a_int.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641
  1. /*
  2. * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. #include <stdio.h>
  10. #include "internal/cryptlib.h"
  11. #include "internal/numbers.h"
  12. #include <limits.h>
  13. #include <openssl/asn1.h>
  14. #include <openssl/bn.h>
  15. #include "asn1_local.h"
  16. ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
  17. {
  18. return ASN1_STRING_dup(x);
  19. }
  20. int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
  21. {
  22. int neg, ret;
  23. /* Compare signs */
  24. neg = x->type & V_ASN1_NEG;
  25. if (neg != (y->type & V_ASN1_NEG)) {
  26. if (neg)
  27. return -1;
  28. else
  29. return 1;
  30. }
  31. ret = ASN1_STRING_cmp(x, y);
  32. if (neg)
  33. return -ret;
  34. else
  35. return ret;
  36. }
  37. /*-
  38. * This converts a big endian buffer and sign into its content encoding.
  39. * This is used for INTEGER and ENUMERATED types.
  40. * The internal representation is an ASN1_STRING whose data is a big endian
  41. * representation of the value, ignoring the sign. The sign is determined by
  42. * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
  43. *
  44. * Positive integers are no problem: they are almost the same as the DER
  45. * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
  46. *
  47. * Negative integers are a bit trickier...
  48. * The DER representation of negative integers is in 2s complement form.
  49. * The internal form is converted by complementing each octet and finally
  50. * adding one to the result. This can be done less messily with a little trick.
  51. * If the internal form has trailing zeroes then they will become FF by the
  52. * complement and 0 by the add one (due to carry) so just copy as many trailing
  53. * zeros to the destination as there are in the source. The carry will add one
  54. * to the last none zero octet: so complement this octet and add one and finally
  55. * complement any left over until you get to the start of the string.
  56. *
  57. * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
  58. * with 0xff. However if the first byte is 0x80 and one of the following bytes
  59. * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
  60. * followed by optional zeros isn't padded.
  61. */
  62. /*
  63. * If |pad| is zero, the operation is effectively reduced to memcpy,
  64. * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
  65. * Note that in latter case sequence of zeros yields itself, and so
  66. * does 0x80 followed by any number of zeros. These properties are
  67. * used elsewhere below...
  68. */
  69. static void twos_complement(unsigned char *dst, const unsigned char *src,
  70. size_t len, unsigned char pad)
  71. {
  72. unsigned int carry = pad & 1;
  73. /* Begin at the end of the encoding */
  74. if (len != 0) {
  75. /*
  76. * if len == 0 then src/dst could be NULL, and this would be undefined
  77. * behaviour.
  78. */
  79. dst += len;
  80. src += len;
  81. }
  82. /* two's complement value: ~value + 1 */
  83. while (len-- != 0) {
  84. *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
  85. carry >>= 8;
  86. }
  87. }
  88. static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
  89. unsigned char **pp)
  90. {
  91. unsigned int pad = 0;
  92. size_t ret, i;
  93. unsigned char *p, pb = 0;
  94. if (b != NULL && blen) {
  95. ret = blen;
  96. i = b[0];
  97. if (!neg && (i > 127)) {
  98. pad = 1;
  99. pb = 0;
  100. } else if (neg) {
  101. pb = 0xFF;
  102. if (i > 128) {
  103. pad = 1;
  104. } else if (i == 128) {
  105. /*
  106. * Special case [of minimal negative for given length]:
  107. * if any other bytes non zero we pad, otherwise we don't.
  108. */
  109. for (pad = 0, i = 1; i < blen; i++)
  110. pad |= b[i];
  111. pb = pad != 0 ? 0xffU : 0;
  112. pad = pb & 1;
  113. }
  114. }
  115. ret += pad;
  116. } else {
  117. ret = 1;
  118. blen = 0; /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
  119. }
  120. if (pp == NULL || (p = *pp) == NULL)
  121. return ret;
  122. /*
  123. * This magically handles all corner cases, such as '(b == NULL ||
  124. * blen == 0)', non-negative value, "negative" zero, 0x80 followed
  125. * by any number of zeros...
  126. */
  127. *p = pb;
  128. p += pad; /* yes, p[0] can be written twice, but it's little
  129. * price to pay for eliminated branches */
  130. twos_complement(p, b, blen, pb);
  131. *pp += ret;
  132. return ret;
  133. }
  134. /*
  135. * convert content octets into a big endian buffer. Returns the length
  136. * of buffer or 0 on error: for malformed INTEGER. If output buffer is
  137. * NULL just return length.
  138. */
  139. static size_t c2i_ibuf(unsigned char *b, int *pneg,
  140. const unsigned char *p, size_t plen)
  141. {
  142. int neg, pad;
  143. /* Zero content length is illegal */
  144. if (plen == 0) {
  145. ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
  146. return 0;
  147. }
  148. neg = p[0] & 0x80;
  149. if (pneg)
  150. *pneg = neg;
  151. /* Handle common case where length is 1 octet separately */
  152. if (plen == 1) {
  153. if (b != NULL) {
  154. if (neg)
  155. b[0] = (p[0] ^ 0xFF) + 1;
  156. else
  157. b[0] = p[0];
  158. }
  159. return 1;
  160. }
  161. pad = 0;
  162. if (p[0] == 0) {
  163. pad = 1;
  164. } else if (p[0] == 0xFF) {
  165. size_t i;
  166. /*
  167. * Special case [of "one less minimal negative" for given length]:
  168. * if any other bytes non zero it was padded, otherwise not.
  169. */
  170. for (pad = 0, i = 1; i < plen; i++)
  171. pad |= p[i];
  172. pad = pad != 0 ? 1 : 0;
  173. }
  174. /* reject illegal padding: first two octets MSB can't match */
  175. if (pad && (neg == (p[1] & 0x80))) {
  176. ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING);
  177. return 0;
  178. }
  179. /* skip over pad */
  180. p += pad;
  181. plen -= pad;
  182. if (b != NULL)
  183. twos_complement(b, p, plen, neg ? 0xffU : 0);
  184. return plen;
  185. }
  186. int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
  187. {
  188. return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
  189. }
  190. /* Convert big endian buffer into uint64_t, return 0 on error */
  191. static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
  192. {
  193. size_t i;
  194. uint64_t r;
  195. if (blen > sizeof(*pr)) {
  196. ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
  197. return 0;
  198. }
  199. if (b == NULL)
  200. return 0;
  201. for (r = 0, i = 0; i < blen; i++) {
  202. r <<= 8;
  203. r |= b[i];
  204. }
  205. *pr = r;
  206. return 1;
  207. }
  208. /*
  209. * Write uint64_t to big endian buffer and return offset to first
  210. * written octet. In other words it returns offset in range from 0
  211. * to 7, with 0 denoting 8 written octets and 7 - one.
  212. */
  213. static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
  214. {
  215. size_t off = sizeof(uint64_t);
  216. do {
  217. b[--off] = (unsigned char)r;
  218. } while (r >>= 8);
  219. return off;
  220. }
  221. /*
  222. * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
  223. * overflow warnings.
  224. */
  225. #define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
  226. /* signed version of asn1_get_uint64 */
  227. static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
  228. int neg)
  229. {
  230. uint64_t r;
  231. if (asn1_get_uint64(&r, b, blen) == 0)
  232. return 0;
  233. if (neg) {
  234. if (r <= INT64_MAX) {
  235. /* Most significant bit is guaranteed to be clear, negation
  236. * is guaranteed to be meaningful in platform-neutral sense. */
  237. *pr = -(int64_t)r;
  238. } else if (r == ABS_INT64_MIN) {
  239. /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
  240. * on ones'-complement system. */
  241. *pr = (int64_t)(0 - r);
  242. } else {
  243. ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
  244. return 0;
  245. }
  246. } else {
  247. if (r <= INT64_MAX) {
  248. *pr = (int64_t)r;
  249. } else {
  250. ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
  251. return 0;
  252. }
  253. }
  254. return 1;
  255. }
  256. /* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
  257. ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
  258. long len)
  259. {
  260. ASN1_INTEGER *ret = NULL;
  261. size_t r;
  262. int neg;
  263. r = c2i_ibuf(NULL, NULL, *pp, len);
  264. if (r == 0)
  265. return NULL;
  266. if ((a == NULL) || ((*a) == NULL)) {
  267. ret = ASN1_INTEGER_new();
  268. if (ret == NULL)
  269. return NULL;
  270. ret->type = V_ASN1_INTEGER;
  271. } else
  272. ret = *a;
  273. if (ASN1_STRING_set(ret, NULL, r) == 0) {
  274. ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
  275. goto err;
  276. }
  277. c2i_ibuf(ret->data, &neg, *pp, len);
  278. if (neg != 0)
  279. ret->type |= V_ASN1_NEG;
  280. else
  281. ret->type &= ~V_ASN1_NEG;
  282. *pp += len;
  283. if (a != NULL)
  284. (*a) = ret;
  285. return ret;
  286. err:
  287. if (a == NULL || *a != ret)
  288. ASN1_INTEGER_free(ret);
  289. return NULL;
  290. }
  291. static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
  292. {
  293. if (a == NULL) {
  294. ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
  295. return 0;
  296. }
  297. if ((a->type & ~V_ASN1_NEG) != itype) {
  298. ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
  299. return 0;
  300. }
  301. return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
  302. }
  303. static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
  304. {
  305. unsigned char tbuf[sizeof(r)];
  306. size_t off;
  307. a->type = itype;
  308. if (r < 0) {
  309. /* Most obvious '-r' triggers undefined behaviour for most
  310. * common INT64_MIN. Even though below '0 - (uint64_t)r' can
  311. * appear two's-complement centric, it does produce correct/
  312. * expected result even on one's-complement. This is because
  313. * cast to unsigned has to change bit pattern... */
  314. off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
  315. a->type |= V_ASN1_NEG;
  316. } else {
  317. off = asn1_put_uint64(tbuf, r);
  318. a->type &= ~V_ASN1_NEG;
  319. }
  320. return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
  321. }
  322. static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
  323. int itype)
  324. {
  325. if (a == NULL) {
  326. ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
  327. return 0;
  328. }
  329. if ((a->type & ~V_ASN1_NEG) != itype) {
  330. ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
  331. return 0;
  332. }
  333. if (a->type & V_ASN1_NEG) {
  334. ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
  335. return 0;
  336. }
  337. return asn1_get_uint64(pr, a->data, a->length);
  338. }
  339. static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
  340. {
  341. unsigned char tbuf[sizeof(r)];
  342. size_t off;
  343. a->type = itype;
  344. off = asn1_put_uint64(tbuf, r);
  345. return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
  346. }
  347. /*
  348. * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
  349. * integers: some broken software can encode a positive INTEGER with its MSB
  350. * set as negative (it doesn't add a padding zero).
  351. */
  352. ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
  353. long length)
  354. {
  355. ASN1_INTEGER *ret = NULL;
  356. const unsigned char *p;
  357. unsigned char *s;
  358. long len = 0;
  359. int inf, tag, xclass;
  360. int i = 0;
  361. if ((a == NULL) || ((*a) == NULL)) {
  362. if ((ret = ASN1_INTEGER_new()) == NULL)
  363. return NULL;
  364. ret->type = V_ASN1_INTEGER;
  365. } else
  366. ret = (*a);
  367. p = *pp;
  368. inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
  369. if (inf & 0x80) {
  370. i = ASN1_R_BAD_OBJECT_HEADER;
  371. goto err;
  372. }
  373. if (tag != V_ASN1_INTEGER) {
  374. i = ASN1_R_EXPECTING_AN_INTEGER;
  375. goto err;
  376. }
  377. if (len < 0) {
  378. i = ASN1_R_ILLEGAL_NEGATIVE_VALUE;
  379. goto err;
  380. }
  381. /*
  382. * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
  383. * a missing NULL parameter.
  384. */
  385. s = OPENSSL_malloc((int)len + 1);
  386. if (s == NULL)
  387. goto err;
  388. ret->type = V_ASN1_INTEGER;
  389. if (len) {
  390. if ((*p == 0) && (len != 1)) {
  391. p++;
  392. len--;
  393. }
  394. memcpy(s, p, (int)len);
  395. p += len;
  396. }
  397. ASN1_STRING_set0(ret, s, (int)len);
  398. if (a != NULL)
  399. (*a) = ret;
  400. *pp = p;
  401. return ret;
  402. err:
  403. if (i != 0)
  404. ERR_raise(ERR_LIB_ASN1, i);
  405. if ((a == NULL) || (*a != ret))
  406. ASN1_INTEGER_free(ret);
  407. return NULL;
  408. }
  409. static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
  410. int atype)
  411. {
  412. ASN1_INTEGER *ret;
  413. int len;
  414. if (ai == NULL) {
  415. ret = ASN1_STRING_type_new(atype);
  416. } else {
  417. ret = ai;
  418. ret->type = atype;
  419. }
  420. if (ret == NULL) {
  421. ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
  422. goto err;
  423. }
  424. if (BN_is_negative(bn) && !BN_is_zero(bn))
  425. ret->type |= V_ASN1_NEG_INTEGER;
  426. len = BN_num_bytes(bn);
  427. if (len == 0)
  428. len = 1;
  429. if (ASN1_STRING_set(ret, NULL, len) == 0) {
  430. ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
  431. goto err;
  432. }
  433. /* Correct zero case */
  434. if (BN_is_zero(bn))
  435. ret->data[0] = 0;
  436. else
  437. len = BN_bn2bin(bn, ret->data);
  438. ret->length = len;
  439. return ret;
  440. err:
  441. if (ret != ai)
  442. ASN1_INTEGER_free(ret);
  443. return NULL;
  444. }
  445. static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
  446. int itype)
  447. {
  448. BIGNUM *ret;
  449. if ((ai->type & ~V_ASN1_NEG) != itype) {
  450. ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
  451. return NULL;
  452. }
  453. ret = BN_bin2bn(ai->data, ai->length, bn);
  454. if (ret == NULL) {
  455. ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB);
  456. return NULL;
  457. }
  458. if (ai->type & V_ASN1_NEG)
  459. BN_set_negative(ret, 1);
  460. return ret;
  461. }
  462. int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
  463. {
  464. return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
  465. }
  466. int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
  467. {
  468. return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
  469. }
  470. int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
  471. {
  472. return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
  473. }
  474. int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
  475. {
  476. return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
  477. }
  478. int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
  479. {
  480. return ASN1_INTEGER_set_int64(a, v);
  481. }
  482. long ASN1_INTEGER_get(const ASN1_INTEGER *a)
  483. {
  484. int i;
  485. int64_t r;
  486. if (a == NULL)
  487. return 0;
  488. i = ASN1_INTEGER_get_int64(&r, a);
  489. if (i == 0)
  490. return -1;
  491. if (r > LONG_MAX || r < LONG_MIN)
  492. return -1;
  493. return (long)r;
  494. }
  495. ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
  496. {
  497. return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
  498. }
  499. BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
  500. {
  501. return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
  502. }
  503. int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
  504. {
  505. return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
  506. }
  507. int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
  508. {
  509. return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
  510. }
  511. int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
  512. {
  513. return ASN1_ENUMERATED_set_int64(a, v);
  514. }
  515. long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
  516. {
  517. int i;
  518. int64_t r;
  519. if (a == NULL)
  520. return 0;
  521. if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
  522. return -1;
  523. if (a->length > (int)sizeof(long))
  524. return 0xffffffffL;
  525. i = ASN1_ENUMERATED_get_int64(&r, a);
  526. if (i == 0)
  527. return -1;
  528. if (r > LONG_MAX || r < LONG_MIN)
  529. return -1;
  530. return (long)r;
  531. }
  532. ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
  533. {
  534. return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
  535. }
  536. BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
  537. {
  538. return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
  539. }
  540. /* Internal functions used by x_int64.c */
  541. int ossl_c2i_uint64_int(uint64_t *ret, int *neg,
  542. const unsigned char **pp, long len)
  543. {
  544. unsigned char buf[sizeof(uint64_t)];
  545. size_t buflen;
  546. buflen = c2i_ibuf(NULL, NULL, *pp, len);
  547. if (buflen == 0)
  548. return 0;
  549. if (buflen > sizeof(uint64_t)) {
  550. ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
  551. return 0;
  552. }
  553. (void)c2i_ibuf(buf, neg, *pp, len);
  554. return asn1_get_uint64(ret, buf, buflen);
  555. }
  556. int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
  557. {
  558. unsigned char buf[sizeof(uint64_t)];
  559. size_t off;
  560. off = asn1_put_uint64(buf, r);
  561. return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
  562. }