diff options
Diffstat (limited to 'security/nss/lib/util/dersubr.c')
| -rw-r--r-- | security/nss/lib/util/dersubr.c | 266 |
1 files changed, 266 insertions, 0 deletions
diff --git a/security/nss/lib/util/dersubr.c b/security/nss/lib/util/dersubr.c new file mode 100644 index 000000000..3aa0db8f1 --- /dev/null +++ b/security/nss/lib/util/dersubr.c @@ -0,0 +1,266 @@ +/* ***** BEGIN LICENSE BLOCK ***** + * Version: MPL 1.1/GPL 2.0/LGPL 2.1 + * + * The contents of this file are subject to the Mozilla Public License Version + * 1.1 (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * http://www.mozilla.org/MPL/ + * + * Software distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License + * for the specific language governing rights and limitations under the + * License. + * + * The Original Code is the Netscape security libraries. + * + * The Initial Developer of the Original Code is + * Netscape Communications Corporation. + * Portions created by the Initial Developer are Copyright (C) 1994-2000 + * the Initial Developer. All Rights Reserved. + * + * Contributor(s): + * + * Alternatively, the contents of this file may be used under the terms of + * either the GNU General Public License Version 2 or later (the "GPL"), or + * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"), + * in which case the provisions of the GPL or the LGPL are applicable instead + * of those above. If you wish to allow use of your version of this file only + * under the terms of either the GPL or the LGPL, and not to allow others to + * use your version of this file under the terms of the MPL, indicate your + * decision by deleting the provisions above and replace them with the notice + * and other provisions required by the GPL or the LGPL. If you do not delete + * the provisions above, a recipient may use your version of this file under + * the terms of any one of the MPL, the GPL or the LGPL. + * + * ***** END LICENSE BLOCK ***** */ + +#include "secder.h" +#include <limits.h> +#include "secerr.h" + +int +DER_LengthLength(PRUint32 len) +{ + if (len > 127) { + if (len > 255) { + if (len > 65535L) { + if (len > 16777215L) { + return 5; + } else { + return 4; + } + } else { + return 3; + } + } else { + return 2; + } + } else { + return 1; + } +} + +unsigned char * +DER_StoreHeader(unsigned char *buf, unsigned int code, PRUint32 len) +{ + unsigned char b[4]; + + b[0] = (unsigned char)(len >> 24); + b[1] = (unsigned char)(len >> 16); + b[2] = (unsigned char)(len >> 8); + b[3] = (unsigned char)len; + if ((code & DER_TAGNUM_MASK) == DER_SET + || (code & DER_TAGNUM_MASK) == DER_SEQUENCE) + code |= DER_CONSTRUCTED; + *buf++ = code; + if (len > 127) { + if (len > 255) { + if (len > 65535) { + if (len > 16777215) { + *buf++ = 0x84; + *buf++ = b[0]; + *buf++ = b[1]; + *buf++ = b[2]; + *buf++ = b[3]; + } else { + *buf++ = 0x83; + *buf++ = b[1]; + *buf++ = b[2]; + *buf++ = b[3]; + } + } else { + *buf++ = 0x82; + *buf++ = b[2]; + *buf++ = b[3]; + } + } else { + *buf++ = 0x81; + *buf++ = b[3]; + } + } else { + *buf++ = b[3]; + } + return buf; +} + +/* + * XXX This should be rewritten, generalized, to take a long instead + * of a PRInt32. + */ +SECStatus +DER_SetInteger(PRArenaPool *arena, SECItem *it, PRInt32 i) +{ + unsigned char bb[4]; + unsigned len; + + bb[0] = (unsigned char) (i >> 24); + bb[1] = (unsigned char) (i >> 16); + bb[2] = (unsigned char) (i >> 8); + bb[3] = (unsigned char) (i); + + /* + ** Small integers are encoded in a single byte. Larger integers + ** require progressively more space. + */ + if (i < -128) { + if (i < -32768L) { + if (i < -8388608L) { + len = 4; + } else { + len = 3; + } + } else { + len = 2; + } + } else if (i > 127) { + if (i > 32767L) { + if (i > 8388607L) { + len = 4; + } else { + len = 3; + } + } else { + len = 2; + } + } else { + len = 1; + } + it->data = (unsigned char*) PORT_ArenaAlloc(arena, len); + if (!it->data) { + return SECFailure; + } + it->len = len; + PORT_Memcpy(it->data, bb + (4 - len), len); + return SECSuccess; +} + +/* + * XXX This should be rewritten, generalized, to take an unsigned long instead + * of a PRUint32. + */ +SECStatus +DER_SetUInteger(PRArenaPool *arena, SECItem *it, PRUint32 ui) +{ + unsigned char bb[5]; + int len; + + bb[0] = 0; + bb[1] = (unsigned char) (ui >> 24); + bb[2] = (unsigned char) (ui >> 16); + bb[3] = (unsigned char) (ui >> 8); + bb[4] = (unsigned char) (ui); + + /* + ** Small integers are encoded in a single byte. Larger integers + ** require progressively more space. + */ + if (ui > 0x7f) { + if (ui > 0x7fff) { + if (ui > 0x7fffffL) { + if (ui >= 0x80000000L) { + len = 5; + } else { + len = 4; + } + } else { + len = 3; + } + } else { + len = 2; + } + } else { + len = 1; + } + + it->data = (unsigned char *)PORT_ArenaAlloc(arena, len); + if (it->data == NULL) { + return SECFailure; + } + + it->len = len; + PORT_Memcpy(it->data, bb + (sizeof(bb) - len), len); + + return SECSuccess; +} + +/* +** Convert a der encoded *signed* integer into a machine integral value. +** If an underflow/overflow occurs, sets error code and returns min/max. +*/ +long +DER_GetInteger(SECItem *it) +{ + long ival = 0; + unsigned len = it->len; + unsigned char *cp = it->data; + unsigned long overflow = 0x1ffUL << (((sizeof(ival) - 1) * 8) - 1); + unsigned long ofloinit; + + if (*cp & 0x80) + ival = -1L; + ofloinit = ival & overflow; + + while (len) { + if ((ival & overflow) != ofloinit) { + PORT_SetError(SEC_ERROR_BAD_DER); + if (ival < 0) { + return LONG_MIN; + } + return LONG_MAX; + } + ival = ival << 8; + ival |= *cp++; + --len; + } + return ival; +} + +/* +** Convert a der encoded *unsigned* integer into a machine integral value. +** If an underflow/overflow occurs, sets error code and returns min/max. +*/ +unsigned long +DER_GetUInteger(SECItem *it) +{ + unsigned long ival = 0; + unsigned len = it->len; + unsigned char *cp = it->data; + unsigned long overflow = 0xffUL << ((sizeof(ival) - 1) * 8); + + /* Cannot put a negative value into an unsigned container. */ + if (*cp & 0x80) { + PORT_SetError(SEC_ERROR_BAD_DER); + return 0; + } + + while (len) { + if (ival & overflow) { + PORT_SetError(SEC_ERROR_BAD_DER); + return ULONG_MAX; + } + ival = ival << 8; + ival |= *cp++; + --len; + } + return ival; +} |