source: EcnlProtoTool/trunk/openssl-1.1.0e/crypto/asn1/a_int.c@ 331

Last change on this file since 331 was 331, checked in by coas-nagasima, 6 years ago

prototoolに関連するプロジェクトをnewlibからmuslを使うよう変更・更新
ntshellをnewlibの下位の実装から、muslのsyscallの実装に変更・更新
以下のOSSをアップデート
・mruby-1.3.0
・musl-1.1.18
・onigmo-6.1.3
・tcc-0.9.27
以下のOSSを追加
・openssl-1.1.0e
・curl-7.57.0
・zlib-1.2.11
以下のmrbgemsを追加
・iij/mruby-digest
・iij/mruby-env
・iij/mruby-errno
・iij/mruby-iijson
・iij/mruby-ipaddr
・iij/mruby-mock
・iij/mruby-require
・iij/mruby-tls-openssl
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-csrc
File size: 15.4 KB
Line 
1/*
2 * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdio.h>
11#include "internal/cryptlib.h"
12#include "internal/numbers.h"
13#include <limits.h>
14#include <openssl/asn1.h>
15#include <openssl/bn.h>
16#include "asn1_locl.h"
17
18ASN1_INTEGER *ASN1_INTEGER_dup(const ASN1_INTEGER *x)
19{
20 return ASN1_STRING_dup(x);
21}
22
23int ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y)
24{
25 int neg, ret;
26 /* Compare signs */
27 neg = x->type & V_ASN1_NEG;
28 if (neg != (y->type & V_ASN1_NEG)) {
29 if (neg)
30 return -1;
31 else
32 return 1;
33 }
34
35 ret = ASN1_STRING_cmp(x, y);
36
37 if (neg)
38 return -ret;
39 else
40 return ret;
41}
42
43/*-
44 * This converts a big endian buffer and sign into its content encoding.
45 * This is used for INTEGER and ENUMERATED types.
46 * The internal representation is an ASN1_STRING whose data is a big endian
47 * representation of the value, ignoring the sign. The sign is determined by
48 * the type: if type & V_ASN1_NEG is true it is negative, otherwise positive.
49 *
50 * Positive integers are no problem: they are almost the same as the DER
51 * encoding, except if the first byte is >= 0x80 we need to add a zero pad.
52 *
53 * Negative integers are a bit trickier...
54 * The DER representation of negative integers is in 2s complement form.
55 * The internal form is converted by complementing each octet and finally
56 * adding one to the result. This can be done less messily with a little trick.
57 * If the internal form has trailing zeroes then they will become FF by the
58 * complement and 0 by the add one (due to carry) so just copy as many trailing
59 * zeros to the destination as there are in the source. The carry will add one
60 * to the last none zero octet: so complement this octet and add one and finally
61 * complement any left over until you get to the start of the string.
62 *
63 * Padding is a little trickier too. If the first bytes is > 0x80 then we pad
64 * with 0xff. However if the first byte is 0x80 and one of the following bytes
65 * is non-zero we pad with 0xff. The reason for this distinction is that 0x80
66 * followed by optional zeros isn't padded.
67 */
68
69static size_t i2c_ibuf(const unsigned char *b, size_t blen, int neg,
70 unsigned char **pp)
71{
72 int pad = 0;
73 size_t ret, i;
74 unsigned char *p, pb = 0;
75 const unsigned char *n;
76
77 if (b == NULL || blen == 0)
78 ret = 1;
79 else {
80 ret = blen;
81 i = b[0];
82 if (ret == 1 && i == 0)
83 neg = 0;
84 if (!neg && (i > 127)) {
85 pad = 1;
86 pb = 0;
87 } else if (neg) {
88 if (i > 128) {
89 pad = 1;
90 pb = 0xFF;
91 } else if (i == 128) {
92 /*
93 * Special case: if any other bytes non zero we pad:
94 * otherwise we don't.
95 */
96 for (i = 1; i < blen; i++)
97 if (b[i]) {
98 pad = 1;
99 pb = 0xFF;
100 break;
101 }
102 }
103 }
104 ret += pad;
105 }
106 if (pp == NULL)
107 return ret;
108 p = *pp;
109
110 if (pad)
111 *(p++) = pb;
112 if (b == NULL || blen == 0)
113 *p = 0;
114 else if (!neg)
115 memcpy(p, b, blen);
116 else {
117 /* Begin at the end of the encoding */
118 n = b + blen;
119 p += blen;
120 i = blen;
121 /* Copy zeros to destination as long as source is zero */
122 while (!n[-1] && i > 1) {
123 *(--p) = 0;
124 n--;
125 i--;
126 }
127 /* Complement and increment next octet */
128 *(--p) = ((*(--n)) ^ 0xff) + 1;
129 i--;
130 /* Complement any octets left */
131 for (; i > 0; i--)
132 *(--p) = *(--n) ^ 0xff;
133 }
134
135 *pp += ret;
136 return ret;
137}
138
139/*
140 * convert content octets into a big endian buffer. Returns the length
141 * of buffer or 0 on error: for malformed INTEGER. If output buffer is
142 * NULL just return length.
143 */
144
145static size_t c2i_ibuf(unsigned char *b, int *pneg,
146 const unsigned char *p, size_t plen)
147{
148 size_t i;
149 int neg, pad;
150 /* Zero content length is illegal */
151 if (plen == 0) {
152 ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_ZERO_CONTENT);
153 return 0;
154 }
155 neg = p[0] & 0x80;
156 if (pneg)
157 *pneg = neg;
158 /* Handle common case where length is 1 octet separately */
159 if (plen == 1) {
160 if (b) {
161 if (neg)
162 b[0] = (p[0] ^ 0xFF) + 1;
163 else
164 b[0] = p[0];
165 }
166 return 1;
167 }
168 if (p[0] == 0 || p[0] == 0xFF)
169 pad = 1;
170 else
171 pad = 0;
172 /* reject illegal padding: first two octets MSB can't match */
173 if (pad && (neg == (p[1] & 0x80))) {
174 ASN1err(ASN1_F_C2I_IBUF, ASN1_R_ILLEGAL_PADDING);
175 return 0;
176 }
177 /* If positive just copy across */
178 if (neg == 0) {
179 if (b)
180 memcpy(b, p + pad, plen - pad);
181 return plen - pad;
182 }
183
184 if (neg && pad) {
185 /* check is any following octets are non zero */
186 for (i = 1; i < plen; i++) {
187 if (p[i] != 0)
188 break;
189 }
190 /* if all bytes are zero handle as special case */
191 if (i == plen) {
192 if (b) {
193 b[0] = 1;
194 memset(b + 1, 0, plen - 1);
195 }
196 return plen;
197 }
198 }
199
200 plen -= pad;
201 /* Must be negative: calculate twos complement */
202 if (b) {
203 const unsigned char *from = p + plen - 1 + pad;
204 unsigned char *to = b + plen;
205 i = plen;
206 while (*from == 0 && i) {
207 *--to = 0;
208 i--;
209 from--;
210 }
211 *--to = (*from-- ^ 0xff) + 1;
212 OPENSSL_assert(i != 0);
213 i--;
214 for (; i > 0; i--)
215 *--to = *from-- ^ 0xff;
216 }
217 return plen;
218}
219
220int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp)
221{
222 return i2c_ibuf(a->data, a->length, a->type & V_ASN1_NEG, pp);
223}
224
225/* Convert big endian buffer into uint64_t, return 0 on error */
226static int asn1_get_uint64(uint64_t *pr, const unsigned char *b, size_t blen)
227{
228 size_t i;
229 if (blen > sizeof(*pr)) {
230 ASN1err(ASN1_F_ASN1_GET_UINT64, ASN1_R_TOO_LARGE);
231 return 0;
232 }
233 *pr = 0;
234 if (b == NULL)
235 return 0;
236 for (i = 0; i < blen; i++) {
237 *pr <<= 8;
238 *pr |= b[i];
239 }
240 return 1;
241}
242
243static size_t asn1_put_uint64(unsigned char *b, uint64_t r)
244{
245 if (r >= 0x100) {
246 unsigned char *p;
247 uint64_t rtmp = r;
248 size_t i = 0;
249
250 /* Work out how many bytes we need */
251 while (rtmp) {
252 rtmp >>= 8;
253 i++;
254 }
255
256 /* Copy from end to beginning */
257 p = b + i - 1;
258
259 do {
260 *p-- = r & 0xFF;
261 r >>= 8;
262 } while (p >= b);
263
264 return i;
265 }
266
267 b[0] = (unsigned char)r;
268 return 1;
269
270}
271
272/*
273 * Absolute value of INT64_MIN: we can't just use -INT64_MIN as it produces
274 * overflow warnings.
275 */
276
277#define ABS_INT64_MIN \
278 ((uint64_t)INT64_MAX + (uint64_t)(-(INT64_MIN + INT64_MAX)))
279
280/* signed version of asn1_get_uint64 */
281static int asn1_get_int64(int64_t *pr, const unsigned char *b, size_t blen,
282 int neg)
283{
284 uint64_t r;
285 if (asn1_get_uint64(&r, b, blen) == 0)
286 return 0;
287 if (neg) {
288 if (r > ABS_INT64_MIN) {
289 ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_SMALL);
290 return 0;
291 }
292 *pr = 0 - (uint64_t)r;
293 } else {
294 if (r > INT64_MAX) {
295 ASN1err(ASN1_F_ASN1_GET_INT64, ASN1_R_TOO_LARGE);
296 return 0;
297 }
298 *pr = (int64_t)r;
299 }
300 return 1;
301}
302
303/* Convert ASN1 INTEGER content octets to ASN1_INTEGER structure */
304ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp,
305 long len)
306{
307 ASN1_INTEGER *ret = NULL;
308 size_t r;
309 int neg;
310
311 r = c2i_ibuf(NULL, NULL, *pp, len);
312
313 if (r == 0)
314 return NULL;
315
316 if ((a == NULL) || ((*a) == NULL)) {
317 ret = ASN1_INTEGER_new();
318 if (ret == NULL)
319 return NULL;
320 ret->type = V_ASN1_INTEGER;
321 } else
322 ret = *a;
323
324 if (ASN1_STRING_set(ret, NULL, r) == 0)
325 goto err;
326
327 c2i_ibuf(ret->data, &neg, *pp, len);
328
329 if (neg)
330 ret->type |= V_ASN1_NEG;
331
332 *pp += len;
333 if (a != NULL)
334 (*a) = ret;
335 return ret;
336 err:
337 ASN1err(ASN1_F_C2I_ASN1_INTEGER, ERR_R_MALLOC_FAILURE);
338 if ((a == NULL) || (*a != ret))
339 ASN1_INTEGER_free(ret);
340 return NULL;
341}
342
343static int asn1_string_get_int64(int64_t *pr, const ASN1_STRING *a, int itype)
344{
345 if (a == NULL) {
346 ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ERR_R_PASSED_NULL_PARAMETER);
347 return 0;
348 }
349 if ((a->type & ~V_ASN1_NEG) != itype) {
350 ASN1err(ASN1_F_ASN1_STRING_GET_INT64, ASN1_R_WRONG_INTEGER_TYPE);
351 return 0;
352 }
353 return asn1_get_int64(pr, a->data, a->length, a->type & V_ASN1_NEG);
354}
355
356static int asn1_string_set_int64(ASN1_STRING *a, int64_t r, int itype)
357{
358 unsigned char tbuf[sizeof(r)];
359 size_t l;
360 a->type = itype;
361 if (r < 0) {
362 l = asn1_put_uint64(tbuf, -r);
363 a->type |= V_ASN1_NEG;
364 } else {
365 l = asn1_put_uint64(tbuf, r);
366 a->type &= ~V_ASN1_NEG;
367 }
368 if (l == 0)
369 return 0;
370 return ASN1_STRING_set(a, tbuf, l);
371}
372
373static int asn1_string_get_uint64(uint64_t *pr, const ASN1_STRING *a,
374 int itype)
375{
376 if (a == NULL) {
377 ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ERR_R_PASSED_NULL_PARAMETER);
378 return 0;
379 }
380 if ((a->type & ~V_ASN1_NEG) != itype) {
381 ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_WRONG_INTEGER_TYPE);
382 return 0;
383 }
384 if (a->type & V_ASN1_NEG) {
385 ASN1err(ASN1_F_ASN1_STRING_GET_UINT64, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
386 return 0;
387 }
388 return asn1_get_uint64(pr, a->data, a->length);
389}
390
391static int asn1_string_set_uint64(ASN1_STRING *a, uint64_t r, int itype)
392{
393 unsigned char tbuf[sizeof(r)];
394 size_t l;
395 a->type = itype;
396 l = asn1_put_uint64(tbuf, r);
397 if (l == 0)
398 return 0;
399 return ASN1_STRING_set(a, tbuf, l);
400}
401
402/*
403 * This is a version of d2i_ASN1_INTEGER that ignores the sign bit of ASN1
404 * integers: some broken software can encode a positive INTEGER with its MSB
405 * set as negative (it doesn't add a padding zero).
406 */
407
408ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp,
409 long length)
410{
411 ASN1_INTEGER *ret = NULL;
412 const unsigned char *p;
413 unsigned char *s;
414 long len;
415 int inf, tag, xclass;
416 int i;
417
418 if ((a == NULL) || ((*a) == NULL)) {
419 if ((ret = ASN1_INTEGER_new()) == NULL)
420 return (NULL);
421 ret->type = V_ASN1_INTEGER;
422 } else
423 ret = (*a);
424
425 p = *pp;
426 inf = ASN1_get_object(&p, &len, &tag, &xclass, length);
427 if (inf & 0x80) {
428 i = ASN1_R_BAD_OBJECT_HEADER;
429 goto err;
430 }
431
432 if (tag != V_ASN1_INTEGER) {
433 i = ASN1_R_EXPECTING_AN_INTEGER;
434 goto err;
435 }
436
437 /*
438 * We must OPENSSL_malloc stuff, even for 0 bytes otherwise it signifies
439 * a missing NULL parameter.
440 */
441 s = OPENSSL_malloc((int)len + 1);
442 if (s == NULL) {
443 i = ERR_R_MALLOC_FAILURE;
444 goto err;
445 }
446 ret->type = V_ASN1_INTEGER;
447 if (len) {
448 if ((*p == 0) && (len != 1)) {
449 p++;
450 len--;
451 }
452 memcpy(s, p, (int)len);
453 p += len;
454 }
455
456 OPENSSL_free(ret->data);
457 ret->data = s;
458 ret->length = (int)len;
459 if (a != NULL)
460 (*a) = ret;
461 *pp = p;
462 return (ret);
463 err:
464 ASN1err(ASN1_F_D2I_ASN1_UINTEGER, i);
465 if ((a == NULL) || (*a != ret))
466 ASN1_INTEGER_free(ret);
467 return (NULL);
468}
469
470static ASN1_STRING *bn_to_asn1_string(const BIGNUM *bn, ASN1_STRING *ai,
471 int atype)
472{
473 ASN1_INTEGER *ret;
474 int len;
475
476 if (ai == NULL) {
477 ret = ASN1_STRING_type_new(atype);
478 } else {
479 ret = ai;
480 ret->type = atype;
481 }
482
483 if (ret == NULL) {
484 ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_NESTED_ASN1_ERROR);
485 goto err;
486 }
487
488 if (BN_is_negative(bn) && !BN_is_zero(bn))
489 ret->type |= V_ASN1_NEG_INTEGER;
490
491 len = BN_num_bytes(bn);
492
493 if (len == 0)
494 len = 1;
495
496 if (ASN1_STRING_set(ret, NULL, len) == 0) {
497 ASN1err(ASN1_F_BN_TO_ASN1_STRING, ERR_R_MALLOC_FAILURE);
498 goto err;
499 }
500
501 /* Correct zero case */
502 if (BN_is_zero(bn))
503 ret->data[0] = 0;
504 else
505 len = BN_bn2bin(bn, ret->data);
506 ret->length = len;
507 return ret;
508 err:
509 if (ret != ai)
510 ASN1_INTEGER_free(ret);
511 return (NULL);
512}
513
514static BIGNUM *asn1_string_to_bn(const ASN1_INTEGER *ai, BIGNUM *bn,
515 int itype)
516{
517 BIGNUM *ret;
518
519 if ((ai->type & ~V_ASN1_NEG) != itype) {
520 ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_WRONG_INTEGER_TYPE);
521 return NULL;
522 }
523
524 ret = BN_bin2bn(ai->data, ai->length, bn);
525 if (ret == 0) {
526 ASN1err(ASN1_F_ASN1_STRING_TO_BN, ASN1_R_BN_LIB);
527 return NULL;
528 }
529 if (ai->type & V_ASN1_NEG)
530 BN_set_negative(ret, 1);
531 return ret;
532}
533
534int ASN1_INTEGER_get_int64(int64_t *pr, const ASN1_INTEGER *a)
535{
536 return asn1_string_get_int64(pr, a, V_ASN1_INTEGER);
537}
538
539int ASN1_INTEGER_set_int64(ASN1_INTEGER *a, int64_t r)
540{
541 return asn1_string_set_int64(a, r, V_ASN1_INTEGER);
542}
543
544int ASN1_INTEGER_get_uint64(uint64_t *pr, const ASN1_INTEGER *a)
545{
546 return asn1_string_get_uint64(pr, a, V_ASN1_INTEGER);
547}
548
549int ASN1_INTEGER_set_uint64(ASN1_INTEGER *a, uint64_t r)
550{
551 return asn1_string_set_uint64(a, r, V_ASN1_INTEGER);
552}
553
554int ASN1_INTEGER_set(ASN1_INTEGER *a, long v)
555{
556 return ASN1_INTEGER_set_int64(a, v);
557}
558
559long ASN1_INTEGER_get(const ASN1_INTEGER *a)
560{
561 int i;
562 int64_t r;
563 if (a == NULL)
564 return 0;
565 i = ASN1_INTEGER_get_int64(&r, a);
566 if (i == 0)
567 return -1;
568 if (r > LONG_MAX || r < LONG_MIN)
569 return -1;
570 return (long)r;
571}
572
573ASN1_INTEGER *BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai)
574{
575 return bn_to_asn1_string(bn, ai, V_ASN1_INTEGER);
576}
577
578BIGNUM *ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn)
579{
580 return asn1_string_to_bn(ai, bn, V_ASN1_INTEGER);
581}
582
583int ASN1_ENUMERATED_get_int64(int64_t *pr, const ASN1_ENUMERATED *a)
584{
585 return asn1_string_get_int64(pr, a, V_ASN1_ENUMERATED);
586}
587
588int ASN1_ENUMERATED_set_int64(ASN1_ENUMERATED *a, int64_t r)
589{
590 return asn1_string_set_int64(a, r, V_ASN1_ENUMERATED);
591}
592
593int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v)
594{
595 return ASN1_ENUMERATED_set_int64(a, v);
596}
597
598long ASN1_ENUMERATED_get(const ASN1_ENUMERATED *a)
599{
600 int i;
601 int64_t r;
602 if (a == NULL)
603 return 0;
604 if ((a->type & ~V_ASN1_NEG) != V_ASN1_ENUMERATED)
605 return -1;
606 if (a->length > (int)sizeof(long))
607 return 0xffffffffL;
608 i = ASN1_ENUMERATED_get_int64(&r, a);
609 if (i == 0)
610 return -1;
611 if (r > LONG_MAX || r < LONG_MIN)
612 return -1;
613 return (long)r;
614}
615
616ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(const BIGNUM *bn, ASN1_ENUMERATED *ai)
617{
618 return bn_to_asn1_string(bn, ai, V_ASN1_ENUMERATED);
619}
620
621BIGNUM *ASN1_ENUMERATED_to_BN(const ASN1_ENUMERATED *ai, BIGNUM *bn)
622{
623 return asn1_string_to_bn(ai, bn, V_ASN1_ENUMERATED);
624}
Note: See TracBrowser for help on using the repository browser.