2 * The contents of this file are subject to the Mozilla Public
3 * License Version 1.1 (the "License"); you may not use this file
4 * except in compliance with the License. You may obtain a copy of
5 * the License at http://www.mozilla.org/MPL/
7 * Software distributed under the License is distributed on an "AS
8 * IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
9 * implied. See the License for the specific language governing
10 * rights and limitations under the License.
12 * The Original Code is the Netscape security libraries.
14 * The Initial Developer of the Original Code is Netscape
15 * Communications Corporation. Portions created by Netscape are
16 * Copyright (C) 1994-2000 Netscape Communications Corporation. All
21 * Alternatively, the contents of this file may be used under the
22 * terms of the GNU General Public License Version 2 or later (the
23 * "GPL"), in which case the provisions of the GPL are applicable
24 * instead of those above. If you wish to allow use of your
25 * version of this file only under the terms of the GPL and not to
26 * allow others to use your version of this file under the MPL,
27 * indicate your decision by deleting the provisions above and
28 * replace them with the notice and other provisions required by
29 * the GPL. If you do not delete the provisions above, a recipient
30 * may use your version of this file under either the MPL or the
35 * Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
38 * $Id: secasn1d.c,v 1.16 2004/05/13 15:29:13 dmitch Exp $
47 #define DEBUG_DECASN1 0
49 #define DEBUG_DECASN1 1
54 #define dprintf(args...) printf(args)
56 #define dprintf(args...)
57 #endif /* DEBUG_DECASN1 */
68 duringConstructedString
,
73 afterConstructedString
,
87 } sec_asn1d_parse_place
;
90 #define DEBUG_ASN1D_STATES 1
91 /* tweakable by debugger, debug only */
93 #else /* DEBUG_ASN1D_STATES 0 */
94 #endif /* DEBUG_ASN1D_STATES */
96 #if DEBUG_ASN1D_STATES
97 static const char *place_names
[] = {
106 "duringConstructedString",
109 "duringSaveEncoding",
111 "afterConstructedString",
118 "beforeEndOfContents",
119 "duringEndOfContents",
120 "afterEndOfContents",
127 static const char * const class_names
[] = {
134 static const char * const method_names
[] = { "PRIMITIVE", "CONSTRUCTED" };
136 static const char * const type_names
[] = {
171 static const char * const flag_names
[] = { /* flags, right to left */
182 "", /* decoder ignores "MAY_STREAM", */
194 static int /* bool */
195 formatKind(unsigned long kind
, char * buf
)
198 unsigned long k
= kind
& SEC_ASN1_TAGNUM_MASK
;
199 unsigned long notag
= kind
& (SEC_ASN1_CHOICE
| SEC_ASN1_POINTER
|
200 SEC_ASN1_INLINE
| SEC_ASN1_ANY
| SEC_ASN1_SAVE
);
203 if ((kind
& SEC_ASN1_CLASS_MASK
) != SEC_ASN1_UNIVERSAL
) {
204 sprintf(buf
, " %s", class_names
[(kind
& SEC_ASN1_CLASS_MASK
) >> 6] );
207 if (kind
& SEC_ASN1_METHOD_MASK
) {
208 sprintf(buf
, " %s", method_names
[1]);
211 if ((kind
& SEC_ASN1_CLASS_MASK
) == SEC_ASN1_UNIVERSAL
) {
213 sprintf(buf
, " %s", type_names
[k
] );
214 if ((k
== SEC_ASN1_SET
|| k
== SEC_ASN1_SEQUENCE
) &&
215 (kind
& SEC_ASN1_GROUP
)) {
221 sprintf(buf
, " [%lu]", k
);
225 for (k
= kind
>> 8, i
= 0; k
; k
>>= 1, ++i
) {
227 sprintf(buf
, " %s", flag_names
[i
]);
234 #endif /* DEBUG_ASN1D_STATES */
241 } sec_asn1d_parse_status
;
245 unsigned long len
; /* only used for substrings */
246 struct subitem
*next
;
249 typedef struct sec_asn1d_state_struct
{
250 SEC_ASN1DecoderContext
*top
;
251 const SecAsn1Template
*theTemplate
;
254 void *our_mark
; /* free on completion */
256 struct sec_asn1d_state_struct
*parent
; /* aka prev */
257 struct sec_asn1d_state_struct
*child
; /* aka next */
259 sec_asn1d_parse_place place
;
262 * XXX explain the next fields as clearly as possible...
264 unsigned char found_tag_modifiers
;
265 unsigned char expect_tag_modifiers
;
266 unsigned long check_tag_mask
;
267 unsigned long found_tag_number
;
268 unsigned long expect_tag_number
;
269 unsigned long underlying_kind
;
271 unsigned long contents_length
;
272 unsigned long pending
;
273 unsigned long consumed
;
278 * Bit strings have their length adjusted -- the first octet of the
279 * contents contains a value between 0 and 7 which says how many bits
280 * at the end of the octets are not actually part of the bit string;
281 * when parsing bit strings we put that value here because we need it
282 * later, for adjustment of the length (when the whole string is done).
284 unsigned int bit_string_unused_bits
;
287 * The following are used for indefinite-length constructed strings.
289 struct subitem
*subitems_head
;
290 struct subitem
*subitems_tail
;
293 allocate
, /* when true, need to allocate the destination */
294 endofcontents
, /* this state ended up parsing end-of-contents octets */
295 explicit, /* we are handling an explicit header */
296 indefinite
, /* the current item has indefinite-length encoding */
297 missing
, /* an optional field that was not present */
298 optional
, /* the template says this field may be omitted */
299 substring
; /* this is a substring of a constructed string */
302 #define IS_HIGH_TAG_NUMBER(n) ((n) == SEC_ASN1_HIGH_TAG_NUMBER)
303 #define LAST_TAG_NUMBER_BYTE(b) (((b) & 0x80) == 0)
304 #define TAG_NUMBER_BITS 7
305 #define TAG_NUMBER_MASK 0x7f
307 #define LENGTH_IS_SHORT_FORM(b) (((b) & 0x80) == 0)
308 #define LONG_FORM_LENGTH(b) ((b) & 0x7f)
310 #define HIGH_BITS(field,cnt) ((field) >> ((sizeof(field) * 8) - (cnt)))
314 * An "outsider" will have an opaque pointer to this, created by calling
315 * SEC_ASN1DecoderStart(). It will be passed back in to all subsequent
316 * calls to SEC_ASN1DecoderUpdate(), and when done it is passed to
317 * SEC_ASN1DecoderFinish().
319 struct sec_DecoderContext_struct
{
320 PRArenaPool
*our_pool
; /* for our internal allocs */
321 PRArenaPool
*their_pool
; /* for destination structure allocs */
322 #ifdef SEC_ASN1D_FREE_ON_ERROR /*
323 * XXX see comment below (by same
324 * ifdef) that explains why this
325 * does not work (need more smarts
326 * in order to free back to mark)
329 * XXX how to make their_mark work in the case where they do NOT
330 * give us a pool pointer?
332 void *their_mark
; /* free on error */
335 sec_asn1d_state
*current
;
336 sec_asn1d_parse_status status
;
338 SEC_ASN1NotifyProc notify_proc
; /* call before/after handling field */
339 void *notify_arg
; /* argument to notify_proc */
340 PRBool during_notify
; /* true during call to notify_proc */
342 SEC_ASN1WriteProc filter_proc
; /* pass field bytes to this */
343 void *filter_arg
; /* argument to that function */
344 PRBool filter_only
; /* do not allocate/store fields */
349 * XXX this is a fairly generic function that may belong elsewhere
352 sec_asn1d_alloc (PRArenaPool
*poolp
, unsigned long len
)
358 * Allocate from the pool.
360 thing
= PORT_ArenaAlloc (poolp
, len
);
363 * Allocate generically.
365 thing
= PORT_Alloc (len
);
373 * XXX this is a fairly generic function that may belong elsewhere
376 sec_asn1d_zalloc (PRArenaPool
*poolp
, unsigned long len
)
380 thing
= sec_asn1d_alloc (poolp
, len
);
382 PORT_Memset (thing
, 0, len
);
387 static sec_asn1d_state
*
388 sec_asn1d_push_state (SEC_ASN1DecoderContext
*cx
,
389 const SecAsn1Template
*theTemplate
,
390 void *dest
, PRBool new_depth
)
392 sec_asn1d_state
*state
, *new_state
;
396 PORT_Assert (state
== NULL
|| state
->child
== NULL
);
399 PORT_Assert (state
->our_mark
== NULL
);
400 state
->our_mark
= PORT_ArenaMark (cx
->our_pool
);
403 new_state
= (sec_asn1d_state
*)sec_asn1d_zalloc (cx
->our_pool
,
405 if (new_state
== NULL
) {
406 dprintf("decodeError: zalloc failure\n");
411 new_state
->parent
= state
;
412 new_state
->theTemplate
= theTemplate
;
413 new_state
->place
= notInUse
;
415 new_state
->dest
= (char *)dest
+ theTemplate
->offset
;
418 new_state
->depth
= state
->depth
;
420 if (++new_state
->depth
> SEC_ASN1D_MAX_DEPTH
) {
421 PORT_SetError (SEC_ERROR_BAD_DER
);
425 state
->child
= new_state
;
428 cx
->current
= new_state
;
432 cx
->status
= decodeError
;
434 PORT_ArenaRelease(cx
->our_pool
, state
->our_mark
);
435 state
->our_mark
= NULL
;
442 sec_asn1d_scrub_state (sec_asn1d_state
*state
)
445 * Some default "scrubbing".
446 * XXX right set of initializations?
448 state
->place
= beforeIdentifier
;
449 state
->endofcontents
= PR_FALSE
;
450 state
->indefinite
= PR_FALSE
;
451 state
->missing
= PR_FALSE
;
453 PORT_Assert (state
->consumed
== 0);
457 static sec_asn1d_state
*
458 sec_asn1d_get_enclosing_construct(sec_asn1d_state
*state
)
460 for (state
= state
->parent
; state
; state
= state
->parent
) {
461 sec_asn1d_parse_place place
= state
->place
;
462 if (place
!= afterImplicit
&&
463 place
!= afterPointer
&&
464 place
!= afterInline
&&
465 place
!= afterSaveEncoding
&&
466 place
!= duringSaveEncoding
&&
467 place
!= duringChoice
) {
469 /* we've walked up the stack to a state that represents
470 ** the enclosing construct.
480 sec_asn1d_parent_allows_EOC(sec_asn1d_state
*state
)
482 /* get state of enclosing construct. */
483 state
= sec_asn1d_get_enclosing_construct(state
);
485 sec_asn1d_parse_place place
= state
->place
;
486 /* Is it one of the types that permits an unexpected EOC? */
488 (place
== duringGroup
||
489 place
== duringConstructedString
||
490 state
->child
->optional
);
491 return (state
->indefinite
&& eoc_permitted
) ? PR_TRUE
: PR_FALSE
;
498 sec_asn1d_notify_before (SEC_ASN1DecoderContext
*cx
, void *dest
, int depth
)
500 if (cx
->notify_proc
== NULL
)
503 cx
->during_notify
= PR_TRUE
;
504 (* cx
->notify_proc
) (cx
->notify_arg
, PR_TRUE
, dest
, depth
);
505 cx
->during_notify
= PR_FALSE
;
510 sec_asn1d_notify_after (SEC_ASN1DecoderContext
*cx
, void *dest
, int depth
)
512 if (cx
->notify_proc
== NULL
)
515 cx
->during_notify
= PR_TRUE
;
516 (* cx
->notify_proc
) (cx
->notify_arg
, PR_FALSE
, dest
, depth
);
517 cx
->during_notify
= PR_FALSE
;
521 static sec_asn1d_state
*
522 sec_asn1d_init_state_based_on_template (sec_asn1d_state
*state
,
524 const char *buf
, /* for SEC_ASN1GetSubtemplate() */
529 PRBool
explicit, optional
, universal
;
530 unsigned char expect_tag_modifiers
;
531 unsigned long encode_kind
, under_kind
;
532 unsigned long check_tag_mask
, expect_tag_number
;
534 unsigned long dynamic
;
538 /* XXX Check that both of these tests are really needed/appropriate. */
539 if (state
== NULL
|| state
->top
->status
== decodeError
|| state
->theTemplate
== NULL
)
542 encode_kind
= state
->theTemplate
->kind
;
544 if (encode_kind
& SEC_ASN1_SAVE
) {
546 * This is a "magic" field that saves away all bytes, allowing
547 * the immediately following field to still be decoded from this
548 * same spot -- sort of a fork.
550 /* check that there are no extraneous bits */
551 PORT_Assert (encode_kind
== SEC_ASN1_SAVE
);
552 if (state
->top
->filter_only
) {
554 * If we are not storing, then we do not do the SAVE field
555 * at all. Just move ahead to the "real" field instead,
556 * doing the appropriate notify calls before and after.
558 sec_asn1d_notify_after (state
->top
, state
->dest
, state
->depth
);
560 * Since we are not storing, allow for our current dest value
561 * to be NULL. (This might not actually occur, but right now I
562 * cannot convince myself one way or the other.) If it is NULL,
563 * assume that our parent dest can help us out.
565 if (state
->dest
== NULL
)
566 state
->dest
= state
->parent
->dest
;
569 (char *)state
->dest
- state
->theTemplate
->offset
;
570 state
->theTemplate
++;
571 if (state
->dest
!= NULL
)
573 (char *)state
->dest
+ state
->theTemplate
->offset
;
574 sec_asn1d_notify_before (state
->top
, state
->dest
, state
->depth
);
575 encode_kind
= state
->theTemplate
->kind
;
576 PORT_Assert ((encode_kind
& SEC_ASN1_SAVE
) == 0);
578 sec_asn1d_scrub_state (state
);
579 state
->place
= duringSaveEncoding
;
580 state
= sec_asn1d_push_state (state
->top
, kSecAsn1AnyTemplate
,
581 state
->dest
, PR_FALSE
);
583 state
= sec_asn1d_init_state_based_on_template (state
,
584 buf
/* __APPLE__ */, len
/* __APPLE__ */);
590 universal
= ((encode_kind
& SEC_ASN1_CLASS_MASK
) == SEC_ASN1_UNIVERSAL
)
591 ? PR_TRUE
: PR_FALSE
;
593 explicit = (encode_kind
& SEC_ASN1_EXPLICIT
) ? PR_TRUE
: PR_FALSE
;
594 encode_kind
&= ~SEC_ASN1_EXPLICIT
;
596 optional
= (encode_kind
& SEC_ASN1_OPTIONAL
) ? PR_TRUE
: PR_FALSE
;
597 encode_kind
&= ~SEC_ASN1_OPTIONAL
;
600 dynamic
= (encode_kind
& SEC_ASN1_DYNAMIC
) ? PR_TRUE
: PR_FALSE
;
601 encode_kind
&= ~SEC_ASN1_DYNAMIC
;
604 PORT_Assert (!(explicit && universal
)); /* bad templates */
606 encode_kind
&= ~SEC_ASN1_DYNAMIC
;
607 encode_kind
&= ~SEC_ASN1_MAY_STREAM
;
609 if( encode_kind
& SEC_ASN1_CHOICE
) {
610 #if 0 /* XXX remove? */
611 sec_asn1d_state
*child
= sec_asn1d_push_state(state
->top
, state
->theTemplate
, state
->dest
, PR_FALSE
);
612 if( (sec_asn1d_state
*)NULL
== child
) {
613 return (sec_asn1d_state
*)NULL
;
616 child
->allocate
= state
->allocate
;
617 child
->place
= beforeChoice
;
620 state
->place
= beforeChoice
;
625 if ((encode_kind
& (SEC_ASN1_POINTER
| SEC_ASN1_INLINE
)) || (!universal
627 const SecAsn1Template
*subt
;
629 PRBool child_allocate
;
632 PORT_Assert ((encode_kind
& (SEC_ASN1_ANY
| SEC_ASN1_SKIP
)) == 0);
634 sec_asn1d_scrub_state (state
);
635 child_allocate
= PR_FALSE
;
637 if (encode_kind
& SEC_ASN1_POINTER
) {
639 * A POINTER means we need to allocate the destination for
640 * this field. But, since it may also be an optional field,
641 * we defer the allocation until later; we just record that
642 * it needs to be done.
644 * There are two possible scenarios here -- one is just a
645 * plain POINTER (kind of like INLINE, except with allocation)
646 * and the other is an implicitly-tagged POINTER. We don't
647 * need to do anything special here for the two cases, but
648 * since the template definition can be tricky, we do check
649 * that there are no extraneous bits set in encode_kind.
651 * XXX The same conditions which assert should set an error.
655 * "universal" means this entry is a standalone POINTER;
656 * there should be no other bits set in encode_kind.
658 PORT_Assert (encode_kind
== SEC_ASN1_POINTER
);
661 * If we get here we have an implicitly-tagged field
662 * that needs to be put into a POINTER. The subtemplate
663 * will determine how to decode the field, but encode_kind
664 * describes the (implicit) tag we are looking for.
665 * The non-tag bits of encode_kind will be ignored by
666 * the code below; none of them should be set, however,
667 * except for the POINTER bit itself -- so check that.
669 PORT_Assert ((encode_kind
& ~SEC_ASN1_TAG_MASK
)
670 == SEC_ASN1_POINTER
);
672 if (!state
->top
->filter_only
)
673 child_allocate
= PR_TRUE
;
675 state
->place
= afterPointer
;
678 if (encode_kind
& SEC_ASN1_INLINE
) {
679 /* check that there are no extraneous bits */
680 /* FIXME - why are optional and inline mutually
681 * exclusive? Delete this assert and see what happens...
682 PORT_Assert (encode_kind == SEC_ASN1_INLINE && !optional);
684 state
->place
= afterInline
;
686 state
->place
= afterImplicit
;
690 state
->optional
= optional
;
692 subDest
= state
->dest
;
693 #if defined(__APPLE__)
695 * We might be starting the processing of a group or a
696 * set, in which case state->dest is NULL. Get parent's dest,
697 * or grandparent's, etc... just for the use by
698 * SEC_ASN1GetSubtemplate (specifically, by dynamic
701 sec_asn1d_state
*tempState
= state
;
702 while(subDest
== NULL
) {
703 sec_asn1d_state
*parent
= tempState
->parent
;
705 /* Oh well. Not going to work for this template. */
708 subDest
= parent
->dest
;
711 #endif /* __APPLE__ */
712 subt
= SEC_ASN1GetSubtemplate (state
->theTemplate
, subDest
,
713 PR_FALSE
, buf
/* __APPLE__ */, len
/* __APPLE__ */);
714 state
= sec_asn1d_push_state (state
->top
, subt
, dest
, PR_FALSE
);
718 state
->allocate
= child_allocate
;
722 /* Dynamic: restart with new template */
726 state
= sec_asn1d_init_state_based_on_template (state
,
727 buf
/* __APPLE__ */, len
/* __APPLE__ */);
730 * If this field is optional, we need to record that on
731 * the pushed child so it won't fail if the field isn't
732 * found. I can't think of a way that this new state
733 * could already have optional set (which we would wipe
734 * out below if our local optional is not set) -- but
735 * just to be sure, assert that it isn't set.
737 PORT_Assert (!state
->optional
);
738 state
->optional
= optional
;
743 under_kind
= state
->theTemplate
->kind
;
744 under_kind
&= ~SEC_ASN1_MAY_STREAM
;
745 } else if (explicit) {
747 * For explicit, we only need to match the encoding tag next,
748 * then we will push another state to handle the entire inner
749 * part. In this case, there is no underlying kind which plays
750 * any part in the determination of the outer, explicit tag.
751 * So we just set under_kind to 0, which is not a valid tag,
752 * and the rest of the tag matching stuff should be okay.
757 * Nothing special; the underlying kind and the given encoding
758 * information are the same.
760 under_kind
= encode_kind
;
763 /* XXX is this the right set of bits to test here? */
764 PORT_Assert ((under_kind
& (SEC_ASN1_EXPLICIT
765 | SEC_ASN1_MAY_STREAM
766 | SEC_ASN1_INLINE
| SEC_ASN1_POINTER
)) == 0);
768 if (encode_kind
& (SEC_ASN1_ANY
| SEC_ASN1_SKIP
)) {
769 PORT_Assert (encode_kind
== under_kind
);
770 if (encode_kind
& SEC_ASN1_SKIP
) {
771 PORT_Assert (!optional
);
772 PORT_Assert (encode_kind
== SEC_ASN1_SKIP
);
776 expect_tag_modifiers
= 0;
777 expect_tag_number
= 0;
779 check_tag_mask
= SEC_ASN1_TAG_MASK
;
780 expect_tag_modifiers
= (unsigned char)encode_kind
& SEC_ASN1_TAG_MASK
781 & ~SEC_ASN1_TAGNUM_MASK
;
783 * XXX This assumes only single-octet identifiers. To handle
784 * the HIGH TAG form we would need to do some more work, especially
785 * in how to specify them in the template, because right now we
786 * do not provide a way to specify more *tag* bits in encode_kind.
788 expect_tag_number
= encode_kind
& SEC_ASN1_TAGNUM_MASK
;
790 switch (under_kind
& SEC_ASN1_TAGNUM_MASK
) {
793 * XXX A plain old SET (as opposed to a SET OF) is not
795 * If it ever is, remove this assert...
797 PORT_Assert ((under_kind
& SEC_ASN1_GROUP
) != 0);
799 case SEC_ASN1_SEQUENCE
:
800 expect_tag_modifiers
|= SEC_ASN1_CONSTRUCTED
;
802 case SEC_ASN1_BIT_STRING
:
803 case SEC_ASN1_BMP_STRING
:
804 case SEC_ASN1_GENERALIZED_TIME
:
805 case SEC_ASN1_IA5_STRING
:
806 case SEC_ASN1_OCTET_STRING
:
807 case SEC_ASN1_PRINTABLE_STRING
:
808 case SEC_ASN1_T61_STRING
:
809 case SEC_ASN1_UNIVERSAL_STRING
:
810 case SEC_ASN1_UTC_TIME
:
811 case SEC_ASN1_UTF8_STRING
:
812 case SEC_ASN1_VISIBLE_STRING
:
813 check_tag_mask
&= ~SEC_ASN1_CONSTRUCTED
;
818 state
->check_tag_mask
= check_tag_mask
;
819 state
->expect_tag_modifiers
= expect_tag_modifiers
;
820 state
->expect_tag_number
= expect_tag_number
;
821 state
->underlying_kind
= under_kind
;
822 state
->explicit = explicit;
823 state
->optional
= optional
;
824 sec_asn1d_scrub_state (state
);
831 sec_asn1d_parse_identifier (sec_asn1d_state
*state
,
832 const char *buf
, unsigned long len
)
835 unsigned char tag_number
;
837 PORT_Assert (state
->place
== beforeIdentifier
);
840 state
->top
->status
= needBytes
;
844 byte
= (unsigned char) *buf
;
845 #ifdef DEBUG_ASN1D_STATES
846 if (doDumpStates
> 0) {
848 formatKind(byte
, kindBuf
);
849 printf("Found tag %02x %s\n", byte
, kindBuf
);
852 tag_number
= byte
& SEC_ASN1_TAGNUM_MASK
;
854 if (IS_HIGH_TAG_NUMBER (tag_number
)) {
855 state
->place
= duringIdentifier
;
856 state
->found_tag_number
= 0;
858 * Actually, we have no idea how many bytes are pending, but we
859 * do know that it is at least 1. That is all we know; we have
860 * to look at each byte to know if there is another, etc.
864 if (byte
== 0 && sec_asn1d_parent_allows_EOC(state
)) {
866 * Our parent has indefinite-length encoding, and the
867 * entire tag found is 0, so it seems that we have hit the
868 * end-of-contents octets. To handle this, we just change
869 * our state to that which expects to get the bytes of the
870 * end-of-contents octets and let that code re-read this byte
871 * so that our categorization of field types is correct.
872 * After that, our parent will then deal with everything else.
874 state
->place
= duringEndOfContents
;
876 state
->found_tag_number
= 0;
877 state
->found_tag_modifiers
= 0;
879 * We might be an optional field that is, as we now find out,
880 * missing. Give our parent a clue that this happened.
883 state
->missing
= PR_TRUE
;
886 state
->place
= afterIdentifier
;
887 state
->found_tag_number
= tag_number
;
889 state
->found_tag_modifiers
= byte
& ~SEC_ASN1_TAGNUM_MASK
;
896 sec_asn1d_parse_more_identifier (sec_asn1d_state
*state
,
897 const char *buf
, unsigned long len
)
902 PORT_Assert (state
->pending
== 1);
903 PORT_Assert (state
->place
== duringIdentifier
);
906 state
->top
->status
= needBytes
;
912 while (len
&& state
->pending
) {
913 if (HIGH_BITS (state
->found_tag_number
, TAG_NUMBER_BITS
) != 0) {
915 * The given high tag number overflows our container;
916 * just give up. This is not likely to *ever* happen.
918 PORT_SetError (SEC_ERROR_BAD_DER
);
919 state
->top
->status
= decodeError
;
920 dprintf("decodeError: parse_more_id high bits oflow\n");
924 state
->found_tag_number
<<= TAG_NUMBER_BITS
;
926 byte
= (unsigned char) buf
[count
++];
927 state
->found_tag_number
|= (byte
& TAG_NUMBER_MASK
);
930 if (LAST_TAG_NUMBER_BYTE (byte
))
934 if (state
->pending
== 0)
935 state
->place
= afterIdentifier
;
942 sec_asn1d_confirm_identifier (sec_asn1d_state
*state
)
946 PORT_Assert (state
->place
== afterIdentifier
);
948 match
= (PRBool
)(((state
->found_tag_modifiers
& state
->check_tag_mask
)
949 == state
->expect_tag_modifiers
)
950 && ((state
->found_tag_number
& state
->check_tag_mask
)
951 == state
->expect_tag_number
));
953 state
->place
= beforeLength
;
955 if (state
->optional
) {
956 state
->missing
= PR_TRUE
;
957 state
->place
= afterEndOfContents
;
959 PORT_SetError (SEC_ERROR_BAD_DER
);
960 state
->top
->status
= decodeError
;
961 //dprintf("decodeError: sec_asn1d_confirm_identifier\n");
968 sec_asn1d_parse_length (sec_asn1d_state
*state
,
969 const char *buf
, unsigned long len
)
973 PORT_Assert (state
->place
== beforeLength
);
976 state
->top
->status
= needBytes
;
981 * The default/likely outcome. It may get adjusted below.
983 state
->place
= afterLength
;
985 byte
= (unsigned char) *buf
;
987 if (LENGTH_IS_SHORT_FORM (byte
)) {
988 state
->contents_length
= byte
;
990 state
->contents_length
= 0;
991 state
->pending
= LONG_FORM_LENGTH (byte
);
992 if (state
->pending
== 0) {
993 state
->indefinite
= PR_TRUE
;
995 state
->place
= duringLength
;
999 /* If we're parsing an ANY, SKIP, or SAVE template, and
1000 ** the object being saved is definite length encoded and constructed,
1001 ** there's no point in decoding that construct's members.
1002 ** So, just forget it's constructed and treat it as primitive.
1003 ** (SAVE appears as an ANY at this point)
1005 if (!state
->indefinite
&&
1006 (state
->underlying_kind
& (SEC_ASN1_ANY
| SEC_ASN1_SKIP
))) {
1007 state
->found_tag_modifiers
&= ~SEC_ASN1_CONSTRUCTED
;
1014 static unsigned long
1015 sec_asn1d_parse_more_length (sec_asn1d_state
*state
,
1016 const char *buf
, unsigned long len
)
1020 PORT_Assert (state
->pending
> 0);
1021 PORT_Assert (state
->place
== duringLength
);
1024 state
->top
->status
= needBytes
;
1030 while (len
&& state
->pending
) {
1031 if (HIGH_BITS (state
->contents_length
, 9) != 0) {
1033 * The given full content length overflows our container;
1036 PORT_SetError (SEC_ERROR_BAD_DER
);
1037 state
->top
->status
= decodeError
;
1038 dprintf("decodeError: sec_asn1d_parse_more_length\n");
1042 state
->contents_length
<<= 8;
1043 state
->contents_length
|= (unsigned char) buf
[count
++];
1049 if (state
->pending
== 0)
1050 state
->place
= afterLength
;
1057 * Helper function for sec_asn1d_prepare_for_contents.
1058 * Checks that a value representing a number of bytes consumed can be
1059 * subtracted from a remaining length. If so, returns PR_TRUE.
1060 * Otherwise, sets the error SEC_ERROR_BAD_DER, indicates that there was a
1061 * decoding error in the given SEC_ASN1DecoderContext, and returns PR_FALSE.
1064 sec_asn1d_check_and_subtract_length (unsigned long *remaining
,
1065 unsigned long consumed
,
1066 SEC_ASN1DecoderContext
*cx
)
1068 PORT_Assert(remaining
);
1070 if (!remaining
|| !cx
) {
1071 PORT_SetError (SEC_ERROR_INVALID_ARGS
);
1072 cx
->status
= decodeError
;
1075 if (*remaining
< consumed
) {
1076 PORT_SetError (SEC_ERROR_BAD_DER
);
1077 cx
->status
= decodeError
;
1080 *remaining
-= consumed
;
1086 sec_asn1d_prepare_for_contents (sec_asn1d_state
*state
,
1088 const char *buf
, /* needed for SEC_ASN1GetSubtemplate */
1093 SecAsn1Item
*item
=NULL
;
1095 unsigned long alloc_len
;
1097 #ifdef DEBUG_ASN1D_STATES
1098 if (doDumpStates
> 0) {
1099 printf("Found Length %lu %s\n", state
->contents_length
,
1100 state
->indefinite
? "indefinite" : "");
1105 * The maximum length for a child element should be constrained to the
1106 * length remaining in the first definite length element in the ancestor
1107 * stack. If there is no definite length element in the ancestor stack,
1108 * there's nothing to constrain the length of the child, so there's no
1109 * further processing necessary.
1111 * It's necessary to walk the ancestor stack, because it's possible to have
1112 * definite length children that are part of an indefinite length element,
1113 * which is itself part of an indefinite length element, and which is
1114 * ultimately part of a definite length element. A simple example of this
1115 * would be the handling of constructed OCTET STRINGs in BER encoding.
1117 * This algorithm finds the first definite length element in the ancestor
1118 * stack, if any, and if so, ensures that the length of the child element
1119 * is consistent with the number of bytes remaining in the constraining
1120 * ancestor element (that is, after accounting for any other sibling
1121 * elements that may have been read).
1123 * It's slightly complicated by the need to account both for integer
1124 * underflow and overflow, as well as ensure that for indefinite length
1125 * encodings, there's also enough space for the End-of-Contents (EOC)
1126 * octets (Tag = 0x00, Length = 0x00, or two bytes).
1129 /* Determine the maximum length available for this element by finding the
1130 * first definite length ancestor, if any. */
1131 sec_asn1d_state
*parent
= sec_asn1d_get_enclosing_construct(state
);
1132 while (parent
&& parent
->indefinite
) {
1133 parent
= sec_asn1d_get_enclosing_construct(parent
);
1135 /* If parent is null, state is either the outermost state / at the top of
1136 * the stack, or the outermost state uses indefinite length encoding. In
1137 * these cases, there's nothing external to constrain this element, so
1138 * there's nothing to check. */
1140 unsigned long remaining
= parent
->pending
;
1143 if (!sec_asn1d_check_and_subtract_length(&remaining
, parent
->consumed
, state
->top
) ||
1144 /* If parent->indefinite is true, parent->contents_length is
1145 * zero and this is a no-op. */
1146 !sec_asn1d_check_and_subtract_length(&remaining
, parent
->contents_length
, state
->top
) ||
1147 /* If parent->indefinite is true, then ensure there is enough
1148 * space for an EOC tag of 2 bytes. */
1149 (parent
->indefinite
&& !sec_asn1d_check_and_subtract_length(&remaining
, 2, state
->top
))) {
1150 /* This element is larger than its enclosing element, which is
1154 } while ((parent
= sec_asn1d_get_enclosing_construct(parent
)) &&
1155 parent
->indefinite
);
1159 * XXX I cannot decide if this allocation should exclude the case
1160 * where state->endofcontents is true -- figure it out!
1162 if (state
->allocate
) {
1165 PORT_Assert (state
->dest
== NULL
);
1167 * We are handling a POINTER or a member of a GROUP, and need to
1168 * allocate for the data structure.
1170 dest
= sec_asn1d_zalloc (state
->top
->their_pool
,
1171 state
->theTemplate
->size
);
1173 dprintf("decodeError: sec_asn1d_prepare_for_contents zalloc\n");
1174 state
->top
->status
= decodeError
;
1177 /* FIXME _ we're losing the dest pointer after this! */
1178 state
->dest
= (char *)dest
+ state
->theTemplate
->offset
;
1181 * For a member of a GROUP, our parent will later put the
1182 * pointer wherever it belongs. But for a POINTER, we need
1183 * to record the destination now, in case notify or filter
1184 * procs need access to it -- they cannot find it otherwise,
1185 * until it is too late (for one-pass processing).
1187 if (state
->parent
->place
== afterPointer
) {
1190 placep
= state
->parent
->dest
;
1196 * Remember, length may be indefinite here! In that case,
1197 * both contents_length and pending will be zero.
1199 state
->pending
= state
->contents_length
;
1202 * An EXPLICIT is nothing but an outer header, which we have
1203 * already parsed and accepted. Now we need to do the inner
1204 * header and its contents.
1206 if (state
->explicit) {
1207 state
->place
= afterExplicit
;
1208 state
= sec_asn1d_push_state (state
->top
,
1209 SEC_ASN1GetSubtemplate(state
->theTemplate
,
1212 buf
/* __APPLE__ */,
1213 len
/* __APPLE__ */),
1214 state
->dest
, PR_TRUE
);
1216 state
= sec_asn1d_init_state_based_on_template (state
,
1217 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1223 * For GROUP (SET OF, SEQUENCE OF), even if we know the length here
1224 * we cannot tell how many items we will end up with ... so push a
1225 * state that can keep track of "children" (the individual members
1226 * of the group; we will allocate as we go and put them all together
1229 if (state
->underlying_kind
& SEC_ASN1_GROUP
) {
1230 /* XXX If this assertion holds (should be able to confirm it via
1231 * inspection, too) then move this code into the switch statement
1232 * below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
1234 PORT_Assert (state
->underlying_kind
== SEC_ASN1_SET_OF
1235 || state
->underlying_kind
== SEC_ASN1_SEQUENCE_OF
1236 || state
->underlying_kind
== (SEC_ASN1_SEQUENCE_OF
|SEC_ASN1_DYNAMIC
)
1237 || state
->underlying_kind
== (SEC_ASN1_SET_OF
|SEC_ASN1_DYNAMIC
)
1239 if (state
->contents_length
!= 0 || state
->indefinite
) {
1240 const SecAsn1Template
*subt
;
1242 state
->place
= duringGroup
;
1243 subt
= SEC_ASN1GetSubtemplate (state
->theTemplate
, state
->dest
,
1244 PR_FALSE
, buf
/* __APPLE__ */, len
/* __APPLE__ */);
1245 state
= sec_asn1d_push_state (state
->top
, subt
, NULL
, PR_TRUE
);
1246 if (state
!= NULL
) {
1247 if (!state
->top
->filter_only
)
1248 state
->allocate
= PR_TRUE
; /* XXX propogate this? */
1250 * Do the "before" field notification for next in group.
1252 sec_asn1d_notify_before (state
->top
, state
->dest
, state
->depth
);
1253 state
= sec_asn1d_init_state_based_on_template (state
,
1254 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1258 * A group of zero; we are done.
1259 * Set state to afterGroup and let that code plant the NULL.
1261 state
->place
= afterGroup
;
1267 switch (state
->underlying_kind
) {
1268 case SEC_ASN1_SEQUENCE
:
1270 * We need to push a child to handle the individual fields.
1272 state
->place
= duringSequence
;
1273 state
= sec_asn1d_push_state (state
->top
, state
->theTemplate
+ 1,
1274 state
->dest
, PR_TRUE
);
1275 if (state
!= NULL
) {
1277 * Do the "before" field notification.
1279 sec_asn1d_notify_before (state
->top
, state
->dest
, state
->depth
);
1280 state
= sec_asn1d_init_state_based_on_template (state
,
1281 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1286 case SEC_ASN1_SET
: /* XXX SET is not really implemented */
1288 * XXX A plain SET requires special handling; scanning of a
1289 * template to see where a field should go (because by definition,
1290 * they are not in any particular order, and you have to look at
1291 * each tag to disambiguate what the field is). We may never
1292 * implement this because in practice, it seems to be unused.
1294 dprintf("decodeError: prepare for contents SEC_ASN1_SET\n");
1296 PORT_SetError (SEC_ERROR_BAD_DER
); /* XXX */
1297 state
->top
->status
= decodeError
;
1302 * The NULL type, by definition, is "nothing", content length of zero.
1303 * An indefinite-length encoding is not alloweed.
1305 if (state
->contents_length
|| state
->indefinite
) {
1306 dprintf("decodeError: prepare for contents indefinite NULL\n");
1307 PORT_SetError (SEC_ERROR_BAD_DER
);
1308 state
->top
->status
= decodeError
;
1311 if (state
->dest
!= NULL
) {
1312 item
= (SecAsn1Item
*)(state
->dest
);
1316 state
->place
= afterEndOfContents
;
1319 case SEC_ASN1_BMP_STRING
:
1320 /* Error if length is not divisable by 2 */
1321 if (state
->contents_length
% 2) {
1322 dprintf("decodeError: prepare for contents odd length BMP_STRING\n");
1323 PORT_SetError (SEC_ERROR_BAD_DER
);
1324 state
->top
->status
= decodeError
;
1327 /* otherwise, handle as other string types */
1328 goto regular_string_type
;
1330 case SEC_ASN1_UNIVERSAL_STRING
:
1331 /* Error if length is not divisable by 4 */
1332 if (state
->contents_length
% 4) {
1333 dprintf("decodeError: prepare for contents odd length UNIV_STRING\n");
1334 PORT_SetError (SEC_ERROR_BAD_DER
);
1335 state
->top
->status
= decodeError
;
1338 /* otherwise, handle as other string types */
1339 goto regular_string_type
;
1343 case SEC_ASN1_ANY_CONTENTS
:
1345 * These are not (necessarily) strings, but they need nearly
1346 * identical handling (especially when we need to deal with
1347 * constructed sub-pieces), so we pretend they are.
1350 regular_string_type
:
1351 case SEC_ASN1_BIT_STRING
:
1352 case SEC_ASN1_IA5_STRING
:
1353 case SEC_ASN1_OCTET_STRING
:
1354 case SEC_ASN1_PRINTABLE_STRING
:
1355 case SEC_ASN1_T61_STRING
:
1356 case SEC_ASN1_UTC_TIME
:
1357 case SEC_ASN1_UTF8_STRING
:
1358 case SEC_ASN1_VISIBLE_STRING
:
1360 * We are allocating for a primitive or a constructed string.
1361 * If it is a constructed string, it may also be indefinite-length.
1362 * If it is primitive, the length can (legally) be zero.
1363 * Our first order of business is to allocate the memory for
1364 * the string, if we can (if we know the length).
1366 item
= (SecAsn1Item
*)(state
->dest
);
1369 * If the item is a definite-length constructed string, then
1370 * the contents_length is actually larger than what we need
1371 * (because it also counts each intermediate header which we
1372 * will be throwing away as we go), but it is a perfectly good
1373 * upper bound that we just allocate anyway, and then concat
1374 * as we go; we end up wasting a few extra bytes but save a
1377 alloc_len
= state
->contents_length
;
1378 poolp
= NULL
; /* quiet compiler warnings about unused... */
1380 if (item
== NULL
|| state
->top
->filter_only
) {
1386 } else if (state
->substring
) {
1388 * If we are a substring of a constructed string, then we may
1389 * not have to allocate anything (because our parent, the
1390 * actual constructed string, did it for us). If we are a
1391 * substring and we *do* have to allocate, that means our
1392 * parent is an indefinite-length, so we allocate from our pool;
1393 * later our parent will copy our string into the aggregated
1394 * whole and free our pool allocation.
1396 if (item
->Data
== NULL
) {
1397 PORT_Assert (item
->Length
== 0);
1398 poolp
= state
->top
->our_pool
;
1405 poolp
= state
->top
->their_pool
;
1408 if (alloc_len
|| ((! state
->indefinite
)
1409 && (state
->subitems_head
!= NULL
))) {
1410 struct subitem
*subitem
;
1413 PORT_Assert (item
!=NULL
);
1415 PORT_SetError (SEC_ERROR_BAD_DER
);
1416 state
->top
->status
= decodeError
;
1419 PORT_Assert (item
->Length
== 0 && item
->Data
== NULL
);
1421 * Check for and handle an ANY which has stashed aside the
1422 * header (identifier and length) bytes for us to include
1423 * in the saved contents.
1425 if (state
->subitems_head
!= NULL
) {
1426 PORT_Assert (state
->underlying_kind
== SEC_ASN1_ANY
);
1427 for (subitem
= state
->subitems_head
;
1428 subitem
!= NULL
; subitem
= subitem
->next
)
1429 alloc_len
+= subitem
->len
;
1432 item
->Data
= (unsigned char*)sec_asn1d_zalloc (poolp
, alloc_len
);
1433 if (item
->Data
== NULL
) {
1434 dprintf("decodeError: prepare for contents zalloc\n");
1435 state
->top
->status
= decodeError
;
1440 for (subitem
= state
->subitems_head
;
1441 subitem
!= NULL
; subitem
= subitem
->next
) {
1442 PORT_Memcpy (item
->Data
+ len
, subitem
->data
, subitem
->len
);
1443 len
+= subitem
->len
;
1448 * Because we use arenas and have a mark set, we later free
1449 * everything we have allocated, so this does *not* present
1450 * a memory leak (it is just temporarily left dangling).
1452 state
->subitems_head
= state
->subitems_tail
= NULL
;
1455 if (state
->contents_length
== 0 && (! state
->indefinite
)) {
1457 * A zero-length simple or constructed string; we are done.
1459 state
->place
= afterEndOfContents
;
1460 } else if (state
->found_tag_modifiers
& SEC_ASN1_CONSTRUCTED
) {
1461 const SecAsn1Template
*sub
;
1463 switch (state
->underlying_kind
) {
1465 case SEC_ASN1_ANY_CONTENTS
:
1466 sub
= kSecAsn1AnyTemplate
;
1468 case SEC_ASN1_BIT_STRING
:
1469 sub
= kSecAsn1BitStringTemplate
;
1471 case SEC_ASN1_BMP_STRING
:
1472 sub
= kSecAsn1BMPStringTemplate
;
1474 case SEC_ASN1_GENERALIZED_TIME
:
1475 sub
= kSecAsn1GeneralizedTimeTemplate
;
1477 case SEC_ASN1_IA5_STRING
:
1478 sub
= kSecAsn1IA5StringTemplate
;
1480 case SEC_ASN1_OCTET_STRING
:
1481 sub
= kSecAsn1OctetStringTemplate
;
1483 case SEC_ASN1_PRINTABLE_STRING
:
1484 sub
= kSecAsn1PrintableStringTemplate
;
1486 case SEC_ASN1_T61_STRING
:
1487 sub
= kSecAsn1T61StringTemplate
;
1489 case SEC_ASN1_UNIVERSAL_STRING
:
1490 sub
= kSecAsn1UniversalStringTemplate
;
1492 case SEC_ASN1_UTC_TIME
:
1493 sub
= kSecAsn1UTCTimeTemplate
;
1495 case SEC_ASN1_UTF8_STRING
:
1496 sub
= kSecAsn1UTF8StringTemplate
;
1498 case SEC_ASN1_VISIBLE_STRING
:
1499 sub
= kSecAsn1VisibleStringTemplate
;
1502 sub
= kSecAsn1SkipTemplate
;
1504 default: /* redundant given outer switch cases, but */
1505 PORT_Assert(0); /* the compiler does not seem to know that, */
1506 sub
= NULL
; /* so just do enough to quiet it. */
1510 state
->place
= duringConstructedString
;
1511 state
= sec_asn1d_push_state (state
->top
, sub
, item
, PR_TRUE
);
1512 if (state
!= NULL
) {
1513 state
->substring
= PR_TRUE
; /* XXX propogate? */
1514 state
= sec_asn1d_init_state_based_on_template (state
,
1515 buf
/* __APPLE__ */, len
/* __APPLE__ */);
1517 } else if (state
->indefinite
) {
1519 * An indefinite-length string *must* be constructed!
1521 dprintf("decodeError: prepare for contents indefinite not construncted\n");
1522 PORT_SetError (SEC_ERROR_BAD_DER
);
1523 state
->top
->status
= decodeError
;
1526 * A non-zero-length simple string.
1528 if (state
->underlying_kind
== SEC_ASN1_BIT_STRING
)
1529 state
->place
= beforeBitString
;
1531 state
->place
= duringLeaf
;
1538 * We are allocating for a simple leaf item.
1540 if (state
->contents_length
) {
1541 if (state
->dest
!= NULL
) {
1542 item
= (SecAsn1Item
*)(state
->dest
);
1544 if (state
->top
->filter_only
) {
1547 item
->Data
= (unsigned char*)
1548 sec_asn1d_zalloc (state
->top
->their_pool
,
1549 state
->contents_length
);
1550 if (item
->Data
== NULL
) {
1551 dprintf("decodeError: prepare for contents zalloc\n");
1552 state
->top
->status
= decodeError
;
1557 state
->place
= duringLeaf
;
1560 * An indefinite-length or zero-length item is not allowed.
1561 * (All legal cases of such were handled above.)
1563 dprintf("decodeError: prepare for contents indefinite zero len \n");
1564 PORT_SetError (SEC_ERROR_BAD_DER
);
1565 state
->top
->status
= decodeError
;
1572 sec_asn1d_free_child (sec_asn1d_state
*state
, PRBool error
)
1574 if (state
->child
!= NULL
) {
1575 PORT_Assert (error
|| state
->child
->consumed
== 0);
1576 PORT_Assert (state
->our_mark
!= NULL
);
1577 PORT_ArenaRelease (state
->top
->our_pool
, state
->our_mark
);
1578 if (error
&& state
->top
->their_pool
== NULL
) {
1580 * XXX We need to free anything allocated.
1581 * At this point, we failed in the middle of decoding. But we
1582 * can't free the data we previously allocated with PR_Malloc
1583 * unless we keep track of every pointer. So instead we have a
1584 * memory leak when decoding fails half-way, unless an arena is
1585 * used. See bug 95311 .
1588 state
->child
= NULL
;
1589 state
->our_mark
= NULL
;
1592 * It is important that we do not leave a mark unreleased/unmarked.
1593 * But I do not think we should ever have one set in this case, only
1594 * if we had a child (handled above). So check for that. If this
1595 * assertion should ever get hit, then we probably need to add code
1596 * here to release back to our_mark (and then set our_mark to NULL).
1598 PORT_Assert (state
->our_mark
== NULL
);
1600 state
->place
= beforeEndOfContents
;
1604 /* We have just saved an entire encoded ASN.1 object (type) for a SAVE
1605 ** template, and now in the next template, we are going to decode that
1606 ** saved data by calling SEC_ASN1DecoderUpdate recursively.
1607 ** If that recursive call fails with needBytes, it is a fatal error,
1608 ** because the encoded object should have been complete.
1609 ** If that recursive call fails with decodeError, it will have already
1610 ** cleaned up the state stack, so we must bail out quickly.
1612 ** These checks of the status returned by the recursive call are now
1613 ** done in the caller of this function, immediately after it returns.
1616 sec_asn1d_reuse_encoding (sec_asn1d_state
*state
)
1618 sec_asn1d_state
*child
;
1619 unsigned long consumed
;
1624 child
= state
->child
;
1625 PORT_Assert (child
!= NULL
);
1627 consumed
= child
->consumed
;
1628 child
->consumed
= 0;
1630 item
= (SecAsn1Item
*)(state
->dest
);
1631 PORT_Assert (item
!= NULL
);
1633 PORT_Assert (item
->Length
== consumed
);
1636 * Free any grandchild.
1638 sec_asn1d_free_child (child
, PR_FALSE
);
1641 * Notify after the SAVE field.
1643 sec_asn1d_notify_after (state
->top
, state
->dest
, state
->depth
);
1646 * Adjust to get new dest and move forward.
1648 dest
= (char *)state
->dest
- state
->theTemplate
->offset
;
1649 state
->theTemplate
++;
1650 child
->dest
= (char *)dest
+ state
->theTemplate
->offset
;
1651 child
->theTemplate
= state
->theTemplate
;
1654 * Notify before the "real" field.
1656 PORT_Assert (state
->depth
== child
->depth
);
1657 sec_asn1d_notify_before (state
->top
, child
->dest
, child
->depth
);
1660 * This will tell DecoderUpdate to return when it is done.
1662 state
->place
= afterSaveEncoding
;
1665 * We already have a child; "push" it by making it current.
1667 state
->top
->current
= child
;
1670 * And initialize it so it is ready to parse.
1672 (void) sec_asn1d_init_state_based_on_template(child
,
1673 (char *) item
->Data
/* __APPLE__ */,
1674 item
->Length
/* __APPLE__ */);
1677 * Now parse that out of our data.
1679 if (SEC_ASN1DecoderUpdate (state
->top
,
1680 (char *) item
->Data
, item
->Length
) != SECSuccess
)
1682 if (state
->top
->status
== needBytes
) {
1686 PORT_Assert (state
->top
->current
== state
);
1687 PORT_Assert (state
->child
== child
);
1690 * That should have consumed what we consumed before.
1692 PORT_Assert (consumed
== child
->consumed
);
1693 child
->consumed
= 0;
1698 state
->consumed
+= consumed
;
1699 child
->place
= notInUse
;
1700 state
->place
= afterEndOfContents
;
1704 static unsigned long
1705 sec_asn1d_parse_leaf (sec_asn1d_state
*state
,
1706 const char *buf
, unsigned long len
)
1709 unsigned long bufLen
;
1712 state
->top
->status
= needBytes
;
1716 if (state
->pending
< len
)
1717 len
= state
->pending
;
1721 item
= (SecAsn1Item
*)(state
->dest
);
1722 if (item
!= NULL
&& item
->Data
!= NULL
) {
1723 /* Strip leading zeroes when target is unsigned integer */
1724 if (state
->underlying_kind
== SEC_ASN1_INTEGER
&& /* INTEGER */
1725 item
->Length
== 0 && /* MSB */
1727 !(state
->underlying_kind
& SEC_ASN1_SIGNED_INT
))
1729 item
->type
== siUnsignedInteger
) /* unsigned */
1732 while (len
> 1 && buf
[0] == 0) { /* leading 0 */
1737 unsigned long offset
= item
->Length
;
1738 if (state
->underlying_kind
== SEC_ASN1_BIT_STRING
) {
1739 // The previous bit string must have no unused bits.
1740 if (item
->Length
& 0x7) {
1741 PORT_SetError (SEC_ERROR_BAD_DER
);
1742 state
->top
->status
= decodeError
;
1745 // If this is a bit string, the length is bits, not bytes.
1746 offset
= item
->Length
>> 3;
1748 if (state
->underlying_kind
== SEC_ASN1_BIT_STRING
) {
1749 // Protect against overflow during the bytes-to-bits conversion.
1750 if (len
>= (ULONG_MAX
>> 3) + 1) {
1751 PORT_SetError (SEC_ERROR_BAD_DER
);
1752 state
->top
->status
= decodeError
;
1755 unsigned long len_in_bits
= (len
<< 3) - state
->bit_string_unused_bits
;
1756 // Protect against overflow when computing the total length in bits.
1757 if (UINT_MAX
- item
->Length
< len_in_bits
) {
1758 PORT_SetError (SEC_ERROR_BAD_DER
);
1759 state
->top
->status
= decodeError
;
1762 item
->Length
+= len_in_bits
;
1764 if (UINT_MAX
- item
->Length
< len
) {
1765 PORT_SetError (SEC_ERROR_BAD_DER
);
1766 state
->top
->status
= decodeError
;
1769 item
->Length
+= len
;
1771 PORT_Memcpy (item
->Data
+ offset
, buf
, len
);
1773 state
->pending
-= bufLen
;
1774 if (state
->pending
== 0)
1775 state
->place
= beforeEndOfContents
;
1781 static unsigned long
1782 sec_asn1d_parse_bit_string (sec_asn1d_state
*state
,
1783 const char *buf
, unsigned long len
)
1787 /*PORT_Assert (state->pending > 0); */
1788 PORT_Assert (state
->place
== beforeBitString
);
1790 if ((state
->pending
== 0) || (state
->contents_length
== 1)) {
1791 if (state
->dest
!= NULL
) {
1792 SecAsn1Item
*item
= (SecAsn1Item
*)(state
->dest
);
1795 state
->place
= beforeEndOfContents
;
1797 if(state
->contents_length
== 1) {
1798 /* skip over (unused) remainder byte */
1807 state
->top
->status
= needBytes
;
1811 byte
= (unsigned char) *buf
;
1813 dprintf("decodeError: parse_bit_string remainder oflow\n");
1814 PORT_SetError (SEC_ERROR_BAD_DER
);
1815 state
->top
->status
= decodeError
;
1819 state
->bit_string_unused_bits
= byte
;
1820 state
->place
= duringBitString
;
1821 state
->pending
-= 1;
1827 static unsigned long
1828 sec_asn1d_parse_more_bit_string (sec_asn1d_state
*state
,
1829 const char *buf
, unsigned long len
)
1831 PORT_Assert (state
->place
== duringBitString
);
1832 if (state
->pending
== 0) {
1833 /* An empty bit string with some unused bits is invalid. */
1834 if (state
->bit_string_unused_bits
) {
1835 PORT_SetError (SEC_ERROR_BAD_DER
);
1836 state
->top
->status
= decodeError
;
1838 /* An empty bit string with no unused bits is OK. */
1839 state
->place
= beforeEndOfContents
;
1844 len
= sec_asn1d_parse_leaf (state
, buf
, len
);
1851 * XXX All callers should be looking at return value to detect
1852 * out-of-memory errors (and stop!).
1854 static struct subitem
*
1855 sec_asn1d_add_to_subitems (sec_asn1d_state
*state
,
1856 const void *data
, unsigned long len
,
1859 struct subitem
*thing
;
1861 thing
= (struct subitem
*)sec_asn1d_zalloc (state
->top
->our_pool
,
1862 sizeof (struct subitem
));
1863 if (thing
== NULL
) {
1864 dprintf("decodeError: zalloc\n");
1865 state
->top
->status
= decodeError
;
1871 copy
= sec_asn1d_alloc (state
->top
->our_pool
, len
);
1873 dprintf("decodeError: alloc\n");
1874 state
->top
->status
= decodeError
;
1875 if (!state
->top
->our_pool
)
1879 PORT_Memcpy (copy
, data
, len
);
1887 if (state
->subitems_head
== NULL
) {
1888 PORT_Assert (state
->subitems_tail
== NULL
);
1889 state
->subitems_head
= state
->subitems_tail
= thing
;
1891 state
->subitems_tail
->next
= thing
;
1892 state
->subitems_tail
= thing
;
1900 sec_asn1d_record_any_header (sec_asn1d_state
*state
,
1906 item
= (SecAsn1Item
*)(state
->dest
);
1907 if (item
!= NULL
&& item
->Data
!= NULL
) {
1908 PORT_Assert (state
->substring
);
1909 PORT_Memcpy (item
->Data
+ item
->Length
, buf
, len
);
1910 item
->Length
+= len
;
1912 sec_asn1d_add_to_subitems (state
, buf
, len
, PR_TRUE
);
1918 * We are moving along through the substrings of a constructed string,
1919 * and have just finished parsing one -- we need to save our child data
1920 * (if the child was not already writing directly into the destination)
1921 * and then move forward by one.
1923 * We also have to detect when we are done:
1924 * - a definite-length encoding stops when our pending value hits 0
1925 * - an indefinite-length encoding stops when our child is empty
1926 * (which means it was the end-of-contents octets)
1929 sec_asn1d_next_substring (sec_asn1d_state
*state
)
1931 sec_asn1d_state
*child
;
1933 unsigned long child_consumed
;
1936 PORT_Assert (state
->place
== duringConstructedString
);
1937 PORT_Assert (state
->child
!= NULL
);
1939 child
= state
->child
;
1941 child_consumed
= child
->consumed
;
1942 child
->consumed
= 0;
1943 state
->consumed
+= child_consumed
;
1947 if (state
->pending
) {
1948 PORT_Assert (!state
->indefinite
);
1949 if( child_consumed
> state
->pending
) {
1950 dprintf("decodeError: next_substring consumed > pend\n");
1951 PORT_SetError (SEC_ERROR_BAD_DER
);
1952 state
->top
->status
= decodeError
;
1956 state
->pending
-= child_consumed
;
1957 if (state
->pending
== 0)
1960 PORT_Assert (state
->indefinite
);
1962 item
= (SecAsn1Item
*)(child
->dest
);
1964 * Iterate over ancestors to determine if any have definite length. If so,
1965 * space has already been allocated for the substrings and we don't need to
1966 * save them for concatenation.
1968 PRBool copying_in_place
= PR_FALSE
;
1969 sec_asn1d_state
*temp_state
= state
;
1970 while (temp_state
&& item
== temp_state
->dest
&& temp_state
->indefinite
) {
1971 sec_asn1d_state
*parent
= sec_asn1d_get_enclosing_construct(temp_state
);
1972 if (!parent
|| parent
->underlying_kind
!= temp_state
->underlying_kind
) {
1975 if (!parent
->indefinite
) {
1976 copying_in_place
= PR_TRUE
;
1979 temp_state
= parent
;
1981 if (item
!= NULL
&& item
->Data
!= NULL
&& !copying_in_place
) {
1983 * Save the string away for later concatenation.
1985 PORT_Assert (item
->Data
!= NULL
);
1986 sec_asn1d_add_to_subitems (state
, item
->Data
, item
->Length
, PR_FALSE
);
1988 * Clear the child item for the next round.
1995 * If our child was just our end-of-contents octets, we are done.
1997 if (child
->endofcontents
)
2002 * Stop or do the next one.
2005 child
->place
= notInUse
;
2006 state
->place
= afterConstructedString
;
2008 sec_asn1d_scrub_state (child
);
2009 state
->top
->current
= child
;
2015 * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
2018 sec_asn1d_next_in_group (sec_asn1d_state
*state
,
2019 const char *buf
, /* __APPLE__ */
2020 size_t len
/* __APPLE__ */)
2022 sec_asn1d_state
*child
;
2023 unsigned long child_consumed
;
2025 PORT_Assert (state
->place
== duringGroup
);
2026 PORT_Assert (state
->child
!= NULL
);
2028 child
= state
->child
;
2030 child_consumed
= child
->consumed
;
2031 child
->consumed
= 0;
2032 state
->consumed
+= child_consumed
;
2035 * If our child was just our end-of-contents octets, we are done.
2039 * Without the check for !child->indefinite, this path could
2040 * be taken erroneously if the child is indefinite!
2042 if(child
->endofcontents
&& !child
->indefinite
) {
2044 if (child
->endofcontents
) {
2045 #endif /* __APPLE__ */
2046 /* XXX I removed the PORT_Assert (child->dest == NULL) because there
2047 * was a bug in that a template that was a sequence of which also had
2048 * a child of a sequence of, in an indefinite group was not working
2049 * properly. This fix seems to work, (added the if statement below),
2050 * and nothing appears broken, but I am putting this note here just
2053 * XXX No matter how many times I read that comment,
2054 * I cannot figure out what case he was fixing. I believe what he
2055 * did was deliberate, so I am loathe to touch it. I need to
2056 * understand how it could ever be that child->dest != NULL but
2057 * child->endofcontents is true, and why it is important to check
2058 * that state->subitems_head is NULL. This really needs to be
2059 * figured out, as I am not sure if the following code should be
2060 * compensating for "offset", as is done a little farther below
2061 * in the more normal case.
2063 PORT_Assert (state
->indefinite
);
2064 PORT_Assert (state
->pending
== 0);
2065 if(child
->dest
&& !state
->subitems_head
) {
2066 sec_asn1d_add_to_subitems (state
, child
->dest
, 0, PR_FALSE
);
2070 child
->place
= notInUse
;
2071 state
->place
= afterGroup
;
2076 * Do the "after" field notification for next in group.
2078 sec_asn1d_notify_after (state
->top
, child
->dest
, child
->depth
);
2081 * Save it away (unless we are not storing).
2083 if (child
->dest
!= NULL
) {
2087 dest
= (char *)dest
- child
->theTemplate
->offset
;
2088 sec_asn1d_add_to_subitems (state
, dest
, 0, PR_FALSE
);
2093 * Account for those bytes; see if we are done.
2095 if (state
->pending
) {
2096 PORT_Assert (!state
->indefinite
);
2097 if( child_consumed
> state
->pending
) {
2098 dprintf("decodeError: next_in_group consumed > pend\n");
2099 PORT_SetError (SEC_ERROR_BAD_DER
);
2100 state
->top
->status
= decodeError
;
2104 state
->pending
-= child_consumed
;
2105 if (state
->pending
== 0) {
2106 child
->place
= notInUse
;
2107 state
->place
= afterGroup
;
2113 * Do the "before" field notification for next item in group.
2115 sec_asn1d_notify_before (state
->top
, child
->dest
, child
->depth
);
2118 * Now we do the next one.
2120 sec_asn1d_scrub_state (child
);
2122 /* Initialize child state from the template */
2123 sec_asn1d_init_state_based_on_template(child
, buf
/* __APPLE__ */, len
/* __APPLE__ */);
2125 state
->top
->current
= child
;
2130 * We are moving along through a sequence; move forward by one,
2131 * (detecting end-of-sequence when it happens).
2132 * XXX The handling of "missing" is ugly. Fix it.
2135 sec_asn1d_next_in_sequence (sec_asn1d_state
*state
,
2136 const char *buf
/* __APPLE__ */,
2137 size_t len
/*__APPLE__*/)
2139 sec_asn1d_state
*child
;
2140 unsigned long child_consumed
;
2141 PRBool child_missing
;
2143 PORT_Assert (state
->place
== duringSequence
);
2144 PORT_Assert (state
->child
!= NULL
);
2146 child
= state
->child
;
2149 * Do the "after" field notification.
2151 sec_asn1d_notify_after (state
->top
, child
->dest
, child
->depth
);
2153 child_missing
= (PRBool
) child
->missing
;
2154 child_consumed
= child
->consumed
;
2155 child
->consumed
= 0;
2158 * Take care of accounting.
2160 if (child_missing
) {
2161 PORT_Assert (child
->optional
);
2163 state
->consumed
+= child_consumed
;
2165 * Free any grandchild.
2167 sec_asn1d_free_child (child
, PR_FALSE
);
2168 if (state
->pending
) {
2169 PORT_Assert (!state
->indefinite
);
2170 if( child_consumed
> state
->pending
) {
2171 dprintf("decodeError: next_in_seq consumed > pend\n");
2172 PORT_SetError (SEC_ERROR_BAD_DER
);
2173 state
->top
->status
= decodeError
;
2176 state
->pending
-= child_consumed
;
2177 if (state
->pending
== 0) {
2178 child
->theTemplate
++;
2179 while (child
->theTemplate
->kind
!= 0) {
2180 if ((child
->theTemplate
->kind
& SEC_ASN1_OPTIONAL
) == 0) {
2181 dprintf("decodeError: next_in_seq child not opt\n");
2182 PORT_SetError (SEC_ERROR_BAD_DER
);
2183 state
->top
->status
= decodeError
;
2186 child
->theTemplate
++;
2188 child
->place
= notInUse
;
2189 state
->place
= afterEndOfContents
;
2198 child
->theTemplate
++;
2199 if (child
->theTemplate
->kind
== 0) {
2201 * We are done with this sequence.
2203 child
->place
= notInUse
;
2204 if (state
->pending
) {
2205 dprintf("decodeError: next_in_seq notInUse still pending\n");
2206 PORT_SetError (SEC_ERROR_BAD_DER
);
2207 state
->top
->status
= decodeError
;
2208 } else if (child_missing
) {
2210 * We got to the end, but have a child that started parsing
2211 * and ended up "missing". The only legitimate reason for
2212 * this is that we had one or more optional fields at the
2213 * end of our sequence, and we were encoded indefinite-length,
2214 * so when we went looking for those optional fields we
2215 * found our end-of-contents octets instead.
2216 * (Yes, this is ugly; dunno a better way to handle it.)
2217 * So, first confirm the situation, and then mark that we
2220 if (state
->indefinite
&& child
->endofcontents
) {
2221 PORT_Assert (child_consumed
== 2);
2222 if( child_consumed
!= 2 ) {
2223 dprintf("decodeError: next_in_seq indef len != 2\n");
2224 PORT_SetError (SEC_ERROR_BAD_DER
);
2225 state
->top
->status
= decodeError
;
2227 state
->consumed
+= child_consumed
;
2228 state
->place
= afterEndOfContents
;
2231 dprintf("decodeError: next_in_seq !indef, child missing\n");
2232 PORT_SetError (SEC_ERROR_BAD_DER
);
2233 state
->top
->status
= decodeError
;
2237 * We have to finish out, maybe reading end-of-contents octets;
2238 * let the normal logic do the right thing.
2240 state
->place
= beforeEndOfContents
;
2243 unsigned char child_found_tag_modifiers
= 0;
2244 unsigned long child_found_tag_number
= 0;
2247 * Reset state and push.
2249 if (state
->dest
!= NULL
)
2250 child
->dest
= (char *)state
->dest
+ child
->theTemplate
->offset
;
2253 * Do the "before" field notification.
2255 sec_asn1d_notify_before (state
->top
, child
->dest
, child
->depth
);
2257 if (child_missing
) { /* if previous child was missing, copy the tag data we already have */
2258 child_found_tag_modifiers
= child
->found_tag_modifiers
;
2259 child_found_tag_number
= child
->found_tag_number
;
2261 state
->top
->current
= child
;
2262 child
= sec_asn1d_init_state_based_on_template (child
,
2263 buf
/* __APPLE__ */,
2264 len
/* __APPLE__ */);
2265 if (child_missing
&& child
) {
2266 child
->place
= afterIdentifier
;
2267 child
->found_tag_modifiers
= child_found_tag_modifiers
;
2268 child
->found_tag_number
= child_found_tag_number
;
2269 child
->consumed
= child_consumed
;
2270 if (child
->underlying_kind
== SEC_ASN1_ANY
2271 && !child
->top
->filter_only
) {
2273 * If the new field is an ANY, and we are storing, then
2274 * we need to save the tag out. We would have done this
2275 * already in the normal case, but since we were looking
2276 * for an optional field, and we did not find it, we only
2277 * now realize we need to save the tag.
2279 unsigned char identifier
;
2282 * Check that we did not end up with a high tag; for that
2283 * we need to re-encode the tag into multiple bytes in order
2284 * to store it back to look like what we parsed originally.
2285 * In practice this does not happen, but for completeness
2286 * sake it should probably be made to work at some point.
2288 PORT_Assert (child_found_tag_number
< SEC_ASN1_HIGH_TAG_NUMBER
);
2289 identifier
= (unsigned char)(child_found_tag_modifiers
| child_found_tag_number
);
2290 sec_asn1d_record_any_header (child
, (char *) &identifier
, 1);
2298 sec_asn1d_concat_substrings (sec_asn1d_state
*state
)
2300 PORT_Assert (state
->place
== afterConstructedString
);
2302 if (state
->subitems_head
!= NULL
) {
2303 struct subitem
*substring
;
2304 unsigned long alloc_len
, item_len
;
2305 unsigned char *where
;
2307 PRBool is_bit_string
;
2310 is_bit_string
= (state
->underlying_kind
== SEC_ASN1_BIT_STRING
)
2311 ? PR_TRUE
: PR_FALSE
;
2313 substring
= state
->subitems_head
;
2314 while (substring
!= NULL
) {
2316 * All bit-string substrings except the last one should be
2317 * a clean multiple of 8 bits.
2319 if (is_bit_string
&& (substring
->next
!= NULL
)
2320 && (substring
->len
& 0x7)) {
2321 dprintf("decodeError: sec_asn1d_concat_substrings align\n");
2322 PORT_SetError (SEC_ERROR_BAD_DER
);
2323 state
->top
->status
= decodeError
;
2326 item_len
+= substring
->len
;
2327 substring
= substring
->next
;
2330 if (is_bit_string
) {
2331 #ifdef XP_WIN16 /* win16 compiler gets an internal error otherwise */
2332 alloc_len
= (((long)item_len
+ 7) / 8);
2334 alloc_len
= ((item_len
+ 7) >> 3);
2338 * Add 2 for the end-of-contents octets of an indefinite-length
2339 * ANY that is *not* also an INNER. Because we zero-allocate
2340 * below, all we need to do is increase the length here.
2342 if (state
->underlying_kind
== SEC_ASN1_ANY
&& state
->indefinite
)
2344 alloc_len
= item_len
;
2347 item
= (SecAsn1Item
*)(state
->dest
);
2348 PORT_Assert (item
!= NULL
);
2349 PORT_Assert (item
->Data
== NULL
);
2350 item
->Data
= (unsigned char*)sec_asn1d_zalloc (state
->top
->their_pool
,
2352 if (item
->Data
== NULL
) {
2353 dprintf("decodeError: zalloc\n");
2354 state
->top
->status
= decodeError
;
2357 item
->Length
= item_len
;
2360 substring
= state
->subitems_head
;
2361 while (substring
!= NULL
) {
2363 item_len
= (substring
->len
+ 7) >> 3;
2365 item_len
= substring
->len
;
2366 PORT_Memcpy (where
, substring
->data
, item_len
);
2368 substring
= substring
->next
;
2372 * Because we use arenas and have a mark set, we later free
2373 * everything we have allocated, so this does *not* present
2374 * a memory leak (it is just temporarily left dangling).
2376 state
->subitems_head
= state
->subitems_tail
= NULL
;
2379 state
->place
= afterEndOfContents
;
2384 sec_asn1d_concat_group (sec_asn1d_state
*state
)
2386 const void ***placep
;
2388 PORT_Assert (state
->place
== afterGroup
);
2390 placep
= (const void***)state
->dest
;
2391 PORT_Assert(state
->subitems_head
== NULL
|| placep
!= NULL
);
2392 if (placep
!= NULL
) {
2393 struct subitem
*item
;
2398 item
= state
->subitems_head
;
2399 while (item
!= NULL
) {
2400 PORT_Assert (item
->next
!= NULL
|| item
== state
->subitems_tail
);
2405 group
= (const void**)sec_asn1d_zalloc (state
->top
->their_pool
,
2406 (count
+ 1) * (sizeof(void *)));
2407 if (group
== NULL
) {
2408 dprintf("decodeError: zalloc\n");
2409 state
->top
->status
= decodeError
;
2415 item
= state
->subitems_head
;
2416 while (item
!= NULL
) {
2417 *group
++ = item
->data
;
2423 * Because we use arenas and have a mark set, we later free
2424 * everything we have allocated, so this does *not* present
2425 * a memory leak (it is just temporarily left dangling).
2427 state
->subitems_head
= state
->subitems_tail
= NULL
;
2430 state
->place
= afterEndOfContents
;
2434 * For those states that push a child to handle a subtemplate,
2435 * "absorb" that child (transfer necessary information).
2438 sec_asn1d_absorb_child (sec_asn1d_state
*state
)
2441 * There is absolutely supposed to be a child there.
2443 PORT_Assert (state
->child
!= NULL
);
2446 * Inherit the missing status of our child, and do the ugly
2447 * backing-up if necessary.
2449 state
->missing
= state
->child
->missing
;
2450 if (state
->missing
) {
2451 state
->found_tag_number
= state
->child
->found_tag_number
;
2452 state
->found_tag_modifiers
= state
->child
->found_tag_modifiers
;
2453 state
->endofcontents
= state
->child
->endofcontents
;
2457 * Add in number of bytes consumed by child.
2458 * (Only EXPLICIT should have already consumed bytes itself.)
2460 PORT_Assert (state
->place
== afterExplicit
|| state
->consumed
== 0);
2461 state
->consumed
+= state
->child
->consumed
;
2464 * Subtract from bytes pending; this only applies to a definite-length
2467 if (state
->pending
) {
2468 PORT_Assert (!state
->indefinite
);
2469 PORT_Assert (state
->place
== afterExplicit
);
2472 * If we had a definite-length explicit, then what the child
2473 * consumed should be what was left pending.
2475 if (state
->pending
!= state
->child
->consumed
) {
2476 if (state
->pending
< state
->child
->consumed
) {
2477 dprintf("decodeError: absorb_child pending < consumed\n");
2478 PORT_SetError (SEC_ERROR_BAD_DER
);
2479 state
->top
->status
= decodeError
;
2483 * Okay, this is a hack. It *should* be an error whether
2484 * pending is too big or too small, but it turns out that
2485 * we had a bug in our *old* DER encoder that ended up
2486 * counting an explicit header twice in the case where
2487 * the underlying type was an ANY. So, because we cannot
2488 * prevent receiving these (our own certificate server can
2489 * send them to us), we need to be lenient and accept them.
2490 * To do so, we need to pretend as if we read all of the
2491 * bytes that the header said we would find, even though
2492 * we actually came up short.
2494 state
->consumed
+= (state
->pending
- state
->child
->consumed
);
2500 * Indicate that we are done with child.
2502 state
->child
->consumed
= 0;
2505 * And move on to final state.
2506 * (Technically everybody could move to afterEndOfContents except
2507 * for an indefinite-length EXPLICIT; for simplicity though we assert
2508 * that but let the end-of-contents code do the real determination.)
2510 PORT_Assert (state
->place
== afterExplicit
|| (! state
->indefinite
));
2511 state
->place
= beforeEndOfContents
;
2516 sec_asn1d_prepare_for_end_of_contents (sec_asn1d_state
*state
)
2518 PORT_Assert (state
->place
== beforeEndOfContents
);
2520 if (state
->indefinite
) {
2521 state
->place
= duringEndOfContents
;
2524 state
->place
= afterEndOfContents
;
2529 static unsigned long
2530 sec_asn1d_parse_end_of_contents (sec_asn1d_state
*state
,
2531 const char *buf
, unsigned long len
)
2535 PORT_Assert (state
->pending
<= 2);
2536 PORT_Assert (state
->place
== duringEndOfContents
);
2539 state
->top
->status
= needBytes
;
2543 if (state
->pending
< len
)
2544 len
= state
->pending
;
2546 for (i
= 0; i
< len
; i
++) {
2549 * We expect to find only zeros; if not, just give up.
2551 dprintf("decodeError: end of contents non zero\n");
2552 PORT_SetError (SEC_ERROR_BAD_DER
);
2553 state
->top
->status
= decodeError
;
2558 state
->pending
-= len
;
2560 if (state
->pending
== 0) {
2561 state
->place
= afterEndOfContents
;
2562 state
->endofcontents
= PR_TRUE
;
2570 sec_asn1d_pop_state (sec_asn1d_state
*state
)
2572 #if 0 /* XXX I think this should always be handled explicitly by parent? */
2574 * Account for our child.
2576 if (state
->child
!= NULL
) {
2577 state
->consumed
+= state
->child
->consumed
;
2578 if (state
->pending
) {
2579 PORT_Assert (!state
->indefinite
);
2580 if( state
->child
->consumed
> state
->pending
) {
2581 dprintf("decodeError: pop_state pending < consumed\n");
2582 PORT_SetError (SEC_ERROR_BAD_DER
);
2583 state
->top
->status
= decodeError
;
2585 state
->pending
-= state
->child
->consumed
;
2588 state
->child
->consumed
= 0;
2595 sec_asn1d_free_child (state
, PR_FALSE
);
2598 * Just make my parent be the current state. It will then clean
2599 * up after me and free me (or reuse me).
2601 state
->top
->current
= state
->parent
;
2604 static sec_asn1d_state
*
2605 sec_asn1d_before_choice (sec_asn1d_state
*state
,
2606 const char *buf
/* __APPLE__ */,
2607 size_t len
/* __APPLE__ */)
2609 sec_asn1d_state
*child
;
2611 if( state
->allocate
) {
2614 dest
= sec_asn1d_zalloc(state
->top
->their_pool
,
2615 state
->theTemplate
->size
);
2616 if( (void *)NULL
== dest
) {
2617 dprintf("decodeError: zalloc\n");
2618 state
->top
->status
= decodeError
;
2619 return (sec_asn1d_state
*)NULL
;
2622 state
->dest
= (char *)dest
+ state
->theTemplate
->offset
;
2625 child
= sec_asn1d_push_state(state
->top
, state
->theTemplate
+ 1,
2626 (char *)state
->dest
- state
->theTemplate
->offset
,
2628 if( (sec_asn1d_state
*)NULL
== child
) {
2629 return (sec_asn1d_state
*)NULL
;
2632 sec_asn1d_scrub_state(child
);
2633 child
= sec_asn1d_init_state_based_on_template(child
,
2634 buf
/* __APPLE__ */, len
/* __APPLE__ */);
2635 if( (sec_asn1d_state
*)NULL
== child
) {
2636 return (sec_asn1d_state
*)NULL
;
2639 child
->optional
= PR_TRUE
;
2641 state
->place
= duringChoice
;
2646 static sec_asn1d_state
*
2647 sec_asn1d_during_choice (sec_asn1d_state
*state
,
2648 const char *buf
, /* __APPLE__ */
2649 size_t len
/* __APPLE__ */)
2651 sec_asn1d_state
*child
= state
->child
;
2653 PORT_Assert((sec_asn1d_state
*)NULL
!= child
);
2655 if( child
->missing
) {
2656 unsigned char child_found_tag_modifiers
= 0;
2657 unsigned long child_found_tag_number
= 0;
2660 state
->consumed
+= child
->consumed
;
2662 if (child
->endofcontents
) {
2663 /* This choice is probably the first item in a GROUP
2664 ** (e.g. SET_OF) that was indefinite-length encoded.
2665 ** We're actually at the end of that GROUP.
2666 ** We look up the stack to be sure that we find
2667 ** a state with indefinite length encoding before we
2668 ** find a state (like a SEQUENCE) that is definite.
2670 child
->place
= notInUse
;
2671 state
->place
= afterChoice
;
2672 state
->endofcontents
= PR_TRUE
; /* propagate this up */
2673 if (sec_asn1d_parent_allows_EOC(state
))
2675 dprintf("decodeError: during_choice child at EOC by parent does not allow EOC\n");
2676 PORT_SetError(SEC_ERROR_BAD_DER
);
2677 state
->top
->status
= decodeError
;
2681 dest
= (char *)child
->dest
- child
->theTemplate
->offset
;
2682 child
->theTemplate
++;
2684 if( 0 == child
->theTemplate
->kind
) {
2685 /* Ran out of choices */
2686 dprintf("decodeError: during_choice ran out of choice\n");
2687 PORT_SetError(SEC_ERROR_BAD_DER
);
2688 state
->top
->status
= decodeError
;
2689 return (sec_asn1d_state
*)NULL
;
2691 child
->dest
= (char *)dest
+ child
->theTemplate
->offset
;
2693 /* cargo'd from next_in_sequence innards */
2694 if( state
->pending
) {
2695 PORT_Assert(!state
->indefinite
);
2696 if( child
->consumed
> state
->pending
) {
2697 dprintf("decodeError: during_choice consumed > pending\n");
2698 PORT_SetError (SEC_ERROR_BAD_DER
);
2699 state
->top
->status
= decodeError
;
2702 state
->pending
-= child
->consumed
;
2703 if( 0 == state
->pending
) {
2704 /* XXX uh.. not sure if I should have stopped this
2705 * from happening before. */
2707 PORT_SetError(SEC_ERROR_BAD_DER
);
2708 dprintf("decodeError: during_choice !pending\n");
2709 state
->top
->status
= decodeError
;
2710 return (sec_asn1d_state
*)NULL
;
2714 child
->consumed
= 0;
2715 sec_asn1d_scrub_state(child
);
2717 /* move it on top again */
2718 state
->top
->current
= child
;
2720 child_found_tag_modifiers
= child
->found_tag_modifiers
;
2721 child_found_tag_number
= child
->found_tag_number
;
2723 child
= sec_asn1d_init_state_based_on_template(child
, buf
/* __APPLE__*/, len
/* __APPLE__ */);
2724 if( (sec_asn1d_state
*)NULL
== child
) {
2725 return (sec_asn1d_state
*)NULL
;
2728 /* copy our findings to the new top */
2729 child
->found_tag_modifiers
= child_found_tag_modifiers
;
2730 child
->found_tag_number
= child_found_tag_number
;
2732 child
->optional
= PR_TRUE
;
2733 child
->place
= afterIdentifier
;
2737 if( (void *)NULL
!= state
->dest
) {
2738 /* Store the enum */
2739 int *which
= (int *)state
->dest
;
2740 *which
= (int)child
->theTemplate
->size
;
2743 child
->place
= notInUse
;
2745 state
->place
= afterChoice
;
2750 sec_asn1d_after_choice (sec_asn1d_state
*state
)
2752 state
->consumed
+= state
->child
->consumed
;
2753 state
->child
->consumed
= 0;
2754 state
->place
= afterEndOfContents
;
2755 sec_asn1d_pop_state(state
);
2760 sec_asn1d_uinteger(SecAsn1Item
*src
)
2762 unsigned long value
;
2765 if (src
->Length
> 5 || (src
->Length
> 4 && src
->Data
[0] == 0))
2772 value
|= src
->Data
[--len
];
2779 SEC_ASN1DecodeInteger(SecAsn1Item
*src
, unsigned long *value
)
2785 PORT_SetError(SEC_ERROR_INVALID_ARGS
);
2789 if (src
->Length
> sizeof(unsigned long)) {
2790 PORT_SetError(SEC_ERROR_INVALID_ARGS
);
2794 if (src
->Data
== NULL
) {
2795 PORT_SetError(SEC_ERROR_INVALID_ARGS
);
2799 if (src
->Data
[0] & 0x80)
2800 v
= -1; /* signed and negative - start with all 1's */
2804 for (i
= 0; i
< src
->Length
; i
++) {
2805 /* shift in next byte */
2813 #ifdef DEBUG_ASN1D_STATES
2815 dump_states(SEC_ASN1DecoderContext
*cx
)
2817 sec_asn1d_state
*state
;
2820 for (state
= cx
->current
; state
->parent
; state
= state
->parent
) {
2824 for (; state
; state
= state
->child
) {
2826 for (i
= 0; i
< state
->depth
; i
++) {
2830 i
= formatKind(state
->theTemplate
->kind
, kindBuf
);
2831 printf("%s: tmpl %p, kind%s",
2832 (state
== cx
->current
) ? "STATE" : "State",
2835 printf(" %s", (state
->place
<= notInUse
)
2836 ? place_names
[ state
->place
]
2839 printf(", expect 0x%02lx",
2840 state
->expect_tag_number
| state
->expect_tag_modifiers
);
2842 printf("%s%s%s %lu\n",
2843 state
->indefinite
? ", indef" : "",
2844 state
->missing
? ", miss" : "",
2845 state
->endofcontents
? ", EOC" : "",
2852 #endif /* DEBUG_ASN1D_STATES */
2855 SEC_ASN1DecoderUpdate (SEC_ASN1DecoderContext
*cx
,
2856 const char *buf
, size_t len
)
2858 sec_asn1d_state
*state
= NULL
;
2859 unsigned long consumed
;
2860 SEC_ASN1EncodingPart what
;
2861 sec_asn1d_state
*stateEnd
= cx
->current
;
2863 if (cx
->status
== needBytes
)
2864 cx
->status
= keepGoing
;
2866 while (cx
->status
== keepGoing
) {
2867 state
= cx
->current
;
2868 what
= SEC_ASN1_Contents
;
2870 #if DEBUG_ASN1D_STATES
2871 if (doDumpStates
> 1) {
2872 printf("\nPLACE = %s, next byte = 0x%02x, %p[%lu]\n",
2873 (state
->place
<= notInUse
) ?
2874 place_names
[ state
->place
] : "(undefined)",
2875 (unsigned int)((unsigned char *)buf
)[ consumed
],
2879 #endif /* DEBUG_ASN1D_STATES */
2880 switch (state
->place
) {
2881 case beforeIdentifier
:
2882 consumed
= sec_asn1d_parse_identifier (state
, buf
, len
);
2883 what
= SEC_ASN1_Identifier
;
2885 case duringIdentifier
:
2886 consumed
= sec_asn1d_parse_more_identifier (state
, buf
, len
);
2887 what
= SEC_ASN1_Identifier
;
2889 case afterIdentifier
:
2890 sec_asn1d_confirm_identifier (state
);
2893 consumed
= sec_asn1d_parse_length (state
, buf
, len
);
2894 what
= SEC_ASN1_Length
;
2897 consumed
= sec_asn1d_parse_more_length (state
, buf
, len
);
2898 what
= SEC_ASN1_Length
;
2901 sec_asn1d_prepare_for_contents (state
, buf
, len
);
2903 case beforeBitString
:
2904 consumed
= sec_asn1d_parse_bit_string (state
, buf
, len
);
2906 case duringBitString
:
2907 consumed
= sec_asn1d_parse_more_bit_string (state
, buf
, len
);
2909 case duringConstructedString
:
2910 sec_asn1d_next_substring (state
);
2913 sec_asn1d_next_in_group (state
, buf
, len
);
2916 consumed
= sec_asn1d_parse_leaf (state
, buf
, len
);
2918 case duringSaveEncoding
:
2919 sec_asn1d_reuse_encoding (state
);
2920 if (cx
->status
== decodeError
) {
2921 /* recursive call has already popped all states from stack.
2922 ** Bail out quickly.
2926 if (cx
->status
== needBytes
) {
2927 /* recursive call wanted more data. Fatal. Clean up below. */
2928 PORT_SetError (SEC_ERROR_BAD_DER
);
2929 cx
->status
= decodeError
;
2932 case duringSequence
:
2933 sec_asn1d_next_in_sequence (state
, buf
, len
);
2935 case afterConstructedString
:
2936 sec_asn1d_concat_substrings (state
);
2942 sec_asn1d_absorb_child (state
);
2945 sec_asn1d_concat_group (state
);
2947 case afterSaveEncoding
:
2948 /* SEC_ASN1DecoderUpdate has called itself recursively to
2949 ** decode SAVEd encoded data, and now is done decoding that.
2950 ** Return to the calling copy of SEC_ASN1DecoderUpdate.
2953 case beforeEndOfContents
:
2954 sec_asn1d_prepare_for_end_of_contents (state
);
2956 case duringEndOfContents
:
2957 consumed
= sec_asn1d_parse_end_of_contents (state
, buf
, len
);
2958 what
= SEC_ASN1_EndOfContents
;
2960 case afterEndOfContents
:
2961 sec_asn1d_pop_state (state
);
2964 state
= sec_asn1d_before_choice(state
, buf
, len
);
2967 state
= sec_asn1d_during_choice(state
, buf
, len
);
2970 sec_asn1d_after_choice(state
);
2974 /* This is not an error, but rather a plain old BUG! */
2976 PORT_SetError (SEC_ERROR_BAD_DER
);
2977 dprintf("decodeError: decoder update bad state->place\n");
2978 cx
->status
= decodeError
;
2982 if (cx
->status
== decodeError
)
2985 /* We should not consume more than we have. */
2986 PORT_Assert (consumed
<= len
);
2987 if( consumed
> len
) {
2988 dprintf("decodeError: decoder update consumed > len\n");
2989 PORT_SetError (SEC_ERROR_BAD_DER
);
2990 cx
->status
= decodeError
;
2994 /* It might have changed, so we have to update our local copy. */
2995 state
= cx
->current
;
2997 /* If it is NULL, we have popped all the way to the top. */
2998 if (state
== NULL
) {
2999 PORT_Assert (consumed
== 0);
3001 /* XXX I want this here, but it seems that we have situations (like
3002 * downloading a pkcs7 cert chain from some issuers) that give us a
3003 * length which is greater than the entire encoding. So, we cannot
3004 * have this be an error.
3007 dprintf("decodeError: decoder update nonzero len\n");
3008 PORT_SetError (SEC_ERROR_BAD_DER
);
3009 cx
->status
= decodeError
;
3013 cx
->status
= allDone
;
3016 else if (state
->theTemplate
->kind
== SEC_ASN1_SKIP_REST
) {
3017 cx
->status
= allDone
;
3025 * The following check is specifically looking for an ANY
3026 * that is *not* also an INNER, because we need to save aside
3027 * all bytes in that case -- the contents parts will get
3028 * handled like all other contents, and the end-of-contents
3029 * bytes are added by the concat code, but the outer header
3030 * bytes need to get saved too, so we do them explicitly here.
3032 if (state
->underlying_kind
== SEC_ASN1_ANY
3033 && !cx
->filter_only
&& (what
== SEC_ASN1_Identifier
3034 || what
== SEC_ASN1_Length
)) {
3035 sec_asn1d_record_any_header (state
, buf
, consumed
);
3039 * We had some number of good, accepted bytes. If the caller
3040 * has registered to see them, pass them along.
3042 if (state
->top
->filter_proc
!= NULL
) {
3045 depth
= state
->depth
;
3046 if (what
== SEC_ASN1_EndOfContents
&& !state
->indefinite
) {
3047 PORT_Assert (state
->parent
!= NULL
3048 && state
->parent
->indefinite
);
3050 PORT_Assert (depth
== state
->parent
->depth
);
3052 (* state
->top
->filter_proc
) (state
->top
->filter_arg
,
3053 buf
, consumed
, depth
, what
);
3056 state
->consumed
+= consumed
;
3059 } /* main decode loop */
3061 if (cx
->status
== decodeError
) {
3062 while (state
!= NULL
&& stateEnd
->parent
!=state
) {
3063 sec_asn1d_free_child (state
, PR_TRUE
);
3064 state
= state
->parent
;
3066 #ifdef SEC_ASN1D_FREE_ON_ERROR /*
3067 * XXX This does not work because we can
3068 * end up leaving behind dangling pointers
3069 * to stuff that was allocated. In order
3070 * to make this really work (which would
3071 * be a good thing, I think), we need to
3072 * keep track of every place/pointer that
3073 * was allocated and make sure to NULL it
3074 * out before we then free back to the mark.
3076 if (cx
->their_pool
!= NULL
) {
3077 PORT_Assert (cx
->their_mark
!= NULL
);
3078 PORT_ArenaRelease (cx
->their_pool
, cx
->their_mark
);
3085 /* XXX This is what I want, but cannot have because it seems we
3086 * have situations (like when downloading a pkcs7 cert chain from
3087 * some issuers) that give us a total length which is greater than
3088 * the entire encoding. So, we have to allow allDone to have a
3089 * remaining length greater than zero. I wanted to catch internal
3090 * bugs with this, noticing when we do not have the right length.
3093 PORT_Assert (len
== 0
3094 && (cx
->status
== needBytes
|| cx
->status
== allDone
));
3096 PORT_Assert ((len
== 0 && cx
->status
== needBytes
)
3097 || cx
->status
== allDone
);
3104 SEC_ASN1DecoderFinish (SEC_ASN1DecoderContext
*cx
)
3108 if (cx
->status
== needBytes
) {
3111 * Special case: need more bytes, but this field and all
3112 * subsequent fields are optional. I'm surprised this case is
3113 * not handled in the original NSS code, and this workaround
3114 * is a bit of a hack...
3116 sec_asn1d_state
*state
= cx
->current
;
3117 assert(state
!= NULL
);
3118 if(state
->place
== beforeIdentifier
) {
3119 int allOptional
= 1;
3120 const SecAsn1Template
*templ
= state
->theTemplate
;
3121 while(templ
->kind
!= 0) {
3122 if(!(templ
->kind
& SEC_ASN1_OPTIONAL
)) {
3129 /* letting this one slide */
3133 PORT_SetError (SEC_ERROR_BAD_DER
);
3138 PORT_SetError (SEC_ERROR_BAD_DER
);
3142 PORT_SetError (SEC_ERROR_BAD_DER
);
3144 #endif /* __APPLE__ */
3150 * XXX anything else that needs to be finished?
3153 PORT_FreeArena (cx
->our_pool
, PR_FALSE
);
3159 SEC_ASN1DecoderContext
*
3160 SEC_ASN1DecoderStart (PRArenaPool
*their_pool
, void *dest
,
3161 const SecAsn1Template
*theTemplate
3164 /* only needed if first element will be SEC_ASN1_DYNAMIC */
3166 size_t len
/* __APPLE__ */
3170 PRArenaPool
*our_pool
;
3171 SEC_ASN1DecoderContext
*cx
;
3173 our_pool
= PORT_NewArena (SEC_ASN1_DEFAULT_ARENA_SIZE
);
3174 if (our_pool
== NULL
)
3177 cx
= (SEC_ASN1DecoderContext
*)PORT_ArenaZAlloc (our_pool
, sizeof(*cx
));
3179 PORT_FreeArena (our_pool
, PR_FALSE
);
3183 cx
->our_pool
= our_pool
;
3184 if (their_pool
!= NULL
) {
3185 cx
->their_pool
= their_pool
;
3186 #ifdef SEC_ASN1D_FREE_ON_ERROR
3187 cx
->their_mark
= PORT_ArenaMark (their_pool
);
3191 cx
->status
= needBytes
;
3193 if (sec_asn1d_push_state(cx
, theTemplate
, dest
, PR_FALSE
) == NULL
3194 || sec_asn1d_init_state_based_on_template (cx
->current
,
3195 buf
/* __APPLE__ */, len
/* __APPLE__ */) == NULL
) {
3197 * Trouble initializing (probably due to failed allocations)
3198 * requires that we just give up.
3200 PORT_FreeArena (our_pool
, PR_FALSE
);
3209 SEC_ASN1DecoderSetFilterProc (SEC_ASN1DecoderContext
*cx
,
3210 SEC_ASN1WriteProc fn
, void *arg
,
3213 /* check that we are "between" fields here */
3214 PORT_Assert (cx
->during_notify
);
3216 cx
->filter_proc
= fn
;
3217 cx
->filter_arg
= arg
;
3218 cx
->filter_only
= only
;
3223 SEC_ASN1DecoderClearFilterProc (SEC_ASN1DecoderContext
*cx
)
3225 /* check that we are "between" fields here */
3226 PORT_Assert (cx
->during_notify
);
3228 cx
->filter_proc
= NULL
;
3229 cx
->filter_arg
= NULL
;
3230 cx
->filter_only
= PR_FALSE
;
3235 SEC_ASN1DecoderSetNotifyProc (SEC_ASN1DecoderContext
*cx
,
3236 SEC_ASN1NotifyProc fn
, void *arg
)
3238 cx
->notify_proc
= fn
;
3239 cx
->notify_arg
= arg
;
3244 SEC_ASN1DecoderClearNotifyProc (SEC_ASN1DecoderContext
*cx
)
3246 cx
->notify_proc
= NULL
;
3247 cx
->notify_arg
= NULL
; /* not necessary; just being clean */
3252 SEC_ASN1DecoderAbort(SEC_ASN1DecoderContext
*cx
, int error
)
3255 PORT_SetError(error
);
3256 cx
->status
= decodeError
;
3261 SEC_ASN1Decode (PRArenaPool
*poolp
, void *dest
,
3262 const SecAsn1Template
*theTemplate
,
3263 const char *buf
, size_t len
)
3265 SEC_ASN1DecoderContext
*dcx
;
3268 dcx
= SEC_ASN1DecoderStart (poolp
, dest
, theTemplate
,
3269 buf
/* __APPLE__ */, len
/* __APPLE__ */);
3273 urv
= SEC_ASN1DecoderUpdate (dcx
, buf
, len
);
3274 frv
= SEC_ASN1DecoderFinish (dcx
);
3276 if (urv
!= SECSuccess
)
3284 SEC_ASN1DecodeItem (PRArenaPool
*poolp
, void *dest
,
3285 const SecAsn1Template
*theTemplate
,
3286 const SecAsn1Item
*item
)
3288 return SEC_ASN1Decode (poolp
, dest
, theTemplate
,
3289 (const char *) item
->Data
, item
->Length
);