libksba  1.6.0
About: KSBA is a library to make the tasks of working with X.509 certificates, CMS data and related objects more easy.
  Fossies Dox: libksba-1.6.0.tar.bz2  ("unofficial" and yet experimental doxygen-generated source code documentation)  

ber-decoder.c
Go to the documentation of this file.
1 /* ber-decoder.c - Basic Encoding Rules Decoder
2  * Copyright (C) 2001, 2004, 2006, 2012, 2015 g10 Code GmbH
3  *
4  * This file is part of KSBA.
5  *
6  * KSBA is free software; you can redistribute it and/or modify
7  * it under the terms of either
8  *
9  * - the GNU Lesser General Public License as published by the Free
10  * Software Foundation; either version 3 of the License, or (at
11  * your option) any later version.
12  *
13  * or
14  *
15  * - the GNU General Public License as published by the Free
16  * Software Foundation; either version 2 of the License, or (at
17  * your option) any later version.
18  *
19  * or both in parallel, as here.
20  *
21  * KSBA is distributed in the hope that it will be useful, but WITHOUT
22  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
23  * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
24  * License for more details.
25  *
26  * You should have received a copies of the GNU General Public License
27  * and the GNU Lesser General Public License along with this program;
28  * if not, see <http://www.gnu.org/licenses/>.
29  */
30 
31 #include <config.h>
32 #include <stdio.h>
33 #include <stdlib.h>
34 #include <string.h>
35 #include <assert.h>
36 #include "util.h"
37 
38 #include "util.h"
39 #include "ksba.h"
40 #include "asn1-func.h"
41 #include "ber-decoder.h"
42 #include "ber-help.h"
43 
44 
45 /* The maximum length we allow for an image, that is for a BER encoded
46  * object. */
47 #define MAX_IMAGE_LENGTH (16 * 1024 * 1024)
48 
49 
52  int went_up;
53  int in_seq_of;
54  int in_any; /* actually in a constructed any */
55  int again;
56  int next_tag;
57  int length; /* length of the value */
58  int ndef_length; /* the length is of indefinite length */
59  int nread; /* number of value bytes processed */
60 };
62 
64  DECODER_STATE_ITEM cur; /* current state */
65  int stacksize;
66  int idx;
68 };
70 
71 
72 /* Context for a decoder. */
74 {
75  AsnNode module; /* the ASN.1 structure */
77  const char *last_errdesc; /* string with the error description */
78  int non_der; /* set if the encoding is not DER conform */
79  AsnNode root; /* of the expanded parse tree */
81  int bypass;
82 
83  /* Because some certificates actually come with trailing garbage, we
84  use a hack to ignore this garbage. This hack is enabled for data
85  starting with a fixed length sequence and this variable takes the
86  length of this sequence. If it is 0, the hack is not
87  activated. */
88  unsigned long outer_sequence_length;
89  int ignore_garbage; /* Set to indicate that garbage should be
90  ignored. */
91  int fast_stop; /* Yet another hack. */
92 
93  int first_tag_seen; /* Indicates whether the first tag of a decoder
94  run has been read. */
95 
97  int debug;
98  int use_image;
99  struct
100  {
101  unsigned char *buf;
102  size_t used;
103  size_t length;
104  } image;
105  struct
106  {
107  int primitive; /* current value is a primitive one */
108  size_t length; /* length of the primitive one */
109  int nhdr; /* length of the header */
110  int tag;
112  AsnNode node; /* NULL or matching node */
113  } val;
114 };
115 
116 
117 ␌
118 /* Evaluate with overflow check: A1 + A2 > B */
119 static inline int
120 sum_a1_a2_gt_b (size_t a1, size_t a2, size_t b)
121 {
122  size_t sum = a1 + a2;
123  return (sum < a1 || sum > b);
124 }
125 
126 /* Evaluate with overflow check: A1 + A2 >= B */
127 static inline int
128 sum_a1_a2_ge_b (size_t a1, size_t a2, size_t b)
129 {
130  size_t sum = a1 + a2;
131  return (sum < a1 || sum >= b);
132 }
133 
134 
135 ␌
136 static DECODER_STATE
138 {
139  DECODER_STATE ds;
140 
141  ds = xmalloc (sizeof (*ds) + 99*sizeof(DECODER_STATE_ITEM));
142  ds->stacksize = 100;
143  ds->idx = 0;
144  ds->cur.node = NULL;
145  ds->cur.went_up = 0;
146  ds->cur.in_seq_of = 0;
147  ds->cur.in_any = 0;
148  ds->cur.again = 0;
149  ds->cur.next_tag = 0;
150  ds->cur.length = 0;
151  ds->cur.ndef_length = 1;
152  ds->cur.nread = 0;
153  return ds;
154 }
155 
156 static void
158 {
159  xfree (ds);
160 }
161 
162 static void
164 {
165  int i;
166 
167  for (i=0; i < ds->idx; i++)
168  {
169  fprintf (stderr," ds stack[%d] (", i);
170  if (ds->stack[i].node)
171  _ksba_asn_node_dump (ds->stack[i].node, stderr);
172  else
173  fprintf (stderr, "Null");
174  fprintf (stderr,") %s%d (%d)%s\n",
175  ds->stack[i].ndef_length? "ndef ":"",
176  ds->stack[i].length,
177  ds->stack[i].nread,
178  ds->stack[i].in_seq_of? " in_seq_of":"");
179  }
180 }
181 
182 /* Push ITEM onto the stack */
183 static gpg_error_t
185 {
186  if (ds->idx >= ds->stacksize)
187  {
188  fprintf (stderr, "ksba: ber-decoder: stack overflow!\n");
189  return gpg_error (GPG_ERR_LIMIT_REACHED);
190  }
191  ds->stack[ds->idx++] = ds->cur;
192  return 0;
193 }
194 
195 static gpg_error_t
197 {
198  if (!ds->idx)
199  {
200  fprintf (stderr, "ksba: ber-decoder: stack underflow!\n");
201  return gpg_error (GPG_ERR_INTERNAL);
202  }
203  ds->cur = ds->stack[--ds->idx];
204  return 0;
205 }
206 
207 
208 ␌
209 static int
210 set_error (BerDecoder d, AsnNode node, const char *text)
211 {
212  fprintf (stderr,"ksba: ber-decoder: node `%s': %s\n",
213  node? node->name:"?", text);
214  d->last_errdesc = text;
215  return gpg_error (GPG_ERR_BAD_BER);
216 }
217 
218 
219 static int
220 eof_or_error (BerDecoder d, int premature)
221 {
222  gpg_error_t err;
223 
224  err = ksba_reader_error (d->reader);
225  if (err)
226  {
227  set_error (d, NULL, "read error");
228  return err;
229  }
230  if (premature)
231  return set_error (d, NULL, "premature EOF");
232  return gpg_error (GPG_ERR_EOF);
233 }
234 
235 static const char *
236 universal_tag_name (unsigned long no)
237 {
238  static const char * const names[31] = {
239  "[End Tag]",
240  "BOOLEAN",
241  "INTEGER",
242  "BIT STRING",
243  "OCTECT STRING",
244  "NULL",
245  "OBJECT IDENTIFIER",
246  "ObjectDescriptor",
247  "EXTERNAL",
248  "REAL",
249  "ENUMERATED",
250  "EMBEDDED PDV",
251  "UTF8String",
252  "RELATIVE-OID",
253  "[UNIVERSAL 14]",
254  "[UNIVERSAL 15]",
255  "SEQUENCE",
256  "SET",
257  "NumericString",
258  "PrintableString",
259  "TeletexString",
260  "VideotexString",
261  "IA5String",
262  "UTCTime",
263  "GeneralizedTime",
264  "GraphicString",
265  "VisibleString",
266  "GeneralString",
267  "UniversalString",
268  "CHARACTER STRING",
269  "BMPString"
270  };
271 
272  return no < DIM(names)? names[no]:NULL;
273 }
274 
275 
276 static void
277 dump_tlv (const struct tag_info *ti, FILE *fp)
278 {
279  const char *tagname = NULL;
280 
281  if (ti->class == CLASS_UNIVERSAL)
282  tagname = universal_tag_name (ti->tag);
283 
284  if (tagname)
285  fputs (tagname, fp);
286  else
287  fprintf (fp, "[%s %lu]",
288  ti->class == CLASS_UNIVERSAL? "UNIVERSAL" :
289  ti->class == CLASS_APPLICATION? "APPLICATION" :
290  ti->class == CLASS_CONTEXT? "CONTEXT-SPECIFIC" : "PRIVATE",
291  ti->tag);
292  fprintf (fp, " %c hdr=%lu len=",
293  ti->is_constructed? 'c':'p',
294  (unsigned long)ti->nhdr);
295  if (ti->ndef)
296  fputs ("ndef", fp);
297  else
298  fprintf (fp, "%lu", ti->length);
299 }
300 
301 
302 static void
304 {
305  AsnNode p;
306 
307  for (p=node; p; p = _ksba_asn_walk_tree (node, p))
308  {
309  if (p->type == TYPE_TAG)
310  {
311  p->flags.tag_seen = 0;
312  }
313  p->flags.skip_this = 0;
314  }
315 
316 }
317 
318 static void
320 {
321  AsnNode p;
322 
323  clear_help_flags (node);
324  for (p=node; p; p = _ksba_asn_walk_tree (node, p))
325  p->off = -1;
326 
327 }
328 
329 static void
331 {
332  AsnNode p;
333 
334  for (p=node; p; p = _ksba_asn_walk_tree (node, p))
335  {
336  if (p->type == TYPE_ANY && p->off != -1)
337  p->type = p->actual_type;
338  }
339 }
340 
341 
342 ␌
345 {
346  BerDecoder d;
347 
348  d = xtrycalloc (1, sizeof *d);
349  if (!d)
350  return NULL;
351 
352  return d;
353 }
354 
355 void
357 {
358  xfree (d);
359 }
360 
361 /**
362  * _ksba_ber_decoder_set_module:
363  * @d: Decoder object
364  * @module: ASN.1 Parse tree
365  *
366  * Initialize the decoder with the ASN.1 module. Note, that this is a
367  * shallow copy of the module. Hmmm: What about ref-counting of
368  * AsnNodes?
369  *
370  * Return value: 0 on success or an error code
371  **/
372 gpg_error_t
374 {
375  if (!d || !module)
376  return gpg_error (GPG_ERR_INV_VALUE);
377  if (d->module)
378  return gpg_error (GPG_ERR_CONFLICT); /* module already set */
379 
380  d->module = module->parse_tree;
381  return 0;
382 }
383 
384 
385 gpg_error_t
387 {
388  if (!d || !r)
389  return gpg_error (GPG_ERR_INV_VALUE);
390  if (d->reader)
391  return gpg_error (GPG_ERR_CONFLICT); /* reader already set */
392 
393  d->reader = r;
394  return 0;
395 }
396 
397 ␌
398 /**********************************************
399  *********** decoding machinery *************
400  **********************************************/
401 
402 /* Read one byte, return that byte or -1 on error or EOF. */
403 static int
405 {
406  unsigned char buf;
407  size_t nread;
408  int rc;
409 
410  do
411  rc = ksba_reader_read (reader, &buf, 1, &nread);
412  while (!rc && !nread);
413  return rc? -1: buf;
414 }
415 
416 /* Read COUNT bytes into buffer. BUFFER may be NULL to skip over
417  COUNT bytes. Return 0 on success or -1 on error. */
418 static int
419 read_buffer (ksba_reader_t reader, char *buffer, size_t count)
420 {
421  size_t nread;
422 
423  if (buffer)
424  {
425  while (count)
426  {
427  if (ksba_reader_read (reader, buffer, count, &nread))
428  return -1;
429  buffer += nread;
430  count -= nread;
431  }
432  }
433  else
434  {
435  char dummy[256];
436  size_t n;
437 
438  while (count)
439  {
440  n = count > DIM(dummy) ? DIM(dummy): count;
441  if (ksba_reader_read (reader, dummy, n, &nread))
442  return -1;
443  count -= nread;
444  }
445  }
446  return 0;
447 }
448 
449 /* Return 0 for no match, 1 for a match and 2 for an ANY match of an
450  constructed type */
451 static int
452 cmp_tag (AsnNode node, const struct tag_info *ti)
453 {
454  if (node->flags.class != ti->class)
455  {
456  if (node->flags.class == CLASS_UNIVERSAL && node->type == TYPE_ANY)
457  return ti->is_constructed? 2:1;
458  return 0;
459  }
460  if (node->type == TYPE_TAG)
461  {
463  return node->value.v_ulong == ti->tag;
464  }
465  if (node->type == ti->tag)
466  return 1;
467  if (ti->class == CLASS_UNIVERSAL)
468  {
469  if (node->type == TYPE_SEQUENCE_OF && ti->tag == TYPE_SEQUENCE)
470  return 1;
471  if (node->type == TYPE_SET_OF && ti->tag == TYPE_SET)
472  return 1;
473  if (node->type == TYPE_ANY)
474  return _ksba_asn_is_primitive (ti->tag)? 1:2;
475  }
476 
477  return 0;
478 }
479 
480 /* Find the node in the tree ROOT corresponding to TI and return that
481  node. Returns NULL if the node was not found */
482 static AsnNode
483 find_anchor_node (AsnNode root, const struct tag_info *ti)
484 {
485  AsnNode node = root;
486  AsnNode n;
487 
488  while (node)
489  {
490  if (node->type == TYPE_CHOICE)
491  {
492  for (n = node->down; n; n = n->right)
493  {
494  if (cmp_tag (n, ti))
495  {
496  return n; /* found */
497  }
498  }
499  }
500  else
501  {
502  if (cmp_tag (node, ti))
503  {
504  return node; /* found */
505  }
506  }
507 
508  if (node->down)
509  node = node->down;
510  else if (node == root)
511  return NULL; /* not found */
512  else if (node->right)
513  node = node->right;
514  else
515  { /* go up and right */
516  do
517  {
518  while (node->left && node->left->right == node)
519  node = node->left;
520  node = node->left;
521 
522  if (!node || node == root)
523  return NULL; /* back at the root -> not found */
524  }
525  while (!node->right);
526  node = node->right;
527  }
528  }
529 
530  return NULL;
531 }
532 
533 static int
534 match_der (AsnNode root, const struct tag_info *ti,
535  DECODER_STATE ds, AsnNode *retnode, int debug)
536 {
537  int rc;
538  AsnNode node;
539 
540  *retnode = NULL;
541  node = ds->cur.node;
542  if (!node)
543  {
544  if (debug)
545  fputs (" looking for anchor\n", stderr);
546  node = find_anchor_node (root, ti);
547  if (!node)
548  fputs (" anchor node not found\n", stderr);
549  }
550  else if (ds->cur.again)
551  {
552  if (debug)
553  fputs (" doing last again\n", stderr);
554  ds->cur.again = 0;
555  }
556  else if (_ksba_asn_is_primitive (node->type) || node->type == TYPE_ANY
557  || node->type == TYPE_SIZE || node->type == TYPE_DEFAULT )
558  {
559  if (debug)
560  fputs (" primitive type - get next\n", stderr);
561  if (node->right)
562  node = node->right;
563  else if (!node->flags.in_choice)
564  {
565  if (node->flags.is_implicit)
566  {
567  if (debug)
568  fputs (" node was implicit - advancing\n", stderr);
569  while (node->left && node->left->right == node)
570  node = node->left;
571  node = node->left; /* this is the up pointer */
572  if (node)
573  node = node->right;
574  }
575  else
576  node = NULL;
577  }
578  else /* in choice */
579  {
580  if (debug)
581  fputs (" going up after choice - get next\n", stderr);
582  while (node->left && node->left->right == node)
583  node = node->left;
584  node = node->left; /* this is the up pointer */
585  if (node)
586  node = node->right;
587  }
588  }
589  else if (node->type == TYPE_SEQUENCE_OF || node->type == TYPE_SET_OF)
590  {
591  if (debug)
592  {
593  fprintf (stderr, " prepare for seq/set_of (%d %d) ",
594  ds->cur.length, ds->cur.nread);
595  fprintf (stderr, " cur: ("); _ksba_asn_node_dump (node, stderr);
596  fprintf (stderr, ")\n");
597  if (ds->cur.node->flags.in_array)
598  fputs (" This is in an array!\n", stderr);
599  if (ds->cur.went_up)
600  fputs (" And we are going up!\n", stderr);
601  }
602  if ((ds->cur.went_up && !ds->cur.node->flags.in_array) ||
603  (ds->idx && ds->cur.nread >= ds->stack[ds->idx-1].length))
604  {
605  if (debug)
606  fprintf (stderr, " advancing\n");
607  if (node->right)
608  node = node->right;
609  else
610  {
611  for (;;)
612  {
613  while (node->left && node->left->right == node)
614  node = node->left;
615  node = node->left; /* this is the up pointer */
616  if (!node)
617  break;
618  if (node->right)
619  {
620  node = node->right;
621  break;
622  }
623  }
624  }
625  }
626  else if (ds->cur.node->flags.in_array
627  && ds->cur.went_up)
628  {
629  if (debug)
630  fputs (" Reiterating\n", stderr);
631  node = _ksba_asn_insert_copy (node);
632  if (node)
633  prepare_copied_tree (node);
634  }
635  else
636  node = node->down;
637  }
638  else /* constructed */
639  {
640  if (debug)
641  {
642  fprintf (stderr, " prepare for constructed (%d %d) ",
643  ds->cur.length, ds->cur.nread);
644  fprintf (stderr, " cur: ("); _ksba_asn_node_dump (node, stderr);
645  fprintf (stderr, ")\n");
646  if (ds->cur.node->flags.in_array)
647  fputs (" This is in an array!\n", stderr);
648  if (ds->cur.went_up)
649  fputs (" And we are going up!\n", stderr);
650  }
651  ds->cur.in_seq_of = 0;
652 
653  if (ds->cur.node->flags.in_array
654  && ds->cur.went_up)
655  {
656  if (debug)
657  fputs (" Reiterating this\n", stderr);
658  node = _ksba_asn_insert_copy (node);
659  if (node)
660  prepare_copied_tree (node);
661  }
662  else if (ds->cur.went_up || ds->cur.next_tag || ds->cur.node->flags.skip_this)
663  {
664  if (node->right)
665  node = node->right;
666  else
667  {
668  for (;;)
669  {
670  while (node->left && node->left->right == node)
671  node = node->left;
672  node = node->left; /* this is the up pointer */
673  if (!node)
674  break;
675  if (node->right)
676  {
677  node = node->right;
678  break;
679  }
680  }
681  }
682  }
683  else
684  node = node->down;
685 
686  }
687  if (!node)
688  return -1;
689  ds->cur.node = node;
690  ds->cur.went_up = 0;
691  ds->cur.next_tag = 0;
692 
693  if (debug)
694  {
695  fprintf (stderr, " Expect ("); _ksba_asn_node_dump (node,stderr); fprintf (stderr, ")\n");
696  }
697 
698  if (node->flags.skip_this)
699  {
700  if (debug)
701  fprintf (stderr, " skipping this\n");
702  return 1;
703  }
704 
705  if (node->type == TYPE_SIZE)
706  {
707  if (debug)
708  fprintf (stderr, " skipping size tag\n");
709  return 1;
710  }
711  if (node->type == TYPE_DEFAULT)
712  {
713  if (debug)
714  fprintf (stderr, " skipping default tag\n");
715  return 1;
716  }
717 
718  if (node->flags.is_implicit)
719  {
720  if (debug)
721  fprintf (stderr, " dummy accept for implicit tag\n");
722  return 1; /* again */
723  }
724 
725  if ( (rc=cmp_tag (node, ti)))
726  {
727  *retnode = node;
728  return rc==2? 4:3;
729  }
730 
731  if (node->type == TYPE_CHOICE)
732  {
733  if (debug)
734  fprintf (stderr, " testing choice...\n");
735  for (node = node->down; node; node = node->right)
736  {
737  if (debug)
738  {
739  fprintf (stderr, " %s (", node->flags.skip_this? "skip":" cmp");
740  _ksba_asn_node_dump (node, stderr);
741  fprintf (stderr, ")\n");
742  }
743 
744  if (!node->flags.skip_this && cmp_tag (node, ti) == 1)
745  {
746  if (debug)
747  {
748  fprintf (stderr, " choice match <"); dump_tlv (ti, stderr);
749  fprintf (stderr, ">\n");
750  }
751  /* mark the remaining as done */
752  for (node=node->right; node; node = node->right)
753  node->flags.skip_this = 1;
754  return 1;
755  }
756  node->flags.skip_this = 1;
757 
758  }
759  node = ds->cur.node; /* reset */
760  }
761 
762  if (node->flags.in_choice)
763  {
764  if (debug)
765  fprintf (stderr, " skipping non matching choice\n");
766  return 1;
767  }
768 
769  if (node->flags.is_optional)
770  {
771  if (debug)
772  fprintf (stderr, " skipping optional element\n");
773  if (node->type == TYPE_TAG)
774  ds->cur.next_tag = 1;
775  return 1;
776  }
777 
778  if (node->flags.has_default)
779  {
780  if (debug)
781  fprintf (stderr, " use default value\n");
782  if (node->type == TYPE_TAG)
783  ds->cur.next_tag = 1;
784  *retnode = node;
785  return 2;
786  }
787 
788  return -1;
789 }
790 
791 
792 static gpg_error_t
793 decoder_init (BerDecoder d, const char *start_name)
794 {
795  d->ds = new_decoder_state ();
796 
797  d->root = _ksba_asn_expand_tree (d->module, start_name);
798  clear_help_flags (d->root);
799  d->bypass = 0;
800  if (d->debug)
801  fprintf (stderr, "DECODER_INIT for `%s'\n", start_name? start_name: "[root]");
802  return 0;
803 }
804 
805 static void
807 {
809  d->ds = NULL;
810  d->val.node = NULL;
811  if (d->debug)
812  fprintf (stderr, "DECODER_DEINIT\n");
813 }
814 
815 
816 static gpg_error_t
818 {
819  struct tag_info ti;
820  AsnNode node = NULL;
821  gpg_error_t err;
822  DECODER_STATE ds = d->ds;
823  int debug = d->debug;
824 
825  if (d->ignore_garbage && d->fast_stop)
826  {
827  /* I am not anymore sure why we have this ignore_garbage
828  machinery: The whole decoder needs and overhaul; it seems not
829  to honor the length specification and runs for longer than
830  expected.
831 
832  This here is another hack to not eat up an end tag - this is
833  required in in some cases and in theory should be used always
834  but we want to avoid any regression, thus this flag. */
835  return gpg_error (GPG_ERR_EOF);
836  }
837 
838  err = _ksba_ber_read_tl (d->reader, &ti);
839  if (err)
840  {
841  if (debug)
842  fprintf (stderr, "ber_read_tl error: %s (%s)\n",
843  gpg_strerror (err), ti.err_string? ti.err_string:"");
844  /* This is our actual hack to cope with some trailing garbage:
845  Only if we get an premature EOF and we know that we have read
846  the complete certificate we change the error to EOF. This
847  won't help with all kinds of garbage but it fixes the case
848  where just one byte is appended. This is for example the
849  case with current Siemens certificates. This approach seems
850  to be the least intrusive one. */
851  if (gpg_err_code (err) == GPG_ERR_BAD_BER
852  && d->ignore_garbage
853  && ti.err_string && !strcmp (ti.err_string, "premature EOF"))
854  err = gpg_error (GPG_ERR_EOF);
855  return err;
856  }
857 
858  if (debug)
859  {
860  fprintf (stderr, "ReadTLV <");
861  dump_tlv (&ti, stderr);
862  fprintf (stderr, ">\n");
863  }
864 
865  /* Check whether the trailing garbage hack is required. */
866  if (!d->first_tag_seen)
867  {
868  d->first_tag_seen = 1;
869  if (ti.tag == TYPE_SEQUENCE && ti.length && !ti.ndef)
871  else if (ti.class == CLASS_CONTEXT && ti.is_constructed
872  && ti.length && !ti.ndef)
874  }
875 
876  /* Store stuff in the image buffer. */
877  if (d->use_image)
878  {
879  if (!d->image.buf)
880  {
881  /* We need some extra bytes to store the stuff we read ahead
882  * at the end of the module which is later pushed back. We
883  * also clear the buffer because there is no guarantee that
884  * we will copy data to all bytes of the buffer: A broken
885  * ASN.1 encoding may thus lead to access of uninitialized
886  * data even if we make sure that that access is not our of
887  * bounds. */
888  d->image.used = 0;
889  d->image.length = ti.length + 100;
890  if (d->image.length < ti.length)
891  return gpg_error (GPG_ERR_BAD_BER);
892  if (d->image.length > MAX_IMAGE_LENGTH)
893  return gpg_error (GPG_ERR_TOO_LARGE);
894  d->image.buf = xtrycalloc (1, d->image.length);
895  if (!d->image.buf)
896  return gpg_error (GPG_ERR_ENOMEM);
897  }
898 
899  if (sum_a1_a2_ge_b (ti.nhdr, d->image.used, d->image.length))
900  return set_error (d, NULL, "image buffer too short to store the tag");
901 
902  memcpy (d->image.buf + d->image.used, ti.buf, ti.nhdr);
903  d->image.used += ti.nhdr;
904  }
905 
906 
907  if (!d->bypass)
908  {
909  int again, endtag;
910 
911  do
912  {
913  again = endtag = 0;
914  switch ( ds->cur.in_any? 4
915  : (ti.class == CLASS_UNIVERSAL && !ti.tag)? (endtag=1,5)
916  : match_der (d->root, &ti, ds, &node, debug))
917  {
918  case -1:
919  if (debug)
920  {
921  fprintf (stderr, " FAIL <");
922  dump_tlv (&ti, stderr);
923  fprintf (stderr, ">\n");
924  }
925  if (d->honor_module_end)
926  {
927  /* We must push back the stuff we already read */
928  ksba_reader_unread (d->reader, ti.buf, ti.nhdr);
929  return gpg_error (GPG_ERR_EOF);
930  }
931  else
932  d->bypass = 1;
933  break;
934  case 0:
935  if (debug)
936  fputs (" End of description\n", stderr);
937  d->bypass = 1;
938  break;
939  case 1: /* again */
940  if (debug)
941  fprintf (stderr, " Again\n");
942  again = 1;
943  break;
944  case 2: /* Use default value + again */
945  if (debug)
946  fprintf (stderr, " Using default\n");
947  again = 1;
948  break;
949  case 4: /* Match of ANY on a constructed type */
950  if (debug)
951  fprintf (stderr, " ANY");
952  ds->cur.in_any = 1;
953  /* FALLTHROUGH */
954  case 3: /* match */
955  case 5: /* end tag */
956  if (debug)
957  {
958  fprintf (stderr, " Match <");
959  dump_tlv (&ti, stderr);
960  fprintf (stderr, ">\n");
961  }
962  /* Increment by the header length */
963  ds->cur.nread += ti.nhdr;
964 
965  if (!ti.is_constructed)
966  ds->cur.nread += ti.length;
967 
968  ds->cur.went_up = 0;
969  do
970  {
971  if (debug)
972  fprintf (stderr, " (length %d nread %d) %s\n",
973  ds->idx? ds->stack[ds->idx-1].length:-1,
974  ds->cur.nread,
975  ti.is_constructed? "con":"pri");
976  if (d->outer_sequence_length
977  && ds->idx == 1
978  && ds->cur.nread == d->outer_sequence_length)
979  {
980  if (debug)
981  fprintf (stderr, " Need to stop now\n");
982  d->ignore_garbage = 1;
983  }
984 
985  if ( ds->idx
986  && !ds->stack[ds->idx-1].ndef_length
987  && (ds->cur.nread
988  > ds->stack[ds->idx-1].length))
989  {
990  fprintf (stderr, "ksba: ERROR: object length field "
991  "%d octects too large\n",
992  ds->cur.nread - ds->cur.length);
993  ds->cur.nread = ds->cur.length;
994  }
995  if ( ds->idx
996  && (endtag
997  || (!ds->stack[ds->idx-1].ndef_length
998  && (ds->cur.nread
999  >= ds->stack[ds->idx-1].length))))
1000  {
1001  int n = ds->cur.nread;
1002  err = pop_decoder_state (ds);
1003  if (err)
1004  return err;
1005  ds->cur.nread += n;
1006  ds->cur.went_up++;
1007  }
1008  endtag = 0;
1009  }
1010  while ( ds->idx
1011  && !ds->stack[ds->idx-1].ndef_length
1012  && (ds->cur.nread
1013  >= ds->stack[ds->idx-1].length));
1014 
1015  if (ti.is_constructed && (ti.length || ti.ndef))
1016  {
1017  /* prepare for the next level */
1018  ds->cur.length = ti.length;
1019  ds->cur.ndef_length = ti.ndef;
1020  err = push_decoder_state (ds);
1021  if (err)
1022  return err;
1023  ds->cur.length = 0;
1024  ds->cur.ndef_length = 0;
1025  ds->cur.nread = 0;
1026  }
1027  if (debug)
1028  fprintf (stderr, " (length %d nread %d) end\n",
1029  ds->idx? ds->stack[ds->idx-1].length:-1,
1030  ds->cur.nread);
1031  break;
1032  default:
1033  never_reached ();
1034  abort ();
1035  break;
1036  }
1037  }
1038  while (again);
1039  }
1040 
1041  d->val.primitive = !ti.is_constructed;
1042  d->val.length = ti.length;
1043  d->val.nhdr = ti.nhdr;
1044  d->val.tag = ti.tag; /* kludge to fix TYPE_ANY probs */
1045  d->val.is_endtag = (ti.class == CLASS_UNIVERSAL && !ti.tag);
1046  d->val.node = d->bypass? NULL : node;
1047  if (debug)
1048  dump_decoder_state (ds);
1049 
1050  return 0;
1051 }
1052 
1053 static gpg_error_t
1055 {
1056  if (d->val.primitive)
1057  {
1058  if (read_buffer (d->reader, NULL, d->val.length))
1059  return eof_or_error (d, 1);
1060  }
1061  return 0;
1062 }
1063 
1064 
1065 ␌
1066 /* Calculate the distance between the 2 nodes */
1067 static int
1069 {
1070  int n=0;
1071 
1072  while (node && node != root)
1073  {
1074  while (node->left && node->left->right == node)
1075  node = node->left;
1076  node = node->left;
1077  n++;
1078  }
1079 
1080  return n;
1081 }
1082 
1083 
1084 /**
1085  * _ksba_ber_decoder_dump:
1086  * @d: Decoder object
1087  *
1088  * Dump a textual representation of the encoding to the given stream.
1089  *
1090  * Return value:
1091  **/
1092 gpg_error_t
1094 {
1095  gpg_error_t err;
1096  int depth = 0;
1097  AsnNode node;
1098  unsigned char *buf = NULL;
1099  size_t buflen = 0;
1100 
1101  if (!d)
1102  return gpg_error (GPG_ERR_INV_VALUE);
1103 
1104 #ifdef HAVE_GETENV
1105  d->debug = !!getenv("KSBA_DEBUG_BER_DECODER");
1106 #else
1107  d->debug = 0;
1108 #endif
1109  d->use_image = 0;
1110  d->image.buf = NULL;
1111  err = decoder_init (d, NULL);
1112  if (err)
1113  return err;
1114 
1115  while (!(err = decoder_next (d)))
1116  {
1117  node = d->val.node;
1118  if (node)
1119  depth = distance (d->root, node);
1120 
1121  fprintf (fp, "%4lu %4lu:%*s",
1122  ksba_reader_tell (d->reader) - d->val.nhdr,
1123  (unsigned long)d->val.length,
1124  depth*2, "");
1125  if (node)
1126  _ksba_asn_node_dump (node, fp);
1127  else
1128  fputs ("[No matching node]", fp);
1129 
1130  if (node && d->val.primitive)
1131  {
1132  size_t n;
1133  int i, c;
1134  char *p;
1135 
1136  if (!buf || buflen < d->val.length)
1137  {
1138  xfree (buf);
1139  buf = NULL;
1140  buflen = d->val.length + 100;
1141  if (buflen < d->val.length)
1142  err = gpg_error (GPG_ERR_BAD_BER); /* Overflow */
1143  else if (buflen > MAX_IMAGE_LENGTH)
1144  err = gpg_error (GPG_ERR_TOO_LARGE);
1145  else
1146  {
1147  buf = xtrymalloc (buflen);
1148  if (!buf)
1149  err = gpg_error_from_syserror ();
1150  }
1151  }
1152 
1153  for (n=0; !err && n < d->val.length; n++)
1154  {
1155  if ( (c=read_byte (d->reader)) == -1)
1156  err = eof_or_error (d, 1);
1157  buf[n] = c;
1158  }
1159  if (err)
1160  break;
1161  fputs (" (", fp);
1162  p = NULL;
1163  switch (node->type)
1164  {
1165  case TYPE_OBJECT_ID:
1166  p = ksba_oid_to_str (buf, n);
1167  break;
1168  default:
1169  for (i=0; i < n && (d->debug || i < 20); i++)
1170  fprintf (fp,"%02x", buf[i]);
1171  if (i < n)
1172  fputs ("..more..", fp);
1173  break;
1174  }
1175  if (p)
1176  {
1177  fputs (p, fp);
1178  xfree (p);
1179  }
1180  fputs (")\n", fp);
1181  }
1182  else
1183  {
1184  err = decoder_skip (d);
1185  putc ('\n', fp);
1186  }
1187  if (err)
1188  break;
1189 
1190  }
1191  if (gpg_err_code (err) == GPG_ERR_EOF)
1192  err = 0;
1193 
1194  decoder_deinit (d);
1195  xfree (buf);
1196  return err;
1197 }
1198 
1199 
1200 ␌
1201 
1202 gpg_error_t
1203 _ksba_ber_decoder_decode (BerDecoder d, const char *start_name,
1204  unsigned int flags,
1205  AsnNode *r_root,
1206  unsigned char **r_image, size_t *r_imagelen)
1207 {
1208  gpg_error_t err;
1209  AsnNode node;
1210  unsigned char *buf = NULL;
1211  size_t buflen = 0;
1212  unsigned long startoff;
1213 
1214  if (!d)
1215  return gpg_error (GPG_ERR_INV_VALUE);
1216 
1217  if (r_root)
1218  *r_root = NULL;
1219 
1220 #ifdef HAVE_GETENV
1221  d->debug = !!getenv("KSBA_DEBUG_BER_DECODER");
1222 #else
1223  d->debug = 0;
1224 #endif
1225  d->honor_module_end = 1;
1226  d->use_image = 1;
1227  d->image.buf = NULL;
1228  d->fast_stop = !!(flags & BER_DECODER_FLAG_FAST_STOP);
1229 
1230  startoff = ksba_reader_tell (d->reader);
1231 
1232  err = decoder_init (d, start_name);
1233  if (err)
1234  return err;
1235 
1236  while (!(err = decoder_next (d)))
1237  {
1238  node = d->val.node;
1239  /* Fixme: USE_IMAGE is only not used with the ber-dump utility
1240  and thus of no big use. We should remove the other code
1241  paths and dump ber-dump.c. */
1242  if (d->use_image)
1243  {
1244  if (node && !d->val.is_endtag)
1245  { /* We don't have nodes for the end tag - so don't store it */
1246  node->off = (ksba_reader_tell (d->reader)
1247  - d->val.nhdr - startoff);
1248  node->nhdr = d->val.nhdr;
1249  node->len = d->val.length;
1250  if (node->type == TYPE_ANY)
1251  node->actual_type = d->val.tag;
1252  }
1253  if (sum_a1_a2_gt_b (d->image.used, d->val.length, d->image.length))
1254  err = set_error(d, NULL, "TLV length too large");
1255  else if (d->val.primitive)
1256  {
1257  if( read_buffer (d->reader,
1258  d->image.buf + d->image.used, d->val.length))
1259  err = eof_or_error (d, 1);
1260  else
1261  {
1262  size_t sum = d->image.used + d->val.length;
1263  if (sum < d->image.used)
1264  err = gpg_error (GPG_ERR_BAD_BER);
1265  else
1266  d->image.used = sum;
1267  }
1268  }
1269  }
1270  else if (node && d->val.primitive)
1271  {
1272  size_t n;
1273  int c;
1274 
1275  if (!buf || buflen < d->val.length)
1276  {
1277  xfree (buf);
1278  buf = NULL;
1279  buflen = d->val.length + 100;
1280  if (buflen < d->val.length)
1281  err = gpg_error (GPG_ERR_BAD_BER);
1282  else if (buflen > MAX_IMAGE_LENGTH)
1283  err = gpg_error (GPG_ERR_TOO_LARGE);
1284  else
1285  {
1286  buf = xtrymalloc (buflen);
1287  if (!buf)
1288  err = gpg_error_from_syserror ();
1289  }
1290  }
1291 
1292  for (n=0; !err && n < d->val.length; n++)
1293  {
1294  if ( (c=read_byte (d->reader)) == -1)
1295  err = eof_or_error (d, 1);
1296  buf[n] = c;
1297  }
1298  if (err)
1299  break;
1300 
1301  switch (node->type)
1302  {
1303  default:
1304  _ksba_asn_set_value (node, VALTYPE_MEM, buf, n);
1305  break;
1306  }
1307  }
1308  else
1309  {
1310  err = decoder_skip (d);
1311  }
1312  if (err)
1313  break;
1314  }
1315  if (gpg_err_code (err) == GPG_ERR_EOF)
1316  err = 0;
1317 
1318  if (err)
1319  xfree (d->image.buf);
1320 
1321  if (r_root && !err)
1322  {
1323  if (!d->image.buf)
1324  { /* Not even the first node available - return eof */
1326  d->root = NULL;
1327  err = gpg_error (GPG_ERR_EOF);
1328  }
1329 
1330  fixup_type_any (d->root);
1331  *r_root = d->root;
1332  d->root = NULL;
1333  *r_image = d->image.buf;
1334  d->image.buf = NULL;
1335  *r_imagelen = d->image.used;
1336  if (d->debug)
1337  {
1338  fputs ("Value Tree:\n", stderr);
1339  _ksba_asn_node_dump_all (*r_root, stderr);
1340  }
1341  }
1342 
1343  decoder_deinit (d);
1344  xfree (buf);
1345  return err;
1346 }
@ TYPE_SEQUENCE_OF
@ TYPE_TAG
@ TYPE_OBJECT_ID
@ TYPE_SIZE
@ TYPE_DEFAULT
@ TYPE_SET_OF
@ TYPE_SEQUENCE
@ TYPE_SET
@ TYPE_CHOICE
@ TYPE_ANY
@ CLASS_CONTEXT
@ CLASS_UNIVERSAL
@ CLASS_APPLICATION
void _ksba_asn_node_dump(AsnNode p, FILE *fp)
Definition: asn1-func.c:450
void _ksba_asn_set_value(AsnNode node, enum asn_value_type vtype, const void *value, size_t len)
Definition: asn1-func.c:127
AsnNode _ksba_asn_insert_copy(AsnNode node)
Definition: asn1-func.c:1258
int _ksba_asn_is_primitive(node_type_t type)
Definition: asn1-func.c:87
AsnNode _ksba_asn_expand_tree(AsnNode parse_tree, const char *name)
Definition: asn1-func.c:1246
void _ksba_asn_node_dump_all(AsnNode root, FILE *fp)
Definition: asn1-func.c:547
AsnNode _ksba_asn_walk_tree(AsnNode root, AsnNode node)
Definition: asn1-func.c:790
@ VALTYPE_ULONG
Definition: asn1-func.h:74
@ VALTYPE_MEM
Definition: asn1-func.h:72
void _ksba_asn_release_nodes(AsnNode node)
Definition: asn1-parse.c:2886
static int sum_a1_a2_ge_b(size_t a1, size_t a2, size_t b)
Definition: ber-decoder.c:128
static gpg_error_t decoder_skip(BerDecoder d)
Definition: ber-decoder.c:1054
static void dump_tlv(const struct tag_info *ti, FILE *fp)
Definition: ber-decoder.c:277
static void fixup_type_any(AsnNode node)
Definition: ber-decoder.c:330
static int read_buffer(ksba_reader_t reader, char *buffer, size_t count)
Definition: ber-decoder.c:419
static DECODER_STATE new_decoder_state(void)
Definition: ber-decoder.c:137
static void dump_decoder_state(DECODER_STATE ds)
Definition: ber-decoder.c:163
static gpg_error_t push_decoder_state(DECODER_STATE ds)
Definition: ber-decoder.c:184
static void release_decoder_state(DECODER_STATE ds)
Definition: ber-decoder.c:157
static int set_error(BerDecoder d, AsnNode node, const char *text)
Definition: ber-decoder.c:210
static int read_byte(ksba_reader_t reader)
Definition: ber-decoder.c:404
struct decoder_state_s * DECODER_STATE
Definition: ber-decoder.c:69
static int eof_or_error(BerDecoder d, int premature)
Definition: ber-decoder.c:220
gpg_error_t _ksba_ber_decoder_decode(BerDecoder d, const char *start_name, unsigned int flags, AsnNode *r_root, unsigned char **r_image, size_t *r_imagelen)
Definition: ber-decoder.c:1203
static void decoder_deinit(BerDecoder d)
Definition: ber-decoder.c:806
static int distance(AsnNode root, AsnNode node)
Definition: ber-decoder.c:1068
gpg_error_t _ksba_ber_decoder_dump(BerDecoder d, FILE *fp)
Definition: ber-decoder.c:1093
static void prepare_copied_tree(AsnNode node)
Definition: ber-decoder.c:319
static int cmp_tag(AsnNode node, const struct tag_info *ti)
Definition: ber-decoder.c:452
#define MAX_IMAGE_LENGTH
Definition: ber-decoder.c:47
gpg_error_t _ksba_ber_decoder_set_module(BerDecoder d, ksba_asn_tree_t module)
Definition: ber-decoder.c:373
static gpg_error_t pop_decoder_state(DECODER_STATE ds)
Definition: ber-decoder.c:196
BerDecoder _ksba_ber_decoder_new(void)
Definition: ber-decoder.c:344
static const char * universal_tag_name(unsigned long no)
Definition: ber-decoder.c:236
static void clear_help_flags(AsnNode node)
Definition: ber-decoder.c:303
static gpg_error_t decoder_init(BerDecoder d, const char *start_name)
Definition: ber-decoder.c:793
static gpg_error_t decoder_next(BerDecoder d)
Definition: ber-decoder.c:817
static int sum_a1_a2_gt_b(size_t a1, size_t a2, size_t b)
Definition: ber-decoder.c:120
void _ksba_ber_decoder_release(BerDecoder d)
Definition: ber-decoder.c:356
gpg_error_t _ksba_ber_decoder_set_reader(BerDecoder d, ksba_reader_t r)
Definition: ber-decoder.c:386
static int match_der(AsnNode root, const struct tag_info *ti, DECODER_STATE ds, AsnNode *retnode, int debug)
Definition: ber-decoder.c:534
static AsnNode find_anchor_node(AsnNode root, const struct tag_info *ti)
Definition: ber-decoder.c:483
#define BER_DECODER_FLAG_FAST_STOP
Definition: ber-decoder.h:52
gpg_error_t _ksba_ber_read_tl(ksba_reader_t reader, struct tag_info *ti)
Definition: ber-help.c:93
const char * gpg_strerror(int err)
Definition: gen-help.c:98
#define DIM(v)
Definition: gen-help.h:46
#define gpg_error_from_syserror()
Definition: gen-help.h:88
#define GPG_ERR_INV_VALUE
Definition: gen-help.h:82
#define xtrymalloc(a)
Definition: gen-help.h:38
#define gpg_error(a)
Definition: gen-help.h:87
#define return_val_if_fail(expr, val)
Definition: gen-help.h:67
#define never_reached()
Definition: gen-help.h:73
gpg_error_t ksba_reader_unread(ksba_reader_t r, const void *buffer, size_t count)
char * ksba_oid_to_str(const char *buffer, size_t length)
unsigned long ksba_reader_tell(ksba_reader_t r)
gpg_error_t ksba_reader_read(ksba_reader_t r, char *buffer, size_t length, size_t *nread)
gpg_error_t ksba_reader_error(ksba_reader_t r)
union asn_value_u value
Definition: asn1-func.h:104
AsnNode right
Definition: asn1-func.h:111
enum asn_value_type valuetype
Definition: asn1-func.h:103
AsnNode down
Definition: asn1-func.h:110
node_type_t type
Definition: asn1-func.h:100
AsnNode left
Definition: asn1-func.h:112
struct node_flag_s flags
Definition: asn1-func.h:101
node_type_t actual_type
Definition: asn1-func.h:108
struct ber_decoder_s::@3 image
int ignore_garbage
Definition: ber-decoder.c:89
const char * last_errdesc
Definition: ber-decoder.c:77
ksba_reader_t reader
Definition: ber-decoder.c:76
AsnNode module
Definition: ber-decoder.c:75
int first_tag_seen
Definition: ber-decoder.c:93
AsnNode node
Definition: ber-decoder.c:112
DECODER_STATE ds
Definition: ber-decoder.c:80
unsigned long outer_sequence_length
Definition: ber-decoder.c:88
struct ber_decoder_s::@4 val
int honor_module_end
Definition: ber-decoder.c:96
AsnNode root
Definition: ber-decoder.c:79
unsigned char * buf
Definition: ber-decoder.c:101
DECODER_STATE_ITEM cur
Definition: ber-decoder.c:64
DECODER_STATE_ITEM stack[1]
Definition: ber-decoder.c:67
AsnNode parse_tree
Definition: asn1-func.h:118
int in_array
Definition: asn1-func.h:58
int skip_this
Definition: asn1-func.h:65
int in_choice
Definition: asn1-func.h:57
int tag_seen
Definition: asn1-func.h:64
enum tag_class class
Definition: asn1-func.h:40
int is_optional
Definition: asn1-func.h:54
int has_default
Definition: asn1-func.h:53
int is_implicit
Definition: asn1-func.h:55
unsigned long tag
Definition: ber-help.h:38
int is_constructed
Definition: ber-help.h:37
unsigned char buf[10]
Definition: ber-help.h:42
const char * err_string
Definition: ber-help.h:43
unsigned long length
Definition: ber-help.h:39
int ndef
Definition: ber-help.h:40
enum tag_class class
Definition: ber-help.h:36
size_t nhdr
Definition: ber-help.h:41
unsigned long v_ulong
Definition: asn1-func.h:85
#define xfree(a)
Definition: util.h:58
#define xtrycalloc(a, b)
Definition: util.h:55
#define xmalloc(a)
Definition: util.h:60