| blob | 93e99b76ff3f772faf066a43e5a8c20e00f88584 |
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
16 // According to ITU-T X.690 section 8.2, a bool is encoded as a single octet
17 // where the octet of all zeroes is FALSE and a non-zero value for the octet
18 // is TRUE.
28 }
29 // ITU-T X.690 section 11.1 specifies that for DER, the TRUE value must be
30 // encoded as an octet of all ones.
34 }
36 }
38 // Reads a positive decimal number with |digits| digits and stores it in
39 // |*out|. This function does not check that the type of |*out| is large
40 // enough to hold 10^digits - 1; the caller must choose an appropriate type
41 // based on the number of digits they wish to parse.
49 }
52 }
54 }
57 }
59 // Checks that the values in a GeneralizedTime struct are valid. This involves
60 // checking that the year is 4 digits, the month is between 1 and 12, the day
61 // is a day that exists in that month (following current leap year rules),
62 // hours are between 0 and 23, minutes between 0 and 59, and seconds between
63 // 0 and 60 (to allow for leap seconds; no validation is done that a leap
64 // second is on a day that could be a leap second).
75 // Leap seconds are allowed.
79 // validate upper bound for day of month
106 }
111 }
113 }
119 }
121 // BER interprets any non-zero value as true, while DER requires a bool to
122 // have either all bits zero (false) or all bits one (true). To support
123 // malformed certs, we recognized the BER encoding instead of failing to
124 // parse.
127 }
134 // Note that for simplicity, this check only admits integers up to 2^63-1.
140 }
143 bytes_read++;
144 }
145 // ITU-T X.690 section 8.3.2 specifies that an integer value must be encoded
146 // in the smallest number of octets. If the encoding consists of more than
147 // one octet, then the bits of the first octet and the most significant bit
148 // of the second octet must not be all zeroes or all ones.
149 // Because this function only parses unsigned integers, there's no need to
150 // check for the all ones case.
158 }
161 }
162 }
165 }
171 }
176 // From ITU-T X.690, section 8.6.2.2 (applies to BER, CER, DER):
177 //
178 // The initial octet shall encode, as an unsigned binary integer with
179 // bit 1 as the least significant bit, the number of unused bits in the final
180 // subsequent octet. The number shall be in the range zero to seven.
187 Input bytes;
191 // Ensure that unused bits in the last byte are set to 0.
193 // From ITU-T X.690, section 8.6.2.3 (applies to BER, CER, DER):
194 //
195 // If the bitstring is empty, there shall be no subsequent octets,
196 // and the initial octet shall be zero.
201 // From ITU-T X.690, section 11.2.1 (applies to CER and DER, but not BER):
202 //
203 // Each unused bit in the final octet of the encoding of a bit string value
204 // shall be set to zero.
208 }
212 }
226 }
228 // A UTC Time in DER encoding should be YYMMDDHHMMSSZ, but some CAs encode
229 // the time following BER rules, which allows for YYMMDDHHMMZ. If the length
230 // is 11, assume it's YYMMDDHHMMZ, and in converting it to a GeneralizedTime,
231 // add in the seconds (set to 0).
234 GeneralizedTime time;
241 }
243 // Try to read the 'Z' at the end. If we read something else, then for it to
244 // be valid the next bytes should be seconds (and then followed by 'Z').
253 }
264 }
267 }
271 GeneralizedTime time;
279 }
289 }
292 }
296 GeneralizedTime time;
304 }
312 }