xref: /freebsd/crypto/openssl/crypto/punycode.c (revision fe3e92e6868dce2ed94c98428b8df1f27ed3ef63) 
1 /*
2  * Copyright 2019-2026 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stddef.h>
11 #include <stdio.h>
12 #include <openssl/e_os2.h>
13 #include "crypto/punycode.h"
14 #include "internal/common.h" /* for HAS_PREFIX */
15 #include "internal/packet.h" /* for WPACKET */
16 
17 static const unsigned int base = 36;
18 static const unsigned int tmin = 1;
19 static const unsigned int tmax = 26;
20 static const unsigned int skew = 38;
21 static const unsigned int damp = 700;
22 static const unsigned int initial_bias = 72;
23 static const unsigned int initial_n = 0x80;
24 static const unsigned int maxint = 0xFFFFFFFF;
25 static const char delimiter = '-';
26 
27 #define LABEL_BUF_SIZE 512
28 
29 /*-
30  * Pseudocode:
31  *
32  * function adapt(delta,numpoints,firsttime):
33  *  if firsttime then let delta = delta div damp
34  *  else let delta = delta div 2
35  *  let delta = delta + (delta div numpoints)
36  *  let k = 0
37  *  while delta > ((base - tmin) * tmax) div 2 do begin
38  *    let delta = delta div (base - tmin)
39  *    let k = k + base
40  *  end
41  *  return k + (((base - tmin + 1) * delta) div (delta + skew))
42  */
43 
44 static int adapt(unsigned int delta, unsigned int numpoints,
45     unsigned int firsttime)
46 {
47     unsigned int k = 0;
48 
49     delta = (firsttime) ? delta / damp : delta / 2;
50     delta = delta + delta / numpoints;
51 
52     while (delta > ((base - tmin) * tmax) / 2) {
53         delta = delta / (base - tmin);
54         k = k + base;
55     }
56 
57     return k + (((base - tmin + 1) * delta) / (delta + skew));
58 }
59 
60 static ossl_inline int is_basic(unsigned int a)
61 {
62     return (a < 0x80) ? 1 : 0;
63 }
64 
65 /*-
66  * code points    digit-values
67  * ------------   ----------------------
68  * 41..5A (A-Z) =  0 to 25, respectively
69  * 61..7A (a-z) =  0 to 25, respectively
70  * 30..39 (0-9) = 26 to 35, respectively
71  */
72 static ossl_inline int digit_decoded(const unsigned char a)
73 {
74     if (a >= 0x41 && a <= 0x5A)
75         return a - 0x41;
76 
77     if (a >= 0x61 && a <= 0x7A)
78         return a - 0x61;
79 
80     if (a >= 0x30 && a <= 0x39)
81         return a - 0x30 + 26;
82 
83     return -1;
84 }
85 
86 /*-
87  * Pseudocode:
88  *
89  * function ossl_punycode_decode
90  *  let n = initial_n
91  *  let i = 0
92  *  let bias = initial_bias
93  *  let output = an empty string indexed from 0
94  *  consume all code points before the last delimiter (if there is one)
95  *    and copy them to output, fail on any non-basic code point
96  *  if more than zero code points were consumed then consume one more
97  *    (which will be the last delimiter)
98  *  while the input is not exhausted do begin
99  *    let oldi = i
100  *    let w = 1
101  *    for k = base to infinity in steps of base do begin
102  *      consume a code point, or fail if there was none to consume
103  *      let digit = the code point's digit-value, fail if it has none
104  *      let i = i + digit * w, fail on overflow
105  *      let t = tmin if k <= bias {+ tmin}, or
106  *              tmax if k >= bias + tmax, or k - bias otherwise
107  *      if digit < t then break
108  *      let w = w * (base - t), fail on overflow
109  *    end
110  *    let bias = adapt(i - oldi, length(output) + 1, test oldi is 0?)
111  *    let n = n + i div (length(output) + 1), fail on overflow
112  *    let i = i mod (length(output) + 1)
113  *    {if n is a basic code point then fail}
114  *    insert n into output at position i
115  *    increment i
116  *  end
117  */
118 
119 int ossl_punycode_decode(const char *pEncoded, const size_t enc_len,
120     unsigned int *pDecoded, unsigned int *pout_length)
121 {
122     unsigned int n = initial_n;
123     unsigned int i = 0;
124     unsigned int bias = initial_bias;
125     size_t processed_in = 0, written_out = 0;
126     unsigned int max_out = *pout_length;
127     unsigned int basic_count = 0;
128     unsigned int loop;
129 
130     for (loop = 0; loop < enc_len; loop++) {
131         if (pEncoded[loop] == delimiter)
132             basic_count = loop;
133     }
134 
135     if (basic_count > 0) {
136         if (basic_count > max_out)
137             return 0;
138 
139         for (loop = 0; loop < basic_count; loop++) {
140             if (is_basic(pEncoded[loop]) == 0)
141                 return 0;
142 
143             pDecoded[loop] = pEncoded[loop];
144             written_out++;
145         }
146         processed_in = basic_count + 1;
147     }
148 
149     for (loop = processed_in; loop < enc_len;) {
150         unsigned int oldi = i;
151         unsigned int w = 1;
152         unsigned int k, t;
153         int digit;
154 
155         for (k = base;; k += base) {
156             if (loop >= enc_len)
157                 return 0;
158 
159             digit = digit_decoded(pEncoded[loop]);
160             loop++;
161 
162             if (digit < 0)
163                 return 0;
164             if ((unsigned int)digit > (maxint - i) / w)
165                 return 0;
166 
167             i = i + digit * w;
168             t = (k <= bias) ? tmin : (k >= bias + tmax) ? tmax
169                                                         : k - bias;
170 
171             if ((unsigned int)digit < t)
172                 break;
173 
174             if (w > maxint / (base - t))
175                 return 0;
176             w = w * (base - t);
177         }
178 
179         bias = adapt(i - oldi, written_out + 1, (oldi == 0));
180         if (i / (written_out + 1) > maxint - n)
181             return 0;
182         n = n + i / (written_out + 1);
183         i %= (written_out + 1);
184 
185         if (written_out >= max_out)
186             return 0;
187 
188         memmove(pDecoded + i + 1, pDecoded + i,
189             (written_out - i) * sizeof(*pDecoded));
190         pDecoded[i] = n;
191         i++;
192         written_out++;
193     }
194 
195     *pout_length = written_out;
196     return 1;
197 }
198 
199 /*
200  * Encode a code point using UTF-8
201  * return number of bytes on success, 0 on failure
202  * (also produces U+FFFD, which uses 3 bytes on failure)
203  */
204 static int codepoint2utf8(unsigned char *out, unsigned long utf)
205 {
206     if (utf <= 0x7F) {
207         /* Plain ASCII */
208         out[0] = (unsigned char)utf;
209         out[1] = 0;
210         return 1;
211     } else if (utf <= 0x07FF) {
212         /* 2-byte unicode */
213         out[0] = (unsigned char)(((utf >> 6) & 0x1F) | 0xC0);
214         out[1] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80);
215         out[2] = 0;
216         return 2;
217     } else if (utf <= 0xFFFF) {
218         /* 3-byte unicode */
219         out[0] = (unsigned char)(((utf >> 12) & 0x0F) | 0xE0);
220         out[1] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80);
221         out[2] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80);
222         out[3] = 0;
223         return 3;
224     } else if (utf <= 0x10FFFF) {
225         /* 4-byte unicode */
226         out[0] = (unsigned char)(((utf >> 18) & 0x07) | 0xF0);
227         out[1] = (unsigned char)(((utf >> 12) & 0x3F) | 0x80);
228         out[2] = (unsigned char)(((utf >> 6) & 0x3F) | 0x80);
229         out[3] = (unsigned char)(((utf >> 0) & 0x3F) | 0x80);
230         out[4] = 0;
231         return 4;
232     } else {
233         /* error - use replacement character */
234         out[0] = (unsigned char)0xEF;
235         out[1] = (unsigned char)0xBF;
236         out[2] = (unsigned char)0xBD;
237         out[3] = 0;
238         return 0;
239     }
240 }
241 
242 /*-
243  * Return values:
244  * 1 - ok
245  * 0 - ok but buf was too short
246  * -1 - bad string passed or other error
247  */
248 
249 int ossl_a2ulabel(const char *in, char *out, size_t outlen)
250 {
251     /*-
252      * Domain name has some parts consisting of ASCII chars joined with dot.
253      * If a part is shorter than 5 chars, it becomes U-label as is.
254      * If it does not start with xn--,    it becomes U-label as is.
255      * Otherwise we try to decode it.
256      */
257     const char *inptr = in;
258     int result = 1;
259     unsigned int i;
260     unsigned int buf[LABEL_BUF_SIZE]; /* It's a hostname */
261     WPACKET pkt;
262 
263     /* Internal API, so should not fail */
264     if (!ossl_assert(out != NULL))
265         return -1;
266 
267     if (!WPACKET_init_static_len(&pkt, (unsigned char *)out, outlen, 0))
268         return -1;
269 
270     while (1) {
271         const char *tmpptr = strchr(inptr, '.');
272         size_t delta = tmpptr != NULL ? (size_t)(tmpptr - inptr) : strlen(inptr);
273 
274         if (!HAS_PREFIX(inptr, "xn--")) {
275             if (!WPACKET_memcpy(&pkt, inptr, delta))
276                 result = 0;
277         } else {
278             unsigned int bufsize = LABEL_BUF_SIZE;
279 
280             if (ossl_punycode_decode(inptr + 4, delta - 4, buf, &bufsize) <= 0) {
281                 result = -1;
282                 goto end;
283             }
284 
285             for (i = 0; i < bufsize; i++) {
286                 unsigned char seed[6];
287                 size_t utfsize = codepoint2utf8(seed, buf[i]);
288 
289                 if (utfsize == 0) {
290                     result = -1;
291                     goto end;
292                 }
293 
294                 if (!WPACKET_memcpy(&pkt, seed, utfsize))
295                     result = 0;
296             }
297         }
298 
299         if (tmpptr == NULL)
300             break;
301 
302         if (!WPACKET_put_bytes_u8(&pkt, '.'))
303             result = 0;
304 
305         inptr = tmpptr + 1;
306     }
307 
308     if (!WPACKET_put_bytes_u8(&pkt, '\0'))
309         result = 0;
310 end:
311     WPACKET_cleanup(&pkt);
312     return result;
313 }
314