1 /*        $NetBSD: der_get.c,v 1.3 2023/06/19 21:41:42 christos Exp $ */
2 
3 /*
4  * Copyright (c) 1997 - 2007 Kungliga Tekniska Högskolan
5  * (Royal Institute of Technology, Stockholm, Sweden).
6  * All rights reserved.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * 1. Redistributions of source code must retain the above copyright
13  *    notice, this list of conditions and the following disclaimer.
14  *
15  * 2. Redistributions in binary form must reproduce the above copyright
16  *    notice, this list of conditions and the following disclaimer in the
17  *    documentation and/or other materials provided with the distribution.
18  *
19  * 3. Neither the name of the Institute nor the names of its contributors
20  *    may be used to endorse or promote products derived from this software
21  *    without specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
24  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
25  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
26  * ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
27  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
28  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
29  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
30  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
31  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
32  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
33  * SUCH DAMAGE.
34  */
35 
36 #include "der_locl.h"
37 
38 /*
39  * All decoding functions take a pointer `p' to first position in
40  * which to read, from the left, `len' which means the maximum number
41  * of characters we are able to read, `ret' were the value will be
42  * returned and `size' where the number of used bytes is stored.
43  * Either 0 or an error code is returned.
44  */
45 
46 int
der_get_unsigned(const unsigned char * p,size_t len,unsigned * ret,size_t * size)47 der_get_unsigned (const unsigned char *p, size_t len,
48                       unsigned *ret, size_t *size)
49 {
50     unsigned val = 0;
51     size_t oldlen = len;
52 
53     if (len == sizeof(val) + 1 && p[0] == 0)
54           ;
55     else if (len > sizeof(val))
56           return ASN1_OVERRUN;
57 
58     while (len--)
59           val = val * 256 + *p++;
60     *ret = val;
61     if(size) *size = oldlen;
62     return 0;
63 }
64 
65 int
der_get_unsigned64(const unsigned char * p,size_t len,uint64_t * ret,size_t * size)66 der_get_unsigned64 (const unsigned char *p, size_t len,
67                    uint64_t *ret, size_t *size)
68 {
69     uint64_t val = 0;
70     size_t oldlen = len;
71 
72     if (len == sizeof(val) + 1 && p[0] == 0)
73        ;
74     else if (len > sizeof(val))
75           return ASN1_OVERRUN;
76 
77     while (len--)
78           val = val * 256 + *p++;
79     *ret = val;
80     if(size) *size = oldlen;
81     return 0;
82 }
83 
84 int
der_get_integer(const unsigned char * p,size_t len,int * ret,size_t * size)85 der_get_integer (const unsigned char *p, size_t len,
86                      int *ret, size_t *size)
87 {
88     int val = 0;
89     size_t oldlen = len;
90 
91     if (len == sizeof(val) + 1 && (p[0] == 0 || p[0] == 0xff))
92         ;
93     else if (len > sizeof(val))
94           return ASN1_OVERRUN;
95 
96     /* We assume we're on a twos-complement platform */
97     if (len > 0) {
98           val = (signed char)*p++;
99           while (--len)
100               val = val * 256 + *p++;
101     }
102     *ret = val;
103     if(size) *size = oldlen;
104     return 0;
105 }
106 
107 int
der_get_integer64(const unsigned char * p,size_t len,int64_t * ret,size_t * size)108 der_get_integer64 (const unsigned char *p, size_t len,
109                        int64_t *ret, size_t *size)
110 {
111     int64_t val = 0;
112     size_t oldlen = len;
113 
114     if (len > sizeof(val))
115         return ASN1_OVERRUN;
116 
117     /* We assume we're on a twos-complement platform */
118     if (len > 0) {
119        val = (signed char)*p++;
120        while (--len)
121            val = val * 256 + *p++;
122     }
123     *ret = val;
124     if(size) *size = oldlen;
125     return 0;
126 }
127 
128 
129 int
der_get_length(const unsigned char * p,size_t len,size_t * val,size_t * size)130 der_get_length (const unsigned char *p, size_t len,
131                     size_t *val, size_t *size)
132 {
133     size_t v;
134 
135     if (len <= 0)
136           return ASN1_OVERRUN;
137     --len;
138     v = *p++;
139     if (v < 128) {
140           *val = v;
141           if(size) *size = 1;
142     } else {
143           int e;
144           size_t l;
145           unsigned tmp;
146 
147           if(v == 0x80){
148               *val = ASN1_INDEFINITE;
149               if(size) *size = 1;
150               return 0;
151           }
152           v &= 0x7F;
153           if (len < v)
154               return ASN1_OVERRUN;
155           e = der_get_unsigned (p, v, &tmp, &l);
156           if(e) return e;
157           *val = tmp;
158           if(size) *size = l + 1;
159     }
160     return 0;
161 }
162 
163 int
der_get_boolean(const unsigned char * p,size_t len,int * data,size_t * size)164 der_get_boolean(const unsigned char *p, size_t len, int *data, size_t *size)
165 {
166     if(len < 1)
167           return ASN1_OVERRUN;
168     if(*p != 0)
169           *data = 1;
170     else
171           *data = 0;
172     *size = 1;
173     return 0;
174 }
175 
176 int
der_get_general_string(const unsigned char * p,size_t len,heim_general_string * str,size_t * size)177 der_get_general_string (const unsigned char *p, size_t len,
178                               heim_general_string *str, size_t *size)
179 {
180     const unsigned char *p1;
181     char *s;
182 
183     p1 = memchr(p, 0, len);
184     if (p1 != NULL) {
185           /*
186            * Allow trailing NULs. We allow this since MIT Kerberos sends
187            * an strings in the NEED_PREAUTH case that includes a
188            * trailing NUL.
189            */
190           while ((size_t)(p1 - p) < len && *p1 == '\0')
191               p1++;
192           if ((size_t)(p1 - p) != len) {
193               *str = NULL;
194               return ASN1_BAD_CHARACTER;
195           }
196     }
197     if (len == SIZE_MAX) {
198           *str = NULL;
199           return ASN1_BAD_LENGTH;
200     }
201 
202     *str = s = malloc (len + 1);
203     if (s == NULL)
204           return ENOMEM;
205     memcpy (s, p, len);
206     s[len] = '\0';
207 
208     if(size) *size = len;
209     return 0;
210 }
211 
212 int
der_get_utf8string(const unsigned char * p,size_t len,heim_utf8_string * str,size_t * size)213 der_get_utf8string (const unsigned char *p, size_t len,
214                         heim_utf8_string *str, size_t *size)
215 {
216     return der_get_general_string(p, len, str, size);
217 }
218 
219 #define gen_data_zero(_data) \
220           do { (_data)->length = 0; (_data)->data = NULL; } while(0)
221 
222 int
der_get_printable_string(const unsigned char * p,size_t len,heim_printable_string * str,size_t * size)223 der_get_printable_string(const unsigned char *p, size_t len,
224                                heim_printable_string *str, size_t *size)
225 {
226     if (len == SIZE_MAX) {
227           gen_data_zero(str);
228           return ASN1_BAD_LENGTH;
229     }
230     str->length = len;
231     str->data = malloc(len + 1);
232     if (str->data == NULL) {
233           gen_data_zero(str);
234           return ENOMEM;
235     }
236     memcpy(str->data, p, len);
237     ((char *)str->data)[len] = '\0';
238     if(size) *size = len;
239     return 0;
240 }
241 
242 int
der_get_ia5_string(const unsigned char * p,size_t len,heim_ia5_string * str,size_t * size)243 der_get_ia5_string(const unsigned char *p, size_t len,
244                        heim_ia5_string *str, size_t *size)
245 {
246     return der_get_printable_string(p, len, str, size);
247 }
248 
249 int
der_get_bmp_string(const unsigned char * p,size_t len,heim_bmp_string * data,size_t * size)250 der_get_bmp_string (const unsigned char *p, size_t len,
251                         heim_bmp_string *data, size_t *size)
252 {
253     size_t i;
254 
255     if (len & 1) {
256           gen_data_zero(data);
257           return ASN1_BAD_FORMAT;
258     }
259     data->length = len / 2;
260     if (data->length > UINT_MAX/sizeof(data->data[0])) {
261           gen_data_zero(data);
262           return ERANGE;
263     }
264     data->data = malloc(data->length * sizeof(data->data[0]));
265     if (data->data == NULL && data->length != 0) {
266           gen_data_zero(data);
267           return ENOMEM;
268     }
269 
270     for (i = 0; i < data->length; i++) {
271           data->data[i] = (p[0] << 8) | p[1];
272           p += 2;
273           /* check for NUL in the middle of the string */
274           if (data->data[i] == 0 && i != (data->length - 1)) {
275               free(data->data);
276               gen_data_zero(data);
277               return ASN1_BAD_CHARACTER;
278           }
279     }
280     if (size) *size = len;
281 
282     return 0;
283 }
284 
285 int
der_get_universal_string(const unsigned char * p,size_t len,heim_universal_string * data,size_t * size)286 der_get_universal_string (const unsigned char *p, size_t len,
287                                 heim_universal_string *data, size_t *size)
288 {
289     size_t i;
290 
291     if (len & 3) {
292           gen_data_zero(data);
293           return ASN1_BAD_FORMAT;
294     }
295     data->length = len / 4;
296     if (data->length > UINT_MAX/sizeof(data->data[0])) {
297           gen_data_zero(data);
298           return ERANGE;
299     }
300     data->data = malloc(data->length * sizeof(data->data[0]));
301     if (data->data == NULL && data->length != 0) {
302           gen_data_zero(data);
303           return ENOMEM;
304     }
305 
306     for (i = 0; i < data->length; i++) {
307           data->data[i] = (p[0] << 24) | (p[1] << 16) | (p[2] << 8) | p[3];
308           p += 4;
309           /* check for NUL in the middle of the string */
310           if (data->data[i] == 0 && i != (data->length - 1)) {
311               free(data->data);
312               gen_data_zero(data);
313               return ASN1_BAD_CHARACTER;
314           }
315     }
316     if (size) *size = len;
317     return 0;
318 }
319 
320 int
der_get_visible_string(const unsigned char * p,size_t len,heim_visible_string * str,size_t * size)321 der_get_visible_string (const unsigned char *p, size_t len,
322                               heim_visible_string *str, size_t *size)
323 {
324     return der_get_general_string(p, len, str, size);
325 }
326 
327 int
der_get_octet_string(const unsigned char * p,size_t len,heim_octet_string * data,size_t * size)328 der_get_octet_string (const unsigned char *p, size_t len,
329                           heim_octet_string *data, size_t *size)
330 {
331     data->length = len;
332     data->data = malloc(len);
333     if (data->data == NULL && data->length != 0)
334           return ENOMEM;
335     memcpy (data->data, p, len);
336     if(size) *size = len;
337     return 0;
338 }
339 
340 int
der_get_octet_string_ber(const unsigned char * p,size_t len,heim_octet_string * data,size_t * size)341 der_get_octet_string_ber (const unsigned char *p, size_t len,
342                                 heim_octet_string *data, size_t *size)
343 {
344     int e;
345     Der_type type;
346     Der_class cls;
347     unsigned int tag, depth = 0;
348     size_t l, datalen, oldlen = len;
349 
350     data->length = 0;
351     data->data = NULL;
352 
353     while (len) {
354           e = der_get_tag (p, len, &cls, &type, &tag, &l);
355           if (e) goto out;
356           if (cls != ASN1_C_UNIV) {
357               e = ASN1_BAD_ID;
358               goto out;
359           }
360           if (type == PRIM && tag == UT_EndOfContent) {
361               if (depth == 0)
362                     break;
363               depth--;
364           }
365           if (tag != UT_OctetString) {
366               e = ASN1_BAD_ID;
367               goto out;
368           }
369 
370           p += l;
371           len -= l;
372           e = der_get_length (p, len, &datalen, &l);
373           if (e) goto out;
374           p += l;
375           len -= l;
376 
377           if (datalen > len)
378               return ASN1_OVERRUN;
379 
380           if (type == PRIM) {
381               void *ptr;
382 
383               ptr = realloc(data->data, data->length + datalen);
384               if (ptr == NULL) {
385                     e = ENOMEM;
386                     goto out;
387               }
388               data->data = ptr;
389               memcpy(((unsigned char *)data->data) + data->length, p, datalen);
390               data->length += datalen;
391           } else
392               depth++;
393 
394           p += datalen;
395           len -= datalen;
396     }
397     if (depth != 0)
398           return ASN1_INDEF_OVERRUN;
399     if(size) *size = oldlen - len;
400     return 0;
401  out:
402     free(data->data);
403     data->data = NULL;
404     data->length = 0;
405     return e;
406 }
407 
408 
409 int
der_get_heim_integer(const unsigned char * p,size_t len,heim_integer * data,size_t * size)410 der_get_heim_integer (const unsigned char *p, size_t len,
411                           heim_integer *data, size_t *size)
412 {
413     data->length = 0;
414     data->negative = 0;
415     data->data = NULL;
416 
417     if (len == 0) {
418           if (size)
419               *size = 0;
420           return 0;
421     }
422     if (p[0] & 0x80) {
423           unsigned char *q;
424           int carry = 1;
425 
426 
427         /*
428          * A negative number.  It's going to be a twos complement byte array.
429          * We're going to leave the positive value in `data->data', but set the
430          * `data->negative' flag.  That means we need to negate the
431          * twos-complement integer received.
432          */
433           data->negative = 1;
434           data->length = len;
435 
436           if (p[0] == 0xff) {
437             if (data->length == 1) {
438                 /* One byte of all ones == -1 */
439                 q = data->data = malloc(1);
440                 *q = 1;
441                 data->length = 1;
442                 if (size)
443                     *size = 1;
444                 return 0;
445             }
446 
447               p++;
448               data->length--;
449 
450             /*
451              * We could check if the next byte's high bit is set, which would
452              * be an error ("illegal padding" in OpenSSL).  However, this would
453              * mean failing to accept certificates made by certain CAs that
454              * would read 8 bytes of RNG into a buffer, slap on length 8, then
455              * slap on the tag [UNIVERSAL INTEGER], and make that the
456              * serialNumber field's encoding, which then fails to parse in
457              * around 1 in 256 certificates.
458              *
459              * So let's not.
460              *
461              * if (p[0] & 0x80)
462              *     return ASN1_PARSE_ERROR; // or a new error code
463              */
464           }
465           data->data = malloc(data->length);
466           if (data->data == NULL) {
467               data->length = 0;
468               if (size)
469                     *size = 0;
470               return ENOMEM;
471           }
472 
473         /*
474          * Note that if `data->length' were zero, this would be UB because we
475          * underflow if data->length is zero even though we wouldn't actually
476          * dereference the byte before data->data.  Thus we check above for
477          * that.
478          */
479           q = &((unsigned char*)data->data)[data->length - 1];
480           p += data->length - 1;
481           while (q >= (unsigned char*)data->data) {
482             /* *p XOR 0xff -> ~*p; we're dealing with twos complement */
483               *q = *p ^ 0xff;
484               if (carry)
485                     carry = !++*q;
486               p--;
487               q--;
488           }
489     } else {
490           data->negative = 0;
491           data->length = len;
492 
493           if (p[0] == 0) {
494               p++;
495               data->length--;
496           }
497           data->data = malloc(data->length);
498           if (data->data == NULL && data->length != 0) {
499               data->length = 0;
500               if (size)
501                     *size = 0;
502               return ENOMEM;
503           }
504           memcpy(data->data, p, data->length);
505     }
506     if (size)
507           *size = len;
508     return 0;
509 }
510 
511 static int
generalizedtime2time(const char * s,time_t * t)512 generalizedtime2time (const char *s, time_t *t)
513 {
514     struct tm tm;
515 
516     memset(&tm, 0, sizeof(tm));
517     if (sscanf (s, "%04d%02d%02d%02d%02d%02dZ",
518                     &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
519                     &tm.tm_min, &tm.tm_sec) != 6) {
520           if (sscanf (s, "%02d%02d%02d%02d%02d%02dZ",
521                         &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour,
522                         &tm.tm_min, &tm.tm_sec) != 6)
523               return ASN1_BAD_TIMEFORMAT;
524           if (tm.tm_year < 50)
525               tm.tm_year += 2000;
526           else
527               tm.tm_year += 1900;
528     }
529     tm.tm_year -= 1900;
530     tm.tm_mon -= 1;
531     *t = _der_timegm (&tm);
532     return 0;
533 }
534 
535 static int
der_get_time(const unsigned char * p,size_t len,time_t * data,size_t * size)536 der_get_time (const unsigned char *p, size_t len,
537                 time_t *data, size_t *size)
538 {
539     char *times;
540     int e;
541 
542     if (len == SIZE_MAX || len == 0)
543           return ASN1_BAD_LENGTH;
544 
545     times = malloc(len + 1);
546     if (times == NULL)
547           return ENOMEM;
548     memcpy(times, p, len);
549     times[len] = '\0';
550     e = generalizedtime2time(times, data);
551     free (times);
552     if(size) *size = len;
553     return e;
554 }
555 
556 int
der_get_generalized_time(const unsigned char * p,size_t len,time_t * data,size_t * size)557 der_get_generalized_time (const unsigned char *p, size_t len,
558                                 time_t *data, size_t *size)
559 {
560     return der_get_time(p, len, data, size);
561 }
562 
563 int
der_get_utctime(const unsigned char * p,size_t len,time_t * data,size_t * size)564 der_get_utctime (const unsigned char *p, size_t len,
565                                 time_t *data, size_t *size)
566 {
567     return der_get_time(p, len, data, size);
568 }
569 
570 int
der_get_oid(const unsigned char * p,size_t len,heim_oid * data,size_t * size)571 der_get_oid (const unsigned char *p, size_t len,
572                heim_oid *data, size_t *size)
573 {
574     size_t n;
575     size_t oldlen = len;
576 
577     if (len < 1)
578           return ASN1_OVERRUN;
579 
580     if (len == SIZE_MAX)
581           return ASN1_BAD_LENGTH;
582 
583     if (len + 1 > UINT_MAX/sizeof(data->components[0]))
584           return ERANGE;
585 
586     data->components = malloc((len + 1) * sizeof(data->components[0]));
587     if (data->components == NULL)
588           return ENOMEM;
589     data->components[0] = (*p) / 40;
590     data->components[1] = (*p) % 40;
591     --len;
592     ++p;
593     for (n = 2; len > 0; ++n) {
594           unsigned u = 0, u1;
595 
596           do {
597               --len;
598               u1 = u * 128 + (*p++ % 128);
599               /* check that we don't overflow the element */
600               if (u1 < u) {
601                     der_free_oid(data);
602                     return ASN1_OVERRUN;
603               }
604               u = u1;
605           } while (len > 0 && p[-1] & 0x80);
606           data->components[n] = u;
607     }
608     if (n > 2 && p[-1] & 0x80) {
609           der_free_oid (data);
610           return ASN1_OVERRUN;
611     }
612     data->length = n;
613     if (size)
614           *size = oldlen;
615     return 0;
616 }
617 
618 int
der_get_tag(const unsigned char * p,size_t len,Der_class * cls,Der_type * type,unsigned int * tag,size_t * size)619 der_get_tag (const unsigned char *p, size_t len,
620                Der_class *cls, Der_type *type,
621                unsigned int *tag, size_t *size)
622 {
623     size_t ret = 0;
624     if (len < 1)
625           return ASN1_OVERRUN;
626     *cls = (Der_class)(((*p) >> 6) & 0x03);
627     *type = (Der_type)(((*p) >> 5) & 0x01);
628     *tag = (*p) & 0x1f;
629     p++; len--; ret++;
630     if(*tag == 0x1f) {
631           unsigned int continuation;
632           unsigned int tag1;
633           *tag = 0;
634           do {
635               if(len < 1)
636                     return ASN1_OVERRUN;
637               continuation = *p & 128;
638               tag1 = *tag * 128 + (*p % 128);
639               /* check that we don't overflow the tag */
640               if (tag1 < *tag)
641                     return ASN1_OVERFLOW;
642               *tag = tag1;
643               p++; len--; ret++;
644           } while(continuation);
645     }
646     if(size) *size = ret;
647     return 0;
648 }
649 
650 int
der_match_tag(const unsigned char * p,size_t len,Der_class cls,Der_type type,unsigned int tag,size_t * size)651 der_match_tag (const unsigned char *p, size_t len,
652                  Der_class cls, Der_type type,
653                  unsigned int tag, size_t *size)
654 {
655     Der_type thistype;
656     int e;
657 
658     e = der_match_tag2(p, len, cls, &thistype, tag, size);
659     if (e) return e;
660     if (thistype != type) return ASN1_BAD_ID;
661     return 0;
662 }
663 
664 int
der_match_tag2(const unsigned char * p,size_t len,Der_class cls,Der_type * type,unsigned int tag,size_t * size)665 der_match_tag2 (const unsigned char *p, size_t len,
666                     Der_class cls, Der_type *type,
667                     unsigned int tag, size_t *size)
668 {
669     size_t l;
670     Der_class thisclass;
671     unsigned int thistag;
672     int e;
673 
674     e = der_get_tag (p, len, &thisclass, type, &thistag, &l);
675     if (e) return e;
676     if (cls != thisclass)
677           return ASN1_BAD_ID;
678     if(tag > thistag)
679           return ASN1_MISPLACED_FIELD;
680     if(tag < thistag)
681           return ASN1_MISSING_FIELD;
682     if(size) *size = l;
683     return 0;
684 }
685 
686 int
der_match_tag_and_length(const unsigned char * p,size_t len,Der_class cls,Der_type * type,unsigned int tag,size_t * length_ret,size_t * size)687 der_match_tag_and_length (const unsigned char *p, size_t len,
688                                 Der_class cls, Der_type *type, unsigned int tag,
689                                 size_t *length_ret, size_t *size)
690 {
691     size_t l, ret = 0;
692     int e;
693 
694     e = der_match_tag2 (p, len, cls, type, tag, &l);
695     if (e) return e;
696     p += l;
697     len -= l;
698     ret += l;
699     e = der_get_length (p, len, length_ret, &l);
700     if (e) return e;
701     if(size) *size = ret + l;
702     return 0;
703 }
704 
705 
706 
707 /*
708  * Old versions of DCE was based on a very early beta of the MIT code,
709  * which used MAVROS for ASN.1 encoding. MAVROS had the interesting
710  * feature that it encoded data in the forward direction, which has
711  * it's problems, since you have no idea how long the data will be
712  * until after you're done. MAVROS solved this by reserving one byte
713  * for length, and later, if the actual length was longer, it reverted
714  * to indefinite, BER style, lengths. The version of MAVROS used by
715  * the DCE people could apparently generate correct X.509 DER encodings, and
716  * did this by making space for the length after encoding, but
717  * unfortunately this feature wasn't used with Kerberos.
718  */
719 
720 int
_heim_fix_dce(size_t reallen,size_t * len)721 _heim_fix_dce(size_t reallen, size_t *len)
722 {
723     if(reallen == ASN1_INDEFINITE)
724           return 1;
725     if(*len < reallen)
726           return -1;
727     *len = reallen;
728     return 0;
729 }
730 
731 int
der_get_bit_string(const unsigned char * p,size_t len,heim_bit_string * data,size_t * size)732 der_get_bit_string (const unsigned char *p, size_t len,
733                         heim_bit_string *data, size_t *size)
734 {
735     if (len < 1)
736           return ASN1_OVERRUN;
737     if (p[0] > 7)
738           return ASN1_BAD_FORMAT;
739     if (len - 1 == 0 && p[0] != 0)
740           return ASN1_BAD_FORMAT;
741     /* check if any of the three upper bits are set
742      * any of them will cause a interger overrun */
743     if ((len - 1) >> (sizeof(len) * 8 - 3))
744           return ASN1_OVERRUN;
745     /*
746      * If there is data to copy, do that now.
747      */
748     if (len - 1 > 0) {
749           data->length = (len - 1) * 8;
750           data->data = malloc(len - 1);
751           if (data->data == NULL)
752               return ENOMEM;
753           memcpy (data->data, p + 1, len - 1);
754           data->length -= p[0];
755     } else {
756           data->data = NULL;
757           data->length = 0;
758     }
759     if(size) *size = len;
760     return 0;
761 }
762