1 /*
2 * Copyright (c) 2016 Thomas Pornin <pornin@bolet.org>
3 *
4 * Permission is hereby granted, free of charge, to any person obtaining
5 * a copy of this software and associated documentation files (the
6 * "Software"), to deal in the Software without restriction, including
7 * without limitation the rights to use, copy, modify, merge, publish,
8 * distribute, sublicense, and/or sell copies of the Software, and to
9 * permit persons to whom the Software is furnished to do so, subject to
10 * the following conditions:
11 *
12 * The above copyright notice and this permission notice shall be
13 * included in all copies or substantial portions of the Software.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
16 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
17 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
18 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS
19 * BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN
20 * ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
21 * CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
22 * SOFTWARE.
23 */
24
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <stdint.h>
29 #include <errno.h>
30
31 #include "brssl.h"
32
33 /* see brssl.h */
34 unsigned char *
read_file(const char * fname,size_t * len)35 read_file(const char *fname, size_t *len)
36 {
37 bvector vbuf = VEC_INIT;
38 FILE *f;
39
40 *len = 0;
41 f = fopen(fname, "rb");
42 if (f == NULL) {
43 fprintf(stderr,
44 "ERROR: could not open file '%s' for reading\n", fname);
45 return NULL;
46 }
47 for (;;) {
48 unsigned char tmp[1024];
49 size_t rlen;
50
51 rlen = fread(tmp, 1, sizeof tmp, f);
52 if (rlen == 0) {
53 unsigned char *buf;
54
55 if (ferror(f)) {
56 fprintf(stderr,
57 "ERROR: read error on file '%s'\n",
58 fname);
59 fclose(f);
60 return NULL;
61 }
62 buf = VEC_TOARRAY(vbuf);
63 *len = VEC_LEN(vbuf);
64 VEC_CLEAR(vbuf);
65 fclose(f);
66 return buf;
67 }
68 VEC_ADDMANY(vbuf, tmp, rlen);
69 }
70 }
71
72 /* see brssl.h */
73 int
write_file(const char * fname,const void * data,size_t len)74 write_file(const char *fname, const void *data, size_t len)
75 {
76 FILE *f;
77 const unsigned char *buf;
78
79 f = fopen(fname, "wb");
80 if (f == NULL) {
81 fprintf(stderr,
82 "ERROR: could not open file '%s' for reading\n", fname);
83 return -1;
84 }
85 buf = data;
86 while (len > 0) {
87 size_t wlen;
88
89 wlen = fwrite(buf, 1, len, f);
90 if (wlen == 0) {
91 fprintf(stderr,
92 "ERROR: could not write all bytes to '%s'\n",
93 fname);
94 fclose(f);
95 return -1;
96 }
97 buf += wlen;
98 len -= wlen;
99 }
100 if (ferror(f)) {
101 fprintf(stderr, "ERROR: write error on file '%s'\n", fname);
102 fclose(f);
103 return -1;
104 }
105 fclose(f);
106 return 0;
107 }
108
109 /* see brssl.h */
110 int
looks_like_DER(const unsigned char * buf,size_t len)111 looks_like_DER(const unsigned char *buf, size_t len)
112 {
113 int fb;
114 size_t dlen;
115
116 if (len < 2) {
117 return 0;
118 }
119 if (*buf ++ != 0x30) {
120 return 0;
121 }
122 fb = *buf ++;
123 len -= 2;
124 if (fb < 0x80) {
125 return (size_t)fb == len;
126 } else if (fb == 0x80) {
127 return 0;
128 } else {
129 fb -= 0x80;
130 if (len < (size_t)fb + 2) {
131 return 0;
132 }
133 len -= (size_t)fb;
134 dlen = 0;
135 while (fb -- > 0) {
136 if (dlen > (len >> 8)) {
137 return 0;
138 }
139 dlen = (dlen << 8) + (size_t)*buf ++;
140 }
141 return dlen == len;
142 }
143 }
144
145 static void
vblob_append(void * cc,const void * data,size_t len)146 vblob_append(void *cc, const void *data, size_t len)
147 {
148 bvector *bv;
149
150 bv = cc;
151 VEC_ADDMANY(*bv, data, len);
152 }
153
154 /* see brssl.h */
155 void
free_pem_object_contents(pem_object * po)156 free_pem_object_contents(pem_object *po)
157 {
158 if (po != NULL) {
159 xfree(po->name);
160 xfree(po->data);
161 }
162 }
163
164 /* see brssl.h */
165 pem_object *
decode_pem(const void * src,size_t len,size_t * num)166 decode_pem(const void *src, size_t len, size_t *num)
167 {
168 VECTOR(pem_object) pem_list = VEC_INIT;
169 br_pem_decoder_context pc;
170 pem_object po, *pos;
171 const unsigned char *buf;
172 bvector bv = VEC_INIT;
173 int inobj;
174 int extra_nl;
175
176 *num = 0;
177 br_pem_decoder_init(&pc);
178 buf = src;
179 inobj = 0;
180 po.name = NULL;
181 po.data = NULL;
182 po.data_len = 0;
183 extra_nl = 1;
184 while (len > 0) {
185 size_t tlen;
186
187 tlen = br_pem_decoder_push(&pc, buf, len);
188 buf += tlen;
189 len -= tlen;
190 switch (br_pem_decoder_event(&pc)) {
191
192 case BR_PEM_BEGIN_OBJ:
193 po.name = xstrdup(br_pem_decoder_name(&pc));
194 br_pem_decoder_setdest(&pc, vblob_append, &bv);
195 inobj = 1;
196 break;
197
198 case BR_PEM_END_OBJ:
199 if (inobj) {
200 po.data = VEC_TOARRAY(bv);
201 po.data_len = VEC_LEN(bv);
202 VEC_ADD(pem_list, po);
203 VEC_CLEAR(bv);
204 po.name = NULL;
205 po.data = NULL;
206 po.data_len = 0;
207 inobj = 0;
208 }
209 break;
210
211 case BR_PEM_ERROR:
212 xfree(po.name);
213 VEC_CLEAR(bv);
214 fprintf(stderr,
215 "ERROR: invalid PEM encoding\n");
216 VEC_CLEAREXT(pem_list, &free_pem_object_contents);
217 return NULL;
218 }
219
220 /*
221 * We add an extra newline at the end, in order to
222 * support PEM files that lack the newline on their last
223 * line (this is somwehat invalid, but PEM format is not
224 * standardised and such files do exist in the wild, so
225 * we'd better accept them).
226 */
227 if (len == 0 && extra_nl) {
228 extra_nl = 0;
229 buf = (const unsigned char *)"\n";
230 len = 1;
231 }
232 }
233 if (inobj) {
234 fprintf(stderr, "ERROR: unfinished PEM object\n");
235 xfree(po.name);
236 VEC_CLEAR(bv);
237 VEC_CLEAREXT(pem_list, &free_pem_object_contents);
238 return NULL;
239 }
240
241 *num = VEC_LEN(pem_list);
242 VEC_ADD(pem_list, po);
243 pos = VEC_TOARRAY(pem_list);
244 VEC_CLEAR(pem_list);
245 return pos;
246 }
247
248 /* see brssl.h */
249 br_x509_certificate *
read_certificates(const char * fname,size_t * num)250 read_certificates(const char *fname, size_t *num)
251 {
252 VECTOR(br_x509_certificate) cert_list = VEC_INIT;
253 unsigned char *buf;
254 size_t len;
255 pem_object *pos;
256 size_t u, num_pos;
257 br_x509_certificate *xcs;
258 br_x509_certificate dummy;
259
260 *num = 0;
261
262 /*
263 * TODO: reading the whole file is crude; we could parse them
264 * in a streamed fashion. But it does not matter much in practice.
265 */
266 buf = read_file(fname, &len);
267 if (buf == NULL) {
268 return NULL;
269 }
270
271 /*
272 * Check for a DER-encoded certificate.
273 */
274 if (looks_like_DER(buf, len)) {
275 xcs = xmalloc(2 * sizeof *xcs);
276 xcs[0].data = buf;
277 xcs[0].data_len = len;
278 xcs[1].data = NULL;
279 xcs[1].data_len = 0;
280 *num = 1;
281 return xcs;
282 }
283
284 pos = decode_pem(buf, len, &num_pos);
285 xfree(buf);
286 if (pos == NULL) {
287 return NULL;
288 }
289 for (u = 0; u < num_pos; u ++) {
290 if (eqstr(pos[u].name, "CERTIFICATE")
291 || eqstr(pos[u].name, "X509 CERTIFICATE"))
292 {
293 br_x509_certificate xc;
294
295 xc.data = pos[u].data;
296 xc.data_len = pos[u].data_len;
297 pos[u].data = NULL;
298 VEC_ADD(cert_list, xc);
299 }
300 }
301 for (u = 0; u < num_pos; u ++) {
302 free_pem_object_contents(&pos[u]);
303 }
304 xfree(pos);
305
306 if (VEC_LEN(cert_list) == 0) {
307 fprintf(stderr, "ERROR: no certificate in file '%s'\n", fname);
308 return NULL;
309 }
310 *num = VEC_LEN(cert_list);
311 dummy.data = NULL;
312 dummy.data_len = 0;
313 VEC_ADD(cert_list, dummy);
314 xcs = VEC_TOARRAY(cert_list);
315 VEC_CLEAR(cert_list);
316 return xcs;
317 }
318
319 /* see brssl.h */
320 void
free_certificates(br_x509_certificate * certs,size_t num)321 free_certificates(br_x509_certificate *certs, size_t num)
322 {
323 size_t u;
324
325 for (u = 0; u < num; u ++) {
326 xfree(certs[u].data);
327 }
328 xfree(certs);
329 }
330