * ifdef) that explains why this
325 * does not work (need more smarts
326 * in order to free back to mark)
327 */
328 /*
329 * XXX how to make their_mark work in the case where they do NOT
330 * give us a pool pointer?
331 */
332 void *their_mark; /* free on error */
333 #endif
334
335 sec_asn1d_state *current;
336 sec_asn1d_parse_status status;
337
338 SEC_ASN1NotifyProc notify_proc; /* call before/after handling field */
339 void *notify_arg; /* argument to notify_proc */
340 PRBool during_notify; /* true during call to notify_proc */
341
342 SEC_ASN1WriteProc filter_proc; /* pass field bytes to this */
343 void *filter_arg; /* argument to that function */
344 PRBool filter_only; /* do not allocate/store fields */
345 };
346
347
348 /*
349 * XXX this is a fairly generic function that may belong elsewhere
350 */
351 static void *
352 sec_asn1d_alloc (PRArenaPool *poolp, unsigned long len)
353 {
354 void *thing;
355
356 if (poolp != NULL) {
357 /*
358 * Allocate from the pool.
359 */
360 thing = PORT_ArenaAlloc (poolp, len);
361 } else {
362 /*
363 * Allocate generically.
364 */
365 thing = PORT_Alloc (len);
366 }
367
368 return thing;
369 }
370
371
372 /*
373 * XXX this is a fairly generic function that may belong elsewhere
374 */
375 static void *
376 sec_asn1d_zalloc (PRArenaPool *poolp, unsigned long len)
377 {
378 void *thing;
379
380 thing = sec_asn1d_alloc (poolp, len);
381 if (thing != NULL)
382 PORT_Memset (thing, 0, len);
383 return thing;
384 }
385
386
387 static sec_asn1d_state *
388 sec_asn1d_push_state (SEC_ASN1DecoderContext *cx,
389 const SecAsn1Template *theTemplate,
390 void *dest, PRBool new_depth)
391 {
392 sec_asn1d_state *state, *new_state;
393
394 state = cx->current;
395
396 PORT_Assert (state == NULL || state->child == NULL);
397
398 if (state != NULL) {
399 PORT_Assert (state->our_mark == NULL);
400 state->our_mark = PORT_ArenaMark (cx->our_pool);
401 }
402
403 new_state = (sec_asn1d_state*)sec_asn1d_zalloc (cx->our_pool,
404 sizeof(*new_state));
405 if (new_state == NULL) {
406 dprintf("decodeError: zalloc failure\n");
407 goto loser;
408 }
409
410 new_state->top = cx;
411 new_state->parent = state;
412 new_state->theTemplate = theTemplate;
413 new_state->place = notInUse;
414 if (dest != NULL)
415 new_state->dest = (char *)dest + theTemplate->offset;
416
417 if (state != NULL) {
418 new_state->depth = state->depth;
419 if (new_depth) {
420 if (++new_state->depth > SEC_ASN1D_MAX_DEPTH) {
421 PORT_SetError (SEC_ERROR_BAD_DER);
422 goto loser;
423 }
424 }
425 state->child = new_state;
426 }
427
428 cx->current = new_state;
429 return new_state;
430
431 loser:
432 cx->status = decodeError;
433 if (state != NULL) {
434 PORT_ArenaRelease(cx->our_pool, state->our_mark);
435 state->our_mark = NULL;
436 }
437 return NULL;
438 }
439
440
441 static void
442 sec_asn1d_scrub_state (sec_asn1d_state *state)
443 {
444 /*
445 * Some default "scrubbing".
446 * XXX right set of initializations?
447 */
448 state->place = beforeIdentifier;
449 state->endofcontents = PR_FALSE;
450 state->indefinite = PR_FALSE;
451 state->missing = PR_FALSE;
452
453 PORT_Assert (state->consumed == 0);
454 }
455
456
457 static sec_asn1d_state *
458 sec_asn1d_get_enclosing_construct(sec_asn1d_state *state)
459 {
460 for (state = state->parent; state; state = state->parent) {
461 sec_asn1d_parse_place place = state->place;
462 if (place != afterImplicit &&
463 place != afterPointer &&
464 place != afterInline &&
465 place != afterSaveEncoding &&
466 place != duringSaveEncoding &&
467 place != duringChoice) {
468
469 /* we've walked up the stack to a state that represents
470 ** the enclosing construct.
471 */
472 break;
473 }
474 }
475 return state;
476 }
477
478
479 static PRBool
480 sec_asn1d_parent_allows_EOC(sec_asn1d_state *state)
481 {
482 /* get state of enclosing construct. */
483 state = sec_asn1d_get_enclosing_construct(state);
484 if (state) {
485 sec_asn1d_parse_place place = state->place;
486 /* Is it one of the types that permits an unexpected EOC? */
487 int eoc_permitted =
488 (place == duringGroup ||
489 place == duringConstructedString ||
490 state->child->optional);
491 return (state->indefinite && eoc_permitted) ? PR_TRUE : PR_FALSE;
492 }
493 return PR_FALSE;
494 }
495
496
497 static void
498 sec_asn1d_notify_before (SEC_ASN1DecoderContext *cx, void *dest, int depth)
499 {
500 if (cx->notify_proc == NULL)
501 return;
502
503 cx->during_notify = PR_TRUE;
504 (* cx->notify_proc) (cx->notify_arg, PR_TRUE, dest, depth);
505 cx->during_notify = PR_FALSE;
506 }
507
508
509 static void
510 sec_asn1d_notify_after (SEC_ASN1DecoderContext *cx, void *dest, int depth)
511 {
512 if (cx->notify_proc == NULL)
513 return;
514
515 cx->during_notify = PR_TRUE;
516 (* cx->notify_proc) (cx->notify_arg, PR_FALSE, dest, depth);
517 cx->during_notify = PR_FALSE;
518 }
519
520
521 static sec_asn1d_state *
522 sec_asn1d_init_state_based_on_template (sec_asn1d_state *state,
523 #ifdef __APPLE__
524 const char *buf, /* for SEC_ASN1GetSubtemplate() */
525 size_t len
526 #endif
527 )
528 {
529 PRBool explicit, optional, universal;
530 unsigned char expect_tag_modifiers;
531 unsigned long encode_kind, under_kind;
532 unsigned long check_tag_mask, expect_tag_number;
533 #ifdef __APPLE__
534 unsigned long dynamic;
535 #endif
536
537
538 /* XXX Check that both of these tests are really needed/appropriate. */
539 if (state == NULL || state->top->status == decodeError || state->theTemplate == NULL)
540 return state;
541
542 encode_kind = state->theTemplate->kind;
543
544 if (encode_kind & SEC_ASN1_SAVE) {
545 /*
546 * This is a "magic" field that saves away all bytes, allowing
547 * the immediately following field to still be decoded from this
548 * same spot -- sort of a fork.
549 */
550 /* check that there are no extraneous bits */
551 PORT_Assert (encode_kind == SEC_ASN1_SAVE);
552 if (state->top->filter_only) {
553 /*
554 * If we are not storing, then we do not do the SAVE field
555 * at all. Just move ahead to the "real" field instead,
556 * doing the appropriate notify calls before and after.
557 */
558 sec_asn1d_notify_after (state->top, state->dest, state->depth);
559 /*
560 * Since we are not storing, allow for our current dest value
561 * to be NULL. (This might not actually occur, but right now I
562 * cannot convince myself one way or the other.) If it is NULL,
563 * assume that our parent dest can help us out.
564 */
565 if (state->dest == NULL)
566 state->dest = state->parent->dest;
567 else
568 state->dest =
569 (char *)state->dest - state->theTemplate->offset;
570 state->theTemplate++;
571 if (state->dest != NULL)
572 state->dest =
573 (char *)state->dest + state->theTemplate->offset;
574 sec_asn1d_notify_before (state->top, state->dest, state->depth);
575 encode_kind = state->theTemplate->kind;
576 PORT_Assert ((encode_kind & SEC_ASN1_SAVE) == 0);
577 } else {
578 sec_asn1d_scrub_state (state);
579 state->place = duringSaveEncoding;
580 state = sec_asn1d_push_state (state->top, kSecAsn1AnyTemplate,
581 state->dest, PR_FALSE);
582 if (state != NULL)
583 state = sec_asn1d_init_state_based_on_template (state,
584 buf /* __APPLE__ */, len /* __APPLE__ */);
585 return state;
586 }
587 }
588
589
590 universal = ((encode_kind & SEC_ASN1_CLASS_MASK) == SEC_ASN1_UNIVERSAL)
591 ? PR_TRUE : PR_FALSE;
592
593 explicit = (encode_kind & SEC_ASN1_EXPLICIT) ? PR_TRUE : PR_FALSE;
594 encode_kind &= ~SEC_ASN1_EXPLICIT;
595
596 optional = (encode_kind & SEC_ASN1_OPTIONAL) ? PR_TRUE : PR_FALSE;
597 encode_kind &= ~SEC_ASN1_OPTIONAL;
598
599 #ifdef __APPLE__
600 dynamic = (encode_kind & SEC_ASN1_DYNAMIC) ? PR_TRUE : PR_FALSE;
601 encode_kind &= ~SEC_ASN1_DYNAMIC;
602 #endif
603
604 PORT_Assert (!(explicit && universal)); /* bad templates */
605
606 encode_kind &= ~SEC_ASN1_DYNAMIC;
607 encode_kind &= ~SEC_ASN1_MAY_STREAM;
608
609 if( encode_kind & SEC_ASN1_CHOICE ) {
610 #if 0 /* XXX remove? */
611 sec_asn1d_state *child = sec_asn1d_push_state(state->top, state->theTemplate, state->dest, PR_FALSE);
612 if( (sec_asn1d_state *)NULL == child ) {
613 return (sec_asn1d_state *)NULL;
614 }
615
616 child->allocate = state->allocate;
617 child->place = beforeChoice;
618 return child;
619 #else
620 state->place = beforeChoice;
621 return state;
622 #endif
623 }
624
625 if ((encode_kind & (SEC_ASN1_POINTER | SEC_ASN1_INLINE)) || (!universal
626 && !explicit)) {
627 const SecAsn1Template *subt;
628 void *dest;
629 PRBool child_allocate;
630 void *subDest;
631
632 PORT_Assert ((encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) == 0);
633
634 sec_asn1d_scrub_state (state);
635 child_allocate = PR_FALSE;
636
637 if (encode_kind & SEC_ASN1_POINTER) {
638 /*
639 * A POINTER means we need to allocate the destination for
640 * this field. But, since it may also be an optional field,
641 * we defer the allocation until later; we just record that
642 * it needs to be done.
643 *
644 * There are two possible scenarios here -- one is just a
645 * plain POINTER (kind of like INLINE, except with allocation)
646 * and the other is an implicitly-tagged POINTER. We don't
647 * need to do anything special here for the two cases, but
648 * since the template definition can be tricky, we do check
649 * that there are no extraneous bits set in encode_kind.
650 *
651 * XXX The same conditions which assert should set an error.
652 */
653 if (universal) {
654 /*
655 * "universal" means this entry is a standalone POINTER;
656 * there should be no other bits set in encode_kind.
657 */
658 PORT_Assert (encode_kind == SEC_ASN1_POINTER);
659 } else {
660 /*
661 * If we get here we have an implicitly-tagged field
662 * that needs to be put into a POINTER. The subtemplate
663 * will determine how to decode the field, but encode_kind
664 * describes the (implicit) tag we are looking for.
665 * The non-tag bits of encode_kind will be ignored by
666 * the code below; none of them should be set, however,
667 * except for the POINTER bit itself -- so check that.
668 */
669 PORT_Assert ((encode_kind & ~SEC_ASN1_TAG_MASK)
670 == SEC_ASN1_POINTER);
671 }
672 if (!state->top->filter_only)
673 child_allocate = PR_TRUE;
674 dest = NULL;
675 state->place = afterPointer;
676 } else {
677 dest = state->dest;
678 if (encode_kind & SEC_ASN1_INLINE) {
679 /* check that there are no extraneous bits */
680 /* FIXME - why are optional and inline mutually
681 * exclusive? Delete this assert and see what happens...
682 PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional);
683 */
684 state->place = afterInline;
685 } else {
686 state->place = afterImplicit;
687 }
688 }
689
690 state->optional = optional;
691
692 subDest = state->dest;
693 #if defined(__APPLE__)
694 /*
695 * We might be starting the processing of a group or a
696 * set, in which case state->dest is NULL. Get parent's dest,
697 * or grandparent's, etc... just for the use by
698 * SEC_ASN1GetSubtemplate (specifically, by dynamic
699 * choosers)
700 */
701 sec_asn1d_state *tempState = state;
702 while(subDest == NULL) {
703 sec_asn1d_state *parent = tempState->parent;
704 if(parent == NULL) {
705 /* Oh well. Not going to work for this template. */
706 break;
707 }
708 subDest = parent->dest;
709 tempState = parent;
710 }
711 #endif /* __APPLE__ */
712 subt = SEC_ASN1GetSubtemplate (state->theTemplate, subDest,
713 PR_FALSE, buf /* __APPLE__ */, len /* __APPLE__ */);
714 state = sec_asn1d_push_state (state->top, subt, dest, PR_FALSE);
715 if (state == NULL)
716 return NULL;
717
718 state->allocate = child_allocate;
719
720 if (universal
721 #ifdef __APPLE__
722 /* Dynamic: restart with new template */
723 || dynamic
724 #endif
725 ) {
726 state = sec_asn1d_init_state_based_on_template (state,
727 buf /* __APPLE__ */, len /* __APPLE__ */);
728 if (state != NULL) {
729 /*
730 * If this field is optional, we need to record that on
731 * the pushed child so it won't fail if the field isn't
732 * found. I can't think of a way that this new state
733 * could already have optional set (which we would wipe
734 * out below if our local optional is not set) -- but
735 * just to be sure, assert that it isn't set.
736 */
737 PORT_Assert (!state->optional);
738 state->optional = optional;
739 }
740 return state;
741 }
742
743 under_kind = state->theTemplate->kind;
744 under_kind &= ~SEC_ASN1_MAY_STREAM;
745 } else if (explicit) {
746 /*
747 * For explicit, we only need to match the encoding tag next,
748 * then we will push another state to handle the entire inner
749 * part. In this case, there is no underlying kind which plays
750 * any part in the determination of the outer, explicit tag.
751 * So we just set under_kind to 0, which is not a valid tag,
752 * and the rest of the tag matching stuff should be okay.
753 */
754 under_kind = 0;
755 } else {
756 /*
757 * Nothing special; the underlying kind and the given encoding
758 * information are the same.
759 */
760 under_kind = encode_kind;
761 }
762
763 /* XXX is this the right set of bits to test here? */
764 PORT_Assert ((under_kind & (SEC_ASN1_EXPLICIT
765 | SEC_ASN1_MAY_STREAM
766 | SEC_ASN1_INLINE | SEC_ASN1_POINTER)) == 0);
767
768 if (encode_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP)) {
769 PORT_Assert (encode_kind == under_kind);
770 if (encode_kind & SEC_ASN1_SKIP) {
771 PORT_Assert (!optional);
772 PORT_Assert (encode_kind == SEC_ASN1_SKIP);
773 state->dest = NULL;
774 }
775 check_tag_mask = 0;
776 expect_tag_modifiers = 0;
777 expect_tag_number = 0;
778 } else {
779 check_tag_mask = SEC_ASN1_TAG_MASK;
780 expect_tag_modifiers = (unsigned char)encode_kind & SEC_ASN1_TAG_MASK
781 & ~SEC_ASN1_TAGNUM_MASK;
782 /*
783 * XXX This assumes only single-octet identifiers. To handle
784 * the HIGH TAG form we would need to do some more work, especially
785 * in how to specify them in the template, because right now we
786 * do not provide a way to specify more *tag* bits in encode_kind.
787 */
788 expect_tag_number = encode_kind & SEC_ASN1_TAGNUM_MASK;
789
790 switch (under_kind & SEC_ASN1_TAGNUM_MASK) {
791 case SEC_ASN1_SET:
792 /*
793 * XXX A plain old SET (as opposed to a SET OF) is not
794 * implemented.
795 * If it ever is, remove this assert...
796 */
797 PORT_Assert ((under_kind & SEC_ASN1_GROUP) != 0);
798 /* fallthru */
799 case SEC_ASN1_SEQUENCE:
800 expect_tag_modifiers |= SEC_ASN1_CONSTRUCTED;
801 break;
802 case SEC_ASN1_BIT_STRING:
803 case SEC_ASN1_BMP_STRING:
804 case SEC_ASN1_GENERALIZED_TIME:
805 case SEC_ASN1_IA5_STRING:
806 case SEC_ASN1_OCTET_STRING:
807 case SEC_ASN1_PRINTABLE_STRING:
808 case SEC_ASN1_T61_STRING:
809 case SEC_ASN1_UNIVERSAL_STRING:
810 case SEC_ASN1_UTC_TIME:
811 case SEC_ASN1_UTF8_STRING:
812 case SEC_ASN1_VISIBLE_STRING:
813 check_tag_mask &= ~SEC_ASN1_CONSTRUCTED;
814 break;
815 }
816 }
817
818 state->check_tag_mask = check_tag_mask;
819 state->expect_tag_modifiers = expect_tag_modifiers;
820 state->expect_tag_number = expect_tag_number;
821 state->underlying_kind = under_kind;
822 state->explicit = explicit;
823 state->optional = optional;
824 sec_asn1d_scrub_state (state);
825
826 return state;
827 }
828
829
830 static unsigned long
831 sec_asn1d_parse_identifier (sec_asn1d_state *state,
832 const char *buf, unsigned long len)
833 {
834 unsigned char byte;
835 unsigned char tag_number;
836
837 PORT_Assert (state->place == beforeIdentifier);
838
839 if (len == 0) {
840 state->top->status = needBytes;
841 return 0;
842 }
843
844 byte = (unsigned char) *buf;
845 #ifdef DEBUG_ASN1D_STATES
846 if (doDumpStates > 0) {
847 char kindBuf[256];
848 formatKind(byte, kindBuf);
849 printf("Found tag %02x %s\n", byte, kindBuf);
850 }
851 #endif
852 tag_number = byte & SEC_ASN1_TAGNUM_MASK;
853
854 if (IS_HIGH_TAG_NUMBER (tag_number)) {
855 state->place = duringIdentifier;
856 state->found_tag_number = 0;
857 /*
858 * Actually, we have no idea how many bytes are pending, but we
859 * do know that it is at least 1. That is all we know; we have
860 * to look at each byte to know if there is another, etc.
861 */
862 state->pending = 1;
863 } else {
864 if (byte == 0 && sec_asn1d_parent_allows_EOC(state)) {
865 /*
866 * Our parent has indefinite-length encoding, and the
867 * entire tag found is 0, so it seems that we have hit the
868 * end-of-contents octets. To handle this, we just change
869 * our state to that which expects to get the bytes of the
870 * end-of-contents octets and let that code re-read this byte
871 * so that our categorization of field types is correct.
872 * After that, our parent will then deal with everything else.
873 */
874 state->place = duringEndOfContents;
875 state->pending = 2;
876 state->found_tag_number = 0;
877 state->found_tag_modifiers = 0;
878 /*
879 * We might be an optional field that is, as we now find out,
880 * missing. Give our parent a clue that this happened.
881 */
882 if (state->optional)
883 state->missing = PR_TRUE;
884 return 0;
885 }
886 state->place = afterIdentifier;
887 state->found_tag_number = tag_number;
888 }
889 state->found_tag_modifiers = byte & ~SEC_ASN1_TAGNUM_MASK;
890
891 return 1;
892 }
893
894
895 static unsigned long
896 sec_asn1d_parse_more_identifier (sec_asn1d_state *state,
897 const char *buf, unsigned long len)
898 {
899 unsigned char byte;
900 int count;
901
902 PORT_Assert (state->pending == 1);
903 PORT_Assert (state->place == duringIdentifier);
904
905 if (len == 0) {
906 state->top->status = needBytes;
907 return 0;
908 }
909
910 count = 0;
911
912 while (len && state->pending) {
913 if (HIGH_BITS (state->found_tag_number, TAG_NUMBER_BITS) != 0) {
914 /*
915 * The given high tag number overflows our container;
916 * just give up. This is not likely to *ever* happen.
917 */
918 PORT_SetError (SEC_ERROR_BAD_DER);
919 state->top->status = decodeError;
920 dprintf("decodeError: parse_more_id high bits oflow\n");
921 return 0;
922 }
923
924 state->found_tag_number <<= TAG_NUMBER_BITS;
925
926 byte = (unsigned char) buf[count++];
927 state->found_tag_number |= (byte & TAG_NUMBER_MASK);
928
929 len--;
930 if (LAST_TAG_NUMBER_BYTE (byte))
931 state->pending = 0;
932 }
933
934 if (state->pending == 0)
935 state->place = afterIdentifier;
936
937 return count;
938 }
939
940
941 static void
942 sec_asn1d_confirm_identifier (sec_asn1d_state *state)
943 {
944 PRBool match;
945
946 PORT_Assert (state->place == afterIdentifier);
947
948 match = (PRBool)(((state->found_tag_modifiers & state->check_tag_mask)
949 == state->expect_tag_modifiers)
950 && ((state->found_tag_number & state->check_tag_mask)
951 == state->expect_tag_number));
952 if (match) {
953 state->place = beforeLength;
954 } else {
955 if (state->optional) {
956 state->missing = PR_TRUE;
957 state->place = afterEndOfContents;
958 } else {
959 PORT_SetError (SEC_ERROR_BAD_DER);
960 state->top->status = decodeError;
961 //dprintf("decodeError: sec_asn1d_confirm_identifier\n");
962 }
963 }
964 }
965
966
967 static unsigned long
968 sec_asn1d_parse_length (sec_asn1d_state *state,
969 const char *buf, unsigned long len)
970 {
971 unsigned char byte;
972
973 PORT_Assert (state->place == beforeLength);
974
975 if (len == 0) {
976 state->top->status = needBytes;
977 return 0;
978 }
979
980 /*
981 * The default/likely outcome. It may get adjusted below.
982 */
983 state->place = afterLength;
984
985 byte = (unsigned char) *buf;
986
987 if (LENGTH_IS_SHORT_FORM (byte)) {
988 state->contents_length = byte;
989 } else {
990 state->contents_length = 0;
991 state->pending = LONG_FORM_LENGTH (byte);
992 if (state->pending == 0) {
993 state->indefinite = PR_TRUE;
994 } else {
995 state->place = duringLength;
996 }
997 }
998
999 /* If we're parsing an ANY, SKIP, or SAVE template, and
1000 ** the object being saved is definite length encoded and constructed,
1001 ** there's no point in decoding that construct's members.
1002 ** So, just forget it's constructed and treat it as primitive.
1003 ** (SAVE appears as an ANY at this point)
1004 */
1005 if (!state->indefinite &&
1006 (state->underlying_kind & (SEC_ASN1_ANY | SEC_ASN1_SKIP))) {
1007 state->found_tag_modifiers &= ~SEC_ASN1_CONSTRUCTED;
1008 }
1009
1010 return 1;
1011 }
1012
1013
1014 static unsigned long
1015 sec_asn1d_parse_more_length (sec_asn1d_state *state,
1016 const char *buf, unsigned long len)
1017 {
1018 int count;
1019
1020 PORT_Assert (state->pending > 0);
1021 PORT_Assert (state->place == duringLength);
1022
1023 if (len == 0) {
1024 state->top->status = needBytes;
1025 return 0;
1026 }
1027
1028 count = 0;
1029
1030 while (len && state->pending) {
1031 if (HIGH_BITS (state->contents_length, 9) != 0) {
1032 /*
1033 * The given full content length overflows our container;
1034 * just give up.
1035 */
1036 PORT_SetError (SEC_ERROR_BAD_DER);
1037 state->top->status = decodeError;
1038 dprintf("decodeError: sec_asn1d_parse_more_length\n");
1039 return 0;
1040 }
1041
1042 state->contents_length <<= 8;
1043 state->contents_length |= (unsigned char) buf[count++];
1044
1045 len--;
1046 state->pending--;
1047 }
1048
1049 if (state->pending == 0)
1050 state->place = afterLength;
1051
1052 return count;
1053 }
1054
1055
1056 /*
1057 * Helper function for sec_asn1d_prepare_for_contents.
1058 * Checks that a value representing a number of bytes consumed can be
1059 * subtracted from a remaining length. If so, returns PR_TRUE.
1060 * Otherwise, sets the error SEC_ERROR_BAD_DER, indicates that there was a
1061 * decoding error in the given SEC_ASN1DecoderContext, and returns PR_FALSE.
1062 */
1063 static PRBool
1064 sec_asn1d_check_and_subtract_length (unsigned long *remaining,
1065 unsigned long consumed,
1066 SEC_ASN1DecoderContext *cx)
1067 {
1068 PORT_Assert(remaining);
1069 PORT_Assert(cx);
1070 if (!remaining || !cx) {
1071 PORT_SetError (SEC_ERROR_INVALID_ARGS);
1072 cx->status = decodeError;
1073 return PR_FALSE;
1074 }
1075 if (*remaining < consumed) {
1076 PORT_SetError (SEC_ERROR_BAD_DER);
1077 cx->status = decodeError;
1078 return PR_FALSE;
1079 }
1080 *remaining -= consumed;
1081 return PR_TRUE;
1082 }
1083
1084
1085 static void
1086 sec_asn1d_prepare_for_contents (sec_asn1d_state *state,
1087 #ifdef __APPLE__
1088 const char *buf, /* needed for SEC_ASN1GetSubtemplate */
1089 size_t len
1090 #endif
1091 )
1092 {
1093 SecAsn1Item *item=NULL;
1094 PRArenaPool *poolp;
1095 unsigned long alloc_len;
1096
1097 #ifdef DEBUG_ASN1D_STATES
1098 if (doDumpStates > 0) {
1099 printf("Found Length %lu %s\n", state->contents_length,
1100 state->indefinite ? "indefinite" : "");
1101 }
1102 #endif
1103
1104 /**
1105 * The maximum length for a child element should be constrained to the
1106 * length remaining in the first definite length element in the ancestor
1107 * stack. If there is no definite length element in the ancestor stack,
1108 * there's nothing to constrain the length of the child, so there's no
1109 * further processing necessary.
1110 *
1111 * It's necessary to walk the ancestor stack, because it's possible to have
1112 * definite length children that are part of an indefinite length element,
1113 * which is itself part of an indefinite length element, and which is
1114 * ultimately part of a definite length element. A simple example of this
1115 * would be the handling of constructed OCTET STRINGs in BER encoding.
1116 *
1117 * This algorithm finds the first definite length element in the ancestor
1118 * stack, if any, and if so, ensures that the length of the child element
1119 * is consistent with the number of bytes remaining in the constraining
1120 * ancestor element (that is, after accounting for any other sibling
1121 * elements that may have been read).
1122 *
1123 * It's slightly complicated by the need to account both for integer
1124 * underflow and overflow, as well as ensure that for indefinite length
1125 * encodings, there's also enough space for the End-of-Contents (EOC)
1126 * octets (Tag = 0x00, Length = 0x00, or two bytes).
1127 */
1128
1129 /* Determine the maximum length available for this element by finding the
1130 * first definite length ancestor, if any. */
1131 sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(state);
1132 while (parent && parent->indefinite) {
1133 parent = sec_asn1d_get_enclosing_construct(parent);
1134 }
1135 /* If parent is null, state is either the outermost state / at the top of
1136 * the stack, or the outermost state uses indefinite length encoding. In
1137 * these cases, there's nothing external to constrain this element, so
1138 * there's nothing to check. */
1139 if (parent) {
1140 unsigned long remaining = parent->pending;
1141 parent = state;
1142 do {
1143 if (!sec_asn1d_check_and_subtract_length(&remaining, parent->consumed, state->top) ||
1144 /* If parent->indefinite is true, parent->contents_length is
1145 * zero and this is a no-op. */
1146 !sec_asn1d_check_and_subtract_length(&remaining, parent->contents_length, state->top) ||
1147 /* If parent->indefinite is true, then ensure there is enough
1148 * space for an EOC tag of 2 bytes. */
1149 (parent->indefinite && !sec_asn1d_check_and_subtract_length(&remaining, 2, state->top))) {
1150 /* This element is larger than its enclosing element, which is
1151 * invalid. */
1152 return;
1153 }
1154 } while ((parent = sec_asn1d_get_enclosing_construct(parent)) &&
1155 parent->indefinite);
1156 }
1157
1158 /*
1159 * XXX I cannot decide if this allocation should exclude the case
1160 * where state->endofcontents is true -- figure it out!
1161 */
1162 if (state->allocate) {
1163 void *dest;
1164
1165 PORT_Assert (state->dest == NULL);
1166 /*
1167 * We are handling a POINTER or a member of a GROUP, and need to
1168 * allocate for the data structure.
1169 */
1170 dest = sec_asn1d_zalloc (state->top->their_pool,
1171 state->theTemplate->size);
1172 if (dest == NULL) {
1173 dprintf("decodeError: sec_asn1d_prepare_for_contents zalloc\n");
1174 state->top->status = decodeError;
1175 return;
1176 }
1177 /* FIXME _ we're losing the dest pointer after this! */
1178 state->dest = (char *)dest + state->theTemplate->offset;
1179
1180 /*
1181 * For a member of a GROUP, our parent will later put the
1182 * pointer wherever it belongs. But for a POINTER, we need
1183 * to record the destination now, in case notify or filter
1184 * procs need access to it -- they cannot find it otherwise,
1185 * until it is too late (for one-pass processing).
1186 */
1187 if (state->parent->place == afterPointer) {
1188 void **placep;
1189
1190 placep = state->parent->dest;
1191 *placep = dest;
1192 }
1193 }
1194
1195 /*
1196 * Remember, length may be indefinite here! In that case,
1197 * both contents_length and pending will be zero.
1198 */
1199 state->pending = state->contents_length;
1200
1201 /*
1202 * An EXPLICIT is nothing but an outer header, which we have
1203 * already parsed and accepted. Now we need to do the inner
1204 * header and its contents.
1205 */
1206 if (state->explicit) {
1207 state->place = afterExplicit;
1208 state = sec_asn1d_push_state (state->top,
1209 SEC_ASN1GetSubtemplate(state->theTemplate,
1210 state->dest,
1211 PR_FALSE,
1212 buf /* __APPLE__ */,
1213 len /* __APPLE__ */),
1214 state->dest, PR_TRUE);
1215 if (state != NULL)
1216 state = sec_asn1d_init_state_based_on_template (state,
1217 buf /* __APPLE__ */, len /* __APPLE__ */);
1218 (void) state;
1219 return;
1220 }
1221
1222 /*
1223 * For GROUP (SET OF, SEQUENCE OF), even if we know the length here
1224 * we cannot tell how many items we will end up with ... so push a
1225 * state that can keep track of "children" (the individual members
1226 * of the group; we will allocate as we go and put them all together
1227 * at the end.
1228 */
1229 if (state->underlying_kind & SEC_ASN1_GROUP) {
1230 /* XXX If this assertion holds (should be able to confirm it via
1231 * inspection, too) then move this code into the switch statement
1232 * below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
1233 */
1234 PORT_Assert (state->underlying_kind == SEC_ASN1_SET_OF
1235 || state->underlying_kind == SEC_ASN1_SEQUENCE_OF
1236 || state->underlying_kind == (SEC_ASN1_SEQUENCE_OF|SEC_ASN1_DYNAMIC)
1237 || state->underlying_kind == (SEC_ASN1_SET_OF|SEC_ASN1_DYNAMIC)
1238 );
1239 if (state->contents_length != 0 || state->indefinite) {
1240 const SecAsn1Template *subt;
1241
1242 state->place = duringGroup;
1243 subt = SEC_ASN1GetSubtemplate (state->theTemplate, state->dest,
1244 PR_FALSE, buf /* __APPLE__ */, len /* __APPLE__ */);
1245 state = sec_asn1d_push_state (state->top, subt, NULL, PR_TRUE);
1246 if (state != NULL) {
1247 if (!state->top->filter_only)
1248 state->allocate = PR_TRUE; /* XXX propogate this? */
1249 /*
1250 * Do the "before" field notification for next in group.
1251 */
1252 sec_asn1d_notify_before (state->top, state->dest, state->depth);
1253 state = sec_asn1d_init_state_based_on_template (state,
1254 buf /* __APPLE__ */, len /* __APPLE__ */);
1255 }
1256 } else {
1257 /*
1258 * A group of zero; we are done.
1259 * Set state to afterGroup and let that code plant the NULL.
1260 */
1261 state->place = afterGroup;
1262 }
1263 (void) state;
1264 return;
1265 }
1266
1267 switch (state->underlying_kind) {
1268 case SEC_ASN1_SEQUENCE:
1269 /*
1270 * We need to push a child to handle the individual fields.
1271 */
1272 state->place = duringSequence;
1273 state = sec_asn1d_push_state (state->top, state->theTemplate + 1,
1274 state->dest, PR_TRUE);
1275 if (state != NULL) {
1276 /*
1277 * Do the "before" field notification.
1278 */
1279 sec_asn1d_notify_before (state->top, state->dest, state->depth);
1280 state = sec_asn1d_init_state_based_on_template (state,
1281 buf /* __APPLE__ */, len /* __APPLE__ */);
1282 }
1283 (void) state;
1284 break;
1285
1286 case SEC_ASN1_SET: /* XXX SET is not really implemented */
1287 /*
1288 * XXX A plain SET requires special handling; scanning of a
1289 * template to see where a field should go (because by definition,
1290 * they are not in any particular order, and you have to look at
1291 * each tag to disambiguate what the field is). We may never
1292 * implement this because in practice, it seems to be unused.
1293 */
1294 dprintf("decodeError: prepare for contents SEC_ASN1_SET\n");
1295 PORT_Assert(0);
1296 PORT_SetError (SEC_ERROR_BAD_DER); /* XXX */
1297 state->top->status = decodeError;
1298 break;
1299
1300 case SEC_ASN1_NULL:
1301 /*
1302 * The NULL type, by definition, is "nothing", content length of zero.
1303 * An indefinite-length encoding is not alloweed.
1304 */
1305 if (state->contents_length || state->indefinite) {
1306 dprintf("decodeError: prepare for contents indefinite NULL\n");
1307 PORT_SetError (SEC_ERROR_BAD_DER);
1308 state->top->status = decodeError;
1309 break;
1310 }
1311 if (state->dest != NULL) {
1312 item = (SecAsn1Item *)(state->dest);
1313 item->Data = NULL;
1314 item->Length = 0;
1315 }
1316 state->place = afterEndOfContents;
1317 break;
1318
1319 case SEC_ASN1_BMP_STRING:
1320 /* Error if length is not divisable by 2 */
1321 if (state->contents_length % 2) {
1322 dprintf("decodeError: prepare for contents odd length BMP_STRING\n");
1323 PORT_SetError (SEC_ERROR_BAD_DER);
1324 state->top->status = decodeError;
1325 break;
1326 }
1327 /* otherwise, handle as other string types */
1328 goto regular_string_type;
1329
1330 case SEC_ASN1_UNIVERSAL_STRING:
1331 /* Error if length is not divisable by 4 */
1332 if (state->contents_length % 4) {
1333 dprintf("decodeError: prepare for contents odd length UNIV_STRING\n");
1334 PORT_SetError (SEC_ERROR_BAD_DER);
1335 state->top->status = decodeError;
1336 break;
1337 }
1338 /* otherwise, handle as other string types */
1339 goto regular_string_type;
1340
1341 case SEC_ASN1_SKIP:
1342 case SEC_ASN1_ANY:
1343 case SEC_ASN1_ANY_CONTENTS:
1344 /*
1345 * These are not (necessarily) strings, but they need nearly
1346 * identical handling (especially when we need to deal with
1347 * constructed sub-pieces), so we pretend they are.
1348 */
1349 /* fallthru */
1350 regular_string_type:
1351 case SEC_ASN1_BIT_STRING:
1352 case SEC_ASN1_IA5_STRING:
1353 case SEC_ASN1_OCTET_STRING:
1354 case SEC_ASN1_PRINTABLE_STRING:
1355 case SEC_ASN1_T61_STRING:
1356 case SEC_ASN1_UTC_TIME:
1357 case SEC_ASN1_UTF8_STRING:
1358 case SEC_ASN1_VISIBLE_STRING:
1359 /*
1360 * We are allocating for a primitive or a constructed string.
1361 * If it is a constructed string, it may also be indefinite-length.
1362 * If it is primitive, the length can (legally) be zero.
1363 * Our first order of business is to allocate the memory for
1364 * the string, if we can (if we know the length).
1365 */
1366 item = (SecAsn1Item *)(state->dest);
1367
1368 /*
1369 * If the item is a definite-length constructed string, then
1370 * the contents_length is actually larger than what we need
1371 * (because it also counts each intermediate header which we
1372 * will be throwing away as we go), but it is a perfectly good
1373 * upper bound that we just allocate anyway, and then concat
1374 * as we go; we end up wasting a few extra bytes but save a
1375 * whole other copy.
1376 */
1377 alloc_len = state->contents_length;
1378 poolp = NULL; /* quiet compiler warnings about unused... */
1379
1380 if (item == NULL || state->top->filter_only) {
1381 if (item != NULL) {
1382 item->Data = NULL;
1383 item->Length = 0;
1384 }
1385 alloc_len = 0;
1386 } else if (state->substring) {
1387 /*
1388 * If we are a substring of a constructed string, then we may
1389 * not have to allocate anything (because our parent, the
1390 * actual constructed string, did it for us). If we are a
1391 * substring and we *do* have to allocate, that means our
1392 * parent is an indefinite-length, so we allocate from our pool;
1393 * later our parent will copy our string into the aggregated
1394 * whole and free our pool allocation.
1395 */
1396 if (item->Data == NULL) {
1397 PORT_Assert (item->Length == 0);
1398 poolp = state->top->our_pool;
1399 } else {
1400 alloc_len = 0;
1401 }
1402 } else {
1403 item->Length = 0;
1404 item->Data = NULL;
1405 poolp = state->top->their_pool;
1406 }
1407
1408 if (alloc_len || ((! state->indefinite)
1409 && (state->subitems_head != NULL))) {
1410 struct subitem *subitem;
1411 unsigned long len;
1412
1413 PORT_Assert (item!=NULL);
1414 if (item==NULL) {
1415 PORT_SetError (SEC_ERROR_BAD_DER);
1416 state->top->status = decodeError;
1417 return;
1418 }
1419 PORT_Assert (item->Length == 0 && item->Data == NULL);
1420 /*
1421 * Check for and handle an ANY which has stashed aside the
1422 * header (identifier and length) bytes for us to include
1423 * in the saved contents.
1424 */
1425 if (state->subitems_head != NULL) {
1426 PORT_Assert (state->underlying_kind == SEC_ASN1_ANY);
1427 for (subitem = state->subitems_head;
1428 subitem != NULL; subitem = subitem->next)
1429 alloc_len += subitem->len;
1430 }
1431
1432 item->Data = (unsigned char*)sec_asn1d_zalloc (poolp, alloc_len);
1433 if (item->Data == NULL) {
1434 dprintf("decodeError: prepare for contents zalloc\n");
1435 state->top->status = decodeError;
1436 break;
1437 }
1438
1439 len = 0;
1440 for (subitem = state->subitems_head;
1441 subitem != NULL; subitem = subitem->next) {
1442 PORT_Memcpy (item->Data + len, subitem->data, subitem->len);
1443 len += subitem->len;
1444 }
1445 item->Length = len;
1446
1447 /*
1448 * Because we use arenas and have a mark set, we later free
1449 * everything we have allocated, so this does *not* present
1450 * a memory leak (it is just temporarily left dangling).
1451 */
1452 state->subitems_head = state->subitems_tail = NULL;
1453 }
1454
1455 if (state->contents_length == 0 && (! state->indefinite)) {
1456 /*
1457 * A zero-length simple or constructed string; we are done.
1458 */
1459 state->place = afterEndOfContents;
1460 } else if (state->found_tag_modifiers & SEC_ASN1_CONSTRUCTED) {
1461 const SecAsn1Template *sub;
1462
1463 switch (state->underlying_kind) {
1464 case SEC_ASN1_ANY:
1465 case SEC_ASN1_ANY_CONTENTS:
1466 sub = kSecAsn1AnyTemplate;
1467 break;
1468 case SEC_ASN1_BIT_STRING:
1469 sub = kSecAsn1BitStringTemplate;
1470 break;
1471 case SEC_ASN1_BMP_STRING:
1472 sub = kSecAsn1BMPStringTemplate;
1473 break;
1474 case SEC_ASN1_GENERALIZED_TIME:
1475 sub = kSecAsn1GeneralizedTimeTemplate;
1476 break;
1477 case SEC_ASN1_IA5_STRING:
1478 sub = kSecAsn1IA5StringTemplate;
1479 break;
1480 case SEC_ASN1_OCTET_STRING:
1481 sub = kSecAsn1OctetStringTemplate;
1482 break;
1483 case SEC_ASN1_PRINTABLE_STRING:
1484 sub = kSecAsn1PrintableStringTemplate;
1485 break;
1486 case SEC_ASN1_T61_STRING:
1487 sub = kSecAsn1T61StringTemplate;
1488 break;
1489 case SEC_ASN1_UNIVERSAL_STRING:
1490 sub = kSecAsn1UniversalStringTemplate;
1491 break;
1492 case SEC_ASN1_UTC_TIME:
1493 sub = kSecAsn1UTCTimeTemplate;
1494 break;
1495 case SEC_ASN1_UTF8_STRING:
1496 sub = kSecAsn1UTF8StringTemplate;
1497 break;
1498 case SEC_ASN1_VISIBLE_STRING:
1499 sub = kSecAsn1VisibleStringTemplate;
1500 break;
1501 case SEC_ASN1_SKIP:
1502 sub = kSecAsn1SkipTemplate;
1503 break;
1504 default: /* redundant given outer switch cases, but */
1505 PORT_Assert(0); /* the compiler does not seem to know that, */
1506 sub = NULL; /* so just do enough to quiet it. */
1507 break;
1508 }
1509
1510 state->place = duringConstructedString;
1511 state = sec_asn1d_push_state (state->top, sub, item, PR_TRUE);
1512 if (state != NULL) {
1513 state->substring = PR_TRUE; /* XXX propogate? */
1514 state = sec_asn1d_init_state_based_on_template (state,
1515 buf /* __APPLE__ */, len /* __APPLE__ */);
1516 }
1517 } else if (state->indefinite) {
1518 /*
1519 * An indefinite-length string *must* be constructed!
1520 */
1521 dprintf("decodeError: prepare for contents indefinite not construncted\n");
1522 PORT_SetError (SEC_ERROR_BAD_DER);
1523 state->top->status = decodeError;
1524 } else {
1525 /*
1526 * A non-zero-length simple string.
1527 */
1528 if (state->underlying_kind == SEC_ASN1_BIT_STRING)
1529 state->place = beforeBitString;
1530 else
1531 state->place = duringLeaf;
1532 }
1533 (void) state;
1534 break;
1535
1536 default:
1537 /*
1538 * We are allocating for a simple leaf item.
1539 */
1540 if (state->contents_length) {
1541 if (state->dest != NULL) {
1542 item = (SecAsn1Item *)(state->dest);
1543 item->Length = 0;
1544 if (state->top->filter_only) {
1545 item->Data = NULL;
1546 } else {
1547 item->Data = (unsigned char*)
1548 sec_asn1d_zalloc (state->top->their_pool,
1549 state->contents_length);
1550 if (item->Data == NULL) {
1551 dprintf("decodeError: prepare for contents zalloc\n");
1552 state->top->status = decodeError;
1553 return;
1554 }
1555 }
1556 }
1557 state->place = duringLeaf;
1558 } else {
1559 /*
1560 * An indefinite-length or zero-length item is not allowed.
1561 * (All legal cases of such were handled above.)
1562 */
1563 dprintf("decodeError: prepare for contents indefinite zero len \n");
1564 PORT_SetError (SEC_ERROR_BAD_DER);
1565 state->top->status = decodeError;
1566 }
1567 }
1568 }
1569
1570
1571 static void
1572 sec_asn1d_free_child (sec_asn1d_state *state, PRBool error)
1573 {
1574 if (state->child != NULL) {
1575 PORT_Assert (error || state->child->consumed == 0);
1576 PORT_Assert (state->our_mark != NULL);
1577 PORT_ArenaRelease (state->top->our_pool, state->our_mark);
1578 if (error && state->top->their_pool == NULL) {
1579 /*
1580 * XXX We need to free anything allocated.
1581 * At this point, we failed in the middle of decoding. But we
1582 * can't free the data we previously allocated with PR_Malloc
1583 * unless we keep track of every pointer. So instead we have a
1584 * memory leak when decoding fails half-way, unless an arena is
1585 * used. See bug 95311 .
1586 */
1587 }
1588 state->child = NULL;
1589 state->our_mark = NULL;
1590 } else {
1591 /*
1592 * It is important that we do not leave a mark unreleased/unmarked.
1593 * But I do not think we should ever have one set in this case, only
1594 * if we had a child (handled above). So check for that. If this
1595 * assertion should ever get hit, then we probably need to add code
1596 * here to release back to our_mark (and then set our_mark to NULL).
1597 */
1598 PORT_Assert (state->our_mark == NULL);
1599 }
1600 state->place = beforeEndOfContents;
1601 }
1602
1603
1604 /* We have just saved an entire encoded ASN.1 object (type) for a SAVE
1605 ** template, and now in the next template, we are going to decode that
1606 ** saved data by calling SEC_ASN1DecoderUpdate recursively.
1607 ** If that recursive call fails with needBytes, it is a fatal error,
1608 ** because the encoded object should have been complete.
1609 ** If that recursive call fails with decodeError, it will have already
1610 ** cleaned up the state stack, so we must bail out quickly.
1611 **
1612 ** These checks of the status returned by the recursive call are now
1613 ** done in the caller of this function, immediately after it returns.
1614 */
1615 static void
1616 sec_asn1d_reuse_encoding (sec_asn1d_state *state)
1617 {
1618 sec_asn1d_state *child;
1619 unsigned long consumed;
1620 SecAsn1Item *item;
1621 void *dest;
1622
1623
1624 child = state->child;
1625 PORT_Assert (child != NULL);
1626
1627 consumed = child->consumed;
1628 child->consumed = 0;
1629
1630 item = (SecAsn1Item *)(state->dest);
1631 PORT_Assert (item != NULL);
1632
1633 PORT_Assert (item->Length == consumed);
1634
1635 /*
1636 * Free any grandchild.
1637 */
1638 sec_asn1d_free_child (child, PR_FALSE);
1639
1640 /*
1641 * Notify after the SAVE field.
1642 */
1643 sec_asn1d_notify_after (state->top, state->dest, state->depth);
1644
1645 /*
1646 * Adjust to get new dest and move forward.
1647 */
1648 dest = (char *)state->dest - state->theTemplate->offset;
1649 state->theTemplate++;
1650 child->dest = (char *)dest + state->theTemplate->offset;
1651 child->theTemplate = state->theTemplate;
1652
1653 /*
1654 * Notify before the "real" field.
1655 */
1656 PORT_Assert (state->depth == child->depth);
1657 sec_asn1d_notify_before (state->top, child->dest, child->depth);
1658
1659 /*
1660 * This will tell DecoderUpdate to return when it is done.
1661 */
1662 state->place = afterSaveEncoding;
1663
1664 /*
1665 * We already have a child; "push" it by making it current.
1666 */
1667 state->top->current = child;
1668
1669 /*
1670 * And initialize it so it is ready to parse.
1671 */
1672 (void) sec_asn1d_init_state_based_on_template(child,
1673 (char *) item->Data /* __APPLE__ */,
1674 item->Length /* __APPLE__ */);
1675
1676 /*
1677 * Now parse that out of our data.
1678 */
1679 if (SEC_ASN1DecoderUpdate (state->top,
1680 (char *) item->Data, item->Length) != SECSuccess)
1681 return;
1682 if (state->top->status == needBytes) {
1683 return;
1684 }
1685
1686 PORT_Assert (state->top->current == state);
1687 PORT_Assert (state->child == child);
1688
1689 /*
1690 * That should have consumed what we consumed before.
1691 */
1692 PORT_Assert (consumed == child->consumed);
1693 child->consumed = 0;
1694
1695 /*
1696 * Done.
1697 */
1698 state->consumed += consumed;
1699 child->place = notInUse;
1700 state->place = afterEndOfContents;
1701 }
1702
1703
1704 static unsigned long
1705 sec_asn1d_parse_leaf (sec_asn1d_state *state,
1706 const char *buf, unsigned long len)
1707 {
1708 SecAsn1Item *item;
1709 unsigned long bufLen;
1710
1711 if (len == 0) {
1712 state->top->status = needBytes;
1713 return 0;
1714 }
1715
1716 if (state->pending < len)
1717 len = state->pending;
1718
1719 bufLen = len;
1720
1721 item = (SecAsn1Item *)(state->dest);
1722 if (item != NULL && item->Data != NULL) {
1723 /* Strip leading zeroes when target is unsigned integer */
1724 if (state->underlying_kind == SEC_ASN1_INTEGER && /* INTEGER */
1725 item->Length == 0 && /* MSB */
1726 #ifdef __APPLE__
1727 !(state->underlying_kind & SEC_ASN1_SIGNED_INT))
1728 #else
1729 item->type == siUnsignedInteger) /* unsigned */
1730 #endif
1731 {
1732 while (len > 1 && buf[0] == 0) { /* leading 0 */
1733 buf++;
1734 len--;
1735 }
1736 }
1737 unsigned long offset = item->Length;
1738 if (state->underlying_kind == SEC_ASN1_BIT_STRING) {
1739 // The previous bit string must have no unused bits.
1740 if (item->Length & 0x7) {
1741 PORT_SetError (SEC_ERROR_BAD_DER);
1742 state->top->status = decodeError;
1743 return 0;
1744 }
1745 // If this is a bit string, the length is bits, not bytes.
1746 offset = item->Length >> 3;
1747 }
1748 if (state->underlying_kind == SEC_ASN1_BIT_STRING) {
1749 // Protect against overflow during the bytes-to-bits conversion.
1750 if (len >= (ULONG_MAX >> 3) + 1) {
1751 PORT_SetError (SEC_ERROR_BAD_DER);
1752 state->top->status = decodeError;
1753 return 0;
1754 }
1755 unsigned long len_in_bits = (len << 3) - state->bit_string_unused_bits;
1756 // Protect against overflow when computing the total length in bits.
1757 if (UINT_MAX - item->Length < len_in_bits) {
1758 PORT_SetError (SEC_ERROR_BAD_DER);
1759 state->top->status = decodeError;
1760 return 0;
1761 }
1762 item->Length += len_in_bits;
1763 } else {
1764 if (UINT_MAX - item->Length < len) {
1765 PORT_SetError (SEC_ERROR_BAD_DER);
1766 state->top->status = decodeError;
1767 return 0;
1768 }
1769 item->Length += len;
1770 }
1771 PORT_Memcpy (item->Data + offset, buf, len);
1772 }
1773 state->pending -= bufLen;
1774 if (state->pending == 0)
1775 state->place = beforeEndOfContents;
1776
1777 return bufLen;
1778 }
1779
1780
1781 static unsigned long
1782 sec_asn1d_parse_bit_string (sec_asn1d_state *state,
1783 const char *buf, unsigned long len)
1784 {
1785 unsigned char byte;
1786
1787 /*PORT_Assert (state->pending > 0); */
1788 PORT_Assert (state->place == beforeBitString);
1789
1790 if ((state->pending == 0) || (state->contents_length == 1)) {
1791 if (state->dest != NULL) {
1792 SecAsn1Item *item = (SecAsn1Item *)(state->dest);
1793 item->Data = NULL;
1794 item->Length = 0;
1795 state->place = beforeEndOfContents;
1796 }
1797 if(state->contents_length == 1) {
1798 /* skip over (unused) remainder byte */
1799 return 1;
1800 }
1801 else {
1802 return 0;
1803 }
1804 }
1805
1806 if (len == 0) {
1807 state->top->status = needBytes;
1808 return 0;
1809 }
1810
1811 byte = (unsigned char) *buf;
1812 if (byte > 7) {
1813 dprintf("decodeError: parse_bit_string remainder oflow\n");
1814 PORT_SetError (SEC_ERROR_BAD_DER);
1815 state->top->status = decodeError;
1816 return 0;
1817 }
1818
1819 state->bit_string_unused_bits = byte;
1820 state->place = duringBitString;
1821 state->pending -= 1;
1822
1823 return 1;
1824 }
1825
1826
1827 static unsigned long
1828 sec_asn1d_parse_more_bit_string (sec_asn1d_state *state,
1829 const char *buf, unsigned long len)
1830 {
1831 PORT_Assert (state->place == duringBitString);
1832 if (state->pending == 0) {
1833 /* An empty bit string with some unused bits is invalid. */
1834 if (state->bit_string_unused_bits) {
1835 PORT_SetError (SEC_ERROR_BAD_DER);
1836 state->top->status = decodeError;
1837 } else {
1838 /* An empty bit string with no unused bits is OK. */
1839 state->place = beforeEndOfContents;
1840 }
1841 return 0;
1842 }
1843
1844 len = sec_asn1d_parse_leaf (state, buf, len);
1845
1846 return len;
1847 }
1848
1849
1850 /*
1851 * XXX All callers should be looking at return value to detect
1852 * out-of-memory errors (and stop!).
1853 */
1854 static struct subitem *
1855 sec_asn1d_add_to_subitems (sec_asn1d_state *state,
1856 const void *data, unsigned long len,
1857 PRBool copy_data)
1858 {
1859 struct subitem *thing;
1860
1861 thing = (struct subitem*)sec_asn1d_zalloc (state->top->our_pool,
1862 sizeof (struct subitem));
1863 if (thing == NULL) {
1864 dprintf("decodeError: zalloc\n");
1865 state->top->status = decodeError;
1866 return NULL;
1867 }
1868
1869 if (copy_data) {
1870 void *copy;
1871 copy = sec_asn1d_alloc (state->top->our_pool, len);
1872 if (copy == NULL) {
1873 dprintf("decodeError: alloc\n");
1874 state->top->status = decodeError;
1875 if (!state->top->our_pool)
1876 PORT_Free(thing);
1877 return NULL;
1878 }
1879 PORT_Memcpy (copy, data, len);
1880 thing->data = copy;
1881 } else {
1882 thing->data = data;
1883 }
1884 thing->len = len;
1885 thing->next = NULL;
1886
1887 if (state->subitems_head == NULL) {
1888 PORT_Assert (state->subitems_tail == NULL);
1889 state->subitems_head = state->subitems_tail = thing;
1890 } else {
1891 state->subitems_tail->next = thing;
1892 state->subitems_tail = thing;
1893 }
1894
1895 return thing;
1896 }
1897
1898
1899 static void
1900 sec_asn1d_record_any_header (sec_asn1d_state *state,
1901 const char *buf,
1902 unsigned long len)
1903 {
1904 SecAsn1Item *item;
1905
1906 item = (SecAsn1Item *)(state->dest);
1907 if (item != NULL && item->Data != NULL) {
1908 PORT_Assert (state->substring);
1909 PORT_Memcpy (item->Data + item->Length, buf, len);
1910 item->Length += len;
1911 } else {
1912 sec_asn1d_add_to_subitems (state, buf, len, PR_TRUE);
1913 }
1914 }
1915
1916
1917 /*
1918 * We are moving along through the substrings of a constructed string,
1919 * and have just finished parsing one -- we need to save our child data
1920 * (if the child was not already writing directly into the destination)
1921 * and then move forward by one.
1922 *
1923 * We also have to detect when we are done:
1924 * - a definite-length encoding stops when our pending value hits 0
1925 * - an indefinite-length encoding stops when our child is empty
1926 * (which means it was the end-of-contents octets)
1927 */
1928 static void
1929 sec_asn1d_next_substring (sec_asn1d_state *state)
1930 {
1931 sec_asn1d_state *child;
1932 SecAsn1Item *item;
1933 unsigned long child_consumed;
1934 PRBool done;
1935
1936 PORT_Assert (state->place == duringConstructedString);
1937 PORT_Assert (state->child != NULL);
1938
1939 child = state->child;
1940
1941 child_consumed = child->consumed;
1942 child->consumed = 0;
1943 state->consumed += child_consumed;
1944
1945 done = PR_FALSE;
1946
1947 if (state->pending) {
1948 PORT_Assert (!state->indefinite);
1949 if( child_consumed > state->pending ) {
1950 dprintf("decodeError: next_substring consumed > pend\n");
1951 PORT_SetError (SEC_ERROR_BAD_DER);
1952 state->top->status = decodeError;
1953 return;
1954 }
1955
1956 state->pending -= child_consumed;
1957 if (state->pending == 0)
1958 done = PR_TRUE;
1959 } else {
1960 PORT_Assert (state->indefinite);
1961
1962 item = (SecAsn1Item *)(child->dest);
1963 /*
1964 * Iterate over ancestors to determine if any have definite length. If so,
1965 * space has already been allocated for the substrings and we don't need to
1966 * save them for concatenation.
1967 */
1968 PRBool copying_in_place = PR_FALSE;
1969 sec_asn1d_state *temp_state = state;
1970 while (temp_state && item == temp_state->dest && temp_state->indefinite) {
1971 sec_asn1d_state *parent = sec_asn1d_get_enclosing_construct(temp_state);
1972 if (!parent || parent->underlying_kind != temp_state->underlying_kind) {
1973 break;
1974 }
1975 if (!parent->indefinite) {
1976 copying_in_place = PR_TRUE;
1977 break;
1978 }
1979 temp_state = parent;
1980 }
1981 if (item != NULL && item->Data != NULL && !copying_in_place) {
1982 /*
1983 * Save the string away for later concatenation.
1984 */
1985 PORT_Assert (item->Data != NULL);
1986 sec_asn1d_add_to_subitems (state, item->Data, item->Length, PR_FALSE);
1987 /*
1988 * Clear the child item for the next round.
1989 */
1990 item->Data = NULL;
1991 item->Length = 0;
1992 }
1993
1994 /*
1995 * If our child was just our end-of-contents octets, we are done.
1996 */
1997 if (child->endofcontents)
1998 done = PR_TRUE;
1999 }
2000
2001 /*
2002 * Stop or do the next one.
2003 */
2004 if (done) {
2005 child->place = notInUse;
2006 state->place = afterConstructedString;
2007 } else {
2008 sec_asn1d_scrub_state (child);
2009 state->top->current = child;
2010 }
2011 }
2012
2013
2014 /*
2015 * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
2016 */
2017 static void
2018 sec_asn1d_next_in_group (sec_asn1d_state *state,
2019 const char *buf, /* __APPLE__ */
2020 size_t len /* __APPLE__ */)
2021 {
2022 sec_asn1d_state *child;
2023 unsigned long child_consumed;
2024
2025 PORT_Assert (state->place == duringGroup);
2026 PORT_Assert (state->child != NULL);
2027
2028 child = state->child;
2029
2030 child_consumed = child->consumed;
2031 child->consumed = 0;
2032 state->consumed += child_consumed;
2033
2034 /*
2035 * If our child was just our end-of-contents octets, we are done.
2036 */
2037 #ifdef __APPLE__
2038 /*
2039 * Without the check for !child->indefinite, this path could
2040 * be taken erroneously if the child is indefinite!
2041 */
2042 if(child->endofcontents && !child->indefinite) {
2043 #else
2044 if (child->endofcontents) {
2045 #endif /* __APPLE__ */
2046 /* XXX I removed the PORT_Assert (child->dest == NULL) because there
2047 * was a bug in that a template that was a sequence of which also had
2048 * a child of a sequence of, in an indefinite group was not working
2049 * properly. This fix seems to work, (added the if statement below),
2050 * and nothing appears broken, but I am putting this note here just
2051 * in case. */
2052 /*
2053 * XXX No matter how many times I read that comment,
2054 * I cannot figure out what case he was fixing. I believe what he
2055 * did was deliberate, so I am loathe to touch it. I need to
2056 * understand how it could ever be that child->dest != NULL but
2057 * child->endofcontents is true, and why it is important to check
2058 * that state->subitems_head is NULL. This really needs to be
2059 * figured out, as I am not sure if the following code should be
2060 * compensating for "offset", as is done a little farther below
2061 * in the more normal case.
2062 */
2063 PORT_Assert (state->indefinite);
2064 PORT_Assert (state->pending == 0);
2065 if(child->dest && !state->subitems_head) {
2066 sec_asn1d_add_to_subitems (state, child->dest, 0, PR_FALSE);
2067 child->dest = NULL;
2068 }
2069
2070 child->place = notInUse;
2071 state->place = afterGroup;
2072 return;
2073 }
2074
2075 /*
2076 * Do the "after" field notification for next in group.
2077 */
2078 sec_asn1d_notify_after (state->top, child->dest, child->depth);
2079
2080 /*
2081 * Save it away (unless we are not storing).
2082 */
2083 if (child->dest != NULL) {
2084 void *dest;
2085
2086 dest = child->dest;
2087 dest = (char *)dest - child->theTemplate->offset;
2088 sec_asn1d_add_to_subitems (state, dest, 0, PR_FALSE);
2089 child->dest = NULL;
2090 }
2091
2092 /*
2093 * Account for those bytes; see if we are done.
2094 */
2095 if (state->pending) {
2096 PORT_Assert (!state->indefinite);
2097 if( child_consumed > state->pending ) {
2098 dprintf("decodeError: next_in_group consumed > pend\n");
2099 PORT_SetError (SEC_ERROR_BAD_DER);
2100 state->top->status = decodeError;
2101 return;
2102 }
2103
2104 state->pending -= child_consumed;
2105 if (state->pending == 0) {
2106 child->place = notInUse;
2107 state->place = afterGroup;
2108 return;
2109 }
2110 }
2111
2112 /*
2113 * Do the "before" field notification for next item in group.
2114 */
2115 sec_asn1d_notify_before (state->top, child->dest, child->depth);
2116
2117 /*
2118 * Now we do the next one.
2119 */
2120 sec_asn1d_scrub_state (child);
2121
2122 /* Initialize child state from the template */
2123 sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__ */, len /* __APPLE__ */);
2124
2125 state->top->current = child;
2126 }
2127
2128
2129 /*
2130 * We are moving along through a sequence; move forward by one,
2131 * (detecting end-of-sequence when it happens).
2132 * XXX The handling of "missing" is ugly. Fix it.
2133 */
2134 static void
2135 sec_asn1d_next_in_sequence (sec_asn1d_state *state,
2136 const char *buf /* __APPLE__ */,
2137 size_t len /*__APPLE__*/)
2138 {
2139 sec_asn1d_state *child;
2140 unsigned long child_consumed;
2141 PRBool child_missing;
2142
2143 PORT_Assert (state->place == duringSequence);
2144 PORT_Assert (state->child != NULL);
2145
2146 child = state->child;
2147
2148 /*
2149 * Do the "after" field notification.
2150 */
2151 sec_asn1d_notify_after (state->top, child->dest, child->depth);
2152
2153 child_missing = (PRBool) child->missing;
2154 child_consumed = child->consumed;
2155 child->consumed = 0;
2156
2157 /*
2158 * Take care of accounting.
2159 */
2160 if (child_missing) {
2161 PORT_Assert (child->optional);
2162 } else {
2163 state->consumed += child_consumed;
2164 /*
2165 * Free any grandchild.
2166 */
2167 sec_asn1d_free_child (child, PR_FALSE);
2168 if (state->pending) {
2169 PORT_Assert (!state->indefinite);
2170 if( child_consumed > state->pending ) {
2171 dprintf("decodeError: next_in_seq consumed > pend\n");
2172 PORT_SetError (SEC_ERROR_BAD_DER);
2173 state->top->status = decodeError;
2174 return;
2175 }
2176 state->pending -= child_consumed;
2177 if (state->pending == 0) {
2178 child->theTemplate++;
2179 while (child->theTemplate->kind != 0) {
2180 if ((child->theTemplate->kind & SEC_ASN1_OPTIONAL) == 0) {
2181 dprintf("decodeError: next_in_seq child not opt\n");
2182 PORT_SetError (SEC_ERROR_BAD_DER);
2183 state->top->status = decodeError;
2184 return;
2185 }
2186 child->theTemplate++;
2187 }
2188 child->place = notInUse;
2189 state->place = afterEndOfContents;
2190 return;
2191 }
2192 }
2193 }
2194
2195 /*
2196 * Move forward.
2197 */
2198 child->theTemplate++;
2199 if (child->theTemplate->kind == 0) {
2200 /*
2201 * We are done with this sequence.
2202 */
2203 child->place = notInUse;
2204 if (state->pending) {
2205 dprintf("decodeError: next_in_seq notInUse still pending\n");
2206 PORT_SetError (SEC_ERROR_BAD_DER);
2207 state->top->status = decodeError;
2208 } else if (child_missing) {
2209 /*
2210 * We got to the end, but have a child that started parsing
2211 * and ended up "missing". The only legitimate reason for
2212 * this is that we had one or more optional fields at the
2213 * end of our sequence, and we were encoded indefinite-length,
2214 * so when we went looking for those optional fields we
2215 * found our end-of-contents octets instead.
2216 * (Yes, this is ugly; dunno a better way to handle it.)
2217 * So, first confirm the situation, and then mark that we
2218 * are done.
2219 */
2220 if (state->indefinite && child->endofcontents) {
2221 PORT_Assert (child_consumed == 2);
2222 if( child_consumed != 2 ) {
2223 dprintf("decodeError: next_in_seq indef len != 2\n");
2224 PORT_SetError (SEC_ERROR_BAD_DER);
2225 state->top->status = decodeError;
2226 } else {
2227 state->consumed += child_consumed;
2228 state->place = afterEndOfContents;
2229 }
2230 } else {
2231 dprintf("decodeError: next_in_seq !indef, child missing\n");
2232 PORT_SetError (SEC_ERROR_BAD_DER);
2233 state->top->status = decodeError;
2234 }
2235 } else {
2236 /*
2237 * We have to finish out, maybe reading end-of-contents octets;
2238 * let the normal logic do the right thing.
2239 */
2240 state->place = beforeEndOfContents;
2241 }
2242 } else {
2243 unsigned char child_found_tag_modifiers = 0;
2244 unsigned long child_found_tag_number = 0;
2245
2246 /*
2247 * Reset state and push.
2248 */
2249 if (state->dest != NULL)
2250 child->dest = (char *)state->dest + child->theTemplate->offset;
2251
2252 /*
2253 * Do the "before" field notification.
2254 */
2255 sec_asn1d_notify_before (state->top, child->dest, child->depth);
2256
2257 if (child_missing) { /* if previous child was missing, copy the tag data we already have */
2258 child_found_tag_modifiers = child->found_tag_modifiers;
2259 child_found_tag_number = child->found_tag_number;
2260 }
2261 state->top->current = child;
2262 child = sec_asn1d_init_state_based_on_template (child,
2263 buf /* __APPLE__ */,
2264 len /* __APPLE__ */);
2265 if (child_missing && child) {
2266 child->place = afterIdentifier;
2267 child->found_tag_modifiers = child_found_tag_modifiers;
2268 child->found_tag_number = child_found_tag_number;
2269 child->consumed = child_consumed;
2270 if (child->underlying_kind == SEC_ASN1_ANY
2271 && !child->top->filter_only) {
2272 /*
2273 * If the new field is an ANY, and we are storing, then
2274 * we need to save the tag out. We would have done this
2275 * already in the normal case, but since we were looking
2276 * for an optional field, and we did not find it, we only
2277 * now realize we need to save the tag.
2278 */
2279 unsigned char identifier;
2280
2281 /*
2282 * Check that we did not end up with a high tag; for that
2283 * we need to re-encode the tag into multiple bytes in order
2284 * to store it back to look like what we parsed originally.
2285 * In practice this does not happen, but for completeness
2286 * sake it should probably be made to work at some point.
2287 */
2288 PORT_Assert (child_found_tag_number < SEC_ASN1_HIGH_TAG_NUMBER);
2289 identifier = (unsigned char)(child_found_tag_modifiers | child_found_tag_number);
2290 sec_asn1d_record_any_header (child, (char *) &identifier, 1);
2291 }
2292 }
2293 }
2294 }
2295
2296
2297 static void
2298 sec_asn1d_concat_substrings (sec_asn1d_state *state)
2299 {
2300 PORT_Assert (state->place == afterConstructedString);
2301
2302 if (state->subitems_head != NULL) {
2303 struct subitem *substring;
2304 unsigned long alloc_len, item_len;
2305 unsigned char *where;
2306 SecAsn1Item *item;
2307 PRBool is_bit_string;
2308
2309 item_len = 0;
2310 is_bit_string = (state->underlying_kind == SEC_ASN1_BIT_STRING)
2311 ? PR_TRUE : PR_FALSE;
2312
2313 substring = state->subitems_head;
2314 while (substring != NULL) {
2315 /*
2316 * All bit-string substrings except the last one should be
2317 * a clean multiple of 8 bits.
2318 */
2319 if (is_bit_string && (substring->next != NULL)
2320 && (substring->len & 0x7)) {
2321 dprintf("decodeError: sec_asn1d_concat_substrings align\n");
2322 PORT_SetError (SEC_ERROR_BAD_DER);
2323 state->top->status = decodeError;
2324 return;
2325 }
2326 item_len += substring->len;
2327 substring = substring->next;
2328 }
2329
2330 if (is_bit_string) {
2331 #ifdef XP_WIN16 /* win16 compiler gets an internal error otherwise */
2332 alloc_len = (((long)item_len + 7) / 8);
2333 #else
2334 alloc_len = ((item_len + 7) >> 3);
2335 #endif
2336 } else {
2337 /*
2338 * Add 2 for the end-of-contents octets of an indefinite-length
2339 * ANY that is *not* also an INNER. Because we zero-allocate
2340 * below, all we need to do is increase the length here.
2341 */
2342 if (state->underlying_kind == SEC_ASN1_ANY && state->indefinite)
2343 item_len += 2;
2344 alloc_len = item_len;
2345 }
2346
2347 item = (SecAsn1Item *)(state->dest);
2348 PORT_Assert (item != NULL);
2349 PORT_Assert (item->Data == NULL);
2350 item->Data = (unsigned char*)sec_asn1d_zalloc (state->top->their_pool,
2351 alloc_len);
2352 if (item->Data == NULL) {
2353 dprintf("decodeError: zalloc\n");
2354 state->top->status = decodeError;
2355 return;
2356 }
2357 item->Length = item_len;
2358
2359 where = item->Data;
2360 substring = state->subitems_head;
2361 while (substring != NULL) {
2362 if (is_bit_string)
2363 item_len = (substring->len + 7) >> 3;
2364 else
2365 item_len = substring->len;
2366 PORT_Memcpy (where, substring->data, item_len);
2367 where += item_len;
2368 substring = substring->next;
2369 }
2370
2371 /*
2372 * Because we use arenas and have a mark set, we later free
2373 * everything we have allocated, so this does *not* present
2374 * a memory leak (it is just temporarily left dangling).
2375 */
2376 state->subitems_head = state->subitems_tail = NULL;
2377 }
2378
2379 state->place = afterEndOfContents;
2380 }
2381
2382
2383 static void
2384 sec_asn1d_concat_group (sec_asn1d_state *state)
2385 {
2386 const void ***placep;
2387
2388 PORT_Assert (state->place == afterGroup);
2389
2390 placep = (const void***)state->dest;
2391 PORT_Assert(state->subitems_head == NULL || placep != NULL);
2392 if (placep != NULL) {
2393 struct subitem *item;
2394 const void **group;
2395 int count;
2396
2397 count = 0;
2398 item = state->subitems_head;
2399 while (item != NULL) {
2400 PORT_Assert (item->next != NULL || item == state->subitems_tail);
2401 count++;
2402 item = item->next;
2403 }
2404
2405 group = (const void**)sec_asn1d_zalloc (state->top->their_pool,
2406 (count + 1) * (sizeof(void *)));
2407 if (group == NULL) {
2408 dprintf("decodeError: zalloc\n");
2409 state->top->status = decodeError;
2410 return;
2411 }
2412
2413 *placep = group;
2414
2415 item = state->subitems_head;
2416 while (item != NULL) {
2417 *group++ = item->data;
2418 item = item->next;
2419 }
2420 *group = NULL;
2421
2422 /*
2423 * Because we use arenas and have a mark set, we later free
2424 * everything we have allocated, so this does *not* present
2425 * a memory leak (it is just temporarily left dangling).
2426 */
2427 state->subitems_head = state->subitems_tail = NULL;
2428 }
2429
2430 state->place = afterEndOfContents;
2431 }
2432
2433 /*
2434 * For those states that push a child to handle a subtemplate,
2435 * "absorb" that child (transfer necessary information).
2436 */
2437 static void
2438 sec_asn1d_absorb_child (sec_asn1d_state *state)
2439 {
2440 /*
2441 * There is absolutely supposed to be a child there.
2442 */
2443 PORT_Assert (state->child != NULL);
2444
2445 /*
2446 * Inherit the missing status of our child, and do the ugly
2447 * backing-up if necessary.
2448 */
2449 state->missing = state->child->missing;
2450 if (state->missing) {
2451 state->found_tag_number = state->child->found_tag_number;
2452 state->found_tag_modifiers = state->child->found_tag_modifiers;
2453 state->endofcontents = state->child->endofcontents;
2454 }
2455
2456 /*
2457 * Add in number of bytes consumed by child.
2458 * (Only EXPLICIT should have already consumed bytes itself.)
2459 */
2460 PORT_Assert (state->place == afterExplicit || state->consumed == 0);
2461 state->consumed += state->child->consumed;
2462
2463 /*
2464 * Subtract from bytes pending; this only applies to a definite-length
2465 * EXPLICIT field.
2466 */
2467 if (state->pending) {
2468 PORT_Assert (!state->indefinite);
2469 PORT_Assert (state->place == afterExplicit);
2470
2471 /*
2472 * If we had a definite-length explicit, then what the child
2473 * consumed should be what was left pending.
2474 */
2475 if (state->pending != state->child->consumed) {
2476 if (state->pending < state->child->consumed) {
2477 dprintf("decodeError: absorb_child pending < consumed\n");
2478 PORT_SetError (SEC_ERROR_BAD_DER);
2479 state->top->status = decodeError;
2480 return;
2481 }
2482 /*
2483 * Okay, this is a hack. It *should* be an error whether
2484 * pending is too big or too small, but it turns out that
2485 * we had a bug in our *old* DER encoder that ended up
2486 * counting an explicit header twice in the case where
2487 * the underlying type was an ANY. So, because we cannot
2488 * prevent receiving these (our own certificate server can
2489 * send them to us), we need to be lenient and accept them.
2490 * To do so, we need to pretend as if we read all of the
2491 * bytes that the header said we would find, even though
2492 * we actually came up short.
2493 */
2494 state->consumed += (state->pending - state->child->consumed);
2495 }
2496 state->pending = 0;
2497 }
2498
2499 /*
2500 * Indicate that we are done with child.
2501 */
2502 state->child->consumed = 0;
2503
2504 /*
2505 * And move on to final state.
2506 * (Technically everybody could move to afterEndOfContents except
2507 * for an indefinite-length EXPLICIT; for simplicity though we assert
2508 * that but let the end-of-contents code do the real determination.)
2509 */
2510 PORT_Assert (state->place == afterExplicit || (! state->indefinite));
2511 state->place = beforeEndOfContents;
2512 }
2513
2514
2515 static void
2516 sec_asn1d_prepare_for_end_of_contents (sec_asn1d_state *state)
2517 {
2518 PORT_Assert (state->place == beforeEndOfContents);
2519
2520 if (state->indefinite) {
2521 state->place = duringEndOfContents;
2522 state->pending = 2;
2523 } else {
2524 state->place = afterEndOfContents;
2525 }
2526 }
2527
2528
2529 static unsigned long
2530 sec_asn1d_parse_end_of_contents (sec_asn1d_state *state,
2531 const char *buf, unsigned long len)
2532 {
2533 unsigned int i;
2534
2535 PORT_Assert (state->pending <= 2);
2536 PORT_Assert (state->place == duringEndOfContents);
2537
2538 if (len == 0) {
2539 state->top->status = needBytes;
2540 return 0;
2541 }
2542
2543 if (state->pending < len)
2544 len = state->pending;
2545
2546 for (i = 0; i < len; i++) {
2547 if (buf[i] != 0) {
2548 /*
2549 * We expect to find only zeros; if not, just give up.
2550 */
2551 dprintf("decodeError: end of contents non zero\n");
2552 PORT_SetError (SEC_ERROR_BAD_DER);
2553 state->top->status = decodeError;
2554 return 0;
2555 }
2556 }
2557
2558 state->pending -= len;
2559
2560 if (state->pending == 0) {
2561 state->place = afterEndOfContents;
2562 state->endofcontents = PR_TRUE;
2563 }
2564
2565 return len;
2566 }
2567
2568
2569 static void
2570 sec_asn1d_pop_state (sec_asn1d_state *state)
2571 {
2572 #if 0 /* XXX I think this should always be handled explicitly by parent? */
2573 /*
2574 * Account for our child.
2575 */
2576 if (state->child != NULL) {
2577 state->consumed += state->child->consumed;
2578 if (state->pending) {
2579 PORT_Assert (!state->indefinite);
2580 if( state->child->consumed > state->pending ) {
2581 dprintf("decodeError: pop_state pending < consumed\n");
2582 PORT_SetError (SEC_ERROR_BAD_DER);
2583 state->top->status = decodeError;
2584 } else {
2585 state->pending -= state->child->consumed;
2586 }
2587 }
2588 state->child->consumed = 0;
2589 }
2590 #endif /* XXX */
2591
2592 /*
2593 * Free our child.
2594 */
2595 sec_asn1d_free_child (state, PR_FALSE);
2596
2597 /*
2598 * Just make my parent be the current state. It will then clean
2599 * up after me and free me (or reuse me).
2600 */
2601 state->top->current = state->parent;
2602 }
2603
2604 static sec_asn1d_state *
2605 sec_asn1d_before_choice (sec_asn1d_state *state,
2606 const char *buf /* __APPLE__ */,
2607 size_t len /* __APPLE__ */)
2608 {
2609 sec_asn1d_state *child;
2610
2611 if( state->allocate ) {
2612 void *dest;
2613
2614 dest = sec_asn1d_zalloc(state->top->their_pool,
2615 state->theTemplate->size);
2616 if( (void *)NULL == dest ) {
2617 dprintf("decodeError: zalloc\n");
2618 state->top->status = decodeError;
2619 return (sec_asn1d_state *)NULL;
2620 }
2621
2622 state->dest = (char *)dest + state->theTemplate->offset;
2623 }
2624
2625 child = sec_asn1d_push_state(state->top, state->theTemplate + 1,
2626 (char *)state->dest - state->theTemplate->offset,
2627 PR_FALSE);
2628 if( (sec_asn1d_state *)NULL == child ) {
2629 return (sec_asn1d_state *)NULL;
2630 }
2631
2632 sec_asn1d_scrub_state(child);
2633 child = sec_asn1d_init_state_based_on_template(child,
2634 buf /* __APPLE__ */, len /* __APPLE__ */);
2635 if( (sec_asn1d_state *)NULL == child ) {
2636 return (sec_asn1d_state *)NULL;
2637 }
2638
2639 child->optional = PR_TRUE;
2640
2641 state->place = duringChoice;
2642
2643 return child;
2644 }
2645
2646 static sec_asn1d_state *
2647 sec_asn1d_during_choice (sec_asn1d_state *state,
2648 const char *buf, /* __APPLE__ */
2649 size_t len /* __APPLE__ */)
2650 {
2651 sec_asn1d_state *child = state->child;
2652
2653 PORT_Assert((sec_asn1d_state *)NULL != child);
2654
2655 if( child->missing ) {
2656 unsigned char child_found_tag_modifiers = 0;
2657 unsigned long child_found_tag_number = 0;
2658 void * dest;
2659
2660 state->consumed += child->consumed;
2661
2662 if (child->endofcontents) {
2663 /* This choice is probably the first item in a GROUP
2664 ** (e.g. SET_OF) that was indefinite-length encoded.
2665 ** We're actually at the end of that GROUP.
2666 ** We look up the stack to be sure that we find
2667 ** a state with indefinite length encoding before we
2668 ** find a state (like a SEQUENCE) that is definite.
2669 */
2670 child->place = notInUse;
2671 state->place = afterChoice;
2672 state->endofcontents = PR_TRUE; /* propagate this up */
2673 if (sec_asn1d_parent_allows_EOC(state))
2674 return state;
2675 dprintf("decodeError: during_choice child at EOC by parent does not allow EOC\n");
2676 PORT_SetError(SEC_ERROR_BAD_DER);
2677 state->top->status = decodeError;
2678 return NULL;
2679 }
2680
2681 dest = (char *)child->dest - child->theTemplate->offset;
2682 child->theTemplate++;
2683
2684 if( 0 == child->theTemplate->kind ) {
2685 /* Ran out of choices */
2686 dprintf("decodeError: during_choice ran out of choice\n");
2687 PORT_SetError(SEC_ERROR_BAD_DER);
2688 state->top->status = decodeError;
2689 return (sec_asn1d_state *)NULL;
2690 }
2691 child->dest = (char *)dest + child->theTemplate->offset;
2692
2693 /* cargo'd from next_in_sequence innards */
2694 if( state->pending ) {
2695 PORT_Assert(!state->indefinite);
2696 if( child->consumed > state->pending ) {
2697 dprintf("decodeError: during_choice consumed > pending\n");
2698 PORT_SetError (SEC_ERROR_BAD_DER);
2699 state->top->status = decodeError;
2700 return NULL;
2701 }
2702 state->pending -= child->consumed;
2703 if( 0 == state->pending ) {
2704 /* XXX uh.. not sure if I should have stopped this
2705 * from happening before. */
2706 PORT_Assert(0);
2707 PORT_SetError(SEC_ERROR_BAD_DER);
2708 dprintf("decodeError: during_choice !pending\n");
2709 state->top->status = decodeError;
2710 return (sec_asn1d_state *)NULL;
2711 }
2712 }
2713
2714 child->consumed = 0;
2715 sec_asn1d_scrub_state(child);
2716
2717 /* move it on top again */
2718 state->top->current = child;
2719
2720 child_found_tag_modifiers = child->found_tag_modifiers;
2721 child_found_tag_number = child->found_tag_number;
2722
2723 child = sec_asn1d_init_state_based_on_template(child, buf /* __APPLE__*/, len /* __APPLE__ */);
2724 if( (sec_asn1d_state *)NULL == child ) {
2725 return (sec_asn1d_state *)NULL;
2726 }
2727
2728 /* copy our findings to the new top */
2729 child->found_tag_modifiers = child_found_tag_modifiers;
2730 child->found_tag_number = child_found_tag_number;
2731
2732 child->optional = PR_TRUE;
2733 child->place = afterIdentifier;
2734
2735 return child;
2736 }
2737 if( (void *)NULL != state->dest ) {
2738 /* Store the enum */
2739 int *which = (int *)state->dest;
2740 *which = (int)child->theTemplate->size;
2741 }
2742
2743 child->place = notInUse;
2744
2745 state->place = afterChoice;
2746 return state;
2747 }
2748
2749 static void
2750 sec_asn1d_after_choice (sec_asn1d_state *state)
2751 {
2752 state->consumed += state->child->consumed;
2753 state->child->consumed = 0;
2754 state->place = afterEndOfContents;
2755 sec_asn1d_pop_state(state);
2756 }
2757
2758 #if 0
2759 unsigned long
2760 sec_asn1d_uinteger(SecAsn1Item *src)
2761 {
2762 unsigned long value;
2763 int len;
2764
2765 if (src->Length > 5 || (src->Length > 4 && src->Data[0] == 0))
2766 return 0;
2767
2768 value = 0;
2769 len = src->Length;
2770 while (len) {
2771 value <<= 8;
2772 value |= src->Data[--len];
2773 }
2774 return value;
2775 }
2776 #endif
2777
2778 SECStatus
2779 SEC_ASN1DecodeInteger(SecAsn1Item *src, unsigned long *value)
2780 {
2781 unsigned long v;
2782 unsigned int i;
2783
2784 if (src == NULL) {
2785 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2786 return SECFailure;
2787 }
2788
2789 if (src->Length > sizeof(unsigned long)) {
2790 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2791 return SECFailure;
2792 }
2793
2794 if (src->Data == NULL) {
2795 PORT_SetError(SEC_ERROR_INVALID_ARGS);
2796 return SECFailure;
2797 }
2798
2799 if (src->Data[0] & 0x80)
2800 v = -1; /* signed and negative - start with all 1's */
2801 else
2802 v = 0;
2803
2804 for (i= 0; i < src->Length; i++) {
2805 /* shift in next byte */
2806 v <<= 8;
2807 v |= src->Data[i];
2808 }
2809 *value = v;
2810 return SECSuccess;
2811 }
2812
2813 #ifdef DEBUG_ASN1D_STATES
2814 static void
2815 dump_states(SEC_ASN1DecoderContext *cx)
2816 {
2817 sec_asn1d_state *state;
2818 char kindBuf[256];
2819
2820 for (state = cx->current; state->parent; state = state->parent) {
2821 ;
2822 }
2823
2824 for (; state; state = state->child) {
2825 int i;
2826 for (i = 0; i < state->depth; i++) {
2827 printf(" ");
2828 }
2829
2830 i = formatKind(state->theTemplate->kind, kindBuf);
2831 printf("%s: tmpl %p, kind%s",
2832 (state == cx->current) ? "STATE" : "State",
2833 state->theTemplate,
2834 kindBuf);
2835 printf(" %s", (state->place <= notInUse)
2836 ? place_names[ state->place ]
2837 : "(undefined)");
2838 if (!i)
2839 printf(", expect 0x%02lx",
2840 state->expect_tag_number | state->expect_tag_modifiers);
2841
2842 printf("%s%s%s %lu\n",
2843 state->indefinite ? ", indef" : "",
2844 state->missing ? ", miss" : "",
2845 state->endofcontents ? ", EOC" : "",
2846 state->pending
2847 );
2848 }
2849
2850 return;
2851 }
2852 #endif /* DEBUG_ASN1D_STATES */
2853
2854 SECStatus
2855 SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext *cx,
2856 const char *buf, size_t len)
2857 {
2858 sec_asn1d_state *state = NULL;
2859 unsigned long consumed;
2860 SEC_ASN1EncodingPart what;
2861 sec_asn1d_state *stateEnd = cx->current;
2862
2863 if (cx->status == needBytes)
2864 cx->status = keepGoing;
2865
2866 while (cx->status == keepGoing) {
2867 state = cx->current;
2868 what = SEC_ASN1_Contents;
2869 consumed = 0;
2870 #if DEBUG_ASN1D_STATES
2871 if (doDumpStates > 1) {
2872 printf("\nPLACE = %s, next byte = 0x%02x, %p[%lu]\n",
2873 (state->place <= notInUse) ?
2874 place_names[ state->place ] : "(undefined)",
2875 (unsigned int)((unsigned char *)buf)[ consumed ],
2876 buf, consumed);
2877 dump_states(cx);
2878 }
2879 #endif /* DEBUG_ASN1D_STATES */
2880 switch (state->place) {
2881 case beforeIdentifier:
2882 consumed = sec_asn1d_parse_identifier (state, buf, len);
2883 what = SEC_ASN1_Identifier;
2884 break;
2885 case duringIdentifier:
2886 consumed = sec_asn1d_parse_more_identifier (state, buf, len);
2887 what = SEC_ASN1_Identifier;
2888 break;
2889 case afterIdentifier:
2890 sec_asn1d_confirm_identifier (state);
2891 break;
2892 case beforeLength:
2893 consumed = sec_asn1d_parse_length (state, buf, len);
2894 what = SEC_ASN1_Length;
2895 break;
2896 case duringLength:
2897 consumed = sec_asn1d_parse_more_length (state, buf, len);
2898 what = SEC_ASN1_Length;
2899 break;
2900 case afterLength:
2901 sec_asn1d_prepare_for_contents (state, buf, len);
2902 break;
2903 case beforeBitString:
2904 consumed = sec_asn1d_parse_bit_string (state, buf, len);
2905 break;
2906 case duringBitString:
2907 consumed = sec_asn1d_parse_more_bit_string (state, buf, len);
2908 break;
2909 case duringConstructedString:
2910 sec_asn1d_next_substring (state);
2911 break;
2912 case duringGroup:
2913 sec_asn1d_next_in_group (state, buf, len);
2914 break;
2915 case duringLeaf:
2916 consumed = sec_asn1d_parse_leaf (state, buf, len);
2917 break;
2918 case duringSaveEncoding:
2919 sec_asn1d_reuse_encoding (state);
2920 if (cx->status == decodeError) {
2921 /* recursive call has already popped all states from stack.
2922 ** Bail out quickly.
2923 */
2924 return SECFailure;
2925 }
2926 if (cx->status == needBytes) {
2927 /* recursive call wanted more data. Fatal. Clean up below. */
2928 PORT_SetError (SEC_ERROR_BAD_DER);
2929 cx->status = decodeError;
2930 }
2931 break;
2932 case duringSequence:
2933 sec_asn1d_next_in_sequence (state, buf, len);
2934 break;
2935 case afterConstructedString:
2936 sec_asn1d_concat_substrings (state);
2937 break;
2938 case afterExplicit:
2939 case afterImplicit:
2940 case afterInline:
2941 case afterPointer:
2942 sec_asn1d_absorb_child (state);
2943 break;
2944 case afterGroup:
2945 sec_asn1d_concat_group (state);
2946 break;
2947 case afterSaveEncoding:
2948 /* SEC_ASN1DecoderUpdate has called itself recursively to
2949 ** decode SAVEd encoded data, and now is done decoding that.
2950 ** Return to the calling copy of SEC_ASN1DecoderUpdate.
2951 */
2952 return SECSuccess;
2953 case beforeEndOfContents:
2954 sec_asn1d_prepare_for_end_of_contents (state);
2955 break;
2956 case duringEndOfContents:
2957 consumed = sec_asn1d_parse_end_of_contents (state, buf, len);
2958 what = SEC_ASN1_EndOfContents;
2959 break;
2960 case afterEndOfContents:
2961 sec_asn1d_pop_state (state);
2962 break;
2963 case beforeChoice:
2964 state = sec_asn1d_before_choice(state, buf, len);
2965 break;
2966 case duringChoice:
2967 state = sec_asn1d_during_choice(state, buf, len);
2968 break;
2969 case afterChoice:
2970 sec_asn1d_after_choice(state);
2971 break;
2972 case notInUse:
2973 default:
2974 /* This is not an error, but rather a plain old BUG! */
2975 PORT_Assert (0);
2976 PORT_SetError (SEC_ERROR_BAD_DER);
2977 dprintf("decodeError: decoder update bad state->place\n");
2978 cx->status = decodeError;
2979 break;
2980 }
2981
2982 if (cx->status == decodeError)
2983 break;
2984
2985 /* We should not consume more than we have. */
2986 PORT_Assert (consumed <= len);
2987 if( consumed > len ) {
2988 dprintf("decodeError: decoder update consumed > len\n");
2989 PORT_SetError (SEC_ERROR_BAD_DER);
2990 cx->status = decodeError;
2991 break;
2992 }
2993
2994 /* It might have changed, so we have to update our local copy. */
2995 state = cx->current;
2996
2997 /* If it is NULL, we have popped all the way to the top. */
2998 if (state == NULL) {
2999 PORT_Assert (consumed == 0);
3000 #if 0
3001 /* XXX I want this here, but it seems that we have situations (like
3002 * downloading a pkcs7 cert chain from some issuers) that give us a
3003 * length which is greater than the entire encoding. So, we cannot
3004 * have this be an error.
3005 */
3006 if (len > 0) {
3007 dprintf("decodeError: decoder update nonzero len\n");
3008 PORT_SetError (SEC_ERROR_BAD_DER);
3009 cx->status = decodeError;
3010 }
3011 else
3012 #endif
3013 cx->status = allDone;
3014 break;
3015 }
3016 else if (state->theTemplate->kind == SEC_ASN1_SKIP_REST) {
3017 cx->status = allDone;
3018 break;
3019 }
3020
3021 if (consumed == 0)
3022 continue;
3023
3024 /*
3025 * The following check is specifically looking for an ANY
3026 * that is *not* also an INNER, because we need to save aside
3027 * all bytes in that case -- the contents parts will get
3028 * handled like all other contents, and the end-of-contents
3029 * bytes are added by the concat code, but the outer header
3030 * bytes need to get saved too, so we do them explicitly here.
3031 */
3032 if (state->underlying_kind == SEC_ASN1_ANY
3033 && !cx->filter_only && (what == SEC_ASN1_Identifier
3034 || what == SEC_ASN1_Length)) {
3035 sec_asn1d_record_any_header (state, buf, consumed);
3036 }
3037
3038 /*
3039 * We had some number of good, accepted bytes. If the caller
3040 * has registered to see them, pass them along.
3041 */
3042 if (state->top->filter_proc != NULL) {
3043 int depth;
3044
3045 depth = state->depth;
3046 if (what == SEC_ASN1_EndOfContents && !state->indefinite) {
3047 PORT_Assert (state->parent != NULL
3048 && state->parent->indefinite);
3049 depth--;
3050 PORT_Assert (depth == state->parent->depth);
3051 }
3052 (* state->top->filter_proc) (state->top->filter_arg,
3053 buf, consumed, depth, what);
3054 }
3055
3056 state->consumed += consumed;
3057 buf += consumed;
3058 len -= consumed;
3059 } /* main decode loop */
3060
3061 if (cx->status == decodeError) {
3062 while (state != NULL && stateEnd->parent!=state) {
3063 sec_asn1d_free_child (state, PR_TRUE);
3064 state = state->parent;
3065 }
3066 #ifdef SEC_ASN1D_FREE_ON_ERROR /*
3067 * XXX This does not work because we can
3068 * end up leaving behind dangling pointers
3069 * to stuff that was allocated. In order
3070 * to make this really work (which would
3071 * be a good thing, I think), we need to
3072 * keep track of every place/pointer that
3073 * was allocated and make sure to NULL it
3074 * out before we then free back to the mark.
3075 */
3076 if (cx->their_pool != NULL) {
3077 PORT_Assert (cx->their_mark != NULL);
3078 PORT_ArenaRelease (cx->their_pool, cx->their_mark);
3079 }
3080 #endif
3081 return SECFailure;
3082 }
3083
3084 #if 0
3085 /* XXX This is what I want, but cannot have because it seems we
3086 * have situations (like when downloading a pkcs7 cert chain from
3087 * some issuers) that give us a total length which is greater than
3088 * the entire encoding. So, we have to allow allDone to have a
3089 * remaining length greater than zero. I wanted to catch internal
3090 * bugs with this, noticing when we do not have the right length.
3091 * Oh well.
3092 */
3093 PORT_Assert (len == 0
3094 && (cx->status == needBytes || cx->status == allDone));
3095 #else
3096 PORT_Assert ((len == 0 && cx->status == needBytes)
3097 || cx->status == allDone);
3098 #endif
3099 return SECSuccess;
3100 }
3101
3102
3103 SECStatus
3104 SEC_ASN1DecoderFinish (SEC_ASN1DecoderContext *cx)
3105 {
3106 SECStatus rv;
3107
3108 if (cx->status == needBytes) {
3109 #ifdef __APPLE__
3110 /*
3111 * Special case: need more bytes, but this field and all
3112 * subsequent fields are optional. I'm surprised this case is
3113 * not handled in the original NSS code, and this workaround
3114 * is a bit of a hack...
3115 */
3116 sec_asn1d_state *state = cx->current;
3117 assert(state != NULL);
3118 if(state->place == beforeIdentifier) {
3119 int allOptional = 1;
3120 const SecAsn1Template *templ = state->theTemplate;
3121 while(templ->kind != 0) {
3122 if(!(templ->kind & SEC_ASN1_OPTIONAL)) {
3123 allOptional = 0;
3124 break;
3125 }
3126 templ++;
3127 }
3128 if(allOptional) {
3129 /* letting this one slide */
3130 rv = SECSuccess;
3131 }
3132 else {
3133 PORT_SetError (SEC_ERROR_BAD_DER);
3134 rv = SECFailure;
3135 }
3136 }
3137 else {
3138 PORT_SetError (SEC_ERROR_BAD_DER);
3139 rv = SECFailure;
3140 }
3141 #else
3142 PORT_SetError (SEC_ERROR_BAD_DER);
3143 rv = SECFailure;
3144 #endif /* __APPLE__ */
3145 } else {
3146 rv = SECSuccess;
3147 }
3148
3149 /*
3150 * XXX anything else that needs to be finished?
3151 */
3152
3153 PORT_FreeArena (cx->our_pool, PR_FALSE);
3154
3155 return rv;
3156 }
3157
3158
3159 SEC_ASN1DecoderContext *
3160 SEC_ASN1DecoderStart (PRArenaPool *their_pool, void *dest,
3161 const SecAsn1Template *theTemplate
3162 #ifdef __APPLE__
3163 ,
3164 /* only needed if first element will be SEC_ASN1_DYNAMIC */
3165 const char *buf,
3166 size_t len /* __APPLE__ */
3167 #endif
3168 )
3169 {
3170 PRArenaPool *our_pool;
3171 SEC_ASN1DecoderContext *cx;
3172
3173 our_pool = PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE);
3174 if (our_pool == NULL)
3175 return NULL;
3176
3177 cx = (SEC_ASN1DecoderContext*)PORT_ArenaZAlloc (our_pool, sizeof(*cx));
3178 if (cx == NULL) {
3179 PORT_FreeArena (our_pool, PR_FALSE);
3180 return NULL;
3181 }
3182
3183 cx->our_pool = our_pool;
3184 if (their_pool != NULL) {
3185 cx->their_pool = their_pool;
3186 #ifdef SEC_ASN1D_FREE_ON_ERROR
3187 cx->their_mark = PORT_ArenaMark (their_pool);
3188 #endif
3189 }
3190
3191 cx->status = needBytes;
3192
3193 if (sec_asn1d_push_state(cx, theTemplate, dest, PR_FALSE) == NULL
3194 || sec_asn1d_init_state_based_on_template (cx->current,
3195 buf /* __APPLE__ */, len /* __APPLE__ */) == NULL) {
3196 /*
3197 * Trouble initializing (probably due to failed allocations)
3198 * requires that we just give up.
3199 */
3200 PORT_FreeArena (our_pool, PR_FALSE);
3201 return NULL;
3202 }
3203
3204 return cx;
3205 }
3206
3207
3208 void
3209 SEC_ASN1DecoderSetFilterProc (SEC_ASN1DecoderContext *cx,
3210 SEC_ASN1WriteProc fn, void *arg,
3211 PRBool only)
3212 {
3213 /* check that we are "between" fields here */
3214 PORT_Assert (cx->during_notify);
3215
3216 cx->filter_proc = fn;
3217 cx->filter_arg = arg;
3218 cx->filter_only = only;
3219 }
3220
3221
3222 void
3223 SEC_ASN1DecoderClearFilterProc (SEC_ASN1DecoderContext *cx)
3224 {
3225 /* check that we are "between" fields here */
3226 PORT_Assert (cx->during_notify);
3227
3228 cx->filter_proc = NULL;
3229 cx->filter_arg = NULL;
3230 cx->filter_only = PR_FALSE;
3231 }
3232
3233
3234 void
3235 SEC_ASN1DecoderSetNotifyProc (SEC_ASN1DecoderContext *cx,
3236 SEC_ASN1NotifyProc fn, void *arg)
3237 {
3238 cx->notify_proc = fn;
3239 cx->notify_arg = arg;
3240 }
3241
3242
3243 void
3244 SEC_ASN1DecoderClearNotifyProc (SEC_ASN1DecoderContext *cx)
3245 {
3246 cx->notify_proc = NULL;
3247 cx->notify_arg = NULL; /* not necessary; just being clean */
3248 }
3249
3250
3251 void
3252 SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext *cx, int error)
3253 {
3254 PORT_Assert(cx);
3255 PORT_SetError(error);
3256 cx->status = decodeError;
3257 }
3258
3259
3260 SECStatus
3261 SEC_ASN1Decode (PRArenaPool *poolp, void *dest,
3262 const SecAsn1Template *theTemplate,
3263 const char *buf, size_t len)
3264 {
3265 SEC_ASN1DecoderContext *dcx;
3266 SECStatus urv, frv;
3267
3268 dcx = SEC_ASN1DecoderStart (poolp, dest, theTemplate,
3269 buf /* __APPLE__ */, len /* __APPLE__ */);
3270 if (dcx == NULL)
3271 return SECFailure;
3272
3273 urv = SEC_ASN1DecoderUpdate (dcx, buf, len);
3274 frv = SEC_ASN1DecoderFinish (dcx);
3275
3276 if (urv != SECSuccess)
3277 return urv;
3278
3279 return frv;
3280 }
3281
3282
3283 SECStatus
3284 SEC_ASN1DecodeItem (PRArenaPool *poolp, void *dest,
3285 const SecAsn1Template *theTemplate,
3286 const SecAsn1Item *item)
3287 {
3288 return SEC_ASN1Decode (poolp, dest, theTemplate,
3289 (const char *) item->Data, item->Length);
3290 }
3291
3292