xref: /dragonfly/crypto/libressl/crypto/asn1/a_int.c (revision f5b1c8a1) 
1 /* $OpenBSD: a_int.c,v 1.28 2015/07/29 14:58:34 jsing Exp $ */
2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3  * All rights reserved.
4  *
5  * This package is an SSL implementation written
6  * by Eric Young (eay@cryptsoft.com).
7  * The implementation was written so as to conform with Netscapes SSL.
8  *
9  * This library is free for commercial and non-commercial use as long as
10  * the following conditions are aheared to.  The following conditions
11  * apply to all code found in this distribution, be it the RC4, RSA,
12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
13  * included with this distribution is covered by the same copyright terms
14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15  *
16  * Copyright remains Eric Young's, and as such any Copyright notices in
17  * the code are not to be removed.
18  * If this package is used in a product, Eric Young should be given attribution
19  * as the author of the parts of the library used.
20  * This can be in the form of a textual message at program startup or
21  * in documentation (online or textual) provided with the package.
22  *
23  * Redistribution and use in source and binary forms, with or without
24  * modification, are permitted provided that the following conditions
25  * are met:
26  * 1. Redistributions of source code must retain the copyright
27  *    notice, this list of conditions and the following disclaimer.
28  * 2. Redistributions in binary form must reproduce the above copyright
29  *    notice, this list of conditions and the following disclaimer in the
30  *    documentation and/or other materials provided with the distribution.
31  * 3. All advertising materials mentioning features or use of this software
32  *    must display the following acknowledgement:
33  *    "This product includes cryptographic software written by
34  *     Eric Young (eay@cryptsoft.com)"
35  *    The word 'cryptographic' can be left out if the rouines from the library
36  *    being used are not cryptographic related :-).
37  * 4. If you include any Windows specific code (or a derivative thereof) from
38  *    the apps directory (application code) you must include an acknowledgement:
39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40  *
41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51  * SUCH DAMAGE.
52  *
53  * The licence and distribution terms for any publically available version or
54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
55  * copied and put under another distribution licence
56  * [including the GNU Public Licence.]
57  */
58 
59 #include <stdio.h>
60 #include <string.h>
61 
62 #include <openssl/asn1.h>
63 #include <openssl/bn.h>
64 #include <openssl/err.h>
65 
66 ASN1_INTEGER *
67 ASN1_INTEGER_dup(const ASN1_INTEGER *x)
68 {
69 	return ASN1_STRING_dup(x);
70 }
71 
72 int
73 ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
74 {
75 	int neg, ret;
76 
77 	/* Compare signs */
78 	neg = x->type & V_ASN1_NEG;
79 	if (neg != (y->type & V_ASN1_NEG)) {
80 		if (neg)
81 			return -1;
82 		else
83 			return 1;
84 	}
85 
86 	ret = ASN1_STRING_cmp(x, y);
87 
88 	if (neg)
89 		return -ret;
90 	else
91 		return ret;
92 }
93 
94 
95 /*
96  * This converts an ASN1 INTEGER into its content encoding.
97  * The internal representation is an ASN1_STRING whose data is a big endian
98  * representation of the value, ignoring the sign. The sign is determined by
99  * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative.
100  *
101  * Positive integers are no problem: they are almost the same as the DER
102  * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
103  *
104  * Negative integers are a bit trickier...
105  * The DER representation of negative integers is in 2s complement form.
106  * The internal form is converted by complementing each octet and finally
107  * adding one to the result. This can be done less messily with a little trick.
108  * If the internal form has trailing zeroes then they will become FF by the
109  * complement and 0 by the add one (due to carry) so just copy as many trailing
110  * zeros to the destination as there are in the source. The carry will add one
111  * to the last none zero octet: so complement this octet and add one and finally
112  * complement any left over until you get to the start of the string.
113  *
114  * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
115  * with 0xff. However if the first byte is 0x80 and one of the following bytes
116  * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
117  * followed by optional zeros isn't padded.
118  */
119 
120 int
121 i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
122 {
123 	int pad = 0, ret, i, neg;
124 	unsigned char *p, *n, pb = 0;
125 
126 	if (a == NULL)
127 		return (0);
128 	neg = a->type & V_ASN1_NEG;
129 	if (a->length == 0)
130 		ret = 1;
131 	else {
132 		ret = a->length;
133 		i = a->data[0];
134 		if (!neg && (i > 127)) {
135 			pad = 1;
136 			pb = 0;
137 		} else if (neg) {
138 			if (i > 128) {
139 				pad = 1;
140 				pb = 0xFF;
141 			} else if (i == 128) {
142 				/*
143 				 * Special case: if any other bytes non zero we pad:
144 				 * otherwise we don't.
145 				 */
146 				for (i = 1; i < a->length; i++) if (a->data[i]) {
147 					pad = 1;
148 					pb = 0xFF;
149 					break;
150 				}
151 			}
152 		}
153 		ret += pad;
154 	}
155 	if (pp == NULL)
156 		return (ret);
157 	p= *pp;
158 
159 	if (pad)
160 		*(p++) = pb;
161 	if (a->length == 0)
162 		*(p++) = 0;
163 	else if (!neg)
164 		memcpy(p, a->data, a->length);
165 	else {
166 		/* Begin at the end of the encoding */
167 		n = a->data + a->length - 1;
168 		p += a->length - 1;
169 		i = a->length;
170 		/* Copy zeros to destination as long as source is zero */
171 		while (!*n) {
172 			*(p--) = 0;
173 			n--;
174 			i--;
175 		}
176 		/* Complement and increment next octet */
177 		*(p--) = ((*(n--)) ^ 0xff) + 1;
178 		i--;
179 		/* Complement any octets left */
180 		for (; i > 0; i--)
181 			*(p--) = *(n--) ^ 0xff;
182 	}
183 
184 	*pp += ret;
185 	return (ret);
186 }
187 
188 /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */
189 
190 ASN1_INTEGER *
191 c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len)
192 {
193 	ASN1_INTEGER *ret = NULL;
194 	const unsigned char *p, *pend;
195 	unsigned char *to, *s;
196 	int i;
197 
198 	if ((a == NULL) || ((*a) == NULL)) {
199 		if ((ret = ASN1_INTEGER_new()) == NULL)
200 			return (NULL);
201 	} else
202 		ret = (*a);
203 
204 	p = *pp;
205 	pend = p + len;
206 
207 	/* We must malloc stuff, even for 0 bytes otherwise it
208 	 * signifies a missing NULL parameter. */
209 	s = malloc(len + 1);
210 	if (s == NULL) {
211 		i = ERR_R_MALLOC_FAILURE;
212 		goto err;
213 	}
214 	to = s;
215 	if (!len) {
216 		/* Strictly speaking this is an illegal INTEGER but we
217 		 * tolerate it.
218 		 */
219 		ret->type = V_ASN1_INTEGER;
220 	} else if (*p & 0x80) /* a negative number */ {
221 		ret->type = V_ASN1_NEG_INTEGER;
222 		if ((*p == 0xff) && (len != 1)) {
223 			p++;
224 			len--;
225 		}
226 		i = len;
227 		p += i - 1;
228 		to += i - 1;
229 		while((!*p) && i) {
230 			*(to--) = 0;
231 			i--;
232 			p--;
233 		}
234 		/* Special case: if all zeros then the number will be of
235 		 * the form FF followed by n zero bytes: this corresponds to
236 		 * 1 followed by n zero bytes. We've already written n zeros
237 		 * so we just append an extra one and set the first byte to
238 		 * a 1. This is treated separately because it is the only case
239 		 * where the number of bytes is larger than len.
240 		 */
241 		if (!i) {
242 			*s = 1;
243 			s[len] = 0;
244 			len++;
245 		} else {
246 			*(to--) = (*(p--) ^ 0xff) + 1;
247 			i--;
248 			for (; i > 0; i--)
249 				*(to--) = *(p--) ^ 0xff;
250 		}
251 	} else {
252 		ret->type = V_ASN1_INTEGER;
253 		if ((*p == 0) && (len != 1)) {
254 			p++;
255 			len--;
256 		}
257 		memcpy(s, p, len);
258 	}
259 
260 	free(ret->data);
261 	ret->data = s;
262 	ret->length = (int)len;
263 	if (a != NULL)
264 		(*a) = ret;
265 	*pp = pend;
266 	return (ret);
267 
268 err:
269 	ASN1err(ASN1_F_C2I_ASN1_INTEGER, i);
270 	if (a == NULL || *a != ret)
271 		ASN1_INTEGER_free(ret);
272 	return (NULL);
273 }
274 
275 
276 /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of
277  * ASN1 integers: some broken software can encode a positive INTEGER
278  * with its MSB set as negative (it doesn't add a padding zero).
279  */
280 
281 ASN1_INTEGER *
282 d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length)
283 {
284 	ASN1_INTEGER *ret = NULL;
285 	const unsigned char *p;
286 	unsigned char *s;
287 	long len;
288 	int inf, tag, xclass;
289 	int i;
290 
291 	if ((a == NULL) || ((*a) == NULL)) {
292 		if ((ret = ASN1_INTEGER_new()) == NULL)
293 			return (NULL);
294 	} else
295 		ret = (*a);
296 
297 	p = *pp;
298 	inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
299 	if (inf & 0x80) {
300 		i = ASN1_R_BAD_OBJECT_HEADER;
301 		goto err;
302 	}
303 
304 	if (tag != V_ASN1_INTEGER) {
305 		i = ASN1_R_EXPECTING_AN_INTEGER;
306 		goto err;
307 	}
308 
309 	/* We must malloc stuff, even for 0 bytes otherwise it
310 	 * signifies a missing NULL parameter. */
311 	s = malloc(len + 1);
312 	if (s == NULL) {
313 		i = ERR_R_MALLOC_FAILURE;
314 		goto err;
315 	}
316 	ret->type = V_ASN1_INTEGER;
317 	if (len) {
318 		if ((*p == 0) && (len != 1)) {
319 			p++;
320 			len--;
321 		}
322 		memcpy(s, p, len);
323 		p += len;
324 	}
325 
326 	free(ret->data);
327 	ret->data = s;
328 	ret->length = (int)len;
329 	if (a != NULL)
330 		(*a) = ret;
331 	*pp = p;
332 	return (ret);
333 
334 err:
335 	ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
336 	if (a == NULL || *a != ret)
337 		ASN1_INTEGER_free(ret);
338 	return (NULL);
339 }
340 
341 int
342 ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
343 {
344 	int j, k;
345 	unsigned int i;
346 	unsigned char buf[sizeof(long) + 1];
347 	long d;
348 
349 	a->type = V_ASN1_INTEGER;
350 	/* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */
351 	if (a->length < (int)(sizeof(long) + 1)) {
352 		free(a->data);
353 		a->data = calloc(1, sizeof(long) + 1);
354 	}
355 	if (a->data == NULL) {
356 		ASN1err(ASN1_F_ASN1_INTEGER_SET, ERR_R_MALLOC_FAILURE);
357 		return (0);
358 	}
359 	d = v;
360 	if (d < 0) {
361 		d = -d;
362 		a->type = V_ASN1_NEG_INTEGER;
363 	}
364 
365 	for (i = 0; i < sizeof(long); i++) {
366 		if (d == 0)
367 			break;
368 		buf[i] = (int)d & 0xff;
369 		d >>= 8;
370 	}
371 	j = 0;
372 	for (k = i - 1; k >= 0; k--)
373 		a->data[j++] = buf[k];
374 	a->length = j;
375 	return (1);
376 }
377 
378 long
379 ASN1_INTEGER_get(const ASN1_INTEGER *a)
380 {
381 	int neg = 0, i;
382 	long r = 0;
383 
384 	if (a == NULL)
385 		return (0L);
386 	i = a->type;
387 	if (i == V_ASN1_NEG_INTEGER)
388 		neg = 1;
389 	else if (i != V_ASN1_INTEGER)
390 		return -1;
391 
392 	if (a->length > (int)sizeof(long)) {
393 		/* hmm... a bit ugly, return all ones */
394 		return -1;
395 	}
396 	if (a->data == NULL)
397 		return 0;
398 
399 	for (i = 0; i < a->length; i++) {
400 		r <<= 8;
401 		r |= (unsigned char)a->data[i];
402 	}
403 	if (neg)
404 		r = -r;
405 	return (r);
406 }
407 
408 ASN1_INTEGER *
409 BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
410 {
411 	ASN1_INTEGER *ret;
412 	int len, j;
413 
414 	if (ai == NULL)
415 		ret = ASN1_INTEGER_new();
416 	else
417 		ret = ai;
418 	if (ret == NULL) {
419 		ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_NESTED_ASN1_ERROR);
420 		goto err;
421 	}
422 	if (BN_is_negative(bn))
423 		ret->type = V_ASN1_NEG_INTEGER;
424 	else
425 		ret->type = V_ASN1_INTEGER;
426 	j = BN_num_bits(bn);
427 	len = ((j == 0) ? 0 : ((j / 8) + 1));
428 	if (ret->length < len + 4) {
429 		unsigned char *new_data = realloc(ret->data, len + 4);
430 		if (!new_data) {
431 			ASN1err(ASN1_F_BN_TO_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
432 			goto err;
433 		}
434 		ret->data = new_data;
435 	}
436 	ret->length = BN_bn2bin(bn, ret->data);
437 
438 	/* Correct zero case */
439 	if (!ret->length) {
440 		ret->data[0] = 0;
441 		ret->length = 1;
442 	}
443 	return (ret);
444 
445 err:
446 	if (ret != ai)
447 		ASN1_INTEGER_free(ret);
448 	return (NULL);
449 }
450 
451 BIGNUM *
452 ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
453 {
454 	BIGNUM *ret;
455 
456 	if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL)
457 		ASN1err(ASN1_F_ASN1_INTEGER_TO_BN, ASN1_R_BN_LIB);
458 	else if (ai->type == V_ASN1_NEG_INTEGER)
459 		BN_set_negative(ret, 1);
460 	return (ret);
461 }
462