summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bytestring
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/bytestring')
-rw-r--r--src/lib/libcrypto/bytestring/bs_ber.c270
-rw-r--r--src/lib/libcrypto/bytestring/bs_cbb.c490
-rw-r--r--src/lib/libcrypto/bytestring/bs_cbs.c616
-rw-r--r--src/lib/libcrypto/bytestring/bytestring.h571
4 files changed, 0 insertions, 1947 deletions
diff --git a/src/lib/libcrypto/bytestring/bs_ber.c b/src/lib/libcrypto/bytestring/bs_ber.c
deleted file mode 100644
index 6d7daaf77f..0000000000
--- a/src/lib/libcrypto/bytestring/bs_ber.c
+++ /dev/null
@@ -1,270 +0,0 @@
1/* $OpenBSD: bs_ber.c,v 1.4 2025/03/28 12:13:03 tb Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdint.h>
19#include <string.h>
20
21#include "bytestring.h"
22
23/*
24 * kMaxDepth is a just a sanity limit. The code should be such that the length
25 * of the input being processes always decreases. None the less, a very large
26 * input could otherwise cause the stack to overflow.
27 */
28static const unsigned int kMaxDepth = 2048;
29
30/* Non-strict version that allows a relaxed DER with indefinite form. */
31static int
32cbs_nonstrict_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
33 size_t *out_header_len)
34{
35 return cbs_get_any_asn1_element_internal(cbs, out,
36 out_tag, out_header_len, 0);
37}
38
39/*
40 * cbs_find_indefinite walks an ASN.1 structure in |orig_in| and sets
41 * |*indefinite_found| depending on whether an indefinite length element was
42 * found. The value of |orig_in| is not modified.
43 *
44 * Returns one on success (i.e. |*indefinite_found| was set) and zero on error.
45 */
46static int
47cbs_find_indefinite(const CBS *orig_in, char *indefinite_found,
48 unsigned int depth)
49{
50 CBS in;
51
52 if (depth > kMaxDepth)
53 return 0;
54
55 CBS_init(&in, CBS_data(orig_in), CBS_len(orig_in));
56
57 while (CBS_len(&in) > 0) {
58 CBS contents;
59 unsigned int tag;
60 size_t header_len;
61
62 if (!cbs_nonstrict_get_any_asn1_element(&in, &contents, &tag,
63 &header_len))
64 return 0;
65
66 /* Indefinite form not allowed by DER. */
67 if (CBS_len(&contents) == header_len && header_len > 0 &&
68 CBS_data(&contents)[header_len - 1] == 0x80) {
69 *indefinite_found = 1;
70 return 1;
71 }
72 if (tag & CBS_ASN1_CONSTRUCTED) {
73 if (!CBS_skip(&contents, header_len) ||
74 !cbs_find_indefinite(&contents, indefinite_found,
75 depth + 1))
76 return 0;
77 }
78 }
79
80 *indefinite_found = 0;
81 return 1;
82}
83
84/*
85 * is_primitive_type returns true if |tag| likely a primitive type. Normally
86 * one can just test the "constructed" bit in the tag but, in BER, even
87 * primitive tags can have the constructed bit if they have indefinite
88 * length.
89 */
90static char
91is_primitive_type(unsigned int tag)
92{
93 return (tag & 0xc0) == 0 &&
94 (tag & 0x1f) != (CBS_ASN1_SEQUENCE & 0x1f) &&
95 (tag & 0x1f) != (CBS_ASN1_SET & 0x1f);
96}
97
98/*
99 * is_eoc returns true if |header_len| and |contents|, as returned by
100 * |cbs_nonstrict_get_any_asn1_element|, indicate an "end of contents" (EOC)
101 * value.
102 */
103static char
104is_eoc(size_t header_len, CBS *contents)
105{
106 const unsigned char eoc[] = {0x0, 0x0};
107
108 return header_len == 2 && CBS_mem_equal(contents, eoc, 2);
109}
110
111/*
112 * cbs_convert_indefinite reads data with DER encoding (but relaxed to allow
113 * indefinite form) from |in| and writes definite form DER data to |out|. If
114 * |squash_header| is set then the top-level of elements from |in| will not
115 * have their headers written. This is used when concatenating the fragments of
116 * an indefinite length, primitive value. If |looking_for_eoc| is set then any
117 * EOC elements found will cause the function to return after consuming it.
118 * It returns one on success and zero on error.
119 */
120static int
121cbs_convert_indefinite(CBS *in, CBB *out, char squash_header,
122 char looking_for_eoc, unsigned int depth)
123{
124 if (depth > kMaxDepth)
125 return 0;
126
127 while (CBS_len(in) > 0) {
128 CBS contents;
129 unsigned int tag;
130 size_t header_len;
131 CBB *out_contents, out_contents_storage;
132
133 if (!cbs_nonstrict_get_any_asn1_element(in, &contents, &tag,
134 &header_len))
135 return 0;
136
137 out_contents = out;
138
139 if (CBS_len(&contents) == header_len) {
140 if (is_eoc(header_len, &contents))
141 return looking_for_eoc;
142
143 if (header_len > 0 &&
144 CBS_data(&contents)[header_len - 1] == 0x80) {
145 /*
146 * This is an indefinite length element. If
147 * it's a SEQUENCE or SET then we just need to
148 * write the out the contents as normal, but
149 * with a concrete length prefix.
150 *
151 * If it's a something else then the contents
152 * will be a series of DER elements of the same
153 * type which need to be concatenated.
154 */
155 const char context_specific = (tag & 0xc0)
156 == 0x80;
157 char squash_child_headers =
158 is_primitive_type(tag);
159
160 /*
161 * This is a hack, but it sufficies to handle
162 * NSS's output. If we find an indefinite
163 * length, context-specific tag with a definite,
164 * primitive tag inside it, then we assume that
165 * the context-specific tag is implicit and the
166 * tags within are fragments of a primitive type
167 * that need to be concatenated.
168 */
169 if (context_specific &&
170 (tag & CBS_ASN1_CONSTRUCTED)) {
171 CBS in_copy, inner_contents;
172 unsigned int inner_tag;
173 size_t inner_header_len;
174
175 CBS_init(&in_copy, CBS_data(in),
176 CBS_len(in));
177 if (!cbs_nonstrict_get_any_asn1_element(
178 &in_copy, &inner_contents,
179 &inner_tag, &inner_header_len))
180 return 0;
181
182 if (CBS_len(&inner_contents) >
183 inner_header_len &&
184 is_primitive_type(inner_tag))
185 squash_child_headers = 1;
186 }
187
188 if (!squash_header) {
189 unsigned int out_tag = tag;
190
191 if (squash_child_headers)
192 out_tag &=
193 ~CBS_ASN1_CONSTRUCTED;
194
195 if (!CBB_add_asn1(out,
196 &out_contents_storage, out_tag))
197 return 0;
198
199 out_contents = &out_contents_storage;
200 }
201
202 if (!cbs_convert_indefinite(in, out_contents,
203 squash_child_headers,
204 1 /* looking for eoc */, depth + 1))
205 return 0;
206
207 if (out_contents != out && !CBB_flush(out))
208 return 0;
209
210 continue;
211 }
212 }
213
214 if (!squash_header) {
215 if (!CBB_add_asn1(out, &out_contents_storage, tag))
216 return 0;
217
218 out_contents = &out_contents_storage;
219 }
220
221 if (!CBS_skip(&contents, header_len))
222 return 0;
223
224 if (tag & CBS_ASN1_CONSTRUCTED) {
225 if (!cbs_convert_indefinite(&contents, out_contents,
226 0 /* don't squash header */,
227 0 /* not looking for eoc */, depth + 1))
228 return 0;
229 } else {
230 if (!CBB_add_bytes(out_contents, CBS_data(&contents),
231 CBS_len(&contents)))
232 return 0;
233 }
234
235 if (out_contents != out && !CBB_flush(out))
236 return 0;
237 }
238
239 return looking_for_eoc == 0;
240}
241
242int
243CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len)
244{
245 CBB cbb;
246
247 /*
248 * First, do a quick walk to find any indefinite-length elements. Most
249 * of the time we hope that there aren't any and thus we can quickly
250 * return.
251 */
252 char conversion_needed;
253 if (!cbs_find_indefinite(in, &conversion_needed, 0))
254 return 0;
255
256 if (!conversion_needed) {
257 *out = NULL;
258 *out_len = 0;
259 return 1;
260 }
261
262 if (!CBB_init(&cbb, CBS_len(in)))
263 return 0;
264 if (!cbs_convert_indefinite(in, &cbb, 0, 0, 0)) {
265 CBB_cleanup(&cbb);
266 return 0;
267 }
268
269 return CBB_finish(&cbb, out, out_len);
270}
diff --git a/src/lib/libcrypto/bytestring/bs_cbb.c b/src/lib/libcrypto/bytestring/bs_cbb.c
deleted file mode 100644
index cd29e168dc..0000000000
--- a/src/lib/libcrypto/bytestring/bs_cbb.c
+++ /dev/null
@@ -1,490 +0,0 @@
1/* $OpenBSD: bs_cbb.c,v 1.6 2024/06/22 15:32:51 jsing Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdint.h>
19#include <stdlib.h>
20#include <string.h>
21
22#include "bytestring.h"
23
24#define CBB_INITIAL_SIZE 64
25
26static int
27cbb_init(CBB *cbb, uint8_t *buf, size_t cap)
28{
29 struct cbb_buffer_st *base;
30
31 if ((base = calloc(1, sizeof(struct cbb_buffer_st))) == NULL)
32 return 0;
33
34 base->buf = buf;
35 base->len = 0;
36 base->cap = cap;
37 base->can_resize = 1;
38
39 cbb->base = base;
40 cbb->is_top_level = 1;
41
42 return 1;
43}
44
45int
46CBB_init(CBB *cbb, size_t initial_capacity)
47{
48 uint8_t *buf = NULL;
49
50 memset(cbb, 0, sizeof(*cbb));
51
52 if (initial_capacity == 0)
53 initial_capacity = CBB_INITIAL_SIZE;
54
55 if ((buf = calloc(1, initial_capacity)) == NULL)
56 return 0;
57
58 if (!cbb_init(cbb, buf, initial_capacity)) {
59 free(buf);
60 return 0;
61 }
62
63 return 1;
64}
65
66int
67CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len)
68{
69 memset(cbb, 0, sizeof(*cbb));
70
71 if (!cbb_init(cbb, buf, len))
72 return 0;
73
74 cbb->base->can_resize = 0;
75
76 return 1;
77}
78
79void
80CBB_cleanup(CBB *cbb)
81{
82 if (cbb->base) {
83 if (cbb->base->can_resize)
84 freezero(cbb->base->buf, cbb->base->cap);
85 free(cbb->base);
86 }
87 cbb->base = NULL;
88 cbb->child = NULL;
89}
90
91static int
92cbb_buffer_add(struct cbb_buffer_st *base, uint8_t **out, size_t len)
93{
94 size_t newlen;
95
96 if (base == NULL)
97 return 0;
98
99 newlen = base->len + len;
100 if (newlen < base->len)
101 /* Overflow */
102 return 0;
103
104 if (newlen > base->cap) {
105 size_t newcap = base->cap * 2;
106 uint8_t *newbuf;
107
108 if (!base->can_resize)
109 return 0;
110
111 if (newcap < base->cap || newcap < newlen)
112 newcap = newlen;
113
114 newbuf = recallocarray(base->buf, base->cap, newcap, 1);
115 if (newbuf == NULL)
116 return 0;
117
118 base->buf = newbuf;
119 base->cap = newcap;
120 }
121
122 if (out)
123 *out = base->buf + base->len;
124
125 base->len = newlen;
126 return 1;
127}
128
129static int
130cbb_add_u(CBB *cbb, uint32_t v, size_t len_len)
131{
132 uint8_t *buf;
133 size_t i;
134
135 if (len_len == 0)
136 return 1;
137
138 if (len_len > 4)
139 return 0;
140
141 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &buf, len_len))
142 return 0;
143
144 for (i = len_len - 1; i < len_len; i--) {
145 buf[i] = v;
146 v >>= 8;
147 }
148 return 1;
149}
150
151int
152CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len)
153{
154 if (!cbb->is_top_level)
155 return 0;
156
157 if (!CBB_flush(cbb))
158 return 0;
159
160 if (cbb->base->can_resize && (out_data == NULL || out_len == NULL))
161 /*
162 * |out_data| and |out_len| can only be NULL if the CBB is
163 * fixed.
164 */
165 return 0;
166
167 if (out_data != NULL && *out_data != NULL)
168 return 0;
169
170 if (out_data != NULL)
171 *out_data = cbb->base->buf;
172
173 if (out_len != NULL)
174 *out_len = cbb->base->len;
175
176 cbb->base->buf = NULL;
177 CBB_cleanup(cbb);
178 return 1;
179}
180
181/*
182 * CBB_flush recurses and then writes out any pending length prefix. The current
183 * length of the underlying base is taken to be the length of the
184 * length-prefixed data.
185 */
186int
187CBB_flush(CBB *cbb)
188{
189 size_t child_start, i, len;
190
191 if (cbb->base == NULL)
192 return 0;
193
194 if (cbb->child == NULL || cbb->pending_len_len == 0)
195 return 1;
196
197 child_start = cbb->offset + cbb->pending_len_len;
198
199 if (!CBB_flush(cbb->child) || child_start < cbb->offset ||
200 cbb->base->len < child_start)
201 return 0;
202
203 len = cbb->base->len - child_start;
204
205 if (cbb->pending_is_asn1) {
206 /*
207 * For ASN.1, we assumed that we were using short form which
208 * only requires a single byte for the length octet.
209 *
210 * If it turns out that we need long form, we have to move
211 * the contents along in order to make space for more length
212 * octets.
213 */
214 size_t len_len = 1; /* total number of length octets */
215 uint8_t initial_length_byte;
216
217 /* We already wrote 1 byte for the length. */
218 if (cbb->pending_len_len != 1)
219 return 0;
220
221 /* Check for long form */
222 if (len > 0xfffffffe)
223 return 0; /* 0xffffffff is reserved */
224 else if (len > 0xffffff)
225 len_len = 5;
226 else if (len > 0xffff)
227 len_len = 4;
228 else if (len > 0xff)
229 len_len = 3;
230 else if (len > 0x7f)
231 len_len = 2;
232
233 if (len_len == 1) {
234 /* For short form, the initial byte is the length. */
235 initial_length_byte = len;
236 len = 0;
237
238 } else {
239 /*
240 * For long form, the initial byte is the number of
241 * subsequent length octets (plus bit 8 set).
242 */
243 initial_length_byte = 0x80 | (len_len - 1);
244
245 /*
246 * We need to move the contents along in order to make
247 * space for the long form length octets.
248 */
249 size_t extra_bytes = len_len - 1;
250 if (!cbb_buffer_add(cbb->base, NULL, extra_bytes))
251 return 0;
252
253 memmove(cbb->base->buf + child_start + extra_bytes,
254 cbb->base->buf + child_start, len);
255 }
256 cbb->base->buf[cbb->offset++] = initial_length_byte;
257 cbb->pending_len_len = len_len - 1;
258 }
259
260 for (i = cbb->pending_len_len - 1; i < cbb->pending_len_len; i--) {
261 cbb->base->buf[cbb->offset + i] = len;
262 len >>= 8;
263 }
264 if (len != 0)
265 return 0;
266
267 cbb->child->base = NULL;
268 cbb->child = NULL;
269 cbb->pending_len_len = 0;
270 cbb->pending_is_asn1 = 0;
271 cbb->offset = 0;
272
273 return 1;
274}
275
276void
277CBB_discard_child(CBB *cbb)
278{
279 if (cbb->child == NULL)
280 return;
281
282 cbb->base->len = cbb->offset;
283
284 cbb->child->base = NULL;
285 cbb->child = NULL;
286 cbb->pending_len_len = 0;
287 cbb->pending_is_asn1 = 0;
288 cbb->offset = 0;
289}
290
291static int
292cbb_add_length_prefixed(CBB *cbb, CBB *out_contents, size_t len_len)
293{
294 uint8_t *prefix_bytes;
295
296 if (!CBB_flush(cbb))
297 return 0;
298
299 cbb->offset = cbb->base->len;
300 if (!cbb_buffer_add(cbb->base, &prefix_bytes, len_len))
301 return 0;
302
303 memset(prefix_bytes, 0, len_len);
304 memset(out_contents, 0, sizeof(CBB));
305 out_contents->base = cbb->base;
306 cbb->child = out_contents;
307 cbb->pending_len_len = len_len;
308 cbb->pending_is_asn1 = 0;
309
310 return 1;
311}
312
313int
314CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents)
315{
316 return cbb_add_length_prefixed(cbb, out_contents, 1);
317}
318
319int
320CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents)
321{
322 return cbb_add_length_prefixed(cbb, out_contents, 2);
323}
324
325int
326CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents)
327{
328 return cbb_add_length_prefixed(cbb, out_contents, 3);
329}
330
331int
332CBB_add_u32_length_prefixed(CBB *cbb, CBB *out_contents)
333{
334 return cbb_add_length_prefixed(cbb, out_contents, 4);
335}
336
337int
338CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag)
339{
340 if (tag > UINT8_MAX)
341 return 0;
342
343 /* Long form identifier octets are not supported. */
344 if ((tag & 0x1f) == 0x1f)
345 return 0;
346
347 /* Short-form identifier octet only needs a single byte */
348 if (!CBB_flush(cbb) || !CBB_add_u8(cbb, tag))
349 return 0;
350
351 /*
352 * Add 1 byte to cover the short-form length octet case. If it turns
353 * out we need long-form, it will be extended later.
354 */
355 cbb->offset = cbb->base->len;
356 if (!CBB_add_u8(cbb, 0))
357 return 0;
358
359 memset(out_contents, 0, sizeof(CBB));
360 out_contents->base = cbb->base;
361 cbb->child = out_contents;
362 cbb->pending_len_len = 1;
363 cbb->pending_is_asn1 = 1;
364
365 return 1;
366}
367
368int
369CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len)
370{
371 uint8_t *dest;
372
373 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, &dest, len))
374 return 0;
375
376 memcpy(dest, data, len);
377 return 1;
378}
379
380int
381CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len)
382{
383 if (!CBB_flush(cbb) || !cbb_buffer_add(cbb->base, out_data, len))
384 return 0;
385
386 memset(*out_data, 0, len);
387 return 1;
388}
389
390int
391CBB_add_u8(CBB *cbb, size_t value)
392{
393 if (value > UINT8_MAX)
394 return 0;
395
396 return cbb_add_u(cbb, (uint32_t)value, 1);
397}
398
399int
400CBB_add_u16(CBB *cbb, size_t value)
401{
402 if (value > UINT16_MAX)
403 return 0;
404
405 return cbb_add_u(cbb, (uint32_t)value, 2);
406}
407
408int
409CBB_add_u24(CBB *cbb, size_t value)
410{
411 if (value > 0xffffffUL)
412 return 0;
413
414 return cbb_add_u(cbb, (uint32_t)value, 3);
415}
416
417int
418CBB_add_u32(CBB *cbb, size_t value)
419{
420 if (value > 0xffffffffUL)
421 return 0;
422
423 return cbb_add_u(cbb, (uint32_t)value, 4);
424}
425
426int
427CBB_add_u64(CBB *cbb, uint64_t value)
428{
429 uint32_t a, b;
430
431 a = value >> 32;
432 b = value & 0xffffffff;
433
434 if (!CBB_add_u32(cbb, a))
435 return 0;
436 return CBB_add_u32(cbb, b);
437}
438
439int
440CBB_add_asn1_uint64(CBB *cbb, uint64_t value)
441{
442 CBB child;
443 size_t i;
444 int started = 0;
445
446 if (!CBB_add_asn1(cbb, &child, CBS_ASN1_INTEGER))
447 return 0;
448
449 for (i = 0; i < 8; i++) {
450 uint8_t byte = (value >> 8 * (7 - i)) & 0xff;
451
452 /*
453 * ASN.1 restriction: first 9 bits cannot be all zeroes or
454 * all ones. Since this function only encodes unsigned
455 * integers, the only concerns are not encoding leading
456 * zeros and adding a padding byte if necessary.
457 *
458 * In practice, this means:
459 * 1) Skip leading octets of all zero bits in the value
460 * 2) After skipping the leading zero octets, if the next 9
461 * bits are all ones, add an all zero prefix octet (and
462 * set the high bit of the prefix octet if negative).
463 *
464 * Additionally, for an unsigned value, add an all zero
465 * prefix if the high bit of the first octet would be one.
466 */
467 if (!started) {
468 if (byte == 0)
469 /* Don't encode leading zeros. */
470 continue;
471
472 /*
473 * If the high bit is set, add a padding byte to make it
474 * unsigned.
475 */
476 if ((byte & 0x80) && !CBB_add_u8(&child, 0))
477 return 0;
478
479 started = 1;
480 }
481 if (!CBB_add_u8(&child, byte))
482 return 0;
483 }
484
485 /* 0 is encoded as a single 0, not the empty string. */
486 if (!started && !CBB_add_u8(&child, 0))
487 return 0;
488
489 return CBB_flush(cbb);
490}
diff --git a/src/lib/libcrypto/bytestring/bs_cbs.c b/src/lib/libcrypto/bytestring/bs_cbs.c
deleted file mode 100644
index 7852d78503..0000000000
--- a/src/lib/libcrypto/bytestring/bs_cbs.c
+++ /dev/null
@@ -1,616 +0,0 @@
1/* $OpenBSD: bs_cbs.c,v 1.3 2024/05/25 15:12:47 tb Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#include <stdint.h>
19#include <stdlib.h>
20#include <string.h>
21
22#include "bytestring.h"
23
24void
25CBS_init(CBS *cbs, const uint8_t *data, size_t len)
26{
27 cbs->data = data;
28 cbs->initial_len = len;
29 cbs->len = len;
30}
31
32void
33CBS_dup(const CBS *cbs, CBS *out)
34{
35 CBS_init(out, CBS_data(cbs), CBS_len(cbs));
36 out->initial_len = cbs->initial_len;
37}
38
39static int
40cbs_get(CBS *cbs, const uint8_t **p, size_t n)
41{
42 if (cbs->len < n)
43 return 0;
44
45 *p = cbs->data;
46 cbs->data += n;
47 cbs->len -= n;
48 return 1;
49}
50
51static int
52cbs_peek(CBS *cbs, const uint8_t **p, size_t n)
53{
54 if (cbs->len < n)
55 return 0;
56
57 *p = cbs->data;
58 return 1;
59}
60
61size_t
62CBS_offset(const CBS *cbs)
63{
64 return cbs->initial_len - cbs->len;
65}
66
67int
68CBS_skip(CBS *cbs, size_t len)
69{
70 const uint8_t *dummy;
71 return cbs_get(cbs, &dummy, len);
72}
73
74const uint8_t *
75CBS_data(const CBS *cbs)
76{
77 return cbs->data;
78}
79
80size_t
81CBS_len(const CBS *cbs)
82{
83 return cbs->len;
84}
85
86int
87CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len)
88{
89 free(*out_ptr);
90 *out_ptr = NULL;
91 *out_len = 0;
92
93 if (cbs->len == 0)
94 return 1;
95
96 if ((*out_ptr = malloc(cbs->len)) == NULL)
97 return 0;
98
99 memcpy(*out_ptr, cbs->data, cbs->len);
100
101 *out_len = cbs->len;
102 return 1;
103}
104
105int
106CBS_strdup(const CBS *cbs, char **out_ptr)
107{
108 free(*out_ptr);
109 *out_ptr = NULL;
110
111 if (CBS_contains_zero_byte(cbs))
112 return 0;
113
114 *out_ptr = strndup((const char *)cbs->data, cbs->len);
115 return (*out_ptr != NULL);
116}
117
118int
119CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len, size_t *copied)
120{
121 if (dst_len < cbs->len)
122 return 0;
123
124 memmove(dst, cbs->data, cbs->len);
125
126 if (copied != NULL)
127 *copied = cbs->len;
128
129 return 1;
130}
131
132int
133CBS_contains_zero_byte(const CBS *cbs)
134{
135 return memchr(cbs->data, 0, cbs->len) != NULL;
136}
137
138int
139CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len)
140{
141 if (len != cbs->len)
142 return 0;
143
144 return timingsafe_memcmp(cbs->data, data, len) == 0;
145}
146
147static int
148cbs_get_u(CBS *cbs, uint32_t *out, size_t len)
149{
150 uint32_t result = 0;
151 size_t i;
152 const uint8_t *data;
153
154 if (len < 1 || len > 4)
155 return 0;
156
157 if (!cbs_get(cbs, &data, len))
158 return 0;
159
160 for (i = 0; i < len; i++) {
161 result <<= 8;
162 result |= data[i];
163 }
164 *out = result;
165 return 1;
166}
167
168int
169CBS_get_u8(CBS *cbs, uint8_t *out)
170{
171 const uint8_t *v;
172
173 if (!cbs_get(cbs, &v, 1))
174 return 0;
175
176 *out = *v;
177 return 1;
178}
179
180int
181CBS_get_u16(CBS *cbs, uint16_t *out)
182{
183 uint32_t v;
184
185 if (!cbs_get_u(cbs, &v, 2))
186 return 0;
187
188 *out = v;
189 return 1;
190}
191
192int
193CBS_get_u24(CBS *cbs, uint32_t *out)
194{
195 return cbs_get_u(cbs, out, 3);
196}
197
198int
199CBS_get_u32(CBS *cbs, uint32_t *out)
200{
201 return cbs_get_u(cbs, out, 4);
202}
203
204int
205CBS_get_u64(CBS *cbs, uint64_t *out)
206{
207 uint32_t a, b;
208
209 if (cbs->len < 8)
210 return 0;
211
212 if (!CBS_get_u32(cbs, &a))
213 return 0;
214 if (!CBS_get_u32(cbs, &b))
215 return 0;
216
217 *out = (uint64_t)a << 32 | b;
218 return 1;
219}
220
221int
222CBS_get_last_u8(CBS *cbs, uint8_t *out)
223{
224 if (cbs->len == 0)
225 return 0;
226
227 *out = cbs->data[cbs->len - 1];
228 cbs->len--;
229 return 1;
230}
231
232int
233CBS_get_bytes(CBS *cbs, CBS *out, size_t len)
234{
235 const uint8_t *v;
236
237 if (!cbs_get(cbs, &v, len))
238 return 0;
239
240 CBS_init(out, v, len);
241 return 1;
242}
243
244static int
245cbs_get_length_prefixed(CBS *cbs, CBS *out, size_t len_len)
246{
247 uint32_t len;
248
249 if (!cbs_get_u(cbs, &len, len_len))
250 return 0;
251
252 return CBS_get_bytes(cbs, out, len);
253}
254
255int
256CBS_get_u8_length_prefixed(CBS *cbs, CBS *out)
257{
258 return cbs_get_length_prefixed(cbs, out, 1);
259}
260
261int
262CBS_get_u16_length_prefixed(CBS *cbs, CBS *out)
263{
264 return cbs_get_length_prefixed(cbs, out, 2);
265}
266
267int
268CBS_get_u24_length_prefixed(CBS *cbs, CBS *out)
269{
270 return cbs_get_length_prefixed(cbs, out, 3);
271}
272
273static int
274cbs_peek_u(CBS *cbs, uint32_t *out, size_t len)
275{
276 uint32_t result = 0;
277 size_t i;
278 const uint8_t *data;
279
280 if (len < 1 || len > 4)
281 return 0;
282
283 if (!cbs_peek(cbs, &data, len))
284 return 0;
285
286 for (i = 0; i < len; i++) {
287 result <<= 8;
288 result |= data[i];
289 }
290 *out = result;
291 return 1;
292}
293
294int
295CBS_peek_u8(CBS *cbs, uint8_t *out)
296{
297 const uint8_t *v;
298
299 if (!cbs_peek(cbs, &v, 1))
300 return 0;
301
302 *out = *v;
303 return 1;
304}
305
306int
307CBS_peek_u16(CBS *cbs, uint16_t *out)
308{
309 uint32_t v;
310
311 if (!cbs_peek_u(cbs, &v, 2))
312 return 0;
313
314 *out = v;
315 return 1;
316}
317
318int
319CBS_peek_u24(CBS *cbs, uint32_t *out)
320{
321 return cbs_peek_u(cbs, out, 3);
322}
323
324int
325CBS_peek_u32(CBS *cbs, uint32_t *out)
326{
327 return cbs_peek_u(cbs, out, 4);
328}
329
330int
331CBS_peek_last_u8(CBS *cbs, uint8_t *out)
332{
333 if (cbs->len == 0)
334 return 0;
335
336 *out = cbs->data[cbs->len - 1];
337 return 1;
338}
339
340int
341CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
342 size_t *out_header_len)
343{
344 return cbs_get_any_asn1_element_internal(cbs, out, out_tag,
345 out_header_len, 1);
346}
347
348/*
349 * Review X.690 for details on ASN.1 DER encoding.
350 *
351 * If non-strict mode is enabled, then DER rules are relaxed
352 * for indefinite constructs (violates DER but a little closer to BER).
353 * Non-strict mode should only be used by bs_ber.c
354 *
355 * Sections 8, 10 and 11 for DER encoding
356 */
357int
358cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
359 size_t *out_header_len, int strict)
360{
361 uint8_t tag, length_byte;
362 CBS header = *cbs;
363 CBS throwaway;
364 size_t len;
365
366 if (out == NULL)
367 out = &throwaway;
368
369 /*
370 * Get identifier octet and length octet. Only 1 octet for each
371 * is a CBS limitation.
372 */
373 if (!CBS_get_u8(&header, &tag) || !CBS_get_u8(&header, &length_byte))
374 return 0;
375
376 /* CBS limitation: long form tags are not supported. */
377 if ((tag & 0x1f) == 0x1f)
378 return 0;
379
380 if (out_tag != NULL)
381 *out_tag = tag;
382
383 if ((length_byte & 0x80) == 0) {
384 /* Short form length. */
385 len = ((size_t) length_byte) + 2;
386 if (out_header_len != NULL)
387 *out_header_len = 2;
388
389 } else {
390 /* Long form length. */
391 const size_t num_bytes = length_byte & 0x7f;
392 uint32_t len32;
393
394 /* ASN.1 reserved value for future extensions */
395 if (num_bytes == 0x7f)
396 return 0;
397
398 /* Handle indefinite form length */
399 if (num_bytes == 0) {
400 /* DER encoding doesn't allow for indefinite form. */
401 if (strict)
402 return 0;
403
404 /* Primitive cannot use indefinite in BER or DER. */
405 if ((tag & CBS_ASN1_CONSTRUCTED) == 0)
406 return 0;
407
408 /* Constructed, indefinite length allowed in BER. */
409 if (out_header_len != NULL)
410 *out_header_len = 2;
411 return CBS_get_bytes(cbs, out, 2);
412 }
413
414 /* CBS limitation. */
415 if (num_bytes > 4)
416 return 0;
417
418 if (!cbs_get_u(&header, &len32, num_bytes))
419 return 0;
420
421 /* DER has a minimum length octet requirement. */
422 if (len32 < 128)
423 /* Should have used short form instead */
424 return 0;
425
426 if ((len32 >> ((num_bytes - 1) * 8)) == 0)
427 /* Length should have been at least one byte shorter. */
428 return 0;
429
430 len = len32;
431 if (len + 2 + num_bytes < len)
432 /* Overflow. */
433 return 0;
434
435 len += 2 + num_bytes;
436 if (out_header_len != NULL)
437 *out_header_len = 2 + num_bytes;
438 }
439
440 return CBS_get_bytes(cbs, out, len);
441}
442
443static int
444cbs_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value, int skip_header)
445{
446 size_t header_len;
447 unsigned int tag;
448 CBS throwaway;
449
450 if (out == NULL)
451 out = &throwaway;
452
453 if (!CBS_get_any_asn1_element(cbs, out, &tag, &header_len) ||
454 tag != tag_value)
455 return 0;
456
457 if (skip_header && !CBS_skip(out, header_len))
458 return 0;
459
460 return 1;
461}
462
463int
464CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value)
465{
466 return cbs_get_asn1(cbs, out, tag_value, 1 /* skip header */);
467}
468
469int
470CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value)
471{
472 return cbs_get_asn1(cbs, out, tag_value, 0 /* include header */);
473}
474
475int
476CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value)
477{
478 if (CBS_len(cbs) < 1)
479 return 0;
480
481 /*
482 * Tag number 31 indicates the start of a long form number.
483 * This is valid in ASN.1, but CBS only supports short form.
484 */
485 if ((tag_value & 0x1f) == 0x1f)
486 return 0;
487
488 return CBS_data(cbs)[0] == tag_value;
489}
490
491/* Encoding details are in ASN.1: X.690 section 8.3 */
492int
493CBS_get_asn1_uint64(CBS *cbs, uint64_t *out)
494{
495 CBS bytes;
496 const uint8_t *data;
497 size_t i, len;
498
499 if (!CBS_get_asn1(cbs, &bytes, CBS_ASN1_INTEGER))
500 return 0;
501
502 *out = 0;
503 data = CBS_data(&bytes);
504 len = CBS_len(&bytes);
505
506 if (len == 0)
507 /* An INTEGER is encoded with at least one content octet. */
508 return 0;
509
510 if ((data[0] & 0x80) != 0)
511 /* Negative number. */
512 return 0;
513
514 if (data[0] == 0 && len > 1 && (data[1] & 0x80) == 0)
515 /* Violates smallest encoding rule: excessive leading zeros. */
516 return 0;
517
518 for (i = 0; i < len; i++) {
519 if ((*out >> 56) != 0)
520 /* Too large to represent as a uint64_t. */
521 return 0;
522
523 *out <<= 8;
524 *out |= data[i];
525 }
526
527 return 1;
528}
529
530int
531CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present, unsigned int tag)
532{
533 if (CBS_peek_asn1_tag(cbs, tag)) {
534 if (!CBS_get_asn1(cbs, out, tag))
535 return 0;
536
537 *out_present = 1;
538 } else {
539 *out_present = 0;
540 }
541 return 1;
542}
543
544int
545CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
546 unsigned int tag)
547{
548 CBS child;
549 int present;
550
551 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
552 return 0;
553
554 if (present) {
555 if (!CBS_get_asn1(&child, out, CBS_ASN1_OCTETSTRING) ||
556 CBS_len(&child) != 0)
557 return 0;
558 } else {
559 CBS_init(out, NULL, 0);
560 }
561 if (out_present)
562 *out_present = present;
563
564 return 1;
565}
566
567int
568CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
569 uint64_t default_value)
570{
571 CBS child;
572 int present;
573
574 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
575 return 0;
576
577 if (present) {
578 if (!CBS_get_asn1_uint64(&child, out) ||
579 CBS_len(&child) != 0)
580 return 0;
581 } else {
582 *out = default_value;
583 }
584 return 1;
585}
586
587int
588CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
589 int default_value)
590{
591 CBS child, child2;
592 int present;
593
594 if (!CBS_get_optional_asn1(cbs, &child, &present, tag))
595 return 0;
596
597 if (present) {
598 uint8_t boolean;
599
600 if (!CBS_get_asn1(&child, &child2, CBS_ASN1_BOOLEAN) ||
601 CBS_len(&child2) != 1 || CBS_len(&child) != 0)
602 return 0;
603
604 boolean = CBS_data(&child2)[0];
605 if (boolean == 0)
606 *out = 0;
607 else if (boolean == 0xff)
608 *out = 1;
609 else
610 return 0;
611
612 } else {
613 *out = default_value;
614 }
615 return 1;
616}
diff --git a/src/lib/libcrypto/bytestring/bytestring.h b/src/lib/libcrypto/bytestring/bytestring.h
deleted file mode 100644
index a8028c29f7..0000000000
--- a/src/lib/libcrypto/bytestring/bytestring.h
+++ /dev/null
@@ -1,571 +0,0 @@
1/* $OpenBSD: bytestring.h,v 1.6 2024/12/05 19:57:37 tb Exp $ */
2/*
3 * Copyright (c) 2014, Google Inc.
4 *
5 * Permission to use, copy, modify, and/or distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
12 * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
14 * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
15 * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 */
17
18#ifndef OPENSSL_HEADER_BYTESTRING_H
19#define OPENSSL_HEADER_BYTESTRING_H
20
21#include <sys/types.h>
22#include <stdint.h>
23
24__BEGIN_HIDDEN_DECLS
25
26/*
27 * Bytestrings are used for parsing and building TLS and ASN.1 messages.
28 *
29 * A "CBS" (CRYPTO ByteString) represents a string of bytes in memory and
30 * provides utility functions for safely parsing length-prefixed structures
31 * like TLS and ASN.1 from it.
32 *
33 * A "CBB" (CRYPTO ByteBuilder) is a memory buffer that grows as needed and
34 * provides utility functions for building length-prefixed messages.
35 */
36
37/* CRYPTO ByteString */
38typedef struct cbs_st {
39 const uint8_t *data;
40 size_t initial_len;
41 size_t len;
42} CBS;
43
44/*
45 * CBS_init sets |cbs| to point to |data|. It does not take ownership of
46 * |data|.
47 */
48void CBS_init(CBS *cbs, const uint8_t *data, size_t len);
49
50/*
51 * CBS_skip advances |cbs| by |len| bytes. It returns one on success and zero
52 * otherwise.
53 */
54int CBS_skip(CBS *cbs, size_t len);
55
56/*
57 * CBS_data returns a pointer to the contents of |cbs|.
58 */
59const uint8_t *CBS_data(const CBS *cbs);
60
61/*
62 * CBS_len returns the number of bytes remaining in |cbs|.
63 */
64size_t CBS_len(const CBS *cbs);
65
66/*
67 * CBS_offset returns the current offset into the original data of |cbs|.
68 */
69size_t CBS_offset(const CBS *cbs);
70
71/*
72 * CBS_stow copies the current contents of |cbs| into |*out_ptr| and
73 * |*out_len|. If |*out_ptr| is not NULL, the contents are freed with
74 * free. It returns one on success and zero on allocation failure. On
75 * success, |*out_ptr| should be freed with free. If |cbs| is empty,
76 * |*out_ptr| will be NULL.
77 */
78int CBS_stow(const CBS *cbs, uint8_t **out_ptr, size_t *out_len);
79
80/*
81 * CBS_strdup copies the current contents of |cbs| into |*out_ptr| as a
82 * NUL-terminated C string. If |*out_ptr| is not NULL, the contents are freed
83 * with free. It returns one on success and zero on failure. On success,
84 * |*out_ptr| should be freed with free. If |cbs| contains NUL bytes,
85 * CBS_strdup will fail.
86 */
87int CBS_strdup(const CBS *cbs, char **out_ptr);
88
89/*
90 * CBS_write_bytes writes all of the remaining data from |cbs| into |dst|
91 * if it is at most |dst_len| bytes. If |copied| is not NULL, it will be set
92 * to the amount copied. It returns one on success and zero otherwise.
93 */
94int CBS_write_bytes(const CBS *cbs, uint8_t *dst, size_t dst_len,
95 size_t *copied);
96
97/*
98 * CBS_contains_zero_byte returns one if the current contents of |cbs| contains
99 * a NUL byte and zero otherwise.
100 */
101int CBS_contains_zero_byte(const CBS *cbs);
102
103/*
104 * CBS_mem_equal compares the current contents of |cbs| with the |len| bytes
105 * starting at |data|. If they're equal, it returns one, otherwise zero. If the
106 * lengths match, it uses a constant-time comparison.
107 */
108int CBS_mem_equal(const CBS *cbs, const uint8_t *data, size_t len);
109
110/*
111 * CBS_get_u8 sets |*out| to the next uint8_t from |cbs| and advances |cbs|. It
112 * returns one on success and zero on error.
113 */
114int CBS_get_u8(CBS *cbs, uint8_t *out);
115
116/*
117 * CBS_get_u16 sets |*out| to the next, big-endian uint16_t from |cbs| and
118 * advances |cbs|. It returns one on success and zero on error.
119 */
120int CBS_get_u16(CBS *cbs, uint16_t *out);
121
122/*
123 * CBS_get_u24 sets |*out| to the next, big-endian 24-bit value from |cbs| and
124 * advances |cbs|. It returns one on success and zero on error.
125 */
126int CBS_get_u24(CBS *cbs, uint32_t *out);
127
128/*
129 * CBS_get_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|
130 * and advances |cbs|. It returns one on success and zero on error.
131 */
132int CBS_get_u32(CBS *cbs, uint32_t *out);
133
134/*
135 * CBS_get_u64 sets |*out| to the next, big-endian uint64_t value from |cbs|
136 * and advances |cbs|. It returns one on success and zero on error.
137 */
138int CBS_get_u64(CBS *cbs, uint64_t *out);
139
140/*
141 * CBS_get_last_u8 sets |*out| to the last uint8_t from |cbs| and shortens
142 * |cbs|. It returns one on success and zero on error.
143 */
144int CBS_get_last_u8(CBS *cbs, uint8_t *out);
145
146/*
147 * CBS_get_bytes sets |*out| to the next |len| bytes from |cbs| and advances
148 * |cbs|. It returns one on success and zero on error.
149 */
150int CBS_get_bytes(CBS *cbs, CBS *out, size_t len);
151
152/*
153 * CBS_get_u8_length_prefixed sets |*out| to the contents of an 8-bit,
154 * length-prefixed value from |cbs| and advances |cbs| over it. It returns one
155 * on success and zero on error.
156 */
157int CBS_get_u8_length_prefixed(CBS *cbs, CBS *out);
158
159/*
160 * CBS_get_u16_length_prefixed sets |*out| to the contents of a 16-bit,
161 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
162 * returns one on success and zero on error.
163 */
164int CBS_get_u16_length_prefixed(CBS *cbs, CBS *out);
165
166/*
167 * CBS_get_u24_length_prefixed sets |*out| to the contents of a 24-bit,
168 * big-endian, length-prefixed value from |cbs| and advances |cbs| over it. It
169 * returns one on success and zero on error.
170 */
171int CBS_get_u24_length_prefixed(CBS *cbs, CBS *out);
172
173/*
174 * CBS_peek_u8 sets |*out| to the next uint8_t from |cbs|, but does not advance
175 * |cbs|. It returns one on success and zero on error.
176 */
177int CBS_peek_u8(CBS *cbs, uint8_t *out);
178
179/*
180 * CBS_peek_u16 sets |*out| to the next, big-endian uint16_t from |cbs|, but
181 * does not advance |cbs|. It returns one on success and zero on error.
182 */
183int CBS_peek_u16(CBS *cbs, uint16_t *out);
184
185/*
186 * CBS_peek_u24 sets |*out| to the next, big-endian 24-bit value from |cbs|, but
187 * does not advance |cbs|. It returns one on success and zero on error.
188 */
189int CBS_peek_u24(CBS *cbs, uint32_t *out);
190
191/*
192 * CBS_peek_u32 sets |*out| to the next, big-endian uint32_t value from |cbs|,
193 * but does not advance |cbs|. It returns one on success and zero on error.
194 */
195int CBS_peek_u32(CBS *cbs, uint32_t *out);
196
197/*
198 * CBS_peek_last_u8 sets |*out| to the last uint8_t from |cbs|, but does not
199 * shorten |cbs|. It returns one on success and zero on error.
200 */
201int CBS_peek_last_u8(CBS *cbs, uint8_t *out);
202
203
204/* Parsing ASN.1 */
205
206/*
207 * While an identifier can be multiple octets, this library only handles the
208 * single octet variety currently. This limits support up to tag number 30
209 * since tag number 31 is a reserved value to indicate multiple octets.
210 */
211
212/* Bits 8 and 7: class tag type: See X.690 section 8.1.2.2. */
213#define CBS_ASN1_UNIVERSAL 0x00
214#define CBS_ASN1_APPLICATION 0x40
215#define CBS_ASN1_CONTEXT_SPECIFIC 0x80
216#define CBS_ASN1_PRIVATE 0xc0
217
218/* Bit 6: Primitive or constructed: See X.690 section 8.1.2.3. */
219#define CBS_ASN1_PRIMITIVE 0x00
220#define CBS_ASN1_CONSTRUCTED 0x20
221
222/*
223 * Bits 5 to 1 are the tag number. See X.680 section 8.6 for tag numbers of
224 * the universal class.
225 */
226
227/*
228 * Common universal identifier octets.
229 * See X.690 section 8.1 and X.680 section 8.6 for universal tag numbers.
230 *
231 * Note: These definitions are the cause of some of the strange behavior in
232 * CBS's bs_ber.c.
233 *
234 * In BER, it is the sender's option to use primitive or constructed for
235 * bitstring (X.690 section 8.6.1) and octetstring (X.690 section 8.7.1).
236 *
237 * In DER, bitstring and octetstring are required to be primitive
238 * (X.690 section 10.2).
239 */
240#define CBS_ASN1_BOOLEAN (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x1)
241#define CBS_ASN1_INTEGER (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x2)
242#define CBS_ASN1_BITSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x3)
243#define CBS_ASN1_OCTETSTRING (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x4)
244#define CBS_ASN1_OBJECT (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0x6)
245#define CBS_ASN1_ENUMERATED (CBS_ASN1_UNIVERSAL | CBS_ASN1_PRIMITIVE | 0xa)
246#define CBS_ASN1_SEQUENCE (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x10)
247#define CBS_ASN1_SET (CBS_ASN1_UNIVERSAL | CBS_ASN1_CONSTRUCTED | 0x11)
248
249/*
250 * CBS_get_asn1 sets |*out| to the contents of DER-encoded, ASN.1 element (not
251 * including tag and length bytes) and advances |cbs| over it. The ASN.1
252 * element must match |tag_value|. It returns one on success and zero
253 * on error.
254 *
255 * Tag numbers greater than 30 are not supported (i.e. short form only).
256 */
257int CBS_get_asn1(CBS *cbs, CBS *out, unsigned int tag_value);
258
259/*
260 * CBS_get_asn1_element acts like |CBS_get_asn1| but |out| will include the
261 * ASN.1 header bytes too.
262 */
263int CBS_get_asn1_element(CBS *cbs, CBS *out, unsigned int tag_value);
264
265/*
266 * CBS_peek_asn1_tag looks ahead at the next ASN.1 tag and returns one
267 * if the next ASN.1 element on |cbs| would have tag |tag_value|. If
268 * |cbs| is empty or the tag does not match, it returns zero. Note: if
269 * it returns one, CBS_get_asn1 may still fail if the rest of the
270 * element is malformed.
271 */
272int CBS_peek_asn1_tag(const CBS *cbs, unsigned int tag_value);
273
274/*
275 * CBS_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
276 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
277 * the tag number and |*out_header_len| to the length of the ASN.1 header.
278 * Each of |out|, |out_tag|, and |out_header_len| may be NULL to ignore
279 * the value.
280 *
281 * Tag numbers greater than 30 are not supported (i.e. short form only).
282 */
283int CBS_get_any_asn1_element(CBS *cbs, CBS *out, unsigned int *out_tag,
284 size_t *out_header_len);
285
286/*
287 * CBS_get_asn1_uint64 gets an ASN.1 INTEGER from |cbs| using |CBS_get_asn1|
288 * and sets |*out| to its value. It returns one on success and zero on error,
289 * where error includes the integer being negative, or too large to represent
290 * in 64 bits.
291 */
292int CBS_get_asn1_uint64(CBS *cbs, uint64_t *out);
293
294/*
295 * CBS_get_optional_asn1 gets an optional explicitly-tagged element
296 * from |cbs| tagged with |tag| and sets |*out| to its contents. If
297 * present, it sets |*out_present| to one, otherwise zero. It returns
298 * one on success, whether or not the element was present, and zero on
299 * decode failure.
300 */
301int CBS_get_optional_asn1(CBS *cbs, CBS *out, int *out_present,
302 unsigned int tag);
303
304/*
305 * CBS_get_optional_asn1_octet_string gets an optional
306 * explicitly-tagged OCTET STRING from |cbs|. If present, it sets
307 * |*out| to the string and |*out_present| to one. Otherwise, it sets
308 * |*out| to empty and |*out_present| to zero. |out_present| may be
309 * NULL. It returns one on success, whether or not the element was
310 * present, and zero on decode failure.
311 */
312int CBS_get_optional_asn1_octet_string(CBS *cbs, CBS *out, int *out_present,
313 unsigned int tag);
314
315/*
316 * CBS_get_optional_asn1_uint64 gets an optional explicitly-tagged
317 * INTEGER from |cbs|. If present, it sets |*out| to the
318 * value. Otherwise, it sets |*out| to |default_value|. It returns one
319 * on success, whether or not the element was present, and zero on
320 * decode failure.
321 */
322int CBS_get_optional_asn1_uint64(CBS *cbs, uint64_t *out, unsigned int tag,
323 uint64_t default_value);
324
325/*
326 * CBS_get_optional_asn1_bool gets an optional, explicitly-tagged BOOLEAN from
327 * |cbs|. If present, it sets |*out| to either zero or one, based on the
328 * boolean. Otherwise, it sets |*out| to |default_value|. It returns one on
329 * success, whether or not the element was present, and zero on decode
330 * failure.
331 */
332int CBS_get_optional_asn1_bool(CBS *cbs, int *out, unsigned int tag,
333 int default_value);
334
335
336/*
337 * CRYPTO ByteBuilder.
338 *
339 * |CBB| objects allow one to build length-prefixed serialisations. A |CBB|
340 * object is associated with a buffer and new buffers are created with
341 * |CBB_init|. Several |CBB| objects can point at the same buffer when a
342 * length-prefix is pending, however only a single |CBB| can be 'current' at
343 * any one time. For example, if one calls |CBB_add_u8_length_prefixed| then
344 * the new |CBB| points at the same buffer as the original. But if the original
345 * |CBB| is used then the length prefix is written out and the new |CBB| must
346 * not be used again.
347 *
348 * If one needs to force a length prefix to be written out because a |CBB| is
349 * going out of scope, use |CBB_flush|.
350 */
351
352struct cbb_buffer_st {
353 uint8_t *buf;
354
355 /* The number of valid bytes. */
356 size_t len;
357
358 /* The size of buf. */
359 size_t cap;
360
361 /*
362 * One iff |buf| is owned by this object. If not then |buf| cannot be
363 * resized.
364 */
365 char can_resize;
366};
367
368typedef struct cbb_st {
369 struct cbb_buffer_st *base;
370
371 /*
372 * offset is the offset from the start of |base->buf| to the position of any
373 * pending length-prefix.
374 */
375 size_t offset;
376
377 /* child points to a child CBB if a length-prefix is pending. */
378 struct cbb_st *child;
379
380 /*
381 * pending_len_len contains the number of bytes in a pending length-prefix,
382 * or zero if no length-prefix is pending.
383 */
384 uint8_t pending_len_len;
385
386 char pending_is_asn1;
387
388 /*
389 * is_top_level is true iff this is a top-level |CBB| (as opposed to a child
390 * |CBB|). Top-level objects are valid arguments for |CBB_finish|.
391 */
392 char is_top_level;
393} CBB;
394
395/*
396 * CBB_init initialises |cbb| with |initial_capacity|. Since a |CBB| grows as
397 * needed, the |initial_capacity| is just a hint. It returns one on success or
398 * zero on error.
399 */
400int CBB_init(CBB *cbb, size_t initial_capacity);
401
402/*
403 * CBB_init_fixed initialises |cbb| to write to |len| bytes at |buf|. Since
404 * |buf| cannot grow, trying to write more than |len| bytes will cause CBB
405 * functions to fail. It returns one on success or zero on error.
406 */
407int CBB_init_fixed(CBB *cbb, uint8_t *buf, size_t len);
408
409/*
410 * CBB_cleanup frees all resources owned by |cbb| and other |CBB| objects
411 * writing to the same buffer. This should be used in an error case where a
412 * serialisation is abandoned.
413 */
414void CBB_cleanup(CBB *cbb);
415
416/*
417 * CBB_finish completes any pending length prefix and sets |*out_data| to a
418 * malloced buffer and |*out_len| to the length of that buffer. The caller
419 * takes ownership of the buffer and, unless the buffer was fixed with
420 * |CBB_init_fixed|, must call |free| when done.
421 *
422 * It can only be called on a "top level" |CBB|, i.e. one initialised with
423 * |CBB_init| or |CBB_init_fixed|. It returns one on success and zero on
424 * error.
425 */
426int CBB_finish(CBB *cbb, uint8_t **out_data, size_t *out_len);
427
428/*
429 * CBB_flush causes any pending length prefixes to be written out and any child
430 * |CBB| objects of |cbb| to be invalidated. It returns one on success or zero
431 * on error.
432 */
433int CBB_flush(CBB *cbb);
434
435/*
436 * CBB_discard_child discards the current unflushed child of |cbb|. Neither the
437 * child's contents nor the length prefix will be included in the output.
438 */
439void CBB_discard_child(CBB *cbb);
440
441/*
442 * CBB_add_u8_length_prefixed sets |*out_contents| to a new child of |cbb|. The
443 * data written to |*out_contents| will be prefixed in |cbb| with an 8-bit
444 * length. It returns one on success or zero on error.
445 */
446int CBB_add_u8_length_prefixed(CBB *cbb, CBB *out_contents);
447
448/*
449 * CBB_add_u16_length_prefixed sets |*out_contents| to a new child of |cbb|.
450 * The data written to |*out_contents| will be prefixed in |cbb| with a 16-bit,
451 * big-endian length. It returns one on success or zero on error.
452 */
453int CBB_add_u16_length_prefixed(CBB *cbb, CBB *out_contents);
454
455/*
456 * CBB_add_u24_length_prefixed sets |*out_contents| to a new child of |cbb|.
457 * The data written to |*out_contents| will be prefixed in |cbb| with a 24-bit,
458 * big-endian length. It returns one on success or zero on error.
459 */
460int CBB_add_u24_length_prefixed(CBB *cbb, CBB *out_contents);
461
462/*
463 * CBB_add_u32_length_prefixed sets |*out_contents| to a new child of |cbb|.
464 * The data written to |*out_contents| will be prefixed in |cbb| with a 32-bit,
465 * big-endian length. It returns one on success or zero on error.
466 */
467int CBB_add_u32_length_prefixed(CBB *cbb, CBB *out_contents);
468
469/*
470 * CBB_add_asn sets |*out_contents| to a |CBB| into which the contents of an
471 * ASN.1 object can be written. The |tag| argument will be used as the tag for
472 * the object. Passing in |tag| number 31 will return in an error since only
473 * single octet identifiers are supported. It returns one on success or zero
474 * on error.
475 */
476int CBB_add_asn1(CBB *cbb, CBB *out_contents, unsigned int tag);
477
478/*
479 * CBB_add_bytes appends |len| bytes from |data| to |cbb|. It returns one on
480 * success and zero otherwise.
481 */
482int CBB_add_bytes(CBB *cbb, const uint8_t *data, size_t len);
483
484/*
485 * CBB_add_space appends |len| bytes to |cbb| and sets |*out_data| to point to
486 * the beginning of that space. The caller must then write |len| bytes of
487 * actual contents to |*out_data|. It returns one on success and zero
488 * otherwise.
489 */
490int CBB_add_space(CBB *cbb, uint8_t **out_data, size_t len);
491
492/*
493 * CBB_add_u8 appends an 8-bit number from |value| to |cbb|. It returns one on
494 * success and zero otherwise.
495 */
496int CBB_add_u8(CBB *cbb, size_t value);
497
498/*
499 * CBB_add_u8 appends a 16-bit, big-endian number from |value| to |cbb|. It
500 * returns one on success and zero otherwise.
501 */
502int CBB_add_u16(CBB *cbb, size_t value);
503
504/*
505 * CBB_add_u24 appends a 24-bit, big-endian number from |value| to |cbb|. It
506 * returns one on success and zero otherwise.
507 */
508int CBB_add_u24(CBB *cbb, size_t value);
509
510/*
511 * CBB_add_u32 appends a 32-bit, big-endian number from |value| to |cbb|. It
512 * returns one on success and zero otherwise.
513 */
514int CBB_add_u32(CBB *cbb, size_t value);
515
516/*
517 * CBB_add_u64 appends a 64-bit, big-endian number from |value| to |cbb|. It
518 * returns one on success and zero otherwise.
519 */
520int CBB_add_u64(CBB *cbb, uint64_t value);
521
522/*
523 * CBB_add_asn1_uint64 writes an ASN.1 INTEGER into |cbb| using |CBB_add_asn1|
524 * and writes |value| in its contents. It returns one on success and zero on
525 * error.
526 */
527int CBB_add_asn1_uint64(CBB *cbb, uint64_t value);
528
529#ifdef LIBRESSL_INTERNAL
530/*
531 * CBS_dup sets |out| to point to cbs's |data| and |len|. It results in two
532 * CBS that point to the same buffer.
533 */
534void CBS_dup(const CBS *cbs, CBS *out);
535
536/*
537 * cbs_get_any_asn1_element sets |*out| to contain the next ASN.1 element from
538 * |*cbs| (including header bytes) and advances |*cbs|. It sets |*out_tag| to
539 * the tag number and |*out_header_len| to the length of the ASN.1 header. If
540 * strict mode is disabled and the element has indefinite length then |*out|
541 * will only contain the header. Each of |out|, |out_tag|, and
542 * |out_header_len| may be NULL to ignore the value.
543 *
544 * Tag numbers greater than 30 are not supported (i.e. short form only).
545 */
546int cbs_get_any_asn1_element_internal(CBS *cbs, CBS *out, unsigned int *out_tag,
547 size_t *out_header_len, int strict);
548
549/*
550 * CBS_asn1_indefinite_to_definite reads an ASN.1 structure from |in|. If it
551 * finds indefinite-length elements that otherwise appear to be valid DER, it
552 * attempts to convert the DER-like data to DER and sets |*out| and
553 * |*out_length| to describe a malloced buffer containing the DER data.
554 * Additionally, |*in| will be advanced over the ASN.1 data.
555 *
556 * If it doesn't find any indefinite-length elements then it sets |*out| to
557 * NULL and |*in| is unmodified.
558 *
559 * This is NOT a conversion from BER to DER. There are many restrictions when
560 * dealing with DER data. This is only concerned with one: indefinite vs.
561 * definite form. However, this suffices to handle the PKCS#7 and PKCS#12 output
562 * from NSS.
563 *
564 * It returns one on success and zero otherwise.
565 */
566int CBS_asn1_indefinite_to_definite(CBS *in, uint8_t **out, size_t *out_len);
567#endif /* LIBRESSL_INTERNAL */
568
569__END_HIDDEN_DECLS
570
571#endif /* OPENSSL_HEADER_BYTESTRING_H */
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-07 13:14:08 +0000