1/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to.  The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 *    notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 *    notice, this list of conditions and the following disclaimer in the
29 *    documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 *    must display the following acknowledgement:
32 *    "This product includes cryptographic software written by
33 *     Eric Young (eay@cryptsoft.com)"
34 *    The word 'cryptographic' can be left out if the rouines from the library
35 *    being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 *    the apps directory (application code) you must include an acknowledgement:
38 *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed.  i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57#include <openssl/asn1.h>
58
59#include <limits.h>
60
61#include <openssl/buf.h>
62#include <openssl/err.h>
63#include <openssl/mem.h>
64
65static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb);
66
67#ifndef NO_OLD_ASN1
68# ifndef OPENSSL_NO_FP_API
69
70void *ASN1_d2i_fp(void *(*xnew) (void), d2i_of_void *d2i, FILE *in, void **x)
71{
72    BIO *b;
73    void *ret;
74
75    if ((b = BIO_new(BIO_s_file())) == NULL) {
76        OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
77        return (NULL);
78    }
79    BIO_set_fp(b, in, BIO_NOCLOSE);
80    ret = ASN1_d2i_bio(xnew, d2i, b, x);
81    BIO_free(b);
82    return (ret);
83}
84# endif
85
86void *ASN1_d2i_bio(void *(*xnew) (void), d2i_of_void *d2i, BIO *in, void **x)
87{
88    BUF_MEM *b = NULL;
89    const unsigned char *p;
90    void *ret = NULL;
91    int len;
92
93    len = asn1_d2i_read_bio(in, &b);
94    if (len < 0)
95        goto err;
96
97    p = (unsigned char *)b->data;
98    ret = d2i(x, &p, len);
99 err:
100    if (b != NULL)
101        BUF_MEM_free(b);
102    return (ret);
103}
104
105#endif
106
107void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x)
108{
109    BUF_MEM *b = NULL;
110    const unsigned char *p;
111    void *ret = NULL;
112    int len;
113
114    len = asn1_d2i_read_bio(in, &b);
115    if (len < 0)
116        goto err;
117
118    p = (const unsigned char *)b->data;
119    ret = ASN1_item_d2i(x, &p, len, it);
120 err:
121    if (b != NULL)
122        BUF_MEM_free(b);
123    return (ret);
124}
125
126#ifndef OPENSSL_NO_FP_API
127void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x)
128{
129    BIO *b;
130    char *ret;
131
132    if ((b = BIO_new(BIO_s_file())) == NULL) {
133        OPENSSL_PUT_ERROR(ASN1, ERR_R_BUF_LIB);
134        return (NULL);
135    }
136    BIO_set_fp(b, in, BIO_NOCLOSE);
137    ret = ASN1_item_d2i_bio(it, b, x);
138    BIO_free(b);
139    return (ret);
140}
141#endif
142
143#define HEADER_SIZE   8
144#define ASN1_CHUNK_INITIAL_SIZE (16 * 1024)
145static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb)
146{
147    BUF_MEM *b;
148    unsigned char *p;
149    int i;
150    ASN1_const_CTX c;
151    size_t want = HEADER_SIZE;
152    int eos = 0;
153    size_t off = 0;
154    size_t len = 0;
155
156    b = BUF_MEM_new();
157    if (b == NULL) {
158        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
159        return -1;
160    }
161
162    ERR_clear_error();
163    for (;;) {
164        if (want >= (len - off)) {
165            want -= (len - off);
166
167            if (len + want < len || !BUF_MEM_grow_clean(b, len + want)) {
168                OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
169                goto err;
170            }
171            i = BIO_read(in, &(b->data[len]), want);
172            if ((i < 0) && ((len - off) == 0)) {
173                OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
174                goto err;
175            }
176            if (i > 0) {
177                if (len + i < len) {
178                    OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
179                    goto err;
180                }
181                len += i;
182            }
183        }
184        /* else data already loaded */
185
186        p = (unsigned char *)&(b->data[off]);
187        c.p = p;
188        c.inf = ASN1_get_object(&(c.p), &(c.slen), &(c.tag), &(c.xclass),
189                                len - off);
190        if (c.inf & 0x80) {
191            uint32_t e;
192
193            e = ERR_GET_REASON(ERR_peek_error());
194            if (e != ASN1_R_TOO_LONG)
195                goto err;
196            else
197                ERR_clear_error(); /* clear error */
198        }
199        i = c.p - p;            /* header length */
200        off += i;               /* end of data */
201
202        if (c.inf & 1) {
203            /* no data body so go round again */
204            eos++;
205            if (eos < 0) {
206                OPENSSL_PUT_ERROR(ASN1, ASN1_R_HEADER_TOO_LONG);
207                goto err;
208            }
209            want = HEADER_SIZE;
210        } else if (eos && (c.slen == 0) && (c.tag == V_ASN1_EOC)) {
211            /* eos value, so go back and read another header */
212            eos--;
213            if (eos <= 0)
214                break;
215            else
216                want = HEADER_SIZE;
217        } else {
218            /* suck in c.slen bytes of data */
219            want = c.slen;
220            if (want > (len - off)) {
221                size_t chunk_max = ASN1_CHUNK_INITIAL_SIZE;
222                want -= (len - off);
223                if (want > INT_MAX /* BIO_read takes an int length */  ||
224                    len + want < len) {
225                    OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
226                    goto err;
227                }
228                while (want > 0) {
229                    /*
230                     * Read content in chunks of increasing size
231                     * so we can return an error for EOF without
232                     * having to allocate the entire content length
233                     * in one go.
234                     */
235                    size_t chunk = want > chunk_max ? chunk_max : want;
236
237                    if (!BUF_MEM_grow_clean(b, len + chunk)) {
238                        OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
239                        goto err;
240                    }
241                    want -= chunk;
242                    while (chunk > 0) {
243                        i = BIO_read(in, &(b->data[len]), chunk);
244                        if (i <= 0) {
245                            OPENSSL_PUT_ERROR(ASN1, ASN1_R_NOT_ENOUGH_DATA);
246                            goto err;
247                        }
248                        /*
249                         * This can't overflow because |len+want| didn't
250                         * overflow.
251                         */
252                        len += i;
253                        chunk -= i;
254                    }
255                    if (chunk_max < INT_MAX/2)
256                        chunk_max *= 2;
257                }
258            }
259            if (off + c.slen < off) {
260                OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
261                goto err;
262            }
263            off += c.slen;
264            if (eos <= 0) {
265                break;
266            } else
267                want = HEADER_SIZE;
268        }
269    }
270
271    if (off > INT_MAX) {
272        OPENSSL_PUT_ERROR(ASN1, ASN1_R_TOO_LONG);
273        goto err;
274    }
275
276    *pb = b;
277    return off;
278 err:
279    if (b != NULL)
280        BUF_MEM_free(b);
281    return -1;
282}
283