1 /*
2  * Copyright 2000-2020 The OpenSSL Project Authors. All Rights Reserved.
3  *
4  * Licensed under the Apache License 2.0 (the "License").  You may not use
5  * this file except in compliance with the License.  You can obtain a copy
6  * in the file LICENSE in the source distribution or at
7  * https://www.openssl.org/source/license.html
8  */
9 
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/asn1t.h>
13 
14 #define COPY_SIZE(a, b) (sizeof(a) < sizeof(b) ? sizeof(a) : sizeof(b))
15 
16 /*
17  * Custom primitive type for long handling. This converts between an
18  * ASN1_INTEGER and a long directly.
19  */
20 
21 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it);
22 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it);
23 
24 static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype,
25                     const ASN1_ITEM *it);
26 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
27                     int utype, char *free_cont, const ASN1_ITEM *it);
28 static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it,
29                       int indent, const ASN1_PCTX *pctx);
30 
31 static ASN1_PRIMITIVE_FUNCS long_pf = {
32     NULL, 0,
33     long_new,
34     long_free,
35     long_free,                  /* Clear should set to initial value */
36     long_c2i,
37     long_i2c,
38     long_print
39 };
40 
ASN1_ITEM_start(LONG)41 ASN1_ITEM_start(LONG)
42         ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, ASN1_LONG_UNDEF, "LONG"
43 ASN1_ITEM_end(LONG)
44 
45 ASN1_ITEM_start(ZLONG)
46         ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &long_pf, 0, "ZLONG"
47 ASN1_ITEM_end(ZLONG)
48 
49 static int long_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
50 {
51     memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
52     return 1;
53 }
54 
long_free(ASN1_VALUE ** pval,const ASN1_ITEM * it)55 static void long_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
56 {
57     memcpy(pval, &it->size, COPY_SIZE(*pval, it->size));
58 }
59 
60 /*
61  * Originally BN_num_bits_word was called to perform this operation, but
62  * trouble is that there is no guarantee that sizeof(long) equals to
63  * sizeof(BN_ULONG). BN_ULONG is a configurable type that can be as wide
64  * as long, but also double or half...
65  */
num_bits_ulong(unsigned long value)66 static int num_bits_ulong(unsigned long value)
67 {
68     size_t i;
69     unsigned long ret = 0;
70 
71     /*
72      * It is argued that *on average* constant counter loop performs
73      * not worse [if not better] than one with conditional break or
74      * mask-n-table-lookup-style, because of branch misprediction
75      * penalties.
76      */
77     for (i = 0; i < sizeof(value) * 8; i++) {
78         ret += (value != 0);
79         value >>= 1;
80     }
81 
82     return (int)ret;
83 }
84 
long_i2c(const ASN1_VALUE ** pval,unsigned char * cont,int * putype,const ASN1_ITEM * it)85 static int long_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype,
86                     const ASN1_ITEM *it)
87 {
88     long ltmp;
89     unsigned long utmp, sign;
90     int clen, pad, i;
91 
92     memcpy(&ltmp, pval, COPY_SIZE(*pval, ltmp));
93     if (ltmp == it->size)
94         return -1;
95     /*
96      * Convert the long to positive: we subtract one if negative so we can
97      * cleanly handle the padding if only the MSB of the leading octet is
98      * set.
99      */
100     if (ltmp < 0) {
101         sign = 0xff;
102         utmp = 0 - (unsigned long)ltmp - 1;
103     } else {
104         sign = 0;
105         utmp = ltmp;
106     }
107     clen = num_bits_ulong(utmp);
108     /* If MSB of leading octet set we need to pad */
109     if (!(clen & 0x7))
110         pad = 1;
111     else
112         pad = 0;
113 
114     /* Convert number of bits to number of octets */
115     clen = (clen + 7) >> 3;
116 
117     if (cont != NULL) {
118         if (pad)
119             *cont++ = (unsigned char)sign;
120         for (i = clen - 1; i >= 0; i--) {
121             cont[i] = (unsigned char)(utmp ^ sign);
122             utmp >>= 8;
123         }
124     }
125     return clen + pad;
126 }
127 
long_c2i(ASN1_VALUE ** pval,const unsigned char * cont,int len,int utype,char * free_cont,const ASN1_ITEM * it)128 static int long_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
129                     int utype, char *free_cont, const ASN1_ITEM *it)
130 {
131     int i;
132     long ltmp;
133     unsigned long utmp = 0, sign = 0x100;
134 
135     if (len > 1) {
136         /*
137          * Check possible pad byte.  Worst case, we're skipping past actual
138          * content, but since that's only with 0x00 and 0xff and we set neg
139          * accordingly, the result will be correct in the end anyway.
140          */
141         switch (cont[0]) {
142         case 0xff:
143             cont++;
144             len--;
145             sign = 0xff;
146             break;
147         case 0:
148             cont++;
149             len--;
150             sign = 0;
151             break;
152         }
153     }
154     if (len > (int)sizeof(long)) {
155         ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
156         return 0;
157     }
158 
159     if (sign == 0x100) {
160         /* Is it negative? */
161         if (len && (cont[0] & 0x80))
162             sign = 0xff;
163         else
164             sign = 0;
165     } else if (((sign ^ cont[0]) & 0x80) == 0) { /* same sign bit? */
166         ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_PADDING);
167         return 0;
168     }
169     utmp = 0;
170     for (i = 0; i < len; i++) {
171         utmp <<= 8;
172         utmp |= cont[i] ^ sign;
173     }
174     ltmp = (long)utmp;
175     if (ltmp < 0) {
176         ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
177         return 0;
178     }
179     if (sign)
180         ltmp = -ltmp - 1;
181     if (ltmp == it->size) {
182         ERR_raise(ERR_LIB_ASN1, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG);
183         return 0;
184     }
185     memcpy(pval, &ltmp, COPY_SIZE(*pval, ltmp));
186     return 1;
187 }
188 
long_print(BIO * out,const ASN1_VALUE ** pval,const ASN1_ITEM * it,int indent,const ASN1_PCTX * pctx)189 static int long_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it,
190                       int indent, const ASN1_PCTX *pctx)
191 {
192     long l;
193 
194     memcpy(&l, pval, COPY_SIZE(*pval, l));
195     return BIO_printf(out, "%ld\n", l);
196 }
197