]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/der_writer.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
PROV: Use rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx() in RSA-OAEP
[thirdparty/openssl.git] / crypto / der_writer.c
CommitLineData
1d39620b
RL		 1/*
2 * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10#include <stdlib.h>
11#include <string.h>
12#include "internal/cryptlib.h"
13#include "internal/der.h"
14#include "crypto/bn.h"
15
16static int int_start_context(WPACKET *pkt, int tag)
17{
18 if (tag < 0)
19 return 1;
20 if (!ossl_assert(tag <= 30))
21 return 0;
22 return WPACKET_start_sub_packet(pkt);
23}
24
25static int int_end_context(WPACKET *pkt, int tag)
26{
2275ff65
RL		 27 /*
28 * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this
29 * sub-packet and this sub-packet has nothing written to it, the DER length
30 * will not be written, and the total written size will be unchanged before
31 * and after WPACKET_close(). We use size1 and size2 to determine if
32 * anything was written, and only write our tag if it has.
33 *
34 */
35 size_t size1, size2;
36
1d39620b
RL		 37 if (tag < 0)
38 return 1;
39 if (!ossl_assert(tag <= 30))
40 return 0;
2275ff65
RL		 41 return WPACKET_get_total_written(pkt, &size1)
42 && WPACKET_close(pkt)
43 && WPACKET_get_total_written(pkt, &size2)
44 && (size1 == size2 || WPACKET_put_bytes_u8(pkt, DER_C_CONTEXT | tag));
1d39620b
RL		 45}
46
47int DER_w_precompiled(WPACKET *pkt, int tag,
48 const unsigned char *precompiled, size_t precompiled_n)
49{
50 return int_start_context(pkt, tag)
51 && WPACKET_memcpy(pkt, precompiled, precompiled_n)
52 && int_end_context(pkt, tag);
53}
54
55int DER_w_boolean(WPACKET *pkt, int tag, int b)
56{
57 return int_start_context(pkt, tag)
58 && WPACKET_start_sub_packet(pkt)
59 && (!b || WPACKET_put_bytes_u8(pkt, 0xFF))
60 && !WPACKET_close(pkt)
61 && !WPACKET_put_bytes_u8(pkt, DER_P_BOOLEAN)
62 && int_end_context(pkt, tag);
63}
64
65static int int_der_w_integer(WPACKET *pkt, int tag,
66 int (*put_bytes)(WPACKET *pkt, const void *v,
67 unsigned int *top_byte),
68 const void *v)
69{
70 unsigned int top_byte = 0;
71
72 return int_start_context(pkt, tag)
73 && WPACKET_start_sub_packet(pkt)
74 && put_bytes(pkt, v, &top_byte)
75 && ((top_byte & 0x80) == 0 || WPACKET_put_bytes_u8(pkt, 0))
76 && WPACKET_close(pkt)
77 && WPACKET_put_bytes_u8(pkt, DER_P_INTEGER)
78 && int_end_context(pkt, tag);
79}
80
81static int int_put_bytes_ulong(WPACKET *pkt, const void *v,
82 unsigned int *top_byte)
83{
84 const unsigned long *value = v;
85 unsigned long tmp = *value;
86 size_t n = 0;
87
88 while (tmp != 0) {
89 n++;
90 *top_byte = (tmp & 0xFF);
91 tmp >>= 8;
92 }
93 if (n == 0)
94 n = 1;
95
96 return WPACKET_put_bytes__(pkt, *value, n);
97}
98
99/* For integers, we only support unsigned values for now */
100int DER_w_ulong(WPACKET *pkt, int tag, unsigned long v)
101{
102 return int_der_w_integer(pkt, tag, int_put_bytes_ulong, &v);
103}
104
105static int int_put_bytes_bn(WPACKET *pkt, const void *v,
106 unsigned int *top_byte)
107{
108 unsigned char *p = NULL;
109 size_t n = BN_num_bytes(v);
110
111 /* The BIGNUM limbs are in LE order */
112 *top_byte =
113 ((bn_get_words(v) [(n - 1) / BN_BYTES]) >> (8 * ((n - 1) % BN_BYTES)))
114 & 0xFF;
115
116 if (!WPACKET_allocate_bytes(pkt, n, &p))
117 return 0;
118 if (p != NULL)
119 BN_bn2bin(v, p);
120 return 1;
121}
122
123int DER_w_bn(WPACKET *pkt, int tag, const BIGNUM *v)
124{
125 if (v == NULL || BN_is_negative(v))
126 return 0;
127 if (BN_is_zero(v))
128 return DER_w_ulong(pkt, tag, 0);
129
130 return int_der_w_integer(pkt, tag, int_put_bytes_bn, v);
131}
132
133int DER_w_null(WPACKET *pkt, int tag)
134{
135 return int_start_context(pkt, tag)
136 && WPACKET_start_sub_packet(pkt)
137 && WPACKET_close(pkt)
138 && WPACKET_put_bytes_u8(pkt, DER_P_NULL)
139 && int_end_context(pkt, tag);
140}
141
142/* Constructed things need a start and an end */
143int DER_w_begin_sequence(WPACKET *pkt, int tag)
144{
145 return int_start_context(pkt, tag)
146 && WPACKET_start_sub_packet(pkt);
147}
148
149int DER_w_end_sequence(WPACKET *pkt, int tag)
150{
2275ff65
RL		 151 /*
152 * If someone set the flag WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH on this
153 * sub-packet and this sub-packet has nothing written to it, the DER length
154 * will not be written, and the total written size will be unchanged before
155 * and after WPACKET_close(). We use size1 and size2 to determine if
156 * anything was written, and only write our tag if it has.
157 *
158 * Because we know that int_end_context() needs to do the same check,
159 * we reproduce this flag if the written length was unchanged, or we will
160 * have an erroneous context tag.
161 */
162 size_t size1, size2;
163
164 return WPACKET_get_total_written(pkt, &size1)
165 && WPACKET_close(pkt)
166 && WPACKET_get_total_written(pkt, &size2)
167 && (size1 == size2
168 ? WPACKET_set_flags(pkt, WPACKET_FLAGS_ABANDON_ON_ZERO_LENGTH)
169 : WPACKET_put_bytes_u8(pkt, DER_F_CONSTRUCTED | DER_P_SEQUENCE))
1d39620b
RL		 170 && int_end_context(pkt, tag);
171}
A mirror of the official openssl repository