2
0

a_int.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630
  1. /*
  2. * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include "internal/numbers.h"
  12. #include <limits.h>
  13. #include <openssl/asn1.h>
  14. #include <openssl/bn.h>
  15. #include "asn1_local.h"
  16. ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
  17. {
  18. return ASN1_STRING_dup(x);
  19. }
  20. int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
  21. {
  22. int neg, ret;
  23. /* Compare signs */
  24. neg = x->type & V_ASN1_NEG;
  25. if (neg != (y->type & V_ASN1_NEG)) {
  26. if (neg)
  27. return -1;
  28. else
  29. return 1;
  30. }
  31. ret = ASN1_STRING_cmp(x, y);
  32. if (neg)
  33. return -ret;
  34. else
  35. return ret;
  36. }
  37. /*-
  38. * This converts a big endian buffer and sign into its content encoding.
  39. * This is used for INTEGER and ENUMERATED types.
  40. * The internal representation is an ASN1_STRING whose data is a big endian
  41. * representation of the value, ignoring the sign. The sign is determined by
  42. * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
  43. *
  44. * Positive integers are no problem: they are almost the same as the DER
  45. * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
  46. *
  47. * Negative integers are a bit trickier...
  48. * The DER representation of negative integers is in 2s complement form.
  49. * The internal form is converted by complementing each octet and finally
  50. * adding one to the result. This can be done less messily with a little trick.
  51. * If the internal form has trailing zeroes then they will become FF by the
  52. * complement and 0 by the add one (due to carry) so just copy as many trailing
  53. * zeros to the destination as there are in the source. The carry will add one
  54. * to the last none zero octet: so complement this octet and add one and finally
  55. * complement any left over until you get to the start of the string.
  56. *
  57. * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
  58. * with 0xff. However if the first byte is 0x80 and one of the following bytes
  59. * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
  60. * followed by optional zeros isn't padded.
  61. */
  62. /*
  63. * If |pad| is zero, the operation is effectively reduced to memcpy,
  64. * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
  65. * Note that in latter case sequence of zeros yields itself, and so
  66. * does 0x80 followed by any number of zeros. These properties are
  67. * used elsewhere below...
  68. */
  69. static void twos_complement(unsigned char *dst, const unsigned char *src,
  70. size_t len, unsigned char pad)
  71. {
  72. unsigned int carry = pad & 1;
  73. /* Begin at the end of the encoding */
  74. dst += len;
  75. src += len;
  76. /* two's complement value: ~value + 1 */
  77. while (len-- != 0) {
  78. *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
  79. carry >>= 8;
  80. }
  81. }
  82. static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
  83. unsigned char **pp)
  84. {
  85. unsigned int pad = 0;
  86. size_t ret, i;
  87. unsigned char *p, pb = 0;
  88. if (b != NULL && blen) {
  89. ret = blen;
  90. i = b[0];
  91. if (!neg && (i > 127)) {
  92. pad = 1;
  93. pb = 0;
  94. } else if (neg) {
  95. pb = 0xFF;
  96. if (i > 128) {
  97. pad = 1;
  98. } else if (i == 128) {
  99. /*
  100. * Special case [of minimal negative for given length]:
  101. * if any other bytes non zero we pad, otherwise we don't.
  102. */
  103. for (pad = 0, i = 1; i < blen; i++)
  104. pad |= b[i];
  105. pb = pad != 0 ? 0xffU : 0;
  106. pad = pb & 1;
  107. }
  108. }
  109. ret += pad;
  110. } else {
  111. ret = 1;
  112. blen = 0; /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
  113. }
  114. if (pp == NULL || (p = *pp) == NULL)
  115. return ret;
  116. /*
  117. * This magically handles all corner cases, such as '(b == NULL ||
  118. * blen == 0)', non-negative value, "negative" zero, 0x80 followed
  119. * by any number of zeros...
  120. */
  121. *p = pb;
  122. p += pad; /* yes, p[0] can be written twice, but it's little
  123. * price to pay for eliminated branches */
  124. twos_complement(p, b, blen, pb);
  125. *pp += ret;
  126. return ret;
  127. }
  128. /*
  129. * convert content octets into a big endian buffer. Returns the length
  130. * of buffer or 0 on error: for malformed INTEGER. If output buffer is
  131. * NULL just return length.
  132. */
  133. static size_t c2i_ibuf(unsigned char *b, int *pneg,
  134. const unsigned char *p, size_t plen)
  135. {
  136. int neg, pad;
  137. /* Zero content length is illegal */
  138. if (plen == 0) {
  139. ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
  140. return 0;
  141. }
  142. neg = p[0] & 0x80;
  143. if (pneg)
  144. *pneg = neg;
  145. /* Handle common case where length is 1 octet separately */
  146. if (plen == 1) {
  147. if (b != NULL) {
  148. if (neg)
  149. b[0] = (p[0] ^ 0xFF) + 1;
  150. else
  151. b[0] = p[0];
  152. }
  153. return 1;
  154. }
  155. pad = 0;
  156. if (p[0] == 0) {
  157. pad = 1;
  158. } else if (p[0] == 0xFF) {
  159. size_t i;
  160. /*
  161. * Special case [of "one less minimal negative" for given length]:
  162. * if any other bytes non zero it was padded, otherwise not.
  163. */
  164. for (pad = 0, i = 1; i < plen; i++)
  165. pad |= p[i];
  166. pad = pad != 0 ? 1 : 0;
  167. }
  168. /* reject illegal padding: first two octets MSB can't match */
  169. if (pad && (neg == (p[1] & 0x80))) {
  170. ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
  171. return 0;
  172. }
  173. /* skip over pad */
  174. p += pad;
  175. plen -= pad;
  176. if (b != NULL)
  177. twos_complement(b, p, plen, neg ? 0xffU : 0);
  178. return plen;
  179. }
  180. int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
  181. {
  182. return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
  183. }
  184. /* Convert big endian buffer into uint64_t, return 0 on error */
  185. static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
  186. {
  187. size_t i;
  188. uint64_t r;
  189. if (blen > sizeof(*pr)) {
  190. ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
  191. return 0;
  192. }
  193. if (b == NULL)
  194. return 0;
  195. for (r = 0, i = 0; i < blen; i++) {
  196. r <<= 8;
  197. r |= b[i];
  198. }
  199. *pr = r;
  200. return 1;
  201. }
  202. /*
  203. * Write uint64_t to big endian buffer and return offset to first
  204. * written octet. In other words it returns offset in range from 0
  205. * to 7, with 0 denoting 8 written octets and 7 - one.
  206. */
  207. static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
  208. {
  209. size_t off = sizeof(uint64_t);
  210. do {
  211. b[--off] = (unsigned char)r;
  212. } while (r >>= 8);
  213. return off;
  214. }
  215. /*
  216. * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
  217. * overflow warnings.
  218. */
  219. #define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
  220. /* signed version of asn1_get_uint64 */
  221. static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
  222. int neg)
  223. {
  224. uint64_t r;
  225. if (asn1_get_uint64(&r, b, blen) == 0)
  226. return 0;
  227. if (neg) {
  228. if (r <= INT64_MAX) {
  229. /* Most significant bit is guaranteed to be clear, negation
  230. * is guaranteed to be meaningful in platform-neutral sense. */
  231. *pr = -(int64_t)r;
  232. } else if (r == ABS_INT64_MIN) {
  233. /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
  234. * on ones'-complement system. */
  235. *pr = (int64_t)(0 - r);
  236. } else {
  237. ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
  238. return 0;
  239. }
  240. } else {
  241. if (r <= INT64_MAX) {
  242. *pr = (int64_t)r;
  243. } else {
  244. ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
  245. return 0;
  246. }
  247. }
  248. return 1;
  249. }
  250. /* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
  251. ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
  252. long len)
  253. {
  254. ASN1_INTEGER *ret = NULL;
  255. size_t r;
  256. int neg;
  257. r = c2i_ibuf(NULL, NULL, *pp, len);
  258. if (r == 0)
  259. return NULL;
  260. if ((a == NULL) || ((*a) == NULL)) {
  261. ret = ASN1_INTEGER_new();
  262. if (ret == NULL)
  263. return NULL;
  264. ret->type = V_ASN1_INTEGER;
  265. } else
  266. ret = *a;
  267. if (ASN1_STRING_set(ret, NULL, r) == 0)
  268. goto err;
  269. c2i_ibuf(ret->data, &neg, *pp, len);
  270. if (neg)
  271. ret->type |= V_ASN1_NEG;
  272. *pp += len;
  273. if (a != NULL)
  274. (*a) = ret;
  275. return ret;
  276. err:
  277. ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
  278. if ((a == NULL) || (*a != ret))
  279. ASN1_INTEGER_free(ret);
  280. return NULL;
  281. }
  282. static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
  283. {
  284. if (a == NULL) {
  285. ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
  286. return 0;
  287. }
  288. if ((a->type & ~V_ASN1_NEG) != itype) {
  289. ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
  290. return 0;
  291. }
  292. return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
  293. }
  294. static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
  295. {
  296. unsigned char tbuf[sizeof(r)];
  297. size_t off;
  298. a->type = itype;
  299. if (r < 0) {
  300. /* Most obvious '-r' triggers undefined behaviour for most
  301. * common INT64_MIN. Even though below '0 - (uint64_t)r' can
  302. * appear two's-complement centric, it does produce correct/
  303. * expected result even on one's-complement. This is because
  304. * cast to unsigned has to change bit pattern... */
  305. off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
  306. a->type |= V_ASN1_NEG;
  307. } else {
  308. off = asn1_put_uint64(tbuf, r);
  309. a->type &= ~V_ASN1_NEG;
  310. }
  311. return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
  312. }
  313. static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
  314. int itype)
  315. {
  316. if (a == NULL) {
  317. ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER);
  318. return 0;
  319. }
  320. if ((a->type & ~V_ASN1_NEG) != itype) {
  321. ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE);
  322. return 0;
  323. }
  324. if (a->type & V_ASN1_NEG) {
  325. ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
  326. return 0;
  327. }
  328. return asn1_get_uint64(pr, a->data, a->length);
  329. }
  330. static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
  331. {
  332. unsigned char tbuf[sizeof(r)];
  333. size_t off;
  334. a->type = itype;
  335. off = asn1_put_uint64(tbuf, r);
  336. return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
  337. }
  338. /*
  339. * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
  340. * integers: some broken software can encode a positive INTEGER with its MSB
  341. * set as negative (it doesn't add a padding zero).
  342. */
  343. ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
  344. long length)
  345. {
  346. ASN1_INTEGER *ret = NULL;
  347. const unsigned char *p;
  348. unsigned char *s;
  349. long len;
  350. int inf, tag, xclass;
  351. int i;
  352. if ((a == NULL) || ((*a) == NULL)) {
  353. if ((ret = ASN1_INTEGER_new()) == NULL)
  354. return NULL;
  355. ret->type = V_ASN1_INTEGER;
  356. } else
  357. ret = (*a);
  358. p = *pp;
  359. inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
  360. if (inf & 0x80) {
  361. i = ASN1_R_BAD_OBJECT_HEADER;
  362. goto err;
  363. }
  364. if (tag != V_ASN1_INTEGER) {
  365. i = ASN1_R_EXPECTING_AN_INTEGER;
  366. goto err;
  367. }
  368. /*
  369. * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
  370. * a missing NULL parameter.
  371. */
  372. s = OPENSSL_malloc((int)len + 1);
  373. if (s == NULL) {
  374. i = ERR_R_MALLOC_FAILURE;
  375. goto err;
  376. }
  377. ret->type = V_ASN1_INTEGER;
  378. if (len) {
  379. if ((*p == 0) && (len != 1)) {
  380. p++;
  381. len--;
  382. }
  383. memcpy(s, p, (int)len);
  384. p += len;
  385. }
  386. OPENSSL_free(ret->data);
  387. ret->data = s;
  388. ret->length = (int)len;
  389. if (a != NULL)
  390. (*a) = ret;
  391. *pp = p;
  392. return ret;
  393. err:
  394. ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
  395. if ((a == NULL) || (*a != ret))
  396. ASN1_INTEGER_free(ret);
  397. return NULL;
  398. }
  399. static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
  400. int atype)
  401. {
  402. ASN1_INTEGER *ret;
  403. int len;
  404. if (ai == NULL) {
  405. ret = ASN1_STRING_type_new(atype);
  406. } else {
  407. ret = ai;
  408. ret->type = atype;
  409. }
  410. if (ret == NULL) {
  411. ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
  412. goto err;
  413. }
  414. if (BN_is_negative(bn) && !BN_is_zero(bn))
  415. ret->type |= V_ASN1_NEG_INTEGER;
  416. len = BN_num_bytes(bn);
  417. if (len == 0)
  418. len = 1;
  419. if (ASN1_STRING_set(ret, NULL, len) == 0) {
  420. ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
  421. goto err;
  422. }
  423. /* Correct zero case */
  424. if (BN_is_zero(bn))
  425. ret->data[0] = 0;
  426. else
  427. len = BN_bn2bin(bn, ret->data);
  428. ret->length = len;
  429. return ret;
  430. err:
  431. if (ret != ai)
  432. ASN1_INTEGER_free(ret);
  433. return NULL;
  434. }
  435. static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
  436. int itype)
  437. {
  438. BIGNUM *ret;
  439. if ((ai->type & ~V_ASN1_NEG) != itype) {
  440. ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
  441. return NULL;
  442. }
  443. ret = BN_bin2bn(ai->data, ai->length, bn);
  444. if (ret == NULL) {
  445. ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
  446. return NULL;
  447. }
  448. if (ai->type & V_ASN1_NEG)
  449. BN_set_negative(ret, 1);
  450. return ret;
  451. }
  452. int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
  453. {
  454. return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
  455. }
  456. int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
  457. {
  458. return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
  459. }
  460. int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
  461. {
  462. return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
  463. }
  464. int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
  465. {
  466. return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
  467. }
  468. int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
  469. {
  470. return ASN1_INTEGER_set_int64(a, v);
  471. }
  472. long ASN1_INTEGER_get(const ASN1_INTEGER *a)
  473. {
  474. int i;
  475. int64_t r;
  476. if (a == NULL)
  477. return 0;
  478. i = ASN1_INTEGER_get_int64(&r, a);
  479. if (i == 0)
  480. return -1;
  481. if (r > LONG_MAX || r < LONG_MIN)
  482. return -1;
  483. return (long)r;
  484. }
  485. ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
  486. {
  487. return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
  488. }
  489. BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
  490. {
  491. return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
  492. }
  493. int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
  494. {
  495. return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
  496. }
  497. int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
  498. {
  499. return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
  500. }
  501. int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
  502. {
  503. return ASN1_ENUMERATED_set_int64(a, v);
  504. }
  505. long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
  506. {
  507. int i;
  508. int64_t r;
  509. if (a == NULL)
  510. return 0;
  511. if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
  512. return -1;
  513. if (a->length > (int)sizeof(long))
  514. return 0xffffffffL;
  515. i = ASN1_ENUMERATED_get_int64(&r, a);
  516. if (i == 0)
  517. return -1;
  518. if (r > LONG_MAX || r < LONG_MIN)
  519. return -1;
  520. return (long)r;
  521. }
  522. ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
  523. {
  524. return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
  525. }
  526. BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
  527. {
  528. return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
  529. }
  530. /* Internal functions used by x_int64.c */
  531. int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
  532. {
  533. unsigned char buf[sizeof(uint64_t)];
  534. size_t buflen;
  535. buflen = c2i_ibuf(NULL, NULL, *pp, len);
  536. if (buflen == 0)
  537. return 0;
  538. if (buflen > sizeof(uint64_t)) {
  539. ASN1err(ASN1_F_C2I_UINT64_INT, ASN1_R_TOO_LARGE);
  540. return 0;
  541. }
  542. (void)c2i_ibuf(buf, neg, *pp, len);
  543. return asn1_get_uint64(ret, buf, buflen);
  544. }
  545. int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
  546. {
  547. unsigned char buf[sizeof(uint64_t)];
  548. size_t off;
  549. off = asn1_put_uint64(buf, r);
  550. return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
  551. }