xref: /freebsd/contrib/bsnmp/lib/asn1.c (revision a4e5e0106ac7145f56eb39a691e302cabb4635be)
1 /*
2  * Copyright (c) 2001-2003
3  *	Fraunhofer Institute for Open Communication Systems (FhG Fokus).
4  *	All rights reserved.
5  *
6  * Author: Harti Brandt <harti@freebsd.org>
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 1. Redistributions of source code must retain the above copyright
12  *    notice, this list of conditions and the following disclaimer.
13  * 2. Redistributions in binary form must reproduce the above copyright
14  *    notice, this list of conditions and the following disclaimer in the
15  *    documentation and/or other materials provided with the distribution.
16  *
17  * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  *
29  * $Begemot: bsnmp/lib/asn1.c,v 1.31 2005/10/06 07:14:58 brandt_h Exp $
30  *
31  * ASN.1 for SNMP.
32  */
33 #include <sys/types.h>
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <stdarg.h>
37 #include <string.h>
38 #ifdef HAVE_STDINT_H
39 #include <stdint.h>
40 #elif defined(HAVE_INTTYPES_H)
41 #include <inttypes.h>
42 #endif
43 #include <assert.h>
44 
45 #include "support.h"
46 #include "asn1.h"
47 
48 static void asn_error_func(const struct asn_buf *, const char *, ...);
49 
50 void (*asn_error)(const struct asn_buf *, const char *, ...) = asn_error_func;
51 
52 /*
53  * Read the next header. This reads the tag (note, that only single
54  * byte tags are supported for now) and the length field. The length field
55  * is restricted to a 32-bit value.
56  * All errors of this function stop the decoding.
57  */
58 enum asn_err
59 asn_get_header(struct asn_buf *b, u_char *type, asn_len_t *len)
60 {
61 	u_int length;
62 
63 	if (b->asn_len == 0) {
64 		asn_error(b, "no identifier for header");
65 		return (ASN_ERR_EOBUF);
66 	}
67 	*type = *b->asn_cptr;
68 	if ((*type & ASN_TYPE_MASK) > 0x1e) {
69 		asn_error(b, "tags > 0x1e not supported (%#x)",
70 		    *type & ASN_TYPE_MASK);
71 		return (ASN_ERR_FAILED);
72 	}
73 	b->asn_cptr++;
74 	b->asn_len--;
75 	if (b->asn_len == 0) {
76 		asn_error(b, "no length field");
77 		return (ASN_ERR_EOBUF);
78 	}
79 	if (*b->asn_cptr & 0x80) {
80 		length = *b->asn_cptr++ & 0x7f;
81 		b->asn_len--;
82 		if (length == 0) {
83 			asn_error(b, "indefinite length not supported");
84 			return (ASN_ERR_FAILED);
85 		}
86 		if (length > ASN_MAXLENLEN) {
87 			asn_error(b, "long length too long (%u)", length);
88 			return (ASN_ERR_FAILED);
89 		}
90 		if (length > b->asn_len) {
91 			asn_error(b, "long length truncated");
92 			return (ASN_ERR_EOBUF);
93 		}
94 		*len = 0;
95 		while (length--) {
96 			*len = (*len << 8) | *b->asn_cptr++;
97 			b->asn_len--;
98 		}
99 	} else {
100 		*len = *b->asn_cptr++;
101 		b->asn_len--;
102 	}
103 
104 #ifdef	BOGUS_CVE_2019_5610_FIX
105 	/*
106 	 * This is the fix from CVE-2019-5610.
107 	 *
108 	 * This is the wrong place. Each of the asn functions should check
109 	 * that it has enough info for its own work.
110 	 */
111 	if (*len > b->asn_len) {
112 		asn_error(b, "lenen %u exceeding asn_len %u", *len, b->asn_len);
113 		return (ASN_ERR_EOBUF);
114 	}
115 #endif
116 	return (ASN_ERR_OK);
117 }
118 
119 /*
120  * Write a length field (restricted to values < 2^32-1) and return the
121  * number of bytes this field takes. If ptr is NULL, the length is computed
122  * but nothing is written. If the length would be too large return 0.
123  */
124 static u_int
125 asn_put_len(u_char *ptr, asn_len_t len)
126 {
127 	u_int lenlen, lenlen1;
128 	asn_len_t tmp;
129 
130 	if (len > ASN_MAXLEN) {
131 		asn_error(NULL, "encoding length too long: (%u)", len);
132 		return (0);
133 	}
134 
135 	if (len <= 127) {
136 		if (ptr)
137 			*ptr++ = (u_char)len;
138 		return (1);
139 	} else {
140 		lenlen = 0;
141 		/* compute number of bytes for value (is at least 1) */
142 		for (tmp = len; tmp != 0; tmp >>= 8)
143 			lenlen++;
144 		if (ptr != NULL) {
145 			*ptr++ = (u_char)lenlen | 0x80;
146 			lenlen1 = lenlen;
147 			while (lenlen1-- > 0) {
148 				ptr[lenlen1] = len & 0xff;
149 				len >>= 8;
150 			}
151 		}
152 		return (lenlen + 1);
153 	}
154 }
155 
156 /*
157  * Write a header (tag and length fields).
158  * Tags are restricted to one byte tags (value <= 0x1e) and the
159  * lenght field to 16-bit. All errors stop the encoding.
160  */
161 enum asn_err
162 asn_put_header(struct asn_buf *b, u_char type, asn_len_t len)
163 {
164 	u_int lenlen;
165 
166 	/* tag field */
167 	if ((type & ASN_TYPE_MASK) > 0x1e) {
168 		asn_error(NULL, "types > 0x1e not supported (%#x)",
169 		    type & ASN_TYPE_MASK);
170 		return (ASN_ERR_FAILED);
171 	}
172 	if (b->asn_len == 0)
173 		return (ASN_ERR_EOBUF);
174 
175 	*b->asn_ptr++ = type;
176 	b->asn_len--;
177 
178 	/* length field */
179 	if ((lenlen = asn_put_len(NULL, len)) == 0)
180 		return (ASN_ERR_FAILED);
181 	if (b->asn_len < lenlen)
182 		return (ASN_ERR_EOBUF);
183 
184 	(void)asn_put_len(b->asn_ptr, len);
185 	b->asn_ptr += lenlen;
186 	b->asn_len -= lenlen;
187 	return (ASN_ERR_OK);
188 }
189 
190 
191 /*
192  * This constructs a temporary sequence header with space for the maximum
193  * length field (three byte). Set the pointer that ptr points to to the
194  * start of the encoded header. This is used for a later call to
195  * asn_commit_header which will fix-up the length field and move the
196  * value if needed. All errors should stop the encoding.
197  */
198 #define	TEMP_LEN (1 + ASN_MAXLENLEN + 1)
199 enum asn_err
200 asn_put_temp_header(struct asn_buf *b, u_char type, u_char **ptr)
201 {
202 	int ret;
203 
204 	if (b->asn_len < TEMP_LEN)
205 		return (ASN_ERR_EOBUF);
206 	*ptr = b->asn_ptr;
207 	if ((ret = asn_put_header(b, type, ASN_MAXLEN)) == ASN_ERR_OK)
208 		assert(b->asn_ptr == *ptr + TEMP_LEN);
209 	return (ret);
210 }
211 enum asn_err
212 asn_commit_header(struct asn_buf *b, u_char *ptr, size_t *moved)
213 {
214 	asn_len_t len;
215 	u_int lenlen, shift;
216 
217 	/* compute length of encoded value without header */
218 	len = b->asn_ptr - (ptr + TEMP_LEN);
219 
220 	/* insert length. may not fail. */
221 	lenlen = asn_put_len(ptr + 1, len);
222 	if (lenlen > TEMP_LEN - 1)
223 		return (ASN_ERR_FAILED);
224 
225 	if (lenlen < TEMP_LEN - 1) {
226 		/* shift value down */
227 		shift = (TEMP_LEN - 1) - lenlen;
228 		memmove(ptr + 1 + lenlen, ptr + TEMP_LEN, len);
229 		b->asn_ptr -= shift;
230 		b->asn_len += shift;
231 		if (moved != NULL)
232 			*moved = shift;
233 	}
234 	return (ASN_ERR_OK);
235 }
236 #undef TEMP_LEN
237 
238 /*
239  * BER integer. This may be used to get a signed 64 bit integer at maximum.
240  * The maximum length should be checked by the caller. This cannot overflow
241  * if the caller ensures that len is at maximum 8.
242  *
243  * <bytes>
244  */
245 static enum asn_err
246 asn_get_real_integer(struct asn_buf *b, asn_len_t len, int64_t *vp)
247 {
248 	uint64_t val;
249 	int neg = 0;
250 	enum asn_err err;
251 
252 	if (b->asn_len < len) {
253 		asn_error(b, "truncated integer");
254 		return (ASN_ERR_EOBUF);
255 	}
256 	if (len == 0) {
257 		asn_error(b, "zero-length integer");
258 		*vp = 0;
259 		return (ASN_ERR_BADLEN);
260 	}
261 	err = ASN_ERR_OK;
262 	if (len > 8) {
263 		asn_error(b, "integer too long");
264 		err = ASN_ERR_RANGE;
265 	} else if (len > 1 &&
266 	    ((*b->asn_cptr == 0x00 && (b->asn_cptr[1] & 0x80) == 0) ||
267 	    (*b->asn_cptr == 0xff && (b->asn_cptr[1] & 0x80) == 0x80))) {
268 		asn_error(b, "non-minimal integer");
269 		err = ASN_ERR_BADLEN;
270 	}
271 
272 	if (*b->asn_cptr & 0x80)
273 		neg = 1;
274 	val = 0;
275 	while (len--) {
276 		val <<= 8;
277 		val |= neg ? (u_char)~*b->asn_cptr : *b->asn_cptr;
278 		b->asn_len--;
279 		b->asn_cptr++;
280 	}
281 	if (neg) {
282 		*vp = -(int64_t)val - 1;
283 	} else
284 		*vp = (int64_t)val;
285 	return (err);
286 }
287 
288 /*
289  * Write a signed integer with the given type. The caller has to ensure
290  * that the actual value is ok for this type.
291  */
292 static enum asn_err
293 asn_put_real_integer(struct asn_buf *b, u_char type, int64_t ival)
294 {
295 	int i, neg = 0;
296 # define OCTETS 8
297 	u_char buf[OCTETS];
298 	uint64_t val;
299 	enum asn_err ret;
300 
301 	if (ival < 0) {
302 		/* this may fail if |INT64_MIN| > |INT64_MAX| and
303 		 * the value is between * INT64_MIN <= ival < -(INT64_MAX+1) */
304 		val = (uint64_t)-(ival + 1);
305 		neg = 1;
306 	} else
307 		val = (uint64_t)ival;
308 
309 	/* split the value into octets */
310 	for (i = OCTETS - 1; i >= 0; i--) {
311 		buf[i] = val & 0xff;
312 		if (neg)
313 			buf[i] = ~buf[i];
314 		val >>= 8;
315 	}
316 	/* no leading 9 zeroes or ones */
317 	for (i = 0; i < OCTETS - 1; i++)
318 		if (!((buf[i] == 0xff && (buf[i + 1] & 0x80) != 0) ||
319 		    (buf[i] == 0x00 && (buf[i + 1] & 0x80) == 0)))
320 			break;
321 	if ((ret = asn_put_header(b, type, OCTETS - i)))
322 		return (ret);
323 	if (OCTETS - (u_int)i > b->asn_len)
324 		return (ASN_ERR_EOBUF);
325 
326 	while (i < OCTETS) {
327 		*b->asn_ptr++ = buf[i++];
328 		b->asn_len--;
329 	}
330 	return (ASN_ERR_OK);
331 # undef OCTETS
332 }
333 
334 
335 /*
336  * The same for unsigned 64-bitters. Here we have the problem, that overflow
337  * can happen, because the value maybe 9 bytes long. In this case the
338  * first byte must be 0.
339  */
340 static enum asn_err
341 asn_get_real_unsigned(struct asn_buf *b, asn_len_t len, uint64_t *vp)
342 {
343 	*vp = 0;
344 	if (b->asn_len < len) {
345 		asn_error(b, "truncated integer");
346 		return (ASN_ERR_EOBUF);
347 	}
348 	if (len == 0) {
349 		/* X.690: 8.3.1 */
350 		asn_error(b, "zero-length integer");
351 		return (ASN_ERR_BADLEN);
352 	}
353 	if (len > 1 && *b->asn_cptr == 0x00 && (b->asn_cptr[1] & 0x80) == 0) {
354 		/* X.690: 8.3.2 */
355 		asn_error(b, "non-minimal unsigned");
356 		b->asn_cptr += len;
357 		b->asn_len -= len;
358 		return (ASN_ERR_BADLEN);
359 
360 	}
361 
362 	enum asn_err err = ASN_ERR_OK;
363 
364 	if ((*b->asn_cptr & 0x80) || len > 9 ||
365 	    (len == 9 && *b->asn_cptr != 0)) {
366 		/* negative integer or too larger */
367 		*vp = 0xffffffffffffffffULL;
368 		asn_error(b, "unsigned too large or negative");
369 		b->asn_cptr += len;
370 		b->asn_len -= len;
371 		return (ASN_ERR_RANGE);
372 	}
373 
374 	while (len--) {
375 		*vp = (*vp << 8) | *b->asn_cptr++;
376 		b->asn_len--;
377 	}
378 	return (err);
379 }
380 
381 
382 /*
383  * Values with the msb on need 9 octets.
384  */
385 static int
386 asn_put_real_unsigned(struct asn_buf *b, u_char type, uint64_t val)
387 {
388 	int i;
389 # define OCTETS 9
390 	u_char buf[OCTETS];
391 	enum asn_err ret;
392 
393 	/* split the value into octets */
394 	for (i = OCTETS - 1; i >= 0; i--) {
395 		buf[i] = val & 0xff;
396 		val >>= 8;
397 	}
398 	/* no leading 9 zeroes */
399 	for (i = 0; i < OCTETS - 1; i++)
400 		if (!(buf[i] == 0x00 && (buf[i + 1] & 0x80) == 0))
401 			break;
402 	if ((ret = asn_put_header(b, type, OCTETS - i)))
403 		return (ret);
404 	if (OCTETS - (u_int)i > b->asn_len)
405 		return (ASN_ERR_EOBUF);
406 
407 	while (i < OCTETS) {
408 		*b->asn_ptr++ = buf[i++];
409 		b->asn_len--;
410 	}
411 #undef OCTETS
412 	return (ASN_ERR_OK);
413 }
414 
415 /*
416  * The ASN.1 INTEGER type is restricted to 32-bit signed by the SMI.
417  */
418 enum asn_err
419 asn_get_integer_raw(struct asn_buf *b, asn_len_t len, int32_t *vp)
420 {
421 	int64_t val;
422 	enum asn_err ret;
423 
424 	if ((ret = asn_get_real_integer(b, len, &val)) == ASN_ERR_OK) {
425 		if (len > 4) {
426 			asn_error(b, "integer too long");
427 			ret = ASN_ERR_BADLEN;
428 		} else if (val > INT32_MAX || val < INT32_MIN) {
429 			/* may not happen */
430 			asn_error(b, "integer out of range");
431 			ret = ASN_ERR_RANGE;
432 		}
433 		*vp = (int32_t)val;
434 	}
435 	return (ret);
436 }
437 
438 enum asn_err
439 asn_get_integer(struct asn_buf *b, int32_t *vp)
440 {
441 	asn_len_t len;
442 	u_char type;
443 	enum asn_err err;
444 
445 	if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
446 		return (err);
447 	if (type != ASN_TYPE_INTEGER) {
448 		asn_error(b, "bad type for integer (%u)", type);
449 		return (ASN_ERR_TAG);
450 	}
451 
452 	return (asn_get_integer_raw(b, len, vp));
453 }
454 
455 enum asn_err
456 asn_put_integer(struct asn_buf *b, int32_t val)
457 {
458 	return (asn_put_real_integer(b, ASN_TYPE_INTEGER, val));
459 }
460 
461 /*
462  * OCTETSTRING
463  *
464  * <0x04> <len> <data ...>
465  *
466  * Get an octetstring. noctets must point to the buffer size and on
467  * return will contain the size of the octetstring, regardless of the
468  * buffer size.
469  */
470 enum asn_err
471 asn_get_octetstring_raw(struct asn_buf *b, asn_len_t len, u_char *octets,
472     u_int *noctets)
473 {
474 	enum asn_err err = ASN_ERR_OK;
475 
476 	if (*noctets < len) {
477 		asn_error(b, "octetstring truncated");
478 		err = ASN_ERR_RANGE;
479 	}
480 	if (b->asn_len < len) {
481 		asn_error(b, "truncatet octetstring");
482 		return (ASN_ERR_EOBUF);
483 	}
484 	if (*noctets < len)
485 		memcpy(octets, b->asn_cptr, *noctets);
486 	else
487 		memcpy(octets, b->asn_cptr, len);
488 	*noctets = len;
489 	b->asn_cptr += len;
490 	b->asn_len -= len;
491 	return (err);
492 }
493 
494 enum asn_err
495 asn_get_octetstring(struct asn_buf *b, u_char *octets, u_int *noctets)
496 {
497 	enum asn_err err;
498 	u_char type;
499 	asn_len_t len;
500 
501 	if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
502 		return (err);
503 	if (type != ASN_TYPE_OCTETSTRING) {
504 		asn_error(b, "bad type for octetstring (%u)", type);
505 		return (ASN_ERR_TAG);
506 	}
507 	return (asn_get_octetstring_raw(b, len, octets, noctets));
508 }
509 
510 enum asn_err
511 asn_put_octetstring(struct asn_buf *b, const u_char *octets, u_int noctets)
512 {
513 	enum asn_err ret;
514 
515 	if ((ret = asn_put_header(b, ASN_TYPE_OCTETSTRING, noctets)) != ASN_ERR_OK)
516 		return (ret);
517 	if (b->asn_len < noctets)
518 		return (ASN_ERR_EOBUF);
519 
520 	memcpy(b->asn_ptr, octets, noctets);
521 	b->asn_ptr += noctets;
522 	b->asn_len -= noctets;
523 	return (ASN_ERR_OK);
524 }
525 
526 /*
527  * NULL
528  *
529  * <0x05> <0x00>
530  */
531 enum asn_err
532 asn_get_null_raw(struct asn_buf *b, asn_len_t len)
533 {
534 	if (len != 0) {
535 		if (b->asn_len < len) {
536 			asn_error(b, "truncated NULL");
537 			return (ASN_ERR_EOBUF);
538 		}
539 		asn_error(b, "bad length for NULL (%u)", len);
540 		b->asn_len -= len;
541 		b->asn_ptr += len;
542 		return (ASN_ERR_BADLEN);
543 	}
544 	return (ASN_ERR_OK);
545 }
546 
547 enum asn_err
548 asn_get_null(struct asn_buf *b)
549 {
550 	u_char type;
551 	asn_len_t len;
552 	enum asn_err err;
553 
554 	if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
555 		return (err);
556 	if (type != ASN_TYPE_NULL) {
557 		asn_error(b, "bad type for NULL (%u)", type);
558 		return (ASN_ERR_TAG);
559 	}
560 	return (asn_get_null_raw(b, len));
561 }
562 
563 enum asn_err
564 asn_put_null(struct asn_buf *b)
565 {
566 	return (asn_put_header(b, ASN_TYPE_NULL, 0));
567 }
568 
569 enum asn_err
570 asn_put_exception(struct asn_buf *b, u_int except)
571 {
572 	return (asn_put_header(b, ASN_CLASS_CONTEXT | except, 0));
573 }
574 
575 /*
576  * OBJID
577  *
578  * <0x06> <len> <subid...>
579  */
580 enum asn_err
581 asn_get_objid_raw(struct asn_buf *b, asn_len_t len, struct asn_oid *oid)
582 {
583 	asn_subid_t subid;
584 	enum asn_err err;
585 
586 	if (b->asn_len < len) {
587 		asn_error(b, "truncated OBJID");
588 		return (ASN_ERR_EOBUF);
589 	}
590 	oid->len = 0;
591 	if (len == 0) {
592 		asn_error(b, "short OBJID");
593 		oid->subs[oid->len++] = 0;
594 		oid->subs[oid->len++] = 0;
595 		return (ASN_ERR_BADLEN);
596 	}
597 	err = ASN_ERR_OK;
598 	while (len != 0) {
599 		if (oid->len == ASN_MAXOIDLEN) {
600 			asn_error(b, "OID too long (%u)", oid->len);
601 			b->asn_cptr += len;
602 			b->asn_len -= len;
603 			return (ASN_ERR_BADLEN);
604 		}
605 		subid = 0;
606 		do {
607 			if (len == 0) {
608 				asn_error(b, "unterminated subid");
609 				return (ASN_ERR_EOBUF);
610 			}
611 			if (subid > (ASN_MAXID >> 7)) {
612 				asn_error(b, "OID subid too larger");
613 				err = ASN_ERR_RANGE;
614 			}
615 			subid = (subid << 7) | (*b->asn_cptr & 0x7f);
616 			len--;
617 			b->asn_len--;
618 		} while (*b->asn_cptr++ & 0x80);
619 		if (oid->len == 0) {
620 			if (subid < 80) {
621 				oid->subs[oid->len++] = subid / 40;
622 				oid->subs[oid->len++] = subid % 40;
623 			} else {
624 				oid->subs[oid->len++] = 2;
625 				oid->subs[oid->len++] = subid - 80;
626 			}
627 		} else {
628 			oid->subs[oid->len++] = subid;
629 		}
630 	}
631 	return (err);
632 
633 }
634 
635 enum asn_err
636 asn_get_objid(struct asn_buf *b, struct asn_oid *oid)
637 {
638 	u_char type;
639 	asn_len_t len;
640 	enum asn_err err;
641 
642 	if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
643 		return (err);
644 	if (type != ASN_TYPE_OBJID) {
645 		asn_error(b, "bad type for OBJID (%u)", type);
646 		return (ASN_ERR_TAG);
647 	}
648 	return (asn_get_objid_raw(b, len, oid));
649 }
650 
651 enum asn_err
652 asn_put_objid(struct asn_buf *b, const struct asn_oid *oid)
653 {
654 	asn_subid_t first, sub;
655 	enum asn_err err, err1;
656 	u_int i, oidlen;
657 	asn_len_t len;
658 
659 	err = ASN_ERR_OK;
660 	if (oid->len == 0) {
661 		/* illegal */
662 		asn_error(NULL, "short oid");
663 		err = ASN_ERR_RANGE;
664 		first = 0;
665 		oidlen = 2;
666 	} else if (oid->len == 1) {
667 		/* illegal */
668 		asn_error(NULL, "short oid");
669 		if (oid->subs[0] > 2)
670 			asn_error(NULL, "oid[0] too large (%u)", oid->subs[0]);
671 		err = ASN_ERR_RANGE;
672 		first = oid->subs[0] * 40;
673 		oidlen = 2;
674 	} else {
675 		if (oid->len > ASN_MAXOIDLEN) {
676 			asn_error(NULL, "oid too long %u", oid->len);
677 			err = ASN_ERR_RANGE;
678 		}
679 		if (oid->subs[0] > 2 ||
680 		    (oid->subs[0] < 2 && oid->subs[1] >= 40) ||
681 		    (oid->subs[0] == 2 && oid->subs[1] > ASN_MAXID - 2 * 40)) {
682 			asn_error(NULL, "oid out of range (%u,%u)",
683 			    oid->subs[0], oid->subs[1]);
684 			err = ASN_ERR_RANGE;
685 		}
686 		first = 40 * oid->subs[0] + oid->subs[1];
687 		oidlen = oid->len;
688 	}
689 	len = 0;
690 	for (i = 1; i < oidlen; i++) {
691 		sub = (i == 1) ? first : oid->subs[i];
692 		if (sub > ASN_MAXID) {
693 			asn_error(NULL, "oid subid too large");
694 			err = ASN_ERR_RANGE;
695 		}
696 		len += (sub <= 0x7f) ? 1
697 		    : (sub <= 0x3fff) ? 2
698 		    : (sub <= 0x1fffff) ? 3
699 		    : (sub <= 0xfffffff) ? 4
700 		    : 5;
701 	}
702 	if ((err1 = asn_put_header(b, ASN_TYPE_OBJID, len)) != ASN_ERR_OK)
703 		return (err1);
704 	if (b->asn_len < len)
705 		return (ASN_ERR_EOBUF);
706 
707 	for (i = 1; i < oidlen; i++) {
708 		sub = (i == 1) ? first : oid->subs[i];
709 		if (sub <= 0x7f) {
710 			*b->asn_ptr++ = sub;
711 			b->asn_len--;
712 		} else if (sub <= 0x3fff) {
713 			*b->asn_ptr++ = (sub >> 7) | 0x80;
714 			*b->asn_ptr++ = sub & 0x7f;
715 			b->asn_len -= 2;
716 		} else if (sub <= 0x1fffff) {
717 			*b->asn_ptr++ = (sub >> 14) | 0x80;
718 			*b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80;
719 			*b->asn_ptr++ = sub & 0x7f;
720 			b->asn_len -= 3;
721 		} else if (sub <= 0xfffffff) {
722 			*b->asn_ptr++ = (sub >> 21) | 0x80;
723 			*b->asn_ptr++ = ((sub >> 14) & 0x7f) | 0x80;
724 			*b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80;
725 			*b->asn_ptr++ = sub & 0x7f;
726 			b->asn_len -= 4;
727 		} else {
728 			*b->asn_ptr++ = (sub >> 28) | 0x80;
729 			*b->asn_ptr++ = ((sub >> 21) & 0x7f) | 0x80;
730 			*b->asn_ptr++ = ((sub >> 14) & 0x7f) | 0x80;
731 			*b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80;
732 			*b->asn_ptr++ = sub & 0x7f;
733 			b->asn_len -= 5;
734 		}
735 	}
736 	return (err);
737 }
738 /*
739  * SEQUENCE header
740  *
741  * <0x10|0x20> <len> <data...>
742  */
743 enum asn_err
744 asn_get_sequence(struct asn_buf *b, asn_len_t *len)
745 {
746 	u_char type;
747 	enum asn_err err;
748 
749 	if ((err = asn_get_header(b, &type, len)) != ASN_ERR_OK)
750 		return (err);
751 	if (type != (ASN_TYPE_SEQUENCE|ASN_TYPE_CONSTRUCTED)) {
752 		asn_error(b, "bad sequence type %u", type);
753 		return (ASN_ERR_TAG);
754 	}
755 	if (*len > b->asn_len) {
756 		asn_error(b, "truncated sequence");
757 		return (ASN_ERR_EOBUF);
758 	}
759 	return (ASN_ERR_OK);
760 }
761 
762 /*
763  * Application types
764  *
765  * 0x40 4 MSB 2MSB 2LSB LSB
766  */
767 enum asn_err
768 asn_get_ipaddress_raw(struct asn_buf *b, asn_len_t len, u_char *addr)
769 {
770 	u_int i;
771 
772 	if (b->asn_len < len) {
773 		asn_error(b, "truncated ip-address");
774 		return (ASN_ERR_EOBUF);
775 	}
776 	if (len < 4) {
777 		asn_error(b, "short length for ip-Address %u", len);
778 		for (i = 0; i < len; i++)
779 			*addr++ = *b->asn_cptr++;
780 		while (i++ < len)
781 			*addr++ = 0;
782 		b->asn_len -= len;
783 		return (ASN_ERR_BADLEN);
784 	}
785 	for (i = 0; i < 4; i++)
786 		*addr++ = *b->asn_cptr++;
787 	b->asn_cptr += len - 4;
788 	b->asn_len -= len;
789 	return (ASN_ERR_OK);
790 }
791 
792 enum asn_err
793 asn_get_ipaddress(struct asn_buf *b, u_char *addr)
794 {
795 	u_char type;
796 	asn_len_t len;
797 	enum asn_err err;
798 
799 	if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
800 		return (err);
801 	if (type != (ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS)) {
802 		asn_error(b, "bad type for ip-address %u", type);
803 		return (ASN_ERR_TAG);
804 	}
805 	return (asn_get_ipaddress_raw(b, len, addr));
806 }
807 
808 enum asn_err
809 asn_put_ipaddress(struct asn_buf *b, const u_char *addr)
810 {
811 	enum asn_err err;
812 
813 	if ((err = asn_put_header(b, ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS,
814 	    4)) != ASN_ERR_OK)
815 		return (err);
816 	if (b->asn_len < 4)
817 		return (ASN_ERR_EOBUF);
818 
819 	memcpy(b->asn_ptr, addr, 4);
820 	b->asn_ptr += 4;
821 	b->asn_len -= 4;
822 	return (ASN_ERR_OK);
823 }
824 
825 
826 /*
827  * UNSIGNED32
828  *
829  * 0x42|0x41 <len> ...
830  */
831 enum asn_err
832 asn_get_uint32_raw(struct asn_buf *b, asn_len_t len, uint32_t *vp)
833 {
834 	uint64_t v;
835 	enum asn_err err;
836 
837 	if ((err = asn_get_real_unsigned(b, len, &v)) == ASN_ERR_OK) {
838 		if (v > UINT32_MAX) {
839 			asn_error(b, "uint32 too large %llu", v);
840 			err = ASN_ERR_RANGE;
841 		}
842 		*vp = (uint32_t)v;
843 	}
844 	return (err);
845 }
846 
847 enum asn_err
848 asn_put_uint32(struct asn_buf *b, u_char type, uint32_t val)
849 {
850 	uint64_t v = val;
851 
852 	return (asn_put_real_unsigned(b, ASN_CLASS_APPLICATION|type, v));
853 }
854 
855 /*
856  * COUNTER64
857  * 0x46 <len> ...
858  */
859 enum asn_err
860 asn_get_counter64_raw(struct asn_buf *b, asn_len_t len, uint64_t *vp)
861 {
862 	return (asn_get_real_unsigned(b, len, vp));
863 }
864 
865 enum asn_err
866 asn_put_counter64(struct asn_buf *b, uint64_t val)
867 {
868 	return (asn_put_real_unsigned(b,
869 	    ASN_CLASS_APPLICATION | ASN_APP_COUNTER64, val));
870 }
871 
872 /*
873  * TimeTicks
874  * 0x43 <len> ...
875  */
876 enum asn_err
877 asn_get_timeticks(struct asn_buf *b, uint32_t *vp)
878 {
879 	asn_len_t len;
880 	u_char type;
881 	enum asn_err err;
882 
883 	if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK)
884 		return (err);
885 	if (type != (ASN_CLASS_APPLICATION|ASN_APP_TIMETICKS)) {
886 		asn_error(b, "bad type for timeticks %u", type);
887 		return (ASN_ERR_TAG);
888 	}
889 	return (asn_get_uint32_raw(b, len, vp));
890 }
891 
892 enum asn_err
893 asn_put_timeticks(struct asn_buf *b, uint32_t val)
894 {
895 	uint64_t v = val;
896 
897 	return (asn_put_real_unsigned(b,
898 	    ASN_CLASS_APPLICATION | ASN_APP_TIMETICKS, v));
899 }
900 
901 /*
902  * Construct a new OID by taking a range of sub ids of the original oid.
903  */
904 void
905 asn_slice_oid(struct asn_oid *dest, const struct asn_oid *src,
906     u_int from, u_int to)
907 {
908 	if (from >= to) {
909 		dest->len = 0;
910 		return;
911 	}
912 	dest->len = to - from;
913 	memcpy(dest->subs, &src->subs[from], dest->len * sizeof(dest->subs[0]));
914 }
915 
916 /*
917  * Append from to to
918  */
919 void
920 asn_append_oid(struct asn_oid *to, const struct asn_oid *from)
921 {
922 	memcpy(&to->subs[to->len], &from->subs[0],
923 	    from->len * sizeof(from->subs[0]));
924 	to->len += from->len;
925 }
926 
927 /*
928  * Skip a value
929  */
930 enum asn_err
931 asn_skip(struct asn_buf *b, asn_len_t len)
932 {
933 	if (b->asn_len < len)
934 		return (ASN_ERR_EOBUF);
935 	b->asn_cptr += len;
936 	b->asn_len -= len;
937 	return (ASN_ERR_OK);
938 }
939 
940 /*
941  * Add a padding
942  */
943 enum asn_err
944 asn_pad(struct asn_buf *b, asn_len_t len)
945 {
946 	if (b->asn_len < len)
947 		return (ASN_ERR_EOBUF);
948 	b->asn_ptr += len;
949 	b->asn_len -= len;
950 
951 	return (ASN_ERR_OK);
952 }
953 
954 /*
955  * Compare two OIDs.
956  *
957  * o1 < o2 : -1
958  * o1 > o2 : +1
959  * o1 = o2 :  0
960  */
961 int
962 asn_compare_oid(const struct asn_oid *o1, const struct asn_oid *o2)
963 {
964 	u_long i;
965 
966 	for (i = 0; i < o1->len && i < o2->len; i++) {
967 		if (o1->subs[i] < o2->subs[i])
968 			return (-1);
969 		if (o1->subs[i] > o2->subs[i])
970 			return (+1);
971 	}
972 	if (o1->len < o2->len)
973 		return (-1);
974 	if (o1->len > o2->len)
975 		return (+1);
976 	return (0);
977 }
978 
979 /*
980  * Check whether an OID is a sub-string of another OID.
981  */
982 int
983 asn_is_suboid(const struct asn_oid *o1, const struct asn_oid *o2)
984 {
985 	u_long i;
986 
987 	for (i = 0; i < o1->len; i++)
988 		if (i >= o2->len || o1->subs[i] != o2->subs[i])
989 			return (0);
990 	return (1);
991 }
992 
993 /*
994  * Put a string representation of an oid into a user buffer. This buffer
995  * is assumed to be at least ASN_OIDSTRLEN characters long.
996  *
997  * sprintf is assumed not to fail here.
998  */
999 char *
1000 asn_oid2str_r(const struct asn_oid *oid, char *buf)
1001 {
1002 	u_int len, i;
1003 	char *ptr;
1004 
1005 	if ((len = oid->len) > ASN_MAXOIDLEN)
1006 		len = ASN_MAXOIDLEN;
1007 	buf[0] = '\0';
1008 	for (i = 0, ptr = buf; i < len; i++) {
1009 		if (i > 0)
1010 			*ptr++ = '.';
1011 		ptr += sprintf(ptr, "%u", oid->subs[i]);
1012 	}
1013 	return (buf);
1014 }
1015 
1016 /*
1017  * Make a string from an OID in a private buffer.
1018  */
1019 char *
1020 asn_oid2str(const struct asn_oid *oid)
1021 {
1022 	static char str[ASN_OIDSTRLEN];
1023 
1024 	return (asn_oid2str_r(oid, str));
1025 }
1026 
1027 
1028 static void
1029 asn_error_func(const struct asn_buf *b, const char *err, ...)
1030 {
1031 	va_list ap;
1032 	u_long i;
1033 
1034 	fprintf(stderr, "ASN.1: ");
1035 	va_start(ap, err);
1036 	vfprintf(stderr, err, ap);
1037 	va_end(ap);
1038 
1039 	if (b != NULL) {
1040 		fprintf(stderr, " at");
1041 		for (i = 0; b->asn_len > i; i++)
1042 			fprintf(stderr, " %02x", b->asn_cptr[i]);
1043 	}
1044 	fprintf(stderr, "\n");
1045 }
1046