/src/openssl/crypto/asn1/x_int64.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved. |
3 | | * |
4 | | * Licensed under the Apache License 2.0 (the "License"). You may not use |
5 | | * this file except in compliance with the License. You can obtain a copy |
6 | | * in the file LICENSE in the source distribution or at |
7 | | * https://www.openssl.org/source/license.html |
8 | | */ |
9 | | |
10 | | #include <stdio.h> |
11 | | #include "internal/cryptlib.h" |
12 | | #include "internal/numbers.h" |
13 | | #include <openssl/asn1t.h> |
14 | | #include <openssl/bn.h> |
15 | | #include "asn1_local.h" |
16 | | |
17 | | /* |
18 | | * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t. |
19 | | * This converts between an ASN1_INTEGER and those types directly. |
20 | | * This is preferred to using the LONG / ZLONG primitives. |
21 | | */ |
22 | | |
23 | | /* |
24 | | * We abuse the ASN1_ITEM fields |size| as a flags field |
25 | | */ |
26 | 0 | #define INTxx_FLAG_ZERO_DEFAULT (1<<0) |
27 | 0 | #define INTxx_FLAG_SIGNED (1<<1) |
28 | | |
29 | | static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it) |
30 | 0 | { |
31 | 0 | if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL) |
32 | 0 | return 0; |
33 | 0 | return 1; |
34 | 0 | } |
35 | | |
36 | | static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
37 | 0 | { |
38 | 0 | OPENSSL_free(*pval); |
39 | 0 | *pval = NULL; |
40 | 0 | } |
41 | | |
42 | | static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) |
43 | 0 | { |
44 | 0 | **(uint64_t **)pval = 0; |
45 | 0 | } |
46 | | |
47 | | static int uint64_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, |
48 | | const ASN1_ITEM *it) |
49 | 0 | { |
50 | 0 | uint64_t utmp; |
51 | 0 | int neg = 0; |
52 | | /* this exists to bypass broken gcc optimization */ |
53 | 0 | char *cp = (char *)*pval; |
54 | | |
55 | | /* use memcpy, because we may not be uint64_t aligned */ |
56 | 0 | memcpy(&utmp, cp, sizeof(utmp)); |
57 | |
|
58 | 0 | if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT |
59 | 0 | && utmp == 0) |
60 | 0 | return -1; |
61 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED |
62 | 0 | && (int64_t)utmp < 0) { |
63 | | /* ossl_i2c_uint64_int() assumes positive values */ |
64 | 0 | utmp = 0 - utmp; |
65 | 0 | neg = 1; |
66 | 0 | } |
67 | |
|
68 | 0 | return ossl_i2c_uint64_int(cont, utmp, neg); |
69 | 0 | } |
70 | | |
71 | | static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, |
72 | | int utype, char *free_cont, const ASN1_ITEM *it) |
73 | 0 | { |
74 | 0 | uint64_t utmp = 0; |
75 | 0 | char *cp; |
76 | 0 | int neg = 0; |
77 | |
|
78 | 0 | if (*pval == NULL && !uint64_new(pval, it)) |
79 | 0 | return 0; |
80 | | |
81 | 0 | cp = (char *)*pval; |
82 | | |
83 | | /* |
84 | | * Strictly speaking, zero length is malformed. However, long_c2i |
85 | | * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course), |
86 | | * so for the sake of backward compatibility, we still decode zero |
87 | | * length INTEGERs as the number zero. |
88 | | */ |
89 | 0 | if (len == 0) |
90 | 0 | goto long_compat; |
91 | | |
92 | 0 | if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len)) |
93 | 0 | return 0; |
94 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { |
95 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); |
96 | 0 | return 0; |
97 | 0 | } |
98 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED |
99 | 0 | && !neg && utmp > INT64_MAX) { |
100 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); |
101 | 0 | return 0; |
102 | 0 | } |
103 | 0 | if (neg) |
104 | | /* ossl_c2i_uint64_int() returns positive values */ |
105 | 0 | utmp = 0 - utmp; |
106 | |
|
107 | 0 | long_compat: |
108 | 0 | memcpy(cp, &utmp, sizeof(utmp)); |
109 | 0 | return 1; |
110 | 0 | } |
111 | | |
112 | | static int uint64_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, |
113 | | int indent, const ASN1_PCTX *pctx) |
114 | 0 | { |
115 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) |
116 | 0 | return BIO_printf(out, "%jd\n", **(int64_t **)pval); |
117 | 0 | return BIO_printf(out, "%ju\n", **(uint64_t **)pval); |
118 | 0 | } |
119 | | |
120 | | /* 32-bit variants */ |
121 | | |
122 | | static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it) |
123 | 0 | { |
124 | 0 | if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL) |
125 | 0 | return 0; |
126 | 0 | return 1; |
127 | 0 | } |
128 | | |
129 | | static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
130 | 0 | { |
131 | 0 | OPENSSL_free(*pval); |
132 | 0 | *pval = NULL; |
133 | 0 | } |
134 | | |
135 | | static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it) |
136 | 0 | { |
137 | 0 | **(uint32_t **)pval = 0; |
138 | 0 | } |
139 | | |
140 | | static int uint32_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype, |
141 | | const ASN1_ITEM *it) |
142 | 0 | { |
143 | 0 | uint32_t utmp; |
144 | 0 | int neg = 0; |
145 | | /* this exists to bypass broken gcc optimization */ |
146 | 0 | char *cp = (char *)*pval; |
147 | | |
148 | | /* use memcpy, because we may not be uint32_t aligned */ |
149 | 0 | memcpy(&utmp, cp, sizeof(utmp)); |
150 | |
|
151 | 0 | if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT |
152 | 0 | && utmp == 0) |
153 | 0 | return -1; |
154 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED |
155 | 0 | && (int32_t)utmp < 0) { |
156 | | /* ossl_i2c_uint64_int() assumes positive values */ |
157 | 0 | utmp = 0 - utmp; |
158 | 0 | neg = 1; |
159 | 0 | } |
160 | |
|
161 | 0 | return ossl_i2c_uint64_int(cont, (uint64_t)utmp, neg); |
162 | 0 | } |
163 | | |
164 | | /* |
165 | | * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces |
166 | | * overflow warnings. |
167 | | */ |
168 | | |
169 | 0 | #define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1) |
170 | | |
171 | | static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len, |
172 | | int utype, char *free_cont, const ASN1_ITEM *it) |
173 | 0 | { |
174 | 0 | uint64_t utmp = 0; |
175 | 0 | uint32_t utmp2 = 0; |
176 | 0 | char *cp; |
177 | 0 | int neg = 0; |
178 | |
|
179 | 0 | if (*pval == NULL && !uint64_new(pval, it)) |
180 | 0 | return 0; |
181 | | |
182 | 0 | cp = (char *)*pval; |
183 | | |
184 | | /* |
185 | | * Strictly speaking, zero length is malformed. However, long_c2i |
186 | | * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course), |
187 | | * so for the sake of backward compatibility, we still decode zero |
188 | | * length INTEGERs as the number zero. |
189 | | */ |
190 | 0 | if (len == 0) |
191 | 0 | goto long_compat; |
192 | | |
193 | 0 | if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len)) |
194 | 0 | return 0; |
195 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) { |
196 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE); |
197 | 0 | return 0; |
198 | 0 | } |
199 | 0 | if (neg) { |
200 | 0 | if (utmp > ABS_INT32_MIN) { |
201 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL); |
202 | 0 | return 0; |
203 | 0 | } |
204 | 0 | utmp = 0 - utmp; |
205 | 0 | } else { |
206 | 0 | if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX) |
207 | 0 | || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) { |
208 | 0 | ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE); |
209 | 0 | return 0; |
210 | 0 | } |
211 | 0 | } |
212 | | |
213 | 0 | long_compat: |
214 | 0 | utmp2 = (uint32_t)utmp; |
215 | 0 | memcpy(cp, &utmp2, sizeof(utmp2)); |
216 | 0 | return 1; |
217 | 0 | } |
218 | | |
219 | | static int uint32_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it, |
220 | | int indent, const ASN1_PCTX *pctx) |
221 | 0 | { |
222 | 0 | if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED) |
223 | 0 | return BIO_printf(out, "%d\n", (int)**(int32_t **)pval); |
224 | 0 | return BIO_printf(out, "%u\n", (unsigned int)**(uint32_t **)pval); |
225 | 0 | } |
226 | | |
227 | | |
228 | | /* Define the primitives themselves */ |
229 | | |
230 | | static ASN1_PRIMITIVE_FUNCS uint32_pf = { |
231 | | NULL, 0, |
232 | | uint32_new, |
233 | | uint32_free, |
234 | | uint32_clear, |
235 | | uint32_c2i, |
236 | | uint32_i2c, |
237 | | uint32_print |
238 | | }; |
239 | | |
240 | | static ASN1_PRIMITIVE_FUNCS uint64_pf = { |
241 | | NULL, 0, |
242 | | uint64_new, |
243 | | uint64_free, |
244 | | uint64_clear, |
245 | | uint64_c2i, |
246 | | uint64_i2c, |
247 | | uint64_print |
248 | | }; |
249 | | |
250 | 0 | ASN1_ITEM_start(INT32) |
251 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, |
252 | 0 | INTxx_FLAG_SIGNED, "INT32" |
253 | 0 | ASN1_ITEM_end(INT32) |
254 | | |
255 | 0 | ASN1_ITEM_start(UINT32) |
256 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32" |
257 | 0 | ASN1_ITEM_end(UINT32) |
258 | | |
259 | 0 | ASN1_ITEM_start(INT64) |
260 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, |
261 | 0 | INTxx_FLAG_SIGNED, "INT64" |
262 | 0 | ASN1_ITEM_end(INT64) |
263 | | |
264 | 0 | ASN1_ITEM_start(UINT64) |
265 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64" |
266 | 0 | ASN1_ITEM_end(UINT64) |
267 | | |
268 | 0 | ASN1_ITEM_start(ZINT32) |
269 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, |
270 | 0 | INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32" |
271 | 0 | ASN1_ITEM_end(ZINT32) |
272 | | |
273 | 0 | ASN1_ITEM_start(ZUINT32) |
274 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, |
275 | 0 | INTxx_FLAG_ZERO_DEFAULT, "ZUINT32" |
276 | 0 | ASN1_ITEM_end(ZUINT32) |
277 | | |
278 | 0 | ASN1_ITEM_start(ZINT64) |
279 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, |
280 | 0 | INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64" |
281 | 0 | ASN1_ITEM_end(ZINT64) |
282 | | |
283 | 0 | ASN1_ITEM_start(ZUINT64) |
284 | 0 | ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, |
285 | 0 | INTxx_FLAG_ZERO_DEFAULT, "ZUINT64" |
286 | 0 | ASN1_ITEM_end(ZUINT64) |
287 | | |