[thirdparty/openssl.git] / crypto / asn1 / a_int.c

/*
 * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/numbers.h"
#include <limits.h>
#include <openssl/asn1.h>
#include <openssl/bn.h>
#include "asn1_local.h"

ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
{
    return ASN1_STRING_dup(x);
}

int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
{
    int neg, ret;
    /* Compare signs */
    neg = x->type & V_ASN1_NEG;
    if (neg != (y->type & V_ASN1_NEG)) {
        if (neg)
            return -1;
        else
            return 1;
    }

    ret = ASN1_STRING_cmp(x, y);

    if (neg)
        return -ret;
    else
        return ret;
}

/*-
 * This converts a big endian buffer and sign into its content encoding.
 * This is used for INTEGER and ENUMERATED types.
 * The internal representation is an ASN1_STRING whose data is a big endian
 * representation of the value, ignoring the sign. The sign is determined by
 * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
 *
 * Positive integers are no problem: they are almost the same as the DER
 * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
 *
 * Negative integers are a bit trickier...
 * The DER representation of negative integers is in 2s complement form.
 * The internal form is converted by complementing each octet and finally
 * adding one to the result. This can be done less messily with a little trick.
 * If the internal form has trailing zeroes then they will become FF by the
 * complement and 0 by the add one (due to carry) so just copy as many trailing
 * zeros to the destination as there are in the source. The carry will add one
 * to the last none zero octet: so complement this octet and add one and finally
 * complement any left over until you get to the start of the string.
 *
 * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
 * with 0xff. However if the first byte is 0x80 and one of the following bytes
 * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
 * followed by optional zeros isn't padded.
 */

/*
 * If |pad| is zero, the operation is effectively reduced to memcpy,
 * and if |pad| is 0xff, then it performs two's complement, ~dst + 1.
 * Note that in latter case sequence of zeros yields itself, and so
 * does 0x80 followed by any number of zeros. These properties are
 * used elsewhere below...
 */
static void twos_complement(unsigned char *dst, const unsigned char *src,
                            size_t len, unsigned char pad)
{
    unsigned int carry = pad & 1;

    /* Begin at the end of the encoding */
    if (len != 0) {
        /*
         * if len == 0 then src/dst could be NULL, and this would be undefined
         * behaviour.
         */
        dst += len;
        src += len;
    }
    /* two's complement value: ~value + 1 */
    while (len-- != 0) {
        *(--dst) = (unsigned char)(carry += *(--src) ^ pad);
        carry >>= 8;
    }
}

static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
                       unsigned char **pp)
{
    unsigned int pad = 0;
    size_t ret, i;
    unsigned char *p, pb = 0;

    if (b != NULL && blen) {
        ret = blen;
        i = b[0];
        if (!neg && (i > 127)) {
            pad = 1;
            pb = 0;
        } else if (neg) {
            pb = 0xFF;
            if (i > 128) {
                pad = 1;
            } else if (i == 128) {
                /*
                 * Special case [of minimal negative for given length]:
                 * if any other bytes non zero we pad, otherwise we don't.
                 */
                for (pad = 0, i = 1; i < blen; i++)
                    pad |= b[i];
                pb = pad != 0 ? 0xffU : 0;
                pad = pb & 1;
            }
        }
        ret += pad;
    } else {
        ret = 1;
        blen = 0;   /* reduce '(b == NULL || blen == 0)' to '(blen == 0)' */
    }

    if (pp == NULL || (p = *pp) == NULL)
        return ret;

    /*
     * This magically handles all corner cases, such as '(b == NULL ||
     * blen == 0)', non-negative value, "negative" zero, 0x80 followed
     * by any number of zeros...
     */
    *p = pb;
    p += pad;       /* yes, p[0] can be written twice, but it's little
                     * price to pay for eliminated branches */
    twos_complement(p, b, blen, pb);

    *pp += ret;
    return ret;
}

/*
 * convert content octets into a big endian buffer. Returns the length
 * of buffer or 0 on error: for malformed INTEGER. If output buffer is
 * NULL just return length.
 */

static size_t c2i_ibuf(unsigned char *b, int *pneg,
                       const unsigned char *p, size_t plen)
{
    int neg, pad;
    /* Zero content length is illegal */
    if (plen == 0) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
        return 0;
    }
    neg = p[0] & 0x80;
    if (pneg)
        *pneg = neg;
    /* Handle common case where length is 1 octet separately */
    if (plen == 1) {
        if (b != NULL) {
            if (neg)
                b[0] = (p[0] ^ 0xFF) + 1;
            else
                b[0] = p[0];
        }
        return 1;
    }

    pad = 0;
    if (p[0] == 0) {
        pad = 1;
    } else if (p[0] == 0xFF) {
        size_t i;

        /*
         * Special case [of "one less minimal negative" for given length]:
         * if any other bytes non zero it was padded, otherwise not.
         */
        for (pad = 0, i = 1; i < plen; i++)
            pad |= p[i];
        pad = pad != 0 ? 1 : 0;
    }
    /* reject illegal padding: first two octets MSB can't match */
    if (pad && (neg == (p[1] & 0x80))) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING);
        return 0;
    }

    /* skip over pad */
    p += pad;
    plen -= pad;

    if (b != NULL)
        twos_complement(b, p, plen, neg ? 0xffU : 0);

    return plen;
}

int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
{
    return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
}

/* Convert big endian buffer into uint64_t, return 0 on error */
static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
{
    size_t i;
    uint64_t r;

    if (blen > sizeof(*pr)) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
        return 0;
    }
    if (b == NULL)
        return 0;
    for (r = 0, i = 0; i < blen; i++) {
        r <<= 8;
        r |= b[i];
    }
    *pr = r;
    return 1;
}

/*
 * Write uint64_t to big endian buffer and return offset to first
 * written octet. In other words it returns offset in range from 0
 * to 7, with 0 denoting 8 written octets and 7 - one.
 */
static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
{
    size_t off = sizeof(uint64_t);

    do {
        b[--off] = (unsigned char)r;
    } while (r >>= 8);

    return off;
}

/*
 * Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
 * overflow warnings.
 */
#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))

/* signed version of asn1_get_uint64 */
static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
                          int neg)
{
    uint64_t r;
    if (asn1_get_uint64(&r, b, blen) == 0)
        return 0;
    if (neg) {
        if (r <= INT64_MAX) {
            /* Most significant bit is guaranteed to be clear, negation
             * is guaranteed to be meaningful in platform-neutral sense. */
            *pr = -(int64_t)r;
        } else if (r == ABS_INT64_MIN) {
            /* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
             * on ones'-complement system. */
            *pr = (int64_t)(0 - r);
        } else {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
            return 0;
        }
    } else {
        if (r <= INT64_MAX) {
            *pr = (int64_t)r;
        } else {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
            return 0;
        }
    }
    return 1;
}

/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
ASN1_INTEGER *ossl_c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                                    long len)
{
    ASN1_INTEGER *ret = NULL;
    size_t r;
    int neg;

    r = c2i_ibuf(NULL, NULL, *pp, len);

    if (r == 0)
        return NULL;

    if ((a == NULL) || ((*a) == NULL)) {
        ret = ASN1_INTEGER_new();
        if (ret == NULL)
            return NULL;
        ret->type = V_ASN1_INTEGER;
    } else
        ret = *a;

    if (ASN1_STRING_set(ret, NULL, r) == 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
        goto err;
    }

    c2i_ibuf(ret->data, &neg, *pp, len);

    if (neg != 0)
        ret->type |= V_ASN1_NEG;
    else
        ret->type &= ~V_ASN1_NEG;

    *pp += len;
    if (a != NULL)
        (*a) = ret;
    return ret;
 err:
    if (a == NULL || *a != ret)
        ASN1_INTEGER_free(ret);
    return NULL;
}

static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
{
    if (a == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
    if ((a->type & ~V_ASN1_NEG) != itype) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
        return 0;
    }
    return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
}

static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
{
    unsigned char tbuf[sizeof(r)];
    size_t off;

    a->type = itype;
    if (r < 0) {
        /* Most obvious '-r' triggers undefined behaviour for most
         * common INT64_MIN. Even though below '0 - (uint64_t)r' can
         * appear two's-complement centric, it does produce correct/
         * expected result even on one's-complement. This is because
         * cast to unsigned has to change bit pattern... */
        off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
        a->type |= V_ASN1_NEG;
    } else {
        off = asn1_put_uint64(tbuf, r);
        a->type &= ~V_ASN1_NEG;
    }
    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
}

static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
                                  int itype)
{
    if (a == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
        return 0;
    }
    if ((a->type & ~V_ASN1_NEG) != itype) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
        return 0;
    }
    if (a->type & V_ASN1_NEG) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
        return 0;
    }
    return asn1_get_uint64(pr, a->data, a->length);
}

static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
{
    unsigned char tbuf[sizeof(r)];
    size_t off;

    a->type = itype;
    off = asn1_put_uint64(tbuf, r);
    return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
}

/*
 * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
 * integers: some broken software can encode a positive INTEGER with its MSB
 * set as negative (it doesn't add a padding zero).
 */

ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
                                long length)
{
    ASN1_INTEGER *ret = NULL;
    const unsigned char *p;
    unsigned char *s;
    long len = 0;
    int inf, tag, xclass;
    int i = 0;

    if ((a == NULL) || ((*a) == NULL)) {
        if ((ret = ASN1_INTEGER_new()) == NULL)
            return NULL;
        ret->type = V_ASN1_INTEGER;
    } else
        ret = (*a);

    p = *pp;
    inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
    if (inf & 0x80) {
        i = ASN1_R_BAD_OBJECT_HEADER;
        goto err;
    }

    if (tag != V_ASN1_INTEGER) {
        i = ASN1_R_EXPECTING_AN_INTEGER;
        goto err;
    }

    if (len < 0) {
        i = ASN1_R_ILLEGAL_NEGATIVE_VALUE;
        goto err;
    }
    /*
     * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
     * a missing NULL parameter.
     */
    s = OPENSSL_malloc((int)len + 1);
    if (s == NULL)
        goto err;
    ret->type = V_ASN1_INTEGER;
    if (len) {
        if ((*p == 0) && (len != 1)) {
            p++;
            len--;
        }
        memcpy(s, p, (int)len);
        p += len;
    }

    ASN1_STRING_set0(ret, s, (int)len);
    if (a != NULL)
        (*a) = ret;
    *pp = p;
    return ret;
 err:
    if (i != 0)
        ERR_raise(ERR_LIB_ASN1, i);
    if ((a == NULL) || (*a != ret))
        ASN1_INTEGER_free(ret);
    return NULL;
}

static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
                                      int atype)
{
    ASN1_INTEGER *ret;
    int len;

    if (ai == NULL) {
        ret = ASN1_STRING_type_new(atype);
    } else {
        ret = ai;
        ret->type = atype;
    }

    if (ret == NULL) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
        goto err;
    }

    if (BN_is_negative(bn) && !BN_is_zero(bn))
        ret->type |= V_ASN1_NEG_INTEGER;

    len = BN_num_bytes(bn);

    if (len == 0)
        len = 1;

    if (ASN1_STRING_set(ret, NULL, len) == 0) {
        ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
        goto err;
    }

    /* Correct zero case */
    if (BN_is_zero(bn))
        ret->data[0] = 0;
    else
        len = BN_bn2bin(bn, ret->data);
    ret->length = len;
    return ret;
 err:
    if (ret != ai)
        ASN1_INTEGER_free(ret);
    return NULL;
}

static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
                                 int itype)
{
    BIGNUM *ret;

    if ((ai->type & ~V_ASN1_NEG) != itype) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
        return NULL;
    }

    ret = BN_bin2bn(ai->data, ai->length, bn);
    if (ret == NULL) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB);
        return NULL;
    }
    if (ai->type & V_ASN1_NEG)
        BN_set_negative(ret, 1);
    return ret;
}

int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
{
    return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
}

int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
{
    return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
}

int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
{
    return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
}

int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
{
    return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
}

int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
{
    return ASN1_INTEGER_set_int64(a, v);
}

long ASN1_INTEGER_get(const ASN1_INTEGER *a)
{
    int i;
    int64_t r;
    if (a == NULL)
        return 0;
    i = ASN1_INTEGER_get_int64(&r, a);
    if (i == 0)
        return -1;
    if (r > LONG_MAX || r < LONG_MIN)
        return -1;
    return (long)r;
}

ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
{
    return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
}

BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
{
    return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
}

int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
{
    return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
}

int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
{
    return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
}

int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
{
    return ASN1_ENUMERATED_set_int64(a, v);
}

long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
{
    int i;
    int64_t r;
    if (a == NULL)
        return 0;
    if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
        return -1;
    if (a->length > (int)sizeof(long))
        return 0xffffffffL;
    i = ASN1_ENUMERATED_get_int64(&r, a);
    if (i == 0)
        return -1;
    if (r > LONG_MAX || r < LONG_MIN)
        return -1;
    return (long)r;
}

ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
{
    return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
}

BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
{
    return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
}

/* Internal functions used by x_int64.c */
int ossl_c2i_uint64_int(uint64_t *ret, int *neg,
                        const unsigned char **pp, long len)
{
    unsigned char buf[sizeof(uint64_t)];
    size_t buflen;

    buflen = c2i_ibuf(NULL, NULL, *pp, len);
    if (buflen == 0)
        return 0;
    if (buflen > sizeof(uint64_t)) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
        return 0;
    }
    (void)c2i_ibuf(buf, neg, *pp, len);
    return asn1_get_uint64(ret, buf, buflen);
}

int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
{
    unsigned char buf[sizeof(uint64_t)];
    size_t off;

    off = asn1_put_uint64(buf, r);
    return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
}
Commit	Line	Data
b1322259	1	/*
3c2bdd7d	2	* Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
365a2d99	4	* Licensed under the Apache License 2.0 (the "License"). You may not use
b1322259 RS	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
	9
	10	#include <stdio.h>
b39fc560	11	#include "internal/cryptlib.h"
c5f28105	12	#include "internal/numbers.h"
6c5b6cb0	13	#include <limits.h>
ec577822	14	#include <openssl/asn1.h>
0f814687	15	#include <openssl/bn.h>
706457b7	16	#include "asn1_local.h"
d02b48c6	17
6384e46d	18	ASN1_INTEGER ASN1_INTEGER_dup(const ASN1_INTEGER x)
0f113f3e	19	{
f422a514	20	return ASN1_STRING_dup(x);
0f113f3e	21	}
08e9c1af	22
6384e46d	23	int ASN1_INTEGER_cmp(const ASN1_INTEGER x, const ASN1_INTEGER y)
0f113f3e MC	24	{
	25	int neg, ret;
	26	/* Compare signs */
	27	neg = x->type & V_ASN1_NEG;
	28	if (neg != (y->type & V_ASN1_NEG)) {
	29	if (neg)
	30	return -1;
	31	else
	32	return 1;
	33	}
	34
	35	ret = ASN1_STRING_cmp(x, y);
	36
	37	if (neg)
	38	return -ret;
	39	else
	40	return ret;
	41	}
	42
	43	/*-
6c5b6cb0 DSH	44	* This converts a big endian buffer and sign into its content encoding.
6c5b6cb0 DSH	45	* This is used for INTEGER and ENUMERATED types.
1ad2ecb6 DSH	46	* The internal representation is an ASN1_STRING whose data is a big endian
1ad2ecb6 DSH	47	* representation of the value, ignoring the sign. The sign is determined by
6c5b6cb0	48	* the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
1ad2ecb6 DSH	49	*
	50	* Positive integers are no problem: they are almost the same as the DER
	51	* encoding, except if the first byte is >= 0x80 we need to add a zero pad.
	52	*
	53	* Negative integers are a bit trickier...
	54	* The DER representation of negative integers is in 2s complement form.
0f113f3e	55	* The internal form is converted by complementing each octet and finally
1ad2ecb6 DSH	56	* adding one to the result. This can be done less messily with a little trick.
1ad2ecb6 DSH	57	* If the internal form has trailing zeroes then they will become FF by the
0f113f3e	58	* complement and 0 by the add one (due to carry) so just copy as many trailing
1ad2ecb6 DSH	59	* zeros to the destination as there are in the source. The carry will add one
	60	* to the last none zero octet: so complement this octet and add one and finally
	61	* complement any left over until you get to the start of the string.
	62	*
	63	* Padding is a little trickier too. If the first bytes is > 0x80 then we pad
	64	* with 0xff. However if the first byte is 0x80 and one of the following bytes
	65	* is non-zero we pad with 0xff. The reason for this distinction is that 0x80
	66	* followed by optional zeros isn't padded.
	67	*/
	68
a3ea6bf0 AP	69	/*
	70	* If \|pad\| is zero, the operation is effectively reduced to memcpy,
	71	* and if \|pad\| is 0xff, then it performs two's complement, ~dst + 1.
	72	* Note that in latter case sequence of zeros yields itself, and so
	73	* does 0x80 followed by any number of zeros. These properties are
	74	* used elsewhere below...
	75	*/
	76	static void twos_complement(unsigned char dst, const unsigned char src,
	77	size_t len, unsigned char pad)
	78	{
	79	unsigned int carry = pad & 1;
	80
	81	/* Begin at the end of the encoding */
a07dc816 MC	82	if (len != 0) {
	83	/*
	84	* if len == 0 then src/dst could be NULL, and this would be undefined
	85	* behaviour.
	86	*/
	87	dst += len;
	88	src += len;
	89	}
a3ea6bf0 AP	90	/* two's complement value: ~value + 1 */
	91	while (len-- != 0) {
	92	(--dst) = (unsigned char)(carry += (--src) ^ pad);
	93	carry >>= 8;
	94	}
	95	}
	96
6c5b6cb0 DSH	97	static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
6c5b6cb0 DSH	98	unsigned char **pp)
0f113f3e	99	{
a3ea6bf0	100	unsigned int pad = 0;
6c5b6cb0 DSH	101	size_t ret, i;
6c5b6cb0 DSH	102	unsigned char *p, pb = 0;
0f113f3e	103
a3ea6bf0	104	if (b != NULL && blen) {
6c5b6cb0 DSH	105	ret = blen;
6c5b6cb0 DSH	106	i = b[0];
0f113f3e MC	107	if (!neg && (i > 127)) {
	108	pad = 1;
	109	pb = 0;
	110	} else if (neg) {
a3ea6bf0	111	pb = 0xFF;
0f113f3e MC	112	if (i > 128) {
0f113f3e MC	113	pad = 1;
0f113f3e MC	114	} else if (i == 128) {
0f113f3e MC	115	/*
a3ea6bf0 AP	116	* Special case [of minimal negative for given length]:
a3ea6bf0 AP	117	* if any other bytes non zero we pad, otherwise we don't.
0f113f3e	118	*/
a3ea6bf0 AP	119	for (pad = 0, i = 1; i < blen; i++)
	120	pad \|= b[i];
	121	pb = pad != 0 ? 0xffU : 0;
	122	pad = pb & 1;
0f113f3e MC	123	}
	124	}
	125	ret += pad;
a3ea6bf0 AP	126	} else {
	127	ret = 1;
	128	blen = 0; /* reduce '(b == NULL \|\| blen == 0)' to '(blen == 0)' */
0f113f3e	129	}
a3ea6bf0 AP	130
a3ea6bf0 AP	131	if (pp == NULL \|\| (p = *pp) == NULL)
6c5b6cb0	132	return ret;
0f113f3e	133
a3ea6bf0 AP	134	/*
	135	* This magically handles all corner cases, such as '(b == NULL \|\|
	136	* blen == 0)', non-negative value, "negative" zero, 0x80 followed
	137	* by any number of zeros...
	138	*/
	139	*p = pb;
	140	p += pad; /* yes, p[0] can be written twice, but it's little
	141	* price to pay for eliminated branches */
	142	twos_complement(p, b, blen, pb);
0f113f3e MC	143
0f113f3e MC	144	*pp += ret;
6c5b6cb0	145	return ret;
0f113f3e	146	}
d02b48c6	147
6c5b6cb0 DSH	148	/*
6c5b6cb0 DSH	149	* convert content octets into a big endian buffer. Returns the length
0d4fb843	150	* of buffer or 0 on error: for malformed INTEGER. If output buffer is
6c5b6cb0 DSH	151	* NULL just return length.
6c5b6cb0 DSH	152	*/
a338e21b	153
6c5b6cb0 DSH	154	static size_t c2i_ibuf(unsigned char b, int pneg,
6c5b6cb0 DSH	155	const unsigned char *p, size_t plen)
0f113f3e	156	{
6c5b6cb0 DSH	157	int neg, pad;
	158	/* Zero content length is illegal */
	159	if (plen == 0) {
9311d0c4	160	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_ZERO_CONTENT);
6c5b6cb0 DSH	161	return 0;
	162	}
	163	neg = p[0] & 0x80;
	164	if (pneg)
	165	*pneg = neg;
	166	/* Handle common case where length is 1 octet separately */
	167	if (plen == 1) {
a3ea6bf0	168	if (b != NULL) {
6c5b6cb0 DSH	169	if (neg)
	170	b[0] = (p[0] ^ 0xFF) + 1;
	171	else
	172	b[0] = p[0];
	173	}
	174	return 1;
	175	}
1e93d619 AP	176
	177	pad = 0;
	178	if (p[0] == 0) {
6c5b6cb0	179	pad = 1;
1e93d619 AP	180	} else if (p[0] == 0xFF) {
	181	size_t i;
	182
	183	/*
	184	* Special case [of "one less minimal negative" for given length]:
	185	* if any other bytes non zero it was padded, otherwise not.
	186	*/
	187	for (pad = 0, i = 1; i < plen; i++)
	188	pad \|= p[i];
	189	pad = pad != 0 ? 1 : 0;
	190	}
6c5b6cb0 DSH	191	/* reject illegal padding: first two octets MSB can't match */
6c5b6cb0 DSH	192	if (pad && (neg == (p[1] & 0x80))) {
9311d0c4	193	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING);
6c5b6cb0 DSH	194	return 0;
6c5b6cb0 DSH	195	}
0f113f3e	196
a3ea6bf0 AP	197	/* skip over pad */
a3ea6bf0 AP	198	p += pad;
6c5b6cb0	199	plen -= pad;
a3ea6bf0 AP	200
	201	if (b != NULL)
	202	twos_complement(b, p, plen, neg ? 0xffU : 0);
	203
6c5b6cb0 DSH	204	return plen;
6c5b6cb0 DSH	205	}
0f113f3e	206
adf7e6d1	207	int ossl_i2c_ASN1_INTEGER(ASN1_INTEGER a, unsigned char *pp)
6c5b6cb0 DSH	208	{
	209	return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
	210	}
	211
	212	/* Convert big endian buffer into uint64_t, return 0 on error */
	213	static int asn1_get_uint64(uint64_t pr, const unsigned char b, size_t blen)
	214	{
	215	size_t i;
6d4321fc AP	216	uint64_t r;
6d4321fc AP	217
6c5b6cb0	218	if (blen > sizeof(*pr)) {
9311d0c4	219	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
6c5b6cb0	220	return 0;
0f113f3e	221	}
6c5b6cb0 DSH	222	if (b == NULL)
6c5b6cb0 DSH	223	return 0;
6d4321fc AP	224	for (r = 0, i = 0; i < blen; i++) {
	225	r <<= 8;
	226	r \|= b[i];
6c5b6cb0	227	}
6d4321fc	228	*pr = r;
6c5b6cb0 DSH	229	return 1;
	230	}
	231
6d4321fc AP	232	/*
	233	* Write uint64_t to big endian buffer and return offset to first
	234	* written octet. In other words it returns offset in range from 0
	235	* to 7, with 0 denoting 8 written octets and 7 - one.
	236	*/
	237	static size_t asn1_put_uint64(unsigned char b[sizeof(uint64_t)], uint64_t r)
6c5b6cb0	238	{
6d4321fc	239	size_t off = sizeof(uint64_t);
6c5b6cb0	240
6d4321fc AP	241	do {
	242	b[--off] = (unsigned char)r;
	243	} while (r >>= 8);
6c5b6cb0	244
6d4321fc	245	return off;
6c5b6cb0 DSH	246	}
	247
	248	/*
786b6a45	249	* Absolute value of INT64_MIN: we can't just use -INT64_MIN as gcc produces
6c5b6cb0 DSH	250	* overflow warnings.
6c5b6cb0 DSH	251	*/
786b6a45	252	#define ABS_INT64_MIN ((uint64_t)INT64_MAX + (-(INT64_MIN + INT64_MAX)))
6c5b6cb0 DSH	253
	254	/* signed version of asn1_get_uint64 */
	255	static int asn1_get_int64(int64_t pr, const unsigned char b, size_t blen,
	256	int neg)
	257	{
	258	uint64_t r;
	259	if (asn1_get_uint64(&r, b, blen) == 0)
	260	return 0;
	261	if (neg) {
786b6a45 AP	262	if (r <= INT64_MAX) {
	263	/* Most significant bit is guaranteed to be clear, negation
	264	* is guaranteed to be meaningful in platform-neutral sense. */
	265	*pr = -(int64_t)r;
	266	} else if (r == ABS_INT64_MIN) {
	267	/* This never happens if INT64_MAX == ABS_INT64_MIN, e.g.
	268	* on ones'-complement system. */
	269	*pr = (int64_t)(0 - r);
	270	} else {
9311d0c4	271	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
6c5b6cb0	272	return 0;
0f113f3e MC	273	}
0f113f3e MC	274	} else {
786b6a45 AP	275	if (r <= INT64_MAX) {
	276	*pr = (int64_t)r;
	277	} else {
9311d0c4	278	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
6c5b6cb0	279	return 0;
0f113f3e	280	}
0f113f3e	281	}
6c5b6cb0 DSH	282	return 1;
6c5b6cb0 DSH	283	}
0f113f3e	284
6c5b6cb0	285	/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
adf7e6d1 SL	286	ASN1_INTEGER ossl_c2i_ASN1_INTEGER(ASN1_INTEGER a, const unsigned char *pp,
adf7e6d1 SL	287	long len)
6c5b6cb0 DSH	288	{
	289	ASN1_INTEGER *ret = NULL;
	290	size_t r;
	291	int neg;
	292
	293	r = c2i_ibuf(NULL, NULL, *pp, len);
	294
	295	if (r == 0)
	296	return NULL;
	297
	298	if ((a == NULL) \|\| ((*a) == NULL)) {
	299	ret = ASN1_INTEGER_new();
	300	if (ret == NULL)
	301	return NULL;
	302	ret->type = V_ASN1_INTEGER;
	303	} else
	304	ret = *a;
	305
e077455e RL	306	if (ASN1_STRING_set(ret, NULL, r) == 0) {
e077455e RL	307	ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
6c5b6cb0	308	goto err;
e077455e	309	}
6c5b6cb0 DSH	310
	311	c2i_ibuf(ret->data, &neg, *pp, len);
	312
581c4b1d	313	if (neg != 0)
6c5b6cb0	314	ret->type \|= V_ASN1_NEG;
581c4b1d P	315	else
581c4b1d P	316	ret->type &= ~V_ASN1_NEG;
6c5b6cb0 DSH	317
6c5b6cb0 DSH	318	*pp += len;
0f113f3e MC	319	if (a != NULL)
0f113f3e MC	320	(*a) = ret;
6c5b6cb0	321	return ret;
0f113f3e	322	err:
581c4b1d	323	if (a == NULL \|\| *a != ret)
f422a514	324	ASN1_INTEGER_free(ret);
6c5b6cb0 DSH	325	return NULL;
	326	}
	327
	328	static int asn1_string_get_int64(int64_t pr, const ASN1_STRING a, int itype)
	329	{
	330	if (a == NULL) {
9311d0c4	331	ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
6c5b6cb0 DSH	332	return 0;
	333	}
	334	if ((a->type & ~V_ASN1_NEG) != itype) {
9311d0c4	335	ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
6c5b6cb0 DSH	336	return 0;
	337	}
	338	return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
	339	}
	340
	341	static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
	342	{
	343	unsigned char tbuf[sizeof(r)];
6d4321fc AP	344	size_t off;
6d4321fc AP	345
6c5b6cb0 DSH	346	a->type = itype;
6c5b6cb0 DSH	347	if (r < 0) {
786b6a45 AP	348	/* Most obvious '-r' triggers undefined behaviour for most
	349	* common INT64_MIN. Even though below '0 - (uint64_t)r' can
	350	* appear two's-complement centric, it does produce correct/
	351	* expected result even on one's-complement. This is because
	352	* cast to unsigned has to change bit pattern... */
	353	off = asn1_put_uint64(tbuf, 0 - (uint64_t)r);
6c5b6cb0 DSH	354	a->type \|= V_ASN1_NEG;
6c5b6cb0 DSH	355	} else {
6d4321fc	356	off = asn1_put_uint64(tbuf, r);
6c5b6cb0 DSH	357	a->type &= ~V_ASN1_NEG;
6c5b6cb0 DSH	358	}
6d4321fc	359	return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
0f113f3e MC	360	}
0f113f3e MC	361
c5f28105 DSH	362	static int asn1_string_get_uint64(uint64_t pr, const ASN1_STRING a,
	363	int itype)
	364	{
	365	if (a == NULL) {
9311d0c4	366	ERR_raise(ERR_LIB_ASN1, ERR_R_PASSED_NULL_PARAMETER);
c5f28105 DSH	367	return 0;
	368	}
	369	if ((a->type & ~V_ASN1_NEG) != itype) {
9311d0c4	370	ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
c5f28105 DSH	371	return 0;
	372	}
	373	if (a->type & V_ASN1_NEG) {
9311d0c4	374	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
c5f28105 DSH	375	return 0;
	376	}
	377	return asn1_get_uint64(pr, a->data, a->length);
	378	}
	379
	380	static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
	381	{
	382	unsigned char tbuf[sizeof(r)];
6d4321fc AP	383	size_t off;
6d4321fc AP	384
c5f28105	385	a->type = itype;
6d4321fc AP	386	off = asn1_put_uint64(tbuf, r);
6d4321fc AP	387	return ASN1_STRING_set(a, tbuf + off, sizeof(tbuf) - off);
c5f28105 DSH	388	}
c5f28105 DSH	389
0f113f3e MC	390	/*
	391	* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
	392	* integers: some broken software can encode a positive INTEGER with its MSB
	393	* set as negative (it doesn't add a padding zero).
1ad2ecb6 DSH	394	*/
1ad2ecb6 DSH	395
875a644a	396	ASN1_INTEGER d2i_ASN1_UINTEGER(ASN1_INTEGER a, const unsigned char *pp,
0f113f3e MC	397	long length)
	398	{
	399	ASN1_INTEGER *ret = NULL;
	400	const unsigned char *p;
	401	unsigned char *s;
42e7d2f1	402	long len = 0;
0f113f3e	403	int inf, tag, xclass;
e077455e	404	int i = 0;
0f113f3e MC	405
0f113f3e MC	406	if ((a == NULL) \|\| ((*a) == NULL)) {
f422a514	407	if ((ret = ASN1_INTEGER_new()) == NULL)
26a7d938	408	return NULL;
0f113f3e MC	409	ret->type = V_ASN1_INTEGER;
	410	} else
	411	ret = (*a);
	412
	413	p = *pp;
	414	inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
	415	if (inf & 0x80) {
	416	i = ASN1_R_BAD_OBJECT_HEADER;
	417	goto err;
	418	}
	419
	420	if (tag != V_ASN1_INTEGER) {
	421	i = ASN1_R_EXPECTING_AN_INTEGER;
	422	goto err;
	423	}
	424
42e7d2f1 SL	425	if (len < 0) {
	426	i = ASN1_R_ILLEGAL_NEGATIVE_VALUE;
	427	goto err;
	428	}
0f113f3e MC	429	/*
	430	* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
	431	* a missing NULL parameter.
	432	*/
b196e7d9	433	s = OPENSSL_malloc((int)len + 1);
e077455e	434	if (s == NULL)
0f113f3e	435	goto err;
0f113f3e MC	436	ret->type = V_ASN1_INTEGER;
	437	if (len) {
	438	if ((*p == 0) && (len != 1)) {
	439	p++;
	440	len--;
	441	}
	442	memcpy(s, p, (int)len);
	443	p += len;
	444	}
	445
33847508	446	ASN1_STRING_set0(ret, s, (int)len);
0f113f3e MC	447	if (a != NULL)
	448	(*a) = ret;
	449	*pp = p;
26a7d938	450	return ret;
0f113f3e	451	err:
e077455e RL	452	if (i != 0)
e077455e RL	453	ERR_raise(ERR_LIB_ASN1, i);
0dfb9398	454	if ((a == NULL) \|\| (*a != ret))
f422a514	455	ASN1_INTEGER_free(ret);
26a7d938	456	return NULL;
0f113f3e	457	}
d02b48c6	458
6c5b6cb0 DSH	459	static ASN1_STRING bn_to_asn1_string(const BIGNUM bn, ASN1_STRING *ai,
6c5b6cb0 DSH	460	int atype)
0f113f3e	461	{
6c5b6cb0 DSH	462	ASN1_INTEGER *ret;
6c5b6cb0 DSH	463	int len;
0f113f3e	464
6c5b6cb0 DSH	465	if (ai == NULL) {
	466	ret = ASN1_STRING_type_new(atype);
	467	} else {
	468	ret = ai;
	469	ret->type = atype;
0f113f3e	470	}
0f113f3e	471
6c5b6cb0	472	if (ret == NULL) {
9311d0c4	473	ERR_raise(ERR_LIB_ASN1, ERR_R_NESTED_ASN1_ERROR);
6c5b6cb0	474	goto err;
0f113f3e	475	}
0f113f3e	476
6c5b6cb0 DSH	477	if (BN_is_negative(bn) && !BN_is_zero(bn))
6c5b6cb0 DSH	478	ret->type \|= V_ASN1_NEG_INTEGER;
d02b48c6	479
6c5b6cb0	480	len = BN_num_bytes(bn);
0f113f3e	481
6c5b6cb0 DSH	482	if (len == 0)
	483	len = 1;
	484
	485	if (ASN1_STRING_set(ret, NULL, len) == 0) {
e077455e	486	ERR_raise(ERR_LIB_ASN1, ERR_R_ASN1_LIB);
0f113f3e MC	487	goto err;
0f113f3e MC	488	}
6c5b6cb0	489
0f113f3e	490	/* Correct zero case */
6c5b6cb0	491	if (BN_is_zero(bn))
0f113f3e	492	ret->data[0] = 0;
6c5b6cb0 DSH	493	else
	494	len = BN_bn2bin(bn, ret->data);
	495	ret->length = len;
	496	return ret;
0f113f3e MC	497	err:
0f113f3e MC	498	if (ret != ai)
f422a514	499	ASN1_INTEGER_free(ret);
26a7d938	500	return NULL;
0f113f3e	501	}
d02b48c6	502
6c5b6cb0 DSH	503	static BIGNUM asn1_string_to_bn(const ASN1_INTEGER ai, BIGNUM *bn,
6c5b6cb0 DSH	504	int itype)
0f113f3e MC	505	{
0f113f3e MC	506	BIGNUM *ret;
d02b48c6	507
6c5b6cb0	508	if ((ai->type & ~V_ASN1_NEG) != itype) {
9311d0c4	509	ERR_raise(ERR_LIB_ASN1, ASN1_R_WRONG_INTEGER_TYPE);
6c5b6cb0 DSH	510	return NULL;
	511	}
	512
	513	ret = BN_bin2bn(ai->data, ai->length, bn);
a6ac1ed6	514	if (ret == NULL) {
9311d0c4	515	ERR_raise(ERR_LIB_ASN1, ASN1_R_BN_LIB);
6c5b6cb0 DSH	516	return NULL;
	517	}
	518	if (ai->type & V_ASN1_NEG)
0f113f3e	519	BN_set_negative(ret, 1);
6c5b6cb0 DSH	520	return ret;
	521	}
	522
	523	int ASN1_INTEGER_get_int64(int64_t pr, const ASN1_INTEGER a)
	524	{
	525	return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
	526	}
	527
	528	int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
	529	{
	530	return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
	531	}
	532
c5f28105 DSH	533	int ASN1_INTEGER_get_uint64(uint64_t pr, const ASN1_INTEGER a)
	534	{
	535	return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
	536	}
	537
	538	int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
	539	{
	540	return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
	541	}
	542
6c5b6cb0 DSH	543	int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
	544	{
	545	return ASN1_INTEGER_set_int64(a, v);
	546	}
	547
	548	long ASN1_INTEGER_get(const ASN1_INTEGER *a)
	549	{
	550	int i;
	551	int64_t r;
	552	if (a == NULL)
	553	return 0;
	554	i = ASN1_INTEGER_get_int64(&r, a);
	555	if (i == 0)
	556	return -1;
	557	if (r > LONG_MAX \|\| r < LONG_MIN)
	558	return -1;
	559	return (long)r;
	560	}
	561
	562	ASN1_INTEGER BN_to_ASN1_INTEGER(const BIGNUM bn, ASN1_INTEGER *ai)
	563	{
	564	return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
	565	}
	566
	567	BIGNUM ASN1_INTEGER_to_BN(const ASN1_INTEGER ai, BIGNUM *bn)
	568	{
	569	return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
	570	}
	571
	572	int ASN1_ENUMERATED_get_int64(int64_t pr, const ASN1_ENUMERATED a)
	573	{
	574	return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
	575	}
	576
	577	int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
	578	{
	579	return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
	580	}
	581
	582	int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
	583	{
	584	return ASN1_ENUMERATED_set_int64(a, v);
	585	}
	586
f48ebf9f	587	long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
6c5b6cb0 DSH	588	{
	589	int i;
	590	int64_t r;
	591	if (a == NULL)
	592	return 0;
	593	if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
	594	return -1;
	595	if (a->length > (int)sizeof(long))
	596	return 0xffffffffL;
	597	i = ASN1_ENUMERATED_get_int64(&r, a);
	598	if (i == 0)
	599	return -1;
	600	if (r > LONG_MAX \|\| r < LONG_MIN)
	601	return -1;
	602	return (long)r;
	603	}
	604
	605	ASN1_ENUMERATED BN_to_ASN1_ENUMERATED(const BIGNUM bn, ASN1_ENUMERATED *ai)
	606	{
	607	return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
	608	}
	609
	610	BIGNUM ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED ai, BIGNUM *bn)
	611	{
	612	return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
0f113f3e	613	}
93f7d6fc RL	614
93f7d6fc RL	615	/* Internal functions used by x_int64.c */
adf7e6d1 SL	616	int ossl_c2i_uint64_int(uint64_t ret, int neg,
adf7e6d1 SL	617	const unsigned char **pp, long len)
93f7d6fc RL	618	{
	619	unsigned char buf[sizeof(uint64_t)];
	620	size_t buflen;
	621
	622	buflen = c2i_ibuf(NULL, NULL, *pp, len);
	623	if (buflen == 0)
	624	return 0;
	625	if (buflen > sizeof(uint64_t)) {
9311d0c4	626	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
93f7d6fc RL	627	return 0;
	628	}
	629	(void)c2i_ibuf(buf, neg, *pp, len);
	630	return asn1_get_uint64(ret, buf, buflen);
	631	}
	632
adf7e6d1	633	int ossl_i2c_uint64_int(unsigned char *p, uint64_t r, int neg)
93f7d6fc RL	634	{
93f7d6fc RL	635	unsigned char buf[sizeof(uint64_t)];
6d4321fc	636	size_t off;
93f7d6fc	637
6d4321fc AP	638	off = asn1_put_uint64(buf, r);
6d4321fc AP	639	return i2c_ibuf(buf + off, sizeof(buf) - off, neg, &p);
93f7d6fc RL	640	}
93f7d6fc RL	641