projects / BearSSL / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fixed buffer overflow, and also NULL pointer dereference, in ECDSA signature handling.
[BearSSL] / src / codec / pemdec.c
1 /* Automatically generated code; do not modify directly. */
2
3 #include <stddef.h>
4 #include <stdint.h>
5
6 typedef struct {
7 uint32_t *dp;
8 uint32_t *rp;
9 const unsigned char *ip;
10 } t0_context;
11
12 static uint32_t
13 t0_parse7E_unsigned(const unsigned char **p)
14 {
15 uint32_t x;
16
17 x = 0;
18 for (;;) {
19 unsigned y;
20
21 y = *(*p) ++;
22 x = (x << 7) | (uint32_t)(y & 0x7F);
23 if (y < 0x80) {
24 return x;
25 }
26 }
27 }
28
29 static int32_t
30 t0_parse7E_signed(const unsigned char **p)
31 {
32 int neg;
33 uint32_t x;
34
35 neg = ((**p) >> 6) & 1;
36 x = (uint32_t)-neg;
37 for (;;) {
38 unsigned y;
39
40 y = *(*p) ++;
41 x = (x << 7) | (uint32_t)(y & 0x7F);
42 if (y < 0x80) {
43 if (neg) {
44 return -(int32_t)~x - 1;
45 } else {
46 return (int32_t)x;
47 }
48 }
49 }
50 }
51
52 #define T0_VBYTE(x, n) (unsigned char)((((uint32_t)(x) >> (n)) & 0x7F) | 0x80)
53 #define T0_FBYTE(x, n) (unsigned char)(((uint32_t)(x) >> (n)) & 0x7F)
54 #define T0_SBYTE(x) (unsigned char)((((uint32_t)(x) >> 28) + 0xF8) ^ 0xF8)
55 #define T0_INT1(x) T0_FBYTE(x, 0)
56 #define T0_INT2(x) T0_VBYTE(x, 7), T0_FBYTE(x, 0)
57 #define T0_INT3(x) T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
58 #define T0_INT4(x) T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
59 #define T0_INT5(x) T0_SBYTE(x), T0_VBYTE(x, 21), T0_VBYTE(x, 14), T0_VBYTE(x, 7), T0_FBYTE(x, 0)
60
61 static const uint8_t t0_datablock[];
62
63
64 void br_pem_decoder_init_main(void *t0ctx);
65
66 void br_pem_decoder_run(void *t0ctx);
67
68
69
70 #include "inner.h"
71
72 #define CTX ((br_pem_decoder_context *)((unsigned char *)t0ctx - offsetof(br_pem_decoder_context, cpu)))
73
74 /* see bearssl_pem.h */
75 void
76 br_pem_decoder_init(br_pem_decoder_context *ctx)
77 {
78 memset(ctx, 0, sizeof *ctx);
79 ctx->cpu.dp = &ctx->dp_stack[0];
80 ctx->cpu.rp = &ctx->rp_stack[0];
81 br_pem_decoder_init_main(&ctx->cpu);
82 br_pem_decoder_run(&ctx->cpu);
83 }
84
85 /* see bearssl_pem.h */
86 size_t
87 br_pem_decoder_push(br_pem_decoder_context *ctx,
88 const void *data, size_t len)
89 {
90 if (ctx->event) {
91 return 0;
92 }
93 ctx->hbuf = data;
94 ctx->hlen = len;
95 br_pem_decoder_run(&ctx->cpu);
96 return len - ctx->hlen;
97 }
98
99 /* see bearssl_pem.h */
100 int
101 br_pem_decoder_event(br_pem_decoder_context *ctx)
102 {
103 int event;
104
105 event = ctx->event;
106 ctx->event = 0;
107 return event;
108 }
109
110
111
112 static const uint8_t t0_datablock[] = {
113 0x00, 0x2D, 0x2D, 0x2D, 0x2D, 0x2D, 0x42, 0x45, 0x47, 0x49, 0x4E, 0x20,
114 0x00, 0x2D, 0x2D, 0x2D, 0x2D, 0x45, 0x4E, 0x44, 0x20, 0x00
115 };
116
117 static const uint8_t t0_codeblock[] = {
118 0x00, 0x01, 0x00, 0x09, 0x00, 0x00, 0x01, 0x01, 0x07, 0x00, 0x00, 0x01,
119 0x01, 0x08, 0x00, 0x00, 0x13, 0x13, 0x00, 0x00, 0x01,
120 T0_INT2(offsetof(br_pem_decoder_context, event)), 0x00, 0x00, 0x01,
121 T0_INT2(offsetof(br_pem_decoder_context, name)), 0x00, 0x00, 0x05,
122 0x14, 0x2C, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x03, 0x13, 0x04, 0x76, 0x01,
123 0x2D, 0x0C, 0x06, 0x05, 0x2E, 0x01, 0x03, 0x2D, 0x00, 0x01, 0x0D, 0x27,
124 0x05, 0x04, 0x01, 0x03, 0x2D, 0x00, 0x15, 0x2E, 0x01, 0x02, 0x2D, 0x00,
125 0x01, 0x01, 0x7F, 0x03, 0x00, 0x24, 0x01, 0x00, 0x17, 0x0D, 0x06, 0x03,
126 0x13, 0x04, 0x3C, 0x01, 0x7F, 0x17, 0x0D, 0x06, 0x13, 0x13, 0x02, 0x00,
127 0x05, 0x06, 0x2E, 0x01, 0x03, 0x2D, 0x04, 0x03, 0x01, 0x7F, 0x22, 0x01,
128 0x00, 0x00, 0x04, 0x23, 0x01, 0x01, 0x17, 0x0D, 0x06, 0x09, 0x13, 0x01,
129 0x00, 0x22, 0x01, 0x00, 0x00, 0x04, 0x14, 0x01, 0x02, 0x17, 0x0D, 0x06,
130 0x06, 0x13, 0x01, 0x7F, 0x00, 0x04, 0x08, 0x13, 0x01, 0x03, 0x2D, 0x01,
131 0x00, 0x00, 0x13, 0x01, 0x00, 0x03, 0x00, 0x04, 0xFF, 0x33, 0x01, 0x2C,
132 0x14, 0x01, 0x2D, 0x0D, 0x06, 0x04, 0x13, 0x01, 0x7F, 0x00, 0x14, 0x31,
133 0x06, 0x02, 0x13, 0x29, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x04, 0x13, 0x01,
134 0x02, 0x00, 0x25, 0x14, 0x1C, 0x06, 0x05, 0x13, 0x2E, 0x01, 0x03, 0x00,
135 0x03, 0x00, 0x29, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x04, 0x13, 0x01, 0x03,
136 0x00, 0x25, 0x14, 0x1C, 0x06, 0x05, 0x13, 0x2E, 0x01, 0x03, 0x00, 0x02,
137 0x00, 0x01, 0x06, 0x0A, 0x07, 0x03, 0x00, 0x29, 0x14, 0x01, 0x0A, 0x0D,
138 0x06, 0x04, 0x13, 0x01, 0x03, 0x00, 0x14, 0x01, 0x3D, 0x0D, 0x06, 0x2E,
139 0x13, 0x29, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x04, 0x13, 0x01, 0x03, 0x00,
140 0x2F, 0x05, 0x04, 0x13, 0x01, 0x03, 0x00, 0x01, 0x3D, 0x0C, 0x06, 0x03,
141 0x01, 0x03, 0x00, 0x02, 0x00, 0x01, 0x0F, 0x10, 0x06, 0x03, 0x01, 0x03,
142 0x00, 0x02, 0x00, 0x01, 0x04, 0x0F, 0x1B, 0x01, 0x01, 0x00, 0x25, 0x14,
143 0x1C, 0x06, 0x05, 0x13, 0x2E, 0x01, 0x03, 0x00, 0x02, 0x00, 0x01, 0x06,
144 0x0A, 0x07, 0x03, 0x00, 0x29, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x04, 0x13,
145 0x01, 0x03, 0x00, 0x14, 0x01, 0x3D, 0x0D, 0x06, 0x20, 0x13, 0x2F, 0x05,
146 0x03, 0x01, 0x03, 0x00, 0x02, 0x00, 0x01, 0x03, 0x10, 0x06, 0x03, 0x01,
147 0x03, 0x00, 0x02, 0x00, 0x01, 0x0A, 0x0F, 0x1B, 0x02, 0x00, 0x01, 0x02,
148 0x0F, 0x1B, 0x01, 0x01, 0x00, 0x25, 0x14, 0x1C, 0x06, 0x05, 0x13, 0x2E,
149 0x01, 0x03, 0x00, 0x02, 0x00, 0x01, 0x06, 0x0A, 0x07, 0x03, 0x00, 0x02,
150 0x00, 0x01, 0x10, 0x0F, 0x1B, 0x02, 0x00, 0x01, 0x08, 0x0F, 0x1B, 0x02,
151 0x00, 0x1B, 0x01, 0x00, 0x00, 0x00, 0x14, 0x14, 0x01, 0x80, 0x41, 0x0E,
152 0x1A, 0x01, 0x80, 0x5A, 0x0B, 0x10, 0x06, 0x05, 0x01, 0x80, 0x41, 0x08,
153 0x00, 0x14, 0x14, 0x01, 0x80, 0x61, 0x0E, 0x1A, 0x01, 0x80, 0x7A, 0x0B,
154 0x10, 0x06, 0x05, 0x01, 0x80, 0x47, 0x08, 0x00, 0x14, 0x14, 0x01, 0x30,
155 0x0E, 0x1A, 0x01, 0x39, 0x0B, 0x10, 0x06, 0x04, 0x01, 0x04, 0x07, 0x00,
156 0x14, 0x01, 0x2B, 0x0D, 0x06, 0x04, 0x13, 0x01, 0x3E, 0x00, 0x14, 0x01,
157 0x2F, 0x0D, 0x06, 0x04, 0x13, 0x01, 0x3F, 0x00, 0x01, 0x3D, 0x0C, 0x1E,
158 0x00, 0x00, 0x28, 0x01, 0x01, 0x2D, 0x23, 0x06, 0x02, 0x04, 0x7B, 0x04,
159 0x75, 0x00, 0x14, 0x12, 0x2A, 0x14, 0x05, 0x04, 0x1F, 0x01, 0x7F, 0x00,
160 0x2C, 0x2A, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x05, 0x13, 0x1F, 0x01, 0x00,
161 0x00, 0x0D, 0x05, 0x05, 0x13, 0x2E, 0x01, 0x00, 0x00, 0x1D, 0x04, 0x5E,
162 0x00, 0x01, 0x01, 0x27, 0x06, 0x0B, 0x21, 0x01, 0x80, 0x7F, 0x2B, 0x14,
163 0x06, 0x02, 0x30, 0x00, 0x13, 0x04, 0x6E, 0x00, 0x2C, 0x14, 0x31, 0x05,
164 0x01, 0x00, 0x13, 0x04, 0x77, 0x00, 0x14, 0x14, 0x01, 0x80, 0x61, 0x0E,
165 0x1A, 0x01, 0x80, 0x7A, 0x0B, 0x10, 0x06, 0x03, 0x01, 0x20, 0x08, 0x00,
166 0x01, 0x14, 0x03, 0x00, 0x1A, 0x17, 0x05, 0x05, 0x1F, 0x2E, 0x01, 0x00,
167 0x00, 0x2C, 0x14, 0x01, 0x0A, 0x0D, 0x06, 0x06, 0x1F, 0x02, 0x00, 0x1A,
168 0x08, 0x00, 0x14, 0x01, 0x0D, 0x0D, 0x06, 0x03, 0x13, 0x04, 0x03, 0x2A,
169 0x17, 0x19, 0x1D, 0x1A, 0x1E, 0x1A, 0x04, 0x59, 0x00, 0x18, 0x14, 0x1C,
170 0x05, 0x01, 0x00, 0x13, 0x11, 0x04, 0x76, 0x00, 0x20, 0x19, 0x11, 0x00,
171 0x00, 0x2C, 0x01, 0x0A, 0x0C, 0x06, 0x02, 0x04, 0x78, 0x00, 0x01, 0x01,
172 0x7F, 0x03, 0x00, 0x2C, 0x14, 0x01, 0x0A, 0x0C, 0x06, 0x09, 0x31, 0x05,
173 0x04, 0x01, 0x00, 0x03, 0x00, 0x04, 0x70, 0x13, 0x02, 0x00, 0x00, 0x00,
174 0x14, 0x06, 0x14, 0x1E, 0x14, 0x21, 0x07, 0x16, 0x01, 0x2D, 0x0C, 0x06,
175 0x08, 0x21, 0x07, 0x1D, 0x01, 0x00, 0x1A, 0x19, 0x00, 0x04, 0x69, 0x21,
176 0x19, 0x00, 0x00, 0x14, 0x01, 0x0A, 0x0C, 0x1A, 0x01, 0x20, 0x0B, 0x10,
177 0x00
178 };
179
180 static const uint16_t t0_caddr[] = {
181 0,
182 5,
183 10,
184 15,
185 19,
186 24,
187 29,
188 67,
189 149,
190 384,
191 464,
192 476,
193 511,
194 530,
195 540,
196 559,
197 603,
198 614,
199 619,
200 629,
201 654,
202 681
203 };
204
205 #define T0_INTERPRETED 28
206
207 #define T0_ENTER(ip, rp, slot) do { \
208 const unsigned char *t0_newip; \
209 uint32_t t0_lnum; \
210 t0_newip = &t0_codeblock[t0_caddr[(slot) - T0_INTERPRETED]]; \
211 t0_lnum = t0_parse7E_unsigned(&t0_newip); \
212 (rp) += t0_lnum; \
213 *((rp) ++) = (uint32_t)((ip) - &t0_codeblock[0]) + (t0_lnum << 16); \
214 (ip) = t0_newip; \
215 } while (0)
216
217 #define T0_DEFENTRY(name, slot) \
218 void \
219 name(void *ctx) \
220 { \
221 t0_context *t0ctx = ctx; \
222 t0ctx->ip = &t0_codeblock[0]; \
223 T0_ENTER(t0ctx->ip, t0ctx->rp, slot); \
224 }
225
226 T0_DEFENTRY(br_pem_decoder_init_main, 38)
227
228 void
229 br_pem_decoder_run(void *t0ctx)
230 {
231 uint32_t *dp, *rp;
232 const unsigned char *ip;
233
234 #define T0_LOCAL(x) (*(rp - 2 - (x)))
235 #define T0_POP() (*-- dp)
236 #define T0_POPi() (*(int32_t *)(-- dp))
237 #define T0_PEEK(x) (*(dp - 1 - (x)))
238 #define T0_PEEKi(x) (*(int32_t *)(dp - 1 - (x)))
239 #define T0_PUSH(v) do { *dp = (v); dp ++; } while (0)
240 #define T0_PUSHi(v) do { *(int32_t *)dp = (v); dp ++; } while (0)
241 #define T0_RPOP() (*-- rp)
242 #define T0_RPOPi() (*(int32_t *)(-- rp))
243 #define T0_RPUSH(v) do { *rp = (v); rp ++; } while (0)
244 #define T0_RPUSHi(v) do { *(int32_t *)rp = (v); rp ++; } while (0)
245 #define T0_ROLL(x) do { \
246 size_t t0len = (size_t)(x); \
247 uint32_t t0tmp = *(dp - 1 - t0len); \
248 memmove(dp - t0len - 1, dp - t0len, t0len * sizeof *dp); \
249 *(dp - 1) = t0tmp; \
250 } while (0)
251 #define T0_SWAP() do { \
252 uint32_t t0tmp = *(dp - 2); \
253 *(dp - 2) = *(dp - 1); \
254 *(dp - 1) = t0tmp; \
255 } while (0)
256 #define T0_ROT() do { \
257 uint32_t t0tmp = *(dp - 3); \
258 *(dp - 3) = *(dp - 2); \
259 *(dp - 2) = *(dp - 1); \
260 *(dp - 1) = t0tmp; \
261 } while (0)
262 #define T0_NROT() do { \
263 uint32_t t0tmp = *(dp - 1); \
264 *(dp - 1) = *(dp - 2); \
265 *(dp - 2) = *(dp - 3); \
266 *(dp - 3) = t0tmp; \
267 } while (0)
268 #define T0_PICK(x) do { \
269 uint32_t t0depth = (x); \
270 T0_PUSH(T0_PEEK(t0depth)); \
271 } while (0)
272 #define T0_CO() do { \
273 goto t0_exit; \
274 } while (0)
275 #define T0_RET() break
276
277 dp = ((t0_context *)t0ctx)->dp;
278 rp = ((t0_context *)t0ctx)->rp;
279 ip = ((t0_context *)t0ctx)->ip;
280 for (;;) {
281 uint32_t t0x;
282
283 t0x = t0_parse7E_unsigned(&ip);
284 if (t0x < T0_INTERPRETED) {
285 switch (t0x) {
286 int32_t t0off;
287
288 case 0: /* ret */
289 t0x = T0_RPOP();
290 rp -= (t0x >> 16);
291 t0x &= 0xFFFF;
292 if (t0x == 0) {
293 ip = NULL;
294 goto t0_exit;
295 }
296 ip = &t0_codeblock[t0x];
297 break;
298 case 1: /* literal constant */
299 T0_PUSHi(t0_parse7E_signed(&ip));
300 break;
301 case 2: /* read local */
302 T0_PUSH(T0_LOCAL(t0_parse7E_unsigned(&ip)));
303 break;
304 case 3: /* write local */
305 T0_LOCAL(t0_parse7E_unsigned(&ip)) = T0_POP();
306 break;
307 case 4: /* jump */
308 t0off = t0_parse7E_signed(&ip);
309 ip += t0off;
310 break;
311 case 5: /* jump if */
312 t0off = t0_parse7E_signed(&ip);
313 if (T0_POP()) {
314 ip += t0off;
315 }
316 break;
317 case 6: /* jump if not */
318 t0off = t0_parse7E_signed(&ip);
319 if (!T0_POP()) {
320 ip += t0off;
321 }
322 break;
323 case 7: {
324 /* + */
325
326 uint32_t b = T0_POP();
327 uint32_t a = T0_POP();
328 T0_PUSH(a + b);
329
330 }
331 break;
332 case 8: {
333 /* - */
334
335 uint32_t b = T0_POP();
336 uint32_t a = T0_POP();
337 T0_PUSH(a - b);
338
339 }
340 break;
341 case 9: {
342 /* < */
343
344 int32_t b = T0_POPi();
345 int32_t a = T0_POPi();
346 T0_PUSH(-(uint32_t)(a < b));
347
348 }
349 break;
350 case 10: {
351 /* << */
352
353 int c = (int)T0_POPi();
354 uint32_t x = T0_POP();
355 T0_PUSH(x << c);
356
357 }
358 break;
359 case 11: {
360 /* <= */
361
362 int32_t b = T0_POPi();
363 int32_t a = T0_POPi();
364 T0_PUSH(-(uint32_t)(a <= b));
365
366 }
367 break;
368 case 12: {
369 /* <> */
370
371 uint32_t b = T0_POP();
372 uint32_t a = T0_POP();
373 T0_PUSH(-(uint32_t)(a != b));
374
375 }
376 break;
377 case 13: {
378 /* = */
379
380 uint32_t b = T0_POP();
381 uint32_t a = T0_POP();
382 T0_PUSH(-(uint32_t)(a == b));
383
384 }
385 break;
386 case 14: {
387 /* >= */
388
389 int32_t b = T0_POPi();
390 int32_t a = T0_POPi();
391 T0_PUSH(-(uint32_t)(a >= b));
392
393 }
394 break;
395 case 15: {
396 /* >> */
397
398 int c = (int)T0_POPi();
399 int32_t x = T0_POPi();
400 T0_PUSHi(x >> c);
401
402 }
403 break;
404 case 16: {
405 /* and */
406
407 uint32_t b = T0_POP();
408 uint32_t a = T0_POP();
409 T0_PUSH(a & b);
410
411 }
412 break;
413 case 17: {
414 /* co */
415 T0_CO();
416 }
417 break;
418 case 18: {
419 /* data-get8 */
420
421 size_t addr = T0_POP();
422 T0_PUSH(t0_datablock[addr]);
423
424 }
425 break;
426 case 19: {
427 /* drop */
428 (void)T0_POP();
429 }
430 break;
431 case 20: {
432 /* dup */
433 T0_PUSH(T0_PEEK(0));
434 }
435 break;
436 case 21: {
437 /* flush-buf */
438
439 if (CTX->ptr > 0) {
440 CTX->dest(CTX->dest_ctx, CTX->buf, CTX->ptr);
441 CTX->ptr = 0;
442 }
443
444 }
445 break;
446 case 22: {
447 /* get8 */
448
449 size_t addr = T0_POP();
450 T0_PUSH(*((unsigned char *)CTX + addr));
451
452 }
453 break;
454 case 23: {
455 /* over */
456 T0_PUSH(T0_PEEK(1));
457 }
458 break;
459 case 24: {
460 /* read8-native */
461
462 if (CTX->hlen > 0) {
463 T0_PUSH(*CTX->hbuf ++);
464 CTX->hlen --;
465 } else {
466 T0_PUSHi(-1);
467 }
468
469 }
470 break;
471 case 25: {
472 /* set8 */
473
474 size_t addr = T0_POP();
475 unsigned x = T0_POP();
476 *((unsigned char *)CTX + addr) = x;
477
478 }
479 break;
480 case 26: {
481 /* swap */
482 T0_SWAP();
483 }
484 break;
485 case 27: {
486 /* write8 */
487
488 unsigned char x = (unsigned char)T0_POP();
489 CTX->buf[CTX->ptr ++] = x;
490 if (CTX->ptr == sizeof CTX->buf) {
491 if (CTX->dest) {
492 CTX->dest(CTX->dest_ctx, CTX->buf, sizeof CTX->buf);
493 }
494 CTX->ptr = 0;
495 }
496
497 }
498 break;
499 }
500
501 } else {
502 T0_ENTER(ip, rp, t0x);
503 }
504 }
505 t0_exit:
506 ((t0_context *)t0ctx)->dp = dp;
507 ((t0_context *)t0ctx)->rp = rp;
508 ((t0_context *)t0ctx)->ip = ip;
509 }
The BearSSL library and tools.