/src/openssl/crypto/asn1/x_int64.c

Source (jump to first uncovered line)
/*
 * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include "internal/cryptlib.h"
#include "internal/numbers.h"
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include "asn1_local.h"

/*
 * Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
 * This converts between an ASN1_INTEGER and those types directly.
 * This is preferred to using the LONG / ZLONG primitives.
 */

/*
 * We abuse the ASN1_ITEM fields |size| as a flags field
 */
#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
#define INTxx_FLAG_SIGNED       (1<<1)

static int uint64_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint64_t))) == NULL)
        return 0;
    return 1;
}

static void uint64_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    OPENSSL_free(*pval);
    *pval = NULL;
}

static void uint64_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    **(uint64_t **)pval = 0;
}

static int uint64_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype,
                      const ASN1_ITEM *it)
{
    uint64_t utmp;
    int neg = 0;
    /* this exists to bypass broken gcc optimization */
    char *cp = (char *)*pval;

    /* use memcpy, because we may not be uint64_t aligned */
    memcpy(&utmp, cp, sizeof(utmp));

    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
        && utmp == 0)
        return -1;
    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
        && (int64_t)utmp < 0) {
        /* ossl_i2c_uint64_int() assumes positive values */
        utmp = 0 - utmp;
        neg = 1;
    }

    return ossl_i2c_uint64_int(cont, utmp, neg);
}

static int uint64_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                      int utype, char *free_cont, const ASN1_ITEM *it)
{
    uint64_t utmp = 0;
    char *cp;
    int neg = 0;

    if (*pval == NULL && !uint64_new(pval, it))
        return 0;

    cp = (char *)*pval;

    /*
     * Strictly speaking, zero length is malformed.  However, long_c2i
     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
     * so for the sake of backward compatibility, we still decode zero
     * length INTEGERs as the number zero.
     */
    if (len == 0)
        goto long_compat;

    if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len))
        return 0;
    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
        return 0;
    }
    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
            && !neg && utmp > INT64_MAX) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
        return 0;
    }
    if (neg)
        /* ossl_c2i_uint64_int() returns positive values */
        utmp = 0 - utmp;

 long_compat:
    memcpy(cp, &utmp, sizeof(utmp));
    return 1;
}

static int uint64_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it,
                        int indent, const ASN1_PCTX *pctx)
{
    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
        return BIO_printf(out, "%jd\n", **(int64_t **)pval);
    return BIO_printf(out, "%ju\n", **(uint64_t **)pval);
}

/* 32-bit variants */

static int uint32_new(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    if ((*pval = (ASN1_VALUE *)OPENSSL_zalloc(sizeof(uint32_t))) == NULL)
        return 0;
    return 1;
}

static void uint32_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    OPENSSL_free(*pval);
    *pval = NULL;
}

static void uint32_clear(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
    **(uint32_t **)pval = 0;
}

static int uint32_i2c(const ASN1_VALUE **pval, unsigned char *cont, int *putype,
                      const ASN1_ITEM *it)
{
    uint32_t utmp;
    int neg = 0;
    /* this exists to bypass broken gcc optimization */
    char *cp = (char *)*pval;

    /* use memcpy, because we may not be uint32_t aligned */
    memcpy(&utmp, cp, sizeof(utmp));

    if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
        && utmp == 0)
        return -1;
    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
        && (int32_t)utmp < 0) {
        /* ossl_i2c_uint64_int() assumes positive values */
        utmp = 0 - utmp;
        neg = 1;
    }

    return ossl_i2c_uint64_int(cont, (uint64_t)utmp, neg);
}

/*
 * Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces
 * overflow warnings.
 */

#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1)

static int uint32_c2i(ASN1_VALUE **pval, const unsigned char *cont, int len,
                      int utype, char *free_cont, const ASN1_ITEM *it)
{
    uint64_t utmp = 0;
    uint32_t utmp2 = 0;
    char *cp;
    int neg = 0;

    if (*pval == NULL && !uint64_new(pval, it))
        return 0;

    cp = (char *)*pval;

    /*
     * Strictly speaking, zero length is malformed.  However, long_c2i
     * (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
     * so for the sake of backward compatibility, we still decode zero
     * length INTEGERs as the number zero.
     */
    if (len == 0)
        goto long_compat;

    if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len))
        return 0;
    if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
        ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
        return 0;
    }
    if (neg) {
        if (utmp > ABS_INT32_MIN) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
            return 0;
        }
        utmp = 0 - utmp;
    } else {
        if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX)
            || ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) {
            ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
            return 0;
        }
    }

 long_compat:
    utmp2 = (uint32_t)utmp;
    memcpy(cp, &utmp2, sizeof(utmp2));
    return 1;
}

static int uint32_print(BIO *out, const ASN1_VALUE **pval, const ASN1_ITEM *it,
                        int indent, const ASN1_PCTX *pctx)
{
    if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
        return BIO_printf(out, "%d\n", (int)**(int32_t **)pval);
    return BIO_printf(out, "%u\n", (unsigned int)**(uint32_t **)pval);
}


/* Define the primitives themselves */

static ASN1_PRIMITIVE_FUNCS uint32_pf = {
    NULL, 0,
    uint32_new,
    uint32_free,
    uint32_clear,
    uint32_c2i,
    uint32_i2c,
    uint32_print
};

static ASN1_PRIMITIVE_FUNCS uint64_pf = {
    NULL, 0,
    uint64_new,
    uint64_free,
    uint64_clear,
    uint64_c2i,
    uint64_i2c,
    uint64_print
};

ASN1_ITEM_start(INT32)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
    INTxx_FLAG_SIGNED, "INT32"
ASN1_ITEM_end(INT32)

ASN1_ITEM_start(UINT32)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
ASN1_ITEM_end(UINT32)

ASN1_ITEM_start(INT64)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
    INTxx_FLAG_SIGNED, "INT64"
ASN1_ITEM_end(INT64)

ASN1_ITEM_start(UINT64)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
ASN1_ITEM_end(UINT64)

ASN1_ITEM_start(ZINT32)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT32"
ASN1_ITEM_end(ZINT32)

ASN1_ITEM_start(ZUINT32)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
    INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
ASN1_ITEM_end(ZUINT32)

ASN1_ITEM_start(ZINT64)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
    INTxx_FLAG_ZERO_DEFAULT|INTxx_FLAG_SIGNED, "ZINT64"
ASN1_ITEM_end(ZINT64)

ASN1_ITEM_start(ZUINT64)
    ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
    INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
ASN1_ITEM_end(ZUINT64)


Coverage Report

Created: 2025-06-13 06:57

Line	Count	Source (jump to first uncovered line)
1		/*
2		* Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
3		*
4		* Licensed under the Apache License 2.0 (the "License"). You may not use
5		* this file except in compliance with the License. You can obtain a copy
6		* in the file LICENSE in the source distribution or at
7		* https://www.openssl.org/source/license.html
8		*/
9
10		#include <stdio.h>
11		#include "internal/cryptlib.h"
12		#include "internal/numbers.h"
13		#include <openssl/asn1t.h>
14		#include <openssl/bn.h>
15		#include "asn1_local.h"
16
17		/*
18		* Custom primitive types for handling int32_t, int64_t, uint32_t, uint64_t.
19		* This converts between an ASN1_INTEGER and those types directly.
20		* This is preferred to using the LONG / ZLONG primitives.
21		*/
22
23		/*
24		* We abuse the ASN1_ITEM fields \|size\| as a flags field
25		*/
26	1.63k	#define INTxx_FLAG_ZERO_DEFAULT (1<<0)
27	108k	#define INTxx_FLAG_SIGNED (1<<1)
28
29		static int uint64_new(ASN1_VALUE *pval, const ASN1_ITEM it)
30	0	{
31	0	if ((pval = (ASN1_VALUE )OPENSSL_zalloc(sizeof(uint64_t))) == NULL)
32	0	return 0;
33	0	return 1;
34	0	}
35
36		static void uint64_free(ASN1_VALUE *pval, const ASN1_ITEM it)
37	0	{
38	0	OPENSSL_free(*pval);
39	0	*pval = NULL;
40	0	}
41
42		static void uint64_clear(ASN1_VALUE *pval, const ASN1_ITEM it)
43	0	{
44	0	(uint64_t )pval = 0;
45	0	}
46
47		static int uint64_i2c(const ASN1_VALUE *pval, unsigned char cont, int *putype,
48		const ASN1_ITEM *it)
49	0	{
50	0	uint64_t utmp;
51	0	int neg = 0;
52		/* this exists to bypass broken gcc optimization */
53	0	char cp = (char )*pval;
54
55		/* use memcpy, because we may not be uint64_t aligned */
56	0	memcpy(&utmp, cp, sizeof(utmp));
57
58	0	if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
59	0	&& utmp == 0)
60	0	return -1;
61	0	if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
62	0	&& (int64_t)utmp < 0) {
63		/* ossl_i2c_uint64_int() assumes positive values */
64	0	utmp = 0 - utmp;
65	0	neg = 1;
66	0	}
67
68	0	return ossl_i2c_uint64_int(cont, utmp, neg);
69	0	}
70
71		static int uint64_c2i(ASN1_VALUE *pval, const unsigned char cont, int len,
72		int utype, char free_cont, const ASN1_ITEM it)
73	0	{
74	0	uint64_t utmp = 0;
75	0	char *cp;
76	0	int neg = 0;
77
78	0	if (*pval == NULL && !uint64_new(pval, it))
79	0	return 0;
80
81	0	cp = (char )pval;
82
83		/*
84		* Strictly speaking, zero length is malformed. However, long_c2i
85		* (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
86		* so for the sake of backward compatibility, we still decode zero
87		* length INTEGERs as the number zero.
88		*/
89	0	if (len == 0)
90	0	goto long_compat;
91
92	0	if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len))
93	0	return 0;
94	0	if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
95	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
96	0	return 0;
97	0	}
98	0	if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
99	0	&& !neg && utmp > INT64_MAX) {
100	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
101	0	return 0;
102	0	}
103	0	if (neg)
104		/* ossl_c2i_uint64_int() returns positive values */
105	0	utmp = 0 - utmp;
106
107	0	long_compat:
108	0	memcpy(cp, &utmp, sizeof(utmp));
109	0	return 1;
110	0	}
111
112		static int uint64_print(BIO out, const ASN1_VALUE pval, const ASN1_ITEM it,
113		int indent, const ASN1_PCTX *pctx)
114	0	{
115	0	if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
116	0	return BIO_printf(out, "%jd\n", (int64_t )pval);
117	0	return BIO_printf(out, "%ju\n", (uint64_t )pval);
118	0	}
119
120		/* 32-bit variants */
121
122		static int uint32_new(ASN1_VALUE *pval, const ASN1_ITEM it)
123	0	{
124	0	if ((pval = (ASN1_VALUE )OPENSSL_zalloc(sizeof(uint32_t))) == NULL)
125	0	return 0;
126	0	return 1;
127	0	}
128
129		static void uint32_free(ASN1_VALUE *pval, const ASN1_ITEM it)
130	0	{
131	0	OPENSSL_free(*pval);
132	0	*pval = NULL;
133	0	}
134
135		static void uint32_clear(ASN1_VALUE *pval, const ASN1_ITEM it)
136	43.1k	{
137	43.1k	(uint32_t )pval = 0;
138	43.1k	}
139
140		static int uint32_i2c(const ASN1_VALUE *pval, unsigned char cont, int *putype,
141		const ASN1_ITEM *it)
142	0	{
143	0	uint32_t utmp;
144	0	int neg = 0;
145		/* this exists to bypass broken gcc optimization */
146	0	char cp = (char )*pval;
147
148		/* use memcpy, because we may not be uint32_t aligned */
149	0	memcpy(&utmp, cp, sizeof(utmp));
150
151	0	if ((it->size & INTxx_FLAG_ZERO_DEFAULT) == INTxx_FLAG_ZERO_DEFAULT
152	0	&& utmp == 0)
153	0	return -1;
154	0	if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED
155	0	&& (int32_t)utmp < 0) {
156		/* ossl_i2c_uint64_int() assumes positive values */
157	0	utmp = 0 - utmp;
158	0	neg = 1;
159	0	}
160
161	0	return ossl_i2c_uint64_int(cont, (uint64_t)utmp, neg);
162	0	}
163
164		/*
165		* Absolute value of INT32_MIN: we can't just use -INT32_MIN as it produces
166		* overflow warnings.
167		*/
168
169	5.02k	#define ABS_INT32_MIN ((uint32_t)INT32_MAX + 1)
170
171		static int uint32_c2i(ASN1_VALUE *pval, const unsigned char cont, int len,
172		int utype, char free_cont, const ASN1_ITEM it)
173	26.8k	{
174	26.8k	uint64_t utmp = 0;
175	26.8k	uint32_t utmp2 = 0;
176	26.8k	char *cp;
177	26.8k	int neg = 0;
178
179	26.8k	if (*pval == NULL && !uint64_new(pval, it))
180	0	return 0;
181
182	26.8k	cp = (char )pval;
183
184		/*
185		* Strictly speaking, zero length is malformed. However, long_c2i
186		* (x_long.c) encodes 0 as a zero length INTEGER (wrongly, of course),
187		* so for the sake of backward compatibility, we still decode zero
188		* length INTEGERs as the number zero.
189		*/
190	26.8k	if (len == 0)
191	5.39k	goto long_compat;
192
193	21.4k	if (!ossl_c2i_uint64_int(&utmp, &neg, &cont, len))
194	6.19k	return 0;
195	15.2k	if ((it->size & INTxx_FLAG_SIGNED) == 0 && neg) {
196	0	ERR_raise(ERR_LIB_ASN1, ASN1_R_ILLEGAL_NEGATIVE_VALUE);
197	0	return 0;
198	0	}
199	15.2k	if (neg) {
200	5.02k	if (utmp > ABS_INT32_MIN) {
201	2.03k	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_SMALL);
202	2.03k	return 0;
203	2.03k	}
204	2.99k	utmp = 0 - utmp;
205	10.2k	} else {
206	10.2k	if (((it->size & INTxx_FLAG_SIGNED) != 0 && utmp > INT32_MAX)
207	10.2k	\|\| ((it->size & INTxx_FLAG_SIGNED) == 0 && utmp > UINT32_MAX)) {
208	1.76k	ERR_raise(ERR_LIB_ASN1, ASN1_R_TOO_LARGE);
209	1.76k	return 0;
210	1.76k	}
211	10.2k	}
212
213	16.8k	long_compat:
214	16.8k	utmp2 = (uint32_t)utmp;
215	16.8k	memcpy(cp, &utmp2, sizeof(utmp2));
216	16.8k	return 1;
217	15.2k	}
218
219		static int uint32_print(BIO out, const ASN1_VALUE pval, const ASN1_ITEM it,
220		int indent, const ASN1_PCTX *pctx)
221	0	{
222	0	if ((it->size & INTxx_FLAG_SIGNED) == INTxx_FLAG_SIGNED)
223	0	return BIO_printf(out, "%d\n", (int)(int32_t )pval);
224	0	return BIO_printf(out, "%u\n", (unsigned int)(uint32_t )pval);
225	0	}
226
227
228		/* Define the primitives themselves */
229
230		static ASN1_PRIMITIVE_FUNCS uint32_pf = {
231		NULL, 0,
232		uint32_new,
233		uint32_free,
234		uint32_clear,
235		uint32_c2i,
236		uint32_i2c,
237		uint32_print
238		};
239
240		static ASN1_PRIMITIVE_FUNCS uint64_pf = {
241		NULL, 0,
242		uint64_new,
243		uint64_free,
244		uint64_clear,
245		uint64_c2i,
246		uint64_i2c,
247		uint64_print
248		};
249
250	72.8k	ASN1_ITEM_start(INT32)
251	72.8k	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
252	72.8k	INTxx_FLAG_SIGNED, "INT32"
253	72.8k	ASN1_ITEM_end(INT32)
254
255	0	ASN1_ITEM_start(UINT32)
256	0	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf, 0, "UINT32"
257	0	ASN1_ITEM_end(UINT32)
258
259	0	ASN1_ITEM_start(INT64)
260	0	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
261	0	INTxx_FLAG_SIGNED, "INT64"
262	0	ASN1_ITEM_end(INT64)
263
264	0	ASN1_ITEM_start(UINT64)
265	0	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf, 0, "UINT64"
266	0	ASN1_ITEM_end(UINT64)
267
268	1.63k	ASN1_ITEM_start(ZINT32)
269	1.63k	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
270	1.63k	INTxx_FLAG_ZERO_DEFAULT\|INTxx_FLAG_SIGNED, "ZINT32"
271	1.63k	ASN1_ITEM_end(ZINT32)
272
273	0	ASN1_ITEM_start(ZUINT32)
274	0	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint32_pf,
275	0	INTxx_FLAG_ZERO_DEFAULT, "ZUINT32"
276	0	ASN1_ITEM_end(ZUINT32)
277
278	0	ASN1_ITEM_start(ZINT64)
279	0	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
280	0	INTxx_FLAG_ZERO_DEFAULT\|INTxx_FLAG_SIGNED, "ZINT64"
281	0	ASN1_ITEM_end(ZINT64)
282
283	0	ASN1_ITEM_start(ZUINT64)
284	0	ASN1_ITYPE_PRIMITIVE, V_ASN1_INTEGER, NULL, 0, &uint64_pf,
285	0	INTxx_FLAG_ZERO_DEFAULT, "ZUINT64"
286	0	ASN1_ITEM_end(ZUINT64)
287