xref: /openbsd-src/lib/libcrypto/asn1/a_int.c (revision 50b7afb2c2c0993b0894d4e34bf857cb13ed9c80) 
1 /* $OpenBSD: a_int.c,v 1.24 2014/07/11 08:44:47 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 #include <string.h>
61 
62 #include <openssl/asn1.h>
63 #include <openssl/bn.h>
64 #include <openssl/err.h>
65 
66 ASN1_INTEGER *
67 ASN1_INTEGER_dup(const ASN1_INTEGER *x)
68 {
69 	return M_ASN1_INTEGER_dup(x);
70 }
71 
72 int
73 ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
74 {
75 	int neg, ret;
76 
77 	/* Compare signs */
78 	neg = x->type & V_ASN1_NEG;
79 	if (neg != (y->type & V_ASN1_NEG)) {
80 		if (neg)
81 			return -1;
82 		else
83 			return 1;
84 	}
85 
86 	ret = ASN1_STRING_cmp(x, y);
87 
88 	if (neg)
89 		return -ret;
90 	else
91 		return ret;
92 }
93 
94 
95 /*
96  * This converts an ASN1 INTEGER into its content encoding.
97  * The internal representation is an ASN1_STRING whose data is a big endian
98  * representation of the value, ignoring the sign. The sign is determined by
99  * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
100  *
101  * Positive integers are no problem: they are almost the same as the DER
102  * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
103  *
104  * Negative integers are a bit trickier...
105  * The DER representation of negative integers is in 2s complement form.
106  * The internal form is converted by complementing each octet and finally
107  * adding one to the result. This can be done less messily with a little trick.
108  * If the internal form has trailing zeroes then they will become FF by the
109  * complement and 0 by the add one (due to carry) so just copy as many trailing
110  * zeros to the destination as there are in the source. The carry will add one
111  * to the last none zero octet: so complement this octet and add one and finally
112  * complement any left over until you get to the start of the string.
113  *
114  * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
115  * with 0xff. However if the first byte is 0x80 and one of the following bytes
116  * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
117  * followed by optional zeros isn't padded.
118  */
119 
120 int
121 i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
122 {
123 	int pad = 0, ret, i, neg;
124 	unsigned char *p, *n, pb = 0;
125 
126 	if (a == NULL)
127 		return (0);
128 	neg = a->type & V_ASN1_NEG;
129 	if (a->length == 0)
130 		ret = 1;
131 	else {
132 		ret = a->length;
133 		i = a->data[0];
134 		if (!neg && (i > 127)) {
135 			pad = 1;
136 			pb = 0;
137 		} else if (neg) {
138 			if (i > 128) {
139 				pad = 1;
140 				pb = 0xFF;
141 			} else if (i == 128) {
142 				/*
143 				 * Special case: if any other bytes non zero we pad:
144 				 * otherwise we don't.
145 				 */
146 				for (i = 1; i < a->length; i++) if (a->data[i]) {
147 					pad = 1;
148 					pb = 0xFF;
149 					break;
150 				}
151 			}
152 		}
153 		ret += pad;
154 	}
155 	if (pp == NULL)
156 		return (ret);
157 	p= *pp;
158 
159 	if (pad)
160 		*(p++) = pb;
161 	if (a->length == 0)
162 		*(p++) = 0;
163 	else if (!neg)
164 		memcpy(p, a->data, a->length);
165 	else {
166 		/* Begin at the end of the encoding */
167 		n = a->data + a->length - 1;
168 		p += a->length - 1;
169 		i = a->length;
170 		/* Copy zeros to destination as long as source is zero */
171 		while (!*n) {
172 			*(p--) = 0;
173 			n--;
174 			i--;
175 		}
176 		/* Complement and increment next octet */
177 		*(p--) = ((*(n--)) ^ 0xff) + 1;
178 		i--;
179 		/* Complement any octets left */
180 		for (; i > 0; i--)
181 			*(p--) = *(n--) ^ 0xff;
182 	}
183 
184 	*pp += ret;
185 	return (ret);
186 }
187 
188 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
189 
190 ASN1_INTEGER *
191 c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len)
192 {
193 	ASN1_INTEGER *ret = NULL;
194 	const unsigned char *p, *pend;
195 	unsigned char *to, *s;
196 	int i;
197 
198 	if ((a == NULL) || ((*a) == NULL)) {
199 		if ((ret = M_ASN1_INTEGER_new()) == NULL)
200 			return (NULL);
201 		ret->type = V_ASN1_INTEGER;
202 	} else
203 		ret = (*a);
204 
205 	p = *pp;
206 	pend = p + len;
207 
208 	/* We must malloc stuff, even for 0 bytes otherwise it
209 	 * signifies a missing NULL parameter. */
210 	s = malloc(len + 1);
211 	if (s == NULL) {
212 		i = ERR_R_MALLOC_FAILURE;
213 		goto err;
214 	}
215 	to = s;
216 	if (!len) {
217 		/* Strictly speaking this is an illegal INTEGER but we
218 		 * tolerate it.
219 		 */
220 		ret->type = V_ASN1_INTEGER;
221 	} else if (*p & 0x80) /* a negative number */ {
222 		ret->type = V_ASN1_NEG_INTEGER;
223 		if ((*p == 0xff) && (len != 1)) {
224 			p++;
225 			len--;
226 		}
227 		i = len;
228 		p += i - 1;
229 		to += i - 1;
230 		while((!*p) && i) {
231 			*(to--) = 0;
232 			i--;
233 			p--;
234 		}
235 		/* Special case: if all zeros then the number will be of
236 		 * the form FF followed by n zero bytes: this corresponds to
237 		 * 1 followed by n zero bytes. We've already written n zeros
238 		 * so we just append an extra one and set the first byte to
239 		 * a 1. This is treated separately because it is the only case
240 		 * where the number of bytes is larger than len.
241 		 */
242 		if (!i) {
243 			*s = 1;
244 			s[len] = 0;
245 			len++;
246 		} else {
247 			*(to--) = (*(p--) ^ 0xff) + 1;
248 			i--;
249 			for (; i > 0; i--)
250 				*(to--) = *(p--) ^ 0xff;
251 		}
252 	} else {
253 		ret->type = V_ASN1_INTEGER;
254 		if ((*p == 0) && (len != 1)) {
255 			p++;
256 			len--;
257 		}
258 		memcpy(s, p, len);
259 	}
260 
261 	free(ret->data);
262 	ret->data = s;
263 	ret->length = (int)len;
264 	if (a != NULL)
265 		(*a) = ret;
266 	*pp = pend;
267 	return (ret);
268 
269 err:
270 	ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
271 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
272 		M_ASN1_INTEGER_free(ret);
273 	return (NULL);
274 }
275 
276 
277 /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
278  * ASN1 integers: some broken software can encode a positive INTEGER
279  * with its MSB set as negative (it doesn't add a padding zero).
280  */
281 
282 ASN1_INTEGER *
283 d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length)
284 {
285 	ASN1_INTEGER *ret = NULL;
286 	const unsigned char *p;
287 	unsigned char *s;
288 	long len;
289 	int inf, tag, xclass;
290 	int i;
291 
292 	if ((a == NULL) || ((*a) == NULL)) {
293 		if ((ret = M_ASN1_INTEGER_new()) == NULL)
294 			return (NULL);
295 		ret->type = V_ASN1_INTEGER;
296 	} else
297 		ret = (*a);
298 
299 	p = *pp;
300 	inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
301 	if (inf & 0x80) {
302 		i = ASN1_R_BAD_OBJECT_HEADER;
303 		goto err;
304 	}
305 
306 	if (tag != V_ASN1_INTEGER) {
307 		i = ASN1_R_EXPECTING_AN_INTEGER;
308 		goto err;
309 	}
310 
311 	/* We must malloc stuff, even for 0 bytes otherwise it
312 	 * signifies a missing NULL parameter. */
313 	s = malloc((int)len + 1);
314 	if (s == NULL) {
315 		i = ERR_R_MALLOC_FAILURE;
316 		goto err;
317 	}
318 	ret->type = V_ASN1_INTEGER;
319 	if (len) {
320 		if ((*p == 0) && (len != 1)) {
321 			p++;
322 			len--;
323 		}
324 		memcpy(s, p, len);
325 		p += len;
326 	}
327 
328 	free(ret->data);
329 	ret->data = s;
330 	ret->length = (int)len;
331 	if (a != NULL)
332 		(*a) = ret;
333 	*pp = p;
334 	return (ret);
335 
336 err:
337 	ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
338 	if ((ret != NULL) && ((a == NULL) || (*a != ret)))
339 		M_ASN1_INTEGER_free(ret);
340 	return (NULL);
341 }
342 
343 int
344 ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
345 {
346 	int j, k;
347 	unsigned int i;
348 	unsigned char buf[sizeof(long) + 1];
349 	long d;
350 
351 	a->type = V_ASN1_INTEGER;
352 	/* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */
353 	if (a->length < (int)(sizeof(long) + 1)) {
354 		free(a->data);
355 		a->data = calloc(1, sizeof(long) + 1);
356 	}
357 	if (a->data == NULL) {
358 		ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
359 		return (0);
360 	}
361 	d = v;
362 	if (d < 0) {
363 		d = -d;
364 		a->type = V_ASN1_NEG_INTEGER;
365 	}
366 
367 	for (i = 0; i < sizeof(long); i++) {
368 		if (d == 0)
369 			break;
370 		buf[i] = (int)d & 0xff;
371 		d >>= 8;
372 	}
373 	j = 0;
374 	for (k = i - 1; k >= 0; k--)
375 		a->data[j++] = buf[k];
376 	a->length = j;
377 	return (1);
378 }
379 
380 long
381 ASN1_INTEGER_get(const ASN1_INTEGER *a)
382 {
383 	int neg = 0, i;
384 	long r = 0;
385 
386 	if (a == NULL)
387 		return (0L);
388 	i = a->type;
389 	if (i == V_ASN1_NEG_INTEGER)
390 		neg = 1;
391 	else if (i != V_ASN1_INTEGER)
392 		return -1;
393 
394 	if (a->length > (int)sizeof(long)) {
395 		/* hmm... a bit ugly, return all ones */
396 		return -1;
397 	}
398 	if (a->data == NULL)
399 		return 0;
400 
401 	for (i = 0; i < a->length; i++) {
402 		r <<= 8;
403 		r |= (unsigned char)a->data[i];
404 	}
405 	if (neg)
406 		r = -r;
407 	return (r);
408 }
409 
410 ASN1_INTEGER *
411 BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
412 {
413 	ASN1_INTEGER *ret;
414 	int len, j;
415 
416 	if (ai == NULL)
417 		ret = M_ASN1_INTEGER_new();
418 	else
419 		ret = ai;
420 	if (ret == NULL) {
421 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
422 		goto err;
423 	}
424 	if (BN_is_negative(bn))
425 		ret->type = V_ASN1_NEG_INTEGER;
426 	else
427 		ret->type = V_ASN1_INTEGER;
428 	j = BN_num_bits(bn);
429 	len = ((j == 0) ? 0 : ((j / 8) + 1));
430 	if (ret->length < len + 4) {
431 		unsigned char *new_data = realloc(ret->data, len + 4);
432 		if (!new_data) {
433 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
434 			goto err;
435 		}
436 		ret->data = new_data;
437 	}
438 	ret->length = BN_bn2bin(bn, ret->data);
439 
440 	/* Correct zero case */
441 	if (!ret->length) {
442 		ret->data[0] = 0;
443 		ret->length = 1;
444 	}
445 	return (ret);
446 
447 err:
448 	if (ret != ai)
449 		M_ASN1_INTEGER_free(ret);
450 	return (NULL);
451 }
452 
453 BIGNUM *
454 ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
455 {
456 	BIGNUM *ret;
457 
458 	if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
459 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
460 	else if (ai->type == V_ASN1_NEG_INTEGER)
461 		BN_set_negative(ret, 1);
462 	return (ret);
463 }
464 
465 IMPLEMENT_STACK_OF(ASN1_INTEGER)
466 IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER)
467