1 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
2 * All rights reserved.
3 *
4 * This package is an SSL implementation written
5 * by Eric Young (eay@cryptsoft.com).
6 * The implementation was written so as to conform with Netscapes SSL.
7 *
8 * This library is free for commercial and non-commercial use as long as
9 * the following conditions are aheared to. The following conditions
10 * apply to all code found in this distribution, be it the RC4, RSA,
11 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
12 * included with this distribution is covered by the same copyright terms
13 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
14 *
15 * Copyright remains Eric Young's, and as such any Copyright notices in
16 * the code are not to be removed.
17 * If this package is used in a product, Eric Young should be given attribution
18 * as the author of the parts of the library used.
19 * This can be in the form of a textual message at program startup or
20 * in documentation (online or textual) provided with the package.
21 *
22 * Redistribution and use in source and binary forms, with or without
23 * modification, are permitted provided that the following conditions
24 * are met:
25 * 1. Redistributions of source code must retain the copyright
26 * notice, this list of conditions and the following disclaimer.
27 * 2. Redistributions in binary form must reproduce the above copyright
28 * notice, this list of conditions and the following disclaimer in the
29 * documentation and/or other materials provided with the distribution.
30 * 3. All advertising materials mentioning features or use of this software
31 * must display the following acknowledgement:
32 * "This product includes cryptographic software written by
33 * Eric Young (eay@cryptsoft.com)"
34 * The word 'cryptographic' can be left out if the rouines from the library
35 * being used are not cryptographic related :-).
36 * 4. If you include any Windows specific code (or a derivative thereof) from
37 * the apps directory (application code) you must include an acknowledgement:
38 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
39 *
40 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
41 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
43 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
44 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
45 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
46 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
48 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
49 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
50 * SUCH DAMAGE.
51 *
52 * The licence and distribution terms for any publically available version or
53 * derivative of this code cannot be changed. i.e. this code cannot simply be
54 * copied and put under another distribution licence
55 * [including the GNU Public Licence.] */
56
57 #include <openssl/asn1.h>
58
59 #include <limits.h>
60 #include <string.h>
61
62 #include <openssl/err.h>
63 #include <openssl/mem.h>
64
65 #include "../internal.h"
66
67
ASN1_BIT_STRING_set(ASN1_BIT_STRING * x,const unsigned char * d,int len)68 int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, const unsigned char *d, int len)
69 {
70 return ASN1_STRING_set(x, d, len);
71 }
72
asn1_bit_string_length(const ASN1_BIT_STRING * str,uint8_t * out_padding_bits)73 static int asn1_bit_string_length(const ASN1_BIT_STRING *str,
74 uint8_t *out_padding_bits) {
75 int len = str->length;
76 if (str->flags & ASN1_STRING_FLAG_BITS_LEFT) {
77 // If the string is already empty, it cannot have padding bits.
78 *out_padding_bits = len == 0 ? 0 : str->flags & 0x07;
79 return len;
80 }
81
82 // TODO(davidben): If we move this logic to |ASN1_BIT_STRING_set_bit|, can
83 // we remove this representation?
84 while (len > 0 && str->data[len - 1] == 0) {
85 len--;
86 }
87 uint8_t padding_bits = 0;
88 if (len > 0) {
89 uint8_t last = str->data[len - 1];
90 assert(last != 0);
91 for (; padding_bits < 7; padding_bits++) {
92 if (last & (1 << padding_bits)) {
93 break;
94 }
95 }
96 }
97 *out_padding_bits = padding_bits;
98 return len;
99 }
100
ASN1_BIT_STRING_num_bytes(const ASN1_BIT_STRING * str,size_t * out)101 int ASN1_BIT_STRING_num_bytes(const ASN1_BIT_STRING *str, size_t *out) {
102 uint8_t padding_bits;
103 int len = asn1_bit_string_length(str, &padding_bits);
104 if (padding_bits != 0) {
105 return 0;
106 }
107 *out = len;
108 return 1;
109 }
110
i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING * a,unsigned char ** pp)111 int i2c_ASN1_BIT_STRING(const ASN1_BIT_STRING *a, unsigned char **pp)
112 {
113 if (a == NULL) {
114 return 0;
115 }
116
117 uint8_t bits;
118 int len = asn1_bit_string_length(a, &bits);
119 int ret = 1 + len;
120 if (pp == NULL) {
121 return ret;
122 }
123
124 uint8_t *p = *pp;
125 *(p++) = bits;
126 OPENSSL_memcpy(p, a->data, len);
127 if (len > 0) {
128 p[len - 1] &= (0xff << bits);
129 }
130 p += len;
131 *pp = p;
132 return (ret);
133 }
134
c2i_ASN1_BIT_STRING(ASN1_BIT_STRING ** a,const unsigned char ** pp,long len)135 ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,
136 const unsigned char **pp, long len)
137 {
138 ASN1_BIT_STRING *ret = NULL;
139 const unsigned char *p;
140 unsigned char *s;
141 int padding;
142
143 if (len < 1) {
144 OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_SHORT);
145 goto err;
146 }
147
148 if (len > INT_MAX) {
149 OPENSSL_PUT_ERROR(ASN1, ASN1_R_STRING_TOO_LONG);
150 goto err;
151 }
152
153 if ((a == NULL) || ((*a) == NULL)) {
154 if ((ret = ASN1_BIT_STRING_new()) == NULL)
155 return (NULL);
156 } else
157 ret = (*a);
158
159 p = *pp;
160 padding = *(p++);
161 if (padding > 7) {
162 OPENSSL_PUT_ERROR(ASN1, ASN1_R_INVALID_BIT_STRING_BITS_LEFT);
163 goto err;
164 }
165
166 /*
167 * We do this to preserve the settings. If we modify the settings, via
168 * the _set_bit function, we will recalculate on output
169 */
170 ret->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear */
171 ret->flags |= (ASN1_STRING_FLAG_BITS_LEFT | padding); /* set */
172
173 if (len-- > 1) { /* using one because of the bits left byte */
174 s = (unsigned char *)OPENSSL_malloc((int)len);
175 if (s == NULL) {
176 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
177 goto err;
178 }
179 OPENSSL_memcpy(s, p, (int)len);
180 s[len - 1] &= (0xff << padding);
181 p += len;
182 } else
183 s = NULL;
184
185 ret->length = (int)len;
186 if (ret->data != NULL)
187 OPENSSL_free(ret->data);
188 ret->data = s;
189 ret->type = V_ASN1_BIT_STRING;
190 if (a != NULL)
191 (*a) = ret;
192 *pp = p;
193 return (ret);
194 err:
195 if ((ret != NULL) && ((a == NULL) || (*a != ret)))
196 ASN1_BIT_STRING_free(ret);
197 return (NULL);
198 }
199
200 /*
201 * These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de>
202 */
ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING * a,int n,int value)203 int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value)
204 {
205 int w, v, iv;
206 unsigned char *c;
207
208 w = n / 8;
209 v = 1 << (7 - (n & 0x07));
210 iv = ~v;
211 if (!value)
212 v = 0;
213
214 if (a == NULL)
215 return 0;
216
217 a->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); /* clear, set on write */
218
219 if ((a->length < (w + 1)) || (a->data == NULL)) {
220 if (!value)
221 return (1); /* Don't need to set */
222 if (a->data == NULL)
223 c = (unsigned char *)OPENSSL_malloc(w + 1);
224 else
225 c = (unsigned char *)OPENSSL_realloc(a->data, w + 1);
226 if (c == NULL) {
227 OPENSSL_PUT_ERROR(ASN1, ERR_R_MALLOC_FAILURE);
228 return 0;
229 }
230 if (w + 1 - a->length > 0)
231 OPENSSL_memset(c + a->length, 0, w + 1 - a->length);
232 a->data = c;
233 a->length = w + 1;
234 }
235 a->data[w] = ((a->data[w]) & iv) | v;
236 while ((a->length > 0) && (a->data[a->length - 1] == 0))
237 a->length--;
238 return (1);
239 }
240
ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING * a,int n)241 int ASN1_BIT_STRING_get_bit(const ASN1_BIT_STRING *a, int n)
242 {
243 int w, v;
244
245 w = n / 8;
246 v = 1 << (7 - (n & 0x07));
247 if ((a == NULL) || (a->length < (w + 1)) || (a->data == NULL))
248 return (0);
249 return ((a->data[w] & v) != 0);
250 }
251
252 /*
253 * Checks if the given bit string contains only bits specified by
254 * the flags vector. Returns 0 if there is at least one bit set in 'a'
255 * which is not specified in 'flags', 1 otherwise.
256 * 'len' is the length of 'flags'.
257 */
ASN1_BIT_STRING_check(const ASN1_BIT_STRING * a,const unsigned char * flags,int flags_len)258 int ASN1_BIT_STRING_check(const ASN1_BIT_STRING *a,
259 const unsigned char *flags, int flags_len)
260 {
261 int i, ok;
262 /* Check if there is one bit set at all. */
263 if (!a || !a->data)
264 return 1;
265
266 /*
267 * Check each byte of the internal representation of the bit string.
268 */
269 ok = 1;
270 for (i = 0; i < a->length && ok; ++i) {
271 unsigned char mask = i < flags_len ? ~flags[i] : 0xff;
272 /* We are done if there is an unneeded bit set. */
273 ok = (a->data[i] & mask) == 0;
274 }
275 return ok;
276 }
277