[thirdparty/openssl.git] / crypto / asn1 / a_int.c

/*
 * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/numbers.h"
#include <limits.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
#include "asn1_local.h"

ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
    return ASN1_STRING_dup(x);
}

int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
{
    int neg, ret;
    /* Compare signs */
    neg = x->type & V_ASN1_NEG;
    if (neg != (y->type & V_ASN1_NEG)) {
        if (neg)
            return -1;
        else
            return 1;
    }

    ret = ASN1_STRING_cmp(x, y);

    if (neg)
        return -ret;
    else
        return ret;
}

/*-
 * This converts a big endian buffer and sign into its content encoding.
 * This is used for INTEGER and ENUMERATED types.
 * The internal representation is an ASN1_STRING whose data is a big endian
 * representation of the value, ignoring the sign. The sign is determined by
 * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
 *
 * Positive integers are no problem: they are almost the same as the DER
 * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
 *
 * Negative integers are a bit trickier...
 * The DER representation of negative integers is in 2s complement form.
 * The internal form is converted by complementing each octet and finally
 * adding one to the result. This can be done less messily with a little trick.
 * If the internal form has trailing zeroes then they will become FF by the
 * complement and 0 by the add one (due to carry) so just copy as many trailing
 * zeros to the destination as there are in the source. The carry will add one
 * to the last none zero octet: so complement this octet and add one and finally
 * complement any left over until you get to the start of the string.
 *
 * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
 * with 0xff. However if the first byte is 0x80 and one of the following bytes
 * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
 * followed by optional zeros isn't padded.
 */

/*
 * If |pad| is zero, the operation is effectively reduced to memcpy,
 * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
 * Note that in latter case sequence of zeros yields itself, and so
 * does 0x80 followed by any number of zeros. These properties are
 * used elsewhere below...
 */
static void twos_complement(unsigned char *dst, const unsigned char *src,
                            size_t len, unsigned char pad)
{
    unsigned int carry = pad & 1;

    /* Begin at the end of the encoding */
    dst += len;
    src += len;
    /* two's complement value: ~value + 1 */
    while (len-- != 0) {
        *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
        carry >>= 8;
    }
}

static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
                       unsigned char **pp)
{
    unsigned int pad = 0;
    size_t ret, i;
    unsigned char *p, pb = 0;

    if (b != NULL && blen) {
        ret = blen;
        i = b[0];
        if (!neg && (i > 127)) {
            pad = 1;
            pb = 0;
        } else if (neg) {
            pb = 0xFF;
            if (i > 128) {
                pad = 1;
            } else if (i == 128) {
                /*
                 * Special case [of minimal negative for given length]:
                 * if any other bytes non zero we pad, otherwise we don't.
                 */
                for (pad = 0, i = 1; i < blen; i++)
                    pad |= b[i];
                pb = pad != 0 ? 0xffU : 0;
                pad = pb & 1;
            }
        }
        ret += pad;
    } else {
        ret = 1;
        blen = 0;   /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
    }

    if (pp == NULL || (p = *pp) == NULL)
        return ret;

    /*
     * This magically handles all corner cases, such as '(b == NULL ||
     * blen == 0)', non-negative value, "negative" zero, 0x80 followed
     * by any number of zeros...
     */
    *p = pb;
    p += pad;       /* yes, p[0] can be written twice, but it's little
                     * price to pay for eliminated branches */
    twos_complement(p, b, blen, pb);

    *pp += ret;
    return ret;
}

/*
 * convert content octets into a big endian buffer. Returns the length
 * of buffer or 0 on error: for malformed INTEGER. If output buffer is
 * NULL just return length.
 */

static size_t c2i_ibuf(unsigned char *b, int *pneg,
                       const unsigned char *p, size_t plen)
{
    int neg, pad;
    /* Zero content length is illegal */
    if (plen == 0) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
        return 0;
    }
    neg = p[0] & 0x80;
    if (pneg)
        *pneg = neg;
    /* Handle common case where length is 1 octet separately */
    if (plen == 1) {
        if (b != NULL) {
            if (neg)
                b[0] = (p[0] ^ 0xFF) + 1;
            else
                b[0] = p[0];
        }
        return 1;
    }

    pad = 0;
    if (p[0] == 0) {
        pad = 1;
    } else if (p[0] == 0xFF) {
        size_t i;

        /*
         * Special case [of "one less minimal negative" for given length]:
         * if any other bytes non zero it was padded, otherwise not.
         */
        for (pad = 0, i = 1; i < plen; i++)
            pad |= p[i];
        pad = pad != 0 ? 1 : 0;
    }
    /* reject illegal padding: first two octets MSB can't match */
    if (pad && (neg == (p[1] & 0x80))) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING);
        return 0;
    }

    /* skip over pad */
    p += pad;
    plen -= pad;

    if (b != NULL)
        twos_complement(b, p, plen, neg ? 0xffU : 0);

    return plen;
}

int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
}

/* Convert big endian buffer into uint64_t, return 0 on error */
static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
{
    size_t i;
    uint64_t r;

    if (blen > sizeof(*pr)) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
        return 0;
    }
    if (b == NULL)
        return 0;
    for (r = 0, i = 0; i < blen; i++) {
        r <<= 8;
        r |= b[i];
    }
    *pr = r;
    return 1;
}

/*
 * Write uint64_t to big endian buffer and return offset to first
 * written octet. In other words it returns offset in range from 0
 * to 7, with 0 denoting 8 written octets and 7 - one.
 */
static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
{
    size_t off = sizeof(uint64_t);

    do {
        b[--off] = (unsigned char)r;
    } while (r >>= 8);

    return off;
}

/*
 * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
 * overflow warnings.
 */
#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))

/* signed version of asn1_get_uint64 */
static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
                          int neg)
{
    uint64_t r;
    if (asn1_get_uint64(&r, b, blen) == 0)
        return 0;
    if (neg) {
        if (r <= INT64_MAX) {
            /* Most significant bit is guaranteed to be clear, negation
             * is guaranteed to be meaningful in platform-neutral sense. */
            *pr = -(int64_t)r;
        } else if (r == ABS_INT64_MIN) {
            /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
             * on ones'-complement system. */
            *pr = (int64_t)(0 - r);
        } else {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
            return 0;
        }
    } else {
        if (r <= INT64_MAX) {
            *pr = (int64_t)r;
        } else {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
            return 0;
        }
    }
    return 1;
}

/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                               long len)
{
    ASN1_INTEGER *ret = NULL;
    size_t r;
    int neg;

    r = c2i_ibuf(NULL, NULL, *pp, len);

    if (r == 0)
        return NULL;

    if ((a == NULL) || ((*a) == NULL)) {
        ret = ASN1_INTEGER_new();
        if (ret == NULL)
            return NULL;
        ret->type = V_ASN1_INTEGER;
    } else
        ret = *a;

    if (ASN1_STRING_set(ret, NULL, r) == 0)
        goto err;

    c2i_ibuf(ret->data, &neg, *pp, len);

    if (neg)
        ret->type |= V_ASN1_NEG;

    *pp += len;
    if (a != NULL)
        (*a) = ret;
    return ret;
 err:
    ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
    if ((a == NULL) || (*a != ret))
        ASN1_INTEGER_free(ret);
    return NULL;
}

static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
{
    if (a == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
    if ((a->type & ~V_ASN1_NEG) != itype) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
        return 0;
    }
    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
}

static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
{
    unsigned char tbuf[sizeof(r)];
    size_t off;

    a->type = itype;
    if (r < 0) {
        /* Most obvious '-r' triggers undefined behaviour for most
         * common INT64_MIN. Even though below '0 - (uint64_t)r' can
         * appear two's-complement centric, it does produce correct/
         * expected result even on one's-complement. This is because
         * cast to unsigned has to change bit pattern... */
        off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
        a->type |= V_ASN1_NEG;
    } else {
        off = asn1_put_uint64(tbuf, r);
        a->type &= ~V_ASN1_NEG;
    }
    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
}

static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
                                  int itype)
{
    if (a == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
    if ((a->type & ~V_ASN1_NEG) != itype) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
        return 0;
    }
    if (a->type & V_ASN1_NEG) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
        return 0;
    }
    return asn1_get_uint64(pr, a->data, a->length);
}

static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
{
    unsigned char tbuf[sizeof(r)];
    size_t off;

    a->type = itype;
    off = asn1_put_uint64(tbuf, r);
    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
}

/*
 * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
 * integers: some broken software can encode a positive INTEGER with its MSB
 * set as negative (it doesn't add a padding zero).
 */

ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                                long length)
{
    ASN1_INTEGER *ret = NULL;
    const unsigned char *p;
    unsigned char *s;
    long len;
    int inf, tag, xclass;
    int i;

    if ((a == NULL) || ((*a) == NULL)) {
        if ((ret = ASN1_INTEGER_new()) == NULL)
            return NULL;
        ret->type = V_ASN1_INTEGER;
    } else
        ret = (*a);

    p = *pp;
    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
    if (inf & 0x80) {
        i = ASN1_R_BAD_OBJECT_HEADER;
        goto err;
    }

    if (tag != V_ASN1_INTEGER) {
        i = ASN1_R_EXPECTING_AN_INTEGER;
        goto err;
    }

    /*
     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
     * a missing NULL parameter.
     */
    s = OPENSSL_malloc((int)len + 1);
    if (s == NULL) {
        i = ERR_R_MALLOC_FAILURE;
        goto err;
    }
    ret->type = V_ASN1_INTEGER;
    if (len) {
        if ((*p == 0) && (len != 1)) {
            p++;
            len--;
        }
        memcpy(s, p, (int)len);
        p += len;
    }

    OPENSSL_free(ret->data);
    ret->data = s;
    ret->length = (int)len;
    if (a != NULL)
        (*a) = ret;
    *pp = p;
    return ret;
 err:
    ERR_raise(ERR_LIB_ASN1, i);
    if ((a == NULL) || (*a != ret))
        ASN1_INTEGER_free(ret);
    return NULL;
}

static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
                                      int atype)
{
    ASN1_INTEGER *ret;
    int len;

    if (ai == NULL) {
        ret = ASN1_STRING_type_new(atype);
    } else {
        ret = ai;
        ret->type = atype;
    }

    if (ret == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
        goto err;
    }

    if (BN_is_negative(bn) && !BN_is_zero(bn))
        ret->type |= V_ASN1_NEG_INTEGER;

    len = BN_num_bytes(bn);

    if (len == 0)
        len = 1;

    if (ASN1_STRING_set(ret, NULL, len) == 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
        goto err;
    }

    /* Correct zero case */
    if (BN_is_zero(bn))
        ret->data[0] = 0;
    else
        len = BN_bn2bin(bn, ret->data);
    ret->length = len;
    return ret;
 err:
    if (ret != ai)
        ASN1_INTEGER_free(ret);
    return NULL;
}

static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
                                 int itype)
{
    BIGNUM *ret;

    if ((ai->type & ~V_ASN1_NEG) != itype) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
        return NULL;
    }

    ret = BN_bin2bn(ai->data, ai->length, bn);
    if (ret == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB);
        return NULL;
    }
    if (ai->type & V_ASN1_NEG)
        BN_set_negative(ret, 1);
    return ret;
}

int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
{
    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
}

int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
{
    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
}

int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
{
    return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
}

int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
{
    return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
}

int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
{
    return ASN1_INTEGER_set_int64(a, v);
}

long ASN1_INTEGER_get(const ASN1_INTEGER *a)
{
    int i;
    int64_t r;
    if (a == NULL)
        return 0;
    i = ASN1_INTEGER_get_int64(&r, a);
    if (i == 0)
        return -1;
    if (r > LONG_MAX || r < LONG_MIN)
        return -1;
    return (long)r;
}

ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
{
    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
}

BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
{
    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
}

int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
{
    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
}

int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
{
    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
}

int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
{
    return ASN1_ENUMERATED_set_int64(a, v);
}

long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
{
    int i;
    int64_t r;
    if (a == NULL)
        return 0;
    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
        return -1;
    if (a->length > (int)sizeof(long))
        return 0xffffffffL;
    i = ASN1_ENUMERATED_get_int64(&r, a);
    if (i == 0)
        return -1;
    if (r > LONG_MAX || r < LONG_MIN)
        return -1;
    return (long)r;
}

ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
{
    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
}

BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
{
    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
}

/* Internal functions used by x_int64.c */
int c2i_uint64_int(uint64_t *ret, int *neg, const unsigned char **pp, long len)
{
    unsigned char buf[sizeof(uint64_t)];
    size_t buflen;

    buflen = c2i_ibuf(NULL, NULL, *pp, len);
    if (buflen == 0)
        return 0;
    if (buflen > sizeof(uint64_t)) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
        return 0;
    }
    (void)c2i_ibuf(buf, neg, *pp, len);
    return asn1_get_uint64(ret, buf, buflen);
}

int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
{
    unsigned char buf[sizeof(uint64_t)];
    size_t off;

    off = asn1_put_uint64(buf, r);
    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
}
Commit	Line	Data
b1322259	1	/*
605856d7	2	* Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
b1322259 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
	9
	10	#include <stdio.h>
b39fc560	11	#include "internal/cryptlib.h"
c5f28105	12	#include "internal/numbers.h"
6c5b6cb0	13	#include <limits.h>
ec577822	14	#include <openssl/asn1.h>
0f814687	15	#include <openssl/bn.h>
706457b7	16	#include "asn1_local.h"
d02b48c6	17
6384e46d	18	ASN1_INTEGER ASN1_INTEGER_dup(const ASN1_INTEGER x)
0f113f3e	19	{
f422a514	20	return ASN1_STRING_dup(x);
0f113f3e	21	}
08e9c1af	22
6384e46d	23	int ASN1_INTEGER_cmp(const ASN1_INTEGER x, const ASN1_INTEGER y)
0f113f3e MC	24	{
	25	int neg, ret;
	26	/* Compare signs */
	27	neg = x->type & V_ASN1_NEG;
	28	if (neg != (y->type & V_ASN1_NEG)) {
	29	if (neg)
	30	return -1;
	31	else
	32	return 1;
	33	}
	34
	35	ret = ASN1_STRING_cmp(x, y);
	36
	37	if (neg)
	38	return -ret;
	39	else
	40	return ret;
	41	}
	42
	43	/*-
6c5b6cb0 DSH	44	* This converts a big endian buffer and sign into its content encoding.
6c5b6cb0 DSH	45	* This is used for INTEGER and ENUMERATED types.
1ad2ecb6 DSH	46	* The internal representation is an ASN1_STRING whose data is a big endian
1ad2ecb6 DSH	47	* representation of the value, ignoring the sign. The sign is determined by
6c5b6cb0	48	* the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
1ad2ecb6 DSH	49	*
	50	* Positive integers are no problem: they are almost the same as the DER
	51	* encoding, except if the first byte is >= 0x80 we need to add a zero pad.
	52	*
	53	* Negative integers are a bit trickier...
	54	* The DER representation of negative integers is in 2s complement form.
0f113f3e	55	* The internal form is converted by complementing each octet and finally
1ad2ecb6 DSH	56	* adding one to the result. This can be done less messily with a little trick.
1ad2ecb6 DSH	57	* If the internal form has trailing zeroes then they will become FF by the
0f113f3e	58	* complement and 0 by the add one (due to carry) so just copy as many trailing
1ad2ecb6 DSH	59	* zeros to the destination as there are in the source. The carry will add one
	60	* to the last none zero octet: so complement this octet and add one and finally
	61	* complement any left over until you get to the start of the string.
	62	*
	63	* Padding is a little trickier too. If the first bytes is > 0x80 then we pad
	64	* with 0xff. However if the first byte is 0x80 and one of the following bytes
	65	* is non-zero we pad with 0xff. The reason for this distinction is that 0x80
	66	* followed by optional zeros isn't padded.
	67	*/
	68
a3ea6bf0 AP	69	/*
	70	* If \|pad\| is zero, the operation is effectively reduced to memcpy,
	71	* and if \|pad\| is 0xff, then it performs two's complement, ~dst + 1.
	72	* Note that in latter case sequence of zeros yields itself, and so
	73	* does 0x80 followed by any number of zeros. These properties are
	74	* used elsewhere below...
	75	*/
	76	static void twos_complement(unsigned char dst, const unsigned char src,
	77	size_t len, unsigned char pad)
	78	{
	79	unsigned int carry = pad & 1;
	80
	81	/* Begin at the end of the encoding */
	82	dst += len;
	83	src += len;
	84	/* two's complement value: ~value + 1 */
	85	while (len-- != 0) {
	86	(--dst) = (unsigned char)(carry += (--src) ^ pad);
	87	carry >>= 8;
	88	}
	89	}
	90
6c5b6cb0 DSH	91	static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
6c5b6cb0 DSH	92	unsigned char **pp)
0f113f3e	93	{
a3ea6bf0	94	unsigned int pad = 0;
6c5b6cb0 DSH	95	size_t ret, i;
6c5b6cb0 DSH	96	unsigned char *p, pb = 0;
0f113f3e	97
a3ea6bf0	98	if (b != NULL && blen) {
6c5b6cb0 DSH	99	ret = blen;
6c5b6cb0 DSH	100	i = b[0];
0f113f3e MC	101	if (!neg && (i > 127)) {
	102	pad = 1;
	103	pb = 0;
	104	} else if (neg) {
a3ea6bf0	105	pb = 0xFF;
0f113f3e MC	106	if (i > 128) {
0f113f3e MC	107	pad = 1;
0f113f3e MC	108	} else if (i == 128) {
0f113f3e MC	109	/*
a3ea6bf0 AP	110	* Special case [of minimal negative for given length]:
a3ea6bf0 AP	111	* if any other bytes non zero we pad, otherwise we don't.
0f113f3e	112	*/
a3ea6bf0 AP	113	for (pad = 0, i = 1; i < blen; i++)
	114	pad \|= b[i];
	115	pb = pad != 0 ? 0xffU : 0;
	116	pad = pb & 1;
0f113f3e MC	117	}
	118	}
	119	ret += pad;
a3ea6bf0 AP	120	} else {
	121	ret = 1;
	122	blen = 0; /* reduce '(b == NULL \|\| blen == 0)' to '(blen == 0)' */
0f113f3e	123	}
a3ea6bf0 AP	124
a3ea6bf0 AP	125	if (pp == NULL \|\| (p = *pp) == NULL)
6c5b6cb0	126	return ret;
0f113f3e	127
a3ea6bf0 AP	128	/*
	129	* This magically handles all corner cases, such as '(b == NULL \|\|
	130	* blen == 0)', non-negative value, "negative" zero, 0x80 followed
	131	* by any number of zeros...
	132	*/
	133	*p = pb;
	134	p += pad; /* yes, p[0] can be written twice, but it's little
	135	* price to pay for eliminated branches */
	136	twos_complement(p, b, blen, pb);
0f113f3e MC	137
0f113f3e MC	138	*pp += ret;
6c5b6cb0	139	return ret;
0f113f3e	140	}
d02b48c6	141
6c5b6cb0 DSH	142	/*
6c5b6cb0 DSH	143	* convert content octets into a big endian buffer. Returns the length
0d4fb843	144	* of buffer or 0 on error: for malformed INTEGER. If output buffer is
6c5b6cb0 DSH	145	* NULL just return length.
6c5b6cb0 DSH	146	*/
a338e21b	147
6c5b6cb0 DSH	148	static size_t c2i_ibuf(unsigned char b, int pneg,
6c5b6cb0 DSH	149	const unsigned char *p, size_t plen)
0f113f3e	150	{
6c5b6cb0 DSH	151	int neg, pad;
	152	/* Zero content length is illegal */
	153	if (plen == 0) {
9311d0c4	154	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
6c5b6cb0 DSH	155	return 0;
	156	}
	157	neg = p[0] & 0x80;
	158	if (pneg)
	159	*pneg = neg;
	160	/* Handle common case where length is 1 octet separately */
	161	if (plen == 1) {
a3ea6bf0	162	if (b != NULL) {
6c5b6cb0 DSH	163	if (neg)
	164	b[0] = (p[0] ^ 0xFF) + 1;
	165	else
	166	b[0] = p[0];
	167	}
	168	return 1;
	169	}
1e93d619 AP	170
	171	pad = 0;
	172	if (p[0] == 0) {
6c5b6cb0	173	pad = 1;
1e93d619 AP	174	} else if (p[0] == 0xFF) {
	175	size_t i;
	176
	177	/*
	178	* Special case [of "one less minimal negative" for given length]:
	179	* if any other bytes non zero it was padded, otherwise not.
	180	*/
	181	for (pad = 0, i = 1; i < plen; i++)
	182	pad \|= p[i];
	183	pad = pad != 0 ? 1 : 0;
	184	}
6c5b6cb0 DSH	185	/* reject illegal padding: first two octets MSB can't match */
6c5b6cb0 DSH	186	if (pad && (neg == (p[1] & 0x80))) {
9311d0c4	187	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING);
6c5b6cb0 DSH	188	return 0;
6c5b6cb0 DSH	189	}
0f113f3e	190
a3ea6bf0 AP	191	/* skip over pad */
a3ea6bf0 AP	192	p += pad;
6c5b6cb0	193	plen -= pad;
a3ea6bf0 AP	194
	195	if (b != NULL)
	196	twos_complement(b, p, plen, neg ? 0xffU : 0);
	197
6c5b6cb0 DSH	198	return plen;
6c5b6cb0 DSH	199	}
0f113f3e	200
6c5b6cb0 DSH	201	int i2c_ASN1_INTEGER(ASN1_INTEGER a, unsigned char *pp)
	202	{
	203	return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
	204	}
	205
	206	/* Convert big endian buffer into uint64_t, return 0 on error */
	207	static int asn1_get_uint64(uint64_t pr, const unsigned char b, size_t blen)
	208	{
	209	size_t i;
6d4321fc AP	210	uint64_t r;
6d4321fc AP	211
6c5b6cb0	212	if (blen > sizeof(*pr)) {
9311d0c4	213	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
6c5b6cb0	214	return 0;
0f113f3e	215	}
6c5b6cb0 DSH	216	if (b == NULL)
6c5b6cb0 DSH	217	return 0;
6d4321fc AP	218	for (r = 0, i = 0; i < blen; i++) {
	219	r <<= 8;
	220	r \|= b[i];
6c5b6cb0	221	}
6d4321fc	222	*pr = r;
6c5b6cb0 DSH	223	return 1;
	224	}
	225
6d4321fc AP	226	/*
	227	* Write uint64_t to big endian buffer and return offset to first
	228	* written octet. In other words it returns offset in range from 0
	229	* to 7, with 0 denoting 8 written octets and 7 - one.
	230	*/
	231	static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
6c5b6cb0	232	{
6d4321fc	233	size_t off = sizeof(uint64_t);
6c5b6cb0	234
6d4321fc AP	235	do {
	236	b[--off] = (unsigned char)r;
	237	} while (r >>= 8);
6c5b6cb0	238
6d4321fc	239	return off;
6c5b6cb0 DSH	240	}
	241
	242	/*
786b6a45	243	* Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
6c5b6cb0 DSH	244	* overflow warnings.
6c5b6cb0 DSH	245	*/
786b6a45	246	#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
6c5b6cb0 DSH	247
	248	/* signed version of asn1_get_uint64 */
	249	static int asn1_get_int64(int64_t pr, const unsigned char b, size_t blen,
	250	int neg)
	251	{
	252	uint64_t r;
	253	if (asn1_get_uint64(&r, b, blen) == 0)
	254	return 0;
	255	if (neg) {
786b6a45 AP	256	if (r <= INT64_MAX) {
	257	/* Most significant bit is guaranteed to be clear, negation
	258	* is guaranteed to be meaningful in platform-neutral sense. */
	259	*pr = -(int64_t)r;
	260	} else if (r == ABS_INT64_MIN) {
	261	/* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
	262	* on ones'-complement system. */
	263	*pr = (int64_t)(0 - r);
	264	} else {
9311d0c4	265	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
6c5b6cb0	266	return 0;
0f113f3e MC	267	}
0f113f3e MC	268	} else {
786b6a45 AP	269	if (r <= INT64_MAX) {
	270	*pr = (int64_t)r;
	271	} else {
9311d0c4	272	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
6c5b6cb0	273	return 0;
0f113f3e	274	}
0f113f3e	275	}
6c5b6cb0 DSH	276	return 1;
6c5b6cb0 DSH	277	}
0f113f3e	278
6c5b6cb0 DSH	279	/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
	280	ASN1_INTEGER c2i_ASN1_INTEGER(ASN1_INTEGER a, const unsigned char *pp,
	281	long len)
	282	{
	283	ASN1_INTEGER *ret = NULL;
	284	size_t r;
	285	int neg;
	286
	287	r = c2i_ibuf(NULL, NULL, *pp, len);
	288
	289	if (r == 0)
	290	return NULL;
	291
	292	if ((a == NULL) \|\| ((*a) == NULL)) {
	293	ret = ASN1_INTEGER_new();
	294	if (ret == NULL)
	295	return NULL;
	296	ret->type = V_ASN1_INTEGER;
	297	} else
	298	ret = *a;
	299
	300	if (ASN1_STRING_set(ret, NULL, r) == 0)
	301	goto err;
	302
	303	c2i_ibuf(ret->data, &neg, *pp, len);
	304
	305	if (neg)
	306	ret->type \|= V_ASN1_NEG;
	307
	308	*pp += len;
0f113f3e MC	309	if (a != NULL)
0f113f3e MC	310	(*a) = ret;
6c5b6cb0	311	return ret;
0f113f3e	312	err:
9311d0c4	313	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0dfb9398	314	if ((a == NULL) \|\| (*a != ret))
f422a514	315	ASN1_INTEGER_free(ret);
6c5b6cb0 DSH	316	return NULL;
	317	}
	318
	319	static int asn1_string_get_int64(int64_t pr, const ASN1_STRING a, int itype)
	320	{
	321	if (a == NULL) {
9311d0c4	322	ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
6c5b6cb0 DSH	323	return 0;
	324	}
	325	if ((a->type & ~V_ASN1_NEG) != itype) {
9311d0c4	326	ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
6c5b6cb0 DSH	327	return 0;
	328	}
	329	return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
	330	}
	331
	332	static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
	333	{
	334	unsigned char tbuf[sizeof(r)];
6d4321fc AP	335	size_t off;
6d4321fc AP	336
6c5b6cb0 DSH	337	a->type = itype;
6c5b6cb0 DSH	338	if (r < 0) {
786b6a45 AP	339	/* Most obvious '-r' triggers undefined behaviour for most
	340	* common INT64_MIN. Even though below '0 - (uint64_t)r' can
	341	* appear two's-complement centric, it does produce correct/
	342	* expected result even on one's-complement. This is because
	343	* cast to unsigned has to change bit pattern... */
	344	off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
6c5b6cb0 DSH	345	a->type \|= V_ASN1_NEG;
6c5b6cb0 DSH	346	} else {
6d4321fc	347	off = asn1_put_uint64(tbuf, r);
6c5b6cb0 DSH	348	a->type &= ~V_ASN1_NEG;
6c5b6cb0 DSH	349	}
6d4321fc	350	return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
0f113f3e MC	351	}
0f113f3e MC	352
c5f28105 DSH	353	static int asn1_string_get_uint64(uint64_t pr, const ASN1_STRING a,
	354	int itype)
	355	{
	356	if (a == NULL) {
9311d0c4	357	ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
c5f28105 DSH	358	return 0;
	359	}
	360	if ((a->type & ~V_ASN1_NEG) != itype) {
9311d0c4	361	ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
c5f28105 DSH	362	return 0;
	363	}
	364	if (a->type & V_ASN1_NEG) {
9311d0c4	365	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
c5f28105 DSH	366	return 0;
	367	}
	368	return asn1_get_uint64(pr, a->data, a->length);
	369	}
	370
	371	static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
	372	{
	373	unsigned char tbuf[sizeof(r)];
6d4321fc AP	374	size_t off;
6d4321fc AP	375
c5f28105	376	a->type = itype;
6d4321fc AP	377	off = asn1_put_uint64(tbuf, r);
6d4321fc AP	378	return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
c5f28105 DSH	379	}
c5f28105 DSH	380
0f113f3e MC	381	/*
	382	* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
	383	* integers: some broken software can encode a positive INTEGER with its MSB
	384	* set as negative (it doesn't add a padding zero).
1ad2ecb6 DSH	385	*/
1ad2ecb6 DSH	386
875a644a	387	ASN1_INTEGER d2i_ASN1_UINTEGER(ASN1_INTEGER a, const unsigned char *pp,
0f113f3e MC	388	long length)
	389	{
	390	ASN1_INTEGER *ret = NULL;
	391	const unsigned char *p;
	392	unsigned char *s;
	393	long len;
	394	int inf, tag, xclass;
	395	int i;
	396
	397	if ((a == NULL) \|\| ((*a) == NULL)) {
f422a514	398	if ((ret = ASN1_INTEGER_new()) == NULL)
26a7d938	399	return NULL;
0f113f3e MC	400	ret->type = V_ASN1_INTEGER;
	401	} else
	402	ret = (*a);
	403
	404	p = *pp;
	405	inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
	406	if (inf & 0x80) {
	407	i = ASN1_R_BAD_OBJECT_HEADER;
	408	goto err;
	409	}
	410
	411	if (tag != V_ASN1_INTEGER) {
	412	i = ASN1_R_EXPECTING_AN_INTEGER;
	413	goto err;
	414	}
	415
	416	/*
	417	* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
	418	* a missing NULL parameter.
	419	*/
b196e7d9	420	s = OPENSSL_malloc((int)len + 1);
0f113f3e MC	421	if (s == NULL) {
	422	i = ERR_R_MALLOC_FAILURE;
	423	goto err;
	424	}
	425	ret->type = V_ASN1_INTEGER;
	426	if (len) {
	427	if ((*p == 0) && (len != 1)) {
	428	p++;
	429	len--;
	430	}
	431	memcpy(s, p, (int)len);
	432	p += len;
	433	}
	434
b548a1f1	435	OPENSSL_free(ret->data);
0f113f3e MC	436	ret->data = s;
	437	ret->length = (int)len;
	438	if (a != NULL)
	439	(*a) = ret;
	440	*pp = p;
26a7d938	441	return ret;
0f113f3e	442	err:
9311d0c4	443	ERR_raise(ERR_LIB_ASN1, i);
0dfb9398	444	if ((a == NULL) \|\| (*a != ret))
f422a514	445	ASN1_INTEGER_free(ret);
26a7d938	446	return NULL;
0f113f3e	447	}
d02b48c6	448
6c5b6cb0 DSH	449	static ASN1_STRING bn_to_asn1_string(const BIGNUM bn, ASN1_STRING *ai,
6c5b6cb0 DSH	450	int atype)
0f113f3e	451	{
6c5b6cb0 DSH	452	ASN1_INTEGER *ret;
6c5b6cb0 DSH	453	int len;
0f113f3e	454
6c5b6cb0 DSH	455	if (ai == NULL) {
	456	ret = ASN1_STRING_type_new(atype);
	457	} else {
	458	ret = ai;
	459	ret->type = atype;
0f113f3e	460	}
0f113f3e	461
6c5b6cb0	462	if (ret == NULL) {
9311d0c4	463	ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
6c5b6cb0	464	goto err;
0f113f3e	465	}
0f113f3e	466
6c5b6cb0 DSH	467	if (BN_is_negative(bn) && !BN_is_zero(bn))
6c5b6cb0 DSH	468	ret->type \|= V_ASN1_NEG_INTEGER;
d02b48c6	469
6c5b6cb0	470	len = BN_num_bytes(bn);
0f113f3e	471
6c5b6cb0 DSH	472	if (len == 0)
	473	len = 1;
	474
	475	if (ASN1_STRING_set(ret, NULL, len) == 0) {
9311d0c4	476	ERR_raise(ERR_LIB_ASN1, ERR_R_MALLOC_FAILURE);
0f113f3e MC	477	goto err;
0f113f3e MC	478	}
6c5b6cb0	479
0f113f3e	480	/* Correct zero case */
6c5b6cb0	481	if (BN_is_zero(bn))
0f113f3e	482	ret->data[0] = 0;
6c5b6cb0 DSH	483	else
	484	len = BN_bn2bin(bn, ret->data);
	485	ret->length = len;
	486	return ret;
0f113f3e MC	487	err:
0f113f3e MC	488	if (ret != ai)
f422a514	489	ASN1_INTEGER_free(ret);
26a7d938	490	return NULL;
0f113f3e	491	}
d02b48c6	492
6c5b6cb0 DSH	493	static BIGNUM asn1_string_to_bn(const ASN1_INTEGER ai, BIGNUM *bn,
6c5b6cb0 DSH	494	int itype)
0f113f3e MC	495	{
0f113f3e MC	496	BIGNUM *ret;
d02b48c6	497
6c5b6cb0	498	if ((ai->type & ~V_ASN1_NEG) != itype) {
9311d0c4	499	ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
6c5b6cb0 DSH	500	return NULL;
	501	}
	502
	503	ret = BN_bin2bn(ai->data, ai->length, bn);
a6ac1ed6	504	if (ret == NULL) {
9311d0c4	505	ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB);
6c5b6cb0 DSH	506	return NULL;
	507	}
	508	if (ai->type & V_ASN1_NEG)
0f113f3e	509	BN_set_negative(ret, 1);
6c5b6cb0 DSH	510	return ret;
	511	}
	512
	513	int ASN1_INTEGER_get_int64(int64_t pr, const ASN1_INTEGER a)
	514	{
	515	return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
	516	}
	517
	518	int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
	519	{
	520	return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
	521	}
	522
c5f28105 DSH	523	int ASN1_INTEGER_get_uint64(uint64_t pr, const ASN1_INTEGER a)
	524	{
	525	return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
	526	}
	527
	528	int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
	529	{
	530	return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
	531	}
	532
6c5b6cb0 DSH	533	int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
	534	{
	535	return ASN1_INTEGER_set_int64(a, v);
	536	}
	537
	538	long ASN1_INTEGER_get(const ASN1_INTEGER *a)
	539	{
	540	int i;
	541	int64_t r;
	542	if (a == NULL)
	543	return 0;
	544	i = ASN1_INTEGER_get_int64(&r, a);
	545	if (i == 0)
	546	return -1;
	547	if (r > LONG_MAX \|\| r < LONG_MIN)
	548	return -1;
	549	return (long)r;
	550	}
	551
	552	ASN1_INTEGER BN_to_ASN1_INTEGER(const BIGNUM bn, ASN1_INTEGER *ai)
	553	{
	554	return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
	555	}
	556
	557	BIGNUM ASN1_INTEGER_to_BN(const ASN1_INTEGER ai, BIGNUM *bn)
	558	{
	559	return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
	560	}
	561
	562	int ASN1_ENUMERATED_get_int64(int64_t pr, const ASN1_ENUMERATED a)
	563	{
	564	return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
	565	}
	566
	567	int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
	568	{
	569	return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
	570	}
	571
	572	int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
	573	{
	574	return ASN1_ENUMERATED_set_int64(a, v);
	575	}
	576
f48ebf9f	577	long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
6c5b6cb0 DSH	578	{
	579	int i;
	580	int64_t r;
	581	if (a == NULL)
	582	return 0;
	583	if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
	584	return -1;
	585	if (a->length > (int)sizeof(long))
	586	return 0xffffffffL;
	587	i = ASN1_ENUMERATED_get_int64(&r, a);
	588	if (i == 0)
	589	return -1;
	590	if (r > LONG_MAX \|\| r < LONG_MIN)
	591	return -1;
	592	return (long)r;
	593	}
	594
	595	ASN1_ENUMERATED BN_to_ASN1_ENUMERATED(const BIGNUM bn, ASN1_ENUMERATED *ai)
	596	{
	597	return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
	598	}
	599
	600	BIGNUM ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED ai, BIGNUM *bn)
	601	{
	602	return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
0f113f3e	603	}
93f7d6fc RL	604
	605	/* Internal functions used by x_int64.c */
	606	int c2i_uint64_int(uint64_t ret, int neg, const unsigned char **pp, long len)
	607	{
	608	unsigned char buf[sizeof(uint64_t)];
	609	size_t buflen;
	610
	611	buflen = c2i_ibuf(NULL, NULL, *pp, len);
	612	if (buflen == 0)
	613	return 0;
	614	if (buflen > sizeof(uint64_t)) {
9311d0c4	615	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
93f7d6fc RL	616	return 0;
	617	}
	618	(void)c2i_ibuf(buf, neg, *pp, len);
	619	return asn1_get_uint64(ret, buf, buflen);
	620	}
	621
	622	int i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
	623	{
	624	unsigned char buf[sizeof(uint64_t)];
6d4321fc	625	size_t off;
93f7d6fc	626
6d4321fc AP	627	off = asn1_put_uint64(buf, r);
6d4321fc AP	628	return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
93f7d6fc RL	629	}
93f7d6fc RL	630