1 /* 2 * Copyright (c) 2001-2003 3 * Fraunhofer Institute for Open Communication Systems (FhG Fokus). 4 * All rights reserved. 5 * 6 * Author: Harti Brandt <harti@freebsd.org> 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 1. Redistributions of source code must retain the above copyright 12 * notice, this list of conditions and the following disclaimer. 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * 17 * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 * 29 * $Begemot: bsnmp/lib/asn1.c,v 1.31 2005/10/06 07:14:58 brandt_h Exp $ 30 * 31 * ASN.1 for SNMP. 32 */ 33 #include <sys/types.h> 34 #include <stdio.h> 35 #include <stdlib.h> 36 #include <stdarg.h> 37 #include <string.h> 38 #ifdef HAVE_STDINT_H 39 #include <stdint.h> 40 #elif defined(HAVE_INTTYPES_H) 41 #include <inttypes.h> 42 #endif 43 #include <assert.h> 44 45 #include "support.h" 46 #include "asn1.h" 47 48 static void asn_error_func(const struct asn_buf *, const char *, ...); 49 50 void (*asn_error)(const struct asn_buf *, const char *, ...) = asn_error_func; 51 52 /* 53 * Read the next header. This reads the tag (note, that only single 54 * byte tags are supported for now) and the length field. The length field 55 * is restricted to a 32-bit value. 56 * All errors of this function stop the decoding. 57 */ 58 enum asn_err 59 asn_get_header(struct asn_buf *b, u_char *type, asn_len_t *len) 60 { 61 u_int length; 62 63 if (b->asn_len == 0) { 64 asn_error(b, "no identifier for header"); 65 return (ASN_ERR_EOBUF); 66 } 67 *type = *b->asn_cptr; 68 if ((*type & ASN_TYPE_MASK) > 0x1e) { 69 asn_error(b, "tags > 0x1e not supported (%#x)", 70 *type & ASN_TYPE_MASK); 71 return (ASN_ERR_FAILED); 72 } 73 b->asn_cptr++; 74 b->asn_len--; 75 if (b->asn_len == 0) { 76 asn_error(b, "no length field"); 77 return (ASN_ERR_EOBUF); 78 } 79 if (*b->asn_cptr & 0x80) { 80 length = *b->asn_cptr++ & 0x7f; 81 b->asn_len--; 82 if (length == 0) { 83 asn_error(b, "indefinite length not supported"); 84 return (ASN_ERR_FAILED); 85 } 86 if (length > ASN_MAXLENLEN) { 87 asn_error(b, "long length too long (%u)", length); 88 return (ASN_ERR_FAILED); 89 } 90 if (length > b->asn_len) { 91 asn_error(b, "long length truncated"); 92 return (ASN_ERR_EOBUF); 93 } 94 *len = 0; 95 while (length--) { 96 *len = (*len << 8) | *b->asn_cptr++; 97 b->asn_len--; 98 } 99 } else { 100 *len = *b->asn_cptr++; 101 b->asn_len--; 102 } 103 104 #ifdef BOGUS_CVE_2019_5610_FIX 105 /* 106 * This is the fix from CVE-2019-5610. 107 * 108 * This is the wrong place. Each of the asn functions should check 109 * that it has enough info for its own work. 110 */ 111 if (*len > b->asn_len) { 112 asn_error(b, "lenen %u exceeding asn_len %u", *len, b->asn_len); 113 return (ASN_ERR_EOBUF); 114 } 115 #endif 116 return (ASN_ERR_OK); 117 } 118 119 /* 120 * Write a length field (restricted to values < 2^32-1) and return the 121 * number of bytes this field takes. If ptr is NULL, the length is computed 122 * but nothing is written. If the length would be too large return 0. 123 */ 124 static u_int 125 asn_put_len(u_char *ptr, asn_len_t len) 126 { 127 u_int lenlen, lenlen1; 128 asn_len_t tmp; 129 130 if (len > ASN_MAXLEN) { 131 asn_error(NULL, "encoding length too long: (%u)", len); 132 return (0); 133 } 134 135 if (len <= 127) { 136 if (ptr) 137 *ptr++ = (u_char)len; 138 return (1); 139 } else { 140 lenlen = 0; 141 /* compute number of bytes for value (is at least 1) */ 142 for (tmp = len; tmp != 0; tmp >>= 8) 143 lenlen++; 144 if (ptr != NULL) { 145 *ptr++ = (u_char)lenlen | 0x80; 146 lenlen1 = lenlen; 147 while (lenlen1-- > 0) { 148 ptr[lenlen1] = len & 0xff; 149 len >>= 8; 150 } 151 } 152 return (lenlen + 1); 153 } 154 } 155 156 /* 157 * Write a header (tag and length fields). 158 * Tags are restricted to one byte tags (value <= 0x1e) and the 159 * lenght field to 16-bit. All errors stop the encoding. 160 */ 161 enum asn_err 162 asn_put_header(struct asn_buf *b, u_char type, asn_len_t len) 163 { 164 u_int lenlen; 165 166 /* tag field */ 167 if ((type & ASN_TYPE_MASK) > 0x1e) { 168 asn_error(NULL, "types > 0x1e not supported (%#x)", 169 type & ASN_TYPE_MASK); 170 return (ASN_ERR_FAILED); 171 } 172 if (b->asn_len == 0) 173 return (ASN_ERR_EOBUF); 174 175 *b->asn_ptr++ = type; 176 b->asn_len--; 177 178 /* length field */ 179 if ((lenlen = asn_put_len(NULL, len)) == 0) 180 return (ASN_ERR_FAILED); 181 if (b->asn_len < lenlen) 182 return (ASN_ERR_EOBUF); 183 184 (void)asn_put_len(b->asn_ptr, len); 185 b->asn_ptr += lenlen; 186 b->asn_len -= lenlen; 187 return (ASN_ERR_OK); 188 } 189 190 191 /* 192 * This constructs a temporary sequence header with space for the maximum 193 * length field (three byte). Set the pointer that ptr points to to the 194 * start of the encoded header. This is used for a later call to 195 * asn_commit_header which will fix-up the length field and move the 196 * value if needed. All errors should stop the encoding. 197 */ 198 #define TEMP_LEN (1 + ASN_MAXLENLEN + 1) 199 enum asn_err 200 asn_put_temp_header(struct asn_buf *b, u_char type, u_char **ptr) 201 { 202 int ret; 203 204 if (b->asn_len < TEMP_LEN) 205 return (ASN_ERR_EOBUF); 206 *ptr = b->asn_ptr; 207 if ((ret = asn_put_header(b, type, ASN_MAXLEN)) == ASN_ERR_OK) 208 assert(b->asn_ptr == *ptr + TEMP_LEN); 209 return (ret); 210 } 211 enum asn_err 212 asn_commit_header(struct asn_buf *b, u_char *ptr, size_t *moved) 213 { 214 asn_len_t len; 215 u_int lenlen, shift; 216 217 /* compute length of encoded value without header */ 218 len = b->asn_ptr - (ptr + TEMP_LEN); 219 220 /* insert length. may not fail. */ 221 lenlen = asn_put_len(ptr + 1, len); 222 if (lenlen > TEMP_LEN - 1) 223 return (ASN_ERR_FAILED); 224 225 if (lenlen < TEMP_LEN - 1) { 226 /* shift value down */ 227 shift = (TEMP_LEN - 1) - lenlen; 228 memmove(ptr + 1 + lenlen, ptr + TEMP_LEN, len); 229 b->asn_ptr -= shift; 230 b->asn_len += shift; 231 if (moved != NULL) 232 *moved = shift; 233 } 234 return (ASN_ERR_OK); 235 } 236 #undef TEMP_LEN 237 238 /* 239 * BER integer. This may be used to get a signed 64 bit integer at maximum. 240 * The maximum length should be checked by the caller. This cannot overflow 241 * if the caller ensures that len is at maximum 8. 242 * 243 * <bytes> 244 */ 245 static enum asn_err 246 asn_get_real_integer(struct asn_buf *b, asn_len_t len, int64_t *vp) 247 { 248 uint64_t val; 249 int neg = 0; 250 enum asn_err err; 251 252 if (b->asn_len < len) { 253 asn_error(b, "truncated integer"); 254 return (ASN_ERR_EOBUF); 255 } 256 if (len == 0) { 257 asn_error(b, "zero-length integer"); 258 *vp = 0; 259 return (ASN_ERR_BADLEN); 260 } 261 err = ASN_ERR_OK; 262 if (len > 8) { 263 asn_error(b, "integer too long"); 264 err = ASN_ERR_RANGE; 265 } else if (len > 1 && 266 ((*b->asn_cptr == 0x00 && (b->asn_cptr[1] & 0x80) == 0) || 267 (*b->asn_cptr == 0xff && (b->asn_cptr[1] & 0x80) == 0x80))) { 268 asn_error(b, "non-minimal integer"); 269 err = ASN_ERR_BADLEN; 270 } 271 272 if (*b->asn_cptr & 0x80) 273 neg = 1; 274 val = 0; 275 while (len--) { 276 val <<= 8; 277 val |= neg ? (u_char)~*b->asn_cptr : *b->asn_cptr; 278 b->asn_len--; 279 b->asn_cptr++; 280 } 281 if (neg) { 282 *vp = -(int64_t)val - 1; 283 } else 284 *vp = (int64_t)val; 285 return (err); 286 } 287 288 /* 289 * Write a signed integer with the given type. The caller has to ensure 290 * that the actual value is ok for this type. 291 */ 292 static enum asn_err 293 asn_put_real_integer(struct asn_buf *b, u_char type, int64_t ival) 294 { 295 int i, neg = 0; 296 # define OCTETS 8 297 u_char buf[OCTETS]; 298 uint64_t val; 299 enum asn_err ret; 300 301 if (ival < 0) { 302 /* this may fail if |INT64_MIN| > |INT64_MAX| and 303 * the value is between * INT64_MIN <= ival < -(INT64_MAX+1) */ 304 val = (uint64_t)-(ival + 1); 305 neg = 1; 306 } else 307 val = (uint64_t)ival; 308 309 /* split the value into octets */ 310 for (i = OCTETS - 1; i >= 0; i--) { 311 buf[i] = val & 0xff; 312 if (neg) 313 buf[i] = ~buf[i]; 314 val >>= 8; 315 } 316 /* no leading 9 zeroes or ones */ 317 for (i = 0; i < OCTETS - 1; i++) 318 if (!((buf[i] == 0xff && (buf[i + 1] & 0x80) != 0) || 319 (buf[i] == 0x00 && (buf[i + 1] & 0x80) == 0))) 320 break; 321 if ((ret = asn_put_header(b, type, OCTETS - i))) 322 return (ret); 323 if (OCTETS - (u_int)i > b->asn_len) 324 return (ASN_ERR_EOBUF); 325 326 while (i < OCTETS) { 327 *b->asn_ptr++ = buf[i++]; 328 b->asn_len--; 329 } 330 return (ASN_ERR_OK); 331 # undef OCTETS 332 } 333 334 335 /* 336 * The same for unsigned 64-bitters. Here we have the problem, that overflow 337 * can happen, because the value maybe 9 bytes long. In this case the 338 * first byte must be 0. 339 */ 340 static enum asn_err 341 asn_get_real_unsigned(struct asn_buf *b, asn_len_t len, uint64_t *vp) 342 { 343 *vp = 0; 344 if (b->asn_len < len) { 345 asn_error(b, "truncated integer"); 346 return (ASN_ERR_EOBUF); 347 } 348 if (len == 0) { 349 /* X.690: 8.3.1 */ 350 asn_error(b, "zero-length integer"); 351 return (ASN_ERR_BADLEN); 352 } 353 if (len > 1 && *b->asn_cptr == 0x00 && (b->asn_cptr[1] & 0x80) == 0) { 354 /* X.690: 8.3.2 */ 355 asn_error(b, "non-minimal unsigned"); 356 b->asn_cptr += len; 357 b->asn_len -= len; 358 return (ASN_ERR_BADLEN); 359 360 } 361 362 enum asn_err err = ASN_ERR_OK; 363 364 if ((*b->asn_cptr & 0x80) || len > 9 || 365 (len == 9 && *b->asn_cptr != 0)) { 366 /* negative integer or too larger */ 367 *vp = 0xffffffffffffffffULL; 368 asn_error(b, "unsigned too large or negative"); 369 b->asn_cptr += len; 370 b->asn_len -= len; 371 return (ASN_ERR_RANGE); 372 } 373 374 while (len--) { 375 *vp = (*vp << 8) | *b->asn_cptr++; 376 b->asn_len--; 377 } 378 return (err); 379 } 380 381 382 /* 383 * Values with the msb on need 9 octets. 384 */ 385 static int 386 asn_put_real_unsigned(struct asn_buf *b, u_char type, uint64_t val) 387 { 388 int i; 389 # define OCTETS 9 390 u_char buf[OCTETS]; 391 enum asn_err ret; 392 393 /* split the value into octets */ 394 for (i = OCTETS - 1; i >= 0; i--) { 395 buf[i] = val & 0xff; 396 val >>= 8; 397 } 398 /* no leading 9 zeroes */ 399 for (i = 0; i < OCTETS - 1; i++) 400 if (!(buf[i] == 0x00 && (buf[i + 1] & 0x80) == 0)) 401 break; 402 if ((ret = asn_put_header(b, type, OCTETS - i))) 403 return (ret); 404 if (OCTETS - (u_int)i > b->asn_len) 405 return (ASN_ERR_EOBUF); 406 407 while (i < OCTETS) { 408 *b->asn_ptr++ = buf[i++]; 409 b->asn_len--; 410 } 411 #undef OCTETS 412 return (ASN_ERR_OK); 413 } 414 415 /* 416 * The ASN.1 INTEGER type is restricted to 32-bit signed by the SMI. 417 */ 418 enum asn_err 419 asn_get_integer_raw(struct asn_buf *b, asn_len_t len, int32_t *vp) 420 { 421 int64_t val; 422 enum asn_err ret; 423 424 if ((ret = asn_get_real_integer(b, len, &val)) == ASN_ERR_OK) { 425 if (len > 4) { 426 asn_error(b, "integer too long"); 427 ret = ASN_ERR_BADLEN; 428 } else if (val > INT32_MAX || val < INT32_MIN) { 429 /* may not happen */ 430 asn_error(b, "integer out of range"); 431 ret = ASN_ERR_RANGE; 432 } 433 *vp = (int32_t)val; 434 } 435 return (ret); 436 } 437 438 enum asn_err 439 asn_get_integer(struct asn_buf *b, int32_t *vp) 440 { 441 asn_len_t len; 442 u_char type; 443 enum asn_err err; 444 445 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK) 446 return (err); 447 if (type != ASN_TYPE_INTEGER) { 448 asn_error(b, "bad type for integer (%u)", type); 449 return (ASN_ERR_TAG); 450 } 451 452 return (asn_get_integer_raw(b, len, vp)); 453 } 454 455 enum asn_err 456 asn_put_integer(struct asn_buf *b, int32_t val) 457 { 458 return (asn_put_real_integer(b, ASN_TYPE_INTEGER, val)); 459 } 460 461 /* 462 * OCTETSTRING 463 * 464 * <0x04> <len> <data ...> 465 * 466 * Get an octetstring. noctets must point to the buffer size and on 467 * return will contain the size of the octetstring, regardless of the 468 * buffer size. 469 */ 470 enum asn_err 471 asn_get_octetstring_raw(struct asn_buf *b, asn_len_t len, u_char *octets, 472 u_int *noctets) 473 { 474 enum asn_err err = ASN_ERR_OK; 475 476 if (*noctets < len) { 477 asn_error(b, "octetstring truncated"); 478 err = ASN_ERR_RANGE; 479 } 480 if (b->asn_len < len) { 481 asn_error(b, "truncatet octetstring"); 482 return (ASN_ERR_EOBUF); 483 } 484 if (*noctets < len) 485 memcpy(octets, b->asn_cptr, *noctets); 486 else 487 memcpy(octets, b->asn_cptr, len); 488 *noctets = len; 489 b->asn_cptr += len; 490 b->asn_len -= len; 491 return (err); 492 } 493 494 enum asn_err 495 asn_get_octetstring(struct asn_buf *b, u_char *octets, u_int *noctets) 496 { 497 enum asn_err err; 498 u_char type; 499 asn_len_t len; 500 501 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK) 502 return (err); 503 if (type != ASN_TYPE_OCTETSTRING) { 504 asn_error(b, "bad type for octetstring (%u)", type); 505 return (ASN_ERR_TAG); 506 } 507 return (asn_get_octetstring_raw(b, len, octets, noctets)); 508 } 509 510 enum asn_err 511 asn_put_octetstring(struct asn_buf *b, const u_char *octets, u_int noctets) 512 { 513 enum asn_err ret; 514 515 if ((ret = asn_put_header(b, ASN_TYPE_OCTETSTRING, noctets)) != ASN_ERR_OK) 516 return (ret); 517 if (b->asn_len < noctets) 518 return (ASN_ERR_EOBUF); 519 520 memcpy(b->asn_ptr, octets, noctets); 521 b->asn_ptr += noctets; 522 b->asn_len -= noctets; 523 return (ASN_ERR_OK); 524 } 525 526 /* 527 * NULL 528 * 529 * <0x05> <0x00> 530 */ 531 enum asn_err 532 asn_get_null_raw(struct asn_buf *b, asn_len_t len) 533 { 534 if (len != 0) { 535 if (b->asn_len < len) { 536 asn_error(b, "truncated NULL"); 537 return (ASN_ERR_EOBUF); 538 } 539 asn_error(b, "bad length for NULL (%u)", len); 540 b->asn_len -= len; 541 b->asn_ptr += len; 542 return (ASN_ERR_BADLEN); 543 } 544 return (ASN_ERR_OK); 545 } 546 547 enum asn_err 548 asn_get_null(struct asn_buf *b) 549 { 550 u_char type; 551 asn_len_t len; 552 enum asn_err err; 553 554 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK) 555 return (err); 556 if (type != ASN_TYPE_NULL) { 557 asn_error(b, "bad type for NULL (%u)", type); 558 return (ASN_ERR_TAG); 559 } 560 return (asn_get_null_raw(b, len)); 561 } 562 563 enum asn_err 564 asn_put_null(struct asn_buf *b) 565 { 566 return (asn_put_header(b, ASN_TYPE_NULL, 0)); 567 } 568 569 enum asn_err 570 asn_put_exception(struct asn_buf *b, u_int except) 571 { 572 return (asn_put_header(b, ASN_CLASS_CONTEXT | except, 0)); 573 } 574 575 /* 576 * OBJID 577 * 578 * <0x06> <len> <subid...> 579 */ 580 enum asn_err 581 asn_get_objid_raw(struct asn_buf *b, asn_len_t len, struct asn_oid *oid) 582 { 583 asn_subid_t subid; 584 enum asn_err err; 585 586 if (b->asn_len < len) { 587 asn_error(b, "truncated OBJID"); 588 return (ASN_ERR_EOBUF); 589 } 590 oid->len = 0; 591 if (len == 0) { 592 asn_error(b, "short OBJID"); 593 oid->subs[oid->len++] = 0; 594 oid->subs[oid->len++] = 0; 595 return (ASN_ERR_BADLEN); 596 } 597 err = ASN_ERR_OK; 598 while (len != 0) { 599 if (oid->len == ASN_MAXOIDLEN) { 600 asn_error(b, "OID too long (%u)", oid->len); 601 b->asn_cptr += len; 602 b->asn_len -= len; 603 return (ASN_ERR_BADLEN); 604 } 605 subid = 0; 606 do { 607 if (len == 0) { 608 asn_error(b, "unterminated subid"); 609 return (ASN_ERR_EOBUF); 610 } 611 if (subid > (ASN_MAXID >> 7)) { 612 asn_error(b, "OID subid too larger"); 613 err = ASN_ERR_RANGE; 614 } 615 subid = (subid << 7) | (*b->asn_cptr & 0x7f); 616 len--; 617 b->asn_len--; 618 } while (*b->asn_cptr++ & 0x80); 619 if (oid->len == 0) { 620 if (subid < 80) { 621 oid->subs[oid->len++] = subid / 40; 622 oid->subs[oid->len++] = subid % 40; 623 } else { 624 oid->subs[oid->len++] = 2; 625 oid->subs[oid->len++] = subid - 80; 626 } 627 } else { 628 oid->subs[oid->len++] = subid; 629 } 630 } 631 return (err); 632 633 } 634 635 enum asn_err 636 asn_get_objid(struct asn_buf *b, struct asn_oid *oid) 637 { 638 u_char type; 639 asn_len_t len; 640 enum asn_err err; 641 642 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK) 643 return (err); 644 if (type != ASN_TYPE_OBJID) { 645 asn_error(b, "bad type for OBJID (%u)", type); 646 return (ASN_ERR_TAG); 647 } 648 return (asn_get_objid_raw(b, len, oid)); 649 } 650 651 enum asn_err 652 asn_put_objid(struct asn_buf *b, const struct asn_oid *oid) 653 { 654 asn_subid_t first, sub; 655 enum asn_err err, err1; 656 u_int i, oidlen; 657 asn_len_t len; 658 659 err = ASN_ERR_OK; 660 if (oid->len == 0) { 661 /* illegal */ 662 asn_error(NULL, "short oid"); 663 err = ASN_ERR_RANGE; 664 first = 0; 665 oidlen = 2; 666 } else if (oid->len == 1) { 667 /* illegal */ 668 asn_error(NULL, "short oid"); 669 if (oid->subs[0] > 2) 670 asn_error(NULL, "oid[0] too large (%u)", oid->subs[0]); 671 err = ASN_ERR_RANGE; 672 first = oid->subs[0] * 40; 673 oidlen = 2; 674 } else { 675 if (oid->len > ASN_MAXOIDLEN) { 676 asn_error(NULL, "oid too long %u", oid->len); 677 err = ASN_ERR_RANGE; 678 } 679 if (oid->subs[0] > 2 || 680 (oid->subs[0] < 2 && oid->subs[1] >= 40) || 681 (oid->subs[0] == 2 && oid->subs[1] > ASN_MAXID - 2 * 40)) { 682 asn_error(NULL, "oid out of range (%u,%u)", 683 oid->subs[0], oid->subs[1]); 684 err = ASN_ERR_RANGE; 685 } 686 first = 40 * oid->subs[0] + oid->subs[1]; 687 oidlen = oid->len; 688 } 689 len = 0; 690 for (i = 1; i < oidlen; i++) { 691 sub = (i == 1) ? first : oid->subs[i]; 692 if (sub > ASN_MAXID) { 693 asn_error(NULL, "oid subid too large"); 694 err = ASN_ERR_RANGE; 695 } 696 len += (sub <= 0x7f) ? 1 697 : (sub <= 0x3fff) ? 2 698 : (sub <= 0x1fffff) ? 3 699 : (sub <= 0xfffffff) ? 4 700 : 5; 701 } 702 if ((err1 = asn_put_header(b, ASN_TYPE_OBJID, len)) != ASN_ERR_OK) 703 return (err1); 704 if (b->asn_len < len) 705 return (ASN_ERR_EOBUF); 706 707 for (i = 1; i < oidlen; i++) { 708 sub = (i == 1) ? first : oid->subs[i]; 709 if (sub <= 0x7f) { 710 *b->asn_ptr++ = sub; 711 b->asn_len--; 712 } else if (sub <= 0x3fff) { 713 *b->asn_ptr++ = (sub >> 7) | 0x80; 714 *b->asn_ptr++ = sub & 0x7f; 715 b->asn_len -= 2; 716 } else if (sub <= 0x1fffff) { 717 *b->asn_ptr++ = (sub >> 14) | 0x80; 718 *b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80; 719 *b->asn_ptr++ = sub & 0x7f; 720 b->asn_len -= 3; 721 } else if (sub <= 0xfffffff) { 722 *b->asn_ptr++ = (sub >> 21) | 0x80; 723 *b->asn_ptr++ = ((sub >> 14) & 0x7f) | 0x80; 724 *b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80; 725 *b->asn_ptr++ = sub & 0x7f; 726 b->asn_len -= 4; 727 } else { 728 *b->asn_ptr++ = (sub >> 28) | 0x80; 729 *b->asn_ptr++ = ((sub >> 21) & 0x7f) | 0x80; 730 *b->asn_ptr++ = ((sub >> 14) & 0x7f) | 0x80; 731 *b->asn_ptr++ = ((sub >> 7) & 0x7f) | 0x80; 732 *b->asn_ptr++ = sub & 0x7f; 733 b->asn_len -= 5; 734 } 735 } 736 return (err); 737 } 738 /* 739 * SEQUENCE header 740 * 741 * <0x10|0x20> <len> <data...> 742 */ 743 enum asn_err 744 asn_get_sequence(struct asn_buf *b, asn_len_t *len) 745 { 746 u_char type; 747 enum asn_err err; 748 749 if ((err = asn_get_header(b, &type, len)) != ASN_ERR_OK) 750 return (err); 751 if (type != (ASN_TYPE_SEQUENCE|ASN_TYPE_CONSTRUCTED)) { 752 asn_error(b, "bad sequence type %u", type); 753 return (ASN_ERR_TAG); 754 } 755 if (*len > b->asn_len) { 756 asn_error(b, "truncated sequence"); 757 return (ASN_ERR_EOBUF); 758 } 759 return (ASN_ERR_OK); 760 } 761 762 /* 763 * Application types 764 * 765 * 0x40 4 MSB 2MSB 2LSB LSB 766 */ 767 enum asn_err 768 asn_get_ipaddress_raw(struct asn_buf *b, asn_len_t len, u_char *addr) 769 { 770 u_int i; 771 772 if (b->asn_len < len) { 773 asn_error(b, "truncated ip-address"); 774 return (ASN_ERR_EOBUF); 775 } 776 if (len < 4) { 777 asn_error(b, "short length for ip-Address %u", len); 778 for (i = 0; i < len; i++) 779 *addr++ = *b->asn_cptr++; 780 while (i++ < len) 781 *addr++ = 0; 782 b->asn_len -= len; 783 return (ASN_ERR_BADLEN); 784 } 785 for (i = 0; i < 4; i++) 786 *addr++ = *b->asn_cptr++; 787 b->asn_cptr += len - 4; 788 b->asn_len -= len; 789 return (ASN_ERR_OK); 790 } 791 792 enum asn_err 793 asn_get_ipaddress(struct asn_buf *b, u_char *addr) 794 { 795 u_char type; 796 asn_len_t len; 797 enum asn_err err; 798 799 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK) 800 return (err); 801 if (type != (ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS)) { 802 asn_error(b, "bad type for ip-address %u", type); 803 return (ASN_ERR_TAG); 804 } 805 return (asn_get_ipaddress_raw(b, len, addr)); 806 } 807 808 enum asn_err 809 asn_put_ipaddress(struct asn_buf *b, const u_char *addr) 810 { 811 enum asn_err err; 812 813 if ((err = asn_put_header(b, ASN_CLASS_APPLICATION|ASN_APP_IPADDRESS, 814 4)) != ASN_ERR_OK) 815 return (err); 816 if (b->asn_len < 4) 817 return (ASN_ERR_EOBUF); 818 819 memcpy(b->asn_ptr, addr, 4); 820 b->asn_ptr += 4; 821 b->asn_len -= 4; 822 return (ASN_ERR_OK); 823 } 824 825 826 /* 827 * UNSIGNED32 828 * 829 * 0x42|0x41 <len> ... 830 */ 831 enum asn_err 832 asn_get_uint32_raw(struct asn_buf *b, asn_len_t len, uint32_t *vp) 833 { 834 uint64_t v; 835 enum asn_err err; 836 837 if ((err = asn_get_real_unsigned(b, len, &v)) == ASN_ERR_OK) { 838 if (v > UINT32_MAX) { 839 asn_error(b, "uint32 too large %llu", v); 840 err = ASN_ERR_RANGE; 841 } 842 *vp = (uint32_t)v; 843 } 844 return (err); 845 } 846 847 enum asn_err 848 asn_put_uint32(struct asn_buf *b, u_char type, uint32_t val) 849 { 850 uint64_t v = val; 851 852 return (asn_put_real_unsigned(b, ASN_CLASS_APPLICATION|type, v)); 853 } 854 855 /* 856 * COUNTER64 857 * 0x46 <len> ... 858 */ 859 enum asn_err 860 asn_get_counter64_raw(struct asn_buf *b, asn_len_t len, uint64_t *vp) 861 { 862 return (asn_get_real_unsigned(b, len, vp)); 863 } 864 865 enum asn_err 866 asn_put_counter64(struct asn_buf *b, uint64_t val) 867 { 868 return (asn_put_real_unsigned(b, 869 ASN_CLASS_APPLICATION | ASN_APP_COUNTER64, val)); 870 } 871 872 /* 873 * TimeTicks 874 * 0x43 <len> ... 875 */ 876 enum asn_err 877 asn_get_timeticks(struct asn_buf *b, uint32_t *vp) 878 { 879 asn_len_t len; 880 u_char type; 881 enum asn_err err; 882 883 if ((err = asn_get_header(b, &type, &len)) != ASN_ERR_OK) 884 return (err); 885 if (type != (ASN_CLASS_APPLICATION|ASN_APP_TIMETICKS)) { 886 asn_error(b, "bad type for timeticks %u", type); 887 return (ASN_ERR_TAG); 888 } 889 return (asn_get_uint32_raw(b, len, vp)); 890 } 891 892 enum asn_err 893 asn_put_timeticks(struct asn_buf *b, uint32_t val) 894 { 895 uint64_t v = val; 896 897 return (asn_put_real_unsigned(b, 898 ASN_CLASS_APPLICATION | ASN_APP_TIMETICKS, v)); 899 } 900 901 /* 902 * Construct a new OID by taking a range of sub ids of the original oid. 903 */ 904 void 905 asn_slice_oid(struct asn_oid *dest, const struct asn_oid *src, 906 u_int from, u_int to) 907 { 908 if (from >= to) { 909 dest->len = 0; 910 return; 911 } 912 dest->len = to - from; 913 memcpy(dest->subs, &src->subs[from], dest->len * sizeof(dest->subs[0])); 914 } 915 916 /* 917 * Append from to to 918 */ 919 void 920 asn_append_oid(struct asn_oid *to, const struct asn_oid *from) 921 { 922 memcpy(&to->subs[to->len], &from->subs[0], 923 from->len * sizeof(from->subs[0])); 924 to->len += from->len; 925 } 926 927 /* 928 * Skip a value 929 */ 930 enum asn_err 931 asn_skip(struct asn_buf *b, asn_len_t len) 932 { 933 if (b->asn_len < len) 934 return (ASN_ERR_EOBUF); 935 b->asn_cptr += len; 936 b->asn_len -= len; 937 return (ASN_ERR_OK); 938 } 939 940 /* 941 * Add a padding 942 */ 943 enum asn_err 944 asn_pad(struct asn_buf *b, asn_len_t len) 945 { 946 if (b->asn_len < len) 947 return (ASN_ERR_EOBUF); 948 b->asn_ptr += len; 949 b->asn_len -= len; 950 951 return (ASN_ERR_OK); 952 } 953 954 /* 955 * Compare two OIDs. 956 * 957 * o1 < o2 : -1 958 * o1 > o2 : +1 959 * o1 = o2 : 0 960 */ 961 int 962 asn_compare_oid(const struct asn_oid *o1, const struct asn_oid *o2) 963 { 964 u_long i; 965 966 for (i = 0; i < o1->len && i < o2->len; i++) { 967 if (o1->subs[i] < o2->subs[i]) 968 return (-1); 969 if (o1->subs[i] > o2->subs[i]) 970 return (+1); 971 } 972 if (o1->len < o2->len) 973 return (-1); 974 if (o1->len > o2->len) 975 return (+1); 976 return (0); 977 } 978 979 /* 980 * Check whether an OID is a sub-string of another OID. 981 */ 982 int 983 asn_is_suboid(const struct asn_oid *o1, const struct asn_oid *o2) 984 { 985 u_long i; 986 987 for (i = 0; i < o1->len; i++) 988 if (i >= o2->len || o1->subs[i] != o2->subs[i]) 989 return (0); 990 return (1); 991 } 992 993 /* 994 * Put a string representation of an oid into a user buffer. This buffer 995 * is assumed to be at least ASN_OIDSTRLEN characters long. 996 * 997 * sprintf is assumed not to fail here. 998 */ 999 char * 1000 asn_oid2str_r(const struct asn_oid *oid, char *buf) 1001 { 1002 u_int len, i; 1003 char *ptr; 1004 1005 if ((len = oid->len) > ASN_MAXOIDLEN) 1006 len = ASN_MAXOIDLEN; 1007 buf[0] = '\0'; 1008 for (i = 0, ptr = buf; i < len; i++) { 1009 if (i > 0) 1010 *ptr++ = '.'; 1011 ptr += sprintf(ptr, "%u", oid->subs[i]); 1012 } 1013 return (buf); 1014 } 1015 1016 /* 1017 * Make a string from an OID in a private buffer. 1018 */ 1019 char * 1020 asn_oid2str(const struct asn_oid *oid) 1021 { 1022 static char str[ASN_OIDSTRLEN]; 1023 1024 return (asn_oid2str_r(oid, str)); 1025 } 1026 1027 1028 static void 1029 asn_error_func(const struct asn_buf *b, const char *err, ...) 1030 { 1031 va_list ap; 1032 u_long i; 1033 1034 fprintf(stderr, "ASN.1: "); 1035 va_start(ap, err); 1036 vfprintf(stderr, err, ap); 1037 va_end(ap); 1038 1039 if (b != NULL) { 1040 fprintf(stderr, " at"); 1041 for (i = 0; b->asn_len > i; i++) 1042 fprintf(stderr, " %02x", b->asn_cptr[i]); 1043 } 1044 fprintf(stderr, "\n"); 1045 } 1046