1 /*
2 * Copyright (c) 2001-2003
3 * Fraunhofer Institute for Open Communication Systems (FhG Fokus).
4 * All rights reserved.
5 *
6 * Author: Harti Brandt <harti@freebsd.org>
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 *
17 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27 * SUCH DAMAGE.
28 *
29 * $Begemot: bsnmp/lib/asn1.c,v 1.31 2005/10/06 07:14:58 brandt_h Exp $
30 *
31 * ASN.1 for SNMP.
32 */
33 #include <sys/types.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <stdarg.h>
37 #include <string.h>
38 #ifdef HAVE_STDINT_H
39 #include <stdint.h>
40 #elif defined(HAVE_INTTYPES_H)
41 #include <inttypes.h>
42 #endif
43 #include <assert.h>
44
45 #include "support.h"
46 #include "asn1.h"
47
48 static void asn_error_func(const struct asn_buf *, const char *, ...);
49
50 void (*asn_error)(const struct asn_buf *, const char *, ...) = asn_error_func;
51
52 /*
53 * Read the next header. This reads the tag (note, that only single
54 * byte tags are supported for now) and the length field. The length field
55 * is restricted to a 32-bit value.
56 * All errors of this function stop the decoding.
57 */
58 enum asn_err
asn_get_header(struct asn_buf * b,u_char * type,asn_len_t * len)59 asn_get_header(struct asn_buf *b, u_char *type, asn_len_t *len)
60 {
61 u_int length;
62
63 if (b->asn_len == 0) {
64 asn_error(b, "no identifier for header");
65 return (ASN_ERR_EOBUF);
66 }
67 *type = *b->asn_cptr;
68 if ((*type & ASN_TYPE_MASK) > 0x1e) {
69 asn_error(b, "tags > 0x1e not supported (%#x)",
70 *type & ASN_TYPE_MASK);
71 return (ASN_ERR_FAILED);
72 }
73 b->asn_cptr++;
74 b->asn_len--;
75 if (b->asn_len == 0) {
76 asn_error(b, "no length field");
77 return (ASN_ERR_EOBUF);
78 }
79 if (*b->asn_cptr & 0x80) {
80 length = *b->asn_cptr++ & 0x7f;
81 b->asn_len--;
82 if (length == 0) {
83 asn_error(b, "indefinite length not supported");
84 return (ASN_ERR_FAILED);
85 }
86 if (length > ASN_MAXLENLEN) {
87 asn_error(b, "long length too long (%u)", length);
88 return (ASN_ERR_FAILED);
89 }
90 if (length > b->asn_len) {
91 asn_error(b, "long length truncated");
92 return (ASN_ERR_EOBUF);
93 }
94 *len = 0;
95 while (length--) {
96 *len = (*len << 8) | *b->asn_cptr++;
97 b->asn_len--;
98 }
99 } else {
100 *len = *b->asn_cptr++;
101 b->asn_len--;
102 }
103
104 #ifdef BOGUS_CVE_2019_5610_FIX
105 /*
106 * This is the fix from CVE-2019-5610.
107 *
108 * This is the wrong place. Each of the asn functions should check
109 * that it has enough info for its own work.
110 */
111 if (*len > b->asn_len) {
112 asn_error(b, "lenen %u exceeding asn_len %u", *len, b->asn_len);
113 return (ASN_ERR_EOBUF);
114 }
115 #endif
116 return (ASN_ERR_OK);
117 }
118
119 /*
120 * Write a length field (restricted to values < 2^32-1) and return the
121 * number of bytes this field takes. If ptr is NULL, the length is computed
122 * but nothing is written. If the length would be too large return 0.
123 */
124 static u_int
asn_put_len(u_char * ptr,asn_len_t len)125 asn_put_len(u_char *ptr, asn_len_t len)
126 {
127 u_int lenlen, lenlen1;
128 asn_len_t tmp;
129
130 if (len > ASN_MAXLEN) {
131 asn_error(NULL, "encoding length too long: (%u)", len);
132 return (0);
133 }
134
135 if (len <= 127) {
136 if (ptr)
137 *ptr++ = (u_char)len;
138 return (1);
139 } else {
140 lenlen = 0;
141 /* compute number of bytes for value (is at least 1) */
142 for (tmp = len; tmp != 0; tmp >>= 8)
143 lenlen++;
144 if (ptr != NULL) {
145 *ptr++ = (u_char)lenlen | 0x80;
146 lenlen1 = lenlen;
147 while (lenlen1-- > 0) {
148 ptr[lenlen1] = len & 0xff;
149 len >>= 8;
150 }
151 }
152 return (lenlen + 1);
153 }
154 }
155
156 /*
157 * Write a header (tag and length fields).
158 * Tags are restricted to one byte tags (value <= 0x1e) and the
159 * lenght field to 16-bit. All errors stop the encoding.
160 */
161 enum asn_err
asn_put_header(struct asn_buf * b,u_char type,asn_len_t len)162 asn_put_header(struct asn_buf *b, u_char type, asn_len_t len)
163 {
164 u_int lenlen;
165
166 /* tag field */
167 if ((type & ASN_TYPE_MASK) > 0x1e) {
168 asn_error(NULL, "types > 0x1e not supported (%#x)",
169 type & ASN_TYPE_MASK);
170 return (ASN_ERR_FAILED);
171 }
172 if (b->asn_len == 0)
173 return (ASN_ERR_EOBUF);
174
175 *b->asn_ptr++ = type;
176 b->asn_len--;
177
178 /* length field */
179 if ((lenlen = asn_put_len(NULL, len)) == 0)
180 return (ASN_ERR_FAILED);
181 if (b->asn_len < lenlen)
182 return (ASN_ERR_EOBUF);
183
184 (void)asn_put_len(b->asn_ptr, len);
185 b->asn_ptr += lenlen;
186 b->asn_len -= lenlen;
187 return (ASN_ERR_OK);
188 }
189
190
191 /*
192 * This constructs a temporary sequence header with space for the maximum
193 * length field (three byte). Set the pointer that ptr points to to the
194 * start of the encoded header. This is used for a later call to
195 * asn_commit_header which will fix-up the length field and move the
196 * value if needed. All errors should stop the encoding.
197 */
198 #define TEMP_LEN (1 + ASN_MAXLENLEN + 1)
199 enum asn_err
asn_put_temp_header(struct asn_buf * b,u_char type,u_char ** ptr)200 asn_put_temp_header(struct asn_buf *b, u_char type, u_char **ptr)
201 {
202 int ret;
203
204 if (b->asn_len < TEMP_LEN)
205 return (ASN_ERR_EOBUF);
206 *ptr = b->asn_ptr;
207 if ((ret = asn_put_header(b, type, ASN_MAXLEN)) == ASN_ERR_OK)
208 assert(b->asn_ptr == *ptr + TEMP_LEN);
209 return (ret);
210 }
211 enum asn_err
asn_commit_header(struct asn_buf * b,u_char * ptr,size_t * moved)212 asn_commit_header(struct asn_buf *b, u_char *ptr, size_t *moved)
213 {
214 asn_len_t len;
215 u_int lenlen, shift;
216
217 /* compute length of encoded value without header */
218 len = b->asn_ptr - (ptr + TEMP_LEN);
219
220 /* insert length. may not fail. */
221 lenlen = asn_put_len(ptr + 1, len);
222 if (lenlen > TEMP_LEN - 1)
223 return (ASN_ERR_FAILED);
224
225 if (lenlen < TEMP_LEN - 1) {
226 /* shift value down */
227 shift = (TEMP_LEN - 1) - lenlen;
228 memmove(ptr + 1 + lenlen, ptr + TEMP_LEN, len);
229 b->asn_ptr -= shift;
230 b->asn_len += shift;
231 if (moved != NULL)
232 *moved = shift;
233 }
234 return (ASN_ERR_OK);
235 }
236 #undef TEMP_LEN
237
238 /*
239 * BER integer. This may be used to get a signed 64 bit integer at maximum.
240 * The maximum length should be checked by the caller. This cannot overflow
241 * if the caller ensures that len is at maximum 8.
242 *
243 * <bytes>
244 */
245 static enum asn_err
asn_get_real_integer(struct asn_buf * b,asn_len_t len,int64_t * vp)246 asn_get_real_integer(struct asn_buf *b, asn_len_t len, int64_t *vp)
247 {
248 uint64_t val;
249 int neg = 0;
250 enum asn_err err;
251
252 if (b->asn_len < len) {
253 asn_error(b, "truncated integer");
254 return (ASN_ERR_EOBUF);
255 }
256 if (len == 0) {
257 asn_error(b, "zero-length integer");
258 *vp = 0;
259 return (ASN_ERR_BADLEN);
260 }
261 err = ASN_ERR_OK;
262 if (len > 8) {
263 asn_error(b, "integer too long");
264 err = ASN_ERR_RANGE;
265 } else if (len > 1 &&
266 ((*b->asn_cptr == 0x00 && (b->asn_cptr[1] & 0x80) == 0) ||
267 (*b->asn_cptr == 0xff && (b->asn_cptr[1] & 0x80) == 0x80))) {
268 asn_error(b, "non-minimal integer");
269 err = ASN_ERR_BADLEN;
270 }
271
272 if (*b->asn_cptr & 0x80)
273 neg = 1;
274 val = 0;
275 while (len--) {
276 val <<= 8;
277 val |= neg ? (u_char)~*b->asn_cptr : *b->asn_cptr;
278 b->asn_len--;
279 b->asn_cptr++;
280 }
281 if (neg) {
282 *vp = -(int64_t)val - 1;
283 } else
284 *vp = (int64_t)val;
285 return (err);
286 }
287
288 /*
289 * Write a signed integer with the given type. The caller has to ensure
290 * that the actual value is ok for this type.
291 */
292 static enum asn_err
asn_put_real_integer(struct asn_buf * b,u_char type,int64_t ival)293 asn_put_real_integer(struct asn_buf *b, u_char type, int64_t ival)
294 {
295 int i, neg = 0;
296 # define OCTETS 8
297 u_char buf[OCTETS];
298 uint64_t val;
299 enum asn_err ret;
300
301 if (ival < 0) {
302 /* this may fail if |INT64_MIN| > |INT64_MAX| and
303 * the value is between * INT64_MIN <= ival < -(INT64_MAX+1) */
304 val = (uint64_t)-(ival + 1);
305 neg = 1;
306 } else
307 val = (uint64_t)ival;
308
309 /* split the value into octets */
310 for (i = OCTETS - 1; i >= 0; i--) {
311 buf[i] = val & 0xff;
312 if (neg)
313 buf[i] = ~buf[i];
314 val >>= 8;
315 }
316 /* no leading 9 zeroes or ones */
317 for (i = 0; i < OCTETS - 1; i++)
318 if (!((buf[i] == 0xff && (buf[i + 1] & 0x80) != 0) ||
319 (buf[i] == 0x00 && (buf[i + 1] & 0x80) == 0)))
320 break;
321 if ((ret = asn_put_header(b, type, OCTETS - i)))
322 return (ret);
323 if (OCTETS - (u_int)i > b->asn_len)
324 return (ASN_ERR_EOBUF);
325
326 while (i < OCTETS) {
327 *b->asn_ptr++ = buf[i++];
328 b->asn_len--;
329 }
330 return (ASN_ERR_OK);
331 # undef OCTETS
332 }
333
334
335 /*
336 * The same for unsigned 64-bitters. Here we have the problem, that overflow
337 * can happen, because the value maybe 9 bytes long. In this case the
338 * first byte must be 0.
339 */
340 static enum asn_err
asn_get_real_unsigned(struct asn_buf * b,asn_len_t len,uint64_t * vp)341 asn_get_real_unsigned(struct asn_buf *b, asn_len_t len, uint64_t *vp)
342 {
343 *vp = 0;
344 if (b->asn_len < len) {
345 asn_error(b, "truncated integer");
346 return (ASN_ERR_EOBUF);
347 }
348 if (len == 0) {
349 /* X.690: 8.3.1 */
350 asn_error(b, "zero-length integer");
351 return (ASN_ERR_BADLEN);
352 }
353 if (len > 1 && *b->asn_cptr == 0x00 && (b->asn_cptr[1] & 0x80) == 0) {
354 /* X.690: 8.3.2 */
355 asn_error(b, "non-minimal unsigned");
356 b->asn_cptr += len;
357 b->asn_len -= len;
358 return (ASN_ERR_BADLEN);
359
360 }
361
362 enum asn_err err = ASN_ERR_OK;
363
364 if ((*b->asn_cptr & 0x80) || len > 9 ||
365 (len == 9 && *b->asn_cptr != 0)) {
366 /* negative integer or too larger */
367 *vp = 0xffffffffffffffffULL;
368 asn_error(b, "unsigned too large or negative");
369 b->asn_cptr += len;
370 b->asn_len -= len;
371 return (ASN_ERR_RANGE);
372 }
373
374 while (len--) {
375 *vp = (*vp << 8) | *b->asn_cptr++;
376 b->asn_len--;
377 }
378 return (err);
379 }
380
381
382 /*
383 * Values with the msb on need 9 octets.
384 */
385 static int
asn_put_real_unsigned(struct asn_buf * b,u_char type,uint64_t val)386 asn_put_real_unsigned(struct asn_buf *b, u_char type, uint64_t val)
387 {
388 int i;
389 # define OCTETS 9
390 u_char buf[OCTETS];
391 enum asn_err ret;
392
393 /* split the value into octets */
394 for (i = OCTETS - 1; i >= 0; i--) {
395 buf[i] = val & 0xff;
396 val >>= 8;
397 }
398 /* no leading 9 zeroes */
399 for (i = 0; i < OCTETS - 1; i++)
400 if (!(buf[i] == 0x00 && (buf[i + 1] & 0x80) == 0))
401 break;
402 if ((ret = asn_put_header(b, type, OCTETS - i)))
403 return (ret);
404 if (OCTETS - (u_int)i > b->asn_len)
405 return (ASN_ERR_EOBUF);
406
407 while (i < OCTETS) {
408 *b->asn_ptr++ = buf[i++];
409 b->asn_len--;
410 }
411 #undef OCTETS
412 return (ASN_ERR_OK);
413 }
414
415 /*
416 * The ASN.1 INTEGER type is restricted to 32-bit signed by the SMI.
417 */
418 enum asn_err
asn_get_integer_raw(struct asn_buf * b,asn_len_t len,int32_t * vp)419 asn_get_integer_raw(struct asn_buf *b, asn_len_t len, int32_t *vp)
420 {
421 int64_t val;
422 enum asn_err ret;
423
424 if ((ret = asn_get_real_integer(b, len, &val)) == ASN_ERR_OK) {
425 if (len > 4) {
426 asn_error(b, "integer too long");
427 ret = ASN_ERR_BADLEN;
428 } else if (val > INT32_MAX || val < INT32_MIN) {
429 /* may not happen */
430 asn_error(b, "integer out of range");
431 ret = ASN_ERR_RANGE;
432 }
433 *vp = (int32_t)val;
434 }
435 return (ret);
436 }
437
438 enum asn_err
asn_get_integer(struct asn_buf * b,int32_t * vp)439 asn_get_integer(struct asn_buf *b, int32_t *vp)
440 {
441 asn_len_t len;
442 u_char type;
443 enum asn_err err;
444
445 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
446 return (err);
447 if (type != ASN_TYPE_INTEGER) {
448 asn_error(b, "bad type for integer (%u)", type);
449 return (ASN_ERR_TAG);
450 }
451
452 return (asn_get_integer_raw(b, len, vp));
453 }
454
455 enum asn_err
asn_put_integer(struct asn_buf * b,int32_t val)456 asn_put_integer(struct asn_buf *b, int32_t val)
457 {
458 return (asn_put_real_integer(b, ASN_TYPE_INTEGER, val));
459 }
460
461 /*
462 * OCTETSTRING
463 *
464 * <0x04> <len> <data ...>
465 *
466 * Get an octetstring. noctets must point to the buffer size and on
467 * return will contain the size of the octetstring, regardless of the
468 * buffer size.
469 */
470 enum asn_err
asn_get_octetstring_raw(struct asn_buf * b,asn_len_t len,u_char * octets,u_int * noctets)471 asn_get_octetstring_raw(struct asn_buf *b, asn_len_t len, u_char *octets,
472 u_int *noctets)
473 {
474 enum asn_err err = ASN_ERR_OK;
475
476 if (*noctets < len) {
477 asn_error(b, "octetstring truncated");
478 err = ASN_ERR_RANGE;
479 }
480 if (b->asn_len < len) {
481 asn_error(b, "truncatet octetstring");
482 return (ASN_ERR_EOBUF);
483 }
484 if (*noctets < len)
485 memcpy(octets, b->asn_cptr, *noctets);
486 else
487 memcpy(octets, b->asn_cptr, len);
488 *noctets = len;
489 b->asn_cptr += len;
490 b->asn_len -= len;
491 return (err);
492 }
493
494 enum asn_err
asn_get_octetstring(struct asn_buf * b,u_char * octets,u_int * noctets)495 asn_get_octetstring(struct asn_buf *b, u_char *octets, u_int *noctets)
496 {
497 enum asn_err err;
498 u_char type;
499 asn_len_t len;
500
501 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
502 return (err);
503 if (type != ASN_TYPE_OCTETSTRING) {
504 asn_error(b, "bad type for octetstring (%u)", type);
505 return (ASN_ERR_TAG);
506 }
507 return (asn_get_octetstring_raw(b, len, octets, noctets));
508 }
509
510 enum asn_err
asn_put_octetstring(struct asn_buf * b,const u_char * octets,u_int noctets)511 asn_put_octetstring(struct asn_buf *b, const u_char *octets, u_int noctets)
512 {
513 enum asn_err ret;
514
515 if ((ret = asn_put_header(b, ASN_TYPE_OCTETSTRING, noctets)) != ASN_ERR_OK)
516 return (ret);
517 if (b->asn_len < noctets)
518 return (ASN_ERR_EOBUF);
519
520 memcpy(b->asn_ptr, octets, noctets);
521 b->asn_ptr += noctets;
522 b->asn_len -= noctets;
523 return (ASN_ERR_OK);
524 }
525
526 /*
527 * NULL
528 *
529 * <0x05> <0x00>
530 */
531 enum asn_err
asn_get_null_raw(struct asn_buf * b,asn_len_t len)532 asn_get_null_raw(struct asn_buf *b, asn_len_t len)
533 {
534 if (len != 0) {
535 if (b->asn_len < len) {
536 asn_error(b, "truncated NULL");
537 return (ASN_ERR_EOBUF);
538 }
539 asn_error(b, "bad length for NULL (%u)", len);
540 b->asn_len -= len;
541 b->asn_ptr += len;
542 return (ASN_ERR_BADLEN);
543 }
544 return (ASN_ERR_OK);
545 }
546
547 enum asn_err
asn_get_null(struct asn_buf * b)548 asn_get_null(struct asn_buf *b)
549 {
550 u_char type;
551 asn_len_t len;
552 enum asn_err err;
553
554 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
555 return (err);
556 if (type != ASN_TYPE_NULL) {
557 asn_error(b, "bad type for NULL (%u)", type);
558 return (ASN_ERR_TAG);
559 }
560 return (asn_get_null_raw(b, len));
561 }
562
563 enum asn_err
asn_put_null(struct asn_buf * b)564 asn_put_null(struct asn_buf *b)
565 {
566 return (asn_put_header(b, ASN_TYPE_NULL, 0));
567 }
568
569 enum asn_err
asn_put_exception(struct asn_buf * b,u_int except)570 asn_put_exception(struct asn_buf *b, u_int except)
571 {
572 return (asn_put_header(b, ASN_CLASS_CONTEXT | except, 0));
573 }
574
575 /*
576 * OBJID
577 *
578 * <0x06> <len> <subid...>
579 */
580 enum asn_err
asn_get_objid_raw(struct asn_buf * b,asn_len_t len,struct asn_oid * oid)581 asn_get_objid_raw(struct asn_buf *b, asn_len_t len, struct asn_oid *oid)
582 {
583 asn_subid_t subid;
584 enum asn_err err;
585
586 if (b->asn_len < len) {
587 asn_error(b, "truncated OBJID");
588 return (ASN_ERR_EOBUF);
589 }
590 oid->len = 0;
591 if (len == 0) {
592 asn_error(b, "short OBJID");
593 oid->subs[oid->len++] = 0;
594 oid->subs[oid->len++] = 0;
595 return (ASN_ERR_BADLEN);
596 }
597 err = ASN_ERR_OK;
598 while (len != 0) {
599 if (oid->len == ASN_MAXOIDLEN) {
600 asn_error(b, "OID too long (%u)", oid->len);
601 b->asn_cptr += len;
602 b->asn_len -= len;
603 return (ASN_ERR_BADLEN);
604 }
605 subid = 0;
606 do {
607 if (len == 0) {
608 asn_error(b, "unterminated subid");
609 return (ASN_ERR_EOBUF);
610 }
611 if (subid > (ASN_MAXID >> 7)) {
612 asn_error(b, "OID subid too larger");
613 err = ASN_ERR_RANGE;
614 }
615 subid = (subid << 7) | (*b->asn_cptr & 0x7f);
616 len--;
617 b->asn_len--;
618 } while (*b->asn_cptr++ & 0x80);
619 if (oid->len == 0) {
620 if (subid < 80) {
621 oid->subs[oid->len++] = subid / 40;
622 oid->subs[oid->len++] = subid % 40;
623 } else {
624 oid->subs[oid->len++] = 2;
625 oid->subs[oid->len++] = subid - 80;
626 }
627 } else {
628 oid->subs[oid->len++] = subid;
629 }
630 }
631 return (err);
632
633 }
634
635 enum asn_err
asn_get_objid(struct asn_buf * b,struct asn_oid * oid)636 asn_get_objid(struct asn_buf *b, struct asn_oid *oid)
637 {
638 u_char type;
639 asn_len_t len;
640 enum asn_err err;
641
642 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
643 return (err);
644 if (type != ASN_TYPE_OBJID) {
645 asn_error(b, "bad type for OBJID (%u)", type);
646 return (ASN_ERR_TAG);
647 }
648 return (asn_get_objid_raw(b, len, oid));
649 }
650
651 enum asn_err
asn_put_objid(struct asn_buf * b,const struct asn_oid * oid)652 asn_put_objid(struct asn_buf *b, const struct asn_oid *oid)
653 {
654 asn_subid_t first, sub;
655 enum asn_err err, err1;
656 u_int i, oidlen;
657 asn_len_t len;
658
659 err = ASN_ERR_OK;
660 if (oid->len == 0) {
661 /* illegal */
662 asn_error(NULL, "short oid");
663 err = ASN_ERR_RANGE;
664 first = 0;
665 oidlen = 2;
666 } else if (oid->len == 1) {
667 /* illegal */
668 asn_error(NULL, "short oid");
669 if (oid->subs[0] > 2)
670 asn_error(NULL, "oid[0] too large (%u)", oid->subs[0]);
671 err = ASN_ERR_RANGE;
672 first = oid->subs[0] * 40;
673 oidlen = 2;
674 } else {
675 if (oid->len > ASN_MAXOIDLEN) {
676 asn_error(NULL, "oid too long %u", oid->len);
677 err = ASN_ERR_RANGE;
678 }
679 if (oid->subs[0] > 2 ||
680 (oid->subs[0] < 2 && oid->subs[1] >= 40) ||
681 (oid->subs[0] == 2 && oid->subs[1] > ASN_MAXID - 2 * 40)) {
682 asn_error(NULL, "oid out of range (%u,%u)",
683 oid->subs[0], oid->subs[1]);
684 err = ASN_ERR_RANGE;
685 }
686 first = 40 * oid->subs[0] + oid->subs[1];
687 oidlen = oid->len;
688 }
689 len = 0;
690 for (i = 1; i < oidlen; i++) {
691 sub = (i == 1) ? first : oid->subs[i];
692 if (sub > ASN_MAXID) {
693 asn_error(NULL, "oid subid too large");
694 err = ASN_ERR_RANGE;
695 }
696 len += (sub <= 0x7f) ? 1
697 : (sub <= 0x3fff) ? 2
698 : (sub <= 0x1fffff) ? 3
699 : (sub <= 0xfffffff) ? 4
700 : 5;
701 }
702 if ((err1 = asn_put_header(b, ASN_TYPE_OBJID, len)) != ASN_ERR_OK)
703 return (err1);
704 if (b->asn_len < len)
705 return (ASN_ERR_EOBUF);
706
707 for (i = 1; i < oidlen; i++) {
708 sub = (i == 1) ? first : oid->subs[i];
709 if (sub <= 0x7f) {
710 *b->asn_ptr++ = sub;
711 b->asn_len--;
712 } else if (sub <= 0x3fff) {
713 *b->asn_ptr++ = (sub >> 7) | 0x80;
714 *b->asn_ptr++ = sub & 0x7f;
715 b->asn_len -= 2;
716 } else if (sub <= 0x1fffff) {
717 *b->asn_ptr++ = (sub >> 14) | 0x80;
718 *b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80;
719 *b->asn_ptr++ = sub & 0x7f;
720 b->asn_len -= 3;
721 } else if (sub <= 0xfffffff) {
722 *b->asn_ptr++ = (sub >> 21) | 0x80;
723 *b->asn_ptr++ = ((sub >> 14) & 0x7f) | 0x80;
724 *b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80;
725 *b->asn_ptr++ = sub & 0x7f;
726 b->asn_len -= 4;
727 } else {
728 *b->asn_ptr++ = (sub >> 28) | 0x80;
729 *b->asn_ptr++ = ((sub >> 21) & 0x7f) | 0x80;
730 *b->asn_ptr++ = ((sub >> 14) & 0x7f) | 0x80;
731 *b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80;
732 *b->asn_ptr++ = sub & 0x7f;
733 b->asn_len -= 5;
734 }
735 }
736 return (err);
737 }
738 /*
739 * SEQUENCE header
740 *
741 * <0x10|0x20> <len> <data...>
742 */
743 enum asn_err
asn_get_sequence(struct asn_buf * b,asn_len_t * len)744 asn_get_sequence(struct asn_buf *b, asn_len_t *len)
745 {
746 u_char type;
747 enum asn_err err;
748
749 if ((err = asn_get_header(b, &type, len)) != ASN_ERR_OK)
750 return (err);
751 if (type != (ASN_TYPE_SEQUENCE|ASN_TYPE_CONSTRUCTED)) {
752 asn_error(b, "bad sequence type %u", type);
753 return (ASN_ERR_TAG);
754 }
755 if (*len > b->asn_len) {
756 asn_error(b, "truncated sequence");
757 return (ASN_ERR_EOBUF);
758 }
759 return (ASN_ERR_OK);
760 }
761
762 /*
763 * Application types
764 *
765 * 0x40 4 MSB 2MSB 2LSB LSB
766 */
767 enum asn_err
asn_get_ipaddress_raw(struct asn_buf * b,asn_len_t len,u_char * addr)768 asn_get_ipaddress_raw(struct asn_buf *b, asn_len_t len, u_char *addr)
769 {
770 u_int i;
771
772 if (b->asn_len < len) {
773 asn_error(b, "truncated ip-address");
774 return (ASN_ERR_EOBUF);
775 }
776 if (len < 4) {
777 asn_error(b, "short length for ip-Address %u", len);
778 for (i = 0; i < len; i++)
779 *addr++ = *b->asn_cptr++;
780 while (i++ < len)
781 *addr++ = 0;
782 b->asn_len -= len;
783 return (ASN_ERR_BADLEN);
784 }
785 for (i = 0; i < 4; i++)
786 *addr++ = *b->asn_cptr++;
787 b->asn_cptr += len - 4;
788 b->asn_len -= len;
789 return (ASN_ERR_OK);
790 }
791
792 enum asn_err
asn_get_ipaddress(struct asn_buf * b,u_char * addr)793 asn_get_ipaddress(struct asn_buf *b, u_char *addr)
794 {
795 u_char type;
796 asn_len_t len;
797 enum asn_err err;
798
799 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
800 return (err);
801 if (type != (ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS)) {
802 asn_error(b, "bad type for ip-address %u", type);
803 return (ASN_ERR_TAG);
804 }
805 return (asn_get_ipaddress_raw(b, len, addr));
806 }
807
808 enum asn_err
asn_put_ipaddress(struct asn_buf * b,const u_char * addr)809 asn_put_ipaddress(struct asn_buf *b, const u_char *addr)
810 {
811 enum asn_err err;
812
813 if ((err = asn_put_header(b, ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS,
814 4)) != ASN_ERR_OK)
815 return (err);
816 if (b->asn_len < 4)
817 return (ASN_ERR_EOBUF);
818
819 memcpy(b->asn_ptr, addr, 4);
820 b->asn_ptr += 4;
821 b->asn_len -= 4;
822 return (ASN_ERR_OK);
823 }
824
825
826 /*
827 * UNSIGNED32
828 *
829 * 0x42|0x41 <len> ...
830 */
831 enum asn_err
asn_get_uint32_raw(struct asn_buf * b,asn_len_t len,uint32_t * vp)832 asn_get_uint32_raw(struct asn_buf *b, asn_len_t len, uint32_t *vp)
833 {
834 uint64_t v;
835 enum asn_err err;
836
837 if ((err = asn_get_real_unsigned(b, len, &v)) == ASN_ERR_OK) {
838 if (v > UINT32_MAX) {
839 asn_error(b, "uint32 too large %llu", v);
840 err = ASN_ERR_RANGE;
841 }
842 *vp = (uint32_t)v;
843 }
844 return (err);
845 }
846
847 enum asn_err
asn_put_uint32(struct asn_buf * b,u_char type,uint32_t val)848 asn_put_uint32(struct asn_buf *b, u_char type, uint32_t val)
849 {
850 uint64_t v = val;
851
852 return (asn_put_real_unsigned(b, ASN_CLASS_APPLICATION|type, v));
853 }
854
855 /*
856 * COUNTER64
857 * 0x46 <len> ...
858 */
859 enum asn_err
asn_get_counter64_raw(struct asn_buf * b,asn_len_t len,uint64_t * vp)860 asn_get_counter64_raw(struct asn_buf *b, asn_len_t len, uint64_t *vp)
861 {
862 return (asn_get_real_unsigned(b, len, vp));
863 }
864
865 enum asn_err
asn_put_counter64(struct asn_buf * b,uint64_t val)866 asn_put_counter64(struct asn_buf *b, uint64_t val)
867 {
868 return (asn_put_real_unsigned(b,
869 ASN_CLASS_APPLICATION | ASN_APP_COUNTER64, val));
870 }
871
872 /*
873 * TimeTicks
874 * 0x43 <len> ...
875 */
876 enum asn_err
asn_get_timeticks(struct asn_buf * b,uint32_t * vp)877 asn_get_timeticks(struct asn_buf *b, uint32_t *vp)
878 {
879 asn_len_t len;
880 u_char type;
881 enum asn_err err;
882
883 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
884 return (err);
885 if (type != (ASN_CLASS_APPLICATION|ASN_APP_TIMETICKS)) {
886 asn_error(b, "bad type for timeticks %u", type);
887 return (ASN_ERR_TAG);
888 }
889 return (asn_get_uint32_raw(b, len, vp));
890 }
891
892 enum asn_err
asn_put_timeticks(struct asn_buf * b,uint32_t val)893 asn_put_timeticks(struct asn_buf *b, uint32_t val)
894 {
895 uint64_t v = val;
896
897 return (asn_put_real_unsigned(b,
898 ASN_CLASS_APPLICATION | ASN_APP_TIMETICKS, v));
899 }
900
901 /*
902 * Construct a new OID by taking a range of sub ids of the original oid.
903 */
904 void
asn_slice_oid(struct asn_oid * dest,const struct asn_oid * src,u_int from,u_int to)905 asn_slice_oid(struct asn_oid *dest, const struct asn_oid *src,
906 u_int from, u_int to)
907 {
908 if (from >= to) {
909 dest->len = 0;
910 return;
911 }
912 dest->len = to - from;
913 memcpy(dest->subs, &src->subs[from], dest->len * sizeof(dest->subs[0]));
914 }
915
916 /*
917 * Append from to to
918 */
919 void
asn_append_oid(struct asn_oid * to,const struct asn_oid * from)920 asn_append_oid(struct asn_oid *to, const struct asn_oid *from)
921 {
922 memcpy(&to->subs[to->len], &from->subs[0],
923 from->len * sizeof(from->subs[0]));
924 to->len += from->len;
925 }
926
927 /*
928 * Skip a value
929 */
930 enum asn_err
asn_skip(struct asn_buf * b,asn_len_t len)931 asn_skip(struct asn_buf *b, asn_len_t len)
932 {
933 if (b->asn_len < len)
934 return (ASN_ERR_EOBUF);
935 b->asn_cptr += len;
936 b->asn_len -= len;
937 return (ASN_ERR_OK);
938 }
939
940 /*
941 * Add a padding
942 */
943 enum asn_err
asn_pad(struct asn_buf * b,asn_len_t len)944 asn_pad(struct asn_buf *b, asn_len_t len)
945 {
946 if (b->asn_len < len)
947 return (ASN_ERR_EOBUF);
948 b->asn_ptr += len;
949 b->asn_len -= len;
950
951 return (ASN_ERR_OK);
952 }
953
954 /*
955 * Compare two OIDs.
956 *
957 * o1 < o2 : -1
958 * o1 > o2 : +1
959 * o1 = o2 : 0
960 */
961 int
asn_compare_oid(const struct asn_oid * o1,const struct asn_oid * o2)962 asn_compare_oid(const struct asn_oid *o1, const struct asn_oid *o2)
963 {
964 u_long i;
965
966 for (i = 0; i < o1->len && i < o2->len; i++) {
967 if (o1->subs[i] < o2->subs[i])
968 return (-1);
969 if (o1->subs[i] > o2->subs[i])
970 return (+1);
971 }
972 if (o1->len < o2->len)
973 return (-1);
974 if (o1->len > o2->len)
975 return (+1);
976 return (0);
977 }
978
979 /*
980 * Check whether an OID is a sub-string of another OID.
981 */
982 int
asn_is_suboid(const struct asn_oid * o1,const struct asn_oid * o2)983 asn_is_suboid(const struct asn_oid *o1, const struct asn_oid *o2)
984 {
985 u_long i;
986
987 for (i = 0; i < o1->len; i++)
988 if (i >= o2->len || o1->subs[i] != o2->subs[i])
989 return (0);
990 return (1);
991 }
992
993 /*
994 * Put a string representation of an oid into a user buffer. This buffer
995 * is assumed to be at least ASN_OIDSTRLEN characters long.
996 *
997 * sprintf is assumed not to fail here.
998 */
999 char *
asn_oid2str_r(const struct asn_oid * oid,char * buf)1000 asn_oid2str_r(const struct asn_oid *oid, char *buf)
1001 {
1002 u_int len, i;
1003 char *ptr;
1004
1005 if ((len = oid->len) > ASN_MAXOIDLEN)
1006 len = ASN_MAXOIDLEN;
1007 buf[0] = '\0';
1008 for (i = 0, ptr = buf; i < len; i++) {
1009 if (i > 0)
1010 *ptr++ = '.';
1011 ptr += sprintf(ptr, "%u", oid->subs[i]);
1012 }
1013 return (buf);
1014 }
1015
1016 /*
1017 * Make a string from an OID in a private buffer.
1018 */
1019 char *
asn_oid2str(const struct asn_oid * oid)1020 asn_oid2str(const struct asn_oid *oid)
1021 {
1022 static char str[ASN_OIDSTRLEN];
1023
1024 return (asn_oid2str_r(oid, str));
1025 }
1026
1027
1028 static void
asn_error_func(const struct asn_buf * b,const char * err,...)1029 asn_error_func(const struct asn_buf *b, const char *err, ...)
1030 {
1031 va_list ap;
1032 u_long i;
1033
1034 fprintf(stderr, "ASN.1: ");
1035 va_start(ap, err);
1036 vfprintf(stderr, err, ap);
1037 va_end(ap);
1038
1039 if (b != NULL) {
1040 fprintf(stderr, " at");
1041 for (i = 0; b->asn_len > i; i++)
1042 fprintf(stderr, " %02x", b->asn_cptr[i]);
1043 }
1044 fprintf(stderr, "\n");
1045 }
1046