1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2  * All rights reserved.
3  *
4  * This package is an SSL implementation written
5  * by Eric Young (eay@cryptsoft.com).
6  * The implementation was written so as to conform with Netscapes SSL.
7  *
8  * This library is free for commercial and non-commercial use as long as
9  * the following conditions are aheared to.  The following conditions
10  * apply to all code found in this distribution, be it the RC4, RSA,
11  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12  * included with this distribution is covered by the same copyright terms
13  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14  *
15  * Copyright remains Eric Young's, and as such any Copyright notices in
16  * the code are not to be removed.
17  * If this package is used in a product, Eric Young should be given attribution
18  * as the author of the parts of the library used.
19  * This can be in the form of a textual message at program startup or
20  * in documentation (online or textual) provided with the package.
21  *
22  * Redistribution and use in source and binary forms, with or without
23  * modification, are permitted provided that the following conditions
24  * are met:
25  * 1. Redistributions of source code must retain the copyright
26  *    notice, this list of conditions and the following disclaimer.
27  * 2. Redistributions in binary form must reproduce the above copyright
28  *    notice, this list of conditions and the following disclaimer in the
29  *    documentation and/or other materials provided with the distribution.
30  * 3. All advertising materials mentioning features or use of this software
31  *    must display the following acknowledgement:
32  *    "This product includes cryptographic software written by
33  *     Eric Young (eay@cryptsoft.com)"
34  *    The word 'cryptographic' can be left out if the rouines from the library
35  *    being used are not cryptographic related :-).
36  * 4. If you include any Windows specific code (or a derivative thereof) from
37  *    the apps directory (application code) you must include an acknowledgement:
38  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39  *
40  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50  * SUCH DAMAGE.
51  *
52  * The licence and distribution terms for any publically available version or
53  * derivative of this code cannot be changed.  i.e. this code cannot simply be
54  * copied and put under another distribution licence
55  * [including the GNU Public Licence.] */
56 
57 #include <openssl/asn1.h>
58 
59 #include <limits.h>
60 
61 #include <openssl/buf.h>
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64 
65 
66 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
67 
68 #ifndef NO_OLD_ASN1
69 #ifndef OPENSSL_NO_FP_API
70 
ASN1_d2i_fp(void * (* xnew)(void),d2i_of_void * d2i,FILE * in,void ** x)71 void *ASN1_d2i_fp(void *(*xnew)(void), d2i_of_void *d2i, FILE *in, void **x)
72         {
73         BIO *b;
74         void *ret;
75 
76         if ((b=BIO_new(BIO_s_file())) == NULL)
77 		{
78 		OPENSSL_PUT_ERROR(ASN1, ASN1_d2i_fp, ERR_R_BUF_LIB);
79                 return(NULL);
80 		}
81         BIO_set_fp(b,in,BIO_NOCLOSE);
82         ret=ASN1_d2i_bio(xnew,d2i,b,x);
83         BIO_free(b);
84         return(ret);
85         }
86 #endif
87 
ASN1_d2i_bio(void * (* xnew)(void),d2i_of_void * d2i,BIO * in,void ** x)88 void *ASN1_d2i_bio(void *(*xnew)(void), d2i_of_void *d2i, BIO *in, void **x)
89 	{
90 	BUF_MEM *b = NULL;
91 	const unsigned char *p;
92 	void *ret=NULL;
93 	int len;
94 
95 	len = asn1_d2i_read_bio(in, &b);
96 	if(len < 0) goto err;
97 
98 	p=(unsigned char *)b->data;
99 	ret=d2i(x,&p,len);
100 err:
101 	if (b != NULL) BUF_MEM_free(b);
102 	return(ret);
103 	}
104 
105 #endif
106 
ASN1_item_d2i_bio(const ASN1_ITEM * it,BIO * in,void * x)107 void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
108 	{
109 	BUF_MEM *b = NULL;
110 	const unsigned char *p;
111 	void *ret=NULL;
112 	int len;
113 
114 	len = asn1_d2i_read_bio(in, &b);
115 	if(len < 0) goto err;
116 
117 	p=(const unsigned char *)b->data;
118 	ret=ASN1_item_d2i(x,&p,len, it);
119 err:
120 	if (b != NULL) BUF_MEM_free(b);
121 	return(ret);
122 	}
123 
124 #ifndef OPENSSL_NO_FP_API
ASN1_item_d2i_fp(const ASN1_ITEM * it,FILE * in,void * x)125 void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
126         {
127         BIO *b;
128         char *ret;
129 
130         if ((b=BIO_new(BIO_s_file())) == NULL)
131 		{
132 		OPENSSL_PUT_ERROR(ASN1, ASN1_item_d2i_fp, ERR_R_BUF_LIB);
133                 return(NULL);
134 		}
135         BIO_set_fp(b,in,BIO_NOCLOSE);
136         ret=ASN1_item_d2i_bio(it,b,x);
137         BIO_free(b);
138         return(ret);
139         }
140 #endif
141 
142 #define HEADER_SIZE   8
asn1_d2i_read_bio(BIO * in,BUF_MEM ** pb)143 static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
144 	{
145 	BUF_MEM *b;
146 	unsigned char *p;
147 	int i;
148 	ASN1_const_CTX c;
149 	size_t want=HEADER_SIZE;
150 	int eos=0;
151 	size_t off=0;
152 	size_t len=0;
153 
154 	b=BUF_MEM_new();
155 	if (b == NULL)
156 		{
157 		OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ERR_R_MALLOC_FAILURE);
158 		return -1;
159 		}
160 
161 	ERR_clear_error();
162 	for (;;)
163 		{
164 		if (want >= (len-off))
165 			{
166 			want-=(len-off);
167 
168 			if (len + want < len || !BUF_MEM_grow_clean(b,len+want))
169 				{
170 				OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ERR_R_MALLOC_FAILURE);
171 				goto err;
172 				}
173 			i=BIO_read(in,&(b->data[len]),want);
174 			if ((i < 0) && ((len-off) == 0))
175 				{
176 				OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_NOT_ENOUGH_DATA);
177 				goto err;
178 				}
179 			if (i > 0)
180 				{
181 				if (len+i < len)
182 					{
183 					OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG);
184 					goto err;
185 					}
186 				len+=i;
187 				}
188 			}
189 		/* else data already loaded */
190 
191 		p=(unsigned char *)&(b->data[off]);
192 		c.p=p;
193 		c.inf=ASN1_get_object(&(c.p),&(c.slen),&(c.tag),&(c.xclass),
194 			len-off);
195 		if (c.inf & 0x80)
196 			{
197 			uint32_t e;
198 
199 			e=ERR_GET_REASON(ERR_peek_error());
200 			if (e != ASN1_R_TOO_LONG)
201 				goto err;
202 			else
203 				ERR_clear_error(); /* clear error */
204 			}
205 		i=c.p-p;/* header length */
206 		off+=i;	/* end of data */
207 
208 		if (c.inf & 1)
209 			{
210 			/* no data body so go round again */
211 			eos++;
212 			if (eos < 0)
213 				{
214 				OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_HEADER_TOO_LONG);
215 				goto err;
216 				}
217 			want=HEADER_SIZE;
218 			}
219 		else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC))
220 			{
221 			/* eos value, so go back and read another header */
222 			eos--;
223 			if (eos <= 0)
224 				break;
225 			else
226 				want=HEADER_SIZE;
227 			}
228 		else
229 			{
230 			/* suck in c.slen bytes of data */
231 			want=c.slen;
232 			if (want > (len-off))
233 				{
234 				want-=(len-off);
235 				if (want > INT_MAX /* BIO_read takes an int length */ ||
236 					len+want < len)
237 						{
238 						OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG);
239 						goto err;
240 						}
241 				if (!BUF_MEM_grow_clean(b,len+want))
242 					{
243 					OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ERR_R_MALLOC_FAILURE);
244 					goto err;
245 					}
246 				while (want > 0)
247 					{
248 					i=BIO_read(in,&(b->data[len]),want);
249 					if (i <= 0)
250 						{
251 						OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_NOT_ENOUGH_DATA);
252 						goto err;
253 						}
254 					/* This can't overflow because
255 					 * |len+want| didn't overflow. */
256 					len+=i;
257 					want-=i;
258 					}
259 				}
260 			if (off + c.slen < off)
261 				{
262 				OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG);
263 				goto err;
264 				}
265 			off+=c.slen;
266 			if (eos <= 0)
267 				{
268 				break;
269 				}
270 			else
271 				want=HEADER_SIZE;
272 			}
273 		}
274 
275 	if (off > INT_MAX)
276 		{
277 		OPENSSL_PUT_ERROR(ASN1, asn1_d2i_read_bio, ASN1_R_TOO_LONG);
278 		goto err;
279 		}
280 
281 	*pb = b;
282 	return off;
283 err:
284 	if (b != NULL) BUF_MEM_free(b);
285 	return -1;
286 	}
287