Merge pull request #305 from awslabs/new-current-upstream-merge-20210920

Current upstream merge 20210920

.clang-format

@@ -10,6 +10,7 @@ PointerAlignment: Right
 IncludeBlocks: Preserve
 TypenameMacros: ['LHASH_OF', 'STACK_OF']
 StatementMacros:
+  - "ASN1_SEQUENCE_END"
   - "DECLARE_ASN1_ALLOC_FUNCTIONS"
   - "DECLARE_ASN1_ALLOC_FUNCTIONS_name"
   - "DECLARE_ASN1_ENCODE_FUNCTIONS"
@@ -18,8 +19,6 @@ StatementMacros:
   - "DECLARE_ASN1_FUNCTIONS_const"
   - "DECLARE_ASN1_FUNCTIONS_fname"
   - "DECLARE_ASN1_FUNCTIONS_name"
-  - "DECLARE_ASN1_PRINT_FUNCTION"
-  - "DECLARE_ASN1_PRINT_FUNCTION_fname"
   - "DECLARE_PEM_read"
   - "DECLARE_PEM_read_bio"
   - "DECLARE_PEM_read_fp"

crypto/CMakeLists.txt

@@ -253,7 +253,6 @@ add_library(
   asn1/asn1_lib.c
   asn1/asn1_par.c
   asn1/asn_pack.c
-  asn1/f_enum.c
   asn1/f_int.c
   asn1/f_string.c
   asn1/tasn_dec.c

crypto/asn1/a_bitstr.c

@@ -63,24 +63,25 @@
 #include <openssl/mem.h>
 
 #include "../internal.h"
+#include "internal.h"
 
 
 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, const unsigned char *d, int len)
 {
     return ASN1_STRING_set(x, d, len);
 }
 
-static int asn1_bit_string_length(const ASN1_BIT_STRING *str,
-                                  uint8_t *out_padding_bits) {
+int asn1_bit_string_length(const ASN1_BIT_STRING *str,
+                           uint8_t *out_padding_bits) {
     int len = str->length;
     if (str->flags & ASN1_STRING_FLAG_BITS_LEFT) {
         // If the string is already empty, it cannot have padding bits.
         *out_padding_bits = len == 0 ? 0 : str->flags & 0x07;
         return len;
     }
 
-    // TODO(davidben): If we move this logic to |ASN1_BIT_STRING_set_bit|, can
-    // we remove this representation?
+    // TODO(https://crbug.com/boringssl/447): If we move this logic to
+    // |ASN1_BIT_STRING_set_bit|, can we remove this representation?
     while (len > 0 && str->data[len - 1] == 0) {
         len--;
     }

crypto/asn1/a_bool.c

@@ -59,7 +59,7 @@
 #include <openssl/err.h>
 #include <openssl/mem.h>
 
-int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
+int i2d_ASN1_BOOLEAN(ASN1_BOOLEAN a, unsigned char **pp)
 {
     int r;
     unsigned char *p, *allocated = NULL;
@@ -71,7 +71,7 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
     if (*pp == NULL) {
         if ((p = allocated = OPENSSL_malloc(r)) == NULL) {
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-            return 0;
+            return -1;
         }
     } else {
         p = *pp;
@@ -88,36 +88,35 @@ int i2d_ASN1_BOOLEAN(int a, unsigned char **pp)
     return r;
 }
 
-int d2i_ASN1_BOOLEAN(int *a, const unsigned char **pp, long length)
-{
-    int ret = -1;
-    const unsigned char *p;
+ASN1_BOOLEAN d2i_ASN1_BOOLEAN(ASN1_BOOLEAN *a, const unsigned char **pp,
+                              long length) {
+    const unsigned char *p = *pp;
     long len;
     int inf, tag, xclass;
-    int i = 0;
-
-    p = *pp;
     inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
     if (inf & 0x80) {
-        i = ASN1_R_BAD_OBJECT_HEADER;
-        goto err;
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_BAD_OBJECT_HEADER);
+        return -1;
     }
 
-    if (tag != V_ASN1_BOOLEAN) {
-        i = ASN1_R_EXPECTING_A_BOOLEAN;
-        goto err;
+    if (inf & V_ASN1_CONSTRUCTED) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_TYPE_NOT_PRIMITIVE);
+        return -1;
+    }
+
+    if (tag != V_ASN1_BOOLEAN || xclass != V_ASN1_UNIVERSAL) {
+      OPENSSL_PUT_ERROR(ASN1, ASN1_R_EXPECTING_A_BOOLEAN);
+      return -1;
     }
 
     if (len != 1) {
-        i = ASN1_R_BOOLEAN_IS_WRONG_LENGTH;
-        goto err;
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_BOOLEAN_IS_WRONG_LENGTH);
+        return -1;
     }
-    ret = (int)*(p++);
-    if (a != NULL)
+    ASN1_BOOLEAN ret = (ASN1_BOOLEAN)*(p++);
+    if (a != NULL) {
         (*a) = ret;
+    }
     *pp = p;
-    return (ret);
- err:
-    OPENSSL_PUT_ERROR(ASN1, i);
-    return (ret);
+    return ret;
 }

crypto/asn1/a_mbstr.c

@@ -66,8 +66,6 @@
 #include "internal.h"
 #include "../bytestring/internal.h"
 
-static int is_printable(uint32_t value);
-
 /*
  * These functions take a string in UTF8, ASCII or multibyte form and a mask
  * of permissible ASN1 string types. It then works out the minimal type
@@ -153,7 +151,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
         }
 
         /* Update which output formats are still possible. */
-        if ((mask & B_ASN1_PRINTABLESTRING) && !is_printable(c)) {
+        if ((mask & B_ASN1_PRINTABLESTRING) && !asn1_is_printable(c)) {
             mask &= ~B_ASN1_PRINTABLESTRING;
         }
         if ((mask & B_ASN1_IA5STRING) && (c > 127)) {
@@ -285,24 +283,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len,
     return -1;
 }
 
-/* Return 1 if the character is permitted in a PrintableString */
-static int is_printable(uint32_t value)
+int asn1_is_printable(uint32_t value)
 {
-    int ch;
-    if (value > 0x7f)
+    if (value > 0x7f) {
         return 0;
-    ch = (int)value;
-    /*
-     * Note: we can't use 'isalnum' because certain accented characters may
-     * count as alphanumeric in some environments.
-     */
-    if ((ch >= 'a') && (ch <= 'z'))
-        return 1;
-    if ((ch >= 'A') && (ch <= 'Z'))
-        return 1;
-    if ((ch >= '0') && (ch <= '9'))
-        return 1;
-    if ((ch == ' ') || strchr("'()+,-./:=?", ch))
-        return 1;
-    return 0;
+    }
+    /* Note we cannot use |isalnum| because it is locale-dependent. */
+    return ('a' <= value && value <= 'z') ||  //
+           ('A' <= value && value <= 'Z') ||  //
+           ('0' <= value && value <= '9') ||  //
+           value == ' ' || value == '\'' || value == '(' || value == ')' ||
+           value == '+' || value == ',' || value == '-' || value == '.' ||
+           value == '/' || value == ':' || value == '=' || value == '?';
 }

crypto/asn1/a_object.c

@@ -69,20 +69,26 @@
 
 int i2d_ASN1_OBJECT(const ASN1_OBJECT *a, unsigned char **pp)
 {
-    unsigned char *p, *allocated = NULL;
-    int objsize;
+    if (a == NULL) {
+        OPENSSL_PUT_ERROR(ASN1, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
+    }
 
-    if ((a == NULL) || (a->data == NULL))
-        return (0);
+    if (a->length == 0) {
+        OPENSSL_PUT_ERROR(ASN1, ASN1_R_ILLEGAL_OBJECT);
+        return -1;
+    }
 
-    objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
-    if (pp == NULL || objsize == -1)
+    int objsize = ASN1_object_size(0, a->length, V_ASN1_OBJECT);
+    if (pp == NULL || objsize == -1) {
         return objsize;
+    }
 
+    unsigned char *p, *allocated = NULL;
     if (*pp == NULL) {
         if ((p = allocated = OPENSSL_malloc(objsize)) == NULL) {
             OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
-            return 0;
+            return -1;
         }
     } else {
         p = *pp;
@@ -104,26 +110,37 @@ int i2t_ASN1_OBJECT(char *buf, int buf_len, const ASN1_OBJECT *a)
     return OBJ_obj2txt(buf, buf_len, a, 0);
 }
 
+static int write_str(BIO *bp, const char *str)
+{
+    int len = strlen(str);
+    return BIO_write(bp, str, len) == len ? len : -1;
+}
+
 int i2a_ASN1_OBJECT(BIO *bp, const ASN1_OBJECT *a)
 {
-    char buf[80], *p = buf;
-    int i;
+    if (a == NULL || a->data == NULL) {
+        return write_str(bp, "NULL");
+    }
 
-    if ((a == NULL) || (a->data == NULL))
-        return (BIO_write(bp, "NULL", 4));
-    i = i2t_ASN1_OBJECT(buf, sizeof buf, a);
-    if (i > (int)(sizeof(buf) - 1)) {
-        p = OPENSSL_malloc(i + 1);
-        if (!p)
+    char buf[80], *allocated = NULL;
+    const char *str = buf;
+    int len = i2t_ASN1_OBJECT(buf, sizeof(buf), a);
+    if (len > (int)sizeof(buf) - 1) {
+        /* The input was truncated. Allocate a buffer that fits. */
+        allocated = OPENSSL_malloc(len + 1);
+        if (allocated == NULL) {
             return -1;
-        i2t_ASN1_OBJECT(p, i + 1, a);
+        }
+        len = i2t_ASN1_OBJECT(allocated, len + 1, a);
+        str = allocated;
     }
-    if (i <= 0)
-        return BIO_write(bp, "<INVALID>", 9);
-    BIO_write(bp, p, i);
-    if (p != buf)
-        OPENSSL_free(p);
-    return (i);
+    if (len <= 0) {
+        str = "<INVALID>";
+    }
+
+    int ret = write_str(bp, str);
+    OPENSSL_free(allocated);
+    return ret;
 }
 
 ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, const unsigned char **pp,

crypto/asn1/a_print.c

@@ -56,38 +56,28 @@
 
 #include <openssl/asn1.h>
 
-#include <openssl/err.h>
-#include <openssl/mem.h>
+#include <string.h>
+
+#include "internal.h"
+
 
 int ASN1_PRINTABLE_type(const unsigned char *s, int len)
 {
-    int c;
-    int ia5 = 0;
-    int t61 = 0;
-
-    if (len <= 0)
-        len = -1;
-    if (s == NULL)
-        return (V_ASN1_PRINTABLESTRING);
+    if (len < 0) {
+        len = strlen((const char *)s);
+    }
 
-    while ((*s) && (len-- != 0)) {
-        c = *(s++);
-        if (!(((c >= 'a') && (c <= 'z')) ||
-              ((c >= 'A') && (c <= 'Z')) ||
-              (c == ' ') ||
-              ((c >= '0') && (c <= '9')) ||
-              (c == ' ') || (c == '\'') ||
-              (c == '(') || (c == ')') ||
-              (c == '+') || (c == ',') ||
-              (c == '-') || (c == '.') ||
-              (c == '/') || (c == ':') || (c == '=') || (c == '?')))
-            ia5 = 1;
-        if (c & 0x80)
-            t61 = 1;
+    int printable = 1;
+    for (int i = 0; i < len; i++) {
+        unsigned char c = s[i];
+        if (c & 0x80) {
+            /* No need to continue iterating. */
+            return V_ASN1_T61STRING;
+        }
+        if (!asn1_is_printable(c)) {
+            printable = 0;
+        }
     }
-    if (t61)
-        return (V_ASN1_T61STRING);
-    if (ia5)
-        return (V_ASN1_IA5STRING);
-    return (V_ASN1_PRINTABLESTRING);
+
+    return printable ? V_ASN1_PRINTABLESTRING : V_ASN1_IA5STRING;
 }