File: | src/lib/libcrypto/asn1/a_int.c |
Warning: | line 374, column 16 Array access (from variable 's') results in a null pointer dereference |
Press '?' to see keyboard shortcuts
Keyboard shortcuts:
1 | /* $OpenBSD: a_int.c,v 1.38 2021/12/25 13:17:48 jsing Exp $ */ | ||||
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||||
3 | * All rights reserved. | ||||
4 | * | ||||
5 | * This package is an SSL implementation written | ||||
6 | * by Eric Young (eay@cryptsoft.com). | ||||
7 | * The implementation was written so as to conform with Netscapes SSL. | ||||
8 | * | ||||
9 | * This library is free for commercial and non-commercial use as long as | ||||
10 | * the following conditions are aheared to. The following conditions | ||||
11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||||
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||||
13 | * included with this distribution is covered by the same copyright terms | ||||
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||||
15 | * | ||||
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||||
17 | * the code are not to be removed. | ||||
18 | * If this package is used in a product, Eric Young should be given attribution | ||||
19 | * as the author of the parts of the library used. | ||||
20 | * This can be in the form of a textual message at program startup or | ||||
21 | * in documentation (online or textual) provided with the package. | ||||
22 | * | ||||
23 | * Redistribution and use in source and binary forms, with or without | ||||
24 | * modification, are permitted provided that the following conditions | ||||
25 | * are met: | ||||
26 | * 1. Redistributions of source code must retain the copyright | ||||
27 | * notice, this list of conditions and the following disclaimer. | ||||
28 | * 2. Redistributions in binary form must reproduce the above copyright | ||||
29 | * notice, this list of conditions and the following disclaimer in the | ||||
30 | * documentation and/or other materials provided with the distribution. | ||||
31 | * 3. All advertising materials mentioning features or use of this software | ||||
32 | * must display the following acknowledgement: | ||||
33 | * "This product includes cryptographic software written by | ||||
34 | * Eric Young (eay@cryptsoft.com)" | ||||
35 | * The word 'cryptographic' can be left out if the rouines from the library | ||||
36 | * being used are not cryptographic related :-). | ||||
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||||
38 | * the apps directory (application code) you must include an acknowledgement: | ||||
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||||
40 | * | ||||
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||||
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||||
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||||
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||||
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||||
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||||
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||||
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||||
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||||
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||||
51 | * SUCH DAMAGE. | ||||
52 | * | ||||
53 | * The licence and distribution terms for any publically available version or | ||||
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||||
55 | * copied and put under another distribution licence | ||||
56 | * [including the GNU Public Licence.] | ||||
57 | */ | ||||
58 | |||||
59 | #include <limits.h> | ||||
60 | #include <stdio.h> | ||||
61 | #include <string.h> | ||||
62 | |||||
63 | #include <openssl/asn1.h> | ||||
64 | #include <openssl/asn1t.h> | ||||
65 | #include <openssl/bn.h> | ||||
66 | #include <openssl/buffer.h> | ||||
67 | #include <openssl/err.h> | ||||
68 | |||||
69 | const ASN1_ITEM ASN1_INTEGER_it = { | ||||
70 | .itype = ASN1_ITYPE_PRIMITIVE0x0, | ||||
71 | .utype = V_ASN1_INTEGER2, | ||||
72 | .sname = "ASN1_INTEGER", | ||||
73 | }; | ||||
74 | |||||
75 | ASN1_INTEGER * | ||||
76 | ASN1_INTEGER_new(void) | ||||
77 | { | ||||
78 | return (ASN1_INTEGER *)ASN1_item_new(&ASN1_INTEGER_it); | ||||
79 | } | ||||
80 | |||||
81 | void | ||||
82 | ASN1_INTEGER_free(ASN1_INTEGER *a) | ||||
83 | { | ||||
84 | ASN1_item_free((ASN1_VALUE *)a, &ASN1_INTEGER_it); | ||||
85 | } | ||||
86 | |||||
87 | static int | ||||
88 | ASN1_INTEGER_valid(const ASN1_INTEGER *a) | ||||
89 | { | ||||
90 | return (a != NULL((void*)0) && a->length >= 0); | ||||
91 | } | ||||
92 | |||||
93 | ASN1_INTEGER * | ||||
94 | ASN1_INTEGER_dup(const ASN1_INTEGER *x) | ||||
95 | { | ||||
96 | if (!ASN1_INTEGER_valid(x)) | ||||
97 | return NULL((void*)0); | ||||
98 | |||||
99 | return ASN1_STRING_dup(x); | ||||
100 | } | ||||
101 | |||||
102 | int | ||||
103 | ASN1_INTEGER_cmp(const ASN1_INTEGER *x, const ASN1_INTEGER *y) | ||||
104 | { | ||||
105 | int neg, ret; | ||||
106 | |||||
107 | /* Compare signs */ | ||||
108 | neg = x->type & V_ASN1_NEG0x100; | ||||
109 | if (neg != (y->type & V_ASN1_NEG0x100)) { | ||||
110 | if (neg) | ||||
111 | return -1; | ||||
112 | else | ||||
113 | return 1; | ||||
114 | } | ||||
115 | |||||
116 | ret = ASN1_STRING_cmp(x, y); | ||||
117 | |||||
118 | if (neg) | ||||
119 | return -ret; | ||||
120 | else | ||||
121 | return ret; | ||||
122 | } | ||||
123 | |||||
124 | int | ||||
125 | ASN1_INTEGER_set(ASN1_INTEGER *a, long v) | ||||
126 | { | ||||
127 | int j, k; | ||||
128 | unsigned int i; | ||||
129 | unsigned char buf[sizeof(long) + 1]; | ||||
130 | long d; | ||||
131 | |||||
132 | a->type = V_ASN1_INTEGER2; | ||||
133 | /* XXX ssl/ssl_asn1.c:i2d_SSL_SESSION() depends upon this bound vae */ | ||||
134 | if (a->length < (int)(sizeof(long) + 1)) { | ||||
135 | free(a->data); | ||||
136 | a->data = calloc(1, sizeof(long) + 1); | ||||
137 | } | ||||
138 | if (a->data == NULL((void*)0)) { | ||||
139 | ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_int.c" ,139); | ||||
140 | return (0); | ||||
141 | } | ||||
142 | d = v; | ||||
143 | if (d < 0) { | ||||
144 | d = -d; | ||||
145 | a->type = V_ASN1_NEG_INTEGER(2 | 0x100); | ||||
146 | } | ||||
147 | |||||
148 | for (i = 0; i < sizeof(long); i++) { | ||||
149 | if (d == 0) | ||||
150 | break; | ||||
151 | buf[i] = (int)d & 0xff; | ||||
152 | d >>= 8; | ||||
153 | } | ||||
154 | j = 0; | ||||
155 | for (k = i - 1; k >= 0; k--) | ||||
156 | a->data[j++] = buf[k]; | ||||
157 | a->length = j; | ||||
158 | return (1); | ||||
159 | } | ||||
160 | |||||
161 | /* | ||||
162 | * XXX this particular API is a gibbering eidrich horror that makes it | ||||
163 | * impossible to determine valid return cases from errors.. "a bit | ||||
164 | * ugly" is preserved for posterity, unfortunately this is probably | ||||
165 | * unfixable without changing public API | ||||
166 | */ | ||||
167 | long | ||||
168 | ASN1_INTEGER_get(const ASN1_INTEGER *a) | ||||
169 | { | ||||
170 | int neg = 0, i; | ||||
171 | unsigned long r = 0; | ||||
172 | |||||
173 | if (a == NULL((void*)0)) | ||||
174 | return (0L); | ||||
175 | i = a->type; | ||||
176 | if (i == V_ASN1_NEG_INTEGER(2 | 0x100)) | ||||
177 | neg = 1; | ||||
178 | else if (i != V_ASN1_INTEGER2) | ||||
179 | return -1; | ||||
180 | |||||
181 | if (!ASN1_INTEGER_valid(a)) | ||||
182 | return -1; /* XXX best effort */ | ||||
183 | |||||
184 | if (a->length > (int)sizeof(long)) { | ||||
185 | /* hmm... a bit ugly, return all ones */ | ||||
186 | return -1; | ||||
187 | } | ||||
188 | if (a->data == NULL((void*)0)) | ||||
189 | return 0; | ||||
190 | |||||
191 | for (i = 0; i < a->length; i++) { | ||||
192 | r <<= 8; | ||||
193 | r |= (unsigned char)a->data[i]; | ||||
194 | } | ||||
195 | |||||
196 | if (r > LONG_MAX9223372036854775807L) | ||||
197 | return -1; | ||||
198 | |||||
199 | if (neg) | ||||
200 | return -(long)r; | ||||
201 | return (long)r; | ||||
202 | } | ||||
203 | |||||
204 | ASN1_INTEGER * | ||||
205 | BN_to_ASN1_INTEGER(const BIGNUM *bn, ASN1_INTEGER *ai) | ||||
206 | { | ||||
207 | ASN1_INTEGER *ret; | ||||
208 | int len, j; | ||||
209 | |||||
210 | if (ai == NULL((void*)0)) | ||||
211 | ret = ASN1_INTEGER_new(); | ||||
212 | else | ||||
213 | ret = ai; | ||||
214 | if (ret == NULL((void*)0)) { | ||||
215 | ASN1error(ERR_R_NESTED_ASN1_ERROR)ERR_put_error(13,(0xfff),(58),"/usr/src/lib/libcrypto/asn1/a_int.c" ,215); | ||||
216 | goto err; | ||||
217 | } | ||||
218 | |||||
219 | if (!ASN1_INTEGER_valid(ret)) | ||||
220 | goto err; | ||||
221 | |||||
222 | if (BN_is_negative(bn)) | ||||
223 | ret->type = V_ASN1_NEG_INTEGER(2 | 0x100); | ||||
224 | else | ||||
225 | ret->type = V_ASN1_INTEGER2; | ||||
226 | j = BN_num_bits(bn); | ||||
227 | len = ((j == 0) ? 0 : ((j / 8) + 1)); | ||||
228 | if (ret->length < len + 4) { | ||||
229 | unsigned char *new_data = realloc(ret->data, len + 4); | ||||
230 | if (!new_data) { | ||||
231 | ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_int.c" ,231); | ||||
232 | goto err; | ||||
233 | } | ||||
234 | ret->data = new_data; | ||||
235 | } | ||||
236 | ret->length = BN_bn2bin(bn, ret->data); | ||||
237 | |||||
238 | /* Correct zero case */ | ||||
239 | if (!ret->length) { | ||||
240 | ret->data[0] = 0; | ||||
241 | ret->length = 1; | ||||
242 | } | ||||
243 | return (ret); | ||||
244 | |||||
245 | err: | ||||
246 | if (ret != ai) | ||||
247 | ASN1_INTEGER_free(ret); | ||||
248 | return (NULL((void*)0)); | ||||
249 | } | ||||
250 | |||||
251 | BIGNUM * | ||||
252 | ASN1_INTEGER_to_BN(const ASN1_INTEGER *ai, BIGNUM *bn) | ||||
253 | { | ||||
254 | BIGNUM *ret; | ||||
255 | |||||
256 | if (!ASN1_INTEGER_valid(ai)) | ||||
257 | return (NULL((void*)0)); | ||||
258 | |||||
259 | if ((ret = BN_bin2bn(ai->data, ai->length, bn)) == NULL((void*)0)) | ||||
260 | ASN1error(ASN1_R_BN_LIB)ERR_put_error(13,(0xfff),(105),"/usr/src/lib/libcrypto/asn1/a_int.c" ,260); | ||||
261 | else if (ai->type == V_ASN1_NEG_INTEGER(2 | 0x100)) | ||||
262 | BN_set_negative(ret, 1); | ||||
263 | return (ret); | ||||
264 | } | ||||
265 | |||||
266 | int | ||||
267 | i2a_ASN1_INTEGER(BIO *bp, const ASN1_INTEGER *a) | ||||
268 | { | ||||
269 | int i, n = 0; | ||||
270 | static const char h[] = "0123456789ABCDEF"; | ||||
271 | char buf[2]; | ||||
272 | |||||
273 | if (a == NULL((void*)0)) | ||||
274 | return (0); | ||||
275 | |||||
276 | if (a->type & V_ASN1_NEG0x100) { | ||||
277 | if (BIO_write(bp, "-", 1) != 1) | ||||
278 | goto err; | ||||
279 | n = 1; | ||||
280 | } | ||||
281 | |||||
282 | if (a->length == 0) { | ||||
283 | if (BIO_write(bp, "00", 2) != 2) | ||||
284 | goto err; | ||||
285 | n += 2; | ||||
286 | } else { | ||||
287 | for (i = 0; i < a->length; i++) { | ||||
288 | if ((i != 0) && (i % 35 == 0)) { | ||||
289 | if (BIO_write(bp, "\\\n", 2) != 2) | ||||
290 | goto err; | ||||
291 | n += 2; | ||||
292 | } | ||||
293 | buf[0] = h[((unsigned char)a->data[i] >> 4) & 0x0f]; | ||||
294 | buf[1] = h[((unsigned char)a->data[i]) & 0x0f]; | ||||
295 | if (BIO_write(bp, buf, 2) != 2) | ||||
296 | goto err; | ||||
297 | n += 2; | ||||
298 | } | ||||
299 | } | ||||
300 | return (n); | ||||
301 | |||||
302 | err: | ||||
303 | return (-1); | ||||
304 | } | ||||
305 | |||||
306 | int | ||||
307 | a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) | ||||
308 | { | ||||
309 | int ret = 0; | ||||
310 | int i, j,k, m,n, again, bufsize; | ||||
311 | unsigned char *s = NULL((void*)0), *sp; | ||||
| |||||
312 | unsigned char *bufp; | ||||
313 | int num = 0, slen = 0, first = 1; | ||||
314 | |||||
315 | bs->type = V_ASN1_INTEGER2; | ||||
316 | |||||
317 | bufsize = BIO_gets(bp, buf, size); | ||||
318 | for (;;) { | ||||
319 | if (bufsize < 1) | ||||
320 | goto err_sl; | ||||
321 | i = bufsize; | ||||
322 | if (buf[i - 1] == '\n') | ||||
323 | buf[--i] = '\0'; | ||||
324 | if (i
| ||||
325 | goto err_sl; | ||||
326 | if (buf[i - 1] == '\r') | ||||
327 | buf[--i] = '\0'; | ||||
328 | if (i
| ||||
329 | goto err_sl; | ||||
330 | if (buf[i - 1] == '\\') { | ||||
331 | i--; | ||||
332 | again = 1; | ||||
333 | } else | ||||
334 | again = 0; | ||||
335 | buf[i] = '\0'; | ||||
336 | if (i < 2) | ||||
337 | goto err_sl; | ||||
338 | |||||
339 | bufp = (unsigned char *)buf; | ||||
340 | if (first
| ||||
341 | first = 0; | ||||
342 | if ((bufp[0] == '0') && (buf[1] == '0')) { | ||||
343 | bufp += 2; | ||||
344 | i -= 2; | ||||
345 | } | ||||
346 | } | ||||
347 | k = 0; | ||||
348 | if (i % 2 != 0) { | ||||
349 | ASN1error(ASN1_R_ODD_NUMBER_OF_CHARS)ERR_put_error(13,(0xfff),(145),"/usr/src/lib/libcrypto/asn1/a_int.c" ,349); | ||||
350 | goto err; | ||||
351 | } | ||||
352 | i /= 2; | ||||
353 | if (num + i > slen) { | ||||
354 | if ((sp = recallocarray(s, slen, num + i, 1)) == NULL((void*)0)) { | ||||
355 | ASN1error(ERR_R_MALLOC_FAILURE)ERR_put_error(13,(0xfff),((1|64)),"/usr/src/lib/libcrypto/asn1/a_int.c" ,355); | ||||
356 | goto err; | ||||
357 | } | ||||
358 | s = sp; | ||||
359 | slen = num + i; | ||||
360 | } | ||||
361 | for (j = 0; j
| ||||
362 | for (n = 0; n < 2; n++) { | ||||
363 | m = bufp[k + n]; | ||||
364 | if ((m >= '0') && (m <= '9')) | ||||
365 | m -= '0'; | ||||
366 | else if ((m >= 'a') && (m <= 'f')) | ||||
367 | m = m - 'a' + 10; | ||||
368 | else if ((m >= 'A') && (m <= 'F')) | ||||
369 | m = m - 'A' + 10; | ||||
370 | else { | ||||
371 | ASN1error(ASN1_R_NON_HEX_CHARACTERS)ERR_put_error(13,(0xfff),(141),"/usr/src/lib/libcrypto/asn1/a_int.c" ,371); | ||||
372 | goto err; | ||||
373 | } | ||||
374 | s[num + j] <<= 4; | ||||
| |||||
375 | s[num + j] |= m; | ||||
376 | } | ||||
377 | } | ||||
378 | num += i; | ||||
379 | if (again
| ||||
380 | bufsize = BIO_gets(bp, buf, size); | ||||
381 | else | ||||
382 | break; | ||||
383 | } | ||||
384 | bs->length = num; | ||||
385 | bs->data = s; | ||||
386 | return (1); | ||||
387 | |||||
388 | err_sl: | ||||
389 | ASN1error(ASN1_R_SHORT_LINE)ERR_put_error(13,(0xfff),(150),"/usr/src/lib/libcrypto/asn1/a_int.c" ,389); | ||||
390 | err: | ||||
391 | free(s); | ||||
392 | return (ret); | ||||
393 | } | ||||
394 | |||||
395 | /* | ||||
396 | * This converts an ASN1 INTEGER into its content encoding. | ||||
397 | * The internal representation is an ASN1_STRING whose data is a big endian | ||||
398 | * representation of the value, ignoring the sign. The sign is determined by | ||||
399 | * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. | ||||
400 | * | ||||
401 | * Positive integers are no problem: they are almost the same as the DER | ||||
402 | * encoding, except if the first byte is >= 0x80 we need to add a zero pad. | ||||
403 | * | ||||
404 | * Negative integers are a bit trickier... | ||||
405 | * The DER representation of negative integers is in 2s complement form. | ||||
406 | * The internal form is converted by complementing each octet and finally | ||||
407 | * adding one to the result. This can be done less messily with a little trick. | ||||
408 | * If the internal form has trailing zeroes then they will become FF by the | ||||
409 | * complement and 0 by the add one (due to carry) so just copy as many trailing | ||||
410 | * zeros to the destination as there are in the source. The carry will add one | ||||
411 | * to the last none zero octet: so complement this octet and add one and finally | ||||
412 | * complement any left over until you get to the start of the string. | ||||
413 | * | ||||
414 | * Padding is a little trickier too. If the first bytes is > 0x80 then we pad | ||||
415 | * with 0xff. However if the first byte is 0x80 and one of the following bytes | ||||
416 | * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 | ||||
417 | * followed by optional zeros isn't padded. | ||||
418 | */ | ||||
419 | |||||
420 | int | ||||
421 | i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) | ||||
422 | { | ||||
423 | int pad = 0, ret, i, neg; | ||||
424 | unsigned char *p, *n, pb = 0; | ||||
425 | |||||
426 | if (!ASN1_INTEGER_valid(a)) | ||||
427 | return 0; | ||||
428 | |||||
429 | neg = a->type & V_ASN1_NEG0x100; | ||||
430 | if (a->length == 0) | ||||
431 | ret = 1; | ||||
432 | else { | ||||
433 | ret = a->length; | ||||
434 | i = a->data[0]; | ||||
435 | if (!neg && (i > 127)) { | ||||
436 | pad = 1; | ||||
437 | pb = 0; | ||||
438 | } else if (neg) { | ||||
439 | if (i > 128) { | ||||
440 | pad = 1; | ||||
441 | pb = 0xFF; | ||||
442 | } else if (i == 128) { | ||||
443 | /* | ||||
444 | * Special case: if any other bytes non zero we pad: | ||||
445 | * otherwise we don't. | ||||
446 | */ | ||||
447 | for (i = 1; i < a->length; i++) if (a->data[i]) { | ||||
448 | pad = 1; | ||||
449 | pb = 0xFF; | ||||
450 | break; | ||||
451 | } | ||||
452 | } | ||||
453 | } | ||||
454 | ret += pad; | ||||
455 | } | ||||
456 | if (pp == NULL((void*)0)) | ||||
457 | return (ret); | ||||
458 | p= *pp; | ||||
459 | |||||
460 | if (pad) | ||||
461 | *(p++) = pb; | ||||
462 | if (a->length == 0) | ||||
463 | *(p++) = 0; | ||||
464 | else if (!neg) | ||||
465 | memcpy(p, a->data, a->length); | ||||
466 | else { | ||||
467 | /* Begin at the end of the encoding */ | ||||
468 | n = a->data + a->length - 1; | ||||
469 | p += a->length - 1; | ||||
470 | i = a->length; | ||||
471 | /* Copy zeros to destination as long as source is zero */ | ||||
472 | while (!*n) { | ||||
473 | *(p--) = 0; | ||||
474 | n--; | ||||
475 | i--; | ||||
476 | } | ||||
477 | /* Complement and increment next octet */ | ||||
478 | *(p--) = ((*(n--)) ^ 0xff) + 1; | ||||
479 | i--; | ||||
480 | /* Complement any octets left */ | ||||
481 | for (; i > 0; i--) | ||||
482 | *(p--) = *(n--) ^ 0xff; | ||||
483 | } | ||||
484 | |||||
485 | *pp += ret; | ||||
486 | return (ret); | ||||
487 | } | ||||
488 | |||||
489 | /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ | ||||
490 | |||||
491 | ASN1_INTEGER * | ||||
492 | c2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **pp, long len) | ||||
493 | { | ||||
494 | ASN1_INTEGER *ret = NULL((void*)0); | ||||
495 | const unsigned char *p, *pend; | ||||
496 | unsigned char *to, *s; | ||||
497 | int i; | ||||
498 | |||||
499 | if ((a == NULL((void*)0)) || ((*a) == NULL((void*)0))) { | ||||
500 | if ((ret = ASN1_INTEGER_new()) == NULL((void*)0)) | ||||
501 | return (NULL((void*)0)); | ||||
502 | } else | ||||
503 | ret = (*a); | ||||
504 | |||||
505 | if (!ASN1_INTEGER_valid(ret)) { | ||||
506 | /* | ||||
507 | * XXX using i for an alert is confusing, | ||||
508 | * we should call this al | ||||
509 | */ | ||||
510 | i = ERR_R_ASN1_LENGTH_MISMATCH62; | ||||
511 | goto err; | ||||
512 | } | ||||
513 | |||||
514 | p = *pp; | ||||
515 | pend = p + len; | ||||
516 | |||||
517 | /* We must malloc stuff, even for 0 bytes otherwise it | ||||
518 | * signifies a missing NULL parameter. */ | ||||
519 | if (len < 0 || len > INT_MAX2147483647) { | ||||
520 | i = ERR_R_ASN1_LENGTH_MISMATCH62; | ||||
521 | goto err; | ||||
522 | } | ||||
523 | s = malloc(len + 1); | ||||
524 | if (s == NULL((void*)0)) { | ||||
525 | i = ERR_R_MALLOC_FAILURE(1|64); | ||||
526 | goto err; | ||||
527 | } | ||||
528 | to = s; | ||||
529 | if (!len) { | ||||
530 | /* Strictly speaking this is an illegal INTEGER but we | ||||
531 | * tolerate it. | ||||
532 | */ | ||||
533 | ret->type = V_ASN1_INTEGER2; | ||||
534 | } else if (*p & 0x80) /* a negative number */ { | ||||
535 | ret->type = V_ASN1_NEG_INTEGER(2 | 0x100); | ||||
536 | if ((*p == 0xff) && (len != 1)) { | ||||
537 | p++; | ||||
538 | len--; | ||||
539 | } | ||||
540 | i = len; | ||||
541 | p += i - 1; | ||||
542 | to += i - 1; | ||||
543 | while((!*p) && i) { | ||||
544 | *(to--) = 0; | ||||
545 | i--; | ||||
546 | p--; | ||||
547 | } | ||||
548 | /* Special case: if all zeros then the number will be of | ||||
549 | * the form FF followed by n zero bytes: this corresponds to | ||||
550 | * 1 followed by n zero bytes. We've already written n zeros | ||||
551 | * so we just append an extra one and set the first byte to | ||||
552 | * a 1. This is treated separately because it is the only case | ||||
553 | * where the number of bytes is larger than len. | ||||
554 | */ | ||||
555 | if (!i) { | ||||
556 | *s = 1; | ||||
557 | s[len] = 0; | ||||
558 | len++; | ||||
559 | } else { | ||||
560 | *(to--) = (*(p--) ^ 0xff) + 1; | ||||
561 | i--; | ||||
562 | for (; i > 0; i--) | ||||
563 | *(to--) = *(p--) ^ 0xff; | ||||
564 | } | ||||
565 | } else { | ||||
566 | ret->type = V_ASN1_INTEGER2; | ||||
567 | if ((*p == 0) && (len != 1)) { | ||||
568 | p++; | ||||
569 | len--; | ||||
570 | } | ||||
571 | memcpy(s, p, len); | ||||
572 | } | ||||
573 | |||||
574 | free(ret->data); | ||||
575 | ret->data = s; | ||||
576 | ret->length = (int)len; | ||||
577 | if (a != NULL((void*)0)) | ||||
578 | (*a) = ret; | ||||
579 | *pp = pend; | ||||
580 | return (ret); | ||||
581 | |||||
582 | err: | ||||
583 | ASN1error(i)ERR_put_error(13,(0xfff),(i),"/usr/src/lib/libcrypto/asn1/a_int.c" ,583); | ||||
584 | if (a == NULL((void*)0) || *a != ret) | ||||
585 | ASN1_INTEGER_free(ret); | ||||
586 | return (NULL((void*)0)); | ||||
587 | } | ||||
588 | |||||
589 | int | ||||
590 | i2d_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **out) | ||||
591 | { | ||||
592 | return ASN1_item_i2d((ASN1_VALUE *)a, out, &ASN1_INTEGER_it); | ||||
593 | } | ||||
594 | |||||
595 | ASN1_INTEGER * | ||||
596 | d2i_ASN1_INTEGER(ASN1_INTEGER **a, const unsigned char **in, long len) | ||||
597 | { | ||||
598 | return (ASN1_INTEGER *)ASN1_item_d2i((ASN1_VALUE **)a, in, len, | ||||
599 | &ASN1_INTEGER_it); | ||||
600 | } | ||||
601 | |||||
602 | /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of | ||||
603 | * ASN1 integers: some broken software can encode a positive INTEGER | ||||
604 | * with its MSB set as negative (it doesn't add a padding zero). | ||||
605 | */ | ||||
606 | |||||
607 | ASN1_INTEGER * | ||||
608 | d2i_ASN1_UINTEGER(ASN1_INTEGER **a, const unsigned char **pp, long length) | ||||
609 | { | ||||
610 | ASN1_INTEGER *ret = NULL((void*)0); | ||||
611 | const unsigned char *p; | ||||
612 | unsigned char *s; | ||||
613 | long len; | ||||
614 | int inf, tag, xclass; | ||||
615 | int i; | ||||
616 | |||||
617 | if ((a == NULL((void*)0)) || ((*a) == NULL((void*)0))) { | ||||
618 | if ((ret = ASN1_INTEGER_new()) == NULL((void*)0)) | ||||
619 | return (NULL((void*)0)); | ||||
620 | } else | ||||
621 | ret = (*a); | ||||
622 | |||||
623 | if (!ASN1_INTEGER_valid(ret)) { | ||||
624 | i = ERR_R_ASN1_LENGTH_MISMATCH62; | ||||
625 | goto err; | ||||
626 | } | ||||
627 | |||||
628 | p = *pp; | ||||
629 | inf = ASN1_get_object(&p, &len, &tag, &xclass, length); | ||||
630 | if (inf & 0x80) { | ||||
631 | i = ASN1_R_BAD_OBJECT_HEADER102; | ||||
632 | goto err; | ||||
633 | } | ||||
634 | |||||
635 | if (tag != V_ASN1_INTEGER2) { | ||||
636 | i = ASN1_R_EXPECTING_AN_INTEGER115; | ||||
637 | goto err; | ||||
638 | } | ||||
639 | |||||
640 | /* We must malloc stuff, even for 0 bytes otherwise it | ||||
641 | * signifies a missing NULL parameter. */ | ||||
642 | if (len < 0 || len > INT_MAX2147483647) { | ||||
643 | i = ERR_R_ASN1_LENGTH_MISMATCH62; | ||||
644 | goto err; | ||||
645 | } | ||||
646 | s = malloc(len + 1); | ||||
647 | if (s == NULL((void*)0)) { | ||||
648 | i = ERR_R_MALLOC_FAILURE(1|64); | ||||
649 | goto err; | ||||
650 | } | ||||
651 | ret->type = V_ASN1_INTEGER2; | ||||
652 | if (len) { | ||||
653 | if ((*p == 0) && (len != 1)) { | ||||
654 | p++; | ||||
655 | len--; | ||||
656 | } | ||||
657 | memcpy(s, p, len); | ||||
658 | p += len; | ||||
659 | } | ||||
660 | |||||
661 | free(ret->data); | ||||
662 | ret->data = s; | ||||
663 | ret->length = (int)len; | ||||
664 | if (a != NULL((void*)0)) | ||||
665 | (*a) = ret; | ||||
666 | *pp = p; | ||||
667 | return (ret); | ||||
668 | |||||
669 | err: | ||||
670 | ASN1error(i)ERR_put_error(13,(0xfff),(i),"/usr/src/lib/libcrypto/asn1/a_int.c" ,670); | ||||
671 | if (a == NULL((void*)0) || *a != ret) | ||||
672 | ASN1_INTEGER_free(ret); | ||||
673 | return (NULL((void*)0)); | ||||
674 | } |