| blob | 448b76d14bd553bf5eb018494bf89289ca63d087 |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
37 /*
38 * Support for DEcoding ASN.1 data based on BER/DER (Basic/Distinguished
39 * Encoding Rules).
40 *
41 * $Id: secasn1d.c,v 1.37 2007/01/03 12:57:41 nelson%bolyard.com Exp $
42 */
44 /* #define DEBUG_ASN1D_STATES 1 */
46 #ifdef DEBUG_ASN1D_STATES
47 #include <stdio.h>
48 #define PR_Assert sec_asn1d_Assert
49 #endif
55 beforeIdentifier,
56 duringIdentifier,
57 afterIdentifier,
58 beforeLength,
59 duringLength,
60 afterLength,
61 beforeBitString,
62 duringBitString,
63 duringConstructedString,
64 duringGroup,
65 duringLeaf,
66 duringSaveEncoding,
67 duringSequence,
68 afterConstructedString,
69 afterGroup,
70 afterExplicit,
71 afterImplicit,
72 afterInline,
73 afterPointer,
74 afterSaveEncoding,
75 beforeEndOfContents,
76 duringEndOfContents,
77 afterEndOfContents,
78 beforeChoice,
79 duringChoice,
80 afterChoice,
81 notInUse
84 #ifdef DEBUG_ASN1D_STATES
112 "notInUse"
113 };
119 "PRIVATE"
120 };
156 "HIGH_TAG_VALUE"
157 };
179 "unknown 80"
180 };
184 {
194 }
198 }
206 }
207 }
210 }
217 }
218 }
220 }
225 allDone,
226 decodeError,
227 keepGoing,
228 needBytes
235 };
247 sec_asn1d_parse_place place;
249 /*
250 * XXX explain the next fields as clearly as possible...
251 */
265 /*
266 * Bit strings have their length adjusted -- the first octet of the
267 * contents contains a value between 0 and 7 which says how many bits
268 * at the end of the octets are not actually part of the bit string;
269 * when parsing bit strings we put that value here because we need it
270 * later, for adjustment of the length (when the whole string is done).
271 */
274 /*
275 * The following are used for indefinite-length constructed strings.
276 */
280 PRPackedBool
291 #define IS_HIGH_TAG_NUMBER(n) ((n) == SEC_ASN1_HIGH_TAG_NUMBER)
292 #define LAST_TAG_NUMBER_BYTE(b) (((b) & 0x80) == 0)
293 #define TAG_NUMBER_BITS 7
294 #define TAG_NUMBER_MASK 0x7f
296 #define LENGTH_IS_SHORT_FORM(b) (((b) & 0x80) == 0)
297 #define LONG_FORM_LENGTH(b) ((b) & 0x7f)
299 #define HIGH_BITS(field,cnt) ((field) >> ((sizeof(field) * 8) - (cnt)))
302 /*
303 * An "outsider" will have an opaque pointer to this, created by calling
304 * SEC_ASN1DecoderStart(). It will be passed back in to all subsequent
305 * calls to SEC_ASN1DecoderUpdate(), and when done it is passed to
306 * SEC_ASN1DecoderFinish().
307 */
312 * XXX see comment below (by same
313 * ifdef) that explains why this
314 * does not work (need more smarts
315 * in order to free back to mark)
316 */
317 /*
318 * XXX how to make their_mark work in the case where they do NOT
319 * give us a pool pointer?
320 */
322 #endif
325 sec_asn1d_parse_status status;
334 };
337 /*
338 * XXX this is a fairly generic function that may belong elsewhere
339 */
342 {
346 /*
347 * Allocate from the pool.
348 */
351 /*
352 * Allocate generically.
353 */
355 }
358 }
361 /*
362 * XXX this is a fairly generic function that may belong elsewhere
363 */
366 {
373 }
380 {
390 }
396 }
411 }
412 }
414 }
419 loser:
424 }
426 }
429 static void
431 {
432 /*
433 * Some default "scrubbing".
434 * XXX right set of initializations?
435 */
441 }
444 static void
446 {
453 }
456 static void
458 {
465 }
470 {
477 /* XXX Check that both of these tests are really needed/appropriate. */
484 /*
485 * This is a "magic" field that saves away all bytes, allowing
486 * the immediately following field to still be decoded from this
487 * same spot -- sort of a fork.
488 */
489 /* check that there are no extraneous bits */
492 /*
493 * If we are not storing, then we do not do the SAVE field
494 * at all. Just move ahead to the "real" field instead,
495 * doing the appropriate notify calls before and after.
496 */
498 /*
499 * Since we are not storing, allow for our current dest value
500 * to be NULL. (This might not actually occur, but right now I
501 * cannot convince myself one way or the other.) If it is NULL,
502 * assume that our parent dest can help us out.
503 */
506 else
522 }
523 }
542 sec_asn1d_state *child = sec_asn1d_push_state(state->top, state->theTemplate, state->dest, PR_FALSE);
545 }
550 #else
553 #endif
554 }
560 PRBool child_allocate;
568 /*
569 * A POINTER means we need to allocate the destination for
570 * this field. But, since it may also be an optional field,
571 * we defer the allocation until later; we just record that
572 * it needs to be done.
573 *
574 * There are two possible scenarios here -- one is just a
575 * plain POINTER (kind of like INLINE, except with allocation)
576 * and the other is an implicitly-tagged POINTER. We don't
577 * need to do anything special here for the two cases, but
578 * since the template definition can be tricky, we do check
579 * that there are no extraneous bits set in encode_kind.
580 *
581 * XXX The same conditions which assert should set an error.
582 */
584 /*
585 * "universal" means this entry is a standalone POINTER;
586 * there should be no other bits set in encode_kind.
587 */
590 /*
591 * If we get here we have an implicitly-tagged field
592 * that needs to be put into a POINTER. The subtemplate
593 * will determine how to decode the field, but encode_kind
594 * describes the (implicit) tag we are looking for.
595 * The non-tag bits of encode_kind will be ignored by
596 * the code below; none of them should be set, however,
597 * except for the POINTER bit itself -- so check that.
598 */
601 }
609 /* check that there are no extraneous bits */
614 }
615 }
628 /*
629 * If this field is optional, we need to record that on
630 * the pushed child so it won't fail if the field isn't
631 * found. I can't think of a way that this new state
632 * could already have optional set (which we would wipe
633 * out below if our local optional is not set) -- but
634 * just to be sure, assert that it isn't set.
635 */
638 }
640 }
645 /*
646 * For explicit, we only need to match the encoding tag next,
647 * then we will push another state to handle the entire inner
648 * part. In this case, there is no underlying kind which plays
649 * any part in the determination of the outer, explicit tag.
650 * So we just set under_kind to 0, which is not a valid tag,
651 * and the rest of the tag matching stuff should be okay.
652 */
655 /*
656 * Nothing special; the underlying kind and the given encoding
657 * information are the same.
658 */
660 }
662 /* XXX is this the right set of bits to test here? */
664 | SEC_ASN1_MAY_STREAM
673 }
681 /*
682 * XXX This assumes only single-octet identifiers. To handle
683 * the HIGH TAG form we would need to do some more work, especially
684 * in how to specify them in the template, because right now we
685 * do not provide a way to specify more *tag* bits in encode_kind.
686 */
691 /*
692 * XXX A plain old SET (as opposed to a SET OF) is not implemented.
693 * If it ever is, remove this assert...
694 */
696 /* fallthru */
713 }
714 }
726 }
730 {
740 /* we've walked up the stack to a state that represents
741 ** the enclosing construct.
742 */
744 }
745 }
747 }
749 static PRBool
751 {
752 /* get state of enclosing construct. */
756 /* Is it one of the types that permits an unexpected EOC? */
762 }
764 }
766 static unsigned long
769 {
778 }
781 #ifdef DEBUG_ASN1D_STATES
782 {
786 }
787 #endif
793 /*
794 * Actually, we have no idea how many bytes are pending, but we
795 * do know that it is at least 1. That is all we know; we have
796 * to look at each byte to know if there is another, etc.
797 */
801 /*
802 * Our parent has indefinite-length encoding, and the
803 * entire tag found is 0, so it seems that we have hit the
804 * end-of-contents octets. To handle this, we just change
805 * our state to that which expects to get the bytes of the
806 * end-of-contents octets and let that code re-read this byte
807 * so that our categorization of field types is correct.
808 * After that, our parent will then deal with everything else.
809 */
814 /*
815 * We might be an optional field that is, as we now find out,
816 * missing. Give our parent a clue that this happened.
817 */
821 }
824 }
828 }
831 static unsigned long
834 {
844 }
850 /*
851 * The given high tag number overflows our container;
852 * just give up. This is not likely to *ever* happen.
853 */
857 }
864 len--;
867 }
873 }
876 static void
878 {
879 PRBool match;
896 }
897 }
898 }
901 static unsigned long
904 {
912 }
914 /*
915 * The default/likely outcome. It may get adjusted below.
916 */
930 }
931 }
933 /* If we're parsing an ANY, SKIP, or SAVE template, and
934 ** the object being saved is definite length encoded and constructed,
935 ** there's no point in decoding that construct's members.
936 ** So, just forget it's constructed and treat it as primitive.
937 ** (SAVE appears as an ANY at this point)
938 */
942 }
945 }
948 static unsigned long
951 {
960 }
966 /*
967 * The given full content length overflows our container;
968 * just give up.
969 */
973 }
978 len--;
980 }
986 }
989 static void
991 {
996 #ifdef DEBUG_ASN1D_STATES
997 {
1000 }
1001 #endif
1003 /*
1004 * XXX I cannot decide if this allocation should exclude the case
1005 * where state->endofcontents is true -- figure it out!
1006 */
1011 /*
1012 * We are handling a POINTER or a member of a GROUP, and need to
1013 * allocate for the data structure.
1014 */
1020 }
1023 /*
1024 * For a member of a GROUP, our parent will later put the
1025 * pointer wherever it belongs. But for a POINTER, we need
1026 * to record the destination now, in case notify or filter
1027 * procs need access to it -- they cannot find it otherwise,
1028 * until it is too late (for one-pass processing).
1029 */
1035 }
1036 }
1038 /*
1039 * Remember, length may be indefinite here! In that case,
1040 * both contents_length and pending will be zero.
1041 */
1044 /* If this item has definite length encoding, and
1045 ** is enclosed by a definite length constructed type,
1046 ** make sure it isn't longer than the remaining space in that
1047 ** constructed type.
1048 */
1056 }
1057 }
1059 /*
1060 * An EXPLICIT is nothing but an outer header, which we have
1061 * already parsed and accepted. Now we need to do the inner
1062 * header and its contents.
1063 */
1069 PR_FALSE),
1074 }
1076 /*
1077 * For GROUP (SET OF, SEQUENCE OF), even if we know the length here
1078 * we cannot tell how many items we will end up with ... so push a
1079 * state that can keep track of "children" (the individual members
1080 * of the group; we will allocate as we go and put them all together
1081 * at the end.
1082 */
1084 /* XXX If this assertion holds (should be able to confirm it via
1085 * inspection, too) then move this code into the switch statement
1086 * below under cases SET_OF and SEQUENCE_OF; it will be cleaner.
1087 */
1092 );
1098 PR_FALSE);
1103 /*
1104 * Do the "before" field notification for next in group.
1105 */
1108 }
1110 /*
1111 * A group of zero; we are done.
1112 * Set state to afterGroup and let that code plant the NULL.
1113 */
1115 }
1117 }
1121 /*
1122 * We need to push a child to handle the individual fields.
1123 */
1128 /*
1129 * Do the "before" field notification.
1130 */
1133 }
1137 /*
1138 * XXX A plain SET requires special handling; scanning of a
1139 * template to see where a field should go (because by definition,
1140 * they are not in any particular order, and you have to look at
1141 * each tag to disambiguate what the field is). We may never
1142 * implement this because in practice, it seems to be unused.
1143 */
1150 /*
1151 * The NULL type, by definition, is "nothing", content length of zero.
1152 * An indefinite-length encoding is not alloweed.
1153 */
1158 }
1163 }
1168 /* Error if length is not divisable by 2 */
1173 }
1174 /* otherwise, handle as other string types */
1178 /* Error if length is not divisable by 4 */
1183 }
1184 /* otherwise, handle as other string types */
1190 /*
1191 * These are not (necessarily) strings, but they need nearly
1192 * identical handling (especially when we need to deal with
1193 * constructed sub-pieces), so we pretend they are.
1194 */
1195 /* fallthru */
1196 regular_string_type:
1205 /*
1206 * We are allocating for a primitive or a constructed string.
1207 * If it is a constructed string, it may also be indefinite-length.
1208 * If it is primitive, the length can (legally) be zero.
1209 * Our first order of business is to allocate the memory for
1210 * the string, if we can (if we know the length).
1211 */
1214 /*
1215 * If the item is a definite-length constructed string, then
1216 * the contents_length is actually larger than what we need
1217 * (because it also counts each intermediate header which we
1218 * will be throwing away as we go), but it is a perfectly good
1219 * upper bound that we just allocate anyway, and then concat
1220 * as we go; we end up wasting a few extra bytes but save a
1221 * whole other copy.
1222 */
1230 }
1233 /*
1234 * If we are a substring of a constructed string, then we may
1235 * not have to allocate anything (because our parent, the
1236 * actual constructed string, did it for us). If we are a
1237 * substring and we *do* have to allocate, that means our
1238 * parent is an indefinite-length, so we allocate from our pool;
1239 * later our parent will copy our string into the aggregated
1240 * whole and free our pool allocation.
1241 */
1247 }
1252 }
1264 }
1266 /*
1267 * Check for and handle an ANY which has stashed aside the
1268 * header (identifier and length) bytes for us to include
1269 * in the saved contents.
1270 */
1276 }
1282 }
1289 }
1292 /*
1293 * Because we use arenas and have a mark set, we later free
1294 * everything we have allocated, so this does *not* present
1295 * a memory leak (it is just temporarily left dangling).
1296 */
1298 }
1301 /*
1302 * A zero-length simple or constructed string; we are done.
1303 */
1353 }
1360 }
1362 /*
1363 * An indefinite-length string *must* be constructed!
1364 */
1368 /*
1369 * A non-zero-length simple string.
1370 */
1373 else
1375 }
1379 /*
1380 * We are allocating for a simple leaf item.
1381 */
1395 }
1396 }
1397 }
1400 /*
1401 * An indefinite-length or zero-length item is not allowed.
1402 * (All legal cases of such were handled above.)
1403 */
1406 }
1407 }
1408 }
1411 static void
1413 {
1419 /*
1420 * XXX We need to free anything allocated.
1421 * At this point, we failed in the middle of decoding. But we
1422 * can't free the data we previously allocated with PR_Malloc
1423 * unless we keep track of every pointer. So instead we have a
1424 * memory leak when decoding fails half-way, unless an arena is
1425 * used. See bug 95311 .
1426 */
1427 }
1431 /*
1432 * It is important that we do not leave a mark unreleased/unmarked.
1433 * But I do not think we should ever have one set in this case, only
1434 * if we had a child (handled above). So check for that. If this
1435 * assertion should ever get hit, then we probably need to add code
1436 * here to release back to our_mark (and then set our_mark to NULL).
1437 */
1439 }
1441 }
1443 /* We have just saved an entire encoded ASN.1 object (type) for a SAVE
1444 ** template, and now in the next template, we are going to decode that
1445 ** saved data by calling SEC_ASN1DecoderUpdate recursively.
1446 ** If that recursive call fails with needBytes, it is a fatal error,
1447 ** because the encoded object should have been complete.
1448 ** If that recursive call fails with decodeError, it will have already
1449 ** cleaned up the state stack, so we must bail out quickly.
1450 **
1451 ** These checks of the status returned by the recursive call are now
1452 ** done in the caller of this function, immediately after it returns.
1453 */
1454 static void
1456 {
1474 /*
1475 * Free any grandchild.
1476 */
1479 /*
1480 * Notify after the SAVE field.
1481 */
1484 /*
1485 * Adjust to get new dest and move forward.
1486 */
1492 /*
1493 * Notify before the "real" field.
1494 */
1498 /*
1499 * This will tell DecoderUpdate to return when it is done.
1500 */
1503 /*
1504 * We already have a child; "push" it by making it current.
1505 */
1508 /*
1509 * And initialize it so it is ready to parse.
1510 */
1513 /*
1514 * Now parse that out of our data.
1515 */
1521 }
1526 /*
1527 * That should have consumed what we consumed before.
1528 */
1532 /*
1533 * Done.
1534 */
1538 }
1541 static unsigned long
1544 {
1551 }
1560 /* Strip leading zeroes when target is unsigned integer */
1564 {
1566 buf++;
1567 len--;
1568 }
1569 }
1572 }
1578 }
1581 static unsigned long
1584 {
1587 /*PORT_Assert (state->pending > 0); */
1597 }
1598 }
1603 }
1610 }
1617 }
1620 static unsigned long
1623 {
1626 /* An empty bit string with some unused bits is invalid. */
1631 /* An empty bit string with no unused bits is OK. */
1633 }
1635 }
1644 }
1647 }
1650 /*
1651 * XXX All callers should be looking at return value to detect
1652 * out-of-memory errors (and stop!).
1653 */
1657 PRBool copy_data)
1658 {
1666 }
1676 }
1681 }
1691 }
1694 }
1697 static void
1701 {
1711 }
1712 }
1715 /*
1716 * We are moving along through the substrings of a constructed string,
1717 * and have just finished parsing one -- we need to save our child data
1718 * (if the child was not already writing directly into the destination)
1719 * and then move forward by one.
1720 *
1721 * We also have to detect when we are done:
1722 * - a definite-length encoding stops when our pending value hits 0
1723 * - an indefinite-length encoding stops when our child is empty
1724 * (which means it was the end-of-contents octets)
1725 */
1726 static void
1728 {
1732 PRBool done;
1751 }
1761 /*
1762 * Save the string away for later concatenation.
1763 */
1766 /*
1767 * Clear the child item for the next round.
1768 */
1771 }
1773 /*
1774 * If our child was just our end-of-contents octets, we are done.
1775 */
1778 }
1780 /*
1781 * Stop or do the next one.
1782 */
1789 }
1790 }
1793 /*
1794 * We are doing a SET OF or SEQUENCE OF, and have just finished an item.
1795 */
1796 static void
1798 {
1811 /*
1812 * If our child was just our end-of-contents octets, we are done.
1813 */
1815 /* XXX I removed the PORT_Assert (child->dest == NULL) because there
1816 * was a bug in that a template that was a sequence of which also had
1817 * a child of a sequence of, in an indefinite group was not working
1818 * properly. This fix seems to work, (added the if statement below),
1819 * and nothing appears broken, but I am putting this note here just
1820 * in case. */
1821 /*
1822 * XXX No matter how many times I read that comment,
1823 * I cannot figure out what case he was fixing. I believe what he
1824 * did was deliberate, so I am loathe to touch it. I need to
1825 * understand how it could ever be that child->dest != NULL but
1826 * child->endofcontents is true, and why it is important to check
1827 * that state->subitems_head is NULL. This really needs to be
1828 * figured out, as I am not sure if the following code should be
1829 * compensating for "offset", as is done a little farther below
1830 * in the more normal case.
1831 */
1837 }
1842 }
1844 /*
1845 * Do the "after" field notification for next in group.
1846 */
1849 /*
1850 * Save it away (unless we are not storing).
1851 */
1859 }
1861 /*
1862 * Account for those bytes; see if we are done.
1863 */
1870 }
1877 }
1878 }
1880 /*
1881 * Do the "before" field notification for next item in group.
1882 */
1885 /*
1886 * Now we do the next one.
1887 */
1890 /* Initialize child state from the template */
1894 }
1897 /*
1898 * We are moving along through a sequence; move forward by one,
1899 * (detecting end-of-sequence when it happens).
1900 * XXX The handling of "missing" is ugly. Fix it.
1901 */
1902 static void
1904 {
1907 PRBool child_missing;
1914 /*
1915 * Do the "after" field notification.
1916 */
1923 /*
1924 * Take care of accounting.
1925 */
1930 /*
1931 * Free any grandchild.
1932 */
1940 }
1949 }
1951 }
1955 }
1956 }
1957 }
1959 /*
1960 * Move forward.
1961 */
1964 /*
1965 * We are done with this sequence.
1966 */
1972 /*
1973 * We got to the end, but have a child that started parsing
1974 * and ended up "missing". The only legitimate reason for
1975 * this is that we had one or more optional fields at the
1976 * end of our sequence, and we were encoded indefinite-length,
1977 * so when we went looking for those optional fields we
1978 * found our end-of-contents octets instead.
1979 * (Yes, this is ugly; dunno a better way to handle it.)
1980 * So, first confirm the situation, and then mark that we
1981 * are done.
1982 */
1991 }
1995 }
1997 /*
1998 * We have to finish out, maybe reading end-of-contents octets;
1999 * let the normal logic do the right thing.
2000 */
2002 }
2007 /*
2008 * Reset state and push.
2009 */
2013 /*
2014 * Do the "before" field notification.
2015 */
2021 }
2031 /*
2032 * If the new field is an ANY, and we are storing, then
2033 * we need to save the tag out. We would have done this
2034 * already in the normal case, but since we were looking
2035 * for an optional field, and we did not find it, we only
2036 * now realize we need to save the tag.
2037 */
2040 /*
2041 * Check that we did not end up with a high tag; for that
2042 * we need to re-encode the tag into multiple bytes in order
2043 * to store it back to look like what we parsed originally.
2044 * In practice this does not happen, but for completeness
2045 * sake it should probably be made to work at some point.
2046 */
2050 }
2051 }
2052 }
2053 }
2056 static void
2058 {
2066 PRBool is_bit_string;
2074 /*
2075 * All bit-string substrings except the last one should be
2076 * a clean multiple of 8 bits.
2077 */
2083 }
2086 }
2091 #else
2093 #endif
2095 /*
2096 * Add 2 for the end-of-contents octets of an indefinite-length
2097 * ANY that is *not* also an INNER. Because we zero-allocate
2098 * below, all we need to do is increase the length here.
2099 */
2103 }
2109 alloc_len);
2113 }
2121 else
2126 }
2128 /*
2129 * Because we use arenas and have a mark set, we later free
2130 * everything we have allocated, so this does *not* present
2131 * a memory leak (it is just temporarily left dangling).
2132 */
2134 }
2137 }
2140 static void
2142 {
2158 count++;
2160 }
2167 }
2175 }
2178 /*
2179 * Because we use arenas and have a mark set, we later free
2180 * everything we have allocated, so this does *not* present
2181 * a memory leak (it is just temporarily left dangling).
2182 */
2184 }
2187 }
2190 /*
2191 * For those states that push a child to handle a subtemplate,
2192 * "absorb" that child (transfer necessary information).
2193 */
2194 static void
2196 {
2197 /*
2198 * There is absolutely supposed to be a child there.
2199 */
2202 /*
2203 * Inherit the missing status of our child, and do the ugly
2204 * backing-up if necessary.
2205 */
2211 }
2213 /*
2214 * Add in number of bytes consumed by child.
2215 * (Only EXPLICIT should have already consumed bytes itself.)
2216 */
2220 /*
2221 * Subtract from bytes pending; this only applies to a definite-length
2222 * EXPLICIT field.
2223 */
2228 /*
2229 * If we had a definite-length explicit, then what the child
2230 * consumed should be what was left pending.
2231 */
2237 }
2238 /*
2239 * Okay, this is a hack. It *should* be an error whether
2240 * pending is too big or too small, but it turns out that
2241 * we had a bug in our *old* DER encoder that ended up
2242 * counting an explicit header twice in the case where
2243 * the underlying type was an ANY. So, because we cannot
2244 * prevent receiving these (our own certificate server can
2245 * send them to us), we need to be lenient and accept them.
2246 * To do so, we need to pretend as if we read all of the
2247 * bytes that the header said we would find, even though
2248 * we actually came up short.
2249 */
2251 }
2253 }
2255 /*
2256 * Indicate that we are done with child.
2257 */
2260 /*
2261 * And move on to final state.
2262 * (Technically everybody could move to afterEndOfContents except
2263 * for an indefinite-length EXPLICIT; for simplicity though we assert
2264 * that but let the end-of-contents code do the real determination.)
2265 */
2268 }
2271 static void
2273 {
2281 }
2282 }
2285 static unsigned long
2288 {
2297 }
2304 /*
2305 * We expect to find only zeros; if not, just give up.
2306 */
2310 }
2311 }
2318 }
2321 }
2324 static void
2326 {
2328 /*
2329 * Account for our child.
2330 */
2340 }
2341 }
2343 }
2346 /*
2347 * Free our child.
2348 */
2351 /*
2352 * Just make my parent be the current state. It will then clean
2353 * up after me and free me (or reuse me).
2354 */
2356 }
2360 {
2370 }
2373 }
2377 PR_FALSE);
2380 }
2386 }
2393 }
2397 {
2410 /* This choice is probably the first item in a GROUP
2411 ** (e.g. SET_OF) that was indefinite-length encoded.
2412 ** We're actually at the end of that GROUP.
2413 ** We look up the stack to be sure that we find
2414 ** a state with indefinite length encoding before we
2415 ** find a state (like a SEQUENCE) that is definite.
2416 */
2425 }
2431 /* Ran out of choices */
2435 }
2438 /* cargo'd from next_in_sequence innards */
2445 }
2448 /* XXX uh.. not sure if I should have stopped this
2449 * from happening before. */
2454 }
2455 }
2460 /* move it on top again */
2469 }
2471 /* copy our findings to the new top */
2479 }
2481 /* Store the enum */
2484 }
2490 }
2492 static void
2494 {
2499 }
2501 unsigned long
2503 {
2515 }
2517 }
2519 SECStatus
2521 {
2528 }
2533 }
2538 }
2542 else
2546 /* shift in next byte */
2549 }
2552 }
2554 #ifdef DEBUG_ASN1D_STATES
2555 static void
2557 {
2562 ;
2563 }
2569 }
2575 kindBuf);
2587 state->pending
2588 );
2589 }
2592 }
2595 SECStatus
2598 {
2601 SEC_ASN1EncodingPart what;
2611 #ifdef DEBUG_ASN1D_STATES
2660 /* recursive call has already popped all states from stack.
2661 ** Bail out quickly.
2662 */
2664 }
2666 /* recursive call wanted more data. Fatal. Clean up below. */
2669 }
2687 /* SEC_ASN1DecoderUpdate has called itself recursively to
2688 ** decode SAVEd encoded data, and now is done decoding that.
2689 ** Return to the calling copy of SEC_ASN1DecoderUpdate.
2690 */
2713 /* This is not an error, but rather a plain old BUG! */
2718 }
2723 /* We should not consume more than we have. */
2729 }
2731 /* It might have changed, so we have to update our local copy. */
2734 /* If it is NULL, we have popped all the way to the top. */
2738 * downloading a pkcs7 cert chain from some issuers) that give us a
2739 * length which is greater than the entire encoding. So, we cannot
2740 * have this be an error.
2741 */
2746 #endif
2749 }
2753 }
2758 /*
2759 * The following check is specifically looking for an ANY
2760 * that is *not* also an INNER, because we need to save aside
2761 * all bytes in that case -- the contents parts will get
2762 * handled like all other contents, and the end-of-contents
2763 * bytes are added by the concat code, but the outer header
2764 * bytes need to get saved too, so we do them explicitly here.
2765 */
2770 }
2772 /*
2773 * We had some number of good, accepted bytes. If the caller
2774 * has registered to see them, pass them along.
2775 */
2783 depth--;
2785 }
2788 }
2793 }
2799 }
2801 * XXX This does not work because we can
2802 * end up leaving behind dangling pointers
2803 * to stuff that was allocated. In order
2804 * to make this really work (which would
2805 * be a good thing, I think), we need to
2806 * keep track of every place/pointer that
2807 * was allocated and make sure to NULL it
2808 * out before we then free back to the mark.
2809 */
2813 }
2814 #endif
2816 }
2819 * have situations (like when downloading a pkcs7 cert chain from
2820 * some issuers) that give us a total length which is greater than
2821 * the entire encoding. So, we have to allow allDone to have a
2822 * remaining length greater than zero. I wanted to catch internal
2823 * bugs with this, noticing when we do not have the right length.
2824 * Oh well.
2825 */
2828 #else
2831 #endif
2833 }
2836 SECStatus
2838 {
2839 SECStatus rv;
2846 }
2848 /*
2849 * XXX anything else that needs to be finished?
2850 */
2855 }
2858 SEC_ASN1DecoderContext *
2861 {
2873 }
2878 #ifdef SEC_ASN1D_FREE_ON_ERROR
2880 #endif
2881 }
2887 /*
2888 * Trouble initializing (probably due to failed allocations)
2889 * requires that we just give up.
2890 */
2893 }
2896 }
2899 void
2902 PRBool only)
2903 {
2904 /* check that we are "between" fields here */
2910 }
2913 void
2915 {
2916 /* check that we are "between" fields here */
2922 }
2925 void
2928 {
2931 }
2934 void
2936 {
2939 }
2941 void
2943 {
2947 }
2950 SECStatus
2954 {
2969 }
2972 SECStatus
2976 {
2979 }
2981 #ifdef DEBUG_ASN1D_STATES
2983 {
2986 }
2987 #endif
2989 /*
2990 * Generic templates for individual/simple items and pointers to
2991 * and sets of same.
2992 *
2993 * If you need to add a new one, please note the following:
2994 * - For each new basic type you should add *four* templates:
2995 * one plain, one PointerTo, one SequenceOf and one SetOf.
2996 * - If the new type can be constructed (meaning, it is a
2997 * *string* type according to BER/DER rules), then you should
2998 * or-in SEC_ASN1_MAY_STREAM to the type in the basic template.
2999 * See the definition of the OctetString template for an example.
3000 * - It may not be obvious, but these are in *alphabetical*
3001 * order based on the SEC_ASN1_XXX name; so put new ones in
3002 * the appropriate place.
3003 */
3007 };
3011 };
3015 };
3019 };
3023 };
3027 };
3031 };
3035 };
3039 };
3043 };
3047 };
3051 };
3055 };
3059 };
3063 };
3067 };
3071 };
3075 };
3079 };
3083 };
3087 };
3091 };
3095 };
3099 };
3103 };
3107 };
3111 };
3115 };
3119 };
3123 };
3127 };
3131 };
3135 };
3139 };
3143 };
3147 };
3151 };
3155 };
3159 };
3163 };
3167 };
3171 };
3175 };
3179 };
3183 };
3187 };
3191 };
3195 };
3199 };
3203 };
3207 };
3211 };
3215 };
3219 };
3223 };
3227 };
3231 };
3235 };
3239 };
3243 };
3247 };
3251 };
3255 };
3259 };
3263 };
3267 };
3271 };
3275 };
3278 /*
3279 * Template for skipping a subitem.
3280 *
3281 * Note that it only makes sense to use this for decoding (when you want
3282 * to decode something where you are only interested in one or two of
3283 * the fields); you cannot encode a SKIP!
3284 */
3287 };
3290 /* These functions simply return the address of the above-declared templates.
3291 ** This is necessary for Windows DLLs. Sigh.
3292 */